On Wed, Feb 03, 2021 at 02:55:38PM -0800, Yu-cheng Yu wrote: > INCSSP(Q/D) increments shadow stack pointer and 'pops and discards' the > first and the last elements in the range, effectively touches those memory > areas. > > The maximum moving distance by INCSSPQ is 255 * 8 = 2040 bytes and > 255 * 4 = 1020 bytes by INCSSPD. Both ranges are far from PAGE_SIZE. > Thus, putting a gap page on both ends of a shadow stack prevents INCSSP, > CALL, and RET from going beyond. > > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> Yay guard pages! :) Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
