Back in March Google unveiled the Live Update Orchestrator “LUO” as a new means of live kernel updates for running production systems with a particular emphasis on servers running cloud workloads. A second iteration of the Live Update Orchestrator patches were posted for review today.
The Live Update Orchestrator subsystem is designed to provide for applying kernel updates while keeping designated devices running/operation across transition to the updated kernel. Google’s main use-case is for allowing Linux servers to receive kernel updates while having minimal disruption to any running virtual machines (VMs).
Compared to the likes of Kpatch and Ksplice for live-patching a running kernel, the Live Update Orchestrator is more about moving to a new kernel while keeping desired devices online without interruption during the “reboot” into the new kernel.
“Live Update is a specialized reboot process where selected kernel resources (memory, file descriptors, and eventually devices) are kept operational or their state preserved across a kernel transition (e.g., via kexec). For certain resources, DMA and interrupt activity might continue with minimal interruption during the kernel reboot.”
The Live Update Orchestrator builds off their soon-to-be-upstream work on Kernel HandOver “KHO” for the “reboot” into the new kernel. Live Update Orchestrator could be a big win for Google with their Google Cloud for keeping the servers up-to-date for security but with minimal impact to the VMs.
With the new v2 RFC patches posted a short time ago to the Linux kernel mailing list, the Live Update Orchestrator control interface has changed from being sysfs-based to a new ioctl interface. The sysfs support remains available for monitoring the LUO state.
The updated LUO code also now allows preserving file descriptors (FDs), the DebugFS interface is now optional, and various other improvements. Those interested in LUO can find the RFC v2 patch series on the Linux kernel mailing list.
