From cd07abf82704fba4a149c077cea1ecd0c7f66815 Mon Sep 17 00:00:00 2001 From: Ved Shanbhogue Date: Wed, 22 Nov 2023 10:12:50 -0600 Subject: [PATCH] formating fixes --- cfi_intro.adoc | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/cfi_intro.adoc b/cfi_intro.adoc index f828ac4..3498225 100644 --- a/cfi_intro.adoc +++ b/cfi_intro.adoc @@ -2,16 +2,15 @@ == Introduction Control-flow Integrity (CFI) capabilities help defend against Return-Oriented -Programming (ROP) and the Zicfilp extension provides CFI capabilities to defend -against Call/Jump-Oriented Programming (COP/JOP) style control-flow subversion -attacks. These attack methodologies use code sequences in authorized modules, -with at least one instruction in the sequence being a control transfer -instruction that depends on attacker-controlled data either in the return stack -or in memory used to obtain the target address for a call or jump. Attackers -stitch these sequences together by diverting the control flow instructions -(e.g., `JALR`, `C.JR`, `C.JALR`), from their original target address to a new -target via modification in the return stack or in the memory used to obtain the -jump/call target address. +Programming (ROP) and Call/Jump-Oriented Programming (COP/JOP) style +control-flow subversion attacks. These attack methodologies use code sequences +in authorized modules, with at least one instruction in the sequence being a +control transfer instruction that depends on attacker-controlled data either in +the return stack or in memory used to obtain the target address for a call or +jump. Attackers stitch these sequences together by diverting the control flow +instructions (e.g., `JALR`, `C.JR`, `C.JALR`), from their original target +address to a new target via modification in the return stack or in the memory +used to obtain the jump/call target address. RV32/RV64 provide two types of control transfer instructions - unconditional jumps and conditional branches. Conditional branches encode an offset in the