| CPC G06F 3/0673 (2013.01) [G06F 3/0622 (2013.01); G06F 3/0629 (2013.01); G06F 9/30054 (2013.01); G06F 9/30101 (2013.01); G06F 9/30134 (2013.01); G06F 9/30145 (2013.01); G06F 9/323 (2023.08); G06F 9/3806 (2013.01); G06F 9/3861 (2013.01); G06F 12/1009 (2013.01); G06F 12/1027 (2013.01); G06F 12/1036 (2013.01); G06F 12/1063 (2013.01); G06F 12/1081 (2013.01); G06F 12/109 (2013.01); G06F 12/1491 (2013.01); G06F 21/52 (2013.01); G06F 2212/1052 (2013.01); G06F 2212/151 (2013.01); G06F 2212/651 (2013.01); G06F 2212/657 (2013.01)] | 21 Claims |
|
1. A processor comprising:
a shadow stack pointer (SSP) register to store a current SSP to identify a current shadow stack;
a decode unit to decode a shadow stack protection instruction, the shadow stack protection instruction to indicate a first SSP, the first SSP to identify a first shadow stack; and
an execution unit coupled with the decode unit, the execution unit, in response to the shadow stack protection instruction, to:
perform a plurality of security checks, including to determine whether a value derived from the first SSP, based on a transformation of the first SSP, is equal to a value accessed from the first shadow stack;
cause an exception, if at least one of the security checks fails; and
restore SSP state information to the SSP register, if all of the security checks succeed.
|