On Tue, 2024-10-01 at 18:33 +0100, Mark Brown wrote:
A shadow stack size is more symmetric on the surface, but I'm not sure it will be easier for userspace to handle. So I think we should just have a pointer to the token. But it will be a usable implementation either way.
My suspicion would be that if we're doing the pivot to a previously used shadow stack we'd also be pivoting the regular stack along with it which would face similar issues with having an unusual method for specifying the stack top so I don't know how much we're really winning.
I'm not so sure. The thing is a regular stack can be re-used in full - just set the RSP to the end and take advantage of the whole stack. A shadow stack can only be used where there is a token.
Like we both keep saying either of the interfaces works though, it's just a taste question with both having downsides.
Fair enough.