Applying updates to an active kernel with Ksplice
The current 0.8.6 version is available as a tarball with prebuilt binaries or as a source code archive under the GPLv2. Distribution packages do not exist as of this writing. If you build the tool from the source code, you will also need the BFD library, which you can retrieve on Debian or a derivative such as Ubuntu with the following command:
sudo aptitude install binutils-dev
Prominent developers, including Andi Kleen, have proposed adding Ksplice to the official kernel as an upstream extension. Kleen hopes this step would mean permanent support for the project, which would, in the long term, lead to an incremental compiler . This would remove the need for developers to completely rebuild the kernel to test and modify patches.
The program itself consists of four Perl scripts that call a number of tools written in C to analyze the object code. ksplice-create only needs a path to the directory with the running kernel and details of the patch. One practical feature is that the administrator can specify a change in diff format with the --patch option or specify a file with the --diffext option in which the changes have already been completed. On top of this, the program needs a ksplice subdirectory in the kernel tree, where the administrator stores both the kernel configuration and the symbol table (see Figure 3).
Depending on what kind of system you are using, the first phase can take a while because Ksplice needs to build two complete kernels: one in ksplice/pre and one in ksplice/post. After doing so, the program searches for differences and merges the results to create two kernel modules.
By calling ksplice-apply, you can apply the hotfix. The program first loads a module that takes care of trampoline management, then waits for the right moment. When the moment occurs, Ksplice loads the changes into the kernel, executes them, then removes itself to save memory.
Ksplice can also change a patched kernel. To do so, the patches from the first phase must reside in the source code's pre tree. ksplice-create and ksplice-apply take the trampolines into consideration and modify them correspondingly. The same mechanism makes it possible to undo changes by calling ksplice-undo because the system "remembers" the vector addresses. ksplice-view shows the changes performed by Ksplice.
On his website, Ksplice author Jeffrey Brian Arnold shows another potential application scenario for the tool: debugging the active kernel. If you just want to add a couple of printk() calls at various points to view data structures that are otherwise difficult to access, Ksplice gives you a simple approach to injecting them into a running system. However, this approach does not lend itself to more complex applications, for which dynamically loadable modules, Kprobes, or Systemtap are more useful.
Developers have pointed out that Microsoft posted a patent application with the US Patent Office (USPO) in December 2002 titled "Patching of In-Use Functions on a Running Computer System." USPO had refused the application, and Microsoft had appealed and posted a whole bunch of additional applications, including one for Efficient Patching (USPO reference 20050257208).
In response to this, half a dozen developers piped up in various forums pointing out that this technology was public knowledge on various platforms from PDP-11 through a state-of-the-art PC long before the software patent application was filed.
Version 16 of the popular Linux desktop reveals new tools, edge-snapping, and performance improvements.
Symantec says Linux-Darlioz burrows in through PHP.
Dell renews its quest for the ultimate developer machine.
Innovative back door looks like normal SSH traffic.
One of CeBITs most successful forums opens the new year with a new name. The popular Open Source Forum continues in 2014 under the name Special Conference: Open Source. This year, the forum will be bigger and offer a wider range of possibilities for sponsors.
New release offers better graphics drivers and expands filesystem support.
New mail protocol will shut out the NSA and prevent snooping on metadata.
A new web application helps users visualize distributed denial-of-service attacks.
Ubuntu 13.10 takes a step toward convergence, with lots of mobility, but Mir only partly here.
Galileo board is targeted to embedded developers and educational institutions.