From 6049f2a9aa1942385c6bcbe1d3a3426df6dca0df Mon Sep 17 00:00:00 2001 From: Rod Vagg Date: Sat, 25 May 2024 11:38:54 +1000 Subject: [PATCH] feat: miner: max prove commit sector batch size --- actors/miner/src/lib.rs | 14 ++++++++++++-- runtime/src/runtime/policy.rs | 7 +++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/actors/miner/src/lib.rs b/actors/miner/src/lib.rs index 9d063d5b6..20c72434e 100644 --- a/actors/miner/src/lib.rs +++ b/actors/miner/src/lib.rs @@ -1787,7 +1787,7 @@ impl Actor { params.sector_proofs.len() )); } - validate_seal_proofs(precommits[0].info.seal_proof, ¶ms.sector_proofs)?; + validate_seal_proofs(precommits[0].info.seal_proof, ¶ms.sector_proofs, policy)?; } else { if params.aggregate_proof_type != Some(RegisteredAggregateProof::SnarkPackV2) { return Err(actor_error!( @@ -1960,6 +1960,7 @@ impl Actor { // Validate caller and parameters. let st: State = rt.state()?; let store = rt.store(); + let policy = rt.policy(); // Note: this accepts any caller for legacy, but probably shouldn't. // Since the miner can provide arbitrary control addresses, there's not much advantage // in allowing any caller, but some risk if there's an exploitable bug. @@ -1977,7 +1978,7 @@ impl Actor { actor_error!(not_found, "no pre-commited sector {}", params.sector_number) })?; - validate_seal_proofs(precommit.info.seal_proof, &[params.proof.clone()])?; + validate_seal_proofs(precommit.info.seal_proof, &[params.proof.clone()], policy)?; let allow_deals = true; // Legacy onboarding entry points allow pre-committed deals. let all_or_nothing = true; // The singleton must succeed. @@ -4766,7 +4767,16 @@ fn validate_precommits( fn validate_seal_proofs( seal_proof_type: RegisteredSealProof, proofs: &[RawBytes], + policy: &Policy, ) -> Result<(), ActorError> { + if proofs.len() > policy.prove_commit_sector_batch_max_size { + return Err(actor_error!( + illegal_argument, + "batch of {} too large, max {}", + proofs.len(), + policy.prove_commit_sector_batch_max_size + )); + } let max_proof_size = seal_proof_type.proof_size().with_context_code(ExitCode::USR_ILLEGAL_STATE, || { format!("failed to determine max proof size for type {:?}", seal_proof_type,) diff --git a/runtime/src/runtime/policy.rs b/runtime/src/runtime/policy.rs index 3f8004264..9a56ca8c4 100644 --- a/runtime/src/runtime/policy.rs +++ b/runtime/src/runtime/policy.rs @@ -24,6 +24,8 @@ pub struct Policy { pub pre_commit_sector_batch_max_size: usize, /// The maximum number of sector replica updates in a single batch. pub prove_replica_updates_max_size: usize, + /// The maximum number of sector prove commits in a single batch. + pub prove_commit_sector_batch_max_size: usize, /// The delay between pre commit expiration and clean up from state. This enforces that expired pre-commits /// stay in state for a period of time creating a grace period during which a late-running aggregated prove-commit @@ -165,6 +167,8 @@ impl Default for Policy { max_replica_update_proof_size: policy_constants::MAX_REPLICA_UPDATE_PROOF_SIZE, pre_commit_sector_batch_max_size: policy_constants::PRE_COMMIT_SECTOR_BATCH_MAX_SIZE, prove_replica_updates_max_size: policy_constants::PROVE_REPLICA_UPDATES_MAX_SIZE, + prove_commit_sector_batch_max_size: + policy_constants::PROVE_COMMIT_SECTOR_BATCH_MAX_SIZE, expired_pre_commit_clean_up_delay: policy_constants::EXPIRED_PRE_COMMIT_CLEAN_UP_DELAY, wpost_proving_period: policy_constants::WPOST_PROVING_PERIOD, wpost_challenge_window: policy_constants::WPOST_CHALLENGE_WINDOW, @@ -244,6 +248,9 @@ pub mod policy_constants { // Same as PRE_COMMIT_SECTOR_BATCH_MAX_SIZE for consistency. pub const PROVE_REPLICA_UPDATES_MAX_SIZE: usize = PRE_COMMIT_SECTOR_BATCH_MAX_SIZE; + // Same as PRE_COMMIT_SECTOR_BATCH_MAX_SIZE for consistency. + pub const PROVE_COMMIT_SECTOR_BATCH_MAX_SIZE: usize = PRE_COMMIT_SECTOR_BATCH_MAX_SIZE; + pub const EXPIRED_PRE_COMMIT_CLEAN_UP_DELAY: i64 = 8 * EPOCHS_IN_HOUR; pub const WPOST_PROVING_PERIOD: ChainEpoch = EPOCHS_IN_DAY;