Slashdot Mirror
Patch the Linux Kernel Without Reboots
evanbro writes "ZDNet is reporting on ksplice, a system for applying patches to the Linux kernel without rebooting. ksplice requires no kernel modifications, just the source, the config files, and a patch. Author Jeff Arnold discusses the system in a technical overview paper (PDF). Ted Ts'o comments, 'Users in the carrier grade linux space have been clamoring for this for a while. If you are a carrier in telephony and don't want downtime, this stuff is pure gold.'"
Update: 04/24 10:04 GMT by KD : Tomasz Chmielewsk writes on LKML that the idea seems to be patented by Microsoft.
In Soviet Russia, the kernel reboots you!
If you are a carrier in telephony, you should have many load-balanced servers that can be taken offline one at a time and restored after patching. They probably would be taken out of the loop for the in-place patching anyway. So who is "clamoring"?
"Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
honestly how much downtime are we talking here? 30 seconds?
Sometimes, life itself is sarcasm...
That is truly amazing tech, right there. It would be interesting to know the security implications of being able to hot-patch the kernel, however.
...this will spur microsoft to atleast implement updates that don't require reboots. Hmmm, I think I may have stumbled on MS WIN 7's marketing slogan...
NT
Trying to keep one server up 24/7/365 is a usually mistake. You'll never achieve 100% uptime. A much better idea is to use clustering and distributed computing so your overall system can survive the loss of individual servers.
The key sequence to access my Slashdot bookmark in Firefox is Alt-B-S. I don't believe this is a coincidence.
> "this is pure gold"
It is also a waste of time. Instead of spending time hot-patching a kernel, jotting down which patch it was, verify that it actually installed, and considering you cannot change the layout of structures anyway in a hot-patch, the time would be better spent designing protocols that can handle a hot-standby switchover.
Yes, there are a few scenarios where the hardware is so expensive that you cannot afford redundancy, but that is rare.
There was a kernel exploit recently where someone submitted a patch that modified the running kernel using this technology. It didn't work for me, so I had to resort to patching the .c that was affected - but a lot of people reported that it worked.
Get your own free personal location tracker
The way it identifies what to patch is cool, but the 'hot' part of the patch is ultimately just simple trampolining -- replacing the start of the patched function in the code segment with a jmp to your new code. I did similar work in the linux kernel for a masters project.
Rather that a source code level system I'd prefer a way of replacing loadable kernel modules without a reboot. Then push more code into modules -- eg file system. (Hey sounds like a micro-kernel).
I can now install hypervisors without rebooting the victim's... I mean... client's computer?
[strokes handlebar mustache deviously]
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
Can ksplice be installed without rebooting?
He basically compiles a patched and unpatched kernel with the same compiler, compares the ELF output, and uses that to generate a binary file that corresponds to the change. That gets wrapped in a generic module for use, another module installs it along with JMPs to bypass the old code and use the new, and he performs the checks needed to make sure he can safely install the redirects.
He also has to differentiate real changes from incidental ones (the example given is changing the address of a function - all references to it will change, but they don't really need to be included in the binary diff).
The only human work required is to check whether a patch makes semantic changes to a data structure... whether eg. an unsigned integer variable that was being used as a number is now a packed set of flags - the data declaration is the same, but it's being used differently.
Interesting paper. Also a useful new set of capabilities for any Linux user who can't handle downtime for quarterly patching... worth its weight in gold in some businesses.
Erik
I'd rather have at least two of anything important and have statefull failover between them.
If you've got this system that's so critical you can't reboot it for a kernel upgrade, what do you do when the building catches fire or a tanker truck full of toxic waste hops the curb and plows through the wall of your datacenter?
I'd rather have a full second set of anything that critical. It should be in a different state (or country) and have a well designed and frequently used method of seamlessly transferring the load between the two (or more) sites without dropping anything.
If you can't transfer the workload to a location at least a couple hundred miles away without users noticing then you're not in the big league.
And as long as the workload is in another datacenter, what's the big deal about rebooting for a kernel upgrade.
Maybe this new tech will spur the year of the linux desktop computer! ...
Once again, we have an over-engineered solution to a non-existent problem.
Any enterprise-level customer is going to have a VERY lengthy Q&A process before deploying anything into production. This includes testing kernels, hardware, networks, interaction, application, data and so on. One pharmaceutical company I know of is federally mandated to do this twice a year, every year, for every single machine that reads, writes or generates data. Period.
So you hot-patch a running Linux kernel. How do you Q&A that? How do you roll back if the patch fails? Where is your 'control'?
The answer? A duplicate machine. But wait, if you have two identical machines... isn't that... a cluster?
Exactly. And THIS is how you perform upgrades. You split the cluster, upgrade one half, verify that the upgrade worked, then roll the cluster over to that node, and upgrade the second portion of the cluster. If you have more machines in the cluster, you do 'round-robin' upgrades. You NEVER EVER touch a running, production system like that.
Well, not if you want any sort of data integrity or control and want to pass any level of quality validation on that physical environment.
Tomasz Chmielewski wrote on LKML: the idea seem to be patented by Microsoft, i.e. this patent from December 2002: http://www.google.com/patents?id=cVyWAAAAEBAJ&dq=hotpatching In essence, they patented kexec ;)
Andi Kleen promptly provided prior art: The basic patching idea is old and has been used many times, long predating kexec. e.g. it's a common way to implement incremental linkers too.
davecb@spamcop.net
Imagine a Beowulf cluster of hot-patching Linux-servers
Not only the CEO. I lived to see even a hardline IT guy (admittedly, one whose goal in life seems to be to be against whatever you want, and to avoid doing any extra work... actually, make that just: any work) argue along the lines of "nooo, you can't have the servers only 60% loaded! It's a waste of valuable hardware! Why, back in my day (of batch jobs on punched cards, presumably) we had the mainframe used at least an average of 95% before asking for an extra server!"
It always irks me to see people just not understand concepts like "peak" vs "average", or "failing over".
- A cluster of, say, 4 machines (small application, really) which are loaded to 90% of capacity, if one dies, the other 3 are now at 120% of capacity each. If you're lucky, it just crawls, if you're unlucky, Java clutches its chest and keels over with an "OutOfMemoryError" or such.
- if you're at 90% most of the time, then fear Monday 9:00 AM, when every single business partner on that B2B application comes to work and opens his browser. Or fear the massive year-end batch jobs, when that machine/cluster sized barely enough to be ready with the normal midnight jobs by 9 AM, so those users can see their new offers and orders in their browsers, now has to do 20 times as much in a burst.
Basically it amazes me how many people just don't seem to get that simple rule of thumb of clusters: you're either getting nearly 100% uptime and nearly guaranteed response times, _or_ you're getting that extra hardware fully used to support a bigger load. Not both. Or not until that cluster is so large that 1-2 servers failing add negligible load to the remaining machines.
A polar bear is a cartesian bear after a coordinate transform.
Wasn't this possible before with kexec?
Welcome to academia. I think it's an interesting start, and maybe someday we'll have solved the additional problems you've listed. And let's face it, rebooting for updates is annoying, mission critical or not.
As an admin for some -very- high availability systems, load balancers are not a silver bullet. This solution would most apply for running one-node clusters who are using a single machine as a perimeter network device. (ex. firewall) I see lots of these in the racks at our NOC provider.
1. We connect to several load balanced systems and the complexity introduced by load balancers translates to inexplicable down time. No load balancers means a pretty steady diet of the latest and greatest server hardware, but no down time. The a few minutes of down time costs more than the server hardware.
2. High availability translates more roughly into nodes that can fail (ex. power off) and not take the cluster down. This boils down to active-passive application architecture more than just using heartbeat.
As an FYI, PostgreSQL clustering is a killer application for me. Erlang is also great in many ways, but requires application architecture with active-passive node awareness. Which isn't present in things like Yaws, or even my other favorite non-erlang app nginx. Heartbeat is the solution there, but I'd like to see yaws be cluster aware on its own. http://yaws.hyber.org/
Thank you. I was getting depressed at what I was reading. Hot patching production kernels = amateur. Never take a *needless* risk. Ever. Hot Patching a running non-production kernel "because-you-can", well then that's a pretty neat thing, high on the geek scale. But don't even come near my prod cluster neophyte or I'll have your limbs removed.
-- kortex "Not everything that counts can be counted, and not everything that can be counted counts"
This is old news down in the South.
They don't bother splicing. Them good ol' boys been big on Kernel Sanders for years now.
Lots of people are saying, "100% uptime of a particular machine is neither necessary nor desirable, full failover is better. Full failover is the only way to handle catastrophic hardware failures." Or something to that extent.
But this isn't about 100% uptime. It's about not having to reboot for a kernel upgrade. You should still have hot failover if you want HA, this just removes one more thing that requires a reboot.
It's like people saying, "I don't mind rebooting after installing Office, I don't expect 100% uptime from my workstation." Of course you don't need to be able to do software installs without rebooting. But isn't it nice to have that option available?
Same with this. When (and if) it gets stabilized and standardized, you'll use it. Not for 100% uptime, just because it's nice to not be required to reboot to enable a particular software install.
Stop-Prism.org: Opt Out of Surveillance
Hasn't this kind of feature been available on AIX for quite some time? I'm told you have to "unroll" patch installations if you need to insert one somewhere into the existing patch-chain, which sucks, but you can do it all on a live system.
Q&A doesn't proof the absence of bugs. Also, the less you spend the more your shareholders will thank you (or ravage you).
If you are a carrier in telephony and don't want downtime, this stuff is pure gold.
:)
If you're a darkhat writing rootkits, this is priceless
Your process of testing servers involves asking them questions and getting answers?
Systems continuously cycling the kernel version: downgrading to 0.99, upgrading back to git head and then back to 0.99...
Oh goody another KDawson post. Isn't there a way to filter them out?
And THIS is how you perform upgrades. You split the cluster, upgrade one half, verify that the upgrade worked, then roll the cluster over to that node, and upgrade the second portion of the cluster. If you have more machines in the cluster, you do 'round-robin' upgrades
Hmmm. I happen to live by your words in an environment where this is theoretically possible, but practically impossible. Why? Because when the cluster rolls to a passive node, the application times out on the existing connections. The time outs have business ($$$$) implications. I wish it were okay to have infinite retries, but it's viewed as a violation of the service agreement. Telephony is like this too.
An academic ideal for sure, but please speak more humbly because it is no silver bullet.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
"open source creates a license so that nobody can ever improve the software" according to Bill Gates. Therefore this is not an improvement. QED.
For you.
There are some systems that:
1. Have zero support for a cluster. Maybe duplicate controller cards in the same chassis, but not clustered.
2. Are financially infeasible to cluster.
3. Are of such a high dollar per minute value that management is willing to run the risk of inserting code while operating live (provided it has been tested in another system in a mock-up lab) and having a catastrophic failure or a singing success.
Look, that's just how open source works. It's not only demand driven - most of the time it's just hackers getting interested in stuff they wanna try out - whether it makes sense or not... This way interesting things can happen and if they find someone to use 'em, they may become popular. It's not like the Linux kernel was aimed at becoming the most popular open source OS - actually people may very well have thought of Linux as an "over-engineered solution to non-existent problem" back then! I'm thinking of the micro kernel debate and the HURD system here.
Actually I don't know why carrier systems would want to be able to upgrade on the run. Maybe their boot-up procedures are so complicated and lengthy that they just don't want to reboot... this way they can still to a round robin upgrade, but keep the machines alive and thus save a lot of time (I imagine they have quite a few clusters/machines...)
Maybe Google could use that stuff, too. Instead of rebooting every machine in a cluster in order to upgrade it, they'll write a script that visits each worker in order and upgrades the system on the fly. That's still less down-time. And Google's clusters are really large. If you can reduce the downtime per worker machine by, let's say 50% (I suppose you could do a lot more. Maybe you could even go without testing on all of the machines if they are built the same way (they probably are) and just have one test subject) that's still a lot of time (and money) if you multiply it by those 2000-6000 machines...
I'm an infovore...
"Any enterprise-level customer is going to have a VERY lengthy Q&A process before deploying anything into production."
BWAHAHAHAHAhahahahah..
"One pharmaceutical company I know of is federally mandated to do this twice a year, every year, for every single machine that reads, writes or generates data. Period."
Yes, Federally mandated. Most companies aren't, and in fact compaines that do that are the exception.
I have seen and read about too many CFO's pushing out enterprise level software against technical advice and have it fail.
I have seen for important and large pieces of software put into production with almost no testing.
The Kruger Dunning explains most post on
So wrong - You do your testing in a test environment not on one half of your production cluster!
For end users, live updates of the kernel would mean that you don't need to reboot your machine to apply those dayly security updates. Yeah, unlike your server pool, my laptop is not load balanced even though it has multiple cores. That would be a tremendous advantage over Windows and Mac machines where the "updated the DRM managment software: you need to reboot" is so frustrating...
This applies to early digital city telephone switches, circa early 1990s:
These switches were designed to be up for years at a time.
One of the ways they did it was by splitting the switch in half, an "A side" and a "B side."
Typically it was either in a 50/50 or 100/0 with failover, meaning half or all of the phone lines did their processing on the "a" side and the remainder on the "b" side.
When patches were ready to install, which didn't happen very often, everyone but the test lines got moved to the A side, the B side got patched, the B side got tested, then everyone moved to the B side and then the A side got updated and tested.
There was hardly ever any schedule downtime for the switch as a whole during the life of the switch. Thanks to battery power and diesel generators, there was hardly any unscheduled downtime barring a major disaster like a fire in the building or a major earthquake. Downtime meant everyone's phones went dead for the duration of the outage.
The modern analog is a server pool.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
This is GPL'd software. Bill Gates told me nobody could improve it. These Linux developers are truly renegades!
include $sig;
1;
I worked with a genius engineer at DEC in the late 80s who could patch a running VMS system on the fly, no reboot required.
He had a small program that made the whole thing happen.
there are 3 kinds of people:
* those who can count
* those who can't
Long ago there were two different unofficial kernel patches, which allowed swapping the kernel during runtime. Think it was in time of the 2.2 series or so, quick googling sadly didn't come up with the stuff. If only my memory wasn't that bad :(
Patent? Similar technology is present in 50% of todays telephony (e.g. POTS, GSM, WCDMA) servers. PLEX & emergency corrections in executive side have enabled this since around the late 1980:ies. http://en.wikipedia.org/wiki/AXE_telephone_exchange Yes, AXE nodes *usually* is patched by updating the hot-standby side while separated from executive side - but if you really want to live on the wild side... ;-)
Maybe RHAT/CENTOS will catch onto this and put it into production. This would probably work well since the actual kernel minor version never changes for the life of a RHEL/CENTOS version and I would guess kernel data structures don't change much either as long as the kernel is kept at the same minor version.
You'd roll back much the same way, or even perhaps by rebooting into the previous kernel image from disk.
Every production environment I've ever administered had a smaller version set aside for testing. We'd configure the machines identically and just make the cluster smaller. Then we'd test on the test machines any action that was to be made part of the admin process of the production machines. If it passes on the test machine and fails in production, then you didn't make the machines sufficiently similar.
Round robin upgrades take ( ( (time_to_idle + time_to_upgrade + time_to_reboot) * machines ) / 2) on average to get a machine upgraded. If you have a "Critical" upgrade, that might be longer than you want.
Not everyone has the exact same QA requirements you do, either. Some of us are happy with proving that it works, then proving that it worked on the production machine, then resuming our normally scheduled maintenance.
I find it interesting that Microsoft should have this patent, especially considering that windows machines nearly always need rebooting after doing system updates (not to mention after installing extra software, crashes, and when doing advanced stuff like using two programs at the same time.). Think of their 'expertise' in this area, and now try to imagine the Pandora's Box opened by attempting a 'live' patch on a MS kernel...
Not only that, but there are countless buggy C/C++ program which can be used as prior art. Including some of mine.
wtf?
Salut,
Jacques
I mean, every minor little Windows Update makes my machine reboot. I am so sick of starting up Parallels, having updates immediately run and require a reboot. (But there's no way I'm letting my machine go without the updates.) Yeah, it probably doesn't help that I only load Windows once a month, so there are invariably a bunch of updates waiting. But still...
Another non-functioning site was "uncertainty.microsoft.com."
The purpose of that site was not known.
I've been asking since MS-DOS 3.0 - "Why the heck to I have to reboot after installing an application?" Windows has finally reached the point that most of the time. But this goes far beyond those improvements.
My office has been taken over by iPod people.
This basic technique has been used to patch the running code on spacecraft as long as there have been computers on spacecraft. As you say, the concept is simple, the devil is in the details.
the concept was the same.
Allocate a chunk of non-paged pool
load your code into it.
set IPL to 31
patch the code that you want to change to jump to the code you loaded into pool.
Lower IPL
It would probably work on windows too. Most of the actual windows kernel is very similar to VMS, even down to having paged (not NON-paged) pool. You know someone is copying when the even copy the stupid ideas.
Erlang/OTP (Open Telephony Platform) already has the ability to roll out updates onto server nodes without a reboot. To everybody above who has said this is a nonexistent problem, or has pontificated about how simple it is to load balance telephony servers (it isn't): if you are right, then why did Ericsson need to invent it?
The ejabberd IM server is written in Erlang, and it repays study. This is a small language which can do things like extract patterns from bit arrays in a single line, and at the other end of the scale can drive large server networks with uptime measured in years.
Fortunately, any Microsoft patent taken out in 2002 on 1980s Swedish technology is unlikely to work in Europe.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
Comment removed based on user account deletion
I should add before anybody objects that I KNOW that updating a running kernel is different from updating a higher level layer. My point is that telephony servers do need to be up for years, therefore the ability to patch the kernel as well as the OTP is valuable. Although telephony mainframes may be up for years, Linux boxes typically aren't (not if they want to stay current.) This technology can presumably project Linux into the six-nines availability range. But, if the MS patent comment is right, not in the US.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
Perhaps it's an evil plot to make
better OSs have to reboot (;-))
--dave
davecb@spamcop.net
I would think that on top of the benefits of patching running high-uptime servers this would in the long run also result in yet another benefit to running Linux on your desktop instead of Windows. I don't see any reason RedHat, Ubuntu and everyone else wouldn't implement this type of kernel upgrade for convenience' sake.
I keep forgetting my place. Jesus is for losers. Why do I still play to the crowd?
Brilliant...
Let all of us go through the MS patents, and write an article or tech paper on it pertaining to Linux so we can pretend we invented the concept.
Hell, most Linux users ignore Microsoft, so they would buy it 99% of the time, until they do it and MS knocks on the door and goes, "Nope..."
If we are going to apply this stuff to Linux, we need to at least give Microsoft credit or pretend it is not our 'brainchild', and maybe Micorsoft will continue to leave us alone.
Geesh...
AmigaOS had its kernel in ROM, and could be patched on the fly. That was back in 1985, so even if it was patented, it isn't now.
The patching function was not an accident either; there was an OS-function for this purpose. Originally it was intended to allow bug-fixed to be installed without having to change the ROM, but it was quickly coopted into a mechanism for enhancing the OS in various other ways as well.
So you're trying to tell me that Microsoft came up with a way to patch an OS with no reboot necessary?
Gotta go, someone just saw a flying pig....
Hasn't NASA been doing this with satelites and probes since whenever (well, since they started probing things anyway)? Haven't computer viruses (and organic for that matter) been doing this since the first infection?
It must have been something you assimilated. . . .
That must be why almost every version of Windows requires a reboot for even the most trivial of changes or updates. Vista is a bit better in this regard but it still needs a reboot when kernel level patches are applied.
Lisp has been patching running images for quite a while (much earlier that '02), so MS' patent is vulnerable to prior art claims.
I'm sure there are other examples of patching running systems too.
If you are a carrier in telephony, you should have many load-balanced servers that can be taken offline one at a time and restored after patching.
Servers be damned.
If you are a carrier in telephony, virtually all your subscribers have a connection consisting of a single line terminated by a singe box at the edge of your network (sometimes a series string of single-boxes each doing different parts of the job.) When anything makes that box unavailable, even for moments, all the customers whose sole connection is through it are down. That might be tens of thousands or hundreds of thousands of them.
Such boxes are designed for "six-nines" uptime targets. Redundant power supplies, redundant control processors, redundant interconnects between cards, redundant uplinks, redundant FANS, backplanes with no active components, software designed with separately replacable and restartable modules, etc.
And yes they DO run for years without a reboot. (In fact even servers do. For instance: The servers at the baby bells that record the billing records generated at the connect, answer, and end of a call. Some of those have been up for years - with minor patches queued for the next time some mishap makes them reboot.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Why doesn't the Related Work section discuss kpannus from sourceforge.net/projects/pannus? 'Another command of the PANNUS is the "kpannus" for kernel live patching. ... the PANNUS controls kernel by
using "stop_machine_run()" for safety ensuring, which creates threads
for each CPU to execute a function without any interruption. ... The
PANNUS for kernel patch("kpannus") is tested for some functions in the
kernel such as sched_clock, do_gettimeofday, filesystems_read_proc,
cmdline_read_proc, or init_timers.'
In the telephony world, uninterupted service is a basic requirement. Much of that is accomplished through redundant hardware where upgrades take place on the standby side first, the service switches over, and then the other side upgrades. This is typically done at night during a maintenance window due to the temporary loss of redundancy.
However, hot patching has been done for decades.
In the case of Nortel's DMS, this is a trivial operation thanks to the clever design of the language and the operating system. A designer can code and build a patch in minutes.
Systems running C/C++ can accomplish the same thing by having a loader which recognizes "patch vectors" and updates the symbol table on the fly.
There are limitations but there is nothing magical about "Ksplice" and I'm sure that Microsoft's "patent" adds nothing new either.
Since when has Teh Lunix every concerned itself with using MS code or patents? No reason to start now.
With the number of reboots required to simply install apps on an MS OS machine do they have a successful implementation of this patent hiding somewhere?
-------- This space intentionally left blank --------
If there is a new-found security exploit in the wild, which requires an immediate patch, or you essentially die, you sure as sh*t better install that patch as fast as possible on a machine, and see that it does not hurt. No waiting for QA to sign off. I worked in one of the largest, and the QA process was very long, and we were regularly going down because of virus, etc. No email can kill a company, for example. If the company is doing 10 million a day business, totally on the internet, to have the internet go down is deadly.
We had servers that had multiple processors, and you could shut down one proc and upgrade its OS, etc, while the whole system kept running. we paid a lot for that. This is gold. Ignore the bs put out by so-called know-it-alls, and decide if this fits your needs for yourself. Anytime you get an increase in the number of choices of how to do something, you are on the upside of life.
wake up and hold your nose
From the microsoft patent:
"Not all code changes can be installed via a hotpatch, at least not safely or easily. For example fixes that affect multiple functions and cannot be broken up into independent changes, and fixes that cannot be run while unpatched version of the code are running, cannot be applied with hotpatching"
"In other words, a particularly fix needs to be able to be broken into independent changes, each affecting a single routing, and the system has to function correctly even if some threads execute an unpatched routine after another thread executes the patched version"
They sum it up saying that hotpatching is basically limited to "relatively small, single function fixes, like adding a parameter check or fixing a leak, etc."
You may be able to implement a system where every function knows what "version" it is and also keeps the old functional code so that if a patched function ends up being called by an old version then it can just execute the old code.
You still have to make sure that execution of an old version thread, and a new version thread at the same time doesn't break anything though.
Of course coldpatching doesn't have to worry about any of this, so the whole "version" functionality and keeping old code only need apply to the hotpatching, not the coldpatching
Funny thing... this was the smallest part of my oh, hour and twenty minute interview with the reporter. The reason for the call was to hear about what was up with the 2.6.25 release; she probably spent more time talking with me about KVM and Xen; and I mentioned ksplice just as an aside, as an example of lots of really interesting and exciting work that doesn't necessarily happen as part of a mainline kernel release. I spent maybe 2-3 minutes tops talking to her about ksplice --- and that's what she ends up writing about and getting slashdotted!
Comment removed based on user account deletion
The AS/400 has had the ability to load any object file generated from any compilation unit into a running kernel for a long time. Kernel patches are applied this way all the time on that system.
If you use LinuxBIOS, your reboot time is about 3 seconds. If you're looking at the teleco market and want embedded Linux systems on literally millions of sites, you might even consider dumping the use of FLASH for the kernel and go to ASIC. At which point, your boot time might easily be around 0.3 seconds.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Microsoft did such a good job with their patent that I only have to reboot Windows XP on Patch Tuesdays!
I mean, every minor little Windows Update makes my machine reboot. I am so sick of starting up Parallels, having updates immediately run and require a reboot. (But there's no way I'm letting my machine go without the updates.) Yeah, it probably doesn't help that I only load Windows once a month, so there are invariably a bunch of updates waiting. But still...
What's even worse is installing Windows Updates on a production machine, rebooting a few hours later after all the users have gone home--and then having it pop the hell up again with NEW updates.
There's no place like
Microsoft patented a method of avoiding system reboots?
:P
WHY ARE THEY NOT USING IT?
I used to install patches for Telecom grade switches and basically we altered op-codes. In some cases it was a matter of adding a new section of op-codes to some spare memory location and then inserting a jump in the old area. Each line we entered did have checksums. This was late 1980's, early 1990's with the Hughes Network Systems packet and frame switching INS 9000. Fairly self-explanatory. Obviously nothing at all like the innovative Microsoft Patent.
I have no idea when MS patented it, but I do know that Ericsson switches have long had the capability to accept OS patches while running. I am *not* an expert on that and I don't recall the exact terminology etc., but it shouldn't be hard to find. I also seem to recall that this was one of the features of Erlang, but am less sure of that.
Solaris also supported in-place kernel patching a long while before this patent - I remember learning about it in 1997, but I think it had existed for quite some time before this.
Bad form to reply to my own post, but having just looked at the patent it is also somewhat different to Linux patch mechanism anyway. Claim 20 involves checking the filename of currently running modules, claim 21 invloves checking a hash, etc... That said, the patent basically describes simple patching of a function entry points with a few consitency checks. There is a ton of prior art on this, as someone else mentioned the Amiga OS was designed for this, it was common on Mac extensions in the 80s, it's the basic mechanism for DOS-based TSRs and viruses, etc... It's also clearly not non-obvious.
And, to be fair, OS/360 had patch
space compiled/assembeled in.
--dave
davecb@spamcop.net
Erm, maybe, just maybe, could there be a slight chance that you didn't read the comments written earlier than yours?
Check http://en.wikipedia.org/wiki/Prior_Art and do a search over the comments for examples of this concept, and explain this "we need to at least give Microsoft credit"-thingy in a little more detail?
It would be grand, though, if we could muster a rally against defunct PTOs like the US one...
"The number you have dialed is imaginary. Please rotate your phone 90 degrees and try again."
Their only resort is to appeal to court.
There are no applications in other countries.
A
True, but I've been standing in switch rooms watching operators manually kill those circuits because they wanted to reboot a box. 5x 9s doesn't mean perfect service, and if anyone complained about it they were told that a ms interruption once every few mon
College-Pages.com - Online Colleges, Degrees, and Programs
Not only does this show how ludicrous software patents are, not only does this show how ludicrous our patent system is, not only do patent workers clearly need to be fired, but the definition of obvious clearly escapes the USPTO. The next logical step and feature to add to prevent having to reboot the kernel to apply updates is making it so you don't have to.
I wish Obama would eliminate the USPTO after he's president.
Promote true freedom - support standards and interoperability.
The Microsoft patent covers a special technique that Microsoft has claim they have developed, that they need to add to their future systems (and that we haven't seen yet into mass production yet). It basically consist of a messy kludge : the unpatched codes is overwritten with jump instruction that force the execution to proceed to another place which contain the patched code.
/.er has said, I don't see how that's patentable because *ALMOST ALL MS-DOS VIRUSES* in the 90s did use this exact technique. In fact a "jump from the begining of the code to the viral block at the end" was one of the heuristic criterion used by some antivirus to assess the risks of some suspected code (Thunderbyte's antivirus for example). That constitute massive prior art.
It's complicated, has to be specially implemented and hasn't seen widespread use yet.
Besides, as other
All the various hot patching projects that exist on Linux use a completely different approach. They leverage the modules facility present in plain vanilla kernel to add/replace kernel functions or stubs with new code present in the module. Except that instead of adding a function to control some hardware as in a driver module, a patch modules replace a function with a new bugless version.
So there's nothing new conceptually. It's just slightly different usage for a mechanism that has been there in the kernel since along time - several years before the patent was even filed. The different project are, in a typical F/LOSS spirit, making tools that leverage those existing technology to facilitate the patching process.
But the technology itself has been there since the late 90s whereas the microsoft patent was filed in 2002.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Is there anyone planning to port this to power PC architecture or any other? what part of this is arch specific anyway?