[webkit-dev] Disabling the 32-bit JITs by default.

Guillaume Emont guijemont at igalia.com
Mon Feb 19 10:53:07 PST 2018

Hi Keith,

We at Igalia have been trying to provide a better story for 32-bit
platforms, in particular for Armv7 and MIPS. These platforms are very
important to us, and disabling JIT renders many use cases impossible. We
want to continue this effort to support these platforms. We have been
short on resources for that effort, which is why we did not realize
early enough that more mitigation was needed for 32-bit platforms. We
now have grown our team dedicated to this and we are hopeful that we
will avoid that kind of issue in the future.

We are working on a plan to mitigate Spectre on 32-bit platforms. We
would welcome community feedback on that, as well as what kinds of
mitigations would be considered sufficient.

Regarding your patch, I think you should note that some specific 32-bit
CPUs are immune to Spectre (at least the Raspberry Pi[1] and some
MIPS[2] devices), I think the deactivation should be done at run-time
for CPUs not on a white list.

Best regards,

Guilaume Emont and the Igalia compilers team

[1] https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
[2] https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-channel-vulnerabilities/

Quoting Keith Miller (2018-02-16 16:58:07)
> I recently created a patch to disable the 32-bit JITs by default. https://bugs.webkit.org/show_bug.cgi?id=182886. 
> The last time this was discussed was before the discovery of Spectre. In the interim, there have been a number of changes made to JavaScriptCore in an attempt to mitigate Spectre. Nobody has proposed a mitigation plan for 32-bit WebKit. For example, pointer poisoning only works for 64-bit processors as they currently have a number of high bits that will never be set in a valid pointer. In 32-bit code the full address space is mappable so pointer poisoning is not guaranteed to be effective.
> Given the importance of developing mitigations for Spectre in a timely manner I think we should disable 32-bit JITs, in the near term, but more likely permanently.
> Thoughts?
> Keith
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev

More information about the webkit-dev mailing list