Real-Time
You can load patches on the target process memory space without "mmap3" by using POKEDATA/ POKETEXT in a ptrace system call. However this approach requires using ATTACH before using POKEDATA/POKETEXT, which are ptrace system calls. Then, the target process gets a SIGSTOP signal and stops during patch module loading.

If POKEDATA/POKETEXT execution is sufficiently fast, then this method is useful. However, ptrace can write data at the size of word at one time. Therefore, what disturbs the target process execution depends on the size and number of patch modules.

On the contrary, "mmap3" system call, which PANNUS uses, doesn't stop the target process when mapping patch modules to the memory.

Limitations on Target Software
First, as we described above, modifying a kernel source isn't necessary if the target software has its own live-patching capability. But there are lots of software components that come with the operating system that don't have their own live-patching function. Adding a specific routine or library to these software components in the user space is a costly operation.

Following the PANNUS's approach, one has to modify the kernel source to support live patching, but not all the software components in the user space.

Easy Operation
The PANNUS approach adopts the state transition model that enables loading, activating, deactivating, and unloading separately. The patch modules can be activated and deactivated easily.

The Future of Live Patching
PANNUS's approach is slightly experimental and other approaches should be investigated or the target of live patching should be expanded. Another target that we should pay attention to is kernel live patching. Dynamic instrumentation systems such as "kprobe," "jprobe," and "djprobe" are currently being developed as a part of the SystemTap project. Djprobe is a fast, direct jump probe, using "jmp" assembly code instead of the "int3" code used by kprobe to write a probe function to the entry point of a function. This approach, the method to overwrite "jmp" code, is the same as the live patching approach and can be applied to PANNUS.

Conclusion
Live patching is useful and necessary from the perspective of availability. However, generic users, such as desktop users, can't benefit from it at this point. We would like to become involved in diverse software development communities to find a more robust approach and gain a broad consensus among many developers.

References

• Carrier-Grade Linux working group: www.osdl.org/lab_activities/carrier_grade_linux
• CGL requirement definition documents: www.osdl.org/lab_activities/carrier_grade_linux/requirements.html
• PANNUS project: http://pannus.sourceforge.net/
• SystemTap: http://sourceware.org/systemtap/
• Djprobe: http://lkst.sourceforge.net/djprobe.html