►
From YouTube: Linux Kernel Live Patching - Haishuang Yan, China Mobile
Description
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
Linux Kernel Live Patching - Haishuang Yan, China Mobile
This presentation is about a methodology which keep linux kernels live patched and running without interruptions, its technical details, limitations as well as kpatch tools.
https://sched.co/NruH
A
B
B
A
We
have
to
first
detect
some
minor
security
bugs,
for
example,
change
the
code
and
change
the
structure
of
the
data
and
leave
that
minor
bug
fixing,
and
we
don't
need
to
do
a
live
patching
and
also
we
cannot
upgrade
the
generic
version
of
kernel
with
it
and
the
version
of
the
kernel.
If
we
want
to
change
it,
that
means
lots
of
patching
multiple
patching,
not.
A
D
A
A
B
B
B
A
A
B
A
This
business
sections
didn't
have
a
high
availability
mechanism.
If
we
shut
down
our
online
business,
then
that's
not
good,
that's
very
damaging,
and
some
of
the
parts
cannot
accept
downtown
longer
than
100.
Ms,
so
we
have
to
recalculate
the
reboot
time
needed
and
we
had
to
rescheduled
and
for
traditional
cloud
computing.
We
have
hundreds
of
physical
devices
and
we
have
tens
of
thousands
of
virtual
machines.
Then,
if
we
want
to
reboot
them
all
that
it's
not
realistic
and.
B
B
B
B
B
B
A
A
B
B
B
B
B
A
A
B
A
B
B
B
A
B
A
B
B
B
B
B
B
B
A
There
is
a
conflict
between
the
existing
content
and
life
patching
we
need
to
exit
otherwise
Thursday.
There
might
be
a
panic
in
the
system
or
a
crash
in
the
system,
so
the
life
patching
starts
suitable
for
all
platforms.
For
example,
if
some
of
the
platforms
are
using
scheduling,
then
obviously
it's
not
suitable
for
live
matching.
B
B
A
A
B
B
B
B
B
B
A
B
B
A
The
principle
is
focused
on
different
processes,
different
thread,
and
we
ensure
none
of
the
to
be
patched.
Functions
are
on
the
stack
of
any
tasks
and
we
have
to
guarantee
the
function.
It's
code
right
start
machine
context
and
we
have
to
walk
through
all
thread
and
check
all
functions
on
stacks
and
avoid
any
failure,
and
we
also
need
to
verify
the
back
back
trace
address
on
the
stack,
for
example,.