Bug 130743 - Programs that don't use SA_RESTORER can't return from signal handlers under 2.6.8-1.521
Summary: Programs that don't use SA_RESTORER can't return from signal handlers under 2...
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 2
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Dave Jones
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2004-08-24 06:14 UTC by Chris Siebenmann
Modified: 2015-01-04 22:09 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2005-04-16 05:13:57 UTC

Attachments (Terms of Use)
sigtest.c (2.88 KB, text/plain)
2004-08-24 06:17 UTC, Chris Siebenmann
no flags Details

Description Chris Siebenmann 2004-08-24 06:14:17 UTC
Description of problem:

 Programs that set up signal handlers without setting SA_RESTORER
segfault when they attempt to return from system calls when run
on kernel 2.6.8-1.521 (on an i686 machine). This problem is not
seen on 2.6.7-1.494.2.2 or on stock

 Because glibc normally forces a SA_RESTORER down your throat,
the easiest way to see this problem is to be using a program
compiled with an alternate, more minimal libc such as dietlibc.

 This problem first manifested when my shell, linked against
dietlibc, suddenly started coredumping when I hit ^C to interrupt
something it was running when we upgraded to 2.6.8-1.521.

Version-Release number of selected component (if applicable):

 kernel-2.6.8-1.521 on an i686 uniprocessor.

How reproducible:


Steps to Reproduce:
1. # yum install dietlibc
(Or use your favorite method of installing dietlibc; it's a stock
 Fedora Core 2 RPM.)

2. Save a copy of the program in the attachment as 'sigtest.c'.

3. Compile: diet gcc -g -o sigtest sigtest.c

4. Run: ./sigtest
   Hit ^C once it prints '<pid> ready:' and it will coredump
   after printing signal handler information.
   Run './sigtest -r' to make it supply its own SA_RESTORER
   and repeat, and it won't coredump.
Actual results:

 A signal handler printout and then a segfault.

Expected results:

 A signal handler printout and no segfault and the program
keeps on running.

Additional info:

 Since sigtest prints out the return address the signal handler
will be returning to (via __builtin_return_address), it's easy
to see how busted things are; I see things like 'returning to
0x00000420', which is clearly unlikely to work.

 If you compile and link against normal glibc, you can strace
the program to see that glibc always forces use of its own
SA_RESTORER handler no matter what.

Comment 1 Chris Siebenmann 2004-08-24 06:17:18 UTC
Created attachment 103016 [details]

Here is the sigtest.c test program.

Comment 2 Chris Siebenmann 2004-11-17 20:55:15 UTC
This problem is still present in the just-released 2.6.9-1.3_FC2 kernel.

Comment 3 Chris Siebenmann 2004-11-22 22:00:07 UTC
This problem is still present in the just-released 2.6.9-1.6_FC2 kernel.

Comment 4 Dave Jones 2004-11-27 20:24:03 UTC
mass update for old bugs:

Is this still a problem with the 2.6.9 based update kernel ?

Comment 5 Chris Siebenmann 2004-11-27 21:03:05 UTC
As per comment #2 and comment #3, yes, this is still a problem with
the most recent kernels available for Fedora Core 2.

Comment 6 Chris Siebenmann 2005-01-04 22:26:17 UTC
I have just tested with kernel-2.6.9-1.11_FC2 (i686 version), the
latest 2.6.9 update kernel for FC2 (just released recently) and this
problem is still present.

Comment 7 Chris Siebenmann 2005-01-11 23:03:43 UTC
I have just testing with kernel-2.6.10-1.8_FC2 (i686 version), the
just-released 2.6.10 update kernel for FC2, and this problem is still

Comment 8 Chris Siebenmann 2005-02-10 18:01:08 UTC
Although I feel like a squeaky wheel here, I must once again report
that I have just tested with the recently released update kernel,
kernel-2.6.10-1.12_FC2, and this problem is still present.

Comment 9 Chris Siebenmann 2005-02-15 21:28:32 UTC
Just to keep this up to date, the recently released update
kernel-2.6.10-1.14_FC2 RPM does not fix this problem.

Comment 10 Chris Siebenmann 2005-03-16 23:43:31 UTC
The recently released kernel-2.6.10-1.770_FC2 still has this problem.

Comment 11 Dave Jones 2005-04-16 05:13:57 UTC
Fedora Core 2 has now reached end of life, and no further updates will be
provided by Red Hat.  The Fedora legacy project will be producing further kernel
updates for security problems only.

If this bug has not been fixed in the latest Fedora Core 2 update kernel, please
try to reproduce it under Fedora Core 3, and reopen if necessary, changing the
product version accordingly.

Thank you.

Note You need to log in before you can comment on or make changes to this bug.