SlideShare a Scribd company logo

kpatch.kgraft

Udo Seidel
Udo Seidel

Overview of Online Linux Kernel Patching

Technology
1 of 41
Download to read offline
Reboot adieu! Online Linux kernel patching Udo Seidel
Cebit - Opensource Forum 2015 Agenda ● Who & Why? ● How? ● Players & Show! ● And?
Cebit - Opensource Forum 2015 Me :-) ● Teacher of mathematics and physics ● PhD in experimental physics ● Started with Linux in 1996 ● Linux/UNIX trainer ● Solution engineer in HPC and CAx environment ● Head of the Linux Strategy and Server Automation @Amadeus
Cebit - Opensource Forum 2015 Why?
Cebit - Opensource Forum 2015 Why kernel updates? ● Business critical applications on Linux ● Bug fixing ● New functions ● improvements ● External requirements ● Importance of security, e.g. PCI-DSS
Cebit - Opensource Forum 2015 What is 'wrong' with reboots? ● Missing HA ● Procedures, Operations, ... ● External requirements
Cebit - Opensource Forum 2015 Do we really need a reboot? Question ....
Cebit - Opensource Forum 2015 Looking back and around ● Not new ● mainframes ● hot updates for Unix ● Early days of Linux ● Picked up by the 'dark side' ● Rootkits
Cebit - Opensource Forum 2015 How?
Cebit - Opensource Forum 2015 Source code comparison ● One approach for generation of hot updates ● Looks simple ... but ● High programming language skills needed ● Analysis complex ● Code replacement unclear
Cebit - Opensource Forum 2015 Object code comparison ● Advantages ● Reduced need for developing skills ● Implicit patch analysis ● Can be automated ● Used already in that context ● Challenges ● Object code generation ● Code replacement
Cebit - Opensource Forum 2015 Open questions ● Creation in general ● Detect and cover dependencies ● Activation ● Deactivation(?) ● Management
Cebit - Opensource Forum 2015 Players!
Cebit - Opensource Forum 2015 Ksplice arises ... ● 2008/2009 ● 4 students @ MIT – Thesis from Jeff Arnolds ● Ksplice Inc. founded – GPLv2 – Supported: Debian, Ubuntu, Fedora, CentOS, RHEL ● July 2011 ● Acquired by Oracle
Cebit - Opensource Forum 2015 Ksplice – high level ● Patching original source code ● Generation of new object code ● Comparison of 'old' and new object code ● Load of the delta code ● Address redirection to activate new object code
Cebit - Opensource Forum 2015 The newcomers ● Opensource ● SUSE ● Red Hat ● Partially Opensource ● CloudLinux
Cebit - Opensource Forum 2015 Red Hat's kpatch
Cebit - Opensource Forum 2015 kpatch – History ● Not picked up for a long time ● Big surprise in FEB2014 ● dynup-kpatch project on Github ● Quite advanced – Tools – Scripts – Documentation
Cebit - Opensource Forum 2015 kpatch – How ● Object code comparison ● New function per kernel module ● Jump address manipulation BUT ● Out of scope ● Constantly used system calls ● virtual Dynamic Share Objects (vDSO) ● Change (of handling) of data allocation
Cebit - Opensource Forum 2015 kpatch – Object Code Comparison ● 2 kernel compilations ● With & without patch ● Speedup by CCACHE ● Compiler flags – ­ffunction­sections – ­fdata­sections ● O/S tools ● objcopy ● readelf
Cebit - Opensource Forum 2015 kpatch – New Function to Kernel ● No kernel code change needed ● Two modules ● Base/Core ● Patch ● Function name unchanged
Cebit - Opensource Forum 2015 kpatch – Jump Address Challenge ● ftrace ● Function TRACEr ● mcount() ● kpatch-handler ● stop_machine() ● Under discussion ● See Masami Hiramatsu's fork
Cebit - Opensource Forum 2015 kpatch – Toolbox ● 2 sets ● Builder ● Loader ● http://github.com/dynup/kpatch/
Cebit - Opensource Forum 2015 SUSE's kGraft
Cebit - Opensource Forum 2015 kGraft - History ● 'talks' since spring/summer 2012 ● Announcement at SUSECon 2012 ● Very quiet at SUSECon 2013 ● Surprising news in FEB2014 ● Source code not immediately available ● Presentation at Linux Collaboration Summit ● Git repository public since MAR2014
Cebit - Opensource Forum 2015 kGraft – How ● Not really object code comparison ● DWARF ● Function lists ● New function per kernel module ● Jump address manipulation BUT ● Out of scope ● ??? ...See later
Cebit - Opensource Forum 2015 kGraft – Object Code Comparison ● 1-2 kernel compilation(s) ● With (and without) the patch ● Compiler flags – ­ffunction­sections – ­fdata­sections ● O/S tools ● objcopy ● nm ● readelf
Cebit - Opensource Forum 2015 kGraft – New Function to Kernel ● Requires intra-Kernel infrastructure ● kernel code change ● Plan ahead ● One module ● Function name changed
Cebit - Opensource Forum 2015 kGraft – Jump Address Challenge ● Ftrace ● Similar to kpatch ● INT3 instruction ● stop_machine() ● Reality check function + kernel thread flag ● schedule_on_each_cpu() ● kill/pkill
Cebit - Opensource Forum 2015 kGraft – Toolbox ● Not really existing ● Part of the kernel ● Sample code ● Helper scripts (earlier versions only) ● http://git.kernel.org/cgit/linux/kernel/git/ jirislaby/kgraft.git/ ● http://github.com/useidel/kgraft-tools
Cebit - Opensource Forum 2015 kGraft – Enterprise Version ● Announced at SUSECon 2014 ● 'SLES Live Patching' ● Subset of kGraft project ● Separate subscription ● One year life cycle per maintenance kernel ● http://www.suse.com/products/live-patching
Cebit - Opensource Forum 2015 Show!
Cebit - Opensource Forum 2015 Example ● uptime_proc_show ● Base: Linux kernel with enabled kGraft ● http://youtu.be/_IQ44jqJdIQ :-)
Cebit - Opensource Forum 2015 And?
Cebit - Opensource Forum 2015 Ongoing ● Patch stacking ● New/different functions ● Already patched functions ● Clean patch removal ● Combination with Tracers ● ftrace ● Systemtap ● LTTng
Cebit - Opensource Forum 2015 Kernel Live Patching ● Discussed ● @Kernel Summit AUG2014 ● @LinuxCon Europe OCT2014 ● Upstream ● Joined effort of SUSE & Red Hat ● Merged for 4.0 (aka 3.20 :-)) ● Outstanding ● Consistency model solution ● Integration in (Enterprise) Linux distributions
Cebit - Opensource Forum 2015 Sneak Preview ● uptime_proc_show … again ● Base: Linux kernel with KLP ● http://youtu.be/Tvfabm3m9hg :-)
Cebit - Opensource Forum 2015 Summary ● Both: advantages and disadvantages ● kpatch: more flexible and better tooling ● kGraft: potentially more powerful (?) ● Continued development ● Vanilla Kernel approach almost there ● Keep on watching
Cebit - Opensource Forum 2015 References ● http://www.ksplice.com ● http://rhelblog.redhat.com/2014/02/26/kpatch/ ● http://www.suse.com/communities/conversations/ kgraft-live-kernel-patching/ ● http://lkml.iu.edu/hypermail/ linux/kernel/1502.1/00753.html
Cebit - Opensource Forum 2015 Thank you!
Cebit - Opensource Forum 2015 Reboot adieu! Online Linux kernel patching Udo Seidel

Recommended

Osdc2012 xtfs.talk
Osdc2012 xtfs.talkOsdc2012 xtfs.talk
Osdc2012 xtfs.talkUdo Seidel
 
Ostd.ksplice.talk
Ostd.ksplice.talkOstd.ksplice.talk
Ostd.ksplice.talkUdo Seidel
 
adp.ceph.openstack.talk
adp.ceph.openstack.talkadp.ceph.openstack.talk
adp.ceph.openstack.talkUdo Seidel
 
Cephfsglusterfs.talk
Cephfsglusterfs.talkCephfsglusterfs.talk
Cephfsglusterfs.talkUdo Seidel
 
Linuxtag.ceph.talk
Linuxtag.ceph.talkLinuxtag.ceph.talk
Linuxtag.ceph.talkUdo Seidel
 
ceph openstack dream team
ceph openstack dream teamceph openstack dream team
ceph openstack dream teamUdo Seidel
 
GlusterFS Containers
GlusterFS ContainersGlusterFS Containers
GlusterFS ContainersMohamed Ashiq
 
HKG15-301: OVS implemented via ODP & vendor SDKs
HKG15-301: OVS implemented via ODP & vendor SDKsHKG15-301: OVS implemented via ODP & vendor SDKs
HKG15-301: OVS implemented via ODP & vendor SDKsLinaro
 

Recommended

Osdc2012 xtfs.talk
Osdc2012 xtfs.talkOsdc2012 xtfs.talk
Osdc2012 xtfs.talkUdo Seidel
 
Ostd.ksplice.talk
Ostd.ksplice.talkOstd.ksplice.talk
Ostd.ksplice.talkUdo Seidel
 
adp.ceph.openstack.talk
adp.ceph.openstack.talkadp.ceph.openstack.talk
adp.ceph.openstack.talkUdo Seidel
 
Cephfsglusterfs.talk
Cephfsglusterfs.talkCephfsglusterfs.talk
Cephfsglusterfs.talkUdo Seidel
 
Linuxtag.ceph.talk
Linuxtag.ceph.talkLinuxtag.ceph.talk
Linuxtag.ceph.talkUdo Seidel
 
ceph openstack dream team
ceph openstack dream teamceph openstack dream team
ceph openstack dream teamUdo Seidel
 
GlusterFS Containers
GlusterFS ContainersGlusterFS Containers
GlusterFS ContainersMohamed Ashiq
 
HKG15-301: OVS implemented via ODP & vendor SDKs
HKG15-301: OVS implemented via ODP & vendor SDKsHKG15-301: OVS implemented via ODP & vendor SDKs
HKG15-301: OVS implemented via ODP & vendor SDKsLinaro
 
Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Community
 
LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2Linaro
 
SFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateSFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateLinaro
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packetLinaro
 
BKK16-306 ART ii
BKK16-306 ART iiBKK16-306 ART ii
BKK16-306 ART iiLinaro
 
Scaling Docker Registry
Scaling Docker RegistryScaling Docker Registry
Scaling Docker RegistryMirantis IT Russia
 
Persistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSPersistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSHumble Chirammal
 
BKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateBKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateLinaro
 
Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Ceph Community
 
BKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationBKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationLinaro
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container imagesAkihiro Suda
 
HKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateHKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateLinaro
 
Kernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateKernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateAnne Nicolas
 
BKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopBKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopLinaro
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpiQNIB Solutions
 
A day in the life of a log message
A day in the life of a log messageA day in the life of a log message
A day in the life of a log messageJosef Karásek
 
Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Jeremy Eder
 
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?ArangoDB Database
 
Red Hat Container Development Kit
Red Hat Container Development KitRed Hat Container Development Kit
Red Hat Container Development KitLalatendu Mohanty
 
Notary - container signing
Notary - container signingNotary - container signing
Notary - container signingMoby Project
 
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...The Linux Foundation
 
Kernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelKernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelAnne Nicolas
 

More Related Content

What's hot

Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Community
 
LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2Linaro
 
SFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateSFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateLinaro
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packetLinaro
 
BKK16-306 ART ii
BKK16-306 ART iiBKK16-306 ART ii
BKK16-306 ART iiLinaro
 
Persistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSPersistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSHumble Chirammal
 
BKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateBKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateLinaro
 
Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Ceph Community
 
BKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationBKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationLinaro
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container imagesAkihiro Suda
 
HKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateHKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateLinaro
 
Kernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateKernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateAnne Nicolas
 
BKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopBKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopLinaro
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpiQNIB Solutions
 
A day in the life of a log message
A day in the life of a log messageA day in the life of a log message
A day in the life of a log messageJosef Karásek
 
Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Jeremy Eder
 
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?ArangoDB Database
 
Red Hat Container Development Kit
Red Hat Container Development KitRed Hat Container Development Kit
Red Hat Container Development KitLalatendu Mohanty
 
Notary - container signing
Notary - container signingNotary - container signing
Notary - container signingMoby Project
 

What's hot (20)

Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOcean
 
LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2
 
SFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateSFO15-102:ODP Project Update
SFO15-102:ODP Project Update
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packet
 
BKK16-306 ART ii
BKK16-306 ART iiBKK16-306 ART ii
BKK16-306 ART ii
 
Scaling Docker Registry
Scaling Docker RegistryScaling Docker Registry
Scaling Docker Registry
 
Persistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSPersistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFS
 
BKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateBKK16-106 ODP Project Update
BKK16-106 ODP Project Update
 
Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0
 
BKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationBKK16-411 Devicetree Specification
BKK16-411 Devicetree Specification
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images
 
HKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateHKG15-110: ODP Project Update
HKG15-110: ODP Project Update
 
Kernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateKernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status Update
 
BKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopBKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing Hadoop
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi
 
A day in the life of a log message
A day in the life of a log messageA day in the life of a log message
A day in the life of a log message
 
Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...
 
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
 
Red Hat Container Development Kit
Red Hat Container Development KitRed Hat Container Development Kit
Red Hat Container Development Kit
 
Notary - container signing
Notary - container signingNotary - container signing
Notary - container signing
 

Viewers also liked

XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...The Linux Foundation
 
Kernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelKernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelAnne Nicolas
 
Linux conna kpatch-without-stopmachine-fixed
Linux conna kpatch-without-stopmachine-fixedLinux conna kpatch-without-stopmachine-fixed
Linux conna kpatch-without-stopmachine-fixedTommy Lee
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Samsung Open Source Group
 
Devconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDKDevconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDKMaxime Coquelin
 
PaaS, выделенные сервера, облако и снова PaaS
PaaS, выделенные сервера, облако и снова PaaSPaaS, выделенные сервера, облако и снова PaaS
PaaS, выделенные сервера, облако и снова PaaSAlexey Vakhov
 
Coeffee Learning
Coeffee LearningCoeffee Learning
Coeffee Learningtrak15
 
Leadership course
Leadership courseLeadership course
Leadership courseHứa Duy
 
Somnath City Plots New Rates,7503367689
Somnath City Plots New Rates,7503367689Somnath City Plots New Rates,7503367689
Somnath City Plots New Rates,7503367689sahilkharkara
 
Formalpresentation2
Formalpresentation2Formalpresentation2
Formalpresentation2Laura Price
 
Como subir un video a un blogger
Como subir un video a un bloggerComo subir un video a un blogger
Como subir un video a un bloggerlovalty
 
Does (Affiliate Program) Size Matter?
Does (Affiliate Program) Size Matter?Does (Affiliate Program) Size Matter?
Does (Affiliate Program) Size Matter?Affiliate Summit
 
Dorkbot Flower Power!
Dorkbot Flower Power!Dorkbot Flower Power!
Dorkbot Flower Power!luisaph
 

Viewers also liked (17)

XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
 
Kernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelKernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
 
Linux conna kpatch-without-stopmachine-fixed
Linux conna kpatch-without-stopmachine-fixedLinux conna kpatch-without-stopmachine-fixed
Linux conna kpatch-without-stopmachine-fixed
 
virtio
virtiovirtio
virtio
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?
 
Devconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDKDevconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDK
 
PaaS, выделенные сервера, облако и снова PaaS
PaaS, выделенные сервера, облако и снова PaaSPaaS, выделенные сервера, облако и снова PaaS
PaaS, выделенные сервера, облако и снова PaaS
 
Coeffee Learning
Coeffee LearningCoeffee Learning
Coeffee Learning
 
Leadership course
Leadership courseLeadership course
Leadership course
 
Mireya alvado
Mireya alvadoMireya alvado
Mireya alvado
 
Somnath City Plots New Rates,7503367689
Somnath City Plots New Rates,7503367689Somnath City Plots New Rates,7503367689
Somnath City Plots New Rates,7503367689
 
Formalpresentation2
Formalpresentation2Formalpresentation2
Formalpresentation2
 
Como subir un video a un blogger
Como subir un video a un bloggerComo subir un video a un blogger
Como subir un video a un blogger
 
Does (Affiliate Program) Size Matter?
Does (Affiliate Program) Size Matter?Does (Affiliate Program) Size Matter?
Does (Affiliate Program) Size Matter?
 
Czech
CzechCzech
Czech
 
Dorkbot Flower Power!
Dorkbot Flower Power!Dorkbot Flower Power!
Dorkbot Flower Power!
 
4x4
4x44x4
4x4
 

Similar to kpatch.kgraft

LCU14 303- Toolchain Collaboration
LCU14 303- Toolchain CollaborationLCU14 303- Toolchain Collaboration
LCU14 303- Toolchain CollaborationLinaro
 
The State of CI/CD Tooling in 2019
The State of CI/CD Tooling in 2019The State of CI/CD Tooling in 2019
The State of CI/CD Tooling in 2019CloudOps2005
 
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...Anne Nicolas
 
BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr Linaro
 
Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Jay Bryant
 
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...chiportal
 
OpenDataPlane Testing in Travis
OpenDataPlane Testing in TravisOpenDataPlane Testing in Travis
OpenDataPlane Testing in TravisDmitry Baryshkov
 
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...Puppet
 
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...Linaro
 
LCE13: Test and Validation Summit: The future of testing at Linaro
LCE13: Test and Validation Summit: The future of testing at LinaroLCE13: Test and Validation Summit: The future of testing at Linaro
LCE13: Test and Validation Summit: The future of testing at LinaroLinaro
 
It's a Breeze to develop Apache Airflow (Apache Con Berlin)
It's a Breeze to develop Apache Airflow (Apache Con Berlin)It's a Breeze to develop Apache Airflow (Apache Con Berlin)
It's a Breeze to develop Apache Airflow (Apache Con Berlin)Jarek Potiuk
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopWeaveworks
 
Road to sbt 1.0 paved with server
Road to sbt 1.0 paved with serverRoad to sbt 1.0 paved with server
Road to sbt 1.0 paved with serverEugene Yokota
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
 
Scaling Apache Spark on Kubernetes at Lyft
Scaling Apache Spark on Kubernetes at LyftScaling Apache Spark on Kubernetes at Lyft
Scaling Apache Spark on Kubernetes at LyftDatabricks
 
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018Jay Bryant
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyJérémy Wimsingues
 
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017Jay Bryant
 

Similar to kpatch.kgraft (20)

LCU14 303- Toolchain Collaboration
LCU14 303- Toolchain CollaborationLCU14 303- Toolchain Collaboration
LCU14 303- Toolchain Collaboration
 
Nova Updates - Kilo Edition
Nova Updates - Kilo EditionNova Updates - Kilo Edition
Nova Updates - Kilo Edition
 
The State of CI/CD Tooling in 2019
The State of CI/CD Tooling in 2019The State of CI/CD Tooling in 2019
The State of CI/CD Tooling in 2019
 
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
 
BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr
 
Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
 
OpenDataPlane Testing in Travis
OpenDataPlane Testing in TravisOpenDataPlane Testing in Travis
OpenDataPlane Testing in Travis
 
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
 
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
 
LCE13: Test and Validation Summit: The future of testing at Linaro
LCE13: Test and Validation Summit: The future of testing at LinaroLCE13: Test and Validation Summit: The future of testing at Linaro
LCE13: Test and Validation Summit: The future of testing at Linaro
 
It's a Breeze to develop Apache Airflow (Apache Con Berlin)
It's a Breeze to develop Apache Airflow (Apache Con Berlin)It's a Breeze to develop Apache Airflow (Apache Con Berlin)
It's a Breeze to develop Apache Airflow (Apache Con Berlin)
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps Workshop
 
Road to sbt 1.0 paved with server
Road to sbt 1.0 paved with serverRoad to sbt 1.0 paved with server
Road to sbt 1.0 paved with server
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
 
Scaling Apache Spark on Kubernetes at Lyft
Scaling Apache Spark on Kubernetes at LyftScaling Apache Spark on Kubernetes at Lyft
Scaling Apache Spark on Kubernetes at Lyft
 
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success story
 
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
 

More from Udo Seidel

Gluster.community.day.2013
Gluster.community.day.2013Gluster.community.day.2013
Gluster.community.day.2013Udo Seidel
 
Lt2013 uefisb.talk
Lt2013 uefisb.talkLt2013 uefisb.talk
Lt2013 uefisb.talkUdo Seidel
 
Lt2013 glusterfs.talk
Lt2013 glusterfs.talkLt2013 glusterfs.talk
Lt2013 glusterfs.talkUdo Seidel
 
Linuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talkLinuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talkUdo Seidel
 
Osdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talkOsdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talkUdo Seidel
 
Linuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talkLinuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talkUdo Seidel
 

More from Udo Seidel (6)

Gluster.community.day.2013
Gluster.community.day.2013Gluster.community.day.2013
Gluster.community.day.2013
 
Lt2013 uefisb.talk
Lt2013 uefisb.talkLt2013 uefisb.talk
Lt2013 uefisb.talk
 
Lt2013 glusterfs.talk
Lt2013 glusterfs.talkLt2013 glusterfs.talk
Lt2013 glusterfs.talk
 
Linuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talkLinuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talk
 
Osdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talkOsdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talk
 
Linuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talkLinuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talk
 

Recently uploaded

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

Recently uploaded (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

kpatch.kgraft

  • 1. Reboot adieu! Online Linux kernel patching Udo Seidel
  • 2. Cebit - Opensource Forum 2015 Agenda ● Who & Why? ● How? ● Players & Show! ● And?
  • 3. Cebit - Opensource Forum 2015 Me :-) ● Teacher of mathematics and physics ● PhD in experimental physics ● Started with Linux in 1996 ● Linux/UNIX trainer ● Solution engineer in HPC and CAx environment ● Head of the Linux Strategy and Server Automation @Amadeus
  • 4. Cebit - Opensource Forum 2015 Why?
  • 5. Cebit - Opensource Forum 2015 Why kernel updates? ● Business critical applications on Linux ● Bug fixing ● New functions ● improvements ● External requirements ● Importance of security, e.g. PCI-DSS
  • 6. Cebit - Opensource Forum 2015 What is 'wrong' with reboots? ● Missing HA ● Procedures, Operations, ... ● External requirements
  • 7. Cebit - Opensource Forum 2015 Do we really need a reboot? Question ....
  • 8. Cebit - Opensource Forum 2015 Looking back and around ● Not new ● mainframes ● hot updates for Unix ● Early days of Linux ● Picked up by the 'dark side' ● Rootkits
  • 9. Cebit - Opensource Forum 2015 How?
  • 10. Cebit - Opensource Forum 2015 Source code comparison ● One approach for generation of hot updates ● Looks simple ... but ● High programming language skills needed ● Analysis complex ● Code replacement unclear
  • 11. Cebit - Opensource Forum 2015 Object code comparison ● Advantages ● Reduced need for developing skills ● Implicit patch analysis ● Can be automated ● Used already in that context ● Challenges ● Object code generation ● Code replacement
  • 12. Cebit - Opensource Forum 2015 Open questions ● Creation in general ● Detect and cover dependencies ● Activation ● Deactivation(?) ● Management
  • 13. Cebit - Opensource Forum 2015 Players!
  • 14. Cebit - Opensource Forum 2015 Ksplice arises ... ● 2008/2009 ● 4 students @ MIT – Thesis from Jeff Arnolds ● Ksplice Inc. founded – GPLv2 – Supported: Debian, Ubuntu, Fedora, CentOS, RHEL ● July 2011 ● Acquired by Oracle
  • 15. Cebit - Opensource Forum 2015 Ksplice – high level ● Patching original source code ● Generation of new object code ● Comparison of 'old' and new object code ● Load of the delta code ● Address redirection to activate new object code
  • 16. Cebit - Opensource Forum 2015 The newcomers ● Opensource ● SUSE ● Red Hat ● Partially Opensource ● CloudLinux
  • 17. Cebit - Opensource Forum 2015 Red Hat's kpatch
  • 18. Cebit - Opensource Forum 2015 kpatch – History ● Not picked up for a long time ● Big surprise in FEB2014 ● dynup-kpatch project on Github ● Quite advanced – Tools – Scripts – Documentation
  • 19. Cebit - Opensource Forum 2015 kpatch – How ● Object code comparison ● New function per kernel module ● Jump address manipulation BUT ● Out of scope ● Constantly used system calls ● virtual Dynamic Share Objects (vDSO) ● Change (of handling) of data allocation
  • 20. Cebit - Opensource Forum 2015 kpatch – Object Code Comparison ● 2 kernel compilations ● With & without patch ● Speedup by CCACHE ● Compiler flags – ­ffunction­sections – ­fdata­sections ● O/S tools ● objcopy ● readelf
  • 21. Cebit - Opensource Forum 2015 kpatch – New Function to Kernel ● No kernel code change needed ● Two modules ● Base/Core ● Patch ● Function name unchanged
  • 22. Cebit - Opensource Forum 2015 kpatch – Jump Address Challenge ● ftrace ● Function TRACEr ● mcount() ● kpatch-handler ● stop_machine() ● Under discussion ● See Masami Hiramatsu's fork
  • 23. Cebit - Opensource Forum 2015 kpatch – Toolbox ● 2 sets ● Builder ● Loader ● http://github.com/dynup/kpatch/
  • 24. Cebit - Opensource Forum 2015 SUSE's kGraft
  • 25. Cebit - Opensource Forum 2015 kGraft - History ● 'talks' since spring/summer 2012 ● Announcement at SUSECon 2012 ● Very quiet at SUSECon 2013 ● Surprising news in FEB2014 ● Source code not immediately available ● Presentation at Linux Collaboration Summit ● Git repository public since MAR2014
  • 26. Cebit - Opensource Forum 2015 kGraft – How ● Not really object code comparison ● DWARF ● Function lists ● New function per kernel module ● Jump address manipulation BUT ● Out of scope ● ??? ...See later
  • 27. Cebit - Opensource Forum 2015 kGraft – Object Code Comparison ● 1-2 kernel compilation(s) ● With (and without) the patch ● Compiler flags – ­ffunction­sections – ­fdata­sections ● O/S tools ● objcopy ● nm ● readelf
  • 28. Cebit - Opensource Forum 2015 kGraft – New Function to Kernel ● Requires intra-Kernel infrastructure ● kernel code change ● Plan ahead ● One module ● Function name changed
  • 29. Cebit - Opensource Forum 2015 kGraft – Jump Address Challenge ● Ftrace ● Similar to kpatch ● INT3 instruction ● stop_machine() ● Reality check function + kernel thread flag ● schedule_on_each_cpu() ● kill/pkill
  • 30. Cebit - Opensource Forum 2015 kGraft – Toolbox ● Not really existing ● Part of the kernel ● Sample code ● Helper scripts (earlier versions only) ● http://git.kernel.org/cgit/linux/kernel/git/ jirislaby/kgraft.git/ ● http://github.com/useidel/kgraft-tools
  • 31. Cebit - Opensource Forum 2015 kGraft – Enterprise Version ● Announced at SUSECon 2014 ● 'SLES Live Patching' ● Subset of kGraft project ● Separate subscription ● One year life cycle per maintenance kernel ● http://www.suse.com/products/live-patching
  • 32. Cebit - Opensource Forum 2015 Show!
  • 33. Cebit - Opensource Forum 2015 Example ● uptime_proc_show ● Base: Linux kernel with enabled kGraft ● http://youtu.be/_IQ44jqJdIQ :-)
  • 34. Cebit - Opensource Forum 2015 And?
  • 35. Cebit - Opensource Forum 2015 Ongoing ● Patch stacking ● New/different functions ● Already patched functions ● Clean patch removal ● Combination with Tracers ● ftrace ● Systemtap ● LTTng
  • 36. Cebit - Opensource Forum 2015 Kernel Live Patching ● Discussed ● @Kernel Summit AUG2014 ● @LinuxCon Europe OCT2014 ● Upstream ● Joined effort of SUSE & Red Hat ● Merged for 4.0 (aka 3.20 :-)) ● Outstanding ● Consistency model solution ● Integration in (Enterprise) Linux distributions
  • 37. Cebit - Opensource Forum 2015 Sneak Preview ● uptime_proc_show … again ● Base: Linux kernel with KLP ● http://youtu.be/Tvfabm3m9hg :-)
  • 38. Cebit - Opensource Forum 2015 Summary ● Both: advantages and disadvantages ● kpatch: more flexible and better tooling ● kGraft: potentially more powerful (?) ● Continued development ● Vanilla Kernel approach almost there ● Keep on watching
  • 39. Cebit - Opensource Forum 2015 References ● http://www.ksplice.com ● http://rhelblog.redhat.com/2014/02/26/kpatch/ ● http://www.suse.com/communities/conversations/ kgraft-live-kernel-patching/ ● http://lkml.iu.edu/hypermail/ linux/kernel/1502.1/00753.html
  • 40. Cebit - Opensource Forum 2015 Thank you!
  • 41. Cebit - Opensource Forum 2015 Reboot adieu! Online Linux kernel patching Udo Seidel