On Tue, 2024-02-20 at 18:11 -0800, Rick Edgecombe wrote: > Some specific cases that were still open were longjmp()ing off of a > custom userspace threading library stack, which may not have left a > token behind when it jumped to a new stack. And also, potentially off > of an alt shadow stack in the future, depending on whether it leaves > a > restore token when handling a signal. (the problem there, is if there > is no room to leave it). Ah, I remember the other one. If the token on the target shadow stack is at the end of the shadow stack, it may not be able to handle pushing a shadow stack signal frame if a signal hits while is unwinding through the token. As in, where normal longjmp() is direct transition, in this case the longjmp() operation can be temporarily in a place where a signal cannot be handled.
