By: Nicolai Stange

May 7, 2018 1:54 pm

3,491 views

Live Patching Meltdown – SUSE Engineer’s research project (Part 4 – The Conclusion)

Now that everything has been set to go as described in Part 1 (Key technical obstacles for Live Patching Meltdown), Part 2 (Virtual address mappings and the Meltdown vulnerability)  and Part 3 (Changes needed for Translation Lookaside Buffer (TLB) flushing primitives), the last missing piece is to actually replace the entry code and make it […]

Read More



By: Nicolai Stange

May 4, 2018 12:20 pm

3,636 views

Live Patching Meltdown – SUSE Engineer’s research project (Part 3)

Building upon the Part 1 (Key technical obstacles for Live Patching Meltdown) and the Part 2 (Virtual address mappings and the Meltdown vulnerability), let's now address the needed changes to the TLB flushing primitives. In order to resolve virtual to physical addresses, a CPU must traverse the page table tree. This is a costly […]

Read More



By: Nicolai Stange

May 3, 2018 11:59 am

3,807 views

Live Patching Meltdown – SUSE Engineer’s research project (Part 2)

Following up on the Part 1 about key technical obstacles for Live Patching Meltdown, in this blog I will give you some background on virtual address mappings in context of the Meltdown vulnerability and look at patching kGraft itself! Virtually mapped memory is a protection feature provided by the CPU, orthogonal to the privilege separation […]

Read More



By: Nicolai Stange

May 2, 2018 2:37 pm

6,546 views

Live Patching Meltdown – SUSE Engineer’s research project (Part 1)

Meltdown is one of the biggest and complex security vulnerabilities that happened recently and impacted almost everyone. I am a SUSE live patching engineer and wanted to share with you how unique fixing this vulnerability was in terms of scope and complexity. My goal was to see if I could also create a live patch […]

Read More



By: Vojtěch Pavlík

August 12, 2015 11:22 am

10,073 views

Reboot Reloaded: Patching the Linux Kernel Online

"This article is from The SUSE Insider, a technical quarterly publication for SUSE customers to help them get the most value from their SUSE solutions." Author: Vojtech Pavlik is director of SUSE Labs, a department within SUSE R&D focusing on core technologies and research. He is one of the creators of […]

Read More



By: George Shi

November 18, 2014 3:26 pm

5,361 views

SUSE Linux Enterprise Live Patching is launched!

It’s always be fun at SUSECon.  And this year at SUSECon, we’re happy to announce a long-anticipated new offering: SUSE Linux Enterprise Live Patching. This offering is based on the kGraft project -- and can perform critical kernel patches without rebooting your server, maximizing your up-time and service availability.  Now you […]

Read More



By: Bryan Lunduke

February 16, 2014 12:28 pm

4,344 views

Video demo: Live Linux Kernel Patching with kGraft

In the 2 weeks since we announced the existence of kGraft, there have been many questions about how this solution for live-patching the Linux kernel works. And because (moving) pictures often speak louder than words, here is a video of kGraft in action on the official SUSE YouTube channel.[…]

Read More



By: Matthias G. Eckermann

February 7, 2014 7:59 am

7,803 views

Do We Need "kGraft" at All?

Editor's Note:  kGraft is now available for download. Vojtěch's announcement about kGraft started a number of interesting discussions, e.g. at LWN, Reddit, and German Heise. All of those discussions have some common topics. One of these is the question whether a live kernel patching solution such as kGraft is necessary at all. Some typical […]

Read More



By: Vojtěch Pavlík

January 31, 2014 7:49 am

65,618 views

kGraft: Live Kernel Patching

Editor's Note: kGraft is now known as Live Patching. It has many names - hot fixing, live patching, runtime patching, rebootless updates, concurrent updates.  It's a holy grail of uptime. It is longed for by scientists who really do not want to stop a simulation that has been running for the past few months […]

Read More