The implementation of a new page: Live Patching
Kernel Live Patching (KLP) allows quick fixes to the kernel space without rebooting the whole system. Since version 4.0, related patches have been accepted , so one can configure his/her kernel to enable this feature. Generally, KLP is achieved by the following steps:
- Obtain the source tree of the running kernel
- Prepare the patch against the kernel
- Apply some tools (as follows) to help transform and load the patch
Some projects provide the live patching utilities even before KLP was officially supported, such as Oracle's #ksplice, SuSE's #kGraft, and RedHat's #kpatch. They implement the KLP functionality in different ways. The minimalistic set of patches entered mainstream kernel were derived from kpatch and kGraft.
InstallAUR for an appropriate kernel and AUR for userspace tools.
Once both packages are successfully built and after reboot, you may
$ export ROOTDIR=some/dir/aur/linux-kpatch/src/linux-x-y $ cd $ROOTDIR
Assume that you have done some modifications and have a patch some.patch (against the source tree after a
makepkg -o, not the vanilla kernel of version x.y) in the working directory. Launch the kpatch utility,
$ kpatch-build -s $(pwd) -t $(pwd)/vmlinux some.patch
This command involves two kernel builds, the original one and the patched one, so it may take a period of time to complete. After the build is over, there should be a kpatch-some.ko module in the same directory. And then,
# insmod kpatch-some.ko
should do the trick.
For further information, please check the manpages or the github repository.
KGraft hasn't been tested in Arch environment, so is not supported as of this writing.
First, you need the kernel source tree for the kernel you are currently running, and some files from the previous kernel build:
If you don't have
System.map from the previous build, you can copy
/proc/kallsyms as an equivalent. If the
kernel.kptr_restrict kernel parameter is enabled, remember to copy it as root.
This example makes use of the
--diffext option which creates a patch based on the differences between the old and the new source files.
ksplice directory in the kernel source tree, copy
System.map over from the previous build, and copy
.config into the tree if it is not already in the source tree:
# mkdir -p src/ksplice # cp System.map src/ksplice # cp .config src/
Create a ksplice patch and wait for the kernel to rebuild.
All files that end with
new will be compiled into the ksplice patch. C source files, for example, should end in
.cnew as the diffext is appended directly.
# ksplice-create --diffext=new src/
Apply the newly generated patch to the running kernel:
# ksplice-apply ksplice-*.tar.gz
See man pages for