Skip to content

ARM Branch Target Identification

Aynı teknik/CVE: bkz. canonical not Branch Target Identification (BTI).

Mechanism

Bu not, ARMv8.5-A BTI'nın bir duplicate write-up'ıdır. Tam mekanizma — guarded page'ler (PTE_GP = 1 << 50), PSTATE.BTYPE, landing pad sınıfları (BTI c/j/jc) ve Branch Target Exception (ESR_ELx_EC_BTI = 0x0DSIGILL/ILL_BTCFI) — canonical not'ta: Branch Target Identification (BTI).

Walkthrough

Tam walkthrough canonical not'ta: Branch Target Identification (BTI).

References