Kernel live patching

From Alpine Linux
Revision as of 01:21, 25 August 2023 by Sertonix (talk | contribs) (+ Category:Kernel)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Kernel Live Patching (KLP) enables the capacity to apply patch to the kernel without rebooting the system.

To use KLP, you should follow the following steps:

  • Run a livepatching enabled kernel
  • Obtain the source tree of the kernel
  • Prepare and build the patch
  • Apply the patch

You can use Kernel Live Patching in Alpine Linux by running a modified kernel.

Building the kernel

  1. Obtain the source
  2. Enable the following flag CONFIG_LIVEPATCH and CONFIG_DEBUG_INFO
  3. Build the kernel: make
  4. Install: doas make modules_install && doas make install
  5. Rebuild initramfs
  6. Update bootloader
  7. Reboot: doas reboot

Patching the kernel

  1. Install kpatch: doas apk add kpatch
  2. Prepare the patch. You can create a file some.patch containing something around the following (it can need update depending on the kernel version):
Index: src/fs/proc/meminfo.c
===================================================================
--- src.orig/fs/proc/meminfo.c
+++ src/fs/proc/meminfo.c
@@ -95,7 +95,7 @@ static int meminfo_proc_show(struct seq_
 		"Committed_AS:   %8lu kB\n"
 		"VmallocTotal:   %8lu kB\n"
 		"VmallocUsed:    %8lu kB\n"
-		"VmallocChunk:   %8lu kB\n"
+		"VMALLOCCHUNK:   %8lu kB\n"
 #ifdef CONFIG_MEMORY_FAILURE
 		"HardwareCorrupted: %5lu kB\n"
 #endif
  1. Build the patch: kpatch-build -s /path/to/kernel/source some.patch

Enabling the patch

  1. Enable the patch: doas insmod kpatch-some.ko or doas kpatch load kpatch-some.ko
  2. Check that the patch has been loaded: grep -i chunk /proc/meminfo
  3. Disable the patch: doas kpatch unload kpatch-some.ko
Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Kernel_live_patching&oldid=24439"