Visible to the public Krace: Data Race Fuzzing for Kernel File Systems

TitleKrace: Data Race Fuzzing for Kernel File Systems
Publication TypeConference Paper
Year of Publication2020
AuthorsXu, Meng, Kashyap, Sanidhya, Zhao, Hanqing, Kim, Taesoo
Conference Name2020 IEEE Symposium on Security and Privacy (SP)
Date Publishedmay
Keywordscomposability, Computer bugs, Concurrency, Concurrent computing, delays, fuzzing, Instruction sets, Kernel, Metrics, pubcrawl, resilience, Resiliency, security, Synchronization
AbstractData races occur when two threads fail to use proper synchronization when accessing shared data. In kernel file systems, which are highly concurrent by design, data races are common mistakes and often wreak havoc on the users, causing inconsistent states or data losses. Prior fuzzing practices on file systems have been effective in uncovering hundreds of bugs, but they mostly focus on the sequential aspect of file system execution and do not comprehensively explore the concurrency dimension and hence, forgo the opportunity to catch data races.In this paper, we bring coverage-guided fuzzing to the concurrency dimension with three new constructs: 1) a new coverage tracking metric, alias coverage, specially designed to capture the exploration progress in the concurrency dimension; 2) an evolution algorithm for generating, mutating, and merging multi-threaded syscall sequences as inputs for concurrency fuzzing; and 3) a comprehensive lockset and happens-before modeling for kernel synchronization primitives for precise data race detection. These components are integrated into Krace, an end-to-end fuzzing framework that has discovered 23 data races in ext4, btrfs, and the VFS layer so far, and 9 are confirmed to be harmful.
DOI10.1109/SP40000.2020.00078
Citation Keyxu_krace_2020