Victoria - Fotolia


How to choose a live kernel patching extension

Ksplice and kpatch offer similar live kernel patching services on a Linux system, but differences between function-level services and technical support showcase their differences.

For high-priority systems, it's difficult -- and often impossible -- to reboot a server. You can update nearly every part of a Linux system without needing to reboot -- except for kernel patching. With kernel patching, you'll need to use either Ksplice or kpatch to update without a reboot.

Ksplice was originally developed as the first open source tool to apply live kernel patching. In 2011, Oracle acquired Ksplice and offered support for Oracle Linux. With that acquisition, Oracle dropped support for Red Hat Enterprise Linux (RHEL) and offered a 30-day trial version instead. At the same time, Oracle changed its support strategy, and the Oracle Linux kernel became a requirement to qualify for support on production systems. However, the software is available for free on desktop Linux systems, including Fedora and Ubuntu.

Since Ksplice is open source, there is no technical reason why you could not use it on RHEL. Since RHEL is an enterprise distribution, support on the OS is essential, and Red Hat has chosen not to do anything with Ksplice, but instead to offer kpatch. Red Hat developed kpatch and released it as open source software. It is fully merged into the version 4.0 Linux kernel.

Since RHEL is an enterprise distribution, support on the OS is essential, and Red Hat has chosen not to do anything with Ksplice, but instead to offer kpatch.

Ksplice and kpatch analyze new lines of code that are applied through the patch. The systems run the diff command on the patch and the current kernel version, which exposes the differences that you will apply. As long as the patch does not make important changes to the kernel's data structures, you can apply it as a live patch. To apply the patch, the execution of the computer is frozen temporarily so that either Ksplice or kpatch is the only software running. Next, it ensures that the patch won't modify any functions that are currently being executed. Both Ksplice and kpatch will modify the beginning of the changed functions so that the next time the kernel refers to them, the tools will use the updated functions. Once the tools change all in-memory data structures, the kernel can resume its work.

Kpatch works in a similar way as Ksplice; live kernel patching runs through a core kernel module that is addressed by a set of user space utilities. Kpatch performs the kernel patching itself at a function level and addresses updates function by function. It installs the new function and then routes the function call to the new function instead of the old function. Like Ksplice, kpatch won't apply any changes to the kernel's internal data structures.

Which live kernel patching extension should I use?

From a technical perspective on live kernel patching extensions, Ksplice and kpatch are very similar. However, kpatch deals with some functions less efficiently than Ksplice. Ksplice can patch almost any part of the kernel, while kpatch can only patch functions. Ksplice offers user space patching, which allows users to patch critical components such as glibc and openssl. Ksplice also offers more comprehensive safety checks to ensure that users cannot call removed functions. Since Red Hat banned Ksplice, you should use Oracle Linux to receive all of the benefits that Ksplice offers.

Next Steps

Compare these different Linux server distribution options

Use these tips to make Linux system management easier

Dig Deeper on Data center ops, monitoring and management

Cloud Computing
and ESG