Live patching is an add-on service for Linux operating systems that allows kernel patches to be applied while the kernel (the core of a computer’s operating system) is still running. The kernel provides basic services for all other parts of the operating system. Many software updates require rebooting the computer with a new kernel that contains the desired patches. This creates downtime while the computer reboots. In large enterprises with thousands of servers running critical business applications and databases, software updates may be delayed until planned maintenance (scheduled downtime) occurs. During this delay systems are vulnerable, often for months, risking security holes, malicious attacks and compliance violations until the updates can be applied.
Live patching enables quick fixes to the kernel without rebooting the whole system. IT departments can fix security issues in the kernel while it runs, thus keeping the software compliant by using the most up-to-date version. Live patching minimizes downtime and increases service availability, because all in-memory databases, servers and mission-critical systems remain online while the Linux kernel is updated. Patching the Linux kernel during runtime reduces the need for scheduled downtime. Processes such as time-consuming product simulations can run to completion without being interrupted by Linux kernel updates.
Originally invented by SUSE Labs, several Linux vendors now offer a live patching service. Subscribers get access to a dedicated update channel, where specially prepared packages allow the Linux kernel to be patched on-the-fly without interrupting mission-critical workloads and in-memory databases. SUSE Linux Enterprise Live Patching builds on the existing enterprise Linux kernel infrastructure and uses familiar deployment methods.