Device drivers are an Achilles' heel of modern commodity operating systems, accounting for far too many system failures. Previous work on driver reliability has focused on protecting the kernel from unsafe driver side-effects by interposing an invariant-checking layer at the driver interface, but otherwise treating the driver as a black box. In this paper, we propose and evaluate Guardrail, which is a more powerful framework for run-time driver analysis that performs decoupled, instruction-grain dynamic correctness checking on arbitrary kernel-mode drivers as they execute, thereby enabling the system to detect and mitigate more challenging correctness bugs (e.g., data races, uninitialized memory accesses) that cannot be detected by today's fault isolation techniques. Our implementation of Guardrail demonstrates that it can find serious data races, memory faults, and DMA faults in native Linux drivers that required fixes, including previously unknown bugs. Also, we show that with hardware logging support, Guardrail can be used for online protection of persistent device state from defective drivers with minimal impact on the end-to-end performance of standard I/O workloads.

39 pages

*Intel Labs

Return to: SCS Technical Report Collection
School of Computer Science

This page maintained by reports@cs.cmu.edu