-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[NativeAOT] When reconciling shadow stack after catch, use more precise way to figure how much to pop. #104652
Conversation
Tagging subscribers to this area: @agocke, @MichalStrehovsky, @jkotas |
I've just run into this locally too. Do we understand why none of the CI testing caught this? Is there a 9.0 issue tracking CET testing? |
Maybe typical lab runs use older hardware? Yes, there are plans to have regular lab runs that have CET enabled. Also with CFG enabled as well. |
/azp run runtime-nativeaot-outerloop |
Azure Pipelines successfully started running 1 pipeline(s). |
@janvorli - Switched to the "SSP on REGDISPLAY" approach. |
PCODE IP; | ||
PCODE IP; | ||
|
||
#ifdef TARGET_AMD64 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to make this new member Windows only? The ifdefs around places that work with this are somehow inconsistent - some of them check for windows too and some don't.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried to make it less platform-dependent initially, but as we moved through approaches it ended up being strictly wintel. Every piece working with this field is windows-only.
I will make the field windows-only as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thank you!
Thanks!! |
I do not think Linux timeouts are related to this win-x64-CET specific change. |
Fixes: #104628
After turning AVs in managed code into managed exceptions, we will not see the faulting/throwing IP on the shadow stack as redirecting vectored exception context is not a call thus will not push the faulting location to the shadow stack.
Also, there are other issues with throwing IP potentially present on the shadow stack multiple times, where the lowermost occurrence is not necessarily the correct one to unwind to.
To handle such cases we track the SSP unwinds in exception handling.
This is the same strategy as in #104820