Trustworthy Systems

Reboots are for hardware: Challenges and solutions to updating an operating system on the fly


Andrew Baumann, Jonathan Appavoo, Robert W. Wisniewski, Dilma Da Silva, Orran Krieger and Gernot Heiser


School of Computer Science and Engineering

IBM T.J. Watson Research Center
Yorktown Heights NY 10598


Patches to modern operating systems, including bug fixes and security updates, and the reboots and downtime they require, cause tremendous problems for system users and administrators. Dynamic update allows an operating system to be patched without the need for a reboot or other service interruption. We have taken the approach of building dynamic update functionality directly into an existing operating system, K42.

To determine the applicability of our update system, and to investigate the changes that are made to OS code, we analysed K42's revision history. The analysis showed that our original system could only support half of the desired changes to K42. The main problem preventing more changes from being converted to dynamic updates was our system's inability to update interfaces. Other studies, as well as our own investigations, have shown that change to interfaces is also prevalent in systems such as Linux. Thus, it is apparent that a dynamic update mechanism needs to handle interface changes to be widely applicable.

In this paper, we describe how to support interface changes in a modular dynamic update system. With this improvement, approximately 79% of past performance and bug fix changes to K42 could be converted to dynamic updates, and we expect the proportion would be even higher if the fixes were being developed for dynamic update. Measurements of our system show that the runtime overhead is very low, and the time to apply updates is acceptable.

This paper makes the following contributions. We present a mechanism to handle interface changes for dynamic updates to an operating system. For performance-sensitive updates, we show how to apply changes lazily. We discuss lessons learned, including how an operating system can be structured to better support dynamic update. We also describe how our approach extends to other systems such as Linux, that although structured modularly, are not strictly object-oriented like K42.

BibTeX Entry

    address          = {Santa Clara, CA, USA},
    author           = {Andrew Baumann and Jonathan Appavoo and Robert W. Wisniewski and Da Silva, Dilma and Orran Krieger
                        and Gernot Heiser},
    booktitle        = {Proceedings of the  2007 USENIX Annual Technical Conference},
    month            = jun,
    pages            = {337--350},
    paperurl         = {},
    title            = {Reboots are for Hardware: Challenges and Solutions to Updating an Operating System on the Fly},
    year             = {2007}