Fritz Rehde (Jul 04 2023 at 15:32): Fritz Rehde (Jul 04 2023 at 15:32):Hi, I'm fairly new to wasmtime (and wasm in general), and I'm working on a project where I am adding certain instructions to the CLIF (in a similar fashion to an LLVM pass). The problem I am encountering right now is related to wasm requiring a WASI-libc, which is (as far as I understand) a bunch of declarations of wasm system calls for interacting with lower-level hardware. Crucially, this WASI-libc does not include implementations, just declarations and interfaces. The implementations are included with the wasm runtime itself, e.g. wasmtime. Why is the WASI-libc a problem for my project? The project is, generally, about pointer signing and authentication. A bug that I noticed in my implementation so far is that I can't/shouldn't add my custom authenticate instructions after load instructions if the pointer I am loading from was "created"/initialized in such a WASI-libc system call (where I never signed it). So I need a way to find out if a certain function is a WASI-libc function or not.
Another way one could phrase the problem: I need to check whether a function is not only declared, but also implemented in the input code-base. If it is not implemented in the code base, I don't want to add my new instructions.
Any ideas would be welcome!
Thanks for your time and help!
Btw, let me know if this is the wrong channel in zulip to ask this. Maybe this fits better into the wasmtime stream, I'm not sure.
bjorn3 (Jul 04 2023 at 18:19):Webassembly doesn't have any support for pointer signing, so it doesn't matter that wasi-libc doesn't do pointer signing. A webassembly runtime may use pointer signing for host pointers as hardening against malicious guests in the face of miscompilations, but the webassembly guest will always use plain 32bit indices into the linear memory without any pointer signing.
Fritz Rehde (Jul 04 2023 at 18:40):The point is that I am trying to work around the limitations of Webassembly not supporting pointer signing, and implement pointer signing for some specific cases where the wasi-libc is not used. I know it is not possible to sign all pointers of course, but those untouched by the wasi-libc should be able to be signed. I was hesitant to mention pointer authentication at all in my question, because the focus is more on whether the specific thing I am asking about is possible, not whether pointer authentication in general is possible. Do you have any answers regarding the central question I asked: is there a way for me to identify wasi-libc function calls in cranelift/wasmtime (so I can potentially ignore those calls)?
bjorn3 (Jul 05 2023 at 06:49):Webassembly has 32bit pointers with no room to store the authentication tag. You can't have native AArch64 pointer authentication as that expects 64bit pointers.
You can't in the general case identify wasi-libc calls. If the names section is stripped, there is nothing to distinguish them and when it isn't stripped at best you can hard code the names of all functions in wasi-libc. I also don't see how a function being in wasi-libc vs in user code makes any difference for pointer authentication.
Last updated: Nov 22 2024 at 16:03 UTC