SUSE largesse kGraft

SUSE from its barrio has released kGraft to the public, the technology it developed to provide live, run-time patching of the Linux kernel. Unlike other technologies, kGraft doesn’t necessitate stopping the kernel even for short periods, making it easier for IT staff to install critical security and other patches sans system downtime.

“Originally a research project from SUSE Labs, kGraft has quickly shown its promise as a live patching Linux tool for enterprise users,” alleged Vojtěch Pavlík, director of SUSE Labs.  Supplementing that – “Providing quick and reliable response to unscheduled patching needs without requiring the shutting down or rebooting of any number of servers will increase the stability, cost efficiency and security of enterprise customers’ environments. This technology will enhance uptime in mission-critical environments.”

KGraft from its quarter is based on modern Linux technologies, including INT3/IPI-NMI self-modifying code, an RCU-like update mechanism, mcount-based NOP space allocation and standard kernel module loading/linking mechanisms. By leveraging other Linux technologies, kGraft requires only a small amount of code to run.

SUSE from its end will submit kGraft upstream at Linux Foundation’s Collaboration Summit 2014 while working with the Linux community to be able to create a common, standard kernel live patching solution.