HARDWARE SHADOW STACK SUPPORT FOR LEGACY GUESTS

摘要

Technologies for shadow stack support for legacy guests include a computing device having a processor with shadow stack support. During execution of a call instruction, the processor determines whether a legacy stack pointer is within bounds and generates a virtual machine exit if the legacy stack pointer is out-of-bounds. If not out-of-bounds, the processor pushes a return address onto the legacy stack and onto a shadow stack protected by a hypervisor. During execution of a return instruction, the processor determines whether top return addresses of the legacy stack and the shadow stack match, and generates a virtual machine exit if the return addresses do not match. If the return addresses match, the processor pops the return addresses off of the legacy stack and off of the shadow stack. The stack out-of-bounds and the stack mismatch virtual machine exits may be handled by the hypervisor. Other embodiments are described and claimed.

主权项

1. A computing device for shadow stack support for legacy guests, the computing device comprising:
a processor comprising a call module to execute a call instruction in stack monitoring mode, wherein to execute the call instruction comprises to:
determine whether a legacy stack pointer of the computing device is within a stack bounds of the computing device;generate a virtual machine exit to a stack out-of-bounds handler in response to a determination that the legacy stack pointer is not within the stack bounds;push a return address onto a legacy stack stored in a first memory region of the computing device in response to a determination that the legacy stack pointer is within the stack bounds; andpush the return address onto a shadow stack stored in a second memory region of the computing device in response to the determination that the legacy stack pointer is within the stack bounds, wherein the second memory region is isolated from the first memory region.