Linux kernel set to get live patching in release 3.20
Come and get this Git pull, Linus!
A collaboration between SUSE and Red Hat is going to bring relief to Linux users the world over: they'll be able to patch their systems without reboots.
The live patching infrastructure looks set to become available in version 3.20 of the Linux kernel.
The two organisations introduced their distribution-specific live patching solutions a month apart in 2013 – SUSE's kGraft hit in February, and Red Hat's Kpatch arrived in March.
As SUSE developer Jiri Kosina explains on the Linux Kernel Mailing List, an early shot at live patching called kSplice was acquired and turned into a proprietary service.
He says the SUSE and Red Hat approaches were different: “kPatch is issuing stop_machine()”, inspecting processes and deciding whether the system is safe to patch; “kGraft provides a per-thread consistency during one single pass of a process through the kernel and performs a lazy contiguous migration of threads from 'unpatched' universe to the 'patched' one at safe checkpoints.”
After a discussion at the Linux Plumbers' Conference in Dusseldorf in 2014, the different parties worked out the basis of the new approach.
A key aspect of the live-patching infrastructure, Kosina says, is that it's “self-contained, in a sense that it doesn't hook itself in any other kernel subsystem (it doesn't even touch any other code).
“It's now implemented for x86 only as a reference architecture, but support for powerpc, s390 and arm is already in the works (adding arch-specific support basically boils down to teaching ftrace about regs-saving)”, he continues.
Red Hat and SUSE will port their current solutions to the common infrastructure, “abandoning their out-of-tree code”.
Kosina's post to the list is addressed to "Linus" and says "Live patching core is available for you to pull at git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching.git for-linus.
Over to you, Mr Torvalds. ®
Sponsored: Becoming a Pragmatic Security Leader