BTS patch ideas and Implementations

BTS patch ideas and Implementations

Purpose:
Do not restart BTS (the system is VxWorks on powerpc) to dynamically call a new function and replace the old function to implement the patch function. If it can be implemented, it can take effect at least during debugging, without compiling the entire application, or restarting the system to save time.
(This function is available on the Nortel switch and is now available on the base station or BTS)

Principle:
Insert a jump command to the start address of the function to be replaced, jump to the start position of the new function unconditionally, and execute the new function to implement the patch function.

Limitation:
The static variable is reset to 0.

Implementation:
First, enable the xdm FTP module that has been abandoned for many years to implement the new function (compiled. o file) upload to the BTS function, and put. O files are stored in BTS flash storage.
Because the new function may need to use the functions or variables in the original application, it is compiled on the local machine. after the o file, it should be added with a file header, which contains the address of another symbol to be used by the new function (using the nmppc tool in. O files and. extracted from corefile ).
. O after a file is uploaded, it should be separated from the file header. The program adds the symbol in the file header to the system symbol table in VxWorks, in this way, the positions of these symbrs will be correctly known when new functions are executed.
After separating the file header, you can call the VxWorks API, loadmodule (), and dynamically connect the new function to the memory.
If the connection is successful, you can change the code segment of the old function, insert a jump command, and redirect it to the new function.

Unsolved unanticipated problems:
1. Writing of flash storage.
2. The new function cannot find the required symbol address correctly.
3. Add the new symbol to the system symbol table.

Problem:
1. The code segment's memory write protection can be restarted after slight changes. There is no solution.
2. The storage address of the new function is far from that of the normal 24-bit offset jump command.

Problem:
1. VxWorks code segment memory protection. do not modify the code segment of the old function at will. This means that the jump command cannot be added to jump to the new function.
2. Jump command. PowerPC does not have long jump instructions. to jump to a remote address, you must put the address in a special register and then jump.
3. If the old function is being executed by a process, more than one instruction needs to be inserted. If you do not make any judgment, changing the code segment will cause a serious problem.

Solution:
1. Check the VxWorks operating system code and find an available internal function "memprotectstateset ()". You can modify the protection status of a memory segment without restarting the board. After executing this function, you can specify a code segment that can be written.
2. Only multiple commands can be used for redirection. The binary format of the command is studied, and the command is manually converted to word32 and written into the code segment.
3. the demo decides not to solve the problem. The current idea is to search all processes. If this code segment is running, it will wait. If it times out, it will return a patch failure.