ARM Branch Target Identification¶
Aynı teknik/CVE: bkz. canonical not Branch Target Identification (BTI).
Mechanism¶
Bu not, ARMv8.5-A BTI'nın bir duplicate write-up'ıdır. Tam mekanizma — guarded
page'ler (PTE_GP = 1 << 50), PSTATE.BTYPE, landing pad sınıfları (BTI c/j/jc)
ve Branch Target Exception (ESR_ELx_EC_BTI = 0x0D → SIGILL/ILL_BTCFI) —
canonical not'ta: Branch Target Identification (BTI).
Walkthrough¶
Tam walkthrough canonical not'ta: Branch Target Identification (BTI).
References¶
- Arm Community. Enabling PAC and BTI on AArch64 for Linux. — https://developer.arm.com/community/arm-community-blogs/b/architectures-and-processors-blog/posts/enabling-pac-and-bti-on-aarch64
- GCC. AArch64 Options (-mbranch-protection). — https://gcc.gnu.org/onlinedocs/gcc/AArch64-Options.html