Attack Protection for valid gadget control transfers
First Claim
Patent Images
1. A processor comprising:
- a first hardware register to store a first bound value for a stack to be stored in a memory;
a second hardware register to store a second bound value for the stack;
a checker logic to determine, prior to an exit point at a conclusion of a function to be executed on the processor, whether a value of a stack pointer is within a range between the first bound value and the second bound value;
a logic to prevent a return to a caller of the function if the stack pointer value is not within the range; and
a second logic to store a random value in a third register prior to a call to the function, and in response to a control transfer termination (CTT) instruction encountered after a control transfer instruction that returns from the function, determine whether a current value of the third register equals the random value, and if so, continue execution of the caller of the function, and otherwise to terminate execution.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a processor comprises: a first register to store a first bound value for a stack to be stored in a memory; a second register to store a second bound value for the stack; a checker logic to determine, prior to an exit point at a conclusion of a function to be executed on the processor, whether a value of a stack pointer is within a range between the first bound value and the second bound value; and a logic to prevent a return to a caller of the function if the stack pointer value is not within the range. Other embodiments are described and claimed.
68 Citations
13 Claims
-
1. A processor comprising:
-
a first hardware register to store a first bound value for a stack to be stored in a memory; a second hardware register to store a second bound value for the stack; a checker logic to determine, prior to an exit point at a conclusion of a function to be executed on the processor, whether a value of a stack pointer is within a range between the first bound value and the second bound value; a logic to prevent a return to a caller of the function if the stack pointer value is not within the range; and a second logic to store a random value in a third register prior to a call to the function, and in response to a control transfer termination (CTT) instruction encountered after a control transfer instruction that returns from the function, determine whether a current value of the third register equals the random value, and if so, continue execution of the caller of the function, and otherwise to terminate execution. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. At least one non-transitory computer readable storage medium comprising instructions that when executed enable a system to:
-
store, in a first register, a first bound value for a stack to be stored in a memory;
store, in a second register, a second bound value for the stack;determine, prior to an exit point at a conclusion of a function, whether a value of a stack pointer is within a range between the first bound value and the second bound value; prevent a return to a caller of the function if the stack pointer value is not within the range; and store a random value in a third register prior to a call to the function, and in response to a control transfer termination (CTT) instruction encountered after a control transfer instruction that returns from the function, determine whether a current value of the third register equals the random value, and if so, continue execution of the caller of the function, and otherwise to terminate execution. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification