Line data Source code
1 : #define _GNU_SOURCE
2 : #include "../tiles.h"
3 :
4 : #include "generated/fd_sign_tile_seccomp.h"
5 :
6 : #include "../keyguard/fd_keyguard.h"
7 : #include "../keyguard/fd_keyload.h"
8 : #include "../keyguard/fd_keyswitch.h"
9 : #include "../../ballet/base58/fd_base58.h"
10 : #include "../metrics/fd_metrics.h"
11 :
12 : #include "../../util/hist/fd_histf.h"
13 :
14 : #include <errno.h>
15 : #include <sys/mman.h>
16 :
17 0 : #define MAX_IN (32UL)
18 :
19 : /* fd_sign_in_ctx_t is a context object for each in (producer) mcache
20 : connected to the sign tile. */
21 :
22 : struct fd_sign_out_ctx {
23 : fd_wksp_t * out_mem;
24 : ulong out_chunk0;
25 : ulong out_wmark;
26 : ulong out_chunk;
27 : };
28 : typedef struct fd_sign_out_ctx fd_sign_out_ctx_t;
29 :
30 : struct fd_sign_in_ctx {
31 : int role;
32 : fd_wksp_t * mem;
33 : ulong chunk0;
34 : ulong wmark;
35 : ulong mtu;
36 : };
37 : typedef struct fd_sign_in_ctx fd_sign_in_ctx_t;
38 :
39 : typedef struct {
40 : uchar _data[ FD_KEYGUARD_SIGN_REQ_MTU ];
41 :
42 : /* Pre-staged with the public key base58 encoded, followed by "-" in the first bytes */
43 : ulong public_key_base58_sz;
44 : uchar concat[ FD_BASE58_ENCODED_32_SZ+1UL+9UL ];
45 :
46 : uchar event_auth_concat[ 15UL+32UL ];
47 :
48 : fd_sign_in_ctx_t in[ MAX_IN ];
49 : fd_sign_out_ctx_t out[ MAX_IN ];
50 :
51 : fd_sha512_t sha512 [ 1 ];
52 :
53 : fd_keyswitch_t * keyswitch;
54 :
55 : fd_keyswitch_t * av_keyswitch; /* authorized voters */
56 :
57 : uchar * public_key;
58 : uchar * private_key;
59 :
60 : ulong authorized_voters_cnt;
61 : uchar authorized_voter_pubkeys[ 16UL ][ 32UL ];
62 : uchar authorized_voter_private_keys[ 16UL ][ 32UL ];
63 :
64 : fd_histf_t sign_duration[1];
65 : } fd_sign_ctx_t;
66 :
67 : FD_FN_CONST static inline ulong
68 0 : scratch_align( void ) {
69 0 : return alignof( fd_sign_ctx_t );
70 0 : }
71 :
72 : FD_FN_PURE static inline ulong
73 0 : scratch_footprint( fd_topo_tile_t const * tile ) {
74 0 : (void)tile;
75 0 : ulong l = FD_LAYOUT_INIT;
76 0 : l = FD_LAYOUT_APPEND( l, alignof( fd_sign_ctx_t ), sizeof( fd_sign_ctx_t ) );
77 0 : return FD_LAYOUT_FINI( l, scratch_align() );
78 0 : }
79 :
80 : static void FD_FN_SENSITIVE
81 0 : derive_fields( fd_sign_ctx_t * ctx ) {
82 0 : uchar check_public_key[ 32 ];
83 0 : fd_ed25519_public_from_private( check_public_key, ctx->private_key, ctx->sha512 );
84 0 : if( FD_UNLIKELY( memcmp( check_public_key, ctx->public_key, 32UL ) ) )
85 0 : FD_LOG_EMERG(( "The public key in the identity key file does not match the public key derived from the private key. "
86 0 : "Firedancer will not use the key pair to sign as it might leak the private key." ));
87 :
88 0 : fd_base58_encode_32( ctx->public_key, &ctx->public_key_base58_sz, (char *)ctx->concat );
89 0 : ctx->concat[ ctx->public_key_base58_sz ] = '-';
90 :
91 0 : memcpy( ctx->event_auth_concat, "FD_EVENTS_AUTH-", 15UL );
92 0 : }
93 :
94 : static void FD_FN_SENSITIVE
95 0 : during_housekeeping_sensitive( fd_sign_ctx_t * ctx ) {
96 0 : if( FD_UNLIKELY( fd_keyswitch_state_query( ctx->keyswitch )==FD_KEYSWITCH_STATE_SWITCH_PENDING ) ) {
97 0 : memcpy( ctx->private_key, ctx->keyswitch->bytes, 32UL );
98 0 : fd_memzero_explicit( ctx->keyswitch->bytes, 32UL );
99 0 : FD_COMPILER_MFENCE();
100 0 : memcpy( ctx->public_key, ctx->keyswitch->bytes+32UL, 32UL );
101 :
102 0 : derive_fields( ctx );
103 0 : fd_keyswitch_state( ctx->keyswitch, FD_KEYSWITCH_STATE_COMPLETED );
104 0 : }
105 :
106 : /* firedancer only */
107 :
108 0 : if( FD_UNLIKELY( ctx->av_keyswitch && fd_keyswitch_state_query( ctx->av_keyswitch )==FD_KEYSWITCH_STATE_SWITCH_PENDING ) ) {
109 0 : if( FD_UNLIKELY( ctx->authorized_voters_cnt==16UL ) ) {
110 0 : FD_LOG_WARNING(( "keyswitch failed: maximum number of authorized voters reached" ));
111 0 : fd_memzero_explicit( ctx->av_keyswitch->bytes, 64UL );
112 0 : fd_keyswitch_state( ctx->av_keyswitch, FD_KEYSWITCH_STATE_FAILED );
113 0 : return;
114 0 : }
115 0 : for( ulong i=0UL; i<ctx->authorized_voters_cnt; i++ ) {
116 0 : if( FD_UNLIKELY( !memcmp( ctx->authorized_voter_pubkeys[ i ], ctx->av_keyswitch->bytes+32UL, 32UL ) ) ) {
117 0 : FD_BASE58_ENCODE_32_BYTES( ctx->authorized_voter_pubkeys[ i ], pubkey_b58 );
118 0 : FD_LOG_WARNING(( "keyswitch failed: authorized voter key duplicate (%s)", pubkey_b58 ));
119 0 : fd_memzero_explicit( ctx->av_keyswitch->bytes, 64UL );
120 0 : fd_keyswitch_state( ctx->av_keyswitch, FD_KEYSWITCH_STATE_FAILED );
121 0 : return;
122 0 : }
123 0 : }
124 :
125 0 : memcpy( ctx->authorized_voter_private_keys[ ctx->authorized_voters_cnt ], ctx->av_keyswitch->bytes, 32UL );
126 0 : fd_memzero_explicit( ctx->av_keyswitch->bytes, 32UL );
127 0 : FD_COMPILER_MFENCE();
128 0 : memcpy( ctx->authorized_voter_pubkeys[ ctx->authorized_voters_cnt ], ctx->av_keyswitch->bytes + 32UL, 32UL );
129 0 : ctx->authorized_voters_cnt++;
130 0 : fd_keyswitch_state( ctx->av_keyswitch, FD_KEYSWITCH_STATE_COMPLETED );
131 0 : }
132 0 : }
133 :
134 : static inline void
135 0 : during_housekeeping( fd_sign_ctx_t * ctx ) {
136 0 : during_housekeeping_sensitive( ctx );
137 0 : }
138 :
139 : static inline void
140 0 : metrics_write( fd_sign_ctx_t * ctx ) {
141 0 : FD_MHIST_COPY( SIGN, SIGN_DURATION_SECONDS, ctx->sign_duration );
142 0 : }
143 :
144 : /* during_frag is called between pairs for sequence number checks, as
145 : we are reading incoming frags. We don't actually need to copy the
146 : fragment here, see fd_dedup.c for why we do this.*/
147 :
148 : static void FD_FN_SENSITIVE
149 : during_frag_sensitive( void * _ctx,
150 : ulong in_idx,
151 : ulong seq,
152 : ulong sig,
153 : ulong chunk,
154 0 : ulong sz ) {
155 0 : (void)seq;
156 0 : (void)sig;
157 :
158 0 : fd_sign_ctx_t * ctx = (fd_sign_ctx_t *)_ctx;
159 0 : FD_TEST( in_idx<MAX_IN );
160 :
161 0 : int role = ctx->in[ in_idx ].role;
162 0 : ulong mtu = ctx->in[ in_idx ].mtu;
163 :
164 0 : if( chunk<ctx->in[ in_idx ].chunk0 || chunk>ctx->in[ in_idx ].wmark || sz>mtu ) {
165 0 : FD_LOG_EMERG(( "oversz or out of bounds signing request (role=%d chunk=%lu sz=%lu mtu=%lu, chunk0=%lu, wmark=%lu)", role, chunk, sz, mtu, ctx->in[ in_idx ].chunk0, ctx->in[ in_idx ].wmark ));
166 0 : }
167 :
168 0 : void * src = fd_chunk_to_laddr( ctx->in[ in_idx ].mem, chunk );
169 0 : fd_memcpy( ctx->_data, src, sz );
170 0 : }
171 :
172 :
173 : static void
174 : during_frag( void * _ctx,
175 : ulong in_idx,
176 : ulong seq,
177 : ulong sig,
178 : ulong chunk,
179 : ulong sz,
180 0 : ulong ctl FD_PARAM_UNUSED ) {
181 0 : during_frag_sensitive( _ctx, in_idx, seq, sig, chunk, sz );
182 0 : }
183 :
184 : static void FD_FN_SENSITIVE
185 : after_frag_sensitive( void * _ctx,
186 : ulong in_idx,
187 : ulong seq,
188 : ulong sig,
189 : ulong sz,
190 : ulong tsorig,
191 : ulong tspub,
192 0 : fd_stem_context_t * stem ) {
193 0 : (void)seq;
194 0 : (void)tspub;
195 :
196 0 : fd_sign_ctx_t * ctx = (fd_sign_ctx_t *)_ctx;
197 :
198 : /* The lower 32 bits are used to specify the sign type.
199 :
200 : If the frag is coming from the repair tile, then the upper 32 bits
201 : contain the repair tile nonce to identify the request.
202 :
203 : If the frag is coming from the send tile, then the upper 32 bits
204 : contain the index of the authorized voter that needs to sign the
205 : vote transaction. The least significant bit of the upper 32 is
206 : used to indicate if a second signature is needed. The next 4 least
207 : significant bits are used to encode the index of the authorized
208 : voter that a signature is needed from. */
209 0 : int sign_type = (int)(uint)(sig);
210 0 : int needs_second_sign = ctx->in[ in_idx ].role==FD_KEYGUARD_ROLE_TXSEND && ((sig>>32) & 1UL);
211 :
212 0 : FD_TEST( in_idx<MAX_IN );
213 :
214 0 : int role = ctx->in[ in_idx ].role;
215 :
216 0 : fd_keyguard_authority_t authority = {0};
217 0 : memcpy( authority.identity_pubkey, ctx->public_key, 32 );
218 :
219 0 : if( FD_UNLIKELY( !fd_keyguard_payload_authorize( &authority, ctx->_data, sz, role, sign_type ) ) ) {
220 0 : FD_LOG_EMERG(( "fd_keyguard_payload_authorize failed (role=%d sign_type=%d)", role, sign_type ));
221 0 : }
222 :
223 0 : long sign_duration = -fd_tickcount();
224 :
225 0 : uchar * dst = fd_chunk_to_laddr( ctx->out[ in_idx ].out_mem, ctx->out[ in_idx ].out_chunk );
226 :
227 0 : switch( sign_type ) {
228 0 : case FD_KEYGUARD_SIGN_TYPE_ED25519: {
229 0 : fd_ed25519_sign( dst, ctx->_data, sz, ctx->public_key, ctx->private_key, ctx->sha512 );
230 0 : if( needs_second_sign ) {
231 0 : ulong authority_idx = (sig >> 33) & 0xFUL;
232 0 : fd_ed25519_sign( dst+64UL, ctx->_data, sz, ctx->authorized_voter_pubkeys[ authority_idx ], ctx->authorized_voter_private_keys[ authority_idx ], ctx->sha512 );
233 0 : }
234 0 : break;
235 0 : }
236 0 : case FD_KEYGUARD_SIGN_TYPE_SHA256_ED25519: {
237 0 : uchar hash[ 32 ];
238 0 : fd_sha256_hash( ctx->_data, sz, hash );
239 0 : fd_ed25519_sign( dst, hash, 32UL, ctx->public_key, ctx->private_key, ctx->sha512 );
240 0 : break;
241 0 : }
242 0 : case FD_KEYGUARD_SIGN_TYPE_PUBKEY_CONCAT_ED25519: {
243 0 : memcpy( ctx->concat+ctx->public_key_base58_sz+1UL, ctx->_data, 9UL );
244 0 : fd_ed25519_sign( dst, ctx->concat, ctx->public_key_base58_sz+1UL+9UL, ctx->public_key, ctx->private_key, ctx->sha512 );
245 0 : break;
246 0 : }
247 0 : case FD_KEYGUARD_SIGN_TYPE_FD_EVENTS_AUTH_CONCAT_ED25519: {
248 0 : memcpy( ctx->event_auth_concat+15UL, ctx->_data, 32UL );
249 0 : fd_ed25519_sign( dst, ctx->event_auth_concat, 15UL+32UL, ctx->public_key, ctx->private_key, ctx->sha512 );
250 0 : break;
251 0 : }
252 0 : default:
253 0 : FD_LOG_EMERG(( "invalid sign type: %d", sign_type ));
254 0 : }
255 :
256 0 : sign_duration += fd_tickcount();
257 0 : fd_histf_sample( ctx->sign_duration, (ulong)sign_duration );
258 :
259 0 : fd_stem_publish( stem, in_idx, sig, ctx->out[ in_idx ].out_chunk, 64UL, 0UL, tsorig, 0UL );
260 0 : ctx->out[ in_idx ].out_chunk = fd_dcache_compact_next( ctx->out[ in_idx ].out_chunk, 64UL, ctx->out[ in_idx ].out_chunk0, ctx->out[ in_idx ].out_wmark );
261 0 : }
262 :
263 : static void
264 : after_frag( void * _ctx,
265 : ulong in_idx,
266 : ulong seq,
267 : ulong sig,
268 : ulong sz,
269 : ulong tsorig,
270 : ulong tspub,
271 0 : fd_stem_context_t * stem ) {
272 0 : after_frag_sensitive( _ctx, in_idx, seq, sig, sz, tsorig, tspub, stem );
273 0 : }
274 :
275 : static void FD_FN_SENSITIVE
276 : privileged_init_sensitive( fd_topo_t * topo,
277 0 : fd_topo_tile_t * tile ) {
278 0 : void * scratch = fd_topo_obj_laddr( topo, tile->tile_obj_id );
279 0 : FD_SCRATCH_ALLOC_INIT( l, scratch );
280 0 : fd_sign_ctx_t * ctx = FD_SCRATCH_ALLOC_APPEND( l, alignof( fd_sign_ctx_t ), sizeof( fd_sign_ctx_t ) );
281 :
282 0 : uchar * identity_key = fd_keyload_load( tile->sign.identity_key_path, /* pubkey only: */ 0 );
283 0 : ctx->private_key = identity_key;
284 0 : ctx->public_key = identity_key + 32UL;
285 :
286 0 : ctx->authorized_voters_cnt = tile->sign.authorized_voter_paths_cnt;
287 0 : for( ulong i=0UL; i<tile->sign.authorized_voter_paths_cnt; i++ ) {
288 0 : uchar * authorized_voter_key = fd_keyload_load( tile->sign.authorized_voter_paths[ i ], /* pubkey only: */ 0 );
289 0 : memcpy( ctx->authorized_voter_private_keys[ i ], authorized_voter_key, 32UL );
290 0 : memcpy( ctx->authorized_voter_pubkeys[ i ], authorized_voter_key + 32UL, 32UL );
291 0 : }
292 :
293 : /* The stack can be taken over and reorganized by under AddressSanitizer,
294 : which causes this code to fail. */
295 : #if FD_HAS_ASAN
296 : FD_LOG_WARNING(( "!!! SECURITY WARNING !!! YOU ARE RUNNING THE SIGNING TILE "
297 : "WITH ADDRESS SANITIZER ENABLED. THIS CAN LEAK SENSITIVE "
298 : "DATA INCLUDING YOUR PRIVATE KEYS INTO CORE DUMPS IF THIS "
299 : "PROCESS ABORTS. IT IS HIGHLY ADVISED TO NOT TO RUN IN THIS "
300 : "MODE IN PRODUCTION!" ));
301 : #else
302 : /* Prevent the stack from showing up in core dumps just in case the
303 : private key somehow ends up in there. */
304 0 : FD_TEST( fd_tile_stack0() );
305 0 : FD_TEST( fd_tile_stack_sz() );
306 0 : if( FD_UNLIKELY( madvise( (void*)fd_tile_stack0(), fd_tile_stack_sz(), MADV_DONTDUMP ) ) )
307 0 : FD_LOG_ERR(( "madvise failed (%i-%s)", errno, fd_io_strerror( errno ) ));
308 0 : #endif
309 0 : }
310 :
311 : static void
312 : privileged_init( fd_topo_t * topo,
313 0 : fd_topo_tile_t * tile ) {
314 0 : privileged_init_sensitive( topo, tile );
315 0 : }
316 :
317 : static void FD_FN_SENSITIVE
318 : unprivileged_init_sensitive( fd_topo_t * topo,
319 0 : fd_topo_tile_t * tile ) {
320 0 : void * scratch = fd_topo_obj_laddr( topo, tile->tile_obj_id );
321 :
322 0 : FD_SCRATCH_ALLOC_INIT( l, scratch );
323 0 : fd_sign_ctx_t * ctx = FD_SCRATCH_ALLOC_APPEND( l, alignof( fd_sign_ctx_t ), sizeof( fd_sign_ctx_t ) );
324 0 : FD_TEST( fd_sha512_join( fd_sha512_new( ctx->sha512 ) ) );
325 :
326 0 : FD_TEST( tile->in_cnt<=MAX_IN );
327 0 : FD_TEST( tile->in_cnt==tile->out_cnt );
328 :
329 0 : fd_histf_join( fd_histf_new( ctx->sign_duration, FD_MHIST_SECONDS_MIN( SIGN, SIGN_DURATION_SECONDS ),
330 0 : FD_MHIST_SECONDS_MAX( SIGN, SIGN_DURATION_SECONDS ) ) );
331 :
332 0 : ctx->keyswitch = fd_keyswitch_join( fd_topo_obj_laddr( topo, tile->id_keyswitch_obj_id ) );
333 0 : derive_fields( ctx );
334 :
335 0 : if( FD_LIKELY( tile->av_keyswitch_obj_id!=ULONG_MAX ) ) {
336 0 : ctx->av_keyswitch = fd_keyswitch_join( fd_topo_obj_laddr( topo, tile->av_keyswitch_obj_id ) );
337 0 : FD_TEST( ctx->av_keyswitch );
338 0 : } else {
339 0 : ctx->av_keyswitch = NULL;
340 0 : }
341 :
342 0 : for( ulong i=0UL; i<MAX_IN; i++ ) ctx->in[ i ].role = -1;
343 :
344 0 : for( ulong i=0UL; i<tile->in_cnt; i++ ) {
345 0 : fd_topo_link_t * in_link = &topo->links[ tile->in_link_id[ i ] ];
346 0 : fd_topo_link_t * out_link = &topo->links[ tile->out_link_id[ i ] ];
347 :
348 0 : if( in_link->mtu > FD_KEYGUARD_SIGN_REQ_MTU ) FD_LOG_CRIT(( "oversz link[%lu].mtu=%lu", i, in_link->mtu ));
349 0 : ctx->in[ i ].mem = fd_wksp_containing( in_link->dcache );
350 0 : ctx->in[ i ].mtu = in_link->mtu;
351 0 : ctx->in[ i ].chunk0 = fd_dcache_compact_chunk0( ctx->in[ i ].mem, in_link->dcache );
352 0 : ctx->in[ i ].wmark = fd_dcache_compact_wmark( ctx->in[ i ].mem, in_link->dcache, in_link->mtu );
353 :
354 0 : ctx->out[ i ].out_mem = fd_wksp_containing( out_link->dcache );
355 0 : ctx->out[ i ].out_chunk0 = fd_dcache_compact_chunk0( ctx->out[ i ].out_mem, out_link->dcache );
356 0 : ctx->out[ i ].out_wmark = fd_dcache_compact_wmark( ctx->out[ i ].out_mem, out_link->dcache, 64UL );
357 0 : ctx->out[ i ].out_chunk = ctx->out[ i ].out_chunk0;
358 :
359 0 : if( !strcmp( in_link->name, "shred_sign" ) ) {
360 0 : ctx->in[ i ].role = FD_KEYGUARD_ROLE_LEADER;
361 0 : FD_TEST( !strcmp( out_link->name, "sign_shred" ) );
362 0 : FD_TEST( in_link->mtu==32UL );
363 0 : FD_TEST( out_link->mtu==64UL );
364 0 : } else if ( !strcmp( in_link->name, "gossip_sign" ) ) {
365 0 : ctx->in[ i ].role = FD_KEYGUARD_ROLE_GOSSIP;
366 0 : FD_TEST( !strcmp( out_link->name, "sign_gossip" ) );
367 0 : FD_TEST( in_link->mtu==2048UL );
368 0 : FD_TEST( out_link->mtu==64UL );
369 0 : } else if ( !strcmp( in_link->name, "repair_sign" )
370 0 : || !strcmp( in_link->name, "ping_sign" ) ) {
371 0 : ctx->in[ i ].role = FD_KEYGUARD_ROLE_REPAIR;
372 0 : if( !strcmp( in_link->name, "ping_sign" ) ) {
373 0 : FD_TEST( !strcmp( out_link->name, "sign_ping" ) );
374 0 : } else {
375 0 : FD_TEST( !strcmp( out_link->name, "sign_repair" ) );
376 0 : }
377 0 : FD_TEST( in_link->mtu==96 ); // FD_REPAIR_MAX_PREIMAGE_SZ
378 0 : FD_TEST( out_link->mtu==64UL );
379 0 : } else if ( !strcmp(in_link->name, "txsend_sign" ) ) {
380 0 : ctx->in[ i ].role = FD_KEYGUARD_ROLE_TXSEND;
381 0 : FD_TEST( !strcmp( out_link->name, "sign_txsend" ) );
382 0 : FD_TEST( in_link->mtu==FD_TXN_MTU );
383 0 : FD_TEST( out_link->mtu==64UL*2UL );
384 0 : } else if( !strcmp(in_link->name, "bundle_sign" ) ) {
385 0 : ctx->in[ i ].role = FD_KEYGUARD_ROLE_BUNDLE;
386 0 : FD_TEST( !strcmp( out_link->name, "sign_bundle" ) );
387 0 : FD_TEST( in_link->mtu==9UL );
388 0 : FD_TEST( out_link->mtu==64UL );
389 0 : } else if( !strcmp(in_link->name, "event_sign" ) ) {
390 0 : ctx->in[ i ].role = FD_KEYGUARD_ROLE_EVENT;
391 0 : FD_TEST( !strcmp( out_link->name, "sign_event" ) );
392 0 : FD_TEST( in_link->mtu==32UL );
393 0 : FD_TEST( out_link->mtu==64UL );
394 0 : } else if( !strcmp(in_link->name, "pack_sign" ) ) {
395 0 : ctx->in[ i ].role = FD_KEYGUARD_ROLE_BUNDLE_CRANK;
396 0 : FD_TEST( !strcmp( out_link->name, "sign_pack" ) );
397 0 : FD_TEST( in_link->mtu==1232UL );
398 0 : FD_TEST( out_link->mtu==64UL );
399 0 : } else {
400 0 : FD_LOG_CRIT(( "unexpected link %s", in_link->name ));
401 0 : }
402 0 : }
403 :
404 0 : ulong scratch_top = FD_SCRATCH_ALLOC_FINI( l, 1UL );
405 0 : if( FD_UNLIKELY( scratch_top > (ulong)scratch + scratch_footprint( tile ) ) )
406 0 : FD_LOG_ERR(( "scratch overflow %lu %lu %lu", scratch_top - (ulong)scratch - scratch_footprint( tile ), scratch_top, (ulong)scratch + scratch_footprint( tile ) ));
407 0 : }
408 :
409 : static void
410 : unprivileged_init( fd_topo_t * topo,
411 0 : fd_topo_tile_t * tile ) {
412 0 : unprivileged_init_sensitive( topo, tile );
413 0 : }
414 :
415 : static ulong
416 : populate_allowed_seccomp( fd_topo_t const * topo,
417 : fd_topo_tile_t const * tile,
418 : ulong out_cnt,
419 0 : struct sock_filter * out ) {
420 0 : (void)topo;
421 0 : (void)tile;
422 :
423 0 : populate_sock_filter_policy_fd_sign_tile( out_cnt, out, (uint)fd_log_private_logfile_fd() );
424 0 : return sock_filter_policy_fd_sign_tile_instr_cnt;
425 0 : }
426 :
427 : static ulong
428 : populate_allowed_fds( fd_topo_t const * topo,
429 : fd_topo_tile_t const * tile,
430 : ulong out_fds_cnt,
431 0 : int * out_fds ) {
432 0 : (void)topo;
433 0 : (void)tile;
434 :
435 0 : if( FD_UNLIKELY( out_fds_cnt<2UL ) ) FD_LOG_ERR(( "out_fds_cnt %lu", out_fds_cnt ));
436 :
437 0 : ulong out_cnt = 0;
438 0 : out_fds[ out_cnt++ ] = 2; /* stderr */
439 0 : if( FD_LIKELY( -1!=fd_log_private_logfile_fd() ) )
440 0 : out_fds[ out_cnt++ ] = fd_log_private_logfile_fd(); /* logfile */
441 0 : return out_cnt;
442 0 : }
443 :
444 0 : #define STEM_BURST (1UL)
445 :
446 : /* See explanation in fd_pack */
447 0 : #define STEM_LAZY (128L*3000L)
448 :
449 0 : #define STEM_CALLBACK_CONTEXT_TYPE fd_sign_ctx_t
450 0 : #define STEM_CALLBACK_CONTEXT_ALIGN alignof(fd_sign_ctx_t)
451 :
452 0 : #define STEM_CALLBACK_DURING_HOUSEKEEPING during_housekeeping
453 0 : #define STEM_CALLBACK_METRICS_WRITE metrics_write
454 0 : #define STEM_CALLBACK_DURING_FRAG during_frag
455 0 : #define STEM_CALLBACK_AFTER_FRAG after_frag
456 :
457 : #include "../../disco/stem/fd_stem.c"
458 :
459 : fd_topo_run_tile_t fd_tile_sign = {
460 : .name = "sign",
461 : .populate_allowed_seccomp = populate_allowed_seccomp,
462 : .populate_allowed_fds = populate_allowed_fds,
463 : .scratch_align = scratch_align,
464 : .scratch_footprint = scratch_footprint,
465 : .privileged_init = privileged_init,
466 : .unprivileged_init = unprivileged_init,
467 : .run = stem_run,
468 : };
|
