This document describes the basic principles of the Kernel Live Patching (KLP) technology, and provides usage guidelines for the SLE Live Patching service.
KLP is a live patching technology for runtime patching of the Linux kernel, without stopping the kernel. This maximizes system uptime, and thus system availability, which is important for mission-critical systems. By enabling dynamic patching of the kernel, the technology also encourages users to install critical security updates without deferring them to a scheduled downtime.
Enabling KLP requires no special steps other than enabling the Live Patching service, and then applying the patches as they become available. The service is part of the normal software management system, and patches are installed (or removed) with the usual package management tools. There is no need to install or manually select special kernels.
A KLP patch is a kernel module, intended for replacing whole functions in the kernel. Kernel Live Patching primarily offers in-kernel infrastructure for integration of the patched code with the base kernel code at runtime.
The information provided in this document relates to the AMD64/Intel 64 and POWER architectures. KLP is supported on the Xen hypervisor.