alexcrichton opened PR #2358 from use-psm
to main
:
Currently the runtime needs to acquire the current stack pointer so it
can set a limit for where if the wasm stack goes below that point it
will abort the wasm code. Acquiring the stack pointer is done in a
brittle way right now which involves looking at the address of what we
hope is an on-stack structure. This turns out to not work at all with
ASan as well.Instead this commit switches to the
psm
crate which is used by the
Rust compiler team for stack manipulation, namely a coarse version of
segmented stacks to avoid stack overflow in the compiler. We don't need
most of the implementation ofpsm
, just thestack_pointer
function,
but it shouldn't be a burden to bring in!Closes #2344
tschneidereit submitted PR Review.
tschneidereit created PR Review Comment:
Since I just looked at this: "educated guess" makes me a little bit nervous, given the importance of this :) Can you talk a bit about the implications of this, both in terms of security and, if any, resource use limits?
If no implications for either exists, then I think it'd at least be good to update the comment and explain why this is all fine.
alexcrichton updated PR #2358 from use-psm
to main
:
Currently the runtime needs to acquire the current stack pointer so it
can set a limit for where if the wasm stack goes below that point it
will abort the wasm code. Acquiring the stack pointer is done in a
brittle way right now which involves looking at the address of what we
hope is an on-stack structure. This turns out to not work at all with
ASan as well.Instead this commit switches to the
psm
crate which is used by the
Rust compiler team for stack manipulation, namely a coarse version of
segmented stacks to avoid stack overflow in the compiler. We don't need
most of the implementation ofpsm
, just thestack_pointer
function,
but it shouldn't be a burden to bring in!Closes #2344
alexcrichton submitted PR Review.
alexcrichton created PR Review Comment:
Ah good point! I've updated the comment. Now that we're using something like
psm
it's more official and less educated. Otherwise this just refers to the imprecision about accounting for wasm stacks. If you ask for wasm to have a megabyte of stack, we may end up giving it a megabyte plus or minus a few hundred bytes.
tschneidereit submitted PR Review.
tschneidereit created PR Review Comment:
Great comment, thank you!
tschneidereit requested yurydelendik for a review on PR #2358.
tschneidereit submitted PR Review.
yurydelendik submitted PR Review.
yurydelendik merged PR #2358.
Last updated: Dec 23 2024 at 12:05 UTC