KGraft enforces version consistency on a per-process basis, so it is possible for one process to execute the new code while another process executes the old code.
When a process makes a system call after the patch is installed, k Graft sets a “new universe” flag on that process.
For example, web and cloud hosting services normally require customers to experience some downtime while the OS infrastructure is upgraded; with rebootless patching, upgrades happen seamlessly.
Or, imagine upgrades to systems hosting in-memory databases: Right now, you have to checkpoint the DB to stable storage, stop the system, upgrade it, restart it, read the data from stable storage, and restart service.
In this approach, the entirety of the new code is loaded into the memory of the running process and then control and data migrations directly update the execution state prior to, or even in conjunction with, subsequent execution that code.
Facebook’s usage of a modified memcached that supports preserving state across updates.
I’m particularly excited by this announcement because I’ve been working on the general problem of updating running software, which I call (DSU), for nearly 15 years.
From that point on, that process will always use the patched code.
KGraft uses an extra level of indirection called a “reality-check” to decide, at the entry of patched functions, which code to execute based on the process flag.