Introducing Wasmjit: A kernel mode WebAssembly runtime for Linux

2 min read

Written in C90, Wasmjit is a small embeddable WebAssembly runtime. It is portable to most environments but it primarily targets a Linux kernel module that can host Emscripten-generated WebAssembly modules.

What are the benefits of Wasmjit?

Improved performance: Using Wasmjit you will be able to run WebAssembly modules in kernel-space (ring 0). This will provide access to system calls as normal function calls, which eliminates the user-kernel transition overhead. This also avoids the scheduling overheads from swapping page tables. This provides a boost in performance for syscall-bound programs like web servers or FUSE file systems.
No need to run an entire browser: It also comes with a host environment for running in user-space on POSIX systems. This will allow running WebAssembly modules without having to run an entire browser.

What tools do you need to get started?

The following are the tools you require to get started with Wasmjit:

A standard POSIX C development environment with cc and make
Emscripten SDK
Optionally, you can install kernel headers on Linux, the linux-headers-amd64 package on Debian, kernel-devel on Fedora

What’s in the future?

Wasmjit currently supports x86_64 and can run a subset of Emscripten-generated WebAssembly on Linux, macOS, and within the Linux kernel as a kernel module. In coming releases we will see more implementations and improvements along the following lines:

Enough Emscripten host-bindings to run nginx.wasm
Introduction of an interpreter
Rust-runtime for Rust-generated wasm files
Go-runtime for Go-generated wasm files
Optimized x86_64 JIT
arm64 JIT
macOS kernel module

What to consider when using this runtime?

Wasmjit uses vmalloc(), a function for allocating a contiguous memory region in the virtual address space, for code and data section allocations. This prevents those pages from ever being swapped to disk resulting in indiscriminate access to the /dev/wasm device. This can make a system vulnerable to denial-of-service attacks.

To mitigate this risk, in future, a system-wide limit on the amount of memory used by the /dev/wasm device will be provided.

To get started with Wasmjit, check out its GitHub repository.