A system for rebootless kernel security updates

From: Jeff Arnold
Date: Wed Apr 23 2008 - 14:59:21 EST

Next message: Cyrill Gorcunov: "Re: x86: cleanup - rename VM_MASK to X86_VM_MASK"
Previous message: Robin Getz: "Re: [PATCH] mm/nommu.c - return 0 from kobjsize with invalid objects"
Next in thread: FD Cami: "Re: A system for rebootless kernel security updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

I've put together an automatic system for applying kernel security patches to the Linux kernel without rebooting it, and I wanted to share this system with the community in case others find it useful or interesting.

Here's the summary: The system takes as input a kernel security patch (which can be a unified diff taken directly from Linus' GIT tree) and the source code corresponding to the running kernel, and it automatically creates a set of kernel modules to perform the update. The running kernel does not need to have been customized in advance in any way. To be fully automatic, the system cannot be used to apply patches that introduce semantic changes to data structures, but most Linux kernel security patches don't make these kinds of changes. I've evaluated the system against various kernel versions and security vulnerabilities, and the system can automatically apply 84% of the significant kernel security patches from May 2005 through December 2007.

I've been pursuing this project because I don't like dealing with reboots whenever a new local kernel security vulnerability is discovered. The rebootless update practices/systems that are already out there require manually constructing an update (through a process that can be tricky and error-prone), and they tend to have other disadvantages as well (such as requiring a custom kernel, not handling inline functions properly, etc). This new system works on existing kernels, and it simply takes a unified diff as input and does the rest on its own.

The system's website is http://web.mit.edu/ksplice.

The GIT repository, code tarball, and binary tarballs are available here:
http://web.mit.edu/ksplice/ksplice.git
http://web.mit.edu/ksplice/dist/ksplice-src.tar.gz
http://web.mit.edu/ksplice/dist/ksplice-bin-i386.tar.gz
http://web.mit.edu/ksplice/dist/ksplice-bin-x86_64.tar.gz

A document describing how the system works is available here: http://web.mit.edu/ksplice/doc/ksplice.pdf

Any feedback would be appreciated.

Jeff Arnold
jbarnold@xxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Cyrill Gorcunov: "Re: x86: cleanup - rename VM_MASK to X86_VM_MASK"
Previous message: Robin Getz: "Re: [PATCH] mm/nommu.c - return 0 from kobjsize with invalid objects"
Next in thread: FD Cami: "Re: A system for rebootless kernel security updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]