Description
The Live Patching microconference at Linux Plumbers 2023 aims to gather stakeholders and interested parties to discuss proposed features and outstanding issues in live patching.
-
Breno Leitao (Meta), Song Liu (Meta)15/11/2023, 09:30
To support various Linux Kernels in hyperscale data centers, it is important to aggregate signals (console output, crash dump, etc.) among millions of servers. One of the key types of information in this massive dataset is the Kernel version running on each host.
At Meta, we use netconsole to analyze console outputs from millions of servers. Recent work...
Go to contribution page -
Yonghong Song, Song Liu (Meta)15/11/2023, 10:00
We want to discuss live patching with clang built LTO kernel. We have managed to make it work on top of kpatch now. We would like to discuss:
- How current comparison with vmlinux binary itself not scalable.
- How we used clang lto internal flag to compare pre-linker object files.
- How new special symbols introduced by lto may complicate live patching and how build system needs to adapt...
-
Lukáš Hruška15/11/2023, 10:30
Livepatches may use symbols which are not contained in its own scope, and, because of that, may end up compiled with relocations that will only be resolved during module load. Yet, when the referenced symbols are not exported, solving this relocation requires information on the object that holds the symbol (either vmlinux or modules) and its position inside the object, as an object may...
Go to contribution page -
Petr Mladek (SUSE)15/11/2023, 11:30
Livepatches allow fixing critical security or functional bugs without reboot. They are useful when an downtime is expensive.
The basic livepatch feature functionality is to redirect problematic functions to fixed or improved variants. In addition, there are two features helping with more problematic situations:
- pre_patch(), post_patch(), pre_unpatch(), post_unpatch()...
-
Marcos de Souza (SUSE)15/11/2023, 12:00
The kernel livepatching subsystem has a number of tests that reside in the kernel. There are kernel modules and scripts that are placed in different locations. The kernel livepatch modules are stored in lib/livepatch, while the scripts to load the modules and run tests are stored in tools/testing/kselftests. The test modules are currently only compiled when
Go to contribution pageCONFIG_TEST_LIVEPATCHis enabled,... -
Mark Rutland (Arm Ltd)15/11/2023, 12:30
The current status of the kernel side of Arm64 live patching will be provided. Missing pieces and obstacles which prevent the enablement on the architecture.
Go to contribution page