Even worse is the IBM team trying to sell IBM cloud saying cloud-only is the way to go. Customer agrees and compares clouds, settles on AWS or Azure, then IBM team brings in Red Hat to pitch hybrid.
RHEL 7 came out 6 years ago with Linux 3.10 and is still getting patched. Somebody has to manage and integrate all those security fixes in all those packages without breaking the old codebases.
Ksplice (Oracle) was first, followed by kgraft (Suse), and kpatch (RedHat).
According to the article below, kpatch is x86/64 only, uses ftrace, provides runtime patches only until the next minor kernel release on a standard license, does not address all CVEs, and cannot be used with "SystemTop or kprobe."
I asked because the listing said "kpatch" in the output of the command. I've never used Kernelcare, only suggested investigating it, despite it being proprietary.
Ksplice was done by MIT students, not Oracle. I used it long before Oracle bought it, initially with my own patches (and actually after that as a "legacy" customer). kpatch isn't just x86_64; it's in at least ppc64le RHEL 7, although not for the "alt kernel" on the POWER9 systems I use.
I don't know whether it's the case, but their comparison rather suggests Kernelcare is based on Ksplice.
Actually, POWER9 RHEL7 has Linux 4.x, where x depends on the minor release -- unfortunately not the latest on the system I use. I think aarch64 is similar, but I'd have to look for rpm to check. They need similar attention, of course.
Anyway, RHEL kernels have various features backported to the vanilla version on which it was originally based, not just security patches, which probably makes the job harder. It is a major effort.
