Announcement

Collapse
No announcement yet.

Livepatching With Linux 5.1 To Support Atomic Replace & Cumulative Patches

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Livepatching With Linux 5.1 To Support Atomic Replace & Cumulative Patches

    Phoronix: Livepatching With Linux 5.1 To Support Atomic Replace & Cumulative Patches

    With the Linux 5.1 kernel cycle that should get underway in just over one month's time, there will now be the long in development work (it's been through 15+ rounds of public code review!) for supporting atomic replace and cumulative patches...

    http://www.phoronix.com/scan.php?pag...vepatch-Atomic

  • #2
    Please, pardon my ignorance, is this somehow related to hot kernel upgrades? i.e. kernel updates/upgrades without reboot?
    https://wiki.archlinux.org/index.php..._live_patching ?

    Sounds awesome for people using servers, they should achieve new records for Linux servers uptime, right?

    Comment


    • #3
      Originally posted by bogdanbiv View Post
      Sounds awesome for people using servers, they should achieve new records for Linux servers uptime, right?
      Servers is a usage but there is another usage. Laptops/devices that hibernate. Yes repeated hibernation can result in single kernel running over 3 to 6 months of time frame. There is normally quite a few security updates in that time frame.

      Servers its limited benefit due high availability where you can do a N+1 set up in a lot of cases and reboot the servers without users seeing a thing. Also doing it in a +1 if the new kernel has a issue on the +1 hardware that is the spare end users never find out. The reality is even when you can live patch it still pays to have a +1 to test it on in case something is wrong with the live patch so hardware requirements nothing change. Time it takes to apply update with a live patch is shorter.

      Server uptime is really a small factor. You can do insane uptime by just never updating kernel now there are Linux devices with up-time records of over a decade. Ok not secure up-time of a decade.

      Comment


      • #4
        It's a nice thing to have.
        For me it'll be about response time to close a bug or security hole until a proper service window.
        But I am still unsure about this in my embedded projects. I have built several without modular support and think relying on ftrace is something I would remove too.
        Is kpatch configurable in the kernel? I haven't looked.

        Also. kpatch seem to incur call and jump overhead? It is not a strict replacement per se.
        So a proper update with a new kernel would be the best solution anyway.

        Comment


        • #5
          Originally posted by oiaohm View Post
          Servers is a usage but there is another usage. Laptops/devices that hibernate. Yes repeated hibernation can result in single kernel running over 3 to 6 months of time frame. There is normally quite a few security updates in that time frame.
          That's a pathological use case, as there's no reason for people to avoid rebooting when new kernels ship.

          Comment


          • #6
            Originally posted by DoMiNeLa10 View Post

            That's a pathological use case, as there's no reason for people to avoid rebooting when new kernels ship.
            Ehmm.. Among non tech people, I saw many which just put computer to sleep, after they quit working with computer... Especially, women...

            Comment


            • #7
              Originally posted by kravemir View Post
              I saw many which just put computer to sleep, after they quit working with computer...
              The fact that people do something doesn't mean they're doing it right. In any case, distros like *buntu provide prompts to reboot if it's necessary, so it should not be a problem.

              Comment


              • #8
                Originally posted by DoMiNeLa10 View Post

                The fact that people do something doesn't mean they're doing it right. In any case, distros like *buntu provide prompts to reboot if it's necessary, so it should not be a problem.
                What's right? Forcing end users to work counter to their work flow by having to shut everything down and then locate all the documents they may have been working on the night before in what is effectively an end-user work-around to meet a maintenance need or to design and build the software to the end-user's use case?

                Think about non-technical office workers who have to shut down at the end of the day. If they have multiple documents, e-mails, browsers, etc. open and to restart their job the next day they have to remember what they had open, reopen it, and then find where they left off. That's a chunk of time spent each day that has no value add to their use-cases, but is currently needed solely for maintenance of their equipment.

                Comment


                • #9
                  Originally posted by kravemir View Post
                  Ehmm.. Among non tech people, I saw many which just put computer to sleep, after they quit working with computer... Especially, women...
                  That's one of the reasons Windows 10 goes full nazi with updates and WILL UPDATE.

                  Comment


                  • #10
                    Originally posted by stargazer View Post
                    What's right? Forcing end users to work counter to their work flow by having to shut everything down and then locate all the documents they may have been working on the night before in what is effectively an end-user work-around to meet a maintenance need or to design and build the software to the end-user's use case?
                    This isn't Windows, this issue was solved long ago with so-called "session save and restore".

                    All DEs I tried have an option to remember the open programs/documents/folders and open them again on login since ages ago.

                    I'm using this since I switched to KDE (years). https://askubuntu.com/questions/6333...-shutting-down

                    MATE https://www.itworld.com/article/2723...t-13-mate.html

                    GNOME https://www.howtogeek.com/203952/how...-ubuntu-14.04/

                    XFCE has this enabled by default afaik https://unix.stackexchange.com/quest...-xfce4-session

                    I'm confident that other DEs also have this ability.

                    Comment

                    Working...
                    X