Linux 4.0 Getting No-Reboot Patching
An anonymous reader writes: ZDNet reports that the latest changes to the Linux kernel include the ability to apply patches without requiring a reboot. From the article: "Red Hat and SUSE both started working on their own purely open-source means of giving Linux the ability to keep running even while critical patches were being installed. Red Hat's program was named kpatch, while SUSE' is named kGraft. ... At the Linux Plumbers Conference in October 2014, the two groups got together and started work on a way to patch Linux without rebooting that combines the best of both programs. Essentially, what they ended up doing was putting both kpatch and kGraft in the 4.0 Linux kernel." Note: "Simply having the code in there is just the start. Your Linux distribution will have to support it with patches that can make use of it."
I'm starting to feel old. I'm still on 2.6.x on my boxes.
I remember being surprised when I found out Ksplice costs money.
Finally, they gave us a thing for the change from 3.x to 4.x make sense.
Linux is for people who don't mind RTFM.
Isn't there a Women in STEM or global warming thread for you to infest?
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Wow, not only is the story a dupe, so is the lame attenpt to hijack it and.make it about/ whine about systemd.
Now all we need is for aa bunch of dupes pointing this out and we can just take off for a mini vacation before we all fork the kernel and role our own and try to hijack every other linux story.
I do not know what to think about systemd other than it seens to work but i do know i'm about sick with the people trying to inject it inti any linux related story. Perhaps someone should just move to BSD or something.
"Simply having the code in there is just the start. Your Linux distribution will have to support it with patches that can make use of it."
Darn. It looks like I'm gonna have to patch and reboot so I won't have to reboot after I patch.
will be important for scientific computing. One of the weak points of OSX is the necessity to reboot even for minor stuff (but its also getting better there. Most upgrades in linux already do not require any reboot which is nice when having jobs running for weeks.
Is it just me that is rather uncomfortable about the ability to do seamless, run time, patching on (any) operating system? Isn't there a rather large elephant of a precedent out there somewhere for the sorts of things that this facility this feature could be misused for?
Wasn't this posted a week or two ago?
Yep, it was discussed in Linux Kernel Switching To Linux v4.0, Coming With Many New Addons
I am Slashdot. Are you Slashdot as well?
In a world, where slashdot stories get repeated at least twice per week, one man had finally had enough.
Dilbert Smith was your average computer programmer, until one day, it happened, and the world would never be the same.
Jean Claude Van Damme is .... The UNDUPLICATOR.
What's it like in your parallel world? I'm running an investment and billing platform, as well as the testing and development environments on ~60 Linux instances far more securely than if it was on Windows. We have 4 Windows servers in our platform for AD and because someone requires reporting in MS SQL, and they spend far more time patching and rebooting than the ~60 Linux instances do. That OS *is* profitable enough for someone to want to fix it, and yet it still hasn't been.
Go spread your FUD elsewhere.
Was there general consensus that both methods complemented each other or was it one of those "ours is best so we want it in"? Having looked at how they work each has its pluses and minuses but they couldn't have come up with one? Seems to me like they were sitting around going "yea these are so different there is no way to combine them to make one... and we dont want ours to be left out so fuck it, use em both."
Procrastinating life a way at a rapid rate of speed.
Hear, hear! Let's throttle that shit back to the 386, and the hell with these new-fangled 32-bit processors!
Didn't Torvalds talk about this last week? This is hardly news.
The correct answer is 42.
He's on CentOS; they have this absurd scheme for kernels where they freeze the reported version and apply "selected patches" for 5+ years, so you never know what bugs are fixed.
You can get the kernel changelog easily enough:
rpm --changelog kernel
Oh, no! You have walked into the slavering fangs of a lurking grue!
If you were lost in the 3.0 kernels just wait until you try 4.0. Gone are the days of simply using ifconfig or adding a shell script to run on startup. Move to some form of BSD where the development process is sane. Changing for the sake of change is not a good idea.
sorry AC, I've got no mod points for you, but you are exactly right, except in the good old days of NW 3.x , netware admins would laugh at someone bragging about 300 days of uptime. I worked with NW sites that had servers with years of uptime. I've had unix servers that had years of uptime, not that that was a smart thing. It just meant they were running on reliable HW and hadn't been patched for years. With NW you could have servers with years of uptime and up to date SW.
The last NW site I worked at (late 90s maybe?) was shutting down NW servers that had been up non-stop since they were deployed years before to replace them with Windows servers as part of some lame-brained management driven "server consolidation" plan. Wonder how much money they "saved" with that?
Very cool that you can now patch and reload the core without a reboot, I just wonder how they handle when data structures change dramatically between major versions, will they replace the running data with predefined?
Do not look at laser with remaining good eye.
One place I worked at we had a horribly out of date NW server on the network that nobody knew where it was... I searched for weeks and could not find it. Finally years later it was found inside a wall because of previous construction it was placed out of the way and covered with a plastic tarp.
So it was running all those years WITH NO AIRFLOW and no reboots. A testament to old SCSI hard drives.
Do not look at laser with remaining good eye.
Make that: rpm -q --changelog kernel
Oh, no! You have walked into the slavering fangs of a lurking grue!
To live-patch, you'd need to run code as root.
If a malicious executable ever gets root, it can persist itself in any fashion it likes. Live-patching isn't a necessity, nor a hole in this sense.
Even with SecureBoot, there's nothing stopping such code going through boot up again, and exploiting the same hole again through any of the millions of ways a root-running-executable could make something start at startup.
So long as this works in tandem with facilities like cryptographic module signatures, I don't see how its any more a risk than the alternative.
And, as always, you can always turn it off.
Such datacentre-level facilities often take decades to come down to consumer hardware and consumer OS.
Virtualisation is, to x86 PC's, relatively new. But we've been doing it on the proper hardware for decades.
It's not that some things were so brilliant, it's that the features are rarely needed and take a long time to filter down to commodity OS and hardware.
Hell, I've never needed a cluster-based filesystem, and you don't see me complaining that Windows didn't introduce one to Windows until decades after they existed.
On-the-fly patching, like a lot of features, isn't something needed on commodity OS. Virtualised infrastructure and distributed systems and high-availability features have largely made such things pointless up until now.
But now that we're pushing for zero downtime clouds and mobile devices that can stay on for months at a time, it's good to revisit, re-purpose and use the established technology to do so. Before? Why did we need it when Linux would barely resume from suspend reliably?
While the kernel can be live patched, still some fundamentals pieces will lack live patch in the desktop, like X.org and libc. Ok, reboot a desktop is not that terrible task and not inconvenient like for a server. But it'd be nice to have.
Isn't there a Women in STEM or global warming thread for you to infest?
If systemd has any bearing on women in STEM or global warming, then truly its scope has become more vast than any dared to dream or dread.
SJW n. One who posts facts.
lol.. Just like sysV is an inherent discussion topic for anything related to linux? How about X11 or whatever it is now? Grep, and VI I guess should always be on topic too.
I think you have too much emotionally invested in something and and it's clouding your judgement.
Wow, I get the joke wasn't funny, but it's on topic, not off topic. An "overrated" mod would be more appropriate than an "off topic" one.
SJW n. One who posts facts.
Isn't there a Women in STEM or global warming thread for you to infest?
If systemd has any bearing on women in STEM or global warming, then truly its scope has become more vast than any dared to dream or dread.
Does seem to be trolls that try ot turn every topic into a referendum on systemd.
And those three topics generate a lot of activity.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
sorry AC, I've got no mod points for you, but you are exactly right, except in the good old days of NW 3.x , netware admins would laugh at someone bragging about 300 days of uptime.
I've had over 200 days uptime on my Vista desktop system, and that was ended by a power cut. Uptime isn't really anything to brag about any more.
We are heading to the situation where patching the kernel will be faster than patching applications:
Kernel upgrade: no downtime
Adjusting a parameter in Java application: wait for 4 minutes for Glassfish to restart
Even though the technology has been there for some time, it's good that these organizations have collaborated together and implemented this. Awesome stuff. GNU/Linux is probably the only OS that is able to accomplish this. Windows can't even touch a no-reboot OS like this. So, those using Microsoft will continue to patch and reboot their systems on a regular basis, which takes a LOT of resources. Obviously, GNU/Linux will and should excel in various markets, because it truly is better and more stable. And not having to reboot is a huge deal in the datacenter. Now, we can get this technology without various licensing requirements even though the technology has been free up until now anyway.
This...this is amazing!