On Tue, Oct 20, 2020 at 04:39:13PM +0100, Mark Brown wrote: > On Mon, Oct 19, 2020 at 06:41:55PM -0500, Josh Poimboeuf wrote: > > On Fri, Oct 16, 2020 at 01:15:34PM +0100, Mark Brown wrote: > > > > Ah, I'd have interpreted "defined thread entry point" as meaning > > > expecting to find specific functions appering at the end of the stack > > > rather than meaning positively identifying the end of the stack - for > > > arm64 we use a NULL frame pointer to indicate this in all situations. > > > In that case that's one bit that is already clear. > > > I think a NULL frame pointer isn't going to be robust enough. For > > example NULL could easily be introduced by a corrupt stack, or by asm > > frame pointer misuse. > > Is it just the particular poison value that you're concerned about here > or are you looking for additional checks of some other kind? You just need to know you've conclusively reached the user entry point on the stack, without missing any functions. A sufficiently unique poison value might be ok. Though, defining a certain stack offset as the "end" seems more robust. -- Josh
