Latest revision as of 01:21, 25 August 2023

Kernel Live Patching (KLP) enables the capacity to apply patch to the kernel without rebooting the system.

To use KLP, you should follow the following steps:

Run a livepatching enabled kernel
Obtain the source tree of the kernel
Prepare and build the patch
Apply the patch

You can use Kernel Live Patching in Alpine Linux by running a modified kernel.

Building the kernel

Obtain the source
Enable the following flag CONFIG_LIVEPATCH and CONFIG_DEBUG_INFO
Build the kernel: make
Install: doas make modules_install && doas make install
Rebuild initramfs
Update bootloader
Reboot: doas reboot

Patching the kernel

Install kpatch: doas apk add kpatch
Prepare the patch. You can create a file some.patch containing something around the following (it can need update depending on the kernel version):

Index: src/fs/proc/meminfo.c
===================================================================
--- src.orig/fs/proc/meminfo.c
+++ src/fs/proc/meminfo.c
@@ -95,7 +95,7 @@ static int meminfo_proc_show(struct seq_
 		"Committed_AS:   %8lu kB\n"
 		"VmallocTotal:   %8lu kB\n"
 		"VmallocUsed:    %8lu kB\n"
-		"VmallocChunk:   %8lu kB\n"
+		"VMALLOCCHUNK:   %8lu kB\n"
 #ifdef CONFIG_MEMORY_FAILURE
 		"HardwareCorrupted: %5lu kB\n"
 #endif

Build the patch: kpatch-build -s /path/to/kernel/source some.patch

Enabling the patch

Enable the patch: doas insmod kpatch-some.ko or doas kpatch load kpatch-some.ko
Check that the patch has been loaded: grep -i chunk /proc/meminfo
Disable the patch: doas kpatch unload kpatch-some.ko

@@ Line 45: / Line 45: @@
 # Check that the patch has been loaded: <code>grep -i chunk /proc/meminfo</code>
 # Disable the patch: <code>doas kpatch unload kpatch-some.ko</code>
+[[Category:Kernel]]