Kernel live patching
Kernel Live Patching (KLP) enables the capacity to apply patch to the kernel without rebooting the system.
To use KLP, you should follow the following steps:
- Run a livepatching enabled kernel
- Obtain the source tree of the kernel
- Prepare and build the patch
- Apply the patch
You can use Kernel Live Patching in Alpine Linux by running a modified kernel.
Building the kernel
- Obtain the source
- Enable the following flag CONFIG_LIVEPATCH and CONFIG_DEBUG_INFO
- Build the kernel:
make - Install:
doas make modules_install && doas make install - Rebuild initramfs
- Update bootloader
- Reboot:
doas reboot
Patching the kernel
- Install kpatch:
doas apk add kpatch - Prepare the patch. You can create a file some.patch containing something around the following (it can need update depending on the kernel version):
Index: src/fs/proc/meminfo.c =================================================================== --- src.orig/fs/proc/meminfo.c +++ src/fs/proc/meminfo.c @@ -95,7 +95,7 @@ static int meminfo_proc_show(struct seq_ "Committed_AS: %8lu kB\n" "VmallocTotal: %8lu kB\n" "VmallocUsed: %8lu kB\n" - "VmallocChunk: %8lu kB\n" + "VMALLOCCHUNK: %8lu kB\n" #ifdef CONFIG_MEMORY_FAILURE "HardwareCorrupted: %5lu kB\n" #endif
- Build the patch:
kpatch-build -s /path/to/kernel/source some.patch
Enabling the patch
- Enable the patch:
doas insmod kpatch-some.koordoas kpatch load kpatch-some.ko - Check that the patch has been loaded:
grep -i chunk /proc/meminfo - Disable the patch:
doas kpatch unload kpatch-some.ko