x86_64 imm-call relinking needs it's own private PLT/GOT to handle calls to further than 2GB away in either direction

[elfmaster]

The patch image is loaded further than 2gb away in memory and thus we cannot re-link call instructions with an offset that fits in 4 bytes

[elfmaster]

This same problem applies to relinking load/stores of global variables with mov instructions who's destination register is only 32bits.

8b 2d f0 ad 00 00: mov 0xadf0(%rip), %ebp

The instruction above only has 3 bytes for encoding the offset, and we need 4 bytes to reach the patch target (The global variable).