Kernel patching with kexec: updating a CentOS 7 kernel without a full reboot

Mattias Geniar, Thursday, February 23, 2017

tl;dr: you can use kexec to stage a kernel upgrade in-memory without the need for a full reboot. Your system will reload the new kernel on the fly and activate it. There will be a service restart of every running service as the new kernel is loaded, but you skip the entire bootloader & hardware initialization.

By using kexec you can upgrade your running Linux machine's kernel without a full reboot. Keep in mind, there's still a new kernel load, but it's significantly faster than doing the whole bootloader stage and hardware initialization phase performed by the system firmware (BIOS or UEFI).

Yes, calling this kernel upgrades without reboots is a vast exaggeration. You skip parts of the reboot, though, usually the slowest parts.

Installing kexec

On a CentOS 7 machine the kexec tools should be installed by default, but just in case they aren't;

$ yum install kexec-tools

After that, the kexec binary should be available to you.

Install your new kernel

In this example I'll upgrade a rather old CentOS 7 kernel to the latest.

$ uname -r

So I'm now running the 3.10.0-229.14.1.el7 kernel.

To upgrade your kernel, first install the latest kernel packages.

$ yum update kernel
 Package                 Arch      Version                        Repository  Size
 kernel                  x86_64    3.10.0-514.6.1.el7             updates     37 M

This will install the


kernel on my machine.

So a quick summary (on new lines, so you see the kernel version difference):

From: 3.10.0-229.14.1.el7
To: 3.10.0-514.6.1.el7

$ rpm -qa | grep kernel | sort

Once you installed the new kernel, it's time for the kexec in-memory upgrading magic.

In-memory kernel upgrade with kexec

As a safety command, unload any previously attempted kernels first. This is harmless and will make sure you start "cleanly" with your upgrade process.

$ kexec -u

Now, state the new kernel to be loaded. Note these are the version numbers of the latest installed kernel with yum, as shown above.

$ kexec -l /boot/vmlinuz-3.10.0-514.6.1.el7.x86_64 \
 --initrd=/boot/initramfs-3.10.0-514.6.1.el7.x86_64.img \

Careful: next command will reload a new kernel and will impact running services!

Once prepared, start kexec.

$ systemctl kexec

Your system will freeze for a couple of seconds, load the new kernel and be good to go.

Some benchmarks

A very quick and unscientific benchmark of doing a yum update kernel with and without kexec.

Normal way, kernel upgrade + reboot: 28s
Kexec way, kernel upgrade + reload: 19s

So you have a couple of seconds of the new kernel load, for big physical machines with lots of RAM, this will be even more as the entire POST check can be skipped with this method.

Here's a side-by-side run of the same kernel update. On the left: the kexec flow you've read above. On the right, a classic yum update kernel && reboot.

Notice how the left VM never goes into the BIOS or POST checks.

If you're going to be automating these updates, have a look at some existing scripts to help you going: kexec-reboot, ArchWiki on kexec.

Hi! My name is Mattias Geniar. I'm a Support Manager at Nucleus Hosting in Belgium, a general web geek & public speaker. Currently working on DNS Spy & Oh Dear!. Follow me on Twitter as @mattiasgeniar.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!


Igor Friday, March 3, 2017 at 15:23 - Reply

Thanks for promoting kexec (which is nothing new and is able to do what you have described for more than 7 years) but please update your article/video:

Using kexec has nothing to do with “patching” a kernel. And you aren’t doing anything “live”. You are just restarting the OS (not the whole system!), i.e. your are avoiding your system’s firmware (BIOS, now EFI) initializing including PXE boot, HW RAID, or other peripheral devices. But you have to shutdown all running processes and services, unmount file systems, will lose network connectivity…

The real live patching capability of the kernel is a different thing. It allows you to keep your entire system up and running without interrupting services.

gnutux95 Friday, March 10, 2017 at 02:18 - Reply

Thank you for your presentation of kexec.

Juste a note for best practice professionnel :

No update kernel -> NEVER -> yum update kernel-* (NEVER)

You make an NEW install not an upgrade -> yum install kernel-*

Illya Sunday, March 12, 2017 at 10:50 - Reply

IIRC, Yum will treat a yum upgrade kernel* as a yum install operation thus giving the admin a helping hand.

Jack Thursday, August 10, 2017 at 08:00 - Reply

I tried as you suggested as above., But after I run the command systemctl kexec server is not responding until I reboot manually.

Mats Saturday, May 26, 2018 at 15:33 - Reply

This works perfectly, updated 5 Centos 7 hosts with
yum update
kexec -u
kexec -l /boot/vmlinuz-3.10.0-862.3.2.el7.x86_64 –initrd=/boot/initramfs-3.10.0-862.3.2.el7.x86_64.img –reuse-cmdline
systemctl kexec (lost ssh conection here and loged in again to a live upgraded machine)
I give two thumbs up!

Leave a Reply

Your email address will not be published. Required fields are marked *