SYSTEMS AND METHODS FOR PREVENTING UNAUTHORIZED STACK PIVOTING

US 20140365742A1
Filed: 06/05/2013
Published: 12/11/2014
Est. Priority Date: 06/05/2013
Status: Active Grant

First Claim

Patent Images

1. A processing system, comprising:

a lower stack bound register configured to store a first memory address, the first memory address identifying a lower bound of a memory addressable via a stack segment;

an upper stack bound register configured to store a second memory address, the second memory address identifying an upper bound of the memory addressable via the stack segment; and

a stack bounds checking logic configured to detect unauthorized stack pivoting, by comparing a memory address being accessed via the stack segment with at least one of the first memory address and the second memory address.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example processing system may comprise: a lower stack bound register configured to store a first memory address, the first memory address identifying a lower bound of a memory addressable via a stack segment; an upper stack bound register configured to store a second memory address, the second memory address identifying an upper bound of the memory addressable via the stack segment; and a stack bounds checking logic configured to detect unauthorized stack pivoting, by comparing a memory address being accessed via the stack segment with at least one of the first memory address and the second memory address.

28 Citations

View as Search Results

20 Claims

1. A processing system, comprising:
- a lower stack bound register configured to store a first memory address, the first memory address identifying a lower bound of a memory addressable via a stack segment;
  
  an upper stack bound register configured to store a second memory address, the second memory address identifying an upper bound of the memory addressable via the stack segment; and
  
  a stack bounds checking logic configured to detect unauthorized stack pivoting, by comparing a memory address being accessed via the stack segment with at least one of the first memory address and the second memory address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The processing system of claim 1, wherein the stack bounds checking logic comprises:
    - a first adder configured to compare the memory address being accessed via the stack segment with the first memory address; and
      
      a second adder configured to compare the memory address being accessed via the stack segment with the second memory address.
  - 3. The processing system of claim 1, wherein the stack bounds checking logic is further configured to generate a stack fault exception responsive to at least one of:
    - determining that the memory address being accessed via the stack segment is less than the first memory address or determining that the memory address being accessed via the stack segment is greater than the second memory address.
  - 4. The processing system of claim 1, further comprising a stack status register;
    - wherein the stack bounds checking logic is further configured to store in the stack status register the memory address being accessed via the stack segment.
  - 5. The processing system of claim 1, wherein the processing system is configured to operate in at least one of:
    - a 32-bit user mode, a 64-bit user mode, or a supervisor mode; and
      
      wherein the processing system comprises at least one of;
      
      a first lower stack bound register and a first upper stack bound register for the 32-bit user mode, a second lower stack bound register and a second upper stack bound register for the 64-bit user mode, and a third lower stack bound register or a third upper stack bound register for the supervisor mode.
  - 6. The processing system of claim 1, wherein the stack bounds checking logic is further configured, responsive to receiving a processor state save command, to store in a specified memory location values of the lower stack bound register and the upper stack bound register.
  - 7. The processing system of claim 1, wherein the stack bounds checking logic is further configured, responsive to receiving a processor state restore command, to load from a specified memory location values of the lower stack bound register and the upper stack bound register.
  - 8. The processing system of claim 7, wherein the stack bounds checking logic is further configured to ascertain whether an integrity check value is equal to a value of a pre-defined hash function of a value of the lower stack bound register, a value of the upper stack bound register, and a pre-defined key value.
  - 9. The processing system of claim 1, further configured to operate in at least one of:
    - a user mode or a supervisor mode; and
      
      wherein the stack bounds checking logic is configured to disable changing values of the lower stack bound register and the upper stack bound register when operating the user mode.
  - 10. The processing system of claim 1, further comprising:
    - a base pointer (BP) register; and
      
      a stack pointer (SP) register;
      
      wherein the stack bound checking logic is further configured to store, using one of;
      
      the SP register or the BP register, the memory address being accessed via the stack segment.
  - 11. The processing system of claim 10, wherein the stack bounds checking logic is further configured to enable detecting unauthorized stack pivoting if the memory address being accessed is stored using the SP register;
    - andwherein the stack bounds checking logic is further configured to disable detecting unauthorized stack pivoting if the memory address being accessed is stored using the BP register.
  - 12. The processing system of claim 1, wherein the stack bounds checking logic is further configured:
    - responsive to receiving a stack check enable instruction, to enable detecting unauthorized stack pivoting; and
      
      responsive to receiving a stack check disable instruction, to disable detecting unauthorized stack pivoting.

13. A method, comprising:
- storing, by a processing system, a first memory address in a lower stack bound register, the first memory address identifying a lower bound of a memory addressable via a stack segment;
  
  storing a second memory address in an upper stack bound register, the second memory address identifying an upper bound of the memory addressable via the stack segment;
  
  detecting a memory access via the stack segment; and
  
  by comparing a memory address being accessed via the stack segment with at least one of the first memory address and the second memory address, in order to detect unauthorized stack pivoting.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, further comprising:
    - storing in a stack status register the memory address being accessed via the stack segment.
  - 15. The method of claim 13, further comprising:
    - determining that the memory address being accessed via the stack segment is less than the first memory address; and
      
      generating a stack fault exception.
  - 16. The method of claim 13, further comprising:
    - determining that the memory address being accessed via the stack segment is greater than the second memory address; and
      
      generating a stack fault exception.
  - 17. The method of claim 13, further comprising:
    - receiving a processor state save command; and
      
      storing in a memory a value of the lower stack bound register and a value of the upper stack bound register.
  - 18. The method of claim 13, further comprising:
    - receiving a processor state restore command; and
      
      loading from a memory a value of the lower stack bound register and a value of the upper stack bound register.
  - 19. The method of claim 13, further comprising:
    - receiving a processor state restore command;
      
      determining that an integrity check value is equal to a value of a pre-defined hash function of a value of the lower stack bound register, a value of the upper stack bound register, and a pre-defined key value; and
      
      loading the stack bound values into the lower stack bound register and the upper stack bound register.

20. A computer-readable non-transitory storage medium comprising executable instructions that, when executed by a processing system, cause the processing system to perform operations, comprising:
- storing a first memory address in a lower stack bound register, the first memory address identifying a lower bound of a memory addressable via a stack segment;
  
  storing a second memory address in an upper stack bound register, the second memory address identifying an upper bound of the memory addressable via the stack segment;
  
  detecting a memory access via the stack segment; and
  
  comparing a memory address being accessed via the stack segment with at least one of the first address and the second address, to detect an attempted stack bounds violation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Asit K. Mallick, Atul A. Khare, Baiju V. Patel, Brian L. Vajda, Gilbert Neiger, James B. Crossland, James S. Coke, Jason W. Brandt, Toby Opferman, Xiaoning Li
Inventors
PATEL, BAIJU V., LI, XIAONING, NEIGER, GILBERT, ANVIN, H P., MALLICK, ASIT K., CROSSLAND, JAMES B., OPFERMAN, TOBY, KHARE, ATUL A., BRANDT, JASON W., COKE, JAMES S., VAJDA, BRIAN L.

Granted Patent

US 9,239,801 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 12/145   the protection being virtua...

G06F 21/52   during program execution, e...

G06F 8/434   Pointers; Aliasing

G06F 9/30076   to perform miscellaneous co...

G06F 9/30105   Register structure

G06F 9/30134   Register stacks; shift regi...

SYSTEMS AND METHODS FOR PREVENTING UNAUTHORIZED STACK PIVOTING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR PREVENTING UNAUTHORIZED STACK PIVOTING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links