On Thu, Jun 03, 2021 at 05:51:34PM +0100, Mark Brown wrote: > On Thu, Jun 03, 2021 at 04:40:35PM +0100, Dave Martin wrote: > > Do we know how libcs will detect that they don't need to do the > > mprotect() calls? Do we need a detection mechanism at all? > > > > Ignoring certain errors from mprotect() when ld.so is trying to set > > PROT_BTI on the main executable's code pages is probably a reasonable, > > backwards-compatible compromise here, but it seems a bit wasteful. > > I think the theory was that they would just do the mprotect() calls and > ignore any errors as they currently do, or declare that they depend on a > new enough kernel version I guess (not an option for glibc but might be > for others which didn't do BTI yet). I think we discussed the possibility of an AT_FLAGS bit. Until recently, this field was 0 but it gained a new bit now. If we are to expose this to arch-specific things, it may need some reservations. Anyway, that's an optimisation that can be added subsequently. -- Catalin
