`ExecAsm`/`ExecSyscall` unreliable on `qemu-user` multithread targets (at least `tls` and `heap`-related command are affected)

[bata24]

Phenomenon

• In the following situation, heap-related commands and commands like tls behave unreliably:
  • The target binary’s architecture is one of: MIPS, MIPS64, m68k, Alpha, or HP-PA.
  • The target binary is multi-threaded
  • The target binary is running under qemu-user

Cause

• GEF’s heap-related commands may internally switch threads and collect TLS addresses in order to compute values such as main_arena or heap_base.
• Depending on the architecture, this relies on features like ExecAsm or ExecSyscall, which temporarily patch code and execute a few instructions while switching threads.
• When the above conditions are met, ExecAsm and ExecSyscall do not work correctly.

Root cause

• After a thread switch, qemu-user fails to execute the patched code correctly.
• This is very likely a bug in qemu and/or GDB.

Mitigation / Plan

• This cannot be resolved within GEF, so I will leave it unresolved for now.