research-article

Ksplice: automatic rebootless kernel updates

Authors:

M. Frans KaashoekAuthors Info & Claims

EuroSys '09: Proceedings of the 4th ACM European conference on Computer systems

Pages 187 - 198

https://doi.org/10.1145/1519065.1519085

Published: 01 April 2009 Publication History

Abstract

Ksplice allows system administrators to apply patches to their operating system kernels without rebooting. Unlike previous hot update systems, Ksplice operates at the object code layer, which allows Ksplice to transform many traditional source code patches into hot updates with little or no programmer involvement. In the common case that a patch does not change the semantics of persistent data structures, Ksplice can create a hot update without a programmer writing any new code.

Security patches are one compelling application of hot updates. An evaluation involving all significant x86-32 Linux security patches from May 2005 to May 2008 finds that most security patches-56 of 64-require no new code to be performed as a Ksplice update. In other words, Ksplice can correct 88% of the Linux kernel vulnerabilities from this interval without the need for rebooting and without writing any new code.

If a programmer writes a small amount of new code to assist with the remaining patches (about 17 lines per patch, on average), then Ksplice can apply all 64 of the security patches from this interval without rebooting.

References

[1]

Gautam Altekar, Ilya Bagrak, Paul Burstein, and Andrew Schultz. Opus: Online patches and updates for security. In Proceedings of the 14th USENIX Security Symposium, pages 19--19, 2005.

Digital Library

[2]

Jeff Arnold and M. Frans Kaashoek. Ksplice evaluation full data: kernel versions, commit ids, and new code, 2008. URL http://www.ksplice.com/cve-evaluation-2008

[3]

Andrew Baumann, Jonathan Appavoo, Robert W. Wisniewski, Dilma Da Silva, Orran Krieger, and Gernot Heiser. Reboots are for hardware: Challenges and solutions to updating an operating system on the fly. In Proceedings of the USENIX Annual Technical Conference, pages 1--14, 2007.

Digital Library

[4]

Andrew Baumann, Gernot Heiser, Jonathan Appavoo, Dilma Da Silva, Orran Krieger, Robert W. Wisniewski, and Jeremy Kerr. Providing dynamic update in an operating system. In Proceedings of the USENIX Annual Technical Conference, pages 32--32, 2005.

Digital Library

[5]

Bryan Buck and Jeffrey K. Hollingsworth. An api for runtime code patching. Journal of High-Performance Computing Applications, 14(4):317--329, 2000.

Digital Library

[6]

Silvio Cesare. Runtime kernel kmem patching, 1998. URL http://doc.bughunter.net/rootkit-backdoor/kmem-patching.html

[7]

Steve Chamberlain. Lib bfd, the binary file descriptor library, 1991. URL http://sourceware.org/binutils/docs-2.19/bfd/index.html

[8]

Haibo Chen, Rong Chen, Fengzhe Zhang, Binyu Zang, and Pen-Chung Yew. Live updating operating systems using virtualization. In Proceedings of the 2nd ACM conference on Virtual Execution Environments, pages 35--44, 2006.

Digital Library

[9]

Remi Douence, Thomas Fritz, Nicolas Loriant, Jean-Marc Menaud, Marc Segura-Devillechaise, and Mario Sudholt. An expressive aspect language for system applications with arachne. In Proceedings of the 4th conference on Aspect--oriented Software Development, pages 27--38, 2005.

Digital Library

[10]

Nelson Elhage. Root exploit for cve-2007-4573, 2007. URL http://web.mit.edu/nelhage/Public/cve-2007-4573.c

[11]

Hannes Goullon, Rainer Isle, and Klaus-Peter Lohr. Dynamic restructuring in an experimental operating system. IEEE Transactions on Software Engineering, 4(4):298--307, 1978.

Digital Library

[12]

Deepak Gupta and Pankaj Jalote. On-line software version change using state transfer between processes. Software--Practice & Experience, 23(9):949--964, 1993.

Digital Library

[13]

Deepak Gupta, Pankaj Jalote, and Gautam Barua. A formal framework for on-line software version change. IEEE Transactions on Software Engineering, 22(2):120--131, 1996.

Digital Library

[14]

Roman Medina-Heigl Hernandez. Local r00t exploit for prctl core dump handling, 2006. URL http://seclists.org/fulldisclosure/2006/Jul/0235.html

[15]

Greg Hoglund and Jamie Butler. Rootkits: Subverting the Windows Kernel. Addison-Wesley Professional, 2005. ISBN 0321294319.

Digital Library

[16]

Joseph Kong. Designing BSD Rootkits. No Starch Press, 2007. ISBN 1593271425.

Digital Library

[17]

Greg Kroah-Hartman. Linux kernel unified stable trees, 2008. URL git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.6-stable.git

[18]

David E. Lowell, Yasushi Saito, and Eileen J. Samberg. Devirtualizable virtual machines enabling general, single-node, online maintenance. SIGPLAN Notices, 39(11):211--223, 2004.

Digital Library

[19]

Kristis Makris and Kyung Dong Ryu. Dynamic and adaptive updates of non-quiescent subsystems in commodity operating system kernels. In Proceedings of the 2nd ACM EuroSys Conference on Computer Systems, pages 327--340, 2007.

Digital Library

[20]

MITRE. Common vulnerabilities and exposures list, 2008. URL http://cve.mitre.org/cve

[21]

Iulian Neamtiu, Michael Hicks, Gareth Stoyle, and Manuel Oriol. Practical dynamic software updating for c. In Proceedings of the 2006 ACM conference on Programming Language Design and Implementation, pages 72--83, 2006.

Digital Library

[22]

qaaz. Root exploit for cve-2008-0600, 2008. URL http://milw0rm.com/exploits/5093

[23]

Joanna R. Root exploit for cve-2006-3626, 2006. URL http://milw0rm.com/exploits/2013

[24]

[email protected] and [email protected]. Linux on-the-fly kernel patching without lkm, 2001. URL http://www.phrack.org/issues.html?issue=58&id=7#article

[25]

Ariel Tamches and Barton P. Miller. Fine-grained dynamic instrumentation of commodity operating system kernels. In Proceedings of the 3rd symposium on Operating Systems Design and Implementation, pages 117--130, 1999.

Digital Library

[26]

Tool Interface Standard TIS. Executable and linkable format specification, 1993. URL http://www.skyfree.org/linux/references/ELF_Format.pdf

[27]

Linus Torvalds. Linux kernel tree, 2008. URL git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git

[28]

Fumitoshi Ukai. snapshot.debian.net, 2008. URL http://snapshot.debian.net

[29]

Helen J. Wang, Chuanxiong Guo, Daniel R. Simon, and Alf Zugenmaier. Shield: Vulnerability-driven network filters for preventing known vulnerability exploits. In Proceedings of the 2004 ACM SIGCOMM Conference, pages 193--204, 2004.

Digital Library

[30]

Amos Waterland. The stress workload generator for posix systems, 2007. URL http://weather.ou.edu/apw/projects/stress/

Cited By

Miller SKumar AVakharia TChen AZhuo DAnderson T(2024)Enoki: High Velocity Linux Kernel Scheduler DevelopmentProceedings of the Nineteenth European Conference on Computer Systems10.1145/3627703.3629569(962-980)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3627703.3629569
Watson JAgrawal STsang RLuo SPopa RDutta P(2024)Retcon: Live Updates for Embedded Event-Driven Applications2024 23rd ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN)10.1109/IPSN61024.2024.00015(126-137)Online publication date: 13-May-2024
https://doi.org/10.1109/IPSN61024.2024.00015
Ma TChen SWu YDeng ESong ZChen QGuo MAamodt TJerger NSwift M(2023)Efficient Scheduler Live Update for Linux Kernel with ModularizationProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3582016.3582054(194-207)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3582016.3582054
Show More Cited By

Index Terms

Ksplice: automatic rebootless kernel updates

Recommendations

Dynamic and adaptive updates of non-quiescent subsystems in commodity operating system kernels
EuroSys '07: Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007

Continuously running systems require kernel software updates applied to them without downtime. Facilitating fast reboots, or delaying an update may not be a suitable solution in many environments, especially in pay-per-use high-performance computing ...
Dynamic and adaptive updates of non-quiescent subsystems in commodity operating system kernels
EuroSys'07 Conference Proceedings

Continuously running systems require kernel software updates applied to them without downtime. Facilitating fast reboots, or delaying an update may not be a suitable solution in many environments, especially in pay-per-use high-performance computing ...
NeRTA: Enabling Dynamic Software Updates in Mobile Robotics
EWSN '22: Proceedings of the 2022 International Conference on Embedded Wireless Systems and Networks

We present NeRTA (Next Release Time Analysis), a technique to schedule dynamic software updates of the low-level control loops of mobile robots. Dynamic software updates enable software correction and evolution during system operation. In mobile robotics,...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

EuroSys '09: Proceedings of the 4th ACM European conference on Computer systems

April 2009

342 pages

ISBN:9781605584829

DOI:10.1145/1519065

General Chair:
Wolfgang Schröder-Preikschat
FAU Erlangen-Nuremberg, Germany
,
Program Chairs:
John Wilkes
Google, Inc., USA
,
Rebecca Isaacs
Microsoft Research, Cambridge, UK

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 April 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

EuroSys '09

Sponsor:

SIGOPS

EuroSys '09: Fourth EuroSys Conference 2009

April 1 - 3, 2009

Nuremberg, Germany

Acceptance Rates

Overall Acceptance Rate 241 of 1,308 submissions, 18%

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

133
Total Citations
View Citations
1,041
Total Downloads

Downloads (Last 12 months)54
Downloads (Last 6 weeks)1

Reflects downloads up to 15 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Miller SKumar AVakharia TChen AZhuo DAnderson T(2024)Enoki: High Velocity Linux Kernel Scheduler DevelopmentProceedings of the Nineteenth European Conference on Computer Systems10.1145/3627703.3629569(962-980)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3627703.3629569
Watson JAgrawal STsang RLuo SPopa RDutta P(2024)Retcon: Live Updates for Embedded Event-Driven Applications2024 23rd ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN)10.1109/IPSN61024.2024.00015(126-137)Online publication date: 13-May-2024
https://doi.org/10.1109/IPSN61024.2024.00015
Ma TChen SWu YDeng ESong ZChen QGuo MAamodt TJerger NSwift M(2023)Efficient Scheduler Live Update for Linux Kernel with ModularizationProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3582016.3582054(194-207)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3582016.3582054
Williams RGavazzi AKirda E(2023)Solder: Retrofitting Legacy Code with Cross-Language Patches2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER56733.2023.00015(49-60)Online publication date: Mar-2023
https://doi.org/10.1109/SANER56733.2023.00015
Wu YHua B(2023)RUSPATCH: Towards Timely and Effectively Patching Rust Applications2023 IEEE 23rd International Conference on Software Quality, Reliability, and Security (QRS)10.1109/QRS60937.2023.00057(517-528)Online publication date: 22-Oct-2023
https://doi.org/10.1109/QRS60937.2023.00057
Islam CProkhorenko VBabar M(2023)Runtime software patching: Taxonomy, survey and future directionsJournal of Systems and Software10.1016/j.jss.2023.111652200(111652)Online publication date: Jun-2023
https://doi.org/10.1016/j.jss.2023.111652
Dinh Ngoc TTeabe BTchana AMuller GHagimont D(2023)HyperTPJournal of Parallel and Distributed Computing10.1016/j.jpdc.2023.104733181:COnline publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1016/j.jpdc.2023.104733
Segalini ALopez Pacheco DUrvoy-Keller GHermenier FJacquemart Q(2022)Hy-FiX: Fast In-Place Upgrades of KVM HypervisorsIEEE Transactions on Cloud Computing10.1109/TCC.2021.305659010:4(2679-2690)Online publication date: 1-Oct-2022
https://doi.org/10.1109/TCC.2021.3056590
Olszewski DZhu WSathyanarayana SButler KTraynor P(2022)HallMonitor: A Framework for Identifying Network Policy Violations in Software2022 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS56114.2022.9947243(245-253)Online publication date: 3-Oct-2022
https://doi.org/10.1109/CNS56114.2022.9947243
Maroof UShaghaghi AMichelin RJha S(2022)iRECOVerFuture Generation Computer Systems10.1016/j.future.2022.02.014132:C(178-193)Online publication date: 1-Jul-2022
https://dl.acm.org/doi/10.1016/j.future.2022.02.014
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents