SlideShare a Scribd company logo

kpatch.kgraft

Udo Seidel
Udo Seidel

Overview of Online Linux Kernel Patching

Technology
1 of 41
Download to read offline
Reboot adieu! Online Linux kernel patching Udo Seidel
Cebit - Opensource Forum 2015 Agenda ● Who & Why? ● How? ● Players & Show! ● And?
Cebit - Opensource Forum 2015 Me :-) ● Teacher of mathematics and physics ● PhD in experimental physics ● Started with Linux in 1996 ● Linux/UNIX trainer ● Solution engineer in HPC and CAx environment ● Head of the Linux Strategy and Server Automation @Amadeus
Cebit - Opensource Forum 2015 Why?
Cebit - Opensource Forum 2015 Why kernel updates? ● Business critical applications on Linux ● Bug fixing ● New functions ● improvements ● External requirements ● Importance of security, e.g. PCI-DSS
Cebit - Opensource Forum 2015 What is 'wrong' with reboots? ● Missing HA ● Procedures, Operations, ... ● External requirements
Cebit - Opensource Forum 2015 Do we really need a reboot? Question ....
Cebit - Opensource Forum 2015 Looking back and around ● Not new ● mainframes ● hot updates for Unix ● Early days of Linux ● Picked up by the 'dark side' ● Rootkits
Cebit - Opensource Forum 2015 How?
Cebit - Opensource Forum 2015 Source code comparison ● One approach for generation of hot updates ● Looks simple ... but ● High programming language skills needed ● Analysis complex ● Code replacement unclear
Cebit - Opensource Forum 2015 Object code comparison ● Advantages ● Reduced need for developing skills ● Implicit patch analysis ● Can be automated ● Used already in that context ● Challenges ● Object code generation ● Code replacement
Cebit - Opensource Forum 2015 Open questions ● Creation in general ● Detect and cover dependencies ● Activation ● Deactivation(?) ● Management
Cebit - Opensource Forum 2015 Players!
Cebit - Opensource Forum 2015 Ksplice arises ... ● 2008/2009 ● 4 students @ MIT – Thesis from Jeff Arnolds ● Ksplice Inc. founded – GPLv2 – Supported: Debian, Ubuntu, Fedora, CentOS, RHEL ● July 2011 ● Acquired by Oracle
Cebit - Opensource Forum 2015 Ksplice – high level ● Patching original source code ● Generation of new object code ● Comparison of 'old' and new object code ● Load of the delta code ● Address redirection to activate new object code
Cebit - Opensource Forum 2015 The newcomers ● Opensource ● SUSE ● Red Hat ● Partially Opensource ● CloudLinux
Cebit - Opensource Forum 2015 Red Hat's kpatch
Cebit - Opensource Forum 2015 kpatch – History ● Not picked up for a long time ● Big surprise in FEB2014 ● dynup-kpatch project on Github ● Quite advanced – Tools – Scripts – Documentation
Cebit - Opensource Forum 2015 kpatch – How ● Object code comparison ● New function per kernel module ● Jump address manipulation BUT ● Out of scope ● Constantly used system calls ● virtual Dynamic Share Objects (vDSO) ● Change (of handling) of data allocation
Cebit - Opensource Forum 2015 kpatch – Object Code Comparison ● 2 kernel compilations ● With & without patch ● Speedup by CCACHE ● Compiler flags – ­ffunction­sections – ­fdata­sections ● O/S tools ● objcopy ● readelf
Cebit - Opensource Forum 2015 kpatch – New Function to Kernel ● No kernel code change needed ● Two modules ● Base/Core ● Patch ● Function name unchanged
Cebit - Opensource Forum 2015 kpatch – Jump Address Challenge ● ftrace ● Function TRACEr ● mcount() ● kpatch-handler ● stop_machine() ● Under discussion ● See Masami Hiramatsu's fork
Cebit - Opensource Forum 2015 kpatch – Toolbox ● 2 sets ● Builder ● Loader ● http://github.com/dynup/kpatch/
Cebit - Opensource Forum 2015 SUSE's kGraft
Cebit - Opensource Forum 2015 kGraft - History ● 'talks' since spring/summer 2012 ● Announcement at SUSECon 2012 ● Very quiet at SUSECon 2013 ● Surprising news in FEB2014 ● Source code not immediately available ● Presentation at Linux Collaboration Summit ● Git repository public since MAR2014
Cebit - Opensource Forum 2015 kGraft – How ● Not really object code comparison ● DWARF ● Function lists ● New function per kernel module ● Jump address manipulation BUT ● Out of scope ● ??? ...See later
Cebit - Opensource Forum 2015 kGraft – Object Code Comparison ● 1-2 kernel compilation(s) ● With (and without) the patch ● Compiler flags – ­ffunction­sections – ­fdata­sections ● O/S tools ● objcopy ● nm ● readelf
Cebit - Opensource Forum 2015 kGraft – New Function to Kernel ● Requires intra-Kernel infrastructure ● kernel code change ● Plan ahead ● One module ● Function name changed
Cebit - Opensource Forum 2015 kGraft – Jump Address Challenge ● Ftrace ● Similar to kpatch ● INT3 instruction ● stop_machine() ● Reality check function + kernel thread flag ● schedule_on_each_cpu() ● kill/pkill
Cebit - Opensource Forum 2015 kGraft – Toolbox ● Not really existing ● Part of the kernel ● Sample code ● Helper scripts (earlier versions only) ● http://git.kernel.org/cgit/linux/kernel/git/ jirislaby/kgraft.git/ ● http://github.com/useidel/kgraft-tools
Cebit - Opensource Forum 2015 kGraft – Enterprise Version ● Announced at SUSECon 2014 ● 'SLES Live Patching' ● Subset of kGraft project ● Separate subscription ● One year life cycle per maintenance kernel ● http://www.suse.com/products/live-patching
Cebit - Opensource Forum 2015 Show!
Cebit - Opensource Forum 2015 Example ● uptime_proc_show ● Base: Linux kernel with enabled kGraft ● http://youtu.be/_IQ44jqJdIQ :-)
Cebit - Opensource Forum 2015 And?
Cebit - Opensource Forum 2015 Ongoing ● Patch stacking ● New/different functions ● Already patched functions ● Clean patch removal ● Combination with Tracers ● ftrace ● Systemtap ● LTTng
Cebit - Opensource Forum 2015 Kernel Live Patching ● Discussed ● @Kernel Summit AUG2014 ● @LinuxCon Europe OCT2014 ● Upstream ● Joined effort of SUSE & Red Hat ● Merged for 4.0 (aka 3.20 :-)) ● Outstanding ● Consistency model solution ● Integration in (Enterprise) Linux distributions
Cebit - Opensource Forum 2015 Sneak Preview ● uptime_proc_show … again ● Base: Linux kernel with KLP ● http://youtu.be/Tvfabm3m9hg :-)
Cebit - Opensource Forum 2015 Summary ● Both: advantages and disadvantages ● kpatch: more flexible and better tooling ● kGraft: potentially more powerful (?) ● Continued development ● Vanilla Kernel approach almost there ● Keep on watching
Cebit - Opensource Forum 2015 References ● http://www.ksplice.com ● http://rhelblog.redhat.com/2014/02/26/kpatch/ ● http://www.suse.com/communities/conversations/ kgraft-live-kernel-patching/ ● http://lkml.iu.edu/hypermail/ linux/kernel/1502.1/00753.html
Cebit - Opensource Forum 2015 Thank you!
Cebit - Opensource Forum 2015 Reboot adieu! Online Linux kernel patching Udo Seidel

Recommended

Osdc2012 xtfs.talk
Osdc2012 xtfs.talkOsdc2012 xtfs.talk
Osdc2012 xtfs.talkUdo Seidel
 
Ostd.ksplice.talk
Ostd.ksplice.talkOstd.ksplice.talk
Ostd.ksplice.talkUdo Seidel
 
adp.ceph.openstack.talk
adp.ceph.openstack.talkadp.ceph.openstack.talk
adp.ceph.openstack.talkUdo Seidel
 
Cephfsglusterfs.talk
Cephfsglusterfs.talkCephfsglusterfs.talk
Cephfsglusterfs.talkUdo Seidel
 
Linuxtag.ceph.talk
Linuxtag.ceph.talkLinuxtag.ceph.talk
Linuxtag.ceph.talkUdo Seidel
 
ceph openstack dream team
ceph openstack dream teamceph openstack dream team
ceph openstack dream teamUdo Seidel
 
GlusterFS Containers
GlusterFS ContainersGlusterFS Containers
GlusterFS ContainersMohamed Ashiq
 
HKG15-301: OVS implemented via ODP & vendor SDKs
HKG15-301: OVS implemented via ODP & vendor SDKsHKG15-301: OVS implemented via ODP & vendor SDKs
HKG15-301: OVS implemented via ODP & vendor SDKsLinaro
 

Recommended

Osdc2012 xtfs.talk
Osdc2012 xtfs.talkOsdc2012 xtfs.talk
Osdc2012 xtfs.talkUdo Seidel
 
Ostd.ksplice.talk
Ostd.ksplice.talkOstd.ksplice.talk
Ostd.ksplice.talkUdo Seidel
 
adp.ceph.openstack.talk
adp.ceph.openstack.talkadp.ceph.openstack.talk
adp.ceph.openstack.talkUdo Seidel
 
Cephfsglusterfs.talk
Cephfsglusterfs.talkCephfsglusterfs.talk
Cephfsglusterfs.talkUdo Seidel
 
Linuxtag.ceph.talk
Linuxtag.ceph.talkLinuxtag.ceph.talk
Linuxtag.ceph.talkUdo Seidel
 
ceph openstack dream team
ceph openstack dream teamceph openstack dream team
ceph openstack dream teamUdo Seidel
 
GlusterFS Containers
GlusterFS ContainersGlusterFS Containers
GlusterFS ContainersMohamed Ashiq
 
HKG15-301: OVS implemented via ODP & vendor SDKs
HKG15-301: OVS implemented via ODP & vendor SDKsHKG15-301: OVS implemented via ODP & vendor SDKs
HKG15-301: OVS implemented via ODP & vendor SDKsLinaro
 
Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Community
 
LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2Linaro
 
SFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateSFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateLinaro
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packetLinaro
 
BKK16-306 ART ii
BKK16-306 ART iiBKK16-306 ART ii
BKK16-306 ART iiLinaro
 
Scaling Docker Registry
Scaling Docker RegistryScaling Docker Registry
Scaling Docker RegistryMirantis IT Russia
 
Persistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSPersistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSHumble Chirammal
 
BKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateBKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateLinaro
 
Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Ceph Community
 
BKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationBKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationLinaro
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container imagesAkihiro Suda
 
HKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateHKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateLinaro
 
Kernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateKernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateAnne Nicolas
 
BKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopBKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopLinaro
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpiQNIB Solutions
 
A day in the life of a log message
A day in the life of a log messageA day in the life of a log message
A day in the life of a log messageJosef Karásek
 
Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Jeremy Eder
 
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?ArangoDB Database
 
Red Hat Container Development Kit
Red Hat Container Development KitRed Hat Container Development Kit
Red Hat Container Development KitLalatendu Mohanty
 
Notary - container signing
Notary - container signingNotary - container signing
Notary - container signingMoby Project
 
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...The Linux Foundation
 
Kernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelKernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelAnne Nicolas
 

More Related Content

What's hot

Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Community
 
LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2Linaro
 
SFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateSFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateLinaro
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packetLinaro
 
BKK16-306 ART ii
BKK16-306 ART iiBKK16-306 ART ii
BKK16-306 ART iiLinaro
 
Persistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSPersistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSHumble Chirammal
 
BKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateBKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateLinaro
 
Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Ceph Community
 
BKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationBKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationLinaro
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container imagesAkihiro Suda
 
HKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateHKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateLinaro
 
Kernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateKernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateAnne Nicolas
 
BKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopBKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopLinaro
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpiQNIB Solutions
 
A day in the life of a log message
A day in the life of a log messageA day in the life of a log message
A day in the life of a log messageJosef Karásek
 
Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Jeremy Eder
 
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?ArangoDB Database
 
Red Hat Container Development Kit
Red Hat Container Development KitRed Hat Container Development Kit
Red Hat Container Development KitLalatendu Mohanty
 
Notary - container signing
Notary - container signingNotary - container signing
Notary - container signingMoby Project
 

What's hot (20)

Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOcean
 
LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2LCU14 310- Cisco ODP v2
LCU14 310- Cisco ODP v2
 
SFO15-102:ODP Project Update
SFO15-102:ODP Project UpdateSFO15-102:ODP Project Update
SFO15-102:ODP Project Update
 
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packet
 
BKK16-306 ART ii
BKK16-306 ART iiBKK16-306 ART ii
BKK16-306 ART ii
 
Scaling Docker Registry
Scaling Docker RegistryScaling Docker Registry
Scaling Docker Registry
 
Persistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFSPersistent Storage in Openshift using GlusterFS
Persistent Storage in Openshift using GlusterFS
 
BKK16-106 ODP Project Update
BKK16-106 ODP Project UpdateBKK16-106 ODP Project Update
BKK16-106 ODP Project Update
 
Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0Performance optimization for all flash based on aarch64 v2.0
Performance optimization for all flash based on aarch64 v2.0
 
BKK16-411 Devicetree Specification
BKK16-411 Devicetree SpecificationBKK16-411 Devicetree Specification
BKK16-411 Devicetree Specification
 
[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images[FOSDEM 2020] Lazy distribution of container images
[FOSDEM 2020] Lazy distribution of container images
 
HKG15-110: ODP Project Update
HKG15-110: ODP Project UpdateHKG15-110: ODP Project Update
HKG15-110: ODP Project Update
 
Kernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status UpdateKernel Recipes 2016 - Control Group Status Update
Kernel Recipes 2016 - Control Group Status Update
 
BKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing HadoopBKK16-400B ODPI - Standardizing Hadoop
BKK16-400B ODPI - Standardizing Hadoop
 
2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi2014 11-05 hpcac-kniep_christian_dockermpi
2014 11-05 hpcac-kniep_christian_dockermpi
 
A day in the life of a log message
A day in the life of a log messageA day in the life of a log message
A day in the life of a log message
 
Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...Best practices for optimizing Red Hat platforms for large scale datacenter de...
Best practices for optimizing Red Hat platforms for large scale datacenter de...
 
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
 
Red Hat Container Development Kit
Red Hat Container Development KitRed Hat Container Development Kit
Red Hat Container Development Kit
 
Notary - container signing
Notary - container signingNotary - container signing
Notary - container signing
 

Viewers also liked

XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...The Linux Foundation
 
Kernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelKernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelAnne Nicolas
 
Linux conna kpatch-without-stopmachine-fixed
Linux conna kpatch-without-stopmachine-fixedLinux conna kpatch-without-stopmachine-fixed
Linux conna kpatch-without-stopmachine-fixedTommy Lee
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Samsung Open Source Group
 
Devconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDKDevconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDKMaxime Coquelin
 
PaaS, выделенные сервера, облако и снова PaaS
PaaS, выделенные сервера, облако и снова PaaSPaaS, выделенные сервера, облако и снова PaaS
PaaS, выделенные сервера, облако и снова PaaSAlexey Vakhov
 
Coeffee Learning
Coeffee LearningCoeffee Learning
Coeffee Learningtrak15
 
Leadership course
Leadership courseLeadership course
Leadership courseHứa Duy
 
Somnath City Plots New Rates,7503367689
Somnath City Plots New Rates,7503367689Somnath City Plots New Rates,7503367689
Somnath City Plots New Rates,7503367689sahilkharkara
 
Formalpresentation2
Formalpresentation2Formalpresentation2
Formalpresentation2Laura Price
 
Como subir un video a un blogger
Como subir un video a un bloggerComo subir un video a un blogger
Como subir un video a un bloggerlovalty
 
Does (Affiliate Program) Size Matter?
Does (Affiliate Program) Size Matter?Does (Affiliate Program) Size Matter?
Does (Affiliate Program) Size Matter?Affiliate Summit
 
Dorkbot Flower Power!
Dorkbot Flower Power!Dorkbot Flower Power!
Dorkbot Flower Power!luisaph
 

Viewers also liked (17)

XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
XPDS16: Xen Live Patching - Updating Xen Without Rebooting - Konrad Wilk, Ora...
 
Kernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux KernelKernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
Kernel Recipes 2014 - kGraft: Live Patching of the Linux Kernel
 
Linux conna kpatch-without-stopmachine-fixed
Linux conna kpatch-without-stopmachine-fixedLinux conna kpatch-without-stopmachine-fixed
Linux conna kpatch-without-stopmachine-fixed
 
virtio
virtiovirtio
virtio
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?
 
Devconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDKDevconf2017 - Can VMs networking benefit from DPDK
Devconf2017 - Can VMs networking benefit from DPDK
 
PaaS, выделенные сервера, облако и снова PaaS
PaaS, выделенные сервера, облако и снова PaaSPaaS, выделенные сервера, облако и снова PaaS
PaaS, выделенные сервера, облако и снова PaaS
 
Coeffee Learning
Coeffee LearningCoeffee Learning
Coeffee Learning
 
Leadership course
Leadership courseLeadership course
Leadership course
 
Mireya alvado
Mireya alvadoMireya alvado
Mireya alvado
 
Somnath City Plots New Rates,7503367689
Somnath City Plots New Rates,7503367689Somnath City Plots New Rates,7503367689
Somnath City Plots New Rates,7503367689
 
Formalpresentation2
Formalpresentation2Formalpresentation2
Formalpresentation2
 
Como subir un video a un blogger
Como subir un video a un bloggerComo subir un video a un blogger
Como subir un video a un blogger
 
Does (Affiliate Program) Size Matter?
Does (Affiliate Program) Size Matter?Does (Affiliate Program) Size Matter?
Does (Affiliate Program) Size Matter?
 
Czech
CzechCzech
Czech
 
Dorkbot Flower Power!
Dorkbot Flower Power!Dorkbot Flower Power!
Dorkbot Flower Power!
 
4x4
4x44x4
4x4
 

Similar to kpatch.kgraft

LCU14 303- Toolchain Collaboration
LCU14 303- Toolchain CollaborationLCU14 303- Toolchain Collaboration
LCU14 303- Toolchain CollaborationLinaro
 
The State of CI/CD Tooling in 2019
The State of CI/CD Tooling in 2019The State of CI/CD Tooling in 2019
The State of CI/CD Tooling in 2019CloudOps2005
 
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...Anne Nicolas
 
BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr Linaro
 
Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Jay Bryant
 
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...chiportal
 
OpenDataPlane Testing in Travis
OpenDataPlane Testing in TravisOpenDataPlane Testing in Travis
OpenDataPlane Testing in TravisDmitry Baryshkov
 
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...Puppet
 
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...Linaro
 
LCE13: Test and Validation Summit: The future of testing at Linaro
LCE13: Test and Validation Summit: The future of testing at LinaroLCE13: Test and Validation Summit: The future of testing at Linaro
LCE13: Test and Validation Summit: The future of testing at LinaroLinaro
 
It's a Breeze to develop Apache Airflow (Apache Con Berlin)
It's a Breeze to develop Apache Airflow (Apache Con Berlin)It's a Breeze to develop Apache Airflow (Apache Con Berlin)
It's a Breeze to develop Apache Airflow (Apache Con Berlin)Jarek Potiuk
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopWeaveworks
 
Road to sbt 1.0 paved with server
Road to sbt 1.0 paved with serverRoad to sbt 1.0 paved with server
Road to sbt 1.0 paved with serverEugene Yokota
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
 
Scaling Apache Spark on Kubernetes at Lyft
Scaling Apache Spark on Kubernetes at LyftScaling Apache Spark on Kubernetes at Lyft
Scaling Apache Spark on Kubernetes at LyftDatabricks
 
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018Jay Bryant
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyJérémy Wimsingues
 
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017Jay Bryant
 

Similar to kpatch.kgraft (20)

LCU14 303- Toolchain Collaboration
LCU14 303- Toolchain CollaborationLCU14 303- Toolchain Collaboration
LCU14 303- Toolchain Collaboration
 
Nova Updates - Kilo Edition
Nova Updates - Kilo EditionNova Updates - Kilo Edition
Nova Updates - Kilo Edition
 
The State of CI/CD Tooling in 2019
The State of CI/CD Tooling in 2019The State of CI/CD Tooling in 2019
The State of CI/CD Tooling in 2019
 
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
Kernel Recipes 2018 - Live (Kernel) Patching: status quo and status futurus -...
 
BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr
 
Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
TRACK F: OpenCL for ALTERA FPGAs, Accelerating performance and design product...
 
OpenDataPlane Testing in Travis
OpenDataPlane Testing in TravisOpenDataPlane Testing in Travis
OpenDataPlane Testing in Travis
 
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
PuppetConf 2016: Why Network Automation Matters, and What You Can Do About It...
 
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
LCE13: Test and Validation Mini-Summit: Review Current Linaro Engineering Pro...
 
LCE13: Test and Validation Summit: The future of testing at Linaro
LCE13: Test and Validation Summit: The future of testing at LinaroLCE13: Test and Validation Summit: The future of testing at Linaro
LCE13: Test and Validation Summit: The future of testing at Linaro
 
It's a Breeze to develop Apache Airflow (Apache Con Berlin)
It's a Breeze to develop Apache Airflow (Apache Con Berlin)It's a Breeze to develop Apache Airflow (Apache Con Berlin)
It's a Breeze to develop Apache Airflow (Apache Con Berlin)
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps Workshop
 
Road to sbt 1.0 paved with server
Road to sbt 1.0 paved with serverRoad to sbt 1.0 paved with server
Road to sbt 1.0 paved with server
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
 
Scaling Apache Spark on Kubernetes at Lyft
Scaling Apache Spark on Kubernetes at LyftScaling Apache Spark on Kubernetes at Lyft
Scaling Apache Spark on Kubernetes at Lyft
 
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success story
 
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
 

More from Udo Seidel

Gluster.community.day.2013
Gluster.community.day.2013Gluster.community.day.2013
Gluster.community.day.2013Udo Seidel
 
Lt2013 uefisb.talk
Lt2013 uefisb.talkLt2013 uefisb.talk
Lt2013 uefisb.talkUdo Seidel
 
Lt2013 glusterfs.talk
Lt2013 glusterfs.talkLt2013 glusterfs.talk
Lt2013 glusterfs.talkUdo Seidel
 
Linuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talkLinuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talkUdo Seidel
 
Osdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talkOsdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talkUdo Seidel
 
Linuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talkLinuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talkUdo Seidel
 

More from Udo Seidel (6)

Gluster.community.day.2013
Gluster.community.day.2013Gluster.community.day.2013
Gluster.community.day.2013
 
Lt2013 uefisb.talk
Lt2013 uefisb.talkLt2013 uefisb.talk
Lt2013 uefisb.talk
 
Lt2013 glusterfs.talk
Lt2013 glusterfs.talkLt2013 glusterfs.talk
Lt2013 glusterfs.talk
 
Linuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talkLinuxconeurope2011.ext4btrfs.talk
Linuxconeurope2011.ext4btrfs.talk
 
Osdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talkOsdc2011.ext4btrfs.talk
Osdc2011.ext4btrfs.talk
 
Linuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talkLinuxkongress2010.gfs2ocfs2.talk
Linuxkongress2010.gfs2ocfs2.talk
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

kpatch.kgraft

  • 1. Reboot adieu! Online Linux kernel patching Udo Seidel
  • 2. Cebit - Opensource Forum 2015 Agenda ● Who & Why? ● How? ● Players & Show! ● And?
  • 3. Cebit - Opensource Forum 2015 Me :-) ● Teacher of mathematics and physics ● PhD in experimental physics ● Started with Linux in 1996 ● Linux/UNIX trainer ● Solution engineer in HPC and CAx environment ● Head of the Linux Strategy and Server Automation @Amadeus
  • 4. Cebit - Opensource Forum 2015 Why?
  • 5. Cebit - Opensource Forum 2015 Why kernel updates? ● Business critical applications on Linux ● Bug fixing ● New functions ● improvements ● External requirements ● Importance of security, e.g. PCI-DSS
  • 6. Cebit - Opensource Forum 2015 What is 'wrong' with reboots? ● Missing HA ● Procedures, Operations, ... ● External requirements
  • 7. Cebit - Opensource Forum 2015 Do we really need a reboot? Question ....
  • 8. Cebit - Opensource Forum 2015 Looking back and around ● Not new ● mainframes ● hot updates for Unix ● Early days of Linux ● Picked up by the 'dark side' ● Rootkits
  • 9. Cebit - Opensource Forum 2015 How?
  • 10. Cebit - Opensource Forum 2015 Source code comparison ● One approach for generation of hot updates ● Looks simple ... but ● High programming language skills needed ● Analysis complex ● Code replacement unclear
  • 11. Cebit - Opensource Forum 2015 Object code comparison ● Advantages ● Reduced need for developing skills ● Implicit patch analysis ● Can be automated ● Used already in that context ● Challenges ● Object code generation ● Code replacement
  • 12. Cebit - Opensource Forum 2015 Open questions ● Creation in general ● Detect and cover dependencies ● Activation ● Deactivation(?) ● Management
  • 13. Cebit - Opensource Forum 2015 Players!
  • 14. Cebit - Opensource Forum 2015 Ksplice arises ... ● 2008/2009 ● 4 students @ MIT – Thesis from Jeff Arnolds ● Ksplice Inc. founded – GPLv2 – Supported: Debian, Ubuntu, Fedora, CentOS, RHEL ● July 2011 ● Acquired by Oracle
  • 15. Cebit - Opensource Forum 2015 Ksplice – high level ● Patching original source code ● Generation of new object code ● Comparison of 'old' and new object code ● Load of the delta code ● Address redirection to activate new object code
  • 16. Cebit - Opensource Forum 2015 The newcomers ● Opensource ● SUSE ● Red Hat ● Partially Opensource ● CloudLinux
  • 17. Cebit - Opensource Forum 2015 Red Hat's kpatch
  • 18. Cebit - Opensource Forum 2015 kpatch – History ● Not picked up for a long time ● Big surprise in FEB2014 ● dynup-kpatch project on Github ● Quite advanced – Tools – Scripts – Documentation
  • 19. Cebit - Opensource Forum 2015 kpatch – How ● Object code comparison ● New function per kernel module ● Jump address manipulation BUT ● Out of scope ● Constantly used system calls ● virtual Dynamic Share Objects (vDSO) ● Change (of handling) of data allocation
  • 20. Cebit - Opensource Forum 2015 kpatch – Object Code Comparison ● 2 kernel compilations ● With & without patch ● Speedup by CCACHE ● Compiler flags – ­ffunction­sections – ­fdata­sections ● O/S tools ● objcopy ● readelf
  • 21. Cebit - Opensource Forum 2015 kpatch – New Function to Kernel ● No kernel code change needed ● Two modules ● Base/Core ● Patch ● Function name unchanged
  • 22. Cebit - Opensource Forum 2015 kpatch – Jump Address Challenge ● ftrace ● Function TRACEr ● mcount() ● kpatch-handler ● stop_machine() ● Under discussion ● See Masami Hiramatsu's fork
  • 23. Cebit - Opensource Forum 2015 kpatch – Toolbox ● 2 sets ● Builder ● Loader ● http://github.com/dynup/kpatch/
  • 24. Cebit - Opensource Forum 2015 SUSE's kGraft
  • 25. Cebit - Opensource Forum 2015 kGraft - History ● 'talks' since spring/summer 2012 ● Announcement at SUSECon 2012 ● Very quiet at SUSECon 2013 ● Surprising news in FEB2014 ● Source code not immediately available ● Presentation at Linux Collaboration Summit ● Git repository public since MAR2014
  • 26. Cebit - Opensource Forum 2015 kGraft – How ● Not really object code comparison ● DWARF ● Function lists ● New function per kernel module ● Jump address manipulation BUT ● Out of scope ● ??? ...See later
  • 27. Cebit - Opensource Forum 2015 kGraft – Object Code Comparison ● 1-2 kernel compilation(s) ● With (and without) the patch ● Compiler flags – ­ffunction­sections – ­fdata­sections ● O/S tools ● objcopy ● nm ● readelf
  • 28. Cebit - Opensource Forum 2015 kGraft – New Function to Kernel ● Requires intra-Kernel infrastructure ● kernel code change ● Plan ahead ● One module ● Function name changed
  • 29. Cebit - Opensource Forum 2015 kGraft – Jump Address Challenge ● Ftrace ● Similar to kpatch ● INT3 instruction ● stop_machine() ● Reality check function + kernel thread flag ● schedule_on_each_cpu() ● kill/pkill
  • 30. Cebit - Opensource Forum 2015 kGraft – Toolbox ● Not really existing ● Part of the kernel ● Sample code ● Helper scripts (earlier versions only) ● http://git.kernel.org/cgit/linux/kernel/git/ jirislaby/kgraft.git/ ● http://github.com/useidel/kgraft-tools
  • 31. Cebit - Opensource Forum 2015 kGraft – Enterprise Version ● Announced at SUSECon 2014 ● 'SLES Live Patching' ● Subset of kGraft project ● Separate subscription ● One year life cycle per maintenance kernel ● http://www.suse.com/products/live-patching
  • 32. Cebit - Opensource Forum 2015 Show!
  • 33. Cebit - Opensource Forum 2015 Example ● uptime_proc_show ● Base: Linux kernel with enabled kGraft ● http://youtu.be/_IQ44jqJdIQ :-)
  • 34. Cebit - Opensource Forum 2015 And?
  • 35. Cebit - Opensource Forum 2015 Ongoing ● Patch stacking ● New/different functions ● Already patched functions ● Clean patch removal ● Combination with Tracers ● ftrace ● Systemtap ● LTTng
  • 36. Cebit - Opensource Forum 2015 Kernel Live Patching ● Discussed ● @Kernel Summit AUG2014 ● @LinuxCon Europe OCT2014 ● Upstream ● Joined effort of SUSE & Red Hat ● Merged for 4.0 (aka 3.20 :-)) ● Outstanding ● Consistency model solution ● Integration in (Enterprise) Linux distributions
  • 37. Cebit - Opensource Forum 2015 Sneak Preview ● uptime_proc_show … again ● Base: Linux kernel with KLP ● http://youtu.be/Tvfabm3m9hg :-)
  • 38. Cebit - Opensource Forum 2015 Summary ● Both: advantages and disadvantages ● kpatch: more flexible and better tooling ● kGraft: potentially more powerful (?) ● Continued development ● Vanilla Kernel approach almost there ● Keep on watching
  • 39. Cebit - Opensource Forum 2015 References ● http://www.ksplice.com ● http://rhelblog.redhat.com/2014/02/26/kpatch/ ● http://www.suse.com/communities/conversations/ kgraft-live-kernel-patching/ ● http://lkml.iu.edu/hypermail/ linux/kernel/1502.1/00753.html
  • 40. Cebit - Opensource Forum 2015 Thank you!
  • 41. Cebit - Opensource Forum 2015 Reboot adieu! Online Linux kernel patching Udo Seidel