KernelCare
   HOME

TheInfoList



Click Here for Items Related To - KernelCare
OR:
KernelCare on:   [Wikipedia]   [Google]   [Amazon]

KernelCare is a live kernel patching service that provides security patches and bugfixes for a range of popular Linux kernels that can be installed without
reboot In computing, rebooting is the process by which a running computer system is restarted, either intentionally or unintentionally. Reboots can be either a cold reboot (alternatively known as a hard reboot) in which the power to the system is physi ...
ing the system. KernelCare software is a commercial product. The first beta was introduced in March 2014 and it was commercially launched in May 2014.


Overview

KernelCare agent resides on user's
server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...
. It periodically checks in with KernelCare distribution servers. If there are new patches available for the currently running
kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine learn ...
, KernelCare agent downloads and applies those patches to the running kernel. A KernelCare
patch Patch or Patches may refer to: Arts, entertainment and media * Patch Johnson, a fictional character from ''Days of Our Lives'' * Patch (''My Little Pony''), a toy * "Patches" (Dickey Lee song), 1962 * "Patches" (Chairmen of the Board song) ...
is a piece of code used to substitute vulnerable or buggy code in a kernel. It can be an arbitrary code line modification, or it can be a missing security check, a set of functions, or even modified data structures. The patch is compiled as usual, but the generated code has additional information about all changed code pieces caused by original source code modification and information on to how to apply these code pieces. The resulting code modifications are safely applied to the running kernel. A special KernelCare
kernel module In computing, a loadable kernel module (LKM) is an object file that contains code to extend the running kernel, or so-called ''base kernel'', of an operating system. LKMs are typically used to add support for new hardware (as device drivers) and/o ...
applies the patches. It loads the patches into the kernel address space, sets up the relocations (i.e., fixes the references to the original kernel code and data), and safely switches the execution path from the original code to updated code blocks. The code ensures the patch is applied safely so the CPU doesn't execute the original code blocks at the same moment when switching to a new version.


See also

*
Dynamic software updating In computer science, dynamic software updating (DSU) is a field of research pertaining to upgrading programs while they are running. DSU is not currently widely used in industry. However, researchers have developed a wide variety of systems and te ...
, a field of research focusing on upgrading programs while they are running *
kexec kexec, abbreviated from ''kernel execute'' and analogous to the Unix/Linux kernel call ''exec'', is a mechanism of the Linux kernel that allows booting of a new kernel from the currently running one. Essentially, kexec skips the bootloader stage ...
, a method for loading a whole new kernel from a running system *
kGraft kGraft is a feature of the Linux kernel that implements live patching of a running kernel, which allows kernel patches to be applied while the kernel is still running. By avoiding the need for rebooting the system with a new kernel that cont ...
,
kpatch kpatch is a feature of the Linux kernel that implements live patching of a running kernel, which allows kernel patches to be applied while the kernel is still running. By avoiding the need for rebooting the system with a new kernel that cont ...
and
Ksplice Ksplice is an open-source extension of the Linux kernel that allows security patches to be applied to a running kernel without the need for reboots, avoiding downtimes and improving availability (a technique broadly referred to as dynamic softw ...
, other Linux kernel live patching technologies developed by SUSE, Red Hat and Ksplice, Inc. (later acquired by Oracle), respectively


References


External links

* {{Operating system Free security software programmed in C Linux kernel live patching Linux-only free software