[PROBLEM]: x86-32: Corrupted real-time signal frame when VDSO is disabled.

[PROBLEM]: x86-32: Corrupted real-time signal frame when VDSO is disabled.

[Dmitry Dmitriev]

Hello,

On x86 32 bit system, real-time signal frame become corrupted when VDSO is disabled. 
If we do following:
1) Disable VDSO( write 0 to the /proc/sys/vm/vdso_enabled )
2) Create new process
3) Setup handler for real-time signal in new process
4) Send real-time signal to new process.

Then new process will handle this signal and crash, because it signal frame is corrupted. This problem was observed on 2.6.35 kernel, but it seems that it still exist in 2.6.39 kernel( after examing of source code ).

The problem in __setup_rt_frame function( arch/x86/kernel/signal.c module, 2.6.39 kernel source ):
 347static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
 348                            sigset_t *set, struct pt_regs *regs)
 349{
......
 380                /* Set up to return from userspace.  */
 381                restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
......
 411        return 0;
 412}

__setup_rt_frame set up return from userspace without checking of vdso( lines 380-381 ), i.e. if vdso is disabled, then process will not have VDSO context.

For non real-time signals similar action is performed in following way( __setup_frame function, arch/x86/kernel/signal.c module, 2.6.39 kernel source ):
 284static int
 285__setup_frame(int sig, struct k_sigaction *ka, sigset_t *set,
 286              struct pt_regs *regs)
 287{
.......
 310        if (current->mm->context.vdso)
 311                restorer = VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
 312        else
 313                restorer = &frame->retcode;
.......
 344        return 0;
 345}

I think that similar construction must be add to the __setup_rt_frame function.

Regards,
Dmitry