kexec (kernel execute), analogous to the Unix/Linux kernel callexec, is a mechanism of theLinux kernel that allows booting of a newkernel from the currently running one.
Essentially, kexec skips thebootloader stage andhardware initialization phase performed by the systemfirmware (BIOS orUEFI), and directly loads the new kernel intomain memory and starts executing it immediately. This avoids the long times associated with a full reboot, and can help systems to meet high-availability requirements by minimizingdowntime.[1][2]
While feasible, implementing a mechanism such as kexec raises two major challenges:
Memory of the currently running kernel is overwritten by the new kernel, while the old one is still executing.
The new kernel will usually expect all hardware devices to be in a well defined state, in which they are after a system reboot because the system firmware resets them to a "sane" state. Bypassing a real reboot may leave devices in an unknown state, and the new kernel will have to recover from that.
Support for allowing onlysigned kernels to be booted through kexec was merged into version 3.17 of theLinux kernel mainline, which was released on October 5, 2014.[3] This disallows aroot user to load arbitrary code via kexec and execute it, complementing theUEFI secure boot and in-kernel security mechanisms for ensuring that only signedLinux kernel modules can be inserted into the running kernel.[4][5][6]
Kexec is used byLinuxBoot to boot the main kernel from the Linux kernel located in the firmware.
