Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Follower: check if join block different from fetched block #4265

Merged
merged 1 commit into from
Jun 8, 2023
Merged

Follower: check if join block different from fetched block #4265

merged 1 commit into from
Jun 8, 2023

Conversation

tock-ibm
Copy link
Contributor

@tock-ibm tock-ibm commented Jun 6, 2023

Change-Id: I7089df4f1bfc200a5f17582df0da7d4172f8f09b

Type of change

  • Bug fix

Description

Follower: revert check of join block different from fetched block

Related issues

Addresses #4264

@tock-ibm tock-ibm requested a review from a team as a code owner June 6, 2023 10:37
yacovm
yacovm requested changes Jun 6, 2023
View reviewed changes
Copy link
Contributor

@yacovm yacovm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think that simply removing the check without providing a countermeasure in the same fix is a good idea.

With this change, the code allows an orderer to pull blocks while disregarding the join block, which obviously was retrieved from somewhere.

The genesis block cannot be validated, and thus the current code completely puts the validity of the genesis block in the mercy of the orderer it is retrieved from.

This check lets you know that you have diverged from the chain.

@tock-ibm
Copy link
Contributor Author

tock-ibm commented Jun 6, 2023
edited
Loading

I don't think that simply removing the check without providing a countermeasure in the same fix is a good idea.

With this change, the code allows an orderer to pull blocks while disregarding the join block, which obviously was retrieved from somewhere.

The genesis block cannot be validated, and thus the current code completely puts the validity of the genesis block in the mercy of the orderer it is retrieved from.

This check lets you know that you have diverged from the chain.

@yacovm I agree with what you said. I am changing the mechanism such that:
The follower checks if join block different from fetched block, both header and data, and

  • it happens before fetched block is committed, otherwise if the orderer is restarted, the follower continues past that block
  • don't panic, since it can affect other channels
  • continue to retry, as it might have been an error in a single remote orderer

In the future, we may consider to stop the chain in events like this and reflect it in the status, as proposed in FAB-18106
https://jira.hyperledger.org/browse/FAB-18106

I also added a couple of unit tests for this scenario.

@tock-ibm tock-ibm changed the title Follower: revert check of join block different from fetched block Follower: check if join block different from fetched block Jun 6, 2023
@yacovm
Copy link
Contributor

yacovm commented Jun 6, 2023

I don't think that simply removing the check without providing a countermeasure in the same fix is a good idea.
With this change, the code allows an orderer to pull blocks while disregarding the join block, which obviously was retrieved from somewhere.
The genesis block cannot be validated, and thus the current code completely puts the validity of the genesis block in the mercy of the orderer it is retrieved from.
This check lets you know that you have diverged from the chain.

@yacovm I agree with what you said. I am changing the mechanism such that: The follower checks if join block different from fetched block, both header and data, and

* it happens before fetched block is committed, otherwise if the orderer is restarted, the follower continues past that block

* don't panic, since it can affect other channels

* continue to retry, as it might have been an error in a single remote orderer

I also added a couple of unit tests for this scenario.

As long as the follower doesn't evolve into a fully fledged consenter, we're good.

@tock-ibm tock-ibm force-pushed the follower-test-flake branch 2 times, most recently from 0bc0137 to d45719c Compare June 7, 2023 14:48
yacovm
yacovm previously approved these changes Jun 7, 2023
View reviewed changes
@yacovm yacovm enabled auto-merge (squash) June 7, 2023 16:09
@tock-ibm
Follower: check if join block different from fetched block
f84c2f0 
- before fetched block is committed
- don't panic
- continue to retry
- improve channel participation Verifier to check DataHash== hash(block.Data)

Signed-off-by: Yoav Tock <tock@il.ibm.com>
Change-Id: I7089df4f1bfc200a5f17582df0da7d4172f8f09b
@yacovm yacovm merged commit 71ce0ab into hyperledger:main Jun 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yacovm yacovm yacovm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tock-ibm @yacovm