kGraft — live kernel patching from SUSE

It is little known, but Windows Server 2003 contains hotpatching support. Functions in the kernel and core system DLLs is compiled with a special prologue, so as to avoid the need to determine whether the existing code is in use. Space for a "long" jump is placed immediately before the function header (5 bytes on i386, JMP + 4 byte immediate), and the first instruction of the function is a "mov edi, edi" 2 byte NOP in order to permit a 2 byte short jump backwards to be atomically inserted (Jumping backwards to the start of that aforementioned long jump)

Safe hot patching is done by first setting up the long jump, then doing an atomic replacement of the 2 byte NOP with the backwards jump. No need to detect if the code is in use; anybody already executing the old code will successfully continue to do so.

This would require compiling the kernel with such prologues. The need to insert a 2 byte NOP can be obviated in cases where the first instruction is already >=2 bytes long.

On the one hand, this would permit working around the Oracle patents. On the other hand, there is a need to watch out for Microsoft patents..