[RFC PATCH 0/4] trace, livepatch: Allow kprobe return overriding for livepatched functions

From: Yafang Shao

Date: Thu Apr 02 2026 - 05:29:27 EST

Livepatching allows for rapid experimentation with new kernel features
without interrupting production workloads. However, static livepatches lack
the flexibility required to tune features based on task-specific attributes,
such as cgroup membership, which is critical in multi-tenant k8s
environments. Furthermore, hardcoding logic into a livepatch prevents
dynamic adjustments based on the runtime environment.

To address this, we propose a hybrid approach using BPF. Our production use
case involves:

1. Deploying a Livepatch function to serve as a stable BPF hook.

2. Utilizing bpf_override_return() to dynamically modify the return value
of that hook based on the current task's context.

A significant challenge arises when atomic-replace is enabled. In this
mode, deploying a new livepatch changes the target function's address,
forcing a re-attachment of the BPF program. This re-attachment latency is
unacceptable in critical paths, such as those handling networking policies.

To solve this, we introduce a hybrid livepatch mode that allows specific
patches to remain non-replaceable, ensuring the function address remains
stable and the BPF program stays attached.

Furthermore, this mechanism provides a lower-maintenance alternative to
out-of-tree BPF hooks. Given the complexities of upstreaming custom BPF
hooks (e.g., [0], [1]), this hybrid mode allows for the maintenance of
stable, minimal hook points via livepatching with significantly reduced
maintenance burden.

Link: https://lwn.net/Articles/1054030/ [0]
Link: https://lwn.net/Articles/1043548/ [1]

Yafang Shao (4):
trace: Simplify kprobe overridable function check
trace: Allow kprobes to override livepatched functions
livepatch: Add "replaceable" attribute to klp_patch
livepatch: Implement livepatch hybrid mode

include/linux/livepatch.h | 2 ++
kernel/livepatch/core.c | 50 +++++++++++++++++++++++++++++++
kernel/trace/Kconfig | 14 +++++++++
kernel/trace/bpf_trace.c | 14 ++++++---
kernel/trace/trace_kprobe.c | 49 ++++++++++++------------------
kernel/trace/trace_probe.h | 59 +++++++++++++++++++++++++++----------
6 files changed, 139 insertions(+), 49 deletions(-)

--
2.47.3