GNU C Library 2.39 released

-fno-plt while it removes jumps to plt, it still leaves indirect calls via GOT. Those indirect jumps aren't very cheap.

What this new feature seems to be about is it'll rewrite indirect via-got jumps in plt to regular "static" jumps. And yes, as it notes explicitly, it requires eager binding (so ld.so will rewrite entire .plt then mprotect it exec-only). So, yes, it still leaves extra jump, but those extra jumps are cheaper jumps.

And so I am curious why not just always do it whenever binary or environment variable asks for eager binding. My understanding is that some fairly common distros seems to be defaulting to -Wl,-z,now (eagering binding).

Also, I'd be curious to see if anyone has numbers about performance impact of this (and also versus -fno-plt).

I wasn't aware of security features that forbid to mprotect something from writeble to executable (btw, any pointers? I've heard write^exec, but not write -> never-exec you're seemingly referring to). Still, it should be possible to deal with it. E.g. you can rewrite entire plt to fresh memfd file and mmap it exec-only over original plt location. But even if not like this, it could try to do .plt rewriting, observe failure and fall back to original approach. And still get likely significant win in most common cases.