SlideShare uma empresa Scribd logo

Ksplice: Linux Kernel Patching Without Reboot

Transferir como ODP, PDF
Udo Seidel
Udo Seidel

This document discusses Ksplice, a technology that allows patching of the Linux kernel without requiring a reboot. Ksplice works by comparing the old and new object code of the kernel, generating a delta patch, and using address redirection to load the new code without interrupting running processes. It was developed at MIT and later acquired by Oracle. While promising for high availability systems, questions remain around its licensing and whether it infringes any patents.

Tecnologia
1 de 33
OpenSource Trends Days 2012 Ksplice Linux kernel patching without a reboot Udo Seidel
OpenSource Trends Days 2012 Agenda ● Who? ● Why? ● How? ● Show! ● And?
OpenSource Trends Days 2012 Me :-) ● Teacher of mathematics and physics ● PhD in experimental physics ● Started with Linux in 1996 ● Linux/UNIX trainer ● Solution engineer in HPC and CAx environment ● Head of a international distributed sysadmin team
OpenSource Trends Days 2012 Why?
OpenSource Trends Days 2012 Why kernel updates? ● Business critical applications on Linux ● Bug fixing ● New functions or improvements ● External requirements ● Importance of security, e.g. PCI-DSS
OpenSource Trends Days 2012 What is 'wrong' with reboots? ● Missing HA ● Procedures, Operations, ... ● External requirements
OpenSource Trends Days 2012 Do we really need a reboot? Question ....
OpenSource Trends Days 2012 Looking back and around ● Not new ● mainframes ● hot updates for Unix ● Early days of Linux ● Picked up 'recently' ● Rootkits
OpenSource Trends Days 2012 How? Hotfix preparation
OpenSource Trends Days 2012 Source code comparison ● One approach for generation of hot updates ● Looks simple ... but ● High programming language skills needed ● Analysis complex ● Code replacement unclear
OpenSource Trends Days 2012 Object code comparison ● New approach for generation of hot updates ● Advantages ● Reduced need for developing skills ● Implicit patch analysis ● Can be automated ● Challenges ● Object code generation ● Code replacement
OpenSource Trends Days 2012 Ksplice arises ... ● 2008/2009 ● 4 students @ MIT – Thesis from Jeff Arnolds ● Ksplice Inc. founded – GPLv2 – Supported: Debian, Ubuntu, Fedora, CentOS, RHEL ● July 2011 ● Acquired by Oracle
OpenSource Trends Days 2012 Ksplice – high level ● Patching original source code ● Generation of new object code ● Comparison of 'old' and new object code ● Load of the delta code ● Address redirection to activate new object code
OpenSource Trends Days 2012 Ksplice – how it works part I
OpenSource Trends Days 2012 Ksplice – some first details ● Creation of dedicated sections for functions and structures of source code ● Identical compiler recommended ● Unnecessary replacement code possible ● Memory addresses?
OpenSource Trends Days 2012 Address determination – first trial ● Symbol to address translation ● Known from core dump analysis ● /boot/System.map ● Does not work here :-(
OpenSource Trends Days 2012 Address determination by Ksplice ● Pair up object code on disk (PRE) with object code in memory (RUN) ● Filter of 'wrong' symbols ● Analysis of unknown address in PRE objects via RUN objects
OpenSource Trends Days 2012 Address determination by Ksplice
OpenSource Trends Days 2012 Ksplice - more details ● Cancel if unexpected event during PRE-RUN comparison ● PRE-RUN comparison => kernel module
OpenSource Trends Days 2012 Ksplice – how it works part I
OpenSource Trends Days 2012 Ksplice – how it works part II
OpenSource Trends Days 2012 Last step ● Tell the kernel to use the new object code ● Kernel module ksplice.ko ● Load the new object code ● Kernel module ksplice­new.ko
OpenSource Trends Days 2012 What else ● Limitations ● Scalability ● Patch context ● Patch size ● Unclear ● Patent violation? ● license
OpenSource Trends Days 2012 How? Hotfix application
OpenSource Trends Days 2012 Client side ● Download via Ksplice client ● Modification of depmod and modprobe ● Update of initial ram disk ● Automation via SysV init scripts
OpenSource Trends Days 2012 Client commands Command description uptrack­install Install available patch(es) uptrack­remove Remove installed patch(es) uptrack­show Status of installed and/or available patches uptrack­uname Effective/patched kernel version uptrack­upgrade Install all availabe patches
OpenSource Trends Days 2012 Show!
OpenSource Trends Days 2012 Example ● CVE-2012-0207 ● Kernel 2.6.36 ● Bug in IGMP code ● Simple source code fix    diff ­­git a/net/ipv4/igmp.c b/net/ipv4/igmp.c ...    @@ ­875,6 +875,8 @@ static void igmp_heard_query ...    ...         max_delay = IGMPV3_MRC(ih3>code)*...    +    if (!max_delay)    + max_delay = 1; /* can't mod w/ 0 */      } else { /* v3 */
OpenSource Trends Days 2012 And?
OpenSource Trends Days 2012 Summary ● Promising technology ● Available for selected Linux distributions only ● Open questions on license/patent
OpenSource Trends Days 2012 References ● http://www.ksplice.com ● http://kerneltrap.org/mail-archive/linux- kernel/2008/4/23/1570474 ● http://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2012-0207
OpenSource Trends Days 2012 Thank you!
OpenSource Trends Days 2012 Ksplice Linux kernel patching without a reboot Udo Seidel

Recomendados

adp.ceph.openstack.talk
adp.ceph.openstack.talkadp.ceph.openstack.talk
adp.ceph.openstack.talkUdo Seidel
 
Osdc2012 xtfs.talk
Osdc2012 xtfs.talkOsdc2012 xtfs.talk
Osdc2012 xtfs.talkUdo Seidel
 
Cephfsglusterfs.talk
Cephfsglusterfs.talkCephfsglusterfs.talk
Cephfsglusterfs.talkUdo Seidel
 
kpatch.kgraft
kpatch.kgraftkpatch.kgraft
kpatch.kgraftUdo Seidel
 
Linuxtag.ceph.talk
Linuxtag.ceph.talkLinuxtag.ceph.talk
Linuxtag.ceph.talkUdo Seidel
 
2019.06.27 Intro to Ceph
2019.06.27 Intro to Ceph2019.06.27 Intro to Ceph
2019.06.27 Intro to CephCeph Community
 
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelOSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelNETWAYS
 
GlusterFS Containers
GlusterFS ContainersGlusterFS Containers
GlusterFS ContainersMohamed Ashiq
 

Recomendados

adp.ceph.openstack.talk
adp.ceph.openstack.talkadp.ceph.openstack.talk
adp.ceph.openstack.talkUdo Seidel
 
Osdc2012 xtfs.talk
Osdc2012 xtfs.talkOsdc2012 xtfs.talk
Osdc2012 xtfs.talkUdo Seidel
 
Cephfsglusterfs.talk
Cephfsglusterfs.talkCephfsglusterfs.talk
Cephfsglusterfs.talkUdo Seidel
 
kpatch.kgraft
kpatch.kgraftkpatch.kgraft
kpatch.kgraftUdo Seidel
 
Linuxtag.ceph.talk
Linuxtag.ceph.talkLinuxtag.ceph.talk
Linuxtag.ceph.talkUdo Seidel
 
2019.06.27 Intro to Ceph
2019.06.27 Intro to Ceph2019.06.27 Intro to Ceph
2019.06.27 Intro to CephCeph Community
 
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelOSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo Seidel
OSDC 2013 | Distributed Storage with GlusterFS by Dr. Udo SeidelNETWAYS
 
GlusterFS Containers
GlusterFS ContainersGlusterFS Containers
GlusterFS ContainersMohamed Ashiq
 
Gluster fs architecture_&_roadmap_atin_punemeetup_2015
Gluster fs architecture_&_roadmap_atin_punemeetup_2015Gluster fs architecture_&_roadmap_atin_punemeetup_2015
Gluster fs architecture_&_roadmap_atin_punemeetup_2015Atin Mukherjee
 
Lisa 2015-gluster fs-introduction
Lisa 2015-gluster fs-introductionLisa 2015-gluster fs-introduction
Lisa 2015-gluster fs-introductionGluster.org
 
Sdc 2012-challenges
Sdc 2012-challengesSdc 2012-challenges
Sdc 2012-challengesGluster.org
 
20160401 Gluster-roadmap
20160401 Gluster-roadmap20160401 Gluster-roadmap
20160401 Gluster-roadmapGluster.org
 
Cncf meetup-rook
Cncf meetup-rookCncf meetup-rook
Cncf meetup-rookJuraj Hantak
 
Cncf meetup-rook
Cncf meetup-rookCncf meetup-rook
Cncf meetup-rookJuraj Hantak
 
Gluster intro-tdose
Gluster intro-tdoseGluster intro-tdose
Gluster intro-tdoseGluster.org
 
Tiering barcelona
Tiering barcelonaTiering barcelona
Tiering barcelonaGluster.org
 
20160401 guster-roadmap
20160401 guster-roadmap20160401 guster-roadmap
20160401 guster-roadmapGluster.org
 
Block Storage For VMs With Ceph
Block Storage For VMs With CephBlock Storage For VMs With Ceph
Block Storage For VMs With CephThe Linux Foundation
 
Red Hat Gluster Storage : GlusterFS
Red Hat Gluster Storage : GlusterFSRed Hat Gluster Storage : GlusterFS
Red Hat Gluster Storage : GlusterFSbipin kunal
 
Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Ceph Community
 
Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Community
 
GlusterD - Daemon refactoring
GlusterD - Daemon refactoringGlusterD - Daemon refactoring
GlusterD - Daemon refactoringAtin Mukherjee
 
The Future of GlusterFS and Gluster.org
The Future of GlusterFS and Gluster.orgThe Future of GlusterFS and Gluster.org
The Future of GlusterFS and Gluster.orgJohn Mark Walker
 
Gdeploy 2.0
Gdeploy 2.0Gdeploy 2.0
Gdeploy 2.0Sachidananda Urs
 
Gluster d thread_synchronization_using_urcu_lca2016
Gluster d thread_synchronization_using_urcu_lca2016Gluster d thread_synchronization_using_urcu_lca2016
Gluster d thread_synchronization_using_urcu_lca2016Gluster.org
 
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...Gluster.org
 
Gluster intro-tdose
Gluster intro-tdoseGluster intro-tdose
Gluster intro-tdoseGluster.org
 
Gluster d2
Gluster d2Gluster d2
Gluster d2Gluster.org
 
Scalable Clusters On Demand
Scalable Clusters On DemandScalable Clusters On Demand
Scalable Clusters On DemandBogdan Kyryliuk
 
OSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of Container
OSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of ContainerOSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of Container
OSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of ContainerNETWAYS
 

Mais conteúdo relacionado

Mais procurados

Gluster fs architecture_&_roadmap_atin_punemeetup_2015
Gluster fs architecture_&_roadmap_atin_punemeetup_2015Gluster fs architecture_&_roadmap_atin_punemeetup_2015
Gluster fs architecture_&_roadmap_atin_punemeetup_2015Atin Mukherjee
 
Lisa 2015-gluster fs-introduction
Lisa 2015-gluster fs-introductionLisa 2015-gluster fs-introduction
Lisa 2015-gluster fs-introductionGluster.org
 
Sdc 2012-challenges
Sdc 2012-challengesSdc 2012-challenges
Sdc 2012-challengesGluster.org
 
20160401 Gluster-roadmap
20160401 Gluster-roadmap20160401 Gluster-roadmap
20160401 Gluster-roadmapGluster.org
 
Gluster intro-tdose
Gluster intro-tdoseGluster intro-tdose
Gluster intro-tdoseGluster.org
 
Tiering barcelona
Tiering barcelonaTiering barcelona
Tiering barcelonaGluster.org
 
20160401 guster-roadmap
20160401 guster-roadmap20160401 guster-roadmap
20160401 guster-roadmapGluster.org
 
Red Hat Gluster Storage : GlusterFS
Red Hat Gluster Storage : GlusterFSRed Hat Gluster Storage : GlusterFS
Red Hat Gluster Storage : GlusterFSbipin kunal
 
Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Ceph Community
 
Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Community
 
GlusterD - Daemon refactoring
GlusterD - Daemon refactoringGlusterD - Daemon refactoring
GlusterD - Daemon refactoringAtin Mukherjee
 
The Future of GlusterFS and Gluster.org
The Future of GlusterFS and Gluster.orgThe Future of GlusterFS and Gluster.org
The Future of GlusterFS and Gluster.orgJohn Mark Walker
 
Gluster d thread_synchronization_using_urcu_lca2016
Gluster d thread_synchronization_using_urcu_lca2016Gluster d thread_synchronization_using_urcu_lca2016
Gluster d thread_synchronization_using_urcu_lca2016Gluster.org
 
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...Gluster.org
 
Gluster intro-tdose
Gluster intro-tdoseGluster intro-tdose
Gluster intro-tdoseGluster.org
 

Mais procurados (20)

Gluster fs architecture_&_roadmap_atin_punemeetup_2015
Gluster fs architecture_&_roadmap_atin_punemeetup_2015Gluster fs architecture_&_roadmap_atin_punemeetup_2015
Gluster fs architecture_&_roadmap_atin_punemeetup_2015
 
Lisa 2015-gluster fs-introduction
Lisa 2015-gluster fs-introductionLisa 2015-gluster fs-introduction
Lisa 2015-gluster fs-introduction
 
Sdc 2012-challenges
Sdc 2012-challengesSdc 2012-challenges
Sdc 2012-challenges
 
20160401 Gluster-roadmap
20160401 Gluster-roadmap20160401 Gluster-roadmap
20160401 Gluster-roadmap
 
Cncf meetup-rook
Cncf meetup-rookCncf meetup-rook
Cncf meetup-rook
 
Cncf meetup-rook
Cncf meetup-rookCncf meetup-rook
Cncf meetup-rook
 
Gluster intro-tdose
Gluster intro-tdoseGluster intro-tdose
Gluster intro-tdose
 
Tiering barcelona
Tiering barcelonaTiering barcelona
Tiering barcelona
 
20160401 guster-roadmap
20160401 guster-roadmap20160401 guster-roadmap
20160401 guster-roadmap
 
Block Storage For VMs With Ceph
Block Storage For VMs With CephBlock Storage For VMs With Ceph
Block Storage For VMs With Ceph
 
Red Hat Gluster Storage : GlusterFS
Red Hat Gluster Storage : GlusterFSRed Hat Gluster Storage : GlusterFS
Red Hat Gluster Storage : GlusterFS
 
Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0
 
Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOcean
 
GlusterD - Daemon refactoring
GlusterD - Daemon refactoringGlusterD - Daemon refactoring
GlusterD - Daemon refactoring
 
The Future of GlusterFS and Gluster.org
The Future of GlusterFS and Gluster.orgThe Future of GlusterFS and Gluster.org
The Future of GlusterFS and Gluster.org
 
Gdeploy 2.0
Gdeploy 2.0Gdeploy 2.0
Gdeploy 2.0
 
Gluster d thread_synchronization_using_urcu_lca2016
Gluster d thread_synchronization_using_urcu_lca2016Gluster d thread_synchronization_using_urcu_lca2016
Gluster d thread_synchronization_using_urcu_lca2016
 
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...
 
Gluster intro-tdose
Gluster intro-tdoseGluster intro-tdose
Gluster intro-tdose
 
Gluster d2
Gluster d2Gluster d2
Gluster d2
 

Semelhante a Ksplice: Linux Kernel Patching Without Reboot

Scalable Clusters On Demand
Scalable Clusters On DemandScalable Clusters On Demand
Scalable Clusters On DemandBogdan Kyryliuk
 
OSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of Container
OSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of ContainerOSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of Container
OSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of ContainerNETWAYS
 
OSDC 2017 | VMware's (Open Source) way of Container by Dr. Udo Seidel
OSDC 2017 | VMware's (Open Source) way of Container by Dr. Udo SeidelOSDC 2017 | VMware's (Open Source) way of Container by Dr. Udo Seidel
OSDC 2017 | VMware's (Open Source) way of Container by Dr. Udo SeidelNETWAYS
 
Критика "библиотечного" подхода в разработке под Android. UA Mobile 2016.
Критика "библиотечного" подхода в разработке под Android. UA Mobile 2016.Критика "библиотечного" подхода в разработке под Android. UA Mobile 2016.
Критика "библиотечного" подхода в разработке под Android. UA Mobile 2016.UA Mobile
 
Snowflake Automated Deployments / CI/CD Pipelines
Snowflake Automated Deployments / CI/CD PipelinesSnowflake Automated Deployments / CI/CD Pipelines
Snowflake Automated Deployments / CI/CD PipelinesDrew Hansen
 
Android Study Jam
Android Study Jam Android Study Jam
Android Study Jam DSCMESCOE
 
JUC Paris 2012 — Jenkins @ Nuxeo
JUC Paris 2012 — Jenkins @ NuxeoJUC Paris 2012 — Jenkins @ Nuxeo
JUC Paris 2012 — Jenkins @ NuxeoJulien Carsique
 
OSDC 2015: Dr. Udo Seidel | Developing Applications for the New Cloud Operati...
OSDC 2015: Dr. Udo Seidel | Developing Applications for the New Cloud Operati...OSDC 2015: Dr. Udo Seidel | Developing Applications for the New Cloud Operati...
OSDC 2015: Dr. Udo Seidel | Developing Applications for the New Cloud Operati...NETWAYS
 
Spring shell for everyone
Spring shell for everyoneSpring shell for everyone
Spring shell for everyoneIhor Banadiga
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAPLDAPCon
 
Continuous integration is not a solved problem
Continuous integration is not a solved problemContinuous integration is not a solved problem
Continuous integration is not a solved problemKristian Van Der Vliet
 
Best Angular JS training in Hyderabad, India
Best Angular JS training in Hyderabad, IndiaBest Angular JS training in Hyderabad, India
Best Angular JS training in Hyderabad, IndiaN Benchmark IT Solutions
 
Instant developer onboarding with self contained repositories
Instant developer onboarding with self contained repositoriesInstant developer onboarding with self contained repositories
Instant developer onboarding with self contained repositoriesYshay Yaacobi
 
The Professional Programmer
The Professional ProgrammerThe Professional Programmer
The Professional ProgrammerDave Cross
 
LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2Linaro
 
DocDoku: Using web technologies in a desktop application. OW2con'15, November...
DocDoku: Using web technologies in a desktop application. OW2con'15, November...DocDoku: Using web technologies in a desktop application. OW2con'15, November...
DocDoku: Using web technologies in a desktop application. OW2con'15, November...OW2
 
DocDokuPLM presentation - OW2Con 2015 Community Award winner
DocDokuPLM presentation - OW2Con 2015 Community Award winnerDocDokuPLM presentation - OW2Con 2015 Community Award winner
DocDokuPLM presentation - OW2Con 2015 Community Award winnerDocDoku
 
Ceph: A decade in the making and still going strong
Ceph: A decade in the making and still going strongCeph: A decade in the making and still going strong
Ceph: A decade in the making and still going strongPatrick McGarry
 
2.3 (Architecture) Moving to Managed Code
2.3 (Architecture) Moving to Managed Code2.3 (Architecture) Moving to Managed Code
2.3 (Architecture) Moving to Managed CodeMicro Focus
 

Semelhante a Ksplice: Linux Kernel Patching Without Reboot (20)

Scalable Clusters On Demand
Scalable Clusters On DemandScalable Clusters On Demand
Scalable Clusters On Demand
 
OSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of Container
OSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of ContainerOSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of Container
OSDC 2017 - Dr. Udo Seidel - VMwares (open source) Way of Container
 
OSDC 2017 | VMware's (Open Source) way of Container by Dr. Udo Seidel
OSDC 2017 | VMware's (Open Source) way of Container by Dr. Udo SeidelOSDC 2017 | VMware's (Open Source) way of Container by Dr. Udo Seidel
OSDC 2017 | VMware's (Open Source) way of Container by Dr. Udo Seidel
 
Критика "библиотечного" подхода в разработке под Android. UA Mobile 2016.
Критика "библиотечного" подхода в разработке под Android. UA Mobile 2016.Критика "библиотечного" подхода в разработке под Android. UA Mobile 2016.
Критика "библиотечного" подхода в разработке под Android. UA Mobile 2016.
 
Snowflake Automated Deployments / CI/CD Pipelines
Snowflake Automated Deployments / CI/CD PipelinesSnowflake Automated Deployments / CI/CD Pipelines
Snowflake Automated Deployments / CI/CD Pipelines
 
Android Study Jam
Android Study Jam Android Study Jam
Android Study Jam
 
JUC Paris 2012 — Jenkins @ Nuxeo
JUC Paris 2012 — Jenkins @ NuxeoJUC Paris 2012 — Jenkins @ Nuxeo
JUC Paris 2012 — Jenkins @ Nuxeo
 
OSDC 2015: Dr. Udo Seidel | Developing Applications for the New Cloud Operati...
OSDC 2015: Dr. Udo Seidel | Developing Applications for the New Cloud Operati...OSDC 2015: Dr. Udo Seidel | Developing Applications for the New Cloud Operati...
OSDC 2015: Dr. Udo Seidel | Developing Applications for the New Cloud Operati...
 
Spring shell for everyone
Spring shell for everyoneSpring shell for everyone
Spring shell for everyone
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAP
 
Continuous integration is not a solved problem
Continuous integration is not a solved problemContinuous integration is not a solved problem
Continuous integration is not a solved problem
 
Best Angular JS training in Hyderabad, India
Best Angular JS training in Hyderabad, IndiaBest Angular JS training in Hyderabad, India
Best Angular JS training in Hyderabad, India
 
Instant developer onboarding with self contained repositories
Instant developer onboarding with self contained repositoriesInstant developer onboarding with self contained repositories
Instant developer onboarding with self contained repositories
 
The Professional Programmer
The Professional ProgrammerThe Professional Programmer
The Professional Programmer
 
LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2
 
DocDoku: Using web technologies in a desktop application. OW2con'15, November...
DocDoku: Using web technologies in a desktop application. OW2con'15, November...DocDoku: Using web technologies in a desktop application. OW2con'15, November...
DocDoku: Using web technologies in a desktop application. OW2con'15, November...
 
DocDokuPLM presentation - OW2Con 2015 Community Award winner
DocDokuPLM presentation - OW2Con 2015 Community Award winnerDocDokuPLM presentation - OW2Con 2015 Community Award winner
DocDokuPLM presentation - OW2Con 2015 Community Award winner
 
Software maintenance PyConPL 2016
Software maintenance PyConPL 2016Software maintenance PyConPL 2016
Software maintenance PyConPL 2016
 
Ceph: A decade in the making and still going strong
Ceph: A decade in the making and still going strongCeph: A decade in the making and still going strong
Ceph: A decade in the making and still going strong
 
2.3 (Architecture) Moving to Managed Code
2.3 (Architecture) Moving to Managed Code2.3 (Architecture) Moving to Managed Code
2.3 (Architecture) Moving to Managed Code
 

Mais de Udo Seidel

ceph openstack dream team
ceph openstack dream teamceph openstack dream team
ceph openstack dream teamUdo Seidel
 
Gluster.community.day.2013
Gluster.community.day.2013Gluster.community.day.2013
Gluster.community.day.2013Udo Seidel
 
Lt2013 uefisb.talk
Lt2013 uefisb.talkLt2013 uefisb.talk
Lt2013 uefisb.talkUdo Seidel
 
Lt2013 glusterfs.talk
Lt2013 glusterfs.talkLt2013 glusterfs.talk
Lt2013 glusterfs.talkUdo Seidel
 
Linuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talkLinuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talkUdo Seidel
 
Osdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talkOsdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talkUdo Seidel
 
Linuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talkLinuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talkUdo Seidel
 

Mais de Udo Seidel (7)

ceph openstack dream team
ceph openstack dream teamceph openstack dream team
ceph openstack dream team
 
Gluster.community.day.2013
Gluster.community.day.2013Gluster.community.day.2013
Gluster.community.day.2013
 
Lt2013 uefisb.talk
Lt2013 uefisb.talkLt2013 uefisb.talk
Lt2013 uefisb.talk
 
Lt2013 glusterfs.talk
Lt2013 glusterfs.talkLt2013 glusterfs.talk
Lt2013 glusterfs.talk
 
Linuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talkLinuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talk
 
Osdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talkOsdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talk
 
Linuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talkLinuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talk
 

Último

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 

Último (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 

Ksplice: Linux Kernel Patching Without Reboot

  • 1. OpenSource Trends Days 2012 Ksplice Linux kernel patching without a reboot Udo Seidel
  • 2. OpenSource Trends Days 2012 Agenda ● Who? ● Why? ● How? ● Show! ● And?
  • 3. OpenSource Trends Days 2012 Me :-) ● Teacher of mathematics and physics ● PhD in experimental physics ● Started with Linux in 1996 ● Linux/UNIX trainer ● Solution engineer in HPC and CAx environment ● Head of a international distributed sysadmin team
  • 5. OpenSource Trends Days 2012 Why kernel updates? ● Business critical applications on Linux ● Bug fixing ● New functions or improvements ● External requirements ● Importance of security, e.g. PCI-DSS
  • 6. OpenSource Trends Days 2012 What is 'wrong' with reboots? ● Missing HA ● Procedures, Operations, ... ● External requirements
  • 7. OpenSource Trends Days 2012 Do we really need a reboot? Question ....
  • 8. OpenSource Trends Days 2012 Looking back and around ● Not new ● mainframes ● hot updates for Unix ● Early days of Linux ● Picked up 'recently' ● Rootkits
  • 9. OpenSource Trends Days 2012 How? Hotfix preparation
  • 10. OpenSource Trends Days 2012 Source code comparison ● One approach for generation of hot updates ● Looks simple ... but ● High programming language skills needed ● Analysis complex ● Code replacement unclear
  • 11. OpenSource Trends Days 2012 Object code comparison ● New approach for generation of hot updates ● Advantages ● Reduced need for developing skills ● Implicit patch analysis ● Can be automated ● Challenges ● Object code generation ● Code replacement
  • 12. OpenSource Trends Days 2012 Ksplice arises ... ● 2008/2009 ● 4 students @ MIT – Thesis from Jeff Arnolds ● Ksplice Inc. founded – GPLv2 – Supported: Debian, Ubuntu, Fedora, CentOS, RHEL ● July 2011 ● Acquired by Oracle
  • 13. OpenSource Trends Days 2012 Ksplice – high level ● Patching original source code ● Generation of new object code ● Comparison of 'old' and new object code ● Load of the delta code ● Address redirection to activate new object code
  • 14. OpenSource Trends Days 2012 Ksplice – how it works part I
  • 15. OpenSource Trends Days 2012 Ksplice – some first details ● Creation of dedicated sections for functions and structures of source code ● Identical compiler recommended ● Unnecessary replacement code possible ● Memory addresses?
  • 16. OpenSource Trends Days 2012 Address determination – first trial ● Symbol to address translation ● Known from core dump analysis ● /boot/System.map ● Does not work here :-(
  • 17. OpenSource Trends Days 2012 Address determination by Ksplice ● Pair up object code on disk (PRE) with object code in memory (RUN) ● Filter of 'wrong' symbols ● Analysis of unknown address in PRE objects via RUN objects
  • 18. OpenSource Trends Days 2012 Address determination by Ksplice
  • 19. OpenSource Trends Days 2012 Ksplice - more details ● Cancel if unexpected event during PRE-RUN comparison ● PRE-RUN comparison => kernel module
  • 20. OpenSource Trends Days 2012 Ksplice – how it works part I
  • 21. OpenSource Trends Days 2012 Ksplice – how it works part II
  • 22. OpenSource Trends Days 2012 Last step ● Tell the kernel to use the new object code ● Kernel module ksplice.ko ● Load the new object code ● Kernel module ksplice­new.ko
  • 23. OpenSource Trends Days 2012 What else ● Limitations ● Scalability ● Patch context ● Patch size ● Unclear ● Patent violation? ● license
  • 24. OpenSource Trends Days 2012 How? Hotfix application
  • 25. OpenSource Trends Days 2012 Client side ● Download via Ksplice client ● Modification of depmod and modprobe ● Update of initial ram disk ● Automation via SysV init scripts
  • 26. OpenSource Trends Days 2012 Client commands Command description uptrack­install Install available patch(es) uptrack­remove Remove installed patch(es) uptrack­show Status of installed and/or available patches uptrack­uname Effective/patched kernel version uptrack­upgrade Install all availabe patches
  • 28. OpenSource Trends Days 2012 Example ● CVE-2012-0207 ● Kernel 2.6.36 ● Bug in IGMP code ● Simple source code fix    diff ­­git a/net/ipv4/igmp.c b/net/ipv4/igmp.c ...    @@ ­875,6 +875,8 @@ static void igmp_heard_query ...    ...         max_delay = IGMPV3_MRC(ih3>code)*...    +    if (!max_delay)    + max_delay = 1; /* can't mod w/ 0 */      } else { /* v3 */
  • 30. OpenSource Trends Days 2012 Summary ● Promising technology ● Available for selected Linux distributions only ● Open questions on license/patent
  • 31. OpenSource Trends Days 2012 References ● http://www.ksplice.com ● http://kerneltrap.org/mail-archive/linux- kernel/2008/4/23/1570474 ● http://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2012-0207
  • 32. OpenSource Trends Days 2012 Thank you!
  • 33. OpenSource Trends Days 2012 Ksplice Linux kernel patching without a reboot Udo Seidel