Quick guide If you have a kernel module patch and want to try it out in Qubes OS kernel. I had a hard time doing this but I finally work it out.
- It is better to make sure that the AppVM you building kernel module at (VM1), the TemplateVM you want to try out hot patch (VM2), and the AppVM user of VM2 (VM3) uses the exact same version of Qubes OS VM kernel.
- Build your patched kernel module in VM1. Make sure that you have the environment suitable for linux kernel building (tutorial on how to build kernel is everywhere on the internet); download the correct linux kernel version; apply patch; refer to How to Compile Just One Kernel Module to make sure that your module building context is correct (
cd linux-5.xx.xx;zcat /proc/config.gz > .config;ln -s /lib/modules/5.xx.xx-x.fc32.qubes.x86_64/build/Module.symvers .;make scripts prepare modules_prepare); build the specific module (make -C . M=drivers/path/to/your/module/dir/) - (Optional) inspect your
.kofile inobjdumporghidrato make sure that you have applied your patch. qvm-copythe kernel module file to VM2.
We need to put the module file in /lib/modules/5.xx.xx-x.fc32.qubes.x86_64/kernel/drivers/path/to/your/module/dir/, however yo got a permission denied even when you are root (mostly due to selinux). So we have a circumvention.
-
In VM2,
cd /tmp; mkdir sysroot; sudo mount /dev/xvda3 sysroot;
Notice that you cannot copy the sole.koto the/tmp/sysroot/lib/modules/.../; you need to copy the whole tree and patch the module.
Thussudo cp -r /lib/modules/KERNEL_VERSION /tmp/sysroot/lib/modules/, and then patch your kernel module by
sudo cp ~/QubesIncoming/VM1/yourmodule.ko /tmp/sysroot/lib/modules/5.xx.xx-x.fc32.qubes.x86_64/kernel/drivers/path/to/your/module/dir/.
Finallycd /tmp; sudo umount sysroot -
Shutdown VM2; reboot VM2 to see whether it boots; if it boots then the config should be correct. Run VM3 and test out your patch.