CN105868639A - Kernel vulnerability repair method and device - Google Patents
Kernel vulnerability repair method and device Download PDFInfo
- Publication number
- CN105868639A CN105868639A CN201610191535.0A CN201610191535A CN105868639A CN 105868639 A CN105868639 A CN 105868639A CN 201610191535 A CN201610191535 A CN 201610191535A CN 105868639 A CN105868639 A CN 105868639A
- Authority
- CN
- China
- Prior art keywords
- kernel
- repaired
- default
- leak
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a kernel vulnerability repair method and device. The specific implementation way of the method comprises the steps that the memory address of a kernel function or variable indicated by a kernel symbol in a preset vulnerability repair instruction to be loaded in a memory in a kernel to be repaired is determined; based on the memory address, the address of the kernel symbol needed when the preset vulnerability repair instruction calls the kernel function or variable is configured; a storage space used for loading preset vulnerability repair in the kernel to be repaired is determined; the preset vulnerability repair instruction is loaded in the storage space. The address of the kernel symbol needed by the vulnerability repair instruction is configured based on the determined memory address of the kernel function or variable having problems. When loaded in kernels of different versions, the vulnerability repair instruction can accurately jump to the kernel function corresponding to the kernel symbol or have access to the variable corresponding to the kernel symbol. The vulnerability repair instruction is applicable to being loaded in kernels of various versions, and therefore the kernel vulnerability is repaired.
Description
Technical field
The application relates to computer realm, is specifically related to operating system field, particularly relates to kernel
Leak restorative procedure and device.
Background technology
Kernel is as the core of operating system, it is ensured that the safety of kernel is in the weight in security protection
Weight.Therefore, when the leak found in kernel, need in time the leak in kernel to be carried out
Repair.At present, the leak repair mode generally used is: for the kernel of a version, if
The leak putting the kernel being applicable to this version repairs code, utilizes leak to repair code and requires to look up
To needing the kernel kernel function repaired address in kernel, then will appear from the kernel of problem
Function replaces with the kernel function after reparation.
But, when using aforesaid way to carry out leak reparation, due to the difference of kernel version,
Kernel function address in kernel is also different, therefore, in the kernel for a version
The code that is replaced of kernel function, it is impossible to be applied on the kernel of another version.Need pin
To each kernel version, configuration leak is repaired code, is increased development cost.
Summary of the invention
This application provides kernel leak restorative procedure and device, be used for solving above-mentioned background technology
The technical problem that part exists.
First aspect, this application provides kernel leak restorative procedure, and the method comprises determining that
The kernel function indicated by interior nuclear symbol in default leak reparation instruction in internal memory to be loaded
Or the memory address that variable is in kernel to be repaired, preset leak reparation and instruct based on to default leakage
Hole is repaired code and is compiled and generates;Based on memory address, leak reparation instruction is preset in configuration
Call the address of interior nuclear symbol required when kernel function or variable;Determine in kernel to be repaired and use
Presetting after the address of the interior nuclear symbol loaded needed for instructing default leak reparation configures
The memory space of leak reparation instruction;Load at memory space and preset leak reparation instruction, with right
Leak in kernel to be repaired is repaired.
Second aspect, this application provides kernel leak prosthetic device, and this device includes: address
Determine unit, in being configured to determine in the default leak reparation in internal memory to be loaded instruction
Kernel function indicated by nuclear symbol or variable memory address in kernel to be repaired, preset leakage
Hole is repaired instruction and is generated based on being compiled default leak reparation code;Unit is set, joins
Putting for based on memory address, configuration presets leak when repairing instruction calls kernel function or variable
The address of required interior nuclear symbol;Space determines unit, is configured to determine in kernel to be repaired
Pre-for load after the address of interior nuclear symbol needed for instructing default leak reparation configures
If the memory space of leak reparation instruction;Loading unit, is configured to load in advance at memory space
If leak reparation instructs, to repair the leak in kernel to be repaired.
The kernel leak restorative procedure of the application offer and device, be determined by be loaded at internal memory
In default leak reparation instruction in the kernel function indicated by interior nuclear symbol or variable to be repaired
Memory address in multiple kernel;Based on memory address, configuration is preset leak and is repaired in instruction calls
The address of interior nuclear symbol required when kernel function or variable;Determine in kernel to be repaired for loading
Preset the memory space that leak is repaired;Load at memory space and preset leak reparation instruction.Realize
Based on a determination that the kernel function gone wrong gone out or the memory address of variable, configuration leak is repaiied
The address of the interior nuclear symbol needed for multiple instruction.Leak reparation instruction is made to be carried in different editions
Kernel in time, all can jump to exactly kernel function corresponding to interior nuclear symbol or access in
The variable that nuclear symbol is corresponding, leak reparation instruction loads be applicable to the kernel at various versions,
Thus complete the reparation to the leak in kernel.
Accompanying drawing explanation
The detailed description that non-limiting example is made made with reference to the following drawings by reading,
Other features, purpose and advantage will become more apparent upon:
Fig. 1 is that the application can apply to exemplary system architecture figure therein;
Fig. 2 shows the flow process of an embodiment of the kernel leak restorative procedure according to the application
Figure;
Fig. 3 shows the stream of another embodiment of the kernel leak restorative procedure according to the application
Cheng Tu;
Fig. 4 shows the structure of an embodiment of the kernel leak prosthetic device according to the application
Schematic diagram;
Fig. 5 is adapted for the computer for the terminal unit or server realizing the embodiment of the present application
The structural representation of system.
Detailed description of the invention
With embodiment, the application is described in further detail below in conjunction with the accompanying drawings.It is appreciated that
, specific embodiment described herein is used only for explaining related invention, rather than to this
Bright restriction.It also should be noted that, for the ease of describe, accompanying drawing illustrate only with
About the part that invention is relevant.
It should be noted that in the case of not conflicting, the embodiment in the application and embodiment
In feature can be mutually combined.Describe this below with reference to the accompanying drawings and in conjunction with the embodiments in detail
Application.
Fig. 1 shows kernel leak restorative procedure or the embodiment of device that can apply the application
Exemplary system architecture 100.
As it is shown in figure 1, system architecture 100 can include terminal unit 101,102,103,
Network 104 and server 105.Network 104 is in order at terminal unit 101,102,103 and
The medium of transmission link is provided between server 105.Network 104 can include various connection class
Type, the most wired, wireless transmission link or fiber optic cables etc..
User can use terminal unit 101,102,103 by network 104 and server 105
Alternately, to receive or to send message etc..Can be provided with on terminal unit 101,102,103
Various communication applications, such as, instant messaging class application, browser class application, searching class application,
Word processing class application etc..
Terminal unit 101,102,103 can have display screen and support network service
Various electronic equipments, include but not limited to smart mobile phone, panel computer, E-book reader,
(Moving Picture Experts Group Audio Layer III, dynamic image is special for MP3 player
Family compression standard audio frequency aspect 3), MP4 (Moving Picture Experts Group Audio
Layer IV, dynamic image expert's compression standard audio frequency aspect 4) player, portable meter on knee
Calculation machine and desk computer etc..
Server 105 can store the leak of the kernel of multiple different disposal framework, different editions
Repair code, when receiving the download request that terminal unit 101,102,103 sends, can
So that the code being applicable to carry out the kernel under the processor architecture of terminal leak reparation is sent extremely
Feed back to terminal unit.
It should be understood that the number of terminal unit, network and the server in Fig. 1 is only signal
Property.According to realizing needs, can have any number of terminal unit, network and server.
Refer to Fig. 2, it illustrates a reality of kernel leak restorative procedure according to the application
Execute the flow process 200 of example.It should be noted that the kernel leak that the embodiment of the present application is provided is repaiied
Compound recipe method is typically performed by the terminal unit 101,102,103 in Fig. 1.The method include with
Lower step:
Step 201, verifies in determining in the default leak reparation in internal memory to be loaded instruction
Number indicated kernel function or variable memory address in kernel to be repaired.
In the present embodiment, preset leak reparation instruction to carry out based on to default leak reparation code
Compile and generate.
In the present embodiment, can pre-set and repair for the leak that kernel leak is repaired
Multiplexed code.Leak repairs the self-defining function that could be included for repairing kernel in code
And variable.Meanwhile, leak is further included in leak repair process in repairing code needing to adjust
Kernel function and kernel in variable.Leak can be utilized to repair the code instruction to kernel
Repair with data, complete kernel leak reparation.Can also by amendment subsystem call table or
Person's function code will appear from the function after the function of problem replaces with reparation.
In the present embodiment, the Kernel Symbol Table of kernel can first be obtained, then, according to interior
Kernel function that the title of the interior nuclear symbol defined in nuclear symbol table is corresponding with interior nuclear symbol or variable
Memory address in kernel, it may be determined that indicated by the interior nuclear symbol in leak reparation instruction
Kernel function or variable memory address in kernel to be repaired.
As a example by the linux kernel of (SuSE) Linux OS, in linux kernel, comprise use
It is available for the kernel function of external reference and the Kernel Symbol Table of variable in record kernel.Verify interior
In number table, the mark of the variable in record linux kernel function, linux kernel and Linux
The variable in kernel function, linux kernel kernel address in linux kernel.Can pass through
The proc file system of linux kernel, searches linux kernel symbol table, and then finds out leak
Repair the kernel function indicated by linux kernel symbol in instruction or variable at kernel to be repaired
In memory address.
In some optional implementations of the present embodiment, to be loaded in internal memory determining
Preset the kernel function indicated by interior nuclear symbol in leak reparation instruction or variable in be repaired
Before memory address in core, also include: obtain the attribute information of kernel to be repaired and to be repaired
Kernel function in kernel or the memory address of variable, attribute information includes: kernel institute to be repaired
The Schema information of the processor operated in, kernel version information;By attribute information and memory address
Corresponding storage.
In the present embodiment, proc file system can be passed through, obtain the attribute of target kernel
Information.Attribute information can include but not limited to: the framework of the processor that kernel is operated in,
Linux kernel version.
In the present embodiment, different processor architectures, different kernel versions can be obtained in advance
Interior nuclear symbol in this kernel and the address of the variable in kernel.Such as, by kernel
Proc file system obtains kernel function or variable memory address in kernel.Then, at inciting somebody to action
The processor architecture mark of reason device framework, version identifier and kernel function or the variable of kernel version
Memory address correspondence storage in kernel.Thus, when needing to preset in leak reparation instruction
During memory address in kernel to be repaired of kernel function indicated by interior nuclear symbol or variable, can
First to obtain the framework of the processor that kernel is operated in, the version information of kernel, then,
The kernel letter that the version information with processor architecture, kernel prestored is corresponding can be got
Number or variable memory address in kernel.
Step 202, based on memory address, configuration is preset leak and is repaired instruction calls kernel function
Or the address of required interior nuclear symbol during variable.
In the present embodiment, indicated by the interior nuclear symbol in obtaining default leak reparation instruction
Kernel function or variable memory address in kernel to be repaired after, can based on internal memory ground
Location, configuration is preset leak and is repaired interior nuclear symbol required when instruction calls kernel function or variable
Address.
Before the address of interior nuclear symbol in instruction is configured by explanation the application, first
The compilation process of description code: so that leak repairs code can load operation in internal memory,
Need that leak is repaired code to be compiled.After leak being repaired code and is compiled, can
The machine instruction corresponding to generate leak reparation code.This machine instruction can be referred to as leak
Repair instruction.Can comprise interior nuclear symbol in leak reparation instruction, this interior nuclear symbol can be letter
Several or that variable is corresponding symbol.When instruction comprises interior nuclear symbol, represent the effect of this instruction
For calling kernel function corresponding to interior nuclear symbol or accessing the variable in kernel.
The compilation process of code based on described above, goes on to say based on memory address, configuration
Preset the mistake that leak repairs the address of interior nuclear symbol required when instruction calls kernel function or variable
Journey: in the present embodiment, when comprising interior nuclear symbol during leak reparation instructs, i.e. this instruction
In the kernel that in acting as calling kernel function corresponding to interior nuclear symbol or accessing, nuclear symbol is corresponding
Variable.
Due to the difference of kernel version, the kernel function indicated by interior nuclear symbol or the change in kernel
Amount memory address in kernel is also different.Therefore, when loading leak reparation in kernel
During instruction, it is thus necessary to determine that kernel function that in leak reparation instruction, the interior nuclear symbol that comprises is corresponding or
Variable memory address in kernel.Then, based on this memory address, configuration is preset leak and is repaiied
The address of interior nuclear symbol required when multiple instruction calls kernel function or variable.Such as, presetting
In memory space corresponding in leak reparation instruction, reserved part memory space is used for storing this and presets
Leak repairs the address of interior nuclear symbol required when instruction calls kernel function or variable, thus complete
Preset the configuration of kernel symbolic address required in leak reparation instruction in pairs.Thus, work as execution
This leak reparation instruction time, can be correct jump to kernel function corresponding to this interior nuclear symbol or
Variable address in kernel, thus nuclear symbol in calling function corresponding to interior nuclear symbol or accessing
The corresponding variable in kernel.
As a example by the instruction that leak reparation instructs as calling kernel function A, refer in this leak reparation
In order, comprise the interior nuclear symbol that interior nuclear symbol i.e. kernel function A is corresponding.Refer in this leak reparation
When order is loaded in kernel operation, it may be determined that kernel function A will add in leak reparation instruction
Memory address in the kernel carried.Then, this memory address, configuration is utilized to preset leak reparation
The address of interior nuclear symbol required when instruction calls kernel function or variable.Thus, this leak is repaiied
When multiple instruction performs, can be correct jump to kernel function A memory address in kernel,
Call kernel function A.
Step 203, determines in kernel to be repaired required for loading default leak reparation instruction
The address of interior nuclear symbol configure after the memory space of default leak reparation instruction.
In the present embodiment, in instructing leak reparation, nuclear symbol is right in kernel to be repaired
After the address answered is configured, it may be determined that kernel to be repaired is used for load internal nuclear symbol
Corresponding address be configured after the memory space of default leak reparation instruction.For example, it is possible to
For different editions kernel, pre-set the memory space for loading leak reparation instruction.
Step 204, loads at memory space and presets leak reparation instruction.
In the present embodiment, corresponding for loading internal nuclear symbol in determining kernel to be repaired
Address be configured after default leak reparation instruction memory space after, can storage sky
Between load preset leak reparation instruction, so that the leak in kernel to be repaired is repaired.
In some optional implementations of the present embodiment, load at memory space and preset leak
Repair instruction, include so that the leak in kernel to be repaired is carried out reparation: obtain kernel to be repaired
In the memory address of kernel function to be repaired;By in the subsystem call table in kernel to be repaired
Memory address replace with default memory address.
In the present embodiment, below the default leak reparation instruction being carried in kernel can use
Leak in kernel is repaired by mode: with to the kernel gone wrong in kernel to be repaired
As a example by function is repaired, kernel can be obtained by the proc file system of linux kernel
Symbol table.It is then possible in Kernel Symbol Table, search the interior of the kernel function that goes wrong
Deposit address.After searching the memory address of the kernel function gone wrong, can be by be repaired
The memory address of the kernel function gone wrong in the subsystem call table in kernel replaces with default
Memory address.
In some optional implementations of the present embodiment, load at memory space and preset leak
Repair instruction, include so that the leak in kernel to be repaired is carried out reparation: obtain kernel to be repaired
In memory space corresponding to kernel function to be repaired;Kernel function after repairing is copied to
Memory space.
In the present embodiment, be carried in kernel default leak reparation instruction can also use with
Leak in kernel is repaired by under type: in going wrong in kernel to be repaired
As a example by kernel function is repaired, can be by the proc file system of linux kernel, in obtaining
Nuclear symbol table.Then, in Kernel Symbol Table, search the storage of the kernel function gone wrong
Space.Then, the kernel function after repairing is copied to this memory space.Thus, at kernel
In the memory space storage of the kernel function that goes wrong of storage repair after kernel function, real
The now reparation to the problem function in kernel to be repaired.
Refer to Fig. 3, it illustrates kernel leak restorative procedure according to the application another
The flow chart 300 of embodiment.It should be noted that the method one that the embodiment of the present application is provided
As by Fig. 1 terminal unit 101,102,103 perform, the method comprises the following steps:
Step 301, verifies in determining in the default leak reparation in internal memory to be loaded instruction
Number indicated kernel function or variable memory address in kernel to be repaired.
In the present embodiment, preset leak reparation instruction to carry out based on to default leak reparation code
Compile and generate.
In the present embodiment, can pre-set and repair for the leak that kernel leak is repaired
Multiplexed code.Leak repairs the self-defining function that could be included for repairing kernel in code
And variable.Meanwhile, leak is further included in leak repair process in repairing code needing to adjust
Kernel function and kernel in variable.Leak can be utilized to repair the code instruction to kernel
Repair with data, complete kernel leak reparation.Can also by amendment subsystem call table or
Person's function code will appear from the function after the function of problem replaces with reparation.
Step 302, based on memory address, configuration is preset leak and is repaired instruction calls kernel function
Or the address of required interior nuclear symbol during variable.
In the present embodiment, indicated by the interior nuclear symbol in obtaining default leak reparation instruction
Kernel function or variable memory address in kernel to be repaired after, can based on internal memory ground
Location, configuration is preset leak and is repaired interior nuclear symbol required when instruction calls kernel function or variable
Address.
Step 303, loads the memory space of the memory space selected or distribution as being used for
Preset the memory space of leak reparation instruction.
In the present embodiment, can determine in the following ways in kernel to be repaired pre-for loading
If leak reparation instruction memory space: using the default memory space in kernel to be repaired as with
Presetting after the address of the interior nuclear symbol loaded needed for instructing default leak reparation configures
The memory space of leak reparation instruction.Such as, this default memory space can be to have and can perform
The memory space of authority.
In the present embodiment, can determine in the following ways in kernel to be repaired pre-for loading
If the memory space of leak reparation instruction: by default kernel function correspondence in kernel to be repaired
Memory space is as the memory space for loading default leak reparation instruction.
In the present embodiment, can determine in the following ways in kernel to be repaired pre-for loading
If the memory space of leak reparation instruction: in default kernel function correspondence in kernel to be repaired
Memory space loads presets memory allocation instruction, and generates the memory space presetting size;
Using the memory space of generation as being used for loading the memory space of default leak reparation instruction.
In the present embodiment, can be by amendment kernel function, the code of such as uname function,
Realize the code with Memory Allocation function.Then, after this code is compiled, generate
Memory Allocation instructs.After Memory Allocation instruction loading completes, can return in Linux
One section of memory space of distribution in core, can be carried in this storage by default leak reparation instruction empty
In between.
Step 304: load at memory space and preset leak reparation instruction.
In the present embodiment, corresponding for loading internal nuclear symbol in determining kernel to be repaired
Address be configured after default leak reparation instruction memory space after, can storage sky
Between load preset leak reparation instruction, so that the leak in kernel to be repaired is repaired.
From figure 3, it can be seen that unlike the embodiment corresponding from Fig. 2, in the present embodiment
The flow process 300 of method highlight step 303, i.e. in the memory space selected or distribution
Memory space loads and presets leak reparation instruction.The scheme that the present embodiment describes can be further
For the kernel of different editions, select the memory space loading leak reparation instruction, deposit at this
Storage space loads leak reparation instruction.Make in the kernel of different editions, all can find
Leak reparation instructs, so that other kernel programs in leak repair process, in kernel
Code can be repaired with leak to communicate, such as, Transfer Parameters, further enhancing leak
Repair the instruction suitability to the kernel of different editions.
Go wrong with kernel function A in kernel below, load in the kernel of a version
As a example by leak reparation instruction, the kernel leak restorative procedure in the application is described: can be the most raw
Leak is become to repair code.This leak is repaired in code and is comprised for will appear from problem kernel function A
Being revised as the code of kernel function A1 after repairing, this leak is repaired in code and be have invoked kernel
Function B.After leak being repaired code and is compiled, the leak reparation instruction obtained is wrapped
Containing for calling the leak reparation instruction of kernel function B and for being revised as repairing by kernel function A
The leak instruction of kernel function A1 after Fu.
First, kernel function A, the kernel function B internal memory in this version kernel is determined respectively
Address, then, is configured to leak by kernel function B memory address in this version kernel and repaiies
Interior nuclear symbol required during multiple instruction calls kernel function B is verified in i.e. kernel function B is corresponding
Number address.
It is then possible to leak reparation instruction is carried in the memory space in the kernel selected.
When leak reparation instruction perform, can be correct jump to kernel function B in this version kernel
Address, thus call kernel function B.Meanwhile, can be by kernel function A1 after repairing
Code copies in kernel function A memory space in kernel, thus to going wrong
Kernel function A is repaired.
Below based on the kernel leak restorative procedure of explanation in above-described embodiment, illustrate in the application
Kernel leak restorative procedure difference with the prior art:
As a example by repairing the kernel function gone wrong, in the prior art, leak is repaiied
Multiplexed code requires to look up the kernel function needing to repair address in kernel, then will appear from
The kernel function of problem replaces with the kernel function after reparation.Due to the difference of kernel version, interior
Kernel function address in kernel is also different, therefore, in the kernel for a version
The code that kernel function is replaced, it is impossible to be applied on the kernel of another version.It is required for
Each kernel version, configuration leak is repaired code, is increased development cost.
And in this application, be equivalent to be pre-created leak and repair the template of code.This leak
Repair the code containing the kernel function after problem function is replaced with reparation in code.
After leak is repaired code compilation, leak reparation instruction can be generated.When needs are to kernel
In the kernel function that goes wrong when repairing, can be based on a determination that go out occurs in kernel
The kernel function of problem carries out the kernel indicated by interior nuclear symbol in the leak reparation instruction repaired
Function memory address in kernel to be repaired, configuration leak repairs instruction calls kernel function
The address of the interior nuclear symbol of Shi Suoxu.Leak reparation is instructed in being carried in different editions
Time in core, verify in all can jumping to kernel function corresponding to interior nuclear symbol exactly or accessing
Number corresponding variable, leak reparation instruction loads be applicable to the kernel of various versions, and it is right to complete
The reparation of the kernel function gone wrong in kernel, i.e. completes the reparation to the leak in kernel.
Refer to Fig. 4, it illustrates a reality of kernel leak prosthetic device according to the application
Execute the structural representation of example.Kernel leak prosthetic device 400 includes: address determination unit 401,
Arranging unit 402, space determines unit 403, loading unit 404.Wherein, address determines list
Unit 401 verifies in being configured to determine in the default leak reparation in internal memory to be loaded instruction
Number indicated kernel function or variable memory address in kernel to be repaired, default leak is repaiied
Multiple instruction generates based on being compiled default leak reparation code;Arrange unit 402 to configure
For based on memory address, configuration is preset leak and is repaired instruction calls kernel function or variable time institute
The address of the interior nuclear symbol needed;Space determines that unit 403 is configured to determine in kernel to be repaired
Pre-for load after the address of interior nuclear symbol needed for instructing default leak reparation configures
If the memory space of leak reparation instruction;Loading unit 404 is configured to load at memory space
Preset leak reparation instruction, so that the leak in kernel to be repaired to be repaired.
In some optional implementations of the present embodiment, space determines that unit 403 includes:
First memory space configuration subelement (not shown), is configured to presetting in kernel to be repaired
Memory space enters as the address of the interior nuclear symbol needed for instructing default leak reparation for loading
The memory space of the default leak reparation instruction after row configuration, default memory space includes: have
The memory space of authority can be performed.
In some optional implementations of the present embodiment, space determines that unit 403 includes:
Second memory space configuration subelement (not shown), is configured to default kernel function to be repaired
In memory space corresponding in multiple kernel is as being used for needed for default leak reparation is instructed by loading
The address of nuclear symbol configure after default leak reparation instruction memory space.
In some optional implementations of the present embodiment, space determines that unit 403 includes:
Memory allocation subelement (not shown), is configured in default kernel function in be repaired
Memory space corresponding in core loads presets memory allocation instruction, and size is preset in generation
Memory space;3rd memory space configuration subelement (not shown), is configured to generation
Memory space enters as the address of the interior nuclear symbol needed for instructing default leak reparation for loading
The memory space of the default leak reparation instruction after row configuration.
In some optional implementations of the present embodiment, loading unit 404 includes: internal memory
Address acquisition subelement (not shown), be configured to obtain in kernel to be repaired is to be repaired interior
The memory address of kernel function;Replace subelement (not shown), be configured in kernel to be repaired
Subsystem call table in memory address replace with default memory address.
In some optional implementations of the present embodiment, loading unit 404 includes: storage
Space obtains subelement (not shown), and be configured to obtain in kernel to be repaired is to be repaired interior
The memory space that kernel function is corresponding;Copy subelement (not shown), after being configured to repair
Kernel function is copied to memory space.
In some optional implementations of the present embodiment, device 400 also includes: information obtains
Take unit (not shown), be configured to obtain the attribute information of kernel to be repaired and kernel to be repaired
In kernel function or the memory address of variable, attribute information includes: kernel to be repaired is run
The Schema information of processor, kernel version information;Memory element (not shown), configuration is used
In by corresponding with memory address for attribute information storage.
Fig. 5 shows the meter be suitable to for the terminal unit or server realizing the embodiment of the present application
The structural representation of calculation machine system.
As it is shown in figure 5, computer system 500 includes CPU (CPU) 501, its
Can be according to the program being stored in read only memory (ROM) 502 or from storage part 508
It is loaded into the program in random access storage device (RAM) 503 and performs various suitable action
And process.In RAM503, also storage has system 500 to operate required various program sums
According to.CPU501, ROM502 and RAM503 are connected with each other by bus 504.Input/
Output (I/O) interface 505 is also connected to bus 504.
It is connected to I/O interface 505: include the importation 506 of keyboard, mouse etc. with lower component;
Including such as cathode ray tube (CRT), liquid crystal display (LCD) etc. and speaker etc.
Output part 507;Storage part 508 including hard disk etc.;And include such as LAN card,
The communications portion 509 of the NIC of modem etc..Communications portion 509 is via such as
The network of the Internet performs communication process.Driver 510 is connected to I/O interface also according to needs
505.Detachable media 511, such as disk, CD, magneto-optic disk, semiconductor memory etc.,
Be arranged on as required in driver 510, in order to the computer program read from it according to
Needs are mounted into storage part 508.
Especially, according to embodiment of the disclosure, the process described above with reference to flow chart is permissible
It is implemented as computer software programs.Such as, embodiment of the disclosure and include a kind of computer journey
Sequence product, it includes the computer program being tangibly embodied on machine readable media, described meter
Calculation machine program comprises the program code for performing the method shown in flow chart.In such enforcement
In example, this computer program can be downloaded and installed from network by communications portion 509,
And/or be mounted from detachable media 511.
Flow chart in accompanying drawing and block diagram, it is illustrated that according to the various embodiment of the application system,
Architectural framework in the cards, function and the operation of method and computer program product.This point
On, each square frame in flow chart or block diagram can represent a module, program segment or code
A part, a part for described module, program segment or code comprise one or more for
Realize the executable instruction of the logic function of regulation.It should also be noted that at some as replacement
In realization, the function marked in square frame can also be sent out to be different from the order marked in accompanying drawing
Raw.Such as, two square frames succeedingly represented can essentially perform substantially in parallel, they
Sometimes can also perform in the opposite order, this is depending on involved function.It is also noted that
It is, the square frame in each square frame in block diagram and/or flow chart and block diagram and/or flow chart
Combination, can realize by the special hardware based system of the function or operation that perform regulation,
Or can realize with the combination of specialized hardware with computer instruction.
As on the other hand, present invention also provides a kind of nonvolatile computer storage media,
This nonvolatile computer storage media can be described in above-described embodiment included in device
Nonvolatile computer storage media;Can also be individualism, be unkitted allocate in terminal non-
Volatile computer storage medium.Above-mentioned nonvolatile computer storage media storage have one or
The multiple program of person, when one or more program is performed by an equipment so that described
Equipment: determine indicated by the interior nuclear symbol in the default leak reparation in internal memory to be loaded instruction
Kernel function or variable memory address in kernel to be repaired, described default leak reparation refers to
Make and generating based on default leak reparation code is compiled;Based on memory address, configuration is pre-
If leak repairs the address of interior nuclear symbol required when instruction calls kernel function or variable;Determine
The address of the interior nuclear symbol needed for default leak reparation instruction is entered by kernel to be repaired for loading
The memory space of the default leak reparation instruction after row configuration;Load described at described memory space
Preset leak reparation instruction, so that the leak in kernel to be repaired to be repaired.
Above description is only the preferred embodiment of the application and the explanation to institute's application technology principle.
It will be appreciated by those skilled in the art that invention scope involved in the application, however it is not limited on
State the technical scheme of the particular combination of technical characteristic, also should contain without departing from described simultaneously
In the case of inventive concept, above-mentioned technical characteristic or its equivalent feature carry out combination in any and shape
Other technical scheme become.Such as features described above has with (but not limited to) disclosed herein
The technical scheme that the technical characteristic of similar functions is replaced mutually and formed.
Claims (14)
1. a kernel leak restorative procedure, it is characterised in that described method includes:
Determine indicated by the interior nuclear symbol in the default leak reparation in internal memory to be loaded instruction
Kernel function or variable memory address in kernel to be repaired, described default leak reparation refers to
Make and generating based on default leak reparation code is compiled;
Based on memory address, configuration is preset leak and is repaired instruction calls kernel function or variable time institute
The address of the interior nuclear symbol needed;
Determine in kernel to be repaired and verify in needed for default leak reparation instruction for loading
Number address configure after default leak reparation instruction memory space;
Described default leak reparation instruction is loaded, with in kernel to be repaired at described memory space
Leak repair.
Method the most according to claim 1, it is characterised in that determine in kernel to be repaired
Pre-for load after the address of interior nuclear symbol needed for instructing default leak reparation configures
If the memory space of leak reparation instruction includes:
Default leak reparation is referred to by the default memory space in kernel to be repaired as being used for loading
The address of the interior nuclear symbol needed for order configure after default leak reparation instruction memory space,
Described default memory space includes: have the memory space that can perform authority.
Method the most according to claim 1, it is characterised in that determine in kernel to be repaired
Pre-for load after the address of interior nuclear symbol needed for instructing default leak reparation configures
If the memory space of leak reparation instruction includes:
Memory space corresponding in kernel to be repaired for default kernel function is right as being used for loading
The address of interior nuclear symbol needed for presetting leak reparation instruction configure after default leak reparation
The memory space of instruction.
Method the most according to claim 1, it is characterised in that determine in kernel to be repaired
Pre-for load after the address of interior nuclear symbol needed for instructing default leak reparation configures
If the memory space of leak reparation instruction includes:
Load at the memory space that default kernel function is corresponding in kernel to be repaired and preset storage sky
Between distribution instruction, and generate preset size memory space;
Using the memory space of generation as the kernel being used for needed for default leak reparation is instructed by loading
The address of symbol configure after default leak reparation instruction memory space.
5. according to the method one of claim 1-4 Suo Shu, it is characterised in that in described storage
Space loads described default leak reparation instruction, to repair the leak in kernel to be repaired
Including:
Obtain the memory address of kernel function to be repaired in kernel to be repaired;
Described memory address in subsystem call table in kernel to be repaired is replaced with default internal memory
Address.
6. according to the method one of claim 1-4 Suo Shu, it is characterised in that in described storage
Space loads described default leak reparation instruction, to repair the leak in kernel to be repaired
Including:
Obtain the memory space that the kernel function to be repaired in kernel to be repaired is corresponding;
Kernel function after repairing is copied to described memory space.
Method the most according to claim 1, it is characterised in that determining including to be loaded
The kernel function indicated by interior nuclear symbol or variable in the default leak reparation instruction deposited are being treated
Before repairing the memory address in kernel, described method also includes:
Obtain the kernel function in the attribute information of kernel to be repaired and kernel to be repaired or variable
Memory address, described attribute information includes: the framework of the processor that kernel to be repaired is operated in
Information, kernel version information;
By corresponding with described memory address for described attribute information storage.
8. a kernel leak prosthetic device, it is characterised in that described device includes:
Address determination unit, is configured to determine that the default leak reparation in internal memory to be loaded refers to
The kernel function indicated by interior nuclear symbol in order or variable memory address in kernel to be repaired,
Described default leak reparation instruction generates based on being compiled default leak reparation code;
Arranging unit, be configured to based on memory address, configuration is preset leak and is repaired instruction calls
The address of interior nuclear symbol required when kernel function or variable;
Space determines unit, is configured to determine in kernel to be repaired for loading default leak
The address of interior nuclear symbol needed for repairing instruction configure after the depositing of default leak reparation instruction
Storage space;
Loading unit, is configured to load described default leak reparation instruction at described memory space,
So that the leak in kernel to be repaired is repaired.
Device the most according to claim 8, it is characterised in that space determines unit bag
Include:
First memory space configuration subelement, is configured to the default storage in kernel to be repaired
Space is joined as the address of the interior nuclear symbol needed for instructing default leak reparation for loading
The memory space of the default leak reparation instruction postponed, described default memory space includes: have
The memory space of authority can be performed.
Device the most according to claim 8, it is characterised in that space determines unit bag
Include:
Second memory space configuration subelement, is configured to default kernel function in be repaired
Memory space corresponding in core is verified in needed for instructing default leak reparation for loading
Number address configure after default leak reparation instruction memory space.
11. devices according to claim 8, it is characterised in that space determines unit bag
Include:
Memory allocation subelement, is configured in default kernel function in kernel to be repaired
Corresponding memory space loads presets memory allocation instruction, and depositing of size is preset in generation
Storage space;
3rd memory space configuration subelement, is configured to the memory space of generation as being used for
Load the default leakage after the address to the interior nuclear symbol needed for default leak reparation instruction configures
The memory space of instruction is repaired in hole.
12. one of-11 described devices according to Claim 8, it is characterised in that described loading
Unit includes:
Memory address obtains subelement, and be configured to obtain in kernel to be repaired is to be repaired interior
The memory address of kernel function;
Replace subelement, be configured in described in the subsystem call table in kernel to be repaired
Deposit address and replace with default memory address.
13. one of-11 described devices according to Claim 8, it is characterised in that described loading
Unit includes:
Memory space obtains subelement, and be configured to obtain in kernel to be repaired is to be repaired interior
The memory space that kernel function is corresponding;
Copy subelement, is configured to the kernel function after repairing and is copied to described memory space.
14. devices according to claim 7, it is characterised in that described device also includes:
Information acquisition unit, be configured to obtain the attribute information of kernel to be repaired and to be repaired in
Kernel function in core or the memory address of variable, described attribute information includes: kernel to be repaired
The Schema information of the processor operated in, kernel version information;
Memory element, is configured to corresponding with described memory address for described attribute information storage.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610191535.0A CN105868639A (en) | 2016-03-30 | 2016-03-30 | Kernel vulnerability repair method and device |
| PCT/CN2016/086412 WO2017166448A1 (en) | 2016-03-30 | 2016-06-20 | Kernel vulnerability repair method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610191535.0A CN105868639A (en) | 2016-03-30 | 2016-03-30 | Kernel vulnerability repair method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105868639A true CN105868639A (en) | 2016-08-17 |
Family
ID=56627697
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610191535.0A Pending CN105868639A (en) | 2016-03-30 | 2016-03-30 | Kernel vulnerability repair method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105868639A (en) |
| WO (1) | WO2017166448A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106598667A (en) * | 2016-12-12 | 2017-04-26 | 百度在线网络技术(北京)有限公司 | Method and device used for restoring kernel vulnerability |
| CN107273750A (en) * | 2017-05-31 | 2017-10-20 | 上海交通大学 | The patch system and method for Android device kernel leak |
| CN108415840A (en) * | 2018-03-14 | 2018-08-17 | 百度在线网络技术(北京)有限公司 | The method, apparatus and server of repair function defect |
| CN111881455A (en) * | 2020-07-27 | 2020-11-03 | 绿盟科技集团股份有限公司 | Firmware security analysis method and device |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112906008B (en) * | 2018-11-15 | 2023-07-25 | 百度在线网络技术(北京)有限公司 | Kernel vulnerability restoration method, device, server and system |
| CN114595461A (en) * | 2022-02-15 | 2022-06-07 | 阿里云计算有限公司 | Data processing method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101154187A (en) * | 2006-09-29 | 2008-04-02 | 英特尔公司 | Method and apparatus for run-time in-memory patching of code from a service processor |
| CN101281488A (en) * | 2007-04-06 | 2008-10-08 | 上海宇梦通信科技有限公司 | Inner core debug method of Linux operating system |
| CN101799763A (en) * | 2009-02-10 | 2010-08-11 | 华为技术有限公司 | Method, device and system for patching kernel on line |
| CN101937340A (en) * | 2009-06-29 | 2011-01-05 | 中兴通讯股份有限公司 | Method and device for dynamically updating and controlling software by using patches |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103309683B (en) * | 2012-03-07 | 2016-08-03 | 京信通信系统(中国)有限公司 | The software patch embedding grammar of hardware device and device |
| CN103324494B (en) * | 2012-03-22 | 2018-01-05 | 金蝶软件(中国)有限公司 | Automatic method, server and the system for making patch |
| CN103345412B (en) * | 2013-07-10 | 2016-08-24 | 华为技术有限公司 | The method and device of patch installing |
| CN104679532B (en) * | 2013-11-27 | 2018-12-11 | 腾讯科技(深圳)有限公司 | kernel module loading method and device |
-
2016
- 2016-03-30 CN CN201610191535.0A patent/CN105868639A/en active Pending
- 2016-06-20 WO PCT/CN2016/086412 patent/WO2017166448A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101154187A (en) * | 2006-09-29 | 2008-04-02 | 英特尔公司 | Method and apparatus for run-time in-memory patching of code from a service processor |
| CN101281488A (en) * | 2007-04-06 | 2008-10-08 | 上海宇梦通信科技有限公司 | Inner core debug method of Linux operating system |
| CN101799763A (en) * | 2009-02-10 | 2010-08-11 | 华为技术有限公司 | Method, device and system for patching kernel on line |
| CN101937340A (en) * | 2009-06-29 | 2011-01-05 | 中兴通讯股份有限公司 | Method and device for dynamically updating and controlling software by using patches |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106598667A (en) * | 2016-12-12 | 2017-04-26 | 百度在线网络技术(北京)有限公司 | Method and device used for restoring kernel vulnerability |
| EP3333704A1 (en) * | 2016-12-12 | 2018-06-13 | Baidu Online Network Technology (Beijing) Co., Ltd. | Method and apparatus for repairing kernel vulnerability |
| CN106598667B (en) * | 2016-12-12 | 2018-07-27 | 百度在线网络技术(北京)有限公司 | Method and apparatus for repairing kernel loophole |
| CN109117169A (en) * | 2016-12-12 | 2019-01-01 | 百度在线网络技术(北京)有限公司 | Method and apparatus for repairing kernel loophole |
| US10528742B2 (en) | 2016-12-12 | 2020-01-07 | Baidu Online Network Technology (Beijing) Co., Ltd. | Method and apparatus for repairing kernel vulnerability |
| CN109117169B (en) * | 2016-12-12 | 2022-06-07 | 百度在线网络技术(北京)有限公司 | Method and device for repairing kernel vulnerability |
| CN107273750A (en) * | 2017-05-31 | 2017-10-20 | 上海交通大学 | The patch system and method for Android device kernel leak |
| CN108415840A (en) * | 2018-03-14 | 2018-08-17 | 百度在线网络技术(北京)有限公司 | The method, apparatus and server of repair function defect |
| KR20190108458A (en) * | 2018-03-14 | 2019-09-24 | 바이두 온라인 네트웍 테크놀러지 (베이징) 캄파니 리미티드 | Method, device and server for checking a defective function |
| KR102106449B1 (en) * | 2018-03-14 | 2020-05-04 | 바이두 온라인 네트웍 테크놀러지 (베이징) 캄파니 리미티드 | Method, device and server for checking a defective function |
| CN111881455A (en) * | 2020-07-27 | 2020-11-03 | 绿盟科技集团股份有限公司 | Firmware security analysis method and device |
| CN111881455B (en) * | 2020-07-27 | 2023-12-01 | 绿盟科技集团股份有限公司 | Firmware security analysis method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017166448A1 (en) | 2017-10-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105868639A (en) | Kernel vulnerability repair method and device | |
| CN103826215B (en) | A kind of method and apparatus for carrying out Root authority management on the terminal device | |
| CN105893085A (en) | Method and device for loading kernel module | |
| CN106598667A (en) | Method and device used for restoring kernel vulnerability | |
| CN105893850A (en) | Bug fixing method and device | |
| CN101276389B (en) | Separation of logical trusted platform modules within a single physical trusted platform module | |
| CN107451474A (en) | Software vulnerability restorative procedure and device for terminal | |
| CN106599629A (en) | Strengthening method and apparatus for Android application program | |
| CN101379504B (en) | Access control management method and system for composite application based on roles | |
| CN106648724A (en) | Application hotfix method and terminal | |
| CN106326120A (en) | Regression testing method and device for application software and electronic equipment | |
| CN1643532A (en) | Management system, method and apparatus for licensed delivery and accounting of electronic circuits | |
| CN106775951A (en) | A kind of operation management method and device of Android application | |
| CN108924185A (en) | Interface creation method and device | |
| CN106648823A (en) | Code release method and apparatus | |
| CN107861751A (en) | The amending method and device of configuration file | |
| US20140282446A1 (en) | Modification of compiled applications and application management using retrievable policies | |
| CN108628620B (en) | POS application development implementation method and device, computer equipment and storage medium | |
| CN115599618B (en) | Register dynamic change-allocation verification method and device, storage medium and processor | |
| CN104375993A (en) | Data processing method and device | |
| CN106126517A (en) | The PC end application page is converted to the method and device of the mobile terminal application page | |
| CN108182577A (en) | A kind of method, apparatus and equipment for showing payment information | |
| CN107402749A (en) | Realize the method and device in picture loading storehouse | |
| CN109725799B (en) | Advertisement display control method and device and intelligent terminal | |
| CN112543104A (en) | Application program packaging method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160817 |
|
| RJ01 | Rejection of invention patent application after publication |