Check spawned worker version vs node version before PVF preparation

cli/src/cli.rs

@@ -80,6 +80,9 @@ pub enum Subcommand {
 pub struct ValidationWorkerCommand {
 	/// The path to the validation host's socket.
 	pub socket_path: String,
+	/// Calling node implementation version
+	#[arg(long)]
+	pub node_impl_version: String,
 }
 
 #[allow(missing_docs)]

cli/src/command.rs

@@ -494,7 +494,10 @@ pub fn run() -> Result<()> {
 
 			#[cfg(not(target_os = "android"))]
 			{
-				polkadot_node_core_pvf::prepare_worker_entrypoint(&cmd.socket_path);
+				polkadot_node_core_pvf::prepare_worker_entrypoint(
+					&cmd.socket_path,
+					Some(&cmd.node_impl_version),
+				);
 				Ok(())
 			}
 		},

node/core/pvf/Cargo.toml

@@ -41,6 +41,9 @@ sp-wasm-interface = { git = "https://github.com/paritytech/substrate", branch =
 sp-maybe-compressed-blob = { git = "https://github.com/paritytech/substrate", branch = "master" }
 sp-tracing = { git = "https://github.com/paritytech/substrate", branch = "master" }
 
+[build-dependencies]
+substrate-build-script-utils = { git = "https://github.com/paritytech/substrate", branch = "master" }
+
 [target.'cfg(target_os = "linux")'.dependencies]
 libc = "0.2.139"
 tikv-jemalloc-ctl = "0.5.0"

node/core/pvf/build.rs

@@ -0,0 +1,19 @@
+// Copyright 2017-2023 Parity Technologies (UK) Ltd.
+// This file is part of Polkadot.
+
+// Polkadot is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Polkadot is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Polkadot.  If not, see <http://www.gnu.org/licenses/>.
+
+fn main() {
+	substrate_build_script_utils::generate_cargo_keys();
+}

node/core/pvf/src/error.rs

@@ -42,6 +42,8 @@ pub enum PrepareError {
 	/// The response from the worker is received, but the file cannot be renamed (moved) to the final destination
 	/// location. This state is reported by the validation host (not by the worker).
 	RenameTmpFileErr(String),
+	/// Node and worker version mismatch. May happen if the node binary has been upgraded in-place.
+	VersionMismatch,
 }
 
 impl PrepareError {
@@ -55,7 +57,8 @@ impl PrepareError {
 		use PrepareError::*;
 		match self {
 			Prevalidation(_) | Preparation(_) | Panic(_) => true,
-			TimedOut | IoErr(_) | CreateTmpFileErr(_) | RenameTmpFileErr(_) => false,
+			TimedOut | IoErr(_) | CreateTmpFileErr(_) | RenameTmpFileErr(_) | VersionMismatch =>
+				false,
 		}
 	}
 }
@@ -71,6 +74,7 @@ impl fmt::Display for PrepareError {
 			IoErr(err) => write!(f, "prepare: io error while receiving response: {}", err),
 			CreateTmpFileErr(err) => write!(f, "prepare: error creating tmp file: {}", err),
 			RenameTmpFileErr(err) => write!(f, "prepare: error renaming tmp file: {}", err),
+			VersionMismatch => write!(f, "prepare: node and worker version mismatch"),
 		}
 	}
 }

node/core/pvf/src/prepare/worker.rs

@@ -52,7 +52,13 @@ pub async fn spawn(
 	program_path: &Path,
 	spawn_timeout: Duration,
 ) -> Result<(IdleWorker, WorkerHandle), SpawnErr> {
-	spawn_with_program_path("prepare", program_path, &["prepare-worker"], spawn_timeout).await
+	spawn_with_program_path(
+		"prepare",
+		program_path,
+		&["prepare-worker", "--node-impl-version", env!("SUBSTRATE_CLI_IMPL_VERSION")],
+		spawn_timeout,
+	)
+	.await
 }
 
 pub enum Outcome {
@@ -175,6 +181,15 @@ async fn handle_response(
 		Ok(result) => result,
 		// Timed out on the child. This should already be logged by the child.
 		Err(PrepareError::TimedOut) => return Outcome::TimedOut,
+		// Worker reported version mismatch
+		Err(PrepareError::VersionMismatch) => {
+			gum::error!(
+				target: LOG_TARGET,
+				%worker_pid,
+				"node and worker version mismatch",
+			);
+			std::process::exit(1);
+		},
 		Err(_) => return Outcome::Concluded { worker, result },
 	};
 
@@ -342,11 +357,26 @@ async fn recv_response(stream: &mut UnixStream, pid: u32) -> io::Result<PrepareR
 ///
 ///	7. Send the result of preparation back to the host. If any error occurred in the above steps, we
 ///	   send that in the `PrepareResult`.
-pub fn worker_entrypoint(socket_path: &str) {
+pub fn worker_entrypoint(socket_path: &str, node_version: Option<&str>) {
 	worker_event_loop("prepare", socket_path, |rt_handle, mut stream| async move {
+		let worker_pid = std::process::id();
+		let version_mismatch = if let Some(version) = node_version {
+			version != env!("SUBSTRATE_CLI_IMPL_VERSION")
+		} else {
+			false
+		};
+
 		loop {
-			let worker_pid = std::process::id();
 			let (pvf, dest) = recv_request(&mut stream).await?;
+			if version_mismatch {
+				gum::error!(
+					target: LOG_TARGET,
+					%worker_pid,
+					"worker: node and worker version mismatch",
+				);
+				send_response(&mut stream, Err(PrepareError::VersionMismatch)).await?;
+				return Err(io::Error::new(io::ErrorKind::Unsupported, "Version mismatch"))
+			}
 			gum::debug!(
 				target: LOG_TARGET,
 				%worker_pid,

node/core/pvf/src/testing.rs

@@ -72,7 +72,7 @@ macro_rules! decl_puppet_worker_main {
 				},
 				"prepare-worker" => {
 					let socket_path = &args[2];
-					$crate::prepare_worker_entrypoint(socket_path);
+					$crate::prepare_worker_entrypoint(socket_path, None);
 				},
 				"execute-worker" => {
 					let socket_path = &args[2];

node/malus/src/malus.rs

@@ -97,7 +97,7 @@ impl MalusCli {
 
 				#[cfg(not(target_os = "android"))]
 				{
-					polkadot_node_core_pvf::prepare_worker_entrypoint(&cmd.socket_path);
+					polkadot_node_core_pvf::prepare_worker_entrypoint(&cmd.socket_path, None);
 				}
 			},
 			NemesisVariant::PvfExecuteWorker(cmd) => {