Fault Injection Method For Device Drivers Based On Homemade Processors

In recent years,the operating system based on Linux kernel is widely used in all walks of life,and the security of Linux kernel becomes more and more important.The Linux kernel features a modular design.The kernel resources can be accessed directly by kernel modules.A faulty module which is out of control may lead to serious damage to the system.Device drivers belong to kernel modules.Most bugs of kernel exist in device drivers.They are hiding deeply and would not be exposed usually.Therefore,they must be simulated by fault injection technology to verify the robustness of error handling code of device drivers conveniently.In order to deal with the changing international situation,in order not to let the core technology be controlled by others,the government proposed the Information Technology Innovation strategy,which includes the goal of independent and controllable of basic software.Device drivers belong to the basic software,so it is necessary to do research for the fault injection method and technology around the device driver for homemade processors,which is of great significance to improve the security of homemade basic software.The current fault injection tools cannot fully take into account the diversification of fault types and the compatibility of the architectures.Architecture-independent fault injection tools can inject limited types of faults,while fault injection tools that can inject diverse faults only support x86 and x86＿64 architecture.For the above problems,as the consideration of the development of domestic processor architecture,this paper design and implement the device driver fault injection prototype QDFault Injector with the analysis of x86＿64,AArch64,MIPS64 and Loong Arch64 instruction set architectures and their function call instruction format and the method of address computing,and the optimization of compatibility is made for the update of Linux kernel version.The monitoring of module status as well as the capture of module code is realized by the usage of notification chain mechanism of Linux kernel.The code segment of target module is captured when the target module is about to be loaded into the memory,after which the detection and replacement of instructions will be executed;The detection of instructions is realized by retrieving the code segment of the target module and finding the corresponding function call instruction.The replacement of instruction is to replace its jump address with address of a pre-designed fault function.Since instruction replacement is architecture specific,it is related to the machine code and format of instructions.This paper explains the implementation of instruction detection and replacement in detail for different architectures.In order to verify the effectiveness of the above fault injection methods and technologies,firstly,aiming at the character device driver provided by KEDR,this paper tests the functions of fault injection on the Linux system with four instruction set architectures,and confirms that the fault injection method and prototype system QDFault Injector in this paper can effectively realize the condition monitoring of the target module,the capture of the code segment of the target module,fault injection,automatic fault recovery and re-triggering,and locating of fault when the fault is triggered.This paper also carried out the further test and verification of QDFault Injector for the hns3 network card driver of AArch64 instruction set architecture and the r8168 network card driver of loongarch64 instruction set architecture,and found some bugs.Compared with other existing fault injection tools,QDFault Injector has better system compatibility and operational flexibility,and is entirely supporting device-driven testing based on homemade processors.The innovation of this paper lies in the research and analysis of the function call instruction search and replacement scheme of four instruction set architectures such as x86＿64,AArch64,MIPS64 and Loong Arch64,and the first time to design and implement the of Fault injection for Linux kernel modules and device drivers in three instruction set architectures such as AArch64,MIPS64 and Loong Arch64.