From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.0.1) Gecko/20020921 Netscape/7.0 Description of problem: A signal handler which doesn't provide it's own sa_restorer will return to Address 0x00000440 if vDSO is disabled (the default for this kernel version). This doesn't trigger with programs that use libc because libc works around the bug by setting sa_restorer. The Problem is the following code from arch/i386/kernel/signal.c:455 restorer = current->mm->context.vdso + (long)&__kernel_rt_sigreturn; together with the way current->mm->context.vdso is set in arch/i386/kernel/sysenter.c (map_vsyscall): if (unlikely(!vdso_enabled)) { current->mm->context.vdso = NULL; return; } addr = do_mmap(NULL, 0, 4096, PROT_READ | PROT_EXEC, MAP_PRIVATE, 0); current->mm->context.vdso = (void *)addr; The former is done without regrad to the value of vdso_enabled but it only works for the case where vdso_enabled is true. &__kernel_rt_sigreturn is 0x440 which explains the location of the segfault. This doesn't affect the vanilla 2.6.8.1 kernel. Version-Release number of selected component (if applicable): kernel-2.6.8-1.521 How reproducible: Always Steps to Reproduce: 1. Set a user space handler for some signal, make sure that libc doesn't add an sa_restorer behind your back 2. Send the signal to the program. Actual Results: The program segfaults right before return to kernel space Expected Results: No segfault. Additional info:
The traditional stack trampoline can only work if the program has executable stack, which I'm not sure you can tell just from thread state bits easy to check in the signal code. OTOH, if SA_RESTORER is not set and you have no vsyscall page, then you are SOL if the signal stack isn't executable, so might as well assume it is and crash there.
Fedora Core 2 has now reached end of life, and no further updates will be provided by Red Hat. The Fedora legacy project will be producing further kernel updates for security problems only. If this bug has not been fixed in the latest Fedora Core 2 update kernel, please try to reproduce it under Fedora Core 3, and reopen if necessary, changing the product version accordingly. Thank you.