File kgr.man of Package kgraft
.\" Libor Pechacek <firstname.lastname@example.org>
.TH KGR 8 2017-12-12 "SLES 12" "SLE Live Patching"
kgr \- query and manipulate kGraft patching status
.RB [ " \-hv " ]
command can be used for getting a quick overview of the kGraft patching status.
Also it can poke blocking processes and move forward with the patching.
For some of the commands, the output can be made more verbose by using
Display the overall status of kGraft patching (ready or in_progress)
Indicate the overall kGraft patching status with exit code. This command is
intended for use in scripts.
Display the list of loaded patches. By default the command prints lists only
kernel modules which contain kGraft patches. With
additional fields are printed.
tells whether the patch is currently in use or can be unloaded.
shows the RPM package name in which the kGraft patch was distributed.
lists fixes included in this kGraft patch, which have CVE numbers assigned.
.I "Bug fixes and enhancements"
lists changes included in this kGraft patch, which do not have CVEs assigned.
More information about individual changes can be found in the patch RPM
package change log, SUSE Security Advisories, CVE database and the patch RPM
List processes that are preventing kGraft patching from finishing. By default just the PIDs are listed. Specifying
print out the command line. Another
will display also stack traces if available.
List process threads that are preventing kGraft patching from finishing. This commands gives a more detailed view than
.IR blocking .
First column shows the process id, second column shows the thread id. Option
has the same effect as with
.IR blocking .
Send STOP and CONT signals to processess that are blocking kGraft progress. See
for discussion about this method.
.B \-h --help
Display a help screen and quit.
.B \-v --verbose
print out process command line with
will display also strack traces.
Version. Display the version number.
.SH EXIT STATUS
command the exit status is 0 when system is ready for kernel live patching and
1 when patching is in progress. For other commands the exit status is 0 upon
successful command completion and 1 upon error.
By design, kGraft technology requires the processes to cross the user
space/kernel boundary to present them with the patched kernel code. Processes
that sleep in kernel code at the time the patch module is loaded will prevent
patching process from finishing until they leave kernel space. These processes
usually leave kernel after the event, for which they are waiting, happens or
Sending regular processes STOP signal followed by CONT signal achieves the
goal of making them to cross the user space/kernel boundary immediately. However, this
method may not be suitable for all processes running in the system and does not
apply to kernel threads and processess in