LCOV - code coverage report
Current view: top level - disco/dedup - fd_dedup_tile.c (source / functions) Hit Total Coverage
Test: cov.lcov Lines: 9 146 6.2 %
Date: 2025-03-20 12:08:36 Functions: 2 9 22.2 %

          Line data    Source code
       1             : #include "../tiles.h"
       2             : 
       3             : #include "generated/fd_dedup_tile_seccomp.h"
       4             : 
       5             : #include "../verify/fd_verify_tile.h"
       6             : #include "../metrics/fd_metrics.h"
       7             : 
       8             : #include <linux/unistd.h>
       9             : 
      10             : /* fd_dedup provides services to deduplicate multiple streams of input
      11             :    fragments and present them to a mix of reliable and unreliable
      12             :    consumers as though they were generated by a single multi-stream
      13             :    producer.
      14             : 
      15             :    The dedup tile is simply a wrapper around the mux tile, that also
      16             :    checks the transaction signature field for duplicates and filters
      17             :    them out. */
      18             : 
      19           0 : #define IN_KIND_GOSSIP (0UL)
      20           0 : #define IN_KIND_VOTER  (1UL)
      21           0 : #define IN_KIND_VERIFY (2UL)
      22             : 
      23             : /* fd_dedup_in_ctx_t is a context object for each in (producer) mcache
      24             :    connected to the dedup tile. */
      25             : 
      26             : typedef struct {
      27             :   fd_wksp_t * mem;
      28             :   ulong       chunk0;
      29             :   ulong       wmark;
      30             : } fd_dedup_in_ctx_t;
      31             : 
      32             : /* fd_dedup_ctx_t is the context object provided to callbacks from the
      33             :    mux tile, and contains all state needed to progress the tile. */
      34             : 
      35             : typedef struct {
      36             :   ulong   tcache_depth;   /* == fd_tcache_depth( tcache ), depth of this dedups's tcache (const) */
      37             :   ulong   tcache_map_cnt; /* == fd_tcache_map_cnt( tcache ), number of slots to use for tcache map (const) */
      38             :   ulong * tcache_sync;    /* == fd_tcache_oldest_laddr( tcache ), local join to the oldest key in the tcache */
      39             :   ulong * tcache_ring;
      40             :   ulong * tcache_map;
      41             : 
      42             :   ulong             in_kind[ 64UL ];
      43             :   fd_dedup_in_ctx_t in[ 64UL ];
      44             : 
      45             :   int   bundle_failed;
      46             :   ulong bundle_id;
      47             :   ulong bundle_idx;
      48             :   uchar bundle_signatures[ 4UL ][ 64UL ];
      49             : 
      50             :   fd_wksp_t * out_mem;
      51             :   ulong       out_chunk0;
      52             :   ulong       out_wmark;
      53             :   ulong       out_chunk;
      54             : 
      55             :   ulong       hashmap_seed;
      56             : 
      57             :   struct {
      58             :     ulong bundle_peer_failure_cnt;
      59             :     ulong dedup_fail_cnt;
      60             :   } metrics;
      61             : } fd_dedup_ctx_t;
      62             : 
      63             : FD_FN_CONST static inline ulong
      64           3 : scratch_align( void ) {
      65           3 :   return alignof( fd_dedup_ctx_t );
      66           3 : }
      67             : 
      68             : FD_FN_PURE static inline ulong
      69           3 : scratch_footprint( fd_topo_tile_t const * tile ) {
      70           3 :   ulong l = FD_LAYOUT_INIT;
      71           3 :   l = FD_LAYOUT_APPEND( l, alignof( fd_dedup_ctx_t ), sizeof( fd_dedup_ctx_t ) );
      72           3 :   l = FD_LAYOUT_APPEND( l, fd_tcache_align(), fd_tcache_footprint( tile->dedup.tcache_depth, 0UL ) );
      73           3 :   return FD_LAYOUT_FINI( l, scratch_align() );
      74           3 : }
      75             : 
      76             : static inline void
      77           0 : metrics_write( fd_dedup_ctx_t * ctx ) {
      78           0 :   FD_MCNT_SET( DEDUP, TRANSACTION_BUNDLE_PEER_FAILURE, ctx->metrics.bundle_peer_failure_cnt );
      79           0 :   FD_MCNT_SET( DEDUP, TRANSACTION_DEDUP_FAILURE,       ctx->metrics.dedup_fail_cnt );
      80           0 : }
      81             : 
      82             : /* during_frag is called between pairs for sequence number checks, as
      83             :    we are reading incoming frags.  We don't actually need to copy the
      84             :    fragment here, flow control prevents it getting overrun, and
      85             :    downstream consumers could reuse the same chunk and workspace to
      86             :    improve performance.
      87             : 
      88             :    The bounds checking and copying here are defensive measures,
      89             : 
      90             :     * In a functioning system, the bounds checking should never fail,
      91             :       but we want to prevent an attacker with code execution on a producer
      92             :       tile from trivially being able to jump to a consumer tile with
      93             :       out of bounds chunks.
      94             : 
      95             :     * For security reasons, we have chosen to isolate all workspaces from
      96             :       one another, so for example, if the QUIC tile is compromised with
      97             :       RCE, it cannot wait until the sigverify tile has verified a transaction,
      98             :       and then overwrite the transaction while it's being processed by the
      99             :       banking stage. */
     100             : 
     101             : static inline void
     102             : during_frag( fd_dedup_ctx_t * ctx,
     103             :              ulong            in_idx,
     104             :              ulong            seq FD_PARAM_UNUSED,
     105             :              ulong            sig FD_PARAM_UNUSED,
     106             :              ulong            chunk,
     107             :              ulong            sz,
     108           0 :              ulong            ctl FD_PARAM_UNUSED ) {
     109             : 
     110           0 :   if( FD_UNLIKELY( chunk<ctx->in[ in_idx ].chunk0 || chunk>ctx->in[ in_idx ].wmark || sz>FD_TPU_PARSED_MTU ) )
     111           0 :     FD_LOG_ERR(( "chunk %lu %lu corrupt, not in range [%lu,%lu]", chunk, sz, ctx->in[ in_idx ].chunk0, ctx->in[ in_idx ].wmark ));
     112             : 
     113           0 :   uchar * src = (uchar *)fd_chunk_to_laddr( ctx->in[ in_idx ].mem, chunk );
     114           0 :   uchar * dst = (uchar *)fd_chunk_to_laddr( ctx->out_mem, ctx->out_chunk );
     115             : 
     116           0 :   if( FD_UNLIKELY( ctx->in_kind[ in_idx ]==IN_KIND_GOSSIP || ctx->in_kind[ in_idx ]==IN_KIND_VOTER ) ) {
     117           0 :     if( FD_UNLIKELY( sz>FD_TPU_MTU ) ) FD_LOG_ERR(( "received a gossip or voter transaction that was too large" ));
     118             : 
     119           0 :     fd_txn_m_t * txnm = (fd_txn_m_t *)dst;
     120           0 :     txnm->payload_sz = (ushort)sz;
     121           0 :     fd_memcpy( fd_txn_m_payload( txnm ), src, sz );
     122           0 :     txnm->block_engine.bundle_id = 0UL;
     123           0 :   } else {
     124           0 :     fd_memcpy( dst, src, sz );
     125           0 :   }
     126           0 : }
     127             : 
     128             : /* After the transaction has been fully received, and we know we were
     129             :    not overrun while reading it, check if it's a duplicate of a prior
     130             :    transaction.
     131             : 
     132             :    If the transaction came in from the gossip link, then it hasn't been
     133             :    parsed by us.  So parse it here if necessary. */
     134             : 
     135             : static inline void
     136             : after_frag( fd_dedup_ctx_t *    ctx,
     137             :             ulong               in_idx,
     138             :             ulong               seq,
     139             :             ulong               sig,
     140             :             ulong               sz,
     141             :             ulong               tsorig,
     142             :             ulong               _tspub,
     143           0 :             fd_stem_context_t * stem ) {
     144           0 :   (void)seq;
     145           0 :   (void)sig;
     146           0 :   (void)sz;
     147           0 :   (void)_tspub;
     148             : 
     149           0 :   fd_txn_m_t * txnm = (fd_txn_m_t *)fd_chunk_to_laddr( ctx->out_mem, ctx->out_chunk );
     150           0 :   FD_TEST( txnm->payload_sz<=FD_TPU_MTU );
     151           0 :   fd_txn_t * txn = fd_txn_m_txn_t( txnm );
     152             : 
     153           0 :   if( FD_UNLIKELY( txnm->block_engine.bundle_id && (txnm->block_engine.bundle_id!=ctx->bundle_id) ) ) {
     154           0 :     ctx->bundle_failed = 0;
     155           0 :     ctx->bundle_id     = txnm->block_engine.bundle_id;
     156           0 :     ctx->bundle_idx    = 0UL;
     157           0 :   }
     158             : 
     159           0 :   if( FD_UNLIKELY( txnm->block_engine.bundle_id && ctx->bundle_failed ) ) {
     160           0 :     ctx->metrics.bundle_peer_failure_cnt++;
     161           0 :     return;
     162           0 :   }
     163             : 
     164           0 :   if( FD_UNLIKELY( ctx->in_kind[ in_idx ]==IN_KIND_GOSSIP || ctx->in_kind[ in_idx]==IN_KIND_VOTER ) ) {
     165             :     /* Transactions coming in from these links are not parsed.
     166             : 
     167             :        We'll need to parse it so it's ready for downstream consumers.
     168             :        Equally importantly, we need to parse to extract the signature
     169             :        for dedup.  Just parse it right into the output dcache. */
     170           0 :     txnm->txn_t_sz = (ushort)fd_txn_parse( fd_txn_m_payload( txnm ), txnm->payload_sz, txn, NULL );
     171           0 :     if( FD_UNLIKELY( !txnm->txn_t_sz ) ) FD_LOG_ERR(( "fd_txn_parse failed for vote transactions that should have been sigverified" ));
     172             : 
     173           0 :     if( FD_UNLIKELY( ctx->in_kind[ in_idx ]==IN_KIND_GOSSIP ) ) FD_MCNT_INC( DEDUP, GOSSIPED_VOTES_RECEIVED, 1UL );
     174           0 :   }
     175             : 
     176           0 :   int is_dup = 0;
     177           0 :   if( FD_LIKELY( !txnm->block_engine.bundle_id ) ) {
     178             :     /* Compute fd_hash(signature) for dedup. */
     179           0 :     ulong ha_dedup_tag = fd_hash( ctx->hashmap_seed, fd_txn_m_payload( txnm )+txn->signature_off, 64UL );
     180             : 
     181           0 :     FD_TCACHE_INSERT( is_dup, *ctx->tcache_sync, ctx->tcache_ring, ctx->tcache_depth, ctx->tcache_map, ctx->tcache_map_cnt, ha_dedup_tag );
     182           0 :   } else {
     183             :     /* Make sure bundles don't contain a duplicate transaction inside
     184             :        the bundle, which would not be valid. */
     185             : 
     186           0 :     for( ulong i=0UL; i<ctx->bundle_idx; i++ ) {
     187           0 :       if( !memcmp( ctx->bundle_signatures[ i ], fd_txn_m_payload( txnm )+txn->signature_off, 64UL ) ) {
     188           0 :         is_dup = 1;
     189           0 :         break;
     190           0 :       }
     191           0 :     }
     192             : 
     193           0 :     if( FD_UNLIKELY( ctx->bundle_idx>4UL ) ) FD_LOG_ERR(( "bundle_idx %lu > 4", ctx->bundle_idx ));
     194           0 :     else if( FD_UNLIKELY( ctx->bundle_idx==4UL ) ) ctx->bundle_idx++;
     195           0 :     else fd_memcpy( ctx->bundle_signatures[ ctx->bundle_idx++ ], fd_txn_m_payload( txnm )+txn->signature_off, 64UL );
     196           0 :   }
     197             : 
     198           0 :   if( FD_LIKELY( is_dup ) ) {
     199           0 :     if( FD_UNLIKELY( txnm->block_engine.bundle_id ) ) ctx->bundle_failed = 1;
     200             : 
     201           0 :     ctx->metrics.dedup_fail_cnt++;
     202           0 :   } else {
     203           0 :     ulong realized_sz = fd_txn_m_realized_footprint( txnm, 1, 0 );
     204           0 :     ulong tspub = (ulong)fd_frag_meta_ts_comp( fd_tickcount() );
     205           0 :     fd_stem_publish( stem, 0UL, 0, ctx->out_chunk, realized_sz, 0UL, tsorig, tspub );
     206           0 :     ctx->out_chunk = fd_dcache_compact_next( ctx->out_chunk, realized_sz, ctx->out_chunk0, ctx->out_wmark );
     207           0 :   }
     208           0 : }
     209             : 
     210             : static void
     211             : privileged_init( fd_topo_t *      topo,
     212           0 :                  fd_topo_tile_t * tile ) {
     213           0 :   void * scratch = fd_topo_obj_laddr( topo, tile->tile_obj_id );
     214             : 
     215           0 :   FD_SCRATCH_ALLOC_INIT( l, scratch );
     216           0 :   fd_dedup_ctx_t * ctx = FD_SCRATCH_ALLOC_APPEND( l, alignof( fd_dedup_ctx_t ), sizeof( fd_dedup_ctx_t ) );
     217           0 :   FD_TEST( fd_rng_secure( &ctx->hashmap_seed, 8U ) );
     218           0 : }
     219             : 
     220             : static void
     221             : unprivileged_init( fd_topo_t *      topo,
     222           0 :                    fd_topo_tile_t * tile ) {
     223           0 :   void * scratch = fd_topo_obj_laddr( topo, tile->tile_obj_id );
     224             : 
     225           0 :   FD_SCRATCH_ALLOC_INIT( l, scratch );
     226           0 :   fd_dedup_ctx_t * ctx = FD_SCRATCH_ALLOC_APPEND( l, alignof( fd_dedup_ctx_t ), sizeof( fd_dedup_ctx_t ) );
     227           0 :   fd_tcache_t * tcache = fd_tcache_join( fd_tcache_new( FD_SCRATCH_ALLOC_APPEND( l, fd_tcache_align(), fd_tcache_footprint( tile->dedup.tcache_depth, 0) ), tile->dedup.tcache_depth, 0 ) );
     228           0 :   if( FD_UNLIKELY( !tcache ) ) FD_LOG_ERR(( "fd_tcache_new failed" ));
     229             : 
     230           0 :   ctx->bundle_failed = 0;
     231           0 :   ctx->bundle_id     = 0UL;
     232           0 :   ctx->bundle_idx    = 0UL;
     233             : 
     234           0 :   memset( &ctx->metrics, 0, sizeof( ctx->metrics ) );
     235             : 
     236           0 :   ctx->tcache_depth   = fd_tcache_depth       ( tcache );
     237           0 :   ctx->tcache_map_cnt = fd_tcache_map_cnt     ( tcache );
     238           0 :   ctx->tcache_sync    = fd_tcache_oldest_laddr( tcache );
     239           0 :   ctx->tcache_ring    = fd_tcache_ring_laddr  ( tcache );
     240           0 :   ctx->tcache_map     = fd_tcache_map_laddr   ( tcache );
     241             : 
     242           0 :   FD_TEST( tile->in_cnt<=sizeof( ctx->in )/sizeof( ctx->in[ 0 ] ) );
     243           0 :   for( ulong i=0UL; i<tile->in_cnt; i++ ) {
     244           0 :     fd_topo_link_t * link = &topo->links[ tile->in_link_id[ i ] ];
     245           0 :     fd_topo_wksp_t * link_wksp = &topo->workspaces[ topo->objs[ link->dcache_obj_id ].wksp_id ];
     246             : 
     247           0 :     ctx->in[i].mem    = link_wksp->wksp;
     248           0 :     ctx->in[i].chunk0 = fd_dcache_compact_chunk0( ctx->in[i].mem, link->dcache );
     249           0 :     ctx->in[i].wmark  = fd_dcache_compact_wmark ( ctx->in[i].mem, link->dcache, link->mtu );
     250             : 
     251           0 :     if( FD_UNLIKELY( !strcmp( link->name, "gossip_dedup" ) ) ) {
     252           0 :       ctx->in_kind[ i ] = IN_KIND_GOSSIP;
     253           0 :     } else if( FD_UNLIKELY( !strcmp( link->name, "voter_dedup" ) ) ) {
     254           0 :       ctx->in_kind[ i ] = IN_KIND_VOTER;
     255           0 :     } else if( FD_UNLIKELY( !strcmp( link->name, "verify_dedup" ) ) ) {
     256           0 :       ctx->in_kind[ i ] = IN_KIND_VERIFY;
     257           0 :     } else {
     258           0 :       FD_LOG_ERR(( "unexpected link name %s", link->name ));
     259           0 :     }
     260           0 :   }
     261             : 
     262           0 :   ctx->out_mem    = topo->workspaces[ topo->objs[ topo->links[ tile->out_link_id[ 0 ] ].dcache_obj_id ].wksp_id ].wksp;
     263           0 :   ctx->out_chunk0 = fd_dcache_compact_chunk0( ctx->out_mem, topo->links[ tile->out_link_id[ 0 ] ].dcache );
     264           0 :   ctx->out_wmark  = fd_dcache_compact_wmark ( ctx->out_mem, topo->links[ tile->out_link_id[ 0 ] ].dcache, topo->links[ tile->out_link_id[ 0 ] ].mtu );
     265           0 :   ctx->out_chunk  = ctx->out_chunk0;
     266             : 
     267           0 :   ulong scratch_top = FD_SCRATCH_ALLOC_FINI( l, 1UL );
     268           0 :   if( FD_UNLIKELY( scratch_top > (ulong)scratch + scratch_footprint( tile ) ) )
     269           0 :     FD_LOG_ERR(( "scratch overflow %lu %lu %lu", scratch_top - (ulong)scratch - scratch_footprint( tile ), scratch_top, (ulong)scratch + scratch_footprint( tile ) ));
     270           0 : }
     271             : 
     272             : static ulong
     273             : populate_allowed_seccomp( fd_topo_t const *      topo,
     274             :                           fd_topo_tile_t const * tile,
     275             :                           ulong                  out_cnt,
     276           0 :                           struct sock_filter *   out ) {
     277           0 :   (void)topo;
     278           0 :   (void)tile;
     279             : 
     280           0 :   populate_sock_filter_policy_fd_dedup_tile( out_cnt, out, (uint)fd_log_private_logfile_fd() );
     281           0 :   return sock_filter_policy_fd_dedup_tile_instr_cnt;
     282           0 : }
     283             : 
     284             : static ulong
     285             : populate_allowed_fds( fd_topo_t const *      topo,
     286             :                       fd_topo_tile_t const * tile,
     287             :                       ulong                  out_fds_cnt,
     288           0 :                       int *                  out_fds ) {
     289           0 :   (void)topo;
     290           0 :   (void)tile;
     291             : 
     292           0 :   if( FD_UNLIKELY( out_fds_cnt<2UL ) ) FD_LOG_ERR(( "out_fds_cnt %lu", out_fds_cnt ));
     293             : 
     294           0 :   ulong out_cnt = 0UL;
     295           0 :   out_fds[ out_cnt++ ] = 2; /* stderr */
     296           0 :   if( FD_LIKELY( -1!=fd_log_private_logfile_fd() ) )
     297           0 :     out_fds[ out_cnt++ ] = fd_log_private_logfile_fd(); /* logfile */
     298           0 :   return out_cnt;
     299           0 : }
     300             : 
     301           0 : #define STEM_BURST (1UL)
     302             : 
     303           0 : #define STEM_CALLBACK_CONTEXT_TYPE  fd_dedup_ctx_t
     304           0 : #define STEM_CALLBACK_CONTEXT_ALIGN alignof(fd_dedup_ctx_t)
     305             : 
     306           0 : #define STEM_CALLBACK_METRICS_WRITE metrics_write
     307           0 : #define STEM_CALLBACK_DURING_FRAG   during_frag
     308           0 : #define STEM_CALLBACK_AFTER_FRAG    after_frag
     309             : 
     310             : #include "../stem/fd_stem.c"
     311             : 
     312             : fd_topo_run_tile_t fd_tile_dedup = {
     313             :   .name                     = "dedup",
     314             :   .populate_allowed_seccomp = populate_allowed_seccomp,
     315             :   .populate_allowed_fds     = populate_allowed_fds,
     316             :   .scratch_align            = scratch_align,
     317             :   .scratch_footprint        = scratch_footprint,
     318             :   .privileged_init          = privileged_init,
     319             :   .unprivileged_init        = unprivileged_init,
     320             :   .run                      = stem_run,
     321             : };

Generated by: LCOV version 1.14