research-article

Guardrail: a high fidelity approach to protecting hardware devices from buggy drivers

Authors:

Olatunji Ruwase,

Michael A. Kozuch,

Phillip B. Gibbons,

Todd C. MowryAuthors Info & Claims

ASPLOS '14: Proceedings of the 19th international conference on Architectural support for programming languages and operating systems

Pages 655 - 670

https://doi.org/10.1145/2541940.2541970

Published: 24 February 2014 Publication History

Abstract

Device drivers are an Achilles' heel of modern commodity operating systems, accounting for far too many system failures. Previous work on driver reliability has focused on protecting the kernel from unsafe driver side-effects by interposing an invariant-checking layer at the driver interface, but otherwise treating the driver as a black box. In this paper, we propose and evaluate Guardrail, which is a more powerful framework for run-time driver analysis that performs decoupled instruction-grain dynamic correctness checking on arbitrary kernel-mode drivers as they execute, thereby enabling the system to detect and mitigate more challenging correctness bugs (e.g., data races, uninitialized memory accesses) that cannot be detected by today's fault isolation techniques. Our evaluation of Guardrail shows that it can find serious data races, memory faults, and DMA faults in native Linux drivers that required fixes, including previously unknown bugs. Also, with hardware logging support, Guardrail can be used for online protection of persistent device state from driver bugs with at most 10% overhead on the end-to-end performance of most standard I/O workloads.

References

[1]

T. Ball, E. Buonimova, B. Cook, V. Levin, J. Lichtenberg, C. McGarvey, B. Ondrusek, S. K. Rajamani, and A. Ustunner. Thorough Static Analysis of Device Drivers. In EuroSys, 2006.

Digital Library

[2]

P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and The Art of Virtualization. In SOSP, 2003.

Digital Library

[3]

M. Botincan, M. Dodds, A. F. Donaldson, and M. J. Parkinson. Safe Asynchronous Multicore Memory Operations. In ASE, 2011.

Digital Library

[4]

S. Boyd-Wickizer and N. Zeldovich. Tolerating Malicious Device Drivers in Linux. In USENIX, 2010.

Digital Library

[5]

M. Castro, M. Costa, J.-P. Martin, M. Peinado, P. Akritidis, A. Donelly, P. Barham, and R. Black. Fast Byte-Granularity Software Fault Isolation. In SOSP, 2009.

Digital Library

[6]

S. Chen, M. Kozuch, T. Strigkos, B. Falsafi, P. B. Gibbons, T. C. Mowry, V. Ramachandran, O. Ruwase, M. Ryan, and E. Vlachos. Flexible Hardware Acceleration for Instruction-grain Program Monitoring. In ISCA, 2008.

Digital Library

[7]

V. Chipounov, V. Kuznetsov, and G. Candea. S2E: A Platform for In-Vivo Multi-Path Analysis of Software Systems. In ASPLOS, 2011.

Digital Library

[8]

A. Chou, J. Yang, B. Chelf, S. Hallem, and D. Engler. An Empirical Study of Operating Systems Errors. In SOSP, 2001.

Digital Library

[9]

J. Chow, T. Garfinkel, and P. M. Chen. Decoupling Dynamic Program Analysis from Execution in Virtual Environments. In USENIX, 2008.

Digital Library

[10]

A. Dinaburg, P. Royal, M. Sharif, and W. Lee. Ether: Malware Analysis via Hardware Virtualization Extensions. In CCS, 2008.

Digital Library

[11]

Y. Dong, X. Yang, X. Li, J. Li, K. Tian, and H. Guan. High Performance Network Virtualization with SR-IOV. In HPCA, 2010.

[12]

D. Engler, B. Chelf, A. Chou, and S. Hallem. Checking System Rules using System-specific, Programmer-written Compiler Extensions. In OSDI, 2000.

Digital Library

[13]

J. Erickson, M. Musuvathi, S. Burckhardt, and K. Olynyk. Effective Data-Race Detection for the Kernel. In OSDI, 2010.

Digital Library

[14]

U. Erlingsson, M. Abadi, M. Vrable, M. Budiu, and G. C. Necula. XFI: Software Guards for System Address Spaces. In OSDI, 2006.

Digital Library

[15]

P. Feiner, A. D. Brown, and A. Goel. Comprehensive Kernel Instrumentation via Dynamic Binary Translation. In ASPLOS, 2012.

Digital Library

[16]

C. Flanagan and S. N. Freund. FastTrack: Efficient and Precise Dynamic Race Detection. In PLDI, 2009.

Digital Library

[17]

A. Ganapathi, V. Ganapathi, and D. Patterson. Windows XP Kernel Crash Analysis. In LISA, 2006.

Digital Library

[18]

V. Ganapathy, M. Renzelmann, A. Balakrishnan, M. Swift, and S. Jha. The Design and Implementation of Microdrivers. In ASPLOS, 2008.

Digital Library

[19]

Q. Gao, W. Zhang, Z. Chen, M. Zheng, and F. Qin. 2ndStrike: Toward Manifesting Hidden Concurrency Typestate Bugs. In ASPLOS, 2011.

Digital Library

[20]

P. Goodman, A. Kumar, A. D. Brown, and A. Goel. Granary: A Sane Framework for Instrumenting an Insane Environment. Manuscript, 2013.

[21]

A. Kadav, M. J. Renzelmann, and M. M. Swift. Tolerating Hardware Device Failures in Software. In SOSP, 2009.

Digital Library

[22]

B. Kasikci, C. Zamfir, and G. Candea. Data Races vs. Data Race Bugs: Telling the Difference with Portend. In ASPLOS, 2012.

Digital Library

[23]

V. Kuznetsov, V. Chipounov, and G. Candea. Testing Closed-Source Binary Device Drivers with DDT. In USENIX, 2010.

Digital Library

[24]

A. Lenharth, V. S. Adve, and S. T. King. Recovery Domains: An Organizing Principle for Recoverable Operating Systems. In ASPLOS, 2009.

Digital Library

[25]

B. Leslie, P. Chubb, N. Fitzroy-dale, S. GÃ¶tz, C. Gray, L. Macpherson, D. Potts, Y. Shen, K. Elphinstone, and G. Heiser. User-level Device Drivers: Achieved Performance. J. Computer Science and Technology, 20, 2005.

[26]

F. Mérillon, L. Réveillère, C. Consel, R. Marlet, and G. Muller. Devil: An IDL for Hardware Programming. In OSDI, 2000.

Digital Library

[27]

S. Narayanasamy, Z. Wang, J. Tigani, A. Edwards, and B. Calder. Automatically Classifying Benign and Harmful Data Races Using Replay Analysis. In PLDI, 2007.

Digital Library

[28]

N. Nethercote and J. Seward. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In PLDI, 2007.

Digital Library

[29]

E. B. Nightingale, D. Peek, P. M. Chen, and J. Flinn. Parallelizing Security Checks on Commodity Hardware. In ASPLOS, 2008.

Digital Library

[30]

V. Nossum. Getting started with KMemcheck. http://www.mjmwired.net/kernel/Documentation/kmemcheck.txt, 2012.

[31]

N. Palix, G. Thomas, S. Saha, C. Calvès, J. Lawall, and G. Muller. Faults in Linux: Ten Years Later. In ASPLOS, 2011.

Digital Library

[32]

H. Patil, C. Pereira, M. Stallcup, G. Lueck, and J. Cownie. PinPlay: A Framework for Deterministic Replay and Reproducible Analysis of Parallel Programs. In CGO, 2010.

Digital Library

[33]

F. Qin, C.Wang, Z. Li, H. Kim, Y. Zhou, and Y. Wu. LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks. In MICRO-39, 2006.

Digital Library

[34]

V. Raychev, M. Vechev, and M. Sridharan. Effective Race Detection for Event-driven Programs. In OOPSLA, 2013.

Digital Library

[35]

M. Renzelmann and M. Swift. Decaf: Moving Device Drivers to a Modern Language. In USENIX, 2009.

Digital Library

[36]

M. J. Renzelmann, A. Kadav, and M. M. Swift. SymDrive: Testing Drivers without Devices. In OSDI, 2012.

Digital Library

[37]

O. Ruwase, P. B. Gibbons, T. C. Mowry, V. Ramachandran, S. Chen, M. Kozuch, and M. Ryan. Parallelizing Dynamic Information Flow Tracking. In SPAA, 2008.

Digital Library

[38]

O. Ruwase, S. Chen, P. B. Gibbons, and T. C. Mowry. Decoupled Lifeguards: Enabling Path Optimizations for Dynamic Correctness Checking Tools. In PLDI, 2010.

Digital Library

[39]

Ryzhyk, Chubb, Kuz, and Heiser}Ryzhyk09_DingoL. Ryzhyk, P. Chubb, I. Kuz, and G. Heiser. Dingo: Taming Device Drivers. In EuroSys, 2009.

Digital Library

[40]

Ryzhyk, Chubb, Kuz, Sueur, and Heiser}Ryzhyk09L. Ryzhyk, P. Chubb, I. Kuz, E. L. Sueur, and G. Heiser. Automatic Device Driver Synthesis with Termite. In SOSP, 2009.

Digital Library

[41]

S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson. Eraser: A Dynamic Race Detector for Multithreaded Programs. ACM TOCS, 15 (4), 1997.

Digital Library

[42]

K. Serebryany and T. Iskhodzhanov. ThreadSanitzer - Data Race Detection in Practice. In WBIA, 2009.

Digital Library

[43]

Simics. Wind River Simics Full System Simulator. http://www.simics.net/, 2010.

[44]

M. F. Spear, T. Roeder, O. Hodson, G. C. Hunt, and S. Levi. Solving the Starting Problem: Device Drivers as Self-describing Artifacts. In Eurosys, 2006.

Digital Library

[45]

M. M. Swift, B. N. Bershad, and H. M. Levy. Improving the Reliability of Commodity Operating Systems. In SOSP, 2003.

Digital Library

[46]

M. M. Swift, M. Annamalai, B. N. Bershad, and H. M. Levy. Recovering Device Drivers. ACM TOCS, 24 (4), 2006.

Digital Library

[47]

M. Tiwari, S. Mysore, and T. Sherwood. Quantifying the Potential of Program Analysis Peripherals. In PACT, 2009.

Digital Library

[48]

E. Vlachos, M. L. Goodstein, M. A. Kozuch, S. Chen, B. Falsafi, P. B. Gibbons, and T. C. Mowry. ParaLog: Enabling and Accelerating Online Parallel Monitoring of Multithreaded Applications. In ASPLOS, 2010.

Digital Library

[49]

R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficient Software-based Fault Isolation. In SOSP, 1993.

Digital Library

[50]

D. Williams, P. Reynolds, K. Walsh, E. G. Sirer, and F. B. Schneider. Device Driver Safety through a Reference Validation Mechanism. In OSDI, 2008.

Digital Library

[51]

Xen. Xen PCI Passthrough. http://wiki.xen.org/wiki/XenPCIpassthrough, 2012.

[52]

M. Xu, V. Malyugin, J. Sheldon, G. Venkitachalam, and B. Weissman. ReTrace: Collecting Execution Trace with Virtual Machine Determinstic Replay. In MoBS, 2007.

[53]

Y. Yu, T. Rodeheffer, and W. Chen. RaceTrack: Efficient Detection of Data Race Conditions via Adapative Tracking. In SOSP, 2005.

Digital Library

[54]

F. Zhou, J. Condit, Z. Anderson, I. Bagrak, R. Ennals, M. Harren, G. Necula, and E. Brewer. SafeDrive: Safe and Recoverable Extensions Using Language-Based Techniques. In OSDI, 2006.

Digital Library

Cited By

Yavuz T(2020)Verifying Absence of Hardware-Software Data Races using Counting Abstraction2020 18th ACM-IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE)10.1109/MEMOCODE51338.2020.9315046(1-6)Online publication date: 2-Dec-2020
https://doi.org/10.1109/MEMOCODE51338.2020.9315046
Jahic JKumar VAntonino PWirrer G(2019)Testing the Implementation of Concurrent AUTOSAR Drivers Against Architecture Decisions2019 IEEE International Conference on Software Architecture (ICSA)10.1109/ICSA.2019.00026(171-180)Online publication date: Mar-2019
https://doi.org/10.1109/ICSA.2019.00026
Cotroneo DDe Simone LNatella R(2018)Run-Time Detection of Protocol Bugs in Storage I/O Device DriversIEEE Transactions on Reliability10.1109/TR.2018.284120367:3(847-869)Online publication date: Sep-2018
https://doi.org/10.1109/TR.2018.2841203
Show More Cited By

Index Terms

Recommendations

Guardrail: a high fidelity approach to protecting hardware devices from buggy drivers
ASPLOS '14

Device drivers are an Achilles' heel of modern commodity operating systems, accounting for far too many system failures. Previous work on driver reliability has focused on protecting the kernel from unsafe driver side-effects by interposing an invariant-...
Guardrail: a high fidelity approach to protecting hardware devices from buggy drivers
ASPLOS '14

Device drivers are an Achilles' heel of modern commodity operating systems, accounting for far too many system failures. Previous work on driver reliability has focused on protecting the kernel from unsafe driver side-effects by interposing an invariant-...
Understanding modern device drivers
ASPLOS XVII: Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems

Device drivers are the single largest contributor to operating-system kernel code with over 5 million lines of code in the Linux kernel, and cause significant complexity, bugs and development costs. Recent years have seen a flurry of research aimed at ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPLOS '14: Proceedings of the 19th international conference on Architectural support for programming languages and operating systems

February 2014

780 pages

ISBN:9781450323055

DOI:10.1145/2541940

General Chairs:
Rajeev Balasubramonian
University of Utah
,
Al Davis
University of Utah
,
Program Chair:
Sarita Adve
University of Illinois at Urbana-Champ

ACM SIGPLAN Notices Volume 49, Issue 4
ASPLOS '14
April 2014
729 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2644865
Editors:
Mark W. Bailey
Hamilton College, Clinton, NY
,
Rajeev Balasubramonian
University of Utah
,
Al Davis
University of Utah
,
Sarita Adve
University of Illinois at Urbana-Champ
Issue’s Table of Contents
ACM SIGARCH Computer Architecture News Volume 42, Issue 1
ASPLOS '14
March 2014
729 pages
ISSN:0163-5964
DOI:10.1145/2654822
Editor:
Doug DeGroot
acm dot org
Issue’s Table of Contents

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 February 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASPLOS '14

Sponsor:

ASPLOS '14: Architectural Support for Programming Languages and Operating Systems

March 1 - 5, 2014

Utah, Salt Lake City, USA

Acceptance Rates

ASPLOS '14 Paper Acceptance Rate 49 of 217 submissions, 23%;

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
488
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yavuz T(2020)Verifying Absence of Hardware-Software Data Races using Counting Abstraction2020 18th ACM-IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE)10.1109/MEMOCODE51338.2020.9315046(1-6)Online publication date: 2-Dec-2020
https://doi.org/10.1109/MEMOCODE51338.2020.9315046
Jahic JKumar VAntonino PWirrer G(2019)Testing the Implementation of Concurrent AUTOSAR Drivers Against Architecture Decisions2019 IEEE International Conference on Software Architecture (ICSA)10.1109/ICSA.2019.00026(171-180)Online publication date: Mar-2019
https://doi.org/10.1109/ICSA.2019.00026
Cotroneo DDe Simone LNatella R(2018)Run-Time Detection of Protocol Bugs in Storage I/O Device DriversIEEE Transactions on Reliability10.1109/TR.2018.284120367:3(847-869)Online publication date: Sep-2018
https://doi.org/10.1109/TR.2018.2841203
Cotroneo DDe Simone LFucci FNatella R(2015)MoIOProceedings of the 2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE.2015.7381840(472-483)Online publication date: 2-Nov-2015
https://dl.acm.org/doi/10.1109/ISSRE.2015.7381840
Seo JYou JCho YCho YKwon DPaek Y(2023)Sfitag: Efficient Software Fault Isolation with Memory Tagging for ARM Kernel ExtensionsProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3590341(469-480)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3590341
Jahić JBauer TKuhn TWehn NAntonino P(2020)FERA: A Framework for Critical Assessment of Execution Monitoring Based Approaches for Finding Concurrency BugsIntelligent Computing10.1007/978-3-030-52249-0_5(54-74)Online publication date: 4-Jul-2020
https://doi.org/10.1007/978-3-030-52249-0_5

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten