Livepatching completeness - a review of considerations for success

Session information has not yet been published for this event.

*

One Line Summary

This talk covers areas of improvements to help livepatching be widely adopted and used

Abstract

Live patching is gaining momentum in the kernel, with ports to several architectures.
We soon expect distributions to be shipping live patches to the kernel. This proposal
discusses some of the issues we have from both a development and administrative viewpoint

From an administrative user view point we should look at

1. We need to look at some of the security issues around live-patching. Can live-patching be used to hide rootkits?
2. Availability of similar infrastructure in user mode

From a development viewpoint we should look at
1. We need to work on a comprehensive suite of tests to ensure reliability of live patching implementations
2. Alternatives to using ftrace infrastructure for live-patching
3. Porting live-patching to other architectures – lessons learnt from ppc64le

The proposed talk covers some recommendations in each of the above areas

Tags

testing, security, alternative-implementations

Presentation Materials

slides

Speaker

  • Biography

    Balbir Singh is a developer who has been working on Linux for over a decade. After developing memory cgroups and some parts of the scheduler cpuacct, he moved his interests to security. Balbir had a stint with security developing and working on whitelisting and is now back to working on the core kernel.