Live Kernel Patching System by Evan B. '10
An MIT alum and graduate student just released a system for applying Linux kernel updates without rebooting your system.
This is partially a plug for a friend of mine, but it’s also a really cool system that I think some of you might like.
Ksplice is system for automatically patching a Linux kernel without reboots. Jeff Arnold ’07, MEng ’08 developed this as his master’s thesis, and today released the system to the Linux Kernel Mailing List (LKML).
Ksplice requires nothing more than the currently running kernel source and the configuration settings, combined with a patch to the source code, to generate a kernel module which, when loaded, can be used to immediately patch vulnerabilities or introduce new behavior. As a maintainer of linux.mit.edu, the SIPB Linux dialup server, Jeff has in the past used Ksplice to keep this server up, which many people on campus rely on.
This really has the potential to revolutionize systems administration for high-reliability systems. But…don’t take it from me. Take it from Ted Ts’o ’90. Ted is an active kernel hacker who, among other things, developed the ext2 filesystem, the basis for the ext3 filesystem, which is one of the major filesystems used on Linux today.
Here’s what Ted says in ZDNet’s article:
Top kernel developer and Linux Foundation fellow Ted Ts’o said the Ksplice software is much needed by telecommunications providers and anyone who hates downtime. “It allows you to hot patch the Linux kernel with a security update without rebooting the computer. It’s a binary patch capability that is highly automated,” said Ts’o. “Users in the carrier grade linux space have been clamoring for this for a while. If you are a carrier in telephony and don’t want downtime, this stuff is pure gold.”
The best part? It doesn’t require any kernel modifications, Ts’o said.
(Here’s the LKML posting: http://permalink.gmane.org/gmane.linux.kernel/669951)