For high-priority systems, it's difficult -- and often impossible -- to reboot a server. You can update nearly...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
every part of a Linux system without needing to reboot -- except for kernel patching. With kernel patching, you'll need to use either Ksplice or kpatch to update without a reboot.
Ksplice was originally developed as the first open source tool to apply live kernel patching. In 2011, Oracle acquired Ksplice and offered support for Oracle Linux. With that acquisition, Oracle dropped support for Red Hat Enterprise Linux (RHEL) and offered a 30-day trial version instead. At the same time, Oracle changed its support strategy, and the Oracle Linux kernel became a requirement to qualify for support on production systems. However, the software is available for free on desktop Linux systems, including Fedora and Ubuntu.
Since Ksplice is open source, there is no technical reason why you could not use it on RHEL. Since RHEL is an enterprise distribution, support on the OS is essential, and Red Hat has chosen not to do anything with Ksplice, but instead to offer kpatch. Red Hat developed kpatch and released it as open source software. It is fully merged into the version 4.0 Linux kernel.
Ksplice and kpatch analyze new lines of code that are applied through the patch. The systems run the diff command on the patch and the current kernel version, which exposes the differences that you will apply. As long as the patch does not make important changes to the kernel's data structures, you can apply it as a live patch. To apply the patch, the execution of the computer is frozen temporarily so that either Ksplice or kpatch is the only software running. Next, it ensures that the patch won't modify any functions that are currently being executed. Both Ksplice and kpatch will modify the beginning of the changed functions so that the next time the kernel refers to them, the tools will use the updated functions. Once the tools change all in-memory data structures, the kernel can resume its work.
Kpatch works in a similar way as Ksplice; live kernel patching runs through a core kernel module that is addressed by a set of user space utilities. Kpatch performs the kernel patching itself at a function level and addresses updates function by function. It installs the new function and then routes the function call to the new function instead of the old function. Like Ksplice, kpatch won't apply any changes to the kernel's internal data structures.
Which live kernel patching extension should I use?
From a technical perspective on live kernel patching extensions, Ksplice and kpatch are very similar. For that reason, it doesn't really matter which tool you use, as both will lead to the same result and have the limitation that you cannot apply changes to the kernel data structures. In most situations, that won't be a problem, as security patches rarely involve changes to the kernel data structures. To select the best live kernel patching product for you, it's important to evaluate the support that your Linux distribution offers. If you use RHEL, you should use kpatch, and if you use Oracle Linux, choose Ksplice.
SUSE Linux Enterprise Server 12 focuses on live Linux patching, server availability
Compare these different Linux server distribution options
Use these tips to make Linux system management easier