Line data Source code
1 : #include "../../../../disco/tiles.h"
2 : #include "fd_verify.h"
3 :
4 : #include "generated/verify_seccomp.h"
5 :
6 : #include "../../../../disco/metrics/fd_metrics.h"
7 : #include "../../../../disco/quic/fd_tpu.h"
8 :
9 : #include <linux/unistd.h>
10 :
11 : /* The verify tile is a wrapper around the mux tile, that also verifies
12 : incoming transaction signatures match the data being signed.
13 : Non-matching transactions are filtered out of the frag stream. */
14 :
15 : FD_FN_CONST static inline ulong
16 12 : scratch_align( void ) {
17 12 : return FD_TCACHE_ALIGN;
18 12 : }
19 :
20 : FD_FN_PURE static inline ulong
21 12 : scratch_footprint( fd_topo_tile_t const * tile ) {
22 12 : (void)tile;
23 12 : ulong l = FD_LAYOUT_INIT;
24 12 : l = FD_LAYOUT_APPEND( l, alignof( fd_verify_ctx_t ), sizeof( fd_verify_ctx_t ) );
25 12 : l = FD_LAYOUT_APPEND( l, fd_tcache_align(), fd_tcache_footprint( VERIFY_TCACHE_DEPTH, VERIFY_TCACHE_MAP_CNT ) );
26 156 : for( ulong i=0; i<FD_TXN_ACTUAL_SIG_MAX; i++ ) {
27 144 : l = FD_LAYOUT_APPEND( l, fd_sha512_align(), fd_sha512_footprint() );
28 144 : }
29 12 : return FD_LAYOUT_FINI( l, scratch_align() );
30 12 : }
31 :
32 : static inline void
33 0 : metrics_write( fd_verify_ctx_t * ctx ) {
34 0 : FD_MCNT_SET( VERIFY, TRANSACTION_PARSE_FAILURE, ctx->metrics.parse_fail_cnt );
35 0 : FD_MCNT_SET( VERIFY, TRANSACTION_DEDUP_FAILURE, ctx->metrics.dedup_fail_cnt );
36 0 : FD_MCNT_SET( VERIFY, TRANSACTION_VERIFY_FAILURE, ctx->metrics.verify_fail_cnt );
37 0 : }
38 :
39 : static int
40 : before_frag( fd_verify_ctx_t * ctx,
41 : ulong in_idx,
42 : ulong seq,
43 0 : ulong sig ) {
44 0 : (void)in_idx;
45 0 : (void)sig;
46 :
47 0 : return (seq % ctx->round_robin_cnt) != ctx->round_robin_idx;
48 0 : }
49 :
50 : /* during_frag is called between pairs for sequence number checks, as
51 : we are reading incoming frags. We don't actually need to copy the
52 : fragment here, see fd_dedup.c for why we do this.*/
53 :
54 : static inline void
55 : during_frag( fd_verify_ctx_t * ctx,
56 : ulong in_idx,
57 : ulong seq,
58 : ulong sig,
59 : ulong chunk,
60 0 : ulong sz ) {
61 0 : (void)seq;
62 0 : (void)sig;
63 :
64 0 : if( FD_UNLIKELY( chunk<ctx->in[in_idx].chunk0 || chunk>ctx->in[in_idx].wmark || sz>FD_TPU_MTU ) )
65 0 : FD_LOG_ERR(( "chunk %lu %lu corrupt, not in range [%lu,%lu]", chunk, sz, ctx->in[in_idx].chunk0, ctx->in[in_idx].wmark ));
66 :
67 0 : uchar * src = (uchar *)fd_chunk_to_laddr( ctx->in[in_idx].mem, chunk );
68 0 : uchar * dst = (uchar *)fd_chunk_to_laddr( ctx->out_mem, ctx->out_chunk );
69 :
70 0 : fd_memcpy( dst, src, sz );
71 0 : }
72 :
73 : static inline void
74 : after_frag( fd_verify_ctx_t * ctx,
75 : ulong in_idx,
76 : ulong seq,
77 : ulong sig,
78 : ulong chunk,
79 : ulong sz,
80 : ulong tsorig,
81 0 : fd_stem_context_t * stem ) {
82 0 : (void)in_idx;
83 0 : (void)seq;
84 0 : (void)sig;
85 0 : (void)chunk;
86 :
87 : /* At this point, the payload only contains the serialized txn.
88 : Beyond end of txn, but within bounds of msg layout, add a trailer
89 : describing the txn layout.
90 :
91 : [ payload ] (payload_sz bytes)
92 : [ pad: align to 2B ] (0-1 bytes)
93 : [ fd_txn_t ] (? bytes)
94 : [ payload_sz ] (2B) */
95 :
96 0 : ulong payload_sz = sz;
97 0 : ulong txnt_off = fd_ulong_align_up( payload_sz, 2UL );
98 :
99 : /* Ensure sufficient space to store trailer */
100 :
101 0 : long txnt_maxsz = (long)FD_TPU_DCACHE_MTU -
102 0 : (long)txnt_off -
103 0 : (long)sizeof(ushort);
104 0 : if( FD_UNLIKELY( txnt_maxsz<(long)FD_TXN_MAX_SZ ) ) FD_LOG_ERR(( "got malformed txn (sz %lu) does not fit in dcache", payload_sz ));
105 :
106 0 : uchar const * txn = fd_chunk_to_laddr( ctx->out_mem, ctx->out_chunk );
107 0 : fd_txn_t * txn_t = (fd_txn_t *)((ulong)txn + txnt_off);
108 :
109 : /* Parse transaction */
110 :
111 0 : ulong txn_t_sz = fd_txn_parse( txn, payload_sz, txn_t, NULL );
112 0 : if( FD_UNLIKELY( !txn_t_sz ) ) {
113 0 : ctx->metrics.parse_fail_cnt++;
114 0 : return;
115 0 : }
116 :
117 : /* Write payload_sz */
118 :
119 : /* fd_txn_parse always returns a multiple of 2 so this sz is
120 : correctly aligned. */
121 0 : ushort * payload_sz_p = (ushort *)( (ulong)txn_t + txn_t_sz );
122 0 : *payload_sz_p = (ushort)payload_sz;
123 :
124 : /* End of message */
125 :
126 0 : ulong new_sz = ( (ulong)payload_sz_p + sizeof(ushort) ) - (ulong)txn;
127 0 : if( FD_UNLIKELY( new_sz>FD_TPU_DCACHE_MTU ) ) {
128 0 : FD_LOG_CRIT(( "memory corruption detected (txn_sz=%lu txn_t_sz=%lu)",
129 0 : payload_sz, txn_t_sz ));
130 0 : }
131 :
132 0 : ulong txn_sig;
133 0 : int res = fd_txn_verify( ctx, txn, (ushort)payload_sz, txn_t, &txn_sig );
134 0 : if( FD_UNLIKELY( res!=FD_TXN_VERIFY_SUCCESS ) ) {
135 0 : if( FD_LIKELY( res==FD_TXN_VERIFY_DEDUP ) ) ctx->metrics.dedup_fail_cnt++;
136 0 : else ctx->metrics.verify_fail_cnt++;
137 :
138 0 : return;
139 0 : }
140 :
141 0 : ulong tspub = (ulong)fd_frag_meta_ts_comp( fd_tickcount() );
142 0 : fd_stem_publish( stem, 0UL, txn_sig, ctx->out_chunk, new_sz, 0UL, tsorig, tspub );
143 0 : ctx->out_chunk = fd_dcache_compact_next( ctx->out_chunk, new_sz, ctx->out_chunk0, ctx->out_wmark );
144 0 : }
145 :
146 : static void
147 : privileged_init( FD_PARAM_UNUSED fd_topo_t * topo,
148 0 : FD_PARAM_UNUSED fd_topo_tile_t * tile ) {
149 0 : void * scratch = fd_topo_obj_laddr( topo, tile->tile_obj_id );
150 :
151 0 : FD_SCRATCH_ALLOC_INIT( l, scratch );
152 0 : fd_verify_ctx_t * ctx = FD_SCRATCH_ALLOC_APPEND( l, alignof( fd_verify_ctx_t ), sizeof( fd_verify_ctx_t ) );
153 0 : FD_TEST( fd_rng_secure( &ctx->hashmap_seed, 8U ) );
154 0 : }
155 :
156 : static void
157 : unprivileged_init( fd_topo_t * topo,
158 0 : fd_topo_tile_t * tile ) {
159 0 : void * scratch = fd_topo_obj_laddr( topo, tile->tile_obj_id );
160 :
161 0 : FD_SCRATCH_ALLOC_INIT( l, scratch );
162 0 : fd_verify_ctx_t * ctx = FD_SCRATCH_ALLOC_APPEND( l, alignof( fd_verify_ctx_t ), sizeof( fd_verify_ctx_t ) );
163 0 : fd_tcache_t * tcache = fd_tcache_join( fd_tcache_new( FD_SCRATCH_ALLOC_APPEND( l, FD_TCACHE_ALIGN, FD_TCACHE_FOOTPRINT( VERIFY_TCACHE_DEPTH, VERIFY_TCACHE_MAP_CNT ) ), VERIFY_TCACHE_DEPTH, VERIFY_TCACHE_MAP_CNT ) );
164 0 : if( FD_UNLIKELY( !tcache ) ) FD_LOG_ERR(( "fd_tcache_join failed" ));
165 :
166 0 : ctx->round_robin_cnt = fd_topo_tile_name_cnt( topo, tile->name );
167 0 : ctx->round_robin_idx = tile->kind_id;
168 :
169 0 : for ( ulong i=0; i<FD_TXN_ACTUAL_SIG_MAX; i++ ) {
170 0 : fd_sha512_t * sha = fd_sha512_join( fd_sha512_new( FD_SCRATCH_ALLOC_APPEND( l, alignof( fd_sha512_t ), sizeof( fd_sha512_t ) ) ) );
171 0 : if( FD_UNLIKELY( !sha ) ) FD_LOG_ERR(( "fd_sha512_join failed" ));
172 0 : ctx->sha[i] = sha;
173 0 : }
174 :
175 0 : ctx->tcache_depth = fd_tcache_depth ( tcache );
176 0 : ctx->tcache_map_cnt = fd_tcache_map_cnt ( tcache );
177 0 : ctx->tcache_sync = fd_tcache_oldest_laddr( tcache );
178 0 : ctx->tcache_ring = fd_tcache_ring_laddr ( tcache );
179 0 : ctx->tcache_map = fd_tcache_map_laddr ( tcache );
180 :
181 0 : for( ulong i=0; i<tile->in_cnt; i++ ) {
182 0 : fd_topo_link_t * link = &topo->links[ tile->in_link_id[ i ] ];
183 :
184 0 : if( FD_UNLIKELY( link->is_reasm ) ) {
185 0 : fd_topo_wksp_t * link_wksp = &topo->workspaces[ topo->objs[ link->reasm_obj_id ].wksp_id ];
186 0 : ctx->in[i].mem = link_wksp->wksp;
187 0 : ctx->in[i].chunk0 = fd_tpu_reasm_chunk0( link->reasm, link->reasm );
188 0 : ctx->in[i].wmark = fd_tpu_reasm_wmark ( link->reasm, link->reasm );
189 0 : } else {
190 0 : fd_topo_wksp_t * link_wksp = &topo->workspaces[ topo->objs[ link->dcache_obj_id ].wksp_id ];
191 0 : ctx->in[i].mem = link_wksp->wksp;
192 0 : ctx->in[i].chunk0 = fd_dcache_compact_chunk0( ctx->in[i].mem, link->dcache );
193 0 : ctx->in[i].wmark = fd_dcache_compact_wmark ( ctx->in[i].mem, link->dcache, link->mtu );
194 0 : }
195 0 : }
196 :
197 0 : ctx->out_mem = topo->workspaces[ topo->objs[ topo->links[ tile->out_link_id[ 0 ] ].dcache_obj_id ].wksp_id ].wksp;
198 0 : ctx->out_chunk0 = fd_dcache_compact_chunk0( ctx->out_mem, topo->links[ tile->out_link_id[ 0 ] ].dcache );
199 0 : ctx->out_wmark = fd_dcache_compact_wmark ( ctx->out_mem, topo->links[ tile->out_link_id[ 0 ] ].dcache, topo->links[ tile->out_link_id[ 0 ] ].mtu );
200 0 : ctx->out_chunk = ctx->out_chunk0;
201 :
202 0 : ulong scratch_top = FD_SCRATCH_ALLOC_FINI( l, 1UL );
203 0 : if( FD_UNLIKELY( scratch_top > (ulong)scratch + scratch_footprint( tile ) ) )
204 0 : FD_LOG_ERR(( "scratch overflow %lu %lu %lu", scratch_top - (ulong)scratch - scratch_footprint( tile ), scratch_top, (ulong)scratch + scratch_footprint( tile ) ));
205 0 : }
206 :
207 : static ulong
208 : populate_allowed_seccomp( fd_topo_t const * topo,
209 : fd_topo_tile_t const * tile,
210 : ulong out_cnt,
211 0 : struct sock_filter * out ) {
212 0 : (void)topo;
213 0 : (void)tile;
214 :
215 0 : populate_sock_filter_policy_verify( out_cnt, out, (uint)fd_log_private_logfile_fd() );
216 0 : return sock_filter_policy_verify_instr_cnt;
217 0 : }
218 :
219 : static ulong
220 : populate_allowed_fds( fd_topo_t const * topo,
221 : fd_topo_tile_t const * tile,
222 : ulong out_fds_cnt,
223 0 : int * out_fds ) {
224 0 : (void)topo;
225 0 : (void)tile;
226 :
227 0 : if( FD_UNLIKELY( out_fds_cnt<2UL ) ) FD_LOG_ERR(( "out_fds_cnt %lu", out_fds_cnt ));
228 :
229 0 : ulong out_cnt = 0UL;
230 0 : out_fds[ out_cnt++ ] = 2; /* stderr */
231 0 : if( FD_LIKELY( -1!=fd_log_private_logfile_fd() ) )
232 0 : out_fds[ out_cnt++ ] = fd_log_private_logfile_fd(); /* logfile */
233 0 : return out_cnt;
234 0 : }
235 :
236 0 : #define STEM_BURST (1UL)
237 :
238 0 : #define STEM_CALLBACK_CONTEXT_TYPE fd_verify_ctx_t
239 0 : #define STEM_CALLBACK_CONTEXT_ALIGN alignof(fd_verify_ctx_t)
240 :
241 0 : #define STEM_CALLBACK_METRICS_WRITE metrics_write
242 0 : #define STEM_CALLBACK_BEFORE_FRAG before_frag
243 0 : #define STEM_CALLBACK_DURING_FRAG during_frag
244 0 : #define STEM_CALLBACK_AFTER_FRAG after_frag
245 :
246 : #include "../../../../disco/stem/fd_stem.c"
247 :
248 : fd_topo_run_tile_t fd_tile_verify = {
249 : .name = "verify",
250 : .populate_allowed_seccomp = populate_allowed_seccomp,
251 : .populate_allowed_fds = populate_allowed_fds,
252 : .scratch_align = scratch_align,
253 : .scratch_footprint = scratch_footprint,
254 : .privileged_init = privileged_init,
255 : .unprivileged_init = unprivileged_init,
256 : .run = stem_run,
257 : };
|
