Tuesday, June 5, 2012

HowTo Patch Running Linux Kernel

Patching production kernel is a risky business. Following procedure will help you to fix the problem.

Step # 1: Make sure your product is affected

First find out if your product is affected by reported exploit.Also make sure bug affects your architectures. For example, a bug may only affect 64 bit or 32 bit platform.

Step # 2: Apply patch

You better apply and test patch in a test environment. Please note that some vendors such as Redhat and Suse modifies or backports kernel. So it is good idea to apply patch to their kernel source code tree. Otherwise you can always grab and apply patch to latest kernel version.

Step # 3: How do I apply kernel patch?

WARNING! These instructions require having the skills of a sysadmin. Personally, I avoid recompiling any kernel unless absolutely necessary. Wrong kernel option can disable hardware or may not boot system at all. If you don't understand the internal kernel dependencies don't try this on a production box.
Change directory to your kernel source code:
# cd linux-3.0.xx.yy  

Download and save patch file as fix.vmsplice.exploit.patch:
# cat fix.vmsplice.exploit.patch
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1234,7 +1234,7 @@ static int get_iovec_page_array(const struct iovec __user *iov,
                if (unlikely(!len))
                error = -EFAULT;
-               if (unlikely(!base))
+               if (!access_ok(VERIFY_READ, base, len))
Now apply patch using patch command :

The following usage is most commonly used:
$ patch -p1 < {/path/to/patch/file}
To apply a patch, one could run the following command in a shell:
$ patch < /path/to/file
Patches can be undone, or reversed, with the '-R' option:
$ patch -R < /path/to/file

To Compile and install Linux Kernel please check http://www.linuxhowto.in/2012/06/howto-compile-linux-kernel.html

I hope this HowTO will save someones time.
Don't forget to "Like" us on Facebook"!!!!! :)

DISCLAIMER: The information provided on this website comes without warranty of any kind and is distributed AS IS. Every effort has been made to provide the information as accurate as possible, but no warranty or fitness is implied. The information may be incomplete, may contain errors or may have become out of date. The use of this information described herein is your responsibility, and to use it in your own environments do so at your own risk.

Copyright © 2012 LINUXHOWTO.IN

No comments:

Post a Comment