Live Kernel Patching System by Evan B. '10
An MIT alum and graduate student just released a system for applying Linux kernel updates without rebooting your system.
This is partially a plug for a friend of mine, but it’s also a really cool system that I think some of you might like.
Ksplice is system for automatically patching a Linux kernel without reboots. Jeff Arnold ’07, MEng ’08 developed this as his master’s thesis, and today released the system to the Linux Kernel Mailing List (LKML).
Ksplice requires nothing more than the currently running kernel source and the configuration settings, combined with a patch to the source code, to generate a kernel module which, when loaded, can be used to immediately patch vulnerabilities or introduce new behavior. As a maintainer of linux.mit.edu, the SIPB Linux dialup server, Jeff has in the past used Ksplice to keep this server up, which many people on campus rely on.
This really has the potential to revolutionize systems administration for high-reliability systems. But…don’t take it from me. Take it from Ted Ts’o ’90. Ted is an active kernel hacker who, among other things, developed the ext2 filesystem, the basis for the ext3 filesystem, which is one of the major filesystems used on Linux today.
Here’s what Ted says in ZDNet’s article:
Top kernel developer and Linux Foundation fellow Ted Ts’o said the Ksplice software is much needed by telecommunications providers and anyone who hates downtime. “It allows you to hot patch the Linux kernel with a security update without rebooting the computer. It’s a binary patch capability that is highly automated,” said Ts’o. “Users in the carrier grade linux space have been clamoring for this for a while. If you are a carrier in telephony and don’t want downtime, this stuff is pure gold.”
The best part? It doesn’t require any kernel modifications, Ts’o said.
(Here’s the LKML posting: http://permalink.gmane.org/gmane.linux.kernel/669951)
Very cool!
Wow, pretty neat.
so, now downtime, ever. Sweet.
The only bad thing I see about this is you can play eve online for more then one day straight now.
Very cool. Perfect timeing with failsta(vista) … failing.
Whoa. I do not understand any of that.
But I’m glad there are people that do!
Sorry, but I am a little bit confused…
I might try this on one of my test boxes.
I remember being excited when learning about the feature that would allow you to swap kernels on the fly, but this looks even more intriguing.
Speaking of that, I really need to update my kernel.
joey@alpha ~ $ cat /proc/version
Linux version 2.6.24-rc3-zen3-jwc1 (root@alpha) (gcc version 4.1.2 (Gentoo 4.1.2)) #3 Tue Jan 29 17:20:35 EST 2008
Yeah, I took the Zen kernel builds and threw in some customizations of my own.
that sounds cool. not sure i really need something like that atm, but i’m sure it will come useful some day
JWC ’12, you think you need to update?
$ uname -rs
FreeBSD 6.1-RELEASE
that’s running on my server :D but it’s a private server in a pretty secure place and it’s been working without any glitches for over a year now
evan, what happened to that project? the flash hard disk thingie?
That’s amazing! That’s legendary! Jeff, if you’re reading this, you’re awesome.
Just what the boss ordered. Thanks for the contribution Jeff
The place I work at, keeping the system down even for 2 minutes isnt possible. And we have to update the kernel everytime a patch is released