Implement the clone3 syscall#1639
Open
retrocpugeek wants to merge 1 commit into
Open
Conversation
Modern glibc (recent toolchains) issues clone3 from pthread_create rather than clone, so thread creation fails on any guest built against it: Qiling does not return -ENOSYS for unimplemented syscalls (it logs a warning and leaves the return register untouched), so glibc's clone3->clone fallback never fires. Add ql_syscall_clone3, which unpacks struct clone_args and delegates to the existing clone() handler. Translations: child_stack = stack + stack_size (clone3 passes the stack base plus a size; legacy clone wants the highest address), exit_signal folded into the flags' CSIGNAL byte, and an x8664 pre-swap that cancels ql_syscall_clone's arch-specific newtls<->child_tidptr swap. Add a self-contained regression test (test_clone3_translates_to_clone) that drives ql_syscall_clone3 directly and asserts the translation for both the generic path and the x8664 swap. Runs on stock unicorn; no clone3 binary needed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements the
clone3syscall, which currently has no handler in Qiling — it only appears in the number→name maps. Recent glibc issuesclone3(not the legacyclone) frompthread_create, so thread creation fails on any guest built against a modern glibc. And because Qiling doesn't return-ENOSYSfor unimplemented syscalls, glibc's built-inclone3→clonefallback never fires.Closes #1638.
What it does
Adds
ql_syscall_clone3, which unpacksstruct clone_argsand delegates to the existingql_syscall_clone. Non-obvious translations:child_stack = stack + stack_size—clone3passes the stack base plus a separate size; legacyclonewants the highest stack address.exit_signalis its ownstruct clone_argsfield; legacyclonepacks it into the lowCSIGNALbyte offlags.ql_syscall_cloneswapsnewtls<->child_tidptrto undo x8664's raw-syscall register order; sinceclone3hands over already-logical args, we pre-swap on x8664 so it cancels out.The legacy
clonepath is untouched.Testing
test_elf_multithread.ELFTest.test_clone3_translates_to_clonedrivesql_syscall_clone3directly and asserts the translated arguments for both the generic path and the x8664 swap. Runs on stock unicorn — noclone3binary required.test_elf_multithread.pysuite passes on stock unicorn 2.1.3 (24 tests, 1 pre-existing skip).