Am 24.02.24 um 21:30 schrieb Mark Kettenis:

> Unless we explicitly mark them as not, yes, they will use IBT (but not
> Shadow Stack).

Ah cool!

> No.  Tail call elimination will use a *direct* branch, which doesn't
> need a landing pad at all.

Not necessarily - I've seen tail call elimination on function pointers, 
because it *is* valid. E.g. `return func_ptr()` should be able to use 
tail call elimination.

> Right.  And this is what a direct branch looks like.  An indirect
> branch is when you load the address of a function into a register and
> then us that register in the branch instruction.

Ah, right, forgot about the indirect part :).

However, don't the functions referenced by section .init_array also need 
those, then? Or is IBT only enabled later?

> Like endbr64 on amd64, the bti instructions are all executed as nop
> instructions on older hardware.

Thanks for confirming!

-- 
Jonathan