Re: LKPK (Live Kernel Patching Kit)

Christer Weinigel (
26 Jul 1998 00:38:42 -0000

In article <199807251952.PAA24848@zugzug.cfar.UMD.EDU>,
Adam Sulmicki <adam@cfar.UMD.EDU> wrote:
> I can assign specific address to ptrs to variable. However, HOW
> can I make _variable_ to be at given address?
> Same with function, I can make ptr to specific function and
> I can assig it specific address. But, HOW can I declare
> function and make it start at specific adreess?

You can't change the addresses of variables or functions if the only
information you have available is the file. The addresses
of variables and functions in the kernel are resolved at link time and
are encoded in the instructions themselves.

To be able to change the address of a variable you would have to find
every place this variable is accessed and modify that instruction, and
not only that you would also have to change every place where one
might have used the addressof operator (e.g. if you want to move bar,
and the code has executed "foo = &bar", you would have to change the
value of foo too). It might be possible to do this for very small,
localised changes in the kernel if you know exactly what you're doing,
but it's next to impossible to do this automatically.

For functions you have exactly the same problem, but as long as
external references to this function only jumps to the first
instruction (which means everything written in C) you can overwrite
this first instruction with a jump to the new function's address.

I might add that I believe that what you're trying to do is extremely
hard to get right. Changing an off-by-one error which just means
replacing a JLT with a JLE instruction (were both instructions are the
same size and have the same operands) is almost simple. Doing more
complex changes makes my brain ache, just thinking about it. :-)

/Christer (who still can't stop reading linux-kernel
when he really ought to be sleeping)

If it's tourist season, why can't we shoot them?

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at