Wednesday
Room 1
15:00 - 16:00
(UTC+02)
Talk (60 min)
An engineer's guide to Linux Kernel upgrades
Because the kernel code executes at the highest privilege level and a kernel bug usually crashes the whole system, many SREs, production engineers and system administrators try to avoid upgrading the kernel too often for the sake of stability.
There is a tendency to create more obstacles to Linux kernel releases (requiring more approvals etc). But introducing all these obstacles and not treating kernel updates like any other software usually significantly increases the risk for the company and their service of being exploited.
One of the reasons SREs and engineers are too afraid of ANY kernel upgrade is that they don’t actually know the details about Linux kernel release process and policy. This talk tries to demystify Linux Kernel releases and provides a guide on how to distinguish a kernel bugfix release from a feature release. We also describe how kernel releases are implemented in our company and propose possible approaches to deploy kernel upgrades regularly with minimal risk.
Ignat Korchagin
Ignat is a systems engineer at Cloudflare working mostly on Linux, platforms and hardware security. Ignat’s interests are cryptography, hacking, and low-level programming. Before Cloudflare, Ignat worked as a senior security engineer for Samsung Electronics’ Mobile Communications Division. His solutions may be found in many older Samsung smart phones and tablets. Ignat started his career as a security researcher in the Ukrainian government’s communications services.