Runtime Verification of Linux Kernel Modules Based on Call Interception.
Verification of Linux kernel modules and especially device drivers is a critically important task. However, due to the special nature of the kernel operation, it is very challenging to perform runtime analysis of particular kernel modules of interest without adverse influence on the rest of the kernel. Methods and tools for addressing this challenge are the main subject of this paper. The basic method for low-influence runtime analysis of interacting software modules is call interception. Shadow state techniques represent another method. In this paper, we discuss these methods including three different approaches to implement call interception. Conclusions are made about the most suitable ways for runtime analysis of kernel modules. Finally, we present KEDR framework, an extensible runtime analysis system for Linux kernel modules, which deploys these approaches to perform different types of analysis. The system can be used by the developers of kernel modules and, in particular, may be useful for building automated driver verification systems.
Proc. of the Fourth IEEE International Conference on Software Testing, Verification and Validation (ICST'11), pp. 180-189. Berlin, Germany, March 2011.