Attack Protection For Valid Gadget Control Transfers
First Claim
Patent Images
1. At least one computer readable medium including instructions that when executed enable a system to:
- during execution of a process on a processor of the system and prior to a call to a function, store a first value in a first register of a plurality of registers of the processor;
responsive to a control transfer termination (CTT) instruction encountered after a control transfer operation that returns from the function, determine whether a current value of the first register equals the first value; and
if so, continue execution of the process, and otherwise raise a violation.
0 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a processor comprises: a first register to store a first bound value for a stack to be stored in a memory; a second register to store a second bound value for the stack; a checker logic to determine, prior to an exit point at a conclusion of a function to be executed on the processor, whether a value of a stack pointer is within a range between the first bound value and the second bound value; and a logic to prevent a return to a caller of the function if the stack pointer value is not within the range. Other embodiments are described and claimed.
25 Citations
20 Claims
-
1. At least one computer readable medium including instructions that when executed enable a system to:
-
during execution of a process on a processor of the system and prior to a call to a function, store a first value in a first register of a plurality of registers of the processor; responsive to a control transfer termination (CTT) instruction encountered after a control transfer operation that returns from the function, determine whether a current value of the first register equals the first value; and if so, continue execution of the process, and otherwise raise a violation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
associated with a control transfer termination instruction, copying a return address of a function executed on a processor of a system and called during execution of a program to a top entry of a shadow stack of a memory, the return address further stored in a stack of the memory; at a conclusion of the function, comparing the return address stored in the stack to a value stored in the top entry of the shadow stack; and if the return address stored in the stack matches the value stored in the top entry of the shadow stack, returning to a caller of the function, and otherwise terminating the program. - View Dependent Claims (12, 13, 14, 15)
-
-
16. An apparatus comprising:
-
a decode circuit to decode instructions; an execution circuit to execute at least some of the decoded instructions; a first hardware stack to store return addresses; a second hardware stack comprising a shadow stack to store return addresses; and a control transfer termination (CTT) logic to determine, prior to a conclusion of a function, whether a first return address stored in the first hardware stack matches a first value stored in a first entry of the second hardware stack, and if the first return address matches the first value, return to a caller of the function via the first return address, and otherwise terminate the program. - View Dependent Claims (17, 18, 19, 20)
-
Specification