Embedded Fest 2021. Andrii Lukin. CloudLinux runtime kernel update for ARM growth difficulties

The talk from Embedded Fest 2021 ONLINE
Fb:   / embeddedfest  
Website: https://www.embeddedfest.com

CloudLinux provides stable and secure Linux for web-hosters or even embedded developers. One of the essential products is KernelCare which takes on most patching lifecycle tasks and completes them without system reboot. It helps to keep your kernel and shared libraries uptodate, but what's hidden behind it.
KernelCare allocates kernel memory, loads new secure code into it, momentarily freezes all processes in a 'safe' mode, and modifies original functions. Then jumps into new secure code, ensuring old (vulnerable) code can never run, unfreezes all processes, and resumes. And while for x86 systems, these steps are more or less established, there were many things to do for ARM-based ones.
Here I will disclose some ARM-related species which cause a headache for kernel live update system. It includes gcc's temper, ARM assembler details, and so on.