US 12,135,780 B2
Processor extensions to protect stacks during ring transitions
Vedvyas Shanbhogue, Austin, TX (US); Jason W. Brandt, Austin, TX (US); Ravi L. Sahita, Portland, OR (US); Barry E. Huntley, Hillsboro, OR (US); Baiju V. Patel, Portland, OR (US); and Deepak K. Gupta, Portland, OR (US)
Assigned to Intel Corporation, Santa Clara, CA (US)
Filed by Intel Corporation, Santa Clara, CA (US)
Filed on Aug. 10, 2023, as Appl. No. 18/232,810.
Application 18/232,810 is a continuation of application No. 17/407,035, filed on Aug. 19, 2021, granted, now 11,762,982.
Application 17/407,035 is a continuation of application No. 16/585,373, filed on Sep. 27, 2019, granted, now 11,176,243, issued on Nov. 16, 2021.
Application 16/585,373 is a continuation of application No. 15/016,068, filed on Feb. 4, 2016, granted, now 10,430,580, issued on Oct. 1, 2019.
Prior Publication US 2023/0401309 A1, Dec. 14, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/52 (2013.01); G06F 3/06 (2006.01); G06F 9/30 (2018.01); G06F 9/46 (2006.01); G06F 12/14 (2006.01)
CPC G06F 21/52 (2013.01) [G06F 3/0622 (2013.01); G06F 3/0637 (2013.01); G06F 3/0673 (2013.01); G06F 9/30101 (2013.01); G06F 9/30134 (2013.01); G06F 9/461 (2013.01); G06F 12/1491 (2013.01); G06F 2212/1052 (2013.01); G06F 2221/033 (2013.01); G06F 2221/2141 (2013.01)] 25 Claims
OG exemplary drawing
 
1. A processor comprising:
a first register corresponding to a first privilege level, the first register to store a first shadow stack pointer (SSP), the first SSP to identify a first shadow stack to be used by the processor at the first privilege level;
a second register corresponding to a second privilege level different than the first privilege level, the second register to store a second SSP, the second SSP to identify a second shadow stack to be used by the processor at the second privilege level;
decoder circuitry to decode a first instruction and a second instruction; and
an execution circuitry to:
execute the first instruction at the first privilege level to perform operations corresponding to the first instruction, including to:
receive the first SSP from the first register;
identify the first shadow stack using the first SSP; and
store a return address on the first shadow stack; and
execute the second instruction at the first privilege level to perform operations corresponding to the second instruction, including to:
receive the first SSP from the first register;
identify the first shadow stack using the first SSP;
receive the return address from the first shadow stack; and
ensure that a return is made to a return address matching the return address received from the first shadow stack.