-
Jeff Dike authored
From: Bodo Stroesser The implementation of sys_sigreturn() and sys_rt_sigreturn() in UML must be changed. This is necessary, since the return value of sys_*_sigreturn() is the value of eax in the thread, that was interrupted by the signal handler. If accidentaly eax contains -ERESTART_*, orig_eax *must* be -1 to avoid syscall restart processing in kern_do_signal(). If orig_eax is >=0, eip might be lowered by 2, the process will fail. In UML PT_REGS_SYSCALL_NR() or UPT_SYSCALL_NR() have to be used instead of orig_eax. While writing and testing an exploit for this, I saw that for most interrupts, the syscall number is undefined. So even on a return from interrupt a wrong syscall restart handling could happen. And also: UML resumes a process with ptrace(PTRACE_SYSCALL/SYSEMU/SINGLESTEP when a syscall in UML in SKAS mode has been processed. But since there is a valid syscall number in the host's orig_eax, the host could do a wrong syscall restarting if the syscall in UML was a sigreturn() returning -ERESTART* To avoid this, in SKAS -1 should be written to regs.orig_eax before restore_registers(). Signed-off-by: Bodo Stroesser <bstroesser@fujitsu-siemens.com> Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade_spam@yahoo.it> Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
a385187c