Protection Against Return Oriented Programming Attacks

What is claimed is: 1 . A processor comprising: a core including a fetch unit to fetch instructions, a decode unit to decode the fetched instructions, at least one execution unit to execute one or more of the decoded instructions and a first logic comprising at least one hardware circuit coupled to the at least one execution unit, the first logic to: generate a check value based on a secret value responsive to a first instruction of an instruction set architecture (ISA); push the check value onto a call stack associated with a return pointer; pop the return pointer and the check value off the call stack responsive to a second instruction of the ISA; and determine whether the check value is valid based on a comparison to a validation check value. 2 . The processor of claim 1 , wherein the secret value is only accessible to an operating system, the secret value to be generated at a beginning of a session and stored in a secure location. 3 . The processor of claim 2 , wherein the secret value corresponds to a salt value based on a ROP security level. 4 . The processor of claim 1 , wherein, in response to determination that the check value is valid, the processor is to resume execution at a location specified by the return pointer, and otherwise indicate a possible Return Oriented Programming (ROP) attack. 5 . The processor of claim 1 , further comprising a control register including at least one bit to indicate whether the first logic is enabled. 6 . The processor of claim 1 , wherein the first logic is to generate the secret value under control of an operating system, responsive to a third instruction of the ISA. 7 . The processor of claim 6 , wherein the first logic is to generate the secret value based on a random number function and store the secret value in a secure storage. 8 . The processor of claim 1 , wherein the first logic is to: combine the secret value with a first operand including the return pointer to obtain a first combined value; obtain a first hash sum of the first combined value; combined the secret value with a second value to obtain a second combined value; obtain a second hash sum of the second combined value and the first hash sum; and obtain the check value from the second hash sum. 9 . The processor of claim 1 , wherein the first logic is to generate the check value by at least one of encryption of the secret value with the return pointer, and encryption of the secret value with a stack pointer. 10 . The processor of claim 1 , wherein the first logic is further to remove the check value and the return pointer from the call stack, and generate the validation check value based at least in part thereon. 11 . The processor of claim 1 , wherein, in response to determination that the check value is valid, the processor is to validate that the return pointer is not part of a Return Oriented Programming (ROP) attack. 12 . At least one computer readable storage medium comprising instructions that when executed enable a system to: obtain, via a first logic of a processor, a check value and a return pointer from a call stack stored in a memory, wherein the processor comprises a control register including at least one bit to indicate whether the first logic is enabled; determine whether the check value was generated from a secret value generated based on a security level at a beginning of a session and stored in a secure location; and upon determination that the check value was generated from the secret value, execute the return pointer, wherein the check value is associated with the return pointer. 13 . The at least one computer readable medium of claim 12 , further comprising instructions that when executed enable the system to generate the check value using the secret value in response to a call for a subroutine. 14 . The at least one computer readable medium of claim 12 , further comprising instructions that when executed enable the system to store the return pointer and the check value on the call stack. 15 . The at least one computer readable medium of claim 12 , further comprising instructions that when executed enable the system to determine the security level based on a level of return oriented programming (ROP) functionality of the processor. 16 . The at least one computer readable medium of claim 12 , further comprising instructions that when executed enable the system to, upon a determination that the check value is not valid, raise an exception without execution of the return pointer. 17 . A processor comprising: a plurality of cores; at least one graphics engine; a shared cache memory coupled to the plurality of cores and the at least one graphics engine; a memory controller; and wherein a first core of the plurality of cores comprises a first logic to: generate a check value based on a secret value responsive to a first instruction of an instruction set architecture (ISA); push the check value onto a call stack associated with a return pointer; pop the return pointer and the check value off the call stack responsive to a second instruction of the ISA; and determine whether the check value is valid based on a comparison to a validation check value. 17 . The processor of claim 16 , wherein, in response to determination that the check value is valid, the processor is to resume execution at a location specified by the return pointer, and otherwise indicate a possible Return Oriented Programming (ROP) attack. 18 . The processor of claim 16 , wherein, in response to determination that the check value is valid, the processor is to validate that the return pointer is not part of a Return Oriented Programming (ROP) attack. 19 . The processor of claim 16 , wherein the first logic is to generate the secret value based on a random number function under control of an operating system responsive to a third instruction of the ISA, and store the secret value in a secure storage. 20 . The processor of claim 16 , wherein the first logic is to: combine the secret value with a first operand including the return pointer to obtain a first combined value; obtain a first hash sum of the first combined value; combined the secret value with a second value to obtain a second combined value; obtain a second hash sum of the second combined value and the first hash sum; and obtain the check value from the second hash sum.