kGraft/kPatch support in Ubuntu 16.04 LTS
Andrew Martin
amartin at xes-inc.com
Tue Jan 26 21:52:34 UTC 2016
> ----- Original Message -----
> > From: "Chris J Arges" <chris.j.arges at canonical.com>
> > To: "Andrew Martin" <amartin at xes-inc.com>, kernel-team at lists.ubuntu.com
> > Sent: Wednesday, September 23, 2015 11:22:25 AM
> > Subject: Re: kGraft/kPatch support in Ubuntu 16.04 LTS
> >
> > On 09/23/2015 11:04 AM, Andrew Martin wrote:
> > > Hello,
> > >
> > > I was very excited to see live kernel patching get accepted into the
> > > mainline
> > > kernel in 4.0. For server environments where uptime is crucial and
> > > rebooting
> > > servers to install kernel security fixes is very disruptive, the ability
> > > to
> > > live
> > > patch security fixes into the running kernel is a very desirable feature.
> > > Are
> > > there any plans to add support for the kGraft/kPatch support available in
> > > 4.x
> > > series kernels in Ubuntu Server 16.04? This would be a fantastic feature
> > > for the next LTS release and would be a huge improvement to timely
> > > application
> > > of security fixes in Ubuntu servers!
> > >
> > > Thanks,
> > >
> > > Andrew Martin
> > >
> >
> > Andrew,
> >
> > Hey already replied on ubuntu-server ML, but figured I'd reply here too.
> > Just for clarification kGraft/kPatch have been mainlined into 'Kernel
> > Live Patching' which uses concepts from both technologies [1].
> >
> > So yes, we are actively looking into kernel live patching, stay tuned!
> >
> > [1] http://lwn.net/Articles/624546/
> >
> > --chris j arges
Hello,
Are there any updates on the status of kGraft/kPatch support in 16.04? Given
high risk kernel vulnerabilities like the recent CVE-2016-0728, this would be
a huge help in pushing out these patches in a timely manner without needing to
reboot every server to load the new kernel.
Thanks,
Andrew
More information about the kernel-team
mailing list