Am 24.02.24 um 23:22 schrieb Mark Kettenis:
This is how the hardware behaves; see the documentation for
PSTATE.BTYPE in Part D of the ARM Architecture Reference Manual
(document DDI0487).
The difference is that this will allow an attacker to exploit a "BR"
type branch (jump) to jump to the start of a function. Not a big risk
perhaps but still an uneccesary risk.
Thanks for the pointers! I guess it's also part of the ABI then to only
do tail call eliminations when using x16/x17 then?
Anyway, changed to just c upstream - though I don't think that alone
warrants a new release ;). (But it will be included in the next release.)
--
Jonathan
