Navid Emamdoost (University of Minnesota), Qiushi Wu (University of Minnesota), Kangjie Lu (University of Minnesota), Stephen McCamant (University of Minnesota)

The kernel space is shared by hardware and all processes, so its memory usage is more limited, and memory is harder to reclaim, compared to user-space memory; as a result, memory leaks in the kernel can easily lead to high-impact denial of service. The problem is particularly critical in long-running servers. Kernel code makes heavy use of dynamic (heap) allocation, and many code modules within the kernel provide their own abstractions for customized memory management. On the other hand, the kernel code involves highly complicated data flow, so it is hard to determine where an object is supposed to be released. Given the complex and critical nature of OS kernels, as well as the heavy specialization, existing methods largely fail at effectively and thoroughly detecting kernel memory leaks.

In this paper, we present K-MELD, a static detection system for kernel memory leaks. K-MELD features multiple new techniques that can automatically identify specialized allocation/deallocation functions and determine the expected memory-release locations. Specifically, we first develop a usage- and structure-aware approach to effectively identify specialized allocation functions, and employ a new rule-mining approach to identify the corresponding deallocation functions. We then develop a new ownership reasoning mechanism that employs enhanced escape analysis and consumer-function analysis to infer expected release locations. By applying K-MELD to the Linux kernel, we confirm its effectiveness: it finds 218 new bugs, with 41 CVEs assigned. Out of those 218 bugs, 115 are in specialized modules.

View More Papers

Reining in the Web's Inconsistencies with Site Policy

Stefano Calzavara (Università Ca' Foscari Venezia), Tobias Urban (Institute for Internet Security and Ruhr University Bochum), Dennis Tatang (Ruhr University Bochum), Marius Steffens (CISPA Helmholtz Center for Information Security), Ben Stock (CISPA Helmholtz Center for Information Security)

Read More

Your Phone is My Proxy: Detecting and Understanding Mobile...

Xianghang Mi (University at Buffalo), Siyuan Tang (Indiana University Bloomington), Zhengyi Li (Indiana University Bloomington), Xiaojing Liao (Indiana University Bloomington), Feng Qian (University of Minnesota Twin Cities), XiaoFeng Wang (Indiana University Bloomington)

Read More

Is Your Firmware Real or Re-Hosted? A case study...

Abraham A. Clements, Logan Carpenter, William A. Moeglein (Sandia National Laboratories), Christopher Wright (Purdue University)

Read More

User Expectations and Understanding of Encrypted DNS Settings

Alexandra Nisenoff, Nick Feamster, Madeleine A Hoofnagle†, Sydney Zink. (University of Chicago and †Northwestern)

Read More