Line data Source code
1 : #include "fd_verify.h"
2 : #include "../../../../disco/metrics/fd_metrics.h"
3 : #include "generated/verify_seccomp.h"
4 :
5 : #include <linux/unistd.h>
6 :
7 : /* The verify tile is a wrapper around the mux tile, that also verifies
8 : incoming transaction signatures match the data being signed.
9 : Non-matching transactions are filtered out of the frag stream. */
10 :
11 : FD_FN_CONST static inline ulong
12 18 : scratch_align( void ) {
13 18 : return FD_TCACHE_ALIGN;
14 18 : }
15 :
16 : FD_FN_PURE static inline ulong
17 18 : scratch_footprint( fd_topo_tile_t const * tile ) {
18 18 : ulong l = FD_LAYOUT_INIT;
19 18 : l = FD_LAYOUT_APPEND( l, alignof( fd_verify_ctx_t ), sizeof( fd_verify_ctx_t ) );
20 18 : l = FD_LAYOUT_APPEND( l, fd_tcache_align(), fd_tcache_footprint( tile->verify.tcache_depth, 0UL ) );
21 234 : for( ulong i=0; i<FD_TXN_ACTUAL_SIG_MAX; i++ ) {
22 216 : l = FD_LAYOUT_APPEND( l, fd_sha512_align(), fd_sha512_footprint() );
23 216 : }
24 18 : return FD_LAYOUT_FINI( l, scratch_align() );
25 18 : }
26 :
27 : static inline void
28 0 : metrics_write( fd_verify_ctx_t * ctx ) {
29 0 : FD_MCNT_SET( VERIFY, TRANSACTION_PARSE_FAILURE, ctx->metrics.parse_fail_cnt );
30 0 : FD_MCNT_SET( VERIFY, TRANSACTION_DEDUP_FAILURE, ctx->metrics.dedup_fail_cnt );
31 0 : FD_MCNT_SET( VERIFY, TRANSACTION_VERIFY_FAILURE, ctx->metrics.verify_fail_cnt );
32 0 : }
33 :
34 : static int
35 : before_frag( fd_verify_ctx_t * ctx,
36 : ulong in_idx,
37 : ulong seq,
38 0 : ulong sig ) {
39 0 : (void)in_idx;
40 0 : (void)sig;
41 :
42 0 : return (seq % ctx->round_robin_cnt) != ctx->round_robin_idx;
43 0 : }
44 :
45 : /* during_frag is called between pairs for sequence number checks, as
46 : we are reading incoming frags. We don't actually need to copy the
47 : fragment here, see fd_dedup.c for why we do this.*/
48 :
49 : static inline void
50 : during_frag( fd_verify_ctx_t * ctx,
51 : ulong in_idx,
52 : ulong seq,
53 : ulong sig,
54 : ulong chunk,
55 0 : ulong sz ) {
56 0 : (void)seq;
57 0 : (void)sig;
58 :
59 0 : if( FD_UNLIKELY( chunk<ctx->in[in_idx].chunk0 || chunk>ctx->in[in_idx].wmark || sz>FD_TPU_MTU ) )
60 0 : FD_LOG_ERR(( "chunk %lu %lu corrupt, not in range [%lu,%lu]", chunk, sz, ctx->in[in_idx].chunk0, ctx->in[in_idx].wmark ));
61 :
62 0 : uchar * src = (uchar *)fd_chunk_to_laddr( ctx->in[in_idx].mem, chunk );
63 0 : fd_txn_m_t * dst = (fd_txn_m_t *)fd_chunk_to_laddr( ctx->out_mem, ctx->out_chunk );
64 :
65 0 : dst->payload_sz = (ushort)sz;
66 0 : fd_memcpy( fd_txn_m_payload( dst ), src, sz );
67 0 : }
68 :
69 : static inline void
70 : after_frag( fd_verify_ctx_t * ctx,
71 : ulong in_idx,
72 : ulong seq,
73 : ulong sig,
74 : ulong sz,
75 : ulong tsorig,
76 0 : fd_stem_context_t * stem ) {
77 0 : (void)in_idx;
78 0 : (void)seq;
79 0 : (void)sig;
80 0 : (void)sz;
81 :
82 0 : fd_txn_m_t * txnm = (fd_txn_m_t *)fd_chunk_to_laddr( ctx->out_mem, ctx->out_chunk );
83 0 : fd_txn_t * txnt = fd_txn_m_txn_t( txnm );
84 0 : txnm->txn_t_sz = (ushort)fd_txn_parse( fd_txn_m_payload( txnm ), txnm->payload_sz, txnt, NULL );
85 :
86 0 : if( FD_UNLIKELY( !txnm->txn_t_sz ) ) {
87 0 : ctx->metrics.parse_fail_cnt++;
88 0 : return;
89 0 : }
90 :
91 0 : ulong _txn_sig;
92 0 : int res = fd_txn_verify( ctx, fd_txn_m_payload( txnm ), txnm->payload_sz, txnt, &_txn_sig );
93 0 : if( FD_UNLIKELY( res!=FD_TXN_VERIFY_SUCCESS ) ) {
94 0 : if( FD_LIKELY( res==FD_TXN_VERIFY_DEDUP ) ) ctx->metrics.dedup_fail_cnt++;
95 0 : else ctx->metrics.verify_fail_cnt++;
96 :
97 0 : return;
98 0 : }
99 :
100 0 : ulong realized_sz = fd_txn_m_realized_footprint( txnm, 0 );
101 0 : ulong tspub = (ulong)fd_frag_meta_ts_comp( fd_tickcount() );
102 0 : fd_stem_publish( stem, 0UL, 0UL, ctx->out_chunk, realized_sz, 0UL, tsorig, tspub );
103 0 : ctx->out_chunk = fd_dcache_compact_next( ctx->out_chunk, realized_sz, ctx->out_chunk0, ctx->out_wmark );
104 0 : }
105 :
106 : static void
107 : privileged_init( FD_PARAM_UNUSED fd_topo_t * topo,
108 0 : FD_PARAM_UNUSED fd_topo_tile_t * tile ) {
109 0 : void * scratch = fd_topo_obj_laddr( topo, tile->tile_obj_id );
110 :
111 0 : FD_SCRATCH_ALLOC_INIT( l, scratch );
112 0 : fd_verify_ctx_t * ctx = FD_SCRATCH_ALLOC_APPEND( l, alignof( fd_verify_ctx_t ), sizeof( fd_verify_ctx_t ) );
113 0 : FD_TEST( fd_rng_secure( &ctx->hashmap_seed, 8U ) );
114 0 : }
115 :
116 : static void
117 : unprivileged_init( fd_topo_t * topo,
118 0 : fd_topo_tile_t * tile ) {
119 0 : void * scratch = fd_topo_obj_laddr( topo, tile->tile_obj_id );
120 :
121 0 : FD_SCRATCH_ALLOC_INIT( l, scratch );
122 0 : fd_verify_ctx_t * ctx = FD_SCRATCH_ALLOC_APPEND( l, alignof( fd_verify_ctx_t ), sizeof( fd_verify_ctx_t ) );
123 0 : fd_tcache_t * tcache = fd_tcache_join( fd_tcache_new( FD_SCRATCH_ALLOC_APPEND( l, FD_TCACHE_ALIGN, FD_TCACHE_FOOTPRINT( tile->verify.tcache_depth, 0UL ) ), tile->verify.tcache_depth, 0UL ) );
124 0 : if( FD_UNLIKELY( !tcache ) ) FD_LOG_ERR(( "fd_tcache_join failed" ));
125 :
126 0 : ctx->round_robin_cnt = fd_topo_tile_name_cnt( topo, tile->name );
127 0 : ctx->round_robin_idx = tile->kind_id;
128 :
129 0 : for ( ulong i=0; i<FD_TXN_ACTUAL_SIG_MAX; i++ ) {
130 0 : fd_sha512_t * sha = fd_sha512_join( fd_sha512_new( FD_SCRATCH_ALLOC_APPEND( l, alignof( fd_sha512_t ), sizeof( fd_sha512_t ) ) ) );
131 0 : if( FD_UNLIKELY( !sha ) ) FD_LOG_ERR(( "fd_sha512_join failed" ));
132 0 : ctx->sha[i] = sha;
133 0 : }
134 :
135 0 : ctx->tcache_depth = fd_tcache_depth ( tcache );
136 0 : ctx->tcache_map_cnt = fd_tcache_map_cnt ( tcache );
137 0 : ctx->tcache_sync = fd_tcache_oldest_laddr( tcache );
138 0 : ctx->tcache_ring = fd_tcache_ring_laddr ( tcache );
139 0 : ctx->tcache_map = fd_tcache_map_laddr ( tcache );
140 :
141 0 : for( ulong i=0; i<tile->in_cnt; i++ ) {
142 0 : fd_topo_link_t * link = &topo->links[ tile->in_link_id[ i ] ];
143 :
144 0 : fd_topo_wksp_t * link_wksp = &topo->workspaces[ topo->objs[ link->dcache_obj_id ].wksp_id ];
145 0 : ctx->in[i].mem = link_wksp->wksp;
146 0 : ctx->in[i].chunk0 = fd_dcache_compact_chunk0( ctx->in[i].mem, link->dcache );
147 0 : ctx->in[i].wmark = fd_dcache_compact_wmark ( ctx->in[i].mem, link->dcache, link->mtu );
148 0 : }
149 :
150 0 : ctx->out_mem = topo->workspaces[ topo->objs[ topo->links[ tile->out_link_id[ 0 ] ].dcache_obj_id ].wksp_id ].wksp;
151 0 : ctx->out_chunk0 = fd_dcache_compact_chunk0( ctx->out_mem, topo->links[ tile->out_link_id[ 0 ] ].dcache );
152 0 : ctx->out_wmark = fd_dcache_compact_wmark ( ctx->out_mem, topo->links[ tile->out_link_id[ 0 ] ].dcache, topo->links[ tile->out_link_id[ 0 ] ].mtu );
153 0 : ctx->out_chunk = ctx->out_chunk0;
154 :
155 0 : ulong scratch_top = FD_SCRATCH_ALLOC_FINI( l, 1UL );
156 0 : if( FD_UNLIKELY( scratch_top > (ulong)scratch + scratch_footprint( tile ) ) )
157 0 : FD_LOG_ERR(( "scratch overflow %lu %lu %lu", scratch_top - (ulong)scratch - scratch_footprint( tile ), scratch_top, (ulong)scratch + scratch_footprint( tile ) ));
158 0 : }
159 :
160 : static ulong
161 : populate_allowed_seccomp( fd_topo_t const * topo,
162 : fd_topo_tile_t const * tile,
163 : ulong out_cnt,
164 0 : struct sock_filter * out ) {
165 0 : (void)topo;
166 0 : (void)tile;
167 :
168 0 : populate_sock_filter_policy_verify( out_cnt, out, (uint)fd_log_private_logfile_fd() );
169 0 : return sock_filter_policy_verify_instr_cnt;
170 0 : }
171 :
172 : static ulong
173 : populate_allowed_fds( fd_topo_t const * topo,
174 : fd_topo_tile_t const * tile,
175 : ulong out_fds_cnt,
176 0 : int * out_fds ) {
177 0 : (void)topo;
178 0 : (void)tile;
179 :
180 0 : if( FD_UNLIKELY( out_fds_cnt<2UL ) ) FD_LOG_ERR(( "out_fds_cnt %lu", out_fds_cnt ));
181 :
182 0 : ulong out_cnt = 0UL;
183 0 : out_fds[ out_cnt++ ] = 2; /* stderr */
184 0 : if( FD_LIKELY( -1!=fd_log_private_logfile_fd() ) )
185 0 : out_fds[ out_cnt++ ] = fd_log_private_logfile_fd(); /* logfile */
186 0 : return out_cnt;
187 0 : }
188 :
189 0 : #define STEM_BURST (1UL)
190 :
191 0 : #define STEM_CALLBACK_CONTEXT_TYPE fd_verify_ctx_t
192 0 : #define STEM_CALLBACK_CONTEXT_ALIGN alignof(fd_verify_ctx_t)
193 :
194 0 : #define STEM_CALLBACK_METRICS_WRITE metrics_write
195 0 : #define STEM_CALLBACK_BEFORE_FRAG before_frag
196 0 : #define STEM_CALLBACK_DURING_FRAG during_frag
197 0 : #define STEM_CALLBACK_AFTER_FRAG after_frag
198 :
199 : #include "../../../../disco/stem/fd_stem.c"
200 :
201 : fd_topo_run_tile_t fd_tile_verify = {
202 : .name = "verify",
203 : .populate_allowed_seccomp = populate_allowed_seccomp,
204 : .populate_allowed_fds = populate_allowed_fds,
205 : .scratch_align = scratch_align,
206 : .scratch_footprint = scratch_footprint,
207 : .privileged_init = privileged_init,
208 : .unprivileged_init = unprivileged_init,
209 : .run = stem_run,
210 : };
|
