compat_sys_sigprocmask reads a smaller signal mask from userspace than sigprogmask accepts for setting. So the high word of blocked.sig[0] will be cleared, releasing any potentially blocked RT signal. This was discovered via userspace code that relies on get/setcontext. glibc's i386 versions of those functions use sigprogmask instead of rt_sigprogmask to save/restore the signal mask and caused RT signal unblocking this way. Signed-off-by: Jan Kiszka <jan.kiszka@xxxxxxxxxxx> --- kernel/compat.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/kernel/compat.c b/kernel/compat.c index 74ff849..03e491d 100644 --- a/kernel/compat.c +++ b/kernel/compat.c @@ -381,6 +381,8 @@ asmlinkage long compat_sys_sigprocmask(int how, compat_old_sigset_t __user *set, if (set && get_user(s, set)) return -EFAULT; + s |= current->blocked.sig[0] & + ~((old_sigset_t)(compat_old_sigset_t)-1); old_fs = get_fs(); set_fs(KERNEL_DS); ret = sys_sigprocmask(how, -- 1.7.3.4 -- To unsubscribe from this list: send the line "unsubscribe linux-arch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
