Indirect branch tracking

Last updated

Indirect branch tracking (IBT), also known as branch target identification (BTI) is a control flow integrity mechanism implemented on some Intel x86-64 and ARM-64 processors. IBT is designed to protect against computer security exploits that use indirect branch instructions to jump into code in unintended ways, such as return-oriented programming.

It creates a special "branch target" instructions that have no function other than to mark a location as a valid indirect branch target, with the processor capable of being put into a mode where it will raise an exception if an indirect branch is made to a location without a branch target instruction.

Implementations

On Intel processors, the technique is known as Indirect Branch Tracking (IBT), with the "end branch" instructions endbr32 and endbr64 acting as the branch target instructions for 32 and 64 bit mode respectively. [1] [2] IBT is part of the Intel Control-Flow Enforcement Technology first released in the Tiger Lake generation of processors. [3]

The similar technology on ARM-64 processors is called Branch Target Identification (BTI), with the instruction, also called BTI, having three variants that make it check only for jumps, or function calls, or for both. [4] [5]

Related Research Articles

ARM is a family of RISC instruction set architectures (ISAs) for computer processors. Arm Ltd. develops the ISAs and licenses them to other companies, who build the physical devices that use the instruction set. It also designs and licenses cores that implement these ISAs.

The Motorola 68000 series is a family of 32-bit complex instruction set computer (CISC) microprocessors. During the 1980s and early 1990s, they were popular in personal computers and workstations and were the primary competitors of Intel's x86 microprocessors. They were best known as the processors used in the early Apple Macintosh, the Sharp X68000, the Commodore Amiga, the Sinclair QL, the Atari ST and Falcon, the Atari Jaguar, the Sega Genesis, the Philips CD-i, the Capcom System I (Arcade), the AT&T UNIX PC, the Tandy Model 16/16B/6000, the Sun Microsystems Sun-1, Sun-2 and Sun-3, the NeXT Computer, NeXTcube, NeXTstation, and NeXTcube Turbo, early Silicon Graphics IRIS workstations, computers from MASSCOMP, the Texas Instruments TI-89/TI-92 calculators, the Palm Pilot, the Control Data Corporation CDCNET Device Interface, and the Space Shuttle. Although no modern desktop computers are based on processors in the 680x0 series, derivative processors are still widely used in embedded systems.

XScale is a microarchitecture for central processing units initially designed by Intel implementing the ARM architecture instruction set. XScale comprises several distinct families: IXP, IXC, IOP, PXA and CE, with some later models designed as system-on-a-chip (SoC). Intel sold the PXA family to Marvell Technology Group in June 2006. Marvell then extended the brand to include processors with other microarchitectures, like Arm's Cortex.

A processor register is a quickly accessible location available to a computer's processor. Registers usually consist of a small amount of fast storage, although some registers have specific hardware functions, and may be read-only or write-only. In computer architecture, registers are typically addressed by mechanisms other than main memory, but may in some cases be assigned a memory address e.g. DEC PDP-10, ICT 1900.

The x86 instruction set refers to the set of instructions that x86-compatible microprocessors support. The instructions are usually part of an executable program, often stored as a computer file and executed on the processor.

In the 80386 microprocessor and later, virtual 8086 mode allows the execution of real mode applications that are incapable of running directly in protected mode while the processor is running a protected mode operating system. It is a hardware virtualization technique that allowed multiple 8086 processors to be emulated by the 386 chip. It emerged from the painful experiences with the 80286 protected mode, which by itself was not suitable to run concurrent real-mode applications well. John Crawford developed the Virtual Mode bit at the register set, paving the way to this environment.

A branch is an instruction in a computer program that can cause a computer to begin executing a different instruction sequence and thus deviate from its default behavior of executing instructions in order. Branch may also refer to the act of switching execution to a different instruction sequence as a result of executing a branch instruction. Branch instructions are used to implement control flow in program loops and conditionals.

<span class="mw-page-title-main">QEMU</span> Free virtualization and emulation software

QEMU is a free and open-source emulator. It emulates a computer's processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety of guest operating systems. It can interoperate with Kernel-based Virtual Machine (KVM) to run virtual machines at near-native speed. QEMU can also do emulation for user-level processes, allowing applications compiled for one architecture to run on another.

In the x86 architecture, the CPUID instruction is a processor supplementary instruction allowing software to discover details of the processor. It was introduced by Intel in 1993 with the launch of the Pentium and SL-enhanced 486 processors.

Intel oneAPI DPC++/C++ Compiler and Intel C++ Compiler Classic are Intel’s C, C++, SYCL, and Data Parallel C++ (DPC++) compilers for Intel processor-based systems, available for Windows, Linux, and macOS operating systems.

Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing.

<span class="mw-page-title-main">Intel Core</span> Line of CPUs by Intel

Intel Core is a line of multi-core central processing units (CPUs) for midrange, embedded, workstation, high-end and enthusiast computer markets marketed by Intel Corporation. These processors displaced the existing mid- to high-end Pentium processors at the time of their introduction, moving the Pentium to the entry level. Identical or more capable versions of Core processors are also sold as Xeon processors for the server and workstation markets.

<span class="mw-page-title-main">Intel Graphics Technology</span> Series of integrated graphics processors by Intel

Intel Graphics Technology (GT) is the collective name for a series of integrated graphics processors (IGPs) produced by Intel that are manufactured on the same package or die as the central processing unit (CPU). It was first introduced in 2010 as Intel HD Graphics and renamed in 2017 as Intel UHD Graphics.

Transactional Synchronization Extensions (TSX), also called Transactional Synchronization Extensions New Instructions (TSX-NI), is an extension to the x86 instruction set architecture (ISA) that adds hardware transactional memory support, speeding up execution of multi-threaded software through lock elision. According to different benchmarks, TSX/TSX-NI can provide around 40% faster applications execution in specific workloads, and 4–5 times more database transactions per second (TPS).

Tiger Lake is Intel's codename for the 11th generation Intel Core mobile processors based on the Willow Cove Core microarchitecture, manufactured using Intel's third-generation 10 nm process node known as 10SF. Tiger Lake replaces the Ice Lake family of mobile processors, representing an optimization step in Intel's process–architecture–optimization model.

Control-flow integrity (CFI) is a general term for computer security techniques that prevent a wide variety of malware attacks from redirecting the flow of execution of a program.

Transient execution CPU vulnerabilities are vulnerabilities in a computer system in which a speculative execution optimization implemented in a microprocessor is exploited to leak secret data to an unauthorized party. The archetype is Spectre, and transient execution attacks like Spectre belong to the cache-attack category, one of several categories of side-channel attacks. Since January 2018 many different cache-attack vulnerabilities have been identified.

<span class="mw-page-title-main">Alder Lake</span> Intel microprocessor family

Alder Lake is Intel's codename for the 12th generation of Intel Core processors based on a hybrid architecture utilizing Golden Cove performance cores and Gracemont efficient cores. It is fabricated using Intel's Intel 7 process, previously referred to as Intel 10 nm Enhanced SuperFin (10ESF). The 10ESF has a 10%-15% boost in performance over the 10SF used in the mobile Tiger Lake processors. Intel officially announced 12th Gen Intel Core CPUs on October 27, 2021, mobile CPUs and non-K series desktop CPUs on January 4, 2022, Alder Lake-P and -U series on February 23, 2022, and Alder Lake-HX series on May 10, 2022.

Willow Cove is a codename for a CPU microarchitecture developed by Intel and released in September 2020. Willow Cove is the successor to the Sunny Cove microarchitecture, and is fabricated using Intel's enhanced 10 nm process node called 10 nm SuperFin (10SF). The microarchitecture powers 11th-generation Intel Core mobile processors.

References

  1. Corbet, Jonathan (March 31, 2022). "Indirect branch tracking for Intel CPUs". lwn.net. Retrieved 2023-07-14.
  2. "Indirect Branch Tracking - 006 - ID:655258 | 12th Generation Intel® Core™ Processors". edc.intel.com. Retrieved 2024-02-23.
  3. "Intel brings novel CET technology to Tiger Lake mobile CPUs". ZDNET. Retrieved 2024-02-23.
  4. "Documentation – Arm Developer". developer.arm.com. December 2021. Retrieved 2023-07-14.
  5. "Documentation – Arm Developer". developer.arm.com. Retrieved 2024-02-23.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.