Line data Source code
1 : #include "fd_solfuzz.h"
2 : #include "fd_solfuzz_private.h"
3 : #define _GNU_SOURCE
4 : #include "fd_sol_compat.h"
5 :
6 : #include "../fd_executor_err.h"
7 : #include "../../capture/fd_solcap_writer.h"
8 : #include "../../../ballet/shred/fd_shred.h"
9 :
10 : #include "generated/block.pb.h"
11 : #include "generated/elf.pb.h"
12 : #include "generated/invoke.pb.h"
13 : #include "generated/shred.pb.h"
14 : #include "generated/vm.pb.h"
15 : #include "generated/txn.pb.h"
16 : #include "generated/type.pb.h"
17 :
18 : #if FD_HAS_FLATCC
19 : #include "flatbuffers/generated/elf_reader.h"
20 : #include "flatbuffers/generated/flatbuffers_common_reader.h"
21 : #endif
22 :
23 : #include <assert.h>
24 : #include <errno.h>
25 : #include <stdio.h>
26 :
27 : static fd_wksp_t * wksp = NULL;
28 : static fd_solfuzz_runner_t * runner = NULL;
29 :
30 : static fd_solfuzz_runner_t *
31 0 : sol_compat_setup_runner( fd_solfuzz_runner_options_t const * options ) {
32 0 : runner = fd_solfuzz_runner_new( wksp, 3UL, options );
33 0 : if( FD_UNLIKELY( !runner ) ) {
34 0 : FD_LOG_ERR(( "fd_solfuzz_runner_new() failed" ));
35 0 : return NULL;
36 0 : }
37 :
38 0 : char const * solcap_path = getenv( "FD_SOLCAP" );
39 0 : if( solcap_path ) {
40 0 : runner->solcap_file = fopen( solcap_path, "w" );
41 0 : if( FD_UNLIKELY( !runner->solcap_file ) ) {
42 0 : FD_LOG_ERR(( "fopen($FD_SOLCAP=%s) failed (%i-%s)", solcap_path, errno, fd_io_strerror( errno ) ));
43 0 : }
44 0 : FD_LOG_NOTICE(( "Logging to solcap file %s", solcap_path ));
45 :
46 0 : void * solcap_mem = fd_wksp_alloc_laddr( runner->wksp, fd_solcap_writer_align(), fd_solcap_writer_footprint(), 1UL );
47 0 : runner->solcap = fd_solcap_writer_new( solcap_mem );
48 0 : FD_TEST( runner->solcap );
49 0 : FD_TEST( fd_solcap_writer_init( solcap_mem, runner->solcap_file ) );
50 0 : }
51 :
52 0 : return runner;
53 0 : }
54 :
55 : static void
56 0 : sol_compat_cleanup_runner( fd_solfuzz_runner_t * runner ) {
57 : /* Cleanup test runner */
58 0 : if( runner->solcap ) {
59 0 : fd_solcap_writer_flush( runner->solcap );
60 0 : fd_wksp_free_laddr( fd_solcap_writer_delete( runner->solcap ) );
61 0 : runner->solcap = NULL;
62 0 : fclose( runner->solcap_file );
63 0 : runner->solcap_file = NULL;
64 0 : }
65 0 : fd_solfuzz_runner_delete( runner );
66 0 : }
67 :
68 : void
69 0 : sol_compat_init( int log_level ) {
70 0 : int argc = 1;
71 0 : char * argv[2] = { (char *)"fd_exec_sol_compat", NULL };
72 0 : char ** argv_ = argv;
73 0 : if( !getenv( "FD_LOG_PATH" ) ) {
74 0 : setenv( "FD_LOG_PATH", "", 1 );
75 0 : }
76 :
77 0 : char const * enable_vm_tracing_env = getenv( "ENABLE_VM_TRACING");
78 0 : int enable_vm_tracing = enable_vm_tracing_env!=NULL;
79 0 : fd_solfuzz_runner_options_t options = {
80 0 : .enable_vm_tracing = enable_vm_tracing
81 0 : };
82 :
83 0 : fd_log_enable_unclean_exit();
84 0 : fd_boot( &argc, &argv_ );
85 :
86 0 : if( FD_UNLIKELY( wksp || runner ) ) {
87 0 : FD_LOG_ERR(( "sol_compat_init() called multiple times" ));
88 0 : }
89 :
90 0 : ulong footprint = 7UL<<30;
91 0 : ulong part_max = fd_wksp_part_max_est( footprint, 64UL<<10 );
92 0 : ulong data_max = fd_wksp_data_max_est( footprint, part_max );
93 0 : wksp = fd_wksp_demand_paged_new( "sol_compat", 42U, part_max, data_max );
94 0 : if( FD_UNLIKELY( !wksp ) ) FD_LOG_ERR(( "fd_wksp_demand_paged_new() failed" ));
95 :
96 0 : runner = sol_compat_setup_runner( &options );
97 0 : if( FD_UNLIKELY( !runner ) ) FD_LOG_ERR(( "sol_compat_setup_runner() failed" ));
98 :
99 0 : fd_log_level_logfile_set( log_level );
100 0 : fd_log_level_core_set(4); /* abort on FD_LOG_ERR */
101 0 : }
102 :
103 : void
104 0 : sol_compat_fini( void ) {
105 0 : sol_compat_cleanup_runner( runner );
106 0 : fd_wksp_delete_anonymous( wksp );
107 0 : wksp = NULL;
108 0 : runner = NULL;
109 0 : fd_halt();
110 0 : }
111 :
112 : sol_compat_features_t const *
113 0 : sol_compat_get_features_v1( void ) {
114 0 : static sol_compat_features_t features;
115 0 : static ulong hardcoded_features[ FD_FEATURE_ID_CNT ];
116 0 : static ulong supported_features[ FD_FEATURE_ID_CNT ];
117 :
118 0 : FD_ONCE_BEGIN {
119 0 : features.struct_size = sizeof(sol_compat_features_t);
120 0 : features.hardcoded_features = hardcoded_features;
121 0 : features.supported_features = supported_features;
122 0 : for( fd_feature_id_t const * iter = fd_feature_iter_init();
123 0 : !fd_feature_iter_done( iter );
124 0 : iter = fd_feature_iter_next( iter ) ) {
125 0 : if( iter->reverted ) continue; /* skip reverted features */
126 :
127 : /* Pretend that features activated on all clusters are hardcoded */
128 0 : if( iter->hardcode_for_fuzzing ) {
129 0 : hardcoded_features[ features.hardcoded_features_cnt++ ] = iter->id.ul[0];
130 0 : } else {
131 0 : supported_features[ features.supported_feature_cnt++ ] = iter->id.ul[0];
132 0 : }
133 0 : }
134 0 : }
135 0 : FD_ONCE_END;
136 :
137 0 : return &features;
138 0 : }
139 :
140 : /*
141 : * execute_v1
142 : */
143 :
144 : int
145 : sol_compat_instr_execute_v1( uchar * out,
146 : ulong * out_sz,
147 : uchar const * in,
148 0 : ulong in_sz ) {
149 0 : fd_exec_test_instr_context_t input[1] = {0};
150 0 : void * res = sol_compat_decode_lenient( &input, in, in_sz, &fd_exec_test_instr_context_t_msg );
151 0 : if( FD_UNLIKELY( !res ) ) return 0;
152 :
153 0 : int ok = 0;
154 0 : fd_spad_push( runner->spad );
155 0 : void * output = NULL;
156 0 : fd_solfuzz_pb_execute_wrapper( runner, input, &output, fd_solfuzz_pb_instr_run );
157 0 : if( output ) {
158 0 : ok = !!sol_compat_encode( out, out_sz, output, &fd_exec_test_instr_effects_t_msg );
159 0 : }
160 0 : fd_spad_pop( runner->spad );
161 :
162 0 : pb_release( &fd_exec_test_instr_context_t_msg, input );
163 0 : return ok;
164 0 : }
165 :
166 : int
167 : sol_compat_txn_execute_v1( uchar * out,
168 : ulong * out_sz,
169 : uchar const * in,
170 0 : ulong in_sz ) {
171 0 : fd_exec_test_txn_context_t input[1] = {0};
172 0 : void * res = sol_compat_decode_lenient( &input, in, in_sz, &fd_exec_test_txn_context_t_msg );
173 0 : if( FD_UNLIKELY( !res ) ) return 0;
174 :
175 0 : int ok = 0;
176 0 : fd_spad_push( runner->spad );
177 0 : void * output = NULL;
178 0 : fd_solfuzz_pb_execute_wrapper( runner, input, &output, fd_solfuzz_pb_txn_run );
179 0 : if( output ) {
180 0 : ok = !!sol_compat_encode( out, out_sz, output, &fd_exec_test_txn_result_t_msg );
181 0 : }
182 0 : fd_spad_pop( runner->spad );
183 :
184 0 : pb_release( &fd_exec_test_txn_context_t_msg, input );
185 0 : return ok;
186 0 : }
187 :
188 : int
189 : sol_compat_block_execute_v1( uchar * out,
190 : ulong * out_sz,
191 : uchar const * in,
192 0 : ulong in_sz ) {
193 0 : fd_exec_test_block_context_t input[1] = {0};
194 0 : void * res = sol_compat_decode_lenient( &input, in, in_sz, &fd_exec_test_block_context_t_msg );
195 0 : if( FD_UNLIKELY( !res ) ) return 0;
196 :
197 0 : fd_spad_push( runner->spad );
198 0 : int ok = 0;
199 0 : void * output = NULL;
200 0 : fd_solfuzz_pb_execute_wrapper( runner, input, &output, fd_solfuzz_pb_block_run );
201 0 : if( output ) {
202 0 : ok = !!sol_compat_encode( out, out_sz, output, &fd_exec_test_block_effects_t_msg );
203 0 : }
204 0 : fd_spad_pop( runner->spad );
205 :
206 0 : pb_release( &fd_exec_test_block_context_t_msg, input );
207 0 : return ok;
208 0 : }
209 :
210 : int
211 : sol_compat_elf_loader_v1( uchar * out,
212 : ulong * out_sz,
213 : uchar const * in,
214 0 : ulong in_sz ) {
215 0 : fd_exec_test_elf_loader_ctx_t input[1] = {0};
216 0 : void * res = sol_compat_decode( &input, in, in_sz, &fd_exec_test_elf_loader_ctx_t_msg );
217 0 : if( FD_UNLIKELY( !res ) ) return 0;
218 :
219 0 : fd_spad_push( runner->spad );
220 0 : int ok = 0;
221 0 : void * output = NULL;
222 0 : fd_solfuzz_pb_execute_wrapper( runner, input, &output, fd_solfuzz_pb_elf_loader_run );
223 0 : if( output ) {
224 0 : ok = !!sol_compat_encode( out, out_sz, output, &fd_exec_test_elf_loader_effects_t_msg );
225 0 : }
226 0 : fd_spad_pop( runner->spad );
227 :
228 0 : pb_release( &fd_exec_test_elf_loader_ctx_t_msg, input );
229 0 : return ok;
230 0 : }
231 :
232 : int
233 : sol_compat_vm_syscall_execute_v1( uchar * out,
234 : ulong * out_sz,
235 : uchar const * in,
236 0 : ulong in_sz ) {
237 0 : fd_exec_test_syscall_context_t input[1] = {0};
238 0 : void * res = sol_compat_decode_lenient( &input, in, in_sz, &fd_exec_test_syscall_context_t_msg );
239 0 : if( FD_UNLIKELY( !res ) ) return 0;
240 :
241 0 : fd_spad_push( runner->spad );
242 0 : int ok = 0;
243 0 : void * output = NULL;
244 0 : fd_solfuzz_pb_execute_wrapper( runner, input, &output, fd_solfuzz_pb_syscall_run );
245 0 : if( output ) {
246 0 : ok = !!sol_compat_encode( out, out_sz, output, &fd_exec_test_syscall_effects_t_msg );
247 0 : }
248 0 : fd_spad_pop( runner->spad );
249 :
250 0 : pb_release( &fd_exec_test_syscall_context_t_msg, input );
251 0 : return ok;
252 0 : }
253 :
254 : int
255 : sol_compat_vm_interp_v1( uchar * out,
256 : ulong * out_sz,
257 : uchar const * in,
258 0 : ulong in_sz ) {
259 0 : fd_exec_test_syscall_context_t input[1] = {0};
260 0 : void * res = sol_compat_decode_lenient( &input, in, in_sz, &fd_exec_test_syscall_context_t_msg );
261 0 : if( FD_UNLIKELY( !res ) ) return 0;
262 :
263 0 : fd_spad_push( runner->spad );
264 0 : int ok = 0;
265 0 : void * output = NULL;
266 0 : fd_solfuzz_pb_execute_wrapper( runner, input, &output, fd_solfuzz_pb_vm_interp_run );
267 0 : if( output ) {
268 0 : ok = !!sol_compat_encode( out, out_sz, output, &fd_exec_test_syscall_effects_t_msg );
269 0 : }
270 0 : fd_spad_pop( runner->spad );
271 :
272 0 : pb_release( &fd_exec_test_syscall_context_t_msg, input );
273 0 : return ok;
274 0 : }
275 :
276 : int
277 : sol_compat_shred_parse_v1( uchar * out,
278 : ulong * out_sz,
279 : uchar const * in,
280 0 : ulong in_sz ) {
281 0 : fd_exec_test_shred_binary_t input[1] = {0};
282 0 : void * res = sol_compat_decode_lenient( &input, in, in_sz, &fd_exec_test_shred_binary_t_msg );
283 0 : if( FD_UNLIKELY( res==NULL ) ) {
284 0 : return 0;
285 0 : }
286 0 : if( FD_UNLIKELY( input[0].data==NULL ) ) {
287 0 : pb_release( &fd_exec_test_shred_binary_t_msg, input );
288 0 : return 0;
289 0 : }
290 0 : fd_exec_test_accepts_shred_t output[1] = {0};
291 0 : output[0].valid = !!fd_shred_parse( input[0].data->bytes, input[0].data->size );
292 0 : pb_release( &fd_exec_test_shred_binary_t_msg, input );
293 0 : return !!sol_compat_encode( out, out_sz, output, &fd_exec_test_accepts_shred_t_msg );
294 0 : }
295 :
296 : /*
297 : * execute_v2
298 : Unlike sol_compat_execute_v1 APIs, v2 APIs use flatbuffers for
299 : zero-copy decoding. Returns SOL_COMPAT_V2_SUCCESS on success and
300 : SOL_COMPAT_V2_FAILURE on failure.
301 :
302 : out: output buffer
303 : out_sz: output buffer size
304 : in: input buffer
305 : in_sz: input buffer size (unused)
306 :
307 : Since flatbuffers utilizes zero-copy decoding, the v2 API does not
308 : require an input buffer size. Therefore, it is the caller's
309 : responsibility to ensure the input buffer is well-formed (preferably
310 : using a call to _verify_as_root) to avoid any OOB reads.
311 :
312 : TODO: Make sol_compat_v2 APIs infallible???
313 : */
314 :
315 : #if FD_HAS_FLATCC
316 :
317 : int
318 : sol_compat_elf_loader_v2( uchar * out,
319 : ulong * out_sz,
320 : uchar const * in,
321 0 : ulong FD_FN_UNUSED in_sz ) {
322 0 : SOL_COMPAT_NS(ELFLoaderCtx_table_t) input = SOL_COMPAT_NS(ELFLoaderCtx_as_root( in ));
323 0 : if( FD_UNLIKELY( !input ) ) return 0;
324 :
325 0 : int err = fd_solfuzz_fb_execute_wrapper( runner, input, fd_solfuzz_fb_elf_loader_run );
326 0 : if( FD_UNLIKELY( err==SOL_COMPAT_V2_FAILURE ) ) return err;
327 :
328 0 : ulong buffer_sz = flatcc_builder_get_buffer_size( runner->fb_builder );
329 0 : flatcc_builder_copy_buffer( runner->fb_builder, out, buffer_sz );
330 0 : *out_sz = buffer_sz;
331 :
332 0 : return SOL_COMPAT_V2_SUCCESS;
333 0 : }
334 :
335 : #endif /* FD_HAS_FLATCC */
|
