Sign in Subscribe
Linux

How to use the Linux kernel's live patching feature

Markus

Markus

6 min read
How to use the Linux kernel's live patching feature

If you are a Linux user, you probably know the hassle of rebooting your system after installing a kernel update. This can sometimes be inconvenient, especially if you are running a server or a critical application that needs to be always available. Fortunately, there is a way to apply kernel patches without rebooting your system: live patching.

What's kernel live patching in Linux?

Live patching is a feature of the Linux kernel that allows you to modify the running kernel code in memory, without affecting the system's functionality or performance. This means that you can fix security vulnerabilities, bugs, or performance issues in the kernel, without interrupting your work or losing your data.

Live patching is not a new concept, but it was only officially integrated into the Linux kernel in version 4.0, released in 2015. Since then, several tools and frameworks have been developed to make live patching easier and more accessible for users. Some of the most popular ones are:

  • kpatch: A tool developed by Red Hat that allows you to create and apply live patches from source code. It uses the GCC compiler plugin to generate patches that can be loaded as kernel modules.
  • kGraft: A tool developed by SUSE that also allows you to create and apply live patches from source code. It uses the GCC compiler plugin or the LLVM compiler to generate patches that can be loaded as kernel modules.
  • ksplice: A tool developed by Oracle that allows you to create and apply live patches from binary code. It uses a proprietary algorithm to analyze the differences between the old and new kernel binaries and generate patches that can be loaded as kernel modules.
  • livepatch: A tool developed by Canonical that allows you to apply live patches from a cloud service. It uses the kpatch or kGraft frameworks to generate patches that can be downloaded and applied automatically.
💡
As an example, Ubuntu's livepatch is automatically enabled after you attach a Ubuntu Pro subscription to your machine.

It's free for personal use as well - up to 5 devices. (sounds like an ad, I know, but good to know!)

Does my kernel support it?

To use live patching, you need to have a kernel that supports this feature. You can check if your kernel has live patching enabled by running the following command:

grep LIVEPATCH /boot/config-$(uname -r)

If the output is CONFIG_LIVEPATCH=y, then your kernel supports live patching. If not, you need to install or compile a kernel that has this feature enabled.

Example workflow of creating a live patch (kpatch)

To create a live patch, you need to have the source code of the old and new kernel versions, and a tool that can generate a patch from them. For example, if you want to use kpatch, you can follow these steps:

  1. Install the kpatch-build package and its dependencies.
  2. Download the source code of the old and new kernel versions and extract them in separate directories. Kernels by version can be found directly in kernel.org.
  3. Create a patch file that contains the changes between the old and new kernel versions. You can use the diff command or a graphical tool like meld to do this.
  4. Run the kpatch-build command with the patch file as an argument. This will create a kernel module file that contains the live patch.
  5. Copy the kernel module file to the /var/lib/kpatch directory on the target system.
  6. Run the kpatch load command with the kernel module file as an argument. This will load the live patch into the running kernel.

Applying an existing patch (kpatch)

To apply a live patch, you need to have a kernel module file that contains the live patch, and a tool that can load it into the running kernel. For example, if you want to use kpatch, you can follow these steps:

  1. Install the kpatch package and its dependencies.
  2. Copy the kernel module file to the /var/lib/kpatch directory on the target system.
  3. Run the kpatch load command with the kernel module file as an argument. This will load the live patch into the running kernel.

Verifying applied patches

To verify that the live patch has been applied, you can use the kpatch list command to see the list of loaded patches, or the uname -a command to see the kernel version.

This is all informative and meant to get a quick & rough understanding of live patching, even if you'll never use it.

To get an even better understanding of live patching (in this case with kpatch), then you can check out Red Hat's up to date documentation instead.

Limitations

Live patching is a powerful and useful feature of the Linux kernel that can save you time and trouble when dealing with kernel updates. However, it is not a magic bullet that can solve all your problems. There are some limitations and caveats that you should be aware of before using live patching, such as:

  • Live patching can only modify the kernel code, not the data structures or the configuration. This means that some kernel updates may not be compatible with live patching, or may require additional steps to take effect.
  • Live patching can only patch the running kernel, not the kernel image on disk. This means that you still need to update the kernel image on disk and reboot your system at some point, otherwise you will lose the live patch after a reboot.
  • Live patching can introduce new bugs or security issues if the patch is not well-tested or verified. This means that you should only use live patches from trusted sources, and always have a backup plan in case something goes wrong.

Conclusion

Live patching is a great feature of the Linux kernel that can make your life (sometimes) easier as a Linux user. It's not something that you would use very often, but it's nice to know such feature exists.

With all that in mind - always keep your kernel updated, reboot your system when necessary, and follow the best practices for kernel security and performance. Live patching is just a tool that can help you in some situations, but it is not a solution for everything. Use it wisely and responsibly! 🐧

Why do Linux users often prefer Thinkpads?
If you are looking for a laptop that can run Linux flawlessly, you might want to consider a Thinkpad. Thinkpads are laptops that have been produced by IBM and Lenovo for over 30 years, and have become synonymous with reliability, durability, and performance. But they are also very popular among
WirekatMarkus
11 Things You Can Do to Secure Your Linux Server
Linux is one of the most popular and widely used operating systems in the world, especially for servers. Linux servers power millions of websites, applications, databases, and other services that we use every day. However, Linux servers are not immune to cyberattacks, and they require proper security measures to protect
WirekatMarkus
How safe are your Linux distribution’s repositories?
Various Linux distributions package and maintain their own repositories for users to access. They’re pretty handy and provide many different programs and updates. But how can we be sure they’re safe? Let’s explore it in this relatively short article. Trusting your operating system’s vendor usually means relying on the repository
WirekatMarkus
Browse your remote server files in Nautilus, GNOME’s default file manager
Nautilus may seem minimalistic, but it has some cool tricks up its sleeve. If you have a remote Linux server and have the correct SSH configuration (meaning you can ssh myserver, then this trick is for you! You can actually use Nautilus to directly browse within your remote server, limited
WirekatMarkus
59 most used Linux commands - with usage examples
This is a compilation of some of the most used commands in Linux. I find that if you already know 50% of these, you’re doing quite well. 10 Concepts Every Linux User Should Know AboutLinux is a powerful and versatile operating system that can run on a variety of devices,
WirekatMarkus

Read more