| jeremy |
03-31-2015 09:47 AM |
Live Kernel Patching Update
Quote:
In the year since I first wrote about kpatch, Red Hats live kernel patching project for Linux, weve been very busy. Here are some of the highlights from the last year of live kernel patching development, and some clues about where we may be headed in the future.
The kpatch development team worked at a feverish pace in 2014. We fixed 95 issues and merged 376 pull requests. We also grew into a strong community. Some of my favorite highlights:- The addition of support for safely patching data structures.
- A markedly improved percentage of patches that can be applied to a running kernel. For example, in a recent test of 40 kernel CVE fixes, we were able to live patch all 40 of them, for a 100 patch compatibility rate!
- The porting of kpatch to many distributions, including Red Hat Enterprise Linux, Fedora, CentOS, Ubuntu, Debian, and Oracle Linux.
- The addition of support for patching kernel modules.
- The creation of a large integration test suite.
- The addition of support for the upstream livepatch project (more on this below).
- The incorporation of many stability, performance and usability improvements.
- And last but not least the amazing contributions from 14 people, most of whom were not Red Hat employees!
To see some of the impressive things that kpatch can do, I encourage you to check out the following short demo from Seth Jennings
|
More at RHEL Blog...
Are any LQ members currently applying live kernel patch updates?
--jeremy |
