Bad Reasons to Update Your Linux Kernel
Freshen up with something new and improved – if it’s as simple as applying a software update…. well, why not? That’s a tempting argument to make for things like updating your Linux kernels and it’s no surprise that junior sysadmins are sometimes tempted to quickly apply a kernel update.
But a Linux kernel update is not to be taken lightly. In the world of enterprise Linux, change means risk. Whatever reasons you think you might have to update your Linux kernel, there is only one that really matters.
In this article, we’ll look at some of the less good reasons to perform a Linux kernel update – and point to that one good reason.
New Features and Updated Drivers
Major updates to the kernel sometimes introduce new features. New features can appear appealing at first glance, but it is unlikely that any software that you use will utilize these updates for several years. It is also rare for new features in the kernel to be so essential that you need the feature for the proper functioning of your existing solution.
The same goes for driver updates. Most of it will be for hardware that you don’t own or don’t use. Unless you rely on cutting-edge hardware released in the last 6-12 months, it’s unlikely that any updates will significantly improve your server’s performance or stability, particularly if your servers are already stable. And your system was running just fine so far, right?
You could update your kernels to onboard the latest features etc, but you won’t get much in return. What you will get, however, is the risk that something breaks due to the update… and you’ll never know what it is that will break, or when it will happen.
Performance and Stability Improvements
The Linux community devotes a considerable amount of time to enhancing the performance of Linux, and the performance enhancements are published in new kernel releases. But the Linux kernel is already highly efficient, and the marginal performance gains for most systems may not be perceptible.
While certain subsystems could experience notable advancements, generally, even significant updates typically yield less than a 1% boost in performance for regular workloads and can sometimes lead to a slight reduction in performance. It’s not worth the risk.
Some Linux kernel updates promise improved stability. There is also very little reason to update your kernel for the sake of stability. Yes, there are always ‘edge cases’ that affect a very tiny percentage of servers. If your servers are stable, then a kernel update is more likely to introduce new issues that make things less stable, not more.
The Good Reason to Update the Linux Kernel
So, is there a good reason to update your kernel? Yes, there is: for security. New vulnerabilities emerge in the Linux kernel all the time. The only way to fix the vulnerability is by updating your Linux kernel with a kernel version that is not vulnerable.
And you absolutely must do it. If you run a kernel that has known vulnerabilities, it opens the door for hackers to gain access to your servers. In addition, failing to update your kernels (also known as patching your kernels) may result in non-compliance with various standards and security best practices.
Therefore, ensuring the security of your system and kernel is crucial. Fortunately, live kernel patching services, such as KernelCare from TuxCare, can help achieve this without the need for a full kernel upgrade or reboot.
Update (Only When Needed) and Act Quickly
Just because others are updating their Linux kernel does not mean you should follow suit. Everyone’s system and needs are different, and blindly following the crowd can lead to disruption.
But there is an exception: critical security updates require an immediate kernel update. Yet kernel updates for security can be a real headache simply because updates are so frequent.
Automated live patching can help because it removes the need to constantly restart Linux instances to ensure that a security update is applied. PS: you can read more about TuxCare’s range of live patching services here.