Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable CET shadow stack compatibility in apphost/singlefilehost by default #103007

Merged
merged 8 commits into from
Jun 6, 2024
Merged

Enable CET shadow stack compatibility in apphost/singlefilehost by default #103007

merged 8 commits into from
Jun 6, 2024

Conversation

elinor-fung
Copy link
Member

Enable CET shadow stack compatibility in apphost/singlefilehost by default

  • Build Windows x64 apphost and singlefilehost with /cetcompat (shared libraries are already being built with this flag)
  • Allow disabling CET compat (clearing the DLL characteristics bit in the PE image) in HostWriter.CreateAppHost
  • Add unit/integration tests

This change makes it so that a user's app will have CET compatibility enabled by default (for Windows x64). There will be a corresponding change on the SDK side such that it can be disabled with <CetCompat>false</CetCompat>.

cc @dotnet/appmodel @janvorli @mangod9

@elinor-fung elinor-fung added the area-HostModel Microsoft.NET.HostModel issues label Jun 3, 2024
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @vitek-karas, @agocke
See info in area-owners.md if you want to be subscribed.

janvorli
janvorli approved these changes Jun 3, 2024
View reviewed changes
Copy link
Member

@janvorli janvorli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you!

mangod9
mangod9 approved these changes Jun 3, 2024
View reviewed changes
Copy link
Member

@mangod9 mangod9 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for implementing this. We should keep an eye on CI, we had noticed that the CET specific CI was failing with new EH enabled, so wondering if that would affect a wider spectrum after this merges.

AaronRobinsonMSFT
AaronRobinsonMSFT approved these changes Jun 3, 2024
View reviewed changes
Copy link
Member

@AaronRobinsonMSFT AaronRobinsonMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

This was referenced Jun 4, 2024
Closed
Closed
@janvorli
Copy link
Member

janvorli commented Jun 4, 2024

@elinor-fung please don't merge this change in yet. I was investigating a CET test leg failure yesterday and found a problem with the shadow stack and the new exception handling that needs to be addressed before this change gets in.

@janvorli janvorli added the NO-MERGE The PR is not ready for merge yet (see discussion for detailed reasons) label Jun 4, 2024
@janvorli
Copy link
Member

janvorli commented Jun 5, 2024

@elinor-fung my CET fix is merged in, so please feel free to merge this in once the CI is green.

@janvorli janvorli removed the NO-MERGE The PR is not ready for merge yet (see discussion for detailed reasons) label Jun 5, 2024
@elinor-fung
Copy link
Member Author

Thanks, @janvorli!

@build-analysis build-analysis bot mentioned this pull request Jun 6, 2024
Closed
@elinor-fung elinor-fung merged commit 219cf1f into dotnet:main Jun 6, 2024
146 of 148 checks passed
@elinor-fung elinor-fung deleted the host-cet-compat branch June 6, 2024 16:44
@elinor-fung elinor-fung mentioned this pull request Jun 7, 2024
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Jul 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jkoritzinsky jkoritzinsky jkoritzinsky left review comments

@mangod9 mangod9 mangod9 approved these changes

@AaronRobinsonMSFT AaronRobinsonMSFT AaronRobinsonMSFT approved these changes

@janvorli janvorli janvorli approved these changes

Assignees

@elinor-fung elinor-fung

Labels
area-HostModel Microsoft.NET.HostModel issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@elinor-fung @janvorli @jkoritzinsky @AaronRobinsonMSFT @mangod9