solana-validator now verifies its genesis blockhash against the cluster entrypoint (#5589)

2019-08-21 18:16:40 -07:00
parent 5034331131
commit e2d6f01ad3
11 changed files with 105 additions and 15 deletions
--- a/core/src/rpc.rs
+++ b/core/src/rpc.rs
@ -14,6 +14,7 @@ use solana_drone::drone::request_airdrop_transaction;
 use solana_runtime::bank::Bank;
 use solana_sdk::account::Account;
 use solana_sdk::fee_calculator::FeeCalculator;
+use solana_sdk::hash::Hash;
 use solana_sdk::pubkey::Pubkey;
 use solana_sdk::signature::Signature;
 use solana_sdk::transaction::{self, Transaction};
@ -213,6 +214,7 @@ fn verify_signature(input: &str) -> Result<Signature> {
 pub struct Meta {
    pub request_processor: Arc<RwLock<JsonRpcRequestProcessor>>,
    pub cluster_info: Arc<RwLock<ClusterInfo>>,
+    pub genesis_blockhash: Hash,
 }
 impl Metadata for Meta {}

@ -298,6 +300,9 @@ pub trait RpcSol {
    #[rpc(meta, name = "getEpochInfo")]
    fn get_epoch_info(&self, _: Self::Metadata) -> Result<RpcEpochInfo>;

+    #[rpc(meta, name = "getGenesisBlockhash")]
+    fn get_genesis_blockhash(&self, _: Self::Metadata) -> Result<String>;
+
    #[rpc(meta, name = "getLeaderSchedule")]
    fn get_leader_schedule(&self, _: Self::Metadata) -> Result<Option<Vec<String>>>;

@ -448,6 +453,11 @@ impl RpcSol for RpcSolImpl {
        })
    }

+    fn get_genesis_blockhash(&self, meta: Self::Metadata) -> Result<String> {
+        debug!("get_genesis_blockhash rpc request received");
+        Ok(meta.genesis_blockhash.to_string())
+    }
+
    fn get_leader_schedule(&self, meta: Self::Metadata) -> Result<Option<Vec<String>>> {
        let bank = meta.request_processor.read().unwrap().bank();
        Ok(
@ -718,6 +728,7 @@ pub mod tests {
        let meta = Meta {
            request_processor,
            cluster_info,
+            genesis_blockhash: Hash::default(),
        };
        (io, meta, bank, blockhash, alice, leader_pubkey)
    }
@ -1060,6 +1071,7 @@ pub mod tests {
            cluster_info: Arc::new(RwLock::new(ClusterInfo::new_with_invalid_keypair(
                ContactInfo::default(),
            ))),
+            genesis_blockhash: Hash::default(),
        };

        let req =
--- a/core/src/rpc_service.rs
+++ b/core/src/rpc_service.rs
@ -12,6 +12,7 @@ use jsonrpc_http_server::{
    hyper, AccessControlAllowOrigin, DomainsValidation, RequestMiddleware, RequestMiddlewareAction,
    ServerBuilder,
 };
+use solana_sdk::hash::Hash;
 use std::net::SocketAddr;
 use std::path::{Path, PathBuf};
 use std::sync::mpsc::channel;
@ -91,6 +92,7 @@ impl JsonRpcService {
        config: JsonRpcConfig,
        bank_forks: Arc<RwLock<BankForks>>,
        ledger_path: &Path,
+        genesis_blockhash: Hash,
        validator_exit: &Arc<RwLock<Option<ValidatorExit>>>,
    ) -> Self {
        info!("rpc bound to {:?}", rpc_addr);
@ -118,6 +120,7 @@ impl JsonRpcService {
                    ServerBuilder::with_meta_extractor(io, move |_req: &hyper::Request<hyper::Body>| Meta {
                        request_processor: request_processor_.clone(),
                        cluster_info: cluster_info.clone(),
+                        genesis_blockhash
                    }).threads(4)
                        .cors(DomainsValidation::AllowOnly(vec![
                            AccessControlAllowOrigin::Any,
@ -201,6 +204,7 @@ mod tests {
            JsonRpcConfig::default(),
            bank_forks,
            &PathBuf::from("farf"),
+            Hash::default(),
            &validator_exit,
        );
        let thread = rpc_service.thread_hdl.thread();
--- a/core/src/validator.rs
+++ b/core/src/validator.rs
@ -22,6 +22,7 @@ use crate::tpu::Tpu;
 use crate::tvu::{Sockets, Tvu};
 use solana_metrics::datapoint_info;
 use solana_sdk::genesis_block::GenesisBlock;
+use solana_sdk::hash::Hash;
 use solana_sdk::poh_config::PohConfig;
 use solana_sdk::pubkey::Pubkey;
 use solana_sdk::signature::{Keypair, KeypairUtil};
@ -38,6 +39,7 @@ use std::thread::Result;
 pub struct ValidatorConfig {
    pub dev_sigverify_disabled: bool,
    pub dev_halt_at_slot: Option<Slot>,
+    pub expected_genesis_blockhash: Option<Hash>,
    pub voting_disabled: bool,
    pub blockstream_unix_socket: Option<PathBuf>,
    pub storage_slots_per_turn: u64,
@ -54,6 +56,7 @@ impl Default for ValidatorConfig {
        Self {
            dev_sigverify_disabled: false,
            dev_halt_at_slot: None,
+            expected_genesis_blockhash: None,
            voting_disabled: false,
            blockstream_unix_socket: None,
            storage_slots_per_turn: DEFAULT_SLOTS_PER_TURN,
@ -136,6 +139,7 @@ impl Validator {

        info!("creating bank...");
        let (
+            genesis_blockhash,
            bank_forks,
            bank_forks_info,
            blocktree,
@ -144,6 +148,7 @@ impl Validator {
            leader_schedule_cache,
            poh_config,
        ) = new_banks_from_blocktree(
+            config.expected_genesis_blockhash,
            ledger_path,
            config.account_paths.clone(),
            config.snapshot_config.clone(),
@ -184,6 +189,7 @@ impl Validator {
                config.rpc_config.clone(),
                bank_forks.clone(),
                ledger_path,
+                genesis_blockhash,
                &validator_exit,
            ))
        };
@ -471,12 +477,14 @@ fn adjust_ulimit_nofile() {
 }

 pub fn new_banks_from_blocktree(
+    expected_genesis_blockhash: Option<Hash>,
    blocktree_path: &Path,
    account_paths: Option<String>,
    snapshot_config: Option<SnapshotConfig>,
    verify_ledger: bool,
    dev_halt_at_slot: Option<Slot>,
 ) -> (
+    Hash,
    BankForks,
    Vec<BankForksInfo>,
    Blocktree,
@ -486,6 +494,16 @@ pub fn new_banks_from_blocktree(
    PohConfig,
 ) {
    let genesis_block = GenesisBlock::load(blocktree_path).expect("Failed to load genesis block");
+    let genesis_blockhash = genesis_block.hash();
+
+    if let Some(expected_genesis_blockhash) = expected_genesis_blockhash {
+        if genesis_blockhash != expected_genesis_blockhash {
+            panic!(
+                "Genesis blockhash mismatch: expected {} but local genesis blockhash is {}",
+                expected_genesis_blockhash, genesis_blockhash,
+            );
+        }
+    }

    adjust_ulimit_nofile();

@ -502,6 +520,7 @@ pub fn new_banks_from_blocktree(
    );

    (
+        genesis_blockhash,
        bank_forks,
        bank_forks_info,
        blocktree,