Tag: kGraft

Now that everything has been set to go as described in Part 1 (Key technical obstacles for Live Patching Meltdown), Part 2 (Virtual address mappings and the Meltdown vulnerability)  and Part 3 (Changes needed for Translation Lookaside Buffer (TLB) flushing primitives), the last missing piece is to actually replace the entry code and make it […]

Read More

Building upon the Part 1 (Key technical obstacles for Live Patching Meltdown) and the Part 2 (Virtual address mappings and the Meltdown vulnerability), let’s now address the needed changes to the TLB flushing primitives. In order to resolve virtual to physical addresses, a CPU must traverse the page table tree. This is a costly thing to […]

Read More

Following up on the Part 1 about key technical obstacles for Live Patching Meltdown, in this blog I will give you some background on virtual address mappings in context of the Meltdown vulnerability and look at patching kGraft itself! Virtually mapped memory is a protection feature provided by the CPU, orthogonal to the privilege separation […]

Read More

Meltdown is one of the biggest and complex security vulnerabilities that happened recently and impacted almost everyone. I am a SUSE live patching engineer and wanted to share with you how unique fixing this vulnerability was in terms of scope and complexity. My goal was to see if I could also create a live patch […]

Read More

“This article is from The SUSE Insider, a technical quarterly publication for SUSE customers to help them get the most value from their SUSE solutions.” All you need to know to take advantage of live kernel patching and improve your uptime. This article not only covers the “why,” “when,” “who,” “what” and “how”; it gives you caveats and tips to navigate any possible rough spots…

Read More

It’s always be fun at SUSECon.  And this year at SUSECon, we’re happy to announce a long-anticipated new offering: SUSE Linux Enterprise Live Patching. This offering is based on the kGraft project — and can perform critical kernel patches without rebooting your server, maximizing your up-time and service availability.  Now you have one more tool to go Towards Zero […]

Read More

Check out this slideshow about live patching of the Linux kernel using kGraft.  Vojtech Pavlik, the Director of SUSE labs, lays out some important info such as: Why live patching is so much better than rebooting — especially for mission-critical servers How kGraft works Limitations of kGraft He also includes excellent details about: Exactly where […]

Read More

SUSE has released kGraft to the public, the technology it developed to deliver live, run-time patching of the Linux kernel. Unlike other technologies, kGraft doesn’t require stopping the kernel even for short periods, making it easier for IT staff to install critical security and other patches without system downtime. “Originally a research project from SUSE […]

Read More

In the 2 weeks since we announced the existence of kGraft, there have been many questions about how this solution for live-patching the Linux kernel works. And because (moving) pictures often speak louder than words, here is a video of kGraft in action on the official SUSE YouTube channel.

Read More

Vojtěch’s announcement about kGraft started a number of interesting discussions, e.g. at LWN, Reddit, and German Heise. All of those discussions have some common topics. One of these is the question whether a live kernel patching solution such as kGraft is necessary at all.

Read More