Click here to learn
about this Sponsor:
Home  |  News  |  Articles  |  Polls  |  Forum

Keywords: Match:
Article explores Linux hot-patching utility
May 08, 2008

LWN.net has published an article about ksplice, a hot-patching utility for the Linux kernel that was developed by an MIT grad student. Ksplice lets users make changes to running kernel code -- for example to apply a security patch -- without rebooting the system or interrupting services running on it.

The article was written by LWN.net co-founder Jonathan Corbet. It inspired a lively discussion of the technology, and its chances of being merged into the mainline Linux kernel source code tree. Carrier Grade Linux and high-availability Linux distributions typically already have hot-patching implementations of their own, but the mainline kernel still does not.

Ksplice was announced on April 23rd on LWN.net in a post by the utility's lead developer, Jeffrey Brian Arnold, a graduate student at MIT. Ksplice works on any patch that "does not introduce semantic changes to data structures," says Arnold in his MIT paper on the subject, "Ksplice: An automatic system for rebootless Linux kernel security updates". On the Ksplice project site, Arnold reports that an evaluation of Linux kernel security patches from May 2005 to December 2007 found that Ksplice automatically applied 84 percent of "50 significant kernel vulnerabilities."

According to Corbet, ksplice should attract considerable interest from Linux administrators who need to install security patches to correct vulnerabilities in the Linux kernel. Each patch requires several minutes of downtime, which can either be an inconvenience or in the case of critical systems, an intolerable interruption.


Ksplice process for creating a hot update
[Source: Jeffrey Brian Arnold, MIT,
" Ksplice: An automatic system for rebootless Linux kernel security updates"]
(Click to enlarge)


From Corbet's description, ksplice compiles the system's kernel from source, with and without the patch, creating a kind of binary diff. It then inserts "trampolines" inside of functions affected by the patch. The trampolines simply bounce processing over to newly instantiated, patched object code. Clever stuff.

Ksplice still needs work, says Corbet, but he likes what he sees, enough to suggest that it might be a good addition to mainline. However, Arnold feels that such a move is unnecessary, says Corbet, and there is also a potential conflict from a 2002 Microsoft patent covering similar hot-patching.

The general consensus in the Linux development crowd is that the patent is invalid, says Corbet, since similar approaches have been used for decades. But who really wants to take Microsoft in court when writing code is so much more fun?

Availability

The full LWN.net article, entitled "Ksplice: kernel patches without reboots," should be available here.


Related Stories:

(Click here for further information)

7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.

4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.

Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.

Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.

Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.

Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.

Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.

Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.

Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.

 
Got a HOT tip?   please tell us!
Free weekly newsletter
 Enter your email...
Click here for a profile of each sponsor:
PLATINUM SPONSORS
GOLD SPONSORS
(Become a sponsor)

ADVERTISEMENT
(Advertise here)
Check out the latest Linux powered...

mobile phones!

other cool
gadgets

BREAKING NEWS

• Linux-friendly SoCs target low-end multimedia
• CompactFlash as a COTS "standard"
• 65nm ARM9 SoCs target PNDs, smartphones
• Motorola Ming A1600 ships
• N810 gains Android installer
• PC/104-Plus board runs Linux on x86 SoC
• Webinars explore embedded Linux development
• Linux video camera geo-tags, writes to SATA drives
• Garmin Nav devices run Gnome Linux
• Ten LiMo phones this month?
• It's a Yankee Doodle Linux phone
• Wind River to host "Developer Day"
• Dev boards gain Linux support
• 802.11n zooms ahead
• Low-power mini-ITX board runs Linux
Most popular stories -- past 30 days:
• World's cheapest Linux-based laptop?
• Ubuntu ported to a PDA
• 64-way chip gains Linux IDE, dev cards, design wins
• Embedded PowerPC dev kits come with Linux
• Rapid time-to-evaluation -- a key goal for silicon providers
• Embedded Linux is doomed. DOOOMED!
• Rugged PDA available with Linux
• Netflix Player runs Linux
• Miniature Linux PC targets military apps
• $7 SoC runs Linux
• Android Developer Challenge announces first-round winners
• Dual-core ARM SoC clocks to 1.2GHz
Linux-Watch headlines:
• Microsoft tactics push India toward Linux
• Bell, SuperMicro sued over GPL
• "Business intelligence" software goes GPL
• Will Atom bomb?
• LF Summit videos posted
• Linux gains "embedded" maintainers
• Virtualization on tap in SLES and RHEL upgrades
• Linux gets security black eye
• Verizon chooses Linux "platform of choice"
• Hats off to Fedora 9
Also visit our sister site:

Sign up for LinuxDevices.com's...

news feed
Home  |  News  |  Articles  |  Polls  |  Forum  |  About  |  Contact
 

Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
Tech RSS Feeds | White Papers | ROI Calculators | Tech Podcasts | Tech Video | VARs | Channel News

Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
Publish | Security IT Hub | Strategic Partner | Web Buyer's Guide | Windows for Devices

Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

Use of this site is governed by our Terms of Service and Privacy Policy. Except where otherwise specified, the contents of this site are copyright © 1999-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is prohibited. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their respective owners.