I've been studying Jann Horn's biased locking example: Re: [PATCH 0/4 POC] Allow executing code and syscalls in another address space <https://lore.kernel.org/linux-api/CAG48ez02UDn_yeLuLF4c=kX0=h2Qq8Fdb0cer1yN8atbXSNjkQ@xxxxxxxxxxxxxx/> It uses MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ as part of the biased lock revocation. How does the this code know that the process has called MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_RSEQ? Could it fall back to MEMBARRIER_CMD_GLOBAL instead? Why is it that MEMBARRIER_CMD_GLOBAL does not require registration (the broader/more expensive barrier), but the more restricted versions do? Or put differently, why wouldn't we request MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_RSEQ unconditionally at process start in glibc, once we start biased locking in a few places? Thanks, Florian
