diff --git a/Cargo.lock b/Cargo.lock index 177c72d0395ff9..5b7c8d157850c0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5036,6 +5036,7 @@ dependencies = [ "solana-metrics", "solana-rayon-threadlimit", "solana-sdk", + "solana-vote-program", ] [[package]] diff --git a/core/src/banking_stage.rs b/core/src/banking_stage.rs index a8a898620ddd88..4f8fcbd09592b5 100644 --- a/core/src/banking_stage.rs +++ b/core/src/banking_stage.rs @@ -1616,7 +1616,7 @@ mod tests { ); trace!("sending bank"); drop(verified_sender); - drop(verified_gossip_sender); + drop(verified_gossip_vote_sender); drop(tpu_vote_sender); exit.store(true, Ordering::Relaxed); poh_service.join().unwrap(); diff --git a/core/src/cluster_info_vote_listener.rs b/core/src/cluster_info_vote_listener.rs index 5d2262ba9082ab..6f87e022ea4656 100644 --- a/core/src/cluster_info_vote_listener.rs +++ b/core/src/cluster_info_vote_listener.rs @@ -347,7 +347,10 @@ impl ClusterInfoVoteListener { labels: Vec, ) -> (Vec, Vec<(CrdsValueLabel, Slot, Packets)>) { let mut msgs = packet::to_packets_chunked(&votes, 1); - sigverify::ed25519_verify_cpu(&mut msgs); + + // Votes should already be filtered by this point. + let reject_non_vote = false; + sigverify::ed25519_verify_cpu(&mut msgs, reject_non_vote); let (vote_txs, packets) = izip!(labels.into_iter(), votes.into_iter(), msgs,) .filter_map(|(label, vote, packet)| { diff --git a/core/src/sigverify.rs b/core/src/sigverify.rs index 2103c1b3fa4671..1606e1023e5f88 100644 --- a/core/src/sigverify.rs +++ b/core/src/sigverify.rs @@ -17,6 +17,16 @@ pub use solana_perf::sigverify::{ pub struct TransactionSigVerifier { recycler: Recycler, recycler_out: Recycler>, + reject_non_vote: bool, +} + +impl TransactionSigVerifier { + pub fn new_reject_non_vote() -> Self { + TransactionSigVerifier { + reject_non_vote: true, + ..TransactionSigVerifier::default() + } + } } impl Default for TransactionSigVerifier { @@ -25,13 +35,19 @@ impl Default for TransactionSigVerifier { Self { recycler: Recycler::warmed(50, 4096, None, ""), recycler_out: Recycler::warmed(50, 4096, None, ""), + reject_non_vote: false, } } } impl SigVerifier for TransactionSigVerifier { fn verify_batch(&self, mut batch: Vec) -> Vec { - sigverify::ed25519_verify(&mut batch, &self.recycler, &self.recycler_out); + sigverify::ed25519_verify( + &mut batch, + &self.recycler, + &self.recycler_out, + self.reject_non_vote, + ); batch } } diff --git a/core/src/tpu.rs b/core/src/tpu.rs index 773f71f8f0894b..3ae2c8644c4ca7 100644 --- a/core/src/tpu.rs +++ b/core/src/tpu.rs @@ -95,7 +95,7 @@ impl Tpu { let (vote_verified_sender, vote_verified_receiver) = unbounded(); let vote_sigverify_stage = { - let verifier = TransactionSigVerifier::default(); + let verifier = TransactionSigVerifier::new_reject_non_vote(); SigVerifyStage::new(vote_packet_receiver, vote_verified_sender, verifier) }; diff --git a/perf/Cargo.toml b/perf/Cargo.toml index 5823738bd78d2b..ab16b57eec3fa4 100644 --- a/perf/Cargo.toml +++ b/perf/Cargo.toml @@ -21,6 +21,7 @@ log = "0.4.11" solana-sdk = { path = "../sdk", version = "=1.6.27" } solana-rayon-threadlimit = { path = "../rayon-threadlimit", version = "=1.6.27" } solana-budget-program = { path = "../programs/budget", version = "=1.6.27" } +solana-vote-program = { path = "../programs/vote", version = "=1.6.27" } solana-logger = { path = "../logger", version = "=1.6.27" } solana-measure = { path = "../measure", version = "=1.6.27" } solana-metrics = { path = "../metrics", version = "=1.6.27" } diff --git a/perf/benches/sigverify.rs b/perf/benches/sigverify.rs index 75aea3eaa4aba9..a9854eff0ad4b8 100644 --- a/perf/benches/sigverify.rs +++ b/perf/benches/sigverify.rs @@ -19,7 +19,7 @@ fn bench_sigverify(bencher: &mut Bencher) { let recycler_out = Recycler::new_without_limit(""); // verify packets bencher.iter(|| { - let _ans = sigverify::ed25519_verify(&mut batches, &recycler, &recycler_out); + let _ans = sigverify::ed25519_verify(&mut batches, &recycler, &recycler_out, false); }) } diff --git a/perf/src/sigverify.rs b/perf/src/sigverify.rs index c49ff0a93a5edd..252313ab280625 100644 --- a/perf/src/sigverify.rs +++ b/perf/src/sigverify.rs @@ -11,6 +11,7 @@ use crate::recycler::Recycler; use rayon::ThreadPool; use solana_metrics::inc_new_counter_debug; use solana_rayon_threadlimit::get_thread_count; +use solana_sdk::hash::Hash; use solana_sdk::message::MESSAGE_HEADER_LENGTH; use solana_sdk::pubkey::Pubkey; use solana_sdk::short_vec::decode_shortu16_len; @@ -45,15 +46,23 @@ struct PacketOffsets { pub sig_start: u32, pub msg_start: u32, pub pubkey_start: u32, + pub pubkey_len: u32, } impl PacketOffsets { - pub fn new(sig_len: u32, sig_start: u32, msg_start: u32, pubkey_start: u32) -> Self { + pub fn new( + sig_len: u32, + sig_start: u32, + msg_start: u32, + pubkey_start: u32, + pubkey_len: u32, + ) -> Self { Self { sig_len, sig_start, msg_start, pubkey_start, + pubkey_len, } } } @@ -92,8 +101,8 @@ pub fn init() { } } -fn verify_packet(packet: &mut Packet) { - let packet_offsets = get_packet_offsets(packet, 0); +fn verify_packet(packet: &mut Packet, reject_non_vote: bool) { + let packet_offsets = get_packet_offsets(packet, 0, reject_non_vote); let mut sig_start = packet_offsets.sig_start as usize; let mut pubkey_start = packet_offsets.pubkey_start as usize; let msg_start = packet_offsets.msg_start as usize; @@ -147,10 +156,66 @@ pub fn batch_size(batches: &[Packets]) -> usize { batches.iter().map(|p| p.packets.len()).sum() } +// Return Err if non-vote packet +fn check_non_vote(packet: &Packet, packet_offsets: &PacketOffsets) -> Result<(), PacketError> { + if packet_offsets.sig_len != 1 { + return Err(PacketError::InvalidPubkeyLen); + } + + let mut reject_pubkey_start = packet_offsets.pubkey_start as usize; + let mut vote_index = None; + for i in 0..packet_offsets.pubkey_len { + let pubkey_end = reject_pubkey_start.saturating_add(size_of::()); + if &packet.data[reject_pubkey_start..pubkey_end] == solana_vote_program::id().as_ref() { + vote_index = Some(i); + break; + } + reject_pubkey_start = pubkey_end; + } + + if vote_index.is_none() { + return Err(PacketError::InvalidPubkeyLen); + } + + let pubkeys_end = (packet_offsets.pubkey_start as usize) + .saturating_add(size_of::().saturating_mul(packet_offsets.pubkey_len as usize)); + let hash_end = pubkeys_end.saturating_add(size_of::()); + let num_instructions_offset = hash_end; + + if hash_end.saturating_add(1) >= packet.meta.size { + return Err(PacketError::InvalidPubkeyLen); + } + + let (instructions_len, instructions_size) = + match decode_shortu16_len(&packet.data[num_instructions_offset..]) { + Ok((len, size)) => (len, size), + Err(_) => { + return Err(PacketError::InvalidPubkeyLen); + } + }; + + let instruction0_start = hash_end.saturating_add(instructions_size); + if instruction0_start > packet.meta.size { + return Err(PacketError::InvalidPubkeyLen); + } + + let vote_index = vote_index.unwrap(); + // First instruction should be the vote key + if packet.data[instruction0_start] as u32 != vote_index { + return Err(PacketError::InvalidPubkeyLen); + } + + if instructions_len != 1 { + return Err(PacketError::InvalidPubkeyLen); + } + Ok(()) +} + // internal function to be unit-tested; should be used only by get_packet_offsets fn do_get_packet_offsets( packet: &Packet, current_offset: usize, + reject_non_vote: bool, ) -> Result { // should have at least 1 signature, sig lengths and the message header let _ = 1usize @@ -229,25 +294,40 @@ fn do_get_packet_offsets( .checked_add(pubkey_start) .ok_or(PacketError::InvalidLen)?; - Ok(PacketOffsets::new( + let offsets = PacketOffsets::new( u32::try_from(sig_len_untrusted)?, u32::try_from(sig_start)?, u32::try_from(msg_start)?, u32::try_from(pubkey_start)?, - )) + u32::try_from(pubkey_len)?, + ); + + if reject_non_vote { + check_non_vote(packet, &offsets)?; + } + + Ok(offsets) } -fn get_packet_offsets(packet: &Packet, current_offset: usize) -> PacketOffsets { - let unsanitized_packet_offsets = do_get_packet_offsets(packet, current_offset); +fn get_packet_offsets( + packet: &Packet, + current_offset: usize, + reject_non_vote: bool, +) -> PacketOffsets { + let unsanitized_packet_offsets = do_get_packet_offsets(packet, current_offset, reject_non_vote); if let Ok(offsets) = unsanitized_packet_offsets { offsets } else { // force sigverify to fail by returning zeros - PacketOffsets::new(0, 0, 0, 0) + PacketOffsets::new(0, 0, 0, 0, 0) } } -pub fn generate_offsets(batches: &[Packets], recycler: &Recycler) -> TxOffsets { +pub fn generate_offsets( + batches: &[Packets], + recycler: &Recycler, + reject_non_vote: bool, +) -> TxOffsets { debug!("allocating.."); let mut signature_offsets: PinnedVec<_> = recycler.allocate().unwrap(); signature_offsets.set_pinnable(); @@ -262,7 +342,7 @@ pub fn generate_offsets(batches: &[Packets], recycler: &Recycler) -> T batches.iter().for_each(|p| { let mut sig_lens = Vec::new(); p.packets.iter().for_each(|packet| { - let packet_offsets = get_packet_offsets(packet, current_offset); + let packet_offsets = get_packet_offsets(packet, current_offset, reject_non_vote); sig_lens.push(packet_offsets.sig_len); @@ -296,14 +376,16 @@ pub fn generate_offsets(batches: &[Packets], recycler: &Recycler) -> T ) } -pub fn ed25519_verify_cpu(batches: &mut [Packets]) { +pub fn ed25519_verify_cpu(batches: &mut [Packets], reject_non_vote: bool) { use rayon::prelude::*; let count = batch_size(batches); debug!("CPU ECDSA for {}", batch_size(batches)); PAR_THREAD_POOL.install(|| { - batches - .into_par_iter() - .for_each(|p| p.packets.par_iter_mut().for_each(|p| verify_packet(p))) + batches.into_par_iter().for_each(|p| { + p.packets + .par_iter_mut() + .for_each(|p| verify_packet(p, reject_non_vote)) + }) }); inc_new_counter_debug!("ed25519_verify_cpu", count); } @@ -383,10 +465,11 @@ pub fn ed25519_verify( batches: &mut [Packets], recycler: &Recycler, recycler_out: &Recycler>, + reject_non_vote: bool, ) { let api = perf_libs::api(); if api.is_none() { - return ed25519_verify_cpu(batches); + return ed25519_verify_cpu(batches, reject_non_vote); } let api = api.unwrap(); @@ -399,11 +482,11 @@ pub fn ed25519_verify( // may be busy doing other things while being a real validator // TODO: dynamically adjust this crossover if count < 64 { - return ed25519_verify_cpu(batches); + return ed25519_verify_cpu(batches, reject_non_vote); } let (signature_offsets, pubkey_offsets, msg_start_offsets, msg_sizes, sig_lens) = - generate_offsets(batches, recycler); + generate_offsets(batches, recycler, reject_non_vote); debug!("CUDA ECDSA for {}", batch_size(batches)); debug!("allocating out.."); @@ -518,7 +601,7 @@ mod tests { let message_data = tx.message_data(); let packet = sigverify::make_packet_from_transaction(tx.clone()); - let packet_offsets = sigverify::get_packet_offsets(&packet, 0); + let packet_offsets = sigverify::get_packet_offsets(&packet, 0, false); assert_eq!( memfind(&tx_bytes, &tx.signatures[0].as_ref()), @@ -562,7 +645,7 @@ mod tests { let packet = packet_from_num_sigs(required_num_sigs, actual_num_sigs); - let unsanitized_packet_offsets = sigverify::do_get_packet_offsets(&packet, 0); + let unsanitized_packet_offsets = sigverify::do_get_packet_offsets(&packet, 0, false); assert_eq!( unsanitized_packet_offsets, @@ -578,7 +661,7 @@ mod tests { let packet = packet_from_num_sigs(required_num_sigs, actual_num_sigs); - let unsanitized_packet_offsets = sigverify::do_get_packet_offsets(&packet, 0); + let unsanitized_packet_offsets = sigverify::do_get_packet_offsets(&packet, 0, false); assert_eq!( unsanitized_packet_offsets, @@ -595,7 +678,7 @@ mod tests { packet.data[1] = 0xff; packet.meta.size = 2; - let res = sigverify::do_get_packet_offsets(&packet, 0); + let res = sigverify::do_get_packet_offsets(&packet, 0, false); assert_eq!(res, Err(PacketError::InvalidLen)); } @@ -610,10 +693,10 @@ mod tests { tx.message.header.num_required_signatures = NUM_SIG as u8; let mut packet = sigverify::make_packet_from_transaction(tx); - let res = sigverify::do_get_packet_offsets(&packet, 0); + let res = sigverify::do_get_packet_offsets(&packet, 0, false); assert_eq!(res, Err(PacketError::InvalidPubkeyLen)); - verify_packet(&mut packet); + verify_packet(&mut packet, false); assert!(packet.meta.discard); packet.meta.discard = false; @@ -646,10 +729,10 @@ mod tests { let mut packet = sigverify::make_packet_from_transaction(tx); - let res = sigverify::do_get_packet_offsets(&packet, 0); + let res = sigverify::do_get_packet_offsets(&packet, 0, false); assert_eq!(res, Err(PacketError::InvalidPubkeyLen)); - verify_packet(&mut packet); + verify_packet(&mut packet, false); assert!(packet.meta.discard); packet.meta.discard = false; @@ -666,7 +749,7 @@ mod tests { // Make the signatures len huge packet.data[0] = 0x7f; - let res = sigverify::do_get_packet_offsets(&packet, 0); + let res = sigverify::do_get_packet_offsets(&packet, 0, false); assert_eq!(res, Err(PacketError::InvalidSignatureLen)); } @@ -681,7 +764,7 @@ mod tests { packet.data[2] = 0xff; packet.data[3] = 0xff; - let res = sigverify::do_get_packet_offsets(&packet, 0); + let res = sigverify::do_get_packet_offsets(&packet, 0, false); assert_eq!(res, Err(PacketError::InvalidShortVec)); } @@ -690,12 +773,12 @@ mod tests { let tx = test_tx(); let mut packet = sigverify::make_packet_from_transaction(tx); - let res = sigverify::do_get_packet_offsets(&packet, 0); + let res = sigverify::do_get_packet_offsets(&packet, 0, false); // make pubkey len huge packet.data[res.unwrap().pubkey_start as usize - 1] = 0x7f; - let res = sigverify::do_get_packet_offsets(&packet, 0); + let res = sigverify::do_get_packet_offsets(&packet, 0, false); assert_eq!(res, Err(PacketError::InvalidPubkeyLen)); } @@ -714,7 +797,7 @@ mod tests { let mut tx = Transaction::new_unsigned(message); tx.signatures = vec![Signature::default()]; let packet = sigverify::make_packet_from_transaction(tx); - let res = sigverify::do_get_packet_offsets(&packet, 0); + let res = sigverify::do_get_packet_offsets(&packet, 0, false); assert_eq!(res, Err(PacketError::PayerNotWritable)); } @@ -743,36 +826,38 @@ mod tests { // Just like get_packet_offsets, but not returning redundant information. fn get_packet_offsets_from_tx(tx: Transaction, current_offset: u32) -> PacketOffsets { let packet = sigverify::make_packet_from_transaction(tx); - let packet_offsets = sigverify::get_packet_offsets(&packet, current_offset as usize); + let packet_offsets = sigverify::get_packet_offsets(&packet, current_offset as usize, false); PacketOffsets::new( packet_offsets.sig_len, packet_offsets.sig_start - current_offset, packet_offsets.msg_start - packet_offsets.sig_start, packet_offsets.pubkey_start - packet_offsets.msg_start, + 0, // TODO: Fix this ) } #[test] fn test_get_packet_offsets() { + // TODO: not 0 for pubkey_len assert_eq!( get_packet_offsets_from_tx(test_tx(), 0), - PacketOffsets::new(1, 1, 64, 4) + PacketOffsets::new(1, 1, 64, 4, 0) ); assert_eq!( get_packet_offsets_from_tx(test_tx(), 100), - PacketOffsets::new(1, 1, 64, 4) + PacketOffsets::new(1, 1, 64, 4, 0) ); // Ensure we're not indexing packet by the `current_offset` parameter. assert_eq!( get_packet_offsets_from_tx(test_tx(), 1_000_000), - PacketOffsets::new(1, 1, 64, 4) + PacketOffsets::new(1, 1, 64, 4, 0) ); // Ensure we're returning sig_len, not sig_size. assert_eq!( get_packet_offsets_from_tx(test_multisig_tx(), 0), - PacketOffsets::new(2, 1, 128, 4) + PacketOffsets::new(2, 1, 128, 4, 0) ); } @@ -823,7 +908,7 @@ mod tests { fn ed25519_verify(batches: &mut [Packets]) { let recycler = Recycler::new_without_limit(""); let recycler_out = Recycler::new_without_limit(""); - sigverify::ed25519_verify(batches, &recycler, &recycler_out); + sigverify::ed25519_verify(batches, &recycler, &recycler_out, false); } #[test] @@ -921,8 +1006,8 @@ mod tests { // verify from GPU verification pipeline (when GPU verification is enabled) are // equivalent to the CPU verification pipeline. let mut batches_cpu = batches.clone(); - sigverify::ed25519_verify(&mut batches, &recycler, &recycler_out); - ed25519_verify_cpu(&mut batches_cpu); + sigverify::ed25519_verify(&mut batches, &recycler, &recycler_out, false); + ed25519_verify_cpu(&mut batches_cpu, false); // check result batches