≡ Menu

kernel hot patching

Ksplice: Upgrade / Patch Your Linux Kernel Without Reboots

All Linux distributions need a scheduled reboot once to stay up to date with important kernel security updates. RHN (or other Linux distro vendors) provides Linux kernel security updates. You can apply kernel updates using yum command or apt-get command line options. After each upgrade, you need to reboot the server. Ksplice service allows you to skip reboot step and apply hotfixes to the kernel without rebooting the server. In this post, I will cover a quick installation of Ksplice for RHEL 5.x and try to find out if service is worth every penny. The technology and hack behind this looks pretty cool. This is useful if you’ve a small number of Linux based servers and/or you want avoid unscheduled reboot just to apply hotfix to Linux kernel.
[click to continue…]

Sysadmin because even developers need heroes!!!

Ksplice: Patch The Linux Kernel Without Rebooting System

You may be aware that after kernel upgrade and kernel security patching you need to reboot Linux box. Now, there is a new patch called – Ksplice. It provides rebootless Linux kernel security update. It is available under GPL 2 and has been tested on Linux kernel versions from 2.6.8 to the recently released 2.6.25 and on several Linux distributions including Debian, Ubuntu, Red Hat Enterprise Linux and Gentoo Linux.

Ksplice allows system administrators to apply security patches to the Linux kernel without having to reboot. Ksplice takes as input a source code change in unified diff format and the kernel source code to be patched, and it applies the patch to the corresponding running kernel. The running kernel does not need to have been prepared in advance in any way.

To be fully automatic, Ksplice’s design is limited to patches that do not introduce semantic changes to data structures, but most Linux kernel security patches don’t make these kinds of changes. An evaluation against Linux kernel security patches from May 2005 to December 2007 finds that Ksplice can automatically apply 84% of the 50 significant kernel vulnerabilities from this interval.

Ksplice has been implemented for Linux on the x86-32 and x86-64 architectures.

=> Ksplice: Rebootless Linux kernel security updates (via zdnet)