World Library  
Flag as Inappropriate
Email this Article

Ksplice

Article Id: WHEBN0018559380
Reproduction Date:

Title: Ksplice  
Author: World Heritage Encyclopedia
Language: English
Subject: Linux kernel, Dynamic software updating, Kpatch, KGraft, Global Security Challenge
Collection:
Publisher: World Heritage Encyclopedia
Publication
Date:
 

Ksplice

Ksplice
A screenshot of the Ksplice Uptrack with applied updates
Developer(s) Ksplice, Inc.
Initial release April 23, 2008 (2008-04-23)[1]
Stable release 0.9.9.1 / July 28, 2011 (2011-07-28)
Operating system Linux
Type Kernel extension
License GNU General Public License version 2[2]
Website .com.ksplicewww

Ksplice is an open-source[2] extension of the Linux kernel that allows security patches to be applied to a running kernel without the need for reboots, avoiding downtimes and improving availability (a technique broadly referred to as dynamic software updating). Ksplice supports only the patches that do not make significant semantic changes to kernel's data structures.[3]

Ksplice has been implemented for Linux on the IA-32 and x86-64 architectures. It was developed by Ksplice, Inc. until 21 July 2011, when Oracle acquired Ksplice and started offering support for Oracle Linux. Support for Red Hat Enterprise Linux was dropped and turned into a free 30-day trial for RHEL customers as an incentive to migrate to Oracle Linux Premier Support.[4][5]

Design

A high-level overview of the hot patches generation, which is based on changes in the kernel's source code.[6]:3

Ksplice takes as input a unified diff and the original kernel source code, and it updates the running kernel in memory. Using Ksplice does not require any preparation before the system is originally booted, (the running kernel needs no special prior compiling, for example). In order to generate an update, Ksplice must determine what code within the kernel has been changed by the source code patch. Ksplice performs this analysis at the Executable and Linkable Format (ELF) object code layer, rather than at the C source code layer.[6]

To apply a patch, Ksplice first freezes execution of a computer so it is the only program running. The system verifies that no processors were in the middle of executing functions that will be modified by the patch. Ksplice modifies the beginning of changed functions so that they instead point to new, updated versions of those functions, and modifies data and structures in memory that need to be changed. Finally, Ksplice resumes each processor running where it left off.[6]

To be fully automatic, Ksplice's design was originally limited to patches that did not introduce semantic changes to data structures, since most Linux kernel security patches do not make these kinds of changes. An evaluation against Linux kernel security patches from May 2005 to May 2008 found that Ksplice was able to apply fixes for all the 64 significant kernel vulnerabilities discovered in that interval. In 2009, major Linux vendors asked their customers to install a kernel update more than once per month.[7] For patches that do introduce semantic changes to data structures, Ksplice requires a programmer to write a short amount of additional code to help apply the patch. This was necessary for about 12% of the updates in that time period.[8]

History

The Ksplice software was created by four MIT students based on Jeff Arnold's master's thesis.[9] Jeff Arnold later created Ksplice, Inc. with himself as the president of the company. Around May 2009, the company won the MIT $100K Entrepreneurship Competition and the Cyber Security Challenge of Global Security Challenge.

Whereas the Ksplice software was provided under an open source license, Ksplice, Inc. provided a service to make it easier to use the software. Ksplice, Inc. provided prebuilt and tested updates for the Red Hat, CentOS, Debian, Ubuntu and Fedora Linux distributions.[10] The virtualization technologies OpenVZ and Virtuozzo were also supported. Updates for Ubuntu Desktop and Fedora systems were provided free of charge, whereas other platforms were offered on a subscription basis.[11]

On 21 July 2011, Oracle announced they acquired Ksplice, Inc. At the time the company was acquired, Ksplice, Inc. claimed to have over 700 companies using the service to protect over 100,000 servers. While the service had been available for multiple Linux distributions, it was stated at the time of acquisition that "Oracle believes it will be the only enterprise Linux provider that can offer zero downtime updates." More explicitly, "Oracle does not plan to support the use of Ksplice technology with Red Hat Enterprise Linux."[5] Existing legacy customers continue to be supported by Ksplice, but no new customers are being accepted for other platforms.[12]

See also

  • kexec – a method for loading a whole new kernel from a running system
  • kGraft – another Linux kernel live patching technology developed by SUSE
  • kpatch – another Linux kernel live patching technology developed by Red Hat
  • Loadable kernel module

References

  1. ^ Arnold, Jeff (23 April 2008). "A system for rebootless kernel security updates". . Retrieved 27 July 2013.
  2. ^ a b "Ksplice Uptrack Subscription Agreement". ksplice.com. 28 September 2011. Retrieved 18 November 2014. 
  3. ^ "Ubuntu Manpage: ksplice-create – Create a set of kernel modules for a rebootless kernel". manpages.ubuntu.com. 2009. Retrieved 23 November 2014. 
  4. ^ "Free 30-day trial of Ksplice Zero-Downtime Updates for Red Hat Enterprise Linux Customers". Ksplice. 
  5. ^ a b "Customer Letter Oracle and Ksplice". Oracle. 7 September 2010. Retrieved 22 July 2011. 
  6. ^ a b c Jeff Arnold; M. Frans Kaashoek. "Ksplice: Automatic Rebootless Kernel Updates" (PDF). mit.edu. Retrieved 18 November 2014. 
  7. ^ "Nexcess Adopts Ksplice Uptrack "Rebootless" Technology". Nexcess. 30 November 2010. Retrieved 18 February 2011. 
  8. ^ "Performance record". Ksplice. Retrieved 4 June 2009. 
  9. ^ Edge, Jake (10 June 2009). "Ksplice provides updates without reboots".  
  10. ^ "Ksplice Uptrack". Ksplice. Retrieved 19 July 2009. 
  11. ^ "Pricing". Ksplice, Inc. Retrieved 13 March 2011. 
  12. ^ "Supported Kernels". Ksplice website. Oracle America. Retrieved 13 February 2012. 

External links

  • Ksplice: Rebootless Linux kernel updates
  • Demo: Zero Downtime OS Updates with Ksplice on YouTube
  • Speaking UNIX: Get to know Ksplice
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.