The original KSplice project was actually fully open source, funded by a Dutch charity called NLnet that funds lots of interesting projects like that. I've been running it ever since.
After this was all done the team got acquihired by Oracle. I was actually amazed that the team was allowed to keep the service up for some non-Oracle distro's.
But very happy to see a broader adoption of this kind of technology, it is essential for all these unmanned systems out there in the cloud that they can be patched whilst running.
Yes: KSplice had software patents - Oracle bought them. And everyone knows what Oracle is like with software patents: aggressive!
I'm not clear what they actually cover, and can't look them up right now, but I'd thought they were specific on how KSplice in particular operates, both applying hotpatches and analysing the source to create them. I don't know whether they'd apply to anything else, or whether there is prior art, but they're an obvious landmine to be aware of and to avoid. So a simple fork wouldn't do unless it'd change the way it actually worked. A fresh approach was needed, and we seem to have two fresh approaches here.
I'm trusting they've been avoided here. They probably have, as this is much more general? The concept of hot patches are of course fine, people have been doing that for decades, and you can't patent concepts.
The lesson here: please don't patent stuff jn your open-source software, in case you wake up one day and got acquihired by Evil™.
OK, I've now looked up the Ksplice patents that I know of. (I may not have found them all, but I think I probably have?) Here be dragons! (Those who are ordered not to read patents: Don't click on the links in this post.)
Of course the time they were granted (to Oracle, after Ksplice were bought) the applications became nigh-impenetrable patentese that really need a US-qualified patent attorney to interpret, so I'm absolutely not going to try and I'm just going to post what I found here.
lkml.org explicitly states that they are unofficial.
From https://lkml.org ,
"In case you haven't read the titlebar of your web browser's window: this site is the (unofficial) Linux Kernel Mailing List archive."
Linux has this create feature of being able to include the operating system in the initrd. Put this with a nice PXE infrastructure where you pxe the OS and download the initrd with the OS in it. Then you simply kexec to upgrade or downgrade the entire operating system in ~30 seconds. I used to manage a production environment that worked exactly this way for several thousand nodes.
Not sure I'd call it niche, but yes, somewhat specialized.
Windows Server 2003 had a live patching feature [1] and it was also applicable to kernel patching according to [2]. For some reason it was quickly abandoned, though.
I took a quick look at the accepted patch. while I can't guarantee I know what's actually going on, my understanding is that patching individual functions works by sticking the replacement functions code somewhere new in memory, getting a pointer to it, and then over-writing the code in the old function to jump to the new one. (Kinda like short-circuiting the old function - all the old code still calls the old function location, but that location simply says 'jump to this new location over here').
It looks like, however, because kernel modules seem to be in elf format (Don't quote me on that, just going from the code), elf format includes a 'relocation table', which is basically a table that says "this function is located here, and this next function is located here, and ..." for every function in the module. Ignoring why that is actually there, they can take advantage of the relocation table and replace a functions location with the location of the replacement function, effectively overwriting the old one. Even if it's still in memory (I can't tell if it gets removed or not) the code will never be called again.
From there, the discussion mostly seems to be around how to 'stop' the kernel enough to be able to replace the function without resulting in a mess because something was trying to use that function at the same time that you replaced it.
Basically yes. Check out the kprobes docs for a nice description of how these frameworks work ,https://www.kernel.org/doc/Documentation/kprobes.txt. Being able to intercept (and mangle) kernel function calls is awesome. With uprobes the same techniques work in userland as well.
(just what I gathered from a bit of mailing-list reading, if any of this is wrong please correct me)
I don't think it can do arbitrary changes, it "only" applies specially prepared changes to the running system by replacing function call targets while tasks are sleeping. The biggest limitation to changes probably is that old and new code runs in parallel, so you can only do changes to data structures that won't confuse the old code.
"Simplest" use case might be adding guards against exploits to syscalls.
I can't tell how viable it would be for the new code to build an entire parallel structure and to only switch to this after everything is migrated, or how deep into the kernel these changes could go. Could one fix a file system driver while using the file system?
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux....