On Tue, Oct 01, 2024 at 11:03:10PM +0000, Edgecombe, Rick P wrote: > On Tue, 2024-10-01 at 18:33 +0100, Mark Brown wrote: > > My suspicion would be that if we're doing the pivot to a previously used > > shadow stack we'd also be pivoting the regular stack along with it which > > would face similar issues with having an unusual method for specifying > > the stack top so I don't know how much we're really winning. > I'm not so sure. The thing is a regular stack can be re-used in full - just set > the RSP to the end and take advantage of the whole stack. A shadow stack can > only be used where there is a token. Yeah, I'm not sure how appealing it is trying to use a memory pool with of shadow stacks - like you say you can't reset the top of the stack so you need to keep track of that when the stack becomes unused. If the users don't leave the SSP at the top of the stack then unless writes have been enabled (which has security issues) then gradually the size of the shadow stacks will be eroded which will need to be managed. You could do it, but it's clearly not really how things are supposed to work. The use case with starting a new worker thread for an existing in use state seems much more appealing.
Attachment:
signature.asc
Description: PGP signature
