Line data Source code
1 : #include "fd_vm_syscall.h"
2 : #include "../../runtime/fd_borrowed_account.h"
3 : #include "../../runtime/fd_system_ids.h"
4 :
5 : /* FIXME: ALGO EFFICIENCY */
6 : static inline int
7 : fd_vm_syscall_cpi_is_signer( fd_pubkey_t const * account,
8 : fd_pubkey_t const * signers,
9 0 : ulong signers_cnt ) {
10 0 : for( ulong i=0UL; i<signers_cnt; i++ ) if( !memcmp( account->uc, signers[i].uc, sizeof(fd_pubkey_t) ) ) return 1;
11 0 : return 0;
12 0 : }
13 :
14 : /*
15 : fd_vm_prepare_instruction populates instruction_accounts and instruction_accounts_cnt
16 : with the instruction accounts ready for execution.
17 :
18 : The majority of this logic is taken from
19 : https://github.com/solana-labs/solana/blob/v1.17.22/program-runtime/src/invoke_context.rs#L535,
20 : and is not vm-specific, but a part of the runtime.
21 : TODO: should we move this out of the CPI section?
22 :
23 : The bulk of the logic is concerned with unifying the privileges for each duplicated account,
24 : ensuring that each duplicate account referenced has the same privileges. It also performs some
25 : priviledge checks, for example ensuring the necessary signatures are present.
26 :
27 : TODO: instruction calling convention: const parameters after non-const.
28 :
29 : Assumptions:
30 : - We do not have more than 256 unique accounts in the callee_instr.
31 : This limit comes from the fact that a Solana transaction cannot
32 : refefence more than 256 unique accounts, due to the transaction
33 : serialization format.
34 : - callee_instr is not null.
35 : - callee_instr->acct_pubkeys is at least as long as callee_instr->acct_cnt
36 : - instr_ctx->txn_ctx->accounts_cnt is less than UCHAR_MAX.
37 : This is likely because the transaction is limited to 256 accounts.
38 : - callee_instr->program_id is set to UCHAR_MAX if account is not in instr_ctx->txn_ctx.
39 : - instruction_accounts is a 256-length empty array.
40 :
41 : Parameters:
42 : - callee_instr
43 : - instr_ctx
44 : - instruction_accounts
45 : - instruction_accounts_cnt
46 : - signers
47 : - signers_cnt
48 :
49 : Returns:
50 : - instruction_accounts
51 : - instruction_accounts_cnt
52 : Populated with the instruction accounts with normalized permissions.
53 :
54 : TODO: is it possible to pass the transaction indexes of the accounts in?
55 : This would allow us to make some of these algorithms more efficient.
56 : */
57 : int
58 : fd_vm_prepare_instruction( fd_instr_info_t * callee_instr,
59 : fd_exec_instr_ctx_t * instr_ctx,
60 : fd_pubkey_t const * callee_program_id_pubkey,
61 : fd_pubkey_t const instr_acct_keys[ FD_INSTR_ACCT_MAX ],
62 : fd_instruction_account_t instruction_accounts[ FD_INSTR_ACCT_MAX ],
63 : ulong * instruction_accounts_cnt,
64 : fd_pubkey_t const * signers,
65 0 : ulong signers_cnt ) {
66 :
67 : /* De-duplicate the instruction accounts, using the same logic as Solana */
68 0 : ulong deduplicated_instruction_accounts_cnt = 0;
69 0 : fd_instruction_account_t deduplicated_instruction_accounts[256] = {0};
70 0 : ulong duplicate_indicies_cnt = 0;
71 0 : ulong duplicate_indices[256] = {0};
72 :
73 : /* Normalize the privileges of each instruction account in the callee, after de-duping
74 : the account references.
75 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/program-runtime/src/invoke_context.rs#L540-L595 */
76 0 : for( ulong i=0UL; i<callee_instr->acct_cnt; i++ ) {
77 0 : ushort index_in_transaction = callee_instr->accounts[i].index_in_transaction;
78 0 : ushort index_in_caller = callee_instr->accounts[i].index_in_caller;
79 :
80 0 : if( index_in_transaction==USHORT_MAX ) {
81 : /* In this case the callee instruction is referencing an unknown account not listed in the
82 : transactions accounts. */
83 0 : FD_BASE58_ENCODE_32_BYTES( instr_acct_keys[i].uc, id_b58 );
84 0 : fd_log_collector_msg_many( instr_ctx, 2, "Instruction references an unknown account ", 42UL, id_b58, id_b58_len );
85 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
86 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
87 0 : }
88 :
89 : /* If there was an instruction account before this one which referenced the same
90 : transaction account index, find it's index in the deduplicated_instruction_accounts
91 : array. */
92 0 : ulong duplicate_index = ULONG_MAX;
93 0 : for( ulong j=0UL; j<deduplicated_instruction_accounts_cnt; j++ ) {
94 0 : if( deduplicated_instruction_accounts[j].index_in_transaction==index_in_transaction ) {
95 0 : duplicate_index = j;
96 0 : break;
97 0 : }
98 0 : }
99 :
100 : /* If this was account referenced in a previous iteration, update the flags to include those set
101 : in this iteration. This ensures that after all the iterations, the de-duplicated account flags
102 : for each account are the union of all the flags in all the references to that account in this instruction. */
103 :
104 : /* TODO: FD_UNLIKELY? Need to check which branch is more common by running against a larger mainnet ledger */
105 : /* TODO: this code would maybe be easier to read if we inverted the branches */
106 0 : if( duplicate_index!=ULONG_MAX ) {
107 0 : if ( FD_UNLIKELY( duplicate_index >= deduplicated_instruction_accounts_cnt ) ) {
108 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
109 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
110 0 : }
111 :
112 0 : duplicate_indices[duplicate_indicies_cnt++] = duplicate_index;
113 0 : fd_instruction_account_t * instruction_account = &deduplicated_instruction_accounts[duplicate_index];
114 0 : instruction_account->is_signer = !!(instruction_account->is_signer | callee_instr->accounts[i].is_signer);
115 0 : instruction_account->is_writable = !!(instruction_account->is_writable | callee_instr->accounts[i].is_writable);
116 0 : } else {
117 : /* In the case where the callee instruction is NOT a duplicate, we need to
118 : create the deduplicated_instruction_accounts fd_instruction_account_t object. */
119 :
120 : /* Add the instruction account to the duplicate indicies array */
121 0 : duplicate_indices[duplicate_indicies_cnt++] = deduplicated_instruction_accounts_cnt;
122 :
123 : /* Initialize the instruction account in the deduplicated_instruction_accounts array */
124 0 : fd_instruction_account_t * instruction_account = &deduplicated_instruction_accounts[deduplicated_instruction_accounts_cnt++];
125 0 : *instruction_account = fd_instruction_account_init( index_in_transaction,
126 0 : index_in_caller,
127 0 : (ushort)i,
128 0 : !!(callee_instr->accounts[i].is_writable),
129 0 : !!(callee_instr->accounts[i].is_signer) );
130 0 : }
131 0 : }
132 :
133 : /* Check the normalized account permissions for privilege escalation.
134 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/program-runtime/src/invoke_context.rs#L596-L624 */
135 0 : for( ulong i = 0; i < deduplicated_instruction_accounts_cnt; i++ ) {
136 0 : fd_instruction_account_t * instruction_account = &deduplicated_instruction_accounts[i];
137 :
138 : /* https://github.com/anza-xyz/agave/blob/v2.1.14/program-runtime/src/invoke_context.rs#L390-L393 */
139 0 : fd_guarded_borrowed_account_t borrowed_caller_acct = {0};
140 0 : FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, instruction_account->index_in_caller, &borrowed_caller_acct );
141 :
142 : /* Check that the account is not read-only in the caller but writable in the callee */
143 0 : if( FD_UNLIKELY( instruction_account->is_writable && !fd_borrowed_account_is_writable( &borrowed_caller_acct ) ) ) {
144 0 : FD_BASE58_ENCODE_32_BYTES( borrowed_caller_acct.acct->pubkey->uc, id_b58 );
145 0 : fd_log_collector_msg_many( instr_ctx, 2, id_b58, id_b58_len, "'s writable privilege escalated", 31UL );
146 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION, instr_ctx->txn_out->err.exec_err_idx );
147 0 : return FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION;
148 0 : }
149 :
150 : /* If the account is signed in the callee, it must be signed by the caller or the program */
151 0 : if ( FD_UNLIKELY( instruction_account->is_signer && !( fd_borrowed_account_is_signer( &borrowed_caller_acct ) || fd_vm_syscall_cpi_is_signer( borrowed_caller_acct.acct->pubkey, signers, signers_cnt) ) ) ) {
152 0 : FD_BASE58_ENCODE_32_BYTES( borrowed_caller_acct.acct->pubkey->uc, id_b58 );
153 0 : fd_log_collector_msg_many( instr_ctx, 2, id_b58, id_b58_len, "'s signer privilege escalated", 29UL );
154 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION, instr_ctx->txn_out->err.exec_err_idx );
155 0 : return FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION;
156 0 : }
157 0 : }
158 :
159 : /* Copy the accounts with their normalized permissions over to the final instruction_accounts array,
160 : and set the callee_instr acct_flags. */
161 0 : for (ulong i = 0; i < duplicate_indicies_cnt; i++) {
162 0 : ulong duplicate_index = duplicate_indices[i];
163 :
164 : /* Failing this condition is technically impossible, but it is probably safest to keep this in
165 : so that we throw InstructionError::NotEnoughAccountKeys at the same point at Solana does,
166 : in the event any surrounding code is changed.
167 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/program-runtime/src/invoke_context.rs#L625-L633 */
168 0 : if ( FD_LIKELY( duplicate_index < deduplicated_instruction_accounts_cnt ) ) {
169 0 : instruction_accounts[i] = deduplicated_instruction_accounts[duplicate_index];
170 0 : callee_instr->accounts[i].is_writable = !!(instruction_accounts[i].is_writable);
171 0 : callee_instr->accounts[i].is_signer = !!(instruction_accounts[i].is_signer);
172 0 : } else {
173 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
174 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
175 0 : }
176 0 : }
177 :
178 : /* Obtain the program account index and return a MissingAccount error if not found.
179 : https://github.com/anza-xyz/agave/blob/v2.1.14/program-runtime/src/invoke_context.rs#L430-L435 */
180 0 : int program_idx = fd_exec_instr_ctx_find_idx_of_instr_account( instr_ctx, callee_program_id_pubkey );
181 0 : if( FD_UNLIKELY( program_idx == -1 ) ) {
182 0 : FD_BASE58_ENCODE_32_BYTES( callee_program_id_pubkey->uc, id_b58 );
183 0 : fd_log_collector_msg_many( instr_ctx, 2, "Unknown program ", 16UL, id_b58, id_b58_len );
184 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
185 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
186 0 : }
187 :
188 : /* Caller is in charge of setting an appropriate sentinel value (i.e., UCHAR_MAX) for callee_instr->program_id if not found.
189 : Borrow the program account here.
190 : https://github.com/anza-xyz/agave/blob/v2.1.14/program-runtime/src/invoke_context.rs#L436-L437 */
191 0 : fd_guarded_borrowed_account_t borrowed_program_account = {0};
192 0 : int err = fd_exec_instr_ctx_try_borrow_instr_account( instr_ctx, (ushort)program_idx, &borrowed_program_account );
193 0 : if( FD_UNLIKELY( err ) ) {
194 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, err, instr_ctx->txn_out->err.exec_err_idx );
195 0 : return err;
196 0 : }
197 :
198 0 : if( FD_UNLIKELY( err ) ) {
199 : /* https://github.com/anza-xyz/agave/blob/a9ac3f55fcb2bc735db0d251eda89897a5dbaaaa/program-runtime/src/invoke_context.rs#L434 */
200 0 : FD_BASE58_ENCODE_32_BYTES( callee_program_id_pubkey->uc, id_b58 );
201 0 : fd_log_collector_msg_many( instr_ctx, 2, "Unknown program ", 16UL, id_b58, id_b58_len );
202 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
203 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
204 0 : }
205 :
206 0 : *instruction_accounts_cnt = duplicate_indicies_cnt;
207 :
208 0 : return 0;
209 0 : }
210 :
211 : /**********************************************************************
212 : CROSS PROGRAM INVOCATION (Generic logic)
213 : **********************************************************************/
214 :
215 : /* FD_CPI_MAX_SIGNER_CNT is the max amount of PDA signer addresses that
216 : a cross-program invocation can include in an instruction.
217 :
218 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/programs/bpf_loader/src/syscalls/mod.rs#L80 */
219 :
220 : #define FD_CPI_MAX_SIGNER_CNT (16UL)
221 :
222 : /* "Maximum number of account info structs that can be used in a single CPI
223 : invocation. A limit on account info structs is effectively the same as
224 : limiting the number of unique accounts. 128 was chosen to match the max
225 : number of locked accounts per transaction (MAX_TX_ACCOUNT_LOCKS)."
226 :
227 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/sdk/program/src/syscalls/mod.rs#L25
228 : https://github.com/anza-xyz/agave/blob/838c1952595809a31520ff1603a13f2c9123aa51/programs/bpf_loader/src/syscalls/cpi.rs#L1011 */
229 :
230 0 : #define FD_CPI_MAX_ACCOUNT_INFOS (128UL)
231 : /* This is just encoding what Agave says in their code comments into a
232 : compile-time check, so if anyone ever inadvertently changes one of
233 : the limits, they will have to take a look. */
234 : FD_STATIC_ASSERT( FD_CPI_MAX_ACCOUNT_INFOS==MAX_TX_ACCOUNT_LOCKS, cpi_max_account_info );
235 : static inline ulong
236 0 : get_cpi_max_account_infos( fd_bank_t * bank ) {
237 0 : return fd_ulong_if( FD_FEATURE_ACTIVE_BANK( bank, increase_tx_account_lock_limit ), FD_CPI_MAX_ACCOUNT_INFOS, 64UL );
238 0 : }
239 :
240 : /* Maximum CPI instruction accounts. 255 was chosen to ensure that instruction
241 : accounts are always within the maximum instruction account limit for BPF
242 : program instructions.
243 :
244 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/sdk/program/src/syscalls/mod.rs#L19
245 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/programs/bpf_loader/src/serialization.rs#L26 */
246 :
247 : #define FD_CPI_MAX_INSTRUCTION_ACCOUNTS (255UL)
248 :
249 : /* fd_vm_syscall_cpi_check_instruction contains common instruction acct
250 : count and data sz checks. Also consumes compute units proportional
251 : to instruction data size. */
252 :
253 : static int
254 0 : fd_vm_syscall_cpi_check_instruction( ulong acct_cnt, ulong data_sz ) {
255 : /* https://github.com/anza-xyz/agave/blob/v3.1.2/program-runtime/src/cpi.rs#L146-L161 */
256 0 : if( FD_UNLIKELY( acct_cnt > FD_CPI_MAX_INSTRUCTION_ACCOUNTS ) ) {
257 0 : FD_LOG_WARNING(( "cpi: too many accounts (%#lx)", acct_cnt ));
258 : // SyscallError::MaxInstructionAccountsExceeded
259 0 : return FD_VM_SYSCALL_ERR_MAX_INSTRUCTION_ACCOUNTS_EXCEEDED;
260 0 : }
261 0 : if( FD_UNLIKELY( data_sz>FD_RUNTIME_CPI_MAX_INSTR_DATA_LEN ) ) {
262 0 : FD_LOG_WARNING(( "cpi: data too long (%#lx)", data_sz ));
263 : // SyscallError::MaxInstructionDataLenExceeded
264 0 : return FD_VM_SYSCALL_ERR_MAX_INSTRUCTION_DATA_LEN_EXCEEDED;
265 0 : }
266 :
267 0 : return FD_VM_SUCCESS;
268 0 : }
269 :
270 : /* https://github.com/anza-xyz/agave/blob/v3.0.1/syscalls/src/cpi.rs#L1134-L1169 */
271 : static inline int
272 : fd_vm_cpi_update_caller_account_region( fd_vm_t * vm,
273 : ulong instr_acc_idx,
274 : fd_vm_cpi_caller_account_t * caller_account,
275 0 : fd_borrowed_account_t * borrowed_account ) {
276 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L1141-L1148 */
277 0 : ulong address_space_reserved_for_account;
278 0 : if( vm->stricter_abi_and_runtime_constraints && vm->is_deprecated ) {
279 0 : address_space_reserved_for_account = caller_account->orig_data_len;
280 0 : } else {
281 0 : address_space_reserved_for_account = fd_ulong_sat_add( caller_account->orig_data_len, MAX_PERMITTED_DATA_INCREASE );
282 0 : }
283 :
284 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L1159-L1164 */
285 0 : if( address_space_reserved_for_account > 0UL ) {
286 : /* Note that we don't special-case direct mapping here, as Agave does,
287 : because we do not create regions using CoW upon resize like Agave does.
288 :
289 : Therefore we do not need the logic in the Agave code to create a new
290 : region, as we have already created all the regions for each account.
291 :
292 : Therefore we do not have equivalents of Agave's
293 : modify_memory_region_of_account and create_memory_region_of_account
294 : functions, but we instead inline this logic directly below. */
295 0 : fd_vm_acc_region_meta_t * acc_region_meta = &vm->acc_region_metas[instr_acc_idx];
296 0 : fd_vm_input_region_t * region = &vm->input_mem_regions[acc_region_meta->region_idx + 1UL];
297 :
298 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L1159-L1165 */
299 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/program-runtime/src/serialization.rs#L23-L35 */
300 0 : region->region_sz = (uint)fd_borrowed_account_get_data_len( borrowed_account );
301 :
302 0 : int err;
303 0 : int is_writable = fd_borrowed_account_can_data_be_changed( borrowed_account, &err );
304 :
305 0 : region->is_writable = (uchar)is_writable && ( err == FD_EXECUTOR_INSTR_SUCCESS );
306 0 : }
307 :
308 0 : return FD_VM_SUCCESS;
309 0 : }
310 :
311 : /**********************************************************************
312 : CROSS PROGRAM INVOCATION HELPERS
313 : **********************************************************************/
314 :
315 : static inline int
316 : fd_vm_syscall_cpi_check_id( fd_pubkey_t const * program_id,
317 0 : uchar const * loader ) {
318 0 : return !memcmp( program_id, loader, sizeof(fd_pubkey_t) );
319 0 : }
320 :
321 : /* fd_vm_syscall_cpi_is_precompile returns true if the given program_id
322 : corresponds to a precompile. It does this by checking against a hardcoded
323 : list of known pre-compiles.
324 :
325 : This mirrors the behaviour in solana_sdk::precompiles::is_precompile
326 : https://github.com/solana-labs/solana/blob/2afde1b028ed4593da5b6c735729d8994c4bfac6/sdk/src/precompiles.rs#L93
327 : */
328 : static inline int
329 0 : fd_vm_syscall_cpi_is_precompile( fd_pubkey_t const * program_id, fd_bank_t * bank ) {
330 0 : return fd_vm_syscall_cpi_check_id(program_id, fd_solana_keccak_secp_256k_program_id.key) |
331 0 : fd_vm_syscall_cpi_check_id(program_id, fd_solana_ed25519_sig_verify_program_id.key) |
332 0 : ( fd_vm_syscall_cpi_check_id(program_id, fd_solana_secp256r1_program_id.key) &&
333 0 : FD_FEATURE_ACTIVE_BANK( bank, enable_secp256r1_precompile ) );
334 0 : }
335 :
336 : /* fd_vm_syscall_cpi_check_authorized_program corresponds to
337 : solana_bpf_loader_program::syscalls::cpi::check_authorized_program:
338 : https://github.com/solana-labs/solana/blob/2afde1b028ed4593da5b6c735729d8994c4bfac6/programs/bpf_loader/src/syscalls/cpi.rs#L1032
339 :
340 : It determines if the given program_id is authorized to execute a CPI call.
341 :
342 : FIXME: return type
343 : */
344 : static inline ulong
345 : fd_vm_syscall_cpi_check_authorized_program( fd_pubkey_t const * program_id,
346 : fd_bank_t * bank,
347 : uchar const * instruction_data,
348 0 : ulong instruction_data_len ) {
349 : /* FIXME: do this in a branchless manner? using bitwise comparison would probably be faster */
350 0 : return ( fd_vm_syscall_cpi_check_id(program_id, fd_solana_native_loader_id.key) ||
351 0 : fd_vm_syscall_cpi_check_id(program_id, fd_solana_bpf_loader_program_id.key) ||
352 0 : fd_vm_syscall_cpi_check_id(program_id, fd_solana_bpf_loader_deprecated_program_id.key) ||
353 0 : ( fd_vm_syscall_cpi_check_id(program_id, fd_solana_bpf_loader_upgradeable_program_id.key) &&
354 0 : !(( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_upgrade ) ||
355 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_set_authority ) ||
356 0 : ( FD_FEATURE_ACTIVE_BANK( bank, enable_bpf_loader_set_authority_checked_ix ) &&
357 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_set_authority_checked )) ||
358 0 : ( FD_FEATURE_ACTIVE_BANK( bank, enable_extend_program_checked ) &&
359 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_extend_program_checked )) ||
360 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_close ))) ||
361 0 : fd_vm_syscall_cpi_is_precompile( program_id, bank ) );
362 0 : }
363 :
364 : /* The data and lamports fields are in an Rc<Refcell<T>> in the Rust ABI AccountInfo.
365 : These macros perform the equivalent of Rc<Refcell<T>>.as_ptr() in Agave.
366 : This function doesn't actually touch any memory.
367 : It performs pointer arithmetic.
368 : */
369 : FD_FN_CONST static inline
370 0 : ulong vm_syscall_cpi_acc_info_rc_refcell_as_ptr( ulong rc_refcell_vaddr ) {
371 0 : return (ulong) &(((fd_vm_rc_refcell_t *)rc_refcell_vaddr)->payload);
372 0 : }
373 :
374 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L310-L316
375 : */
376 : FD_FN_CONST static inline
377 0 : ulong vm_syscall_cpi_data_len_vaddr_c( ulong acct_info_vaddr, ulong data_len_haddr, ulong acct_info_haddr ) {
378 0 : return fd_ulong_sat_sub( fd_ulong_sat_add( acct_info_vaddr, data_len_haddr ), acct_info_haddr );
379 0 : }
380 :
381 : /**********************************************************************
382 : CROSS PROGRAM INVOCATION (C ABI)
383 : **********************************************************************/
384 :
385 : #define VM_SYSCALL_CPI_ABI c
386 0 : #define VM_SYSCALL_CPI_INSTR_T fd_vm_c_instruction_t
387 : #define VM_SYSCALL_CPI_INSTR_ALIGN (FD_VM_C_INSTRUCTION_ALIGN)
388 : #define VM_SYSCALL_CPI_INSTR_SIZE (FD_VM_C_INSTRUCTION_SIZE)
389 0 : #define VM_SYSCALL_CPI_ACC_META_T fd_vm_c_account_meta_t
390 : #define VM_SYSCALL_CPI_ACC_META_ALIGN (FD_VM_C_ACCOUNT_META_ALIGN)
391 : #define VM_SYSCALL_CPI_ACC_META_SIZE (FD_VM_C_ACCOUNT_META_SIZE)
392 0 : #define VM_SYSCALL_CPI_ACC_INFO_T fd_vm_c_account_info_t
393 : #define VM_SYSCALL_CPI_ACC_INFO_ALIGN (FD_VM_C_ACCOUNT_INFO_ALIGN)
394 0 : #define VM_SYSCALL_CPI_ACC_INFO_SIZE (FD_VM_C_ACCOUNT_INFO_SIZE)
395 :
396 : /* VM_SYSCALL_CPI_INSTR_T accessors */
397 : #define VM_SYSCALL_CPI_INSTR_DATA_ADDR( instr ) instr->data_addr
398 0 : #define VM_SYSCALL_CPI_INSTR_DATA_LEN( instr ) instr->data_len
399 : #define VM_SYSCALL_CPI_INSTR_ACCS_ADDR( instr ) instr->accounts_addr
400 0 : #define VM_SYSCALL_CPI_INSTR_ACCS_LEN( instr ) instr->accounts_len
401 : #define VM_SYSCALL_CPI_INSTR_PROGRAM_ID( vm, instr ) \
402 0 : FD_VM_MEM_HADDR_LD( vm, instr->program_id_addr, alignof(uchar), sizeof(fd_pubkey_t) )
403 :
404 : /* VM_SYSCALL_CPI_ACC_META_T accessors */
405 0 : #define VM_SYSCALL_CPI_ACC_META_IS_WRITABLE( acc_meta ) acc_meta->is_writable
406 0 : #define VM_SYSCALL_CPI_ACC_META_IS_SIGNER( acc_meta ) acc_meta->is_signer
407 : #define VM_SYSCALL_CPI_ACC_META_PUBKEY( vm, acc_meta ) \
408 0 : FD_VM_MEM_HADDR_LD( vm, acc_meta->pubkey_addr, alignof(uchar), sizeof(fd_pubkey_t) )
409 :
410 : /* VM_SYSCALL_CPI_ACC_INFO_T accessors */
411 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR( vm, acc_info, decl ) \
412 0 : ulong decl = acc_info->lamports_addr;
413 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS( vm, acc_info, decl ) \
414 0 : ulong * decl = FD_VM_MEM_HADDR_ST( vm, acc_info->lamports_addr, alignof(ulong), sizeof(ulong) );
415 :
416 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L304 */
417 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR( vm, acc_info, decl ) \
418 0 : ulong decl = acc_info->data_addr;
419 : #define VM_SYSCALL_CPI_ACC_INFO_DATA( vm, acc_info, decl ) \
420 0 : uchar * decl = FD_VM_MEM_SLICE_HADDR_ST( vm, acc_info->data_addr, alignof(uchar), acc_info->data_sz ); \
421 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = acc_info->data_addr; \
422 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = acc_info->data_sz;
423 :
424 : #define VM_SYSCALL_CPI_ACC_INFO_METADATA( vm, acc_info, decl ) \
425 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = acc_info->data_addr; \
426 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = acc_info->data_sz;
427 :
428 : #define VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN( vm, acc_info, decl ) \
429 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = acc_info->data_sz;
430 :
431 : #include "fd_vm_syscall_cpi_common.c"
432 :
433 : #undef VM_SYSCALL_CPI_ABI
434 : #undef VM_SYSCALL_CPI_INSTR_T
435 : #undef VM_SYSCALL_CPI_INSTR_ALIGN
436 : #undef VM_SYSCALL_CPI_INSTR_SIZE
437 : #undef VM_SYSCALL_CPI_ACC_META_T
438 : #undef VM_SYSCALL_CPI_ACC_META_ALIGN
439 : #undef VM_SYSCALL_CPI_ACC_META_SIZE
440 : #undef VM_SYSCALL_CPI_ACC_INFO_T
441 : #undef VM_SYSCALL_CPI_ACC_INFO_ALIGN
442 : #undef VM_SYSCALL_CPI_ACC_INFO_SIZE
443 : #undef VM_SYSCALL_CPI_INSTR_DATA_ADDR
444 : #undef VM_SYSCALL_CPI_INSTR_DATA_LEN
445 : #undef VM_SYSCALL_CPI_INSTR_ACCS_ADDR
446 : #undef VM_SYSCALL_CPI_INSTR_ACCS_LEN
447 : #undef VM_SYSCALL_CPI_INSTR_PROGRAM_ID
448 : #undef VM_SYSCALL_CPI_ACC_META_IS_WRITABLE
449 : #undef VM_SYSCALL_CPI_ACC_META_IS_SIGNER
450 : #undef VM_SYSCALL_CPI_ACC_META_PUBKEY
451 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR
452 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS
453 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR
454 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA
455 : #undef VM_SYSCALL_CPI_ACC_INFO_METADATA
456 : #undef VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN
457 :
458 : /**********************************************************************
459 : CROSS PROGRAM INVOCATION (Rust ABI)
460 : **********************************************************************/
461 :
462 : #define VM_SYSCALL_CPI_ABI rust
463 0 : #define VM_SYSCALL_CPI_INSTR_T fd_vm_rust_instruction_t
464 : #define VM_SYSCALL_CPI_INSTR_ALIGN (FD_VM_RUST_INSTRUCTION_ALIGN)
465 : #define VM_SYSCALL_CPI_INSTR_SIZE (FD_VM_RUST_INSTRUCTION_SIZE)
466 0 : #define VM_SYSCALL_CPI_ACC_META_T fd_vm_rust_account_meta_t
467 : #define VM_SYSCALL_CPI_ACC_META_ALIGN (FD_VM_RUST_ACCOUNT_META_ALIGN)
468 : #define VM_SYSCALL_CPI_ACC_META_SIZE (FD_VM_RUST_ACCOUNT_META_SIZE)
469 0 : #define VM_SYSCALL_CPI_ACC_INFO_T fd_vm_rust_account_info_t
470 : #define VM_SYSCALL_CPI_ACC_INFO_ALIGN (FD_VM_RUST_ACCOUNT_INFO_ALIGN)
471 0 : #define VM_SYSCALL_CPI_ACC_INFO_SIZE (FD_VM_RUST_ACCOUNT_INFO_SIZE)
472 :
473 : /* VM_SYSCALL_CPI_INSTR_T accessors */
474 : #define VM_SYSCALL_CPI_INSTR_DATA_ADDR( instr ) instr->data.addr
475 0 : #define VM_SYSCALL_CPI_INSTR_DATA_LEN( instr ) instr->data.len
476 : #define VM_SYSCALL_CPI_INSTR_ACCS_ADDR( instr ) instr->accounts.addr
477 0 : #define VM_SYSCALL_CPI_INSTR_ACCS_LEN( instr ) instr->accounts.len
478 0 : #define VM_SYSCALL_CPI_INSTR_PROGRAM_ID( vm, instr ) instr->pubkey
479 :
480 : /* VM_SYSCALL_CPI_ACC_META_T accessors */
481 0 : #define VM_SYSCALL_CPI_ACC_META_IS_WRITABLE( acc_meta ) acc_meta->is_writable
482 0 : #define VM_SYSCALL_CPI_ACC_META_IS_SIGNER( acc_meta ) acc_meta->is_signer
483 0 : #define VM_SYSCALL_CPI_ACC_META_PUBKEY( vm, acc_meta ) acc_meta->pubkey
484 :
485 : /* VM_SYSCALL_CPI_ACC_INFO_T accessors */
486 :
487 : /* The lamports and the account data are stored behind RefCells,
488 : so we have an additional layer of indirection to unwrap. */
489 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR( vm, acc_info, decl ) \
490 0 : ulong const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
491 0 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->lamports_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(ulong) ); \
492 0 : /* Extract the vaddr embedded in the RefCell */ \
493 0 : ulong decl = *FD_EXPAND_THEN_CONCAT2(decl, _hptr_);
494 :
495 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L184-L195 */
496 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS( vm, acc_info, decl ) \
497 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vaddr_) = \
498 0 : *((ulong const *)FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->lamports_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(ulong) )); \
499 0 : ulong * decl = FD_VM_MEM_HADDR_ST( vm, FD_EXPAND_THEN_CONCAT2(decl, _vaddr_), alignof(ulong), sizeof(ulong) );
500 :
501 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L184-L195 */
502 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR( vm, acc_info, decl ) \
503 0 : if( FD_UNLIKELY( vm->stricter_abi_and_runtime_constraints && acc_info->data_box_addr >= FD_VM_MEM_MAP_INPUT_REGION_START ) ) { \
504 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_POINTER ); \
505 0 : return FD_VM_SYSCALL_ERR_INVALID_POINTER; \
506 0 : } \
507 0 : /* Translate the vaddr to the slice */ \
508 0 : fd_vm_vec_t const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
509 0 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(fd_vm_vec_t) ); \
510 0 : /* Extract the vaddr embedded in the slice */ \
511 0 : ulong decl = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr;
512 :
513 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L212-L221 */
514 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_LEN_VADDR( vm, acc_info, decl ) \
515 0 : ulong decl = fd_ulong_sat_add( vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), sizeof(ulong) );
516 :
517 : #define VM_SYSCALL_CPI_ACC_INFO_DATA( vm, acc_info, decl ) \
518 : /* Translate the vaddr to the slice */ \
519 0 : fd_vm_vec_t const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
520 0 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(fd_vm_vec_t) ); \
521 0 : /* Declare the vaddr of the slice's underlying byte array */ \
522 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr; \
523 0 : /* Declare the size of the slice's underlying byte array */ \
524 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len; \
525 0 : /* Translate the vaddr to the underlying byte array */ \
526 0 : uchar * decl = FD_VM_MEM_SLICE_HADDR_ST( \
527 0 : vm, FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr, alignof(uchar), FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len );
528 :
529 : #define VM_SYSCALL_CPI_ACC_INFO_METADATA( vm, acc_info, decl ) \
530 : /* Translate the vaddr to the slice */ \
531 : fd_vm_vec_t const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
532 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(fd_vm_vec_t) ); \
533 : /* Declare the vaddr of the slice's underlying byte array */ \
534 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr; \
535 : /* Declare the size of the slice's underlying byte array */ \
536 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len;
537 :
538 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_RC_REFCELL_VADDR( vm, acc_info, decl ) \
539 0 : ulong decl = vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->lamports_box_addr );
540 :
541 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_RC_REFCELL_VADDR( vm, acc_info, decl ) \
542 : ulong decl = vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr );
543 :
544 : #define VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN( vm, acc_info, decl ) \
545 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len;
546 :
547 : #include "fd_vm_syscall_cpi_common.c"
548 :
549 : #undef VM_SYSCALL_CPI_ABI
550 : #undef VM_SYSCALL_CPI_INSTR_T
551 : #undef VM_SYSCALL_CPI_INSTR_ALIGN
552 : #undef VM_SYSCALL_CPI_INSTR_SIZE
553 : #undef VM_SYSCALL_CPI_ACC_META_T
554 : #undef VM_SYSCALL_CPI_ACC_META_ALIGN
555 : #undef VM_SYSCALL_CPI_ACC_META_SIZE
556 : #undef VM_SYSCALL_CPI_ACC_INFO_T
557 : #undef VM_SYSCALL_CPI_ACC_INFO_ALIGN
558 : #undef VM_SYSCALL_CPI_ACC_INFO_SIZE
559 : #undef VM_SYSCALL_CPI_INSTR_DATA_ADDR
560 : #undef VM_SYSCALL_CPI_INSTR_DATA_LEN
561 : #undef VM_SYSCALL_CPI_INSTR_ACCS_ADDR
562 : #undef VM_SYSCALL_CPI_INSTR_ACCS_LEN
563 : #undef VM_SYSCALL_CPI_INSTR_PROGRAM_ID
564 : #undef VM_SYSCALL_CPI_ACC_META_IS_WRITABLE
565 : #undef VM_SYSCALL_CPI_ACC_META_IS_SIGNER
566 : #undef VM_SYSCALL_CPI_ACC_META_PUBKEY
567 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR
568 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS
569 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR
570 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA
571 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_LEN_VADDR
572 : #undef VM_SYSCALL_CPI_ACC_INFO_METADATA
573 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_RC_REFCELL_VADDR
574 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_RC_REFCELL_VADDR
575 : #undef VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN
|
