A survey of dynamic software updating 100 love and dating
But Linux 4.0’s rebootless patching support limits flexibility for the sake of better performance, backward-compatibility, and ease of use by the kernel programmer, even though the latter is not quite satisfying, as we have discussed: ironically, a “rebootless patch” could result in a crash, defeating the point!
The research community has been looking at how to support highly-flexible DSU for many years now.
Once the flag is set on all processes, k Graft drops the now-redundant indirection and jumps straight to the patched code.
The problem with multi-version execution is that processes running two different code versions could interact, e.g., through common data structures, and thereby potentially violate new (or outdated) invariants.
Just the checkpointing and re-reading from disk could take tens of minutes.
With rebootless patching, this disruption is avoided; cf.
In this approach, the entirety of the new code is loaded into the memory of the running process and then control and data migrations directly update the execution state prior to, or even in conjunction with, subsequent execution that code.
Linux 4.0 DSU support is a far cry from supporting Vaughan-Nichols’ hope that “With Linux 4.0, updates to a program we can make statically we can also make dynamically.
I.e., we should be able to add new functions, change function types (e.g., to have new or different arguments), or modify data structures, e.g., by adding new data elements, breaking apart or changing the types of existing elements, adding and removing pointers, etc.
KGraft enforces version consistency on a per-process basis, so it is possible for one process to execute the new code while another process executes the old code.
When a process makes a system call after the patch is installed, k Graft sets a “new universe” flag on that process.
Programs typically have only a handful of update points, and they are naturally placed at the start of long-running loops, when invariants are established and/or events have been fully handled.