Skip to content

exit_group

Intro

exit_group - cause all threads in the calling thread's thread group to exit

Description

exit_group effectively calls _exit and terminates all threads in the calling thread's thread group. The return status passed to the parent (_exit) is the same as from the terminating thread.

The exit_group syscall is useful for applications requiring the termination of all threads before the application exits. It also has advantages over manual termination of threads, as it provides a reliable way for all threads to terminate, without race conditions and missing threads. However, it does have the limitation that it can only be used for threads within the same process, and not for threads in other processes.

Arguments

  • status:int - This argument determines the status the process is finished with. It can be a negative number, signifying an error code, or 0 to signify a successful termination.

Available Tags

  • K - Originated from kernel-space.
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)

Hooks

exit_group

Type

Kprobes

Purpose

Collecting information about the exit process

Example Use Case

An application may use exit_group to ensure that all threads are properly terminated before the program ends. This can ensure that all resources the threads may be using are cleaned up correctly.

Issues

exit_group can only terminate threads within the same process, and not threads from other processes.

  • clone: used to be able to create multiple threads within the same process for the exit_group syscall to terminate.
  • _exit: called by the exit_group syscall to terminate the process.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.