Unverified Commit 04b2383b authored by Sergey Pepyakin's avatar Sergey Pepyakin Committed by GitHub
Browse files

Companion for PR 8913 (#3114)

* Companion for PR 8913

polkadot companion: https://github.com/paritytech/substrate/pull/8913

* update Substrate

Co-authored-by: parity-processbot <>
parent efdf62e7
Pipeline #140197 passed with stages
in 36 minutes and 57 seconds
This diff is collapsed.
......@@ -36,18 +36,3 @@ adder = { package = "test-parachain-adder", path = "../../../parachain/test-para
halt = { package = "test-parachain-halt", path = "../../../parachain/test-parachains/halt" }
hex-literal = "0.3.1"
tempfile = "3.2.0"
# PVF execution leverages compiled artifacts provided by wasmtime. The contents of the artifacts
# depends on the version of wasmtime. In this crate we persist the artifacts on disk so we should
# be careful about the updates. In order to handle this, we depend on the wasmtime version here
# that we think is used by the sc-executor. If wasmtime is updated in Substrate and wasn't updated
# here then there will be linking errors like
#
# `multiple definitions of `set_vmctx_memory`.
#
# or similar, because wasmtime exports these symbols and does not support multiple versions compiled
# in at the same time.
#
# Another safeguard is a test `ensure_wasmtime_version` that will fail on each bump and prompt the
# developer to correspondingly act upon the change.
wasmtime-jit = "0.24"
......@@ -60,7 +60,7 @@ pub struct ArtifactId {
}
impl ArtifactId {
const PREFIX: &'static str = "wasmtime_1_";
const PREFIX: &'static str = "wasmtime_";
/// Creates a new artifact ID with the given hash.
pub fn new(code_hash: Hash) -> Self {
......@@ -191,19 +191,6 @@ mod tests {
use sp_core::H256;
use std::str::FromStr;
#[test]
fn ensure_wasmtime_version() {
assert_eq!(
wasmtime_jit::VERSION,
"0.24.0",
"wasmtime version is updated. Check the prefix.",
);
// If the version bump is significant, change `ArtifactId::PREFIX`.
//
// If in doubt bump it. This will lead to removal of the existing artifacts in the on-disk cache
// and recompilation.
}
#[test]
fn from_file_name() {
assert!(ArtifactId::from_file_name("").is_none());
......@@ -211,7 +198,7 @@ mod tests {
assert_eq!(
ArtifactId::from_file_name(
"wasmtime_1_0x0022800000000000000000000000000000000000000000000000000000000000"
"wasmtime_0x0022800000000000000000000000000000000000000000000000000000000000"
),
Some(ArtifactId::new(
hex_literal::hex![
......@@ -229,7 +216,7 @@ mod tests {
assert_eq!(
ArtifactId::new(hash).path(path).to_str(),
Some("/test/wasmtime_1_0x1234567890123456789012345678901234567890123456789012345678901234"),
Some("/test/wasmtime_0x1234567890123456789012345678901234567890123456789012345678901234"),
);
}
......@@ -238,7 +225,7 @@ mod tests {
let fake_cache_path = async_std::task::block_on(async move { crate::worker_common::tmpfile("test-cache").await.unwrap() });
let fake_artifact_path = {
let mut p = fake_cache_path.clone();
p.push("wasmtime_1_0x1234567890123456789012345678901234567890123456789012345678901234");
p.push("wasmtime_0x1234567890123456789012345678901234567890123456789012345678901234");
p
};
......
......@@ -246,7 +246,12 @@ async fn validate_using_artifact(
let validation_started_at = Instant::now();
let descriptor_bytes =
match crate::executor_intf::execute(compiled_artifact, params, spawner.clone()) {
match unsafe {
// SAFETY: this should be safe since the compiled artifact passed here comes from the
// file created by the prepare workers. These files are obtained by calling
// [`executor_intf::prepare`].
crate::executor_intf::execute(compiled_artifact, params, spawner.clone())
} {
Err(err) => {
return Response::format_invalid("execute", &err.to_string());
}
......
......@@ -56,7 +56,12 @@ pub fn prepare(blob: RuntimeBlob) -> Result<Vec<u8>, sc_executor_common::error::
/// Executes the given PVF in the form of a compiled artifact and returns the result of execution
/// upon success.
pub fn execute(
///
/// # Safety
///
/// The compiled artifact must be produced with [`prepare`]. Not following this guidance can lead
/// to arbitrary code execution.
pub unsafe fn execute(
compiled_artifact: &[u8],
params: &[u8],
spawner: impl sp_core::traits::SpawnNamed + 'static,
......@@ -69,8 +74,8 @@ pub fn execute(
let mut ext = ValidationExternalities(extensions);
sc_executor::with_externalities_safe(&mut ext, || {
let runtime = sc_executor_wasmtime::create_runtime(
sc_executor_wasmtime::CodeSupplyMode::Artifact { compiled_artifact },
let runtime = sc_executor_wasmtime::create_runtime_from_artifact(
compiled_artifact,
CONFIG,
HostFunctions::host_functions(),
)?;
......
......@@ -34,7 +34,10 @@ pub fn validate_candidate(
let blob = prevalidate(code)?;
let artifact = prepare(blob)?;
let executor = TaskExecutor::new()?;
let result = execute(&artifact, params, executor)?;
let result = unsafe {
// SAFETY: This is trivially safe since the artifact is obtained by calling `prepare`.
execute(&artifact, params, executor)?
};
Ok(result)
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment