SUSE has released kGraft to the public, the technology it developed to deliver live, run-time patching of the Linux kernel. Unlike other technologies, kGraft doesn’t require stopping the kernel even for short periods, making it easier for IT staff to install critical security and other patches without system downtime.
“Originally a research project from SUSE Labs, kGraft has quickly shown its promise as a live patching Linux tool for enterprise users,” said Vojtěch Pavlík, director of SUSE Labs. “Providing quick and reliable response to unscheduled patching needs without requiring the shutting down or rebooting of any number of servers will increase the stability, cost efficiency and security of enterprise customers’ environments. This technology will enhance uptime in mission-critical environments.”
kGraft is based on modern Linux technologies, including INT3/IPI-NMI self-modifying code, an RCU-like update mechanism, mcount-based NOP space allocation and standard kernel module loading/linking mechanisms. By leveraging other Linux technologies, kGraft requires only a small amount of code to run.
Pavlík is speaking about kGraft live kernel patching today at the Linux Foundation’s Collaboration Summit 2014. SUSE will submit kGraft upstream while working with the Linux community to create a common, standard kernel live patching solution. For more information about kGraft and to download the code, visit suse.com/kgraft.