Computer programs having sections of executable computer code frequently require patching. For example, it may be learned that operating systems and application programs, as well as other types of computer programs, have vulnerabilities to malware like viruses. Therefore, the computer programs have to be updated, or patched, in order to remove such vulnerabilities.
Existing approaches to patching computer code are disadvantageous, however. A technique known as symbol patching requires that all processors currently executing the computer code be halted, among other disadvantages, so that the computer code can be updated or patched. Halting the processors currently executing the computer code is disadvantageous, however, because it means that any systems employing the computer code may have reduced performance while the processors are halted for the patching process to be performed. As such, the patching process is a static, as opposed to a dynamic, process. For systems that have to be highly available, having reduced performance, event momentarily, is undesirable. Even for systems that do not have to be highly available, having reduced performance can be undesirable.
Another technique known as marking, or efficient marking, likewise can require that all processors currently executing the computer code to be halted, among other disadvantages, so that the computer code can be updated or patched. In the marking approach, specific points within the kernel, primarily function entry points, are marked with an extended set of no-operation (NOP) instructions. If a function requires patching, the system is patched by replacing these NOP instructions with a jump instruction to the patched code. In the efficient marking approach, an additional optimization is employed. Additional code is generated to add two NOP instructions, the first of which being a small two-byte NOP instruction. When the system is hot-patched, the two-byte NOP instruction is replaced with a jump to the second NOP instruction, which eventually jumps to the final patched function or routine.
Disadvantages associated with marking and efficient marking, in addition to having to halt the processors currently executing the computer code in question, including the following. First, the locations of the markers have to be known a priori and set at compile time, such that functions can only be patched if they have had such markers set at this time; otherwise, the functions cannot be patched at a later point in time. Second, the size of the code section becomes bloated, since additional space overhead is required. The present invention as described below overcomes all these disadvantages.