CN115017058B - Test method and device of kernel module, electronic equipment and storage medium - Google Patents
Test method and device of kernel module, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115017058B CN115017058B CN202210934369.4A CN202210934369A CN115017058B CN 115017058 B CN115017058 B CN 115017058B CN 202210934369 A CN202210934369 A CN 202210934369A CN 115017058 B CN115017058 B CN 115017058B
- Authority
- CN
- China
- Prior art keywords
- function
- jump
- instruction
- target
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
- G06F11/3644—Software debugging by instrumenting at runtime
Abstract
The present specification provides a method and an apparatus for testing a kernel module, an electronic device, and a storage medium, where in the method for testing a kernel module, when a target function of the kernel module is tested based on a dynamic binary instrumentation method, a reserved space is preset, and a second jump instruction, a recovery instruction, and a register initial value are stored in the reserved space, so that after an instrumentation function is executed according to a jump of the second jump instruction, a stored value of a register and the target function can be recovered according to the stored target function and the register initial value stored in the reserved space, thereby avoiding a problem of abnormal operation and call of the target function which may be caused by changing the stored value of the register in the process of executing the instrumentation function according to the jump, and achieving an objective of performing an instrumentation test on the kernel module based on the dynamic binary instrumentation method.
Description
Technical Field
The present disclosure relates to the field of computer application technologies, and in particular, to a method and an apparatus for testing a kernel module, an electronic device, and a storage medium.
Background
Linux (GNU/Linux) is a UNIX-like operating system kernel that is free to use and propagate. The Kernel Module (Kernel Module) refers to a program running in a Kernel space in a Linux operating system, and can be used for extending basic Kernel functions and allowing dynamic loading or unloading in the running process of the system.
Most kernel modules of Linux are released in an open source form, but some kernel modules are still inserted in a closed source form, and the specific execution flow of the kernel modules cannot know that once the closed source modules are abnormal, the reason why the closed source modules are abnormal is difficult to analyze. Therefore, a method for testing the Linux kernel module is needed to realize the test of the kernel module with a closed source.
Disclosure of Invention
In view of this, embodiments of the present disclosure provide a method and an apparatus for testing a kernel module, an electronic device, and a storage medium, which achieve the purpose of testing a target function of the kernel module in a manner of reserving a space and based on a dynamic instrumentation method.
In a first aspect, an embodiment of the present specification provides a method for testing a kernel module, including:
replacing a target code of a target function with a first jump instruction, and storing the target code, wherein the first jump instruction is used for indicating that jumping to a reserved space is performed in a relative jump mode; the reserved space is positioned in the storage space of the code segment corresponding to the target function or is adjacent to the storage space of the code segment corresponding to the target function;
a second jump instruction, a recovery instruction and a register initial value are stored in the reserved space, the second jump instruction is used for instructing to jump and execute a instrumentation function, and the recovery instruction is executed after the instrumentation function is executed, the instrumentation function is used for testing the target function, the recovery instruction is used for instructing to restore the stored value of the register and the target function according to the stored target code and the register initial value, and jump and execute the target function after recovery;
and executing the target function to test the target function.
In a possible embodiment, the replacing the target code of the target function with the first jump instruction includes:
modifying the page table attribute corresponding to the target code into writable one, modifying the page table corresponding to the target code to modify the target code into the first jump instruction, modifying the page table attribute corresponding to the first jump instruction into read-only one after the modification is finished, and refreshing the cache;
or
And establishing new page table mapping for the target code, wherein the mapping attribute is writable, modifying the target code into the first jump instruction in the established page table, removing the mapping relation after the modification is completed, and refreshing the cache.
In a possible implementation manner, the second jump instruction includes an absolute jump instruction and a return instruction, the absolute jump instruction includes a jump address corresponding to the instrumentation function, and the jump address is a starting address obtained by dynamically querying a kernel and storing the instrumentation function;
the absolute jump instruction is used for indicating jump to the jump address to execute the instrumentation function, and the return instruction is used for indicating jump to execute a next line of instructions of the absolute jump instruction;
and the recovery instruction is stored in the next line of the storage space of the absolute jump instruction.
In a possible implementation, replacing the target code of the target function with the first jump instruction further includes:
and searching a symbol table according to the identification information of the target function to obtain the storage address of the target function, wherein the symbol table stores the corresponding relation between the identification information of the function and the storage address, and the symbol table is recorded after the kernel starts the Kallsym subsystem configuration.
In a possible embodiment, the insertion method of the reserved space includes:
and inserting the reserved space into the storage space of the code segment corresponding to the target function by using an objcopy instruction.
In one possible embodiment, the saving the object code includes:
storing the target code in the reserved space.
In one possible embodiment, the register initial values include an initial value of a program status register and an initial value of all general purpose registers.
In a second aspect, an embodiment of the present specification provides a device for testing a core module, including:
the code modification module is used for replacing a target code of a target function with a first jump instruction and storing the target code, wherein the first jump instruction is used for indicating that the target code jumps to a reserved space in a relative jump mode; the reserved space is positioned in the storage space of the code segment corresponding to the target function or adjacent to the storage space of the code segment corresponding to the target function;
a second jump instruction, a recovery instruction and a register initial value are stored in the reserved space, the second jump instruction is used for instructing to jump and execute a instrumentation function, and the recovery instruction is executed after the instrumentation function is executed, the instrumentation function is used for testing the target function, the recovery instruction is used for instructing to restore the stored value of the register and the target function according to the stored target code and the register initial value, and jump and execute the target function after recovery;
and the instrumentation test module is used for executing the target function so as to test the target function.
In a third aspect, an embodiment of the present specification provides an electronic device, including:
a memory to store instructions;
and the processor is used for executing the test method of the kernel module according to the instructions stored in the memory.
In a fourth aspect, an embodiment of the present specification further provides a storage medium, which stores a computer program, where the computer program implements the method for testing the kernel module described in any one of the foregoing descriptions when executed.
In a fifth aspect, the present specification further provides a computer program product or a computer program, the computer program product or the computer program comprising computer instructions, the computer instructions being stored in a computer-readable storage medium; and reading the computer instructions from the computer readable storage medium by a processor of the computer device, wherein the processor realizes the steps in the test method of the kernel module when executing the computer instructions.
One or more embodiments of the present disclosure provide a method, an apparatus, an electronic device, and a storage medium for testing a kernel module, where in the method for testing a kernel module based on a dynamic binary instrumentation method, a reserved space is preset, and a second jump instruction, a recovery instruction, and a register initial value are stored in the reserved space, so that after an instrumentation function is executed according to a jump of the second jump instruction, a stored value of a register and a target function may be recovered according to the stored target function and the register initial value stored in the reserved space, thereby avoiding problems of abnormal operation and call of the target function which may be caused by changing a stored value of the register in a process of executing the instrumentation function according to the jump, and achieving an objective of performing an instrumentation test on the kernel module based on the dynamic binary instrumentation method.
Drawings
Fig. 1 is a schematic flowchart of a method for testing a kernel module according to an embodiment of the present disclosure.
Fig. 2 to 4 are schematic diagrams illustrating an execution flow of a method for testing a kernel module according to an embodiment of the present disclosure.
Fig. 5 is a flowchart illustrating a method for testing a kernel module according to another embodiment of the present disclosure.
FIG. 6 is a block diagram illustrating a second jump instruction according to an embodiment of the present disclosure.
Fig. 7 is a schematic structural diagram of a core module testing apparatus according to an embodiment of the present disclosure.
Fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present specification.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present specification without any creative effort belong to the protection scope of the present specification.
The test method of the kernel module provided by the embodiment of the specification can be suitable for testing the dynamic binary code of the kernel module (especially the closed-source kernel module) in the Linux system. The execution flow of the binary code of the kernel module can be known through the dynamic binary code test of the kernel module, and based on the execution flow, the abnormal reason of the kernel module can be analyzed.
Several terms that may be referred to in this specification are explained first.
The kernel is the lowest level of readily replaceable software that interfaces with the computer hardware. It is responsible for connecting all applications running in "user mode" to the physical hardware and allows processes called servers to get information from each other using Inter-Process Communication (IPC). The kernel is a first layer software extension based on hardware, provides the most basic functions of the operating system, is the basis of the operation of the operating system, and is responsible for managing processes, memories, device drivers, files and network systems of the system and determining the performance and stability of the system.
A Kernel Module, which may also be referred to as a Loadable Kernel Module (LKM), may be considered an executable program that runs in Kernel space, which is essential to keep a Kernel working with all hardware without consuming all available memory. The kernel module typically adds functions such as device, file system, and system calls to the base kernel. The Linux kernel differs from macOS and Windows in that Linux contains kernel-level drivers and makes many things "out of box". The file extension of the kernel module is.ko, which is typically stored in the/lib/modules directory. Due to the nature of the modules, the kernel can be easily customized by setting the modules to load or not load using menuconfig commands at startup, or by editing/boot/config files, or dynamically loading and unloading the modules using modprobe commands.
The ARM (Advanced RISC Machines) architecture is a Reduced Instruction Set (RISC) processor architecture.
X in ARMvX refers to the instruction set and architecture version of ARM, ARMv8 is the instruction set and architecture of the first generation supporting 64-bit processors, ARMv8 has two execution states, AArch64:64 bits of execution state, AArch32:32 bits of execution state.
The instruction set for ARMv8 has three types:
a64 The instruction set: running in the AArch64 state, 64-bit instruction set support is provided.
A32 The instruction set: running in the AArch32 state, 32-bit instruction set support is provided.
T32 instruction set: running in the AArch32 state provides 16-bit and 32-bit instruction set support.
The ARM64 architecture refers to a processor architecture that operates in the AArch64 state, which may also be referred to as the AArch64 architecture.
Open Source Code (Open Source Code), also known as Source Code disclosure, or simply Open Source, refers to a software distribution model. Accordingly, open source software, also known as open source software, is defined to describe software whose source code can be used by the public, and the use, modification, and distribution of this software is not limited by a license. Linux is the largest open source software. Most kernel modules issued based on the Linux system are issued in an open source form, but a part of kernel modules are still inserted in a closed source form, which results in a black box, and when the kernel modules in the closed source form are abnormal, it is very difficult to analyze the abnormal reason.
Dynamic Binary Instrumentation (DBI) is a method for analyzing the behavior of a binary application at runtime by injecting instrumentation code. The dynamic binary instrumentation technology can insert specific analysis codes into the program execution process according to the analysis requirements of users on the premise of not influencing the program dynamic execution result, thereby realizing the monitoring and analysis of the program dynamic execution process. Dynamic binary instrumentation is a technique to inject instrumented code into a running process, which means that the instrumented code is completely transparent to the injected application. The dynamic binary instrumentation framework will run directly in the binary or executable file, so we do not need the source code of the program, nor do we need to recompile or re-link the program.
Relative jump, the relative jump instruction is an instruction irrelevant to the code position, and after being compiled, the relative jump instruction is replaced by the current PC (Program Counter, or instruction Counter, used for storing the address of the current instruction to be executed) value plus (minus) a correction value, and the instruction can jump to the designated position no matter which address the instruction is executed at.
Absolute jump, where the absolute jump instruction points directly to a specific location, i.e., the absolute jump instruction will load a value of a label XXX directly to the PC, so that the program jump from Flash to RAM can be realized by using the absolute jump no matter where the instruction is executed.
For the Linux kernel module in the closed source form, when the Linux kernel module runs, the execution flow of the binary code cannot be known, and when the Linux kernel module is abnormal, static analysis of the binary code is very difficult.
With specific reference to fig. 1, and with combined reference to fig. 2 to fig. 4, fig. 1 shows a schematic flowchart of a method for testing a core module provided in an embodiment of the present specification, and fig. 2 to fig. 4 show a schematic flowchart of an execution flow of the method for testing the core module, where the method includes:
s101: replacing a target code of a target function with a first jump instruction, and storing the target code, wherein the first jump instruction is used for indicating that the target function jumps to a reserved space in a relative jump mode; the reserved space is located in the storage space of the code segment corresponding to the objective function or adjacent to the storage space of the code segment corresponding to the objective function.
Referring to fig. 2, it is assumed that the code segment corresponding to the target function is stored in a space from 0x00000000 to 0x00000001C (as shown in fig. 2, the space may include spaces of 0x00000004, 0x00000008, 0x0000000C, etc.), and this space may be considered as a storage space of the code segment corresponding to the target function. The original target function starts from 0x00000000 and ends at 0x00000001C, and the function instructions 1 to 8 are sequentially executed.
The reserved space may be in the storage space of the code segment corresponding to the objective function, or may be adjacent to the storage space of the code segment corresponding to the objective function. Fig. 2 shows the situation where the reserved space is adjacent to the storage space of the code segment corresponding to the objective function. In some embodiments, the adjacent of the reserved space and the storage space of the code segment corresponding to the objective function may be the close proximity as shown in fig. 2 (that is, there is no other storage space between the reserved space and the storage space of the code segment corresponding to the objective function), or the distance between the reserved space and the storage space of the code segment corresponding to the objective function is smaller than the preset distance (where the preset distance may be 16 bits, 32 bits, etc., and is selected according to practical situations, as long as the preset distance is smaller than the maximum distance that can be jumped by relative jump).
The reserved space is positioned in the storage space of the code segment corresponding to the target function or is adjacent to the storage space of the code segment corresponding to the target function, so that the reserved space is closer to the code segment corresponding to the target function, and the jump from the code segment corresponding to the target function to the reserved space can be realized by utilizing a first jump instruction for relative jump.
Optionally, the insertion manner of the reserved space may be: and inserting the reserved space into the storage space of the code segment corresponding to the target function by using an objcopy instruction. A particular form of the objcopy instruction may be: objcopy-add-section XXXX. As described above, the added reserved space may be as close as possible to the storage space of the code segment corresponding to the objective function.
After replacing the target code (e.g. function instruction 1) of the target function with the first jump instruction, the target code needs to be saved to avoid affecting the correct execution of the original target function. The storage location of the object code may be in a reserved space or in another storage area, and the specific storage location of the object code is not limited in this specification, and it is described in fig. 2 that the object code is stored in the reserved space as an example, so that when the object function is restored, the object code can be conveniently searched, and it is understood that if the storage space in the reserved space is less, or there is another available storage space for storing the object code, the object code can also be stored in a storage space outside the reserved space.
And a second jump instruction, a recovery instruction and a register initial value are stored in the reserved space, the second jump instruction is used for instructing to jump and execute a instrumentation function, and the recovery instruction is executed after the instrumentation function is executed, the instrumentation function is used for testing the target function, and the recovery instruction is used for instructing to restore the stored value of the register and the target function according to the stored target code and the register initial value, and jump and execute the target function after recovery.
And storing a second jump instruction, a recovery instruction and a register initial value in the reserved space, wherein the register initial value refers to the values of all registers of the kernel module when jumping to the reserved space based on the first jump instruction. The values of all registers of the kernel module include values of program status registers and values of all general purpose registers. I.e. the register initial values comprise the initial values of the program status registers and the initial values of all general purpose registers. The definitions of the initial values of the program status register and the initial values of all the general purpose registers are the same as the definitions of the initial values of the registers, and are not described herein again. Taking the ARM64 architecture of Linux as an example, the number of Program Status registers (SPSR) is usually one, and the number of general purpose registers is 31 (X0 to X30).
The action of saving the initial value of the register in the reserved space may be executed after the first jump instruction jumps into the reserved space, that is, a storage instruction for saving the initial value of the register may be stored in the reserved space in advance at a position to which the first jump instruction jumps, so that the saving action of the initial value of the register is automatically executed after the first jump instruction jumps into the reserved space.
And the second jump instruction in the reserved space is used for indicating that the pile-inserting function is jumped to the storage space where the pile-inserting function is located in an absolute jump mode to execute the pile-inserting function, and the second jump instruction is an absolute jump instruction carrying a return instruction so that the pile-inserting function can return to the reserved space after the execution of the pile-inserting function is finished. The reason why the instrumentation function needs to be executed with absolute jumps from the reserved space is that: the instrumentation function that needs to be injected is likely to be where the relative jump cannot be reached, and therefore an absolute jump needs to be used to implement the jump.
In addition, since an absolute jump needs to be used, and an additional register is needed to be used to store a jump address during the absolute jump, which may cause unpredictable results when the target function jumps back based on the return instruction (registers of the Linux system are basically used, and additional registers cannot be added), the initial value of the register needs to be stored in the reserved space, so that the initial value of the register can be restored after the execution of the instrumentation function is completed, and the normal operation of the original target function is ensured.
After the step S101 is completed, the step S102 may be performed to execute the objective function to implement the test of the objective function.
S102: and executing the target function to test the target function.
The method for testing the kernel module provided by the embodiment of the present specification is described with reference to fig. 2 to 4. In fig. 2, after the objective function is determined, a reserved space may be provided in a memory space of the objective function corresponding code segment or a space adjacent to the memory space. Then, one target code (for example, function instruction 1) of the target function is replaced by the first jump instruction, and the target code is saved (for example, in the reserved space, but may be saved in another storage space). The reserved space is also stored with a register initial value when the first jump instruction is executed, so that when the recovery instruction is executed, the target function can be recovered based on the register initial value and the stored target code, and the execution of the original target function is prevented from being abnormal.
The reserved space further comprises a second jump instruction with a return function, when the initial value of the register is stored, the second jump instruction can be used for executing the pile inserting function in a jump mode (for example, pile inserting function instructions 1 to 3 are sequentially executed), when the pile inserting function is executed, the next line of the second jump instruction is returned after the return instruction is met, the recovery instruction is executed, the target function is recovered, the code of the target function is ensured to be normal, the initial value of the register is ensured to be normal, and the normal operation of the target function is ensured.
Specifically, after the execution of step S101 is completed, the target function, the reserved space and the stub function may refer to the right diagram of fig. 2, at this time, the target code is already stored, when step S102 is executed, jump to the reserved space by the first jump instruction, store the initial value of the register in the reserved space, then execute the second jump instruction, jump to execute the stub function (refer to the right diagram of fig. 2), when the execution of the stub function is completed in sequence, encounter the return instruction, jump to the next line code of the second jump instruction, execute the recovery instruction (refer to the right diagram of fig. 3), and when the recovery instruction is executed, recover the target function based on the initial value of the register and the stored target code, so that the target function can normally run (refer to the right diagram of fig. 4).
According to the above description, the test method based on the kernel module can realize dynamic binary instrumentation test on any code segment of the kernel module, and does not affect the normal operation of the target function.
In an actual Linux kernel module, codes of the kernel module are either directly compiled in a kernel image or dynamically loaded into a kernel through an insmod command in a manner of being compiled into a module, in order to quickly and accurately find an objective function, an embodiment of the present specification provides a method for finding the objective function, and specifically, in an embodiment of the present specification, with reference to fig. 5, before replacing an objective code of the objective function with a first jump instruction, the method further includes:
s1011: and searching a symbol table according to the identification information of the target function to obtain the storage address of the target function, wherein the symbol table stores the corresponding relation between the identification information of the function and the storage address, and the symbol table is recorded after the kernel starts the configuration of the Kallsym subsystem.
After the kernel starts the configuration of the Kallsym subsystem, the Kallsym subsystem extracts the symbols of the kernel codes to make a symbol table, thereby being convenient for searching and debugging. If the symbol table of the Kallsym subsystem configuration contains ALL symbol information, kallsym _ ALL needs to be set to y, that is, CONFIG _ KALLSYMS = y and CONFIG _ KALLSYMS _ ALL = y are set in the kernel configuration system. In this way, under the root authority, the symbol table can be searched according to the identification information of the target function to obtain the storage address of the target function.
By the method, the target function can be found conveniently and quickly, and the execution efficiency of the test method of the kernel module is improved.
In addition, because the kernel module is not as specific as the user mode application, and the kernel of the kernel module sets the page table attribute corresponding to the kernel module to be read-only when mapping, after finding the target function, the target code can be replaced with the first jump instruction more conveniently by the following method, specifically, replacing the target code of the target function with the first jump instruction includes:
s1012: modifying the page table attribute corresponding to the target code into writable one, modifying the page table corresponding to the target code to modify the target code into the first jump instruction, modifying the page table attribute corresponding to the first jump instruction into read-only one after the modification is finished, and refreshing the cache;
or
And establishing new page table mapping for the target code, wherein the mapping attribute is writable, modifying the target code into the first jump instruction in the established page table, removing the mapping relation after the modification is completed, and refreshing the cache.
Based on step S1012, the problem that the kernel sets the page table attribute corresponding to the code segment of the kernel module as read-only and cannot be modified when the code segment of the kernel module is mapped can be solved, and in addition, the mode of replacing the target code with the first jump instruction through step S1012 is more convenient, which is beneficial to improving the execution efficiency of the method.
How to set the second jump instruction and arrange the second jump instruction and the recovery instruction is also a notable problem to ensure that the target function can be recovered correctly after the instrumentation function is executed by the jump. To address this issue, referring to fig. 6, in an exemplary embodiment of the present specification, the second jump instruction includes an absolute jump instruction and a return instruction, the absolute jump instruction includes a jump address corresponding to the instrumented function, and the jump address is a start address obtained by dynamically querying a kernel and storing the instrumented function.
The absolute jump instruction is used for indicating jump to the jump address to execute the instrumentation function, and the return instruction is used for indicating jump to execute a next line of instructions of the absolute jump instruction.
The recovery instruction is stored in a next line of the storage space of the absolute jump instruction.
In fig. 6, it is clear that the first jump instruction includes a relative jump instruction, the second jump instruction includes an absolute jump instruction with a return instruction, and a jump address included in the absolute jump instruction is a start address (in fig. 6, an address for storing an instruction 1 of an instrumentation function) for storing the instrumentation function, which is obtained by dynamically querying the kernel, so that after the instrumentation function is jumped to, the instrumentation function can be correctly executed, and it is ensured that the test is normally performed. And after the execution of the instrumentation function is finished, jumping to the next row of the absolute jump instruction for execution when encountering a return instruction so as to execute the recovery instruction and realize the correct recovery of the target function.
Exemplary devices
Corresponding to the above method for testing a kernel module, an embodiment of the present application further provides a device for testing a kernel module, as shown in fig. 7, the device includes:
a code modification module 100, configured to replace a target code of a target function with a first jump instruction, and store the target code, where the first jump instruction is used to instruct to jump to a reserved space in a relative jump manner; the reserved space is positioned in the storage space of the code segment corresponding to the target function or is adjacent to the storage space of the code segment corresponding to the target function;
a second jump instruction, a recovery instruction and a register initial value are stored in the reserved space, the second jump instruction is used for indicating jump execution of a instrumentation function, the instrumentation function is used for testing the target function, the recovery instruction is used for indicating that the stored value of the register and the target function are recovered according to the stored target code and the register initial value, and the target function after recovery is executed in a jump manner;
and the instrumentation test module 200 is configured to execute the objective function to test the objective function.
The testing apparatus for a kernel module provided in this embodiment belongs to the same application concept as the testing method for a kernel module provided in the foregoing embodiment of the present application, and can execute the testing method for a kernel module provided in any of the foregoing embodiments of the present application, and has functional modules and beneficial effects corresponding to the execution of the testing method for a kernel module. For details of the technology that is not described in detail in this embodiment, reference may be made to specific processing contents of the kernel module testing method provided in the foregoing embodiments of the present application, and details are not described here again.
Exemplary electronic device
Another embodiment of the present application further provides an electronic device, and referring to fig. 8, an exemplary embodiment of the present specification further provides an electronic device, including: a memory storing a computer program and a processor executing the computer program to perform steps in a method of testing a core module according to various embodiments of the present specification described in the "exemplary methods" section above in the present specification.
The internal structure of the electronic apparatus may be as shown in fig. 8, and the electronic apparatus includes a processor, a memory, a network interface, and an input device connected through a system bus. Wherein the processor of the electronic device is configured to provide computing and control capabilities. The memory of the electronic equipment comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the electronic device is used for connecting and communicating with an external terminal through a network. The computer program, when executed by the processor, performs steps in a method of testing a kernel module according to various embodiments of the present specification described in the "exemplary methods" section above of the present specification.
The processor may include a main processor and may also include a baseband chip, modem, and the like.
The memory stores programs for executing the technical scheme of the invention and also stores an operating system and other key services. In particular, the program may include program code including computer operating instructions. More specifically, the memory may include read-only memory (ROM), other types of static storage devices that may store static information and instructions, random Access Memory (RAM), other types of dynamic storage devices that may store information and instructions, disk storage, flash, and the like.
The processor may be a general-purpose processor, such as a general-purpose Central Processing Unit (CPU), microprocessor, etc., an application-specific integrated circuit (ASIC), or one or more integrated circuits configured to control the execution of programs in accordance with the inventive arrangements. But may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components.
The input device may include means for receiving data and information input by a user, such as a keyboard, mouse, camera, scanner, light pen, voice input device, touch screen, pedometer, or gravity sensor, among others.
Output devices may include devices that allow output of information to a user, such as a display screen, printer, speakers, etc.
The communication interface may include any means for using a transceiver or the like to communicate with other devices or communication networks, such as ethernet, radio Access Network (RAN), wireless Local Area Network (WLAN), etc.
The processor executes the program stored in the memory, and invokes other devices, which can be used to implement the steps of any one of the methods for testing the kernel module provided in the embodiments of the present application.
The electronic equipment can also comprise a display component and a voice component, the display component can be a liquid crystal display screen or an electronic ink display screen, and an input device of the electronic equipment can be a touch layer covered on the display component, a key, a track ball or a touch pad arranged on a shell of the electronic equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 8 is a block diagram of only a portion of the architecture associated with the aspects of the subject specification, and is not intended to limit the electronic devices to which the aspects of the subject specification apply, as a particular electronic device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
Exemplary computer program product and storage Medium
In addition to the above-described methods and apparatus, embodiments of the present application may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform the steps in the method of testing a core module described in the "exemplary methods" section of this specification above.
The computer program product may be written with program code for performing the operations of embodiments of the present application in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, an embodiment of the present application may also be a storage medium having stored thereon a computer program that is executed by a processor to perform the steps in the test method of the kernel module described in the "exemplary method" section above in this specification.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, databases, or other media used in the embodiments provided herein may include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
All possible combinations of the technical features in the above embodiments may not be described for the sake of brevity, but should be considered as being within the scope of the present disclosure as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present specification, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present description, which falls within the scope of protection of the present description. Therefore, the protection scope of the patent of the specification shall be subject to the appended claims.
Claims (8)
1. A test method of a kernel module is used for carrying out dynamic binary code test on the kernel module of a Linux system based on a dynamic binary instrumentation technology, wherein the kernel module is in a closed source form, the test method of the kernel module is used for analyzing the abnormal reason of the closed source form, and the test method of the kernel module comprises the following steps:
replacing a target code of a target function with a first jump instruction, and storing the target code, wherein the first jump instruction is used for indicating that jumping to a reserved space is performed in a relative jump mode; the reserved space is positioned in the storage space of the code segment corresponding to the target function or adjacent to the storage space of the code segment corresponding to the target function;
a second jump instruction, a recovery instruction and a register initial value are stored in the reserved space, the second jump instruction is used for indicating that a stub insertion function is jumped to execute in an absolute jump mode, the recovery instruction is jumped to execute after the execution of the stub insertion function is completed, the stub insertion function is used for testing the target function, the recovery instruction is used for indicating that a stored value of a register and the target function are restored according to the stored target code and the register initial value, and the target function after the recovery is jumped to execute, and the register initial value is the value of all registers of the kernel module when jumping to the reserved space based on the first jump instruction;
executing the target function to test the target function;
before replacing the target code of the target function with the first jump instruction, the method further includes:
and searching a symbol table according to the identification information of the target function to obtain the storage address of the target function, wherein the symbol table stores the corresponding relation between the identification information of the function and the storage address, and the symbol table is recorded after the kernel starts the Kallsym subsystem configuration.
2. The method of claim 1, wherein replacing the target code of the target function with a first jump instruction comprises:
modifying the page table attribute corresponding to the target code into writable one, modifying the page table corresponding to the target code to modify the target code into the first jump instruction, modifying the page table attribute corresponding to the first jump instruction into read-only one after the modification is finished, and refreshing the cache;
or
And establishing new page table mapping for the target code, wherein the mapping attribute is writable, modifying the target code into the first jump instruction in the established page table, removing the mapping relation after the modification is completed, and refreshing the cache.
3. The method of claim 1, wherein the second jump instruction comprises an absolute jump instruction and a return instruction, wherein the absolute jump instruction comprises a jump address corresponding to the instrumented function, and wherein the jump address is a start address for storing the instrumented function obtained by dynamically querying a kernel;
the absolute jump instruction is used for indicating jumping to the jump address to execute the instrumentation function, and the return instruction is used for indicating jumping to execute a next line of instructions of the absolute jump instruction;
and the recovery instruction is stored in the next line of the storage space of the absolute jump instruction.
4. The method of claim 1, wherein the inserting of the reserved space comprises:
and inserting the reserved space into the storage space of the code segment corresponding to the target function by using an objcopy instruction.
5. The method of any of claims 1-4, wherein said saving the object code comprises:
storing the target code in the reserved space.
6. The device for testing the kernel module is realized based on a dynamic binary instrumentation technology and is used for testing the kernel module of a Linux system, the kernel module is a closed-source kernel module, the testing method of the kernel module is used for analyzing the abnormal reason of the closed-source kernel module, and the device for testing the kernel module comprises:
the code modification module is used for replacing a target code of a target function with a first jump instruction and storing the target code, wherein the first jump instruction is used for indicating that the target code jumps to a reserved space in a relative jump mode; the reserved space is positioned in the storage space of the code segment corresponding to the target function or adjacent to the storage space of the code segment corresponding to the target function;
a second jump instruction, a recovery instruction and a register initial value are stored in the reserved space, the second jump instruction is used for instructing to jump and execute a instrumentation function in an absolute jump mode, and jump and execute the recovery instruction after the instrumentation function is executed, the instrumentation function is used for testing the target function, the recovery instruction is used for instructing to recover the stored value of the register and the target function according to the stored target code and the register initial value, and jump and execute the recovered target function, and the register initial value is the value of all registers of the kernel module when jumping to the reserved space based on the first jump instruction;
the instrumentation test module is used for executing the target function so as to test the target function;
before replacing the target code of the target function with the first jump instruction, the code modification module is further configured to:
and searching a symbol table according to the identification information of the target function to obtain the storage address of the target function, wherein the symbol table stores the corresponding relation between the identification information of the function and the storage address, and the symbol table is recorded after the kernel starts the Kallsym subsystem configuration.
7. An electronic device, comprising:
a memory to store instructions;
a processor for performing the method of testing a core module of any of claims 1-5 in accordance with instructions stored in the memory.
8. A storage medium, characterized in that a computer program is stored, which when executed, implements a method of testing a kernel module according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210934369.4A CN115017058B (en) | 2022-08-04 | 2022-08-04 | Test method and device of kernel module, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210934369.4A CN115017058B (en) | 2022-08-04 | 2022-08-04 | Test method and device of kernel module, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115017058A CN115017058A (en) | 2022-09-06 |
| CN115017058B true CN115017058B (en) | 2022-11-29 |
Family
ID=83066257
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210934369.4A Active CN115017058B (en) | 2022-08-04 | 2022-08-04 | Test method and device of kernel module, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115017058B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115952491B (en) * | 2022-12-30 | 2023-09-29 | 北京基调网络股份有限公司 | Method, device, electronic equipment and medium for hook objective function |
| CN116383091B (en) * | 2023-05-29 | 2023-08-29 | 珠海妙存科技有限公司 | Starting method and starting device of eMMC verification platform and storage medium |
| CN117076338B (en) * | 2023-10-18 | 2024-01-30 | 麒麟软件有限公司 | Method and system for dynamically debugging Linux kernel based on kprobe |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110055A (en) * | 2007-08-31 | 2008-01-23 | 中兴通讯股份有限公司 | Device for implementing general use pile function in unit test and implementing method thereof |
| CN101334753A (en) * | 2007-06-26 | 2008-12-31 | 中兴通讯股份有限公司 | Unit test method and its device |
| CN103092759A (en) * | 2013-01-28 | 2013-05-08 | 电子科技大学 | Code dynamic property parser in embedded environment |
| CN103677869A (en) * | 2012-09-06 | 2014-03-26 | 中国科学院计算技术研究所 | Wireless sensor network node remote code updating system and method |
| CN103955354A (en) * | 2014-05-09 | 2014-07-30 | 龙芯中科技术有限公司 | Relocation method and device |
| CN104572482A (en) * | 2014-12-19 | 2015-04-29 | 北京华为数字技术有限公司 | Process variable storage method and device |
| CN109344028A (en) * | 2018-09-13 | 2019-02-15 | 西安交通大学 | A kind of process behavior monitoring device that exempting from superuser right and method |
| CN109992968A (en) * | 2019-03-25 | 2019-07-09 | 北京理工大学 | Android malicious act dynamic testing method based on binary system dynamic pitching pile |
| CN110414218A (en) * | 2018-11-13 | 2019-11-05 | 腾讯科技(深圳)有限公司 | Kernel detection method, device, electronic equipment and storage medium |
| CN110554998A (en) * | 2018-03-30 | 2019-12-10 | 腾讯科技(深圳)有限公司 | hook method, device, terminal and storage medium for replacing function internal instruction |
| CN111666096A (en) * | 2020-07-02 | 2020-09-15 | 腾讯科技(深圳)有限公司 | Hot updating method and device for target application, storage medium and electronic equipment |
| CN111782302A (en) * | 2020-07-13 | 2020-10-16 | 腾讯科技(深圳)有限公司 | Process updating method and device, storage medium and electronic equipment |
| CN113254941A (en) * | 2021-05-21 | 2021-08-13 | 思特沃克软件技术(北京)有限公司 | Linux kernel source code processing method, device and equipment |
| CN113742237A (en) * | 2021-09-13 | 2021-12-03 | 北京奕斯伟计算技术有限公司 | Program debugging method, device, equipment and storage medium |
| CN113821439A (en) * | 2021-09-23 | 2021-12-21 | 成都欧珀通信科技有限公司 | Method, device, storage medium and terminal for registering function to probe point |
| CN114461260A (en) * | 2022-03-01 | 2022-05-10 | 阿里巴巴(中国)有限公司 | Function calling method and device |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104063325B (en) * | 2014-07-11 | 2016-10-26 | 电子科技大学 | A kind of test exemple automation generating means for embedded software and method thereof |
| CN104598809B (en) * | 2015-02-13 | 2017-04-19 | 北京奇虎科技有限公司 | Program monitoring method and defending method thereof, as well as relevant device |
| US10409606B2 (en) * | 2015-06-26 | 2019-09-10 | Microsoft Technology Licensing, Llc | Verifying branch targets |
| CN104951375B (en) * | 2015-07-01 | 2017-12-08 | 北京博睿宏远数据科技股份有限公司 | Cell phone application performance data acquisition method based on intercepting api callses technology |
| US10289842B2 (en) * | 2015-11-12 | 2019-05-14 | Samsung Electronics Co., Ltd. | Method and apparatus for protecting kernel control-flow integrity using static binary instrumentation |
| CN107818034B (en) * | 2016-09-14 | 2021-02-12 | 华为技术有限公司 | Method and device for monitoring running space of process in computer equipment |
| US11531552B2 (en) * | 2017-02-06 | 2022-12-20 | Microsoft Technology Licensing, Llc | Executing multiple programs simultaneously on a processor core |
| CN111913742B (en) * | 2018-07-03 | 2022-11-11 | 武汉斗鱼网络科技有限公司 | Program processing method and related equipment |
| CN109086183B (en) * | 2018-07-12 | 2022-08-16 | 武汉斗鱼网络科技有限公司 | Application program monitoring method and device, electronic equipment and storage medium |
| CN109002721B (en) * | 2018-07-12 | 2022-04-08 | 南方电网科学研究院有限责任公司 | Mining analysis method for information security vulnerability |
| CN110737892B (en) * | 2018-07-20 | 2021-11-09 | 武汉斗鱼网络科技有限公司 | Detection method aiming at APC injection and related device |
| US10949330B2 (en) * | 2019-03-08 | 2021-03-16 | Intel Corporation | Binary instrumentation to trace graphics processor code |
| CN112882701A (en) * | 2021-03-16 | 2021-06-01 | 天桐(苏州)网络科技有限公司 | Executable file static pile inserting technical framework supporting multiple architectures |
-
2022
- 2022-08-04 CN CN202210934369.4A patent/CN115017058B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101334753A (en) * | 2007-06-26 | 2008-12-31 | 中兴通讯股份有限公司 | Unit test method and its device |
| CN101110055A (en) * | 2007-08-31 | 2008-01-23 | 中兴通讯股份有限公司 | Device for implementing general use pile function in unit test and implementing method thereof |
| CN103677869A (en) * | 2012-09-06 | 2014-03-26 | 中国科学院计算技术研究所 | Wireless sensor network node remote code updating system and method |
| CN103092759A (en) * | 2013-01-28 | 2013-05-08 | 电子科技大学 | Code dynamic property parser in embedded environment |
| CN103955354A (en) * | 2014-05-09 | 2014-07-30 | 龙芯中科技术有限公司 | Relocation method and device |
| CN104572482A (en) * | 2014-12-19 | 2015-04-29 | 北京华为数字技术有限公司 | Process variable storage method and device |
| CN110554998A (en) * | 2018-03-30 | 2019-12-10 | 腾讯科技(深圳)有限公司 | hook method, device, terminal and storage medium for replacing function internal instruction |
| CN109344028A (en) * | 2018-09-13 | 2019-02-15 | 西安交通大学 | A kind of process behavior monitoring device that exempting from superuser right and method |
| CN110414218A (en) * | 2018-11-13 | 2019-11-05 | 腾讯科技(深圳)有限公司 | Kernel detection method, device, electronic equipment and storage medium |
| CN109992968A (en) * | 2019-03-25 | 2019-07-09 | 北京理工大学 | Android malicious act dynamic testing method based on binary system dynamic pitching pile |
| CN111666096A (en) * | 2020-07-02 | 2020-09-15 | 腾讯科技(深圳)有限公司 | Hot updating method and device for target application, storage medium and electronic equipment |
| CN111782302A (en) * | 2020-07-13 | 2020-10-16 | 腾讯科技(深圳)有限公司 | Process updating method and device, storage medium and electronic equipment |
| CN113254941A (en) * | 2021-05-21 | 2021-08-13 | 思特沃克软件技术(北京)有限公司 | Linux kernel source code processing method, device and equipment |
| CN113742237A (en) * | 2021-09-13 | 2021-12-03 | 北京奕斯伟计算技术有限公司 | Program debugging method, device, equipment and storage medium |
| CN113821439A (en) * | 2021-09-23 | 2021-12-21 | 成都欧珀通信科技有限公司 | Method, device, storage medium and terminal for registering function to probe point |
| CN114461260A (en) * | 2022-03-01 | 2022-05-10 | 阿里巴巴(中国)有限公司 | Function calling method and device |
Non-Patent Citations (1)
| Title |
|---|
| "轻量级嵌入式软件动态二进制插桩算法";粱晓兵 等;《理论研究》;20211231(第4期);89-95页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115017058A (en) | 2022-09-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115017058B (en) | Test method and device of kernel module, electronic equipment and storage medium | |
| CN109976761B (en) | Software development kit generation method and device and terminal equipment | |
| US6718485B1 (en) | Software emulating hardware for analyzing memory references of a computer program | |
| KR102084816B1 (en) | Layout and execution of software applications using bpram | |
| WO2016101503A1 (en) | Hot patching realization method and apparatus | |
| US20190087208A1 (en) | Method and apparatus for loading elf file of linux system in windows system | |
| CN115454512A (en) | Chip drive loading configuration method, device, equipment and storage medium | |
| CN112882694A (en) | Program compiling method and device, electronic equipment and readable storage medium | |
| CN113608742A (en) | Detection method, code packet processing method, operation control method and computing device | |
| Choi et al. | Reusable inline caching for JavaScript performance | |
| CN110688320B (en) | Global variable detection method and device and terminal equipment | |
| WO2023208012A1 (en) | Program processing method and apparatus, program running method and apparatus, terminal, smart card and storage medium | |
| CN111666102A (en) | File format conversion method, chip verification method, related device and network chip | |
| CN114942779A (en) | Patch implementation method and device, embedded system and storage medium | |
| CN115629795A (en) | Configuration method and device of executable file and electronic equipment | |
| CN113254065B (en) | Application software compatibility method and device | |
| CN111083007B (en) | Test method, test device, computer equipment and storage medium | |
| CN115167862A (en) | Patch method and related equipment | |
| CN113641389A (en) | Software upgrading method, device and equipment based on OpenCPU | |
| CN117573419B (en) | Page exception handling method and device | |
| CN117130721B (en) | WebAssemblely code execution method and device | |
| US11308080B2 (en) | Function management method and memory device | |
| CN112527265A (en) | Method for automatically injecting logs and computer equipment | |
| CN113672238B (en) | Operation method, device and equipment based on real-time operating system modularized management | |
| CN117573419A (en) | Page exception handling method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |