Applying updates to an active kernel with Ksplice
The current 0.8.6 version is available as a tarball with prebuilt binaries or as a source code archive under the GPLv2. Distribution packages do not exist as of this writing. If you build the tool from the source code, you will also need the BFD library, which you can retrieve on Debian or a derivative such as Ubuntu with the following command:
sudo aptitude install binutils-dev
Prominent developers, including Andi Kleen, have proposed adding Ksplice to the official kernel as an upstream extension. Kleen hopes this step would mean permanent support for the project, which would, in the long term, lead to an incremental compiler . This would remove the need for developers to completely rebuild the kernel to test and modify patches.
The program itself consists of four Perl scripts that call a number of tools written in C to analyze the object code. ksplice-create only needs a path to the directory with the running kernel and details of the patch. One practical feature is that the administrator can specify a change in diff format with the --patch option or specify a file with the --diffext option in which the changes have already been completed. On top of this, the program needs a ksplice subdirectory in the kernel tree, where the administrator stores both the kernel configuration and the symbol table (see Figure 3).
Depending on what kind of system you are using, the first phase can take a while because Ksplice needs to build two complete kernels: one in ksplice/pre and one in ksplice/post. After doing so, the program searches for differences and merges the results to create two kernel modules.
By calling ksplice-apply, you can apply the hotfix. The program first loads a module that takes care of trampoline management, then waits for the right moment. When the moment occurs, Ksplice loads the changes into the kernel, executes them, then removes itself to save memory.
Ksplice can also change a patched kernel. To do so, the patches from the first phase must reside in the source code's pre tree. ksplice-create and ksplice-apply take the trampolines into consideration and modify them correspondingly. The same mechanism makes it possible to undo changes by calling ksplice-undo because the system "remembers" the vector addresses. ksplice-view shows the changes performed by Ksplice.
On his website, Ksplice author Jeffrey Brian Arnold shows another potential application scenario for the tool: debugging the active kernel. If you just want to add a couple of printk() calls at various points to view data structures that are otherwise difficult to access, Ksplice gives you a simple approach to injecting them into a running system. However, this approach does not lend itself to more complex applications, for which dynamically loadable modules, Kprobes, or Systemtap are more useful.
Developers have pointed out that Microsoft posted a patent application with the US Patent Office (USPO) in December 2002 titled "Patching of In-Use Functions on a Running Computer System." USPO had refused the application, and Microsoft had appealed and posted a whole bunch of additional applications, including one for Efficient Patching (USPO reference 20050257208).
In response to this, half a dozen developers piped up in various forums pointing out that this technology was public knowledge on various platforms from PDP-11 through a state-of-the-art PC long before the software patent application was filed.
Buy this article as PDF
Kernel king admits his tone has alienated volunteers, but says the demands of the process require directness.
New flaw in an old encryption scheme leaves the experts scrambling to disable SSL 3
Lennart Poettering wants to change the way Linux developers talk to each other.
Enterprise giant frees itself from ink and home PCs (and visa versa).
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.