-
Notifications
You must be signed in to change notification settings - Fork 5
Frequently Asked Questions
Readers may wonder why we propose yet another live patch too given that there are already several mature live patching tools in Linux, such as ksplice, kgraft, and kpatch.
This is because these designs cannot be applied on resource-constrained embedded devices that do not support Linux. More specifically, all the inline hook-based hot patching solutions cannot be used in embedded devices with ROM (cannot be modified) or flash (its sector needs to be erased before rewriting). Thus, we propose hardware breakpoint-based approaches to implement the KProbe mechanism to redirect the control flow without modifying the executed code.
Another reason is that the Linux live patching approaches (includes kpatch) need to recompile the kernel to generate binary patches by diffing the new binary with the origin one. And they require merging the source code patches into the kernel's codebase. In the embedded world, many types of kernels (aka. RTOS), with different specifications or even different Instruction Set Architecture, are used by heterogeneous devices. Thus, merging the source code patch to their own branches and recompiling the firmware impose very high overhead for the vendors who maintain multiple devices. RapidPatch, instead, enables the vendor to fix the same bug in the different codebases and different devices using just one eBPF patch.
Note that the approach of RapidPatch can also be implemented in Linux kernel or user space such that a single eBPF patch can fix multiple bugs across different libraries and instructions sets.
The license is GPL V3 and you can use it for free but need to open source the changes.
We will continue to maintain the RapidPatch and release it as an IoT library for the major RTOSs (e.g. Zephyr, NuttX, LiteOS). We will rewrite the libebpf as a standalone eBPF runtime.