LCOV - code coverage report
Current view: top level - flamenco/vm/syscall - fd_vm_syscall_util.c (source / functions) Hit Total Coverage
Test: cov.lcov Lines: 297 429 69.2 %
Date: 2025-09-18 04:41:32 Functions: 8 13 61.5 %

          Line data    Source code
       1             : #include "fd_vm_syscall.h"
       2             : 
       3             : #include "../../../ballet/base64/fd_base64.h"
       4             : #include "../../../ballet/utf8/fd_utf8.h"
       5             : #include "../../runtime/sysvar/fd_sysvar.h"
       6             : #include "../../runtime/sysvar/fd_sysvar_clock.h"
       7             : #include "../../runtime/sysvar/fd_sysvar_epoch_schedule.h"
       8             : #include "../../runtime/context/fd_exec_txn_ctx.h"
       9             : #include "../../runtime/context/fd_exec_instr_ctx.h"
      10             : 
      11             : int
      12             : fd_vm_syscall_abort( /**/            void *  _vm,
      13             :                      FD_PARAM_UNUSED ulong   r1,
      14             :                      FD_PARAM_UNUSED ulong   r2,
      15             :                      FD_PARAM_UNUSED ulong   r3,
      16             :                      FD_PARAM_UNUSED ulong   r4,
      17             :                      FD_PARAM_UNUSED ulong   r5,
      18           0 :                      FD_PARAM_UNUSED ulong * _ret ) {
      19             :   /* https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/syscalls/mod.rs#L630 */
      20           0 :   fd_vm_t * vm = (fd_vm_t *)_vm;
      21           0 :   FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_ABORT );
      22           0 :   return FD_VM_SYSCALL_ERR_ABORT;
      23           0 : }
      24             : 
      25             : /* FD_TRANSLATE_STRING returns a read only pointer to the host address of
      26             :    a valid utf8 string, or it errors.
      27             : 
      28             :    Analogous of Agave's translate_string_and_do().
      29             :    https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/syscalls/mod.rs#L601
      30             : 
      31             :    As of v0.2.6, the only two usages are in syscall panic and syscall log. */
      32           9 : #define FD_TRANSLATE_STRING( vm, vaddr, msg_sz ) (__extension__({                          \
      33           9 :     char const * msg = FD_VM_MEM_SLICE_HADDR_LD( vm, vaddr, FD_VM_ALIGN_RUST_U8, msg_sz ); \
      34           9 :     if( FD_UNLIKELY( !fd_utf8_verify( msg, msg_sz ) ) ) {                                  \
      35           0 :       FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_STRING );                   \
      36           0 :       return FD_VM_SYSCALL_ERR_INVALID_STRING;                                             \
      37           0 :     }                                                                                      \
      38           9 :     msg;                                                                                   \
      39           9 : }))
      40             : 
      41             : int
      42             : fd_vm_syscall_sol_panic( /**/            void *  _vm,
      43             :                          /**/            ulong   file_vaddr,
      44             :                          /**/            ulong   file_sz,
      45             :                          /**/            ulong   line,
      46             :                          /**/            ulong   column,
      47             :                          FD_PARAM_UNUSED ulong   r5,
      48           0 :                          FD_PARAM_UNUSED ulong * _ret ) {
      49           0 :   fd_vm_t * vm = (fd_vm_t *)_vm;
      50             : 
      51             :   /* https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/syscalls/mod.rs#L637
      52             : 
      53             :      Note: this syscall is not used by the Rust SDK, only by the C SDK.
      54             :      Rust transforms `panic!()` into a log, followed by an abort.
      55             :      It's unclear if this syscall actually makes any sense... */
      56           0 :   FD_VM_CU_UPDATE( vm, file_sz );
      57             : 
      58             :   /* Validate string */
      59           0 :   FD_TRANSLATE_STRING( vm, file_vaddr, file_sz );
      60             : 
      61             :   /* Note: we truncate the log, ignoring file, line, column.
      62             :      As mentioned above, it's unclear if anyone is even using this syscall,
      63             :      so dealing with the complexity of Agave's log is a waste of time. */
      64           0 :   (void)line;
      65           0 :   (void)column;
      66             : 
      67           0 :   FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_PANIC );
      68           0 :   return FD_VM_SYSCALL_ERR_PANIC;
      69           0 : }
      70             : 
      71             : int
      72             : fd_vm_syscall_sol_log( /**/            void *  _vm,
      73             :                        /**/            ulong   msg_vaddr,
      74             :                        /**/            ulong   msg_sz,
      75             :                        FD_PARAM_UNUSED ulong   r3,
      76             :                        FD_PARAM_UNUSED ulong   r4,
      77             :                        FD_PARAM_UNUSED ulong   r5,
      78           9 :                        /**/            ulong * _ret ) {
      79           9 :   fd_vm_t * vm = (fd_vm_t *)_vm;
      80             : 
      81             :   /* https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/syscalls/logging.rs#L5 */
      82             : 
      83           9 :   FD_VM_CU_UPDATE( vm, fd_ulong_max( msg_sz, FD_VM_SYSCALL_BASE_COST ) );
      84             : 
      85             :   /* Note: when msg_sz==0, msg can be undefined.
      86             :      fd_log_collector_program_log() handles it. */
      87           9 :   const char * buf = FD_TRANSLATE_STRING( vm, msg_vaddr, msg_sz );
      88           0 :   fd_log_collector_program_log( vm->instr_ctx, buf, msg_sz );
      89             : 
      90           9 :   *_ret = 0UL;
      91           9 :   return FD_VM_SUCCESS;
      92          18 : }
      93             : 
      94             : int
      95             : fd_vm_syscall_sol_log_64( void *  _vm,
      96             :                           ulong   r1,
      97             :                           ulong   r2,
      98             :                           ulong   r3,
      99             :                           ulong   r4,
     100             :                           ulong   r5,
     101           3 :                           ulong * _ret ) {
     102           3 :   fd_vm_t * vm = (fd_vm_t *)_vm;
     103             : 
     104             :   /* https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/syscalls/logging.rs#L37 */
     105             : 
     106           3 :   FD_VM_CU_UPDATE( vm, FD_VM_LOG_64_UNITS );
     107             : 
     108             :   /* Max msg_sz: 46 - 15 + 16*5 = 111 < 127 => we can use printf */
     109           0 :   fd_log_collector_printf_dangerous_max_127( vm->instr_ctx,
     110           3 :     "Program log: 0x%lx, 0x%lx, 0x%lx, 0x%lx, 0x%lx", r1, r2, r3, r4, r5 );
     111             : 
     112           3 :   *_ret = 0UL;
     113           3 :   return FD_VM_SUCCESS;
     114           3 : }
     115             : 
     116             : int
     117             : fd_vm_syscall_sol_log_compute_units( /**/            void *  _vm,
     118             :                                      FD_PARAM_UNUSED ulong   r1,
     119             :                                      FD_PARAM_UNUSED ulong   r2,
     120             :                                      FD_PARAM_UNUSED ulong   r3,
     121             :                                      FD_PARAM_UNUSED ulong   r4,
     122             :                                      FD_PARAM_UNUSED ulong   r5,
     123           0 :                                      /**/            ulong * _ret ) {
     124           0 :   fd_vm_t * vm = (fd_vm_t *)_vm;
     125             : 
     126             :   /* https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/syscalls/logging.rs#L60 */
     127             : 
     128           0 :   FD_VM_CU_UPDATE( vm, FD_VM_SYSCALL_BASE_COST );
     129             : 
     130             :   /* Max msg_sz: 40 - 3 + 20 = 57 < 127 => we can use printf */
     131           0 :   fd_log_collector_printf_dangerous_max_127( vm->instr_ctx,
     132           0 :     "Program consumption: %lu units remaining", vm->cu );
     133             : 
     134           0 :   *_ret = 0UL;
     135           0 :   return FD_VM_SUCCESS;
     136           0 : }
     137             : 
     138             : int
     139             : fd_vm_syscall_sol_log_pubkey( /**/            void *  _vm,
     140             :                               /**/            ulong   pubkey_vaddr,
     141             :                               FD_PARAM_UNUSED ulong   r2,
     142             :                               FD_PARAM_UNUSED ulong   r3,
     143             :                               FD_PARAM_UNUSED ulong   r4,
     144             :                               FD_PARAM_UNUSED ulong   r5,
     145           0 :                               /**/            ulong * _ret ) {
     146           0 :   fd_vm_t * vm = (fd_vm_t *)_vm;
     147             : 
     148             :   /* https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/syscalls/logging.rs#L84 */
     149             : 
     150           0 :   FD_VM_CU_UPDATE( vm, FD_VM_LOG_PUBKEY_UNITS );
     151             : 
     152           0 :   void const * pubkey = FD_VM_MEM_HADDR_LD( vm, pubkey_vaddr, FD_VM_ALIGN_RUST_PUBKEY, sizeof(fd_pubkey_t) );
     153             : 
     154           0 :   char msg[ FD_BASE58_ENCODED_32_SZ ]; ulong msg_sz;
     155           0 :   if( FD_UNLIKELY( fd_base58_encode_32( pubkey, &msg_sz, msg )==NULL ) ) {
     156           0 :     return FD_VM_SYSCALL_ERR_INVALID_STRING;
     157           0 :   }
     158             : 
     159           0 :   fd_log_collector_program_log( vm->instr_ctx, msg, msg_sz );
     160             : 
     161           0 :   *_ret = 0UL;
     162           0 :   return FD_VM_SUCCESS;
     163           0 : }
     164             : 
     165             : int
     166             : fd_vm_syscall_sol_log_data( /**/            void *  _vm,
     167             :                             /**/            ulong   slice_vaddr,
     168             :                             /**/            ulong   slice_cnt,
     169             :                             FD_PARAM_UNUSED ulong   r3,
     170             :                             FD_PARAM_UNUSED ulong   r4,
     171             :                             FD_PARAM_UNUSED ulong   r5,
     172           3 :                             /**/            ulong * _ret ) {
     173           3 :   fd_vm_t * vm = (fd_vm_t *)_vm;
     174             : 
     175             :   /* https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/syscalls/logging.rs#L109
     176             : 
     177             :      Note: this is implemented following Agave's perverse behavior.
     178             :      We need to loop the slice multiple times to match the exact error,
     179             :      first compute budget, then memory mapping.
     180             :      And finally, we can loop to log. */
     181             : 
     182             :   /* https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/syscalls/logging.rs#L121 */
     183             : 
     184           3 :   FD_VM_CU_UPDATE( vm, FD_VM_SYSCALL_BASE_COST );
     185             : 
     186             :   /* https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/syscalls/logging.rs#L123-L128 */
     187             : 
     188           6 :   fd_vm_vec_t const * slice = (fd_vm_vec_t const *)FD_VM_MEM_SLICE_HADDR_LD( vm, slice_vaddr, FD_VM_ALIGN_RUST_SLICE_U8_REF,
     189           6 :     fd_ulong_sat_mul( slice_cnt, sizeof(fd_vm_vec_t) ) );
     190             : 
     191             :   /* https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/syscalls/logging.rs#L130-L135 */
     192             : 
     193           3 :   FD_VM_CU_UPDATE( vm, fd_ulong_sat_mul( FD_VM_SYSCALL_BASE_COST, slice_cnt ) );
     194             : 
     195             :   /* https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/syscalls/logging.rs#L136-L141 */
     196             : 
     197          18 :   for( ulong i=0UL; i<slice_cnt; i++ ) {
     198          15 :     FD_VM_CU_UPDATE( vm, slice[i].len );
     199          15 :   }
     200             : 
     201             :   /* https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/syscalls/logging.rs#L145-L152 */
     202             : 
     203           3 :   ulong msg_sz = 14UL; /* "Program data: ", with space */
     204          18 :   for( ulong i=0UL; i<slice_cnt; i++ ) {
     205          15 :     ulong cur_len = slice[i].len;
     206             :     /* This fails the syscall in case of memory mapping issues */
     207          30 :     FD_VM_MEM_SLICE_HADDR_LD( vm, slice[i].addr, FD_VM_ALIGN_RUST_U8, cur_len );
     208             :     /* Every buffer will be base64 encoded + space separated */
     209           0 :     msg_sz += (slice[i].len + 2)/3*4 + (i > 0);
     210          30 :   }
     211             : 
     212             :   /* https://github.com/anza-xyz/agave/blob/v2.0.6/programs/bpf_loader/src/syscalls/logging.rs#L156 */
     213             : 
     214           3 :   char msg[ FD_LOG_COLLECTOR_MAX ];
     215           3 :   ulong bytes_written = fd_log_collector_check_and_truncate( &vm->instr_ctx->txn_ctx->log_collector, msg_sz );
     216           3 :   if( FD_LIKELY( bytes_written < ULONG_MAX ) ) {
     217           3 :     fd_memcpy( msg, "Program data: ", 14 );
     218           3 :     char * buf = msg + 14;
     219             : 
     220          18 :     for( ulong i=0UL; i<slice_cnt; i++ ) {
     221          15 :       ulong cur_len = slice[i].len;
     222          30 :       void const * bytes = FD_VM_MEM_SLICE_HADDR_LD( vm, slice[i].addr, FD_VM_ALIGN_RUST_U8, cur_len );
     223             : 
     224          15 :       if( i ) { *buf = ' '; ++buf; } /* skip first */
     225          30 :       buf += fd_base64_encode( buf, bytes, cur_len );
     226          30 :     }
     227           3 :     FD_TEST( (ulong)(buf-msg)==msg_sz );
     228             : 
     229           3 :     fd_log_collector_msg( vm->instr_ctx, msg, msg_sz );
     230           3 :   }
     231             : 
     232           3 :   *_ret = 0;
     233           3 :   return FD_VM_SUCCESS;
     234           3 : }
     235             : 
     236             : int
     237             : fd_vm_syscall_sol_alloc_free( /**/            void *  _vm,
     238             :                               /**/            ulong   sz,
     239             :                               /**/            ulong   free_vaddr,
     240             :                               FD_PARAM_UNUSED ulong   r3,
     241             :                               FD_PARAM_UNUSED ulong   r4,
     242             :                               FD_PARAM_UNUSED ulong   r5,
     243           0 :                               /**/            ulong * _ret ) {
     244           0 :   fd_vm_t * vm = (fd_vm_t *)_vm;
     245             : 
     246             :   /* https://github.com/anza-xyz/agave/blob/v2.0.8/programs/bpf_loader/src/syscalls/mod.rs#L666 */
     247             : 
     248             :   /* This syscall is ... uh ... problematic.  But the community has
     249             :      already recognized this and deprecated it:
     250             : 
     251             :      https://github.com/solana-labs/solana/blob/v1.17.23/sdk/src/feature_set.rs#L846
     252             : 
     253             :      Unfortunately, old code never dies so, practically, this will need
     254             :      to be supported until the heat death of the universe.
     255             : 
     256             :      The most serious issue is that there is nothing to stop VM code
     257             :      making a decision based on the _location_ of the returned
     258             :      allocation.  If different validator implementations use different
     259             :      allocator algorithms, though each implementation would behave
     260             :      functionally correct in isolation, the VM code that uses it would
     261             :      actually break consensus.
     262             : 
     263             :      As a result, every validator needs to use a bit-for-bit identical
     264             :      allocation algorithm.  Fortunately, Solana is just using a basic
     265             :      bump allocator:
     266             : 
     267             :      https://github.com/solana-labs/solana/blob/v1.17.23/program-runtime/src/invoke_context.rs#L122-L148
     268             : 
     269             :      vm->heap_{sz,max} and the below replicate this exactly.
     270             : 
     271             :      Another major issue is that this alloc doesn't always conform
     272             :      typical malloc/free semantics (e.g. C/C++ requires malloc to have
     273             :      an alignment safe for primitive types ... 8 for the Solana machine
     274             :      model).  This is clearly to support backward compat with older VM
     275             :      code (though ideally a malloc syscall should have behaved like ...
     276             :      well ... malloc from day 1).  So the alignment behavior below is a
     277             :      bug-for-bug replication of that:
     278             : 
     279             :      https://github.com/solana-labs/solana/blob/v1.17.23/programs/bpf_loader/src/syscalls/mod.rs#L645-L681
     280             :      https://github.com/solana-labs/solana/blob/v1.17.23/sdk/program/src/entrypoint.rs#L265-L266
     281             : 
     282             :      More generally and already ranted about elsewhere, any code that
     283             :      uses malloc/free style dynamic allocation is inherently broken.  So
     284             :      this syscall should have never existed in the first place ... it
     285             :      just feeds the trolls.  The above is just additional implementation
     286             :      horror because people consistent think malloc/free is much simpler
     287             :      than it actually is.  This is also an example of how quickly
     288             :      mistakes fossilize and become a thorn-in-the-side forever.
     289             : 
     290             :      IMPORTANT SAFETY TIP!  heap_start must be non zero and both
     291             :      heap_start and heap_end should have an alignment of at least 8.
     292             :      This existing runtime policies around heap implicitly satisfy this.
     293             : 
     294             :      IMPORTANT SAFETY TIP!  The specification for Rust's align_offset
     295             :      doesn't seem to provide a strong guarantee that it will return the
     296             :      minimal positive offset necessary to align pointers.  It is
     297             :      possible for a "conforming" Rust compiler to break consensus by
     298             :      using a different align_offset implementation that aligned pointer
     299             :      between different compilations of the Solana validator and the
     300             :      below. */
     301             : 
     302             :   /* https://github.com/anza-xyz/agave/blob/v2.0.8/programs/bpf_loader/src/syscalls/mod.rs#L676-L680 */
     303             : 
     304           0 :   ulong align = fd_vm_is_check_align_enabled( vm ) ? 8UL : FD_VM_ALIGN_RUST_U8;
     305             : 
     306             :   /* https://github.com/anza-xyz/agave/blob/v2.0.8/programs/bpf_loader/src/syscalls/mod.rs#L681-L683
     307             :      Nothing to do. This section can't error, see:
     308             :      https://doc.rust-lang.org/1.81.0/src/core/alloc/layout.rs.html#70
     309             :      https://doc.rust-lang.org/1.81.0/src/core/alloc/layout.rs.html#100 */
     310             : 
     311             : 
     312             :   /* https://github.com/anza-xyz/agave/blob/v2.0.8/programs/bpf_loader/src/syscalls/mod.rs#L684
     313             :      Nothing to do.
     314             :      TODO: unclear if it throw InstructionError::CallDepth
     315             :      https://github.com/anza-xyz/agave/blob/v2.0.8/program-runtime/src/invoke_context.rs#L662 */
     316             : 
     317             :   /* https://github.com/anza-xyz/agave/blob/v2.0.8/programs/bpf_loader/src/syscalls/mod.rs#L685-L693 */
     318             : 
     319             :   /* Non-zero free address implies that this is a free() call.  Since
     320             :      this is a bump allocator, free is a no-op. */
     321           0 :   if( FD_UNLIKELY( free_vaddr ) ) {
     322           0 :     *_ret = 0UL;
     323           0 :     return FD_VM_SUCCESS;
     324           0 :   }
     325             : 
     326             : 
     327           0 :   ulong heap_sz    = fd_ulong_align_up( vm->heap_sz, align                           );
     328           0 :   ulong heap_vaddr = fd_ulong_sat_add ( heap_sz,     FD_VM_MEM_MAP_HEAP_REGION_START );
     329           0 :   /**/  heap_sz    = fd_ulong_sat_add ( heap_sz,     sz                              );
     330             : 
     331           0 :   if( FD_UNLIKELY( heap_sz > vm->heap_max ) ) { /* Not enough free memory */
     332           0 :     *_ret = 0UL;
     333           0 :     return FD_VM_SUCCESS;
     334           0 :   }
     335             : 
     336           0 :   vm->heap_sz = heap_sz;
     337             : 
     338           0 :   *_ret = heap_vaddr;
     339           0 :   return FD_VM_SUCCESS;
     340           0 : }
     341             : 
     342             : /* https://github.com/anza-xyz/agave/blob/v2.0.8/programs/bpf_loader/src/syscalls/mem_ops.rs#L145 */
     343             : int
     344             : fd_vm_memmove( fd_vm_t * vm,
     345             :                ulong     dst_vaddr,
     346             :                ulong     src_vaddr,
     347          66 :                ulong     sz ) {
     348          66 :   if( FD_UNLIKELY( !sz ) ) {
     349           0 :     return FD_VM_SUCCESS;
     350           0 :   }
     351             : 
     352          66 :   if( !vm->direct_mapping ) {
     353             :     /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/syscalls/mem_ops.rs#L188-L192 */
     354          24 :     fd_vm_haddr_query_t dst_ref_mut_query = {
     355          24 :       .vaddr    = dst_vaddr,
     356          24 :       .align    = FD_VM_ALIGN_RUST_U8,
     357          24 :       .sz       = sz,
     358          24 :       .is_slice = 1,
     359          24 :     };
     360             : 
     361          24 :     fd_vm_haddr_query_t * queries[] = { &dst_ref_mut_query };
     362          24 :     FD_VM_TRANSLATE_MUT( vm, queries );
     363             : 
     364          48 :     void const * src = FD_VM_MEM_HADDR_LD( vm, src_vaddr, FD_VM_ALIGN_RUST_U8, sz );
     365           0 :     memmove( dst_ref_mut_query.haddr, src, sz );
     366          48 :   } else {
     367             :     /* If the src and dst vaddrs overlap and src_vaddr < dst_vaddr, Agave iterates through input regions backwards
     368             :        to maintain correct memmove behavior for overlapping cases. Although this logic should only apply to the src and dst
     369             :        vaddrs being in the input data region (since that is the only possible case you could have overlapping, chunked-up memmoves),
     370             :        Agave will iterate backwards in ANY region. If it eventually reaches the end of a region after iterating backwards and
     371             :        hits an access violation, the bytes from [region_begin, start_vaddr] will still be written to, causing fuzzing mismatches.
     372             :        In this case, if we didn't have the reverse flag, we would have thrown an access violation before any bytes were copied.
     373             :        The same logic applies to memmoves that go past the high end of a region - reverse iteration logic would throw an access
     374             :        violation before any bytes were copied, while the current logic would copy the bytes until the end of the region.
     375             :        https://github.com/anza-xyz/agave/blob/v2.1.0/programs/bpf_loader/src/syscalls/mem_ops.rs#L184 */
     376          42 :     uchar reverse = !!( dst_vaddr >= src_vaddr && dst_vaddr - src_vaddr < sz );
     377             : 
     378             :     /* In reverse calculations, start from the rightmost vaddr that will be accessed (note the - 1). */
     379          42 :     ulong dst_vaddr_begin = reverse ? fd_ulong_sat_add( dst_vaddr, sz - 1UL ) : dst_vaddr;
     380          42 :     ulong src_vaddr_begin = reverse ? fd_ulong_sat_add( src_vaddr, sz - 1UL ) : src_vaddr;
     381             : 
     382             :     /* Find the correct src and dst haddrs to start operating from. If the src or dst vaddrs
     383             :        belong to the input data region (4), keep track of region statistics to memmove in chunks. */
     384          42 :     ulong   dst_region                  = FD_VADDR_TO_REGION( dst_vaddr_begin );
     385          42 :     uchar   dst_is_input_mem_region     = ( dst_region==FD_VM_INPUT_REGION );
     386          42 :     ulong   dst_offset                  = dst_vaddr_begin & FD_VM_OFFSET_MASK;
     387          42 :     ulong   dst_region_idx              = 0UL;
     388          42 :     ulong   dst_bytes_rem_in_cur_region;
     389          42 :     uchar * dst_haddr;
     390          42 :     if( dst_is_input_mem_region ) {
     391          18 :       FD_VM_MEM_HADDR_AND_REGION_IDX_FROM_INPUT_REGION_CHECKED( vm, dst_offset, dst_region_idx, dst_haddr );
     392          18 :       if( FD_UNLIKELY( !vm->input_mem_regions[ dst_region_idx ].is_writable ) ) {
     393           0 :         FD_VM_ERR_FOR_LOG_EBPF( vm, FD_VM_ERR_EBPF_ACCESS_VIOLATION );
     394           0 :         return FD_VM_SYSCALL_ERR_SEGFAULT;
     395           0 :       }
     396          18 :       if( FD_UNLIKELY( reverse ) ) {
     397             :         /* Bytes remaining between region begin and current position (+ 1 for inclusive region beginning). */
     398           6 :         dst_bytes_rem_in_cur_region = fd_ulong_sat_sub( dst_offset + 1UL, vm->input_mem_regions[ dst_region_idx ].vaddr_offset );
     399          12 :       } else {
     400             :         /* Bytes remaining between current position and region end. */
     401          12 :         dst_bytes_rem_in_cur_region = fd_ulong_sat_sub( vm->input_mem_regions[ dst_region_idx ].region_sz, ( dst_offset - vm->input_mem_regions[ dst_region_idx ].vaddr_offset ) );
     402          12 :       }
     403          24 :     } else {
     404          24 :       dst_haddr = (uchar*)FD_VM_MEM_HADDR_ST_NO_SZ_CHECK( vm, dst_vaddr_begin, FD_VM_ALIGN_RUST_U8 );
     405             : 
     406          18 :       if( FD_UNLIKELY( reverse ) ) {
     407             :         /* Bytes remaining is minimum of the offset from the beginning of the current
     408             :            region (+1 for inclusive region beginning) and the number of storable bytes in the region. */
     409           3 :         dst_bytes_rem_in_cur_region = fd_ulong_min( vm->region_st_sz[ dst_region ], dst_offset + 1UL );
     410             : 
     411          15 :       } else {
     412             :         /* Bytes remaining is the number of writable bytes left in the region */
     413          15 :         dst_bytes_rem_in_cur_region = fd_ulong_sat_sub( vm->region_st_sz[ dst_region ], dst_offset );
     414          15 :       }
     415          18 :     }
     416             : 
     417             :     /* Logic for src vaddr translation is similar to above excluding any writable checks. */
     418          36 :     ulong   src_region                  = FD_VADDR_TO_REGION( src_vaddr_begin );
     419          36 :     uchar   src_is_input_mem_region     = ( src_region==FD_VM_INPUT_REGION );
     420          36 :     ulong   src_offset                  = src_vaddr_begin & FD_VM_OFFSET_MASK;
     421          36 :     ulong   src_region_idx              = 0UL;
     422          36 :     ulong   src_bytes_rem_in_cur_region;
     423          36 :     uchar * src_haddr;
     424          36 :     if( src_is_input_mem_region ) {
     425          18 :       FD_VM_MEM_HADDR_AND_REGION_IDX_FROM_INPUT_REGION_CHECKED( vm, src_offset, src_region_idx, src_haddr );
     426          18 :       if( FD_UNLIKELY( reverse ) ) {
     427           6 :         src_bytes_rem_in_cur_region = fd_ulong_sat_sub( src_offset + 1UL, vm->input_mem_regions[ src_region_idx ].vaddr_offset );
     428          12 :       } else {
     429          12 :         src_bytes_rem_in_cur_region = fd_ulong_sat_sub( vm->input_mem_regions[ src_region_idx ].region_sz, ( src_offset - vm->input_mem_regions[ src_region_idx ].vaddr_offset ) );
     430          12 :       }
     431          18 :     } else {
     432          54 :       src_haddr = (uchar*)FD_VM_MEM_HADDR_LD_NO_SZ_CHECK( vm, src_vaddr_begin, FD_VM_ALIGN_RUST_U8 );
     433             : 
     434          18 :       if( FD_UNLIKELY( reverse ) ) {
     435           3 :         src_bytes_rem_in_cur_region = fd_ulong_min( vm->region_ld_sz[ src_region ], src_offset + 1UL );
     436             : 
     437          15 :       } else {
     438          15 :         src_bytes_rem_in_cur_region = fd_ulong_sat_sub( vm->region_ld_sz[ src_region ], src_offset );
     439          15 :       }
     440          54 :     }
     441             : 
     442             :     /* Short circuit: if the number of copyable bytes stays within all memory regions,
     443             :        just memmove and return. This is a majority case in mainnet, devnet, and testnet.
     444             :        Someone would have to be very crafty and clever to construct a transaction that
     445             :        deploys and invokes a custom program that does not fall into this branch. */
     446          36 :     if( FD_LIKELY( sz<=dst_bytes_rem_in_cur_region && sz<=src_bytes_rem_in_cur_region ) ) {
     447          21 :       if( FD_UNLIKELY( reverse ) ) {
     448             :         /* In the reverse iteration case, the haddrs point to the end of the region here. Since the
     449             :            above checks guarantee that there are enough bytes left in the src and dst regions to do
     450             :            a direct memmove, we can just subtract (sz-1) from the haddrs, memmove, and return. */
     451           3 :         memmove( dst_haddr - sz + 1UL, src_haddr - sz + 1UL, sz );
     452          18 :       } else {
     453             :         /* In normal iteration, the haddrs correspond to the correct starting point for the memcpy,
     454             :            so no further translation has to be done. */
     455          18 :         memmove( dst_haddr, src_haddr, sz );
     456          18 :       }
     457          21 :       return FD_VM_SUCCESS;
     458          21 :     }
     459             : 
     460             :     /* Copy over the bytes from each region in chunks. */
     461          57 :     while( sz>0UL ) {
     462             :       /* End of region case */
     463          45 :       if( FD_UNLIKELY( src_bytes_rem_in_cur_region==0UL ) ) {
     464             :         /* Same as above, except no writable checks. */
     465          30 :         if( FD_LIKELY( !reverse &&
     466          30 :                         src_is_input_mem_region &&
     467          30 :                         src_region_idx+1UL<vm->input_mem_regions_cnt ) ) {
     468          12 :           if( FD_UNLIKELY( vm->input_mem_regions[ src_region_idx+1UL ].is_acct_data != vm->input_mem_regions[ src_region_idx ].is_acct_data ) ) {
     469           0 :             FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_LENGTH );
     470           0 :             return FD_VM_SYSCALL_ERR_SEGFAULT;
     471           0 :           }
     472          12 :           src_region_idx++;
     473          12 :           src_haddr = (uchar*)vm->input_mem_regions[ src_region_idx ].haddr;
     474          18 :         } else if( FD_LIKELY( reverse && src_region_idx>0UL ) ) {
     475          15 :           if( FD_UNLIKELY( vm->input_mem_regions[ src_region_idx-1UL ].is_acct_data != vm->input_mem_regions[ src_region_idx ].is_acct_data ) ) {
     476           0 :             FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_LENGTH );
     477           0 :             return FD_VM_SYSCALL_ERR_SEGFAULT;
     478           0 :           }
     479          15 :           src_region_idx--;
     480          15 :           src_haddr = (uchar*)vm->input_mem_regions[ src_region_idx ].haddr + vm->input_mem_regions[ src_region_idx ].region_sz - 1UL;
     481          15 :         } else {
     482           3 :           FD_VM_ERR_FOR_LOG_EBPF( vm, FD_VM_ERR_EBPF_ACCESS_VIOLATION );
     483           3 :           return FD_VM_SYSCALL_ERR_SEGFAULT;
     484           3 :         }
     485          27 :         src_bytes_rem_in_cur_region = vm->input_mem_regions[ src_region_idx ].region_sz;
     486          27 :       }
     487          42 :       if( FD_UNLIKELY( dst_bytes_rem_in_cur_region==0UL ) ) {
     488             :         /* Only proceed if:
     489             :             - We are in the input memory region
     490             :             - There are remaining input memory regions to copy from (for both regular and reverse iteration orders)
     491             :             - The next input memory region is writable
     492             :            Fail otherwise. */
     493           9 :         if( FD_LIKELY( !reverse &&
     494           9 :                         dst_is_input_mem_region &&
     495           9 :                         dst_region_idx+1UL<vm->input_mem_regions_cnt &&
     496           9 :                         vm->input_mem_regions[ dst_region_idx+1UL ].is_writable ) ) {
     497           6 :           if( FD_UNLIKELY( vm->input_mem_regions[ dst_region_idx+1UL ].is_acct_data != vm->input_mem_regions[ dst_region_idx ].is_acct_data ) ) {
     498           0 :             FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_LENGTH );
     499           0 :             return FD_VM_SYSCALL_ERR_SEGFAULT;
     500           0 :           }
     501             :           /* In normal iteration, we move the haddr to the beginning of the next region. */
     502           6 :           dst_region_idx++;
     503           6 :           dst_haddr = (uchar*)vm->input_mem_regions[ dst_region_idx ].haddr;
     504           6 :         } else if( FD_LIKELY( reverse &&
     505           3 :                               dst_region_idx>0UL &&
     506           3 :                               vm->input_mem_regions[ dst_region_idx-1UL ].is_writable ) ) {
     507           3 :           if( FD_UNLIKELY( vm->input_mem_regions[ dst_region_idx-1UL ].is_acct_data != vm->input_mem_regions[ dst_region_idx ].is_acct_data ) ) {
     508           0 :             FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_LENGTH );
     509           0 :             return FD_VM_SYSCALL_ERR_SEGFAULT;
     510           0 :           }
     511             :           /* Note that when reverse iterating, we set the haddr to the END of the PREVIOUS region. */
     512           3 :           dst_region_idx--;
     513           3 :           dst_haddr = (uchar*)vm->input_mem_regions[ dst_region_idx ].haddr + vm->input_mem_regions[ dst_region_idx ].region_sz - 1UL;
     514           3 :         } else {
     515           0 :           FD_VM_ERR_FOR_LOG_EBPF( vm, FD_VM_ERR_EBPF_ACCESS_VIOLATION );
     516           0 :           return FD_VM_SYSCALL_ERR_SEGFAULT;
     517           0 :         }
     518           9 :         dst_bytes_rem_in_cur_region = vm->input_mem_regions[ dst_region_idx ].region_sz;
     519           9 :       }
     520             : 
     521             :       /* Number of bytes to operate on in this iteration is the min of:
     522             :          - number of bytes left to copy
     523             :          - bytes left in the current src region
     524             :          - bytes left in the current dst region */
     525          42 :       ulong num_bytes_to_copy = fd_ulong_min( sz, fd_ulong_min( src_bytes_rem_in_cur_region, dst_bytes_rem_in_cur_region ) );
     526          42 :       if( FD_UNLIKELY( reverse ) ) {
     527          21 :         memmove( dst_haddr - num_bytes_to_copy + 1UL, src_haddr - num_bytes_to_copy + 1UL, num_bytes_to_copy );
     528          21 :         dst_haddr -= num_bytes_to_copy;
     529          21 :         src_haddr -= num_bytes_to_copy;
     530          21 :       } else {
     531          21 :         memmove( dst_haddr, src_haddr, num_bytes_to_copy );
     532          21 :         dst_haddr += num_bytes_to_copy;
     533          21 :         src_haddr += num_bytes_to_copy;
     534          21 :       }
     535             : 
     536             :       /* Update size trackers */
     537          42 :       sz                          -= num_bytes_to_copy;
     538          42 :       src_bytes_rem_in_cur_region -= num_bytes_to_copy;
     539          42 :       dst_bytes_rem_in_cur_region -= num_bytes_to_copy;
     540          42 :     }
     541          15 :   }
     542             : 
     543          27 :   return FD_VM_SUCCESS;
     544          66 : }
     545             : 
     546             : /* https://github.com/anza-xyz/agave/blob/v2.0.8/programs/bpf_loader/src/syscalls/mem_ops.rs#L41 */
     547             : int
     548             : fd_vm_syscall_sol_memmove( /**/            void *  _vm,
     549             :                            /**/            ulong   dst_vaddr,
     550             :                            /**/            ulong   src_vaddr,
     551             :                            /**/            ulong   sz,
     552             :                            FD_PARAM_UNUSED ulong   r4,
     553             :                            FD_PARAM_UNUSED ulong   r5,
     554          36 :                            /**/            ulong * _ret ) {
     555          36 :   fd_vm_t * vm = (fd_vm_t *)_vm;
     556             : 
     557          36 :   FD_VM_CU_MEM_OP_UPDATE( vm, sz );
     558             : 
     559           0 :   *_ret = 0;
     560             : 
     561             :   /* No overlap check for memmove. */
     562          36 :   return fd_vm_memmove( vm, dst_vaddr, src_vaddr, sz );
     563          36 : }
     564             : 
     565             : /* https://github.com/anza-xyz/agave/blob/v2.0.8/programs/bpf_loader/src/syscalls/mem_ops.rs#L18 */
     566             : int
     567             : fd_vm_syscall_sol_memcpy( /**/            void *  _vm,
     568             :                           /**/            ulong   dst_vaddr,
     569             :                           /**/            ulong   src_vaddr,
     570             :                           /**/            ulong   sz,
     571             :                           FD_PARAM_UNUSED ulong   r4,
     572             :                           FD_PARAM_UNUSED ulong   r5,
     573          48 :                           /**/            ulong * _ret ) {
     574          48 :   fd_vm_t * vm = (fd_vm_t *)_vm;
     575             : 
     576          48 :   FD_VM_CU_MEM_OP_UPDATE( vm, sz );
     577             : 
     578           0 :   *_ret = 0;
     579             : 
     580             :   /* Exact same as memmove, except also check overlap.
     581             :      https://github.com/anza-xyz/agave/blob/v2.2.17/programs/bpf_loader/src/syscalls/mem_ops.rs#L45 */
     582          48 :   FD_VM_MEM_CHECK_NON_OVERLAPPING( vm, src_vaddr, sz, dst_vaddr, sz );
     583             : 
     584          30 :   return fd_vm_memmove( vm, dst_vaddr, src_vaddr, sz );
     585          48 : }
     586             : 
     587             : int
     588             : fd_vm_syscall_sol_memcmp( /**/            void *  _vm,
     589             :                           /**/            ulong   m0_vaddr,
     590             :                           /**/            ulong   m1_vaddr,
     591             :                           /**/            ulong   sz,
     592             :                           /**/            ulong   out_vaddr,
     593             :                           FD_PARAM_UNUSED ulong   r5,
     594          15 :                           /**/            ulong * _ret ) {
     595          15 :   *_ret = 0;
     596          15 :   fd_vm_t * vm = (fd_vm_t *)_vm;
     597             : 
     598             :   /* https://github.com/anza-xyz/agave/blob/v2.2.17/programs/bpf_loader/src/syscalls/mem_ops.rs#L84 */
     599             : 
     600          15 :   FD_VM_CU_MEM_OP_UPDATE( vm, sz );
     601             : 
     602             :   /* Note: though this behaves like a normal C-style memcmp, we can't
     603             :      use the compilers / libc memcmp directly because the specification
     604             :      doesn't provide strong enough guarantees about the return value (it
     605             :      only promises the sign). */
     606             : 
     607          15 :   if( !vm->direct_mapping ) {
     608           0 :     uchar const * m0 = (uchar const *)FD_VM_MEM_SLICE_HADDR_LD( vm, m0_vaddr, FD_VM_ALIGN_RUST_U8, sz );
     609           0 :     uchar const * m1 = (uchar const *)FD_VM_MEM_SLICE_HADDR_LD( vm, m1_vaddr, FD_VM_ALIGN_RUST_U8, sz );
     610             : 
     611             :     /* Silly that this doesn't use r0 to return ... slower, more edge
     612             :       case, different from libc style memcmp, harder to callers to use,
     613             :       etc ... probably too late to do anything about it now ... sigh */
     614             : 
     615             :     /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/syscalls/mem_ops.rs#L121-L125 */
     616           0 :     fd_vm_haddr_query_t cmp_result_ref_mut_query = {
     617           0 :       .vaddr    = out_vaddr,
     618           0 :       .align    = FD_VM_ALIGN_RUST_I32,
     619           0 :       .sz       = 4UL,
     620           0 :       .is_slice = 0,
     621           0 :     };
     622             : 
     623           0 :     fd_vm_haddr_query_t * queries[] = { &cmp_result_ref_mut_query };
     624           0 :     FD_VM_TRANSLATE_MUT( vm, queries );
     625             : 
     626           0 :     int out = 0;
     627           0 :     for( ulong i=0UL; i<sz; i++ ) {
     628           0 :       int i0 = (int)m0[i];
     629           0 :       int i1 = (int)m1[i];
     630           0 :       if( i0!=i1 ) {
     631           0 :         out = i0 - i1;
     632           0 :         break;
     633           0 :       }
     634           0 :     }
     635             : 
     636           0 :     fd_memcpy( cmp_result_ref_mut_query.haddr, &out, 4UL ); /* Sigh ... see note above (and might be unaligned ... double sigh) */
     637             : 
     638           0 :     return FD_VM_SUCCESS;
     639          15 :   } else {
     640             :     /* In the case that direct mapping is enabled, the behavior for memcmps
     641             :        differ significantly from the non-dm case. The key difference is that
     642             :        invalid loads will instantly lead to errors in the non-dm case. However,
     643             :        when direct mapping is enabled, we will first try to memcmp the largest
     644             :        size valid chunk first, and will exit successfully if a difference is
     645             :        found without aborting from the VM. A chunk is defined as the largest
     646             :        valid vaddr range in both memory regions that doesn't span multiple
     647             :        regions.
     648             : 
     649             :        Example:
     650             :        fd_vm_syscall_sol_memcmp( vm, m0_addr : 0x4000, m1_vaddr : 0x2000, 0x200, ... );
     651             :        m0's region: m0_addr 0x4000 -> 0x4000 + 0x50  (region sz 0x50)
     652             :        m1's region: m1_addr 0x2000 -> 0x2000 + 0x100 (region sz 0x100)
     653             :        sz: 0x200
     654             : 
     655             :        Case 1: 0x4000 -> 0x4050 does     have the same bytes as 0x2000 -> 0x2050
     656             :        Case 2: 0x4000 -> 0x4050 does NOT have the same bytes as 0x2000 -> 0x2050
     657             : 
     658             :        Pre-DM:
     659             :        This will fail out before any bytes are compared because the memory
     660             :        translation is done first.
     661             : 
     662             :        Post-DM:
     663             :        For case 1, the memcmp will return an error and the VM will exit because
     664             :        the memcmp will eventually try to access 0x4051 which is invalid. First
     665             :        0x50 bytes are compared, but the next chunk will lead to an invalid
     666             :        access.
     667             : 
     668             :        For case 2, the memcmp will first translate the first 0x50 bytes and will
     669             :        see that the bytes are not the same. This will lead to the syscall
     670             :        exiting out successfully without detecting the access violation.
     671             : 
     672             :       https://github.com/anza-xyz/agave/blob/v2.0.10/programs/bpf_loader/src/syscalls/mem_ops.rs#L213
     673             :        */
     674             : 
     675             :     /* TODO: Refactor to use `FD_VM_TRANSLATE_MUT` macro when direct mapping is rewritten */
     676          15 :     void * _out = FD_VM_MEM_HADDR_ST( vm, out_vaddr, FD_VM_ALIGN_RUST_I32, 4UL );
     677           0 :     int     out = 0;
     678             : 
     679             :     /* Lookup host address chunks. Try to do a standard memcpy if the regions
     680             :        do not cross memory regions. The translation logic is different if the
     681             :        the virtual address region is the input region vs. not. See the comment
     682             :        in fd_bpf_loader_serialization for more details on how the input
     683             :        region is different from other regions. The input data region will try
     684             :        to lookup the number of remaining bytes in the specific data region. If
     685             :        the memory access is not in the input data region, assume the bytes in
     686             :        the current region are bound by the size of the remaining bytes in the
     687             :        region. */
     688             : 
     689          12 :     ulong   m0_region              = FD_VADDR_TO_REGION( m0_vaddr );
     690          12 :     ulong   m0_offset              = m0_vaddr & FD_VM_OFFSET_MASK;
     691          12 :     ulong   m0_region_idx          = 0UL;
     692          12 :     ulong   m0_bytes_in_cur_region = sz;
     693          12 :     uchar * m0_haddr               = NULL;
     694          12 :     if( m0_region==FD_VM_INPUT_REGION ) {
     695           6 :       m0_region_idx          = fd_vm_get_input_mem_region_idx( vm, m0_offset );
     696           6 :       m0_haddr               = (uchar*)(vm->input_mem_regions[ m0_region_idx ].haddr + m0_offset - vm->input_mem_regions[ m0_region_idx ].vaddr_offset);
     697           6 :       m0_bytes_in_cur_region = fd_ulong_min( sz, fd_ulong_sat_sub( vm->input_mem_regions[ m0_region_idx ].region_sz,
     698           6 :                                                                         ((ulong)m0_haddr - vm->input_mem_regions[ m0_region_idx ].haddr) ) );
     699           6 :     } else {
     700             :       /* We can safely load a slice of 1 byte here because we know that we will
     701             :          not ever read more than the number of bytes that are left in the
     702             :          region. */
     703           6 :       m0_bytes_in_cur_region = fd_ulong_min( sz, vm->region_ld_sz[ m0_region ] - m0_offset );
     704          12 :       m0_haddr               = (uchar *)FD_VM_MEM_SLICE_HADDR_LD_SZ_UNCHECKED( vm, m0_vaddr, FD_VM_ALIGN_RUST_U8 );
     705          12 :     }
     706             : 
     707          12 :     ulong   m1_region              = FD_VADDR_TO_REGION( m1_vaddr );
     708          12 :     ulong   m1_offset              = m1_vaddr & FD_VM_OFFSET_MASK;
     709          12 :     ulong   m1_region_idx          = 0UL;
     710          12 :     ulong   m1_bytes_in_cur_region = sz;
     711          12 :     uchar * m1_haddr               = NULL;
     712          12 :     if( m1_region==FD_VM_INPUT_REGION ) {
     713           6 :       m1_region_idx          = fd_vm_get_input_mem_region_idx( vm, m1_offset );
     714           6 :       m1_haddr               = (uchar*)(vm->input_mem_regions[ m1_region_idx ].haddr + m1_offset - vm->input_mem_regions[ m1_region_idx ].vaddr_offset);
     715           6 :       m1_bytes_in_cur_region = fd_ulong_min( sz, fd_ulong_sat_sub( vm->input_mem_regions[ m1_region_idx ].region_sz,
     716           6 :                                                                         ((ulong)m1_haddr - vm->input_mem_regions[ m1_region_idx ].haddr) ) );
     717           6 :     } else {
     718           6 :       m1_bytes_in_cur_region = fd_ulong_min( sz, vm->region_ld_sz[ m1_region ] - m1_offset );
     719          12 :       m1_haddr               = (uchar *)FD_VM_MEM_SLICE_HADDR_LD_SZ_UNCHECKED( vm, m1_vaddr, FD_VM_ALIGN_RUST_U8 );
     720          12 :     }
     721             : 
     722             :     /* Case where the operation spans multiple regions. Copy over the bytes
     723             :        from each region while iterating to the next one. */
     724             :     /* TODO: An optimization would be to memcmp chunks at once */
     725          12 :     ulong m0_idx = 0UL;
     726          12 :     ulong m1_idx = 0UL;
     727         612 :     for( ulong i=0UL; i<sz; i++ ) {
     728         609 :       if( FD_UNLIKELY( !m0_bytes_in_cur_region ) ) {
     729             :         /* If the memory is not in the input region or it is the last input
     730             :            memory region, that means that if we don't exit now we will have
     731             :            an access violation. */
     732           6 :         if( FD_UNLIKELY( m0_region!=FD_VM_INPUT_REGION || ++m0_region_idx>=vm->input_mem_regions_cnt ) ) {
     733           0 :           FD_VM_ERR_FOR_LOG_EBPF( vm, FD_VM_ERR_EBPF_ACCESS_VIOLATION );
     734           0 :           return FD_VM_SYSCALL_ERR_SEGFAULT;
     735           0 :         }
     736           6 :         if( FD_UNLIKELY( vm->input_mem_regions[ m0_region_idx-1UL ].is_acct_data != vm->input_mem_regions[ m0_region_idx ].is_acct_data ) ) {
     737           0 :           FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_LENGTH );
     738           0 :           return FD_VM_SYSCALL_ERR_SEGFAULT;
     739           0 :         }
     740             :         /* Otherwise, query the next input region. */
     741           6 :         m0_haddr = (uchar*)vm->input_mem_regions[ m0_region_idx ].haddr;
     742           6 :         m0_idx = 0UL;
     743           6 :         m0_bytes_in_cur_region = vm->input_mem_regions[ m0_region_idx ].region_sz;
     744           6 :       }
     745         609 :       if( FD_UNLIKELY( !m1_bytes_in_cur_region ) ) {
     746           0 :         if( FD_UNLIKELY( m1_region!=FD_VM_INPUT_REGION || ++m1_region_idx>=vm->input_mem_regions_cnt ) ) {
     747           0 :           FD_VM_ERR_FOR_LOG_EBPF( vm, FD_VM_ERR_EBPF_ACCESS_VIOLATION );
     748           0 :           return FD_VM_SYSCALL_ERR_SEGFAULT;
     749           0 :         }
     750           0 :         if( FD_UNLIKELY( vm->input_mem_regions[ m1_region_idx-1UL ].is_acct_data != vm->input_mem_regions[ m1_region_idx ].is_acct_data ) ) {
     751           0 :           FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_LENGTH );
     752           0 :           return FD_VM_SYSCALL_ERR_SEGFAULT;
     753           0 :         }
     754           0 :         m1_haddr = (uchar*)vm->input_mem_regions[ m1_region_idx ].haddr;
     755           0 :         m1_idx = 0UL;
     756           0 :         m1_bytes_in_cur_region = vm->input_mem_regions[ m1_region_idx ].region_sz;
     757           0 :       }
     758             : 
     759         609 :       int i0 = (int)m0_haddr[ m0_idx ];
     760         609 :       int i1 = (int)m1_haddr[ m1_idx ];
     761         609 :       if( i0!=i1 ) {
     762           9 :         out = i0 - i1;
     763           9 :         break;
     764           9 :       }
     765             : 
     766         600 :       m0_bytes_in_cur_region--;
     767         600 :       m1_bytes_in_cur_region--;
     768         600 :       m0_idx++;
     769         600 :       m1_idx++;
     770         600 :     }
     771          12 :     fd_memcpy( _out, &out, 4UL ); /* Sigh ... see note above (and might be unaligned ... double sigh) */
     772          12 :     return FD_VM_SUCCESS;
     773          12 :   }
     774          15 : }
     775             : 
     776             : int
     777             : fd_vm_syscall_sol_memset( /**/            void *  _vm,
     778             :                           /**/            ulong   dst_vaddr,
     779             :                           /**/            ulong   c,
     780             :                           /**/            ulong   sz,
     781             :                           FD_PARAM_UNUSED ulong   r4,
     782             :                           FD_PARAM_UNUSED ulong   r5,
     783          27 :                           /**/            ulong * _ret ) {
     784          27 :   fd_vm_t * vm = (fd_vm_t *)_vm;
     785          27 :   *_ret = 0;
     786             : 
     787             :   /* https://github.com/anza-xyz/agave/blob/v2.2.17/programs/bpf_loader/src/syscalls/mem_ops.rs#L142 */
     788             : 
     789          27 :   FD_VM_CU_MEM_OP_UPDATE( vm, sz );
     790             : 
     791          27 :   if( FD_UNLIKELY( !sz ) ) {
     792           0 :     return FD_VM_SUCCESS;
     793           0 :   }
     794             : 
     795          27 :   ulong   region = FD_VADDR_TO_REGION( dst_vaddr );
     796          27 :   ulong   offset = dst_vaddr & FD_VM_OFFSET_MASK;
     797          27 :   uchar * haddr;
     798             : 
     799          27 :   int b = (int)(c & 255UL);
     800             : 
     801          27 :   if( !vm->direct_mapping ) {
     802             :     /* https://github.com/anza-xyz/agave/blob/v2.3.1/programs/bpf_loader/src/syscalls/mem_ops.rs#L155-L159 */
     803           9 :     fd_vm_haddr_query_t haddr_query = {
     804           9 :       .vaddr    = dst_vaddr,
     805           9 :       .align    = FD_VM_ALIGN_RUST_U8,
     806           9 :       .sz       = sz,
     807           9 :       .is_slice = 1,
     808           9 :     };
     809             : 
     810           9 :     fd_vm_haddr_query_t * queries[] = { &haddr_query };
     811           9 :     FD_VM_TRANSLATE_MUT( vm, queries );
     812           6 :     fd_memset( haddr_query.haddr, b, sz );
     813          18 :   } else if( region!=FD_VM_INPUT_REGION ) {
     814             :     /* Here we special case non-input region memsets: we try to memset
     815             :        as many bytes as possible until it reaches an unwritable section.
     816             :        This is done in order to ensure error-code conformance with
     817             :        Agave. */
     818           9 :     haddr = (uchar*)FD_VM_MEM_HADDR_ST_FAST( vm, dst_vaddr );
     819           9 :     ulong bytes_in_cur_region = fd_ulong_sat_sub( vm->region_st_sz[ region ], offset );
     820           9 :     ulong bytes_to_set        = fd_ulong_min( sz, bytes_in_cur_region );
     821           9 :     fd_memset( haddr, b, bytes_to_set );
     822           9 :     if( FD_UNLIKELY( bytes_to_set<sz ) ) {
     823           3 :       FD_VM_ERR_FOR_LOG_EBPF( vm, FD_VM_ERR_EBPF_ACCESS_VIOLATION );
     824           3 :       return FD_VM_SYSCALL_ERR_SEGFAULT;
     825           3 :     }
     826           9 :   } else {
     827             :     /* In this case, we are in the input region AND direct mapping is
     828             :        enabled. Get the haddr and input region and check if it's
     829             :        writable. This means that we may potentially iterate over
     830             :        multiple regions. */
     831           9 :     ulong region_idx;
     832           9 :     FD_VM_MEM_HADDR_AND_REGION_IDX_FROM_INPUT_REGION_CHECKED( vm, offset, region_idx, haddr );
     833           0 :     ulong offset_in_cur_region = offset - vm->input_mem_regions[ region_idx ].vaddr_offset;
     834           9 :     ulong bytes_in_cur_region  = fd_ulong_sat_sub( vm->input_mem_regions[ region_idx ].region_sz, offset_in_cur_region );
     835             : 
     836             :     /* Check that current region is writable */
     837           9 :     if( FD_UNLIKELY( !vm->input_mem_regions[ region_idx ].is_writable ) ) {
     838           0 :       FD_VM_ERR_FOR_LOG_EBPF( vm, FD_VM_ERR_EBPF_ACCESS_VIOLATION );
     839           0 :       return FD_VM_SYSCALL_ERR_SEGFAULT;
     840           0 :     }
     841             : 
     842             :     /* Memset goes into multiple regions. */
     843          30 :     while( sz>0UL ) {
     844             : 
     845             :       /* Memset bytes */
     846          30 :       ulong num_bytes_to_set = fd_ulong_min( sz, bytes_in_cur_region );
     847          30 :       fd_memset( haddr, b, num_bytes_to_set );
     848          30 :       sz -= num_bytes_to_set;
     849             : 
     850          30 :       if( !sz ) {
     851           6 :         break;
     852           6 :       }
     853             : 
     854             :       /* If no more regions left, break. */
     855          24 :       if( ++region_idx==vm->input_mem_regions_cnt ) {
     856           0 :         break;
     857           0 :       }
     858             : 
     859             :       /* Check that new region is writable. */
     860          24 :       if( FD_UNLIKELY( !vm->input_mem_regions[ region_idx ].is_writable ) ) {
     861           3 :         break;
     862           3 :       }
     863             : 
     864             :       /* If new region crosses into/out of account region, error out. */
     865          21 :       if( FD_UNLIKELY( vm->input_mem_regions[ region_idx ].is_acct_data !=
     866          21 :                        vm->input_mem_regions[ region_idx-1UL ].is_acct_data ) ) {
     867           0 :         FD_VM_ERR_FOR_LOG_SYSCALL( vm, FD_VM_SYSCALL_ERR_INVALID_LENGTH );
     868           0 :         return FD_VM_SYSCALL_ERR_SEGFAULT;
     869           0 :       }
     870             : 
     871             :       /* Move haddr to next region. */
     872          21 :       haddr               = (uchar*)vm->input_mem_regions[ region_idx ].haddr;
     873          21 :       bytes_in_cur_region = vm->input_mem_regions[ region_idx ].region_sz;
     874          21 :     }
     875             : 
     876             :     /* If we were not able to successfully set all the bytes, throw an error. */
     877           9 :     if( FD_UNLIKELY( sz>0 ) ) {
     878           3 :       FD_VM_ERR_FOR_LOG_EBPF( vm, FD_VM_ERR_EBPF_ACCESS_VIOLATION );
     879           3 :       return FD_VM_SYSCALL_ERR_SEGFAULT;
     880           3 :     }
     881           9 :   }
     882          18 :   return FD_VM_SUCCESS;
     883          27 : }

Generated by: LCOV version 1.14