Line data Source code
1 : #include "fd_verify_tile.h"
2 : #include "../fd_txn_m.h"
3 : #include "../metrics/fd_metrics.h"
4 : #include "generated/fd_verify_tile_seccomp.h"
5 : #include "../../flamenco/gossip/fd_gossip_types.h"
6 :
7 3 : #define IN_KIND_QUIC (0UL)
8 87 : #define IN_KIND_BUNDLE (1UL)
9 3 : #define IN_KIND_GOSSIP (2UL)
10 3 : #define IN_KIND_TXSEND (3UL)
11 :
12 : FD_FN_CONST static inline ulong
13 15 : scratch_align( void ) {
14 15 : return FD_TCACHE_ALIGN;
15 15 : }
16 :
17 : FD_FN_PURE static inline ulong
18 6 : scratch_footprint( fd_topo_tile_t const * tile ) {
19 6 : ulong l = FD_LAYOUT_INIT;
20 6 : l = FD_LAYOUT_APPEND( l, alignof( fd_verify_ctx_t ), sizeof( fd_verify_ctx_t ) );
21 6 : l = FD_LAYOUT_APPEND( l, fd_tcache_align(), fd_tcache_footprint( tile->verify.tcache_depth, 0UL ) );
22 78 : for( ulong i=0; i<FD_TXN_ACTUAL_SIG_MAX; i++ ) {
23 72 : l = FD_LAYOUT_APPEND( l, fd_sha512_align(), fd_sha512_footprint() );
24 72 : }
25 6 : return FD_LAYOUT_FINI( l, scratch_align() );
26 6 : }
27 :
28 : static inline void
29 0 : metrics_write( fd_verify_ctx_t * ctx ) {
30 0 : FD_MCNT_ENUM_COPY( VERIFY, TRANSACTION_RESULT, ctx->metrics.verify_tile_result );
31 0 : FD_MCNT_SET( VERIFY, GOSSIPED_VOTES_RECEIVED, ctx->metrics.gossiped_votes_cnt );
32 0 : }
33 :
34 : static int
35 : before_frag( fd_verify_ctx_t * ctx,
36 : ulong in_idx,
37 : ulong seq,
38 42 : ulong sig ) {
39 : /* Bundle tile can produce both "bundles" and "packets", a packet is a
40 : regular transaction and should be round-robined between verify
41 : tiles, while bundles need to go through verify:0 currently to
42 : prevent interleaving of bundle streams. */
43 42 : int is_bundle_packet = (ctx->in_kind[ in_idx ]==IN_KIND_BUNDLE && !sig);
44 :
45 42 : if( FD_LIKELY( is_bundle_packet || ctx->in_kind[ in_idx ]==IN_KIND_QUIC ) ) {
46 30 : return (seq % ctx->round_robin_cnt) != ctx->round_robin_idx;
47 30 : } else if( FD_LIKELY( ctx->in_kind[ in_idx ]==IN_KIND_BUNDLE ) ) {
48 12 : return ctx->round_robin_idx!=0UL;
49 12 : } else if( FD_LIKELY( ctx->in_kind[ in_idx ]==IN_KIND_GOSSIP ) ) {
50 0 : return (seq % ctx->round_robin_cnt) != ctx->round_robin_idx ||
51 0 : sig!=FD_GOSSIP_UPDATE_TAG_VOTE;
52 0 : }
53 :
54 0 : return 0;
55 42 : }
56 :
57 : /* during_frag is called between pairs for sequence number checks, as
58 : we are reading incoming frags. We don't actually need to copy the
59 : fragment here, see fd_dedup.c for why we do this.*/
60 :
61 : static inline void
62 : during_frag( fd_verify_ctx_t * ctx,
63 : ulong in_idx,
64 : ulong seq FD_PARAM_UNUSED,
65 : ulong sig FD_PARAM_UNUSED,
66 : ulong chunk,
67 : ulong sz,
68 0 : ulong ctl FD_PARAM_UNUSED ) {
69 :
70 0 : ulong in_kind = ctx->in_kind[ in_idx ];
71 0 : if( FD_UNLIKELY( in_kind==IN_KIND_BUNDLE || in_kind==IN_KIND_QUIC || in_kind==IN_KIND_TXSEND ) ) {
72 0 : if( FD_UNLIKELY( chunk<ctx->in[in_idx].chunk0 || chunk>ctx->in[in_idx].wmark || sz>FD_TPU_RAW_MTU ) )
73 0 : FD_LOG_ERR(( "chunk %lu %lu corrupt, not in range [%lu,%lu,%lu]", chunk, sz, ctx->in[in_idx].chunk0, ctx->in[in_idx].wmark, FD_TPU_RAW_MTU ));
74 :
75 0 : uchar * src = (uchar *)fd_chunk_to_laddr( ctx->in[in_idx].mem, chunk );
76 0 : uchar * dst = (uchar *)fd_chunk_to_laddr( ctx->out_mem, ctx->out_chunk );
77 0 : fd_memcpy( dst, src, sz );
78 :
79 0 : fd_txn_m_t const * txnm = (fd_txn_m_t const *)dst;
80 0 : if( FD_UNLIKELY( txnm->payload_sz>FD_TPU_MTU ) ) {
81 0 : FD_LOG_ERR(( "fd_verify: txn payload size %hu exceeds max %lu", txnm->payload_sz, FD_TPU_MTU ));
82 0 : }
83 0 : } else if( FD_UNLIKELY( ctx->in_kind[ in_idx ]==IN_KIND_GOSSIP ) ) {
84 0 : if( FD_UNLIKELY( chunk<ctx->in[in_idx].chunk0 || chunk>ctx->in[in_idx].wmark || sz>2048UL ) )
85 0 : FD_LOG_ERR(( "chunk %lu %lu corrupt, not in range [%lu,%lu]", chunk, sz, ctx->in[in_idx].chunk0, ctx->in[in_idx].wmark ));
86 :
87 0 : fd_gossip_update_message_t const * msg = (fd_gossip_update_message_t const *)fd_chunk_to_laddr_const( ctx->in[in_idx].mem, chunk );
88 0 : fd_txn_m_t * dst = (fd_txn_m_t *)fd_chunk_to_laddr( ctx->out_mem, ctx->out_chunk );
89 :
90 0 : dst->payload_sz = (ushort)msg->vote.txn_sz;
91 0 : dst->block_engine.bundle_id = 0UL;
92 0 : dst->source_ipv4 = msg->vote.socket.addr;
93 0 : dst->source_tpu = FD_TXN_M_TPU_SOURCE_GOSSIP;
94 0 : fd_memcpy( fd_txn_m_payload( dst ), msg->vote.txn, msg->vote.txn_sz );
95 0 : }
96 0 : }
97 :
98 : static inline void
99 : after_frag( fd_verify_ctx_t * ctx,
100 : ulong in_idx,
101 : ulong seq,
102 : ulong sig,
103 : ulong sz,
104 : ulong tsorig,
105 : ulong _tspub,
106 0 : fd_stem_context_t * stem ) {
107 0 : (void)in_idx;
108 0 : (void)seq;
109 0 : (void)sig;
110 0 : (void)sz;
111 0 : (void)_tspub;
112 :
113 0 : if( FD_UNLIKELY( ctx->in_kind[ in_idx ]==IN_KIND_GOSSIP || ctx->in_kind[ in_idx ]==IN_KIND_TXSEND ) ) ctx->metrics.gossiped_votes_cnt++;
114 :
115 0 : fd_txn_m_t * txnm = (fd_txn_m_t *)fd_chunk_to_laddr( ctx->out_mem, ctx->out_chunk );
116 0 : fd_txn_t * txnt = fd_txn_m_txn_t( txnm );
117 0 : txnm->txn_t_sz = (ushort)fd_txn_parse( fd_txn_m_payload( txnm ), txnm->payload_sz, txnt, NULL );
118 :
119 0 : int is_bundle = !!txnm->block_engine.bundle_id;
120 :
121 0 : if( FD_UNLIKELY( is_bundle & (txnm->block_engine.bundle_id!=ctx->bundle_id) ) ) {
122 0 : ctx->bundle_failed = 0;
123 0 : ctx->bundle_id = txnm->block_engine.bundle_id;
124 0 : }
125 :
126 0 : if( FD_UNLIKELY( is_bundle & (!!ctx->bundle_failed) ) ) {
127 0 : ctx->metrics.verify_tile_result[ FD_METRICS_ENUM_VERIFY_TILE_RESULT_V_BUNDLE_PEER_FAILURE_IDX ]++;
128 0 : return;
129 0 : }
130 :
131 0 : if( FD_UNLIKELY( !txnm->txn_t_sz ) ) {
132 0 : if( FD_UNLIKELY( is_bundle ) ) ctx->bundle_failed = 1;
133 0 : ctx->metrics.verify_tile_result[ FD_METRICS_ENUM_VERIFY_TILE_RESULT_V_PARSE_FAILURE_IDX ]++;
134 0 : return;
135 0 : }
136 :
137 : /* Users sometimes send transactions as part of a bundle (with a tip)
138 : and via the normal path (without a tip). Regardless of which
139 : arrives first, we want to pack the one with the tip. Thus, we
140 : exempt bundles from the normal HA dedup checks. The dedup tile
141 : will still do a full-bundle dedup check to make sure to drop any
142 : identical bundles. */
143 0 : ulong _txn_sig;
144 0 : int res = fd_txn_verify( ctx, fd_txn_m_payload( txnm ), txnm->payload_sz, txnt, !is_bundle, &_txn_sig );
145 0 : if( FD_UNLIKELY( res!=FD_TXN_VERIFY_SUCCESS ) ) {
146 0 : if( FD_UNLIKELY( is_bundle ) ) ctx->bundle_failed = 1;
147 :
148 0 : if( FD_LIKELY( res==FD_TXN_VERIFY_DEDUP ) ) ctx->metrics.verify_tile_result[ FD_METRICS_ENUM_VERIFY_TILE_RESULT_V_DEDUP_FAILURE_IDX ]++;
149 0 : else ctx->metrics.verify_tile_result[ FD_METRICS_ENUM_VERIFY_TILE_RESULT_V_VERIFY_FAILURE_IDX ]++;
150 :
151 0 : return;
152 0 : }
153 :
154 0 : ulong realized_sz = fd_txn_m_realized_footprint( txnm, 1, 0 );
155 0 : ulong tspub = (ulong)fd_frag_meta_ts_comp( fd_tickcount() );
156 0 : fd_stem_publish( stem, 0UL, 0UL, ctx->out_chunk, realized_sz, 0UL, tsorig, tspub );
157 0 : ctx->out_chunk = fd_dcache_compact_next( ctx->out_chunk, realized_sz, ctx->out_chunk0, ctx->out_wmark );
158 :
159 0 : ctx->metrics.verify_tile_result[ FD_METRICS_ENUM_VERIFY_TILE_RESULT_V_SUCCESS_IDX ]++;
160 0 : }
161 :
162 : static void
163 : privileged_init( fd_topo_t * topo,
164 3 : fd_topo_tile_t * tile ) {
165 3 : void * scratch = fd_topo_obj_laddr( topo, tile->tile_obj_id );
166 :
167 3 : FD_SCRATCH_ALLOC_INIT( l, scratch );
168 3 : fd_verify_ctx_t * ctx = FD_SCRATCH_ALLOC_APPEND( l, alignof( fd_verify_ctx_t ), sizeof( fd_verify_ctx_t ) );
169 3 : FD_TEST( fd_rng_secure( &ctx->hashmap_seed, 8U ) );
170 3 : }
171 :
172 : static void
173 : unprivileged_init( fd_topo_t * topo,
174 3 : fd_topo_tile_t * tile ) {
175 3 : void * scratch = fd_topo_obj_laddr( topo, tile->tile_obj_id );
176 :
177 3 : FD_SCRATCH_ALLOC_INIT( l, scratch );
178 3 : fd_verify_ctx_t * ctx = FD_SCRATCH_ALLOC_APPEND( l, alignof( fd_verify_ctx_t ), sizeof( fd_verify_ctx_t ) );
179 3 : fd_tcache_t * tcache = fd_tcache_join( fd_tcache_new( FD_SCRATCH_ALLOC_APPEND( l, FD_TCACHE_ALIGN, FD_TCACHE_FOOTPRINT( tile->verify.tcache_depth, 0UL ) ), tile->verify.tcache_depth, 0UL ) );
180 3 : if( FD_UNLIKELY( !tcache ) ) FD_LOG_ERR(( "fd_tcache_join failed" ));
181 :
182 3 : ctx->round_robin_cnt = fd_topo_tile_name_cnt( topo, tile->name );
183 3 : ctx->round_robin_idx = tile->kind_id;
184 :
185 39 : for ( ulong i=0; i<FD_TXN_ACTUAL_SIG_MAX; i++ ) {
186 36 : fd_sha512_t * sha = fd_sha512_join( fd_sha512_new( FD_SCRATCH_ALLOC_APPEND( l, alignof( fd_sha512_t ), sizeof( fd_sha512_t ) ) ) );
187 36 : if( FD_UNLIKELY( !sha ) ) FD_LOG_ERR(( "fd_sha512_join failed" ));
188 36 : ctx->sha[i] = sha;
189 36 : }
190 :
191 3 : ctx->bundle_failed = 0;
192 3 : ctx->bundle_id = 0UL;
193 :
194 3 : memset( &ctx->metrics, 0, sizeof( ctx->metrics ) );
195 :
196 3 : ctx->tcache_depth = fd_tcache_depth ( tcache );
197 3 : ctx->tcache_map_cnt = fd_tcache_map_cnt ( tcache );
198 3 : ctx->tcache_sync = fd_tcache_oldest_laddr( tcache );
199 3 : ctx->tcache_ring = fd_tcache_ring_laddr ( tcache );
200 3 : ctx->tcache_map = fd_tcache_map_laddr ( tcache );
201 :
202 15 : for( ulong i=0UL; i<tile->in_cnt; i++ ) {
203 12 : fd_topo_link_t * link = &topo->links[ tile->in_link_id[ i ] ];
204 :
205 12 : fd_topo_wksp_t * link_wksp = &topo->workspaces[ topo->objs[ link->dcache_obj_id ].wksp_id ];
206 12 : ctx->in[i].mem = link_wksp->wksp;
207 12 : ctx->in[i].chunk0 = fd_dcache_compact_chunk0( ctx->in[i].mem, link->dcache );
208 12 : ctx->in[i].wmark = fd_dcache_compact_wmark ( ctx->in[i].mem, link->dcache, link->mtu );
209 :
210 12 : if( !strcmp( link->name, "quic_verify" ) ) ctx->in_kind[ i ] = IN_KIND_QUIC;
211 9 : else if( !strcmp( link->name, "bundle_verif" ) ) ctx->in_kind[ i ] = IN_KIND_BUNDLE;
212 6 : else if( !strcmp( link->name, "txsend_out" ) ) ctx->in_kind[ i ] = IN_KIND_TXSEND;
213 3 : else if( !strcmp( link->name, "gossip_out" ) ) ctx->in_kind[ i ] = IN_KIND_GOSSIP;
214 0 : else FD_LOG_ERR(( "unexpected link name %s", link->name ));
215 12 : }
216 :
217 3 : ctx->out_mem = topo->workspaces[ topo->objs[ topo->links[ tile->out_link_id[ 0 ] ].dcache_obj_id ].wksp_id ].wksp;
218 3 : ctx->out_chunk0 = fd_dcache_compact_chunk0( ctx->out_mem, topo->links[ tile->out_link_id[ 0 ] ].dcache );
219 3 : ctx->out_wmark = fd_dcache_compact_wmark ( ctx->out_mem, topo->links[ tile->out_link_id[ 0 ] ].dcache, topo->links[ tile->out_link_id[ 0 ] ].mtu );
220 3 : ctx->out_chunk = ctx->out_chunk0;
221 :
222 3 : ulong scratch_top = FD_SCRATCH_ALLOC_FINI( l, 1UL );
223 3 : if( FD_UNLIKELY( scratch_top > (ulong)scratch + scratch_footprint( tile ) ) )
224 0 : FD_LOG_ERR(( "scratch overflow %lu %lu %lu", scratch_top - (ulong)scratch - scratch_footprint( tile ), scratch_top, (ulong)scratch + scratch_footprint( tile ) ));
225 3 : }
226 :
227 : static ulong
228 : populate_allowed_seccomp( fd_topo_t const * topo,
229 : fd_topo_tile_t const * tile,
230 : ulong out_cnt,
231 3 : struct sock_filter * out ) {
232 3 : (void)topo;
233 3 : (void)tile;
234 :
235 3 : populate_sock_filter_policy_fd_verify_tile( out_cnt, out, (uint)fd_log_private_logfile_fd() );
236 3 : return sock_filter_policy_fd_verify_tile_instr_cnt;
237 3 : }
238 :
239 : static ulong
240 : populate_allowed_fds( fd_topo_t const * topo,
241 : fd_topo_tile_t const * tile,
242 : ulong out_fds_cnt,
243 3 : int * out_fds ) {
244 3 : (void)topo;
245 3 : (void)tile;
246 :
247 3 : if( FD_UNLIKELY( out_fds_cnt<2UL ) ) FD_LOG_ERR(( "out_fds_cnt %lu", out_fds_cnt ));
248 :
249 3 : ulong out_cnt = 0UL;
250 3 : out_fds[ out_cnt++ ] = 2; /* stderr */
251 3 : if( FD_LIKELY( -1!=fd_log_private_logfile_fd() ) )
252 3 : out_fds[ out_cnt++ ] = fd_log_private_logfile_fd(); /* logfile */
253 3 : return out_cnt;
254 3 : }
255 :
256 0 : #define STEM_BURST (1UL)
257 :
258 0 : #define STEM_CALLBACK_CONTEXT_TYPE fd_verify_ctx_t
259 0 : #define STEM_CALLBACK_CONTEXT_ALIGN alignof(fd_verify_ctx_t)
260 :
261 0 : #define STEM_CALLBACK_METRICS_WRITE metrics_write
262 0 : #define STEM_CALLBACK_BEFORE_FRAG before_frag
263 0 : #define STEM_CALLBACK_DURING_FRAG during_frag
264 0 : #define STEM_CALLBACK_AFTER_FRAG after_frag
265 :
266 : #include "../stem/fd_stem.c"
267 :
268 : #ifndef FD_TILE_TEST
269 : fd_topo_run_tile_t fd_tile_verify = {
270 : .name = "verify",
271 : .populate_allowed_seccomp = populate_allowed_seccomp,
272 : .populate_allowed_fds = populate_allowed_fds,
273 : .scratch_align = scratch_align,
274 : .scratch_footprint = scratch_footprint,
275 : .privileged_init = privileged_init,
276 : .unprivileged_init = unprivileged_init,
277 : .run = stem_run,
278 : };
279 : #endif
|
