Nixpkgs: live kernel patching using kexec

Created on 30 Oct 2015 · 11Comments · Source: NixOS/nixpkgs

Could nixos-rebuild switch support live kernel updates via kexec? Should it?

kernel

Source

copumpkin

👍3

Most helpful comment

still important to me

Pitometsu on 3 Jun 2020

👍7

All 11 comments

Probably related to #2079 but for internal use

copumpkin on 30 Oct 2015

How do you propose this to work?

CMCDragonkai on 5 Nov 2015

Ksplice is available for free but appears unmaintained. Other than that, perhaps KernelCare, kpatch, or kGraft could do the trick.

copumpkin on 18 Nov 2015

There is KUP; it uses CRIU/kexec and in general seems to be the most flexible approach.

I found some code at https://github.com/sanidhya/kup-linux/tree/kup-ppp; cc @sanidhya who perhaps can explain KUP's status.

Mathnerd314 on 6 Dec 2015

I have worked on KUP prototype sometime back. It's a research prototype which works fine for most of the cases, except these: https://criu.org/What_cannot_be_checkpointed. I will be releasing the basic code by the end of January and will try to maintain it as a package. If you are interested to learn more about the complete design, then I can forward the draft privately.

sanidhya on 6 Dec 2015

I'm interested to learn more about the design.
On 07/12/2015 4:46 AM, "Sanidhya" [email protected] wrote:

I have worked on KUP prototype sometime back. It's a research prototype
which works fine for most of the cases, except these:
https://criu.org/What_cannot_be_checkpointed. I will be releasing the
basic code by the end of January and will try to maintain it as a package.
If you are interested to learn more about the complete design, then I can
forward the draft privately.

—
Reply to this email directly or view it on GitHub
https://github.com/NixOS/nixpkgs/issues/10726#issuecomment-162331516.

CMCDragonkai on 7 Dec 2015

(triage) @sanidhya did you follow up on the packaging?

Profpatsch on 24 Jul 2016

(triage, again :)

The CRIU package is available by now :smile:

However, it seems like the KUP project isn't making any progress (source code is still not available and probably never will be).

Is this issue still relevant?
Imho live-patching for the kernel would be great, but we need someone to spend time on this (issue).

Some notes:

AFAIK live-patching only works for small security-patches -> upgrading the kernel won't be possible that way
livepatch seems like the way to go
- Merged into the Linux kernel
- But: only limited features yet
If we need more features we could use kpatch (or kGraft)
- Could be used with livepatch as well

primeos on 20 Feb 2017

Yeah, 👍 for livepatch, if only because it's "vanilla" kernel

copumpkin on 20 Feb 2017

👍1

Thank you for your contributions.

This has been automatically marked as stale because it has had no activity for 180 days.

If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.

Here are suggestions that might help resolve this more quickly:

Search for maintainers and people that previously touched the related code and @ mention them in a comment.
Ask on the NixOS Discourse.
Ask on the #nixos channel on irc.freenode.net.