Aliyun Linux 2 kernel hot patch function introduction

1. Preparations
1.1 Kernel version

The first thing to do is to confirm the currently running kernel version. Run the following commands inside the operating system:

uname -r
4.19.57-15.1.al7.x86_64
1.2 Install dependency packages and kernel-related tools

sudo yum install -y alinux-release-source alinux-release-kernels
sudo yum install -y yum-utils
sudo debuginfo-install -y kernel-$(uname -r) # Install Debuginfo package
sudo yum install -y kpatch pesign zlib-devel
binutils-devel newt-devel python-devel perl-ExtUtils-Embed
audit-libs audit-libs-devel numactl-devel pciutils-devel bison patchutils
kernel-devel-$(uname -r) # Install dependencies
sudo yum-builddep -y kernel-$(uname -r) # Check dependencies when building the kernel
1.3 Install kpatch-build

To make a hot patch, you need to use a tool kpatch-build that has not been put into the YUM source, and you need to get the source code from GitHub. Run the following commands to get the code and compile it:

sudo yum install -y git
git clone https://github.com/dynup/kpatch.git
cd kpatch
make
1.4 Prepare the kernel source code

sudo yumdownloader --source kernel-$(uname -r) #Install the kernel source code
export VRDA=$(uname -r)
rpm -ivh kernel-${VRDA/x86_64/src}.rpm
rpmbuild --without debug
--without doc
--without perf
--without tools
--without bpftool
--without debuginfo
-bp ~/rpmbuild/SPECS/kernel.spec
export SourceDir=$(ls -d ~/rpmbuild/BUILD/kernel-${VRDA/-*/}/linux-*)
cp ~/rpmbuild/SOURCES/modsign_alinux.pem $SourceDir/certs
cp ~/rpmbuild/SOURCES/x509.genkey $SourceDir/certs
sed -i "s/CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION="${VRDA/*-/-}"/" $SourceDir/.config
2. Prepare the patch file that needs to be hot patched
Please prepare hot patch files according to the actual situation. Generally speaking, the patch files obtained from the Git tree of the kernel source code can be used, but not all patch files can be used to make hot patches. Restrictions are well understood, otherwise serious problems that are not limited to operating system downtime may occur.

Here is a sample patch file:

diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c
index edda898..8a4a686 100644
--- a/fs/proc/meminfo.c
+++ b/fs/proc/meminfo.c
@@ -121,7 +121,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v)

(unsigned long)VMALLOC_TOTAL >> 10);
show_val_kb(m, "VmallocUsed: ", 0ul);
- show_val_kb(m, "VmallocChunk: ", 0ul);
+ show_val_kb(m, "VMALLOCCHUNK: ", 0ul);
show_val_kb(m, "Percpu: ", pcpu_nr_pages());
Note that the patch file must match the decompressed source code of the currently downloaded kernel source package.

3. Execute hot patch creation
cd kpatch
export VRDA=$(uname -r)
export SourceDir=$(ls -d ~/rpmbuild/BUILD/kernel-${VRDA/-*/}/linux-*)
./kpatch-build/kpatch-build -v
-j$(getconf _NPROCESSORS_ONLN) #meminfo.patch is the patch file from the previous step
If the execution is successful, the livepatch-meminfo.ko file will be generated in the current directory

4. Load hot patch
sudo kpatch load livepatch-meminfo.ko