SUSE kGraft patches Linux in live run time

The open source world this week hears that SUSE has developed a new technology known as kGraft for live run-time patching of the Linux kernel.

What is live run-time patching?


NOTE: run-time patching is also known as hot fixing, live patching, runtime patching, rebootless updates and sometmes even concurrent updates.

SUSE (the artist formerly known as Software-und System-Entwicklung) targets kGraft at sysadmins in the OSS world who want to install security patches without incurring system downtime.

We know that kGraft (sounds like a processed cheese, but it’s not) is currently listed as a “functional prototype” and after this stage its is then planned to be submitted upstream to the Linux kernel within the next two months.

No not downstream, this is upstream

Vojtech Pavlik of SUSE Labs clarifies that although there are a “couple” of technologies (Ksplice and OpenVZ Checkpointing) currently providing live patching of Linux, neither are available in the upstream Linux kernel.

“While kGraft is, by choice, limited to replacing whole functions and constants they reference, this does not limit the set of code patches that can be applied significantly. kGraft will offer tools to assist in creating the live patch modules, identifying which functions need to be replaced based on a patch, and creating the patch module source code, blogged Pavlik.


Ed: no not Kraft, we said kGraft!