contains the first 2 fields as { char *pretcode; int sig; }. Assuming that most

of you might be knowing the function_call semantics of the GCC compiler,you

should be able to realise the importance of the first 2 fields. The pretcode, is

the return address which will get popped off the stack on return from the

sighandler,and the argument to the signal handler gets the signal number,as its

just above the return address in the stack layout during a call to the signal

handler.The pretcode (which is a pointer) contains the address of retcode

(another 8 byte field in the sigcontext structure) which contains the code to

jump to Kernel Space by making a \"sigreturn\" system call. (Check out the hex

code of retcode.) The signal number of sigreturn is pushed into eax,and then the

return to kernel space is setup by a int 0x80 (interrupt)instruction. The stack

layout at the time of sys_call is saved in the sigcontext structure for it to

get restored on return to Kernel Space after handling the signal.The eip

(Instruction Pointer) is changed to ka.sa.sa_handler which is the handler of the

signal. The segment is changed to __USER_DS which is the segment selector switch

and control switches to do_signal,which returns to the signal_return path. The

signal_return defined in (arch/i386/kernel/entry.S) does a RESTORE_ALL to get

back to user space by popping up the registers from the stack. It should be

noted that the esp (stack pointer) is set to the sigframe which was set_up as

explained above.So the stack frame when the signal handling is done looks like

this :

/* On top lie the sigcontext,sigframe structure elements */

• push signo (sigframe->sig)
• push retcode (sigframe->pretcode which points to sigframe->retcode

  which contains the code to return to kernel segment by a sys call.)

As the eip points to ka.sa.sa_handler, the execution starts from the signal

handler as if a function call has taken place. The return from the signal

handler comes back to sigreturn as a result of a system_call because of the

retcode thats inserted as a return address in the stack frame. sigreturn,a

system_call defined arch/i386/kernel/signal.c restores the signal context by

restoring the values stored in sigcontext back to the registers,restores up the

old mask and returns.This way the eip is set back to old stuff,that happened

when the process got a signal. ret_from_sys_call takes care of all the