kpatch | |
Developer: | Red Hat |
Operating System: | Linux |
Genre: | Kernel extension |
License: | GNU GPL version 2 |
kpatch is a feature of the Linux kernel that implements live patching of a running kernel, which allows kernel patches to be applied while the kernel is still running. By avoiding the need for rebooting the system with a new kernel that contains the desired patches, kpatch aims to maximize the system uptime and availability. At the same time, kpatch allows kernel-related security updates to be applied without deferring them to scheduled downtimes.[1] [2] Internally, kpatch allows entire functions in a running kernel to be replaced with their patched versions, doing that safely by stopping all running processes while the live patching is performed.[3]
kpatch is developed by Red Hat, with its source code licensed under the terms of the GNU General Public License version 2 (GPLv2). In May 2014, kpatch was submitted for inclusion into the Linux kernel mainline,[4] and the minimalistic foundations for live patching were merged into the Linux kernel mainline in kernel version 4.0, which was released on April 12, 2015.[5]
Internally, kpatch consists of two parts the core kernel module executes the live patching mechanism by altering kernel's inner workings, while a set of userspace utilities prepares individual hot patch kernel modules from source diffs and manages their application. Live kernel patching is performed at the function level, meaning that kpatch can replace entire functions in the running kernel with their patched versions by using facilities provided by ftrace to "route around" old versions of functions; that way, hot patches can also easily be undone. No changes to the kernel's internal data structures are possible; however, security patches, which are one of the natural candidates to be used with kpatch, rarely contain changes to the kernel's data structures.[6]
kpatch ensures that hot patches are applied atomically and safely by stopping all running processes while the hot patch is applied, and by ensuring that none of the stopped processes is running inside the functions that are to be patched. Such an approach simplifies the whole live patching mechanism and prevents certain issues associated with the way data structures are used by original and patched versions of functions. As the downside, this approach also leaves the possibility for a hot patch to fail, and introduces a small amount of latency required for stopping all running processes.
Red Hat announced and publicly released kpatch in February 2014 under the terms of the GNU General Public License version 2 (GPLv2), shortly before SUSE released its own live kernel patching implementation called kGraft.[7] kpatch was merged into the Linux kernel mainline, and it was submitted for the inclusion in May 2014.[8]
kpatch has been included in Red Hat Enterprise Linux 7.0, released on June 10, 2014, as a technology preview.[9] [10]
Minimalistic foundations for live kernel patching were merged into the Linux kernel mainline in kernel version 4.0, which was released on April 12, 2015. Those foundations, based primarily on the kernel's ftrace functionality, form a common core capable of supporting hot patching by both kpatch and kGraft, by providing an application programming interface (API) for kernel modules that contain hot patches and an application binary interface (ABI) for the userspace management utilities. However, the common core included into Linux kernel 4.0 supports only the x86 architecture and does not provide any mechanisms for ensuring function-level consistency while the hot patches are applied.[11] [12]
Since April 2015, there is ongoing work on porting kpatch to the common live patching core provided by the Linux kernel mainline. However, implementation of the required function-level consistency mechanisms has been delayed because the call stacks provided by the Linux kernel may be unreliable in situations that involve assembly code without proper stack frames; as a result, the porting work remains in progress . In an attempt to improve the reliability of kernel's call stacks, a specialized sanity-check userspace utility has also been developed.[13] [14]