Google Developing "Live Update Orchestrator" As New Means Of Live Linux Kernel Updates

Written by Michael Larabel in Google on 20 March 2025 at 07:11 AM EDT. 5 Comments

While there is Kpatch, Ksplice, and other live patching solutions already in use for patching a running Linux kernel for deploying security updates without downtime, Google engineers are developing the Live Update Orchestrator as a new means of transitioning to a new updated kernel with minimal downtime.

A "request for comments" was sent out today on the Live Update Orchestrator as a new means of facilitating live Linux kernel updates with minimal downtime. Live Update Orchestrator is taking particular emphasis on updates within cloud environments.

Google engineer Pasha Tatashin explains of the Live Update Orchestrator:

"Live Update is a specialized reboot process where selected devices are kept operational across a kernel transition. For these devices, DMA and interrupt activity may continue uninterrupted during the kernel reboot.

Please find attached a series of three patches introducing the Live Update Orchestrator (LUO), a new kernel subsystem designed to facilitate live kernel updates with minimal downtime. The primary use case is in cloud environments, allowing hypervisor updates without fully disrupting running virtual machines by keeping selected devices alive across the reboot boundary. This series also inroduces a device layer infrastructure (dev_liveupdate) to be used with LUO.

The core of LUO is a state machine that tracks the progress of a live update, along with a callback API that allows other kernel subsystems to participate in the process. Example subsystems that can hook into LUO include: kvm, iommu, interrupts, the Device Layer (through the dev_liveupdate infrastructure introduced in patch 2), and mm.

LUO uses KHO to transfer memory state from Old Kernel to the New Kernel."

Those wanting to learn more about the in-development Live Update Orchestrator can do so via the RFC patch series.