The winning Linux kernel live patch: All of the above

Two competing approaches for live kernel patching have been fused into a hybrid strategy and submitted for acceptance to Linux 3.20 kernel

Life's choices often amount to one of two options: Linux or Windows? Android or iOS? Kgraft or Kpatch?

That last pair consists of the two major contenders for the technology Linux could use for live kernel patches. Now a winner is in, and it amounts to all of the above.

According to a post on the official Linux kernel developer's mailing list, a kernel patching system that works with both Kgraft and Kpatch and uses "core functionality abstracted out of [those] already existing implementations" has been proposed as an addition to the Linux 3.20 kernel.

Suse's Kgraft and Red Hat's Kpatch both attempt to provide a solution for live-patching a running Linux kernel. Both work in roughly the same way, but are implemented in slightly different fashions. Of the two, Kgraft is being deployed in production right now in Suse Linux Enterprise Server 12; the Red Hat technology is still considered experimental.

A third proposal, a hybrid of the two, was proposed by a Red Hat developer in November of this year. Not only does it fuse ideas from both Kgraft and Ksplice, it accepts patches used by either solution. The beauty of the arrangement is that any existing organization that's made use of either technology won't be left in the cold. There may eventually be a consolidation for the patch format, but it can happen in its own time.

One trend to note is a live-patching's affect (if only indirect) on the rate at which Linux clusters are deployed to allow rolling upgrades, especially in smaller organizations. CoreOS, for instance, aims to make the process of rolling upgrades across a cluster into as automatic a process as possible -- essentially, delivering Linux as a service. The two technologies are likely the be more complementary than competitive, especially if CoreOS remains in the domain of cloud providers rather than behind-the-firewall enterprise installations.

Copyright © 2014 IDG Communications, Inc.