Indirect branch tracking: Difference between revisions
Content deleted Content added
m ce |
|||
| (5 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
{{Short description|Control flow integrity technology}} |
{{Short description|Control flow integrity technology}} |
||
'''Indirect branch tracking''' (IBT), also known as '''branch target identification''' (BTI) is a [[control flow integrity]] mechanism implemented on some Intel [[x86-64]] and [[ARM-64]] processors. IBT is designed to protect against [[Computer security exploit|computer security exploits]] that use indirect branch instructions to jump into code in unintended ways, such as [[return-oriented programming]]. |
'''Indirect branch tracking''' ('''IBT'''), also known as '''branch target identification''' ('''BTI'''), is a [[control flow integrity]] mechanism implemented on some Intel [[x86-64]] and [[ARM-64]] processors. IBT is designed to protect against [[Computer security exploit|computer security exploits]] that use indirect branch instructions to jump into code in unintended ways, such as [[return-oriented programming]]. |
||
It creates a special "branch target" instructions that have no function other than to mark a location as a valid [[indirect branch]] target, with the processor capable of being put into a mode where it will raise an exception if an indirect branch is made to a location without a branch target instruction. |
It creates a special "branch target" instructions that have no function other than to mark a location as a valid [[indirect branch]] target, with the processor capable of being put into a mode where it will raise an exception if an indirect branch is made to a location without a branch target instruction. |
||
== Implementations == |
== Implementations == |
||
On Intel processors, the technique is known as Indirect Branch Tracking (IBT), with the "end branch" instructions {{tt|endbr32}} and {{tt|endbr64}} acting as the branch target instructions.<ref>{{Cite web |last=Corbet |first=Jonathan |date=March 31, 2022 |title=Indirect branch tracking for Intel CPUs |url=https://lwn.net/Articles/889475/ |access-date=2023-07-14 |website=lwn.net}}</ref> |
On Intel processors, the technique is known as Indirect Branch Tracking (IBT), with the "end branch" instructions {{tt|endbr32}} and {{tt|endbr64}} acting as the branch target instructions for 32 and 64 bit mode respectively.<ref>{{Cite web |last=Corbet |first=Jonathan |date=March 31, 2022 |title=Indirect branch tracking for Intel CPUs |url=https://lwn.net/Articles/889475/ |access-date=2023-07-14 |website=lwn.net}}</ref><ref>{{Cite web |title=Indirect Branch Tracking - 006 - ID:655258 {{!}} 12th Generation Intel® Core™ Processors |url=https://edc.intel.com/content/www/us/en/design/ipla/software-development-platforms/client/platforms/alder-lake-desktop/12th-generation-intel-core-processors-datasheet-volume-1-of-2/006/indirect-branch-tracking/ |access-date=2024-02-23 |website=edc.intel.com}}</ref> IBT is part of the Intel Control-Flow Enforcement Technology first released in the [[Tiger Lake]] generation of processors.<ref>{{Cite web |title=Intel brings novel CET technology to Tiger Lake mobile CPUs |url=https://www.zdnet.com/article/intel-brings-novel-cet-technology-to-tiger-lake-mobile-cpus/ |access-date=2024-02-23 |website=ZDNET |language=en}}</ref> |
||
The similar technology on ARM-64 processors is called Branch Target Identification (BTI), with the instruction, also called {{tt|BTI}}, having three variants that make it check only for jumps, or function calls, or for both.<ref>{{Cite web |date=December 2021 |title=Documentation – Arm Developer |url=https://developer.arm.com/documentation/ddi0596/2021-12/Base-Instructions/BTI--Branch-Target-Identification- |access-date=2023-07-14 |website=developer.arm.com}}</ref><ref>{{Cite web |title=Documentation – Arm Developer |url=https://developer.arm.com/documentation/100076/0100/A64-Instruction-Set-Reference/A64-General-Instructions/BTI?lang=en |access-date=2024-02-23 |website=developer.arm.com}}</ref> |
|||
== References == |
== References == |
||
| Line 11: | Line 13: | ||
[[Category:Computer security]] |
[[Category:Computer security]] |
||
[[Category:Control flow integrity]] |
|||
Latest revision as of 02:23, 19 June 2024
Indirect branch tracking (IBT), also known as branch target identification (BTI), is a control flow integrity mechanism implemented on some Intel x86-64 and ARM-64 processors. IBT is designed to protect against computer security exploits that use indirect branch instructions to jump into code in unintended ways, such as return-oriented programming.
It creates a special "branch target" instructions that have no function other than to mark a location as a valid indirect branch target, with the processor capable of being put into a mode where it will raise an exception if an indirect branch is made to a location without a branch target instruction.
Implementations[edit]
On Intel processors, the technique is known as Indirect Branch Tracking (IBT), with the "end branch" instructions endbr32 and endbr64 acting as the branch target instructions for 32 and 64 bit mode respectively.[1][2] IBT is part of the Intel Control-Flow Enforcement Technology first released in the Tiger Lake generation of processors.[3]
The similar technology on ARM-64 processors is called Branch Target Identification (BTI), with the instruction, also called BTI, having three variants that make it check only for jumps, or function calls, or for both.[4][5]
References[edit]
- ^ Corbet, Jonathan (March 31, 2022). "Indirect branch tracking for Intel CPUs". lwn.net. Retrieved 2023-07-14.
- ^ "Indirect Branch Tracking - 006 - ID:655258 | 12th Generation Intel® Core™ Processors". edc.intel.com. Retrieved 2024-02-23.
- ^ "Intel brings novel CET technology to Tiger Lake mobile CPUs". ZDNET. Retrieved 2024-02-23.
- ^ "Documentation – Arm Developer". developer.arm.com. December 2021. Retrieved 2023-07-14.
- ^ "Documentation – Arm Developer". developer.arm.com. Retrieved 2024-02-23.
 | This computer security article is a stub. You can help Wikipedia by expanding it. |