I saw that you described some mitigations about spectre attacks in wasmtime. I want to know which variants of spectre attacks would be prevented by these protections? Also, are these bounds checking are enabled by default or only when "dynamic" memories are configured?
Bound checks are not necessary for static memories as enough address space is reserved such that out-of-bounds accesses are impossible with wasm's 32bit addresses.
As for which spectre attacls are prevented, no clue.
Spectre mitigations are also discussed in GitHub issue #1032.
Last updated: Dec 23 2024 at 12:05 UTC