From 1f30dccddf034e45844535966896a4e8722d7f68 Mon Sep 17 00:00:00 2001 From: fang Date: Tue, 9 Aug 2022 20:53:43 +0200 Subject: [PATCH 1/5] gall: use correct wires in +ap-kill-down For potentially-outgoing moves, we need to make sure the nonce is in the wire so that it gets associated with the right instance of the subscription. --- pkg/arvo/sys/vane/gall.hoon | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/pkg/arvo/sys/vane/gall.hoon b/pkg/arvo/sys/vane/gall.hoon index 7229e8ebd2..f9fb30d8cc 100644 --- a/pkg/arvo/sys/vane/gall.hoon +++ b/pkg/arvo/sys/vane/gall.hoon @@ -1744,12 +1744,18 @@ :: Must process leave first in case kick handler rewatches. :: ++ ap-kill-down - |= [=wire =dock] + |= [sub-wire=wire =dock] ^+ ap-core + :: ensure the nonce is in the kernel-facing wire + :: + =/ =wire + =/ nonce=@ud (~(got by boar.yoke) sub-wire dock) + ?: =(0 nonce) sub-wire + [(scot %ud nonce) sub-wire] :: =. ap-core (ap-pass wire %agent dock %leave ~) - (ap-pass wire %huck dock %b %huck `sign-arvo`[%gall %unto %kick ~]) + (ap-pass sub-wire %huck dock %b %huck `sign-arvo`[%gall %unto %kick ~]) :: +ap-mule: run virtualized with intercepted scry, preserving type :: :: Compare +mute and +mule. Those pass through scry, which From 0a3f542fccadb7d2d417a893b5d5f19a8e318f03 Mon Sep 17 00:00:00 2001 From: fang Date: Tue, 9 Aug 2022 21:20:24 +0200 Subject: [PATCH 2/5] gall: refactor sub-wire-with-nonce construction Into +ap-nonce-wire. --- pkg/arvo/sys/vane/gall.hoon | 35 +++++++++++++++-------------------- 1 file changed, 15 insertions(+), 20 deletions(-) diff --git a/pkg/arvo/sys/vane/gall.hoon b/pkg/arvo/sys/vane/gall.hoon index f9fb30d8cc..75cf93a932 100644 --- a/pkg/arvo/sys/vane/gall.hoon +++ b/pkg/arvo/sys/vane/gall.hoon @@ -1126,6 +1126,13 @@ ^+ same (^trace verb agent-name print) :: + ++ ap-nonce-wire + |= [=wire =dock] + ^+ wire + =/ nonce=@ (~(got by boar.yoke) wire dock) + ?: =(0 nonce) wire + [(scot %ud nonce) wire] + :: ++ ap-core . :: +ap-abed: initialise state for an agent, with the supplied routes. :: @@ -1309,19 +1316,16 @@ core(agent-duct agent-duct) $(in t.in) :: - =/ out=(list [[=wire =^ship =term] ? =path nonce=@]) - %+ turn ~(tap by boat.yoke) - |= [key=[wire ^ship term] val=[? path]] - :- key - val(+ [+.val (~(got by boar.yoke) key)]) + =/ out=(list [=wire =^ship =term]) + ~(tap ^in ~(key by boat.yoke)) |- ^+ ap-core ?~ out ap-core =? ap-core =(ship ship.i.out) =/ core =. agent-duct system-duct.state - =/ way - [%out (scot %p ship) term.i.out (scot %ud nonce.i.out) wire.i.out] + =. wire.i.out (ap-nonce-wire i.out) + =/ way [%out (scot %p ship) term.i.out wire.i.out] (ap-specific-take way %kick ~) core(agent-duct agent-duct) $(out t.out) @@ -1746,15 +1750,10 @@ ++ ap-kill-down |= [sub-wire=wire =dock] ^+ ap-core - :: ensure the nonce is in the kernel-facing wire - :: - =/ =wire - =/ nonce=@ud (~(got by boar.yoke) sub-wire dock) - ?: =(0 nonce) sub-wire - [(scot %ud nonce) sub-wire] - :: =. ap-core - (ap-pass wire %agent dock %leave ~) + :: we take care to include the nonce in the "kernel-facing" wire + :: + (ap-pass (ap-nonce-wire sub-wire dock) %agent dock %leave ~) (ap-pass sub-wire %huck dock %b %huck `sign-arvo`[%gall %unto %kick ~]) :: +ap-mule: run virtualized with intercepted scry, preserving type :: @@ -1866,11 +1865,7 @@ =/ nonce=@ (~(got by boar.yoke) sub-wire dock) =. p.move.move %+ weld sys-wire - ?: =(nonce 0) - :: skip adding nonce to pre-nonce subscription wires - :: - sub-wire - [(scot %ud nonce) sub-wire] + (ap-nonce-wire sub-wire dock) =: boat.yoke (~(del by boat.yoke) [sub-wire dock]) boar.yoke (~(del by boar.yoke) [sub-wire dock]) == From c2d77a5d4788e4e974b427d21b7181b80856618a Mon Sep 17 00:00:00 2001 From: fang Date: Tue, 9 Aug 2022 21:21:10 +0200 Subject: [PATCH 3/5] gall: in/exclude the nonce from the wire as needed +ap-nuke was not including the nonce, but should. +ap-handle-peers was potentially including a zero nonce. (The latter shouldn't have been possible, but there's a bug in +load where sub-nonce.yoke gets initialized as 0 instead of 1.) --- pkg/arvo/sys/vane/gall.hoon | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/arvo/sys/vane/gall.hoon b/pkg/arvo/sys/vane/gall.hoon index 75cf93a932..728b0cff12 100644 --- a/pkg/arvo/sys/vane/gall.hoon +++ b/pkg/arvo/sys/vane/gall.hoon @@ -1204,8 +1204,8 @@ ~ [%give %kick ~(tap in inbound-paths) ~]~ %+ turn ~(tap by boat.yoke) - |= [[=wire =ship =term] ? =path] - [%pass wire %agent [ship term] %leave ~] + |= [[=wire =dock] ? =path] + [%pass (ap-nonce-wire wire dock) %agent dock %leave ~] =^ maybe-tang ap-core (ap-ingest ~ |.([will *agent])) ap-core :: +ap-from-internal: internal move to move. @@ -1891,7 +1891,7 @@ (ap-error %watch-not-unique tang) :: reentrant, maybe bad? $(moves t.moves) :: - =. p.move.move + =? p.move.move !=(0 sub-nonce.yoke) (weld sys-wire [(scot %ud sub-nonce.yoke) sub-wire]) %_ $ moves t.moves From 52d8ef6a99eb44bb2c561de39f22f78b6691c74c Mon Sep 17 00:00:00 2001 From: fang Date: Tue, 9 Aug 2022 21:22:40 +0200 Subject: [PATCH 4/5] gall: initialize sub-nonce as 1 during upgrade This matches the bunt of 1 for the new ship case. A nonce of 0 is semantically mapped to old-style subscriptions. --- pkg/arvo/sys/vane/gall.hoon | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/arvo/sys/vane/gall.hoon b/pkg/arvo/sys/vane/gall.hoon index 728b0cff12..772691755d 100644 --- a/pkg/arvo/sys/vane/gall.hoon +++ b/pkg/arvo/sys/vane/gall.hoon @@ -350,7 +350,7 @@ =/ [=bitt =boat =boar] (watches-8-to-9 watches.egg-8) :* control-duct.egg-8 run-nonce.egg-8 - sub-nonce=0 + sub-nonce=1 live.egg-8 stats.egg-8 bitt boat boar From db1e8d1b92052d38d4bd3bc4492b22dec9b2eb62 Mon Sep 17 00:00:00 2001 From: fang Date: Tue, 9 Aug 2022 21:36:08 +0200 Subject: [PATCH 5/5] gall: explain reason for strange conditional --- pkg/arvo/sys/vane/gall.hoon | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/arvo/sys/vane/gall.hoon b/pkg/arvo/sys/vane/gall.hoon index 772691755d..980e3c7aa7 100644 --- a/pkg/arvo/sys/vane/gall.hoon +++ b/pkg/arvo/sys/vane/gall.hoon @@ -1891,6 +1891,7 @@ (ap-error %watch-not-unique tang) :: reentrant, maybe bad? $(moves t.moves) :: + ::NOTE 0-check guards against pre-release bug =? p.move.move !=(0 sub-nonce.yoke) (weld sys-wire [(scot %ud sub-nonce.yoke) sub-wire]) %_ $