[Review]: What’s kernel Live Patching?
Dynamic Software Updating (DSU)
Dynamic Software Updating (DSU) is a field of research pertaining to upgrading programs while they are running. DSU is not currently widely used in industry. However, researchers have developed a wide variety of systems and techniques for implementing DSU. These systems are commonly tested on real-world programs.
Current operating systems and programming languages are typically not designed with DSU in mind. As such, DSU implementations commonly either utilize existing tools, or implement specialty compilers. These compilers preserve the semantics of the original program, but instrument either the source code or object code to produce a dynamically update-able program. Researchers compare DSU-capable variants of programs to the original program to assess safety and performance overhead.
Hot swapping can also refer to the ability to alter the running code of a program without needing to interrupt its execution. Interactive programming is a programming paradigm that makes extensive use of hot swapping, so the programming activity becomes part of the program flow itself.
Only a few programming languages support hot swapping natively, including Pike, Lisp, Erlang, Smalltalk, Visual Basic 6 (Not VB.net), Java and most recently Elm and Elixir. Microsoft Visual Studio supports a kind of hot swapping called Edit and Continue, which is supported by C#, VB.NET and C/C++ when running under a debugger.
Hot swapping is the central method in live coding, where programming is integral part of the run-time process. In general, all programming languages used in live coding, such as SuperCollider, TidalCycles, or Extempore support hot swapping.
Some web-based frameworks, such as Django, support detecting module changes and reloading them on the fly. However, although the same as hotswapping for most intents and purposes, this is technically just a cache purge, triggered by a new file. This does not apply to markup and programming languages such as HTML and PHP respectively, in the general case, as these file are normally re-interpreted on each use by default. There are a few CMSs and other PHP-based frameworks (such as Drupal) that employ caching, however. In these cases, similar abilities and exceptions apply.
Hot swapping also facilitates developing systems where large amounts of data are being processed, as in entire genomes in bioinformatics algorithms.
Linux Kernel Live Patching via DSU
Maintaining Kernel and fixing bugs without reboot ad down time is very important for critical services such as “Road Traffic Control” and other critical and real-time services. There is provided some solutions to patching an loading new kernel without reboot and down-time.
- Kexec: Abbreviated from kernel execution and analogous to the Unix/Linux kernel call exec, is a mechanism of the Linux kernel that allows booting of a new kernel from the currently running one. Essentially, kexec skips the bootloader stage and hardware initialization phase performed by the system firmware (BIOS or UEFI), and directly loads the new kernel into main memory and starts executing it immediately. This avoids the long times associated with a full reboot, and can help systems to meet high-availability requirements by minimizing downtime.While feasible, implementing a mechanism such as kexec raises two major challenges:
- Memory of the currently running kernel is overwritten by the new kernel, while the old one is still executing.
- The new kernel will usually expect all hardware devices to be in a well defined state, in which they are after a system reboot because the system firmware resets them to a “sane” state. Bypassing a real reboot may leave devices in an unknown state, and the new kernel will have to recover from that.
Support for allowing only signed kernels to be booted through kexec was merged into version 3.17 of the Linux kernel mainline, which was released on October 5, 2014. This disallows a root user to load arbitrary code via kexec and execute it, complementing the UEFI secure boot and in-kernel security mechanisms for ensuring that only signed Linux kernel modules can be inserted into the running kernel.
- KernelCare: is a live kernel patching service that provides security patches and bug fixes for a range of popular Linux kernels that can be installed without rebooting the system.KernelCare software is released under GPL2. The first beta was introduced in March 2014 and it was commercially launched in May 2014. KernelCare supports CentOS/RHEL 5.x, 6.x and 7.x; CloudLinux 5.x, 6.x and 7.x; Parallels Cloud Server; Virtuozzo; OpenVZ; Debian 6.x, 7.x and 8.x; and Ubuntu 14.04 LTS, 15.10, 16.04.
- Ksplice: is an open-source extension of the Linux kernel that allows security patches to be applied to a running kernel without the need for reboots, avoiding downtimes and improving availability (a technique broadly referred to as dynamic software updating). Ksplice supports only the patches that do not make significant semantic changes to kernel’s data structures.Ksplice has been implemented for Linux on the IA-32 and x86-64 architectures. It was developed by Ksplice, Inc. until 21 July 2011, when Oracle acquired Ksplice and started offering support for Oracle Linux. Support for Red Hat Enterprise Linux was dropped and turned into a free 30-day trial for RHEL customers as an incentive to migrate to Oracle Linux Premier Support. At the same time, use of the Oracle Unbreakable Enterprise Kernel (UEK) became a requirement for using Ksplice on production systems.
As of July 2015, Ksplice is available for free on desktop Linux installations, with official support available for Fedora and Ubuntu Linux distributions.
- kpatch: is a feature of the Linux kernel that implements live patching of a running kernel, which allows kernel patches to be applied while the kernel is still running. By avoiding the need for rebooting the system with a new kernel that contains the desired patches, kpatch aims to maximize the system uptime and availability. At the same time, kpatch allows kernel-related security updates to be applied without deferring them to scheduled downtimes. Internally, kpatch allows entire functions in a running kernel to be replaced with their patched versions, doing that safely by stopping all running processes while the live patching is performed.kpatch is developed by Red Hat, with its source code licensed under the terms of the GNU General Public License version 2 (GPLv2). In May 2014, kpatch was submitted for inclusion into the Linux kernel mainline, and the minimalistic foundations for live patching were merged into the Linux kernel mainline in kernel version 4.0, which was released on April 12, 2015.
- kGraft: is a feature of the Linux kernel that implements live patching of a running kernel, which allows kernel patches to be applied while the kernel is still running. By avoiding the need for rebooting the system with a new kernel that contains the desired patches, kGraft aims to maximize the system uptime and availability. At the same time, kGraft allows kernel-related security updates to be applied without deferring them to scheduled downtimes. Internally, kGraft allows entire functions in a running kernel to be replaced with their patched versions, doing that safely by selectively using original versions of functions to ensure per-process consistency while the live patching is performed.kGraft is developed by SUSE, with its source code licensed under the terms of versions two and three of the GNU General Public License (GPL). In April 2014, kGraft was submitted for inclusion into the Linux kernel mainline, and the minimalistic foundations for live patching were merged into the Linux kernel mainline in kernel version 4.0, which was released on April 12, 2015.