2

I'm starting a new project in VS 2022 and I was going through the options to get my project setup. I saw CET Shadow Stack and was intrigued. It looks like it's a hardware security feature from Intel, but I couldn't easily find anything about if my program was compatible. Does shadow stack just affect performance? Does it put any additional requirements on me as a programmer? When would one use shadow stack? I'm just making game projects using c++ for fun, not designing drivers or anything of serious consequence (yet).

I read the Intel article on the Shadow Stack and gathered it copies the stack and does some verification. Is that all it does? If so, how does it do that? I would appreciate an explanation or links to more sources on the topic.

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Wadwamille
  • 47
  • 1
  • 5

1 Answers1

1

How do I know if my program is CET Shadow Stack(/CETCOMPAT) compatible?

Either run it on a system that has CET, or run it inside of Intel SDE with the -cet flag, and make sure it doesn't crash.

Does shadow stack just affect performance?

Since it's implemented in hardware, it shouldn't even affect performance. If your program supports it properly, it'd never be noticed except when it successfully prevents an exploit.

Does it put any additional requirements on me as a programmer?

Not unless you're writing assembly by hand, and also doing strange things in it like having a call that pairs with a pop, or a push that pairs with a ret. (For an example of such strange assembly, have a look at Is it possible to temporarily suppress Intel CET for a single ret instruction, or otherwise use retpolines with it?.)

When would one use shadow stack?

Any time your compiler and platform support it, you should use it. It's an increase in security with basically no downside.

it copies the stack and does some verification. Is that all it does? If so, how does it do that?

It keeps a second copy of the stack that's only affected by call, ret, and new specialized shadow-stack instructions like incsspq and wrssq. When a ret executes, if the address on the real stack doesn't match the one on the shadow stack, then your program is killed, under the assumption that it's been hacked.

Joseph Sible-Reinstate Monica
  • 45,431
  • 5
  • 48
  • 98