CN112084112A - Hot patch testing method and device and server - Google Patents

Hot patch testing method and device and server Download PDF

Info

Publication number
CN112084112A
CN112084112A CN202010952783.9A CN202010952783A CN112084112A CN 112084112 A CN112084112 A CN 112084112A CN 202010952783 A CN202010952783 A CN 202010952783A CN 112084112 A CN112084112 A CN 112084112A
Authority
CN
China
Prior art keywords
function
instruction
address
hot patch
call
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010952783.9A
Other languages
Chinese (zh)
Other versions
CN112084112B (en
Inventor
程相群
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingsoft Cloud Network Technology Co Ltd
Original Assignee
Beijing Kingsoft Cloud Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingsoft Cloud Network Technology Co Ltd filed Critical Beijing Kingsoft Cloud Network Technology Co Ltd
Priority to CN202010952783.9A priority Critical patent/CN112084112B/en
Publication of CN112084112A publication Critical patent/CN112084112A/en
Application granted granted Critical
Publication of CN112084112B publication Critical patent/CN112084112B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Quality & Reliability (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Stored Programmes (AREA)

Abstract

The invention provides a hot patch testing method, a hot patch testing device and a hot patch testing server. The method can inquire static information related to the hot patch, such as an instruction starting address, an instruction length, a function address and the like, and verify whether an instruction sequence of a calling instruction is correct or not, so as to determine whether the hot patch is effective or not; the method can detect new bugs introduced into the hot patch due to reasons such as the function loss of the hot patch tool and the like, and improves the effectiveness and reliability of the hot patch; meanwhile, compared with a testing mode for reproducing the original vulnerability in the prior art, the method can effectively reduce the cost for verifying the hot patch function.

Description

Hot patch testing method and device and server
Technical Field
The invention relates to the technical field of software development, in particular to a hot patch testing method, a hot patch testing device and a server.
Background
The hot patch can repair the defects of the current software version of the equipment under the condition of not restarting the equipment and the service; for example, hot patching technology can be adopted to perform hot patching on vulnerabilities existing in the Linux kernel. The hot patch is usually manufactured by a hot patch manufacturing tool, so the correctness of the hot patch is also related to the manufacturing tool; due to the technical limitation of the manufacturing tool, if the hot patch exceeds the processable technical range of the manufacturing tool, the manufactured hot patch is prone to incomplete functions, and when the hot patch with incomplete functions is used for repairing the vulnerability, a new vulnerability may be introduced into the repaired software, so that the security and the stability of the software are threatened. In the related art, the method for testing the correctness of the hot patch mainly adopts a method of trying to reproduce an original vulnerability to verify the validity of the hot patch, but the application scenes of part of software are complex, the triggering conditions are harsh, the vulnerability reproduction cost is high, and meanwhile, whether a new vulnerability is introduced into the hot patch is difficult to check.
Disclosure of Invention
The invention aims to provide a hot patch testing method, a hot patch testing device and a hot patch testing server, so that the cost of hot patch function verification is reduced, and whether a new vulnerability is introduced into a hot patch is checked.
The invention provides a hot patch testing method, which comprises the following steps: acquiring a first expected instruction sequence and a first actual instruction sequence of a first call instruction after a target function is repaired based on a first instruction starting address and a first instruction length of the first call instruction and a function address of a repair function in a preset hot patch; the first calling instruction is used for indicating to call the target function or the repair function; the hot patch is used for repairing the target function; determining that the hot patch is valid if the first expected sequence of instructions matches the first actual sequence of instructions.
Further, after the target function is repaired based on the first instruction start address and the first instruction length of the first call instruction and the function address of the repair function in the preset hot patch, the step of obtaining the first expected instruction sequence and the first actual instruction sequence of the first call instruction includes: determining a first expected instruction sequence of the first call instruction after the target function is repaired based on a first instruction starting address and a first instruction length of the first call instruction and a function address of the repair function; and querying a first actual instruction sequence of the first calling instruction after the target function is repaired.
Further, the step of determining that the target function is repaired based on the first instruction start address and the first instruction length of the first call instruction and the function address of the repair function, and then determining that the first expected instruction sequence of the first call instruction is repaired includes: calculating the sum of the first instruction starting address and the first instruction length to obtain a first calculation address; subtracting the first calculation address from the function address of the repair function to obtain the instruction offset corresponding to the repair function; based on the instruction offset, a first expected instruction sequence of the first call instruction is determined.
Further, the step of querying a first actual instruction sequence of the first call instruction after the target function is repaired includes: writing the first instruction starting address into a first operation object, triggering a write-back transfer function corresponding to the first operation object, converting the first instruction starting address into a first instruction starting address in a preset format, and storing the first instruction starting address into a memory; writing the first instruction length into a second operation object, triggering a write-back transfer function corresponding to the second operation object, converting the first instruction length into a first instruction length with a preset format, and storing the first instruction length into a memory; triggering a write-back transfer function corresponding to a third operation object, starting from a first instruction starting address in the preset format, reading an instruction sequence in the preset format according to the first instruction length in the preset format, and converting the instruction sequence in the preset format into the first actual instruction sequence; the first actual sequence of instructions is queried.
Further, the step of determining that the hot patch is valid includes: if the repair function comprises a second call instruction, acquiring a second expected instruction sequence and a second actual instruction sequence of the second call instruction after the target function is repaired based on a second instruction starting address and a second instruction length of the second call instruction and a function address of the first function; the repair function is used for calling the first function through the second calling instruction; determining that the hot patch is valid if the second expected sequence of instructions matches the second actual sequence of instructions.
Further, the first call instruction is contained in an instruction corresponding to a second function; the second function is used for calling the target function or the repair function through the first calling instruction; after the step of determining that the hot patch is valid, the method further comprises: calling the second function to obtain an output result of the second function; determining whether the function of the hot patch is correct based on the output result.
Further, the step of calling the second function to obtain the output result of the second function includes: inquiring the function address of the second function, and calling the number of parameters to be transferred of the second function; acquiring parameters needing to be transferred for calling the second function based on the number of the parameters;
writing the function address into a fourth operation object, triggering a write-back transfer function corresponding to the fourth operation object, converting the function address into a function address with a preset format, and storing the function address into a memory; writing the parameter into a fifth operation object, triggering a write-back transfer function corresponding to the fifth operation object to convert the parameter into a parameter with a preset format, and storing the parameter into a memory; and calling the second function based on the function address in the preset format and the parameter in the preset format to obtain an output result of the second function.
Further, the number of the parameters comprises a plurality of parameters; the fifth operation object comprises a plurality of objects;
the step of writing the parameter into a fifth operation object, triggering a write-back transfer function corresponding to the fifth operation object to convert the parameter into a parameter in a preset format, and storing the parameter in a memory includes: and for each parameter, writing the parameter into a fifth operation object corresponding to the parameter, triggering a write-back transfer function corresponding to the fifth operation object corresponding to the parameter, converting the parameter into a parameter with a preset format, and storing the parameter in a memory.
Further, the step of calling the second function based on the function address in the preset format and the parameter in the preset format to obtain the output result of the second function includes: triggering a write-back transfer function corresponding to a sixth operation object to call the second function based on the function address in the preset format; and obtaining an output result of the second function based on the parameter of the preset format.
Further, the step of obtaining the output result of the second function based on the parameter in the preset format includes: inputting the parameters of the preset format into the second function to obtain an output result of the preset format of the second function; assigning the output result in the preset format to a seventh operation object; and triggering the read back transfer function corresponding to the seventh operation object to convert the output result in the preset format into the output result of the second function.
Further, before the step of determining whether the function of the hot patch is correct based on the output result, the method further includes: inquiring the function address of the second function, and calling the number of parameters to be transferred of the second function; acquiring parameters needing to be transferred for calling the second function based on the number of the parameters; the step of determining whether the function of the hot patch is correct based on the output result includes: determining an expected calculation of the second function based on the parameter; and if the output result is matched with the expected calculation result, determining that the function of the hot patch is correct.
The invention provides a hot patch testing device, which comprises: the obtaining module is used for obtaining a first expected instruction sequence and a first actual instruction sequence of a first call instruction after a target function is repaired based on a first instruction starting address and a first instruction length of the first call instruction and a function address of a repair function in a preset hot patch; the first calling instruction is used for indicating to call the target function or the repair function; the hot patch is used for repairing the target function; a determining module for determining that the hot patch is in effect if the first expected sequence of instructions matches the first actual sequence of instructions.
The invention provides a server, which comprises a processor and a memory, wherein the memory stores machine executable instructions capable of being executed by the processor, and the processor executes the machine executable instructions to realize the hot patch testing method.
The present invention provides a machine-readable storage medium having stored thereon machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement a method of testing a hot patch as described in any of the above.
According to the hot patch testing method, the hot patch testing device and the hot patch testing server, a first expected instruction sequence and a first actual instruction sequence of a first calling instruction are obtained after a target function is repaired based on a first instruction starting address and a first instruction length of the first calling instruction and a function address of a repairing function in a preset hot patch; if the first expected sequence of instructions matches the first actual sequence of instructions, it is determined that the hot patch is in effect. The method can inquire static information related to the hot patch, such as an instruction starting address, an instruction length, a function address and the like, and verify whether an instruction sequence of a calling instruction is correct or not, so as to determine whether the hot patch is effective or not; the method can detect new bugs introduced into the hot patch due to reasons such as the function loss of the hot patch tool and the like, and improves the effectiveness and reliability of the hot patch; meanwhile, compared with a testing mode for reproducing the original vulnerability in the prior art, the method can effectively reduce the cost for verifying the hot patch function.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a schematic diagram illustrating a basic principle of a hot patch according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for testing a hot patch according to an embodiment of the present invention;
FIG. 3 is a flowchart of another hot patch testing method according to an embodiment of the present invention;
FIG. 4 is a flowchart of another hot patch testing method according to an embodiment of the present invention;
FIG. 5 is a flowchart of another method for testing a hot patch according to an embodiment of the present invention;
FIG. 6 is a flowchart of another method for testing a hot patch according to an embodiment of the present invention;
FIG. 7 is a schematic structural diagram of a device for testing a hot patch according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a server according to an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A patch is understood to be a package for repairing a bug, which is some code that can repair a software or hardware bug, and is a way to repair a bug in a product software version quickly and at low cost. Compared with the hot patch (hotfix) and the software version upgrading, the hot patch has the main advantage that the service currently running by the equipment is not interrupted, namely, the defects of the current software version of the equipment can be repaired under the condition of not restarting the equipment and the service.
In the prior art, a hot patch technology is usually adopted to perform hot repair on a bug (bug) existing in a Linux (an open source computer operating system kernel). The current tools for making hot patches mainly include ksply (a tool that can apply patches to kernels at runtime) and kpatch, where kpatch is open source software that is released by open source communities and can freely obtain tool source codes. The hot patch is usually manufactured by a hot patch manufacturing tool, so the correctness of the hot patch is also related to the manufacturing tool and is limited by the technology of the manufacturing tool, if the hot patch exceeds the technical range which can be processed by the manufacturing tool, the function of the hot patch is incomplete easily, a new vulnerability can be introduced into the repaired software, and greater threats are brought to the safety and the stability of the Linux kernel.
For example: bug exists in the original kernel function A; correspondingly, the function in the hot patch after bug repair is B. Suppose there are three addresses (x, y, z) in function A that need to be relocated, where x, y exist in the bug core code and z exists in the uncore code, there is no direct necessary relationship with the cause of the bug, but correct relocation is still needed. If the current kpatch hot patch is limited by a kernel mechanism and functions of the current kpatch hot patch, the technology related to z cannot be processed, z in the function B cannot be relocated in the hot patch process, and only x and y in the function B are relocated. In this case, the function B in the hot patch is functionally missing.
The current method for testing the correctness of the hot patch mainly adopts a method of trying to reproduce an original bug to verify the validity of the hot patch, namely before the hot patch is not printed, the reproduction operation is executed, and the problem can be reproduced; after the hot patch is printed, the recurrence operation is executed again, if the problem recurs, the hot patch is invalid; if the original problem does not reappear, the hot patch is indicated to be effective. However, part of kernel bugs have complex application scenarios, harsh triggering conditions and high recurrence cost, so that the hot patch testing cost becomes difficult to estimate, and meanwhile, the problem that whether a new hot patch is introduced or not is difficult to be checked in a targeted manner is solved.
As described in the above example, if the hot patch test is insufficient, only the function of correctly relocating x and y in the function B of the kernel bug is verified, but the problem that z in the function B cannot be correctly relocated cannot be tested from the application scenario, a hot patch with incomplete functions may be installed in the kernel, and a new hidden danger may be introduced to the repaired software while the kernel bug is repaired. Based on this, the embodiment of the invention provides a hot patch testing method, a hot patch testing device and a server.
For the convenience of understanding the present embodiment, the basic principle of hot patching is briefly described below, and the basic principle of hot patching described herein is only for explaining the test function and the test method of the test tool, and does not represent the actual working principle of the current kpatch hot patching, which is more complex than the hot patching principle described herein. As shown in fig. 1, before hot patching, the function containing the bug is FuncA (bug), and the function call instruction call calls the function, namely call FuncA (bug); after hot patching, the function of the bug is repaired to be FuncA (repair), and the main purpose of the hot patching is to modify a call FuncA (bug) instruction at the original calling function so that the call FuncA (repair) instruction actually calls FuncA (repair) in the hot patching.
Assuming that the address of the original funca (bug) is 0 xfffffffff 22334488, and the address of funca (repair) in the hot patch is 0xfffffff 55667788, the function call instruction is call0 xfffffffff 22334488 before the hot patch is patched, and the call instruction after the hot patch is modified to call0 xfffffffff 55667788, that is, the function funca (repair) in the hot patch is used to "replace" the original function funca (bug), so as to repair the bug in the original function funca (bug).
The following describes a hot patch testing method disclosed in the embodiment of the present invention in detail; as shown in fig. 2, the method comprises the steps of:
step S202, acquiring a first expected instruction sequence and a first actual instruction sequence of a first call instruction after a target function is repaired based on a first instruction starting address and a first instruction length of the first call instruction and a function address of a repair function in a preset hot patch; the first call instruction is used for indicating to call a target function or a repair function; the hot patch is used to repair the target function.
The target function can be understood as a function with bug in software, such as a function with bug in Linux kernel; the first call instruction can be understood as an instruction which can execute calling other subprograms, such as a call instruction; the first instruction start address may be understood as an address of a first byte in a first call instruction, and the first instruction start address is usually expressed in a hexadecimal format; the first instruction length may be understood as a byte length of the first call instruction; the repair function can be understood as a function obtained after bug bugs in the target function are repaired through hot patching; the function address of the repair function may be understood as an address corresponding to the repair function in the hot patch, and the address is also usually expressed in a hexadecimal format; the above instruction sequence is understood to be a machine instruction code, which may be used to represent code of instructions in an instruction set.
In actual implementation, before the target function is repaired through the hot patch, the target function can be called through the first calling instruction, and after the target function is repaired through the hot patch, the repair function can be called through the first calling instruction; after the target function is repaired by using the hot patch, a first expected instruction sequence and a first actual instruction sequence of a first call instruction can be determined based on a first instruction starting address and a first instruction length of the first call instruction and a function address of a repair function, wherein the first expected instruction sequence can ensure that the first call instruction calls the repair function in the hot patch, and the first expected instruction sequence can be calculated in a proper mode according to actual requirements; the first actual instruction sequence may be understood as a real instruction sequence obtained by actually running a calculation in the kernel memory.
Step S204, if the first expected instruction sequence is matched with the first actual instruction sequence, determining that the hot patch is effective.
During actual implementation, after the obtained target function is repaired, a first actual instruction sequence obtained by actual operation calculation in a kernel memory may be matched with a first expected instruction sequence or may not be matched with the first expected instruction sequence, and if the first actual instruction sequence is not matched with the first expected instruction sequence, it is usually indicated that a hot patch is not normally applied, the hot patch is invalid, and the function of the corresponding hot patch is also incorrect; if the first actual instruction sequence matches the first expected instruction sequence, indicating that a hot patch is normally applied, the hot patch may be determined to be valid.
According to the hot patch testing method provided by the embodiment of the invention, a first expected instruction sequence and a first actual instruction sequence of a first call instruction are obtained after a target function is repaired based on a first instruction starting address and a first instruction length of the first call instruction and a function address of a repair function in a preset hot patch; if the first expected sequence of instructions matches the first actual sequence of instructions, it is determined that the hot patch is in effect. The method can inquire static information related to the hot patch, such as an instruction starting address, an instruction length, a function address and the like, and verify whether an instruction sequence of a calling instruction is correct or not, so as to determine whether the hot patch is effective or not; the method can detect new bugs introduced into the hot patch due to reasons such as the function loss of the hot patch tool and the like, and improves the effectiveness and reliability of the hot patch; meanwhile, compared with a testing mode for reproducing the original vulnerability in the prior art, the method can effectively reduce the cost for verifying the hot patch function.
The embodiment of the invention also provides another hot patch testing method, which is realized on the basis of the method of the embodiment; the method mainly describes a specific process of acquiring a first expected instruction sequence and a first actual instruction sequence of a first call instruction after a target function is repaired based on a first instruction start address and a first instruction length of the first call instruction and a function address of a repair function in a preset hot patch, and specifically corresponds to the following steps S302 to S304, as shown in fig. 3, the method includes the following steps:
step S302, determining a first expected instruction sequence of the first call instruction after the target function is repaired based on the first instruction start address and the first instruction length of the first call instruction, and the function address of the repair function.
The first instruction start address may be understood as an address of a first instruction in the first call instruction, generally expressed in hexadecimal format, and the instruction length may be understood as a byte length of the first call instruction. For example, taking the first call instruction as a call instruction as an example, the instruction start address of the call instruction is 0xFFFFFFFF11111188, and for an X86 series, one of the call instructions has an instruction code opcode of 0xE8 and an instruction length of 5Byte, that is, 5 bytes; the call instruction code occupies the first byte of 5 bytes, and the other 4 bytes represent an offset; the instruction start address of the next instruction after the call instruction is 0xfffffff 11111188+ 5; the format and instruction length of the instruction sequence corresponding to the call instruction are usually different for different series.
In practical implementation, the first instruction start address may be obtained in two ways, which generally include but are not limited to: one way is to obtain from a kernel symbol table in a currently running kernel, wherein the kernel symbol table can be understood as a symbol table of functions and variables which can be referred to externally in internal functions or variables of the kernel; in another mode, after the first instruction starting address is compiled, the first instruction starting address can be acquired before the kernel runs; the function address of the target function or the function address of the repair function and the like in the application can also refer to the two obtaining modes, and some addresses need to be obtained when the kernel runs; some addresses can be obtained in a static state after compiling and before the kernel runs. It should be noted that the function address of the repair function in the hot patch can be determined only when the kernel runs, and cannot be determined before the kernel runs, and a corresponding address space is generally reserved, for example, if the function address is 8 bytes, an address space of 8 bytes is reserved before the kernel runs, and a specific function address is filled in when the kernel runs actually.
Specifically, the step S302 can be implemented by the following steps one to three:
step one, calculating the sum of a first instruction starting address and a first instruction length to obtain a first calculation address.
For convenience of understanding, the following description will take the first call instruction as the call instruction, the first instruction start address of the call instruction is 0 xfffffffff 11188, the first instruction length is 5Byte, and the function address of the repair function is 0 xfffffffff 55667788 as an example, the sum of the first instruction start address and the first instruction length, that is, (0 xfffffffffff 11188+5) is first calculated to obtain a first calculated address, and the first calculated address may also be understood as the instruction start address of the next instruction after the call instruction, and the first calculated address is usually in hexadecimal format.
And step two, subtracting the first calculation address from the function address of the repair function to obtain the instruction offset corresponding to the repair function.
The instruction offset can be understood as an offset corresponding to the jump to the repair function by calling the instruction; in practical implementation, the function address of the repair function may be subtracted from the first calculation address to obtain an instruction offset corresponding to the repair function; that is, the instruction offset 0x445565FB ═ 0xfffffff 55667788- (0 xfffffffff 11111188+ 5).
And step three, determining a first expected instruction sequence of the first calling instruction based on the instruction offset.
In practical implementation, the data storage mode in the Linux kernel memory is usually a small-end mode storage, and the small-end mode can be understood that a high byte of data is stored in a high address of the memory, and a low byte of data is stored in a low address of the memory, so according to the instruction offset obtained by the above calculation, the expected instruction sequence of the call instruction after hot patching can be determined to be 0x E8 FB 655544, where 0x represents hexadecimal, E8 corresponds to a call instruction, the called function is different, the following four bytes are usually different, the instruction offset is also different, and the purpose of hot patching is to expect that an actual repair function in the hot patch needing to be called is called by dynamically adjusting the following four bytes.
Before the target function is usually repaired, the original first expected instruction sequence of the first call instruction before the current function is repaired may also be determined; when calculating the original first expected instruction sequence, the same first instruction start address and first instruction length as those in the above step one are adopted, and the calculation method may be as follows: subtracting the first calculation address calculated in the first step from the function address of the target function to obtain the instruction offset corresponding to the target function; determining an original first expected instruction sequence before hot patching based on the instruction offset corresponding to the target function; assuming that the function address of the target function before repair is 0xfffffff 22334488, the instruction offset 0x112232FB corresponding to the target function is 0xfffffff 22334488- (0 xfffffffff 11111188+ 5); according to the instruction offset corresponding to the target function, the original first expected instruction sequence of the first calling instruction before hot patching can be determined to be 0x E8 FB 322211.
In step S304, after the target function is repaired, a first actual instruction sequence of the first call instruction is queried.
Specifically, the step S304 can be implemented by the following steps four to seven:
and writing the first instruction starting address into the first operation object, triggering a write-back transfer function corresponding to the first operation object, converting the first instruction starting address into a first instruction starting address in a preset format, and storing the first instruction starting address in the memory.
The first operation object may be a begin operation object, or may be another operation object capable of realizing the same function as the begin operation object; the preset format is generally a binary format; for convenience of description, taking the first operation object as a begin operation object as an example, the begin operation object usually corresponds to a memory start address of information to be read, such as the first instruction start address of the first call instruction; the begin operation object is created by designating writable and readable authority, if only the readable authority is set for the begin operation object, but the writable authority is not set, the content in the begin operation object can only be read, the content in the begin operation object cannot be set, if the writable authority is set at the same time, the start address in the begin operation object can be set, and the start address can also be read.
The begin operation object is generally provided with a corresponding write callback function and a corresponding read callback function, wherein the write-back callback function can convert the address in the hexadecimal format into the address in the binary format and store the address in the memory of the kernel space; reading back the calling function can realize that the address in the binary format stored in the kernel space memory is converted into the address in the hexadecimal format for returning.
In practical implementation, when the objective function is repaired, after the first instruction start address in the hexadecimal format is written into the begin operand, if "echo 0xfffffff 11111188> begin # sets the instruction start address that needs to be queried," a writeback function number corresponding to the begin operand is usually triggered, and the writeback function number converts the first instruction start address in the hexadecimal format into the first instruction start address in the binary format and stores the first instruction start address in the memory of the kernel space, where the echo command may be used in a place that needs to be annotated to be seen by a user in some batch commands, and may play a role of displaying or annotating.
And fifthly, writing the first instruction length into a second operation object, triggering a write-back transfer function corresponding to the second operation object, converting the first instruction length into the first instruction length in a preset format, and storing the first instruction length in a memory.
The second operation object may be a len operation object, or may be another operation object that can realize the same function as the len operation object; the preset format is also generally a binary format; for convenience of description, taking the second operation object as a len operation object as an example, the len operation object generally corresponds to the length of information to be read, such as the first instruction length of the first call instruction; the len operand is typically created with the specification of writable, readable rights; the len operation object is generally provided with a corresponding write callback function and a corresponding read callback function, wherein the write-back callback function can convert the information length in the hexadecimal format into the information length in the binary format and store the information length in the memory of the kernel space; the read-back transfer function can realize the conversion of the information length in the binary format stored in the kernel space memory into the information length in the hexadecimal format for returning; in practical implementation, after the instruction length in the hexadecimal format is written into a len operand, if "echo 0x5> len # sets the length of information to be queried," a write-back function number corresponding to the len operand is usually triggered, and the write-back function number converts the first instruction length in the hexadecimal format into the first instruction length in the binary format and stores the first instruction length in the memory of the kernel space.
And step six, triggering a write-back transfer function corresponding to the third operation object, starting from the first instruction initial address in the preset format, reading the instruction sequence in the preset format according to the first instruction length in the preset format, and converting the instruction sequence in the preset format into a first actual instruction sequence.
The third operation object may be a read operation object, or may be another operation object capable of realizing the same function as the read operation object; the preset format is also generally a binary format; for convenience of description, the third operation object is taken as an example of a read operation object, and the read operation object is generally used for triggering an information reading action. The read operation object is generally specified with writable rights when being created; the read operation object is generally provided with a corresponding write-back function number, the write-back function number can convert data in a len-length binary format from a begin corresponding address in a kernel address space into data in a hexadecimal format, and the data is printed and output to a log file through a kernel existing function printk, wherein the printk can be understood as a function which runs in a kernel and outputs and displays the function to a console or the log file; in actual implementation, preset information can be written into the read operation object, namely, a write-back transfer function of the read operation object can be triggered; as 1 which can be written in hexadecimal format, i.e., "echo 0x1> read # triggers a callback function, reads the specified information"; the write-back transfer function number of the read operation object may be obtained by starting from the first instruction start address in binary format in the kernel memory according to the first instruction start address and the first instruction length set in the above steps, reading the instruction sequence in binary format that has been calculated in the memory according to the first instruction length in binary format, and converting the read instruction sequence in binary format into the first actual instruction sequence in hexadecimal format and displaying the first actual instruction sequence in byte unit.
And step seven, inquiring the first actual instruction sequence.
And inquiring the first actual instruction sequence of the hexadecimal format of the first calling instruction.
Before the target function is usually repaired, the original first actual instruction sequence of the first call instruction may also be queried and recorded, which is mainly used as a backup to confirm that the target function is to be called, and may be used by comparison after hot patching; according to the processes of the fourth step to the seventh step, the original first actual instruction sequence corresponding to the target function and the repair function before being repaired can be queried, the queried original first actual instruction sequence should be the same as the original first expected instruction sequence, and the queried original first actual instruction sequence should be 0 xffffffffffff 22334488 even if the function address of the target function before being repaired is 0 xffffffffffff 11111188 and the first instruction length is 5Byte, then the queried original first actual instruction sequence should be 0x E8 FB 322211.
In step S306, if the first expected instruction sequence matches the first actual instruction sequence, it is determined that the hot patch is valid.
For example, taking the first call instruction as a call instruction, the first instruction start address of the call instruction is 0 xfffffffff 11111188, the first instruction length is 5Byte, and the function address of the repair function is 0 xfffffffff 55667788 as an example, the first expected instruction sequence is 0x E8 FB 655544, if the first actual instruction sequence is different from the first expected instruction sequence, it indicates that the hot patching is not successfully performed, the hot patching is invalid, and the hot patching function is not correct; if the first actual instruction sequence found is 0x E8 FB 655544, which is the same as the first expected instruction sequence, it indicates that the hot patch was successfully applied and the hot patch is valid.
According to another hot patch testing method provided by the embodiment of the invention, according to a first instruction starting address, a first instruction length and a function address of a repair function, an instruction offset corresponding to the repair function is obtained, and a first expected instruction sequence of a first call instruction is further determined; respectively writing a first instruction starting address and a first instruction length into a corresponding first operation object and a corresponding second operation object, respectively converting the first instruction starting address and the first instruction length into preset formats through corresponding write-back transfer functions, storing the preset formats into a memory, reading a first actual instruction sequence by triggering the write-back transfer functions corresponding to a third operation object, and determining that a hot patch is effective if a first expected instruction sequence is matched with the first actual instruction sequence. The method can inquire static information related to the hot patch, such as an instruction starting address, an instruction length, a function address and the like, and verify whether an instruction sequence of a calling instruction is correct or not, so as to determine whether the hot patch is effective or not; the method can detect new bugs introduced into the hot patch due to reasons such as the function loss of the hot patch tool and the like, and improves the effectiveness and reliability of the hot patch; meanwhile, compared with a testing mode for reproducing the original vulnerability in the prior art, the method can effectively reduce the cost for verifying the hot patch function.
The embodiment of the invention also provides another hot patch testing method, which is realized on the basis of the method of the embodiment; the method mainly describes a specific process for determining the effectiveness of the hot patch, and specifically corresponds to the following steps S406 to S408, as shown in fig. 4, the method includes the following steps:
step S402, acquiring a first expected instruction sequence and a first actual instruction sequence of a first call instruction after a target function is repaired based on a first instruction starting address and a first instruction length of the first call instruction and a function address of a repair function in a preset hot patch; the first call instruction is used for indicating to call a target function or a repair function; the hot patch is used to repair the target function.
Step S404, if the first expected instruction sequence is matched with the first actual instruction sequence, whether a second call instruction is included in the repair function is judged.
Step S406, if the repair function includes a second call instruction, acquiring a second expected instruction sequence and a second actual instruction sequence of the second call instruction after the target function is repaired based on a second instruction start address and a second instruction length of the second call instruction and a function address of the first function; and the repair function is used for calling the first function through the second calling instruction.
The second call instruction can be understood as an instruction which can execute calling other subprograms, such as a call instruction; the second instruction start address may be understood as an address of the first instruction in the second call instruction, and the second instruction start address is usually expressed in a hexadecimal format; the second instruction length may be understood as a byte length of the second call instruction; the first function may be understood as a function that the repair function needs to call in the execution process, and the number of the first function may be one, may be multiple, and may be specifically set according to actual requirements; the function address of the first function is also typically represented in hexadecimal format.
In practical implementation, before the target function is repaired, other functions may need to be called in the execution process of the target function, such as the first function, and after the target function is repaired, the obtained repair function also needs to call the first function; if a first function needs to be called, a second call instruction corresponding to the first function is usually included in the instruction corresponding to the repair function, so that the first function is called through the second call instruction; determining a second expected instruction sequence and a second actual instruction sequence of the second call instruction based on a second instruction starting address and a second instruction length of the second call instruction and a function address of the first function, wherein the second expected instruction sequence can ensure that the second call instruction in the repair function can be correctly called to the first function; the second actual instruction sequence may be understood as a real instruction sequence of a second call instruction in the repair function obtained by actual operation calculation in the kernel memory.
In step S408, if the second expected instruction sequence matches the second actual instruction sequence, it is determined that the hot patch is valid.
During actual implementation, after the target function is repaired, a second actual instruction sequence obtained by actual operation calculation in the kernel memory may be matched with a second expected instruction sequence or may not be matched with the second expected instruction sequence, and if the second actual instruction sequence is not matched with the second expected instruction sequence, it is usually indicated that a hot patch is not normally applied, the hot patch is invalid, and the function of the corresponding hot patch is also incorrect; if the second actual instruction sequence matches the second expected instruction sequence, it indicates that the repair function can be correctly called to the first function through the second call instruction, indicating that the hot patch is normally applied, and it can be determined that the hot patch is valid.
In another hot patch testing method provided by the embodiment of the present invention, a first expected instruction sequence and a first actual instruction sequence of a first call instruction after a target function is repaired are obtained based on a first instruction start address and a first instruction length of the first call instruction and a function address of a repair function in a preset hot patch; if the first expected instruction sequence is matched with the first actual instruction sequence and the repair function comprises a second call instruction, acquiring a second expected instruction sequence and a second actual instruction sequence of the second call instruction after the target function is repaired based on a second instruction starting address and a second instruction length of the second call instruction and a function address of the first function; if the second expected sequence of instructions matches the second actual sequence of instructions, it is determined that the hot patch is in effect. The method can inquire static information related to the hot patch, such as an instruction starting address, an instruction length, a function address and the like, and verify whether an instruction sequence of a calling instruction is correct or not, so as to determine whether the hot patch is effective or not; the method can detect new bugs introduced into the hot patch due to reasons such as the function loss of the hot patch tool and the like, and improves the effectiveness and reliability of the hot patch; meanwhile, compared with a testing mode for reproducing the original vulnerability in the prior art, the method can effectively reduce the cost for verifying the hot patch function.
The embodiment of the invention also provides another hot patch testing method, which is realized on the basis of the method of the embodiment; the method mainly describes a specific process for determining whether the function of the hot patch is correct, and specifically corresponds to the following steps S506 to S508, in the method, a first call instruction is included in an instruction corresponding to a second function; the second function is used for calling the target function or the repair function through the first calling instruction; as shown in fig. 5, the method includes the steps of:
step S502, acquiring a first expected instruction sequence and a first actual instruction sequence of a first call instruction after a target function is repaired based on a first instruction starting address and a first instruction length of the first call instruction and a function address of a repair function in a preset hot patch; the first call instruction is used for indicating to call a target function or a repair function; the hot patch is used to repair the target function.
In step S504, if the first expected instruction sequence matches the first actual instruction sequence, it is determined that the hot patch is valid.
Step S506, a second function is called to obtain an output result of the second function.
The second function may be understood as a function that needs to call a target function or a repair function through the first call instruction, and specifically, before the target function is repaired, the second function may call the target function through the first call instruction, and after the target function is repaired, the second function may call the repair function through the first call instruction; in actual implementation, if the target function is repaired, the first actual instruction sequence obtained by actual operation calculation in the kernel memory is matched with the first expected instruction sequence, which indicates that the hot patch is normally applied, and then the second function can be called to obtain an output result of the second function.
Specifically, the step S506 can be implemented by the following steps eight to twelve:
step eight, inquiring the function address of the second function, and calling the number of parameters needing to be transferred by the second function.
In actual implementation, the number of parameters to be transferred for calling the second function may be obtained from the pre-obtained source code, for example, if the function of the second function is to calculate the sum of two parameters, the number of the queried parameters to be transferred is 2; in practical implementation, the parameter number is usually expressed in hexadecimal format, and the number of parameters to be passed by a function call can be written in the para _ cnt operand, for example, "echo 0x2> para _ cnt # sets the parameter number to 2"; the creation of the para _ cnt operand typically specifies writeable, readable rights; the para _ cnt operation object is generally provided with a corresponding write callback function and a read callback function, wherein the write callback function can convert the parameter number in the hexadecimal format into the parameter number in the binary format and store the parameter number in the memory of the kernel space; the read-back transfer function can realize the conversion of the number of the parameters in the binary format stored in the kernel space memory into the number of the parameters in the hexadecimal format and return the number of the parameters; when the hexadecimal parameter number is written into the para _ cnt operand, a write-back function number corresponding to the para _ cnt operand is usually triggered, and the write-back function number converts the hexadecimal parameter number into a binary parameter number and stores the binary parameter number in the memory of the kernel space.
And step nine, acquiring parameters needing to be transferred when the second function is called based on the number of the parameters.
In practical implementation, the parameters are usually expressed in a hexadecimal format, based on the number of the parameters, the parameters to be called of the second function can be obtained, and if a plurality of parameters are preset, the parameters meeting the number of the parameters are selected to be determined as the parameters to be called from the first parameter in the plurality of parameters; for example, if three parameters, which are 1, 2, and 3 respectively, are preset, and the number of the parameters to be called by the second function is 2, the first two parameters, i.e., 1 and 2, of the three parameters may be determined as the parameters to be called by the second function.
And step ten, writing the function address into a fourth operation object, triggering a write-back transfer function corresponding to the fourth operation object, converting the function address into a function address with a preset format, and storing the function address into a memory.
The fourth operation object may be a func _ addr operation object, or may be another operation object capable of realizing the same function as the func _ addr operation object; the preset format is also generally a binary format; for convenience of description, taking the fourth operation object as a func _ addr operation object as an example, the func _ addr operation object usually corresponds to a called function address, such as the function address of the second function; the func _ addr operation object is created, and writable and readable rights are usually specified; the func _ addr operation object is generally provided with a corresponding write callback function and a read callback function, wherein the write callback function can convert a function address in a hexadecimal format into a function address in a binary format and store the function address in a memory of a kernel space. Reading back the calling function can realize that the function address in the binary format stored in the kernel space memory is converted into the function address in the hexadecimal format to be returned. When the function address of the hexadecimal target function is written into the func _ addr operand, a write-back function number corresponding to the func _ addr operand is usually triggered, and the write-back function number converts the function address of the hexadecimal target function into a function address of the binary target function and stores the function address in the memory of the kernel space.
And step eleven, writing the parameters into a fifth operation object, triggering a write-back transfer function corresponding to the fifth operation object to convert the parameters into the parameters in the preset format, and storing the parameters into the memory.
The fifth operand may be a para operand or another operand that can realize the same function as the para operand; the preset format is also generally a binary format; the number of the parameters may be one or more, and if there are a plurality of parameters, each parameter generally corresponds to a fifth operation object, that is, the fifth operation object correspondingly includes a plurality of parameters; for example, if the number of parameters is three, the corresponding fifth operands may be para _1, para _2, and para _ 3.
If the number of the parameters comprises a plurality of parameters; if the fifth operation object includes a plurality of operation objects, the eleventh step further includes: and writing the parameters into a fifth operation object corresponding to the parameters aiming at each parameter, triggering a write-back transfer function corresponding to the fifth operation object corresponding to the parameters so as to convert the parameters into the parameters in a preset format, and storing the parameters in a memory.
For convenience of illustration, taking the fifth operand as a para operand as an example, parameters to be passed by a function call can be written in the para operand, such as "echo 0x1> para1# setting function call parameter 1; echo 0x2> para2# sets the function call parameter 2 ". The creation of the para operation object will typically specify writeable, readable rights; the para operation object is generally provided with a corresponding write callback function and a corresponding read callback function, wherein the write-back callback function can convert the parameter in the hexadecimal format into the parameter in the binary format and store the parameter in the memory of the kernel space; reading back the calling function can realize that parameters in binary format stored in the kernel space memory are converted into parameters in hexadecimal format to be returned. When a hexadecimal parameter is written into a para operand, a write-back function corresponding to the para operand is usually triggered, and the write-back function converts the hexadecimal parameter into a binary parameter and stores the binary parameter in a memory of a kernel space.
And step twelve, calling a second function based on the function address in the preset format and the parameter in the preset format to obtain an output result of the second function.
Specifically, the step twelve can be realized by the following steps a to B:
and step A, triggering a write-back call function corresponding to the sixth operation object to call a second function based on the function address in the preset format.
The sixth operation object may be a call operation object, or may be another operation object that can realize the same function as the call operation object; for convenience of explanation, the sixth operand is taken as a call operand, and the call operand can be used to trigger an analog function call. The call operand is typically created by specifying writeable rights; the call operation object is generally provided with a corresponding write-back transfer function, and the write-back transfer function realizes indirect call to a specified function address; in actual implementation, the second function may be called by triggering a write-back call function corresponding to the call operation object, where an address when the second function is called is the same as an address of the second function before the target function is repaired; for example, if the address of the function Func _ add of the second function is 0xFFFFFFFF11111180, after the target function is repaired, the second function is still called through the address, and it is determined whether the bug in the target function is repaired.
And B, obtaining an output result of the second function based on the parameters in the preset format.
This step B can be realized by the following steps 50 to 52:
and 50, inputting the parameters in the preset format into the second function to obtain an output result in the preset format of the second function.
The preset format is usually a binary format; in practical implementation, the parameters meeting the number of the parameters in the preset format can be transferred to the second function through a sixth operation object, such as a call operation object, so as to obtain an output result of the second function in the preset format; for example, if the function of the second function is to calculate the sum of two parameters, and the obtained parameters are 1 and 2, then 1 and 2 in the binary format are input to the second function, and the output result in the binary format is obtained.
And step 51, assigning the output result in the preset format to a seventh operation object.
And step 52, triggering the read back transfer function corresponding to the seventh operation object to convert the output result in the preset format into the output result of the second function.
The seventh operation object may be a ret _ value operation object, or another operation object capable of realizing the same function as the ret _ value operation object; for convenience of description, taking the seventh operation object as a ret _ value operation object as an example, the ret _ value operation object usually corresponds to a function return value; the ret _ value operand is typically created with non-writable, readable rights specified; the ret _ value operand is typically provided with a corresponding readback function that may enable the conversion of a binary format return value to a hexadecimal format return value. In practical implementation, the output result in the binary format is usually assigned to a memory corresponding to the ret _ value operand, a read back function corresponding to the ret _ value operand is triggered to convert the output result in the binary format into an output result of a second function, the output result of the second function is usually an output result in a hexadecimal format, and the output result in the hexadecimal format is obtained by reading the ret _ value operand.
For example, if para _ cnt is set to 3, the corresponding call format is: ret _ value is func _ addr (para _1, para _2, para _ 3); if para _ cnt is set to 5, the corresponding call format is: the ret _ value is func _ addr (para _1, para _2, para _3, para _4, para _ 5).
In step S508, it is determined whether the function of the hot patch is correct based on the output result.
In practical implementation, it may be determined whether the hot-patch function is correct based on the obtained output result of the second function, for example, if the output result of the second function matches the expected calculation result, it indicates that the hot-patch function is correct; if the output result of the second function does not match the expected computation result, the hot patch function is not correct.
Generally, before the target function is repaired, an original output result of the second function before the target function is repaired may be determined, a function address of the called second function may be written in the func _ addr operation object, the number and parameters of the parameters required for calling the second function before the target function is repaired are the same as those required for calling the second function after the target function is repaired, for example, the function of the second function is referred to calculate the sum of the two parameters, the number of the parameters required for the second function is also two, and assuming that the two parameters are 1 and 2 respectively, the original output result of the second function is obtained by referring to the above steps, and if the calculation result is 5.
Specifically, the step S508 can be implemented by the following steps thirteen to fourteen:
and thirteen, determining the expected calculation result of the second function based on the parameters.
The expected calculation result can be understood as a correct calculation result which should be obtained after the parameters are transferred to the second function; for example, if the function of the second function is to calculate the sum of two parameters, when the called parameters are 1 and 2, the expected calculation result should be 3.
And step fourteen, if the output result is matched with the expected calculation result, determining that the function of the hot patch is correct.
In actual implementation, after the parameters are transferred to the second function, an output result obtained by actually running calculation in the kernel memory may be matched with an expected calculation result or may not be matched with the expected calculation result, and if the output result of the second function is matched with the expected calculation result, the hot patch function is correct; if the output result of the second function does not match the expected computation result, the hot patch function is not correct.
In another hot patch testing method provided by the embodiment of the present invention, a first expected instruction sequence and a first actual instruction sequence of a first call instruction after a target function is repaired are obtained based on a first instruction start address and a first instruction length of the first call instruction and a function address of a repair function in a preset hot patch; if the first expected instruction sequence matches the first actual instruction sequence, determining that the hot patch is valid, calling a second function, and determining whether the function of the hot patch is correct based on the obtained output result. The method can inquire static information related to the hot patch, such as an instruction starting address, an instruction length, a function address and the like, and verify whether an instruction sequence of a calling instruction is correct or not, so as to determine whether the hot patch is effective or not; the method can detect new bugs introduced into the hot patch due to reasons such as the function loss of the hot patch tool and the like, and improves the effectiveness and reliability of the hot patch; meanwhile, compared with a testing mode for reproducing the original vulnerability in the prior art, the method can effectively reduce the cost for verifying the hot patch function.
For further understanding of the foregoing embodiments, another hot patch testing method is provided below, where in actual implementation, the hot patch testing method may be implemented by using a hot patch-based test auxiliary tool, and specifically, a targeted test auxiliary tool may be developed according to actual flow and technical implementation details of hot patch manufacturing by using a kpatch tool, where the targeted test auxiliary tool corresponds to different test function modules, and each test function module may specifically test a processing result of each key technical processing link in the kpatch hot patch manufacturing process on the basis of a kobject (core part of a Linux device drive model, which may be embedded into a device and a structure related to a drive) framework, so as to check correctness of the processing result; the kobject framework can provide an operation interface for a user mode, the operation object generally has corresponding read-write attributes, whether the operation object is readable and/or writable can be set when the operation object is created, a corresponding read callback function and/or a write-back callback number are set, the operation object is read and written through a root authority, the root authority is the highest authority which the user mode has, the user mode cannot read the content in the kernel at any time, the callback function works in the kernel mode, the operation which the user mode cannot complete without authority can be completed, and the data sources are considered to be different, so that the read callback function and the write-back callback number between different operation objects are generally different, and the interaction of the operation object and the data of the kernel memory is realized based on the corresponding callback function.
Different test function modules can be compiled into kernel modules (ko for short) so as to be used or transplanted in different kernel versions, wherein the kernel module file can move some functions of the kernel to the outside of the kernel, can be inserted into the kernel when needed, and can be unloaded when not needed.
The test auxiliary tool mainly comprises two test function modules, namely an information query module and a kernel function simulation calling module, wherein the information query module can query irregular binary information in a kernel, such as kernel instruction sequences or data, and can also query information with a fixed format, such as memory addresses with an address format of 8 bytes, and the stored structural body can be judged in advance before reading according to the fixed format.
When the information query module is installed in the kernel, the kobject framework may be used to create three operable objects, which are a begin operation object (corresponding to the first operation object), a len operation object (corresponding to the second operation object), and a read operation object (corresponding to the third operation object), respectively; when the kernel function simulation calling module is installed in the kernel, five types of operable objects can be created by using the kobject framework, which are respectively a func _ addr operation object (corresponding to the fourth operation object), a para _ cnt operation object, a para operation object (corresponding to the fifth operation object), a call operation object (corresponding to the sixth operation object), and a ret _ value operation object (corresponding to the seventh operation object), where the number of para operation objects may be multiple.
For convenience of description, assume that the address of the original function call instruction is 0xfffffff 11188 (corresponding to the first instruction start address), the instruction code of call is 0xE8, the instruction length is 5Byte (corresponding to the first instruction length), the function address of the target function before repair is 0 xfffffffffff 22334488, and the function address of the repair function is 0 xfffffffff 55667788; the instruction sequence before hot patching is: 0x E8 FB 322211; where the instruction offset 0x112232FB is 0xFFFFFFFF22334488- (0xFFFFFFFF11111188+ 5). The hot patched instruction sequence is as follows: 0x E8 FB 655544; where the instruction offset 0x445565FB is 0 xfffffffff 55667788- (0 xfffffffff 11111188+ 5).
Therefore, whether the hot patch is expected to be applied or not can be judged by comparing the instruction sequence change before and after the hot patch is applied, if the hot patch is expected to be applied successfully, the hot patch is effective, and whether the hot patch function is correct or not can be continuously verified; if not, the hot patch is not successfully applied, and the hot patch is not effective.
The test pseudo code written using the test assistant tool may be expressed as follows:
s1, before hot patching, inquiring and recording the original instruction sequence;
# calculate pre-hot-patch instruction sequence, expected to be 0x E8 FB 322211;
echo 0xFFFFFF 11111188> begin # sets the instruction starting address to be queried;
echo 0x5> len # sets the length of the instruction to be queried;
echo 0x1> read # triggers a callback function, and reads the specified information;
# the sequence of instructions queried here should be "0 x E8 FB 322211";
s2, hot patching;
s3, after the hot patch is printed, the instruction sequence is inquired again by using the instruction starting address and the instruction starting length which are set in the S1;
# sequence of instructions after calculation of the hot patch, expected to be "0 x E8 FB 655544";
echo 0x1> read # reread instruction sequence;
the instruction sequence resulting from the # query should be "0 x E8 FB 655544";
s4, judging whether the expected hot patching instruction sequence (corresponding to the first expected instruction sequence) is consistent with the actually inquired hot patching instruction sequence (corresponding to the first actual instruction sequence), if so, proving that the hot patching is successfully performed, and confirming that the hot patching is effective; if the hot patch is inconsistent with the hot patch, the hot patch is proved to be not successfully printed, the hot patch is not valid, and the corresponding hot patch has wrong functions.
According to the methods of S1-S4, it is possible to precisely test and verify whether other function calls are expected before and after hot patching.
The following provides a process for verifying function by using an analog function call module, which can further determine whether the function of the hot patch is correct by verifying the function; for convenience of explanation, assume that the address of Func _ add of the original call function FuncA (corresponding to the second function) is 0xffffff 11111180, the expected function of the original call function Func _ add is to calculate the sum of two parameters, and assume that the two parameters are 1 and 2, since there is a bug in the function FuncA, the calculation result is incorrect, and the error result is assumed to be 5. It is expected that by hot patching it should be possible to correct the error in the function FuncA, and calling again can lead to the correct result 3.
The pseudo code for function verification using the simulated function call module may be expressed as:
s5, before hot patching, setting the address, the number of parameters and the parameters of the function to be tested;
echo 0xFFFFFF 11111111180 > Func _ addr # sets the original function Func _ addr address
The number of parameters is set to be 2 for echo 0x2> para _ cnt #;
echo 0x1> para1# sets function call parameter 1;
echo 0x2> para2# sets function call parameter 2;
s6, triggering a preset callback function (corresponding to the write-back call function corresponding to the sixth operation object), where the callback function calls a Func _ add function, and further calls a FuncA containing bug, so as to obtain an erroneous calculation result.
echo 0x1> call # triggers a function call;
the cat _ value # is expected to yield the wrong calculation result 5;
and S7, hot patching. The hot patch modifies the call to FuncA containing bug in the original call function Func _ Adder into FuncA after bug is repaired in the call hot patch.
S8, after the hot patch is applied, triggering the preset callback function again (the callback function is still according to the function address, the number of parameters, and the parameters set in the step S5), and this function call will call the FuncA function with the bug repaired in the hot patch, and it is expected that a correct calculation result should be obtained.
echo 0x1> call # triggers a function call;
the cat _ value # is expected to get the correct calculation result 3;
s9, it is compared whether the expected calculation result (corresponding to the expected calculation result) is consistent with the actual calculation result (corresponding to the output result of the second function). If the hot patching function is consistent with the hot patching function, the hot patching function is correct, otherwise, the hot patching function is wrong.
Through the two test function modules, the related static information in the hot patch can be inquired, such as information of name, size, address and the like; verifying whether the instruction sequence corresponding to the code is in accordance with expectation; and a dynamic calling mode can also be used for simulating and calling the code originally containing the bug and verifying whether the function of the code is in accordance with the expectation. For the problem of hot patch test that bug is difficult to reproduce and the coverage rate of test cases is low, the tool can be used for more direct and accurate test. And the advantages of the method are complementary with those of the current testing method, and the defects of the current testing method are overcome.
By the aid of the accurate testing function provided by the auxiliary testing tool, normal functions of the hot patch can be tested, problems that the hot patch tool cannot meet expectations in processing can be found according to expected results, the hot patch tool is prevented from being lack of functions and introducing new problems, the hot patch tool can be further improved in sequence, and new threats caused by hot patches can be effectively avoided.
In the test process of the test method, the test steps and the interactive commands are similar to the shell command line, so the interactive commands for testing can be organized into test scripts, and the test efficiency is improved.
As an alternative, the way to interact with the kernel may be more than one, and may be other than the framework provided by kobject, just other ways, which may increase the workload of tool development.
In the implementation of the kernel hot patch, the existing kobject framework in the Linux kernel is used, and the functional module is used for providing a user-mode operation interface, so that the installation, the uninstallation, the enabling and the disabling of the hot patch are realized, the related information of the hot patch can be inquired, and the management is convenient; in the above manner, the memory information query technology and the function indirect call technology are flexibly applied to the hot patch function test, so that new bugs introduced into the hot patch due to reasons such as function loss of a hot patch tool can be detected, and the effectiveness and reliability of the hot patch are improved; meanwhile, compared with a testing mode for reproducing the original vulnerability in the prior art, the method can effectively reduce the cost for verifying the hot patch function.
It should be noted that, the two test function modules in the auxiliary test tool generally have their corresponding test application scenarios, and may be used in cooperation with each other or with other test function modules. It should be noted that the auxiliary test tool is generally applied in a test scenario as a test tool, and is not generally applied in an online scenario.
Through verification, the hot patch testing mode can effectively improve the accuracy of hot patch testing, can help solve the problem that the kpatch hot patch is missing in jump _ table (jump table used for accelerating the searching, inserting and deleting operations of the linked list), can also improve the hot patch testing efficiency, reduce the hot patch manufacturing time and reduce the risk of hot patch manufacturing failure.
To further understand the above embodiment, another hot patch testing method is provided below, as shown in fig. 6, which includes a function a (corresponding to the above second function), a function B (corresponding to the above objective function), a function B' (corresponding to the above repair function), and a function C (corresponding to the above first function), wherein, the function B is a function containing bug, the function B' is a function after the hot patching is carried out on the function B, before hot patching function B, as shown by the dotted line in fig. 6, function B may be called by a call instruction in function a (corresponding to the first call instruction described above), function C may be called by a call instruction in function B (corresponding to the second call instruction described above), after the function C is executed, the instructions after the call instruction in the function B are continuously executed, after the function B is executed, continuing to execute the instruction behind the call instruction in the function A; before hot patching function B, the instruction sequence of the call instruction in function a represents the offset of the corresponding function B.
After the hot patch is applied to the function B, a function B ' is obtained, as shown by a solid line in fig. 6, the function B ' can be called by a call instruction in the function a, the function C can be called by a call instruction in the function B ', when the function C is executed, the instruction after the call instruction in the function B ' is continuously executed, and when the function B ' is executed, the instruction after the call instruction in the function a is continuously executed; after hot patching function B, the instruction sequence of the call instruction in function a represents the offset of the corresponding function B'. During actual implementation, an expected instruction sequence of the call instruction in the function A after the function B is repaired can be determined according to the instruction starting address and the instruction length of the call instruction in the function A and the function address of the function B'; after the function B is repaired, inquiring an actual instruction sequence of the call instruction in the function A, if the expected instruction sequence of the call instruction in the function A is matched with the actual instruction sequence, indicating that the function A can correctly call the function B ', verifying whether the expected instruction sequence of the call instruction in the function B' is matched with the actual instruction sequence in the same way, namely determining the expected instruction sequence of the call instruction in the function B 'after the function B is repaired according to an instruction starting address and an instruction length of the call instruction in the function B' and a function address of the function C; and after the function B is repaired, inquiring an actual instruction sequence of the call instruction in the function B ', and if an expected instruction sequence of the call instruction in the function B ' is matched with the actual instruction sequence, indicating that the function B ' can correctly call the function C and determining that the hot patch is effective. It should be noted that, after the function B is hot-patched to obtain the function B', the function B itself is not modified, but is not used any more.
An embodiment of the present invention provides a schematic structural diagram of a device for testing a hot patch, as shown in fig. 7, the device includes: an obtaining module 70, configured to obtain a first expected instruction sequence and a first actual instruction sequence of a first call instruction after a target function is repaired, based on a first instruction start address and a first instruction length of the first call instruction and a function address of a repair function in a preset hot patch; the first call instruction is used for indicating to call a target function or a repair function; the hot patch is used for repairing the target function; a determination module 71 for determining that the hot patch is valid if the first expected sequence of instructions matches the first actual sequence of instructions.
According to the device for testing the hot patch provided by the embodiment of the invention, a first expected instruction sequence and a first actual instruction sequence of a first call instruction are obtained after a target function is repaired based on a first instruction starting address and a first instruction length of the first call instruction and a function address of a repair function in a preset hot patch; if the first expected sequence of instructions matches the first actual sequence of instructions, it is determined that the hot patch is in effect. The device can inquire static information related to the hot patch, such as an instruction starting address, an instruction length, a function address and the like, and verify whether an instruction sequence of a calling instruction is correct or not, so that whether the hot patch is effective or not is determined; the device can detect new bugs introduced into the hot patch due to reasons such as the function loss of the hot patch tool and the like, and improves the effectiveness and reliability of the hot patch; meanwhile, compared with a testing mode for reproducing the original vulnerability in the prior art, the method can effectively reduce the cost for verifying the hot patch function.
Further, the obtaining module 70 is further configured to: determining a first expected instruction sequence of the first call instruction after the target function is repaired based on a first instruction starting address and a first instruction length of the first call instruction and a function address of a repair function; after the target function is repaired, a first actual instruction sequence of the first call instruction is queried.
Further, the obtaining module 70 is further configured to: calculating the sum of the first instruction starting address and the first instruction length to obtain a first calculation address; subtracting the first calculation address from the function address of the repair function to obtain the instruction offset corresponding to the repair function; based on the instruction offset, a first expected instruction sequence of the first call instruction is determined.
Further, the obtaining module 70 is further configured to: writing a first instruction starting address into a first operation object, triggering a write-back transfer function corresponding to the first operation object, converting the first instruction starting address into a first instruction starting address in a preset format, and storing the first instruction starting address in a memory; writing the first instruction length into a second operation object, triggering a write-back transfer function corresponding to the second operation object, converting the first instruction length into a first instruction length with a preset format, and storing the first instruction length into a memory; triggering a write-back transfer function corresponding to the third operation object, starting from a first instruction starting address in a preset format, reading an instruction sequence in the preset format according to a first instruction length in the preset format, and converting the instruction sequence in the preset format into a first actual instruction sequence; the first actual sequence of instructions is queried.
Further, the determining module 71 is further configured to: if the repair function comprises a second call instruction, acquiring a second expected instruction sequence and a second actual instruction sequence of the second call instruction after the target function is repaired based on a second instruction starting address and a second instruction length of the second call instruction and a function address of the first function; the repair function is used for calling the first function through the second calling instruction; if the second expected sequence of instructions matches the second actual sequence of instructions, it is determined that the hot patch is in effect.
Further, the first call instruction is contained in an instruction corresponding to the second function; the second function is used for calling the target function or the repair function through the first calling instruction; the apparatus is also configured to: calling a second function to obtain an output result of the second function; determining whether the function of the hot patch is correct based on the output result.
Further, the apparatus is further configured to: inquiring the function address of the second function, and calling the number of parameters to be transferred of the second function; acquiring parameters needing to be transferred for calling a second function based on the number of the parameters; writing the function address into a fourth operation object, triggering a write-back function-calling number corresponding to the fourth operation object to convert the function address into a function address with a preset format, and storing the function address into a memory; writing the parameters into a fifth operation object, triggering a write-back transfer function corresponding to the fifth operation object to convert the parameters into parameters in a preset format, and storing the parameters into a memory; and calling the second function based on the function address in the preset format and the parameter in the preset format to obtain an output result of the second function.
Further, the number of the parameters comprises a plurality of parameters; the fifth operation object comprises a plurality of objects; the apparatus is also configured to: and writing the parameters into a fifth operation object corresponding to the parameters aiming at each parameter, triggering a write-back transfer function corresponding to the fifth operation object corresponding to the parameters so as to convert the parameters into the parameters in a preset format, and storing the parameters in a memory.
Further, the apparatus is further configured to: triggering a write-back call function corresponding to the sixth operation object to call a second function based on the function address in the preset format; and obtaining an output result of the second function based on the parameter in the preset format.
Further, the apparatus is further configured to: inputting the parameters in the preset format into the second function to obtain an output result in the preset format of the second function; assigning the output result in the preset format to a seventh operation object; and triggering the read back tone function corresponding to the seventh operation object so as to convert the output result in the preset format into the output result of the second function.
Further, the apparatus is further configured to: inquiring the function address of the second function, and calling the number of parameters to be transferred of the second function; acquiring parameters needing to be transferred for calling a second function based on the number of the parameters; determining an expected calculation result of the second function based on the parameter; and if the output result is matched with the expected calculation result, determining that the hot patch has correct function.
The implementation principle and the generated technical effect of the hot patch testing device provided by the embodiment of the invention are the same as those of the hot patch testing method embodiment, and for brief description, corresponding contents in the hot patch testing method embodiment can be referred to where the hot patch testing device embodiment is not mentioned.
The embodiment of the present invention further provides a server, referring to fig. 8, the server includes a processor 130 and a memory 131, the memory 131 stores machine executable instructions capable of being executed by the processor 130, and the processor 130 executes the machine executable instructions to implement the hot patch testing method.
Further, the server shown in fig. 8 further includes a bus 132 and a communication interface 133, and the processor 130, the communication interface 133 and the memory 131 are connected through the bus 132.
The Memory 131 may include a high-speed Random Access Memory (RAM) and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 133 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, and the like can be used. The bus 132 may be an ISA bus, PCI bus, EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 8, but that does not indicate only one bus or one type of bus.
The processor 130 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 130. The Processor 130 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 131, and the processor 130 reads the information in the memory 131 and completes the steps of the method of the foregoing embodiment in combination with the hardware thereof.
Embodiments of the present invention further provide a machine-readable storage medium, where the machine-readable storage medium stores machine-executable instructions, and when the machine-executable instructions are called and executed by a processor, the machine-executable instructions cause the processor to implement the specific implementation of the hot patch test method may refer to method embodiments, which are not described herein again.
The method, the apparatus, and the computer program product for testing a hot patch provided in the embodiments of the present invention include a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute the method described in the foregoing method embodiments, and specific implementation may refer to the method embodiments, and will not be described herein again.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (14)

1. A method of testing a hot patch, the method comprising:
acquiring a first expected instruction sequence and a first actual instruction sequence of a first call instruction after a target function is repaired based on a first instruction starting address and a first instruction length of the first call instruction and a function address of a repair function in a preset hot patch; the first calling instruction is used for indicating to call the target function or the repair function; the hot patch is used for repairing the target function;
determining that the hot patch is valid if the first expected sequence of instructions matches the first actual sequence of instructions.
2. The method as claimed in claim 1, wherein the step of obtaining the first expected instruction sequence and the first actual instruction sequence of the first call instruction after the target function is repaired based on the first instruction start address and the first instruction length of the first call instruction and the function address of the repair function in the preset hot patch comprises:
determining a first expected instruction sequence of the first call instruction after the target function is repaired based on a first instruction starting address and a first instruction length of the first call instruction and a function address of the repair function;
and querying a first actual instruction sequence of the first calling instruction after the target function is repaired.
3. The method of claim 2, wherein the step of determining that the target function is repaired based on the first instruction start address and the first instruction length of the first call instruction and the function address of the repair function, and wherein the first expected instruction sequence of the first call instruction comprises:
calculating the sum of the first instruction starting address and the first instruction length to obtain a first calculation address;
subtracting the first calculation address from the function address of the repair function to obtain the instruction offset corresponding to the repair function;
based on the instruction offset, a first expected instruction sequence of the first call instruction is determined.
4. The method of claim 2, wherein querying the first actual sequence of instructions of the first call instruction after the target function is repaired comprises:
writing the first instruction starting address into a first operation object, triggering a write-back transfer function corresponding to the first operation object, converting the first instruction starting address into a first instruction starting address in a preset format, and storing the first instruction starting address into a memory;
writing the first instruction length into a second operation object, triggering a write-back transfer function corresponding to the second operation object, converting the first instruction length into a first instruction length with a preset format, and storing the first instruction length into a memory;
triggering a write-back transfer function corresponding to a third operation object, starting from a first instruction starting address in the preset format, reading an instruction sequence in the preset format according to the first instruction length in the preset format, and converting the instruction sequence in the preset format into the first actual instruction sequence;
the first actual sequence of instructions is queried.
5. The method of claim 1, wherein the step of determining that the hot patch is in effect comprises:
if the repair function comprises a second call instruction, acquiring a second expected instruction sequence and a second actual instruction sequence of the second call instruction after the target function is repaired based on a second instruction starting address and a second instruction length of the second call instruction and a function address of the first function; the repair function is used for calling the first function through the second calling instruction;
determining that the hot patch is valid if the second expected sequence of instructions matches the second actual sequence of instructions.
6. The method of claim 1, wherein the first call instruction is included in an instruction corresponding to a second function; the second function is used for calling the target function or the repair function through the first calling instruction;
after the step of determining that the hot patch is valid, the method further comprises:
calling the second function to obtain an output result of the second function;
determining whether the function of the hot patch is correct based on the output result.
7. The method of claim 6, wherein invoking the second function to obtain the output result of the second function comprises:
inquiring the function address of the second function, and calling the number of parameters to be transferred of the second function;
acquiring parameters needing to be transferred for calling the second function based on the number of the parameters;
writing the function address into a fourth operation object, triggering a write-back transfer function corresponding to the fourth operation object, converting the function address into a function address with a preset format, and storing the function address into a memory;
writing the parameter into a fifth operation object, triggering a write-back transfer function corresponding to the fifth operation object to convert the parameter into a parameter with a preset format, and storing the parameter into a memory;
and calling the second function based on the function address in the preset format and the parameter in the preset format to obtain an output result of the second function.
8. The method of claim 7, wherein the number of parameters comprises a plurality; the fifth operation object comprises a plurality of objects;
the step of writing the parameter into a fifth operation object, triggering a write-back transfer function corresponding to the fifth operation object to convert the parameter into a parameter in a preset format, and storing the parameter in a memory includes:
and for each parameter, writing the parameter into a fifth operation object corresponding to the parameter, triggering a write-back transfer function corresponding to the fifth operation object corresponding to the parameter, converting the parameter into a parameter with a preset format, and storing the parameter in a memory.
9. The method according to claim 7, wherein the step of calling the second function based on the function address in the preset format and the parameter in the preset format to obtain the output result of the second function comprises:
triggering a write-back transfer function corresponding to a sixth operation object to call the second function based on the function address in the preset format;
and obtaining an output result of the second function based on the parameter of the preset format.
10. The method according to claim 9, wherein the step of obtaining the output result of the second function based on the parameter in the preset format comprises:
inputting the parameters of the preset format into the second function to obtain an output result of the preset format of the second function;
assigning the output result in the preset format to a seventh operation object;
and triggering the read back transfer function corresponding to the seventh operation object to convert the output result in the preset format into the output result of the second function.
11. The method of claim 6, wherein prior to the step of determining whether the functionality of the hot patch is correct based on the output result, the method further comprises:
inquiring the function address of the second function, and calling the number of parameters to be transferred of the second function; acquiring parameters needing to be transferred for calling the second function based on the number of the parameters;
the step of determining whether the function of the hot patch is correct based on the output result includes:
determining an expected calculation of the second function based on the parameter;
and if the output result is matched with the expected calculation result, determining that the function of the hot patch is correct.
12. An apparatus for testing a hot patch, the apparatus comprising:
the obtaining module is used for obtaining a first expected instruction sequence and a first actual instruction sequence of a first call instruction after a target function is repaired based on a first instruction starting address and a first instruction length of the first call instruction and a function address of a repair function in a preset hot patch; the first calling instruction is used for indicating to call the target function or the repair function; the hot patch is used for repairing the target function;
a determining module for determining that the hot patch is in effect if the first expected sequence of instructions matches the first actual sequence of instructions.
13. A server comprising a processor and a memory, the memory storing machine executable instructions executable by the processor to perform the method of testing a hot patch of any one of claims 1-11.
14. A machine-readable storage medium having stored thereon machine-executable instructions which, when invoked and executed by a processor, cause the processor to implement a method of testing a hot patch as claimed in any one of claims 1 to 11.
CN202010952783.9A 2020-09-11 2020-09-11 Thermal patch testing method, device and server Active CN112084112B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010952783.9A CN112084112B (en) 2020-09-11 2020-09-11 Thermal patch testing method, device and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010952783.9A CN112084112B (en) 2020-09-11 2020-09-11 Thermal patch testing method, device and server

Publications (2)

Publication Number Publication Date
CN112084112A true CN112084112A (en) 2020-12-15
CN112084112B CN112084112B (en) 2024-04-26

Family

ID=73737549

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010952783.9A Active CN112084112B (en) 2020-09-11 2020-09-11 Thermal patch testing method, device and server

Country Status (1)

Country Link
CN (1) CN112084112B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105786537A (en) * 2014-12-24 2016-07-20 中兴通讯股份有限公司 Hot patch realization method and device
US20180165458A1 (en) * 2016-12-12 2018-06-14 Baidu Online Network Technology (Beijing) Co., Ltd. Method and apparatus for repairing kernel vulnerability
WO2019047142A1 (en) * 2017-09-08 2019-03-14 深圳市汇顶科技股份有限公司 Method for program patching, device, micro control unit, and terminal device
CN109492406A (en) * 2018-11-15 2019-03-19 百度在线网络技术(北京)有限公司 Monitor the methods, devices and systems of kernel loophole attack

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105786537A (en) * 2014-12-24 2016-07-20 中兴通讯股份有限公司 Hot patch realization method and device
US20180165458A1 (en) * 2016-12-12 2018-06-14 Baidu Online Network Technology (Beijing) Co., Ltd. Method and apparatus for repairing kernel vulnerability
WO2019047142A1 (en) * 2017-09-08 2019-03-14 深圳市汇顶科技股份有限公司 Method for program patching, device, micro control unit, and terminal device
CN109492406A (en) * 2018-11-15 2019-03-19 百度在线网络技术(北京)有限公司 Monitor the methods, devices and systems of kernel loophole attack

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
文琪;江?越;张源;: "基于关键路径测试的安全补丁存在性检测", 计算机应用与软件, no. 03 *

Also Published As

Publication number Publication date
CN112084112B (en) 2024-04-26

Similar Documents

Publication Publication Date Title
US10261783B2 (en) Automated unpacking of portable executable files
CN109977008B (en) Method and terminal for making JS code depended on by application program compatible with native library
US11461472B2 (en) Automatic correctness and performance measurement of binary transformation systems
CN112416360B (en) Method, device and server for generating thermal patch
CN110688320B (en) Global variable detection method and device and terminal equipment
CN111666102A (en) File format conversion method, chip verification method, related device and network chip
CN112084112B (en) Thermal patch testing method, device and server
CN114428642B (en) Random instruction generation environment based on novel processor architecture
CN110096888B (en) Method and system for accelerating verification and analyzing SMM potential safety hazard
CN115167862A (en) Patch method and related equipment
CN112052112A (en) Bit flipping error detection method and device based on NOR Flash storage and storage medium
US7398513B2 (en) Method and system of detecting invalid function calls between segments in generating a computer program
CN112527657B (en) Method and equipment for automatic pile insertion in unit test
CN111310172B (en) Method and control unit for verifying processor execution traces by disassembling
US6782523B2 (en) Parallel configurable IP design methodology
US11294647B1 (en) Support apparatus and design support method
CN112527660B (en) Static detection method and device for codes
CN112631904A (en) Recording method and device of function call information
CN112631650A (en) Plug-in version information checking method, computing device and storage medium
CN115168911A (en) Method, apparatus and storage medium for providing security protection for function calls
CN117707966A (en) Interface testing method, device, equipment and storage medium based on flow playback
CN115729564A (en) Method for judging compatibility of native application to Linux Arm64
CN115757140A (en) Software compatibility testing method and device, storage medium and computer equipment
CN116467131A (en) ECC function verification method, device, medium and equipment of processor

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant