Ksplice: Rebootless kernel updates
Today, when Linux users apply security updates to their systems, they are commonly informed that they must reboot in order to finish applying the updates. Since rebooting is disruptive, many users and system administrators delay performing these updates, despite the increased security risk--more than 90% of attacks exploit known vulnerabilities. Ksplice is new software for eliminating the disruption caused by updates to the Linux kernel; with Ksplice, all Linux security updates (and many other updates) can be applied seamlessly, without a reboot.
The Ksplice software constructs rebootless kernel updates automatically based on traditional source code patches (e.g., patches taken directly from Linus' Git tree). Specifically, the software takes as input a source code change in unified diff format and the kernel source code to be patched, and it constructs an update for applying the patch to the corresponding running kernel. The running kernel does not need to have been prepared in advance in any way.
An evaluation involving all significant x86-32 Linux security patches from May 2005 to May 2008 finds that most security patches---56 of 64---require no new code to be performed as a Ksplice update. In other words, Ksplice can correct 88% of the Linux kernel vulnerabilities from this interval without the need for rebooting and without writing any new code.
If a programmer writes a small amount of new code to assist with the remaining patches (about 17 lines per patch, on average), then Ksplice can apply all 64 of the security patches from this interval without rebooting.
This talk will describe the design of Ksplice and how it can currently be used to improve kernel security and simplify kernel debugging.
Ksplice is available under the GPLv2 from <http://www.ksplice.com/download>.
Jeff Arnold recently graduated from MIT, where he focused on operating systems and security with MIT's PDOS research group, led by Professors Frans Kaashoek and Robert Morris. Jeff started the Ksplice software in early 2007, and he is currently the lead developer of the project. From 2005 to 2007, Jeff was the chairman of MIT's student computing group, SIPB. Jeff currently works in Cambridge, Massachusetts.