Live patching CVE-2019-8912

A kpatch simple use case

[root@dhcppc0 ~]# cat CVE-2019-8912.patch
--- src/crypto/af_alg.c 2018-12-19 10:14:13.000000000 -0500
+++ af_alg.c 2019-02-19 13:19:32.779007417 -0500 @@ -121,8 +121,10 @@
 
int af_alg_release(struct socket *sock)
 {
- if (sock->sk)
+ if (sock->sk) {
                sock_put(sock->sk);
+ sock->sk = NULL;
+ }
        return 0;
 }
 EXPORT_SYMBOL_GPL(af_alg_release);


[root@dhcppc0 ~]# ~/kpatch/kpatch-build/kpatch-build -t vmlinux CVE-2019-8912.patch 
Using cache at /root/.kpatch/src Testing patch file(s)
Reading special section data
Building original source
Building patched source
Extracting new and modified ELF sections
af_alg.o: changed function: af_alg_release
Patched objects: vmlinux
Building patch module: livepatch-CVE-2019-8912.ko
SUCCESS


[root@dhcppc0 ~]# ~/kpatch/kpatch/kpatch load livepatch-CVE-2019-8912.ko 
loading patch module: livepatch-CVE-2019-8912.ko
waiting (up to 15 seconds) for patch transition to complete...
transition complete (1 seconds)


[root@dhcppc0 ~]# dmesg | grep live 
[78024.840919] livepatch: enabling patch 'livepatch_CVE_2019_8912'
[78024.845822] livepatch: 'livepatch_CVE_2019_8912': starting patching transition
[78025.706203] livepatch: 'livepatch_CVE_2019_8912': patching complete


[root@dhcppc0 ~]# lsmod | grep live
livepatch_CVE_2019_8912 15128 1