Wasmtime GitHub notifications bot (Oct 06 2020 at 19:42): Wasmtime GitHub notifications bot (Oct 06 2020 at 19:42):mleonhard edited Issue #2273:
I wish to use wasmtime in a server to run small untrusted code blocks. I need to limit the maximum memory consumed by each running block to 5MB. I looked through the docs and found no way to restrict how much memory the VM can allocate. There seems to be a built-in limit of 4GB. See #1872 .
Let's support or document how to restrict total instance memory.
Wasmtime GitHub notifications bot (Oct 06 2020 at 19:42):mleonhard edited Issue #2273:
I wish to use wasmtime in a server to run small untrusted code blocks. I need to limit the maximum memory consumed by each running block to 5MB. I looked through the docs and found no way to restrict how much memory the VM can allocate. There seems to be a built-in limit of 4GB. See #1872 .
Let's support or document how to restrict memory usage.
Wasmtime GitHub notifications bot (Oct 06 2020 at 19:48):bjorn3 commented on Issue #2273:
For imported memory you can set the limit when creating the memory. For exported memory you could parse the module and check that the memory limit is at most 5MB.
Wasmtime GitHub notifications bot (Oct 06 2020 at 19:57):alexcrichton commented on Issue #2273:
You can control memory via a number of different means. Application-level configuration happens through the
Configtype. For example you can usestatic_memory_maximum_size,static_memory_guard_size, anddynamic_memory_guard_sizeto tweak how wasmtime allocates memory. The smallest VM reservations will come with a static max size of 0 and a dynamic guard of zero, but code will not perform as well at runtime.You can further configure the
with_host_memorymethod which means that your application is bringing its own memory allocation strategy, where you can limit even the size of locally defined memories in a wasm module.And as @bjorn3 mentioned if you're creating the memory itself then you can specify the maximum size at runtime.
Wasmtime GitHub notifications bot (Oct 06 2020 at 23:20):mleonhard commented on Issue #2273:
Thank you both for your quick replies.
Is there a way to use
static_memory_maximum_size,static_memory_guard_size, anddynamic_memory_guard_sizeto restrict the VM from allocating more memory? Could I set the static_memory_guard_size to 4GB - 5MB? I suppose this could work on a platform with a wide-enough memory address space.To use
wasmtime::Config::with_host_memory, I must implement wasmtime::MemoryCreator. The MemoryCreator is configured on theEnginewhich contains many VMs.InstanceHandle::newcallsinstance::create_memoriescallsMemoryCreator::new_memoryand does not pass any data about which VM (StoreorInstance) the memory is for. How could I use the engine-specific struct to decide if a particular VM has reached its allocation limit?I looked at how to check the size of memories in a module. I'm not familiar with WASM memories. Are all module-allocated memories exported? Would this work?
- Call
wasmtime::Module::exports- Iterate through the result and examine
ExternType::Memoryentries- Error if there is a missing
Limits::maxvalue- Sum up the
Limits::maxvalues and error if they go over the limit
wasmparser::Parsercan parse the Memory entries. There is asharedflag. I supposeshared=truemeans the memory is exported. So some WASM binaries might haveshared=falsememories, which would not appear in the list of exports. So I cannot usewasmtime::Module::exportsto count total memory usage.wasmparser::Parsershould work. I think this might be the solution.Does WASM define any way for a module to make new Memory objects at runtime?
Wasmtime GitHub notifications bot (Oct 06 2020 at 23:28):mleonhard commented on Issue #2273:
An article that describes how WASM memories work:
https://depth-first.com/articles/2019/10/16/compiling-c-to-webassembly-and-running-it-without-emscripten/
Wasmtime GitHub notifications bot (Oct 07 2020 at 01:08):alexcrichton commented on Issue #2273:
@mleonhard I'd recommend reading the documentation about dynamic/static memories. Unfortunately there is no "disallow more than 5MB per instance" switch in Wasmtime, and this is something that will require work to be done at this time. The
MemoryCreatortrait allows a custom implementation which you can embed with specifics related to your application. You can track growth and allocation to disallow or arbitrarily "fail" growth beyond a certain point.For wasm memories in general, I'd recommend reading up on documentation in the wasm spec or in various posts online. Wasm modules can define or import a memory. Memories always state a minimum size and optionally have a maximum size. You would probably want to validate in your application that the minimum size isn't too big.
Wasmtime GitHub notifications bot (Oct 11 2020 at 00:24):mleonhard commented on Issue #2273:
I found the answer: Code in a Wasm VM cannot make new Memory objects. See WebAssembly 1.1 Memories. Every Wasm binary can define exactly one Memory object with a specified initial size and an optional max size. Code inside the VM can use memory instructions to grow a Memory region, up to its max size.
Code in a Wasm VM could import and call a function that makes a new Memory object or does anything. By default, a wasmtime VM does not provide any importable functions to code inside the VM. Call
wasmtime_wasi::Wasi::newto make WASI functions importable. See example Embedding in Rust - WASI.To check the max memory usage of a program running inside a wasmtime VM, parse the binary and check the max size of the single
Memoryentry.To set the memory usage limit of a program running inside a wasmtime VM, modify the binary to set the max size value of the
Memoryentry. The object crate has an API and an example that could be adapted to modify Wasm binaries, but it won't be pretty.I also found WASM Micro Runtime which provides a simple way to limit memory. But it has no Rust bindings.
Wasmtime GitHub notifications bot (Oct 11 2020 at 01:10):mleonhard commented on Issue #2273:
https://crates.io/crates/parity-wasm looks like a very clean library for modifying Wasm binaries to set memory max size.
Last updated: Oct 23 2024 at 20:03 UTC