referrerpolicy=no-referrer-when-downgrade

polkadot_node_core_pvf_common/
lib.rs

1// Copyright (C) Parity Technologies (UK) Ltd.
2// This file is part of Polkadot.
3
4// Polkadot is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8
9// Polkadot is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12// GNU General Public License for more details.
13
14// You should have received a copy of the GNU General Public License
15// along with Polkadot.  If not, see <http://www.gnu.org/licenses/>.
16
17//! Contains functionality related to PVFs that is shared by the PVF host and the PVF workers.
18#![deny(unused_crate_dependencies)]
19
20pub mod error;
21pub mod execute;
22pub mod executor_interface;
23pub mod prepare;
24pub mod pvf;
25pub mod worker;
26pub mod worker_dir;
27
28pub use cpu_time::ProcessTime;
29
30// Used by `decl_worker_main!`.
31pub use sp_tracing;
32
33const LOG_TARGET: &str = "parachain::pvf-common";
34
35use codec::{Decode, Encode};
36use sp_core::H256;
37use std::{
38	io::{self, Read, Write},
39	mem,
40};
41
42#[cfg(feature = "test-utils")]
43pub mod tests {
44	use std::time::Duration;
45
46	pub const TEST_EXECUTION_TIMEOUT: Duration = Duration::from_secs(3);
47	pub const TEST_PREPARATION_TIMEOUT: Duration = Duration::from_secs(30);
48}
49
50/// Status of security features on the current system.
51#[derive(Debug, Clone, Default, PartialEq, Eq, Encode, Decode)]
52pub struct SecurityStatus {
53	/// Whether Secure Validator Mode is enabled. This mode enforces that all required security
54	/// features are present. All features are enabled on a best-effort basis regardless.
55	pub secure_validator_mode: bool,
56	/// Whether the landlock features we use are fully available on this system.
57	pub can_enable_landlock: bool,
58	/// Whether the seccomp features we use are fully available on this system.
59	pub can_enable_seccomp: bool,
60	/// Whether we are able to unshare the user namespace and change the filesystem root.
61	pub can_unshare_user_namespace_and_change_root: bool,
62	/// Whether we are able to call `clone` with all sandboxing flags.
63	pub can_do_secure_clone: bool,
64}
65
66/// A handshake with information for the worker.
67#[derive(Debug, Encode, Decode)]
68pub struct WorkerHandshake {
69	pub security_status: SecurityStatus,
70}
71
72/// Write some data prefixed by its length into `w`. Sync version of `framed_send` to avoid
73/// dependency on tokio.
74pub fn framed_send_blocking(w: &mut (impl Write + Unpin), buf: &[u8]) -> io::Result<()> {
75	let len_buf = buf.len().to_le_bytes();
76	w.write_all(&len_buf)?;
77	w.write_all(buf)?;
78	Ok(())
79}
80
81/// Read some data prefixed by its length from `r`. Sync version of `framed_recv` to avoid
82/// dependency on tokio.
83pub fn framed_recv_blocking(r: &mut (impl Read + Unpin)) -> io::Result<Vec<u8>> {
84	let mut len_buf = [0u8; mem::size_of::<usize>()];
85	r.read_exact(&mut len_buf)?;
86	let len = usize::from_le_bytes(len_buf);
87	let mut buf = vec![0; len];
88	r.read_exact(&mut buf)?;
89	Ok(buf)
90}
91
92#[derive(Debug, Default, Clone, Copy, Encode, Decode, PartialEq, Eq)]
93#[repr(transparent)]
94pub struct ArtifactChecksum(H256);
95
96/// Compute the checksum of the given artifact.
97pub fn compute_checksum(data: &[u8]) -> ArtifactChecksum {
98	ArtifactChecksum(H256::from_slice(&sp_crypto_hashing::twox_256(data)))
99}
100
101#[cfg(all(test, not(feature = "test-utils")))]
102mod tests {
103	use super::*;
104
105	#[test]
106	fn default_secure_status() {
107		let status = SecurityStatus::default();
108		assert!(
109			!status.secure_validator_mode,
110			"secure_validator_mode is false for default security status"
111		);
112		assert!(
113			!status.can_enable_landlock,
114			"can_enable_landlock is false for default security status"
115		);
116		assert!(
117			!status.can_enable_seccomp,
118			"can_enable_seccomp is false for default security status"
119		);
120		assert!(
121			!status.can_unshare_user_namespace_and_change_root,
122			"can_unshare_user_namespace_and_change_root is false for default security status"
123		);
124		assert!(
125			!status.can_do_secure_clone,
126			"can_do_secure_clone is false for default security status"
127		);
128	}
129}