breaking change

dotnet · Oct 4, 2024 · 8e22931 · 8e22931
1 parent 6471416
commit 8e22931
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 2 deletions.
diff --git a/docs/core/compatibility/9.0.md b/docs/core/compatibility/9.0.md
@@ -59,7 +59,13 @@ If you're migrating an app to .NET 9, the breaking changes listed here might aff
 
 | Title                                                                             | Type of change      | Introduced version |
 |-----------------------------------------------------------------------------------|---------------------|--------------------|
-| [Deprecated desktop Windows/macOS/Linux MonoVM runtime packages](deployment/9.0/monovm-packages.md) | Source incompatible | Preview 7          |
+| [Deprecated desktop Windows/macOS/Linux MonoVM runtime packages](deployment/9.0/monovm-packages.md) | Source incompatible | Preview 7 |
+
+## Interop
+
+| Title                                                  | Type of change      | Introduced version |
+|--------------------------------------------------------|---------------------|--------------------|
+| [CET supported by default](interop/9.0/cet-support.md) | Binary incompatible | Preview 6          |
 
 ## JIT compiler
 
@@ -72,7 +78,7 @@ If you're migrating an app to .NET 9, the breaking changes listed here might aff
 
 | Title                                                                             | Type of change      | Introduced version |
 |-----------------------------------------------------------------------------------|---------------------|--------------------|
-| [HttpClientFactory logging redacts header values by default](networking/9.0/redact-headers.md) | Behavioral change   | RC 1               |
+| [HttpClientFactory logging redacts header values by default](networking/9.0/redact-headers.md) | Behavioral change | RC 1    |
 | [HttpListenerRequest.UserAgent is nullable](networking/9.0/useragent-nullable.md) | Source incompatible | Preview 1          |
 
 ## SDK and MSBuild

diff --git a/docs/core/compatibility/interop/9.0/cet-support.md b/docs/core/compatibility/interop/9.0/cet-support.md
@@ -0,0 +1,44 @@
+---
+title: "Breaking change: CET supported by default"
+description: Learn about the breaking change in interop in .NET 8 where CET is supported by default.
+ms.date: 10/04/2024
+---
+# CET supported by default
+
+`apphost` and `singlefilehost` are now marked as Intel CET&mdash;compatible (they're compiled with the `/CETCOMPAT` option). This change was made to enhance security of .NET applications. However, it imposes a limitation on the shared libraries that .NET apps can load and interop with. Libraries aren't allowed to set thread context to a location with an instruction pointer that's not present on the shadow stack or in a table of allowed continuation addresses for exception handling.
+
+## Previous behavior
+
+Previously, shared libraries loaded into the .NET process were able to set thread context using <xref:Microsoft.VisualStudio.CorDebugInterop.ICorDebugProcess.SetThreadContext(System.UInt32,System.UInt32,System.IntPtr)>, `RtlRestoreContext/NtContinue`, or their exception handlers to any location in the process address space.
+
+## New behavior
+
+Starting in .NET 9, shared libraries loaded into the .NET process are only allowed to set thread context using <xref:Microsoft.VisualStudio.CorDebugInterop.ICorDebugProcess.SetThreadContext(System.UInt32,System.UInt32,System.IntPtr)>, `RtlRestoreContext/NtContinue`, or their exception handlers to locations that are either:
+
+- Present on the shadow stack.
+- In a table of allowed continuation addresses for exception handling (generated by the `/EHCONT` compiler option or the `SetProcessDynamicEHContinuationTargets` API).
+
+If libraries try to change a thread context to any other location, the process is terminated.
+
+## Version introduced
+
+.NET 9 Preview 6
+
+## Type of breaking change
+
+This change can affect [binary compatibility](../../categories.md#binary-compatibility).
+
+## Reason for change
+
+Enabling CET enhances the security of .NET applications by adding hardware-enforced stack protection that offers robust protection against ROP exploits (return-oriented programming).
+
+## Recommended action
+
+Workarounds:
+
+- You can opt out of CET by adding `<CETCompat>false</CETCompat>` to your app's project file (for example, *.csproj* file).
+- Use the Windows Security app or a group policy to opt out of the hardware-supported stack enforcement for the specific .NET application. For more information, see [Enable exploit protection](/defender-endpoint/enable-exploit-protection).
+
+## Affected APIs
+
+- N/A
diff --git a/docs/core/compatibility/toc.yml b/docs/core/compatibility/toc.yml
@@ -58,6 +58,10 @@ items:
             items:
               - name: Deprecated desktop Windows/macOS/Linux MonoVM runtime packages
                 href: deployment/9.0/monovm-packages.md
+          - name: Interop
+            items:
+              - name: CET supported by default
+                href: interop/9.0/cet-support.md
           - name: JIT compiler
             items:
               - name: Floating point to integer conversions are saturating
@@ -1614,6 +1618,10 @@ items:
             href: globalization.md
       - name: Interop
         items:
+          - name: .NET 9
+            items:
+              - name: CET supported by default
+                href: interop/9.0/cet-support.md
           - name: .NET 8
             items:
               - name: CreateObjectFlags.Unwrap only unwraps on target instance