My First Kernel Patch - Part 1

3-minute read
linux patching software

Introduction

This journal entry was written by me, Brandon Nolet, in the context that I’m patching a kernel right now due to the SACK panic vulnerability.

First Time

As this is the first time patching a kernel, I had absolutely no idea how to even start. I did a quick search and found that there’s the patch command. So I downloaded the patch file for the specific vulnerability I wanted to mitigate and went to town with `patch` aaandd…immediately hit a snag. I was presented with a `File to patch:`. I looked around in the patch file and found a few directories I could search.

I perform a `find` on my system and come to find that these directories don’t exist. I perform several other `find`s to no avail. It was only then that I realized that I couldn’t perform the patch on any actually live files. Canonical provides the livepatch service but I wasn’t about to set that up just to apply a patch.

After searching around I finally looked up exactly ubuntu patch kernel and happened upon this stackoverflow page. At this point I started to feel the gravity of what I was actually doing: I was going to compile and run my own kernel! My heart started to race and this suddenly became less of “oh great, I have to apply a patch” to “fuck yeah, let’s compile my own kernel!”

The Present

Up until this point, as you can see, I’d never compiled a kernel before. I had never even downloaded the source for the kernel. And now, I write this post as I go along. I’ve installed all the recommended packages and now I’m about dive into the ubuntu repos to find the kernel version that corresponds to what I’m currently running.

So I was about to go to launchpad when I realized that I was going to the wrong place. The correct site is kernel.ubuntu.com. Maybe I should make a coffee, cloning the repo for the kernel is probably going to take a while. I wrote that last sentence and it’s still only just counting the objects in the repo. This is ridiculous.

Okay, we approached 5 million objects in the repo. I was initially going to perform the compilation on my VPS, but I think that might be a terrible idea. So I’m going to switch to doing this on my home machine.

Conclusion

So it’s actually getting late and I think it might be better to save this for another night as I want some time with my partner before I go to sleep. To be continued!