KGraft

Last updated

kGraft
Developer(s) SUSE
Initial releaseMarch 27, 2014 (2014-03-27) [1]
Stable release
5.12 [2] / 25 April 2021;3 years ago (25 April 2021)
Repository
Operating system Linux
Type Kernel extension
License GNU GPL versions 2 and 3
Website www.suse.com/products/live-patching

kGraft is a feature of the Linux kernel that implements live patching of a running kernel, which allows kernel patches to be applied while the kernel is still running. By avoiding the need for rebooting the system with a new kernel that contains the desired patches, kGraft aims to maximize the system uptime and availability. At the same time, kGraft allows kernel-related security updates to be applied without deferring them to scheduled downtimes. [1] [3] Internally, kGraft allows entire functions in a running kernel to be replaced with their patched versions, doing that safely by selectively using original versions of functions to ensure per-process consistency while the live patching is performed. [4]

Contents

kGraft is developed by SUSE, with its source code licensed under the terms of versions two and three of the GNU General Public License (GPL). [3] [5] In April 2014, kGraft was submitted for inclusion into the Linux kernel mainline, [4] and the minimalistic foundations for live patching were merged into the Linux kernel mainline in kernel version 4.0, which was released on April 12, 2015. [6]

Internals

Internally, kGraft consists of two parts  the core kernel module executes the live patching mechanism by altering kernel's inner workings, while userspace utilities prepare individual hot patch kernel modules from source diffs. Live kernel patching is performed at the function level, meaning that kGraft can replace entire functions in the running kernel with their patched versions, while relying on the mechanisms and infrastructure established by ftrace to "route around" old versions of functions. No changes to the kernel's internal data structures are possible; however, security patches, which are one of the natural candidates to be used with kGraft, rarely contain changes to the kernel's data structures. [3] [4] [7]

While applying hot patches, kGraft does not require a running kernel to be stopped for patched versions of functions to be introduced into it. Instead of replacing functions atomically, kGraft provides consistent "world views" (or "universes") to userspace processes, kernel threads and interrupt handlers, which are monitored during their execution so the original versions of patched kernel functions can continue to be used. To accomplish that, kGraft maintains original versions of patched functions in a read-copy-update (RCU) fashion, and dynamically selects between the original and patched versions depending on which process, kernel thread or interrupt handler executes them. More specifically, original versions of functions continue to be usedat the time when a hot patch is appliedfor processes currently executing within the kernel space, for kernel threads until they reach their completion points, and for currently executing interrupt handlers. [3] [4] [8] [9]

Due to its design, kGraft does not introduce additional latency while applying hot patches. As the downside, original versions of patched kernel functions may be required to be maintained for extended periods of time in case there are processes that remain for too long within the kernel space; for example, a process may wait for I/O on a network socket. Also, as both original and patched versions of functions are allowed to be executed in parallel, troubles may arise if they use kernel's internal data structures in different ways. [4] [9]

"World views" or "universes", maintained by kGraft in a read-copy-update fashion [3] :14,15,17
Linux kernel live patching kGraft1.svg
Without additional logic in place, not replacing patched functions atomically could lead to inconsistencies.
Linux kernel live patching kGraft2.svg
Each process is monitored so it executes a patched function consistently within a single system call.
Linux kernel live patching kGraft3.svg
After everything migrates to a new "universe", trampoline-style checks are no longer needed.

History

SUSE announced kGraft in January 2014 [10] and released it publicly in March 2014 under the terms of the GNU General Public License version 2 (GPLv2) for the kernel part, and under the terms of version 3 (GPLv3) for the userspace part. [1] [5] It was released shortly after Red Hat released its own live kernel patching implementation called kpatch. [11] kGraft aims to become merged into the Linux kernel mainline, and it was submitted for the inclusion in April 2014. [4] [9]

kGraft was made available for SUSE Linux Enterprise Server  12 on November 18, 2014, as an additional feature called SUSE Linux Enterprise Live Patching. [12] [13]

Minimalistic foundations for live kernel patching were merged into the Linux kernel mainline in kernel version 4.0, which was released on April 12, 2015. Those foundations, based primarily on the kernel's ftrace functionality, form a common core capable of supporting hot patching by both kGraft and kpatch, by providing an application programming interface (API) for kernel modules that contain hot patches and an application binary interface (ABI) for the userspace management utilities. However, the common core included into Linux kernel 4.0 supports only the x86 architecture and does not provide any mechanisms for ensuring function-level consistency while the hot patches are applied. [6] [14] [15]

Since April 2015, there is ongoing work on porting kGraft to the common live patching core provided by the Linux kernel mainline. [15] However, implementation of the required function-level consistency mechanisms has been delayed because the call stacks provided by the Linux kernel may be unreliable in situations that involve assembly code without proper stack frames; as a result, the porting work remains in progress as of September 2015. In an attempt to improve the reliability of kernel's call stacks, a specialized sanity-check stacktool userspace utility has also been developed. [16] [17]

See also

Related Research Articles

In computing, a futex is a kernel system call that programmers can use to implement basic locking, or as a building block for higher-level locking abstractions such as semaphores and POSIX mutexes or condition variables.

Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network address translation, and port translation, which provide the functionality required for directing packets through a network and prohibiting packets from reaching sensitive locations within a network.

seccomp is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit , sigreturn , read and write to already-open file descriptors. Should it attempt any other system calls, the kernel will either just log the event or terminate the process with SIGKILL or SIGSYS. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.

<span class="mw-page-title-main">Kernel-based Virtual Machine</span> Virtualization module in the Linux kernel

Kernel-based Virtual Machine (KVM) is a free and open-source virtualization module in the Linux kernel that allows the kernel to function as a hypervisor. It was merged into the mainline Linux kernel in version 2.6.20, which was released on February 5, 2007. KVM requires a processor with hardware virtualization extensions, such as Intel VT or AMD-V. KVM has also been ported to other operating systems such as FreeBSD and illumos in the form of loadable kernel modules.

<span class="mw-page-title-main">Completely Fair Scheduler</span> Linux process scheduler

The Completely Fair Scheduler (CFS) was a process scheduler that was merged into the 2.6.23 release of the Linux kernel. It was the default scheduler of the tasks of the SCHED_NORMAL class and handled CPU resource allocation for executing processes, aiming to maximize overall CPU utilization while also maximizing interactive performance.

Con Kolivas is a Greek-Australian anaesthetist. He has worked as a computer programmer on the Linux kernel and on the development of the cryptographic currency mining software CGMiner. His Linux contributions include patches for the kernel to improve its desktop performance, particularly reducing I/O impact.

kexec, analogous to the Unix/Linux kernel call exec, is a mechanism of the Linux kernel that allows booting of a new kernel from the currently running one.

<span class="mw-page-title-main">Ksplice</span> Live patch extension for the Linux kernel

Ksplice is an open-source extension of the Linux kernel that allows security patches to be applied to a running kernel without the need for reboots, avoiding downtimes and improving availability. Ksplice supports only the patches that do not make significant semantic changes to kernel's data structures.

<span class="mw-page-title-main">Linux kernel</span> Free Unix-like operating system kernel

The Linux kernel is a free and open source, UNIX-like kernel that is used in many computer systems worldwide. The kernel was created by Linus Torvalds in 1991 and was soon adopted as the kernel for the GNU operating system (OS) which was created to be a free replacement for Unix. Since the late 1990s, it has been included in many operating system distributions, many of which are called Linux. One such Linux kernel operating system is Android which is used in many mobile and embedded devices.

nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames. It has been available since Linux kernel 3.13 released on 19 January 2014.

Dprobes is a Linux kernel analysis framework built off of Kprobes, which features the ability to insert breakpoints and software probes dynamically into running code. It is licensed under the GNU GPLv2 licence.

cgroups is a Linux kernel feature that limits, accounts for, and isolates the resource usage of a collection of processes.

In computer science, dynamic software updating (DSU) is a field of research pertaining to upgrading programs while they are running. DSU is not currently widely used in industry. However, researchers have developed a wide variety of systems and techniques for implementing DSU. These systems are commonly tested on real-world programs.

Checkpoint/Restore In Userspace (CRIU), is a software tool for the Linux operating system. Using this tool, it is possible to freeze a running application and checkpoint it to persistent storage as a collection of files. One can then use the files to restore and run the application from the point it was frozen at. The distinctive feature of the CRIU project is that it is mainly implemented in user space, rather than in the kernel.

perf is a performance analyzing tool in Linux, available from Linux kernel version 2.6.31 in 2009. Userspace controlling utility, named perf, is accessed from the command line and provides a number of subcommands; it is capable of statistical profiling of the entire system.

<span class="mw-page-title-main">Open vSwitch</span> Virtual network switch

Open vSwitch (OVS) is an open-source implementation of a distributed virtual multilayer switch. The main purpose of Open vSwitch is to provide a switching stack for hardware virtualization environments, while supporting multiple protocols and standards used in computer networks.

kpatch is a feature of the Linux kernel that implements live patching of a running kernel, which allows kernel patches to be applied while the kernel is still running. By avoiding the need for rebooting the system with a new kernel that contains the desired patches, kpatch aims to maximize the system uptime and availability. At the same time, kpatch allows kernel-related security updates to be applied without deferring them to scheduled downtimes. Internally, kpatch allows entire functions in a running kernel to be replaced with their patched versions, doing that safely by stopping all running processes while the live patching is performed.

ftrace is a tracing framework for the Linux kernel. Although its original name, Function Tracer, came from ftrace's ability to record information related to various function calls performed while the kernel is running, ftrace's tracing capabilities cover a much broader range of kernel's internal operations.

kdump is a feature of the Linux kernel that creates crash dumps in the event of a kernel crash. When triggered, kdump exports a memory image that can be analyzed for the purposes of debugging and determining the cause of a crash. The dumped image of main memory, exported as an Executable and Linkable Format (ELF) object, can be accessed either directly through /proc/vmcore during the handling of a kernel crash, or it can be automatically saved to a locally accessible file system, to a raw device, or to a remote system accessible over network.

KernelCare is a live kernel patching service that provides security patches and bugfixes for a range of popular Linux kernels that can be installed without rebooting the system.

References

  1. 1 2 3 "SUSE Releases kGraft for Live Patching of Linux Kernel". SUSE. March 27, 2014. Retrieved November 7, 2014.
  2. "Release 5.12". April 25, 2021. Retrieved May 14, 2021.
  3. 1 2 3 4 5 Vojtěch Pavlík (March 28, 2014). "kGraft: Live patching of the Linux kernel" (PDF). linuxfoundation.org. Retrieved November 7, 2014.
  4. 1 2 3 4 5 6 Jonathan Corbet (April 30, 2014). "The initial kGraft submission". LWN.net . Retrieved November 7, 2014.
  5. 1 2 Chris Duckett (February 4, 2014). "Suse's kGraft looks to put live kernel patching back into Linux". ZDNet . Retrieved February 11, 2020.
  6. 1 2 "Linux kernel 4.0, Section 1.2. Live patching". kernelnewbies.org. April 26, 2015. Retrieved April 27, 2015.
  7. Vojtěch Pavlík (January 31, 2014). "kGraft: Live Kernel Patching". Conversations. Retrieved November 7, 2014.
  8. Libby Clark (March 4, 2014). "SUSE Labs Director Talks Live Kernel Patching with kGraft". linux.com. Archived from the original on March 10, 2016. Retrieved November 7, 2014.
  9. 1 2 3 Michael Larabel (May 1, 2014). "SUSE Posts kGraft, Red Hat Posts Kpatch Patches". Phoronix . Retrieved November 7, 2014.
  10. "SUSE Develops kGraft for Live Patching of Linux Kernel". SUSE. January 31, 2014. Retrieved December 28, 2014.
  11. Josh Poimboeuf; Seth Jennings (February 26, 2014). "Introducing kpatch: Dynamic Kernel Patching". redhat.com. Retrieved February 11, 2020.
  12. "SUSE Linux Enterprise Live Patching Now Available". SUSE. November 18, 2014. Retrieved November 23, 2014.
  13. Sean Michael Kerner (November 18, 2014). "SUSE Brings Live Patching and Ceph Storage to Its Enterprise Linux". serverwatch.com. Retrieved November 23, 2014.
  14. Jonathan Corbet (February 25, 2015). "A rough patch for live patching". LWN.net . Retrieved April 27, 2015.
  15. 1 2 "Linux kernel source tree: kernel/git/torvalds/linux.git: Pull live patching infrastructure from Jiri Kosina". kernel.org. February 11, 2015. Retrieved April 27, 2015.
  16. Jonathan Corbet (September 30, 2015). "Compile-time stack validation". LWN.net . Retrieved October 2, 2015.
  17. Josh Poimboeuf (September 24, 2015). "Linux kernel documentation: Documentation/stack-validation.txt (from the v13 patch)". LWN.net . Retrieved October 2, 2015.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.