USENIX Security ’23 – PET: Prevent Discovered Errors from Being Triggered in the Linux Kerne

USENIX Security ’23 – PET: Prevent Discovered Errors from Being Triggered in the Linux Kernel

Zicheng Wang, Nanjing University; Yueqi Chen, University of Colorado Boulder; Qingkai Zeng, Nanjing University

The Linux kernel is the backbone of modern society. When a kernel error is discovered, a quick remediation is needed. Whereas sanitizers greatly facilitate root cause diagnosis, fixing errors takes a long time, resulting in errors discovered but still exploited. In this work, we propose PET, a temporary solution to prevent discovered errors from being triggered and exploited before patches are available.
Technically, PET takes a sanitizer report as the input, constructing the triggering condition that can be evaluated at runtime. If the condition is met, PET takes a series of actions to prevent error triggering. PET is designed to be extensible to various error types. In our experiment, we demonstrated its effectiveness against the five most common errors that state-of-the-art sanitizers can report. PET is lightweight with performance overhead less than 3%. Further, PET is scalable in the presence of multiple errors with acceptable memory assumption. The kernel has run stably for more than 3 months under intensive use after errors are prevented.

View the full USENIX Security ’23 program at

[ad_2]

source