kernel: Run sanity checks on context construction #28228
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
sedited
force-pushed
the
contextSanityChecks
branch
from
cfe9364 to
3c1c434
Compare
|
Thank you for the review @furszy Updated cfe9364 -> 3c1c434 (contextSanityChecks_0 -> contextSanityChecks_1, compare) |
|
Assuming I'm understanding the init order bug, please correct me if I'm not...
|
I am not sure how we could go about registering our signal handlers without the shutdown global.
I originally wanted to to introduce this in a separate PR (fixing the order for gui initialization), but I think it makes more sense here, yes. |
sedited
force-pushed
the
contextSanityChecks
branch
from
3c1c434 to
b333faa
Compare
|
Thank you for the comments @theuni Updated 3c1c434 -> 8275733 (contextSanityChecks_1 -> contextSanityChecks_2, compare)
|
sedited
force-pushed
the
contextSanityChecks
branch
from
b333faa to
8275733
Compare
src/node/interfaces.cpp
Outdated
| auto res{kernel::Context::MakeContext()}; | ||
| if (!res) { | ||
| return InitError(strprintf(_("Initialization kernel sanity check failed: %s. %s is shutting down."), | ||
| util::ErrorString(res), PACKAGE_NAME)); | ||
| } | ||
| m_context->kernel = std::move(res.value()); | ||
|
|
There was a problem hiding this comment.
Could implement a NodeContext::make_kernel() method to avoid this duplication between here and bitcoind.cpp?
There was a problem hiding this comment.
I remember some prior comments that adding helper methods directly to the NodeContext struct is undesirable. Could add a init.h helper function instead that takes a NodeContext as an argument?
There was a problem hiding this comment.
Ah, it's in the docstring.
I think a non-member function in init makes sense, yeah. It aligns well with the existing design of baseInitialize and AppInit.
sedited
force-pushed
the
contextSanityChecks
branch
from
8275733 to
d0daf3e
Compare
|
Thank you for the comments @stickies-v Rebased 8275733 -> 14448df (contextSanityChecks_2 -> contextSanityChecks_3, compare)
Updated 14448df -> d0daf3e (contextSanityChecks_3 -> contextSanityChecks_4, compare)
|
There was a problem hiding this comment.
ACK d0daf3e
- PR description needs updating to reflect dropping the bugfix
nit: commit message mentions deduplicating the init error messages, but that's not entirely true sinceedit: resolved as clarified herebitcoind.cppdidn't have an init error message to begin with, this change is relative to a previous version of this PR but not to master, I think?
This refers to these two messages here: https://github.com/bitcoin/bitcoin/pull/28228/files#diff-b1e19192258d83199d8adaa5ac31f067af98f63554bfdd679bd8e8073815e69dL1034-L1035 that have been merged into a single one. |
sedited
force-pushed
the
contextSanityChecks
branch
from
d0daf3e to
53f0be7
Compare
|
Updated d0daf3e -> 53f0be7 (contextSanityChecks_4 -> contextSanityChecks_5, compare)
Also fixed-up PR description. |
|
re-ACK 53f0be7 |
|
Looking at 53f0be7, I don't understand the benefits of this PR. It seems unfortunate for the kernel struct now to have to live in a unique_ptr instead of kernel library users being able to declare and allocate it however they want. It seems unfortunate for the context struct now to have a static method, when it's intended to be passive container holding state, not a place where functionality is implemented. It seems unfortunate for it now to depend on checks.cpp and do extra work that's not strictly necessary. I know there's history and discussion here that I'm not aware of but the current change by itself does seem like a regression. |
|
Are you still working on this? |
I would like to hear @theuni's opinion here, since he originally suggested the concept. |
This ensures that it is impossible to construct a context that does not pass the sanity checks. Also de-duplicate the init error messages in case of a kernel context sanity check error.
sedited
force-pushed
the
contextSanityChecks
branch
from
53f0be7 to
673bcf4
Compare
|
Rebased 53f0be7 -> 673bcf4 (contextSanityChecks_5 -> contextSanityChecks_6, compare)
|
|
🐙 This pull request conflicts with the target branch and needs rebase. |
| #include <script/sigcache.h> | ||
| #include <util/chaintype.h> | ||
| #include <util/fs.h> | ||
| #include <util/signalinterrupt.h> |
|
Closing this again, having worked with the code some more over the past year, I don't think this is particularly pressing change anymore. As ryanofsky elaborated, our context objects should have functionality and instead just hold state - which is what it does already. |
8 participants
Moving the kernel sanity check code to kernel context instantiation time ensures that it is impossible to create an invalid kernel context. This is based on a suggestion made in a comment by @theuni in the original pull request first introducing the
kernel::Context.