The challenge of compiling for verified architectures

Posted Oct 8, 2023 2:06 UTC (Sun) by Cyberax (✭ supporter ✭, #52523)
In reply to: The challenge of compiling for verified architectures by helge.bahmann
Parent article: The challenge of compiling for verified architectures

> Roughly, this works by calling a function typed (void*)(uint64_t) through an indirect call (function pointer).

Wasmtime does have a mitigation for this particular vulnerability: https://bytecodealliance.org/articles/security-and-correc...

It's fair to say that WASM does not try to guarantee the lack of side-channels in general. Implementations try to add mitigations where they feel that it's reasonable, but are not fixated on that. eBPF probably has some advantage in that area, but I doubt it's really insurmountable.

The challenge of compiling for verified architectures

Posted Oct 8, 2023 3:43 UTC (Sun) by helge.bahmann (subscriber, #56804) [Link]

Are you certain? To my knowledge only "out-of-bounds" function table accesses are protected (so you "probably" cannot speculate jump out of JIT-generated code), and also no retpolines produced. I know that in 2021 I managed to get speculated call on wasmtime JIT to type-confused function happen after a lot of trial and error (AMD Zen2, and no IBRS in user space). Maybe I missed situation changing since then, but I am not aware.