Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle Brings Real-Time Kernel Patching To Oracle Enterprise Linux

Posted by timothy on from the any-old-time-you-want dept.

prisoninmate writes: Oracle's Unbreakable Enterprise Kernel (UEK) Release 4 is an important engineering effort and introduces performance improvements and enhancements for some of the most essential components, including CPU schedulers and Automatic NUMA Balancing, along with powerful new features, such as real-time kernel patching, which is possible thanks to the Ksplice open-source extension of the Linux kernel 4 branch, which lets users to apply patches to the running kernel without the need to reboot the system, thus improving security and simplify the management of cloud infrastructures.

52 comments

  1. Oracle named database of the year... by Anonymous Coward · · Score: 0

    ...And now Oracle brings something awesome to Oracle products. Oh, my aching rotors. It's tough churning through the Dicevertisements these days...

    1. Re: Oracle named database of the year... by Anonymous Coward · · Score: 0

      No doubt. It's also BS. Real time kernel patching? Maybe for some driver but not the whole kernel.

    2. Re: Oracle named database of the year... by Anonymous Coward · · Score: 0

      Maybe you should spend 5 minutes learning about kSplice before running your mouth? yes, the whole kernel can be patched, not just drivers.

  2. What AD is this? by Anonymous Coward · · Score: 0

    Since when do we have to read advertisements disguised as real articl....... oh, wait :-(

  3. Welcome to 2008? by stoborrobots · · Score: 2

    Welcome to 2008?

    --
    "Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
    1. Re:Welcome to 2008? by nawcom · · Score: 1

      The submitter was a prisoninmate, so give the guy a break.

  4. ok by Anonymous Coward · · Score: 0

    php software updates bad for security
    kernel updates good for security

    got it

    1. Re:ok by Anonymous Coward · · Score: 0

      Really. It also allows real time addition of back doors to the kernel

    2. Re:ok by Anonymous Coward · · Score: 0

      How do you apply the receiver goat.cx patch to the kernel without rebooting?

  5. Returning the favour by Anonymous Coward · · Score: 3, Insightful

    So Oracle takes linux tech and uses it for their own purposes. Okay fine. How about donating some source code to the ZFSonLinux project? What's that you say? Patents, you say?

    1. Re:Returning the favour by Anonymous Coward · · Score: 0

      In other news, Larry Ellison has now scheduled you in for showing up where you live and laughing in your face.

    2. Re:Returning the favour by F.Ultra · · Score: 3, Informative

      Hardly the GPL that causes issues when the license for ZFS was deliberately created to be non GPL compatible. If Linux had been licensed with any other license then Oracle would have written a license to avoid that one too. ZFS was meant to be a differentiator to make Solaris a better choice for the Enterprise than Linux.

    3. Re:Returning the favour by Anonymous Coward · · Score: 0

      Oracle *owns* the license to ZFS.

      If Oracle wanted it could release ZFS as a GPL extension to Linux.

    4. Re:Returning the favour by armanox · · Score: 1

      They could, but why bother? The CDDL is an OSI Approved license, just like GPL and BSD licenses are. It's already open source, just not GNU's open source.

      --
      I'm starting to think GNU is the problem with "GNU/Linux" these days.
    5. Re:Returning the favour by F.Ultra · · Score: 1

      I think that you missed my point. Oracle does not want ZFS in Linux and thus created the license to be non GPL compatible. That ZFS cannot be implemented by Linux was not a "mistake" by Oracle/SUN, it was by design. Oracle/SUN do not see FreeBSD or OpenIndiana as potential competitors in the enterprise arena and thus they have no problem that they could implement ZFS.

  6. Ksplice really is not new by SuilAmhain · · Score: 5, Informative

    I would probably be an Oracle "fan boy". Ksplice is not new. They "bought" it a few years ago, one of the main reasons it took so long forTorvald's kernel to get hot kernel patching.

    Ksplice will only update the OS, it cannot update drivers or firmware of any kind (Storage arrays, NICs, etc...) you still need to bounce for that. Learned the unfortunate way when we needed to update drivers for a buggy as be damned big blue flash array. (Very recent history...)

    Also as I RTFA, SELinux does not yet work with an Oracle DB. When it does it will be amazing, but it has not happened yet...

    1. Re:Ksplice really is not new by Anonymous Coward · · Score: 0

      There is some preliminary application level hot-patching though with enhanced ksplice on OL7. glibc and openssl for now, but those are probably the primary culprits for requiring reboots or application downtime.

    2. Re:Ksplice really is not new by MTEK · · Score: 2

      Also as I RTFA, SELinux does not yet work with an Oracle DB.

      Are you sure about that?

    3. Re:Ksplice really is not new by Lunix+Nutcase · · Score: 3, Informative

      Also as I RTFA, SELinux does not yet work with an Oracle DB. When it does it will be amazing, but it has not happened yet...

      Wrong.

    4. Re:Ksplice really is not new by drinkypoo · · Score: 1

      Also as I RTFA, SELinux does not yet work with an Oracle DB. When it does it will be amazing, but it has not happened yet...

      Wrong.

      And this is what is wrong with redhate. They paywall their knowledge base. Their whole business is based on open information, but they hide theirs. They can really fuck off sideways.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    5. Re:Ksplice really is not new by argumentsockpuppet · · Score: 4, Insightful

      Or, as usual, do the same thing with CentOS for free.

      https://wiki.centos.org/HowTos...

      I don't get the animosity towards RH. I haven't paid for their support in years and years, but when I did, it was so I could call somebody when something went wrong and get reliable help quickly.

      I only ever had to call a couple times, but the support I got was better than I ever received from most companies.

      Oracle? Oracle is on the opposite end of that list. I won't touch Oracle ever again if I can help it. I am aware of the things Oracle brings to the table but it's not worth the pain.

    6. Re:Ksplice really is not new by lucm · · Score: 1

      I haven't paid for their support in years and years, but when I did, it was so I could call somebody when something went wrong and get reliable help quickly.

      I agree. RH support is amazing. They follow-up on tickets almost instantly and they know their product well. Even on weird or very specialized questions they usually come back with the solution quickly.

      --
      lucm, indeed.
    7. Re:Ksplice really is not new by Anonymous Coward · · Score: 0

      I'm betting you haven't had to call Red Hat for Satellite support. It'll be days before they get back to me on a severity 2. I have to beg RH for support for Satellite.

      OS support is obviously a different department that has their $@#! together. They get back to me in an acceptable amount of time.

      RH Satellite support SUCKS.

    8. Re:Ksplice really is not new by lucm · · Score: 1

      RH Satellite is a duct-taped pile of half-baked modifications vomited on top of old branches of abandoned forks of semi-structured open-source projects. I see no reason why supporting this "product" would prove difficult for RH.

      --
      lucm, indeed.
  7. You mispelt Sun Microsystems by Anonymous Coward · · Score: 0

    Oracle brought nothing, in fact they actually took that away from you.

    Sun brought k-splice to all of Linux.

    Oracle did nothing more than purchase Sun and shut down the project like so many others, and 8 years later they are still preventing all Linux users /except their own/ the usage of k-splice update files.

    1. Re:You mispelt Sun Microsystems by Lunix+Nutcase · · Score: 1

      Sun brought k-splice to all of Linux

      No, they didn't. Sun had nothing to do with ksplice. Oracle acquired Ksplice, Inc. 18 months after their acquisition of Sun was completes.

    2. Re:You mispelt Sun Microsystems by Anonymous Coward · · Score: 0

      I think he meant that Solaris had live patching of the kernel decades ago. It was not called ksplice back then, but live patching is nothing new.

  8. real-time ad time by turkeydance · · Score: 2

    y'all know how this works.

  9. are you kidding me by Anonymous Coward · · Score: 3, Insightful

    read a joke about Slashdot shilling oracle Linux for the next slashvertisement. At least I thought it was a joke.

    1. Re:are you kidding me by Anonymous Coward · · Score: 0

      read a joke about Slashdot shilling oracle Linux for the next slashvertisement. At least I thought it was a joke.

      They always do it, and for PostgreSQL too. Seems like someone has a boner for RDMSs (and the backhanders they get). Only Apple get more coverage.

      Isn't Oracle's Linux just rebadged Red Hat?

    2. Re:are you kidding me by Anonymous Coward · · Score: 0

      Yes, except for the kernel (although the RHEL kernel is also provided). They are not shy about it.

      Oracle has been a major kernel contributor for a long time and about 10 years ago they became tired of RHEL not including these patches and many more that benefited Oracle DB. So they take the RHEL distribution and put basically the latest Linux kernel on it.

    3. Re:are you kidding me by unixisc · · Score: 1

      Couldn't DICE/slashdot just get an Oracle server running "ORACLE UNBREAKABLE REAL-TIME LINUX" and use it for their daily operations? So that they'll know how good it is, particularly on their bottom line?

  10. Wait by JustAnotherOldGuy · · Score: 2

    If it's unbreakable why do they have to patch it?

    "Yeah, this thing will never break! Hang on a sec while I fix it..."

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Wait by Jeremi · · Score: 1

      I does seem a bit ballsy for Oracle to name their product 'unbreakable', considering the fact that they broke Java so badly that it was pretty much banned from all web browsers...

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    2. Re:Wait by Anonymous Coward · · Score: 0

      They did not break Java. Java in the browser has been an insecure piece of shit since the day one.

    3. Re:Wait by JustAnotherOldGuy · · Score: 2

      I does seem a bit ballsy for Oracle to name their product 'unbreakable',

      That was a triumph of marketing over common sense. It's like naming the local slut, "Lil' Miss Faithful".

      --
      Just cruising through this digital world at 33 1/3 rpm...
    4. Re:Wait by Lunix+Nutcase · · Score: 1

      The Java web plugin was insecure shit long before Oracle owned it.

  11. k-splice? by fahrbot-bot · · Score: 1

    Isn't that a Korean boy band?

    --
    It must have been something you assimilated. . . .
    1. Re:k-splice? by Anonymous Coward · · Score: 0

      No, it's a Korean phosphorescent rodent band.

  12. Live patching cloud? by Znork · · Score: 2

    If you need to live patch your kernel you've got a misdesigned application. Failures happen and if you can't design your application for redundancy, don't expect uninterrupted service.

    If you need to live-patch kernels in your cloud infrastructure, you need to go back to the drawing board because you don't have a cloud, you have a SPOF.

    1. Re:Live patching cloud? by Anonymous Coward · · Score: 0

      Guess what? There's thousands of these "misdesigned" applications. It's something you have to live with and a feature like this is a nice way of dealing with it.

  13. Not real-time by Anonymous Coward · · Score: 0

    Real-time involves computing under specific time restrictions. Applying a kernel patch without rebooting has absolutely nothing to do with real-time. This would be online kernel patching or something.

    Sometimes people in computer vision etc., brag how they have real time execution when they actually don't. The robotics and control people know what real-time truly is. Nothing in standard Windows or Unix is real-time.

    1. Re: Not real-time by Anonymous Coward · · Score: 0

      Right, should be "run time "

  14. Real time by enriquevagu · · Score: 2

    "Real time" like with bounded deadlines, right? Or maybe you mean "live", "online" or "nonstop"?

    1. Re:Real time by Anonymous Coward · · Score: 0

      Or it means: "real time kernel"(real time kernel extentions) and live patching.

      it could be different features in 1 line summerized.

      Unfortuanatly the press release is same vaguery.

  15. Better: Dump Oracle Linux, Move to SUSE by Anonymous Coward · · Score: 0

    ...or something that implements this instead:

    https://en.wikipedia.org/wiki/KGraft

  16. Kernel 4 is supposed to support hot plug? by Parker+Lewis · · Score: 1

    KSplice is not news, and it works for other distros too, including Ubuntu (while it takes a while to add support for new hardware enablements). It was cool before kernel 4.

    But kernel 4 series is not supposed to support hot plug out of the box?

  17. My modest proposal by Anonymous Coward · · Score: 0

    Next time, on slashdot, replace every occurrence of "Oracle" with "my butt".

    We've had three butt stories in a row!

  18. KSplice have been available, but only for $$$ by nsushkin · · Score: 1

    KSplice is only available to Oracle Linux customers with Oracle Linux Premier Support, which is $1.3k/year+ http://www.ksplice.com/

  19. Funny by ebvwfbw · · Score: 1

    I have admins that keep telling me they can't keep the OEL machines up to date more than 3 months because Oracle releases patches on a 3 month schedule. Even then, we have to have a patch set made just for us.

    I'll believe it when I see it.

  20. SunOS had it - Re:Ksplice really is not new by Anonymous Coward · · Score: 0

    Solaris had live patching of the kernel decades ago. It is not new.