Comment by vlovich123
10 months ago
To this day I still believe that there should be a dedicated protected separate stack region for the call stack that only the CPU can write to/read from. Walking the stack then becomes trivially fast because you just need to do a very small memcpy. And stack memory overflows can never overwrite the return address.
This is a thing; it's called shadow call stack. Both ARM and now Intel have extensions for it.
But the shadow stack concept seems much dumber to me. Why write the address to the regular stack and the shadow stack and then compare? Why not only use the shadow stack and not put return addresses on the main stack at all.
Because that would break compatibility. The way shadow stacks are implemented means they can be enabled in existing software without code changes.
If one were to design a modern ISA from scratch it would make sense though.
ABI compatibility.
2 replies →