SlideShare a Scribd company logo

kpatch.kgraft

Udo Seidel
Udo Seidel

Overview of Online Linux Kernel Patching

Technology
1 of 41
Download to read offline
Reboot adieu! Online Linux kernel patching Udo Seidel
Cebit - Opensource Forum 2015 Agenda ● Who & Why? ● How? ● Players & Show! ● And?
Cebit - Opensource Forum 2015 Me :-) ● Teacher of mathematics and physics ● PhD in experimental physics ● Started with Linux in 1996 ● Linux/UNIX trainer ● Solution engineer in HPC and CAx environment ● Head of the Linux Strategy and Server Automation @Amadeus
Cebit - Opensource Forum 2015 Why?
Cebit - Opensource Forum 2015 Why kernel updates? ● Business critical applications on Linux ● Bug fixing ● New functions ● improvements ● External requirements ● Importance of security, e.g. PCI-DSS
Cebit - Opensource Forum 2015 What is 'wrong' with reboots? ● Missing HA ● Procedures, Operations, ... ● External requirements
Cebit - Opensource Forum 2015 Do we really need a reboot? Question ....
Cebit - Opensource Forum 2015 Looking back and around ● Not new ● mainframes ● hot updates for Unix ● Early days of Linux ● Picked up by the 'dark side' ● Rootkits
Cebit - Opensource Forum 2015 How?
Cebit - Opensource Forum 2015 Source code comparison ● One approach for generation of hot updates ● Looks simple ... but ● High programming language skills needed ● Analysis complex ● Code replacement unclear
Cebit - Opensource Forum 2015 Object code comparison ● Advantages ● Reduced need for developing skills ● Implicit patch analysis ● Can be automated ● Used already in that context ● Challenges ● Object code generation ● Code replacement
Cebit - Opensource Forum 2015 Open questions ● Creation in general ● Detect and cover dependencies ● Activation ● Deactivation(?) ● Management
Cebit - Opensource Forum 2015 Players!
Cebit - Opensource Forum 2015 Ksplice arises ... ● 2008/2009 ● 4 students @ MIT – Thesis from Jeff Arnolds ● Ksplice Inc. founded – GPLv2 – Supported: Debian, Ubuntu, Fedora, CentOS, RHEL ● July 2011 ● Acquired by Oracle
Cebit - Opensource Forum 2015 Ksplice – high level ● Patching original source code ● Generation of new object code ● Comparison of 'old' and new object code ● Load of the delta code ● Address redirection to activate new object code
Cebit - Opensource Forum 2015 The newcomers ● Opensource ● SUSE ● Red Hat ● Partially Opensource ● CloudLinux
Cebit - Opensource Forum 2015 Red Hat's kpatch
Cebit - Opensource Forum 2015 kpatch – History ● Not picked up for a long time ● Big surprise in FEB2014 ● dynup-kpatch project on Github ● Quite advanced – Tools – Scripts – Documentation
Cebit - Opensource Forum 2015 kpatch – How ● Object code comparison ● New function per kernel module ● Jump address manipulation BUT ● Out of scope ● Constantly used system calls ● virtual Dynamic Share Objects (vDSO) ● Change (of handling) of data allocation
Cebit - Opensource Forum 2015 kpatch – Object Code Comparison ● 2 kernel compilations ● With & without patch ● Speedup by CCACHE ● Compiler flags – ­ffunction­sections – ­fdata­sections ● O/S tools ● objcopy ● readelf
Cebit - Opensource Forum 2015 kpatch – New Function to Kernel ● No kernel code change needed ● Two modules ● Base/Core ● Patch ● Function name unchanged
Cebit - Opensource Forum 2015 kpatch – Jump Address Challenge ● ftrace ● Function TRACEr ● mcount() ● kpatch-handler ● stop_machine() ● Under discussion ● See Masami Hiramatsu's fork
Cebit - Opensource Forum 2015 kpatch – Toolbox ● 2 sets ● Builder ● Loader ● http://github.com/dynup/kpatch/
Cebit - Opensource Forum 2015 SUSE's kGraft
Cebit - Opensource Forum 2015 kGraft - History ● 'talks' since spring/summer 2012 ● Announcement at SUSECon 2012 ● Very quiet at SUSECon 2013 ● Surprising news in FEB2014 ● Source code not immediately available ● Presentation at Linux Collaboration Summit ● Git repository public since MAR2014
Cebit - Opensource Forum 2015 kGraft – How ● Not really object code comparison ● DWARF ● Function lists ● New function per kernel module ● Jump address manipulation BUT ● Out of scope ● ??? ...See later
Cebit - Opensource Forum 2015 kGraft – Object Code Comparison ● 1-2 kernel compilation(s) ● With (and without) the patch ● Compiler flags – ­ffunction­sections – ­fdata­sections ● O/S tools ● objcopy ● nm ● readelf
Cebit - Opensource Forum 2015 kGraft – New Function to Kernel ● Requires intra-Kernel infrastructure ● kernel code change ● Plan ahead ● One module ● Function name changed
Cebit - Opensource Forum 2015 kGraft – Jump Address Challenge ● Ftrace ● Similar to kpatch ● INT3 instruction ● stop_machine() ● Reality check function + kernel thread flag ● schedule_on_each_cpu() ● kill/pkill
Cebit - Opensource Forum 2015 kGraft – Toolbox ● Not really existing ● Part of the kernel ● Sample code ● Helper scripts (earlier versions only) ● http://git.kernel.org/cgit/linux/kernel/git/ jirislaby/kgraft.git/ ● http://github.com/useidel/kgraft-tools
Cebit - Opensource Forum 2015 kGraft – Enterprise Version ● Announced at SUSECon 2014 ● 'SLES Live Patching' ● Subset of kGraft project ● Separate subscription ● One year life cycle per maintenance kernel ● http://www.suse.com/products/live-patching
Cebit - Opensource Forum 2015 Show!
Cebit - Opensource Forum 2015 Example ● uptime_proc_show ● Base: Linux kernel with enabled kGraft ● http://youtu.be/_IQ44jqJdIQ :-)
Cebit - Opensource Forum 2015 And?
Cebit - Opensource Forum 2015 Ongoing ● Patch stacking ● New/different functions ● Already patched functions ● Clean patch removal ● Combination with Tracers ● ftrace ● Systemtap ● LTTng
Cebit - Opensource Forum 2015 Kernel Live Patching ● Discussed ● @Kernel Summit AUG2014 ● @LinuxCon Europe OCT2014 ● Upstream ● Joined effort of SUSE & Red Hat ● Merged for 4.0 (aka 3.20 :-)) ● Outstanding ● Consistency model solution ● Integration in (Enterprise) Linux distributions
Cebit - Opensource Forum 2015 Sneak Preview ● uptime_proc_show … again ● Base: Linux kernel with KLP ● http://youtu.be/Tvfabm3m9hg :-)
Cebit - Opensource Forum 2015 Summary ● Both: advantages and disadvantages ● kpatch: more flexible and better tooling ● kGraft: potentially more powerful (?) ● Continued development ● Vanilla Kernel approach almost there ● Keep on watching
Cebit - Opensource Forum 2015 References ● http://www.ksplice.com ● http://rhelblog.redhat.com/2014/02/26/kpatch/ ● http://www.suse.com/communities/conversations/ kgraft-live-kernel-patching/ ● http://lkml.iu.edu/hypermail/ linux/kernel/1502.1/00753.html
Cebit - Opensource Forum 2015 Thank you!
Cebit - Opensource Forum 2015 Reboot adieu! Online Linux kernel patching Udo Seidel

Recommended

Osdc2012 xtfs.talk
Osdc2012 xtfs.talkOsdc2012 xtfs.talk
Osdc2012 xtfs.talkUdo Seidel
 
Ostd.ksplice.talk
Ostd.ksplice.talkOstd.ksplice.talk
Ostd.ksplice.talkUdo Seidel
 
adp.ceph.openstack.talk
adp.ceph.openstack.talkadp.ceph.openstack.talk
adp.ceph.openstack.talkUdo Seidel
 
Cephfsglusterfs.talk
Cephfsglusterfs.talkCephfsglusterfs.talk
Cephfsglusterfs.talkUdo Seidel
 
Linuxtag.ceph.talk
Linuxtag.ceph.talkLinuxtag.ceph.talk
Linuxtag.ceph.talkUdo Seidel
 
ceph openstack dream team
ceph openstack dream teamceph openstack dream team
ceph openstack dream teamUdo Seidel
 
GlusterFS Containers
GlusterFS ContainersGlusterFS Containers
GlusterFS ContainersMohamed Ashiq
 
HKG15-301: OVS implemented via ODP & vendor SDKs
HKG15-301: OVS implemented via ODP & vendor SDKsHKG15-301: OVS implemented via ODP & vendor SDKs
HKG15-301: OVS implemented via ODP & vendor SDKsLinaro
 

Recommended

Osdc2012 xtfs.talk
Osdc2012 xtfs.talkOsdc2012 xtfs.talk
Osdc2012 xtfs.talkUdo Seidel
 
Ostd.ksplice.talk
Ostd.ksplice.talkOstd.ksplice.talk
Ostd.ksplice.talkUdo Seidel
 
adp.ceph.openstack.talk
adp.ceph.openstack.talkadp.ceph.openstack.talk
adp.ceph.openstack.talkUdo Seidel
 
Cephfsglusterfs.talk
Cephfsglusterfs.talkCephfsglusterfs.talk
Cephfsglusterfs.talkUdo Seidel
 
Linuxtag.ceph.talk
Linuxtag.ceph.talkLinuxtag.ceph.talk
Linuxtag.ceph.talkUdo Seidel
 
ceph openstack dream team
ceph openstack dream teamceph openstack dream team
ceph openstack dream teamUdo Seidel
 
GlusterFS Containers
GlusterFS ContainersGlusterFS Containers
GlusterFS ContainersMohamed Ashiq
 
HKG15-301: OVS implemented via ODP & vendor SDKs
HKG15-301: OVS implemented via ODP & vendor SDKsHKG15-301: OVS implemented via ODP & vendor SDKs
HKG15-301: OVS implemented via ODP & vendor SDKsLinaro
 
Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Community
 
LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2Linaro
 
SFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateSFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateLinaro
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packetLinaro
 
BKK16-306 ART ii
BKK16-306 ART iiBKK16-306 ART ii
BKK16-306 ART iiLinaro
 
Scaling Docker Registry
Scaling Docker RegistryScaling Docker Registry
Scaling Docker RegistryMirantis IT Russia
 
Persistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSPersistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSHumble Chirammal
 
BKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateBKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateLinaro
 
Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Ceph Community
 
BKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationBKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationLinaro
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container imagesAkihiro Suda
 
HKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateHKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateLinaro
 
Kernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateKernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateAnne Nicolas
 
BKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopBKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopLinaro
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpiQNIB Solutions
 
A day in the life of a log message
A day in the life of a log messageA day in the life of a log message
A day in the life of a log messageJosef Karásek
 
Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Jeremy Eder
 
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?ArangoDB Database
 
Red Hat Container Development Kit
Red Hat Container Development KitRed Hat Container Development Kit
Red Hat Container Development KitLalatendu Mohanty
 
Notary - container signing
Notary - container signingNotary - container signing
Notary - container signingMoby Project
 
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...The Linux Foundation
 
Kernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelKernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelAnne Nicolas
 

More Related Content

What's hot

Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Community
 
LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2Linaro
 
SFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateSFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateLinaro
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packetLinaro
 
BKK16-306 ART ii
BKK16-306 ART iiBKK16-306 ART ii
BKK16-306 ART iiLinaro
 
Persistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSPersistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSHumble Chirammal
 
BKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateBKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateLinaro
 
Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Ceph Community
 
BKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationBKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationLinaro
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container imagesAkihiro Suda
 
HKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateHKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateLinaro
 
Kernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateKernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateAnne Nicolas
 
BKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopBKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopLinaro
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpiQNIB Solutions
 
A day in the life of a log message
A day in the life of a log messageA day in the life of a log message
A day in the life of a log messageJosef Karásek
 
Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Jeremy Eder
 
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?ArangoDB Database
 
Red Hat Container Development Kit
Red Hat Container Development KitRed Hat Container Development Kit
Red Hat Container Development KitLalatendu Mohanty
 
Notary - container signing
Notary - container signingNotary - container signing
Notary - container signingMoby Project
 

What's hot (20)

Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOcean
 
LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2
 
SFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateSFO15-102:ODP Project Update
SFO15-102:ODP Project Update
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packet
 
BKK16-306 ART ii
BKK16-306 ART iiBKK16-306 ART ii
BKK16-306 ART ii
 
Scaling Docker Registry
Scaling Docker RegistryScaling Docker Registry
Scaling Docker Registry
 
Persistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSPersistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFS
 
BKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateBKK16-106 ODP Project Update
BKK16-106 ODP Project Update
 
Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0
 
BKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationBKK16-411 Devicetree Specification
BKK16-411 Devicetree Specification
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images
 
HKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateHKG15-110: ODP Project Update
HKG15-110: ODP Project Update
 
Kernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateKernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status Update
 
BKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopBKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing Hadoop
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi
 
A day in the life of a log message
A day in the life of a log messageA day in the life of a log message
A day in the life of a log message
 
Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...
 
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
 
Red Hat Container Development Kit
Red Hat Container Development KitRed Hat Container Development Kit
Red Hat Container Development Kit
 
Notary - container signing
Notary - container signingNotary - container signing
Notary - container signing
 

Viewers also liked

XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...The Linux Foundation
 
Kernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelKernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelAnne Nicolas
 
Linux conna kpatch-without-stopmachine-fixed
Linux conna kpatch-without-stopmachine-fixedLinux conna kpatch-without-stopmachine-fixed
Linux conna kpatch-without-stopmachine-fixedTommy Lee
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Samsung Open Source Group
 
Devconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDKDevconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDKMaxime Coquelin
 
PaaS, выделенные сервера, облако и снова PaaS
PaaS, выделенные сервера, облако и снова PaaSPaaS, выделенные сервера, облако и снова PaaS
PaaS, выделенные сервера, облако и снова PaaSAlexey Vakhov
 
Coeffee Learning
Coeffee LearningCoeffee Learning
Coeffee Learningtrak15
 
Leadership course
Leadership courseLeadership course
Leadership courseHứa Duy
 
Somnath City Plots New Rates,7503367689
Somnath City Plots New Rates,7503367689Somnath City Plots New Rates,7503367689
Somnath City Plots New Rates,7503367689sahilkharkara
 
Formalpresentation2
Formalpresentation2Formalpresentation2
Formalpresentation2Laura Price
 
Como subir un video a un blogger
Como subir un video a un bloggerComo subir un video a un blogger
Como subir un video a un bloggerlovalty
 
Does (Affiliate Program) Size Matter?
Does (Affiliate Program) Size Matter?Does (Affiliate Program) Size Matter?
Does (Affiliate Program) Size Matter?Affiliate Summit
 
Dorkbot Flower Power!
Dorkbot Flower Power!Dorkbot Flower Power!
Dorkbot Flower Power!luisaph
 

Viewers also liked (17)

XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
 
Kernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelKernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
 
Linux conna kpatch-without-stopmachine-fixed
Linux conna kpatch-without-stopmachine-fixedLinux conna kpatch-without-stopmachine-fixed
Linux conna kpatch-without-stopmachine-fixed
 
virtio
virtiovirtio
virtio
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?
 
Devconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDKDevconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDK
 
PaaS, выделенные сервера, облако и снова PaaS
PaaS, выделенные сервера, облако и снова PaaSPaaS, выделенные сервера, облако и снова PaaS
PaaS, выделенные сервера, облако и снова PaaS
 
Coeffee Learning
Coeffee LearningCoeffee Learning
Coeffee Learning
 
Leadership course
Leadership courseLeadership course
Leadership course
 
Mireya alvado
Mireya alvadoMireya alvado
Mireya alvado
 
Somnath City Plots New Rates,7503367689
Somnath City Plots New Rates,7503367689Somnath City Plots New Rates,7503367689
Somnath City Plots New Rates,7503367689
 
Formalpresentation2
Formalpresentation2Formalpresentation2
Formalpresentation2
 
Como subir un video a un blogger
Como subir un video a un bloggerComo subir un video a un blogger
Como subir un video a un blogger
 
Does (Affiliate Program) Size Matter?
Does (Affiliate Program) Size Matter?Does (Affiliate Program) Size Matter?
Does (Affiliate Program) Size Matter?
 
Czech
CzechCzech
Czech
 
Dorkbot Flower Power!
Dorkbot Flower Power!Dorkbot Flower Power!
Dorkbot Flower Power!
 
4x4
4x44x4
4x4
 

Similar to kpatch.kgraft

LCU14 303- Toolchain Collaboration
LCU14 303- Toolchain CollaborationLCU14 303- Toolchain Collaboration
LCU14 303- Toolchain CollaborationLinaro
 
The State of CI/CD Tooling in 2019
The State of CI/CD Tooling in 2019The State of CI/CD Tooling in 2019
The State of CI/CD Tooling in 2019CloudOps2005
 
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...Anne Nicolas
 
BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr Linaro
 
Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Jay Bryant
 
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...chiportal
 
OpenDataPlane Testing in Travis
OpenDataPlane Testing in TravisOpenDataPlane Testing in Travis
OpenDataPlane Testing in TravisDmitry Baryshkov
 
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...Puppet
 
LCE13: Test and Validation Summit: The future of testing at Linaro
LCE13: Test and Validation Summit: The future of testing at LinaroLCE13: Test and Validation Summit: The future of testing at Linaro
LCE13: Test and Validation Summit: The future of testing at LinaroLinaro
 
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...Linaro
 
It's a Breeze to develop Apache Airflow (Apache Con Berlin)
It's a Breeze to develop Apache Airflow (Apache Con Berlin)It's a Breeze to develop Apache Airflow (Apache Con Berlin)
It's a Breeze to develop Apache Airflow (Apache Con Berlin)Jarek Potiuk
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopWeaveworks
 
Road to sbt 1.0 paved with server
Road to sbt 1.0 paved with serverRoad to sbt 1.0 paved with server
Road to sbt 1.0 paved with serverEugene Yokota
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
 
Scaling Apache Spark on Kubernetes at Lyft
Scaling Apache Spark on Kubernetes at LyftScaling Apache Spark on Kubernetes at Lyft
Scaling Apache Spark on Kubernetes at LyftDatabricks
 
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018Jay Bryant
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyJérémy Wimsingues
 
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017Jay Bryant
 

Similar to kpatch.kgraft (20)

LCU14 303- Toolchain Collaboration
LCU14 303- Toolchain CollaborationLCU14 303- Toolchain Collaboration
LCU14 303- Toolchain Collaboration
 
Nova Updates - Kilo Edition
Nova Updates - Kilo EditionNova Updates - Kilo Edition
Nova Updates - Kilo Edition
 
The State of CI/CD Tooling in 2019
The State of CI/CD Tooling in 2019The State of CI/CD Tooling in 2019
The State of CI/CD Tooling in 2019
 
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
 
BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr
 
Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
 
OpenDataPlane Testing in Travis
OpenDataPlane Testing in TravisOpenDataPlane Testing in Travis
OpenDataPlane Testing in Travis
 
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
 
LCE13: Test and Validation Summit: The future of testing at Linaro
LCE13: Test and Validation Summit: The future of testing at LinaroLCE13: Test and Validation Summit: The future of testing at Linaro
LCE13: Test and Validation Summit: The future of testing at Linaro
 
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
 
It's a Breeze to develop Apache Airflow (Apache Con Berlin)
It's a Breeze to develop Apache Airflow (Apache Con Berlin)It's a Breeze to develop Apache Airflow (Apache Con Berlin)
It's a Breeze to develop Apache Airflow (Apache Con Berlin)
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps Workshop
 
Road to sbt 1.0 paved with server
Road to sbt 1.0 paved with serverRoad to sbt 1.0 paved with server
Road to sbt 1.0 paved with server
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
 
Scaling Apache Spark on Kubernetes at Lyft
Scaling Apache Spark on Kubernetes at LyftScaling Apache Spark on Kubernetes at Lyft
Scaling Apache Spark on Kubernetes at Lyft
 
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success story
 
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
 

More from Udo Seidel

Gluster.community.day.2013
Gluster.community.day.2013Gluster.community.day.2013
Gluster.community.day.2013Udo Seidel
 
Lt2013 uefisb.talk
Lt2013 uefisb.talkLt2013 uefisb.talk
Lt2013 uefisb.talkUdo Seidel
 
Lt2013 glusterfs.talk
Lt2013 glusterfs.talkLt2013 glusterfs.talk
Lt2013 glusterfs.talkUdo Seidel
 
Linuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talkLinuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talkUdo Seidel
 
Osdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talkOsdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talkUdo Seidel
 
Linuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talkLinuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talkUdo Seidel
 

More from Udo Seidel (6)

Gluster.community.day.2013
Gluster.community.day.2013Gluster.community.day.2013
Gluster.community.day.2013
 
Lt2013 uefisb.talk
Lt2013 uefisb.talkLt2013 uefisb.talk
Lt2013 uefisb.talk
 
Lt2013 glusterfs.talk
Lt2013 glusterfs.talkLt2013 glusterfs.talk
Lt2013 glusterfs.talk
 
Linuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talkLinuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talk
 
Osdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talkOsdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talk
 
Linuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talkLinuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talk
 

Recently uploaded

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 

Recently uploaded (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

kpatch.kgraft

  • 1. Reboot adieu! Online Linux kernel patching Udo Seidel
  • 2. Cebit - Opensource Forum 2015 Agenda ● Who & Why? ● How? ● Players & Show! ● And?
  • 3. Cebit - Opensource Forum 2015 Me :-) ● Teacher of mathematics and physics ● PhD in experimental physics ● Started with Linux in 1996 ● Linux/UNIX trainer ● Solution engineer in HPC and CAx environment ● Head of the Linux Strategy and Server Automation @Amadeus
  • 4. Cebit - Opensource Forum 2015 Why?
  • 5. Cebit - Opensource Forum 2015 Why kernel updates? ● Business critical applications on Linux ● Bug fixing ● New functions ● improvements ● External requirements ● Importance of security, e.g. PCI-DSS
  • 6. Cebit - Opensource Forum 2015 What is 'wrong' with reboots? ● Missing HA ● Procedures, Operations, ... ● External requirements
  • 7. Cebit - Opensource Forum 2015 Do we really need a reboot? Question ....
  • 8. Cebit - Opensource Forum 2015 Looking back and around ● Not new ● mainframes ● hot updates for Unix ● Early days of Linux ● Picked up by the 'dark side' ● Rootkits
  • 9. Cebit - Opensource Forum 2015 How?
  • 10. Cebit - Opensource Forum 2015 Source code comparison ● One approach for generation of hot updates ● Looks simple ... but ● High programming language skills needed ● Analysis complex ● Code replacement unclear
  • 11. Cebit - Opensource Forum 2015 Object code comparison ● Advantages ● Reduced need for developing skills ● Implicit patch analysis ● Can be automated ● Used already in that context ● Challenges ● Object code generation ● Code replacement
  • 12. Cebit - Opensource Forum 2015 Open questions ● Creation in general ● Detect and cover dependencies ● Activation ● Deactivation(?) ● Management
  • 13. Cebit - Opensource Forum 2015 Players!
  • 14. Cebit - Opensource Forum 2015 Ksplice arises ... ● 2008/2009 ● 4 students @ MIT – Thesis from Jeff Arnolds ● Ksplice Inc. founded – GPLv2 – Supported: Debian, Ubuntu, Fedora, CentOS, RHEL ● July 2011 ● Acquired by Oracle
  • 15. Cebit - Opensource Forum 2015 Ksplice – high level ● Patching original source code ● Generation of new object code ● Comparison of 'old' and new object code ● Load of the delta code ● Address redirection to activate new object code
  • 16. Cebit - Opensource Forum 2015 The newcomers ● Opensource ● SUSE ● Red Hat ● Partially Opensource ● CloudLinux
  • 17. Cebit - Opensource Forum 2015 Red Hat's kpatch
  • 18. Cebit - Opensource Forum 2015 kpatch – History ● Not picked up for a long time ● Big surprise in FEB2014 ● dynup-kpatch project on Github ● Quite advanced – Tools – Scripts – Documentation
  • 19. Cebit - Opensource Forum 2015 kpatch – How ● Object code comparison ● New function per kernel module ● Jump address manipulation BUT ● Out of scope ● Constantly used system calls ● virtual Dynamic Share Objects (vDSO) ● Change (of handling) of data allocation
  • 20. Cebit - Opensource Forum 2015 kpatch – Object Code Comparison ● 2 kernel compilations ● With & without patch ● Speedup by CCACHE ● Compiler flags – ­ffunction­sections – ­fdata­sections ● O/S tools ● objcopy ● readelf
  • 21. Cebit - Opensource Forum 2015 kpatch – New Function to Kernel ● No kernel code change needed ● Two modules ● Base/Core ● Patch ● Function name unchanged
  • 22. Cebit - Opensource Forum 2015 kpatch – Jump Address Challenge ● ftrace ● Function TRACEr ● mcount() ● kpatch-handler ● stop_machine() ● Under discussion ● See Masami Hiramatsu's fork
  • 23. Cebit - Opensource Forum 2015 kpatch – Toolbox ● 2 sets ● Builder ● Loader ● http://github.com/dynup/kpatch/
  • 24. Cebit - Opensource Forum 2015 SUSE's kGraft
  • 25. Cebit - Opensource Forum 2015 kGraft - History ● 'talks' since spring/summer 2012 ● Announcement at SUSECon 2012 ● Very quiet at SUSECon 2013 ● Surprising news in FEB2014 ● Source code not immediately available ● Presentation at Linux Collaboration Summit ● Git repository public since MAR2014
  • 26. Cebit - Opensource Forum 2015 kGraft – How ● Not really object code comparison ● DWARF ● Function lists ● New function per kernel module ● Jump address manipulation BUT ● Out of scope ● ??? ...See later
  • 27. Cebit - Opensource Forum 2015 kGraft – Object Code Comparison ● 1-2 kernel compilation(s) ● With (and without) the patch ● Compiler flags – ­ffunction­sections – ­fdata­sections ● O/S tools ● objcopy ● nm ● readelf
  • 28. Cebit - Opensource Forum 2015 kGraft – New Function to Kernel ● Requires intra-Kernel infrastructure ● kernel code change ● Plan ahead ● One module ● Function name changed
  • 29. Cebit - Opensource Forum 2015 kGraft – Jump Address Challenge ● Ftrace ● Similar to kpatch ● INT3 instruction ● stop_machine() ● Reality check function + kernel thread flag ● schedule_on_each_cpu() ● kill/pkill
  • 30. Cebit - Opensource Forum 2015 kGraft – Toolbox ● Not really existing ● Part of the kernel ● Sample code ● Helper scripts (earlier versions only) ● http://git.kernel.org/cgit/linux/kernel/git/ jirislaby/kgraft.git/ ● http://github.com/useidel/kgraft-tools
  • 31. Cebit - Opensource Forum 2015 kGraft – Enterprise Version ● Announced at SUSECon 2014 ● 'SLES Live Patching' ● Subset of kGraft project ● Separate subscription ● One year life cycle per maintenance kernel ● http://www.suse.com/products/live-patching
  • 32. Cebit - Opensource Forum 2015 Show!
  • 33. Cebit - Opensource Forum 2015 Example ● uptime_proc_show ● Base: Linux kernel with enabled kGraft ● http://youtu.be/_IQ44jqJdIQ :-)
  • 34. Cebit - Opensource Forum 2015 And?
  • 35. Cebit - Opensource Forum 2015 Ongoing ● Patch stacking ● New/different functions ● Already patched functions ● Clean patch removal ● Combination with Tracers ● ftrace ● Systemtap ● LTTng
  • 36. Cebit - Opensource Forum 2015 Kernel Live Patching ● Discussed ● @Kernel Summit AUG2014 ● @LinuxCon Europe OCT2014 ● Upstream ● Joined effort of SUSE & Red Hat ● Merged for 4.0 (aka 3.20 :-)) ● Outstanding ● Consistency model solution ● Integration in (Enterprise) Linux distributions
  • 37. Cebit - Opensource Forum 2015 Sneak Preview ● uptime_proc_show … again ● Base: Linux kernel with KLP ● http://youtu.be/Tvfabm3m9hg :-)
  • 38. Cebit - Opensource Forum 2015 Summary ● Both: advantages and disadvantages ● kpatch: more flexible and better tooling ● kGraft: potentially more powerful (?) ● Continued development ● Vanilla Kernel approach almost there ● Keep on watching
  • 39. Cebit - Opensource Forum 2015 References ● http://www.ksplice.com ● http://rhelblog.redhat.com/2014/02/26/kpatch/ ● http://www.suse.com/communities/conversations/ kgraft-live-kernel-patching/ ● http://lkml.iu.edu/hypermail/ linux/kernel/1502.1/00753.html
  • 40. Cebit - Opensource Forum 2015 Thank you!
  • 41. Cebit - Opensource Forum 2015 Reboot adieu! Online Linux kernel patching Udo Seidel