Re: [PATCH RFT v9 4/8] fork: Add shadow stack support to clone3()
From: Mark Brown
Date: Wed Oct 02 2024 - 17:01:24 EST
On Wed, Oct 02, 2024 at 02:42:58PM +0100, Mark Brown wrote:
> On Tue, Oct 01, 2024 at 11:03:10PM +0000, Edgecombe, Rick P wrote:
> > I'm not so sure. The thing is a regular stack can be re-used in full - just set
> > the RSP to the end and take advantage of the whole stack. A shadow stack can
> > only be used where there is a token.
> Yeah, I'm not sure how appealing it is trying to use a memory pool with
> of shadow stacks - like you say you can't reset the top of the stack so
> you need to keep track of that when the stack becomes unused. If the
> users don't leave the SSP at the top of the stack then unless writes
> have been enabled (which has security issues) then gradually the size of
> the shadow stacks will be eroded which will need to be managed. You
> could do it, but it's clearly not really how things are supposed to
> work. The use case with starting a new worker thread for an existing in
> use state seems much more appealing.
BTW it's probably also worth noting that at least on arm64 (perhaps x86
is different here?) the shadow stack of a thread that exited won't have
a token placed on it so it won't be possible to use it with clone3() at
all unless another token is written. To get a shadow stack you could
use with clone3() you'd either need to allocate a new one, pivot away
from one that's currently in use or enable shadow stack writes and place
a token.
Attachment:
signature.asc
Description: PGP signature