On Wed, Oct 02, 2024 at 02:42:58PM +0100, Mark Brown wrote:
On Tue, Oct 01, 2024 at 11:03:10PM +0000, Edgecombe, Rick P wrote:
I'm not so sure. The thing is a regular stack can be re-used in full - just set the RSP to the end and take advantage of the whole stack. A shadow stack can only be used where there is a token.
Yeah, I'm not sure how appealing it is trying to use a memory pool with of shadow stacks - like you say you can't reset the top of the stack so you need to keep track of that when the stack becomes unused. If the users don't leave the SSP at the top of the stack then unless writes have been enabled (which has security issues) then gradually the size of the shadow stacks will be eroded which will need to be managed. You could do it, but it's clearly not really how things are supposed to work. The use case with starting a new worker thread for an existing in use state seems much more appealing.
BTW it's probably also worth noting that at least on arm64 (perhaps x86 is different here?) the shadow stack of a thread that exited won't have a token placed on it so it won't be possible to use it with clone3() at all unless another token is written. To get a shadow stack you could use with clone3() you'd either need to allocate a new one, pivot away from one that's currently in use or enable shadow stack writes and place a token.