On Mon, Jul 31, 2023 at 11:19:34PM +0000, Edgecombe, Rick P wrote:
The thing I was trying to get at was, we have this shared syscall that means create shadow stack memory and prepopulate it like this flag says. On x86 we optionally support SHADOW_STACK_SET_TOKEN which means put a token right at the end of size. So maybe arm should have a different flag value that includes putting the marker and then the token, and x86 could match it someday if we get markers too.
Oh, I see. My mental model was that this was controlling the whole thing we put at the top rather than treating the terminator and the cap separately.
It could be a different flag, like SHADOW_STACK_SET_TOKEN_MARKER, or it could be SHADOW_STACK_SET_MARKER, and callers could pass (SHADOW_STACK_SET_TOKEN | SHADOW_STACK_SET_MARKER) to get what you have implemented here. What do you think?
For arm64 code this would mean that it would be possible (and fairly easy) to create stacks which don't have a termination record which would make life harder for unwinders to rely on. I don't think this is insurmountable, creating manually shouldn't be the standard and it'll already be an issue on x86 anyway.
The other minor issue is that the current arm64 marker is all bits 0 so by itself for arm64 _MARKER would have no perceptible impact, it would only serve to push the token down a slot in the stack (I'm guessing that's the intended meaning?). I'm not sure that's a particularly big deal though.