Wasmtime GitHub notifications bot (Aug 10 2020 at 19:12): Wasmtime GitHub notifications bot (Aug 10 2020 at 19:12):pchickey opened Issue #2125:
As we know, in the browser space there are various concerns around speculative execution attacks (Spectre etc) that are mitigated in part by reducing the precision of timers available to untrusted code.
Presently,
wasi-common's timer APIs provide resolution as high as the underlying OS provides.I propose implementing a configurable timing-precision-reduced mode to the
wasi-commoncrate. The precision available will configured as part of theWasiCtxBuilder. Full resolution will still be available to users who want it, but one open question is whether the default should be full resolution or some reduced value. Different browsers have set different default precision levels - FF and Edge 20us, Chrome 100us, Safari 1ms according to https://github.com/w3c/hr-time/issues/56.The following well-commented implementation in Firefox looks like a good reference on how clamping and jitter should work: https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/nsRFPService.cpp#446
Wasmtime GitHub notifications bot (Aug 10 2020 at 19:12):pchickey labeled Issue #2125:
As we know, in the browser space there are various concerns around speculative execution attacks (Spectre etc) that are mitigated in part by reducing the precision of timers available to untrusted code.
Presently,
wasi-common's timer APIs provide resolution as high as the underlying OS provides.I propose implementing a configurable timing-precision-reduced mode to the
wasi-commoncrate. The precision available will configured as part of theWasiCtxBuilder. Full resolution will still be available to users who want it, but one open question is whether the default should be full resolution or some reduced value. Different browsers have set different default precision levels - FF and Edge 20us, Chrome 100us, Safari 1ms according to https://github.com/w3c/hr-time/issues/56.The following well-commented implementation in Firefox looks like a good reference on how clamping and jitter should work: https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/nsRFPService.cpp#446
Last updated: Nov 22 2024 at 17:03 UTC