Skip to content

ULPatch Main Page

Description

ULPatch is open source user space live patch tool, under GPL-2.0 or later license.

I drew the ULPatch logo shown above using drawio. The meaning of this logo is obvious, the penguin means that ULPatch supports Linux, and he looks different from Linux Tux. And at the same time, you can see that the penguin is made up of patches and that he is alive.

The heart of a penguin is a CPU, which of course is closely related to the instruction set. This CPU icon is not made up of patches, I mean, ULPatch can only be applied to the user space, after all, the kernel space has a more complete livepatch mechanism.

Background

For a process like Qemu that cannot be interrupted and restarted, vulnerability fixing is very difficult. Especially for cloud vendors, the live patch is very important.

Hot patching in the kernel is already a relatively mature technology. Implementing livepatch based on ftrace in the linux kernel. Of course, the ULPatch project only discusses user-mode programs.

ULPatch draws on several excellent open source projects, such as cloudlinux/libcare, and Huawei’s secondary development openeuler/libcareplus. SUSE has also open sourced its own live patch solution SUSE/libpulp.

At the same time, the implementation of the kernel's finit_module(2) and init_module(2) system calls is also of great reference value. Even in the early stages of development, the relocation code was transplanted from these two system calls.

Judging from the current research on outstanding projects, the live patch function relies on modifying the assembly instructions at the function entrance to make it jump to a new function, thereby realizing the live patch function.

I think I should detail the inspiration of ULPatch from these open source projects in another document instead of a README file.

Author's Monologue

I don't like to get involved in the License wars, so please forgive me if I misquote open source code. After all, this is not a commercial project.

My native language is Chinese, not English, so please excuse my poor English grammar.

I drew all logo/svg shown in ULPatch using drawio.

I'm a Linux Newbie, little student.