A Context-Sensitive, Outlier-Based Static Analysis to Find Kernel Race Conditions
CoRR(2024)
摘要
Race conditions are a class of bugs in software where concurrent accesses to
shared resources are not protected from each other. Consequences of race
conditions include privilege escalation, denial of service, and memory
corruption which can potentially lead to arbitrary code execution. However, in
large code bases the exact rules as to which fields should be accessed under
which locks are not always clear. We propose a novel static technique that
infers rules for how field accesses should be locked, and then checks the code
against these rules. Traditional static analysers for detecting race conditions
are based on lockset analysis. Instead, we propose an outlier-based technique
enhanced with a context-sensitive mechanism that scales well. We have
implemented this analysis in LLIF, and evaluated it to find incorrectly
protected field accesses in Linux v5.14.11. We thoroughly evaluate its ability
to find race conditions, and study the causes for false positive reports. In
addition, we reported a subset of the issues and submitted patches. The
maintainers confirmed 24 bugs.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要