WO2020238245A1 - 实现函数跳转的方法、装置及计算机存储介质 - Google Patents

实现函数跳转的方法、装置及计算机存储介质 Download PDF

Info

Publication number
WO2020238245A1
WO2020238245A1 PCT/CN2020/071347 CN2020071347W WO2020238245A1 WO 2020238245 A1 WO2020238245 A1 WO 2020238245A1 CN 2020071347 W CN2020071347 W CN 2020071347W WO 2020238245 A1 WO2020238245 A1 WO 2020238245A1
Authority
WO
WIPO (PCT)
Prior art keywords
function
address
patch
hash table
old
Prior art date
Application number
PCT/CN2020/071347
Other languages
English (en)
French (fr)
Inventor
胡雷斌
温从洋
王辉
马剑
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to EP20815671.1A priority Critical patent/EP3842938B1/en
Priority to JP2021547637A priority patent/JP7212793B2/ja
Priority to KR1020217011497A priority patent/KR20210057176A/ko
Publication of WO2020238245A1 publication Critical patent/WO2020238245A1/zh
Priority to US17/235,061 priority patent/US11645068B2/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/656Updates while running
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/658Incremental updates; Differential updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/30Creation or generation of source code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/3004Arrangements for executing specific machine instructions to perform operations on memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/32Address formation of the next instruction, e.g. by incrementing the instruction counter
    • G06F9/322Address formation of the next instruction, e.g. by incrementing the instruction counter for non-sequential address
    • G06F9/328Address formation of the next instruction, e.g. by incrementing the instruction counter for non-sequential address for runtime instruction patching
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4482Procedural
    • G06F9/4484Executing subprograms
    • G06F9/4486Formation of subprogram jump address

Definitions

  • This application relates to the computer field, and more specifically to the implementation method of the hot patch.
  • Hotfix refers to some code that can repair software vulnerabilities. It is a fast and low-cost way to repair product software version defects. The main advantage of the hot patch is to repair the defects of the current software version of the device without restarting the device.
  • the current hot patch scheme is mainly based on function jump, that is, jump from the "replaced function (hereinafter referred to as the hot patch old function)" to the new function execution.
  • the hot patch old function a hot patch mechanism through a function tracer (ftrace) and livepatch components.
  • livepatch will register a structure fops for each old function of the hot patch, which is used to save the address of the old function of the hot patch, the function stack of the new function, and the callback function of livepatch. All the hot patch old functions are managed by a singly linked list.
  • ftrace searches the structure corresponding to the address of the old function by traversing the singly linked list, and obtains the pointer of the livepatch callback function stored in the structure and the address of the structure. Livepatch is based on the The address of the structure looks up the address of the new function corresponding to the old function, executes the function of the new function, completes the jump from the old function to the new function, and realizes the repair of the old function.
  • livepatch registers a structure for each hot patch old function, and uses a singly linked list to manage the structure of all hot patch old functions, which causes the singly linked list to follow the hot patch function While ftrace must traverse the singly linked list to find the callback function corresponding to the function, the longer the linked list means the longer the traversal time and the longer the function jump time, which brings greater performance overhead.
  • the present application provides a method for implementing function jump, which shortens the length of the singly linked list and reduces the time consumed by the function jump.
  • this application provides a method for implementing function jump, which includes:
  • the call instruction may include the address of the first function; confirm that the address of the first function has been stored in the first data structure, where the first data structure stores the addresses of multiple functions, and multiple Any one of the functions is configured with a patch function to replace the function.
  • the meaning of replacement is that the patch function replaces the old function in response to the call to the old function; confirming the address of the first function stored in the first data structure is confirmation
  • the addresses of multiple functions include the address of the first function.
  • the address of the first function stored in the first data structure indicates that the first function is an old function that needs to be replaced by a patch function. You need to find the address of the patch function to execute the function. Jump.
  • the address of the first function find the address of the patch function of the first function from the second data structure, where the patch function of the first function is registered to replace the first function, and the second data structure stores multiple functions The corresponding relationship between the address and the patch function of the multiple functions, and the patch function of any one of the multiple functions is registered to replace the function.
  • the address of the patch function of the first function jump from the first function to the execution of the patch function of the first function, and execute the patch function of the first function in response to the call instruction.
  • data structure is a way of storing and organizing data in a computer.
  • the first data structure is a first hash table, and the first hash table stores addresses of multiple functions.
  • Hash table is a data structure that directly accesses the storage location in memory according to the key. In other words, it accesses records by calculating a function about the key value and mapping the data to be queried to a position in the table.
  • the first hash table may indicate the correspondence between the hash value of the address of each function in the multiple functions and the address of the function.
  • the method further includes: determining the first hash table by a structure storing the address of the first hash table; a pointer to the structure storing the address of the first hash table is included in the first hash table; In the structure.
  • the first structure includes a pointer to the structure storing the address of the first hash table.
  • a structure (struct) is a data structure that is a type of aggregate data type. Structures can be declared as variables, pointers or arrays, etc., to implement more complex data structures. A structure is also a collection of elements, and these elements are called members of the structure.
  • this application uses the first data structure to store the addresses of multiple old functions, which shortens the length of the singly linked list and therefore shortens the search
  • the time consumed by the address of a function saves the time required for the function jump and improves the performance of the system.
  • each of the multiple functions corresponds to a second structure
  • the second structure of each function stores the address of the patch function of the function
  • the second hash table is used to store multiple functions The corresponding relationship between the address of the first function and the second structure of the multiple functions, according to the address of the first function, from the second data structure to find the address of the patch function of the first function, including: according to the address of the first function, from Search for the second structure corresponding to the address of the first function in the second hash table; obtain the address of the patch function of the first function from the second structure corresponding to the address of the first function found.
  • the second hash table is used to manage the correspondence between the address of the old function and the second structure of the old function, so that in the stage of searching for the address of the new function according to the address of the old function, the time consumed for searching can be saved.
  • the second structure of the first function can be quickly found from the second hash table according to the hash value of the address of the first function, and then the address of the patch function of the first function can be obtained.
  • the address of the first function is added to the first data structure.
  • it can be added to the first hash table.
  • the system parses the patch package, it will register the patch function for the old function according to the address of the patch function in the patch package and the address of the old function, and establish a jump from the old function to the patch function.
  • a structure is registered for each old function, and the address of the old function is stored in the structure.
  • this application adds the address of the old function to a data structure.
  • the address of the old function is added In the first hash table, the length of the singly linked list is shortened.
  • the method further includes: in response to the rollback instruction for the first function, according to the address of the first function and the second hash table, searching and deleting the first in the second structure of the first function
  • the address of the patch function of the function where the rollback instruction is used to instruct to withdraw the replacement of the first function by the patch function of the first function, that is, roll back to the state before replacing the first function with the patch function.
  • functions 2, 3, and 4 are the patch functions used in sequence in the repair function 1
  • function 4 is the patch function used in the last repair to function 1.
  • the second hash table is used to manage the addresses of multiple functions and the second structure of the multiple functions, which can shorten the time consumed to find the patch function of the first function.
  • the method further includes: if the rollback instruction of the first function is received when the second hash table is read, the following steps are executed after the second hash table is read. : Find and delete the address of the patch function of the first function from the second hash table according to the address of the first function, and the rollback instruction is used to instruct to cancel the replacement of the first function by the patch function of the first function.
  • a lock mechanism can be set for the hash table. When a thread or process reads the hash table, other threads are prohibited from modifying the hash table by the process.
  • the data structure used to store the correspondence between the address of the first function and the address of the patch function of the first function can be customized.
  • Different data structures have their own advantages and disadvantages.
  • This application can store multiple sets of data structures, and then quickly implement switching through relevant kernel compilation parameters without modifying the code each time. In this way, which data structure to use can be determined according to the scenario, and the cost required for development is also saved.
  • the present application provides a device for implementing function jump.
  • the device includes: a receiving unit and a processing unit, wherein:
  • the receiving unit is configured to receive a call instruction to the first function, where the call instruction includes the address of the first function;
  • the processing unit is used to: confirm that the address of the first function has been stored in the first data structure, wherein the first data structure stores the addresses of multiple functions; according to the address of the first function, search for the first function in the second data structure
  • the address of the patch function where the patch function of the first function is registered to replace the first function, and the second data structure stores the correspondence between the addresses of multiple functions and the patch functions of multiple functions;
  • the address of the patch function jumps from the first function to the patch function execution of the first function in response to the call instruction.
  • the first data structure is a first hash table.
  • the processing unit is further configured to: determine the first hash table by the structure storing the address of the first hash table; the pointer to the structure storing the address of the first hash table is included in the first hash table; In the structure.
  • the processing unit is specifically configured to: each of the multiple functions corresponds to a second structure, the second structure of each function stores the address of the patch function of the function, and the second hash table It is used to store the correspondence between the addresses of the multiple functions and the second structure of the multiple functions. According to the address of the first function, the second hash table is used to find the first function corresponding to the address of the first function.
  • the second structure wherein the second hash table is used to store the correspondence between the addresses of multiple functions and the second structure of the multiple functions, the second data structure includes multiple second structures, and multiple first structures Each second structure in the second structure stores the correspondence between the address of one of the multiple functions and the patch function of the function; it is obtained from the second structure corresponding to the address of the first function found The address of the patch function of the first function.
  • the processing unit is further configured to: add the address of the first function to the first data structure.
  • the processing unit is further configured to: in response to the rollback instruction to the first function, according to the address of the first function and the second hash table, look up and delete the second structure of the first function.
  • the processing unit is further configured to: if a rollback instruction for the first function is received when performing a read operation on the second hash table, execute it after performing the read operation on the second hash table. The following steps: according to the address of the first function and the second hash table, find and delete the address of the patch function of the first function, wherein the rollback instruction is used to instruct to cancel the replacement of the first function by the patch function of the first function .
  • the present application provides a computer system that includes a processor and a memory, the memory is used to store a computer program, and the processor is used to execute the computer program to achieve the implementation as described in the first aspect and any one of the above-mentioned implementations Methods.
  • the present application provides a computer-readable storage medium in which a computer program is stored, and when the computer program is called by a processor, the method described in the first aspect and any one of the above-mentioned implementation modes is implemented.
  • the present application provides a computer program product, the computer program product includes a computer program, and when the computer program is invoked by a processor, it implements the method described in the first aspect and any one of the foregoing implementation manners.
  • this application provides a data structure that includes a pointer to a callback function and a pointer, the pointer points to a structure that stores the address of a first hash table, and the first hash table stores multiple The address of the function.
  • the pointer of the callback function points to the callback function, and the callback function is used for execution: find the address of the patch function of the function according to the address of the function, and jump from the function to the patch function execution of the function according to the address of the function's patch function.
  • FIG. 1 is a schematic diagram of the structure of a node provided by an embodiment of the application
  • FIG. 2 is a schematic diagram of the structure of a node provided by an embodiment of the application.
  • FIG. 3 is a schematic structural diagram of a node provided by an embodiment of the application.
  • FIG. 4 is a schematic diagram of function calls provided by an embodiment of the application.
  • Fig. 5 is a schematic diagram for implementing function jump provided by an embodiment of the application.
  • FIG. 6 is a schematic diagram for implementing function jump provided by an embodiment of the application.
  • FIG. 7 is a line chart of the function jump time and the number of repaired functions in the prior art provided by an embodiment of the application;
  • FIG. 8 is a schematic diagram of implementing function jump in the kernel provided by an embodiment of the application.
  • FIG. 9 is a flowchart for implementing function jump provided by an embodiment of the application.
  • FIG. 10 is a schematic diagram of the data structure of the first structure provided by an embodiment of the application.
  • FIG. 11A is a schematic diagram of the data structure of a second structure provided by an embodiment of the application.
  • FIG. 11B is a schematic diagram of a second hash table provided by an embodiment of the application.
  • FIG. 12 is a flowchart for implementing function jump provided by an embodiment of the application.
  • FIG. 13 is a flowchart for implementing function jump provided by an embodiment of the application.
  • 14A is a comparison diagram of the method for implementing function jump provided by an embodiment of the application and the line graph of the function jump time and the number of functions in the prior art;
  • FIG. 14B is a schematic diagram of the reduction ratio of the function jump time for implementing the function jump method provided by an embodiment of the application;
  • FIG. 15 is a flowchart for implementing function jump provided by an embodiment of the application.
  • Fig. 16 is a structural diagram of an apparatus for implementing function jump provided by an embodiment of the application.
  • FIG. 1 is a schematic diagram of the structure of a node 100.
  • the node 100 may include an application layer, an operating system 102, and a hardware layer 103.
  • the application layer includes one or more application programs 101.
  • the operating system 102 includes a kernel 104.
  • the hardware layer 103 includes a processor 106, a memory 105, and a communication interface 107.
  • 102 is the system software used to manage hardware and software resources.
  • the processor 106 is the control center of the node 100, and uses various interfaces and buses to connect various components of the node 100.
  • the processor 106 may include one or more processing units, or called physical cores.
  • the processor 106 in FIG. 1 includes a core 0 and a core 1.
  • the processor 106 may also include registers, and the registers may be used to store addresses of functions of the core 104.
  • the processor 106 may be a central processing unit (Central Processing Unit, CPU), and the processor 106 may also be other general-purpose processors, digital signal processors (Digital Signal Processors, DSPs), application specific integrated circuits (ASICs).
  • CPU Central Processing Unit
  • DSPs Digital Signal Processors
  • ASICs application specific integrated circuits
  • the general-purpose processor may be a microprocessor or the processor 106 may also be any conventional processor or the like.
  • a computer program is stored in the memory 105.
  • the processor 106 is configured to execute the computer program in the memory 105, so as to realize the functions defined by the computer program.
  • the memory 105 is a non-volatile storage medium, and generally includes a memory and an external memory.
  • Memory includes, but is not limited to, random access memory (Random Access Memory, RAM), read-only memory (Read-Only Memory, ROM), or cache (cache).
  • External storage includes but is not limited to flash memory, hard disk, optical disk, universal serial bus (USB) disk, etc.
  • Computer programs are usually stored in external memory, and the processor loads the program from external memory to memory before executing the computer program.
  • the memory 105 may be independent and connected to the processor 106 through a bus; the memory 105 and the processor 106 may also be integrated into a chip subsystem.
  • the communication interface 107 uses a transceiving device such as a transceiver to implement communication between the execution node 100 and other devices or a communication network.
  • a transceiving device such as a transceiver to implement communication between the execution node 100 and other devices or a communication network.
  • the method provided by the embodiment of the present application can be used to repair the kernel 104 in the operating system of the node 100.
  • the node 100 may be a physical device, such as a server or a terminal device.
  • the terminal device may be a handheld device with a wireless connection function, or other processing device connected to a wireless modem.
  • it can be a mobile phone, a computer, a tablet computer, a personal digital assistant (PDA), a mobile Internet device (mobile Internet device, MID), a wearable device, and an e-book reader (e-book reader), etc.; It can also be a portable, pocket-sized, handheld, built-in computer or vehicle-mounted mobile device.
  • the schematic diagram of the structure of the node 100 is shown in FIG. 2.
  • the node 100 includes a memory 201, a processor 202, and a communication interface 203.
  • the memory 201, the processor 202, and the communication interface 203 may be the memory 105 in FIG. 1, respectively. , Part or all of the processor 106 and the communication interface 107.
  • the storage 201 stores an operating system 205 and application programs 204, and can also store data generated by the operating system 205 and application programs 204 during the running process.
  • the node 100 may be a virtual computer, which is a general term for the operating environment virtualized by software in all types of virtualization devices, and the concept includes virtual machines and containers.
  • Virtualization as the core technology of cloud scenarios, virtualizes hardware resources and shares them with multiple users, enabling users to conveniently and flexibly use physical resources under the premise of safe isolation, and greatly improving the utilization of physical resources.
  • FIG. 3 the schematic diagram of the structure of the node 100 is shown in FIG. 3.
  • the node 100 includes a hardware layer 312, a host machine layer 309 and a virtualization layer.
  • the virtualization layer includes virtual machines 301 and 302.
  • the hardware layer 312 includes a processor 314, a memory 313, and a communication interface 315. In other embodiments, the number of virtual machines may be more or less.
  • Virtual machine One or more virtual computers simulated by software on a physical computer. These virtual machines run in a completely isolated environment and work like real computers.
  • a guest operating system (guest operating system, guest OS) (305 and 306 in Figure 3) can be installed on the virtual machine (301 and 302 in Figure 3), and one or more applications are running on the guest operating system (303 in Figure 3). And 304).
  • the virtual machine can also access network resources. For applications running in a virtual machine, it is like working in a real computer.
  • Virtual computer A collective term for the operating environment virtualized by software in all types of virtualization devices.
  • the concept includes virtual machines and containers.
  • Host layer 309 As a management layer, it is used to complete the management and allocation of hardware resources; present a virtual hardware platform for virtual machines; implement scheduling and isolation of virtual machines.
  • the host layer 309 includes a host operating system 311 and a virtual monitoring device, such as a virtual machine monitor 310 (VMM) or hypervisor, where the virtual monitoring device 310 can be deployed on the host operating system 311 It can also be deployed outside the host operating system 311.
  • the "host layer” may also include a privileged virtual machine (for example, the virtualization architecture Xen).
  • the virtual hardware platform provides various hardware resources for each virtual computer running on it, such as virtual processors, virtual memory, virtual disks, virtual network cards, and so on. The virtual computer runs on the virtual hardware platform prepared for it by the host layer.
  • the host layer is sometimes referred to as the host for short.
  • Hardware layer 312 the hardware platform on which the virtualized environment runs.
  • the hardware layer may include a variety of hardware.
  • the hardware layer of a physical computer may include a processor 314 and a memory 313, and may also include a communication interface 315, such as a network interface card (NIC), and may also include an interrupt controller, , Input/output (I/O) equipment, etc.
  • the processor 314 may include multiple physical cores, such as core 1 and core 0.
  • the processor 314, the memory 313, and the communication interface 315 shown in FIG. 3 may correspond to part or all of the processor 106, the memory 105, and the communication interface 107 described in FIG. 1, respectively.
  • Virtual processor (307 and 308 in FIG. 3): Under virtualization technology, a representation of a physical processing unit used by a virtual computer in a shared or fragmented manner, such as a virtual CPU (virtual central processing unit, vCPU). A virtual computer can be served by one or more virtual processors. When there are multiple virtual processors, there is usually one virtual processor as the master virtual processor and the others as slave virtual processors.
  • vCPU virtual central processing unit
  • the virtual computer is equivalent to an independent computer, so the actions performed by the virtual computer can also be regarded as the virtual processor performing the action, and the virtual processor is implemented by software, so the virtual processor executing the action is actually the virtual processor The physical processor or physical core that is running performs this action.
  • the above expression methods are selectively used.
  • a host operating system 311 and a VMM 310 are deployed in the host.
  • the VMM 310 is equivalent to a hypervisor or other types of virtual monitoring devices in other virtualization architectures.
  • the VMM 310 can be deployed inside the host operating system 311 or separately from the host operating system 311.
  • VMM 310 is responsible for managing one or more virtual machines running on it.
  • the host operating system 311 may specifically be Linux, iOS, Microsoft or other operating systems
  • the virtual machine includes a virtual hardware layer, a guest operating system, and various applications.
  • the virtual hardware layer includes virtual hardware such as virtual memory (not shown in the figure) and virtual processor.
  • virtual hardware layer includes virtual hardware such as virtual memory (not shown in the figure) and virtual processor.
  • this embodiment includes virtual machines 301 and 302, and each virtual machine includes a virtual processor.
  • the virtual processor is realized by the combination of software and hardware. Its operation is actually realized by the physical core reading and running the software program. For example, a physical core reads the software program and uses the hardware-assisted virtualization of the physical core in a specific mode (such as x86). In non-Root mode), run the software program to implement a virtual processor.
  • the operating system usually needs to be updated regularly to fix the defects or vulnerabilities in the old version.
  • developers find system problems or the detection module in the operating system finds security vulnerabilities that need to be fixed, they can make the repair function into a patch module and load it into Operating system, this process can be called "patching".
  • the repair of the operating system usually needs to be unaware of the user, that is, the device does not need to be restarted during the repair process.
  • the repair of the kernel is an important link.
  • the kernel is the most basic part of the operating system and can provide secure access to computer hardware for many applications. In order to meet the above requirements, a hot patch mechanism is usually used for kernel repair.
  • Hot patches can repair operating system vulnerabilities without restarting the operating system, reduce system downtime, and increase system availability. Hot patches are also suitable for debugging and testing during the development process. For example, during the development of software modules or kernels, if you need to add information to a function, or assign a specific value to a variable in the function, you can use the hot It is implemented in the form of patches without the need to recompile the kernel, install and restart the series of operations.
  • a hot patch module can be made according to the source code package and symbol table, where the hot patch module can contain the address of the old function and the address of the new function.
  • the kernel can extract information from the hot patch module, and replace the original null instruction (nop) in the function header of the old function with a jump instruction.
  • the old function is called, the old function is not executed.
  • the function of the function is to jump to the new function and execute the function of the new function.
  • the hot patch mechanism can be divided into two stages: one is the initialization phase, which is used to parse the hot patch module and register the new function corresponding to the old function; the other is the function Jump stage.
  • a function can include a function header and a function body.
  • the function header which gives the function prototype information such as the return type of the function, the order and type of each parameter, and the function body It is the whole of all codes that define a function in a programming language.
  • the kernel 104 of the node 100 in FIG. 1 may include an ftrace module and a livepatch module. As shown in FIG. 5, the ftrace module and the livepatch module are used to implement function jumps. Before introducing the method of implementing function jump, first introduce some related concepts:
  • mcount There is a mechanism in the operating system. When the kernel is compiled, several bytes are reserved in the function header of each function for tracking the function or testing the performance of the function. This mechanism is used in the Linux operating system It is called mcount.
  • Ftrace is one of Linux's most effective tools for code-level practice analysis. Ftrace is a mechanism in the Linux kernel that can be used to trace function calls, which can trigger specific codes before each function call starts (prologue). ftrace can be used to record information about different function calls executed when the kernel is running, and it can help developers and system designers obtain current kernel running information to analyze kernel events, context, function progression, kernel function call relationships, or Function stack. ftrace can also analyze kernel-specific events, such as function scheduling or interrupt events. It can also track kernel functions and the call stacks of these functions. The call stacks are used to store information about the active subroutines of computer programs. ftrace can also track delays, such as the time that interrupts are masked, the time that preemption is prohibited, and the time between waking up a process and starting execution.
  • Kpatch is a technology that can dynamically patch the Linux kernel without restarting the system.
  • Kpatch is composed of a user mode tool Kpatch Tool and a kernel mode mechanism livepatch.
  • Livepatch is the core component of the function jump phase in the hot patch implementation process.
  • livepatch implements the replacement of kernel functions based on ftrace, and uses the mcount mechanism to reserve several bytes at the entry of each function when the kernel is compiled, and then replace the bytes reserved by the old function entry with jumps when patching After the instruction is transferred, the address of the new function is found, and the execution flow of the new function is finally entered to realize the online replacement of the function level.
  • Livepatch is currently the only hot patch mechanism in the industry that is perfectly compatible with ftrace, which has also created the dominant position of livepatch in Linux.
  • Livepatch is a service component provided by the Linux operating system that supports hotfix loading, activation, and rollback deletion. It can repair the defects of the current software version of the device according to the hotfix module without restarting the device. The service also responsible for checking whether the function is called by the thread, consistency guarantee, etc.
  • the structure refers to a data structure, which is a composite data type (aggregate data type). Structures can be declared as variables, pointers or arrays, etc., to implement more complex data structures. A structure is also a collection of elements. These elements are called members of the structure, and these members can be of different types, and members are generally accessed by names.
  • the old function and the new function are relative.
  • the new function is a function that is registered or configured to repair the old function or replace the old function.
  • the new function can also be called a patch function of the old function.
  • the address of the old function indicates the starting address of the old function in the storage space
  • the address of the new function indicates the starting address of the new function in the storage space.
  • the ftrace module is used to find the structure corresponding to the address of the old function from the singly linked list storing multiple structures, extract the pointer of the callback function stored in the structure, and jump to the livepatch module; the livepatch module is based on The address of the found structure obtains the new function stack corresponding to the old function, and then obtains the address of the new function corresponding to the old function. The livepatch module realizes the jump from the old function to the new function according to the address of the new function.
  • Step S1 When function 1 is called, execute the jump instruction in the function header of function 1 and jump to the ftrace module;
  • the jump instruction in the function header of function 1 is the pointer of the callback function of the ftrace module, and the pointer of the callback function of the ftrace module is used to point to the execution logic of the ftrace module.
  • callback is a function called through a pointer. If the pointer (address) of function A is passed as a parameter to function B, when this pointer is used to call the function A pointed to by it, it is said that function A is a callback function.
  • Step S2 The ftrace module traverses the singly-linked list according to the address of function 1, looks up the structure in the singly-linked list that records the address of the function 1, and obtains the pointer of the callback function of the livepatch module recorded in the structure, and jumps to the livepatch module;
  • Linked list is a kind of data structure, it is a kind of linear list. In each node, a pointer to the next node is stored. This structure makes it possible to find a node in the linked list or visit a node with a specific number.
  • the time complexity is O(n).
  • Multiple structures are recorded in the singly-linked list, and each node in the singly-linked list stores a structure and stores a pointer to the next structure.
  • Each of the multiple structures in the singly linked list corresponds to an old function.
  • Each structure contains the address of the old function and the pointer of the callback function.
  • the pointer of the callback function can be the pointer of the callback function of the livepatch module or the pointer of other callback functions.
  • an old function can correspond to multiple structures, and the callback function pointers recorded in the multiple structures belong to different callback functions.
  • the ftrace module traverses multiple structures in the singly-linked list according to the address of the old function until it finds the structure that records the address of the old function and the pointer of the callback function of the livepatch module, and then jumps to the livepatch module.
  • four structures fops1-4 are stored in the singly linked list, and each structure stores the address of an old function and the address of the callback function. Assume that the address of the old function stored in the structure fops4 is the address of function 1, and the pointer of the stored callback function is the pointer of the callback function of the livepatch module.
  • the ftrace module traverses the singly linked list according to the address of function 1 and finds that the address of the old function A is stored in the structure fops4, and then obtains the pointer of the callback function of the livepatch module from the structure fops4, and jumps to the livepatch module.
  • the livepatch module Because when the livepatch module registers the structure of the old function for the old function in the initialization phase, the livepatch module sends the address of the old function and the address of the storage space allocated for the structure to the ftrace module, so the ftrace module finds the old function corresponding After the structure, you can send the address of the found structure to the livepatch module. In the above example, the ftrace module also sends the address of the structure fops4 to the livepatch module.
  • Step S3 The livepatch module uses the address of the received structure fops to directly obtain the structure ops storing the function stack corresponding to the old function, where multiple hot patch functions for the same old function are stored in the function stack, due to one old function Can be repaired multiple times, so the address of an old function can correspond to the addresses of multiple new functions;
  • Step S4 The livepatch module extracts the address of the new function from the function stack, calls the new function, and realizes the function replacement;
  • the solution uses the structure fops to establish a pair of correspondences between the old function and the new function to realize the jump from the old function to the new function.
  • the ftrace module finds the pointer of the livepatch callback function to need the structure fops, and the livepatch module finds the new function.
  • the address also needs the structure fops, which leads to a one-to-one correspondence between "old function->fops->new function", and a new structure fops must be added every time a new function is registered, which leads to the growth of the singly linked list and the traversal time.
  • the structure fops stored in the singly linked list also increases, and the traversal time of the singly linked list also increases, that is, the function jump time increases, resulting in huge performance overhead.
  • the time required for the function jump basically increases linearly with the increase of the hot patch function. If there is a corresponding hot patch function in a hot-spot function (that is, a frequently called function) in the kernel, when the hot-spot function is called, the function jump time will far exceed the execution time of the hot patch function. In this case, the execution efficiency of the hot function will be severely slowed down.
  • each function jumps it must traverse the entire singly linked list, which means that all hot patch functions affect each other, and finally cause the performance of the whole machine to decrease.
  • This application proposes a method for realizing function jump, which decouples the livepatch module and the ftrace module to a certain extent.
  • This method can be applied to the current mainstream Linux platforms, such as CentOS, Redhat or Ubuntu.
  • the technical solution provided by this application stores the addresses of multiple old functions through a structure, and finds whether the address of the called function is stored in this structure. If it is determined that the address of the called function is stored in the structure, the The address of the function searches the function stack corresponding to the called function to obtain the address of the new function stored in the function stack.
  • the kernel 104 in FIG. 1 may include an ftrace module 401, a livepatch module 402, and a function 404 in the kernel.
  • One or more application programs 406 can call the function 404 in the kernel through the interface 205.
  • the application 203 can also configure the ftrace module 401 through the interface 205.
  • the ftrace module 401 is used to track the calling status of the function 404 in the kernel.
  • the first data structure 408 stores the addresses of multiple old functions with hot patch functions. Compared with the prior art, the number of structures is the same as the number of old functions. The number is fixed at 1, and a single item is used to replace the singly linked list including multiple structures in the prior art.
  • the ftrace module 401 is used to find the address of the function in the first data structure 408 according to the address of the function. If the address of the function is found in the first data structure 408, then extract the first data structure. A pointer to the callback function of the livepatch module 402 stored in a data structure 408 and jump to the livepatch module 402.
  • the livepatch module 402 is used to find the address of the new function corresponding to the old function.
  • the livepatch module 402 is also used to register the old function and the function stack corresponding to the old function, and register the address of the old function into the first data structure 408 in the ftrace module.
  • a management unit 403 is newly added to the livepatch module 402, and the management unit 403 is used to manage the address of each old function and the function stack corresponding to the old function.
  • the management unit 403 can perform operations such as adding, deleting, or querying addresses; further, the management unit 403 can use a data structure (such as a hash table or a hash tree) that can realize efficient query to map the address of the old function to the function stack. Relationship management. In this way, the livepatch module and the ftrace module are decoupled to a certain extent, and the dependence of the livepatch module on the structure in the singly linked list when querying the address of the new function is solved.
  • a data structure such as a hash table or a hash tree
  • the embodiment of the application provides a method for implementing function jump. As shown in FIG. 9, the method includes the following steps:
  • Step S501 Receive a call instruction to the first function
  • the call instruction may include the address of the first function, where the address of the first function is the starting address of the first function in the address space.
  • step S502 is executed.
  • null instruction stored in the function header of the first function, continue to execute the function defined in the function body of the first function.
  • the method further includes: replacing several bytes in the function header of the first function with the pointer of the first callback function.
  • Step S502 Determine whether the address of the first function has been stored in the first data structure
  • the addresses of multiple functions are stored in the first data structure. According to the addresses of the first function, the addresses of multiple functions stored in the first data structure are traversed to determine whether the addresses of the multiple functions include the address of the first function.
  • the address of the function indicates the starting address of the function in the storage space.
  • the pointer of the second callback function and the addresses of multiple functions can be stored in the first data structure. These functions are functions in the kernel that need to be repaired or replaced, and the patch functions of these functions have been registered to replace these functions.
  • the second callback function is used to instruct to find the address of the patch function of the first function according to the address of the first function. Since the pointer of the second callback function required by the function jump is unchanged, the embodiment of the present application may use one data structure to store the addresses of multiple functions.
  • the address of the first function is known to the system.
  • the purpose of determining whether the address of the first function has been stored in the first data structure is to determine whether a patch function for replacing the first function is registered, in other words, to determine whether the first function has a corresponding hot patch function.
  • the replacement of the function can be understood as the repair of the function.
  • the replacement process can be understood as the jump from the function to the patch function of the function.
  • the method further includes: when registering the patch function of the first function, adding the address of the first function to the first data structure.
  • adding the address of the first function to the first data structure.
  • the first data structure is a first hash table.
  • the method further includes determining the first hash table through a structure storing the address of the first hash table; a pointer to the structure storing the address of the first hash table is included in the first structure.
  • the data structure of the first structure is shown in Figure 10, and the main data parameters are as follows:
  • the pointer of the second callback function if the pointer of the second callback function is stored in the first structure, the second callback function is used to instruct to find the patch function corresponding to the called function according to the address of the called function.
  • *func_hash A pointer to at least one structure, and one pointer points to one structure.
  • the main parameters of the structure pointed to by the pointer include:
  • the address of the hash table (*buckets): used to record the address of the hash table in the storage space; the hash table is used to store the addresses of multiple functions, and the multiple functions described here are registered with corresponding patches The old functions of the function, when these functions are called, need to jump to the corresponding patch function for execution.
  • the addresses of N functions are stored: ip(1) to ip(N), and ip(1) to ip(N) respectively represent the address of function 1 to the address of function N.
  • rcu flag is a set of Linux kernel APIs, which implements a synchronization mechanism that allows multiple readers and writers to operate concurrently without any locks. This synchronization mechanism can be used to protect access Pointer to access data.
  • the rcu mark is used to mark whether the first hash table has a read operation.
  • the first hash table is determined by the structure storing the address of the first hash table; the pointer to the structure storing the address of the first hash table is included in the first structure; The address of the function, to confirm whether the address of the first function has been stored in the first hash table, where the address of the first hash table is stored in the first structure, and the first hash table stores the addresses of multiple functions.
  • a hash table is a structure that stores data in key-values (key-indexed). Enter the value to be searched, namely the key, to find its corresponding value. According to the hash value of the address of the first function, it can be quickly confirmed whether the address of the first function has been stored in the first hash table.
  • the addresses of the multiple functions are the same as the addresses of the first function, it is determined that the addresses of the multiple functions stored in the first data structure include the address of the first function.
  • the first function is an old function that has been registered with a corresponding new function.
  • the second callback function is called according to the pointer of the second callback function stored in the first structure, that is, step S503 is executed.
  • the second callback function is used to instruct to find a new function corresponding to the called function.
  • the addresses of the multiple functions stored in the first data structure do not include the address of the first function, there is no patch function to replace the first function, and the function defined by the function body of the first function can continue to be executed.
  • the *func_hash in the first structure includes two pointers, and each pointer points to the structure storing the address of the hash table.
  • the hash table filter_hash is used to record the addresses of functions tracked by ftrace
  • the hash table notrace_hash is used to record the addresses of functions that are not tracked by ftrace. If the address of the first function is stored in the hash table notrace_hash, it means that the first function is not tracked by ftrace, and the function defined by the function body of the first function continues to be executed.
  • the method further includes: when registering the patch function of the first function, adding the address of the first function to the first data structure. Specifically, the address of the first function can be increased to In the first hash table in the first structure, the first hash table is used to store addresses of multiple functions that need to be repaired by patch functions.
  • Step S503 Find the address of the patch function corresponding to the first function according to the address of the first function
  • the address of the first function find the address of the patch function of the first function from the second data structure, where the patch function of the first function is registered to replace the first function, and the second data structure stores the addresses of multiple functions Correspondence with patch functions of multiple functions, the address of each function in the multiple functions corresponds to the patch function of the function.
  • each of the multiple functions corresponds to a second structure, and the second structure of each function stores the address of the patch function of the function. Since an old function can be repaired multiple times, the addresses of new functions that repair the same old function can all be stored in the function stack. As shown in Figure 11A, the address of each old function and the function stack of the function are stored in the second structure, where the function stack of the old function stores the address of one or more patch functions, the fourth, fifth and The address of the sixth function is a patch function used to repair the old function, and the address of the fourth function is at the top of the function stack.
  • the function stack of the first function is found, and the top address in the function stack corresponding to the first function is extracted, and the address is the address of the patch function corresponding to the first function.
  • the second hash table is used to store the correspondence between the addresses of the multiple functions and the second structures of the multiple functions. As shown in FIG. 11B, the second hash table may store the correspondence between the hash value of the address of each function from the first function to the Nth function and the second structure of the function. According to the address of the first function, the second structure corresponding to the address of the first function is searched from the second hash table, and the address of the patch function of the first function is obtained from the found second structure.
  • the method further includes: when the instruction to modify the second hash table is received, after the reading operation on the second hash table is completed, modifying the third hash table.
  • Step S504 Jump from the first function to the patch function execution of the first function according to the address of the patch function of the first function, in response to the call instruction;
  • the method when the rollback instruction is received, the method further includes:
  • Step S505 In response to the rollback instruction for the first function, look up and delete the address of the patch function of the first function according to the address of the first function and the second hash table.
  • the rollback instruction is used to instruct to cancel the replacement of the first function by the patch function of the first function.
  • the second structure of the first function is searched from the second hash table, and the address at the top of the function stack stored in the second structure is deleted.
  • Rollback means to restore the function after repair to the function before repair.
  • Rolling back the first function means restoring the first function to the function before repair. Find the function stack of the first function according to the address of the first function, and delete the address at the top of the function stack from the function stack. By managing multiple second structures through the hash table, the time consumed by the hot patch function can be saved.
  • the function stack is empty and there is no remaining function address, the function stack is deleted, and the second structure corresponding to the first function is deleted.
  • the address currently at the top of the function stack is replaced with the address stored in the register of the first function.
  • the embodiment of the present application provides a method for implementing function jump.
  • the method is executed at the stage of registering a hot patch module (407 shown in FIG. 8). As shown in FIG. 12, the method includes the following steps:
  • Step S601 receiving and analyzing the hot patch module
  • the hot patch module When the function of the kernel needs to be repaired, the hot patch module is sent to the computer system, and the computer system receives and analyzes the information of the hot patch module.
  • the hot patch module can include the address of one or more old functions and the new function corresponding to each old function. Address, the old function is the function that needs to be repaired, and the new function is the function used to repair the old function. Among them, the address of the function indicates the position of the function in the address space.
  • Step S602 Determine whether the second structure of the old function has been registered
  • the second structure is used to store the address of the old function and the patch function of the old function.
  • the data structure is shown in Figure 11A.
  • a function may be repaired multiple times, and the function stack storing the function in the second structure stores the address of one or more functions used to repair the function.
  • step S607 is subsequently executed.
  • step S603 is executed;
  • Step S603 Register the second structure of the old function
  • a second structure is registered for the old function in the system.
  • the data structure of the second structure is shown in FIG. 11A, including the address of the old function and a function stack for storing the addresses of one or more patch functions of the old function.
  • multiple second structures can be managed in the second hash table, that is, correspondences between addresses of multiple old functions and second structures of multiple old functions are stored.
  • Step S604 Determine whether the first structure has been registered
  • the first structure can be used to store the pointer of the second callback function and the addresses of multiple old functions.
  • the second callback function is used to instruct to find the address of the new function used to repair the function according to the address of the called function.
  • the data structure of the first structure is shown in FIG. 10, and the data structure of the first structure can refer to the corresponding description in step S502, which will not be repeated here.
  • step S605 if the first structure is not registered, perform step S605;
  • step S606 if the first structure is already registered, perform step S606;
  • Step S605 Register the first structure
  • Part of the address space is divided to store data in the first structure, and the first structure stores the pointer of the second callback function and the addresses of multiple old functions. Find the function header of the old function according to the address of the old function, replace the few bytes of the function header entry with the pointer of the first callback function, the first callback function is used to instruct to find the called function address in the first structure and Obtain the pointer of the second callback function.
  • the first hash table in the first structure is used to store addresses of multiple old functions.
  • Step S606 Add the address of the old function to the first hash table
  • Step S607 Push the address of the new function onto the top of the function stack
  • the prior art will register a structure for each old function to store the address of the old function and a pointer to the callback function for finding the address of the new function, and the structures of multiple old functions are stored in In a singly linked list.
  • the embodiment of the application adds the address of the old function to the first hash table, which greatly shortens the length of the singly linked list compared with the prior art, so that the time complexity of the step of querying the address of the old function is reduced by O(N) Reduce to O(1), shorten the query time.
  • the use of a hash table to store the correspondence between the address of the old function and the function stack can reduce the time taken to query the address of the new function.
  • the embodiment of the present application provides a method for implementing function jump. As shown in FIG. 13, the method may include the following steps:
  • Step S701 Receive a call instruction to the first function; the call instruction may include the address of the first function;
  • Step S702 Jump to the ftrace module according to the pointer of the callback function of the ftrace module in the function header of the first function, and send the address of the first function to the ftrace module in the form of parameters.
  • Step S703 The ftrace module judges whether the first hash table has stored the address of the first function
  • the ftrace module finds the structure storing the address of the first hash table according to the pointer in the first structure. According to the address of the first function, the ftrace module traverses the addresses of multiple functions stored in the first hash table;
  • step S704 is executed.
  • the first hash table stores the addresses of multiple functions that need to be repaired, such as the addresses of function 1-function N, where N is a positive integer greater than 1.
  • N is a positive integer greater than 1.
  • the ftrace module may calculate the hash value of the address of the first function, and traverse the first hash table to confirm whether the first hash table has stored the hash value of the address of the first function.
  • the ftrace module calls the address of the first function recorded in the register of the first function to execute the first function.
  • Step S704 The ftrace module jumps to the livepatch module according to the pointer of the callback function of the livepatch module stored in the first structure, and sends the address of the first function to the livepatch module; the pointer of the callback function of the livepatch module points to the livepatch module Execution logic.
  • Step S705 the management unit in the livepatch module searches for the address of the patch function of the first function according to the address of the first function;
  • the management unit searches the second hash table for the address of the patch function of the first function according to the address of the first function.
  • the management unit searches for the second structure of the first function from the multiple second structures according to the address of the first function, and obtains the patch function of the first function from the top of the function stack stored in the second structure of the first function. address.
  • the third hash table stores the correspondence between the address of each function in the multiple functions and the second structure of the function.
  • the second hash table stores the correspondence between the address of function 1-N and the second structure of function 1-N
  • the management unit finds the first function from the second hash table according to the address of the first function
  • the second structure of is the second structure of function n
  • the management unit obtains the address of the top of the function stack n in the second structure of function n, that is, the address of the patch function of the first function.
  • Step S706 the livepatch module replaces the address of the first function stored in the register of the first function with the address of the patch function of the first function;
  • the register originally stored the address of the first function, or stored the address of the function used to repair the first function during the last repair.
  • the livepatch module replaces the address of the function stored in the register of the first function with the address of the patch function .
  • Step S707 in response to the call instruction, execute the patch function
  • the functions of the ftrace module and the livepatch module are clarified: the function of the ftrace module is to find the pointer of the callback function of the livepatch module corresponding to the old function.
  • the ftrace module stores the address of multiple old functions in a structure Query the address of the currently called old function and make sure that the structure stores the address of the currently called old function, and obtain the pointer of the callback function of the livepatch module.
  • the query complexity is O(1); the role of the livepatch module is to find The address of the new function and replace the value in the register to realize the jump of the function.
  • the livepatch module uses a more efficient query data structure (such as a hash table or red-black tree, etc.) to achieve fast query; taking a hash table as an example, the query time complexity is O(1).
  • the main influencing factor that affects the performance of the hot patch function is the function jump time required from the entry of the old function to the new function.
  • the method further includes: when the livepatch module receives the rollback instruction for the first function, the livepatch module searches for the first function from the multiple second structures according to the address of the first function. The second structure, delete the address at the top of the function stack. If after deleting the top address, there is the address of the remaining function in the function stack, the livepatch module replaces the address stored in the register of the first function with the address at the top of the function stack in the remaining address.
  • step S701 the following steps may be further included:
  • Step S708 the livepatch module receives and parses the hot patch module
  • the livepatch module receives and parses the information of the hot patch module.
  • the hot patch module can include the address of one or more old functions and the address of the new function corresponding to each old function.
  • the old function is the function that needs to be repaired.
  • the new function is the function used to repair the old function.
  • the address of the function indicates the position of the function in the address space.
  • Step S709 The livepatch module judges whether the second structure of the old function has been registered
  • the livepatch module determines whether any one of the one or more old functions in the hot patch module has been registered with a second structure.
  • the second structure is used to store the address of the old function and the function stack of the old function.
  • the second structure The data structure is shown in Figure 11B.
  • a function may be repaired multiple times, and the function stack of the function stores the address of one or more functions used to repair the function.
  • step S714 is executed subsequently.
  • step S710 if the old function is not registered with the corresponding function stack, perform step S710;
  • Step S710 the livepatch module registers the second structure of the old function
  • the newly added management unit in the livepatch module is the old function registration second structure.
  • the data structure of the second structure is shown in Figure 11A, including the address of the old function and the function for storing the address of the new function corresponding to the old function.
  • Stack The new management unit in the livepatch module applies for the address space for storing the second structure, and stores the address of the old function and the address of the new function corresponding to the old function into the second structure.
  • the management unit adds the second structure and the address of the function to which the second structure belongs to the second hash table.
  • the management unit adds the address of the old function and the second structure of the old function. Added to the second hash table.
  • the livepatch module calls the rcu interface, and when the rcu module in the kernel determines that the second hash table is being read, it locks the second hash table so that the second hash table is not modified when it is read .
  • the livepatch module adds or deletes a function in the second hash table
  • it calls the rcu interface in the kernel and uses the rcu module to manage the linked list.
  • the rcu module determines whether the second hash table has a read operation. For the read operation of the second hash table, wait for the completion of the read operation before performing the modification operation on the second hash table.
  • Step S711 Determine whether the livepatch module has registered the first structure in the ftrace module
  • the first structure is used to store the pointer of the second callback function and the addresses of multiple old functions
  • the second callback function is used to instruct to find the address of the new function for repairing the function according to the address of the called function.
  • the data structure of the first structure is shown in FIG. 10.
  • step S712 if the first structure is not registered, perform step S712;
  • step S713 if the first structure is already registered, perform step S713;
  • Step S712 the livepatch module registers the first structure in the ftrace module
  • the livepatch module applies for a part of the address space for storing the data in the first structure, and sends the address of the first structure to ftrace; and calls the interface of the ftrace module to register the first structure in the ftrace module so that the ftrace module can
  • the received address of the first structure reads the data stored in the first structure.
  • the first structure is used to store the pointer of the callback function and the address of the function.
  • the livepatch module records the pointer of the callback function of the livepatch module and the address of the old function in the first structure.
  • the callback function of the livepatch module is used to instruct the livepatch module to follow the old function Find the address of the new function.
  • the livepatch module sends the address of the old function to the ftrace module.
  • the ftrace module finds the function header of the old function according to the address of the old function, and replaces the few bytes of the function header entry with the ftrace module
  • the callback function pointer of the ftrace module is used to instruct to find the called function address in the first structure and obtain the pointer of the second callback function.
  • the first hash table in the first structure is used to store addresses of multiple old functions.
  • Step S713 The ftrace module adds the address of the old function to the first hash table
  • the livepatch module sends the old function address to the ftrace module.
  • the ftrace module obtains the address of the first hash table from the structure pointed to by the pointer in the first structure, and adds the address of the old function to the first hash table.
  • Step S714 the livepatch module pushes the address of the new function onto the top of the function stack
  • the livepatch module stores the address of the new function at the beginning of the address space of the function stack.
  • the livepatch module and the ftrace module in the foregoing embodiment may be the livepatch module and the ftrace module described in FIG. 8.
  • the embodiment of the present application provides an apparatus 800 for implementing function jump.
  • the apparatus includes a receiving unit 801 and a processing unit 802.
  • the receiving unit 801 is used to perform step S501 or S701; the processing unit is used to perform one or more of steps S502-S504 or steps S601-S607 or steps S702-S707 or steps S708-S714.
  • An embodiment of the present application provides a computer system, the computer system includes a memory and a processor, wherein the memory is used to store a computer program, and the processor is used to execute the computer program to implement the method for implementing function jump provided by any of the embodiments of the present application .
  • the embodiment of the present application provides a computer-readable storage medium in which a computer program is stored, and when the computer program is called by a processor, the method for implementing function jump provided by any of the embodiments of the present application is executed.
  • the embodiments of the present application provide a computer program product, the computer program product includes a computer program, and when the computer program is called by a processor, the method for implementing function jump provided by any one of the embodiments of the present application is executed.
  • the embodiments of the present application can be provided as methods, systems, or computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
  • a computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Stored Programmes (AREA)

Abstract

一种实现函数跳转的方法、装置和计算机可读存储介质,该方法包括:当第一函数被调用时,在存储有多个函数的地址的第一数据结构中查找第一函数的地址;若查找到第一函数的地址,说明存在用于替换第一函数的补丁函数;根据第一函数的地址在第二数据结构中查找第一函数的补丁函数的地址,第二数据结构中存储有多个函数与多个函数的补丁函数的对应关系;根据第一函数的补丁函数的地址,从第一函数跳转到第一函数的补丁函数,执行第一函数的补丁函数以响应对第一函数的调用。该方法通过一个结构体存储多个旧函数的地址,缩短了热补丁机制中函数跳转阶段所消耗的时间。

Description

实现函数跳转的方法、装置及计算机存储介质
本申请要求于2019年05月30日提交中国国家知识产权局、申请号为201910465987.7、申请名称为“实现函数跳转的方法、装置及计算机存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请涉及计算机领域,并且更具体的涉及热补丁的实现方法。
背景技术
热补丁(hotfix)指能够修复软件漏洞的一些代码,是一种快速、低成本修复产品软件版本缺陷的方式。热补丁的主要优势是在不重启设备的情况下,修复设备当前软件版本的缺陷。
目前的热补丁方案主要是基于函数跳转的,即从“被替换函数(以下称为热补丁旧函数)”跳转到新函数执行。以Linux内核为例,其通过函数跟踪器(function tracer,ftrace)和livepatch组件来实现热补丁机制。在livepatch的初始化阶段,livepatch会为每一个热补丁旧函数注册一个结构体fops,用于保存热补丁旧函数的地址、新函数的函数堆栈、livepatch的回调函数等信息。所有的热补丁旧函数用一个单链表管理。在函数跳转阶段,当旧函数被调用时,ftrace通过遍历单链表查找旧函数的地址对应的结构体,获得该结构体中存储的livepatch回调函数的指针和该结构体的地址,livepatch根据该结构体的地址查找旧函数对应的新函数的地址,执行新函数的功能,完成旧函数到新函数的跳转,从而实现对旧函数的修复。从livepatch的函数跳转的流程中可以发现,livepatch为每一个热补丁旧函数都注册一个结构体,并使用单链表管理所有热补丁旧函数的结构体,这样导致单链表会随着热补丁函数的增加而增长,而ftrace必须通过遍历单链表来查找函数对应的回调函数,链表越长意味着遍历时间越长,函数跳转时间越长,从而带来较大的性能开销。
发明内容
本申请提供了一种实现函数跳转的方法,缩短了单链表的长度,减少了函数跳转所消耗的时间。
第一方面,本申请提供了一种实现函数跳转的方法,该方法包括:
接收对第一函数的调用指令,其中调用指令中可包括第一函数的地址;确认第一数据结构中已存储第一函数的地址,其中第一数据结构存储有多个函数的地址,多个函数中任一个函数被配置了用于替换该函数的补丁函数,替换的含义为补丁函数代替旧函数响应于对旧函数的调用;确定第一数据结构中已存储第一函数的地址,就是确认多个函数的地址中包括了第一函数的地址,第一数据结构中存储有第一函数的地址说明第一函数是需要被补丁函数替换的旧函数,则需要查找补丁函数的地址以执行函数的跳转。根据第一函数的地址,从第二数据结构中查找第一函数的补丁函数的地址, 其中第一函数的补丁函数被注册为用于替换第一函数,第二数据结构存储有多个函数的地址与多个函数的补丁函数之间的对应关系,多个函数中任一个函数的补丁函数被注册用于替换该函数。根据第一函数的补丁函数的地址,从第一函数跳转到第一函数的补丁函数执行,执行第一函数的补丁函数以响应调用指令。其中,数据结构(data structure)是计算机中存储、组织数据的方式。
在一种实现方式中,第一数据结构为一个第一哈希表,该第一哈希表中存储有多个函数的地址。哈希表(hash table)是根据键(Key)直接访问在内存存储位置的数据结构。也就是说,它通过计算一个关于键值的函数,将所需查询的数据映射到表中一个位置来访问记录。第一哈希表可表示多个函数中每个函数的地址的哈希值与该函数的地址的对应关系。
在一种实现方式中,该方法还包括:通过存储第一哈希表的地址的结构体确定第一哈希表;指向存储第一哈希表的地址的结构体的指针被包含在第一结构体中。第一结构体中包括一个指针,该指针指向存储第一哈希表的地址的结构体。结构体(struct)一种数据结构,是一类复合数据类型(aggregate data type)。结构体可以被声明为变量、指针或数组等,用以实现较复杂的数据结构。结构体同时也是一些元素的集合,这些元素称为结构体的成员(member)。
相比于现有技术注册多个结构体且每个结构体只存储一个旧函数的地址,本申请通过第一数据结构存储多个旧函数的地址,缩短了单链表的长度,因此缩短了查找第一函数的地址的所消耗的时间,进而节省了函数跳转所需的时间,提高了系统的性能。
在一种实现方式中,多个函数中每个函数对应一个第二结构体,每个函数的第二结构体存储有该函数的补丁函数的地址,第二哈希表用于存储多个函数的地址与多个函数的第二结构体之间的对应关系,根据第一函数的地址,从第二数据结构中查找第一函数的补丁函数的地址,包括:根据第一函数的地址,从第二哈希表中查找第一函数的地址对应的第二结构体;从查找到的第一函数的地址对应的第二结构体中获得第一函数的补丁函数的地址。通过第二哈希表管理旧函数的地址与旧函数的第二结构体的对应关系,使得在根据旧函数的地址查找新函数的地址这一阶段,能够节省查找所消耗的时间。具体的,可根据第一函数的地址的哈希值从第二哈希表中快速查找到第一函数的第二结构体,进而获得第一函数的补丁函数的地址。
在一种实现方式中,将第一函数的地址添加至第一数据结构中。可选的,可添加至第一哈希表中。当系统解析补丁包后,会根据补丁包中的补丁函数的地址和旧函数的地址,为旧函数注册补丁函数,建立旧函数至补丁函数的跳转。现有技术为每一个旧函数注册一个结构体,将旧函数的地址存储进该结构体中,而本申请将旧函数的地址添加至一个数据结构中,可选的,将旧函数的地址添加至第一哈希表中,缩短了单链表的长度。
在一种实现方式中,该方法还包括:响应于对第一函数的回退指令,根据第一函数的地址和第二哈希表,查找并删除第一函数的第二结构体中第一函数的补丁函数的地址,其中回退指令用于指示撤销第一函数的补丁函数对第一函数的替换,即回退到使用补丁函数对第一函数替换之前的状态。例如函数2、3和4为修复函数1中依次使用的补丁函数,函数4为最近一次对函数1修复时使用的补丁函数。当接收到函数1 的回退指令时,根据函数1的地址从第二哈希表中查找并删除函数4的地址,回退到使用函数4对函数1替换之前的状态,该状态为使用函数3替换函数1。在对第一函数进行回退时,使用第二哈希表管理多个函数的地址和多个函数的第二结构体,可以缩短查找第一函数的补丁函数所消耗的时间。
在其他实现方式中,该方法还包括:若在对第二哈希表执行读操作时接收到第一函数的回退指令,则在执行完对第二哈希表的读操作之后执行以下步骤:根据第一函数的地址从第二哈希表中查找并删除第一函数的补丁函数的地址,所述回退指令用于指示撤销第一函数的补丁函数对第一函数的替换。可对哈希表设置锁机制,当一个线程或进程读取哈希表时,禁止其他线程会进程对哈希表进行修改。
在其他实现方式中,存储第一函数的地址与第一函数的补丁函数的地址的对应关系采用的数据结构是可以自定义的,不同的数据结构各优缺点,目前需要通过修改代码重新编译内核来实现数据结构的切换,这样切换十分麻烦,且存在修改风险。本申请可存储多套数据结构,然后通过相关内核编译参数来快速实现切换,而不需要每次修改代码,如此可以根据场景来决定采用何种数据结构,也省去了开发所需的成本。
第二方面,本申请提供了一种实现函数跳转的装置,该装置包括:接收单元和处理单元,其中:
接收单元用于接收对第一函数的调用指令,其中调用指令中包括第一函数的地址;
处理单元用于:确认第一数据结构中已存储第一函数的地址,其中第一数据结构存储有多个函数的地址;根据第一函数的地址,从第二数据结构中查找第一函数的补丁函数的地址,其中第一函数的补丁函数被注册用于替换第一函数,第二数据结构存储有多个函数的地址与多个函数的补丁函数之间的对应关系;根据第一函数的补丁函数的地址,从第一函数跳转到第一函数的补丁函数执行,以响应该调用指令。
在其他实现方式中,第一数据结构为一个第一哈希表。
在其他实现方式中,处理单元还用于:通过存储第一哈希表的地址的结构体确定第一哈希表;指向存储第一哈希表的地址的结构体的指针被包含在第一结构体中。
在其他实现方式中,处理单元具体用于:多个函数中每个函数对应一个第二结构体,每个函数的第二结构体存储有所述函数的补丁函数的地址,第二哈希表用于存储所述多个函数的地址与所述多个函数的第二结构体之间的对应关系,根据第一函数的地址,从第二哈希表中查找第一函数的地址对应的第二结构体,其中,第二哈希表用于存储多个函数的地址与多个函数的第二结构体的之间的对应关系,第二数据结构包括多个第二结构体,多个第二结构体中的每个第二结构体存储有多个函数中的一个函数的地址与函数的补丁函数之间的对应关系;从查找到的第一函数的地址对应的第二结构体中获得第一函数的补丁函数的地址。
在其他实现方式中,处理单元还用于:将第一函数的地址添加至第一数据结构中。
在其他实现方式中,处理单元还用于:响应于对第一函数的回退指令时,根据第一函数的地址和第二哈希表,查找并删除第一函数的第二结构体中第一函数的补丁函数的地址,其中回退指令用于指示撤销第一函数的补丁函数对第一函数的替换。
在其他实现方式中,处理单元还用于:若在对第二哈希表执行读操作时接收到对第一函数的回退指令,则在执行完对第二哈希表的读操作之后执行以下步骤:根据第 一函数的地址和第二哈希表,查找并删除第一函数的补丁函数的地址,其中回退指令用于指示撤销所述第一函数的补丁函数对第一函数的替换。
第三方面,本申请提供了一种计算机系统,该系统包括处理器和存储器,存储器用于存储计算机程序,处理器用于执行所述计算机程序实现如上述第一方面及任一种实现方式所描述的方法。
第四方面,本申请提供了一种计算机可读存储介质,计算机可读存储介质中存储计算机程序,计算机程序被处理器调用时实现如上述第一方面及任一种实现方式所描述的方法。
第五方面,本申请提供了一种计算机程序产品,计算机程序产品包括计算机程序,计算机程序被处理器调用时实现如上述第一方面及任一种实现方式所描述的方法。
第六方面,本申请提供了一种数据结构,该数据结构包括回调函数的指针和指针,该指针指向存储有第一哈希表的地址的结构体,该第一哈希表存储有多个函数的地址。该回调函数的指针指向回调函数,该回调函数用于执行:根据函数的地址查找该函数的补丁函数的地址,并根据函数的补丁函数的地址,从函数跳转至函数的补丁函数执行。
附图说明
图1为本申请实施例提供的节点的结构示意图;
图2为本申请实施例提供的节点的结构示意图;
图3为本申请实施例提供的节点的结构示意图;
图4为本申请实施例提供的函数调用的示意图;
图5为本申请实施例提供的实现函数跳转的原理图;
图6为本申请实施例提供的实现函数跳转的的原理图;
图7为本申请实施例提供的现有技术的函数跳转时间与被修复的函数个数的折线图;
图8为本申请实施例提供的内核中实现函数跳转的的原理图;
图9为本申请实施例提供的实现函数跳转的流程图;
图10为本申请实施例提供的第一结构体的数据结构示意图;
图11A为本申请实施例提供的第二结构体的数据结构示意图;
图11B为本申请实施例提供的第二哈希表的示意图;
图12为本申请实施例提供的实现函数跳转的流程图;
图13为本申请实施例提供的实现函数跳转的流程图;
图14A为本申请实施例提供的实现函数跳转方法与现有技术的函数跳转时间与函数个数的折线图的对比图;
图14B为本申请实施例提供的实现函数跳转方法函数跳转时间缩小比例的示意图;
图15为本申请实施例提供的实现函数跳转的流程图;
图16为本申请实施例提供的实现函数跳转的装置结构图。
具体实施方式
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行详细描述,显然,所描述的实施例是本申请的一部分实施例,而不是全部实施例。
本申请实施例中所涉及的多个,是指两个或两个以上。另外,需要理解的是,在本申请的描述中,“第一”、“第二”等词汇,仅用于区分描述的目的,而不能理解为指示或暗示相对重要性,也不能理解为指示或暗示顺序。
图1为节点100的结构示意图。节点100可包括应用层、操作系统102和硬件层103,应用层包括一个或多个应用程序101,操作系统102包括内核104,硬件层103包括处理器106、存储器105和通信接口107,操作系统102是用于管理硬件与软件资源的系统软件。
处理器106是节点100的控制中心,利用各种接口和总线连接节点100的各个部件。在一些实施例中,处理器106可包括一个或多个处理单元,或称为物理核,例如图1中处理器106包括核0和核1。处理器106还可以包括寄存器,寄存器可用于存储内核104的函数的地址。处理器106可以是中央处理单元(Central Processing Unit,CPU),该处理器106还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器106也可以是任何常规的处理器等。
存储器105中存储有计算机程序。处理器106被配置用于执行存储器105中的计算机程序,从而实现该计算机程序定义的功能。存储器105为非易失性存储介质,一般包括内存和外存。内存包括但不限于随机存取存储器(Random Access Memory,RAM),只读存储器(Read-Only Memory,ROM),或高速缓存(cache)等。外存包括但不限于闪存(flash memory)、硬盘、光盘、通用串行总线(universal serial bus,USB)盘等。计算机程序通常被存储在外存上,处理器在执行计算机程序前会将该程序从外存加载到内存。存储器105可以是独立的,通过总线与处理器106相连接;存储器105也可以和处理器106集成到一个芯片子系统。
通信接口107使用例如收发器一类的收发装置,来实现执行节点100与其他设备或通信网络之间的通信。
本申请实施例提供的方法可用于修复节点100的操作系统中的内核104。
在一种实现方式中,节点100可以为物理设备,例如服务器或终端设备。终端设备可以是具有无线连接功能的手持式设备、或连接到无线调制解调器的其他处理设备。例如,可以为移动电话、计算机、平板电脑、个人数码助理(personal digital assistant,PDA)、移动互联网设备(mobile Internet device,MID)、可穿戴设备和电子书阅读器(e-book reader)等;也可以是便携式、袖珍式、手持式、计算机内置的或者车载的移动设备。在这种实现方式下,节点100的结构示意图如图2所示,节点100包括存储器201、处理器202和通信接口203,存储器201、处理器202和通信接口203可分别为图1中存储器105、处理器106和通信接口107的部分或全部。图2中的存储器201、处理器202和通信接口203的实现方式可以参考图1中对应的描述。其中,存储 器201中存储有操作系统205和应用程序204,还可存储在运行过程中操作系统205和应用程序204产生的数据。
在另一种实现方式中,节点100可以为虚拟计算机,虚拟计算机为所有类型的虚拟化设备中软件虚拟出来的运行环境的统称,该概念包括虚拟机、容器。虚拟化作为云场景的核心技术,将硬件资源虚拟化后共享给多个用户使用,使用户能在安全隔离的前提下方便灵活地使用物理资源,并且能极大提升物理资源的利用率。在这种实现方式下,节点100的结构示意图如图3所示,该节点100包括硬件层312、宿主机层309和虚拟化层,虚拟化层包含虚拟机301和302。硬件层312包括处理器314、存储器313、通信接口315。在其他实施例中,虚拟机的个数还可以更多或更少。
虚拟机(virtual machine,VM):通过软件在一台物理计算机上模拟出的一台或者多台虚拟计算机。这些虚拟机运行在完全隔离的环境中,就像真正的计算机那样进行工作。虚拟机(图3中301和302)上可以安装客户操作系统(guest operating system,guest OS)(图3中305和306),客户操作系统上运行有一个或多个应用程序(图3中303和304)。虚拟机还可访问网络资源。对于在虚拟机中运行的应用而言,就像是在真正的计算机中工作。
虚拟计算机:所有类型的虚拟化设备中软件虚拟出来的运行环境的统称。该概念包括虚拟机、容器。
宿主机(host)层309:作为管理层,用以完成硬件资源的管理、分配;为虚拟机呈现虚拟硬件平台;实现虚拟机的调度和隔离等。在一些实现方式下,宿主机层309包括宿主机操作系统311和虚拟监控装置,例如虚拟机监视器310(virtual machine monitor,VMM)或hypervisor,其中虚拟监控装置310可部署在宿主机操作系统311之内,也可以部署在宿主机操作系统311之外。在另一些实现方式下,“宿主机层”还可以包括1个特权虚拟机(例如虚拟化架构Xen)。其中,虚拟硬件平台对其上运行的各个虚拟计算机提供各种硬件资源,如虚拟处理器、虚拟内存、虚拟磁盘、虚拟网卡等。虚拟计算机则运行在宿主机层为其准备的虚拟硬件平台上。本申请中有时将宿主机层简称为宿主机。
硬件层312:虚拟化环境运行的硬件平台。其中,硬件层可包括多种硬件,例如某物理计算机的硬件层可包括处理器314和存储器313,还可以包括通信接口315,例如网卡(network interface card,NIC),还可以包括中断控制器、、输入/输出(input/output I/O)设备等。其中处理器314中可包括多个物理核,例如核1和核0。图3中所示的处理器314、存储器313和通信接口315可以分别对应于图1中所述的处理器106、存储器105和通信接口107中的部分或全部。
虚拟处理器(如图3中307和308):在虚拟化技术下,以共享或者分片方式提供给虚拟计算机使用的物理处理单元的表示,例如虚拟CPU(virtual central processing unit,vCPU)。一台虚拟计算机可以有一个或多个虚拟处理器为其服务,当存在多个虚拟处理器时,通常有一个虚拟处理器为主虚拟处理器,其他为从虚拟处理器。
应理解,虚拟计算机相当于一台独立的计算机,所以虚拟计算机执行动作也可以认为是虚拟处理器执行该动作,而虚拟处理器是软件实现的,所以虚拟处理器执行动作实际上是虚拟处理器所运行的物理处理器或物理核执行该动作。在本发明的多个实 施例中,为遵循当下场景的技术表达习惯,会有选择地使用以上表述方式。
宿主机内部署有宿主机操作系统311和VMM 310,VMM 310在其他虚拟化架构中相当于hypervisor或其他类型的虚拟监控装置。VMM 310可以部署在宿主机操作系统311内部,也可以和宿主机操作系统311分开部署。VMM 310负责管理在其上运行的一台或多台虚拟机。宿主机操作系统311可以具体为Linux、iOS、Microsoft或者其它操作系统
虚拟机(VM)包括虚拟硬件层、客户操作系统以及多种应用。虚拟硬件层包含虚拟存储器(未在图中示出)、虚拟处理器等虚拟硬件。如图3所示,本实施例包含虚拟机301和302,每个虚拟机包含一个虚拟处理器。虚拟处理器是软硬件结合实现的,它的运行实际是物理核读取并运行软件程序实现的,例如一个物理核读取软件程序并在该物理核的硬件辅助虚拟化的特定模式(例如x86的non-Root模式)下运行该软件程序以实现一个虚拟处理器。
操作系统通常需要定期进行系统更新来修复旧版本中的缺陷或漏洞,当开发人员发现系统问题或者操作系统中的检测模块发现需要修复的安全漏洞时,可通过将修复函数制作成补丁模块加载进操作系统,这一过程可以被称为“打补丁”。操作系统的修复通常需要做到用户无感知,即修复过程中不需要重启设备。其中针对内核的修复是重要环节,内核是操作系统最基本的部分,可为众多应用程序提供对计算机硬件的安全访问。为了满足上述需求,通常使用热补丁机制进行内核修复。
热补丁的主要优势是在不重启计算机设备的情况下,用新函数替换旧函数,以修复计算机设备当前软件版本的缺陷或漏洞,当旧函数被调用时,由旧函数跳转至新函数,执行新函数。热补丁在无需重启操作系统的情况下实现对操作系统的漏洞的修复,减少系统宕机时间,增加系统的可用性。热补丁也适用于在开发过程中进行调试和测试,比如在软件模块或者内核的开发过程中,如果需要在某一个函数中添加信息,或者为函数中某一个变量赋予特定的值,可以通过热补丁的形式实现,而不需要重新编译内核、安装和重启这一系列的操作。
由于内核有对应的源码包,可根据源码包和符号表制作热补丁模块,其中热补丁模块可包含旧函数的地址和新函数的地址。当热补丁模块被注册进内核后,内核可从热补丁模块中提取信息,将旧函数的函数头中原有的空指令(nop)替换为跳转指令,当旧函数被调用时,不执行旧函数的功能而是跳转到新函数,执行新函数的功能。下面将以Linux操作系统为例详细介绍热补丁机制的原理,热补丁机制可分为两个阶段:一是初始化阶段,用于解析热补丁模块以及为旧函数注册对应的新函数;二是函数跳转阶段。
函数可包括函数头和函数体,在一个函数定义中,函数体之前的所有部分称为函数头,它给出了该函数的返回类型、每个参数的次序和类型等函数原型信息,函数体是编程语言中定义一个函数功能的所有代码组成的整体。
未注册对应的热补丁函数的函数1被调用的流程如图4所示。函数1被调用时,首先执行函数1的函数头中记录的流程,通常函数头中记录的是空指令,执行空操作后,执行函数体中定义函数功能的代码。
图1节点100的内核104可包括ftrace模块和livepatch模块,如图5所示,ftrace 模块和livepatch模块用于实现函数跳转。在介绍实现函数跳转的方法之前,首先介绍一些相关的概念:
mcount:在操作系统中存在一种机制,在内核编译时,在每个函数的函数头中保留数个字节,以用于跟踪该函数或者测试该函数的性能,在Linux操作系统中该机制被称为mcount。
ftrace是Linux进行代码级实践分析最有效的工具之一,ftrace是一个Linux内核中可用于跟踪函数调用的机制,可以在每个函数调用开始(prologue)前触发特定代码。ftrace可以用于记录在内核运行时执行的不同的函数调用的信息,能够帮助开发者和系统设计者获取当前内核的运行信息,以便分析内核事件、上下文、函数递进关系、内核函数调用关系或函数堆栈。ftrace还能分析内核特定的事件,例如函数调度或中断事件等,也能追踪内核函数,以及这些函数的调用栈,其中调用栈用于存储关于计算机程序的活动子例程的信息。ftrace也能追踪时延,例如中断被屏蔽的时间,抢占被禁止的时间,以及唤醒一个进程之后至开始执行之间的时间。
Kpatch是一种可实现为Linux内核动态打补丁且不必重启系统的一项技术,Kpatch由用户态工具Kpatch Tool与内核态机制livepatch组成。livepatch是热补丁实现过程中函数跳转阶段的核心组件。如图6所示,livepatch基于ftrace实现内核函数的替换,利用mcount机制,在内核编译时在每个函数入口保留数个字节,然后在打补丁时将旧函数入口保留的字节替换为跳转指令,查找到新函数的地址后,最终进入新函数的执行流程,实现函数级别的在线替换。livepatch是当前业界唯一能与ftrace完美兼容的热补丁机制,这也造就了livepatch在Linux中的统治地位。livepatch是linux操作系统提供的支持热补丁(hotfix)加载激活和回退删除的服务组件,能在不重启设备的情况下,可以根据热补丁模块对设备当前软件版本的缺陷进行修复,该服务还负责检查函数是否被线程调用、一致性保障等。
结构体(struct)指的是一种数据结构,是一种复合数据类型(aggregate data type)。结构体可以被声明为变量、指针或数组等,用以实现较复杂的数据结构。结构体同时也是一些元素的集合,这些元素称为结构体的成员(member),且这些成员可以为不同的类型,成员一般用名字访问。
旧函数和新函数是相对的,新函数为被注册或被配置为用于修复旧函数或者替换旧函数的函数,新函数还可以称为旧函数的补丁函数。旧函数的地址表示旧函数在存储空间中的起始地址,新函数的地址表示新函数在存储空间中的起始地址。
如图5所示,ftrace模块用于从存储多个结构体的单链表中查找旧函数的地址对应的结构体,提取结构体中存储的回调函数的指针,跳转至livepatch模块;livepatch模块根据查找到的结构体的地址获得旧函数对应的新函数堆栈,进而获得旧函数对应的新函数的地址。livepatch模块根据新函数的地址,实现旧函数到新函数的跳转。
当热补丁模块被发布到计算机系统中后,计算机系统注册用于替换函数1的新函数(补丁函数),图6中的函数1的函数头中保留的数个字节被替换为跳转指令,计算机系统不在如图1所述的继续执行函数1的函数体中定义函数功能的代码。此时函数1至函数2跳转的实现流程如图5和图6所示,其中函数1为旧函数,函数2为新函数。
步骤S1:当函数1被调用时,执行函数1的函数头中的跳转指令后跳转到ftrace模块;
函数1的函数头中的跳转指令为ftrace模块的回调函数的指针,ftrace模块的回调函数的指针用于指向ftrace模块的执行逻辑。
回调函数(callback)是一个通过指针调用的函数。如果把函数A的指针(地址)作为参数传递给函数B,当这个指针被用来调用其所指向的函数A时,就说函数A是回调函数。
步骤S2:ftrace模块根据函数1的地址遍历单链表,查找单链表中记录该函数1的地址的结构体并获取该结构体中记录的livepatch模块的回调函数的指针,跳转至livepatch模块;
链表(linked list)是一种数据结构,是一种线性表,在每一个节点里存到下一个节点的指针(pointer),这种结构使得在链表中查找一个节点或者访问特定编号的节点的时间复杂度为O(n)。单链表中记录了多个结构体,单链表中每个节点存储一个结构体,并存储至下一个结构体的指针。单链表中的多个结构体中的每个结构体对应一个旧函数。每个结构体中包含了该旧函数的地址以及回调函数的指针,其中该回调函数的指针可以为livepatch模块的回调函数的指针,也可以是其他回调函数的指针。也就是说,一个旧函数可以对应多个结构体,且多个结构体中记录的回调函数的指针属于不同的回调函数。ftrace模块根据旧函数的地址遍历单链表中的多个结构体,直至查找到记录有该旧函数的地址和livepatch模块的回调函数的指针的结构体,然后跳转至livepatch模块。如图3所示,单链表中存储了4个结构体fops1-4,其中每个结构体中存储一个旧函数的地址以及回调函数的地址。假设结构体fops4中存储的旧函数的地址为函数1的地址,存储的回调函数的指针为livepatch模块的回调函数的指针。ftrace模块根据函数1的地址遍历单链表后查找到结构体fops4中存储了旧函数A的地址,则从结构体fops4中获得livepatch模块的回调函数的指针,跳转至livepatch模块。
因为初始化阶段livepatch模块为旧函数注册该旧函数的结构体时,livepatch模块会将旧函数的地址以及为该结构体分配的存储空间的地址发送给ftrace模块,所以ftrace模块在查找到旧函数对应的结构体后,可以将查找到的结构体的地址发给livepatch模块。在上述例子中,ftrace模块还将结构体fops4的地址发给livepatch模块。
步骤S3:livepatch模块使用接收的结构体fops的地址直接获得存储有旧函数对应的函数堆栈的结构体ops,其中函数堆栈中存储了针对同一个旧函数的多个热补丁函数,由于一个旧函数可以被多次修复,因此一个旧函数的地址可对应多个新函数的地址;
步骤S4:livepatch模块从函数堆栈中提取新函数的地址,调用新函数,实现了函数替换;
该方案通过结构体fops建立了一对旧函数与新函数之间的对应关系来实现旧函数到新函数的跳转,ftrace模块查找livepatch回调函数的指针需要结构体fops,livepatch模块查找新函数的地址也需要结构体fops,导致“旧函数->fops->新函数”必须一一对应,每注册一个新函数必须新增一个结构体fops,这导致单链表增长,遍历时间增长。随着修复旧函数的数量增加,单链表中存储的结构体fops也在增加,单链表的遍历时 间也随之增加即函数跳转时间增加,导致巨大的性能开销。如图7所示,函数跳转所需的时间基本随着热补丁函数的增加而线性增长。如果内核中热点函数(即频繁调用的函数)存在对应的热补丁函数,在该热点函数被调用时会出现函数跳转时间远远超出热补丁函数的执行时间的情况。在该情况下,该热点函数的执行效率会被严重拖慢。同时每个函数跳转时都必须遍历整张单链表,这就意味着所有热补丁函数之间互相影响,最后导致整机性能下降。
为了解决函数跳转时间过长的问题,业内通用的做法是修改旧函数的函数头,使得函数头直接指向新函数头,采用“旧函数-新函数”这种方式避免上述的查询过程,降低函数跳转时间。然而这种方案与ftrace冲突,导致ftrace不可用。
本申请提出一种实现函数跳转的方法,对livepatch模块与ftrace模块进行一定程度解耦。该方法可应用在当前主流的各大Linux平台上,例如CentOS,Redhat或Ubuntu等。本申请提供的技术方案通过一个结构体存储多个旧函数的地址,在这个结构体中查找是否存储了被调用的函数的地址,若确定结构体中存储了被调用的函数的地址,根据被调用函数的地址查找被调用函数对应的函数堆栈,获得函数堆栈中存储的新函数的地址。
如图8所示,图1中的内核104可包括ftrace模块401、livepatch模块402和内核中的函数404。一个或多个应用程序406可通过接口205调用内核中的函数404。应用程序203还可通过接口205配置ftrace模块401。
ftrace模块401用于跟踪内核中的函数404的被调用情况。在本申请实施例中,第一数据结构408存储多个存在热补丁函数的旧函数的地址,相比现有技术中结构体的个数与旧函数的个数相同,本申请将结构体的数目固定为1,用一个单项代替了现有技术中包括多个结构体的单链表。当内核中的函数404被调用时,ftrace模块401用于根据该函数的地址在第一数据结构408中查找该函数的地址,若在第一数据结构408中查找到该函数的地址则提取第一数据结构408中存储的livepatch模块402的回调函数的指针并跳转至livepatch模块402。
livepatch模块402用于查找旧函数对应的新函数的地址。当接收到热补丁模块407时,livepatch模块402还用于注册旧函数及旧函数对应的函数堆栈,并将旧函数的地址注册进ftrace模块中的第一数据结构408。在本申请实施例中,livepatch模块402新增了管理单元403,管理单元403用于管理每个旧函数的地址及旧函数对应的函数堆栈。管理单元403可进行新增、删除或查询地址等操作;进一步的,管理单元403可使用可实现高效查询的数据结构(比如哈希表或者哈希树)对旧函数的地址与函数堆栈的对应关系进行管理。以此对livepatch模块与ftrace模块进行一定程度解耦,解决livepatch模块查询新函数的地址时对单链表中的结构体的依赖。
本申请实施例提供了一种实现函数跳转的方法,如图9所示,该方法包括以下步骤:
步骤S501:接收对第一函数的调用指令;
该调用指令中可包括第一函数的地址,其中第一函数的地址为第一函数在地址空间中的起始地址。
可选的,若第一函数的函数头入口的几个字节已经被替换为第一回调函数的指针, 该指针指向第一回调函数。第一函数被调用时,通过第一函数的函数头记录的第一回调函数的指针调用第一回调函数,即执行步骤S502。
可选的,若第一函数的函数头存储的空指令,则继续执行第一函数的函数体中定义的功能。
可选的,在步骤S501之前,该方法还包括:将第一函数的函数头中几个字节替换为第一回调函数的指针。
步骤S502:判断第一数据结构中是否已存储第一函数的地址;
第一数据结构中存储有多个函数的地址,根据第一函数的地址,遍历第一数据结构中存储的多个函数的地址,判断多个函数的地址中是否包括第一函数的地址,其中函数的地址表示函数在存储空间中的起始地址。第一数据结构中可存储有第二回调函数的指针以及多个函数的地址,其中这些函数为内核中需要被修复或者被替换的函数,这些函数的补丁函数已被注册用于替换这些函数。第二回调函数用于指示根据第一函数的地址查找第一函数的补丁函数的地址。由于函数跳转所需的第二回调函数的指针是不变的,因此本申请实施例可使用一个数据结构存储多个函数的地址。
当第一函数被调用时,第一函数的地址是系统已知的。判断第一数据结构中是否已存储第一函数的地址的目的是判断是否注册了用于替换第一函数的补丁函数,换句话说,判断第一函数是否有对应的热补丁函数。函数的替换可以理解为函数的修复,在热补丁的实现机制中,替换的过程可理解为函数到函数的补丁函数的跳转。
可选的,在步骤S502之前,该方法还包括:当注册第一函数的补丁函数时,将第一函数的地址添加至第一数据结构中。现有技术注册函数的补丁函数时,新增一个数据结构(结构体),在新增的结构体中存储该函数的地址,本方案将函数的地址添加至同一个数据结构中,缩短了单链表的长度。
可选的,第一数据结构为一个第一哈希表。
可选的,该方法还包括通过存储第一哈希表的地址的结构体确定第一哈希表;指向存储第一哈希表的地址的结构体的指针被包含在第一结构体中。
在一种实现方式中,第一结构体的数据结构如图10所示,其中主要的数据参数如下:
func:第二回调函数的指针;若第一结构体中存储的是第二回调函数的指针,第二回调函数用于指示根据被调用的函数的地址查找被调用的函数对应的补丁函数。
*func_hash:至少一个结构体的指针,一个指针指向一个结构体。
指针指向的结构体的主要参数包括:
哈希表的地址(*buckets):用于记录哈希表在存储空间中的地址;其中哈希表用于存储多个函数的地址,这里所描述的多个函数为被注册了对应的补丁函数的旧函数,当这些函数被调用时,需跳转至对应的补丁函数执行。如图7所示,存储N个函数的地址:ip(1)至ip(N),ip(1)至ip(N)分别代表函数1的地址至函数N的地址。
rcu标记位:RCU(Read,Copy,Update)是一组Linux内核API,实现了一种同步机制,允许多个读者与写者并发操作而不需要任何锁,这种同步机制可以用于保护通过指针进行访问的数据。rcu标记为用于标记第一哈希表是否有读操作。
可选的,通过存储有第一哈希表的地址的结构体确定第一哈希表;指向存储第一 哈希表的地址的结构体的指针被包含在第一结构体中;根据第一函数的地址,确认第一哈希表中是否已存储第一函数的地址,其中第一哈希表的地址存储在第一结构体中,第一哈希表中存储多个函数的地址。哈希表就是一种以键-值(key-indexed)存储数据的结构,输入待查找的值即键(key),即可查找到其对应的值。可根据第一函数的地址的哈希值,快速确认第一哈希表中是否已存储第一函数的地址。
可选的,若多个函数的地址中存在于第一函数的地址相同的地址,则确定第一数据结构中已存储的多个函数的地址中包括第一函数的地址。换句话说,存在替换第一函数的补丁函数,第一函数为已经被注册了对应的新函数的旧函数。根据第一结构体中存储的第二回调函数的指针调用第二回调函数,即执行步骤S503,第二回调函数用于指示查找被调用的函数对应的新函数。
可选的,若第一数据结构中存储的多个函数的地址中不包括第一函数的地址,则不存在替换第一函数的补丁函数,可继续执行第一函数的函数体定义的功能。
可选的,如图10所示,第一结构体中的*func_hash包括两个指针,每一个指针指向存储有哈希表的地址的结构体。哈希表filter_hash用于记录被ftrace跟踪的函数的地址,哈希表notrace_hash用于记录不用被ftrace跟踪的函数的地址。若哈希表notrace_hash中存储了第一函数的地址,则表示第一函数不被ftrace跟踪,则继续执行第一函数的函数体定义的功能。
可选的,在步骤S502之前,该方法还包括:当注册第一函数的补丁函数时,将第一函数的地址增加至第一数据结构中,具体的,可将第一函数的地址增加至第一结构体中的第一哈希表中,第一哈希表用于存储多个需要被补丁函数修复的函数的地址。
步骤S503:根据第一函数的地址,查找第一函数对应的补丁函数的地址;
根据第一函数的地址,从第二数据结构中查找第一函数的补丁函数的地址,其中第一函数的补丁函数被注册用于替换第一函数,第二数据结构存储有多个函数的地址与多个函数的补丁函数之间的对应关系,多个函数中每个函数的地址与该函数的补丁函数对应。
可选的,多个函数中每个函数对应一个第二结构体,每个函数的第二结构体存储有函数的补丁函数的地址。由于一个旧函数可以被多次修复,修复同一个旧函数的新函数的地址可都存储在函数堆栈中。如图11A所示,每个旧函数的地址及该函数的函数堆栈存储在第二结构体中,其中,旧函数的函数堆栈中存储了一个或多个补丁函数的地址,第四、第五和第六函数的地址均为用于修复旧函数的补丁函数,第四函数的地址位于函数堆栈的顶部。根据第一函数的地址,查找到第一函数的函数堆栈,提取第一函数对应的函数堆栈中顶部的地址,该地址为第一函数对应的补丁函数的地址。第二哈希表用于存储多个函数的地址与多个函数的第二结构体之间的对应关系。如图11B所示,第二哈希表可存储第一函数至第N函数中每个函数的地址的哈希值与函数的第二结构体之间的对应关系。根据第一函数的地址,从第二哈希表中查找第一函数的地址对应的第二结构体,从查找到的第二结构体中获得第一函数的补丁函数的地址。
可选的,该方法还包括:当接收到修改第二哈希表的指令时,等待对第二哈希表的读操作完成后,修改第三哈希表。
步骤S504:根据第一函数的补丁函数的地址,从第一函数跳转到第一函数的补丁 函数执行,以响应调用指令;
将第一函数的寄存器中存储第一函数的地址替换为第一函数的补丁函数的地址,为响应于调用指令需要根据寄存器中存储的地址执行函数调用,由于寄存器中的第一函数的地址被替换为第一函数的补丁函数的地址,因此响应于调用指令调用的是第一函数的补丁函数。
为了能查找被调用的第一函数的补丁函数的地址,现有技术中需要遍历存储多个结构的单链表,查找存储有第一函数的地址的结构体,并获得该结构体的地址。再根据结构体的地址找到第一函数的函数堆栈,从而获得补丁函数的地址。本申请实施例提供的方法在一个数据结构中查找第一函数的地址。再根据第一函数的地址找到第一函数的函数堆栈,从而获得补丁函数的地址。本申请实施例提供的方法,将时间复杂度由O(N)降低至O(1),能缩短函数跳转的时间。此外,使用哈希表存储旧函数的地址与旧函数的结构体的对应关系,可节省查找新函数的地址这一步骤所消耗的时间。
在其他实施例中,当接收到回退指令时,该方法还包括:
步骤S505:响应于对第一函数的回退指令时,根据第一函数的地址和第二哈希表,查找并删除第一函数的补丁函数的地址。回退指令用于指示撤销第一函数的补丁函数对第一函数的替换。
根据第一函数的地址,从第二哈希表中查找第一函数的第二结构体,删除第二结构体中存储的函数堆栈顶部的地址。
回退表示将修复后的函数恢复到修复前的函数。回退第一函数表示将第一函数恢复至修复前的函数。根据第一函数的地址查找第一函数的函数堆栈,从函数堆栈中删除位于函数堆栈的顶部的地址。通过哈希表管理多个第二结构体,可节省回退热补丁函数所消耗的时间。
可选的,若删除第一函数的函数堆栈顶部的地址后,函数堆栈为空堆栈,没有剩余的函数的地址,则删除该函数堆栈,删除第一函数对应的第二结构体。
可选的,若删除第一函数的函数堆栈顶部的地址后,函数堆栈中有剩余的函数的地址,则将当前位于函数堆栈的顶部的地址替换第一函数的寄存器中的存储的地址。
本申请实施例提供了一种实现函数跳转的方法,该方法在注册热补丁模块(如图8所示的407)阶段执行,如图12所示,该方法包括以下步骤:
步骤S601:接收并解析热补丁模块;
当需要修复内核的函数时,热补丁模块被发送至计算机系统,计算机系统接收并解析热补丁模块的信息,热补丁模块中可包括一个或多个旧函数的地址和每个旧函数对应的新函数的地址,旧函数为需要修复的函数,新函数为用于修复旧函数的函数。其中,函数的地址表示函数在地址空间中的位置。
步骤S602:判断是否已注册旧函数的第二结构体;
判断热补丁模块中的一个或多个旧函数中任一个旧函数是否已经被注册了第二结构体,第二结构体用于存储该旧函数的地址以及旧函数的补丁函数,第二结构体的数据结构如图11A所示。一个函数可能会被多次修复,第二结构体存储有函数的函数堆栈中存储用于修复该函数的一个或多个函数的地址。
可选的,若该旧函数已被注册对应的第四结构体,则说明该旧函数在本次函数修复之前被修复过,函数堆栈中存储了上一次修复该旧函数的函数。则后续执行步骤S607。
可选的,若该旧函数未被注册对应的函数堆栈,则执行步骤S603;
步骤S603:注册旧函数的第二结构体;
在系统中为旧函数注册第二结构体,该第二结构体的数据结构如图11A所示,包括旧函数的地址和用于存储旧函数的一个或多个补丁函数的地址的函数堆栈。
可选的,第二哈希表中可管理多个第二结构体,即存储多个旧函数的地址与多个旧函数的第二结构体之间的对应关系。
步骤S604:判断第一结构体是否已经注册;
第一结构体可用于存储第二回调函数的指针和多个旧函数的地址,第二回调函数用于指示根据被调用的函数的地址查找用于修复该函数的新函数的地址。第一结构体的数据结构如图10所示,第一结构体的数据结构可参考步骤S502中的对应描述,在此不再赘述。
可选的,若第一结构体未注册,则执行步骤S605;
可选的,若第一结构体已注册,则执行步骤S606;
步骤S605:注册第一结构体;
划分出一部分地址空间用于存储第一结构体中的数据,第一结构体中存储有第二回调函数的指针以及多个旧函数的地址。根据旧函数的地址找到旧函数的函数头,将函数头入口的几个字节替换为第一回调函数的指针,第一回调函数用于指示在第一结构体中查找被调用的函数地址并获得第二回调函数的指针。
可选的,第一结构体中的第一哈希表用于存储多个旧函数的地址。
步骤S606:将旧函数的地址添加至第一哈希表中;
步骤S607:将新函数的地址压入函数堆栈的顶部;
将新函数的地址存储在函数堆栈的地址空间的起始部分。
在热补丁模块注册阶段,现有技术会为每一个旧函数注册一个结构体用于存储旧函数的地址和用于指示查找新函数地址的回调函数的指针,并且多个旧函数的结构体存储在单链表里。本申请实施例将旧函数的地址添加至第一哈希表中,相比于现有技术大幅度缩短了单链表的长度,使得查询旧函数地址这一步骤的时间复杂度由O(N)降低至O(1),缩短了查询时间。进一步的,使用哈希表存储旧函数的地址与函数堆栈的对应关系,可降低查询新函数的地址所用的时间。
本申请实施例提供了一种实现函数跳转的方法,如图13所示,该方法可包括以下步骤:
步骤S701:接收对第一函数的调用指令;调用指令中可包括第一函数的地址;
步骤S702:根据第一函数的函数头中的ftrace模块的回调函数的指针,跳转至ftrace模块,并将第一函数的地址已入参的形式发送至ftrace模块。
在热补丁模块注册阶段,第一函数的函数头入口的几个字节已经被替换为ftrace模块的回调函数的指针,该指针指向ftrace模块的执行逻辑,即步骤S703。
步骤S703:ftrace模块判断第一哈希表是否已存储第一函数的地址;
ftrace模块根据第一结构体中的指针找到存储有第一哈希表的地址的结构体。根据第一函数的地址,ftrace模块遍历第一哈希表中已存储的多个函数的地址;
可选的,若ftrace模块根据第一函数的地址在第一哈希表中查找到第一函数的地址,即第一哈希表中已存储第一函数的地址,则执行步骤S704。第一哈希表中存储有多个需要被修复的函数的地址,例如函数1-函数N的地址,N为大于1的正整数。第一结构体的数据结构可参考步骤S502中对应的描述,在此不再赘述。ftrace模块可计算第一函数的地址的哈希值,遍历第一哈希表确认第一哈希表是否已存储第一函数的地址的哈希值。
可选的,若ftrace模块未在第一哈希表中查找到第一函数的地址,则ftrace模块调用第一函数的寄存器中记录的第一函数的地址,执行第一函数。
步骤S704:ftrace模块根据第一结构体中存储的livepatch模块的回调函数的指针,跳转至livepatch模块,并将第一函数的地址发送给livepatch模块;livepatch模块的回调函数的指针指向livepatch模块的执行逻辑。
步骤S705:livepatch模块中的管理单元根据第一函数的地址查找第一函数的补丁函数的地址;
管理单元根据第一函数的地址从第二哈希表中查找第一函数的补丁函数的地址。管理单元根据第一函数的地址从多个第二结构体中查找第一函数的第二结构体,从第一函数的第二结构体中存储的函数堆栈的顶部获取第一函数的补丁函数的地址。第三哈希表中存储有多个函数中每个函数的地址与该函数的第二结构体的对应关系。例如第二哈希表中存储有函数1-N的地址与函数1-N的第二结构体的对应关系,管理单元根据第一函数的地址,从第二哈希表中查找到第一函数的第二结构体为函数n的第二结构体,管理单元获得函数n的第二结构体中函数堆栈n的顶部的地址,即第一函数的补丁函数的地址。
步骤S706(图13中未示出):livepatch模块将第一函数的寄存器中存储的第一函数的地址替换为第一函数的补丁函数的地址;
寄存器中原先存储的是第一函数的地址,或者存储的是上次修复时用于修复第一函数的函数的地址,livepatch模块使用补丁函数的地址替换第一函数的寄存器中存储的函数的地址。
步骤S707:响应于调用指令,执行补丁函数;
在本申请提供的实施例中,明确了ftrace模块和livepatch模块的作用:ftrace模块的作用是查找旧函数对应的livepatch模块的回调函数的指针,ftrace模块在存储了多个旧函数的地址的结构体中查询当前被调用的旧函数的地址并确定该结构体存储有当前被调用的旧函数的地址,获得livepatch模块的回调函数的指针,查询复杂度为O(1);livepatch模块的作用是查找新函数的地址并替换寄存器中的值以实现函数的跳转。进一步的,livepatch模块以一种查询更高效的数据结构(比如哈希表或者红黑树等)来实现快速查询;以哈希表为例,其查询的时间复杂度是O(1)。
影响热补丁函数的性能主要影响因素是从旧函数入口到新函数所需的函数跳转时间。采用本申请实施例提供的实现函数跳转的方法后,在1000个热补丁函数的场景下,函数跳转时间缩短为原来的0.5%,且函数跳转时间不再随着热补丁函数数量线性增长, 如图14A和14B所示。
在其他实施例中,在步骤S707之后,还包括:livepatch模块当接收到对第一函数的回退指令时,livepatch模块根据第一函数的地址从多个第二结构体中查找第一函数的第二结构体,删除函数堆栈顶部的地址。若删除顶部的地址之后,函数堆栈中有剩余的函数的地址,livepatch模块将剩余的地址中位于函数堆栈顶部的地址替换第一函数的寄存器中存储的地址。
在其他实施例中,如图15所示,在步骤S701之前,还可以包括以下步骤:
步骤S708:livepatch模块接收并解析热补丁模块;
当需要修复内核的函数时,livepatch模块接收并解析热补丁模块的信息,热补丁模块中可包括一个或多个旧函数的地址和每个旧函数对应的新函数的地址,旧函数为需要修复的函数,新函数为用于修复旧函数的函数。其中,函数的地址表示函数在地址空间中的位置。
步骤S709:livepatch模块判断是否已经注册旧函数的第二结构体;
livepatch模块判断热补丁模块中的一个或多个旧函数中任一个旧函数是否已经被注册了第二结构体,第二结构体用于存储旧函数的地址以及旧函数的函数堆栈,第二结构体的数据结构如图11B所示。一个函数可能会被多次修复,函数的函数堆栈中存储用于修复该函数的一个或多个函数的地址。
可选的,若该旧函数已被注册对应的第二结构体,则说明该旧函数在本次函数修复之前被修复过,函数堆栈中存储了上一次修复该旧函数的函数。则后续执行步骤S714。
可选的,若该旧函数未被注册对应的函数堆栈,则执行步骤S710;
步骤S710:livepatch模块注册旧函数的第二结构体;
livepatch模块中新增的管理单元为旧函数注册第二结构体,该第二结构体的数据结构如图11A所示,包括旧函数的地址和用于存储旧函数对应的新函数的地址的函数堆栈。livepatch模块中新增的管理单元申请用于存储第二结构体的地址空间,将旧函数的地址及旧函数对应的新函数的地址存储进第二结构体中。
可选的,管理单元将第二结构体与该第二结构体所属的函数的地址增加至第二哈希表中,换句话说,管理单元将旧函数的地址以及旧函数的第二结构体增加至第二哈希表中。
可选的,livepatch模块调用rcu接口,当内核中的rcu模块判断第二哈希表正在被读取时,锁定该第二哈希表,使得第二哈希表在被读取时不被修改。例如当livepatch模块在第二哈希表中新增函数或删除函数时,调用内核中的rcu的接口,使用rcu模块管理链表,rcu模块判断第二哈希表是否有读操作,若存在对第二哈希表的读操作,则等待读操作完成再执行对第二哈希表的修改操作。
步骤S711:判断livepatch模块是否已经在ftrace模块中注册第一结构体;
第一结构体用于存储第二回调函数的指针和多个旧函数的地址,第二回调函数用于指示根据被调用的函数的地址查找用于修复该函数的新函数的地址。第一结构体的数据结构如图10所示,第一结构体的数据结构可参考步骤S502中的对应描述,在此 不再赘述。
可选的,若第一结构体未注册,则执行步骤S712;
可选的,若第一结构体已注册,则执行步骤S713;
步骤S712:livepatch模块在ftrace模块中注册第一结构体;
livepatch模块申请一部分地址空间用于存储第一结构体中的数据,将第一结构体的地址发给ftrace;并调用ftrace模块的接口,在ftrace模块中注册第一结构体,使得ftrace模块可以根据接收的第一结构体的地址读取第一结构体中存储的数据。第一结构体用于存储回调函数的指针以及函数的地址。livepatch模块按照ftrace模块提供的第一结构体的数据结构的定义,在第一结构体中记录livepatch模块的回调函数的指针和旧函数的地址,livepatch模块的回调函数用于指示livepatch模块根据旧函数的地址查找新函数的地址。在ftrace模块中注册第一结构体时,livepatch模块将旧函数的地址发送给ftrace模块,ftrace模块根据旧函数的地址找到旧函数的函数头,将函数头入口的几个字节替换为ftrace模块的回调函数的指针,ftrace模块的回调函数用于指示在第一结构体中查找被调用的函数地址并获得第二回调函数的指针。
可选的,第一结构体中的第一哈希表用于存储多个旧函数的地址。
步骤S713:ftrace模块将旧函数的地址添加至第一哈希表中;
livepatch模块将旧函数地址发给ftrace模块,ftrace模块从第一结构体中的指针指向的结构体中获得第一哈希表的地址,将旧函数的地址添加至第一哈希表中。
步骤S714:livepatch模块将新函数的地址压入函数堆栈的顶部;
livepatch模块将新函数的地址存储在函数堆栈的地址空间的起始部分。
上述实施例中的livepatch模块和ftrace模块可以为图8中所描述的livepatch模块和ftrace模块。
本申请实施例提供了一种实现函数跳转的装置800,如图16所示,该装置包括接收单元801和处理单元802。其中接收单元801用于执行步骤S501或S701;处理单元用于执行步骤S502-S504或步骤S601-S607或步骤S702-S707或步骤S708-S714中的一步或多个步骤。
本申请实施例提供了一种计算机系统,该计算机系统包括存储器和处理器,其中存储器用于存储计算机程序,处理器用于执行该计算机程序实现本申请任一个实施例提供的实现函数跳转的方法。
本申请实施例提供了一种计算机可读存储介质,该计算机可读存储介质中存储有计算机程序,该计算机程序被处理器调用时执行本申请任一个实施例提供的实现函数跳转的方法。
本申请实施例提供了一种计算机程序产品,该计算机程序产品包括计算机程序,该计算机程序被处理器调用时执行本申请任一个实施例提供的实现函数跳转的方法。
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。
本申请是参照根据本申请的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。
显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。

Claims (14)

  1. 一种实现函数跳转的方法,其特征在于,所述方法包括:
    接收对第一函数的调用指令;
    确认第一数据结构中已存储所述第一函数的地址,所述第一数据结构存储有多个函数的地址;
    根据所述第一函数的地址,从第二数据结构中查找所述第一函数的补丁函数的地址,所述第一函数的补丁函数被注册用于替换所述第一函数,所述第二数据结构存储有所述多个函数的地址与所述多个函数的补丁函数之间的对应关系;
    根据所述第一函数的补丁函数的地址,从所述第一函数跳转到所述第一函数的补丁函数执行,以响应所述调用指令。
  2. 根据权利要求1所述的方法,其特征在于,所述第一数据结构为一个第一哈希表。
  3. 根据权利要求2所述的方法,其特征在于,所述方法还包括:通过存储所述第一哈希表的地址的结构体确定所述第一哈希表;指向存储第一哈希表的地址的结构体的指针被包含在第一结构体中。
  4. 根据权利要求1-3任一项所述的方法,其特征在于,所述多个函数中每个函数对应一个第二结构体,每个函数的第二结构体存储有所述函数的补丁函数的地址,第二哈希表用于存储所述多个函数的地址与所述多个函数的第二结构体之间的对应关系;所述根据所述第一函数的地址,从第二数据结构中查找所述第一函数的补丁函数的地址,包括:
    根据所述第一函数的地址,从所述第二哈希表中查找所述第一函数的地址对应的第二结构体;
    从查找到的所述第一函数的地址对应的第二结构体中获得所述第一函数的补丁函数的地址。
  5. 根据权利要求1-4任一项所述的方法,其特征在于,所述方法还包括:
    将所述第一函数的地址添加至所述第一数据结构中。
  6. 根据权利要求4所述的方法,其特征在于,所述方法还包括:
    响应于对所述第一函数的回退指令,根据所述第一函数的地址和所述第二哈希表,查找并删除所述第一函数的第二结构体中所述第一函数的补丁函数的地址,所述回退指令用于指示撤销所述第一函数的补丁函数对所述第一函数的替换。
  7. 一种实现函数跳转的装置,其特征在于,所述装置包括:接收单元和处理单元,其中:
    所述接收单元用于接收对第一函数的调用指令;
    所述处理单元用于:
    确认第一数据结构中已存储所述第一函数的地址,所述第一数据结构存储有多个函 数的地址;
    根据所述第一函数的地址,从第二数据结构中查找所述第一函数的补丁函数的地址,所述第一函数的补丁函数被注册用于替换所述第一函数,所述第二数据结构存储有所述多个函数的地址与所述多个函数的补丁函数之间的对应关系;
    根据所述第一函数的补丁函数的地址,从所述第一函数跳转到所述第一函数的补丁函数执行,以响应所述调用指令。
  8. 根据权利要求7所述的装置,其特征在于,所述第一数据结构为一个第一哈希表。
  9. 根据权利要求8所述的装置,其特征在于,所述处理单元还用于:通过存储所述第一哈希表的地址的结构体确定所述第一哈希表;指向存储第一哈希表的地址的结构体的指针被包含在第一结构体中。
  10. 根据权利要求7-9任一项所述的装置,其特征在于,所述多个函数中每个函数对应一个第二结构体,每个函数的第二结构体存储有所述函数的补丁函数的地址,第二哈希表用于存储所述多个函数的地址与所述多个函数的第二结构体之间的对应关系,所述处理单元具体用于:
    根据所述第一函数的地址,从第二哈希表中查找所述第一函数的地址对应的第二结构体;
    从查找到的所述第一函数的地址对应的第二结构体中获得所述第一函数的补丁函数的地址。
  11. 根据权利要求7-10任一项所述的装置,其特征在于,所述处理单元还用于:
    将所述第一函数的地址添加至所述第一数据结构中。
  12. 根据权利要求11所述的装置,其特征在于,所述处理单元还用于:
    响应于对所述第一函数的回退指令时,根据所述第一函数的地址和所述第二哈希表,查找并删除所述第一函数的第二结构体中所述第一函数的补丁函数的地址,所述回退指令用于指示撤销所述第一函数的补丁函数对所述第一函数的替换。
  13. 一种计算机系统,其特征在于,所述计算机系统包括处理器和存储器,所述存储器用于存储计算机程序,所述处理器用于执行所述计算机程序实现如上述权利要求1-6任一项所述的方法。
  14. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储计算机程序,所述计算机程序被处理器调用时实现如上述权利要求1-6任一项所述的方法。
PCT/CN2020/071347 2019-05-30 2020-01-10 实现函数跳转的方法、装置及计算机存储介质 WO2020238245A1 (zh)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP20815671.1A EP3842938B1 (en) 2019-05-30 2020-01-10 Function jump implementation method, device, and computer storage medium
JP2021547637A JP7212793B2 (ja) 2019-05-30 2020-01-10 関数ジャンプを実現するための方法、装置及びコンピュータ記憶媒体
KR1020217011497A KR20210057176A (ko) 2019-05-30 2020-01-10 함수 점프 구현 방법, 디바이스, 및 컴퓨터 저장 매체
US17/235,061 US11645068B2 (en) 2019-05-30 2021-04-20 Method for implementing function jump, apparatus, and computer storage medium

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910465987.7A CN112015491B (zh) 2019-05-30 2019-05-30 实现函数跳转的方法、装置及计算机存储介质
CN201910465987.7 2019-05-30

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/235,061 Continuation US11645068B2 (en) 2019-05-30 2021-04-20 Method for implementing function jump, apparatus, and computer storage medium

Publications (1)

Publication Number Publication Date
WO2020238245A1 true WO2020238245A1 (zh) 2020-12-03

Family

ID=73501882

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/071347 WO2020238245A1 (zh) 2019-05-30 2020-01-10 实现函数跳转的方法、装置及计算机存储介质

Country Status (6)

Country Link
US (1) US11645068B2 (zh)
EP (1) EP3842938B1 (zh)
JP (1) JP7212793B2 (zh)
KR (1) KR20210057176A (zh)
CN (1) CN112015491B (zh)
WO (1) WO2020238245A1 (zh)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114840204A (zh) * 2021-02-02 2022-08-02 华为技术有限公司 非同名符号的函数跳转方法、装置及计算机可读存储介质
CN115167862A (zh) * 2021-03-19 2022-10-11 华为技术有限公司 补丁方法及相关设备
CN113239380A (zh) * 2021-05-21 2021-08-10 杭州弗兰科信息安全科技有限公司 一种保护文件读写方法、装置、电子设备和存储介质
CN113342389B (zh) * 2021-05-31 2022-09-30 深圳市腾讯网络信息技术有限公司 一种服务的更新方法、装置及计算机可读存储介质
US12086622B2 (en) * 2021-07-23 2024-09-10 VMware LLC Optimizing virtual machine scheduling on non-uniform cache access (NUCA) systems
CN114691181A (zh) * 2022-03-28 2022-07-01 阿里巴巴(中国)有限公司 热升级方法、装置、设备、分布式系统及存储介质
CN115145727A (zh) * 2022-06-30 2022-10-04 北京达佳互联信息技术有限公司 优化内存管理方法、装置、电子设备以及存储介质
CN118409780B (zh) * 2024-06-26 2024-08-30 统信软件技术有限公司 内核热补丁文件的生成方法、装置、电子设备、存储介质和计算机程序产品

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6658657B1 (en) * 2000-03-31 2003-12-02 Intel Corporation Method and apparatus for reducing the overhead of virtual method invocations
CN101561764A (zh) * 2009-05-18 2009-10-21 华为技术有限公司 一种多核环境下的补丁方法与补丁装置
CN101882094A (zh) * 2010-06-10 2010-11-10 中兴通讯股份有限公司 嵌入式系统制作补丁的方法和系统
CN102467394A (zh) * 2010-11-12 2012-05-23 中兴通讯股份有限公司 多核热补丁的实现方法及系统
CN104239082A (zh) * 2013-06-20 2014-12-24 上海博达数据通信有限公司 嵌入式系统的热补丁实现方法

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3019915B2 (ja) * 1995-11-20 2000-03-15 日本電気株式会社 手続き呼出し方法
GB9825102D0 (en) * 1998-11-16 1999-01-13 Insignia Solutions Plc Computer system
US8312435B2 (en) 2000-12-26 2012-11-13 Identify Software Ltd. (IL) System and method for conditional tracing of computer programs
US7472384B1 (en) * 2003-12-02 2008-12-30 Swsoft Holdings, Ltd. System, method and computer program product for on-the-fly patching of executable code
WO2009156790A1 (en) 2008-06-23 2009-12-30 Freescale Semiconductor, Inc. Patching of a read-only memory
US8468516B1 (en) * 2008-12-19 2013-06-18 Juniper Networks, Inc. Creating hot patches for embedded systems
US8510723B2 (en) 2009-05-29 2013-08-13 University Of Maryland Binary rewriting without relocation information
US9134977B2 (en) * 2010-02-26 2015-09-15 Red Hat, Inc. Compiler operation for handling conditional statements
US9395975B2 (en) 2014-07-21 2016-07-19 Sandisk Technologies Llc Method and system for generating a ROM patch
CN105630557B (zh) 2015-12-24 2018-12-28 迈普通信技术股份有限公司 热补丁方法和装置
CN105607937B (zh) * 2015-12-25 2019-01-18 京信通信系统(中国)有限公司 一种热补丁方法及设备
CN106610857B (zh) * 2016-12-23 2019-01-22 优刻得科技股份有限公司 一种热补丁信息查询方法以及装置
US10795659B1 (en) * 2017-11-02 2020-10-06 Virtuozzo International Gmbh System and method for live patching processes in user space
CN107797820B (zh) * 2017-11-13 2021-03-23 北京百度网讯科技有限公司 用于生成补丁的方法和装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6658657B1 (en) * 2000-03-31 2003-12-02 Intel Corporation Method and apparatus for reducing the overhead of virtual method invocations
CN101561764A (zh) * 2009-05-18 2009-10-21 华为技术有限公司 一种多核环境下的补丁方法与补丁装置
CN101882094A (zh) * 2010-06-10 2010-11-10 中兴通讯股份有限公司 嵌入式系统制作补丁的方法和系统
CN102467394A (zh) * 2010-11-12 2012-05-23 中兴通讯股份有限公司 多核热补丁的实现方法及系统
CN104239082A (zh) * 2013-06-20 2014-12-24 上海博达数据通信有限公司 嵌入式系统的热补丁实现方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3842938A4

Also Published As

Publication number Publication date
EP3842938B1 (en) 2024-09-25
CN112015491A (zh) 2020-12-01
JP7212793B2 (ja) 2023-01-25
EP3842938A4 (en) 2021-12-15
EP3842938A1 (en) 2021-06-30
KR20210057176A (ko) 2021-05-20
CN112015491B (zh) 2022-08-09
US20210240467A1 (en) 2021-08-05
JP2022513382A (ja) 2022-02-07
US11645068B2 (en) 2023-05-09

Similar Documents

Publication Publication Date Title
WO2020238245A1 (zh) 实现函数跳转的方法、装置及计算机存储介质
JP5852677B2 (ja) レジスタ・マッピング方法
US9904527B1 (en) Optimizing API implementer programs using fine-grained code analysis
US10474369B2 (en) Mapping guest pages to disk blocks to improve virtual machine management processes
EP2726977B1 (en) Virtual machine image analysis
US20100023941A1 (en) Virtual machine monitor
US9146847B2 (en) Optimizing for page sharing in virtualized java virtual machines
US9558023B2 (en) Live application mobility from one operating system level to an updated operating system level and applying overlay files to the updated operating system
US11693722B2 (en) Fast memory mapped IO support by register switch
US20200272482A1 (en) Unikernel provisioning
US20220358049A1 (en) Memory access handling for peripheral component interconnect devices
US11436141B2 (en) Free memory page hinting by virtual machines
US11983555B2 (en) Storage snapshots for nested virtual machines
US10877771B2 (en) Virtual machine booting using disk metadata
US11886351B2 (en) Memory efficient virtual address management for system calls
US12013799B2 (en) Non-interrupting portable page request interface
US12111771B2 (en) Aggregating block mapping metadata to improve linked clone read performance
US20230350710A1 (en) Fast memory mapped io support by register switch
US20230132905A1 (en) Binary execuction by a virtual device
WO2023185799A1 (zh) 一种指令翻译方法及其相关设备
WO2024041351A1 (en) Disabling processor facility on new processor generation without breaking binary compatibility
Curless Tools for Memory Optimization in Duplicate Containers

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20815671

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2020815671

Country of ref document: EP

Effective date: 20210324

ENP Entry into the national phase

Ref document number: 20217011497

Country of ref document: KR

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2021547637

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE