SUSE® has released kGraft to the public, the technology it developed to deliver live, run-time patching of the Linux kernel. Unlike other technologies, kGraft doesn’t require stopping the kernel even for short periods, making it easier for IT staff to install critical security and other patches without system downtime.
“Originally a research project from SUSE Labs, kGraft has quickly shown its promise as a live patching Linux tool for enterprise users,” said Vojtech Pavlik, director of SUSE Labs. “Providing quick and reliable response to unscheduled patching needs without requiring the shutting down or rebooting of any number of servers will increase the stability, cost efficiency and security of enterprise customers’ environments. This technology will enhance uptime in mission-critical environments.”
kGraft is based on modern Linux technologies, including INT3/IPI-NMI self-modifying code, an RCU-like update mechanism, mcount-based NOP space allocation and standard kernel module loading/linking mechanisms. By leveraging other Linux technologies, kGraft requires only a small amount of code to run.
Pavlik is speaking about kGraft live kernel patching today at the Linux Foundation’s Collaboration Summit 2014. SUSE will submit kGraft upstream while working with the Linux community to create a common, standard kernel live patching solution. For more information about kGraft and to download the code, visit www.suse.com/kgraft.
SUSE, a pioneer in open source software, provides reliable, interoperable Linux and cloud infrastructure solutions that give enterprises greater control and flexibility. More than 20 years of engineering excellence, exceptional service and an unrivaled partner ecosystem power the products and support that help our customers manage complexity, reduce cost, and confidently deliver mission-critical services. The lasting relationships we build allow us to adapt and deliver the smarter innovation they need to succeed – today and tomorrow. For more information, visit www.suse.com.