Skip to content

futex_time32

Intro

futex_time32 - wait on/fetch a word from user-space and potentially wait for a timeout

Description

The futex_time32 system call provides the ability to wait on a given word in user-space memory, potentially with a timeout. It allows the caller to specify an absolute timeout or a relative timeout with CLOCK_MONOTONIC. The return value contains information about the current value of the word at the address and whether a timeout was specified and/or was triggered.

The futex_time32 system call is atomic and requires no extra synchronization mechanisms. In addition, it supports operations like FUTEX_WAIT and FUTEX_WAKE using a single call, which can be useful in certain situations. However, the system call is vulnerable to the TOCTOU (Time of Check, Time of Use) race condition, as the user-space memory address is checked prior to being acted upon.

Arguments

  • uaddr:u32*[KU] - pointer to a user-space word variable.
  • op:int[K] - operation to perform, one of the FUTEX_* constants listed in <linux/futex.h>.
  • val:u32[K] - operation-dependent value.
  • utime:struct old_timespec32[K] - timeout value in milliseconds or CLOCK_MONOTONIC based absolute value.
  • uaddr2:u32*[KU OPT] - second user-space word variable if two FUTEX_* operations need to be performed atomically.
  • val3:u32[K OPT] - second operaion-dependent value.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

futex_wait_setup

Type

kprobe

Purpose

Called before a FUTEX_WAIT system call is processed, which allows tracing of the arguments and the variable before the system call is executed.

Example Use Case

A multithreaded application might use futex_time32 to synchronize between threads, performing an operation in an atomic manner and waiting on a condition with the possibility of a timeout.

Issues

The futex_time32 system call is vulnerable to the TOCTOU (Time of Check, Time of Use) race condition, as the user-space memory address is checked prior to being acted upon.

The futex_time32 system call is related to other futex system calls like futex_wait and futex_wake. In addition, it is related to futex-related events such as futex_lock_contended and futex_lock_released.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.