SUSE engineers will attempt to merge their kGraft live kernel patching mechanism into the mainline Linux kernel.
Back in February kGraft was announced
as a research project out of SUSE Labs for live patching a running Linux kernel in a different way than the well known Ksplice alternative for live Linux kernel patching. As I wrote yesterday, SUSE released the source code to kGraft
to coincide with the Linux Foundation Collaboration Summit in Napa and the talk they gave there on this new technology.
Vojtěch Pavlík of SUSE was the speaker to share more with kernel developers about kGraft. Those interested in live patching the kernel can find the PDF slides
available with all of the details. Some of the key notes from this summit presentation include:
- The advertised benefits of kGraft over other live kernel patching solutions include the kernel not ever needing to be stopped during the patching process, kGraft patch sources can undergo code review, and kGraft is lean. The kGraft source code is small due to leveraging other parts of the Linux kernel.
- A kGraft patch ends up being a .ko kernel module in a KMP RPM that replaces whole functions within the Linux kernel. New RPMs/modules can replace existing kGraft patches.
- kGraft is only designed to fix critical and simple bugs.
- Any changes requiring kernel data structure layout changes require special attention.
- kGraft depends on a stable build environment.
- SUSE developers wil submit kGraft for inclusion into Linus's upstream Linux kernel.
- SUSE intends to work together with the community and other developers to make a common standard for live kernel patching.