Fork: 1
21a5032 / linux_kernel_hacking
forked from miura250/linux_kernel_hacking
Download ZIP 20 commits
Transfer to URL with SHA
linux_kernel_hacking / 1_Livepatch / 1.1_kpatch /
latest commit 712f3e2842
@Harvey Phillips Harvey Phillips authored on 13 Jun 2020
..
README.md kpatch example and instructions 5 years ago
meminfo-string.patch kpatch example and instructions 5 years ago
README.md

Linux Kernel Hacking

1.1: Kpatch Example

In order to patch existing kernel functions, you have to be able to resolve relocatable symbols in the currently running kernel. Doing this manually would be very difficult and time-consuming, so kpatch was created.

Kpatch works by first building the kernel tree normally, then rebuilding it with a patch provided as a source diff. Next, it takes the object files that changed, and rebuilds them again (both with and without the patch) with the GCC options -ffunction-sections and -fdata-sections. These two options cause all functions and data items to get their own sections, so that they can be found more easily without having to know precise offsets. Now the ELF relocation table can be built for the patched object file, and the kernel module is generated.

Setting up kpatch:

  • apt install dpkg-dev devscripts elfutils ccache
  • apt build-dep linux
  • git clone git@github.com:dynup/kpatch.git
  • cd kpatch; make install
  • Download the debug kernel image from http://ddebs.ubuntu.com/ubuntu/pool/main/l/linux/. The file you need is called linux-image-unsigned-<KERNEL VERSION>-generic-dbgsym_<KERNEL VERSION>_amd64.ddeb
  • Install with dpkg -i <path to .ddeb>

To use:

  • Check the output of grep -i vmallocchunk /proc/meminfo
  • Build with kpatch-build -t vmlinux --vmlinux /lib/debug/boot/vmlinux-$(uname -r) meminfo-string.patch
  • Load the kernel module with insmod livepatch-meminfo-string.ko
  • Check the output of grep -i vmallocchunk /proc/meminfo again - notice that it's now in all-caps
  • Disable the livepatch with echo 0 | sudo tee /sys/kernel/livepatch/livepatch-meminfo-string/enabled
  • Unload from the kernel with rmmod livepatch-meminfo-string.ko

Tested on Ubuntu 20.04 running under Vagrant. Helful Source: https://ruffell.nz/programming/writeups/2020/04/20/everything-you-wanted-to-know-about-kernel-livepatch-in-ubuntu.html.