Kpatch

From Gentoo Wiki
Jump to:navigation Jump to:search

kpatch is a GPLv2 licensed dynamic kernel patching tool developed by RedHat.

Installation

Kernel

The Linux kernel must be version 4.0 or higher in order to have LIVEPATCH support.[1]

KERNEL Enable CONFIG_LIVEPATCH support
General setup  --->
   [*] Configure standard kernel features (expert users)  --->
      -*-   Load all symbols for debugging/ksymoops
         [*]     Include all symbols in kallsyms
[*] Enable loadable module support  --->
Processor type and features  --->
   [*] Kernel Live Patching
Kernel hacking  --->
   [*] Tracers  --->
      [*]   Kernel Function Tracer
File systems  --->
   Pseudo filesystems  --->
      -*- sysfs file system support

USE flags

USE flags for sys-kernel/kpatch Dynamic kernel patching for Linux

+kpatch Enable a command-line tool which allows a user to manage a collection of patch modules.
+kpatch-build Enable tools which convert a source diff patch to a patch module.
+strip Allow symbol stripping to be performed by the ebuild for special files
contrib Enable contrib kpatch services files.
dist-kernel Enable subslot rebuilds on Distribution Kernel upgrades
kmod Enable a kernel module (.ko file) which provides an interface for the patch modules to register new functions for replacement.
modules-compress Install compressed kernel modules (if kernel config enables module compression)
modules-sign Cryptographically sign installed kernel modules (requires CONFIG_MODULE_SIG=y in the kernel)
test Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)

Emerge

root #emerge --ask sys-kernel/kpatch

Usage

user $kpatch --help

Workflow

root #Kpatch-build foo.patch
root #insmod kpatch-foo.ko

References