Futex - a syscall to facilitate fast user-space locking.
futex() system call provides a method for a program to wait until a
certain condition becomes true, or to signal that a certain condition has
become true. The program specifies a pointer to the memory address
uaddr) in which it saves the condition, a value (
indicates the condition, and a timeout (
timeout) after which the
wait returns automatically. Additionally, a set of operations (
can be specified which act on the condition represented by
futex() system call is useful for coordinating access to shared
data structures between multiple processes, as the operations it provides
can be used to create simple mutexes. It is typically used by higher-level
libraries like POSIX Threads, which allows for the use of
and related functions to control access to shared memory.
int*[K, TOCTOU] - A pointer to the memory address in which the caller saves the condition. If a valid pointer is passed, the system call will inspect and modify the value this pointer points to.
int[K] - A set of flags which control the operation that should be performed on the wait queue.
int[K] - An integral value which represents the condition. This will be compared to the value pointed to by
uaddron each operation.
const struct timespec*[K] - A pointer to a
struct timespecthat indicates the timeout after which the wait returns automatically. If the pointer passed is a NULL pointer, the wait does not time out.
int*[K, TOCTOU] - A pointer to a second memory address with a second condition.
int[K] - The second condition value. This will be compared to the value pointed to by
uaddr2on each operation.
- K - Originated from kernel-space.
- U - Originated from user space (for example, pointer to user space memory used to get it)
- TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
- OPT - Optional argument - might not always be available (passed with null value)
Kprobes + Jprobes
To allow deeper analysis of the system call, including arguments and its return value.
Example Use Case¶
futex() system call is used to create simple user-space locks
that can be used to coordinate access to shared resources in a
- The values of both
uaddr2arguments are vulnerable to TOCTOU attacks, which may allow an attacker to bypass the lock and gain access to a shared resource.
- If the timeout is set too short, requests might not be able to complete in time and the application might deadlock.
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.