* szabolcs: >> alt shadow stack cannot be transparent to existing software anyway, it > > maybe not in glibc, but a libc can internally use alt shadow stack > in sigaltstack instead of exposing a separate sigaltshadowstack api. > (this is what a strict posix conform implementation has to do to > support shadow stacks), leaking shadow stacks is not a correctness > issue unless it prevents the program working (the shadow stack for > the main thread likely wastes more memory than all the alt stack > leaks. if the leaks become dominant in a thread the sigaltstack > libc api can just fail). It should be possible in theory to carve out pages from sigaltstack and push a shadow stack page and a guard page as part of the signal frame. As far as I understand it, the signal frame layout is not ABI, so it's possible to hide arbitrary stuff in it. I'm just saying that it looks possible, not that it's a good idea. Perhaps that's not realistic with 64K pages, though. Thanks, Florian
