Back To Schedule
Wednesday, July 10 • 4:30pm - 4:50pm
Effective Static Analysis of Concurrency Use-After-Free Bugs in Linux Device Drivers

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

In Linux device drivers, use-after-free (UAF) bugs can cause system crashes and serious security problems. According to our study of Linux kernel commits, 42% of the driver commits fixing use-after-free bugs involve driver concurrency. We refer to these use-after-free bugs as concurrency use-after-free bugs. Due to the non-determinism of concurrent execution, concurrency use-after-free bugs are often more difficult to reproduce and detect than sequential use-after-free bugs.

In this paper, we propose a practical static analysis approach named DCUAF, to effectively detect concurrency use-after-free bugs in Linux device drivers. DCUAF combines a local analysis analyzing the source code of each driver with a global analysis statistically analyzing the local results of all drivers, forming a local-global analysis, to extract the pairs of driver interface functions that may be concurrently executed. Then, with these pairs, DCUAF performs a summary-based lockset analysis to detect concurrency use-after-free bugs. We have evaluated DCUAF on the driver code of Linux 4.19, and found 640 real concurrency use-after-free bugs. We have randomly selected 130 of the real bugs and reported them to Linux kernel developers, and 95 have been confirmed.


Jia-Ju Bai

Tsinghua University

Julia Lawall

Sorbonne Université/Inria/LIP6

Qiu-Liang Chen

Tsinghua University

Shi-Min Hu

Tsinghua University

Wednesday July 10, 2019 4:30pm - 4:50pm PDT
USENIX ATC Track II: Grand Ballroom VII–IX