1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
|
Installation
============
Table of contents
=================
- [Prerequisites](#prerequisites)
- [Fedora, RHEL, CentOS](#fedora-rhel-centos)
- [Oracle Linux 7](#oracle-linux-7)
- [Ubuntu](#ubuntu)
- [Debian 9 (Stretch)](#debian-9-stretch)
- [Debian 8 (Jessie)](#debian-8-jessie)
- [Debian 7 (Lenny)](#debian-7-lenny)
- [Gentoo](#gentoo)
- [OpenEuler](#openeuler)
- [Build](#build)
- [Install](#install)
Prerequisites
-------------
Before starting, see [Supported
Architectures](../README.md#supported-architectures) and check if your device's
architecture is supported.
### Fedora, RHEL, CentOS
*NOTE: You'll need about 15GB of free disk space for the kpatch-build cache in
`~/.kpatch` and for ccache.*
Install the dependencies for compiling kpatch and running kpatch-build:
```bash
# Will request root privileges
make dependencies
```
### Oracle Linux 7
*NOTE: You'll need about 15GB of free disk space for the kpatch-build cache in
`~/.kpatch` and for ccache.*
Install the dependencies for compiling kpatch:
```bash
UNAME=$(uname -r)
sudo yum install gcc kernel-devel-${UNAME%.*} elfutils elfutils-devel
```
Install the dependencies for the "kpatch-build" command:
```bash
sudo yum install pesign yum-utils zlib-devel \
binutils-devel newt-devel python-devel perl-ExtUtils-Embed \
audit-libs numactl-devel pciutils-devel bison patchutils
# enable ol7_optional_latest repo
sudo yum-config-manager --enable ol7_optional_latest
sudo yum-builddep kernel-${UNAME%.*}
# manually install kernel debuginfo packages
rpm -ivh https://oss.oracle.com/ol7/debuginfo/kernel-debuginfo-$(uname -r).rpm
rpm -ivh https://oss.oracle.com/ol7/debuginfo/kernel-debuginfo-common-x86_64-$(uname -r).rpm
# optional, but highly recommended - enable EPEL 7
sudo yum install ccache
ccache --max-size=5G
```
### Ubuntu
*NOTE: You'll need about 15GB of free disk space for the kpatch-build cache in
`~/.kpatch` and for ccache.*
Install the dependencies for compiling kpatch and running kpatch-build
```bash
# required on ppc64le
# e.g., on Ubuntu 18.04 for gcc-7.3
apt-get install gcc-7-plugin-dev
# Will request root privileges
make dependencies
```
### Debian 9 (Stretch)
Since Stretch the stock kernel can be used without changes, however the
version of kpatch in Stretch is too old so you still need to build it
manually. Follow the instructions for Debian Jessie (next section) but skip
building a custom kernel/rebooting.
### Debian 8 (Jessie)
*NOTE: You'll need about 15GB of free disk space for the kpatch-build cache in
`~/.kpatch` and for ccache.*
Install the dependencies for compiling kpatch:
apt-get install make gcc libelf-dev build-essential
Install and prepare the kernel sources:
```bash
apt-get install linux-source-$(uname -r)
cd /usr/src && tar xvf linux-source-$(uname -r).tar.xz && ln -s linux-source-$(uname -r) linux && cd linux
cp /boot/config-$(uname -r) .config
for OPTION in CONFIG_KALLSYMS_ALL CONFIG_FUNCTION_TRACER ; do sed -i "s/# $OPTION is not set/$OPTION=y/g" .config ; done
sed -i "s/^SUBLEVEL.*/SUBLEVEL =/" Makefile
make -j`getconf _NPROCESSORS_CONF` deb-pkg KDEB_PKGVERSION=$(uname -r).9-1
```
Install the kernel packages and reboot
dpkg -i /usr/src/*.deb
reboot
Install the dependencies for the "kpatch-build" command:
apt-get install dpkg-dev
apt-get build-dep linux
# required on ppc64le
# e.g., on stretch for gcc-6.3
apt-get install gcc-6-plugin-dev
# optional, but highly recommended
apt-get install ccache
ccache --max-size=5G
### Debian 7 (Lenny)
*NOTE: You'll need about 15GB of free disk space for the kpatch-build cache in
`~/.kpatch` and for ccache.*
Add backports repositories:
```bash
echo "deb http://http.debian.net/debian wheezy-backports main" > /etc/apt/sources.list.d/wheezy-backports.list
echo "deb http://packages.incloudus.com backports-incloudus main" > /etc/apt/sources.list.d/incloudus.list
wget http://packages.incloudus.com/incloudus/incloudus.pub -O- | apt-key add -
aptitude update
```
Install the linux kernel, symbols and gcc 4.9:
aptitude install -t wheezy-backports -y initramfs-tools
aptitude install -y gcc gcc-4.9 g++-4.9 linux-image-3.14 linux-image-3.14-dbg
Configure gcc 4.9 as the default gcc compiler:
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.7 20
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.9 50
update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.7 20
update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.9 50
Install kpatch and these dependencies:
aptitude install kpatch
Configure ccache (installed by kpatch package):
ccache --max-size=5G
### Gentoo
*NOTE: You'll need about 15GB of free disk space for the kpatch-build cache in
`~/.kpatch` and for ccache.*
Install Kpatch and Kpatch dependencies:
```bash
emerge --ask sys-kernel/kpatch
```
Install ccache (optional):
```bash
emerge --ask dev-util/ccache
```
Configure ccache:
```bash
ccache --max-size=5G
```
### OpenEuler
*ATTENTION: openEuler maintains its own version of kpatch which work with its
own kernel. You can check this [link](https://gitee.com/src-openeuler/kpatch)
to see its documents. This document describes how to run mainline kpatch in openEuler.*
*NOTE: You'll need about 15GB of free disk space for the kpatch-build cache in
`~/.kpatch` and for ccache.*
Install the dependencies for compiling kpatch and running kpatch-build:
```bash
# Will request root privileges
make dependencies
```
#### Before running kpatch-build, two more things need to be checked:
-------
1. Ensure current kernel compiled with *CONFIG_LIVEPATCH_PER_TASK_CONSISTENCY* set
openEuler has two strategies to apply kernel live patches and it is decided at compile time.
When CONFIG_LIVEPATCH_STOP_MACHINE_CONSISTENCY set, openEuler uses its own strategy.
When CONFIG_LIVEPATCH_PER_TASK_CONSISTENCY set, openEuler uses the conventional strategy.
Only one config option can take effect at the same time.
A [chinese blog](https://www.modb.pro/db/232858) written by the openEuler official describes
their modifications for kernel livepatch. The main difference is CONFIG_LIVEPATCH_STOP_MACHINE_CONSISTENCY
will disable the usage of ftrace handler in livepatch, they believe it will be faster.
Check whether your current kernel compiled with *CONFIG_LIVEPATCH_PER_TASK_CONSISTENCY*
```bash
grep "CONFIG_LIVEPATCH_PER_TASK_CONSISTENCY" /boot/config-$(uname -r)
```
If you see any output, it means your kernel satisfies, you can go directly to check step 2.
If not, then you need to recompile your current kernel with CONFIG_LIVEPATCH_PER_TASK_CONSISTENCY set.
You can reference the following steps to recompile the kernel if needed
1. download source code of the current kernel
```bash
# set working directories
TEMPDIR=~/.tmp
mkdir -p $TEMPDIR
mkdir -p $TEMPDIR/buildroot
# download kernel source rpm package
yumdownloader --source --destdir "$TEMPDIR" kernel-$(uname -r)
# obtain source code from package
rpm -D "_topdir $TEMPDIR/buildroot" -ivh $TEMPDIR/kernel-*.src.rpm
rpmbuild -D "_topdir $TEMPDIR/buildroot" -bp --nodeps --target=$(uname -m) $TEMPDIR/buildroot/SPECS/kernel.spec
# check source code and copy config file
cd $TEMPDIR/buildroot/BUILD/kernel-*/linux-*[sS]ource
cp /boot/config-$(uname -r) .config
```
2. set CONFIG_LIVEPATCH_PER_TASK_CONSISTENCY
```bash
make menuconfig
```
select order
-> Processor type and features
-> Enable Livepatch
-> Kernel Live Patching
-> live patching method
choose
> based on ftrace
After this step, you shoud see CONFIG_LIVEPATCH_PER_TASK_CONSISTENCY in .config file
3. recompile kernel and install it to your running environment.
Just to remind, after installing the recompiled kernel, the config file should also be updated.
2. Ensure */update/source* is in the rpm repo lists
openEuler releases its source rpm package of the kernel in two places.
One is /source and it is included in rpm repo lists by default.
One is /update/source and it may not be included it in some release versions.
```bash
grep "/update/source" /etc/yum.repos.d/openEuler.repo
```
If you can't see any output, add it to the end of /etc/yum.repos.d/openEuler.repo
For example, if you use openEuler 21.09, you will add something like:
```
[update-source]
name=update-source
baseurl=https://repo.openeuler.org/openEuler-21.09/update/source/
enabled=1
gpgcheck=0
```
*baseurl* is releated with your release version, be careful please!
Goto [openEuler repo](https://repo.openeuler.org/), find your own suitable baseurl.
Build
-----
Compile kpatch:
make
Install
-------
OPTIONAL: Install kpatch to `/usr/local`:
sudo make install
Alternatively, the kpatch and kpatch-build scripts can be run directly from the
git tree.
|
