Evan B. '10 | April 23, 2008
"Live Kernel Patching System"
This is partially a plug for a friend of mine, but it's also a really cool system that I think some of you might like.
Ksplice is system for automatically patching a Linux kernel without reboots. Jeff Arnold '07, MEng '08 developed this as his master's thesis, and today released the system to the Linux Kernel Mailing List (LKML).
Ksplice requires nothing more than the currently running kernel source and the configuration settings, combined with a patch to the source code, to generate a kernel module which, when loaded, can be used to immediately patch vulnerabilities or introduce new behavior. As a maintainer of linux.mit.edu, the SIPB Linux dialup server, Jeff has in the past used Ksplice to keep this server up, which many people on campus rely on.
This really has the potential to revolutionize systems administration for high-reliability systems. But...don't take it from me. Take it from Ted Ts'o '90. Ted is an active kernel hacker who, among other things, developed the ext2 filesystem, the basis for the ext3 filesystem, which is one of the major filesystems used on Linux today.
Here's what Ted says in ZDNet's article:
Top kernel developer and Linux Foundation fellow Ted Ts’o said the Ksplice software is much needed by telecommunications providers and anyone who hates downtime. “It allows you to hot patch the Linux kernel with a security update without rebooting the computer. It’s a binary patch capability that is highly automated,” said Ts’o. “Users in the carrier grade linux space have been clamoring for this for a while. If you are a carrier in telephony and don’t want downtime, this stuff is pure gold.”The best part? It doesn’t require any kernel modifications, Ts’o said.
(Here's the LKML posting: http://permalink.gmane.org/gmane.linux.kernel/669951)
|
The author has filed this entry in the "Life After MIT (Careers & Grad School)" section; check it out for further reading on this topic. |
Responses To This Entry:
(Please note that comments are closed after 30 days to reduce spam.)
Very cool!
Posted by: Migulic on April 23, 2008 03:59 PM
Wow, pretty neat.
Posted by: Rose on April 23, 2008 04:34 PM
so, now downtime, ever. Sweet.
The only bad thing I see about this is you can play eve online for more then one day straight now.
Very cool. Perfect timeing with failsta(vista) ... failing.
Posted by: Burst on April 23, 2008 07:30 PM
Whoa. I do not understand any of that.
But I'm glad there are people that do!
Posted by: Amelia on April 23, 2008 10:03 PM
Sorry, but I am a little bit confused...
Posted by: liam on April 23, 2008 11:09 PM
I might try this on one of my test boxes.
I remember being excited when learning about the feature that would allow you to swap kernels on the fly, but this looks even more intriguing.
Speaking of that, I really need to update my kernel.
joey@alpha ~ $ cat /proc/version
Linux version 2.6.24-rc3-zen3-jwc1 (root@alpha) (gcc version 4.1.2 (Gentoo 4.1.2)) #3 Tue Jan 29 17:20:35 EST 2008
Yeah, I took the Zen kernel builds and threw in some customizations of my own.
Posted by: JWC '12 on April 24, 2008 01:07 AM
that sounds cool. not sure i really need something like that atm, but i'm sure it will come useful some day :)
JWC '12, you think you need to update?
$ uname -rs
FreeBSD 6.1-RELEASE
that's running on my server :D but it's a private server in a pretty secure place and it's been working without any glitches for over a year now :)
evan, what happened to that project? the flash hard disk thingie?
Posted by: Sh1fty on April 24, 2008 06:14 AM
That's amazing! That's legendary! Jeff, if you're reading this, you're awesome.
Posted by: Hawkins on April 25, 2008 12:46 AM
Just what the boss ordered. Thanks for the contribution Jeff :) The place I work at, keeping the system down even for 2 minutes isnt possible. And we have to update the kernel everytime a patch is released
Posted by: Naif on April 25, 2008 11:16 PM
