Line data Source code
1 : #include "fd_vm_syscall.h"
2 : #include "../../runtime/fd_borrowed_account.h"
3 : #include "../../runtime/fd_system_ids.h"
4 :
5 : /* FIXME: ALGO EFFICIENCY */
6 : static inline int
7 : fd_vm_syscall_cpi_is_signer( fd_pubkey_t const * account,
8 : fd_pubkey_t const * signers,
9 0 : ulong signers_cnt ) {
10 0 : for( ulong i=0UL; i<signers_cnt; i++ ) if( !memcmp( account->uc, signers[i].uc, sizeof(fd_pubkey_t) ) ) return 1;
11 0 : return 0;
12 0 : }
13 :
14 : /*
15 : fd_vm_prepare_instruction populates instruction_accounts and instruction_accounts_cnt
16 : with the instruction accounts ready for execution.
17 :
18 : The majority of this logic is taken from
19 : https://github.com/solana-labs/solana/blob/v1.17.22/program-runtime/src/invoke_context.rs#L535,
20 : and is not vm-specific, but a part of the runtime.
21 : TODO: should we move this out of the CPI section?
22 :
23 : The bulk of the logic is concerned with unifying the privileges for each duplicated account,
24 : ensuring that each duplicate account referenced has the same privileges. It also performs some
25 : priviledge checks, for example ensuring the necessary signatures are present.
26 :
27 : TODO: instruction calling convention: const parameters after non-const.
28 :
29 : Assumptions:
30 : - We do not have more than 256 unique accounts in the callee_instr.
31 : This limit comes from the fact that a Solana transaction cannot
32 : refefence more than 256 unique accounts, due to the transaction
33 : serialization format.
34 : - callee_instr is not null.
35 : - callee_instr->acct_pubkeys is at least as long as callee_instr->acct_cnt
36 : - instr_ctx->txn_ctx->accounts_cnt is less than UCHAR_MAX.
37 : This is likely because the transaction is limited to 256 accounts.
38 : - callee_instr->program_id is set to UCHAR_MAX if account is not in instr_ctx->txn_ctx.
39 : - instruction_accounts is a 256-length empty array.
40 :
41 : Parameters:
42 : - callee_instr
43 : - instr_ctx
44 : - instruction_accounts
45 : - instruction_accounts_cnt
46 : - signers
47 : - signers_cnt
48 :
49 : Returns:
50 : - instruction_accounts
51 : - instruction_accounts_cnt
52 : Populated with the instruction accounts with normalized permissions.
53 :
54 : TODO: is it possible to pass the transaction indexes of the accounts in?
55 : This would allow us to make some of these algorithms more efficient.
56 : */
57 : int
58 : fd_vm_prepare_instruction( fd_instr_info_t * callee_instr,
59 : fd_exec_instr_ctx_t * instr_ctx,
60 : fd_pubkey_t const * callee_program_id_pubkey,
61 : fd_pubkey_t const instr_acct_keys[ FD_VM_CPI_MAX_INSTRUCTION_ACCOUNTS ],
62 : fd_instruction_account_t instruction_accounts[ FD_VM_CPI_MAX_INSTRUCTION_ACCOUNTS ],
63 : ulong * instruction_accounts_cnt,
64 : fd_pubkey_t const * signers,
65 36 : ulong signers_cnt ) {
66 :
67 : /* De-duplicate the instruction accounts, using the same logic as Solana */
68 36 : ulong deduplicated_instruction_accounts_cnt = 0;
69 36 : fd_instruction_account_t deduplicated_instruction_accounts[ FD_VM_CPI_MAX_INSTRUCTION_ACCOUNTS ] = {0};
70 36 : ulong duplicate_indicies_cnt = 0;
71 36 : ulong duplicate_indices[ FD_VM_CPI_MAX_INSTRUCTION_ACCOUNTS ] = {0};
72 :
73 : /* This function is either called by a true CPI or by a native cpi invocation.
74 : The native CPI invocation is never called with more than 3 instruction
75 : accounts, and the true CPI is never called with more than
76 : FD_VM_CPI_MAX_INSTRUCTION_ACCOUNTS. */
77 36 : if( FD_UNLIKELY( callee_instr->acct_cnt > FD_VM_CPI_MAX_INSTRUCTION_ACCOUNTS ) ) {
78 0 : FD_LOG_CRIT(( "invariant violation: too many accounts %u", callee_instr->acct_cnt ));
79 0 : }
80 :
81 : /* Normalize the privileges of each instruction account in the callee, after de-duping
82 : the account references.
83 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/program-runtime/src/invoke_context.rs#L540-L595 */
84 108 : for( ulong i=0UL; i<callee_instr->acct_cnt; i++ ) {
85 72 : ushort index_in_transaction = callee_instr->accounts[i].index_in_transaction;
86 72 : ushort index_in_caller = callee_instr->accounts[i].index_in_caller;
87 :
88 72 : if( index_in_transaction==USHORT_MAX ) {
89 : /* In this case the callee instruction is referencing an unknown account not listed in the
90 : transactions accounts. */
91 0 : FD_BASE58_ENCODE_32_BYTES( instr_acct_keys[i].uc, id_b58 );
92 0 : fd_log_collector_msg_many( instr_ctx, 2, "Instruction references an unknown account ", 42UL, id_b58, id_b58_len );
93 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
94 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
95 0 : }
96 :
97 : /* If there was an instruction account before this one which referenced the same
98 : transaction account index, find it's index in the deduplicated_instruction_accounts
99 : array. */
100 72 : ulong duplicate_index = ULONG_MAX;
101 108 : for( ulong j=0UL; j<deduplicated_instruction_accounts_cnt; j++ ) {
102 36 : if( deduplicated_instruction_accounts[j].index_in_transaction==index_in_transaction ) {
103 0 : duplicate_index = j;
104 0 : break;
105 0 : }
106 36 : }
107 :
108 : /* If this was account referenced in a previous iteration, update the flags to include those set
109 : in this iteration. This ensures that after all the iterations, the de-duplicated account flags
110 : for each account are the union of all the flags in all the references to that account in this instruction. */
111 :
112 : /* TODO: FD_UNLIKELY? Need to check which branch is more common by running against a larger mainnet ledger */
113 : /* TODO: this code would maybe be easier to read if we inverted the branches */
114 72 : if( duplicate_index!=ULONG_MAX ) {
115 0 : if ( FD_UNLIKELY( duplicate_index >= deduplicated_instruction_accounts_cnt ) ) {
116 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
117 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
118 0 : }
119 :
120 0 : duplicate_indices[duplicate_indicies_cnt++] = duplicate_index;
121 0 : fd_instruction_account_t * instruction_account = &deduplicated_instruction_accounts[duplicate_index];
122 0 : instruction_account->is_signer = !!(instruction_account->is_signer | callee_instr->accounts[i].is_signer);
123 0 : instruction_account->is_writable = !!(instruction_account->is_writable | callee_instr->accounts[i].is_writable);
124 72 : } else {
125 : /* In the case where the callee instruction is NOT a duplicate, we need to
126 : create the deduplicated_instruction_accounts fd_instruction_account_t object. */
127 :
128 : /* Add the instruction account to the duplicate indicies array */
129 72 : duplicate_indices[duplicate_indicies_cnt++] = deduplicated_instruction_accounts_cnt;
130 :
131 : /* Initialize the instruction account in the deduplicated_instruction_accounts array */
132 72 : fd_instruction_account_t * instruction_account = &deduplicated_instruction_accounts[deduplicated_instruction_accounts_cnt++];
133 72 : *instruction_account = fd_instruction_account_init( index_in_transaction,
134 72 : index_in_caller,
135 72 : (ushort)i,
136 72 : !!(callee_instr->accounts[i].is_writable),
137 72 : !!(callee_instr->accounts[i].is_signer) );
138 72 : }
139 72 : }
140 :
141 : /* Check the normalized account permissions for privilege escalation.
142 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/program-runtime/src/invoke_context.rs#L596-L624 */
143 108 : for( ulong i = 0; i < deduplicated_instruction_accounts_cnt; i++ ) {
144 72 : fd_instruction_account_t * instruction_account = &deduplicated_instruction_accounts[i];
145 :
146 : /* https://github.com/anza-xyz/agave/blob/v2.1.14/program-runtime/src/invoke_context.rs#L390-L393 */
147 72 : fd_guarded_borrowed_account_t borrowed_caller_acct = {0};
148 72 : FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, instruction_account->index_in_caller, &borrowed_caller_acct );
149 :
150 : /* Check that the account is not read-only in the caller but writable in the callee */
151 72 : if( FD_UNLIKELY( instruction_account->is_writable && !fd_borrowed_account_is_writable( &borrowed_caller_acct ) ) ) {
152 0 : FD_BASE58_ENCODE_32_BYTES( borrowed_caller_acct.pubkey->uc, id_b58 );
153 0 : fd_log_collector_msg_many( instr_ctx, 2, id_b58, id_b58_len, "'s writable privilege escalated", 31UL );
154 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION, instr_ctx->txn_out->err.exec_err_idx );
155 0 : return FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION;
156 0 : }
157 :
158 : /* If the account is signed in the callee, it must be signed by the caller or the program */
159 72 : if ( FD_UNLIKELY( instruction_account->is_signer && !( fd_borrowed_account_is_signer( &borrowed_caller_acct ) || fd_vm_syscall_cpi_is_signer( borrowed_caller_acct.pubkey, signers, signers_cnt) ) ) ) {
160 0 : FD_BASE58_ENCODE_32_BYTES( borrowed_caller_acct.pubkey->uc, id_b58 );
161 0 : fd_log_collector_msg_many( instr_ctx, 2, id_b58, id_b58_len, "'s signer privilege escalated", 29UL );
162 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION, instr_ctx->txn_out->err.exec_err_idx );
163 0 : return FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION;
164 0 : }
165 72 : }
166 :
167 : /* Copy the accounts with their normalized permissions over to the final instruction_accounts array,
168 : and set the callee_instr acct_flags. */
169 108 : for (ulong i = 0; i < duplicate_indicies_cnt; i++) {
170 72 : ulong duplicate_index = duplicate_indices[i];
171 :
172 : /* Failing this condition is technically impossible, but it is probably safest to keep this in
173 : so that we throw InstructionError::NotEnoughAccountKeys at the same point at Solana does,
174 : in the event any surrounding code is changed.
175 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/program-runtime/src/invoke_context.rs#L625-L633 */
176 72 : if ( FD_LIKELY( duplicate_index < deduplicated_instruction_accounts_cnt ) ) {
177 72 : instruction_accounts[i] = deduplicated_instruction_accounts[duplicate_index];
178 72 : callee_instr->accounts[i].is_writable = !!(instruction_accounts[i].is_writable);
179 72 : callee_instr->accounts[i].is_signer = !!(instruction_accounts[i].is_signer);
180 72 : } else {
181 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
182 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
183 0 : }
184 72 : }
185 :
186 : /* Obtain the program account index and return a MissingAccount error if not found.
187 : https://github.com/anza-xyz/agave/blob/v2.1.14/program-runtime/src/invoke_context.rs#L430-L435 */
188 36 : int program_idx = fd_exec_instr_ctx_find_idx_of_instr_account( instr_ctx, callee_program_id_pubkey );
189 36 : if( FD_UNLIKELY( program_idx == -1 ) ) {
190 0 : FD_BASE58_ENCODE_32_BYTES( callee_program_id_pubkey->uc, id_b58 );
191 0 : fd_log_collector_msg_many( instr_ctx, 2, "Unknown program ", 16UL, id_b58, id_b58_len );
192 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
193 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
194 0 : }
195 :
196 : /* Caller is in charge of setting an appropriate sentinel value (i.e., UCHAR_MAX) for callee_instr->program_id if not found.
197 : Borrow the program account here.
198 : https://github.com/anza-xyz/agave/blob/v2.1.14/program-runtime/src/invoke_context.rs#L436-L437 */
199 36 : fd_guarded_borrowed_account_t borrowed_program_account = {0};
200 36 : int err = fd_exec_instr_ctx_try_borrow_instr_account( instr_ctx, (ushort)program_idx, &borrowed_program_account );
201 36 : if( FD_UNLIKELY( err ) ) {
202 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, err, instr_ctx->txn_out->err.exec_err_idx );
203 0 : return err;
204 0 : }
205 :
206 36 : if( FD_UNLIKELY( err ) ) {
207 : /* https://github.com/anza-xyz/agave/blob/a9ac3f55fcb2bc735db0d251eda89897a5dbaaaa/program-runtime/src/invoke_context.rs#L434 */
208 0 : FD_BASE58_ENCODE_32_BYTES( callee_program_id_pubkey->uc, id_b58 );
209 0 : fd_log_collector_msg_many( instr_ctx, 2, "Unknown program ", 16UL, id_b58, id_b58_len );
210 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
211 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
212 0 : }
213 :
214 36 : *instruction_accounts_cnt = duplicate_indicies_cnt;
215 :
216 36 : return 0;
217 36 : }
218 :
219 : /**********************************************************************
220 : CROSS PROGRAM INVOCATION (Generic logic)
221 : **********************************************************************/
222 :
223 : /* FD_CPI_MAX_SIGNER_CNT is the max amount of PDA signer addresses that
224 : a cross-program invocation can include in an instruction.
225 :
226 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/programs/bpf_loader/src/syscalls/mod.rs#L80 */
227 :
228 : #define FD_CPI_MAX_SIGNER_CNT (16UL)
229 :
230 : /* "Maximum number of account info structs that can be used in a single CPI
231 : invocation. A limit on account info structs is effectively the same as
232 : limiting the number of unique accounts. 128 was chosen to match the max
233 : number of locked accounts per transaction (MAX_TX_ACCOUNT_LOCKS)."
234 :
235 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/sdk/program/src/syscalls/mod.rs#L25
236 : https://github.com/anza-xyz/agave/blob/838c1952595809a31520ff1603a13f2c9123aa51/programs/bpf_loader/src/syscalls/cpi.rs#L1011 */
237 :
238 9 : #define FD_CPI_MAX_ACCOUNT_INFOS (128UL)
239 18 : #define FD_CPI_MAX_ACCOUNT_INFOS_SIMD_0339 (255UL)
240 :
241 : /* This is just encoding what Agave says in their code comments into a
242 : compile-time check, so if anyone ever inadvertently changes one of
243 : the limits, they will have to take a look. */
244 : FD_STATIC_ASSERT( FD_CPI_MAX_ACCOUNT_INFOS==MAX_TX_ACCOUNT_LOCKS, cpi_max_account_info );
245 :
246 : /* https://github.com/anza-xyz/agave/blob/v3.1.2/program-runtime/src/cpi.rs#L168-L180 */
247 : static inline ulong
248 36 : get_cpi_max_account_infos( fd_bank_t * bank ) {
249 36 : if( FD_LIKELY( FD_FEATURE_ACTIVE_BANK( bank, increase_cpi_account_info_limit ) ) ) {
250 18 : return FD_CPI_MAX_ACCOUNT_INFOS_SIMD_0339;
251 18 : } else if( FD_LIKELY( FD_FEATURE_ACTIVE_BANK( bank, increase_tx_account_lock_limit ) ) ) {
252 9 : return FD_CPI_MAX_ACCOUNT_INFOS;
253 9 : } else {
254 9 : return 64UL;
255 9 : }
256 36 : }
257 :
258 : /* https://github.com/anza-xyz/agave/blob/v3.1.2/program-runtime/src/execution_budget.rs#L25-L31 */
259 : static inline ulong
260 36 : get_cpi_invoke_unit_cost( fd_bank_t * bank ) {
261 36 : return fd_ulong_if(
262 36 : FD_FEATURE_ACTIVE_BANK( bank, increase_cpi_account_info_limit ),
263 36 : FD_VM_INVOKE_UNITS_SIMD_0339,
264 36 : FD_VM_INVOKE_UNITS );
265 36 : }
266 :
267 : /* fd_vm_syscall_cpi_check_instruction contains common instruction acct
268 : count and data sz checks. Also consumes compute units proportional
269 : to instruction data size. */
270 :
271 : static int
272 : fd_vm_syscall_cpi_check_instruction( ulong acct_cnt,
273 36 : ulong data_sz ) {
274 : /* https://github.com/anza-xyz/agave/blob/v3.1.2/program-runtime/src/cpi.rs#L146-L161 */
275 36 : if( FD_UNLIKELY( acct_cnt > FD_VM_CPI_MAX_INSTRUCTION_ACCOUNTS ) ) {
276 : // SyscallError::MaxInstructionAccountsExceeded
277 0 : return FD_VM_SYSCALL_ERR_MAX_INSTRUCTION_ACCOUNTS_EXCEEDED;
278 0 : }
279 36 : if( FD_UNLIKELY( data_sz>FD_RUNTIME_CPI_MAX_INSTR_DATA_LEN ) ) {
280 : // SyscallError::MaxInstructionDataLenExceeded
281 0 : return FD_VM_SYSCALL_ERR_MAX_INSTRUCTION_DATA_LEN_EXCEEDED;
282 0 : }
283 :
284 36 : return FD_VM_SUCCESS;
285 36 : }
286 :
287 : /* https://github.com/anza-xyz/agave/blob/v3.0.1/syscalls/src/cpi.rs#L1134-L1169 */
288 : static inline int
289 : fd_vm_cpi_update_caller_account_region( fd_vm_t * vm,
290 : ulong instr_acc_idx,
291 : fd_vm_cpi_caller_account_t * caller_account,
292 0 : fd_borrowed_account_t * borrowed_account ) {
293 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L1141-L1148 */
294 0 : ulong address_space_reserved_for_account;
295 0 : if( vm->stricter_abi_and_runtime_constraints && vm->is_deprecated ) {
296 0 : address_space_reserved_for_account = caller_account->orig_data_len;
297 0 : } else {
298 0 : address_space_reserved_for_account = fd_ulong_sat_add( caller_account->orig_data_len, MAX_PERMITTED_DATA_INCREASE );
299 0 : }
300 :
301 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L1159-L1164 */
302 0 : if( address_space_reserved_for_account > 0UL ) {
303 : /* Note that we don't special-case direct mapping here, as Agave does,
304 : because we do not create regions using CoW upon resize like Agave does.
305 :
306 : Therefore we do not need the logic in the Agave code to create a new
307 : region, as we have already created all the regions for each account.
308 :
309 : Therefore we do not have equivalents of Agave's
310 : modify_memory_region_of_account and create_memory_region_of_account
311 : functions, but we instead inline this logic directly below. */
312 0 : fd_vm_acc_region_meta_t * acc_region_meta = &vm->acc_region_metas[instr_acc_idx];
313 0 : fd_vm_input_region_t * region = &vm->input_mem_regions[acc_region_meta->region_idx + 1UL];
314 :
315 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L1159-L1165 */
316 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/program-runtime/src/serialization.rs#L23-L35 */
317 0 : region->region_sz = (uint)fd_borrowed_account_get_data_len( borrowed_account );
318 :
319 0 : int err;
320 0 : int is_writable = fd_borrowed_account_can_data_be_changed( borrowed_account, &err );
321 :
322 0 : region->is_writable = (uchar)is_writable && ( err == FD_EXECUTOR_INSTR_SUCCESS );
323 0 : }
324 :
325 0 : return FD_VM_SUCCESS;
326 0 : }
327 :
328 : /**********************************************************************
329 : CROSS PROGRAM INVOCATION HELPERS
330 : **********************************************************************/
331 :
332 : static inline int
333 : fd_vm_syscall_cpi_check_id( fd_pubkey_t const * program_id,
334 252 : uchar const * loader ) {
335 252 : return !memcmp( program_id, loader, sizeof(fd_pubkey_t) );
336 252 : }
337 :
338 : /* fd_vm_syscall_cpi_is_precompile returns true if the given program_id
339 : corresponds to a precompile. It does this by checking against a hardcoded
340 : list of known pre-compiles.
341 :
342 : This mirrors the behaviour in solana_sdk::precompiles::is_precompile
343 : https://github.com/solana-labs/solana/blob/2afde1b028ed4593da5b6c735729d8994c4bfac6/sdk/src/precompiles.rs#L93
344 : */
345 : static inline int
346 36 : fd_vm_syscall_cpi_is_precompile( fd_pubkey_t const * program_id, fd_bank_t * bank ) {
347 36 : return fd_vm_syscall_cpi_check_id(program_id, fd_solana_keccak_secp_256k_program_id.key) |
348 36 : fd_vm_syscall_cpi_check_id(program_id, fd_solana_ed25519_sig_verify_program_id.key) |
349 36 : ( fd_vm_syscall_cpi_check_id(program_id, fd_solana_secp256r1_program_id.key) &&
350 36 : FD_FEATURE_ACTIVE_BANK( bank, enable_secp256r1_precompile ) );
351 36 : }
352 :
353 : /* fd_vm_syscall_cpi_check_authorized_program corresponds to
354 : solana_bpf_loader_program::syscalls::cpi::check_authorized_program:
355 : https://github.com/solana-labs/solana/blob/2afde1b028ed4593da5b6c735729d8994c4bfac6/programs/bpf_loader/src/syscalls/cpi.rs#L1032
356 :
357 : It determines if the given program_id is authorized to execute a CPI call.
358 : Returns 1 if authorized, 0 otherwise.
359 : */
360 : static inline int
361 : fd_vm_syscall_cpi_check_authorized_program( fd_pubkey_t const * program_id,
362 : fd_bank_t * bank,
363 : uchar const * instruction_data,
364 36 : ulong instruction_data_len ) {
365 : /* FIXME: do this in a branchless manner? using bitwise comparison would probably be faster */
366 36 : return !( fd_vm_syscall_cpi_check_id(program_id, fd_solana_native_loader_id.key) ||
367 36 : fd_vm_syscall_cpi_check_id(program_id, fd_solana_bpf_loader_program_id.key) ||
368 36 : fd_vm_syscall_cpi_check_id(program_id, fd_solana_bpf_loader_deprecated_program_id.key) ||
369 36 : ( fd_vm_syscall_cpi_check_id(program_id, fd_solana_bpf_loader_upgradeable_program_id.key) &&
370 36 : !(( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_upgrade ) ||
371 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_set_authority ) ||
372 0 : ( FD_FEATURE_ACTIVE_BANK( bank, enable_bpf_loader_set_authority_checked_ix ) &&
373 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_set_authority_checked )) ||
374 0 : ( FD_FEATURE_ACTIVE_BANK( bank, enable_extend_program_checked ) &&
375 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_extend_program_checked )) ||
376 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_close ))) ||
377 36 : fd_vm_syscall_cpi_is_precompile( program_id, bank ) );
378 36 : }
379 :
380 : /* The data and lamports fields are in an Rc<Refcell<T>> in the Rust ABI AccountInfo.
381 : These macros perform the equivalent of Rc<Refcell<T>>.as_ptr() in Agave.
382 : This function doesn't actually touch any memory.
383 : It performs pointer arithmetic.
384 : */
385 : FD_FN_CONST static inline
386 0 : ulong vm_syscall_cpi_acc_info_rc_refcell_as_ptr( ulong rc_refcell_vaddr ) {
387 0 : return (ulong) &(((fd_vm_rc_refcell_t *)rc_refcell_vaddr)->payload);
388 0 : }
389 :
390 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L310-L316
391 : */
392 : FD_FN_CONST static inline
393 48 : ulong vm_syscall_cpi_data_len_vaddr_c( ulong acct_info_vaddr, ulong data_len_haddr, ulong acct_info_haddr ) {
394 48 : return fd_ulong_sat_sub( fd_ulong_sat_add( acct_info_vaddr, data_len_haddr ), acct_info_haddr );
395 48 : }
396 :
397 : /**********************************************************************
398 : CROSS PROGRAM INVOCATION (C ABI)
399 : **********************************************************************/
400 :
401 : #define VM_SYSCALL_CPI_ABI c
402 36 : #define VM_SYSCALL_CPI_INSTR_T fd_vm_c_instruction_t
403 : #define VM_SYSCALL_CPI_INSTR_ALIGN (FD_VM_C_INSTRUCTION_ALIGN)
404 : #define VM_SYSCALL_CPI_INSTR_SIZE (FD_VM_C_INSTRUCTION_SIZE)
405 180 : #define VM_SYSCALL_CPI_ACC_META_T fd_vm_c_account_meta_t
406 : #define VM_SYSCALL_CPI_ACC_META_ALIGN (FD_VM_C_ACCOUNT_META_ALIGN)
407 : #define VM_SYSCALL_CPI_ACC_META_SIZE (FD_VM_C_ACCOUNT_META_SIZE)
408 36 : #define VM_SYSCALL_CPI_ACC_INFO_T fd_vm_c_account_info_t
409 : #define VM_SYSCALL_CPI_ACC_INFO_ALIGN (FD_VM_C_ACCOUNT_INFO_ALIGN)
410 84 : #define VM_SYSCALL_CPI_ACC_INFO_SIZE (FD_VM_C_ACCOUNT_INFO_SIZE)
411 :
412 : /* VM_SYSCALL_CPI_INSTR_T accessors */
413 : #define VM_SYSCALL_CPI_INSTR_DATA_ADDR( instr ) instr->data_addr
414 108 : #define VM_SYSCALL_CPI_INSTR_DATA_LEN( instr ) instr->data_len
415 : #define VM_SYSCALL_CPI_INSTR_ACCS_ADDR( instr ) instr->accounts_addr
416 306 : #define VM_SYSCALL_CPI_INSTR_ACCS_LEN( instr ) instr->accounts_len
417 : #define VM_SYSCALL_CPI_INSTR_PROGRAM_ID( vm, instr ) \
418 36 : FD_VM_MEM_HADDR_LD( vm, instr->program_id_addr, alignof(uchar), sizeof(fd_pubkey_t) )
419 :
420 : /* VM_SYSCALL_CPI_ACC_META_T accessors */
421 144 : #define VM_SYSCALL_CPI_ACC_META_IS_WRITABLE( acc_meta ) acc_meta->is_writable
422 144 : #define VM_SYSCALL_CPI_ACC_META_IS_SIGNER( acc_meta ) acc_meta->is_signer
423 : #define VM_SYSCALL_CPI_ACC_META_PUBKEY( vm, acc_meta ) \
424 144 : FD_VM_MEM_HADDR_LD( vm, acc_meta->pubkey_addr, alignof(uchar), sizeof(fd_pubkey_t) )
425 :
426 : /* VM_SYSCALL_CPI_ACC_INFO_T accessors */
427 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR( vm, acc_info, decl ) \
428 48 : ulong decl = acc_info->lamports_addr;
429 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS( vm, acc_info, decl ) \
430 48 : ulong * decl = FD_VM_MEM_HADDR_ST( vm, acc_info->lamports_addr, alignof(ulong), sizeof(ulong) );
431 :
432 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L304 */
433 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR( vm, acc_info, decl ) \
434 48 : ulong decl = acc_info->data_addr;
435 : #define VM_SYSCALL_CPI_ACC_INFO_DATA( vm, acc_info, decl ) \
436 48 : uchar * decl = FD_VM_MEM_SLICE_HADDR_ST( vm, acc_info->data_addr, alignof(uchar), acc_info->data_sz ); \
437 48 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = acc_info->data_addr; \
438 48 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = acc_info->data_sz;
439 :
440 : #define VM_SYSCALL_CPI_ACC_INFO_METADATA( vm, acc_info, decl ) \
441 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = acc_info->data_addr; \
442 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = acc_info->data_sz;
443 :
444 : #define VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN( vm, acc_info, decl ) \
445 48 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = acc_info->data_sz;
446 :
447 : #include "fd_vm_syscall_cpi_common.c"
448 :
449 : #undef VM_SYSCALL_CPI_ABI
450 : #undef VM_SYSCALL_CPI_INSTR_T
451 : #undef VM_SYSCALL_CPI_INSTR_ALIGN
452 : #undef VM_SYSCALL_CPI_INSTR_SIZE
453 : #undef VM_SYSCALL_CPI_ACC_META_T
454 : #undef VM_SYSCALL_CPI_ACC_META_ALIGN
455 : #undef VM_SYSCALL_CPI_ACC_META_SIZE
456 : #undef VM_SYSCALL_CPI_ACC_INFO_T
457 : #undef VM_SYSCALL_CPI_ACC_INFO_ALIGN
458 : #undef VM_SYSCALL_CPI_ACC_INFO_SIZE
459 : #undef VM_SYSCALL_CPI_INSTR_DATA_ADDR
460 : #undef VM_SYSCALL_CPI_INSTR_DATA_LEN
461 : #undef VM_SYSCALL_CPI_INSTR_ACCS_ADDR
462 : #undef VM_SYSCALL_CPI_INSTR_ACCS_LEN
463 : #undef VM_SYSCALL_CPI_INSTR_PROGRAM_ID
464 : #undef VM_SYSCALL_CPI_ACC_META_IS_WRITABLE
465 : #undef VM_SYSCALL_CPI_ACC_META_IS_SIGNER
466 : #undef VM_SYSCALL_CPI_ACC_META_PUBKEY
467 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR
468 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS
469 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR
470 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA
471 : #undef VM_SYSCALL_CPI_ACC_INFO_METADATA
472 : #undef VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN
473 :
474 : /**********************************************************************
475 : CROSS PROGRAM INVOCATION (Rust ABI)
476 : **********************************************************************/
477 :
478 : #define VM_SYSCALL_CPI_ABI rust
479 0 : #define VM_SYSCALL_CPI_INSTR_T fd_vm_rust_instruction_t
480 : #define VM_SYSCALL_CPI_INSTR_ALIGN (FD_VM_RUST_INSTRUCTION_ALIGN)
481 : #define VM_SYSCALL_CPI_INSTR_SIZE (FD_VM_RUST_INSTRUCTION_SIZE)
482 0 : #define VM_SYSCALL_CPI_ACC_META_T fd_vm_rust_account_meta_t
483 : #define VM_SYSCALL_CPI_ACC_META_ALIGN (FD_VM_RUST_ACCOUNT_META_ALIGN)
484 : #define VM_SYSCALL_CPI_ACC_META_SIZE (FD_VM_RUST_ACCOUNT_META_SIZE)
485 0 : #define VM_SYSCALL_CPI_ACC_INFO_T fd_vm_rust_account_info_t
486 : #define VM_SYSCALL_CPI_ACC_INFO_ALIGN (FD_VM_RUST_ACCOUNT_INFO_ALIGN)
487 0 : #define VM_SYSCALL_CPI_ACC_INFO_SIZE (FD_VM_RUST_ACCOUNT_INFO_SIZE)
488 :
489 : /* VM_SYSCALL_CPI_INSTR_T accessors */
490 : #define VM_SYSCALL_CPI_INSTR_DATA_ADDR( instr ) instr->data.addr
491 0 : #define VM_SYSCALL_CPI_INSTR_DATA_LEN( instr ) instr->data.len
492 : #define VM_SYSCALL_CPI_INSTR_ACCS_ADDR( instr ) instr->accounts.addr
493 0 : #define VM_SYSCALL_CPI_INSTR_ACCS_LEN( instr ) instr->accounts.len
494 0 : #define VM_SYSCALL_CPI_INSTR_PROGRAM_ID( vm, instr ) instr->pubkey
495 :
496 : /* VM_SYSCALL_CPI_ACC_META_T accessors */
497 0 : #define VM_SYSCALL_CPI_ACC_META_IS_WRITABLE( acc_meta ) acc_meta->is_writable
498 0 : #define VM_SYSCALL_CPI_ACC_META_IS_SIGNER( acc_meta ) acc_meta->is_signer
499 0 : #define VM_SYSCALL_CPI_ACC_META_PUBKEY( vm, acc_meta ) acc_meta->pubkey
500 :
501 : /* VM_SYSCALL_CPI_ACC_INFO_T accessors */
502 :
503 : /* The lamports and the account data are stored behind RefCells,
504 : so we have an additional layer of indirection to unwrap. */
505 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR( vm, acc_info, decl ) \
506 0 : ulong const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
507 0 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->lamports_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(ulong) ); \
508 0 : /* Extract the vaddr embedded in the RefCell */ \
509 0 : ulong decl = *FD_EXPAND_THEN_CONCAT2(decl, _hptr_);
510 :
511 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L184-L195 */
512 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS( vm, acc_info, decl ) \
513 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vaddr_) = \
514 0 : *((ulong const *)FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->lamports_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(ulong) )); \
515 0 : ulong * decl = FD_VM_MEM_HADDR_ST( vm, FD_EXPAND_THEN_CONCAT2(decl, _vaddr_), alignof(ulong), sizeof(ulong) );
516 :
517 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L184-L195 */
518 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR( vm, acc_info, decl ) \
519 0 : if( FD_UNLIKELY( vm->stricter_abi_and_runtime_constraints && acc_info->data_box_addr >= FD_VM_MEM_MAP_INPUT_REGION_START ) ) { \
520 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_POINTER ); \
521 0 : return FD_VM_SYSCALL_ERR_INVALID_POINTER; \
522 0 : } \
523 0 : /* Translate the vaddr to the slice */ \
524 0 : fd_vm_vec_t const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
525 0 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(fd_vm_vec_t) ); \
526 0 : /* Extract the vaddr embedded in the slice */ \
527 0 : ulong decl = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr;
528 :
529 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L212-L221 */
530 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_LEN_VADDR( vm, acc_info, decl ) \
531 0 : ulong decl = fd_ulong_sat_add( vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), sizeof(ulong) );
532 :
533 : #define VM_SYSCALL_CPI_ACC_INFO_DATA( vm, acc_info, decl ) \
534 : /* Translate the vaddr to the slice */ \
535 0 : fd_vm_vec_t const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
536 0 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(fd_vm_vec_t) ); \
537 0 : /* Declare the vaddr of the slice's underlying byte array */ \
538 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr; \
539 0 : /* Declare the size of the slice's underlying byte array */ \
540 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len; \
541 0 : /* Translate the vaddr to the underlying byte array */ \
542 0 : uchar * decl = FD_VM_MEM_SLICE_HADDR_ST( \
543 0 : vm, FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr, alignof(uchar), FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len );
544 :
545 : #define VM_SYSCALL_CPI_ACC_INFO_METADATA( vm, acc_info, decl ) \
546 : /* Translate the vaddr to the slice */ \
547 : fd_vm_vec_t const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
548 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(fd_vm_vec_t) ); \
549 : /* Declare the vaddr of the slice's underlying byte array */ \
550 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr; \
551 : /* Declare the size of the slice's underlying byte array */ \
552 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len;
553 :
554 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_RC_REFCELL_VADDR( vm, acc_info, decl ) \
555 0 : ulong decl = vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->lamports_box_addr );
556 :
557 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_RC_REFCELL_VADDR( vm, acc_info, decl ) \
558 : ulong decl = vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr );
559 :
560 : #define VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN( vm, acc_info, decl ) \
561 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len;
562 :
563 : #include "fd_vm_syscall_cpi_common.c"
564 :
565 : #undef VM_SYSCALL_CPI_ABI
566 : #undef VM_SYSCALL_CPI_INSTR_T
567 : #undef VM_SYSCALL_CPI_INSTR_ALIGN
568 : #undef VM_SYSCALL_CPI_INSTR_SIZE
569 : #undef VM_SYSCALL_CPI_ACC_META_T
570 : #undef VM_SYSCALL_CPI_ACC_META_ALIGN
571 : #undef VM_SYSCALL_CPI_ACC_META_SIZE
572 : #undef VM_SYSCALL_CPI_ACC_INFO_T
573 : #undef VM_SYSCALL_CPI_ACC_INFO_ALIGN
574 : #undef VM_SYSCALL_CPI_ACC_INFO_SIZE
575 : #undef VM_SYSCALL_CPI_INSTR_DATA_ADDR
576 : #undef VM_SYSCALL_CPI_INSTR_DATA_LEN
577 : #undef VM_SYSCALL_CPI_INSTR_ACCS_ADDR
578 : #undef VM_SYSCALL_CPI_INSTR_ACCS_LEN
579 : #undef VM_SYSCALL_CPI_INSTR_PROGRAM_ID
580 : #undef VM_SYSCALL_CPI_ACC_META_IS_WRITABLE
581 : #undef VM_SYSCALL_CPI_ACC_META_IS_SIGNER
582 : #undef VM_SYSCALL_CPI_ACC_META_PUBKEY
583 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR
584 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS
585 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR
586 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA
587 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_LEN_VADDR
588 : #undef VM_SYSCALL_CPI_ACC_INFO_METADATA
589 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_RC_REFCELL_VADDR
590 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_RC_REFCELL_VADDR
591 : #undef VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN
|
