Do we have API exposed for limiting guest's memory? I know we have MemoryPlan
s and there we can specify some max
but how do we actually use it? Or is it reserved for use from within the Wasm module? What I'm getting at here is this hypothetical use case: imagine we've got an embedded device and we'd like to limit the memory the runtime can allocate to the guest module. Can we do that? If not, do we want to figure out a mechanism to do it?
@Jakub Konka I'm not aware of anything. Right now the max
field is just derived from the wasm module, but it wouldn't be unreasonable for us to impose a stricter maximum as an option
Mhm, that's what I worked out from our codebase. Ok then, I'll try and figure out an attack plan and report back with ideas or blockers (or possibly both!).
@Jakub Konka https://github.com/bytecodealliance/wasmtime/pull/1400 may help in this regard?
@Alex Crichton Ah yes, that's probably a good start, thanks!
Putting a global memory limit is possible with this PR, however it requires to provide an actual implementation for memory creation/allocation.
This could be avoided if we let people reuse the default MemoryCreator/LinearMemory from wasmtime_runtime - then it would be possible to create a simple wrapper on these structs and insert additional checks there. Unfortunately this would require exposing MemoryPlan in the api. What may be an option here is to create some struct like MemorySpec which would mirror full contents of MemoryPlan but change memory_style (dynamic/static) field to memory_style_hint and offset_guard_size to offset_guard_size_hint and allow for these params to be ignored by custom memory creators. I don't know if it's feasible though.
Last updated: Dec 23 2024 at 13:07 UTC