KernelCare is a live kernel patching service that provides security patches and bugfixes for a range of popular Linux kernels[2] that can be installed without rebooting the system.[3]
KernelCare software is a commercial product. The first beta was introduced in March 2014 and it was commercially launched in May 2014.
KernelCare agent resides on user's server. It periodically checks in with KernelCare distribution servers. If there are new patches available for the currently running kernel, KernelCare agent downloads and applies those patches to the running kernel.
A KernelCare patch is a piece of code used to substitute vulnerable or buggy code in a kernel. It can be an arbitrary code line modification, or it can be a missing security check, a set of functions, or even modified data structures.[3]
The patch is compiled as usual, but the generated code has additional information about all changed code pieces caused by original source code modification and information on to how to apply these code pieces. The resulting code modifications are safely applied to the running kernel.
A special KernelCare kernel module applies the patches. It loads the patches into the kernel address space, sets up the relocations (i.e., fixes the references to the original kernel code and data), and safely switches the execution path from the original code to updated code blocks. The code ensures the patch is applied safely so the CPU doesn't execute the original code blocks at the same moment when switching to a new version.[4][5]
Dynamic software updating, a field of research focusing on upgrading programs while they are running
kexec, a method for loading a whole new kernel from a running system
kGraft, kpatch and Ksplice, other Linux kernel live patching technologies developed by SUSE, Red Hat and Ksplice, Inc. (later acquired by Oracle), respectively