Kernel live patching

From ArchWiki
Jump to: navigation, search

Kernel Live Patching (KLP) allows quick fixes to the kernel space without rebooting the whole system. Since version 4.0, related patches have been accepted [1][2][3], so one can configure his/her kernel to enable this feature. Generally, KLP is achieved by the following steps:

  1. Obtain the source tree of the running kernel
  2. Prepare the patch against the kernel
  3. Apply some tools (as follows) to help transform and load the patch

Some projects provide the live patching utilities before KLP was officially supported, such as Oracle's #ksplice[broken link: invalid section], SuSE's #kGraft, and RedHat's #kpatch. They implemented the KLP functionality in different ways. The minimalistic functional set of patches entered mainstream kernel were derived from kpatch and kGraft.

kpatch

Installation

Install linux-kpatchAUR for an appropriate kernel and kpatch-gitAUR for userspace tools.

You can also manually build a kernel that supports kpatch usage, by enabling CONFIG_LIVEPATCH, CONFIG_DEBUG_INFO, and CONFIG_KALLSYMS.

Note: Remember to update the bootloader after you install the special kernel.

Usage

Once both packages are successfully built and after reboot, you may

$ export ROOTDIR=some/dir/aur/linux-kpatch/src/linux-x-y
$ cd $ROOTDIR

Assume that you have done some modifications and have a patch some.patch (against the source tree after a makepkg -o, not the vanilla kernel of version x.y) in the working directory. Launch the kpatch utility,

$ kpatch-build -s $(pwd) -t $(pwd)/vmlinux some.patch

This command involves two kernel builds, the original one and the patched one, so it may take a period of time to complete. After the build is over, there should be a kpatch-some.ko module in the same directory. And then,

# insmod kpatch-some.ko

should do the trick.

For further information, please check the manpages or the github repository.

kGraft

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements.Tango-edit-clear.png

Reason: "as of this writing" has no meaning on a wiki. (Discuss in Talk:Kernel live patching#)

KGraft hasn't been tested in Arch environment, so is not supported as of this writing.

See also