Internal shadow stack on_clone

Question

Internal shadow stack on_clone

Closed this issue 6 years ago · 5 comments

The internal shadow stack needs to handle threading events.

Done

Answer 1 · 2018-04-05T06:40:00.000Z

Specifically, clone calls that lead to threads.
Use drmgr for the thread init event (does not get called for fork, this was tested)
Note: thread exit event does get called when even a single threaded process dies.
Instead of one stack, maybe keep a map<tid, shadowstack> ?

Answer 2 · 2018-04-13T16:48:15.000Z

Also: thread SS should clear stack on thread event

Answer 3 · 2018-04-26T21:58:13.000Z

This map requires syscall get tid on each call. Maybe try to do this once and store the result in TLS?

Drmgr gives an interface to store things in a thread local context. Look up the memtrace sample, it had a per_thread_t struct that's manipulated.

Also need to figure out what happens to TLS for k threads on fork event?

Answer 4 · 2018-05-03T03:33:20.000Z

Uses drmgr_register_tls_field, drmgr_get_tls_field, and drmgr_set_tls_field.