So in light of Spectre, the Chrome developers don't believe it's safe to have any sensitive data in the same memory space as V8, but WebAssembly is safe in ring 0? What am I missing here?
"Normally, this would be super dangerous, but WebAssembly is designed to run safely on remote computers, so it can be securely sandboxed without losing performance."
I'm staring at this sentence hoping the author is being supremely sarcastic...
I think they're saying that WebAssembly code doesn't lose any performance when you sandbox it, not that WebAssembly has equivalent performance to native code.
Note: I haven’t read the source code so I’m not sure how it’s actually implemented, this is off my personal knowledge of WebAssembly and Spectre.
WebAssembly isn’t assembly. It can only refer to memory offsets within its allocated block (so it always does *(baseAddr + offset)), so to generate assembly for it, you already need to add checks. One way to prevent some spectre-like attacks is to mask the offset after those checks. Another way is to use virtual memory to keep program spaces very far apart and only use int32 displacements in memory loads (since they’re always relative to the base memory address).
https://chromium.googlesource.com/chromium/src/+/master/docs...