Account 로그인

In upstream development news, the kernel team here at Red Hat has been working on a dynamic kernel patching project called kpatch for several months.   At long last, the project has reached a point where we feel it's ready for a wider audience and are very excited to announce that we've released the kpatch code under GPLv2.

kpatch allows you to patch a Linux kernel without rebooting or restarting any processes.  This enables sysadmins to apply critical security patches to the kernel immediately, without having to wait for long-running tasks to complete, users to log off, or scheduled reboot windows.  It gives more control over uptime without sacrificing security or stability.

How it Works

With respect to granularity, kpatch works at the function level; put simply, old functions are replaced with new ones.  It has four main components:

  • kpatch-build: a collection of tools which convert a source diff patch to a hot patch module. They work by compiling the kernel both with and without the source patch, comparing the binaries, and generating a hot patch module which includes new binary versions of the functions to be replaced.
  • hot patch module: a kernel module (.ko file) which includes the replacement functions and metadata about the original functions.
  • kpatch core module: a kernel module (.ko file) which provides an interface for the hot patch modules to register new functions for replacement.  It uses the kernel ftrace subsystem to hook into the original function's mcount call instruction, so that a call to the original function is redirected to the replacement function.
  • kpatch utility: a command-line tool which allows a user to manage a collection of hot patch modules.  One or more hot patch modules may be configured to load at boot time, so that a system can remain patched even after a reboot into the same version of the kernel.

Learn More, Try it Out, and Get Involved

If you’d like to learn more about kpatch, check out the kpatch github project.  For the adventurous, there are even installation and quick start instructions for Fedora 20.  Better yet... we’d love for you to get involved and contribute to our collective efforts.

For those who do test kpatch, be warned: KPATCH IS STILL IN ACTIVE DEVELOPMENT.  IT IS NOT PRODUCTION READY, AND COULD CRASH YOUR SYSTEM.

We're very interested in getting your feedback!  Feel free to join the kpatch mailing list to report feedback, ask questions, or learn how to contribute.


About the author

Red Hat logo LinkedInYouTubeFacebookTwitter

제품

구매 정보

커뮤니케이션

Red Hat 소개

Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.

Red Hat Shares 뉴스레터를 구독하세요

지금 신청하기

언어 선택

© 2022 Red Hat, Inc. Red Hat Summit