Katana: Towards Patching as a Runtime Part of the Compiler-Linker-Loader Toolchain

Despite advances in modularity, security, and reliability of software, offline patching remains the predominant form of updating or protecting commodity software. Unfortunately, the mechanics of hot patching (the process of upgrading a program while it executes) remain understudied, even though such a capability offers practical benefits for both consumer and mission-critical systems. A reliable hot patching procedure would serve particularly well by reducing the downtime necessary for critical functionality or security upgrades. Yet, hot patching also carries the risk – real or perceived – of leaving the system in an inconsistent state, which leads many owners to forgo its benefits as too risky; for systems where availability is critical, this decision may result in leaving systems unpatched and hence vulnerable. In this paper, we present a novel method for hot patching ELF binaries that supports (a) synchronized global data and code updates and (b) reasoning about the results of applying the hot patch. We develop a format, which we call a Patch Object, for encoding patches as a special type of ELF relocatable object file. We then build a tool, Katana, that automatically creates these patch objects as a byproduct of the standard source build process. Katana also allows an end-user to apply the Patch Objects to a running process. In essence, our method can be viewed as an extension of the Application Binary Interface (ABI), and we argue for its inclusion in future ABI standards.