Disable CET enforcement #409

Closed

EmulationEnjoyer wants to merge 1 commits from master into master

pull from: master

merge into: MeloNX:master

Conversation 5 Commits 1 Files Changed 1 +1

EmulationEnjoyer commented 2024-12-20 11:21:49 +00:00 (Migrated from github.com)

Copy Link

Since canary build 1.2.97 when the project was moved to .NET 9 (ref: ff6628149d), Ryujinx has been failing to launch. The cause is the "Control-flow Enforcement Technology Shadow Stack (.NET 9+)" feature introduced in .NET 9

This specifically affects Windows 10, and more specifically an install of Windows 10 that is not fully up-to-date

This fix allows (Windows 10) systems that are not completely up to date as of the current .NET 9 runtime release to launch Ryujinx. Without this fix the user will receive the following output and an application crash:

CLR: Assert failure(PID 10616 [0x00002978], Thread: 11424 [0x2ca0]): !AreShadowStacksEnabled() || UseSpecialUserModeApc()
File: D:\a_work\1\s\src\coreclr\vm\threads.cpp:7938
Image: Ryujinx.exe

Possible fixes to this issue:

1. User updates their system on top of installing the .NET 9 runtime
2. User disables Control-Flow Guard exploit protection in the Exploit Protection section of the Windows Security applet
3. Merge this pull request to disable CET enforcement by Ryujinx

refs:

https://github.com/dotnet/runtime/issues/108589
https://github.com/dotnet/docs/issues/42600
https://learn.microsoft.com/en-us/dotnet/core/compatibility/interop/9.0/cet-support
https://learn.microsoft.com/en-us/dotnet/core/deploying/native-aot/security#control-flow-enforcement-technology-shadow-stack-net-9

edit:

Disabling CFG exploit protection does not allow Ryujinx to launch with CET enforcement enabled

Since canary build 1.2.97 when the project was moved to .NET 9 (ref: https://github.com/GreemDev/Ryujinx/commit/ff6628149d60663d55894ecccda00efcb306c19d), Ryujinx has been failing to launch. The cause is the "[Control-flow Enforcement Technology Shadow Stack (.NET 9+)](https://learn.microsoft.com/en-us/dotnet/core/deploying/native-aot/security#control-flow-enforcement-technology-shadow-stack-net-9)" feature introduced in .NET 9 *This specifically affects Windows 10, and more specifically an install of Windows 10 that is not _fully_ up-to-date* This fix allows (Windows 10) systems that are not completely up to date as of the current .NET 9 runtime release to launch Ryujinx. Without this fix the user will receive the following output and an application crash: > CLR: Assert failure(PID 10616 [0x00002978], Thread: 11424 [0x2ca0]): !AreShadowStacksEnabled() || UseSpecialUserModeApc() > File: D:\a\_work\1\s\src\coreclr\vm\threads.cpp:7938 > Image: Ryujinx.exe Possible fixes to this issue: 1. User updates their system on top of installing the .NET 9 runtime 2. ~~User disables Control-Flow Guard exploit protection in the Exploit Protection section of the Windows Security applet~~ 3. Merge this pull request to disable CET enforcement by Ryujinx refs: https://github.com/dotnet/runtime/issues/108589 https://github.com/dotnet/docs/issues/42600 https://learn.microsoft.com/en-us/dotnet/core/compatibility/interop/9.0/cet-support https://learn.microsoft.com/en-us/dotnet/core/deploying/native-aot/security#control-flow-enforcement-technology-shadow-stack-net-9 edit: Disabling CFG exploit protection _**does not**_ allow Ryujinx to launch with CET enforcement enabled

github-actions[bot] commented 2024-12-20 11:30:35 +00:00 (Migrated from github.com)

Copy Link

Download the artifacts for this pull request:

• ryujinx-Release-1.2.0+7ecfc71-linux_arm64
• ryujinx-Release-1.2.0+7ecfc71-linux_arm64-AppImage
• ryujinx-Release-1.2.0+7ecfc71-linux_x64
• ryujinx-Release-1.2.0+7ecfc71-linux_x64-AppImage
• ryujinx-Release-1.2.0+7ecfc71-macos_universal
• ryujinx-Release-1.2.0+7ecfc71-win_x64

GUI-less

• nogui-ryujinx-Release-1.2.0+7ecfc71-linux_arm64
• nogui-ryujinx-Release-1.2.0+7ecfc71-linux_x64
• nogui-ryujinx-Release-1.2.0+7ecfc71-macos_universal
• nogui-ryujinx-Release-1.2.0+7ecfc71-win_x64

Only for Developers

• ryujinx-Debug-1.2.0+7ecfc71-linux_arm64
• ryujinx-Debug-1.2.0+7ecfc71-linux_arm64-AppImage
• nogui-ryujinx-Debug-1.2.0+7ecfc71-linux_arm64
• ryujinx-Debug-1.2.0+7ecfc71-linux_x64
• ryujinx-Debug-1.2.0+7ecfc71-linux_x64-AppImage
• nogui-ryujinx-Debug-1.2.0+7ecfc71-linux_x64
• ryujinx-Debug-1.2.0+7ecfc71-macos_universal
• nogui-ryujinx-Debug-1.2.0+7ecfc71-macos_universal
• ryujinx-Debug-1.2.0+7ecfc71-win_x64
• nogui-ryujinx-Debug-1.2.0+7ecfc71-win_x64

Download the artifacts for this pull request: * [ryujinx-Release-1.2.0+7ecfc71-linux_arm64](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348052570.zip) * [ryujinx-Release-1.2.0+7ecfc71-linux_arm64-AppImage](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348052658.zip) * [ryujinx-Release-1.2.0+7ecfc71-linux_x64](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348057504.zip) * [ryujinx-Release-1.2.0+7ecfc71-linux_x64-AppImage](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348057604.zip) * [ryujinx-Release-1.2.0+7ecfc71-macos_universal](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348063006.zip) * [ryujinx-Release-1.2.0+7ecfc71-win_x64](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348068625.zip) <details><summary>GUI-less</summary> * [nogui-ryujinx-Release-1.2.0+7ecfc71-linux_arm64](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348052792.zip) * [nogui-ryujinx-Release-1.2.0+7ecfc71-linux_x64](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348057760.zip) * [nogui-ryujinx-Release-1.2.0+7ecfc71-macos_universal](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348063362.zip) * [nogui-ryujinx-Release-1.2.0+7ecfc71-win_x64](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348068774.zip) </details> <details><summary>Only for Developers</summary> * [ryujinx-Debug-1.2.0+7ecfc71-linux_arm64](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348052508.zip) * [ryujinx-Debug-1.2.0+7ecfc71-linux_arm64-AppImage](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348052597.zip) * [nogui-ryujinx-Debug-1.2.0+7ecfc71-linux_arm64](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348052738.zip) * [ryujinx-Debug-1.2.0+7ecfc71-linux_x64](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348059102.zip) * [ryujinx-Debug-1.2.0+7ecfc71-linux_x64-AppImage](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348059198.zip) * [nogui-ryujinx-Debug-1.2.0+7ecfc71-linux_x64](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348059333.zip) * [ryujinx-Debug-1.2.0+7ecfc71-macos_universal](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348063278.zip) * [nogui-ryujinx-Debug-1.2.0+7ecfc71-macos_universal](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348063456.zip) * [ryujinx-Debug-1.2.0+7ecfc71-win_x64](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348070727.zip) * [nogui-ryujinx-Debug-1.2.0+7ecfc71-win_x64](https://nightly.link/GreemDev/Ryujinx/actions/artifacts/2348070884.zip) </details>

EmulationEnjoyer commented 2024-12-23 14:54:42 +00:00 (Migrated from github.com)

Copy Link

For anyone experiencing this issue:

To allow the .NET 9 Ryujinx builds to launch under the condition you are running Windows 10 and the operating system is not fully up-to-date:

1. Open the 'Settings' applet in Windows
2. Search for and open the 'Exploit Protection' panel in the 'Windows Security' applet
3. Select the 'Program settings' column
4. Click 'Add program to customize' and 'Choose exact path'
5. Select the 'Ryujinx.exe' executable file
6. Scroll down to the 'Hardware-enforced Stack Protection' and check the 'Override system settings' option
7. Ensure the toggle is set to 'Off' (even if it was set to 'Off' before checking the 'Override system settings' option, the 'Override system settings' option must still be enabled for it to take affect)

This will allow you to launch and update Ryujinx normally without an immediate crash

(CET was not available in any prior .NET core framework that Ryujinx was compiled against, why is it necessary now?)

For anyone experiencing this issue: To allow the .NET 9 Ryujinx builds to launch under the condition you are running Windows 10 and the operating system is not fully up-to-date: 1) Open the 'Settings' applet in Windows 2) Search for and open the 'Exploit Protection' panel in the 'Windows Security' applet 3) Select the 'Program settings' column 4) Click 'Add program to customize' and 'Choose exact path' 5) Select the 'Ryujinx.exe' executable file 6) Scroll down to the 'Hardware-enforced Stack Protection' and check the 'Override system settings' option 7) Ensure the toggle is set to 'Off' (even if it was set to 'Off' before checking the 'Override system settings' option, the 'Override system settings' option must still be enabled for it to take affect)  This will allow you to launch and update Ryujinx normally without an immediate crash (CET was not available in any prior .NET core framework that Ryujinx was compiled against, why is it necessary now?)

GreemDev commented 2025-01-01 22:56:18 +00:00 (Migrated from github.com)

Copy Link

This will not be merged. I'm not disabling a security feature because some people insist on being insecure with their OS (aka not updating it) (and no I don't mean updating to Windows 11).

This will not be merged. I'm not disabling a security feature because some people insist on being insecure with their OS (aka not updating it) (and no I don't mean updating to Windows 11).

❤️ 1

EmulationEnjoyer commented 2025-01-03 22:25:03 +00:00 (Migrated from github.com)

Copy Link

This will not be merged. I'm not disabling a security feature because some people insist on being insecure with their OS (aka not updating it) (and no I don't mean updating to Windows 11).

I'm going to have to disagree. "Control-flow Enforcement Technology" and more specifically the "Shadow Stack" feature only became available with 11th generation Intel processors and Zen 3 AMD Ryzen processors - saying this is a security feature for Ryujinx doesn't make any sense considering 10th generation Intel processors and older or Zen 2 AMD Ryzen processors or older cannot support this feature

Ryujinx acts as a hypervisor for the applications it executes and will halt an application trying to access address space it's not permitted to access. Likewise, .NET Core acts as a hypervisor for the applications it hosts and will block access to address space that a hosted application is not allowed to access. Likewise AGAIN, Windows acts as a hypervisor for .NET Core itself and will block access to address space that .NET Core and any application it's hosting is not allowed to access

By having CET enabled in Ryujinx, this specifically blocks users running Windows 10, that is not completely up-to-date (including being on 22H2), and has a 11th generation Intel CPU or a Zen 3 AMD Ryzen CPU or newer

CPU	OS	Shadow Stack Supported
Intel 11th Gen. (or newer)	Win11	{\textsf{\color{Green}Yes}}
Intel 10th Gen. (or older)	Win11	{\textsf{\color{Red}No}}
AMD Ryzen Zen 3 (or newer)	Win11	{\textsf{\color{Green}Yes}}
AMD Ryzen Zen 2 (or older)	Win11	{\textsf{\color{Red}No}}
Intel 11th Gen. (or newer)	Win10 (22H2, up-to-date)	{\textsf{\color{Green}Yes}}
Intel 10th Gen. (or older)	Win10 (22H2, up-to-date)	{\textsf{\color{Red}No}}
AMD Ryzen Zen 3 (or newer)	Win10 (22H2, up-to-date)	{\textsf{\color{Green}Yes}}
AMD Ryzen Zen 2 (or older)	Win10 (22H2, up-to-date)	{\textsf{\color{Red}No}}
Intel 11th Gen. (or newer)	Win10 (22H2, NOT up-to-date)	{\textsf{\color{Red}No}}
Intel 10th Gen. (or older)	Win10 (22H2, NOT up-to-date)	{\textsf{\color{Red}No}}
AMD Ryzen Zen 3 (or newer)	Win10 (22H2, NOT up-to-date)	{\textsf{\color{Red}No}}
AMD Ryzen Zen 2 (or older)	Win10 (22H2, NOT up-to-date)	{\textsf{\color{Red}No}}

ref: Zen 3
ref: Intel Software Development Manual (Page 116, Table 5-2)

My argument against having CET enabled is

1. This was not needed prior to .NET Core 9, why would it be needed now
2. Its use targets a very narrow set of hardware and software conditions, blocks others for no benefit
3. "Shadow Stack" has a performance penalty, causing validation setup and validation testing prior to a function call and upon returning from a function call. There is overhead to having this feature enabled
4. Offers little to no security benefit for Ryujinx even if supported by both the hardware and software

> This will not be merged. I'm not disabling a security feature because some people insist on being insecure with their OS (aka not updating it) (and no I don't mean updating to Windows 11). I'm going to have to disagree. "Control-flow Enforcement Technology" and more specifically the "Shadow Stack" feature only became available with 11th generation Intel processors and Zen 3 AMD Ryzen processors - saying this is a security feature for Ryujinx doesn't make any sense considering 10th generation Intel processors and older or Zen 2 AMD Ryzen processors or older cannot support this feature Ryujinx acts as a hypervisor for the applications it executes and will halt an application trying to access address space it's not permitted to access. Likewise, .NET Core acts as a hypervisor for the applications it hosts and will block access to address space that a hosted application is not allowed to access. Likewise AGAIN, Windows acts as a hypervisor for .NET Core itself and will block access to address space that .NET Core and any application it's hosting is not allowed to access By having CET enabled in Ryujinx, this specifically blocks users running Windows 10, that is not completely up-to-date (including being on 22H2), and has a 11th generation Intel CPU or a Zen 3 AMD Ryzen CPU or newer | CPU | OS | Shadow Stack Supported | | ---- | -- | ---------------------------| | Intel 11th Gen. (or newer) | Win11 | ${\textsf{\color{Green}Yes}}$ | | Intel 10th Gen. (or older) | Win11 | ${\textsf{\color{Red}No}}$ | | AMD Ryzen Zen 3 (or newer) | Win11 | ${\textsf{\color{Green}Yes}}$ | | AMD Ryzen Zen 2 (or older) | Win11 | ${\textsf{\color{Red}No}}$ | | Intel 11th Gen. (or newer) | Win10 (22H2, up-to-date) | ${\textsf{\color{Green}Yes}}$ | | Intel 10th Gen. (or older) | Win10 (22H2, up-to-date) | ${\textsf{\color{Red}No}}$ | | AMD Ryzen Zen 3 (or newer) | Win10 (22H2, up-to-date) | ${\textsf{\color{Green}Yes}}$ | | AMD Ryzen Zen 2 (or older) | Win10 (22H2, up-to-date) | ${\textsf{\color{Red}No}}$ | | Intel 11th Gen. (or newer) | Win10 (22H2, NOT up-to-date) | ${\textsf{\color{Red}No}}$ | | Intel 10th Gen. (or older) | Win10 (22H2, NOT up-to-date) | ${\textsf{\color{Red}No}}$ | | AMD Ryzen Zen 3 (or newer) | Win10 (22H2, NOT up-to-date) | ${\textsf{\color{Red}No}}$ | | AMD Ryzen Zen 2 (or older) | Win10 (22H2, NOT up-to-date) | ${\textsf{\color{Red}No}}$ | ref: [Zen 3](https://en.wikipedia.org/wiki/Zen_3#Improvements) ref: [Intel Software Development Manual](https://software.intel.com/content/www/us/en/develop/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4.html) (Page 116, Table 5-2) My argument against having CET enabled is 1. This was not needed prior to .NET Core 9, why would it be needed now 2. Its use targets a very narrow set of hardware and software conditions, blocks others for no benefit 3. "Shadow Stack" has a performance penalty, causing validation setup and validation testing prior to a function call and upon returning from a function call. [There is overhead to having this feature enabled](https://www.intel.com/content/www/us/en/content-details/785687/complex-shadow-stack-updates-intel-control-flow-enforcement-technology.html) 4. Offers little to no security benefit for Ryujinx even if supported by both the hardware and software

GreemDev commented 2025-01-04 00:46:34 +00:00 (Migrated from github.com)

Copy Link

It not needing to be enabled before now is entirely irrelevant. The world moves on past unsafe software and hardware.

Once again, this isn't getting merged. If people want to use it they can use an insecure version, that isn't latest. We're not regressing security because of outdated systems. Just because you don't see a reason for it to be on doesn't mean it's useless.

It not needing to be enabled before now is entirely irrelevant. The world moves on past unsafe software and hardware. Once again, this isn't getting merged. If people want to use it they can use an insecure version, that isn't latest. We're not regressing security because of outdated systems. Just because you don't see a reason for it to be on doesn't mean it's useless.

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

audio

Affects Audio playback during emulation

blocked on external progress

This cannot move forward without work on an external project or service.

bug

Something isn't working

cpu

An issue with ARMeilleure, the JIT, or Hypervisor

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good first issues to work on for new contributors

gpu

Affects GPU emulation

graphics-backend:metal

Affects the Metal Graphics backend

graphics-backend:opengl

Affects the OpenGL Graphics backend

graphics-backend:vulkan

Affects the Vulkan Graphics backend

gui

Affects the Avalonia UI or translations.

help wanted

Extra attention is needed

horizon

Affects the Horizon OS HLE components.

infra

Updates to dependencies

invalid

This doesn't seem right

kernel

Affects the kernel HLE components.

ldn

Affects the LDN functionality

linux

Linux only issue

macOS

macOS only issue

not planned but open to a PR

I do not intend on working on this myself, but I would not be opposed to an implementation.

question

Further information is requested

windows

Windows only issue

wontfix

This will not be worked on

No Label

gui

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: MeloNX/Ryujinx-ryubing#409

No description provided.