Merge pull request #6038 from oasisprotocol/kostko/feature/attestatio…

…n-retry

go/runtime/host/sgx: Retry re-attestation faster on failure

.changelog/6038.trivial.md

@@ -0,0 +1 @@
+go/runtime/host/sgx: Retry re-attestation faster on failure

go/go.mod

@@ -16,7 +16,7 @@ replace (
 require (
 	github.com/a8m/envsubst v1.4.2
 	github.com/btcsuite/btcutil v1.0.3-0.20201208143702-a53e38424cce
-	github.com/cenkalti/backoff/v4 v4.2.1
+	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/cometbft/cometbft v0.37.15
 	github.com/cometbft/cometbft-db v0.9.5
 	github.com/cosmos/gogoproto v1.7.0

go/go.sum

@@ -836,8 +836,8 @@ github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23/go.mod h1:bbYlZJ7
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg=
-github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
-github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=

go/runtime/host/sgx/common/common.go

@@ -6,6 +6,8 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/cenkalti/backoff/v4"
+
 	"github.com/oasisprotocol/oasis-core/go/common/cbor"
 	"github.com/oasisprotocol/oasis-core/go/common/crypto/signature"
 	"github.com/oasisprotocol/oasis-core/go/common/identity"
@@ -155,18 +157,34 @@ func AttestationWorker(
 	t := time.NewTicker(interval)
 	defer t.Stop()
 
+	var retryTicker *backoff.Ticker
+	defer func() {
+		if retryTicker == nil {
+			return
+		}
+		retryTicker.Stop()
+		retryTicker = nil
+	}()
+
 	logger = logger.With("runtime_id", hp.Runtime.ID())
 
 	// Get the event emitter.
 	eventEmitter, _ := hp.Runtime.(host.RuntimeEventEmitter)
 
 	for {
+		var retryCh <-chan time.Time
+		if retryTicker != nil {
+			retryCh = retryTicker.C
+		}
+
 		select {
 		case <-hp.Process.Wait():
 			// Process has terminated.
 			return
 		case <-t.C:
 			// Re-attest based on the configured interval.
+		case <-retryCh:
+			// Re-attest based on retry ticker after failure.
 		case <-hp.NotifyUpdateCapabilityTEE:
 			// Re-attest when explicitly requested. Also reset the periodic ticker to make sure we
 			// don't needlessly re-attest too often.
@@ -181,9 +199,24 @@ func AttestationWorker(
 			logger.Error("failed to regenerate CapabilityTEE",
 				"err", err,
 			)
+
+			// Setup a retry ticker so we retry attestation faster than the configured interval.
+			if retryTicker == nil {
+				expBackoff := backoff.NewExponentialBackOff(
+					backoff.WithMaxElapsedTime(0), // Never stop.
+				)
+				retryTicker = backoff.NewTicker(expBackoff)
+			}
+
 			continue
 		}
 
+		// Clear retry ticker after successful attestation.
+		if retryTicker != nil {
+			retryTicker.Stop()
+			retryTicker = nil
+		}
+
 		// Emit event about the updated CapabilityTEE.
 		if eventEmitter != nil {
 			eventEmitter.EmitEvent(&host.Event{Updated: &host.UpdatedEvent{