blockworks-foundation
/
solana
mirror of https://github.com/blockworks-foundation/solana.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature gates for rbpf v0.2.16 (#21590) 

- Adds feature reject_section_virtual_address_file_offset_mismatch.
- Adds feature start_verify_shift32_imm.
- Enables enable_symbol_and_section_labels only in the rbpf-cli.
This commit is contained in:
Alexander Meißner 2021-12-03 15:45:25 +01:00 committed by GitHub
parent a9d5ef2055
commit 015250f96c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 31 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cli/src/program.rs
View File

@ -1999,7 +1999,9 @@ fn read_and_verify_elf(program_location: &str) -> Result<Vec<u8>, Box<dyn std::e
Some(verifier::check),
Config {
reject_unresolved_syscalls: true,
verify_mul64_imm_nonzero: true, // TODO: Remove me after feature gate
verify_mul64_imm_nonzero: false,
verify_shift32_imm: true,
reject_section_virtual_address_file_offset_mismatch: true,
..Config::default()
},
register_syscalls(&mut invoke_context).unwrap(),

4
programs/bpf/tests/programs.rs
View File

@ -209,6 +209,10 @@ fn run_program(name: &str) -> u64 {
let mut instruction_meter = ThisInstructionMeter { compute_meter };
let config = Config {
enable_instruction_tracing: true,
reject_unresolved_syscalls: true,
reject_section_virtual_address_file_offset_mismatch: true,
verify_mul64_imm_nonzero: false,
verify_shift32_imm: true,
..Config::default()
};
let mut executable = Executable::<BpfError, ThisInstructionMeter>::from_elf(

18
programs/bpf_loader/src/lib.rs
View File

@ -38,8 +38,9 @@ use solana_sdk::{
entrypoint::{HEAP_LENGTH, SUCCESS},
feature_set::{
do_support_realloc, reduce_required_deploy_balance,
reject_deployment_of_unresolved_syscalls, requestable_heap_size,
stop_verify_mul64_imm_nonzero,
reject_deployment_of_unresolved_syscalls,
reject_section_virtual_address_file_offset_mismatch, requestable_heap_size,
start_verify_shift32_imm, stop_verify_mul64_imm_nonzero,
},
instruction::{AccountMeta, InstructionError},
keyed_account::{from_keyed_account, keyed_account_at_index, KeyedAccount},
@ -79,7 +80,7 @@ pub fn create_executor(
programdata_offset: usize,
invoke_context: &mut InvokeContext,
use_jit: bool,
reject_unresolved_syscalls: bool,
reject_deployment_of_broken_elfs: bool,
) -> Result<Arc<BpfExecutor>, InstructionError> {
let syscall_registry = syscalls::register_syscalls(invoke_context).map_err(|e| {
ic_msg!(invoke_context, "Failed to register syscalls: {}", e);
@ -90,13 +91,20 @@ pub fn create_executor(
max_call_depth: compute_budget.max_call_depth,
stack_frame_size: compute_budget.stack_frame_size,
enable_instruction_tracing: log_enabled!(Trace),
reject_unresolved_syscalls: reject_unresolved_syscalls
reject_unresolved_syscalls: reject_deployment_of_broken_elfs
&& invoke_context
.feature_set
.is_active(&reject_deployment_of_unresolved_syscalls::id()),
reject_section_virtual_address_file_offset_mismatch: reject_deployment_of_broken_elfs
&& invoke_context
.feature_set
.is_active(&reject_section_virtual_address_file_offset_mismatch::id()),
verify_mul64_imm_nonzero: !invoke_context
.feature_set
.is_active(&stop_verify_mul64_imm_nonzero::id()), // TODO: Feature gate and then remove me
.is_active(&stop_verify_mul64_imm_nonzero::id()),
verify_shift32_imm: invoke_context
.feature_set
.is_active(&start_verify_shift32_imm::id()),
..Config::default()
};
let mut executable = {

1
rbpf-cli/src/main.rs
View File

@ -152,6 +152,7 @@ native machine code before execting it in the virtual machine.",
let config = Config {
enable_instruction_tracing: matches.is_present("trace") || matches.is_present("profile"),
enable_symbol_and_section_labels: true,
..Config::default()
};
let loader_id = bpf_loader::id();

10
sdk/src/feature_set.rs
View File

@ -139,6 +139,10 @@ pub mod stop_verify_mul64_imm_nonzero {
solana_sdk::declare_id!("EHFwHg2vhwUb7ifm7BuY9RMbsyt1rS1rUii7yeDJtGnN");
}
pub mod start_verify_shift32_imm {
solana_sdk::declare_id!("CqvdhqAYMc6Eq6tjW3H42Qg39TK2SCsL8ydMsC363PRp");
}
pub mod merge_nonce_error_into_system_error {
solana_sdk::declare_id!("21AWDosvp3pBamFW91KB35pNoaoZVTM7ess8nr2nt53B");
}
@ -237,6 +241,10 @@ pub mod reject_deployment_of_unresolved_syscalls {
solana_sdk::declare_id!("DqniU3MfvdpU3yhmNF1RKeaM5TZQELZuyFGosASRVUoy");
}
pub mod reject_section_virtual_address_file_offset_mismatch {
solana_sdk::declare_id!("5N4NikcJLEiZNqwndhNyvZw15LvFXp1oF7AJQTNTZY5k");
}
pub mod nonce_must_be_writable {
solana_sdk::declare_id!("BiCU7M5w8ZCMykVSyhZ7Q3m2SWoR2qrEQ86ERcDX77ME");
}
@ -279,6 +287,7 @@ lazy_static! {
(tx_wide_compute_cap::id(), "transaction wide compute cap"),
(spl_token_v2_set_authority_fix::id(), "spl-token set_authority fix"),
(stop_verify_mul64_imm_nonzero::id(), "sets rbpf vm config verify_mul64_imm_nonzero to false"),
(start_verify_shift32_imm::id(), "sets rbpf vm config verify_shift32_imm to true"),
(merge_nonce_error_into_system_error::id(), "merge NonceError into SystemError"),
(disable_fees_sysvar::id(), "disable fees sysvar"),
(stake_merge_with_unmatched_credits_observed::id(), "allow merging active stakes with unmatched credits_observed #18985"),
@ -303,6 +312,7 @@ lazy_static! {
(disable_fee_calculator::id(), "deprecate fee calculator"),
(add_compute_budget_program::id(), "Add compute_budget_program"),
(reject_deployment_of_unresolved_syscalls::id(), "Reject deployment of programs with unresolved syscall symbols"),
(reject_section_virtual_address_file_offset_mismatch::id(), "enforce section virtual addresses and file offsets in ELF to be equal"),
(nonce_must_be_writable::id(), "nonce must be writable"),
(spl_token_v3_3_0_release::id(), "spl-token v3.3.0 release"),
(leave_nonce_on_success::id(), "leave nonce as is on success"),