CN109101416B - Kernel fault injection method and electronic equipment - Google Patents
Kernel fault injection method and electronic equipment Download PDFInfo
- Publication number
- CN109101416B CN109101416B CN201810725000.6A CN201810725000A CN109101416B CN 109101416 B CN109101416 B CN 109101416B CN 201810725000 A CN201810725000 A CN 201810725000A CN 109101416 B CN109101416 B CN 109101416B
- Authority
- CN
- China
- Prior art keywords
- instruction
- kernel
- processor
- kprobes
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000002347 injection Methods 0.000 title claims abstract description 57
- 239000007924 injection Substances 0.000 title claims abstract description 57
- 238000000034 method Methods 0.000 title claims abstract description 42
- 230000006870 function Effects 0.000 claims abstract description 160
- 239000000523 sample Substances 0.000 abstract description 19
- 238000003860 storage Methods 0.000 description 21
- 101100348848 Mus musculus Notch4 gene Proteins 0.000 description 13
- 238000010586 diagram Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 12
- 238000012545 processing Methods 0.000 description 12
- 239000000243 solution Substances 0.000 description 7
- 238000004590 computer program Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 101710092886 Integrator complex subunit 3 Proteins 0.000 description 3
- 102100025254 Neurogenic locus notch homolog protein 4 Human genes 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- 238000004904 shortening Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Debugging And Monitoring (AREA)
- Retry When Errors Occur (AREA)
Abstract
The invention discloses a kernel fault injection method and electronic equipment, which are used for solving the technical problem of long waiting time of fault injection. The kernel injection method comprises the following steps: when an instruction in a kernel instruction set loaded into a memory is replaced by a breakpoint instruction in a kernel dynamic probe Kpages structure, when a processor executes the breakpoint instruction, turning to execute a callback function associated with the breakpoint instruction in the Kpages structure; and when the callback function is executed, the processor turns to execute the next kernel instruction returned by the function where the replaced instruction is located.
Description
Technical Field
The invention relates to the field of computers, in particular to a kernel fault injection method and electronic equipment.
Background
At present, the Linux system is widely applied, when an application program is developed for a Linux kernel, it is very important to check the effectiveness of a fault-tolerant mechanism of the application program on the Linux kernel fault, and fault injection in the Linux kernel is an essential link. However, in consideration of ensuring the correctness of kernel codes, a developer of the Linux system is reluctant to add a debugger in a Linux kernel source code tree to avoid the developer introducing bad correction through the debugger in the kernel, so that fault injection on the Linux kernel is always a troublesome problem.
The Kernel Dynamic Probes (Kprobes) technology effectively solves the problem of Kernel fault injection of the Linux system, and improves the Kernel fault injection efficiency. Referring to fig. 1, the basic working mechanism is: firstly, registering a KProbes structure body, replacing a kernel instruction at a detection point specified by a user with a breakpoint instruction, wherein the replaced kernel instruction is the detected instruction, then associating a user-defined callback function with the breakpoint instruction, when the processor executes the breakpoint instruction, the processor will execute the callback function associated with the breakpoint instruction instead, the callback function simulates a corresponding kernel fault when executing the callback function, after the callback function is executed, the detected instruction is returned to execute, and the normal code path execution is continued, and the Linux kernel does not need to be compiled and started frequently in the whole fault injection process.
However, the above fault injection method in the prior art has a problem that the waiting time of fault injection is long, so that the whole application program development period is prolonged.
Disclosure of Invention
The embodiment of the invention provides a kernel fault injection method and electronic equipment, which are used for solving the technical problem of long waiting time of fault injection.
In a first aspect, an embodiment of the present invention provides a kernel fault injection method, where the method includes:
when an instruction in a kernel instruction set loaded into a memory is replaced by a breakpoint instruction in a kernel dynamic probe Kpages structure, when a processor executes the breakpoint instruction, turning to execute a callback function associated with the breakpoint instruction in the Kpages structure;
and when the callback function is executed, the processor turns to execute the next kernel instruction returned by the function where the replaced instruction is located.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the executing, by a processor, a callback function associated with the breakpoint instruction in the Kprobes structure includes:
and the processor writes the error state code set in the callback function into a data register.
With reference to the first aspect, in a second possible implementation manner of the first aspect, the executing, by a processor, a callback function associated with the breakpoint instruction in the Kprobes structure includes:
the processor reads the position information of the data return position of the replaced instruction stored in the Kproxbes structural body and determines the data return position;
the processor generates obfuscated data of a size no greater than a storage capacity of the data return location and writes the obfuscated data to the data return location.
With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the generating, by the processor, obfuscated data having a size not greater than a storage capacity of the data return location includes:
randomly generating the obfuscated data having a size no greater than a storage capacity of the data return location; or
And extracting a part smaller than the storage capacity of the data return position from the set obfuscated data as the obfuscated data.
In a second aspect, an embodiment of the present invention further provides a kernel fault injection method, where the method includes:
when an instruction in a kernel instruction set loaded into a memory is replaced by a breakpoint instruction in a Kprobes structure, when the breakpoint instruction is executed, a processor turns to execute a callback function associated with the breakpoint instruction in the Kprobes structure to generate a time delay with set time length, wherein the set time length is a time parameter contained in the callback function;
the processor executes the replaced instruction after a time delay of the set duration.
With reference to the second aspect, in a first possible implementation manner of the second aspect, the executing, by the processor, a callback function associated with the breakpoint instruction in the Kprobes structure to generate a time delay with a set time length includes:
the processor records a first time when the callback function is executed;
and the processor determines a second time which is different from the first time by the set time length after the first time so as to form the time delay of the set time length.
In a third aspect, an embodiment of the present invention further provides an electronic device, including:
a memory for storing instructions;
the processor is used for executing the kernel instructions stored in the memory; when an instruction in a kernel instruction set loaded into a memory is replaced by a breakpoint instruction in a kernel dynamic probe Kprobes structure, when the breakpoint instruction is executed, a processor turns to execute a callback function associated with the breakpoint instruction in the Kprobes structure; and when the processor finishes executing the callback function, the processor turns to execute the next kernel instruction after the function where the replaced instruction is located returns.
With reference to the third aspect, in a first possible implementation manner of the third aspect, the processor is configured to execute a callback function associated with the breakpoint instruction in the Kprobes structure, and specifically: and writing the error state code set in the callback function into a data register.
With reference to the third aspect, in a second possible implementation manner of the third aspect, the processor is configured to execute a callback function associated with the breakpoint instruction in the Kprobes structure, and specifically: reading the position information of the data return position of the replaced instruction stored in the Kproxobes structure body, and determining the data return position; and generating obfuscated data of a size not greater than a storage capacity of the data return location and writing the obfuscated data to the data return location.
With reference to the second possible implementation manner of the third aspect, in a third possible implementation manner of the third aspect, the processor is configured to generate obfuscated data whose size is not greater than a storage capacity of the data return location, and specifically: randomly generating the obfuscated data having a size no greater than a storage capacity of the data return location; or extracting a portion smaller than the storage capacity of the data return position from the set obfuscated data as the obfuscated data.
In a fourth aspect, an embodiment of the present invention further provides an electronic device, including:
a memory for storing instructions;
the processor is used for executing the kernel instructions stored in the memory; when an instruction in a kernel instruction set loaded into a memory is replaced by a breakpoint instruction in a Kprobes structure, when the breakpoint instruction is executed, a processor turns to execute a callback function associated with the breakpoint instruction in the Kprobes structure to generate a time delay with set time length, wherein the set time length is a time parameter contained in the callback function; and the processor executes the replaced instruction after a time delay of the set time length is generated.
With reference to the fourth aspect, in a first possible implementation manner of the fourth aspect, the processor is configured to execute a callback function associated with the breakpoint instruction in the Kprobes structure, and generate a time delay with a set duration, specifically: recording a first time when the callback function is executed; and determining a second time after the first time and different from the first time by the set time length to form the time delay of the set time length.
One or more technical solutions provided in the embodiments of the present application have at least the following technical effects or advantages:
in the embodiment of the application, when the processor executes the breakpoint instruction, the processor turns to execute a callback function associated with the breakpoint instruction in the Kprobes structure, so that fault injection is realized, and after the fault injection is realized, a next kernel instruction returned by a function where the kernel instruction replaced by the breakpoint instruction is located is directly executed, so that the number of instructions executed by the processor is reduced, the waiting time for next kernel fault injection is reduced, and the development period of the application program is shortened.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a prior art exemplary diagram of kernel fault injection using Kprobes;
fig. 2 is a schematic flowchart of a kernel fault injection method in embodiment 1 of the present application;
fig. 3 is a schematic flowchart of an application example in embodiment 1 of the present application;
FIG. 4 is a schematic flow chart of another application example in embodiment 1 of the present application;
fig. 5 is a schematic flowchart of a kernel fault injection method in embodiment 2 of the present application;
fig. 6 is a block diagram schematically illustrating a structure of an electronic device in embodiment 3 of the present application;
fig. 7 is a schematic block diagram of a detailed structure of an electronic device in embodiment 3 of the present application;
fig. 8 is a block diagram schematically illustrating a structure of an electronic device in embodiment 4 of the present application;
fig. 9 is a schematic block diagram of a detailed structure of an electronic device in embodiment 4 of the present application.
Detailed Description
In the kernel fault injection method, after a callback function associated with a breakpoint instruction is executed by a processor, the calling of a function where a kernel instruction replaced by the breakpoint instruction is located is finished, and a next instruction returned by the function where the replaced kernel instruction is located is directly executed, so that the number of instructions executed by the processor is reduced, the waiting time for next kernel fault injection is reduced, and the development cycle of an application program is shortened.
The technical solutions of the present application are described in detail below with reference to the drawings and specific embodiments, and it should be understood that the specific features in the embodiments and examples of the present application are detailed descriptions of the technical solutions of the present application, and are not limitations of the technical solutions of the present application, and the technical features in the embodiments and examples of the present application may be combined with each other without conflict.
For convenience of description, the meanings of the relevant nouns appearing in the embodiments of the present application will be first introduced.
Kprobes structure: the data structure of the kernel dynamic probe Kbarobes module is the basis of a Kbarobes system, all fault injection behaviors are spread around the structure, and the main components of the structure comprise:
hlist: all registered Kproxobes structures are added into a kprobe _ table hash table, and hlist members are used for linking to a certain slot;
list: if multiple Kprobes constructs are registered at the same location, they form a queue, the head of which is a special instance of Kprobes, and list members are used to link to this queue. When the detection point is triggered, the handlers registered in the KProbes instance at the head of the queue can traverse the handlers registered in the queue one by one;
addr: this member has two roles, one is that the user specifies the base address of the probe point (plus the offset to get the real address) before registration, and the other is that the actual address of the probe point is saved after registration. This may be unspecified and initialized by Kprobes before registration. If not, symbolic information of the detected position, such as a function name, must be specified;
symbol _ name: symbol name of the probe point. The name and the address can not be simultaneously specified, otherwise, an EINVAL error is returned during registration;
offset: the offset of the probe point relative to the addr address;
pre _ handler: this interface is invoked after a breakpoint exception triggers;
fault _ handler: if an error occurs in the execution process, the interface is called. If 1 is returned, it means that the error is handled by Kprobes, otherwise it is handled by the kernel;
break _ handler: when a processing function (such as a pre _ handler interface) of Kbarobes is called, a breakpoint exception is triggered to call the interface, the breakpoint exception is processed through an interrupt gate, and the interrupt is automatically closed before the corresponding processing function is called. Although the maskable interrupt is not received under the condition of closing the interrupt, the exception caused by the CPU or the NMI is still received, so that the breakpoint exception processing nesting possibly occurs;
ainsn: a copy of the probed instruction is saved.
In practice, the Kprobes structure includes other members, and the embodiments of the present application are not described in detail herein.
Dynamic Loadable Kernel Module (LKM): the Linux kernel is provided with an expansion socket externally. Because the Linux kernel is a single kernel, the Linux kernel has relatively poor expandability and maintainability although it has high efficiency. The LKM is introduced to make up for this deficiency, and can dynamically insert and unload kernel modules during the running process of the Linux kernel, so as to extend the functions of the kernel without recompiling the kernel. Therefore, by loading the Kprobes structure into the LKM, the kernel fault injection can be performed by Kprobes.
Breakpoint instruction: instructions that cause the program to interrupt where needed for fault injection, such as int3 instructions in the i386 and x86_64 architectures.
And (4) callback function: a function called by a function pointer. Callback functions are called by another function when a specific event or condition occurs, for responding to the event or condition. In the embodiment of the application, corresponding callback functions can be defined aiming at different kernel faults, and then the purpose of corresponding fault injection is achieved when the callback functions are executed.
Example 1
Referring to fig. 2, a schematic flow chart of a kernel fault injection method provided in the embodiment of the present application is shown, where the flow chart includes:
step 101: when an instruction in a kernel instruction set loaded into the memory is replaced by a breakpoint instruction in a kernel dynamic probe Kprobes structure, when the breakpoint instruction is executed by the processor, turning to execute a callback function associated with the breakpoint instruction in the Kprobes structure;
step 102: and when the callback function is executed, the processor turns to execute the next kernel instruction returned by the function where the replaced instruction is located.
For ease of understanding, the setting of probe points, that is, the process of replacing a probed kernel instruction with a breakpoint instruction, which is implemented in the registration process of the Kprobes structure, will be described first. It should be noted that registration of the Kprobes structure is performed before step 101 occurs.
When registering a Kprobes structure, a kernel program needs to be configured in order to load the Kprobes structure. The specific configuration work comprises the steps of compiling Kprobes related codes into a kernel, enabling a function for retrieving the function address of the kernel, enabling the function of a pluggable module of the kernel and the like.
After the kernel program is configured, the Kprobes structure can be loaded to the LKM, so that the Kprobes structure can be inserted into the kernel program. First, an operation of registering a probe point is performed, which is performed by a register _ kprobe () function (hereinafter, referred to as a registrar). After the register performs the relevant correctness check, the register stores the instruction code of the detected instruction into the ainsn of the struct _ kprobe structure. The registrar then adds the Kprobes instance to the kprobe table hash table, and finally replaces the first byte or bytes of the probed instruction with the breakpoint instruction. In the embodiment of the present application, the detected instruction may be any kernel instruction.
The detected kernel instruction can be replaced by a breakpoint instruction through the steps, and the registration of the Kproxobes structure body is completed.
In step 101, in the process of running the kernel program by the processor, when the breakpoint instruction is executed, the callback function associated with the breakpoint instruction is turned to be executed. Specifically, when the processor executes a breakpoint instruction, a software exception is caused, the processor finds an interrupt handling function in the interrupt descriptor table corresponding to the software exception, and calls a series of related functions when the processor interrupts the handling function, so as to finally realize the turning to execute a callback function associated with the breakpoint instruction.
Taking the exception handling flow caused by the int3 breakpoint instruction as an example, the processing flow of the processor when executing the breakpoint instruction is described in detail below, but the following flow is only one implementation manner of the processor switching from executing the breakpoint instruction to executing the callback function associated with the breakpoint instruction, and the scope of the embodiment of the present application is not limited in this way.
When the processor executes int3, a software exception is caused, the processor finds and executes an interrupt processing function corresponding to int3, KPROBE _ ENTRY (int3) is an ENTRY of the interrupt processing function, when the processor executes KPROBE _ ENTRY (int3), the processor calls do _ int3() function, and when executing do _ int3() function, the processor calls notify _ die () function, and the notify _ die () function mainly has a function of calling an abnormal callback function registered by kernel code. Register _ die _ notifier () is called in the initialization code of Kprobes (init _ Kprobes () function) for registering exception callback functions. The exception callback function registered for Kprobes is probe _ exceptions _ notify (), so that when the notify _ die () function is executed, the probe _ exceptions _ notify () function in the Kprobes structure is called, and the execution right is transferred from the kernel to Kprobes.
The val parameter in the probe _ exceptions _ notify () function can judge what exception the current call is caused by, where the exception is caused by an INT3 instruction, so the received parameter is DIE _ INT3, then a kprobe _ handler () function is called, the kprobe _ handler () function is a main implementation function for processing INT3 exception by Kprobes, a pre _ handler function in a registered struck kprobe structure can be found in a hash table according to a probe point address recorded during Kprobes registration, a callback function associated with a breakpoint instruction can be saved in the pre _ handler function, and the callback function saved in the pre _ handler function can be executed, so that fault injection can be realized.
Therefore, when the processor processes the software exception caused by the breakpoint instruction, the processor can transfer to execute the callback function associated with the breakpoint instruction by executing the interrupt processing function and calling a series of related functions.
In step 102, after the callback function is executed, the processor locates the next kernel instruction after the function where the replaced instruction is located returns through the replaced kernel instruction stored in the Kprobes structure, and directly executes the next kernel instruction after the located function returns.
After the step 102, starting to wait for the execution cycle of the next round of fault injection, repeating the steps 101 to 102 in the next round of execution cycle, and realizing the injection of the core fault again until the Kprobes structural body is unloaded from the LKM, so that the life cycle of the Kprobes is finished.
In the above technical solution of the embodiment of the present application, when the processor executes the breakpoint instruction, the processor turns to execute a callback function associated with the breakpoint instruction in the Kprobes structure, so as to implement fault injection, and after the fault injection is implemented, directly executes a next kernel instruction returned by a function where the kernel instruction replaced by the breakpoint instruction is located, thereby reducing the number of instructions executed by the processor, reducing the waiting time for next kernel fault injection, and shortening the development cycle of the application program.
Furthermore, in the embodiment of the application, corresponding callback functions can be defined for different kernel faults, so that the injection of different types of kernel faults is realized. Two ways of implementing the fault injection by the callback function executed by the processor are described below.
First, in step 101, the processor executes a callback function associated with a breakpoint instruction in a Kprobes structure, including: and the processor writes the error state code set in the callback function into the data register.
Specifically, when the processor executes the callback function, the processor can write the error status code of the setting stored in the callback function into the data register, and thus, the kernel fault such as returning the error status code can be injected.
Secondly, in step 101, the processor executes a callback function associated with the breakpoint instruction in the Kprobes structure, including the following steps:
the processor reads the position information of the data return position of the replaced instruction stored in the Kproxbes structural body and determines the data return position;
the processor generates obfuscated data of a size no greater than the storage capacity of the data return location and writes the obfuscated data to the data return location.
Specifically, when the processor executes the callback function, first, the position information of the data return position of the replaced instruction stored in the Kprobes structure, that is, the buffer pointer parameter of the replaced instruction is read, and the data return position of the replaced instruction is specified. Then, the processor generates the confusion data with the size not larger than the storage capacity of the data return position, and finally writes the generated confusion data into the determined data return position to realize the injection of the kernel faults of return data errors. Wherein writing the obfuscated data to the data return location may be accomplished by calling a copy _ to _ user function.
Optionally, the processor generates obfuscated data having a size not larger than the storage capacity of the data return location, and this step may be implemented by two ways:
mode 1, the obfuscated data having a size not larger than the storage capacity of the data return position is randomly generated. In the actual implementation process, the obfuscated data can be obtained by calling a get _ random _ bytes () function, and it needs to be ensured that the size of the generated obfuscated data is smaller than the storage capacity of the data return position corresponding to the replaced instruction.
In the method 2, data having a certain size is set as set obfuscated data, and when the set obfuscated data is needed, a portion smaller than the storage capacity of the data return position is extracted from the set obfuscated data as obfuscated data.
The two modes can simply and quickly generate the confusion data so as to carry out data confusion processing on the data return position of the replaced instruction and realize quick simulation of the fault of the return data error.
The following are examples of the above two different types of core fault injection solutions.
Referring to fig. 3, a schematic flowchart of an example of injecting a fault of a return error status code category in the embodiment of the present application is shown, where the flowchart includes:
step 201: registering a Kprobe structure, wherein a probe point is arranged at the address of a sys _ open function, a first byte of the sys _ open function is replaced by an int3 instruction, a callback function associated with the int3 instruction is an indicator _ eax (), and parameters of the indicator _ eax () function comprise a set error state code-EACCESS.
Step 202: the processor, when executing instructions to int3, causes a software exception.
Step 203: the processor executes an exception handling flow, finally turns to execute an indicator _ EAX () function by calling a related function, and writes a set error state code-EACCESS into an EAX register.
Step 204: after the processor executes the estimator _ eax () function, the processor directly executes the next kernel instruction returned by the sys _ open function.
In the specific implementation process, the step 201 is only required to be executed before the first fault injection, and in the case of not unloading the Kprobes structure, the step 201 is not required to be executed again in the subsequent fault injection period, and the steps 202 to 204 are repeated.
In the above example, the kernel fault with the sys _ open function return value as the error state code is simulated through Kprobes, and after fault injection, the next kernel instruction after the sys _ open function return is directly executed, so that the number of instructions executed by the processor between two kernel faults is reduced, and the waiting time for kernel fault injection is reduced.
Referring to fig. 4, a schematic flowchart of an example of injecting a fault of returning an error value category according to an embodiment of the present application is shown, where the flowchart includes:
step 301: registering a Kprobe structure, wherein a probe point is arranged at the address of a sys _ read function, a first byte of the sys _ read function is replaced by an int3 instruction, a callback function is an indicator _ control (), and parameters of the indicator _ control () function comprise buffer pointer parameters of the sys _ read function.
Step 302: the processor, when executing instructions to int3, causes a software exception.
Step 303: the processor executes an exception handling process, finally turns to execute an indicator _ control () function by calling a related function, firstly determines a buffer area of a sys _ read function according to a buffer area pointer parameter of the sys _ read function, then calls a get _ random _ bytes () function to generate confusion data smaller than the capacity of the buffer area, and finally calls a copy _ to _ user function to write the confusion data into the buffer area.
Step 304: after the processor executes the indicator _ control () function, the processor directly executes the next kernel instruction returned by the sys _ read function.
In the specific implementation process, the step 301 needs to be executed only before the first fault injection, and in the case of not unloading the Kprobes structure, the step 301 does not need to be executed again in the subsequent fault injection period, and the steps 302 to 304 need to be repeated.
In the above example, the kernel fault that the sys _ read function returns incorrect data is simulated through Kprobes, and after fault injection, the next kernel instruction after the sys _ open function returns is directly executed, so that the number of instructions executed by the processor between two times of kernel faults is reduced, and the waiting time for kernel fault injection is reduced.
Example 2
Aiming at the technical problem that the prior art lacks of a mode for injecting a delay-type fault when a kernel function is called, embodiment 2 of the present application provides a kernel fault injection method, and referring to fig. 5, the method includes the following steps:
step 401: when an instruction in a kernel instruction set loaded into a memory is replaced by a breakpoint instruction in a Kprobes structure, when the processor executes the breakpoint instruction, the processor turns to execute a callback function associated with the breakpoint instruction in the Kprobes structure to generate a time delay with set time length, wherein the set time length is a time parameter contained in the callback function;
step 402: the processor executes the replaced instruction after a time delay of the set duration.
Specifically, in step 401, in the kernel instruction set loaded into the memory, an instruction is replaced by the breakpoint instruction when the Kprobes structure is registered, so that when the processor executes the breakpoint instruction, a software exception is caused, the processor executes an exception handling process, finally turns to execute a callback function associated with the breakpoint instruction by calling a related function, and when the callback function is executed, a time delay with a set duration is generated. The implementation manner of the processor in step 401 turning to the execution of the callback function associated with the breakpoint instruction when executing the breakpoint instruction is the same as the implementation manner of the corresponding flow in step 101, and since the flow has already been described in detail in embodiment 1, detailed description is omitted here.
The callback function includes a time parameter, which is a time length of the time delay to be generated, and is referred to as a set time length in the embodiment of the application. The implementation manner of executing the callback function and generating the time delay with the set duration specifically comprises the following steps: the processor records a first time when the callback function is executed; then, a second time which is after the first time and has a difference of a set time length from the first time is determined to form a time delay of the set time length.
In step 402, after the processor generates the time delay of the set time length, the processor turns to execute the replaced core instruction stored in the Kprobes structure, so that the core fault of the time delay of the set time length occurring when the replaced instruction is executed can be simulated.
Therefore, the technical scheme provides a fault injection method for kernel function call delay categories.
Further, in step 401, a callback function is executed to generate a time delay with a set duration, which has the following two implementation modes:
firstly, when a callback function is executed, recording first time when a processor starts to execute the callback function; after the first time is recorded, recording the time at the time again, judging whether the time difference between the time and the first time reaches a set time length, and if so, determining the time to be a second time; otherwise, repeating the steps until the second time is determined. Wherein, the operation of recording the current time can be realized by calling the function of the docettimeoffset.
Secondly, when the callback function is executed, a timer is started, and when the timer reaches the set time, the callback function is executed. And the time difference between the set time and the time of starting the timer is the set duration.
Through the two modes, the purpose of manufacturing the time delay with the set time length can be quickly and accurately realized, and the time delay simulation is convenient to carry out.
Further, after step 402, the processor executes the instructions in the core instruction set loaded into the memory after the replaced instruction, so as to return to the execution of the normal core instruction flow.
Example 3
Based on the same technical concept as that of embodiment 1, an embodiment of the present invention provides an electronic device, which includes a bus 500, and a processor 501 and a memory 502 connected to the bus 500, as shown in fig. 6.
The memory 502 is used for storing instructions.
The processor 501 is configured to execute instructions stored in the memory 502, specifically including a kernel instruction, a breakpoint instruction for replacing the kernel instruction, and an instruction in the Kprobes structure where the breakpoint instruction is located. When an instruction in the kernel instruction set loaded in the memory 502 is replaced by a breakpoint instruction in the kernel dynamic probe Kprobes structure, the processor 501 turns to execute a callback function associated with the breakpoint instruction in the Kprobes structure when executing the breakpoint instruction; and when the callback function is executed, the processor 501 turns to execute the next kernel instruction after the function where the replaced instruction is located returns.
Optionally, the processor 501 is configured to execute a callback function associated with the breakpoint instruction in the Kprobes structure, and specifically includes: and writing the error state code set in the callback function into the data register.
Optionally, the processor 501 is configured to execute a callback function associated with the breakpoint instruction in the Kprobes structure, and specifically includes: reading the position information of the data return position of the replaced instruction stored in the Kproxbes structural body, and determining the data return position; and generating obfuscated data of a size not larger than the storage capacity of the data return location, and writing the obfuscated data to the data return location.
Optionally, the processor 501 is configured to generate obfuscated data with a size not larger than a storage capacity of the data return location, specifically: randomly generating obfuscated data of which the size is not larger than the storage capacity of the data return position; or a portion smaller than the storage capacity of the data return position is extracted from the set obfuscated data as obfuscated data.
Preferably, referring to fig. 7, the electronic device further includes: the rom 503 connected to the bus 500 boots the electronic device into a normal operation state by booting the bios system, which is solidified in the rom 503, when the electronic device needs to be operated.
After the electronic device enters a normal operation state, the application and the operating system are run in the memory 502.
Various kernel fault injection manners and specific examples in the kernel fault injection method in embodiment 1 are also applicable to the electronic device in embodiment 3, and a person skilled in the art can clearly know the implementation method of the electronic device in embodiment 3 through the detailed description of the kernel fault injection method in embodiment 1, so that the detailed description is omitted here for the sake of brevity of the description.
Example 4
Based on the same technical concept as embodiment 2, an embodiment of the present invention provides an electronic device, referring to fig. 8, the electronic device including: a bus 600, and a processor 601 and a memory 602 coupled to the bus 600.
The memory 602 is used for storing instructions.
The processor 601 is configured to execute instructions in the memory 602, specifically including a kernel instruction, a breakpoint instruction for replacing the kernel instruction, and an instruction in the Kprobes structure where the breakpoint instruction is located. When an instruction in the kernel instruction set loaded in the memory 602 is replaced by a breakpoint instruction in the Kprobes structure, the processor 601, when executing the breakpoint instruction, turns to execute a callback function associated with the breakpoint instruction in the Kprobes structure, and generates a time delay with a set time length, wherein the set time length is a time parameter contained in the callback function; and the processor 601 executes the replaced instruction after a delay of a set duration.
Optionally, the processor 601 is configured to execute a callback function associated with the breakpoint instruction in the Kprobes structure, and generate a time delay with a set duration, specifically: recording a first time when the callback function is executed; and determining a second time which is different from the first time by a set time length after the first time so as to form a time delay of the set time length.
Preferably, referring to fig. 9, the electronic device further includes: the rom 603 connected to the bus 600 boots the electronic device into a normal operation state by booting the bios system, which is solidified in the rom 603, when the electronic device needs to be operated.
After the electronic device enters a normal operation state, the application program and the operating system are run in the memory 602.
Various kernel fault injection manners and specific examples in the kernel fault injection method in the embodiment 2 are also applicable to the electronic device in the embodiment 4, and a person skilled in the art can clearly know the implementation method of the electronic device in the embodiment 4 through the detailed description of the kernel fault injection method in the embodiment 2, so that the detailed description is omitted here for the brevity of the description.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (2)
1. A method for kernel fault injection, the method comprising:
when an instruction in a kernel instruction set loaded into a memory is replaced by a breakpoint instruction in a Kprobes structure, when the breakpoint instruction is executed, a processor turns to execute a callback function associated with the breakpoint instruction in the Kprobes structure to generate a time delay with set time length, wherein the set time length is a time parameter contained in the callback function;
the processor executes the replaced instruction after generating the time delay of the set time length;
the processor executes a callback function associated with the breakpoint instruction in the Kprobes structure to generate a time delay with a set duration, and the method comprises the following steps:
the processor records a first time when the callback function is executed;
and the processor determines a second time which is different from the first time by the set time length after the first time so as to form the time delay of the set time length.
2. An electronic device, comprising:
a memory for storing instructions;
the processor is used for executing the kernel instructions stored in the memory; when an instruction in a kernel instruction set loaded into a memory is replaced by a breakpoint instruction in a Kprobes structure, when the breakpoint instruction is executed, a processor turns to execute a callback function associated with the breakpoint instruction in the Kprobes structure to generate a time delay with set time length, wherein the set time length is a time parameter contained in the callback function; and the processor executes the replaced instruction after generating the time delay of the set time length;
the processor is configured to execute a callback function associated with the breakpoint instruction in the Kprobes structure, and generate a time delay with a set duration, where the time delay is specifically: recording a first time when the callback function is executed; and determining a second time after the first time and different from the first time by the set time length to form the time delay of the set time length.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810725000.6A CN109101416B (en) | 2014-09-28 | 2014-09-28 | Kernel fault injection method and electronic equipment |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810725000.6A CN109101416B (en) | 2014-09-28 | 2014-09-28 | Kernel fault injection method and electronic equipment |
| CN201410507741.9A CN105528284B (en) | 2014-09-28 | 2014-09-28 | A kind of kernel fault filling method and electronic equipment |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410507741.9A Division CN105528284B (en) | 2014-09-28 | 2014-09-28 | A kind of kernel fault filling method and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109101416A CN109101416A (en) | 2018-12-28 |
| CN109101416B true CN109101416B (en) | 2022-01-14 |
Family
ID=55770527
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810725000.6A Expired - Fee Related CN109101416B (en) | 2014-09-28 | 2014-09-28 | Kernel fault injection method and electronic equipment |
| CN201410507741.9A Expired - Fee Related CN105528284B (en) | 2014-09-28 | 2014-09-28 | A kind of kernel fault filling method and electronic equipment |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410507741.9A Expired - Fee Related CN105528284B (en) | 2014-09-28 | 2014-09-28 | A kind of kernel fault filling method and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN109101416B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106598799A (en) * | 2016-12-16 | 2017-04-26 | 郑州云海信息技术有限公司 | Fault injection simulation system and fault management system |
| CN106776175A (en) * | 2016-12-16 | 2017-05-31 | 郑州云海信息技术有限公司 | A kind of failure management method of internal memory, system and Fault Management System |
| CN109271306A (en) * | 2018-09-30 | 2019-01-25 | 深圳中广核工程设计有限公司 | Life test method, device, equipment and medium based on direct fault location |
| CN109558325A (en) * | 2018-12-03 | 2019-04-02 | 浪潮电子信息产业股份有限公司 | Time delay statistical method and device and computer readable storage medium |
| CN110032897B (en) * | 2019-04-17 | 2021-01-08 | 清华大学 | Multi-core processor and time constraint-based fault attack method thereof |
| CN110688271B (en) * | 2019-09-11 | 2023-06-23 | 上海高性能集成电路设计中心 | Controllable random fault injection method applied to simulation verification of processor chip |
| CN111639312B (en) * | 2020-06-02 | 2023-04-14 | 腾讯科技(成都)有限公司 | Anti-debugging method, anti-debugging device, storage medium and electronic device |
| CN112905995B (en) * | 2021-02-05 | 2022-08-05 | 电子科技大学 | Method and system for detecting abnormal behaviors of register group in processor in real time |
| CN114691504B (en) * | 2022-03-28 | 2024-08-13 | 北京交通大学 | Fault injection method based on call instruction replacement |
| CN115729724B (en) * | 2022-11-30 | 2024-05-10 | 中电金信软件有限公司 | Fault injection method, fault test system, electronic device and readable storage medium |
| CN116991559B (en) * | 2023-09-25 | 2024-02-02 | 苏州元脑智能科技有限公司 | Method and device for exiting uninterrupted sleep state process |
| CN117931555B (en) * | 2024-03-22 | 2024-06-07 | 新华三信息技术有限公司 | Method and device for simulating SCSI equipment fault under kernel mode |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7523446B2 (en) * | 2006-11-30 | 2009-04-21 | International Business Machines Corporation | User-space return probes |
| KR101042979B1 (en) * | 2009-10-23 | 2011-06-21 | 한국항공대학교산학협력단 | Simulation Kernel-based Simulation Fault Injection Apparatus for the Evaluation of the Dependability of Embedded Systems |
| CN102346710A (en) * | 2011-10-13 | 2012-02-08 | 北京航空航天大学 | Dynamic stubbing technology based time-delay analysis method for data packet processing |
| CN102354298A (en) * | 2011-07-27 | 2012-02-15 | 哈尔滨工业大学 | Software testing automation framework (STAF)-based fault injection automation testing platform and method for high-end fault-tolerant computer |
| CN102722434A (en) * | 2012-05-24 | 2012-10-10 | 兰雨晴 | Performance test method and tool aiming at Linux process scheduling |
| CN103761175A (en) * | 2013-11-25 | 2014-04-30 | 中国科学院计算技术研究所 | System and method for monitoring program execution paths under Linux system |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8739135B2 (en) * | 2005-11-04 | 2014-05-27 | Red Hat, Inc. | Static instrumentation macros for fast declaration free dynamic probes |
| US8141056B2 (en) * | 2008-04-03 | 2012-03-20 | International Business Machines Corporation | Just-in-time dynamic instrumentation |
| CN101334754A (en) * | 2008-08-05 | 2008-12-31 | 浙江大学 | Fault infusion based embedded system evaluation method |
| WO2013094048A1 (en) * | 2011-12-21 | 2013-06-27 | 富士通株式会社 | Testing server, information processing system, testing program, and testing method |
| CN102768642B (en) * | 2012-06-25 | 2016-08-03 | 浪潮电子信息产业股份有限公司 | A kind of LINUX kernel reliability evaluating system and method analyzed based on source code |
| CN103019904B (en) * | 2012-12-27 | 2015-09-30 | 中国航空工业集团公司第六三一研究所 | On-board redundancy computer supports the harmless fault filling method of fault-tolerant checking |
| CN103257913B (en) * | 2013-04-18 | 2015-10-28 | 西安交通大学 | Software fault detection removal system and method during a kind of operation |
| CN103473162A (en) * | 2013-09-25 | 2013-12-25 | 浪潮电子信息产业股份有限公司 | Reliability evaluation system design method based on software fault injection |
-
2014
- 2014-09-28 CN CN201810725000.6A patent/CN109101416B/en not_active Expired - Fee Related
- 2014-09-28 CN CN201410507741.9A patent/CN105528284B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7523446B2 (en) * | 2006-11-30 | 2009-04-21 | International Business Machines Corporation | User-space return probes |
| KR101042979B1 (en) * | 2009-10-23 | 2011-06-21 | 한국항공대학교산학협력단 | Simulation Kernel-based Simulation Fault Injection Apparatus for the Evaluation of the Dependability of Embedded Systems |
| CN102354298A (en) * | 2011-07-27 | 2012-02-15 | 哈尔滨工业大学 | Software testing automation framework (STAF)-based fault injection automation testing platform and method for high-end fault-tolerant computer |
| CN102346710A (en) * | 2011-10-13 | 2012-02-08 | 北京航空航天大学 | Dynamic stubbing technology based time-delay analysis method for data packet processing |
| CN102722434A (en) * | 2012-05-24 | 2012-10-10 | 兰雨晴 | Performance test method and tool aiming at Linux process scheduling |
| CN103761175A (en) * | 2013-11-25 | 2014-04-30 | 中国科学院计算技术研究所 | System and method for monitoring program execution paths under Linux system |
Non-Patent Citations (2)
| Title |
|---|
| Kprobes源码分析----kprobe的注册;Justlinux2010;《CSDN: https://blog.csdn.net/justlinux2010/article/details/14450001》;20131107;第1-5页 * |
| kprobe和systemtap;Flyhigh;《CSDN: https://blog.csdn.net/wjflyhigh/article/details/8776236》;20130409;第1-13页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109101416A (en) | 2018-12-28 |
| CN105528284A (en) | 2016-04-27 |
| CN105528284B (en) | 2018-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109101416B (en) | Kernel fault injection method and electronic equipment | |
| US10089126B2 (en) | Function exit instrumentation for tail-call optimized code | |
| CN110580226B (en) | Object code coverage rate testing method, system and medium for operating system level program | |
| US8170859B1 (en) | Methods, apparatuses and computer program products for simulating arbitrary unmodified code | |
| CN102063286B (en) | Program flow controls | |
| US8806447B2 (en) | Step-type operation processing during debugging by machine instruction stepping concurrent with setting breakpoints | |
| US8843910B1 (en) | Identifying a set of functionally distinct reorderings in a multithreaded program | |
| US8495344B2 (en) | Simultaneous execution resumption of multiple processor cores after core state information dump to facilitate debugging via multi-core processor simulator using the state information | |
| US20100180263A1 (en) | Apparatus and method for detecting software error | |
| US8843899B2 (en) | Implementing a step-type operation during debugging of code using internal breakpoints | |
| US9678816B2 (en) | System and method for injecting faults into code for testing thereof | |
| US9086969B2 (en) | Establishing a useful debugging state for multithreaded computer program | |
| US20080270842A1 (en) | Computer operating system handling of severe hardware errors | |
| CN110209520B (en) | Method and device for improving SSD (solid State disk) testing efficiency, computer equipment and storage medium | |
| WO2009129052A1 (en) | Code evaluation for in-order processing | |
| CN106055481B (en) | Method and device for testing computer program | |
| US20150212835A1 (en) | Automatic identification of interesting interleavings in a multithreaded program | |
| US9639451B2 (en) | Debugger system, method and computer program product for utilizing hardware breakpoints for debugging instructions | |
| US8108840B2 (en) | Method for enhancing debugger performance of hardware assisted breakpoints | |
| US8972784B2 (en) | Method and device for testing a system comprising at least a plurality of software units that can be executed simultaneously | |
| US10229033B2 (en) | System, method and apparatus for debugging of reactive applications | |
| US9182990B1 (en) | Method and apparatus for detecting execution of unsupported instructions while testing multiversioned code | |
| CN115964237A (en) | Method and device for testing functions and performance of Central Processing Unit (CPU) | |
| US11182182B2 (en) | Calling arbitrary functions in the kernel via a probe script | |
| CN115470151B (en) | Application operation analysis method, computing device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20220114 |