Canonical Offers Reboot-Free ARM64 Kernel Updates

Canonical announced the expansion of the Livepatch service to systems with Ubuntu 26.04 LTS and Ubuntu Core 26, using processors based on the ARM64 architecture. Previously, Live patches were distributed only for the x86_64 architecture, since the Linux kernel for the ARM64 architecture lacked support for reliable stack traces (CONFIG_HAVE_RELIABLE_STACKTRACE) to identify activity related to interrupt handling, and the objtool and kpatch tools lacked full-fledged opportunities to assess the condition before and after applying the patch. It took three years to implement the project and rework the infrastructure to use live patches on ARM64 systems.

The Livepatch mechanism allows you to patch the Linux kernel on a running system without requiring a reboot and avoiding downtime. Live patches only cover fixes for vulnerabilities that are rated high or critical. To change the kernel on the fly, the method of replacing functions in the kernel and redirecting to a new function using the standard ftrace subsystem is used. The patch is designed as a kernel module that performs the necessary substitution of function code.

Live patches are provided as part of the Ubuntu Pro service, which allows you to receive updates with vulnerability fixes for 10 years (the standard maintenance period for LTS branches is 5 years) for an additional 23 thousand packages, in addition to packages from the repository Main. A free subscription to Ubuntu Pro is available to individuals and small businesses with up to 5 physical hosts in their infrastructure (the program also covers all virtual machines hosted on these hosts). Official members of the Ubuntu community can get free access for up to 50 hosts. Paid subscriptions for businesses cost $25 per year per workstation and $500 per year per server.

To obtain access tokens for the Ubuntu Pro free service, you need an account in Ubuntu One, which can be obtained