Where exactly is the red zone on x86-64?
The Wikipedia article about the Red Zone was wrong, thus creating the ambiguity.
I had modified the article in April 2017 to fix the issue. As of that update the Wikipedia article reads:
In computing, a red zone is a fixed-size area in a function's stack frame beyond the current stack pointer which is not preserved by that function. The callee function may use the red zone for storing local variables without the extra overhead of modifying the stack pointer. This region of memory is not to be modified by interrupt/exception/signal handlers. The x86-64 ABI used by System V mandates a 128-byte red zone, which begins directly under the current value of the stack pointer. The OpenRISC toolchain assumes a 128-byte red zone
This brings the Wikipedia article more in line with the 64-bit System V ABI definition. With the ambiguity above resolved, regarding the question:
Since this red zone is relative to RSP, does it move downward with each push and does it move upward with each pop?
The Red Zone is always the 128 bytes just below RSP. As RSP changes (by PUSH/POP/MOV etc) so too does the location of the Red Zone.
Given these two quotes, is the red zone above the stacked return address or below the stacked return address?
The red zone is the 128 bytes just below rsp
, i.e. rsp - 128
to rsp - 1
.
Since this red zone is relative to RSP, does it move downward with each push and does it move upward with each pop?
Yes.