Technology

Live Linux Kernel Patching To Extend Server Uptime

7 Jul 2014 11:22pm, by

In my day job I have received repeated questions from customers wanting to understand more about the possibility of using Linux live kernel patching to extend server uptime. There has been recent interest in Linux patching and two projects are (sort of) competing to provide this functionality. One headed by Red Hat called kpatch and one by Suse called kgraft.

So far the techniques by each of those tools are slightly different. One would at least hope both projects would cooperate and cherry-pick pieces of the innovation created by both parties. For my first test, I decided to demo kpatch. I designed a slightly interesting use case where I exploit a vulnerability in the default Fedora 20 kernel. I then successfully get the kernel to “oops” and require a reboot. Afterwards, I grab a source patch, build that into a live kernel patch module and instruct the running kernel to load it. And lo and behold, the vulnerability has been plugged! Look ma, no reboot required.

Live kernel patching is always interesting, so I thought The New Stack readers certainly deserve this treat. Have any questions? Shoot me a comment below, or tweet @ak_kim0.

Ahmed Kamal (@ak_kim0) is the cloud infrastructure director at Cloud Niners (www.cloud9ers.com). Cloud Niners specializes in large scale Linux operations, private and public cloud deployments. DevOps style automation and consulting work

A newsletter digest of the week’s most important stories & analyses.

View / Add Comments

Please stay on topic and be respectful of others. Review our Terms of Use.