Thread Control Blocks (TLS variant 2?)

Question

I am currently implementing an emulator to run 32-bit x86 ELF files (compiled with GCC), and I am trying to understand TLS (Thread Local Storage).

Having read Ulrich Dreppers paper on the subject I have the following question:-

As far as I can understand, the memory referenced at %gs:0 contains a TCB (Thread Control Block). However, I cannot find exactly what structure is stored at this address. Searching through my kernals source code, I can find a couple of structs that look promising (tcbhead_t and a couple of others), but I know that on my system (Ubuntu 2.6.32-41-generic) the value stored at offset 0x10 of the structure is a pointer to the __kernal_vsyscall function, and this doesn't seem to match with the structs that I'm seeing.

If anyone could point out what I'm missing, suggest some relevant documentation, or point me to the correct area of the source code I would be very grateful.

Thanks,

Rick.

Answer 1

I can't speak for Linux, but in general TLS storage is used to allow each thread to allocated arbitrary storage that is specific to the thread.

I assume you are really just emulating x86 instructions (after you've elf-loaded), so elf isn't interesting here.

In that case, you need to simulate TLS storage. That is, for each (you have to keep track of this) emulated thread, you need to keep track of a separate values associated with that thread's GS register. To do this, you'll need to emulate the OS thread-create/stop/inspect/kill calls, and the OS-TLS initialization calls. The (emulated) thread-create calls will cause specific allocated space inside the emulated VM to be assigned to that emulated thread's GS register.

Once you have that, emulating the GS accesses should be enough, since everything else about TLS is just regular machine instructions that operate inside the process space.