Line data Source code
1 : #include "fd_solfuzz.h"
2 : #include "fd_solfuzz_private.h"
3 : #define _GNU_SOURCE
4 : #include "fd_sol_compat.h"
5 :
6 : #include "../fd_executor_err.h"
7 : #include "../../capture/fd_solcap_writer.h"
8 : #include "../../../ballet/shred/fd_shred.h"
9 :
10 : #include "generated/block.pb.h"
11 : #include "generated/invoke.pb.h"
12 : #include "generated/shred.pb.h"
13 : #include "generated/vm.pb.h"
14 : #include "generated/txn.pb.h"
15 :
16 : #if FD_HAS_FLATCC
17 : #include "flatbuffers/generated/elf_reader.h"
18 : #include "flatbuffers/generated/flatbuffers_common_reader.h"
19 : #endif
20 :
21 : #include <assert.h>
22 : #include <errno.h>
23 : #include <fcntl.h>
24 : #include <stdio.h>
25 : #include <unistd.h>
26 :
27 : static fd_wksp_t * wksp = NULL;
28 : static fd_solfuzz_runner_t * runner = NULL;
29 :
30 : static fd_solfuzz_runner_t *
31 0 : sol_compat_setup_runner( fd_solfuzz_runner_options_t const * options ) {
32 0 : runner = fd_solfuzz_runner_new( wksp, 3UL, options );
33 0 : if( FD_UNLIKELY( !runner ) ) {
34 0 : FD_LOG_ERR(( "fd_solfuzz_runner_new() failed" ));
35 0 : return NULL;
36 0 : }
37 :
38 0 : char const * solcap_path = getenv( "FD_SOLCAP" );
39 0 : if( solcap_path ) {
40 0 : int fd = open( solcap_path, O_WRONLY | O_CREAT | O_TRUNC, 0644 );
41 0 : if( FD_UNLIKELY( fd == -1 ) ) {
42 0 : FD_LOG_ERR(( "open($FD_SOLCAP=%s) failed (%i-%s)", solcap_path, errno, fd_io_strerror( errno ) ));
43 0 : }
44 0 : runner->solcap_file = (void *)(ulong)fd;
45 0 : FD_LOG_NOTICE(( "Logging to solcap file %s", solcap_path ));
46 :
47 0 : void * solcap_mem = fd_wksp_alloc_laddr( runner->wksp, fd_solcap_writer_align(), fd_solcap_writer_footprint(), 1UL );
48 0 : runner->solcap = fd_solcap_writer_init( solcap_mem, fd );
49 0 : FD_TEST( runner->solcap );
50 0 : }
51 :
52 0 : return runner;
53 0 : }
54 :
55 : static void
56 0 : sol_compat_cleanup_runner( fd_solfuzz_runner_t * runner ) {
57 : /* Cleanup test runner */
58 0 : if( runner->solcap ) {
59 0 : fd_wksp_free_laddr( ( runner->solcap ) );
60 0 : runner->solcap = NULL;
61 0 : if( runner->solcap_file ) {
62 0 : close( (int)(ulong)runner->solcap_file );
63 0 : runner->solcap_file = NULL;
64 0 : }
65 0 : }
66 0 : fd_solfuzz_runner_delete( runner );
67 0 : }
68 :
69 : void
70 0 : sol_compat_init( int log_level ) {
71 0 : int argc = 1;
72 0 : char * argv[2] = { (char *)"fd_exec_sol_compat", NULL };
73 0 : char ** argv_ = argv;
74 0 : if( !getenv( "FD_LOG_PATH" ) ) {
75 0 : setenv( "FD_LOG_PATH", "", 1 );
76 0 : }
77 :
78 0 : char const * enable_vm_tracing_env = getenv( "ENABLE_VM_TRACING");
79 0 : int enable_vm_tracing = enable_vm_tracing_env!=NULL;
80 0 : fd_solfuzz_runner_options_t options = {
81 0 : .enable_vm_tracing = enable_vm_tracing
82 0 : };
83 :
84 0 : fd_log_enable_unclean_exit();
85 0 : fd_boot( &argc, &argv_ );
86 :
87 0 : if( FD_UNLIKELY( wksp || runner ) ) {
88 0 : FD_LOG_ERR(( "sol_compat_init() called multiple times" ));
89 0 : }
90 :
91 0 : ulong footprint = 7UL<<30;
92 0 : ulong part_max = fd_wksp_part_max_est( footprint, 64UL<<10 );
93 0 : ulong data_max = fd_wksp_data_max_est( footprint, part_max );
94 0 : wksp = fd_wksp_demand_paged_new( "sol_compat", 42U, part_max, data_max );
95 0 : if( FD_UNLIKELY( !wksp ) ) FD_LOG_ERR(( "fd_wksp_demand_paged_new() failed" ));
96 :
97 0 : runner = sol_compat_setup_runner( &options );
98 0 : if( FD_UNLIKELY( !runner ) ) FD_LOG_ERR(( "sol_compat_setup_runner() failed" ));
99 :
100 0 : fd_log_level_logfile_set( log_level );
101 0 : fd_log_level_core_set(4); /* abort on FD_LOG_ERR */
102 0 : }
103 :
104 : void
105 0 : sol_compat_fini( void ) {
106 0 : sol_compat_cleanup_runner( runner );
107 0 : fd_wksp_delete_anonymous( wksp );
108 0 : wksp = NULL;
109 0 : runner = NULL;
110 0 : fd_halt();
111 0 : }
112 :
113 : sol_compat_features_t const *
114 0 : sol_compat_get_features_v1( void ) {
115 0 : static sol_compat_features_t features;
116 0 : static ulong hardcoded_features[ FD_FEATURE_ID_CNT ];
117 0 : static ulong supported_features[ FD_FEATURE_ID_CNT ];
118 :
119 0 : FD_ONCE_BEGIN {
120 0 : features.struct_size = sizeof(sol_compat_features_t);
121 0 : features.hardcoded_features = hardcoded_features;
122 0 : features.supported_features = supported_features;
123 0 : for( fd_feature_id_t const * iter = fd_feature_iter_init();
124 0 : !fd_feature_iter_done( iter );
125 0 : iter = fd_feature_iter_next( iter ) ) {
126 0 : if( iter->reverted ) continue; /* skip reverted features */
127 :
128 : /* Pretend that features activated on all clusters are hardcoded */
129 0 : if( iter->hardcode_for_fuzzing ) {
130 0 : hardcoded_features[ features.hardcoded_features_cnt++ ] = iter->id.ul[0];
131 0 : } else {
132 0 : supported_features[ features.supported_feature_cnt++ ] = iter->id.ul[0];
133 0 : }
134 0 : }
135 0 : }
136 0 : FD_ONCE_END;
137 :
138 0 : return &features;
139 0 : }
140 :
141 : /*
142 : * execute_v1
143 : */
144 :
145 : int
146 : sol_compat_instr_execute_v1( uchar * out,
147 : ulong * out_sz,
148 : uchar const * in,
149 0 : ulong in_sz ) {
150 0 : fd_exec_test_instr_context_t input[1] = {0};
151 0 : void * res = sol_compat_decode_lenient( &input, in, in_sz, &fd_exec_test_instr_context_t_msg );
152 0 : if( FD_UNLIKELY( !res ) ) return 0;
153 :
154 0 : int ok = 0;
155 0 : fd_spad_push( runner->spad );
156 0 : void * output = NULL;
157 0 : fd_solfuzz_pb_execute_wrapper( runner, input, &output, fd_solfuzz_pb_instr_run );
158 0 : if( output ) {
159 0 : ok = !!sol_compat_encode( out, out_sz, output, &fd_exec_test_instr_effects_t_msg );
160 0 : }
161 0 : fd_spad_pop( runner->spad );
162 :
163 0 : pb_release( &fd_exec_test_instr_context_t_msg, input );
164 0 : fd_solfuzz_runner_leak_check( runner );
165 0 : return ok;
166 0 : }
167 :
168 : int
169 : sol_compat_txn_execute_v1( uchar * out,
170 : ulong * out_sz,
171 : uchar const * in,
172 0 : ulong in_sz ) {
173 0 : fd_exec_test_txn_context_t input[1] = {0};
174 0 : void * res = sol_compat_decode_lenient( &input, in, in_sz, &fd_exec_test_txn_context_t_msg );
175 0 : if( FD_UNLIKELY( !res ) ) return 0;
176 :
177 0 : int ok = 0;
178 0 : fd_spad_push( runner->spad );
179 0 : void * output = NULL;
180 0 : fd_solfuzz_pb_execute_wrapper( runner, input, &output, fd_solfuzz_pb_txn_run );
181 0 : if( output ) {
182 0 : ok = !!sol_compat_encode( out, out_sz, output, &fd_exec_test_txn_result_t_msg );
183 0 : }
184 0 : fd_spad_pop( runner->spad );
185 :
186 0 : pb_release( &fd_exec_test_txn_context_t_msg, input );
187 0 : fd_solfuzz_runner_leak_check( runner );
188 0 : return ok;
189 0 : }
190 :
191 : int
192 : sol_compat_block_execute_v1( uchar * out,
193 : ulong * out_sz,
194 : uchar const * in,
195 0 : ulong in_sz ) {
196 0 : fd_exec_test_block_context_t input[1] = {0};
197 0 : void * res = sol_compat_decode_lenient( &input, in, in_sz, &fd_exec_test_block_context_t_msg );
198 0 : if( FD_UNLIKELY( !res ) ) return 0;
199 :
200 0 : fd_spad_push( runner->spad );
201 0 : int ok = 0;
202 0 : void * output = NULL;
203 0 : fd_solfuzz_pb_execute_wrapper( runner, input, &output, fd_solfuzz_pb_block_run );
204 0 : if( output ) {
205 0 : ok = !!sol_compat_encode( out, out_sz, output, &fd_exec_test_block_effects_t_msg );
206 0 : }
207 0 : fd_spad_pop( runner->spad );
208 :
209 0 : pb_release( &fd_exec_test_block_context_t_msg, input );
210 0 : fd_solfuzz_runner_leak_check( runner );
211 0 : return ok;
212 0 : }
213 :
214 : int
215 : sol_compat_vm_syscall_execute_v1( uchar * out,
216 : ulong * out_sz,
217 : uchar const * in,
218 0 : ulong in_sz ) {
219 0 : fd_exec_test_syscall_context_t input[1] = {0};
220 0 : void * res = sol_compat_decode_lenient( &input, in, in_sz, &fd_exec_test_syscall_context_t_msg );
221 0 : if( FD_UNLIKELY( !res ) ) return 0;
222 :
223 0 : fd_spad_push( runner->spad );
224 0 : int ok = 0;
225 0 : void * output = NULL;
226 0 : fd_solfuzz_pb_execute_wrapper( runner, input, &output, fd_solfuzz_pb_syscall_run );
227 0 : if( output ) {
228 0 : ok = !!sol_compat_encode( out, out_sz, output, &fd_exec_test_syscall_effects_t_msg );
229 0 : }
230 0 : fd_spad_pop( runner->spad );
231 :
232 0 : pb_release( &fd_exec_test_syscall_context_t_msg, input );
233 0 : fd_solfuzz_runner_leak_check( runner );
234 0 : return ok;
235 0 : }
236 :
237 : int
238 : sol_compat_shred_parse_v1( uchar * out,
239 : ulong * out_sz,
240 : uchar const * in,
241 0 : ulong in_sz ) {
242 0 : fd_exec_test_shred_binary_t input[1] = {0};
243 0 : void * res = sol_compat_decode_lenient( &input, in, in_sz, &fd_exec_test_shred_binary_t_msg );
244 0 : if( FD_UNLIKELY( res==NULL ) ) {
245 0 : return 0;
246 0 : }
247 0 : if( FD_UNLIKELY( input[0].data==NULL ) ) {
248 0 : pb_release( &fd_exec_test_shred_binary_t_msg, input );
249 0 : return 0;
250 0 : }
251 0 : fd_exec_test_accepts_shred_t output[1] = {0};
252 0 : output[0].valid = !!fd_shred_parse( input[0].data->bytes, input[0].data->size );
253 0 : pb_release( &fd_exec_test_shred_binary_t_msg, input );
254 0 : return !!sol_compat_encode( out, out_sz, output, &fd_exec_test_accepts_shred_t_msg );
255 0 : }
256 :
257 : /*
258 : * execute_v2
259 : Unlike sol_compat_execute_v1 APIs, v2 APIs use flatbuffers for
260 : zero-copy decoding. Returns SOL_COMPAT_V2_SUCCESS on success and
261 : SOL_COMPAT_V2_FAILURE on failure.
262 :
263 : out: output buffer
264 : out_sz: output buffer size
265 : in: input buffer
266 : in_sz: input buffer size (unused)
267 :
268 : Since flatbuffers utilizes zero-copy decoding, the v2 API does not
269 : require an input buffer size. Therefore, it is the caller's
270 : responsibility to ensure the input buffer is well-formed (preferably
271 : using a call to _verify_as_root) to avoid any OOB reads.
272 :
273 : TODO: Make sol_compat_v2 APIs infallible???
274 : */
275 :
276 : #if FD_HAS_FLATCC
277 :
278 : int
279 : sol_compat_elf_loader_v2( uchar * out,
280 : ulong * out_sz,
281 : uchar const * in,
282 0 : ulong FD_FN_UNUSED in_sz ) {
283 0 : SOL_COMPAT_NS(ELFLoaderCtx_table_t) input = SOL_COMPAT_NS(ELFLoaderCtx_as_root( in ));
284 0 : if( FD_UNLIKELY( !input ) ) return 0;
285 :
286 0 : int err = fd_solfuzz_fb_execute_wrapper( runner, input, fd_solfuzz_fb_elf_loader_run );
287 0 : if( FD_UNLIKELY( err==SOL_COMPAT_V2_FAILURE ) ) return err;
288 :
289 0 : ulong buffer_sz = flatcc_builder_get_buffer_size( runner->fb_builder );
290 0 : flatcc_builder_copy_buffer( runner->fb_builder, out, buffer_sz );
291 0 : *out_sz = buffer_sz;
292 :
293 0 : return SOL_COMPAT_V2_SUCCESS;
294 0 : }
295 :
296 : #endif /* FD_HAS_FLATCC */
|
