30

I am using webmin (which uses yum) to install updates on my server, and it somestimes updates kernel as well including kernel-firmware and kernel-headers. Do I need to restart the server after a kernel update?

giorgio79
  • 1,747
  • 9
  • 25
  • 36

4 Answers4

32

There are at least two reasons for rebooting:

  1. You probably want to use the advantages of the newer version (security fixes)
  2. Usually during a kernel update the module tree of the old kernel is removed. Thus if you (or some script) unload a module then the system cannot load it again because it finds only the newer one on disk (if at all) and this is compiled for a different kernel and thus cannot be loaded (at least usually).
Hauke Laging
  • 5,157
  • 2
  • 23
  • 40
  • 5
    On Red Hat/CentOS and Ubuntu (and all distros which are responsible about how they do kernel upgrades), #2 doesn't happen, because the old kernel package is left in place. I very much wish Debian would take the hint from them... – Paul Gear May 01 '13 at 10:51
  • @PaulGear , a couple times on Ubuntu, after a kernel update, I didn't reboot, but later that day, something broke. (Sorry, it was a long time ago, but it seemed due to not rebooting after the kernel update.) Any idea what it might be? I came here looking for more information on why I need to reboot after a kernel update, as I wish I didn't have to. (If I accept the security risk.) – Flurrywinde Jun 19 '21 at 14:28
  • I'm afraid "something broke" isn't specific enough to answer that question. For the record, since 2013, Debian has started releasing updates in the same way as Ubuntu, and the old kernel is not immediately removed. – Paul Gear Jun 20 '21 at 20:32
  • @Flurrywinde Have a look into the Ubuntu kernel livepatch facility - free for personal use (up to 3 machines): https://ubuntu.com/security/livepatch – Paul Gear Jun 20 '21 at 20:34
  • Re: "something broke." Yeah, I know. Sorry. I can't even remember for sure, but I think it involved having to uninstall and reinstall a package. I suspect it was after 2013 too, but can't even be sure of that anymore. Sheesh. But it happened more than once, so I suspect not rebooting after a kernel update can still break things despite the above. Thanks for the link to the livepatch facility. Looks good! – Flurrywinde Jun 22 '21 at 14:00
14

To actually use the new kernel you will have to reboot.
No way around that.

Do you have to reboot immediately after installing the update ?
In general NOT, you can schedule the reboot for a more convenient moment.

But it is NOT a good idea to install more updates before you reboot.
Some updates have different versions depending on which kernel you are running.

And anyway: After rebooting with a new kernel always check for updates. Some of your existing packages may need a new version after the kernel update.

Tonny
  • 6,252
  • 1
  • 17
  • 31
5

It depends.

Ksplice takes care of all security updates but it depends on the updates and it's not free. You can check here for details for yum as well.

You also have the option of using kexec which will require a reboot but will skip the hardware part of the boot.

user
  • 1,408
  • 8
  • 10
-1

With Linux 4.0 and later, they say you don't have to reboot for the Kernel anymore.

https://www.linuxjournal.com/content/no-reboot-kernel-patching-and-why-you-should-care

Andrew
  • 107
  • 1
  • This may not be enabled by default. For example, this url: https://wiki.archlinux.org/title/Kernel_live_patching implies additional steps must be taken. Thanks for the answer, though, as it does provide useful information. (I didn't know about this feature until I saw it.) However, as it's written, it's misleading, so that might explain the downvotes. I got excited, thinking I didn't have to reboot my system after kernel updates anymore, but it's not true. – Flurrywinde Jun 19 '21 at 14:23
  • I have a Fedora server that patches its Kernel without rebooting. I confirm this by seeing what version the running Kernel reports to be running. I recently upgraded the distro and even that process did not to want to reboot. This leads me to believe they have this working very well. – Andrew Jun 20 '21 at 19:39
  • I looked into this more, and Arch doesn't. (I did the test here: https://linux-audit.com/livepatch-linux-kernel-updates-without-rebooting/ ) I wondered why and found this: https://bugs.archlinux.org/task/61822 Thus, it looks like there's a security implication to live-patching the kernel, but I could see how on a server, the downtime of rebooting might outweigh this concern, which might be why your Fedora installation does it? – Flurrywinde Jun 22 '21 at 14:17
  • Looks like I have to take back what I said about the distro upgrade not needing a reboot. There is a separate command "dnf system-upgrade reboot" that needs to be run. – Andrew Jun 23 '21 at 03:03
  • @Andrew I've upvoted because it gives useful insight as what is possible but I would urge you to edit your answer with your comments combined and correct the misleading parts. – Pierre-Luc Bertrand Oct 05 '21 at 15:49