These technologies are competing to provide the best way to patch the Linux kernel without reboots or downtime Nobody loves a reboot, especially not if it involves a late-breaking patch for a kernel-level issue that has to be applied stat. To that end, three projects are in the works to provide a mechanism for upgrading the kernel in a running Linux instance without having to reboot anything. Ksplice The first and original contender is Ksplice, courtesy of a company of the same name founded in 2008. The kernel being replaced does not have to be pre-modified; all it needs is a diff file listing the changes to be made to the kernel source. Ksplice, Inc. offered support for the (free) software as a paid service and supported most common Linux distributions used in production. All that changed in 2011, when Oracle purchased the company, rolled the feature into its own Linux distribution, and kept updates for the technology to itself. As a result, other intrepid kernel hackers have been looking for ways to pick up where Ksplice left off, without having to pay the associated Oracle tax. Kgraft In February 2014, Suse provided the exact solution needed: Kgraft, its kernel-update technology released under a mixed GPLv2/GPLv3 license and not kept close as a proprietary creation. It’s since been submitted as a possible inclusion to the mainline Linux kernel, although Suse has rolled a version of the technology into Suse Linux Enterprise Server 12. Kgraft works roughly like Ksplice by using a set of diffs to figure out what parts of the kernel to replace. But unlike Ksplice, Kgraft doesn’t need to stop the kernel entirely to replace it. Any running functions can be directed to their old or new kernel-level counterparts until the patching process is finished. Kpatch Red Hat came up with its own no-reboot kernel-patch mechanism, too. Also introduced earlier this year — right after Suse’s work in that vein, no less — Kpatch works in roughly the same manner as Kgraft. The main difference, as outlined by Josh Poimboeuf of Red Hat, is that Kpatch doesn’t redirect calls to old kernel functions. Rather, it waits until all function calls have stopped, then swaps in the new kernel. Red Hat’s engineers consider this approach safer, with less code to maintain, albeit at the cost of more latency during the patch process. Like Kgraft, Kpatch has been submitted for consideration as a possible kernel inclusion and can be used with Linux kernels other than Red Hat’s. The bad news is that Kpatch isn’t yet considered production-ready by Red Hat. It’s included as part of Red Hat Enterprise Linux 7, but only in the form of a technology preview. …or Kgraft + Kpatch? A fourth solution proposed by Red Hat developer Seth Jennings early in November 2014 is a mix of both the Kgraft and Kpatch approaches, using patches built for either one of those solutions. This new approach, Jennings explained, “consists of a live patching ‘core’ that provides an interface for other ‘patch’ kernel modules to register patches with the core.” This way, the patching process — specifically, how to deal with any running kernel functions — can be handled in a more orderly fashion. The sheer newness of these proposals means it’ll be a while before any of them are officially part of the Linux kernel, although Suse’s chosen to move fast and made it a part of its latest enterprise offering. Let’s see if Red Hat and Canonical choose to follow suit in the short run as well. Software DevelopmentPatch Management SoftwareCareersOpen Source