SIGROP(SROP)

Sigreturn系统调用是为了多进程管理的一种内核机制。一般是和signal成对出现。在执行signal时，系统会在栈顶构建一个signal栈，随后在执行sigreturn时会从这个栈恢复数据。如果越过signal，直接调用sigreturn，那通过手动构建signal frame并push到栈顶，使其rip为addr(syscall)，同时写入syscall需要的各寄存器数值到signal frame，那么在执行完sigreturn时，就能跳转到rip指定的地址执行系统调用。

signal frame的定义如下：

+--------------------+--------------------+
| rt_sigeturn()      | uc_flags           |
+--------------------+--------------------+
| &uc                | uc_stack.ss_sp     |
+--------------------+--------------------+
| uc_stack.ss_flags  | uc.stack.ss_size   |
+--------------------+--------------------+
| r8                 | r9                 |
+--------------------+--------------------+
| r10                | r11                |
+--------------------+--------------------+
| r12                | r13                |
+--------------------+--------------------+
| r14                | r15                |
+--------------------+--------------------+
| rdi                | rsi                |
+--------------------+--------------------+
| rbp                | rbx                |
+--------------------+--------------------+
| rdx                | rax                |
+--------------------+--------------------+
| rcx                | rsp                |
+--------------------+--------------------+
| rip                | eflags             |
+--------------------+--------------------+
| cs / gs / fs       | err                |
+--------------------+--------------------+
| trapno             | oldmask (unused)   |
+--------------------+--------------------+
| cr2 (segfault addr)| &fpstate           |
+--------------------+--------------------+
| __reserved         | sigmask            |
+--------------------+--------------------+