Abstract
In the Linux kernel, reference counting (refcount) has become a default mechanism that manages resource objects. A refcount of a tracked object is incremented when a new reference is assigned and decremented when a reference becomes invalid. Since the kernel manages a large number of shared resources, refcount is prevalent. Due to the inherent complexity of the kernel and resource sharing, developers often fail to properly update refcounts, leading to refcount bugs. Researchers have shown that refcount bugs can cause critical security impacts like privilege escalation; however, the detection of refcount bugs remains an open problem. In this paper, we propose CID, a new mechanism that employs two-dimensional consistency checking to automatically detect refcount bugs. By checking if callers consistently use a refcount function, CID detects deviating cases as potential bugs, and by checking how a caller uses a refcount function, CID infers the condition-aware rules for the function to correspondingly operate the refcount, and thus a violating case is a potential bug. More importantly, CID's consistency checking does not require complicated semantic understanding, inter-procedural data-flow tracing, or refcount-operation reasoning. CID also features an automated mechanism that systematically identifies refcount fields and functions in the whole kernel. We implement CID and apply it to the Linux kernel. The tool found 44 new refcount bugs that may cause severe security issues, most of which have been confirmed by the maintainers.
Original language | English (US) |
---|---|
Title of host publication | Proceedings of the 30th USENIX Security Symposium |
Publisher | USENIX Association |
Pages | 2471-2488 |
Number of pages | 18 |
ISBN (Electronic) | 9781939133243 |
State | Published - 2021 |
Event | 30th USENIX Security Symposium, USENIX Security 2021 - Virtual, Online Duration: Aug 11 2021 → Aug 13 2021 |
Publication series
Name | Proceedings of the 30th USENIX Security Symposium |
---|
Conference
Conference | 30th USENIX Security Symposium, USENIX Security 2021 |
---|---|
City | Virtual, Online |
Period | 8/11/21 → 8/13/21 |
Bibliographical note
Publisher Copyright:© 2021 by The USENIX Association. All rights reserved.