CN108009429B - Patch function generation method and device - Google Patents

Patch function generation method and device Download PDF

Info

Publication number
CN108009429B
CN108009429B CN201711311047.XA CN201711311047A CN108009429B CN 108009429 B CN108009429 B CN 108009429B CN 201711311047 A CN201711311047 A CN 201711311047A CN 108009429 B CN108009429 B CN 108009429B
Authority
CN
China
Prior art keywords
lock
source code
function
instruction corresponding
patch function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711311047.XA
Other languages
Chinese (zh)
Other versions
CN108009429A (en
Inventor
刘天
张建新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201711311047.XA priority Critical patent/CN108009429B/en
Publication of CN108009429A publication Critical patent/CN108009429A/en
Application granted granted Critical
Publication of CN108009429B publication Critical patent/CN108009429B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the invention provides a method and a device for generating a patch function, wherein the method comprises the following steps: obtaining a first source code corresponding to a target function to be patched, and obtaining a second source code corresponding to a patch function; determining competitive resources existing between the target function and the patch function based on the first source code and the second source code; determining a first lock corresponding to the competition resource in the target function from the first source code according to a kernel lock mechanism; and processing the second source code based on the first lock according to a preset strategy to obtain a processed patch function containing the first lock, wherein the processed patch function and the target function can run in the kernel simultaneously. In this way, the processed patch function includes the first lock, and the first lock can be run in the kernel simultaneously with the target function to be patched, so that the target function can be replaced by the processed patch function without shutdown.

Description

Patch function generation method and device
Technical Field
The present invention relates to the field of computers, and in particular, to a method and an apparatus for generating a patch function.
Background
The kernel is the core of the operating system and is responsible for managing processes, memories, device drivers, files, network systems, and the like of the system, and determining the performance and stability of the system. When a kernel has a defect, such as a security hole, if the kernel defect is utilized by an illegal molecule, problems such as data loss or tampering, disclosure of user privacy, and the like are likely to occur, thereby easily causing economic and mental losses to users. In practical application, a kernel hot patch technology is usually adopted to repair the defects of the kernel, so as to avoid service interruption caused by system restart and ensure the security and the availability of the kernel.
Currently, the existing kernel hot-patch technology mainly has the following two types: first, a kernel is used when a system is started, and when it is detected that an object function to be patched in the kernel is not executed, the kernel is halted, and then the object function is replaced with a corresponding patch function. And secondly, using two kernels when the system is started, wherein the first kernel is in a dormant state, the second kernel is in a running state, firstly, replacing the target function in the first kernel in the dormant state with a patch function, then, switching the two kernels, enabling the first kernel where the target function subjected to patching operation is located to enter the running state from the dormant state, enabling the second kernel of the target function not subjected to patching operation to enter the dormant state from the running state, and finally, replacing the target function in the second kernel in the dormant state with the patch function.
However, the inventors discovered in the course of performing the above-described patching operation: the two methods mainly realize the patching operation of the target function by ensuring that only one of the target function and the corresponding patch function is operated. It can be seen that there are at least the following problems in the prior art: when the target function is patched, the target function is required to be ensured not to be executed, the target function cannot be replaced by the patch function without shutdown, and the patching process is not convenient enough.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for generating a patch function, and a main object of the method and the apparatus is to process a patch function corresponding to an object function in advance before performing a patching operation on the object function to be patched, so as to obtain a processed patch function that can run in a kernel simultaneously with the object function, so that when the object function is replaced with the processed patch function, the kernel does not need to be in a sleep state.
In order to achieve the above purpose, the embodiments of the present invention mainly provide the following technical solutions:
in a first aspect, an embodiment of the present invention provides a method for generating a patch function, where the method includes: obtaining a first source code corresponding to a target function to be patched, and obtaining a second source code corresponding to a patch function, wherein the patch function corresponds to the target function; determining competitive resources existing between the target function and the patch function based on the first source code and the second source code; determining a first lock corresponding to the competition resource in the objective function from the first source code according to a kernel lock mechanism; and processing the second source code based on the first lock according to a preset strategy to obtain a processed patch function containing the first lock, wherein the processed patch function and the target function can run in a kernel simultaneously.
In a second aspect, an embodiment of the present invention provides a patch function generation apparatus, where the apparatus includes: the device comprises a first obtaining unit, a first determining unit, a second determining unit and a processing unit, wherein the first obtaining unit is used for obtaining a first source code corresponding to a target function to be patched and obtaining a second source code corresponding to a patch function, and the patch function corresponds to the target function; the first determining unit is configured to determine, based on the first source code and the second source code, a contention resource existing between the target function and the patch function; the second determining unit is configured to determine, according to a kernel lock mechanism, a first lock corresponding to the contention resource in the objective function from the first source code; and the processing unit is configured to process the second source code based on the first lock according to a preset policy to obtain a processed patch function including the first lock, where the processed patch function and the target function can run in a kernel at the same time.
In a third aspect, an embodiment of the present invention provides a storage medium, where the storage medium includes a stored program, and when the program runs, a device in which the storage medium is located is controlled to execute the patch function generation method.
In a fourth aspect, an embodiment of the present invention provides a processor, where the processor is configured to execute a program, where the patch function generation method is performed when the program runs.
According to the patch function generation method and device provided by the embodiment of the invention, after a first source code corresponding to a target function to be patched is obtained and a second source code corresponding to a patch function corresponding to the target function to be patched is obtained, competitive resources existing between the target function and the patch function can be determined based on the first source code and the second source code, then a first lock corresponding to the competitive resources in the target function is determined from the first source code according to a kernel lock mechanism, and finally, the second source code is processed based on the first lock according to a preset strategy to obtain a processed patch function containing the first lock. Therefore, before the patching operation is performed on the target function to be patched, the patch function corresponding to the target function is processed in advance according to the first lock corresponding to the competitive resource, so that the processed patch function containing the first lock is obtained, and the processed patch function and the target function can run in the kernel at the same time.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart illustrating a patch function generation method according to a first embodiment of the present invention;
fig. 2 is a flowchart illustrating a patch function generation method according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram illustrating a patch function generation apparatus according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram illustrating a patch function generation device in a fourth embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Example one
The embodiment of the invention provides a patch function generation method, which can be applied to various occasions needing patching operation on a target function to be patched, such as kernel defect repair, updating of the target function in a kernel when the kernel is in a running state and the like.
Fig. 1 is a schematic flowchart of a method for generating a patch function according to a first embodiment of the present invention, and referring to fig. 1, the method for generating a patch function includes:
s101: obtaining a first source code corresponding to a target function to be patched, and obtaining a second source code corresponding to a patch function;
wherein the patch function corresponds to the target function.
In practical application, when patching operation on a target function to be patched in a kernel needs to be performed under the condition of no shutdown, such as under the condition of not suspending the kernel or under the condition of not switching the kernel from a running state to a dormant state, a first source code corresponding to the target function to be patched can be obtained from a source file where the target function to be patched is located, and then a second source code corresponding to the patch function can be obtained from the source file where the patch function is located. Thus, a first source code corresponding to the target function to be patched is obtained, and a second source code corresponding to the patch function corresponding to the target function is obtained.
S102: determining competitive resources existing between the target function and the patch function based on the first source code and the second source code;
specifically, after a first source code corresponding to the target function to be patched is obtained and a second source code corresponding to the patch function is obtained, the source codes of the patch function and the target function are analyzed to determine competition resources existing between the patch function and the target function, so that the patch function is processed, and the patch function and the target function to be patched can run in a kernel at the same time.
In practical application, the contention resource may be a variable, such as a shaping variable int a, a pointer variable void p, a structure variable struct file ss, or a function that calls the variable, such as log (a), sinlog (a), or the like.
In a specific implementation process, in order to determine a contention resource existing between the patch function and the target function to be patched, the step S102 may include: comparing the first source code with the second source code, and determining a shared variable called by both the target function and the patch function; the shared variable or a sub-function calling the shared variable is determined as a contention resource.
In practical applications, the shared variable is generally a global variable. In general, a global variable may be called by a plurality of different functions, and when the global variable or a function calling the global variable is written or read by a plurality of other functions at the same time, resource contention is easily caused. Of course, the shared variable may also be of other types, such as a derived variable in a kernel, and the embodiment of the present invention is not limited in detail here.
Exemplarily, referring to table 1, comparing a first source code of a target function to be patched with a second source code of a patch function, it can be found that a func _ n (void) function in the target function to be patched also calls a shaping variable global _ count, and a func (void) function in the patch function calls a shaping variable global _ count, so that it can be determined that both the target function to be patched and the patch function call the shaping variable global _ count, and thus the shaping variable global _ count is the determined shared variable, that is, the finally determined competitive resource.
Figure BDA0001502996160000051
TABLE 1
S103: determining a first lock corresponding to the competition resource in the target function from the first source code according to a kernel lock mechanism;
here, the first lock is a flag for controlling the competing resource in the objective function to be patched.
In practical application, when a patch function and a target function to be patched run in a kernel at the same time, a process executing the patch function and a process executing the target function to be patched can concurrently access competing resources, thereby causing competition among the processes. Therefore, in order to prevent errors caused by the fact that the competitive resources are simultaneously operated by two or more threads in parallel running, the Linux kernel provides a kernel lock mechanism to protect the competitive resources. In order to be used by a user separately or cooperatively according to different situations, the Linux kernel mainly provides a kernel lock mechanism which comprises the following components: atomic operation, spin lock spinlock, memory barrier, read-write spin lock, sequential lock, semaphore, read-write semaphore, completion amount, RCU mechanism, BKL (large kernel lock), etc., therefore, in a specific implementation process, the second lock and the first lock may be implemented by a mutexlock, a spin lock spinlock, semaphore, atomic weight, etc., where embodiments of the present invention are not specifically limited.
Exemplarily, assuming that a patch function and a target function to be patched protect competition resources through a spin LOCK, still taking the patch function and the source code of the target function to be patched shown in table 1 as an example, according to a spin LOCK keyword spinlock, a first LOCK corresponding to the target function is determined as spinlock LOCK _ a from the source code of the target function to be patched, and then, a second LOCK corresponding to the patch function can be determined as spinlock LOCK _ B from the source code of the patch function.
S104: and processing the second source code based on the first lock according to a preset strategy to obtain a processed patch function containing the first lock.
And the processed patch function and the target function can run in the kernel at the same time. Here, since the processed patch function also includes the first lock, the first lock is also detected when the processed patch function is running, so that when the processed patch function and the target function to be patched are running simultaneously, the processed patch function does not compete with the target function to be patched, and thus the processed patch function and the target function to be patched can run in the kernel simultaneously.
In a specific implementation process, the step S104 may include the following steps:
step 1041: according to the kernel lock mechanism, a second lock corresponding to the competition resource in the patch function is determined from the second source code, and the second lock is compared with the first lock;
step 1042: and if the second lock is determined to be different from the first lock, processing the second source code based on the first lock according to a preset strategy to obtain a processed patch function containing the first lock.
Here, the second lock is a flag in the patch function for controlling the contention resource.
In practical application, when the second lock is the same as the first lock and is used for protecting the same competitive resources, the patch function and the target function to be patched can run, and at this time, the patch function does not need to be processed, so that the processed patch function and the target function to be patched can run in the kernel at the same time. Therefore, in order to increase the speed of processing the patch function, before processing the second source code of the patch function, it may be compared whether the second lock is the same as the first lock, and if the second lock is different from the first lock, the second source code of the patch function is processed to obtain the processed patch function.
In a specific implementation process, when performing step 1041 and step 1042, after comparing the second lock with the first lock, the step of determining whether the second lock and the first lock are the same may mainly include the following two steps:
the first step, judging whether the kernel lock mechanism of the second lock is the same as the kernel lock mechanism of the first lock;
specifically, if the core lock mechanism to which the second lock belongs is the same as the core lock mechanism to which the first lock belongs, it may be determined that the second lock and the first lock are the same; if the kernel lock mechanism of the second lock is different from the kernel lock mechanism of the first lock, a second step is needed to further judge.
And secondly, judging whether the lock name of the second lock is the same as the lock name of the first lock.
Specifically, if the lock name of the second lock is the same as the lock name of the first lock, it may be determined that the second lock and the first lock are the same; if the lock name of the second lock is not the same as the lock name of the first lock, it may be determined that the second lock and the first lock are not the same.
Exemplarily, assuming that the second LOCK is spinlock LOCK _ B and the first LOCK is spinlock LOCK _ a, it can be obtained through comparison that the core LOCK mechanisms of the second LOCK and the first LOCK are both spinlock LOCKs, but the LOCK name LOCK _ B of the second LOCK is different from the LOCK name LOCK _ a of the first LOCK, so that it can be determined that the core LOCK mechanism to which the second LOCK belongs is the same as the core LOCK mechanism to which the first LOCK belongs, and the LOCK name of the second LOCK is different from the LOCK name of the first LOCK, and thus it can be determined that the second LOCK is different from the first LOCK.
Exemplarily, it is assumed that the second LOCK is a mutexlock LOCK, and the first LOCK is a mutexlock LOCK, and the comparison results show that the kernel LOCK mechanisms of the second LOCK and the first LOCK are both mutexlocks, and the LOCK name of the second LOCK and the LOCK name of the first LOCK are both LOCKs, so that it can be determined that the kernel LOCK mechanism to which the second LOCK belongs and the kernel LOCK mechanism to which the first LOCK belongs are the same, and the LOCK name of the second LOCK and the LOCK name of the first LOCK are also the same, and thus it can be determined that the second LOCK and the first LOCK are the same.
In a specific implementation process, when the step 1042 is executed, a method for processing the second source code based on the first lock according to a preset policy may include, but is not limited to, the following three cases.
In the first case, the locking instruction and the unlocking instruction corresponding to the first lock are directly copied into the source code of the patch function.
In an implementation process, the step 1042 may include: determining a locking instruction and an unlocking instruction corresponding to a first lock from a first source code, and determining a locking instruction and an unlocking instruction corresponding to a second lock from a second source code; and copying the locking instruction and the unlocking instruction corresponding to the first lock into the second source code according to the positions of the locking instruction and the unlocking instruction corresponding to the second lock in the second source code.
Illustratively, the locking instruction and the unlocking instruction corresponding to the first lock are copied to the source code of the patch function near the position where the locking instruction and the unlocking instruction corresponding to the second lock are located, so as to obtain the source code of the processed patch function as shown in table 2 below.
Figure BDA0001502996160000081
TABLE 2
In the second case, the locking instruction and the unlocking instruction corresponding to the second lock and the first lock are preprocessed to obtain corresponding preprocessing results, and then the locking instruction and the unlocking instruction corresponding to the second lock in the second source code of the patch function are replaced by the preprocessing results.
In an implementation process, the step 1042 may include: determining a locking instruction and an unlocking instruction corresponding to a first lock from a first source code, and determining a locking instruction and an unlocking instruction corresponding to a second lock from a second source code; performing AND operation on a locking instruction corresponding to the first lock and a locking instruction corresponding to the second lock to obtain a combined locking instruction; performing AND operation on an unlocking instruction corresponding to the first lock and an unlocking instruction corresponding to the second lock to obtain a combined unlocking instruction; and replacing the locking instruction corresponding to the second lock in the second source code with a combined locking instruction, and replacing the unlocking instruction corresponding to the second lock in the second source code with a combined unlocking instruction.
Exemplarily, assuming that a spin LOCK is used to protect a competitive resource in the patch function and the target function to be patched, taking the source codes of the patch function and the target function to be patched shown in table 1 as an example, the locking instruction corresponding to the second LOCK is "spin _ LOCK (& LOCK _ B); ", the unlocking instruction" spin _ unlock "(& LOCK _ B) corresponding to the second LOCK; ", the locking instruction" spin _ LOCK (& LOCK _ A) corresponding to the first LOCK; ", the unlock instruction" spin _ unlock "(& LOCK _ A) corresponding to the first LOCK; if yes, the locking instruction of the second LOCK and the locking instruction corresponding to the first LOCK are and-operated, and the obtained combined locking instruction is "spin _ LOCK (& LOCK _ B); spin _ LOCK (& LOCK _ A); performing and operation on an unlocking instruction of the second LOCK and an unlocking instruction corresponding to the first LOCK, wherein the obtained combined unlocking instruction is' spin _ unlock (& LOCK _ a); spin _ unlock (& LOCK _ B); ". In this way, the locking instruction corresponding to the second lock in the second source code of the patch function is replaced by the combined locking instruction, and the processed source code of the patch function shown in table 2 can be obtained after the unlocking instruction corresponding to the second lock in the second source code of the patch function and the combined unlocking instruction.
It should be noted that after the original unlock instruction and unlock instruction in the source code of the patch function are processed, a declaration statement extra struct spinlock LOCK _ a of the first LOCK needs to be added in the source code of the patch function.
Of course, in practical applications, the manner of preprocessing the locking instruction and the unlocking instruction corresponding to the second lock and the first lock to obtain the corresponding preprocessing result is not limited to the above-mentioned and operation, and may also be an or operation, that is, performing or operation on the second lock and the first lock.
In the third case, the locking instruction and the unlocking instruction corresponding to the second lock in the source code of the patch function are directly replaced by the locking instruction and the unlocking instruction corresponding to the first lock.
In an implementation process, the step 1042 may include: determining a locking instruction and an unlocking instruction corresponding to a first lock from a first source code, and determining a locking instruction and an unlocking instruction corresponding to a second lock from a second source code; and replacing a locking instruction corresponding to a second lock in the second source code with a locking instruction corresponding to the first lock, and replacing an unlocking instruction corresponding to the second lock in the second source code with an unlocking instruction corresponding to the first lock.
It should be noted that, when the method for processing the second source code corresponding to the patch function according to the locking instruction and the unlocking instruction corresponding to the second lock and the locking instruction and the unlocking instruction corresponding to the first lock is implemented by using the above three cases, the specific content of the preset policy is not limited to the above example.
At this point, the generation process of the patch function is completed.
As can be seen from the above, in the patch function generation method provided in the embodiment of the present invention, after obtaining the first source code corresponding to the target function to be patched and obtaining the second source code corresponding to the patch function corresponding to the target function to be patched, the competing resource existing between the target function and the patch function may be determined based on the first source code and the second source code, then, according to the kernel lock mechanism, the first lock corresponding to the competing resource in the target function is determined from the first source code, and finally, according to the preset policy, the second source code is processed based on the first lock, so as to obtain the processed patch function including the first lock. Therefore, before the patching operation is performed on the target function to be patched, the patch function corresponding to the target function is processed in advance according to the first lock corresponding to the competitive resource, so that the processed patch function containing the first lock is obtained, and the processed patch function and the target function can run in the kernel at the same time.
Example two
Based on the foregoing embodiment, in practical applications, in order to perform a patching operation on an object function to be patched without shutdown, that is, without suspending a kernel or switching the kernel from a running state to a sleeping state, so that after a processed patch function at least including a first lock is obtained, the object function to be patched may be replaced by the processed patch function, as shown in fig. 2, after S104, the patch function generating method may further include:
s201: obtaining a patching instruction;
the patching instruction is used for indicating a target function to be patched to carry out patching operation.
Here, after the processed patch function is obtained, if it is considered that a patching operation is performed on the target function to be patched, a corresponding patching instruction is obtained.
S202: executing a patching instruction, and loading the processed patching function into a kernel in a running state;
here, after the patching instruction is obtained, in order to replace the target function to be patched in the kernel with the processed patching function, the patching instruction is executed, and the processed patching function is loaded into the kernel in a running state.
S203: and replacing the target function to be patched in the kernel with the processed patch function.
Here, since the target function to be patched includes the first lock and the processed patch function also includes the first lock, when the processed patch function and the target function to be patched are simultaneously run, the first lock is also detected in the process of running the processed patch function, so that the processed patch function does not compete with the target function to be patched, that is, the processed patch function and the target function to be patched can be simultaneously run in the kernel, and then the target function to be patched in the kernel can be directly replaced by the processed patch function when the kernel is in a running state, so as to complete the patching operation of the target function to be patched.
Thus, the process of patching the target function to be patched is completed.
As can be seen from the above, after the processed patch function is obtained, if the patching instruction is obtained, the processed patch function may be loaded into the kernel in the running state, and then the target function to be patched in the kernel is directly replaced with the processed patch function. Therefore, because the processed patch function comprises the first lock which can run in the kernel simultaneously with the target function to be patched, when the processed patch function is used for patching operation of the target function to be patched, the kernel does not need to be suspended or switched from a running state to a dormant state, and therefore, the target function to be patched can be replaced by the processed patch function under the condition that the kernel is in the running state.
EXAMPLE III
Based on the same inventive concept, as an implementation of the foregoing method, an embodiment of the present invention provides a patch function generation apparatus, where an embodiment of the apparatus corresponds to the foregoing method embodiment, and for convenience of reading, details in the foregoing method embodiment are not repeated in this apparatus embodiment one by one, but it should be clear that the apparatus in this embodiment can correspondingly implement all the contents in the foregoing method embodiment.
Fig. 3 is a schematic structural diagram of a patch function generating apparatus according to a third embodiment of the present invention, and referring to fig. 3, the patch function generating apparatus 30 includes: a first obtaining unit 301, a first determining unit 302, a second determining unit 303, and a processing unit 304, where the first obtaining unit 301 is configured to obtain a first source code corresponding to a target function to be patched, and obtain a second source code corresponding to a patch function, where the patch function corresponds to the target function; a first determining unit 302, configured to determine, based on the first source code and the second source code, a contention resource existing between the target function and the patch function; a second determining unit 303, configured to determine, according to the kernel lock mechanism, a first lock corresponding to the contention resource in the objective function from the first source code; a processing unit 304, configured to process the second source code according to a preset policy based on the first lock, to obtain a processed patch function including the first lock, where the processed patch function and the target function can run in the kernel at the same time.
In the embodiment of the present invention, the first determining unit is configured to compare the first source code with the second source code, and determine a shared variable called by both the target function and the patch function; the shared variable or a sub-function calling the shared variable is determined as a contention resource.
In the embodiment of the present invention, the processing unit is configured to determine, according to a kernel lock mechanism, a second lock corresponding to the contention resource in the patch function from the second source code, and compare the second lock with the first lock; and if the second lock is determined to be different from the first lock, processing the second source code based on the first lock according to a preset strategy to obtain a processed patch function containing the first lock.
In the embodiment of the present invention, the processing unit is configured to determine a locking instruction and an unlocking instruction corresponding to a first lock from a first source code, and determine a locking instruction and an unlocking instruction corresponding to a second lock from a second source code; and copying the locking instruction and the unlocking instruction corresponding to the first lock into the second source code according to the positions of the locking instruction and the unlocking instruction corresponding to the second lock in the second source code.
In the embodiment of the present invention, the processing unit is configured to determine a locking instruction and an unlocking instruction corresponding to a first lock from a first source code, and determine a locking instruction and an unlocking instruction corresponding to a second lock from a second source code; performing AND operation on a locking instruction corresponding to the first lock and a locking instruction corresponding to the second lock to obtain a combined locking instruction; performing AND operation on an unlocking instruction corresponding to the first lock and an unlocking instruction corresponding to the second lock to obtain a combined unlocking instruction; and replacing the locking instruction corresponding to the second lock in the second source code with a combined locking instruction, and replacing the unlocking instruction corresponding to the second lock in the second source code with a combined unlocking instruction.
In the embodiment of the present invention, the processing unit is configured to determine a locking instruction and an unlocking instruction corresponding to a first lock from a first source code, and determine a locking instruction and an unlocking instruction corresponding to a second lock from a second source code; and replacing a locking instruction corresponding to a second lock in the second source code with a locking instruction corresponding to the first lock, and replacing an unlocking instruction corresponding to the second lock in the second source code with an unlocking instruction corresponding to the first lock.
In other embodiments of the present invention, the patch function generating apparatus further includes: the device comprises a second obtaining unit, an execution unit and a replacement unit, wherein the second obtaining unit is used for obtaining a patching instruction, and the patching instruction is used for indicating patching operation on the target function; the execution unit is used for executing the patching instruction and loading the processed patching function into the kernel in the running state; and the replacing unit is used for replacing the target function in the kernel with the processed patch function.
The patch function generating device comprises a processor and a memory, wherein the first obtaining unit, the first determining unit, the second determining unit, the processing unit and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The Processor may be implemented by a Central Processing Unit (CPU), a microprocessor Unit (MPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), or the like.
The Memory may include volatile Memory in a computer readable medium, Random Access Memory (RAM), and/or nonvolatile Memory such as Read Only Memory (ROM) or Flash Memory (Flash RAM), and the Memory includes at least one Memory chip.
Based on the same inventive concept, an embodiment of the present invention provides a storage medium on which a program is stored, the program implementing the patch function generation method described above when executed by a processor.
Based on the same inventive concept, an embodiment of the present invention provides a processor, where the processor is configured to execute a program, and the patch function generation method is performed when the program runs.
In practical applications, the patch function generating apparatus may be applied to a terminal. The terminal may be implemented in various forms. For example, the terminal described in the present invention may include mobile terminals such as a mobile phone, a tablet computer, a notebook computer, a palmtop computer, a Personal Digital Assistant (PDA), a Portable Media Player (PMP), a navigation device, a wearable device, and the like, and fixed terminals such as a Digital TV, a desktop computer, a server, and the like.
Example four
Based on the same inventive concept, the embodiment of the invention provides a patch function generation device. Fig. 4 is a schematic structural diagram of a patch function generating device in a fourth embodiment of the present invention, and referring to fig. 3, the patch function generating device 40 includes: a memory 401, a processor 402, and a computer program 403 stored on the memory 401 and executable on the processor 402, the processor implementing the following steps when executing the program 403: obtaining a first source code corresponding to a target function to be patched, and obtaining a second source code corresponding to a patch function, wherein the patch function corresponds to the target function; determining competitive resources existing between the target function and the patch function based on the first source code and the second source code; determining a first lock corresponding to the competition resource in the target function from the first source code according to a kernel lock mechanism; and processing the second source code based on the first lock according to a preset strategy to obtain a processed patch function containing the first lock, wherein the processed patch function and the target function can run in the kernel simultaneously.
In the embodiment of the present invention, the processor may further implement the following steps when executing the program: comparing the first source code with the second source code, and determining a shared variable called by both the target function and the patch function; the shared variable or a sub-function calling the shared variable is determined as a contention resource.
In the embodiment of the present invention, the processor may further implement the following steps when executing the program: according to the kernel lock mechanism, a second lock corresponding to the competition resource in the patch function is determined from the second source code, and the second lock is compared with the first lock; and if the second lock is determined to be different from the first lock, processing the second source code based on the first lock according to a preset strategy to obtain a processed patch function containing the first lock.
In the embodiment of the present invention, the processor may further implement the following steps when executing the program: determining a locking instruction and an unlocking instruction corresponding to a first lock from a first source code, and determining a locking instruction and an unlocking instruction corresponding to a second lock from a second source code; and copying the locking instruction and the unlocking instruction corresponding to the first lock into the second source code according to the positions of the locking instruction and the unlocking instruction corresponding to the second lock in the second source code.
In the embodiment of the present invention, the processor may further implement the following steps when executing the program: determining a locking instruction and an unlocking instruction corresponding to a first lock from a first source code, and determining a locking instruction and an unlocking instruction corresponding to a second lock from a second source code; performing AND operation on a locking instruction corresponding to the first lock and a locking instruction corresponding to the second lock to obtain a combined locking instruction; performing AND operation on an unlocking instruction corresponding to the first lock and an unlocking instruction corresponding to the second lock to obtain a combined unlocking instruction; and replacing the locking instruction corresponding to the second lock in the second source code with a combined locking instruction, and replacing the unlocking instruction corresponding to the second lock in the second source code with a combined unlocking instruction.
In the embodiment of the present invention, the processor may further implement the following steps when executing the program: determining a locking instruction and an unlocking instruction corresponding to a first lock from a first source code, and determining a locking instruction and an unlocking instruction corresponding to a second lock from a second source code; and replacing a locking instruction corresponding to a second lock in the second source code with a locking instruction corresponding to the first lock, and replacing an unlocking instruction corresponding to the second lock in the second source code with an unlocking instruction corresponding to the first lock.
In the embodiment of the present invention, the processor may further implement the following steps when executing the program: obtaining a patching instruction, wherein the patching instruction is used for indicating patching operation on a target function; executing a patching instruction, and loading the processed patching function into a kernel in a running state; and replacing the target function in the kernel by the processed patch function.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, Compact disk Read-Only Memory (CD-ROM), optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, RAM and/or non-volatile memory, such as ROM or Flash RAM. The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. The computer-readable storage medium may be a ROM, a Programmable Read-Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a magnetic Random Access Memory (FRAM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical Disc, or a Compact Disc Read-Only Memory (CD-ROM), among other memories; or flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium which can be used to store information and which can be accessed by a computing device; but may also be various electronic devices such as mobile phones, computers, tablet devices, personal digital assistants, etc., that include one or any combination of the above-mentioned memories. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (14)

1. A method for generating a patch function, the method comprising:
obtaining a first source code corresponding to a target function to be patched, and obtaining a second source code corresponding to a patch function, wherein the patch function corresponds to the target function;
determining competitive resources existing between the target function and the patch function based on the first source code and the second source code;
determining a first lock corresponding to the competition resource in the objective function from the first source code according to a kernel lock mechanism;
processing the second source code based on the first lock according to a preset strategy to obtain a processed patch function containing the first lock, wherein the processed patch function and the target function can run in a kernel at the same time;
the processing the second source code based on the first lock according to the preset policy to obtain a processed patch function including the first lock includes:
according to a kernel lock mechanism, determining a second lock corresponding to the competition resource in the patch function from the second source code, and comparing the second lock with the first lock;
and if the second lock is determined to be different from the first lock, processing the second source code based on the first lock according to a preset strategy to obtain a processed patch function containing the first lock.
2. The method of claim 1, wherein the determining competing resources existing between the objective function and the patch function based on the first source code and the second source code comprises:
comparing the first source code with the second source code, and determining a shared variable called by the target function and the patch function;
and determining the shared variable or a sub-function calling the shared variable as the competition resource.
3. The method of claim 1, wherein processing the second source code based on the first lock according to a predetermined policy comprises:
determining a locking instruction and an unlocking instruction corresponding to the first lock from the first source code, and determining a locking instruction and an unlocking instruction corresponding to the second lock from the second source code;
and copying the locking instruction and the unlocking instruction corresponding to the first lock into the second source code according to the positions of the locking instruction and the unlocking instruction corresponding to the second lock in the second source code.
4. The method of claim 1, wherein processing the second source code based on the first lock according to a predetermined policy comprises:
determining a locking instruction and an unlocking instruction corresponding to the first lock from the first source code, and determining a locking instruction and an unlocking instruction corresponding to the second lock from the second source code;
performing AND operation on the locking instruction corresponding to the first lock and the locking instruction corresponding to the second lock to obtain a combined locking instruction;
performing AND operation on the unlocking instruction corresponding to the first lock and the unlocking instruction corresponding to the second lock to obtain a combined unlocking instruction;
replacing the locking instruction corresponding to the second lock in the second source code with the combined locking instruction, and replacing the unlocking instruction corresponding to the second lock in the second source code with the combined unlocking instruction.
5. The method of claim 1, wherein processing the second source code based on the first lock according to a predetermined policy comprises:
determining a locking instruction and an unlocking instruction corresponding to the first lock from the first source code, and determining a locking instruction and an unlocking instruction corresponding to the second lock from the second source code;
replacing the locking instruction corresponding to the second lock in the second source code with the locking instruction corresponding to the first lock, and replacing the unlocking instruction corresponding to the second lock in the second source code with the unlocking instruction corresponding to the first lock.
6. The method of claim 1, wherein after processing the second source code based on the first lock according to a predetermined policy to obtain a processed patch function including the first lock, the method further comprises:
obtaining a patching instruction, wherein the patching instruction is used for indicating patching operation on the target function;
executing the patching instruction, and loading the processed patching function into a kernel in a running state;
and replacing the target function in the kernel with the processed patch function.
7. An apparatus for generating a patch function, the apparatus comprising: a first obtaining unit, a first determining unit, a second determining unit, and a processing unit, wherein,
the first obtaining unit is configured to obtain a first source code corresponding to a target function to be patched, and obtain a second source code corresponding to a patch function, where the patch function corresponds to the target function;
the first determining unit is configured to determine, based on the first source code and the second source code, a contention resource existing between the target function and the patch function;
the second determining unit is configured to determine, according to a kernel lock mechanism, a first lock corresponding to the contention resource in the objective function from the first source code;
the processing unit is configured to process the second source code based on the first lock according to a preset policy to obtain a processed patch function including the first lock, where the processed patch function and the target function can run in a kernel at the same time;
the processing unit is configured to determine, according to a kernel lock mechanism, a second lock corresponding to the contention resource in the patch function from the second source code, and compare the second lock with the first lock; and if the second lock is determined to be different from the first lock, processing the second source code based on the first lock according to a preset strategy to obtain a processed patch function containing the first lock.
8. The apparatus according to claim 7, wherein the first determining unit is configured to compare the first source code with the second source code, and determine a shared variable called by both the target function and the patch function; and determining the shared variable or a sub-function calling the shared variable as the competition resource.
9. The apparatus according to claim 7, wherein the processing unit is configured to determine a locking instruction and an unlocking instruction corresponding to the first lock from the first source code, and determine a locking instruction and an unlocking instruction corresponding to the second lock from the second source code; and copying the locking instruction and the unlocking instruction corresponding to the first lock into the second source code according to the positions of the locking instruction and the unlocking instruction corresponding to the second lock in the second source code.
10. The apparatus according to claim 7, wherein the processing unit is configured to determine a locking instruction and an unlocking instruction corresponding to the first lock from the first source code, and determine a locking instruction and an unlocking instruction corresponding to the second lock from the second source code; performing AND operation on the locking instruction corresponding to the first lock and the locking instruction corresponding to the second lock to obtain a combined locking instruction; performing AND operation on the unlocking instruction corresponding to the first lock and the unlocking instruction corresponding to the second lock to obtain a combined unlocking instruction; replacing the locking instruction corresponding to the second lock in the second source code with the combined locking instruction, and replacing the unlocking instruction corresponding to the second lock in the second source code with the combined unlocking instruction.
11. The apparatus according to claim 7, wherein the processing unit is configured to determine a locking instruction and an unlocking instruction corresponding to the first lock from the first source code, and determine a locking instruction and an unlocking instruction corresponding to the second lock from the second source code; replacing the locking instruction corresponding to the second lock in the second source code with the locking instruction corresponding to the first lock, and replacing the unlocking instruction corresponding to the second lock in the second source code with the unlocking instruction corresponding to the first lock.
12. The apparatus of claim 7, further comprising: a second obtaining unit, an execution unit, and a replacement unit, wherein,
the second obtaining unit is configured to obtain a patching instruction, where the patching instruction is used to instruct to perform patching operation on the target function;
the execution unit is configured to execute the patching instruction and load the processed patch function into a kernel in a running state;
the replacing unit is configured to replace the target function in the kernel with the processed patch function.
13. A storage medium, characterized in that the storage medium includes a stored program, wherein a device on which the storage medium is located is controlled to execute the patch function generation method according to any one of claims 1 to 6 when the program runs.
14. A processor, configured to execute a program, wherein the program executes the patch function generation method according to any one of claims 1 to 6.
CN201711311047.XA 2017-12-11 2017-12-11 Patch function generation method and device Active CN108009429B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711311047.XA CN108009429B (en) 2017-12-11 2017-12-11 Patch function generation method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711311047.XA CN108009429B (en) 2017-12-11 2017-12-11 Patch function generation method and device

Publications (2)

Publication Number Publication Date
CN108009429A CN108009429A (en) 2018-05-08
CN108009429B true CN108009429B (en) 2021-09-03

Family

ID=62057936

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711311047.XA Active CN108009429B (en) 2017-12-11 2017-12-11 Patch function generation method and device

Country Status (1)

Country Link
CN (1) CN108009429B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114691181A (en) * 2022-03-28 2022-07-01 阿里巴巴(中国)有限公司 Hot upgrading method, device, equipment, distributed system and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101178672A (en) * 2007-11-29 2008-05-14 上海华为技术有限公司 Multi-nucleus processor sharing code segment patching method and apparatus
US7467202B2 (en) * 2003-09-10 2008-12-16 Fidelis Security Systems High-performance network content analysis platform
CN103034495A (en) * 2012-12-12 2013-04-10 北京奇虎科技有限公司 Browser capable of isolating plug-in in webpage and webpage plug-in isolating method
CN103946827A (en) * 2011-11-22 2014-07-23 华为技术有限公司 System and method for implementing locks shared between kernel and user space
CN105373425A (en) * 2015-10-28 2016-03-02 浪潮(北京)电子信息产业有限公司 Method and device for performance optimization of embedded Linux system
CN106980544A (en) * 2017-03-31 2017-07-25 北京奇艺世纪科技有限公司 A kind of thread synchronization method and thread synchronization system
CN107229550A (en) * 2017-05-27 2017-10-03 郑州云海信息技术有限公司 A kind of linux kernel spin lock Deadlock Detection reporting system and method

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1611708A4 (en) * 2003-03-10 2009-12-30 Cyberview Technology Inc Dynamic configuration of a gaming system
CN102591843B (en) * 2011-12-30 2014-07-16 中国科学技术大学苏州研究院 Inter-core communication method for multi-core processor
EP2831797B1 (en) * 2012-03-30 2018-05-02 Irdeto B.V. Securing accessible systems using dynamic data mangling
CN105354045A (en) * 2014-08-21 2016-02-24 中兴通讯股份有限公司 Patch making method and apparatus and patch activation method and apparatus
CN105824659A (en) * 2015-07-30 2016-08-03 广东维沃软件技术有限公司 Application program updating method and terminal equipment
CN105094931B (en) * 2015-09-09 2019-03-01 小米科技有限责任公司 Method for upgrading software and device
CN107369181B (en) * 2017-06-13 2020-12-22 华南理工大学 Point cloud data acquisition and processing method based on dual-processor structure

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7467202B2 (en) * 2003-09-10 2008-12-16 Fidelis Security Systems High-performance network content analysis platform
CN101178672A (en) * 2007-11-29 2008-05-14 上海华为技术有限公司 Multi-nucleus processor sharing code segment patching method and apparatus
CN103946827A (en) * 2011-11-22 2014-07-23 华为技术有限公司 System and method for implementing locks shared between kernel and user space
CN103034495A (en) * 2012-12-12 2013-04-10 北京奇虎科技有限公司 Browser capable of isolating plug-in in webpage and webpage plug-in isolating method
CN105373425A (en) * 2015-10-28 2016-03-02 浪潮(北京)电子信息产业有限公司 Method and device for performance optimization of embedded Linux system
CN106980544A (en) * 2017-03-31 2017-07-25 北京奇艺世纪科技有限公司 A kind of thread synchronization method and thread synchronization system
CN107229550A (en) * 2017-05-27 2017-10-03 郑州云海信息技术有限公司 A kind of linux kernel spin lock Deadlock Detection reporting system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
深入理解各种锁;Fly晴天里Fly;《https://www.jianshu.com/p/5725db8f07dc》;20161224;第1-11页 *

Also Published As

Publication number Publication date
CN108009429A (en) 2018-05-08

Similar Documents

Publication Publication Date Title
US20190324648A1 (en) Fast restart of applications using shared memory
JP5985631B2 (en) Activate trust level
EP2962198B1 (en) Executing an operating system on processors having different instruction set architectures
US11221838B2 (en) Hot update method, operating system, terminal device, system, and computer-readable storage medium for a system process
US9658930B2 (en) Method and device for managing hardware errors in a multi-core environment
US10019598B2 (en) Dynamic service discovery
US8997047B2 (en) Dynamically updating code without requiring processes to restart
US10514904B2 (en) Dynamically applying a patch to a computer application
EP2839369B1 (en) Information processing device and method for protecting data in a call stack
US10540524B2 (en) Memory access protection using processor transactional memory support
WO2019128075A1 (en) Application management method for terminal, application server and terminal
CN111428241B (en) Multi-security access policy control method and computing device
US9772835B1 (en) Modification of program code for execution in a multi-tenant or distributed computing environment
CN108874446B (en) Multithreading access method and device
CN108762942B (en) Multithreading access method and device
US10664598B1 (en) Firmware security patch deployment
CN108009429B (en) Patch function generation method and device
US20120084608A1 (en) Mechanism for Performing Verification of Template Integrity of Monitoring Templates Used for Customized Monitoring of System Activities
CN109840151B (en) Load balancing method and device for multi-core processor
CN111338831B (en) Processing method and device for multithreading operation performance, medium and electronic equipment
CN106203087B (en) Injection protection method, system, terminal and storage medium
CN107992749B (en) Method and device for detecting conflict of patch packages
US20140298456A1 (en) Securing applications for computing devices
US11586727B2 (en) Systems and methods for preventing kernel stalling attacks
KR102310766B1 (en) Application Integrity Checking Method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant