-
Notifications
You must be signed in to change notification settings - Fork 5
Frequently Asked Questions
People may wonder why we propose yet another live patch tool, RapidPatch, given that there are several mature live patching tools in Linux, such as ksplice, kgraft, and kpatch.
This is because all these works cannot be used on resource-constrained embedded devices that do not support Linux. More specifically, all the inline hook-based hot patching solutions cannot be used in embedded devices with ROM (cannot be modified) or flash (its sector needs to be erased before rewriting). Thus, we propose hardware breakpoint-based approaches to implement the KProbe mechanism to redirect the control flow without modifying the executed code.
Another reason is that the Linux live patching approaches (includes kpatch) all need to recompile the kernel to generate binary patches by diffing the new binary with the origin binary. It requires merging the source code patches into the kernel's codebase first and then. In the embedded world, more than one kernel (RTOS) is used by heterogeneous devices (in different specifications, or even use a different instruction set architecture (ISA)). Thus, merging the source code patch to their own branches and recompiling the firmware can be a heavy workload for the vendors who maintain multiple devices. RapidPatch enables the vendor to fix the same bug in the different codebases and different devices using just one eBPF patch.
Note that the approach of RapidPatch can also be implemented in Linux kernel or userspace to use a single eBPF patch to fix the bugs across different libraries and instructions sets.
The license is GPL V3 and you can use it for free but need to open source the changes.
We will continue to maintain the RapidPatch and release it as an IoT library for the major RTOSs (e.g. Zephyr, NuttX, LiteOS). We will rewrite the libebpf as a standalone eBPF runtime.