On Wed, Oct 02, 2024 at 02:42:58PM +0100, Mark Brown wrote: > On Tue, Oct 01, 2024 at 11:03:10PM +0000, Edgecombe, Rick P wrote:
> > I'm not so sure. The thing is a regular stack can be re-used in full - just > > set > > the RSP to the end and take advantage of the whole stack. A shadow stack can > > only be used where there is a token. > Yeah, I'm not sure how appealing it is trying to use a memory pool with > of shadow stacks - like you say you can't reset the top of the stack so > you need to keep track of that when the stack becomes unused. If the > users don't leave the SSP at the top of the stack then unless writes > have been enabled (which has security issues) then gradually the size of > the shadow stacks will be eroded which will need to be managed. You > could do it, but it's clearly not really how things are supposed to > work. The use case with starting a new worker thread for an existing in > use state seems much more appealing. BTW it's probably also worth noting that at least on arm64 (perhaps x86 is different here?) the shadow stack of a thread that exited won't have a token placed on it so it won't be possible to use it with clone3() at all unless another token is written. To get a shadow stack you could use with clone3() you'd either need to allocate a new one, pivot away from one that's currently in use or enable shadow stack writes and place a token.
signature.asc
Description: PGP signature
