Am 24.02.24 um 21:30 schrieb Mark Kettenis:
> Unless we explicitly mark them as not, yes, they will use IBT (but not
> Shadow Stack).
Ah cool!
> No. Tail call elimination will use a *direct* branch, which doesn't
> need a landing pad at all.
Not necessarily - I've seen tail call elimination on function pointers,
because it *is* valid. E.g. `return func_ptr()` should be able to use
tail call elimination.
> Right. And this is what a direct branch looks like. An indirect
> branch is when you load the address of a function into a register and
> then us that register in the branch instruction.
Ah, right, forgot about the indirect part :).
However, don't the functions referenced by section .init_array also need
those, then? Or is IBT only enabled later?
> Like endbr64 on amd64, the bti instructions are all executed as nop
> instructions on older hardware.
Thanks for confirming!
--
Jonathan
No comments:
Post a Comment