Doesn’t kpatch (the Linux equivalent) typically need some kind of subscription too? IIRC RedHat does this with RHEL as it’s not available in the derivative distros
It seems a bit of a silly line to draw to me, but it seems to be some kind of industry convention
I’d not heard of this one so I had a look, and these are similar but different things it seems:
kexec lets you switch to another kernel without a full reboot, but you still need to go through the init process of the new kernel apparently. It’s quick compared to a reboot but still involves downtime.
kpatch is actual hotpatching (like this windows thing) where the kernel code is changed in-memory without any down time. The kernel never stops running, so those enterprise customers get the benefit of always running the most secure kernel without having to schedule downtime.
Though apparently kpatch can’t patch everything in the kernel so I can imagine a place for both tools in a server admin’s toolbox when you’re forced to do a non hotpatch.
Doesn’t kpatch (the Linux equivalent) typically need some kind of subscription too? IIRC RedHat does this with RHEL as it’s not available in the derivative distros
It seems a bit of a silly line to draw to me, but it seems to be some kind of industry convention
No, use kexec
https://wiki.archlinux.org/title/Kexec
https://www.man7.org/linux/man-pages/man8/kexec.8.html
I’d not heard of this one so I had a look, and these are similar but different things it seems:
kexec lets you switch to another kernel without a full reboot, but you still need to go through the init process of the new kernel apparently. It’s quick compared to a reboot but still involves downtime.
kpatch is actual hotpatching (like this windows thing) where the kernel code is changed in-memory without any down time. The kernel never stops running, so those enterprise customers get the benefit of always running the most secure kernel without having to schedule downtime.
Though apparently kpatch can’t patch everything in the kernel so I can imagine a place for both tools in a server admin’s toolbox when you’re forced to do a non hotpatch.