You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recent Intel x64 CPUs support a new security feature called CET (Control-flow Enforcement Technology). We plan to support it in the .NET 6.0.
Windows and Linux
Add Shadow stack popping during stack unwinding.
Windows
Add proper compiler and linker options to support CET for the C/C++ code.
Implement our own version of RtlRestoreContext for exception handling (done on Windows only for now)
Implement new way of thread suspension using a new user mode APC that would work the same way as on Unix.
Implement new way of return address hijacking compatible with the CET.
Make ThreadAbort work with CET enabled
Make GC stress 4/8 work with CET enabled
Enable CI for CET
Enable non-strict mode by default
Performance is comparable without CET enabled
Debugging support is not restricted with CET enabled
Linux
Add proper compiler options to enable IBT (indirect branch tracing) support and .note.gnu.property section to indicate our native runtime binaries are compatible with shadow stack and IBT.
Add ENDBR instructions at the beginning of asm helper functions that can be called using indirect jumps or calls.
Modify JIT to add ENDBR instructions at the beginning of all methods that can be called via indirect jumps or calls.
The Linux work depends on the availability of the CET support in the mainstream Linux kernel. There is a patch that adds some arch_prctl operations for the Intel CET.
Recent Intel x64 CPUs support a new security feature called CET (Control-flow Enforcement Technology). We plan to support it in the .NET 6.0.
Windows and Linux
Windows
Linux
.note.gnu.propertysection to indicate our native runtime binaries are compatible with shadow stack and IBT.arch_prctloperations for the Intel CET.