Merge branch 'master' of github.com:paritytech/polkadot-sdk into pall…

…et-xcm-fully-support-reserve-transfers
paritytech · Oct 13, 2023 · 8ac30aa · 8ac30aa
2 parents bf39726 + 82bfe28
commit 8ac30aa
Show file tree

Hide file tree

Showing 74 changed files with 1,368 additions and 643 deletions.
diff --git a/.cargo/config.toml b/.cargo/config.toml
@@ -1,4 +1,9 @@
-#
+[build]
+rustdocflags = [
+  "-Dwarnings",
+  "-Arustdoc::redundant_explicit_links", # stylistic
+]
+
 # An auto defined `clippy` feature was introduced,
 # but it was found to clash with user defined features,
 # so was renamed to `cargo-clippy`.
@@ -30,4 +35,5 @@ rustflags = [
   "-Aclippy::derivable_impls",           # false positives
   "-Aclippy::stable_sort_primitive",     # prefer stable sort
   "-Aclippy::extra-unused-type-parameters", # stylistic
+  "-Aclippy::default_constructed_unit_structs", # stylistic
 ]
diff --git a/.gitlab/pipeline/build.yml b/.gitlab/pipeline/build.yml
@@ -91,6 +91,7 @@ build-rustdoc:
     - .run-immediately
   variables:
     SKIP_WASM_BUILD: 1
+    RUSTDOCFLAGS: ""
   artifacts:
     name: "${CI_JOB_NAME}_${CI_COMMIT_REF_NAME}-doc"
     when: on_success
@@ -99,7 +100,6 @@ build-rustdoc:
       - ./crate-docs/
   script:
     # FIXME: it fails with `RUSTDOCFLAGS="-Dwarnings"` and `--all-features`
-    # FIXME: return to stable when https://github.com/rust-lang/rust/issues/96937 gets into stable
     - time cargo doc --features try-runtime,experimental --workspace --no-deps
     - rm -f ./target/doc/.lock
     - mv ./target/doc ./crate-docs

diff --git a/.gitlab/pipeline/test.yml b/.gitlab/pipeline/test.yml
@@ -181,7 +181,6 @@ test-rustdoc:
     - .run-immediately
   variables:
     SKIP_WASM_BUILD: 1
-    RUSTDOCFLAGS: "-Dwarnings"
   script:
     - time cargo doc --workspace --all-features --no-deps
   allow_failure: true

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/cumulus/client/relay-chain-minimal-node/src/blockchain_rpc_client.rs b/cumulus/client/relay-chain-minimal-node/src/blockchain_rpc_client.rs
@@ -346,6 +346,13 @@ impl RuntimeApiSubsystemClient for BlockChainRpcClient {
 		Ok(self.rpc_client.parachain_host_minimum_backing_votes(at, session_index).await?)
 	}
 
+	async fn disabled_validators(
+		&self,
+		at: Hash,
+	) -> Result<Vec<polkadot_primitives::ValidatorIndex>, ApiError> {
+		Ok(self.rpc_client.parachain_host_disabled_validators(at).await?)
+	}
+
 	async fn async_backing_params(&self, at: Hash) -> Result<AsyncBackingParams, ApiError> {
 		Ok(self.rpc_client.parachain_host_async_backing_params(at).await?)
 	}

diff --git a/cumulus/client/relay-chain-rpc-interface/src/rpc_client.rs b/cumulus/client/relay-chain-rpc-interface/src/rpc_client.rs
@@ -597,6 +597,14 @@ impl RelayChainRpcClient {
 			.await
 	}
 
+	pub async fn parachain_host_disabled_validators(
+		&self,
+		at: RelayHash,
+	) -> Result<Vec<ValidatorIndex>, RelayChainError> {
+		self.call_remote_runtime_function("ParachainHost_disabled_validators", at, None::<()>)
+			.await
+	}
+
 	#[allow(missing_docs)]
 	pub async fn parachain_host_async_backing_params(
 		&self,

diff --git a/cumulus/parachains/integration-tests/emulated/common/src/lib.rs b/cumulus/parachains/integration-tests/emulated/common/src/lib.rs
@@ -33,7 +33,7 @@ use xcm_emulator::{
 };
 
 decl_test_relay_chains! {
-	#[api_version(7)]
+	#[api_version(8)]
 	pub struct Westend {
 		genesis = westend::genesis(),
 		on_init = (),
@@ -50,7 +50,7 @@ decl_test_relay_chains! {
 			AssetRate: westend_runtime::AssetRate,
 		}
 	},
-	#[api_version(7)]
+	#[api_version(8)]
 	pub struct Rococo {
 		genesis = rococo::genesis(),
 		on_init = (),
@@ -65,7 +65,7 @@ decl_test_relay_chains! {
 			Balances: rococo_runtime::Balances,
 		}
 	},
-	#[api_version(7)]
+	#[api_version(8)]
 	pub struct Wococo {
 		genesis = rococo::genesis(),
 		on_init = (),

diff --git a/polkadot/node/collation-generation/src/lib.rs b/polkadot/node/collation-generation/src/lib.rs
@@ -193,7 +193,7 @@ async fn handle_new_activations<Context>(
 	metrics: Metrics,
 ) -> crate::error::Result<()> {
 	// follow the procedure from the guide:
-	// https://paritytech.github.io/polkadot/book/node/collators/collation-generation.html
+	// https://paritytech.github.io/polkadot-sdk/book/node/collators/collation-generation.html
 
 	if config.collator.is_none() {
 		return Ok(())

diff --git a/polkadot/node/core/backing/src/tests/mod.rs b/polkadot/node/core/backing/src/tests/mod.rs
@@ -1595,8 +1595,8 @@ fn retry_works() {
 				},
 				AllMessages::RuntimeApi(RuntimeApiMessage::Request(
 					_,
-					RuntimeApiRequest::SessionExecutorParams(sess_idx, tx),
-				)) if sess_idx == 1 => {
+					RuntimeApiRequest::SessionExecutorParams(1, tx),
+				)) => {
 					tx.send(Ok(Some(ExecutorParams::default()))).unwrap();
 				},
 				msg => {

diff --git a/polkadot/node/core/pvf/common/Cargo.toml b/polkadot/node/core/pvf/common/Cargo.toml
@@ -29,7 +29,7 @@ sp-io = { path = "../../../../../substrate/primitives/io" }
 sp-tracing = { path = "../../../../../substrate/primitives/tracing" }
 
 [target.'cfg(target_os = "linux")'.dependencies]
-landlock = "0.2.0"
+landlock = "0.3.0"
 
 [dev-dependencies]
 assert_matches = "1.4.0"

diff --git a/polkadot/node/core/pvf/common/src/worker/security.rs b/polkadot/node/core/pvf/common/src/worker/security.rs
@@ -223,13 +223,22 @@ pub mod landlock {
 	/// Landlock ABI version. We use ABI V1 because:
 	///
 	/// 1. It is supported by our reference kernel version.
-	/// 2. Later versions do not (yet) provide additional security.
+	/// 2. Later versions do not (yet) provide additional security that would benefit us.
 	///
-	/// # Versions (as of June 2023)
+	/// # Versions (as of October 2023)
 	///
 	/// - Polkadot reference kernel version: 5.16+
-	/// - ABI V1: 5.13 - introduces	landlock, including full restrictions on file reads
-	/// - ABI V2: 5.19 - adds ability to configure file renaming (not used by us)
+	///
+	/// - ABI V1: kernel 5.13 - Introduces landlock, including full restrictions on file reads.
+	///
+	/// - ABI V2: kernel 5.19 - Adds ability to prevent file renaming. Does not help us. During
+	///   execution an attacker can only affect the name of a symlinked artifact and not the
+	///   original one.
+	///
+	/// - ABI V3: kernel 6.2 - Adds ability to prevent file truncation. During execution, can
+	///   prevent attackers from affecting a symlinked artifact. We don't strictly need this as we
+	///   plan to check for file integrity anyway; see
+	///   <https://github.com/paritytech/polkadot-sdk/issues/677>.
 	///
 	/// # Determinism
 	///
@@ -335,7 +344,7 @@ pub mod landlock {
 		A: Into<BitFlags<AccessFs>>,
 	{
 		let mut ruleset =
-			Ruleset::new().handle_access(AccessFs::from_all(LANDLOCK_ABI))?.create()?;
+			Ruleset::default().handle_access(AccessFs::from_all(LANDLOCK_ABI))?.create()?;
 		for (fs_path, access_bits) in fs_exceptions {
 			let paths = &[fs_path.as_ref().to_owned()];
 			let mut rules = path_beneath_rules(paths, access_bits).peekable();
@@ -466,5 +475,38 @@ pub mod landlock {
 
 			assert!(handle.join().is_ok());
 		}
+
+		// Test that checks whether landlock under our ABI version is able to truncate files.
+		#[test]
+		fn restricted_thread_can_truncate_file() {
+			// TODO: This would be nice: <https://github.com/rust-lang/rust/issues/68007>.
+			if !check_is_fully_enabled() {
+				return
+			}
+
+			// Restricted thread can truncate file.
+			let handle =
+				thread::spawn(|| {
+					// Create and write a file. This should succeed before any landlock
+					// restrictions are applied.
+					const TEXT: &str = "foo";
+					let tmpfile = tempfile::NamedTempFile::new().unwrap();
+					let path = tmpfile.path();
+
+					fs::write(path, TEXT).unwrap();
+
+					// Apply Landlock with all exceptions under the current ABI.
+					let status = try_restrict(vec![(path, AccessFs::from_all(LANDLOCK_ABI))]);
+					if !matches!(status, Ok(RulesetStatus::FullyEnforced)) {
+						panic!("Ruleset should be enforced since we checked if landlock is enabled: {:?}", status);
+					}
+
+					// Try to truncate the file.
+					let result = tmpfile.as_file().set_len(0);
+					assert!(result.is_ok());
+				});
+
+			assert!(handle.join().is_ok());
+		}
 	}
 }
diff --git a/polkadot/node/core/pvf/src/lib.rs b/polkadot/node/core/pvf/src/lib.rs
@@ -19,8 +19,10 @@
 //! The PVF validation host. Responsible for coordinating preparation and execution of PVFs.
 //!
 //! For more background, refer to the Implementer's Guide: [PVF
-//! Pre-checking](https://paritytech.github.io/polkadot/book/pvf-prechecking.html) and [Candidate
-//! Validation](https://paritytech.github.io/polkadot/book/node/utility/candidate-validation.html#pvf-host).
+//! Pre-checking](https://paritytech.github.io/polkadot-sdk/book/pvf-prechecking.html), [Candidate
+//! Validation](https://paritytech.github.io/polkadot-sdk/book/node/utility/candidate-validation.html)
+//! and [PVF Host and Workers](https://paritytech.github.io/polkadot-sdk/book/node/utility/pvf-host-and-workers.html).
+//!
 //!
 //! # Entrypoint
 //!

diff --git a/polkadot/node/core/runtime-api/src/cache.rs b/polkadot/node/core/runtime-api/src/cache.rs
@@ -64,6 +64,7 @@ pub(crate) struct RequestResultCache {
 	unapplied_slashes: LruMap<Hash, Vec<(SessionIndex, CandidateHash, slashing::PendingSlashes)>>,
 	key_ownership_proof: LruMap<(Hash, ValidatorId), Option<slashing::OpaqueKeyOwnershipProof>>,
 	minimum_backing_votes: LruMap<SessionIndex, u32>,
+	disabled_validators: LruMap<Hash, Vec<ValidatorIndex>>,
 	para_backing_state: LruMap<(Hash, ParaId), Option<async_backing::BackingState>>,
 	async_backing_params: LruMap<Hash, async_backing::AsyncBackingParams>,
 }
@@ -96,6 +97,7 @@ impl Default for RequestResultCache {
 			unapplied_slashes: LruMap::new(ByLength::new(DEFAULT_CACHE_CAP)),
 			key_ownership_proof: LruMap::new(ByLength::new(DEFAULT_CACHE_CAP)),
 			minimum_backing_votes: LruMap::new(ByLength::new(DEFAULT_CACHE_CAP)),
+			disabled_validators: LruMap::new(ByLength::new(DEFAULT_CACHE_CAP)),
 			para_backing_state: LruMap::new(ByLength::new(DEFAULT_CACHE_CAP)),
 			async_backing_params: LruMap::new(ByLength::new(DEFAULT_CACHE_CAP)),
 		}
@@ -444,6 +446,21 @@ impl RequestResultCache {
 		self.minimum_backing_votes.insert(session_index, minimum_backing_votes);
 	}
 
+	pub(crate) fn disabled_validators(
+		&mut self,
+		relay_parent: &Hash,
+	) -> Option<&Vec<ValidatorIndex>> {
+		self.disabled_validators.get(relay_parent).map(|v| &*v)
+	}
+
+	pub(crate) fn cache_disabled_validators(
+		&mut self,
+		relay_parent: Hash,
+		disabled_validators: Vec<ValidatorIndex>,
+	) {
+		self.disabled_validators.insert(relay_parent, disabled_validators);
+	}
+
 	pub(crate) fn para_backing_state(
 		&mut self,
 		key: (Hash, ParaId),
@@ -520,6 +537,7 @@ pub(crate) enum RequestResult {
 		slashing::OpaqueKeyOwnershipProof,
 		Option<()>,
 	),
+	DisabledValidators(Hash, Vec<ValidatorIndex>),
 	ParaBackingState(Hash, ParaId, Option<async_backing::BackingState>),
 	AsyncBackingParams(Hash, async_backing::AsyncBackingParams),
 }
diff --git a/polkadot/node/core/runtime-api/src/lib.rs b/polkadot/node/core/runtime-api/src/lib.rs
@@ -166,6 +166,8 @@ where
 				.requests_cache
 				.cache_key_ownership_proof((relay_parent, validator_id), key_ownership_proof),
 			SubmitReportDisputeLost(_, _, _, _) => {},
+			DisabledValidators(relay_parent, disabled_validators) =>
+				self.requests_cache.cache_disabled_validators(relay_parent, disabled_validators),
 			ParaBackingState(relay_parent, para_id, constraints) => self
 				.requests_cache
 				.cache_para_backing_state((relay_parent, para_id), constraints),
@@ -296,6 +298,8 @@ where
 						Request::SubmitReportDisputeLost(dispute_proof, key_ownership_proof, sender)
 					},
 				),
+			Request::DisabledValidators(sender) => query!(disabled_validators(), sender)
+				.map(|sender| Request::DisabledValidators(sender)),
 			Request::ParaBackingState(para, sender) => query!(para_backing_state(para), sender)
 				.map(|sender| Request::ParaBackingState(para, sender)),
 			Request::AsyncBackingParams(sender) => query!(async_backing_params(), sender)
@@ -565,6 +569,12 @@ where
 			ver = Request::MINIMUM_BACKING_VOTES_RUNTIME_REQUIREMENT,
 			sender
 		),
+		Request::DisabledValidators(sender) => query!(
+			DisabledValidators,
+			disabled_validators(),
+			ver = Request::DISABLED_VALIDATORS_RUNTIME_REQUIREMENT,
+			sender
+		),
 		Request::ParaBackingState(para, sender) => {
 			query!(
 				ParaBackingState,

diff --git a/polkadot/node/core/runtime-api/src/tests.rs b/polkadot/node/core/runtime-api/src/tests.rs
@@ -268,6 +268,10 @@ impl RuntimeApiSubsystemClient for MockSubsystemClient {
 	async fn minimum_backing_votes(&self, _: Hash, _: SessionIndex) -> Result<u32, ApiError> {
 		todo!("Not required for tests")
 	}
+
+	async fn disabled_validators(&self, _: Hash) -> Result<Vec<ValidatorIndex>, ApiError> {
+		todo!("Not required for tests")
+	}
 }
 
 #[test]

diff --git a/polkadot/node/network/approval-distribution/src/lib.rs b/polkadot/node/network/approval-distribution/src/lib.rs
@@ -16,7 +16,10 @@
 
 //! [`ApprovalDistribution`] implementation.
 //!
-//! <https://w3f.github.io/parachain-implementers-guide/node/approval/approval-distribution.html>
+//! See the documentation on [approval distribution][approval-distribution-page] in the
+//! implementers' guide.
+//!
+//! [approval-distribution-page]: https://paritytech.github.io/polkadot-sdk/book/node/approval/approval-distribution.html
 
 #![warn(missing_docs)]
 

diff --git a/polkadot/node/overseer/examples/minimal-example.rs b/polkadot/node/overseer/examples/minimal-example.rs
@@ -163,7 +163,6 @@ fn main() {
 			.unwrap();
 
 		let overseer_fut = overseer.run().fuse();
-		let timer_stream = timer_stream;
 
 		pin_mut!(timer_stream);
 		pin_mut!(overseer_fut);

diff --git a/polkadot/node/overseer/src/lib.rs b/polkadot/node/overseer/src/lib.rs
@@ -17,7 +17,7 @@
 //! # Overseer
 //!
 //! `overseer` implements the Overseer architecture described in the
-//! [implementers-guide](https://w3f.github.io/parachain-implementers-guide/node/index.html).
+//! [implementers' guide][overseer-page].
 //! For the motivations behind implementing the overseer itself you should
 //! check out that guide, documentation in this crate will be mostly discussing
 //! technical stuff.
@@ -53,6 +53,8 @@
 //!             .  +--------------------+               +---------------------+  .
 //!             ..................................................................
 //! ```
+//!
+//! [overseer-page]: https://paritytech.github.io/polkadot-sdk/book/node/overseer.html
 
 // #![deny(unused_results)]
 // unused dependencies can not work for test and examples at the same time

diff --git a/polkadot/node/service/src/relay_chain_selection.rs b/polkadot/node/service/src/relay_chain_selection.rs
@@ -31,7 +31,7 @@
 //! leaf returned from the chain selection subsystem by calling into other
 //! subsystems which yield information about approvals and disputes.
 //!
-//! [chain-selection-guide]: https://w3f.github.io/parachain-implementers-guide/protocol-chain-selection.html
+//! [chain-selection-guide]: https://paritytech.github.io/polkadot-sdk/book/protocol-chain-selection.html
 
 #![cfg(feature = "full-node")]
 

diff --git a/polkadot/node/subsystem-types/src/messages.rs b/polkadot/node/subsystem-types/src/messages.rs
@@ -695,6 +695,8 @@ pub enum RuntimeApiRequest {
 	),
 	/// Get the minimum required backing votes.
 	MinimumBackingVotes(SessionIndex, RuntimeApiSender<u32>),
+	/// Returns all disabled validators at a given block height.
+	DisabledValidators(RuntimeApiSender<Vec<ValidatorIndex>>),
 	/// Get the backing state of the given para.
 	ParaBackingState(ParaId, RuntimeApiSender<Option<async_backing::BackingState>>),
 	/// Get candidate's acceptance limitations for asynchronous backing for a relay parent.
@@ -726,6 +728,9 @@ impl RuntimeApiRequest {
 
 	/// Minimum version to enable asynchronous backing: `AsyncBackingParams` and `ParaBackingState`.
 	pub const ASYNC_BACKING_STATE_RUNTIME_REQUIREMENT: u32 = 7;
+
+	/// `DisabledValidators`
+	pub const DISABLED_VALIDATORS_RUNTIME_REQUIREMENT: u32 = 8;
 }
 
 /// A message to the Runtime API subsystem.