> At Elf32_Ehdr.e_entry, my code sees the Elf32_auxv entries AT_SYSINFO and
> AT_SYSINFO_EHDR, allocates a page where I want it, copies from AT_SYSINFO_EHDR,
> then updates those auxv entries. But /proc/PID/auxv still remembers the old
> values, is read-only, and some code is using them by setting the pc
> to the old value for __kernel_sigreturn.
Well, it is the kernel itself that uses a dangling pointer.
setup_frame() in arch/i386/kernel/signal.c uses
restorer = current->mm->context.vdso + (long)&__kernel_sigreturn;
whenever !(.sa_flags & SA_RESTORER). Unfortunately: context.vdso is
never updated when the user changes the mapping for that page, the mapping
is not protected against being changed, and because /proc/PID/auxv is read-only
then the user cannot inform the kernel. So any *sigaction() that does not
specify SA_RESTORER creates a time bomb.
Some applications really do know better [than the kernel or glibc] how to
manage address space. It is particularly important for an application that
uses large arrays: contiguous space is at a premium.
How can I tell the kernel to keep linux-gate.so.1 out of the way?
--