Skip to content

set_tid_address

Intro

set_tid_address - sets the thread ID used by the kernel for this thread

Description

The set_tid_address system call sets the thread ID used by the kernel for this thread. This system call is used when creating new threads with the clone system call. It is usually used in conjunction with the CLONE_CHILD_SETTID flag. It allows the thread to receive the child thread's ID through the pointer provided.

The set_tid_address system call takes a single argument, a pointer to an integer, tidptr that points to an integer that can be used to store the thread ID from the kernel.

Edge cases, drawbacks or advantages of using it: * It ensures that the thread ID returned in the clone system call is valid and will not be reused by another thread. This makes it easier to detect thread creation errors. * If the thread is created without the CLONE_CHILD_SETTID flag, the pointer passed in this system call will not be used by the kernel.

Arguments

  • tidptr:int*[K] - pointer to an integer that can be used to store the thread ID from the kernel.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

SyS_set_tid_address

Type

Kprobe

Purpose

Hook the entry point to set_tid_address system call in order to trace threads created using the clone system call.

Example Use Case

set_tid_address is commonly used when creating new threads with the clone system call. It allows the thread to receive the child thread's ID through the pointer provided.

One example of using set_tid_address is in the Linux kernel source code. The _do_fork syscall uses set_tid_address in order to set the thread ID for the new thread.

Issues

The set_tid_address system call is not supported on some architectures.

  • clone - used together with set_tid_address to create new threads.
  • gettid - can be used to obtain the thread ID after set_tid_address is called.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.