Line data Source code
1 : #include "fd_vm_syscall.h"
2 : #include "../../runtime/fd_borrowed_account.h"
3 : #include "../../runtime/fd_system_ids.h"
4 :
5 : /* FIXME: ALGO EFFICIENCY */
6 : static inline int
7 : fd_vm_syscall_cpi_is_signer( fd_pubkey_t const * account,
8 : fd_pubkey_t const * signers,
9 0 : ulong signers_cnt ) {
10 0 : for( ulong i=0UL; i<signers_cnt; i++ ) if( !memcmp( account->uc, signers[i].uc, sizeof(fd_pubkey_t) ) ) return 1;
11 0 : return 0;
12 0 : }
13 :
14 : /*
15 : fd_vm_prepare_instruction populates instruction_accounts and instruction_accounts_cnt
16 : with the instruction accounts ready for execution.
17 :
18 : The majority of this logic is taken from
19 : https://github.com/solana-labs/solana/blob/v1.17.22/program-runtime/src/invoke_context.rs#L535,
20 : and is not vm-specific, but a part of the runtime.
21 : TODO: should we move this out of the CPI section?
22 :
23 : The bulk of the logic is concerned with unifying the privileges for each duplicated account,
24 : ensuring that each duplicate account referenced has the same privileges. It also performs some
25 : priviledge checks, for example ensuring the necessary signatures are present.
26 :
27 : TODO: instruction calling convention: const parameters after non-const.
28 :
29 : Assumptions:
30 : - We do not have more than 256 unique accounts in the callee_instr.
31 : This limit comes from the fact that a Solana transaction cannot
32 : refefence more than 256 unique accounts, due to the transaction
33 : serialization format.
34 : - callee_instr is not null.
35 : - callee_instr->acct_pubkeys is at least as long as callee_instr->acct_cnt
36 : - instr_ctx->txn_ctx->accounts_cnt is less than UCHAR_MAX.
37 : This is likely because the transaction is limited to 256 accounts.
38 : - callee_instr->program_id is set to UCHAR_MAX if account is not in instr_ctx->txn_ctx.
39 : - instruction_accounts is a 256-length empty array.
40 :
41 : Parameters:
42 : - callee_instr
43 : - instr_ctx
44 : - instruction_accounts
45 : - instruction_accounts_cnt
46 : - signers
47 : - signers_cnt
48 :
49 : Returns:
50 : - instruction_accounts
51 : - instruction_accounts_cnt
52 : Populated with the instruction accounts with normalized permissions.
53 :
54 : TODO: is it possible to pass the transaction indexes of the accounts in?
55 : This would allow us to make some of these algorithms more efficient.
56 : */
57 : int
58 : fd_vm_prepare_instruction( fd_instr_info_t * callee_instr,
59 : fd_exec_instr_ctx_t * instr_ctx,
60 : fd_pubkey_t const * callee_program_id_pubkey,
61 : fd_pubkey_t const instr_acct_keys[ FD_INSTR_ACCT_MAX ],
62 : fd_instruction_account_t instruction_accounts[ FD_INSTR_ACCT_MAX ],
63 : ulong * instruction_accounts_cnt,
64 : fd_pubkey_t const * signers,
65 0 : ulong signers_cnt ) {
66 :
67 : /* De-duplicate the instruction accounts, using the same logic as Solana */
68 0 : ulong deduplicated_instruction_accounts_cnt = 0;
69 0 : fd_instruction_account_t deduplicated_instruction_accounts[256] = {0};
70 0 : ulong duplicate_indicies_cnt = 0;
71 0 : ulong duplicate_indices[256] = {0};
72 :
73 : /* Normalize the privileges of each instruction account in the callee, after de-duping
74 : the account references.
75 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/program-runtime/src/invoke_context.rs#L540-L595 */
76 0 : for( ulong i=0UL; i<callee_instr->acct_cnt; i++ ) {
77 0 : ushort index_in_transaction = callee_instr->accounts[i].index_in_transaction;
78 0 : ushort index_in_caller = callee_instr->accounts[i].index_in_caller;
79 :
80 0 : if( index_in_transaction==USHORT_MAX ) {
81 : /* In this case the callee instruction is referencing an unknown account not listed in the
82 : transactions accounts. */
83 0 : FD_BASE58_ENCODE_32_BYTES( instr_acct_keys[i].uc, id_b58 );
84 0 : fd_log_collector_msg_many( instr_ctx, 2, "Instruction references an unknown account ", 42UL, id_b58, id_b58_len );
85 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
86 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
87 0 : }
88 :
89 : /* If there was an instruction account before this one which referenced the same
90 : transaction account index, find it's index in the deduplicated_instruction_accounts
91 : array. */
92 0 : ulong duplicate_index = ULONG_MAX;
93 0 : for( ulong j=0UL; j<deduplicated_instruction_accounts_cnt; j++ ) {
94 0 : if( deduplicated_instruction_accounts[j].index_in_transaction==index_in_transaction ) {
95 0 : duplicate_index = j;
96 0 : break;
97 0 : }
98 0 : }
99 :
100 : /* If this was account referenced in a previous iteration, update the flags to include those set
101 : in this iteration. This ensures that after all the iterations, the de-duplicated account flags
102 : for each account are the union of all the flags in all the references to that account in this instruction. */
103 :
104 : /* TODO: FD_UNLIKELY? Need to check which branch is more common by running against a larger mainnet ledger */
105 : /* TODO: this code would maybe be easier to read if we inverted the branches */
106 0 : if( duplicate_index!=ULONG_MAX ) {
107 0 : if ( FD_UNLIKELY( duplicate_index >= deduplicated_instruction_accounts_cnt ) ) {
108 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
109 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
110 0 : }
111 :
112 0 : duplicate_indices[duplicate_indicies_cnt++] = duplicate_index;
113 0 : fd_instruction_account_t * instruction_account = &deduplicated_instruction_accounts[duplicate_index];
114 0 : instruction_account->is_signer = !!(instruction_account->is_signer | callee_instr->accounts[i].is_signer);
115 0 : instruction_account->is_writable = !!(instruction_account->is_writable | callee_instr->accounts[i].is_writable);
116 0 : } else {
117 : /* In the case where the callee instruction is NOT a duplicate, we need to
118 : create the deduplicated_instruction_accounts fd_instruction_account_t object. */
119 :
120 : /* Add the instruction account to the duplicate indicies array */
121 0 : duplicate_indices[duplicate_indicies_cnt++] = deduplicated_instruction_accounts_cnt;
122 :
123 : /* Initialize the instruction account in the deduplicated_instruction_accounts array */
124 0 : fd_instruction_account_t * instruction_account = &deduplicated_instruction_accounts[deduplicated_instruction_accounts_cnt++];
125 0 : *instruction_account = fd_instruction_account_init( index_in_transaction,
126 0 : index_in_caller,
127 0 : (ushort)i,
128 0 : !!(callee_instr->accounts[i].is_writable),
129 0 : !!(callee_instr->accounts[i].is_signer) );
130 0 : }
131 0 : }
132 :
133 : /* Check the normalized account permissions for privilege escalation.
134 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/program-runtime/src/invoke_context.rs#L596-L624 */
135 0 : for( ulong i = 0; i < deduplicated_instruction_accounts_cnt; i++ ) {
136 0 : fd_instruction_account_t * instruction_account = &deduplicated_instruction_accounts[i];
137 :
138 : /* https://github.com/anza-xyz/agave/blob/v2.1.14/program-runtime/src/invoke_context.rs#L390-L393 */
139 0 : fd_guarded_borrowed_account_t borrowed_caller_acct = {0};
140 0 : FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, instruction_account->index_in_caller, &borrowed_caller_acct );
141 :
142 : /* Check that the account is not read-only in the caller but writable in the callee */
143 0 : if( FD_UNLIKELY( instruction_account->is_writable && !fd_borrowed_account_is_writable( &borrowed_caller_acct ) ) ) {
144 0 : FD_BASE58_ENCODE_32_BYTES( borrowed_caller_acct.acct->pubkey->uc, id_b58 );
145 0 : fd_log_collector_msg_many( instr_ctx, 2, id_b58, id_b58_len, "'s writable privilege escalated", 31UL );
146 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION, instr_ctx->txn_out->err.exec_err_idx );
147 0 : return FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION;
148 0 : }
149 :
150 : /* If the account is signed in the callee, it must be signed by the caller or the program */
151 0 : if ( FD_UNLIKELY( instruction_account->is_signer && !( fd_borrowed_account_is_signer( &borrowed_caller_acct ) || fd_vm_syscall_cpi_is_signer( borrowed_caller_acct.acct->pubkey, signers, signers_cnt) ) ) ) {
152 0 : FD_BASE58_ENCODE_32_BYTES( borrowed_caller_acct.acct->pubkey->uc, id_b58 );
153 0 : fd_log_collector_msg_many( instr_ctx, 2, id_b58, id_b58_len, "'s signer privilege escalated", 29UL );
154 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION, instr_ctx->txn_out->err.exec_err_idx );
155 0 : return FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION;
156 0 : }
157 0 : }
158 :
159 : /* Copy the accounts with their normalized permissions over to the final instruction_accounts array,
160 : and set the callee_instr acct_flags. */
161 0 : for (ulong i = 0; i < duplicate_indicies_cnt; i++) {
162 0 : ulong duplicate_index = duplicate_indices[i];
163 :
164 : /* Failing this condition is technically impossible, but it is probably safest to keep this in
165 : so that we throw InstructionError::NotEnoughAccountKeys at the same point at Solana does,
166 : in the event any surrounding code is changed.
167 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/program-runtime/src/invoke_context.rs#L625-L633 */
168 0 : if ( FD_LIKELY( duplicate_index < deduplicated_instruction_accounts_cnt ) ) {
169 0 : instruction_accounts[i] = deduplicated_instruction_accounts[duplicate_index];
170 0 : callee_instr->accounts[i].is_writable = !!(instruction_accounts[i].is_writable);
171 0 : callee_instr->accounts[i].is_signer = !!(instruction_accounts[i].is_signer);
172 0 : } else {
173 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
174 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
175 0 : }
176 0 : }
177 :
178 : /* Obtain the program account index and return a MissingAccount error if not found.
179 : https://github.com/anza-xyz/agave/blob/v2.1.14/program-runtime/src/invoke_context.rs#L430-L435 */
180 0 : int program_idx = fd_exec_instr_ctx_find_idx_of_instr_account( instr_ctx, callee_program_id_pubkey );
181 0 : if( FD_UNLIKELY( program_idx == -1 ) ) {
182 0 : FD_BASE58_ENCODE_32_BYTES( callee_program_id_pubkey->uc, id_b58 );
183 0 : fd_log_collector_msg_many( instr_ctx, 2, "Unknown program ", 16UL, id_b58, id_b58_len );
184 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
185 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
186 0 : }
187 :
188 : /* Caller is in charge of setting an appropriate sentinel value (i.e., UCHAR_MAX) for callee_instr->program_id if not found.
189 : Borrow the program account here.
190 : https://github.com/anza-xyz/agave/blob/v2.1.14/program-runtime/src/invoke_context.rs#L436-L437 */
191 0 : fd_guarded_borrowed_account_t borrowed_program_account = {0};
192 0 : int err = fd_exec_instr_ctx_try_borrow_instr_account( instr_ctx, (ushort)program_idx, &borrowed_program_account );
193 0 : if( FD_UNLIKELY( err ) ) {
194 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, err, instr_ctx->txn_out->err.exec_err_idx );
195 0 : return err;
196 0 : }
197 :
198 0 : if( FD_UNLIKELY( err ) ) {
199 : /* https://github.com/anza-xyz/agave/blob/a9ac3f55fcb2bc735db0d251eda89897a5dbaaaa/program-runtime/src/invoke_context.rs#L434 */
200 0 : FD_BASE58_ENCODE_32_BYTES( callee_program_id_pubkey->uc, id_b58 );
201 0 : fd_log_collector_msg_many( instr_ctx, 2, "Unknown program ", 16UL, id_b58, id_b58_len );
202 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_out, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_out->err.exec_err_idx );
203 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
204 0 : }
205 :
206 0 : *instruction_accounts_cnt = duplicate_indicies_cnt;
207 :
208 0 : return 0;
209 0 : }
210 :
211 : /**********************************************************************
212 : CROSS PROGRAM INVOCATION (Generic logic)
213 : **********************************************************************/
214 :
215 : /* FD_CPI_MAX_SIGNER_CNT is the max amount of PDA signer addresses that
216 : a cross-program invocation can include in an instruction.
217 :
218 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/programs/bpf_loader/src/syscalls/mod.rs#L80 */
219 :
220 : #define FD_CPI_MAX_SIGNER_CNT (16UL)
221 :
222 : /* "Maximum number of account info structs that can be used in a single CPI
223 : invocation. A limit on account info structs is effectively the same as
224 : limiting the number of unique accounts. 128 was chosen to match the max
225 : number of locked accounts per transaction (MAX_TX_ACCOUNT_LOCKS)."
226 :
227 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/sdk/program/src/syscalls/mod.rs#L25
228 : https://github.com/anza-xyz/agave/blob/838c1952595809a31520ff1603a13f2c9123aa51/programs/bpf_loader/src/syscalls/cpi.rs#L1011 */
229 :
230 0 : #define FD_CPI_MAX_ACCOUNT_INFOS (128UL)
231 : /* This is just encoding what Agave says in their code comments into a
232 : compile-time check, so if anyone ever inadvertently changes one of
233 : the limits, they will have to take a look. */
234 : FD_STATIC_ASSERT( FD_CPI_MAX_ACCOUNT_INFOS==MAX_TX_ACCOUNT_LOCKS, cpi_max_account_info );
235 : static inline ulong
236 0 : get_cpi_max_account_infos( fd_bank_t * bank ) {
237 0 : return fd_ulong_if( FD_FEATURE_ACTIVE_BANK( bank, increase_tx_account_lock_limit ), FD_CPI_MAX_ACCOUNT_INFOS, 64UL );
238 0 : }
239 :
240 : /* Maximum CPI instruction accounts. 255 was chosen to ensure that instruction
241 : accounts are always within the maximum instruction account limit for BPF
242 : program instructions.
243 :
244 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/sdk/program/src/syscalls/mod.rs#L19
245 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/programs/bpf_loader/src/serialization.rs#L26 */
246 :
247 : #define FD_CPI_MAX_INSTRUCTION_ACCOUNTS (255UL)
248 :
249 : /* fd_vm_syscall_cpi_check_instruction contains common instruction acct
250 : count and data sz checks. Also consumes compute units proportional
251 : to instruction data size. */
252 :
253 : static int
254 : fd_vm_syscall_cpi_check_instruction( fd_vm_t const * vm,
255 : ulong acct_cnt,
256 0 : ulong data_sz ) {
257 : /* https://github.com/anza-xyz/agave/blob/v3.1.2/program-runtime/src/cpi.rs#L146-L161 */
258 0 : if( FD_FEATURE_ACTIVE_BANK( vm->instr_ctx->bank, loosen_cpi_size_restriction ) ) {
259 0 : if( FD_UNLIKELY( acct_cnt > FD_CPI_MAX_INSTRUCTION_ACCOUNTS ) ) {
260 : // SyscallError::MaxInstructionAccountsExceeded
261 0 : return FD_VM_SYSCALL_ERR_MAX_INSTRUCTION_ACCOUNTS_EXCEEDED;
262 0 : }
263 0 : if( FD_UNLIKELY( data_sz>FD_RUNTIME_CPI_MAX_INSTR_DATA_LEN ) ) {
264 : // SyscallError::MaxInstructionDataLenExceeded
265 0 : return FD_VM_SYSCALL_ERR_MAX_INSTRUCTION_DATA_LEN_EXCEEDED;
266 0 : }
267 0 : } else {
268 : // https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/programs/bpf_loader/src/syscalls/cpi.rs#L1114
269 0 : ulong tot_sz = fd_ulong_sat_add( fd_ulong_sat_mul( FD_VM_RUST_ACCOUNT_META_SIZE, acct_cnt ), data_sz );
270 0 : if ( FD_UNLIKELY( tot_sz > FD_VM_MAX_CPI_INSTRUCTION_SIZE ) ) {
271 : // SyscallError::InstructionTooLarge
272 0 : return FD_VM_SYSCALL_ERR_INSTRUCTION_TOO_LARGE;
273 0 : }
274 0 : }
275 :
276 0 : return FD_VM_SUCCESS;
277 0 : }
278 :
279 : /* https://github.com/anza-xyz/agave/blob/v3.0.1/syscalls/src/cpi.rs#L1134-L1169 */
280 : static inline int
281 : fd_vm_cpi_update_caller_account_region( fd_vm_t * vm,
282 : ulong instr_acc_idx,
283 : fd_vm_cpi_caller_account_t * caller_account,
284 0 : fd_borrowed_account_t * borrowed_account ) {
285 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L1141-L1148 */
286 0 : ulong address_space_reserved_for_account;
287 0 : if( vm->stricter_abi_and_runtime_constraints && vm->is_deprecated ) {
288 0 : address_space_reserved_for_account = caller_account->orig_data_len;
289 0 : } else {
290 0 : address_space_reserved_for_account = fd_ulong_sat_add( caller_account->orig_data_len, MAX_PERMITTED_DATA_INCREASE );
291 0 : }
292 :
293 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L1159-L1164 */
294 0 : if( address_space_reserved_for_account > 0UL ) {
295 : /* Note that we don't special-case direct mapping here, as Agave does,
296 : because we do not create regions using CoW upon resize like Agave does.
297 :
298 : Therefore we do not need the logic in the Agave code to create a new
299 : region, as we have already created all the regions for each account.
300 :
301 : Therefore we do not have equivalents of Agave's
302 : modify_memory_region_of_account and create_memory_region_of_account
303 : functions, but we instead inline this logic directly below. */
304 0 : fd_vm_acc_region_meta_t * acc_region_meta = &vm->acc_region_metas[instr_acc_idx];
305 0 : fd_vm_input_region_t * region = &vm->input_mem_regions[acc_region_meta->region_idx + 1UL];
306 :
307 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L1159-L1165 */
308 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/program-runtime/src/serialization.rs#L23-L35 */
309 0 : region->region_sz = (uint)fd_borrowed_account_get_data_len( borrowed_account );
310 :
311 0 : int err;
312 0 : int is_writable = fd_borrowed_account_can_data_be_changed( borrowed_account, &err );
313 :
314 0 : region->is_writable = (uchar)is_writable && ( err == FD_EXECUTOR_INSTR_SUCCESS );
315 0 : }
316 :
317 0 : return FD_VM_SUCCESS;
318 0 : }
319 :
320 : /**********************************************************************
321 : CROSS PROGRAM INVOCATION HELPERS
322 : **********************************************************************/
323 :
324 : static inline int
325 : fd_vm_syscall_cpi_check_id( fd_pubkey_t const * program_id,
326 0 : uchar const * loader ) {
327 0 : return !memcmp( program_id, loader, sizeof(fd_pubkey_t) );
328 0 : }
329 :
330 : /* fd_vm_syscall_cpi_is_precompile returns true if the given program_id
331 : corresponds to a precompile. It does this by checking against a hardcoded
332 : list of known pre-compiles.
333 :
334 : This mirrors the behaviour in solana_sdk::precompiles::is_precompile
335 : https://github.com/solana-labs/solana/blob/2afde1b028ed4593da5b6c735729d8994c4bfac6/sdk/src/precompiles.rs#L93
336 : */
337 : static inline int
338 0 : fd_vm_syscall_cpi_is_precompile( fd_pubkey_t const * program_id, fd_bank_t * bank ) {
339 0 : return fd_vm_syscall_cpi_check_id(program_id, fd_solana_keccak_secp_256k_program_id.key) |
340 0 : fd_vm_syscall_cpi_check_id(program_id, fd_solana_ed25519_sig_verify_program_id.key) |
341 0 : ( fd_vm_syscall_cpi_check_id(program_id, fd_solana_secp256r1_program_id.key) &&
342 0 : FD_FEATURE_ACTIVE_BANK( bank, enable_secp256r1_precompile ) );
343 0 : }
344 :
345 : /* fd_vm_syscall_cpi_check_authorized_program corresponds to
346 : solana_bpf_loader_program::syscalls::cpi::check_authorized_program:
347 : https://github.com/solana-labs/solana/blob/2afde1b028ed4593da5b6c735729d8994c4bfac6/programs/bpf_loader/src/syscalls/cpi.rs#L1032
348 :
349 : It determines if the given program_id is authorized to execute a CPI call.
350 :
351 : FIXME: return type
352 : */
353 : static inline ulong
354 : fd_vm_syscall_cpi_check_authorized_program( fd_pubkey_t const * program_id,
355 : fd_bank_t * bank,
356 : uchar const * instruction_data,
357 0 : ulong instruction_data_len ) {
358 : /* FIXME: do this in a branchless manner? using bitwise comparison would probably be faster */
359 0 : return ( fd_vm_syscall_cpi_check_id(program_id, fd_solana_native_loader_id.key) ||
360 0 : fd_vm_syscall_cpi_check_id(program_id, fd_solana_bpf_loader_program_id.key) ||
361 0 : fd_vm_syscall_cpi_check_id(program_id, fd_solana_bpf_loader_deprecated_program_id.key) ||
362 0 : ( fd_vm_syscall_cpi_check_id(program_id, fd_solana_bpf_loader_upgradeable_program_id.key) &&
363 0 : !(( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_upgrade ) ||
364 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_set_authority ) ||
365 0 : ( FD_FEATURE_ACTIVE_BANK( bank, enable_bpf_loader_set_authority_checked_ix ) &&
366 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_set_authority_checked )) ||
367 0 : ( FD_FEATURE_ACTIVE_BANK( bank, enable_extend_program_checked ) &&
368 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_extend_program_checked )) ||
369 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_close ))) ||
370 0 : fd_vm_syscall_cpi_is_precompile( program_id, bank ) );
371 0 : }
372 :
373 : /* The data and lamports fields are in an Rc<Refcell<T>> in the Rust ABI AccountInfo.
374 : These macros perform the equivalent of Rc<Refcell<T>>.as_ptr() in Agave.
375 : This function doesn't actually touch any memory.
376 : It performs pointer arithmetic.
377 : */
378 : FD_FN_CONST static inline
379 0 : ulong vm_syscall_cpi_acc_info_rc_refcell_as_ptr( ulong rc_refcell_vaddr ) {
380 0 : return (ulong) &(((fd_vm_rc_refcell_t *)rc_refcell_vaddr)->payload);
381 0 : }
382 :
383 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L310-L316
384 : */
385 : FD_FN_CONST static inline
386 0 : ulong vm_syscall_cpi_data_len_vaddr_c( ulong acct_info_vaddr, ulong data_len_haddr, ulong acct_info_haddr ) {
387 0 : return fd_ulong_sat_sub( fd_ulong_sat_add( acct_info_vaddr, data_len_haddr ), acct_info_haddr );
388 0 : }
389 :
390 : /**********************************************************************
391 : CROSS PROGRAM INVOCATION (C ABI)
392 : **********************************************************************/
393 :
394 : #define VM_SYSCALL_CPI_ABI c
395 0 : #define VM_SYSCALL_CPI_INSTR_T fd_vm_c_instruction_t
396 : #define VM_SYSCALL_CPI_INSTR_ALIGN (FD_VM_C_INSTRUCTION_ALIGN)
397 : #define VM_SYSCALL_CPI_INSTR_SIZE (FD_VM_C_INSTRUCTION_SIZE)
398 0 : #define VM_SYSCALL_CPI_ACC_META_T fd_vm_c_account_meta_t
399 : #define VM_SYSCALL_CPI_ACC_META_ALIGN (FD_VM_C_ACCOUNT_META_ALIGN)
400 : #define VM_SYSCALL_CPI_ACC_META_SIZE (FD_VM_C_ACCOUNT_META_SIZE)
401 0 : #define VM_SYSCALL_CPI_ACC_INFO_T fd_vm_c_account_info_t
402 : #define VM_SYSCALL_CPI_ACC_INFO_ALIGN (FD_VM_C_ACCOUNT_INFO_ALIGN)
403 0 : #define VM_SYSCALL_CPI_ACC_INFO_SIZE (FD_VM_C_ACCOUNT_INFO_SIZE)
404 :
405 : /* VM_SYSCALL_CPI_INSTR_T accessors */
406 : #define VM_SYSCALL_CPI_INSTR_DATA_ADDR( instr ) instr->data_addr
407 0 : #define VM_SYSCALL_CPI_INSTR_DATA_LEN( instr ) instr->data_len
408 : #define VM_SYSCALL_CPI_INSTR_ACCS_ADDR( instr ) instr->accounts_addr
409 0 : #define VM_SYSCALL_CPI_INSTR_ACCS_LEN( instr ) instr->accounts_len
410 : #define VM_SYSCALL_CPI_INSTR_PROGRAM_ID( vm, instr ) \
411 0 : FD_VM_MEM_HADDR_LD( vm, instr->program_id_addr, alignof(uchar), sizeof(fd_pubkey_t) )
412 :
413 : /* VM_SYSCALL_CPI_ACC_META_T accessors */
414 0 : #define VM_SYSCALL_CPI_ACC_META_IS_WRITABLE( acc_meta ) acc_meta->is_writable
415 0 : #define VM_SYSCALL_CPI_ACC_META_IS_SIGNER( acc_meta ) acc_meta->is_signer
416 : #define VM_SYSCALL_CPI_ACC_META_PUBKEY( vm, acc_meta ) \
417 0 : FD_VM_MEM_HADDR_LD( vm, acc_meta->pubkey_addr, alignof(uchar), sizeof(fd_pubkey_t) )
418 :
419 : /* VM_SYSCALL_CPI_ACC_INFO_T accessors */
420 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR( vm, acc_info, decl ) \
421 0 : ulong decl = acc_info->lamports_addr;
422 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS( vm, acc_info, decl ) \
423 0 : ulong * decl = FD_VM_MEM_HADDR_ST( vm, acc_info->lamports_addr, alignof(ulong), sizeof(ulong) );
424 :
425 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L304 */
426 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR( vm, acc_info, decl ) \
427 0 : ulong decl = acc_info->data_addr;
428 : #define VM_SYSCALL_CPI_ACC_INFO_DATA( vm, acc_info, decl ) \
429 0 : uchar * decl = FD_VM_MEM_SLICE_HADDR_ST( vm, acc_info->data_addr, alignof(uchar), acc_info->data_sz ); \
430 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = acc_info->data_addr; \
431 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = acc_info->data_sz;
432 :
433 : #define VM_SYSCALL_CPI_ACC_INFO_METADATA( vm, acc_info, decl ) \
434 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = acc_info->data_addr; \
435 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = acc_info->data_sz;
436 :
437 : #define VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN( vm, acc_info, decl ) \
438 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = acc_info->data_sz;
439 :
440 : #include "fd_vm_syscall_cpi_common.c"
441 :
442 : #undef VM_SYSCALL_CPI_ABI
443 : #undef VM_SYSCALL_CPI_INSTR_T
444 : #undef VM_SYSCALL_CPI_INSTR_ALIGN
445 : #undef VM_SYSCALL_CPI_INSTR_SIZE
446 : #undef VM_SYSCALL_CPI_ACC_META_T
447 : #undef VM_SYSCALL_CPI_ACC_META_ALIGN
448 : #undef VM_SYSCALL_CPI_ACC_META_SIZE
449 : #undef VM_SYSCALL_CPI_ACC_INFO_T
450 : #undef VM_SYSCALL_CPI_ACC_INFO_ALIGN
451 : #undef VM_SYSCALL_CPI_ACC_INFO_SIZE
452 : #undef VM_SYSCALL_CPI_INSTR_DATA_ADDR
453 : #undef VM_SYSCALL_CPI_INSTR_DATA_LEN
454 : #undef VM_SYSCALL_CPI_INSTR_ACCS_ADDR
455 : #undef VM_SYSCALL_CPI_INSTR_ACCS_LEN
456 : #undef VM_SYSCALL_CPI_INSTR_PROGRAM_ID
457 : #undef VM_SYSCALL_CPI_ACC_META_IS_WRITABLE
458 : #undef VM_SYSCALL_CPI_ACC_META_IS_SIGNER
459 : #undef VM_SYSCALL_CPI_ACC_META_PUBKEY
460 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR
461 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS
462 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR
463 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA
464 : #undef VM_SYSCALL_CPI_ACC_INFO_METADATA
465 : #undef VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN
466 :
467 : /**********************************************************************
468 : CROSS PROGRAM INVOCATION (Rust ABI)
469 : **********************************************************************/
470 :
471 : #define VM_SYSCALL_CPI_ABI rust
472 0 : #define VM_SYSCALL_CPI_INSTR_T fd_vm_rust_instruction_t
473 : #define VM_SYSCALL_CPI_INSTR_ALIGN (FD_VM_RUST_INSTRUCTION_ALIGN)
474 : #define VM_SYSCALL_CPI_INSTR_SIZE (FD_VM_RUST_INSTRUCTION_SIZE)
475 0 : #define VM_SYSCALL_CPI_ACC_META_T fd_vm_rust_account_meta_t
476 : #define VM_SYSCALL_CPI_ACC_META_ALIGN (FD_VM_RUST_ACCOUNT_META_ALIGN)
477 : #define VM_SYSCALL_CPI_ACC_META_SIZE (FD_VM_RUST_ACCOUNT_META_SIZE)
478 0 : #define VM_SYSCALL_CPI_ACC_INFO_T fd_vm_rust_account_info_t
479 : #define VM_SYSCALL_CPI_ACC_INFO_ALIGN (FD_VM_RUST_ACCOUNT_INFO_ALIGN)
480 0 : #define VM_SYSCALL_CPI_ACC_INFO_SIZE (FD_VM_RUST_ACCOUNT_INFO_SIZE)
481 :
482 : /* VM_SYSCALL_CPI_INSTR_T accessors */
483 : #define VM_SYSCALL_CPI_INSTR_DATA_ADDR( instr ) instr->data.addr
484 0 : #define VM_SYSCALL_CPI_INSTR_DATA_LEN( instr ) instr->data.len
485 : #define VM_SYSCALL_CPI_INSTR_ACCS_ADDR( instr ) instr->accounts.addr
486 0 : #define VM_SYSCALL_CPI_INSTR_ACCS_LEN( instr ) instr->accounts.len
487 0 : #define VM_SYSCALL_CPI_INSTR_PROGRAM_ID( vm, instr ) instr->pubkey
488 :
489 : /* VM_SYSCALL_CPI_ACC_META_T accessors */
490 0 : #define VM_SYSCALL_CPI_ACC_META_IS_WRITABLE( acc_meta ) acc_meta->is_writable
491 0 : #define VM_SYSCALL_CPI_ACC_META_IS_SIGNER( acc_meta ) acc_meta->is_signer
492 0 : #define VM_SYSCALL_CPI_ACC_META_PUBKEY( vm, acc_meta ) acc_meta->pubkey
493 :
494 : /* VM_SYSCALL_CPI_ACC_INFO_T accessors */
495 :
496 : /* The lamports and the account data are stored behind RefCells,
497 : so we have an additional layer of indirection to unwrap. */
498 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR( vm, acc_info, decl ) \
499 0 : ulong const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
500 0 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->lamports_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(ulong) ); \
501 0 : /* Extract the vaddr embedded in the RefCell */ \
502 0 : ulong decl = *FD_EXPAND_THEN_CONCAT2(decl, _hptr_);
503 :
504 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L184-L195 */
505 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS( vm, acc_info, decl ) \
506 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vaddr_) = \
507 0 : *((ulong const *)FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->lamports_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(ulong) )); \
508 0 : ulong * decl = FD_VM_MEM_HADDR_ST( vm, FD_EXPAND_THEN_CONCAT2(decl, _vaddr_), alignof(ulong), sizeof(ulong) );
509 :
510 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L184-L195 */
511 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR( vm, acc_info, decl ) \
512 0 : if( FD_UNLIKELY( vm->stricter_abi_and_runtime_constraints && acc_info->data_box_addr >= FD_VM_MEM_MAP_INPUT_REGION_START ) ) { \
513 0 : FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_POINTER ); \
514 0 : return FD_VM_SYSCALL_ERR_INVALID_POINTER; \
515 0 : } \
516 0 : /* Translate the vaddr to the slice */ \
517 0 : fd_vm_vec_t const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
518 0 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(fd_vm_vec_t) ); \
519 0 : /* Extract the vaddr embedded in the slice */ \
520 0 : ulong decl = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr;
521 :
522 : /* https://github.com/anza-xyz/agave/blob/v3.0.4/syscalls/src/cpi.rs#L212-L221 */
523 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_LEN_VADDR( vm, acc_info, decl ) \
524 0 : ulong decl = fd_ulong_sat_add( vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), sizeof(ulong) );
525 :
526 : #define VM_SYSCALL_CPI_ACC_INFO_DATA( vm, acc_info, decl ) \
527 : /* Translate the vaddr to the slice */ \
528 0 : fd_vm_vec_t const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
529 0 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(fd_vm_vec_t) ); \
530 0 : /* Declare the vaddr of the slice's underlying byte array */ \
531 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr; \
532 0 : /* Declare the size of the slice's underlying byte array */ \
533 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len; \
534 0 : /* Translate the vaddr to the underlying byte array */ \
535 0 : uchar * decl = FD_VM_MEM_SLICE_HADDR_ST( \
536 0 : vm, FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr, alignof(uchar), FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len );
537 :
538 : #define VM_SYSCALL_CPI_ACC_INFO_METADATA( vm, acc_info, decl ) \
539 : /* Translate the vaddr to the slice */ \
540 : fd_vm_vec_t const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
541 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(fd_vm_vec_t) ); \
542 : /* Declare the vaddr of the slice's underlying byte array */ \
543 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr; \
544 : /* Declare the size of the slice's underlying byte array */ \
545 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len;
546 :
547 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_RC_REFCELL_VADDR( vm, acc_info, decl ) \
548 0 : ulong decl = vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->lamports_box_addr );
549 :
550 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_RC_REFCELL_VADDR( vm, acc_info, decl ) \
551 : ulong decl = vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr );
552 :
553 : #define VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN( vm, acc_info, decl ) \
554 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len;
555 :
556 : #include "fd_vm_syscall_cpi_common.c"
557 :
558 : #undef VM_SYSCALL_CPI_ABI
559 : #undef VM_SYSCALL_CPI_INSTR_T
560 : #undef VM_SYSCALL_CPI_INSTR_ALIGN
561 : #undef VM_SYSCALL_CPI_INSTR_SIZE
562 : #undef VM_SYSCALL_CPI_ACC_META_T
563 : #undef VM_SYSCALL_CPI_ACC_META_ALIGN
564 : #undef VM_SYSCALL_CPI_ACC_META_SIZE
565 : #undef VM_SYSCALL_CPI_ACC_INFO_T
566 : #undef VM_SYSCALL_CPI_ACC_INFO_ALIGN
567 : #undef VM_SYSCALL_CPI_ACC_INFO_SIZE
568 : #undef VM_SYSCALL_CPI_INSTR_DATA_ADDR
569 : #undef VM_SYSCALL_CPI_INSTR_DATA_LEN
570 : #undef VM_SYSCALL_CPI_INSTR_ACCS_ADDR
571 : #undef VM_SYSCALL_CPI_INSTR_ACCS_LEN
572 : #undef VM_SYSCALL_CPI_INSTR_PROGRAM_ID
573 : #undef VM_SYSCALL_CPI_ACC_META_IS_WRITABLE
574 : #undef VM_SYSCALL_CPI_ACC_META_IS_SIGNER
575 : #undef VM_SYSCALL_CPI_ACC_META_PUBKEY
576 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR
577 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS
578 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR
579 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA
580 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_LEN_VADDR
581 : #undef VM_SYSCALL_CPI_ACC_INFO_METADATA
582 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_RC_REFCELL_VADDR
583 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_RC_REFCELL_VADDR
584 : #undef VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN
|
