Line data Source code
1 : #include "fd_vm_syscall.h"
2 : #include "../../../ballet/ed25519/fd_curve25519.h"
3 : #include "../../../util/bits/fd_uwide.h"
4 : #include "../../runtime/fd_borrowed_account.h"
5 : #include "../../runtime/fd_executor.h"
6 : #include <stdio.h>
7 :
8 : /* FIXME: ALGO EFFICIENCY */
9 : static inline int
10 : fd_vm_syscall_cpi_is_signer( fd_pubkey_t const * account,
11 : fd_pubkey_t const * signers,
12 0 : ulong signers_cnt ) {
13 0 : for( ulong i=0UL; i<signers_cnt; i++ ) if( !memcmp( account->uc, signers[i].uc, sizeof(fd_pubkey_t) ) ) return 1;
14 0 : return 0;
15 0 : }
16 :
17 : /*
18 : fd_vm_prepare_instruction populates instruction_accounts and instruction_accounts_cnt
19 : with the instruction accounts ready for execution.
20 :
21 : The majority of this logic is taken from
22 : https://github.com/solana-labs/solana/blob/v1.17.22/program-runtime/src/invoke_context.rs#L535,
23 : and is not vm-specific, but a part of the runtime.
24 : TODO: should we move this out of the CPI section?
25 :
26 : The bulk of the logic is concerned with unifying the privileges for each duplicated account,
27 : ensuring that each duplicate account referenced has the same privileges. It also performs some
28 : priviledge checks, for example ensuring the necessary signatures are present.
29 :
30 : TODO: instruction calling convention: const parameters after non-const.
31 :
32 : Assumptions:
33 : - We do not have more than 256 unique accounts in the callee_instr.
34 : This limit comes from the fact that a Solana transaction cannot
35 : refefence more than 256 unique accounts, due to the transaction
36 : serialization format.
37 : - callee_instr is not null.
38 : - callee_instr->acct_pubkeys is at least as long as callee_instr->acct_cnt
39 : - instr_ctx->txn_ctx->accounts_cnt is less than UCHAR_MAX.
40 : This is likely because the transaction is limited to 256 accounts.
41 : - callee_instr->program_id is set to UCHAR_MAX if account is not in instr_ctx->txn_ctx.
42 : - instruction_accounts is a 256-length empty array.
43 :
44 : Parameters:
45 : - callee_instr
46 : - instr_ctx
47 : - instruction_accounts
48 : - instruction_accounts_cnt
49 : - signers
50 : - signers_cnt
51 :
52 : Returns:
53 : - instruction_accounts
54 : - instruction_accounts_cnt
55 : Populated with the instruction accounts with normalized permissions.
56 :
57 : TODO: is it possible to pass the transaction indexes of the accounts in?
58 : This would allow us to make some of these algorithms more efficient.
59 : */
60 : int
61 : fd_vm_prepare_instruction( fd_instr_info_t * callee_instr,
62 : fd_exec_instr_ctx_t * instr_ctx,
63 : fd_pubkey_t const * callee_program_id_pubkey,
64 : fd_pubkey_t const instr_acct_keys[ FD_INSTR_ACCT_MAX ],
65 : fd_instruction_account_t instruction_accounts[ FD_INSTR_ACCT_MAX ],
66 : ulong * instruction_accounts_cnt,
67 : fd_pubkey_t const * signers,
68 0 : ulong signers_cnt ) {
69 :
70 : /* De-duplicate the instruction accounts, using the same logic as Solana */
71 0 : ulong deduplicated_instruction_accounts_cnt = 0;
72 0 : fd_instruction_account_t deduplicated_instruction_accounts[256] = {0};
73 0 : ulong duplicate_indicies_cnt = 0;
74 0 : ulong duplicate_indices[256] = {0};
75 :
76 : /* Normalize the privileges of each instruction account in the callee, after de-duping
77 : the account references.
78 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/program-runtime/src/invoke_context.rs#L540-L595 */
79 0 : for( ulong i=0UL; i<callee_instr->acct_cnt; i++ ) {
80 0 : ushort index_in_transaction = callee_instr->accounts[i].index_in_transaction;
81 0 : ushort index_in_caller = callee_instr->accounts[i].index_in_caller;
82 :
83 0 : if( index_in_transaction==USHORT_MAX ) {
84 : /* In this case the callee instruction is referencing an unknown account not listed in the
85 : transactions accounts. */
86 0 : FD_BASE58_ENCODE_32_BYTES( instr_acct_keys[i].uc, id_b58 );
87 0 : fd_log_collector_msg_many( instr_ctx, 2, "Instruction references an unknown account ", 42UL, id_b58, id_b58_len );
88 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_ctx, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_ctx->instr_err_idx );
89 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
90 0 : }
91 :
92 0 : fd_pubkey_t const * callee_pubkey = &instr_ctx->txn_ctx->account_keys[ index_in_transaction ];
93 :
94 : /* If there was an instruction account before this one which referenced the same
95 : transaction account index, find it's index in the deduplicated_instruction_accounts
96 : array. */
97 0 : ulong duplicate_index = ULONG_MAX;
98 0 : for( ulong j=0UL; j<deduplicated_instruction_accounts_cnt; j++ ) {
99 0 : if( deduplicated_instruction_accounts[j].index_in_transaction==index_in_transaction ) {
100 0 : duplicate_index = j;
101 0 : break;
102 0 : }
103 0 : }
104 :
105 : /* If this was account referenced in a previous iteration, update the flags to include those set
106 : in this iteration. This ensures that after all the iterations, the de-duplicated account flags
107 : for each account are the union of all the flags in all the references to that account in this instruction. */
108 :
109 : /* TODO: FD_UNLIKELY? Need to check which branch is more common by running against a larger mainnet ledger */
110 : /* TODO: this code would maybe be easier to read if we inverted the branches */
111 0 : if( duplicate_index!=ULONG_MAX ) {
112 0 : if ( FD_UNLIKELY( duplicate_index >= deduplicated_instruction_accounts_cnt ) ) {
113 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_ctx, FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS, instr_ctx->txn_ctx->instr_err_idx );
114 0 : return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
115 0 : }
116 :
117 0 : duplicate_indices[duplicate_indicies_cnt++] = duplicate_index;
118 0 : fd_instruction_account_t * instruction_account = &deduplicated_instruction_accounts[duplicate_index];
119 0 : instruction_account->is_signer = !!(instruction_account->is_signer | callee_instr->accounts[i].is_signer);
120 0 : instruction_account->is_writable = !!(instruction_account->is_writable | callee_instr->accounts[i].is_writable);
121 0 : } else {
122 : /* In the case where the callee instruction is NOT a duplicate, we need to
123 : create the deduplicated_instruction_accounts fd_instruction_account_t object. */
124 :
125 : /* index_in_caller is set to USHORT_MAX in VM_SYSCALL_CPI_INSTRUCTION_TO_INSTR_FUNC if not found */
126 0 : if( index_in_caller == USHORT_MAX ) {
127 0 : FD_BASE58_ENCODE_32_BYTES( callee_pubkey->uc, id_b58 );
128 0 : fd_log_collector_msg_many( instr_ctx, 2, "Instruction references an unknown account ", 42UL, id_b58, id_b58_len );
129 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_ctx, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_ctx->instr_err_idx );
130 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
131 0 : }
132 :
133 : /* Add the instruction account to the duplicate indicies array */
134 0 : duplicate_indices[duplicate_indicies_cnt++] = deduplicated_instruction_accounts_cnt;
135 :
136 : /* Initialize the instruction account in the deduplicated_instruction_accounts array */
137 0 : fd_instruction_account_t * instruction_account = &deduplicated_instruction_accounts[deduplicated_instruction_accounts_cnt++];
138 0 : *instruction_account = fd_instruction_account_init( index_in_transaction,
139 0 : index_in_caller,
140 0 : (ushort)i,
141 0 : !!(callee_instr->accounts[i].is_writable),
142 0 : !!(callee_instr->accounts[i].is_signer) );
143 0 : }
144 0 : }
145 :
146 : /* Check the normalized account permissions for privilege escalation.
147 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/program-runtime/src/invoke_context.rs#L596-L624 */
148 0 : for( ulong i = 0; i < deduplicated_instruction_accounts_cnt; i++ ) {
149 0 : fd_instruction_account_t * instruction_account = &deduplicated_instruction_accounts[i];
150 :
151 : /* https://github.com/anza-xyz/agave/blob/v2.1.14/program-runtime/src/invoke_context.rs#L390-L393 */
152 0 : fd_guarded_borrowed_account_t borrowed_caller_acct;
153 0 : FD_TRY_BORROW_INSTR_ACCOUNT_DEFAULT_ERR_CHECK( instr_ctx, instruction_account->index_in_caller, &borrowed_caller_acct );
154 :
155 : /* Check that the account is not read-only in the caller but writable in the callee */
156 0 : if( FD_UNLIKELY( instruction_account->is_writable && !fd_borrowed_account_is_writable( &borrowed_caller_acct ) ) ) {
157 0 : FD_BASE58_ENCODE_32_BYTES( borrowed_caller_acct.acct->pubkey->uc, id_b58 );
158 0 : fd_log_collector_msg_many( instr_ctx, 2, id_b58, id_b58_len, "'s writable privilege escalated", 31UL );
159 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_ctx, FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION, instr_ctx->txn_ctx->instr_err_idx );
160 0 : return FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION;
161 0 : }
162 :
163 : /* If the account is signed in the callee, it must be signed by the caller or the program */
164 0 : if ( FD_UNLIKELY( instruction_account->is_signer && !( fd_borrowed_account_is_signer( &borrowed_caller_acct ) || fd_vm_syscall_cpi_is_signer( borrowed_caller_acct.acct->pubkey, signers, signers_cnt) ) ) ) {
165 0 : FD_BASE58_ENCODE_32_BYTES( borrowed_caller_acct.acct->pubkey->uc, id_b58 );
166 0 : fd_log_collector_msg_many( instr_ctx, 2, id_b58, id_b58_len, "'s signer privilege escalated", 29UL );
167 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_ctx, FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION, instr_ctx->txn_ctx->instr_err_idx );
168 0 : return FD_EXECUTOR_INSTR_ERR_PRIVILEGE_ESCALATION;
169 0 : }
170 0 : }
171 :
172 : /* Copy the accounts with their normalized permissions over to the final instruction_accounts array,
173 : and set the callee_instr acct_flags. */
174 0 : for (ulong i = 0; i < duplicate_indicies_cnt; i++) {
175 0 : ulong duplicate_index = duplicate_indices[i];
176 :
177 : /* Failing this condition is technically impossible, but it is probably safest to keep this in
178 : so that we throw InstructionError::NotEnoughAccountKeys at the same point at Solana does,
179 : in the event any surrounding code is changed.
180 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/program-runtime/src/invoke_context.rs#L625-L633 */
181 0 : if ( FD_LIKELY( duplicate_index < deduplicated_instruction_accounts_cnt ) ) {
182 0 : instruction_accounts[i] = deduplicated_instruction_accounts[duplicate_index];
183 0 : callee_instr->accounts[i].is_writable = !!(instruction_accounts[i].is_writable);
184 0 : callee_instr->accounts[i].is_signer = !!(instruction_accounts[i].is_signer);
185 0 : } else {
186 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_ctx, FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS, instr_ctx->txn_ctx->instr_err_idx );
187 0 : return FD_EXECUTOR_INSTR_ERR_NOT_ENOUGH_ACC_KEYS;
188 0 : }
189 0 : }
190 :
191 0 : if( FD_FEATURE_ACTIVE( instr_ctx->txn_ctx->slot, &instr_ctx->txn_ctx->features, lift_cpi_caller_restriction ) ) {
192 0 : if( FD_UNLIKELY( -1==fd_exec_txn_ctx_find_index_of_account( instr_ctx->txn_ctx, callee_program_id_pubkey ) ) ) {
193 0 : FD_BASE58_ENCODE_32_BYTES( callee_program_id_pubkey->uc, id_b58 );
194 0 : fd_log_collector_msg_many( instr_ctx, 2, "Unknown program ", 16UL, id_b58, id_b58_len );
195 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_ctx, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_ctx->instr_err_idx );
196 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
197 0 : }
198 0 : } else {
199 : /* Obtain the program account index and return a MissingAccount error if not found.
200 : https://github.com/anza-xyz/agave/blob/v2.1.14/program-runtime/src/invoke_context.rs#L430-L435 */
201 0 : int program_idx = fd_exec_instr_ctx_find_idx_of_instr_account( instr_ctx, callee_program_id_pubkey );
202 0 : if( FD_UNLIKELY( program_idx == -1 ) ) {
203 0 : FD_BASE58_ENCODE_32_BYTES( callee_program_id_pubkey->uc, id_b58 );
204 0 : fd_log_collector_msg_many( instr_ctx, 2, "Unknown program ", 16UL, id_b58, id_b58_len );
205 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_ctx, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_ctx->instr_err_idx );
206 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
207 0 : }
208 :
209 : /* Caller is in charge of setting an appropriate sentinel value (i.e., UCHAR_MAX) for callee_instr->program_id if not found.
210 : Borrow the program account here.
211 : https://github.com/anza-xyz/agave/blob/v2.1.14/program-runtime/src/invoke_context.rs#L436-L437 */
212 0 : fd_guarded_borrowed_account_t borrowed_program_account;
213 0 : int err = fd_exec_instr_ctx_try_borrow_instr_account( instr_ctx, (ushort)program_idx, &borrowed_program_account );
214 0 : if( FD_UNLIKELY( err ) ) {
215 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_ctx, err, instr_ctx->txn_ctx->instr_err_idx );
216 0 : return err;
217 0 : }
218 :
219 0 : if( FD_UNLIKELY( err ) ) {
220 : /* https://github.com/anza-xyz/agave/blob/a9ac3f55fcb2bc735db0d251eda89897a5dbaaaa/program-runtime/src/invoke_context.rs#L434 */
221 0 : FD_BASE58_ENCODE_32_BYTES( callee_program_id_pubkey->uc, id_b58 );
222 0 : fd_log_collector_msg_many( instr_ctx, 2, "Unknown program ", 16UL, id_b58, id_b58_len );
223 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_ctx, FD_EXECUTOR_INSTR_ERR_MISSING_ACC, instr_ctx->txn_ctx->instr_err_idx );
224 0 : return FD_EXECUTOR_INSTR_ERR_MISSING_ACC;
225 0 : }
226 : /* Check that the program account is executable. We need to ensure that the
227 : program account is a valid instruction account.
228 : https://github.com/anza-xyz/agave/blob/v2.1.14/program-runtime/src/invoke_context.rs#L438 */
229 0 : if( !FD_FEATURE_ACTIVE( instr_ctx->txn_ctx->slot, &instr_ctx->txn_ctx->features, remove_accounts_executable_flag_checks ) ) {
230 0 : if( FD_UNLIKELY( !fd_borrowed_account_is_executable( &borrowed_program_account ) ) ) {
231 0 : FD_BASE58_ENCODE_32_BYTES( callee_program_id_pubkey->uc, id_b58 );
232 0 : fd_log_collector_msg_many( instr_ctx, 3, "Account ", 8UL, id_b58, id_b58_len, " is not executable", 18UL );
233 0 : FD_TXN_ERR_FOR_LOG_INSTR( instr_ctx->txn_ctx, FD_EXECUTOR_INSTR_ERR_ACC_NOT_EXECUTABLE, instr_ctx->txn_ctx->instr_err_idx );
234 0 : return FD_EXECUTOR_INSTR_ERR_ACC_NOT_EXECUTABLE;
235 0 : }
236 0 : }
237 0 : }
238 :
239 0 : *instruction_accounts_cnt = duplicate_indicies_cnt;
240 :
241 0 : return 0;
242 0 : }
243 :
244 : /**********************************************************************
245 : CROSS PROGRAM INVOCATION (Generic logic)
246 : **********************************************************************/
247 :
248 : /* FD_CPI_MAX_SIGNER_CNT is the max amount of PDA signer addresses that
249 : a cross-program invocation can include in an instruction.
250 :
251 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/programs/bpf_loader/src/syscalls/mod.rs#L80 */
252 :
253 : #define FD_CPI_MAX_SIGNER_CNT (16UL)
254 :
255 : /* "Maximum number of account info structs that can be used in a single CPI
256 : invocation. A limit on account info structs is effectively the same as
257 : limiting the number of unique accounts. 128 was chosen to match the max
258 : number of locked accounts per transaction (MAX_TX_ACCOUNT_LOCKS)."
259 :
260 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/sdk/program/src/syscalls/mod.rs#L25
261 : https://github.com/anza-xyz/agave/blob/838c1952595809a31520ff1603a13f2c9123aa51/programs/bpf_loader/src/syscalls/cpi.rs#L1011 */
262 :
263 0 : #define FD_CPI_MAX_ACCOUNT_INFOS (128UL)
264 : /* This is just encoding what Agave says in their code comments into a
265 : compile-time check, so if anyone ever inadvertently changes one of
266 : the limits, they will have to take a look. */
267 : FD_STATIC_ASSERT( FD_CPI_MAX_ACCOUNT_INFOS==MAX_TX_ACCOUNT_LOCKS, cpi_max_account_info );
268 : static inline ulong
269 0 : get_cpi_max_account_infos( fd_exec_txn_ctx_t const * txn_ctx ) {
270 0 : return fd_ulong_if( FD_FEATURE_ACTIVE( txn_ctx->slot, &txn_ctx->features, increase_tx_account_lock_limit ), FD_CPI_MAX_ACCOUNT_INFOS, 64UL );
271 0 : }
272 :
273 : /* Maximum CPI instruction data size. 10 KiB was chosen to ensure that CPI
274 : instructions are not more limited than transaction instructions if the size
275 : of transactions is doubled in the future.
276 :
277 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/sdk/program/src/syscalls/mod.rs#L14 */
278 :
279 : #define FD_CPI_MAX_INSTRUCTION_DATA_LEN (10240UL)
280 :
281 : /* Maximum CPI instruction accounts. 255 was chosen to ensure that instruction
282 : accounts are always within the maximum instruction account limit for BPF
283 : program instructions.
284 :
285 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/sdk/program/src/syscalls/mod.rs#L19
286 : https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/programs/bpf_loader/src/serialization.rs#L26 */
287 :
288 : #define FD_CPI_MAX_INSTRUCTION_ACCOUNTS (255UL)
289 :
290 :
291 : /* fd_vm_syscall_cpi_check_instruction contains common instruction acct
292 : count and data sz checks. Also consumes compute units proportional
293 : to instruction data size. */
294 :
295 : static int
296 : fd_vm_syscall_cpi_check_instruction( fd_vm_t const * vm,
297 : ulong acct_cnt,
298 0 : ulong data_sz ) {
299 : /* https://github.com/solana-labs/solana/blob/eb35a5ac1e7b6abe81947e22417f34508f89f091/programs/bpf_loader/src/syscalls/cpi.rs#L958-L959 */
300 0 : if( FD_FEATURE_ACTIVE( vm->instr_ctx->txn_ctx->slot, &vm->instr_ctx->txn_ctx->features, loosen_cpi_size_restriction ) ) {
301 0 : if( FD_UNLIKELY( data_sz > FD_CPI_MAX_INSTRUCTION_DATA_LEN ) ) {
302 0 : FD_LOG_WARNING(( "cpi: data too long (%#lx)", data_sz ));
303 : // SyscallError::MaxInstructionDataLenExceeded
304 0 : return FD_VM_SYSCALL_ERR_MAX_INSTRUCTION_DATA_LEN_EXCEEDED;
305 0 : }
306 0 : if( FD_UNLIKELY( acct_cnt > FD_CPI_MAX_INSTRUCTION_ACCOUNTS ) ) {
307 0 : FD_LOG_WARNING(( "cpi: too many accounts (%#lx)", acct_cnt ));
308 : // SyscallError::MaxInstructionAccountsExceeded
309 0 : return FD_VM_SYSCALL_ERR_MAX_INSTRUCTION_ACCOUNTS_EXCEEDED;
310 0 : }
311 0 : } else {
312 : // https://github.com/solana-labs/solana/blob/dbf06e258ae418097049e845035d7d5502fe1327/programs/bpf_loader/src/syscalls/cpi.rs#L1114
313 0 : ulong tot_sz = fd_ulong_sat_add( fd_ulong_sat_mul( FD_VM_RUST_ACCOUNT_META_SIZE, acct_cnt ), data_sz );
314 0 : if ( FD_UNLIKELY( tot_sz > FD_VM_MAX_CPI_INSTRUCTION_SIZE ) ) {
315 0 : FD_LOG_WARNING(( "cpi: instruction too long (%#lx)", tot_sz ));
316 : // SyscallError::InstructionTooLarge
317 0 : return FD_VM_SYSCALL_ERR_INSTRUCTION_TOO_LARGE;
318 0 : }
319 0 : }
320 :
321 0 : return FD_VM_SUCCESS;
322 0 : }
323 :
324 : /**********************************************************************
325 : CROSS PROGRAM INVOCATION HELPERS
326 : **********************************************************************/
327 :
328 : static inline int
329 : fd_vm_syscall_cpi_check_id( fd_pubkey_t const * program_id,
330 0 : uchar const * loader ) {
331 0 : return !memcmp( program_id, loader, sizeof(fd_pubkey_t) );
332 0 : }
333 :
334 : /* fd_vm_syscall_cpi_is_precompile returns true if the given program_id
335 : corresponds to a precompile. It does this by checking against a hardcoded
336 : list of known pre-compiles.
337 :
338 : This mirrors the behaviour in solana_sdk::precompiles::is_precompile
339 : https://github.com/solana-labs/solana/blob/2afde1b028ed4593da5b6c735729d8994c4bfac6/sdk/src/precompiles.rs#L93
340 : */
341 : static inline int
342 0 : fd_vm_syscall_cpi_is_precompile( fd_pubkey_t const * program_id, fd_exec_txn_ctx_t const * txn_ctx ) {
343 0 : return fd_vm_syscall_cpi_check_id(program_id, fd_solana_keccak_secp_256k_program_id.key) |
344 0 : fd_vm_syscall_cpi_check_id(program_id, fd_solana_ed25519_sig_verify_program_id.key) |
345 0 : ( fd_vm_syscall_cpi_check_id(program_id, fd_solana_secp256r1_program_id.key) &&
346 0 : FD_FEATURE_ACTIVE( txn_ctx->slot, &txn_ctx->features, enable_secp256r1_precompile ) );
347 0 : }
348 :
349 : /* fd_vm_syscall_cpi_check_authorized_program corresponds to
350 : solana_bpf_loader_program::syscalls::cpi::check_authorized_program:
351 : https://github.com/solana-labs/solana/blob/2afde1b028ed4593da5b6c735729d8994c4bfac6/programs/bpf_loader/src/syscalls/cpi.rs#L1032
352 :
353 : It determines if the given program_id is authorized to execute a CPI call.
354 :
355 : FIXME: return type
356 : */
357 : static inline ulong
358 : fd_vm_syscall_cpi_check_authorized_program( fd_pubkey_t const * program_id,
359 : fd_exec_txn_ctx_t const * txn_ctx,
360 : uchar const * instruction_data,
361 0 : ulong instruction_data_len ) {
362 : /* FIXME: do this in a branchless manner? using bitwise comparison would probably be faster */
363 0 : return ( fd_vm_syscall_cpi_check_id(program_id, fd_solana_native_loader_id.key) ||
364 0 : fd_vm_syscall_cpi_check_id(program_id, fd_solana_bpf_loader_program_id.key) ||
365 0 : fd_vm_syscall_cpi_check_id(program_id, fd_solana_bpf_loader_deprecated_program_id.key) ||
366 0 : ( fd_vm_syscall_cpi_check_id(program_id, fd_solana_bpf_loader_upgradeable_program_id.key) &&
367 0 : !(( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_upgrade ) ||
368 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_set_authority ) ||
369 0 : ( FD_FEATURE_ACTIVE( txn_ctx->slot, &txn_ctx->features, enable_bpf_loader_set_authority_checked_ix ) &&
370 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_set_authority_checked )) ||
371 0 : ( FD_FEATURE_ACTIVE( txn_ctx->slot, &txn_ctx->features, enable_extend_program_checked ) &&
372 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_extend_program_checked )) ||
373 0 : ( instruction_data_len != 0 && instruction_data[0] == fd_bpf_upgradeable_loader_program_instruction_enum_close ))) ||
374 0 : fd_vm_syscall_cpi_is_precompile( program_id, txn_ctx ) );
375 0 : }
376 :
377 : /* Helper functions to get the absolute vaddrs of the serialized accounts pubkey, lamports and owner.
378 :
379 : For the accounts not owned by the deprecated loader, all of these offsets into the accounts metadata region
380 : are static from fd_vm_acc_region_meta->metadata_region_offset.
381 :
382 : For accounts owned by the deprecated loader, the unaligned serializer is used, which means only the pubkey
383 : and lamports offsets are static from the metadata_region_offset. The owner is serialized into the region
384 : immediately following the account data region (if present) at a fixed offset.
385 : */
386 0 : #define VM_SERIALIZED_PUBKEY_OFFSET (8UL)
387 0 : #define VM_SERIALIZED_OWNER_OFFSET (40UL)
388 0 : #define VM_SERIALIZED_LAMPORTS_OFFSET (72UL)
389 :
390 0 : #define VM_SERIALIZED_UNALIGNED_PUBKEY_OFFSET (3UL)
391 0 : #define VM_SERIALIZED_UNALIGNED_LAMPORTS_OFFSET (35UL)
392 :
393 : static inline
394 0 : ulong serialized_pubkey_vaddr( fd_vm_t * vm, fd_vm_acc_region_meta_t * acc_region_meta ) {
395 0 : return FD_VM_MEM_MAP_INPUT_REGION_START + acc_region_meta->metadata_region_offset +
396 0 : (vm->is_deprecated ? VM_SERIALIZED_UNALIGNED_PUBKEY_OFFSET : VM_SERIALIZED_PUBKEY_OFFSET);
397 0 : }
398 :
399 : static inline
400 0 : ulong serialized_owner_vaddr( fd_vm_t * vm, fd_vm_acc_region_meta_t * acc_region_meta ) {
401 0 : if ( vm->is_deprecated ) {
402 : /* For deprecated loader programs, the owner is serialized into the start of the region
403 : following the account data region (if present) at a fixed offset.
404 : If the account data region is not present, the owner is
405 : serialized into the same fixed offset following the account's
406 : metadata region.
407 : */
408 0 : return FD_VM_MEM_MAP_INPUT_REGION_START + vm->input_mem_regions[
409 0 : acc_region_meta->has_data_region ? acc_region_meta->region_idx+1U : acc_region_meta->region_idx
410 0 : ].vaddr_offset;
411 0 : }
412 :
413 0 : return FD_VM_MEM_MAP_INPUT_REGION_START + acc_region_meta->metadata_region_offset + VM_SERIALIZED_OWNER_OFFSET;
414 0 : }
415 :
416 : static inline
417 0 : ulong serialized_lamports_vaddr( fd_vm_t * vm, fd_vm_acc_region_meta_t * acc_region_meta ) {
418 0 : return FD_VM_MEM_MAP_INPUT_REGION_START + acc_region_meta->metadata_region_offset +
419 0 : (vm->is_deprecated ? VM_SERIALIZED_UNALIGNED_LAMPORTS_OFFSET : VM_SERIALIZED_LAMPORTS_OFFSET);
420 0 : }
421 :
422 : /* The data and lamports fields are in an Rc<Refcell<T>> in the Rust ABI AccountInfo.
423 : These macros perform the equivalent of Rc<Refcell<T>>.as_ptr() in Agave.
424 : This function doesn't actually touch any memory.
425 : It performs pointer arithmetic.
426 : */
427 : FD_FN_CONST static inline
428 0 : ulong vm_syscall_cpi_acc_info_rc_refcell_as_ptr( ulong rc_refcell_vaddr ) {
429 0 : return (ulong) &(((fd_vm_rc_refcell_t *)rc_refcell_vaddr)->payload);
430 0 : }
431 :
432 : /* https://github.com/anza-xyz/agave/blob/v2.1.6/programs/bpf_loader/src/syscalls/cpi.rs#L327
433 : */
434 : FD_FN_CONST static inline
435 0 : ulong vm_syscall_cpi_data_len_vaddr_c( ulong acct_info_vaddr, ulong data_len_haddr, ulong acct_info_haddr ) {
436 0 : return fd_ulong_sat_sub( fd_ulong_sat_add( acct_info_vaddr, data_len_haddr ), acct_info_haddr );
437 0 : }
438 :
439 : /**********************************************************************
440 : CROSS PROGRAM INVOCATION (C ABI)
441 : **********************************************************************/
442 :
443 : #define VM_SYSCALL_CPI_ABI c
444 0 : #define VM_SYSCALL_CPI_INSTR_T fd_vm_c_instruction_t
445 : #define VM_SYSCALL_CPI_INSTR_ALIGN (FD_VM_C_INSTRUCTION_ALIGN)
446 : #define VM_SYSCALL_CPI_INSTR_SIZE (FD_VM_C_INSTRUCTION_SIZE)
447 0 : #define VM_SYSCALL_CPI_ACC_META_T fd_vm_c_account_meta_t
448 : #define VM_SYSCALL_CPI_ACC_META_ALIGN (FD_VM_C_ACCOUNT_META_ALIGN)
449 : #define VM_SYSCALL_CPI_ACC_META_SIZE (FD_VM_C_ACCOUNT_META_SIZE)
450 0 : #define VM_SYSCALL_CPI_ACC_INFO_T fd_vm_c_account_info_t
451 : #define VM_SYSCALL_CPI_ACC_INFO_ALIGN (FD_VM_C_ACCOUNT_INFO_ALIGN)
452 0 : #define VM_SYSCALL_CPI_ACC_INFO_SIZE (FD_VM_C_ACCOUNT_INFO_SIZE)
453 :
454 : /* VM_SYSCALL_CPI_INSTR_T accessors */
455 : #define VM_SYSCALL_CPI_INSTR_DATA_ADDR( instr ) instr->data_addr
456 0 : #define VM_SYSCALL_CPI_INSTR_DATA_LEN( instr ) instr->data_len
457 : #define VM_SYSCALL_CPI_INSTR_ACCS_ADDR( instr ) instr->accounts_addr
458 0 : #define VM_SYSCALL_CPI_INSTR_ACCS_LEN( instr ) instr->accounts_len
459 : #define VM_SYSCALL_CPI_INSTR_PROGRAM_ID( vm, instr ) \
460 0 : FD_VM_MEM_HADDR_LD( vm, instr->program_id_addr, alignof(uchar), sizeof(fd_pubkey_t) )
461 :
462 : /* VM_SYSCALL_CPI_ACC_META_T accessors */
463 0 : #define VM_SYSCALL_CPI_ACC_META_IS_WRITABLE( acc_meta ) acc_meta->is_writable
464 0 : #define VM_SYSCALL_CPI_ACC_META_IS_SIGNER( acc_meta ) acc_meta->is_signer
465 : #define VM_SYSCALL_CPI_ACC_META_PUBKEY( vm, acc_meta ) \
466 0 : FD_VM_MEM_HADDR_LD( vm, acc_meta->pubkey_addr, alignof(uchar), sizeof(fd_pubkey_t) )
467 :
468 : /* VM_SYSCALL_CPI_ACC_INFO_T accessors */
469 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR( vm, acc_info, decl ) \
470 0 : ulong decl = acc_info->lamports_addr;
471 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS( vm, acc_info, decl ) \
472 0 : ulong * decl = FD_VM_MEM_HADDR_ST( vm, acc_info->lamports_addr, alignof(ulong), sizeof(ulong) );
473 :
474 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR( vm, acc_info, decl ) \
475 0 : ulong decl = acc_info->data_addr;
476 : #define VM_SYSCALL_CPI_ACC_INFO_DATA( vm, acc_info, decl ) \
477 0 : uchar * decl = FD_VM_MEM_SLICE_HADDR_ST( vm, acc_info->data_addr, alignof(uchar), acc_info->data_sz ); \
478 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = acc_info->data_addr; \
479 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = acc_info->data_sz;
480 :
481 : #define VM_SYSCALL_CPI_ACC_INFO_METADATA( vm, acc_info, decl ) \
482 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = acc_info->data_addr; \
483 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = acc_info->data_sz;
484 :
485 : #define VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN( vm, acc_info, decl ) \
486 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = acc_info->data_sz;
487 :
488 : #include "fd_vm_syscall_cpi_common.c"
489 :
490 : #undef VM_SYSCALL_CPI_ABI
491 : #undef VM_SYSCALL_CPI_INSTR_T
492 : #undef VM_SYSCALL_CPI_INSTR_ALIGN
493 : #undef VM_SYSCALL_CPI_INSTR_SIZE
494 : #undef VM_SYSCALL_CPI_ACC_META_T
495 : #undef VM_SYSCALL_CPI_ACC_META_ALIGN
496 : #undef VM_SYSCALL_CPI_ACC_META_SIZE
497 : #undef VM_SYSCALL_CPI_ACC_INFO_T
498 : #undef VM_SYSCALL_CPI_ACC_INFO_ALIGN
499 : #undef VM_SYSCALL_CPI_ACC_INFO_SIZE
500 : #undef VM_SYSCALL_CPI_INSTR_DATA_ADDR
501 : #undef VM_SYSCALL_CPI_INSTR_DATA_LEN
502 : #undef VM_SYSCALL_CPI_INSTR_ACCS_ADDR
503 : #undef VM_SYSCALL_CPI_INSTR_ACCS_LEN
504 : #undef VM_SYSCALL_CPI_INSTR_PROGRAM_ID
505 : #undef VM_SYSCALL_CPI_ACC_META_IS_WRITABLE
506 : #undef VM_SYSCALL_CPI_ACC_META_IS_SIGNER
507 : #undef VM_SYSCALL_CPI_ACC_META_PUBKEY
508 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR
509 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS
510 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR
511 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA
512 : #undef VM_SYSCALL_CPI_ACC_INFO_METADATA
513 : #undef VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN
514 :
515 : /**********************************************************************
516 : CROSS PROGRAM INVOCATION (Rust ABI)
517 : **********************************************************************/
518 :
519 : #define VM_SYSCALL_CPI_ABI rust
520 0 : #define VM_SYSCALL_CPI_INSTR_T fd_vm_rust_instruction_t
521 : #define VM_SYSCALL_CPI_INSTR_ALIGN (FD_VM_RUST_INSTRUCTION_ALIGN)
522 : #define VM_SYSCALL_CPI_INSTR_SIZE (FD_VM_RUST_INSTRUCTION_SIZE)
523 0 : #define VM_SYSCALL_CPI_ACC_META_T fd_vm_rust_account_meta_t
524 : #define VM_SYSCALL_CPI_ACC_META_ALIGN (FD_VM_RUST_ACCOUNT_META_ALIGN)
525 : #define VM_SYSCALL_CPI_ACC_META_SIZE (FD_VM_RUST_ACCOUNT_META_SIZE)
526 0 : #define VM_SYSCALL_CPI_ACC_INFO_T fd_vm_rust_account_info_t
527 : #define VM_SYSCALL_CPI_ACC_INFO_ALIGN (FD_VM_RUST_ACCOUNT_INFO_ALIGN)
528 0 : #define VM_SYSCALL_CPI_ACC_INFO_SIZE (FD_VM_RUST_ACCOUNT_INFO_SIZE)
529 :
530 : /* VM_SYSCALL_CPI_INSTR_T accessors */
531 : #define VM_SYSCALL_CPI_INSTR_DATA_ADDR( instr ) instr->data.addr
532 0 : #define VM_SYSCALL_CPI_INSTR_DATA_LEN( instr ) instr->data.len
533 : #define VM_SYSCALL_CPI_INSTR_ACCS_ADDR( instr ) instr->accounts.addr
534 0 : #define VM_SYSCALL_CPI_INSTR_ACCS_LEN( instr ) instr->accounts.len
535 0 : #define VM_SYSCALL_CPI_INSTR_PROGRAM_ID( vm, instr ) instr->pubkey
536 :
537 : /* VM_SYSCALL_CPI_ACC_META_T accessors */
538 0 : #define VM_SYSCALL_CPI_ACC_META_IS_WRITABLE( acc_meta ) acc_meta->is_writable
539 0 : #define VM_SYSCALL_CPI_ACC_META_IS_SIGNER( acc_meta ) acc_meta->is_signer
540 0 : #define VM_SYSCALL_CPI_ACC_META_PUBKEY( vm, acc_meta ) acc_meta->pubkey
541 :
542 : /* VM_SYSCALL_CPI_ACC_INFO_T accessors */
543 :
544 : /* The lamports and the account data are stored behind RefCells,
545 : so we have an additional layer of indirection to unwrap. */
546 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR( vm, acc_info, decl ) \
547 0 : ulong const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
548 0 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->lamports_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(ulong) ); \
549 0 : /* Extract the vaddr embedded in the RefCell */ \
550 0 : ulong decl = *FD_EXPAND_THEN_CONCAT2(decl, _hptr_);
551 :
552 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS( vm, acc_info, decl ) \
553 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vaddr_) = \
554 0 : *((ulong const *)FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->lamports_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(ulong) )); \
555 0 : ulong * decl = FD_VM_MEM_HADDR_ST( vm, FD_EXPAND_THEN_CONCAT2(decl, _vaddr_), alignof(ulong), sizeof(ulong) );
556 :
557 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR( vm, acc_info, decl ) \
558 : /* Translate the vaddr to the slice */ \
559 0 : fd_vm_vec_t const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
560 0 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(fd_vm_vec_t) ); \
561 0 : /* Extract the vaddr embedded in the slice */ \
562 0 : ulong decl = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr;
563 :
564 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_LEN_VADDR( vm, acc_info, decl ) \
565 0 : ulong decl = fd_ulong_sat_add( vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), sizeof(ulong) );
566 :
567 : #define VM_SYSCALL_CPI_ACC_INFO_DATA( vm, acc_info, decl ) \
568 : /* Translate the vaddr to the slice */ \
569 0 : fd_vm_vec_t const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
570 0 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(fd_vm_vec_t) ); \
571 0 : /* Declare the vaddr of the slice's underlying byte array */ \
572 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr; \
573 0 : /* Declare the size of the slice's underlying byte array */ \
574 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len; \
575 0 : /* Translate the vaddr to the underlying byte array */ \
576 0 : uchar * decl = FD_VM_MEM_SLICE_HADDR_ST( \
577 0 : vm, FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr, alignof(uchar), FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len );
578 :
579 : #define VM_SYSCALL_CPI_ACC_INFO_METADATA( vm, acc_info, decl ) \
580 : /* Translate the vaddr to the slice */ \
581 0 : fd_vm_vec_t const * FD_EXPAND_THEN_CONCAT2(decl, _hptr_) = \
582 0 : FD_VM_MEM_HADDR_LD( vm, vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr ), FD_VM_RC_REFCELL_ALIGN, sizeof(fd_vm_vec_t) ); \
583 0 : /* Declare the vaddr of the slice's underlying byte array */ \
584 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _vm_addr) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->addr; \
585 0 : /* Declare the size of the slice's underlying byte array */ \
586 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len;
587 :
588 : #define VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_RC_REFCELL_VADDR( vm, acc_info, decl ) \
589 0 : ulong decl = vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->lamports_box_addr );
590 :
591 : #define VM_SYSCALL_CPI_ACC_INFO_DATA_RC_REFCELL_VADDR( vm, acc_info, decl ) \
592 0 : ulong decl = vm_syscall_cpi_acc_info_rc_refcell_as_ptr( acc_info->data_box_addr );
593 :
594 : #define VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN( vm, acc_info, decl ) \
595 0 : ulong FD_EXPAND_THEN_CONCAT2(decl, _len) = FD_EXPAND_THEN_CONCAT2(decl, _hptr_)->len;
596 :
597 : #include "fd_vm_syscall_cpi_common.c"
598 :
599 : #undef VM_SYSCALL_CPI_ABI
600 : #undef VM_SYSCALL_CPI_INSTR_T
601 : #undef VM_SYSCALL_CPI_INSTR_ALIGN
602 : #undef VM_SYSCALL_CPI_INSTR_SIZE
603 : #undef VM_SYSCALL_CPI_ACC_META_T
604 : #undef VM_SYSCALL_CPI_ACC_META_ALIGN
605 : #undef VM_SYSCALL_CPI_ACC_META_SIZE
606 : #undef VM_SYSCALL_CPI_ACC_INFO_T
607 : #undef VM_SYSCALL_CPI_ACC_INFO_ALIGN
608 : #undef VM_SYSCALL_CPI_ACC_INFO_SIZE
609 : #undef VM_SYSCALL_CPI_INSTR_DATA_ADDR
610 : #undef VM_SYSCALL_CPI_INSTR_DATA_LEN
611 : #undef VM_SYSCALL_CPI_INSTR_ACCS_ADDR
612 : #undef VM_SYSCALL_CPI_INSTR_ACCS_LEN
613 : #undef VM_SYSCALL_CPI_INSTR_PROGRAM_ID
614 : #undef VM_SYSCALL_CPI_ACC_META_IS_WRITABLE
615 : #undef VM_SYSCALL_CPI_ACC_META_IS_SIGNER
616 : #undef VM_SYSCALL_CPI_ACC_META_PUBKEY
617 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_VADDR
618 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS
619 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_VADDR
620 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA
621 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_LEN_VADDR
622 : #undef VM_SYSCALL_CPI_ACC_INFO_METADATA
623 : #undef VM_SYSCALL_CPI_ACC_INFO_LAMPORTS_RC_REFCELL_VADDR
624 : #undef VM_SYSCALL_CPI_ACC_INFO_DATA_RC_REFCELL_VADDR
625 : #undef VM_SYSCALL_CPI_SET_ACC_INFO_DATA_GET_LEN
|
