Am 24.02.24 um 21:30 schrieb Mark Kettenis:
Unless we explicitly mark them as not, yes, they will use IBT (but not
Shadow Stack).
Ah cool!
No. Tail call elimination will use a *direct* branch, which doesn't
need a landing pad at all.
Not necessarily - I've seen tail call elimination on function pointers,
because it *is* valid. E.g. `return func_ptr()` should be able to use
tail call elimination.
Right. And this is what a direct branch looks like. An indirect
branch is when you load the address of a function into a register and
then us that register in the branch instruction.
Ah, right, forgot about the indirect part :).
However, don't the functions referenced by section .init_array also need
those, then? Or is IBT only enabled later?
Like endbr64 on amd64, the bti instructions are all executed as nop
instructions on older hardware.
Thanks for confirming!
--
Jonathan
