2.6.11 breaks applications

[John Reiser]

> At Elf32_Ehdr.e_entry, my code sees the Elf32_auxv entries AT_SYSINFO and
> AT_SYSINFO_EHDR, allocates a page where I want it, copies from AT_SYSINFO_EHDR,
> then updates those auxv entries.  But /proc/PID/auxv still remembers the old
> values, is read-only, and some code is using them by setting the pc
> to the old value for __kernel_sigreturn.

Well, it is the kernel itself that uses a dangling pointer.

setup_frame() in arch/i386/kernel/signal.c uses
        restorer = current->mm->context.vdso + (long)&__kernel_sigreturn;
whenever !(.sa_flags & SA_RESTORER).  Unfortunately: context.vdso is
never updated when the user changes the mapping for that page, the mapping
is not protected against being changed, and because /proc/PID/auxv is read-only
then the user cannot inform the kernel.  So any *sigaction() that does not
specify SA_RESTORER creates a time bomb.

Some applications really do know better [than the kernel or glibc] how to
manage address space.  It is particularly important for an application that
uses large arrays: contiguous space is at a premium.

How can I tell the kernel to keep linux-gate.so.1 out of the way?

--