* Andrew Cooper: > On 10/10/2022 13:33, Florian Weimer wrote: >> * Andrew Cooper: >> >>> You don't actually need a hole to create a guard. Any mapping of type >>> != shstk will do. >>> >>> If you've got a load of threads, you can tightly pack stack / shstk / >>> stack / shstk with no holes, and they each act as each other guard pages. >> Can userspace read the shadow stack directly? Writing is obviously >> blocked, but reading? > > Yes - regular reads are permitted to shstk memory. > > It's actually a great way to get backtraces with no extra metadata > needed. Indeed, I hope shadow stacks can be used to put the discussion around frame pointers to a rest, at least when it comes to profiling. 8-) >> POSIX does not appear to require PROT_NONE mappings >> for the stack guard region, either. However, the >> pthread_attr_setguardsize manual page pretty clearly says that it's got >> to be unreadable and unwriteable. Hence my question. > > Hmm. If that's what the manuals say, then fine. > > But honestly, you don't get very far at all without faulting on a > read-only stack. I guess we can update the manual page proactively. It does look like a tempting optimization. Thanks, Florian
