Atomic context is an execution state of the Linux kernel in which kernel code monopolizes a CPU core. In this state, the Linux kernel may only perform operations that cannot sleep, as otherwise a system hang or crash may occur. We refer to this kind of concurrency bug as a sleep-in-atomic-context (SAC) bug. In practice, SAC bugs are hard to find, as they do not cause problems in all executions. In this article, we propose a practical static approach named DSAC to effectively detect SAC bugs in the Linux kernel. DSAC uses three key techniques: (1) a summary-based analysis to identify the code that may be executed in atomic context, (2) a connection-based alias analysis to identify the set of functions referenced by a function pointer, and (3) a path-check method to filter out repeated reports and false bugs. We evaluate DSAC on Linux 4.17 and find 1,159 SAC bugs. We manually check all the bugs and find that 1,068 bugs are real. We have randomly selected 300 of the real bugs and sent them to kernel developers. 220 of these bugs have been confirmed, and 51 of our patches fixing 115 bugs have been applied.

中文翻译：

---

有效检测 Linux 内核中的睡眠原子上下文错误

原子上下文是 Linux 内核的一种执行状态，其中内核代码独占一个 CPU 内核。在这种状态下，Linux 内核只能执行不能休眠的操作，否则可能会发生系统挂起或崩溃。我们将这种并发错误称为睡眠原子上下文 (SAC) 错误。在实践中，很难找到 SAC 错误，因为它们不会在所有执行中引起问题。在本文中，我们提出了一种名为 DSAC 的实用静态方法来有效地检测 Linux 内核中的 SAC 错误。DSAC 使用三种关键技术：（1）基于摘要的分析来识别可以在原子上下文中执行的代码，（2）基于连接的别名分析来识别函数指针引用的函数集，以及（3 ) 一种过滤重复报告和错误错误的路径检查方法。我们在 Linux 4 上评估 DSAC。17 并找到 1,159 个 SAC 错误。我们手动检查所有错误，发现 1,068 个错误是真实的。我们随机选择了 300 个真正的错误并将它们发送给内核开发人员。其中 220 个错误已得到确认，我们的 51 个补丁已修复 115 个错误。