blockworks-foundation
/
solana
mirror of https://github.com/blockworks-foundation/solana.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add buffer authority to upgradeable loader (#14482)

This commit is contained in:
Jack May 2021-01-08 09:37:57 -08:00 committed by GitHub
parent 30038a8849
commit 58487c6360
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 2166 additions and 588 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cli/src/cli.rs
View File

@ -2665,7 +2665,7 @@ mod tests {
let program_id = json let program_id = json
.as_object() .as_object()
.unwrap() .unwrap()
.get("programId") .get("ProgramId")
.unwrap() .unwrap()
.as_str() .as_str()
.unwrap(); .unwrap();

1250
cli/src/program.rs
View File

File diff suppressed because it is too large Load Diff

529
cli/tests/program.rs
View File

@ -7,6 +7,7 @@ use solana_client::rpc_client::RpcClient;
use solana_core::test_validator::TestValidator; use solana_core::test_validator::TestValidator;
use solana_faucet::faucet::run_local_faucet; use solana_faucet::faucet::run_local_faucet;
use solana_sdk::{ use solana_sdk::{
account_utils::StateMut,
bpf_loader, bpf_loader,
bpf_loader_upgradeable::{self, UpgradeableLoaderState}, bpf_loader_upgradeable::{self, UpgradeableLoaderState},
commitment_config::CommitmentConfig, commitment_config::CommitmentConfig,
@ -64,7 +65,7 @@ fn test_cli_program_deploy_non_upgradeable() {
let program_id_str = json let program_id_str = json
.as_object() .as_object()
.unwrap() .unwrap()
.get("programId") .get("ProgramId")
.unwrap() .unwrap()
.as_str() .as_str()
.unwrap(); .unwrap();
@ -191,13 +192,15 @@ fn test_cli_program_deploy_no_authority() {
// Deploy a program with no authority // Deploy a program with no authority
config.signers = vec![&keypair]; config.signers = vec![&keypair];
config.command = CliCommand::Program(ProgramCliCommand::Deploy { config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: pathbuf.to_str().unwrap().to_string(), program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: None, program_signer_index: None,
program_pubkey: None, program_pubkey: None,
buffer_signer_index: None, buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false, allow_excessive_balance: false,
upgrade_authority_signer_index: None, upgrade_authority_signer_index: None,
upgrade_authority_pubkey: None, upgrade_authority_pubkey: None,
is_final: false,
max_len: None, max_len: None,
}); });
let response = process_command(&config); let response = process_command(&config);
@ -205,7 +208,7 @@ fn test_cli_program_deploy_no_authority() {
let program_id_str = json let program_id_str = json
.as_object() .as_object()
.unwrap() .unwrap()
.get("programId") .get("ProgramId")
.unwrap() .unwrap()
.as_str() .as_str()
.unwrap(); .unwrap();
@ -214,13 +217,15 @@ fn test_cli_program_deploy_no_authority() {
// Attempt to upgrade the program // Attempt to upgrade the program
config.signers = vec![&keypair, &upgrade_authority]; config.signers = vec![&keypair, &upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::Deploy { config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: pathbuf.to_str().unwrap().to_string(), program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: None, program_signer_index: None,
program_pubkey: Some(program_id), program_pubkey: Some(program_id),
buffer_signer_index: None, buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false, allow_excessive_balance: false,
upgrade_authority_signer_index: Some(1), upgrade_authority_signer_index: Some(1),
upgrade_authority_pubkey: Some(upgrade_authority.pubkey()), upgrade_authority_pubkey: Some(upgrade_authority.pubkey()),
is_final: false,
max_len: None, max_len: None,
}); });
process_command(&config).unwrap_err(); process_command(&config).unwrap_err();
@ -275,27 +280,29 @@ fn test_cli_program_deploy_with_authority() {
let program_keypair = Keypair::new(); let program_keypair = Keypair::new();
config.signers = vec![&keypair, &upgrade_authority, &program_keypair]; config.signers = vec![&keypair, &upgrade_authority, &program_keypair];
config.command = CliCommand::Program(ProgramCliCommand::Deploy { config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: pathbuf.to_str().unwrap().to_string(), program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: Some(2), program_signer_index: Some(2),
program_pubkey: Some(program_keypair.pubkey()), program_pubkey: Some(program_keypair.pubkey()),
buffer_signer_index: None, buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false, allow_excessive_balance: false,
upgrade_authority_signer_index: Some(1), upgrade_authority_signer_index: Some(1),
upgrade_authority_pubkey: Some(upgrade_authority.pubkey()), upgrade_authority_pubkey: Some(upgrade_authority.pubkey()),
is_final: false,
max_len: Some(max_len), max_len: Some(max_len),
}); });
let response = process_command(&config); let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap(); let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let program_id_str = json let program_pubkey_str = json
.as_object() .as_object()
.unwrap() .unwrap()
.get("programId") .get("ProgramId")
.unwrap() .unwrap()
.as_str() .as_str()
.unwrap(); .unwrap();
assert_eq!( assert_eq!(
program_keypair.pubkey(), program_keypair.pubkey(),
Pubkey::from_str(&program_id_str).unwrap() Pubkey::from_str(&program_pubkey_str).unwrap()
); );
let program_account = rpc_client let program_account = rpc_client
.get_account_with_commitment(&program_keypair.pubkey(), CommitmentConfig::recent()) .get_account_with_commitment(&program_keypair.pubkey(), CommitmentConfig::recent())
@ -328,27 +335,29 @@ fn test_cli_program_deploy_with_authority() {
// Deploy the upgradeable program // Deploy the upgradeable program
config.signers = vec![&keypair, &upgrade_authority]; config.signers = vec![&keypair, &upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::Deploy { config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: pathbuf.to_str().unwrap().to_string(), program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: None, program_signer_index: None,
program_pubkey: None, program_pubkey: None,
buffer_signer_index: None, buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false, allow_excessive_balance: false,
upgrade_authority_signer_index: Some(1), upgrade_authority_signer_index: Some(1),
upgrade_authority_pubkey: Some(upgrade_authority.pubkey()), upgrade_authority_pubkey: Some(upgrade_authority.pubkey()),
is_final: false,
max_len: Some(max_len), max_len: Some(max_len),
}); });
let response = process_command(&config); let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap(); let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let program_id_str = json let program_pubkey_str = json
.as_object() .as_object()
.unwrap() .unwrap()
.get("programId") .get("ProgramId")
.unwrap() .unwrap()
.as_str() .as_str()
.unwrap(); .unwrap();
let program_id = Pubkey::from_str(&program_id_str).unwrap(); let program_pubkey = Pubkey::from_str(&program_pubkey_str).unwrap();
let program_account = rpc_client let program_account = rpc_client
.get_account_with_commitment(&program_id, CommitmentConfig::recent()) .get_account_with_commitment(&program_pubkey, CommitmentConfig::recent())
.unwrap() .unwrap()
.value .value
.unwrap(); .unwrap();
@ -356,7 +365,7 @@ fn test_cli_program_deploy_with_authority() {
assert_eq!(program_account.owner, bpf_loader_upgradeable::id()); assert_eq!(program_account.owner, bpf_loader_upgradeable::id());
assert_eq!(program_account.executable, true); assert_eq!(program_account.executable, true);
let (programdata_pubkey, _) = let (programdata_pubkey, _) =
Pubkey::find_program_address(&[program_id.as_ref()], &bpf_loader_upgradeable::id()); Pubkey::find_program_address(&[program_pubkey.as_ref()], &bpf_loader_upgradeable::id());
let programdata_account = rpc_client let programdata_account = rpc_client
.get_account_with_commitment(&programdata_pubkey, CommitmentConfig::recent()) .get_account_with_commitment(&programdata_pubkey, CommitmentConfig::recent())
.unwrap() .unwrap()
@ -376,27 +385,20 @@ fn test_cli_program_deploy_with_authority() {
// Upgrade the program // Upgrade the program
config.signers = vec![&keypair, &upgrade_authority]; config.signers = vec![&keypair, &upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::Deploy { config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: pathbuf.to_str().unwrap().to_string(), program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: None, program_signer_index: None,
program_pubkey: Some(program_id), program_pubkey: Some(program_pubkey),
buffer_signer_index: None, buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false, allow_excessive_balance: false,
upgrade_authority_signer_index: Some(1), upgrade_authority_signer_index: Some(1),
upgrade_authority_pubkey: Some(upgrade_authority.pubkey()), upgrade_authority_pubkey: Some(upgrade_authority.pubkey()),
is_final: false,
max_len: Some(max_len), max_len: Some(max_len),
}); });
let response = process_command(&config); process_command(&config).unwrap();
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let program_id_str = json
.as_object()
.unwrap()
.get("programId")
.unwrap()
.as_str()
.unwrap();
let program_id = Pubkey::from_str(&program_id_str).unwrap();
let program_account = rpc_client let program_account = rpc_client
.get_account_with_commitment(&program_id, CommitmentConfig::recent()) .get_account_with_commitment(&program_pubkey, CommitmentConfig::recent())
.unwrap() .unwrap()
.value .value
.unwrap(); .unwrap();
@ -404,7 +406,7 @@ fn test_cli_program_deploy_with_authority() {
assert_eq!(program_account.owner, bpf_loader_upgradeable::id()); assert_eq!(program_account.owner, bpf_loader_upgradeable::id());
assert_eq!(program_account.executable, true); assert_eq!(program_account.executable, true);
let (programdata_pubkey, _) = let (programdata_pubkey, _) =
Pubkey::find_program_address(&[program_id.as_ref()], &bpf_loader_upgradeable::id()); Pubkey::find_program_address(&[program_pubkey.as_ref()], &bpf_loader_upgradeable::id());
let programdata_account = rpc_client let programdata_account = rpc_client
.get_account_with_commitment(&programdata_pubkey, CommitmentConfig::recent()) .get_account_with_commitment(&programdata_pubkey, CommitmentConfig::recent())
.unwrap() .unwrap()
@ -425,7 +427,7 @@ fn test_cli_program_deploy_with_authority() {
let new_upgrade_authority = Keypair::new(); let new_upgrade_authority = Keypair::new();
config.signers = vec![&keypair, &upgrade_authority]; config.signers = vec![&keypair, &upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::SetUpgradeAuthority { config.command = CliCommand::Program(ProgramCliCommand::SetUpgradeAuthority {
program: program_id, program_pubkey,
upgrade_authority_index: Some(1), upgrade_authority_index: Some(1),
new_upgrade_authority: Some(new_upgrade_authority.pubkey()), new_upgrade_authority: Some(new_upgrade_authority.pubkey()),
}); });
@ -434,7 +436,7 @@ fn test_cli_program_deploy_with_authority() {
let new_upgrade_authority_str = json let new_upgrade_authority_str = json
.as_object() .as_object()
.unwrap() .unwrap()
.get("UpgradeAuthority") .get("Authority")
.unwrap() .unwrap()
.as_str() .as_str()
.unwrap(); .unwrap();
@ -446,27 +448,20 @@ fn test_cli_program_deploy_with_authority() {
// Upgrade with new authority // Upgrade with new authority
config.signers = vec![&keypair, &new_upgrade_authority]; config.signers = vec![&keypair, &new_upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::Deploy { config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: pathbuf.to_str().unwrap().to_string(), program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: None, program_signer_index: None,
program_pubkey: Some(program_id), program_pubkey: Some(program_pubkey),
buffer_signer_index: None, buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false, allow_excessive_balance: false,
upgrade_authority_signer_index: Some(1), upgrade_authority_signer_index: Some(1),
upgrade_authority_pubkey: Some(new_upgrade_authority.pubkey()), upgrade_authority_pubkey: Some(new_upgrade_authority.pubkey()),
is_final: false,
max_len: None, max_len: None,
}); });
let response = process_command(&config); process_command(&config).unwrap();
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let program_id_str = json
.as_object()
.unwrap()
.get("programId")
.unwrap()
.as_str()
.unwrap();
let program_id = Pubkey::from_str(&program_id_str).unwrap();
let program_account = rpc_client let program_account = rpc_client
.get_account_with_commitment(&program_id, CommitmentConfig::recent()) .get_account_with_commitment(&program_pubkey, CommitmentConfig::recent())
.unwrap() .unwrap()
.value .value
.unwrap(); .unwrap();
@ -474,7 +469,7 @@ fn test_cli_program_deploy_with_authority() {
assert_eq!(program_account.owner, bpf_loader_upgradeable::id()); assert_eq!(program_account.owner, bpf_loader_upgradeable::id());
assert_eq!(program_account.executable, true); assert_eq!(program_account.executable, true);
let (programdata_pubkey, _) = let (programdata_pubkey, _) =
Pubkey::find_program_address(&[program_id.as_ref()], &bpf_loader_upgradeable::id()); Pubkey::find_program_address(&[program_pubkey.as_ref()], &bpf_loader_upgradeable::id());
let programdata_account = rpc_client let programdata_account = rpc_client
.get_account_with_commitment(&programdata_pubkey, CommitmentConfig::recent()) .get_account_with_commitment(&programdata_pubkey, CommitmentConfig::recent())
.unwrap() .unwrap()
@ -494,7 +489,7 @@ fn test_cli_program_deploy_with_authority() {
// Set no authority // Set no authority
config.signers = vec![&keypair, &new_upgrade_authority]; config.signers = vec![&keypair, &new_upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::SetUpgradeAuthority { config.command = CliCommand::Program(ProgramCliCommand::SetUpgradeAuthority {
program: program_id, program_pubkey,
upgrade_authority_index: Some(1), upgrade_authority_index: Some(1),
new_upgrade_authority: None, new_upgrade_authority: None,
}); });
@ -503,7 +498,7 @@ fn test_cli_program_deploy_with_authority() {
let new_upgrade_authority_str = json let new_upgrade_authority_str = json
.as_object() .as_object()
.unwrap() .unwrap()
.get("UpgradeAuthority") .get("Authority")
.unwrap() .unwrap()
.as_str() .as_str()
.unwrap(); .unwrap();
@ -512,14 +507,452 @@ fn test_cli_program_deploy_with_authority() {
// Upgrade with no authority // Upgrade with no authority
config.signers = vec![&keypair, &new_upgrade_authority]; config.signers = vec![&keypair, &new_upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::Deploy { config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: pathbuf.to_str().unwrap().to_string(), program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: None, program_signer_index: None,
program_pubkey: Some(program_id), program_pubkey: Some(program_pubkey),
buffer_signer_index: None, buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false, allow_excessive_balance: false,
upgrade_authority_signer_index: Some(1), upgrade_authority_signer_index: Some(1),
upgrade_authority_pubkey: Some(new_upgrade_authority.pubkey()), upgrade_authority_pubkey: Some(new_upgrade_authority.pubkey()),
is_final: false,
max_len: None, max_len: None,
}); });
process_command(&config).unwrap_err(); process_command(&config).unwrap_err();
// deploy with finality
config.signers = vec![&keypair, &new_upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: None,
program_pubkey: None,
buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false,
upgrade_authority_signer_index: Some(1),
upgrade_authority_pubkey: Some(new_upgrade_authority.pubkey()),
is_final: true,
max_len: None,
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let program_pubkey_str = json
.as_object()
.unwrap()
.get("ProgramId")
.unwrap()
.as_str()
.unwrap();
let program_pubkey = Pubkey::from_str(&program_pubkey_str).unwrap();
let (programdata_pubkey, _) =
Pubkey::find_program_address(&[program_pubkey.as_ref()], &bpf_loader_upgradeable::id());
let programdata_account = rpc_client
.get_account_with_commitment(&programdata_pubkey, CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
if let UpgradeableLoaderState::ProgramData {
slot: _,
upgrade_authority_address,
} = programdata_account.state().unwrap()
{
assert_eq!(upgrade_authority_address, None);
} else {
panic!("not a buffer account");
}
}
#[test]
fn test_cli_program_write_buffer() {
solana_logger::setup();
let mut pathbuf = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
pathbuf.push("tests");
pathbuf.push("fixtures");
pathbuf.push("noop");
pathbuf.set_extension("so");
let mint_keypair = Keypair::new();
let test_validator = TestValidator::with_no_fees(mint_keypair.pubkey());
let (sender, receiver) = channel();
run_local_faucet(mint_keypair, sender, None);
let faucet_addr = receiver.recv().unwrap();
let rpc_client = RpcClient::new(test_validator.rpc_url());
let mut file = File::open(pathbuf.to_str().unwrap()).unwrap();
let mut program_data = Vec::new();
file.read_to_end(&mut program_data).unwrap();
let max_len = program_data.len();
let minimum_balance_for_buffer = rpc_client
.get_minimum_balance_for_rent_exemption(
UpgradeableLoaderState::programdata_len(max_len).unwrap(),
)
.unwrap();
let minimum_balance_for_buffer_default = rpc_client
.get_minimum_balance_for_rent_exemption(
UpgradeableLoaderState::programdata_len(max_len * 2).unwrap(),
)
.unwrap();
let mut config = CliConfig::recent_for_tests();
let keypair = Keypair::new();
config.json_rpc_url = test_validator.rpc_url();
config.signers = vec![&keypair];
config.command = CliCommand::Airdrop {
faucet_host: None,
faucet_port: faucet_addr.port(),
pubkey: None,
lamports: 100 * minimum_balance_for_buffer,
};
process_command(&config).unwrap();
// Write a buffer with default params
config.signers = vec![&keypair];
config.command = CliCommand::Program(ProgramCliCommand::WriteBuffer {
program_location: pathbuf.to_str().unwrap().to_string(),
buffer_signer_index: None,
buffer_pubkey: None,
buffer_authority_signer_index: None,
is_final: false,
max_len: None,
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let buffer_pubkey_str = json
.as_object()
.unwrap()
.get("Buffer")
.unwrap()
.as_str()
.unwrap();
let new_buffer_pubkey = Pubkey::from_str(&buffer_pubkey_str).unwrap();
let buffer_account = rpc_client
.get_account_with_commitment(&new_buffer_pubkey, CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
assert_eq!(buffer_account.lamports, minimum_balance_for_buffer_default);
assert_eq!(buffer_account.owner, bpf_loader_upgradeable::id());
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, Some(keypair.pubkey()));
} else {
panic!("not a buffer account");
}
assert_eq!(
buffer_account.data[UpgradeableLoaderState::buffer_data_offset().unwrap()..],
program_data[..]
);
// Specify buffer keypair and max_len
let buffer_keypair = Keypair::new();
config.signers = vec![&keypair, &buffer_keypair];
config.command = CliCommand::Program(ProgramCliCommand::WriteBuffer {
program_location: pathbuf.to_str().unwrap().to_string(),
buffer_signer_index: Some(1),
buffer_pubkey: Some(buffer_keypair.pubkey()),
buffer_authority_signer_index: None,
is_final: false,
max_len: Some(max_len),
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let buffer_pubkey_str = json
.as_object()
.unwrap()
.get("Buffer")
.unwrap()
.as_str()
.unwrap();
assert_eq!(
buffer_keypair.pubkey(),
Pubkey::from_str(&buffer_pubkey_str).unwrap()
);
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_keypair.pubkey(), CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
assert_eq!(buffer_account.lamports, minimum_balance_for_buffer);
assert_eq!(buffer_account.owner, bpf_loader_upgradeable::id());
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, Some(keypair.pubkey()));
} else {
panic!("not a buffer account");
}
assert_eq!(
buffer_account.data[UpgradeableLoaderState::buffer_data_offset().unwrap()..],
program_data[..]
);
// Specify buffer authority
let buffer_keypair = Keypair::new();
let authority_keypair = Keypair::new();
config.signers = vec![&keypair, &buffer_keypair, &authority_keypair];
config.command = CliCommand::Program(ProgramCliCommand::WriteBuffer {
program_location: pathbuf.to_str().unwrap().to_string(),
buffer_signer_index: Some(1),
buffer_pubkey: Some(buffer_keypair.pubkey()),
buffer_authority_signer_index: Some(2),
is_final: false,
max_len: None,
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let buffer_pubkey_str = json
.as_object()
.unwrap()
.get("Buffer")
.unwrap()
.as_str()
.unwrap();
assert_eq!(
buffer_keypair.pubkey(),
Pubkey::from_str(&buffer_pubkey_str).unwrap()
);
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_keypair.pubkey(), CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
assert_eq!(buffer_account.lamports, minimum_balance_for_buffer_default);
assert_eq!(buffer_account.owner, bpf_loader_upgradeable::id());
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, Some(authority_keypair.pubkey()));
} else {
panic!("not a buffer account");
}
assert_eq!(
buffer_account.data[UpgradeableLoaderState::buffer_data_offset().unwrap()..],
program_data[..]
);
// Specify authority only
let buffer_keypair = Keypair::new();
let authority_keypair = Keypair::new();
config.signers = vec![&keypair, &buffer_keypair, &authority_keypair];
config.command = CliCommand::Program(ProgramCliCommand::WriteBuffer {
program_location: pathbuf.to_str().unwrap().to_string(),
buffer_signer_index: None,
buffer_pubkey: None,
buffer_authority_signer_index: Some(2),
is_final: false,
max_len: None,
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let buffer_pubkey_str = json
.as_object()
.unwrap()
.get("Buffer")
.unwrap()
.as_str()
.unwrap();
let buffer_pubkey = Pubkey::from_str(&buffer_pubkey_str).unwrap();
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_pubkey, CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
assert_eq!(buffer_account.lamports, minimum_balance_for_buffer_default);
assert_eq!(buffer_account.owner, bpf_loader_upgradeable::id());
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, Some(authority_keypair.pubkey()));
} else {
panic!("not a buffer account");
}
assert_eq!(
buffer_account.data[UpgradeableLoaderState::buffer_data_offset().unwrap()..],
program_data[..]
);
// Specify final
let buffer_keypair = Keypair::new();
let authority_keypair = Keypair::new();
config.signers = vec![&keypair, &buffer_keypair, &authority_keypair];
config.command = CliCommand::Program(ProgramCliCommand::WriteBuffer {
program_location: pathbuf.to_str().unwrap().to_string(),
buffer_signer_index: None,
buffer_pubkey: None,
buffer_authority_signer_index: Some(2),
is_final: true,
max_len: None,
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let buffer_pubkey_str = json
.as_object()
.unwrap()
.get("Buffer")
.unwrap()
.as_str()
.unwrap();
let buffer_pubkey = Pubkey::from_str(&buffer_pubkey_str).unwrap();
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_pubkey, CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, None);
} else {
panic!("not a buffer account");
}
}
#[test]
fn test_cli_program_set_buffer_authority() {
solana_logger::setup();
let mut pathbuf = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
pathbuf.push("tests");
pathbuf.push("fixtures");
pathbuf.push("noop");
pathbuf.set_extension("so");
let mint_keypair = Keypair::new();
let test_validator = TestValidator::with_no_fees(mint_keypair.pubkey());
let (sender, receiver) = channel();
run_local_faucet(mint_keypair, sender, None);
let faucet_addr = receiver.recv().unwrap();
let rpc_client = RpcClient::new(test_validator.rpc_url());
let mut file = File::open(pathbuf.to_str().unwrap()).unwrap();
let mut program_data = Vec::new();
file.read_to_end(&mut program_data).unwrap();
let max_len = program_data.len();
let minimum_balance_for_buffer = rpc_client
.get_minimum_balance_for_rent_exemption(
UpgradeableLoaderState::programdata_len(max_len).unwrap(),
)
.unwrap();
let mut config = CliConfig::recent_for_tests();
let keypair = Keypair::new();
config.json_rpc_url = test_validator.rpc_url();
config.signers = vec![&keypair];
config.command = CliCommand::Airdrop {
faucet_host: None,
faucet_port: faucet_addr.port(),
pubkey: None,
lamports: 100 * minimum_balance_for_buffer,
};
process_command(&config).unwrap();
// Write a buffer
let buffer_keypair = Keypair::new();
config.signers = vec![&keypair, &buffer_keypair];
config.command = CliCommand::Program(ProgramCliCommand::WriteBuffer {
program_location: pathbuf.to_str().unwrap().to_string(),
buffer_signer_index: Some(1),
buffer_pubkey: Some(buffer_keypair.pubkey()),
buffer_authority_signer_index: None,
is_final: false,
max_len: None,
});
process_command(&config).unwrap();
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_keypair.pubkey(), CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, Some(keypair.pubkey()));
} else {
panic!("not a buffer account");
}
// Set new authority
let new_buffer_authority = Keypair::new();
config.signers = vec![&keypair, &buffer_keypair];
config.command = CliCommand::Program(ProgramCliCommand::SetBufferAuthority {
buffer_pubkey: buffer_keypair.pubkey(),
buffer_authority_index: Some(0),
new_buffer_authority: Some(new_buffer_authority.pubkey()),
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let new_buffer_authority_str = json
.as_object()
.unwrap()
.get("Authority")
.unwrap()
.as_str()
.unwrap();
assert_eq!(
Pubkey::from_str(&new_buffer_authority_str).unwrap(),
new_buffer_authority.pubkey()
);
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_keypair.pubkey(), CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, Some(new_buffer_authority.pubkey()));
} else {
panic!("not a buffer account");
}
// Set authority to buffer
config.signers = vec![&keypair, &new_buffer_authority];
config.command = CliCommand::Program(ProgramCliCommand::SetBufferAuthority {
buffer_pubkey: buffer_keypair.pubkey(),
buffer_authority_index: Some(1),
new_buffer_authority: Some(buffer_keypair.pubkey()),
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let buffer_authority_str = json
.as_object()
.unwrap()
.get("Authority")
.unwrap()
.as_str()
.unwrap();
assert_eq!(
Pubkey::from_str(&buffer_authority_str).unwrap(),
buffer_keypair.pubkey()
);
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_keypair.pubkey(), CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, Some(buffer_keypair.pubkey()));
} else {
panic!("not a buffer account");
}
// Set authority to None
config.signers = vec![&keypair, &buffer_keypair];
config.command = CliCommand::Program(ProgramCliCommand::SetBufferAuthority {
buffer_pubkey: buffer_keypair.pubkey(),
buffer_authority_index: Some(1),
new_buffer_authority: None,
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let buffer_authority_str = json
.as_object()
.unwrap()
.get("Authority")
.unwrap()
.as_str()
.unwrap();
assert_eq!(buffer_authority_str, "None");
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_keypair.pubkey(), CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, None);
} else {
panic!("not a buffer account");
}
} }

448
programs/bpf_loader/src/lib.rs
View File

@ -128,28 +128,19 @@ pub fn create_and_cache_executor(
} }
fn write_program_data( fn write_program_data(
account: &KeyedAccount, data: &mut [u8],
offset: usize, offset: usize,
bytes: &[u8], bytes: &[u8],
invoke_context: &mut dyn InvokeContext, invoke_context: &mut dyn InvokeContext,
) -> Result<(), InstructionError> { ) -> Result<(), InstructionError> {
let logger = invoke_context.get_logger(); let logger = invoke_context.get_logger();
if account.signer_key().is_none() {
log!(logger, "Buffer account did not sign");
return Err(InstructionError::MissingRequiredSignature);
}
let len = bytes.len(); let len = bytes.len();
if account.data_len()? < offset + len { if data.len() < offset + len {
log!( log!(logger, "Write overflow: {} < {}", data.len(), offset + len);
logger,
"Write overflow: {} < {}",
account.data_len()?,
offset + len
);
return Err(InstructionError::AccountDataTooSmall); return Err(InstructionError::AccountDataTooSmall);
} }
account.try_account_ref_mut()?.data[offset..offset + len].copy_from_slice(&bytes); data[offset..offset + len].copy_from_slice(&bytes);
Ok(()) Ok(())
} }
@ -319,20 +310,41 @@ fn process_loader_upgradeable_instruction(
match limited_deserialize(instruction_data)? { match limited_deserialize(instruction_data)? {
UpgradeableLoaderInstruction::InitializeBuffer => { UpgradeableLoaderInstruction::InitializeBuffer => {
let buffer = next_keyed_account(account_iter)?; let buffer = next_keyed_account(account_iter)?;
let authority = next_keyed_account(account_iter)
.ok()
.map(|account| account.unsigned_key());
if UpgradeableLoaderState::Uninitialized != buffer.state()? { if UpgradeableLoaderState::Uninitialized != buffer.state()? {
log!(logger, "Buffer account already initialized"); log!(logger, "Buffer account already initialized");
return Err(InstructionError::AccountAlreadyInitialized); return Err(InstructionError::AccountAlreadyInitialized);
} }
buffer.set_state(&UpgradeableLoaderState::Buffer)?; buffer.set_state(&UpgradeableLoaderState::Buffer {
authority_address: authority.cloned(),
})?;
} }
UpgradeableLoaderInstruction::Write { offset, bytes } => { UpgradeableLoaderInstruction::Write { offset, bytes } => {
let buffer = next_keyed_account(account_iter)?; let buffer = next_keyed_account(account_iter)?;
if UpgradeableLoaderState::Buffer != buffer.state()? { let authority = next_keyed_account(account_iter)?;
if let UpgradeableLoaderState::Buffer { authority_address } = buffer.state()? {
if authority_address == None {
log!(logger, "Buffer is immutable");
return Err(InstructionError::Immutable); // TODO better error code
}
if authority_address != Some(*authority.unsigned_key()) {
log!(logger, "Incorrect buffer authority provided");
return Err(InstructionError::IncorrectAuthority);
}
if authority.signer_key().is_none() {
log!(logger, "Buffer authority did not sign");
return Err(InstructionError::MissingRequiredSignature);
}
} else {
log!(logger, "Invalid Buffer account"); log!(logger, "Invalid Buffer account");
return Err(InstructionError::InvalidAccountData); return Err(InstructionError::InvalidAccountData);
} }
write_program_data( write_program_data(
buffer, &mut buffer.try_account_ref_mut()?.data,
UpgradeableLoaderState::buffer_data_offset()? + offset as usize, UpgradeableLoaderState::buffer_data_offset()? + offset as usize,
&bytes, &bytes,
invoke_context, invoke_context,
@ -367,7 +379,11 @@ fn process_loader_upgradeable_instruction(
// Verify Buffer account // Verify Buffer account
if UpgradeableLoaderState::Buffer != buffer.state()? { if let UpgradeableLoaderState::Buffer {
authority_address: _,
} = buffer.state()?
{
} else {
log!(logger, "Invalid Buffer account"); log!(logger, "Invalid Buffer account");
return Err(InstructionError::InvalidArgument); return Err(InstructionError::InvalidArgument);
} }
@ -473,9 +489,13 @@ fn process_loader_upgradeable_instruction(
// Verify Buffer account // Verify Buffer account
if UpgradeableLoaderState::Buffer != buffer.state()? { if let UpgradeableLoaderState::Buffer {
authority_address: _,
} = buffer.state()?
{
} else {
log!(logger, "Invalid Buffer account"); log!(logger, "Invalid Buffer account");
return Err(InstructionError::InvalidAccountData); return Err(InstructionError::InvalidArgument);
} }
let buffer_data_offset = UpgradeableLoaderState::buffer_data_offset()?; let buffer_data_offset = UpgradeableLoaderState::buffer_data_offset()?;
@ -500,11 +520,11 @@ fn process_loader_upgradeable_instruction(
{ {
if upgrade_authority_address == None { if upgrade_authority_address == None {
log!(logger, "Program not upgradeable"); log!(logger, "Program not upgradeable");
return Err(InstructionError::InvalidArgument); return Err(InstructionError::Immutable);
} }
if upgrade_authority_address != Some(*authority.unsigned_key()) { if upgrade_authority_address != Some(*authority.unsigned_key()) {
log!(logger, "Upgrade authority not present"); log!(logger, "Incorrect upgrade authority provided");
return Err(InstructionError::MissingRequiredSignature); return Err(InstructionError::IncorrectAuthority);
} }
if authority.signer_key().is_none() { if authority.signer_key().is_none() {
log!(logger, "Upgrade authority did not sign"); log!(logger, "Upgrade authority did not sign");
@ -551,37 +571,56 @@ fn process_loader_upgradeable_instruction(
log!(logger, "Upgraded program {:?}", program.unsigned_key()); log!(logger, "Upgraded program {:?}", program.unsigned_key());
} }
UpgradeableLoaderInstruction::SetAuthority => { UpgradeableLoaderInstruction::SetAuthority => {
let programdata = next_keyed_account(account_iter)?; let account = next_keyed_account(account_iter)?;
let present_authority = next_keyed_account(account_iter)?; let present_authority = next_keyed_account(account_iter)?;
let new_authority = next_keyed_account(account_iter) let new_authority = next_keyed_account(account_iter)
.ok() .ok()
.map(|account| account.unsigned_key()); .map(|account| account.unsigned_key());
if let UpgradeableLoaderState::ProgramData { match account.state()? {
UpgradeableLoaderState::Buffer { authority_address } => {
if authority_address == None {
log!(logger, "Buffer is immutable");
return Err(InstructionError::Immutable);
}
if authority_address != Some(*present_authority.unsigned_key()) {
log!(logger, "Incorrect buffer authority provided");
return Err(InstructionError::IncorrectAuthority);
}
if present_authority.signer_key().is_none() {
log!(logger, "Buffer authority did not sign");
return Err(InstructionError::MissingRequiredSignature);
}
account.set_state(&UpgradeableLoaderState::Buffer {
authority_address: new_authority.cloned(),
})?;
}
UpgradeableLoaderState::ProgramData {
slot, slot,
upgrade_authority_address, upgrade_authority_address,
} = programdata.state()? } => {
{
if upgrade_authority_address == None { if upgrade_authority_address == None {
log!(logger, "Program not upgradeable"); log!(logger, "Program not upgradeable");
return Err(InstructionError::InvalidArgument); return Err(InstructionError::Immutable);
} }
if upgrade_authority_address != Some(*present_authority.unsigned_key()) { if upgrade_authority_address != Some(*present_authority.unsigned_key()) {
log!(logger, "Upgrade authority not present"); log!(logger, "Incorrect upgrade authority provided");
return Err(InstructionError::MissingRequiredSignature); return Err(InstructionError::IncorrectAuthority);
} }
if present_authority.signer_key().is_none() { if present_authority.signer_key().is_none() {
log!(logger, "Upgrade authority did not sign"); log!(logger, "Upgrade authority did not sign");
return Err(InstructionError::MissingRequiredSignature); return Err(InstructionError::MissingRequiredSignature);
} }
programdata.set_state(&UpgradeableLoaderState::ProgramData { account.set_state(&UpgradeableLoaderState::ProgramData {
slot, slot,
upgrade_authority_address: new_authority.cloned(), upgrade_authority_address: new_authority.cloned(),
})?; })?;
} else { }
log!(logger, "Not a ProgramData account"); _ => {
log!(logger, "Account does not support authorities");
return Err(InstructionError::InvalidAccountData); return Err(InstructionError::InvalidAccountData);
} }
}
log!(logger, "New authority {:?}", new_authority); log!(logger, "New authority {:?}", new_authority);
} }
@ -607,7 +646,16 @@ fn process_loader_instruction(
} }
match limited_deserialize(instruction_data)? { match limited_deserialize(instruction_data)? {
LoaderInstruction::Write { offset, bytes } => { LoaderInstruction::Write { offset, bytes } => {
write_program_data(program, offset as usize, &bytes, invoke_context)?; if program.signer_key().is_none() {
log!(logger, "Program account did not sign");
return Err(InstructionError::MissingRequiredSignature);
}
write_program_data(
&mut program.try_account_ref_mut()?.data,
offset as usize,
&bytes,
invoke_context,
)?;
} }
LoaderInstruction::Finalize => { LoaderInstruction::Finalize => {
if program.signer_key().is_none() { if program.signer_key().is_none() {
@ -1150,26 +1198,68 @@ mod tests {
Ok(()), Ok(()),
process_instruction( process_instruction(
&bpf_loader_upgradeable::id(), &bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, false, &buffer_account),], &[KeyedAccount::new(&buffer_address, false, &buffer_account)],
&instruction, &instruction,
&mut MockInvokeContext::default() &mut MockInvokeContext::default()
) )
); );
let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap(); let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap();
assert_eq!(state, UpgradeableLoaderState::Buffer); assert_eq!(
state,
UpgradeableLoaderState::Buffer {
authority_address: None
}
);
// Case: Already initialized // Case: Already initialized
assert_eq!( assert_eq!(
Err(InstructionError::AccountAlreadyInitialized), Err(InstructionError::AccountAlreadyInitialized),
process_instruction( process_instruction(
&bpf_loader_upgradeable::id(), &bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, false, &buffer_account),], &[KeyedAccount::new(&buffer_address, false, &buffer_account)],
&instruction, &instruction,
&mut MockInvokeContext::default() &mut MockInvokeContext::default()
) )
); );
let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap(); let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap();
assert_eq!(state, UpgradeableLoaderState::Buffer); assert_eq!(
state,
UpgradeableLoaderState::Buffer {
authority_address: None
}
);
// Case: With authority
let buffer_account = Account::new_ref(
1,
UpgradeableLoaderState::buffer_len(9).unwrap(),
&bpf_loader_upgradeable::id(),
);
let authority_address = Pubkey::new_unique();
let authority_account = Account::new_ref(
1,
UpgradeableLoaderState::buffer_len(9).unwrap(),
&bpf_loader_upgradeable::id(),
);
assert_eq!(
Ok(()),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&authority_address, false, &authority_account)
],
&instruction,
&mut MockInvokeContext::default()
)
);
let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap();
assert_eq!(
state,
UpgradeableLoaderState::Buffer {
authority_address: Some(authority_address)
}
);
} }
#[test] #[test]
@ -1191,7 +1281,10 @@ mod tests {
Err(InstructionError::InvalidAccountData), Err(InstructionError::InvalidAccountData),
process_instruction( process_instruction(
&bpf_loader_upgradeable::id(), &bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, true, &buffer_account),], &[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&buffer_address, true, &buffer_account)
],
&instruction, &instruction,
&mut MockInvokeContext::default() &mut MockInvokeContext::default()
) )
@ -1205,19 +1298,29 @@ mod tests {
.unwrap(); .unwrap();
buffer_account buffer_account
.borrow_mut() .borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer) .set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap(); .unwrap();
assert_eq!( assert_eq!(
Ok(()), Ok(()),
process_instruction( process_instruction(
&bpf_loader_upgradeable::id(), &bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, true, &buffer_account),], &[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&buffer_address, true, &buffer_account)
],
&instruction, &instruction,
&mut MockInvokeContext::default() &mut MockInvokeContext::default()
) )
); );
let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap(); let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap();
assert_eq!(state, UpgradeableLoaderState::Buffer); assert_eq!(
state,
UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address)
}
);
assert_eq!( assert_eq!(
&buffer_account.borrow().data[UpgradeableLoaderState::buffer_data_offset().unwrap()..], &buffer_account.borrow().data[UpgradeableLoaderState::buffer_data_offset().unwrap()..],
&[42; 9] &[42; 9]
@ -1236,19 +1339,29 @@ mod tests {
); );
buffer_account buffer_account
.borrow_mut() .borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer) .set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap(); .unwrap();
assert_eq!( assert_eq!(
Ok(()), Ok(()),
process_instruction( process_instruction(
&bpf_loader_upgradeable::id(), &bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, true, &buffer_account),], &[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&buffer_address, true, &buffer_account)
],
&instruction, &instruction,
&mut MockInvokeContext::default() &mut MockInvokeContext::default()
) )
); );
let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap(); let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap();
assert_eq!(state, UpgradeableLoaderState::Buffer); assert_eq!(
state,
UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address)
}
);
assert_eq!( assert_eq!(
&buffer_account.borrow().data[UpgradeableLoaderState::buffer_data_offset().unwrap()..], &buffer_account.borrow().data[UpgradeableLoaderState::buffer_data_offset().unwrap()..],
&[0, 0, 0, 42, 42, 42, 42, 42, 42] &[0, 0, 0, 42, 42, 42, 42, 42, 42]
@ -1262,13 +1375,18 @@ mod tests {
.unwrap(); .unwrap();
buffer_account buffer_account
.borrow_mut() .borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer) .set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap(); .unwrap();
assert_eq!( assert_eq!(
Err(InstructionError::MissingRequiredSignature), Err(InstructionError::MissingRequiredSignature),
process_instruction( process_instruction(
&bpf_loader_upgradeable::id(), &bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, false, &buffer_account),], &[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&buffer_address, false, &buffer_account)
],
&instruction, &instruction,
&mut MockInvokeContext::default() &mut MockInvokeContext::default()
) )
@ -1282,13 +1400,18 @@ mod tests {
.unwrap(); .unwrap();
buffer_account buffer_account
.borrow_mut() .borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer) .set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap(); .unwrap();
assert_eq!( assert_eq!(
Err(InstructionError::AccountDataTooSmall), Err(InstructionError::AccountDataTooSmall),
process_instruction( process_instruction(
&bpf_loader_upgradeable::id(), &bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, true, &buffer_account),], &[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&buffer_address, true, &buffer_account)
],
&instruction, &instruction,
&mut MockInvokeContext::default() &mut MockInvokeContext::default()
) )
@ -1302,13 +1425,44 @@ mod tests {
.unwrap(); .unwrap();
buffer_account buffer_account
.borrow_mut() .borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer) .set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap(); .unwrap();
assert_eq!( assert_eq!(
Err(InstructionError::AccountDataTooSmall), Err(InstructionError::AccountDataTooSmall),
process_instruction( process_instruction(
&bpf_loader_upgradeable::id(), &bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, true, &buffer_account),], &[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&buffer_address, true, &buffer_account)
],
&instruction,
&mut MockInvokeContext::default()
)
);
// Case: wrong authority
let authority_address = Pubkey::new_unique();
let instruction = bincode::serialize(&UpgradeableLoaderInstruction::Write {
offset: 1,
bytes: vec![42; 9],
})
.unwrap();
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap();
assert_eq!(
Err(InstructionError::IncorrectAuthority),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&authority_address, true, &buffer_account)
],
&instruction, &instruction,
&mut MockInvokeContext::default() &mut MockInvokeContext::default()
) )
@ -1349,7 +1503,9 @@ mod tests {
&bpf_loader_upgradeable::id(), &bpf_loader_upgradeable::id(),
); );
buffer_account buffer_account
.set_state(&UpgradeableLoaderState::Buffer) .set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap(); .unwrap();
buffer_account.data[UpgradeableLoaderState::buffer_data_offset().unwrap()..] buffer_account.data[UpgradeableLoaderState::buffer_data_offset().unwrap()..]
.copy_from_slice(&elf); .copy_from_slice(&elf);
@ -1771,6 +1927,7 @@ mod tests {
#[allow(clippy::type_complexity)] #[allow(clippy::type_complexity)]
fn get_accounts( fn get_accounts(
buffer_authority: &Pubkey,
programdata_address: &Pubkey, programdata_address: &Pubkey,
upgrade_authority_address: &Pubkey, upgrade_authority_address: &Pubkey,
slot: u64, slot: u64,
@ -1791,7 +1948,9 @@ mod tests {
); );
buffer_account buffer_account
.borrow_mut() .borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer) .set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(*buffer_authority),
})
.unwrap(); .unwrap();
buffer_account.borrow_mut().data buffer_account.borrow_mut().data
[UpgradeableLoaderState::buffer_data_offset().unwrap()..] [UpgradeableLoaderState::buffer_data_offset().unwrap()..]
@ -1832,6 +1991,7 @@ mod tests {
// Case: Success // Case: Success
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts( let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address, &programdata_address,
&upgrade_authority_address, &upgrade_authority_address,
slot, slot,
@ -1886,6 +2046,7 @@ mod tests {
// Case: not upgradable // Case: not upgradable
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts( let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address, &programdata_address,
&upgrade_authority_address, &upgrade_authority_address,
slot, slot,
@ -1902,7 +2063,7 @@ mod tests {
}) })
.unwrap(); .unwrap();
assert_eq!( assert_eq!(
Err(InstructionError::InvalidArgument), Err(InstructionError::Immutable),
process_instruction( process_instruction(
&bpf_loader_upgradeable::id(), &bpf_loader_upgradeable::id(),
&[ &[
@ -1925,6 +2086,7 @@ mod tests {
// Case: wrong authority // Case: wrong authority
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts( let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address, &programdata_address,
&upgrade_authority_address, &upgrade_authority_address,
slot, slot,
@ -1934,7 +2096,7 @@ mod tests {
min_programdata_balance, min_programdata_balance,
); );
assert_eq!( assert_eq!(
Err(InstructionError::MissingRequiredSignature), Err(InstructionError::IncorrectAuthority),
process_instruction( process_instruction(
&bpf_loader_upgradeable::id(), &bpf_loader_upgradeable::id(),
&[ &[
@ -1957,6 +2119,7 @@ mod tests {
// Case: authority did not sign // Case: authority did not sign
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts( let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address, &programdata_address,
&upgrade_authority_address, &upgrade_authority_address,
slot, slot,
@ -1989,6 +2152,7 @@ mod tests {
// Case: Program account not executable // Case: Program account not executable
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts( let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address, &programdata_address,
&upgrade_authority_address, &upgrade_authority_address,
slot, slot,
@ -2022,6 +2186,7 @@ mod tests {
// Case: Program account now owned by loader // Case: Program account now owned by loader
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts( let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address, &programdata_address,
&upgrade_authority_address, &upgrade_authority_address,
slot, slot,
@ -2055,6 +2220,7 @@ mod tests {
// Case: Program account not initialized // Case: Program account not initialized
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts( let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address, &programdata_address,
&upgrade_authority_address, &upgrade_authority_address,
slot, slot,
@ -2091,6 +2257,7 @@ mod tests {
// Case: ProgramData account not initialized // Case: ProgramData account not initialized
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts( let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address, &programdata_address,
&upgrade_authority_address, &upgrade_authority_address,
slot, slot,
@ -2127,6 +2294,7 @@ mod tests {
// Case: Program ProgramData account mismatch // Case: Program ProgramData account mismatch
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts( let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address, &programdata_address,
&upgrade_authority_address, &upgrade_authority_address,
slot, slot,
@ -2159,6 +2327,7 @@ mod tests {
// Case: Buffer account not initialized // Case: Buffer account not initialized
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts( let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address, &programdata_address,
&upgrade_authority_address, &upgrade_authority_address,
slot, slot,
@ -2172,7 +2341,7 @@ mod tests {
.set_state(&UpgradeableLoaderState::Uninitialized) .set_state(&UpgradeableLoaderState::Uninitialized)
.unwrap(); .unwrap();
assert_eq!( assert_eq!(
Err(InstructionError::InvalidAccountData), Err(InstructionError::InvalidArgument),
process_instruction( process_instruction(
&bpf_loader_upgradeable::id(), &bpf_loader_upgradeable::id(),
&[ &[
@ -2195,6 +2364,7 @@ mod tests {
// Case: Buffer account too big // Case: Buffer account too big
let (_, program_account, programdata_account, spill_account) = get_accounts( let (_, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address, &programdata_address,
&upgrade_authority_address, &upgrade_authority_address,
slot, slot,
@ -2210,7 +2380,9 @@ mod tests {
); );
buffer_account buffer_account
.borrow_mut() .borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer) .set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap(); .unwrap();
assert_eq!( assert_eq!(
Err(InstructionError::AccountDataTooSmall), Err(InstructionError::AccountDataTooSmall),
@ -2236,6 +2408,7 @@ mod tests {
// Case: bad elf data // Case: bad elf data
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts( let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address, &programdata_address,
&upgrade_authority_address, &upgrade_authority_address,
slot, slot,
@ -2391,7 +2564,7 @@ mod tests {
}) })
.unwrap(); .unwrap();
assert_eq!( assert_eq!(
Err(InstructionError::MissingRequiredSignature), Err(InstructionError::IncorrectAuthority),
process_instruction( process_instruction(
&bpf_loader_upgradeable::id(), &bpf_loader_upgradeable::id(),
&[ &[
@ -2421,7 +2594,7 @@ mod tests {
}) })
.unwrap(); .unwrap();
assert_eq!( assert_eq!(
Err(InstructionError::InvalidArgument), Err(InstructionError::Immutable),
process_instruction( process_instruction(
&bpf_loader_upgradeable::id(), &bpf_loader_upgradeable::id(),
&[ &[
@ -2462,6 +2635,165 @@ mod tests {
); );
} }
#[test]
fn test_bpf_loader_upgradeable_set_buffer_authority() {
let instruction = bincode::serialize(&UpgradeableLoaderInstruction::SetAuthority).unwrap();
let authority_address = Pubkey::new_unique();
let authority_account = Account::new_ref(1, 0, &Pubkey::new_unique());
let new_authority_address = Pubkey::new_unique();
let new_authority_account = Account::new_ref(1, 0, &Pubkey::new_unique());
let buffer_address = Pubkey::new_unique();
let buffer_account = Account::new_ref(
1,
UpgradeableLoaderState::buffer_len(0).unwrap(),
&bpf_loader_upgradeable::id(),
);
// Case: Set to new authority
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(authority_address),
})
.unwrap();
assert_eq!(
Ok(()),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new_readonly(&authority_address, true, &authority_account),
KeyedAccount::new_readonly(
&new_authority_address,
false,
&new_authority_account
)
],
&instruction,
&mut MockInvokeContext::default()
)
);
let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap();
assert_eq!(
state,
UpgradeableLoaderState::Buffer {
authority_address: Some(new_authority_address),
}
);
// Case: Not upgradeable
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(authority_address),
})
.unwrap();
assert_eq!(
Ok(()),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new_readonly(&authority_address, true, &authority_account)
],
&instruction,
&mut MockInvokeContext::default()
)
);
let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap();
assert_eq!(
state,
UpgradeableLoaderState::Buffer {
authority_address: None,
}
);
// Case: Authority did not sign
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(authority_address),
})
.unwrap();
assert_eq!(
Err(InstructionError::MissingRequiredSignature),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new_readonly(&authority_address, false, &authority_account),
],
&instruction,
&mut MockInvokeContext::default()
)
);
// Case: wrong authority
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(authority_address),
})
.unwrap();
assert_eq!(
Err(InstructionError::IncorrectAuthority),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new_readonly(&Pubkey::new_unique(), true, &authority_account),
KeyedAccount::new_readonly(
&new_authority_address,
false,
&new_authority_account
)
],
&instruction,
&mut MockInvokeContext::default()
)
);
// Case: No authority
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: None,
})
.unwrap();
assert_eq!(
Err(InstructionError::Immutable),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new_readonly(&Pubkey::new_unique(), true, &authority_account),
],
&bincode::serialize(&UpgradeableLoaderInstruction::SetAuthority).unwrap(),
&mut MockInvokeContext::default()
)
);
// Case: Not a Buffer account
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Program {
programdata_address: Pubkey::new_unique(),
})
.unwrap();
assert_eq!(
Err(InstructionError::InvalidAccountData),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new_readonly(&Pubkey::new_unique(), true, &authority_account),
],
&bincode::serialize(&UpgradeableLoaderInstruction::SetAuthority).unwrap(),
&mut MockInvokeContext::default()
)
);
}
/// fuzzing utility function /// fuzzing utility function
fn fuzz<F>( fn fuzz<F>(
bytes: &[u8], bytes: &[u8],

2
runtime/src/bank.rs
View File

@ -92,7 +92,7 @@ pub const SECONDS_PER_YEAR: f64 = 365.25 * 24.0 * 60.0 * 60.0;
pub const MAX_LEADER_SCHEDULE_STAKES: Epoch = 5; pub const MAX_LEADER_SCHEDULE_STAKES: Epoch = 5;
type BankStatusCache = StatusCache<Result<()>>; type BankStatusCache = StatusCache<Result<()>>;
#[frozen_abi(digest = "GSPuprru1pomsgvopKG7XRWiXdqdXJdLPkgJ2arPbkXM")] #[frozen_abi(digest = "MUmkgPsCRrWL2HEsMEvpkWMis35kbBnaEZtrph5P6bk")]
pub type BankSlotDelta = SlotDelta<Result<()>>; pub type BankSlotDelta = SlotDelta<Result<()>>;
type TransactionAccountRefCells = Vec<Rc<RefCell<Account>>>; type TransactionAccountRefCells = Vec<Rc<RefCell<Account>>>;
type TransactionAccountDepRefCells = Vec<(Pubkey, RefCell<Account>)>; type TransactionAccountDepRefCells = Vec<(Pubkey, RefCell<Account>)>;

4
runtime/src/loader_utils.rs
View File

@ -69,6 +69,7 @@ pub fn load_buffer_account<T: Client>(
&bpf_loader_upgradeable::create_buffer( &bpf_loader_upgradeable::create_buffer(
&from_keypair.pubkey(), &from_keypair.pubkey(),
&buffer_pubkey, &buffer_pubkey,
Some(&buffer_pubkey),
1.max( 1.max(
bank_client bank_client
.get_minimum_balance_for_rent_exemption(program.len()) .get_minimum_balance_for_rent_exemption(program.len())
@ -88,6 +89,7 @@ pub fn load_buffer_account<T: Client>(
let message = Message::new( let message = Message::new(
&[bpf_loader_upgradeable::write( &[bpf_loader_upgradeable::write(
&buffer_pubkey, &buffer_pubkey,
None,
offset, offset,
chunk.to_vec(), chunk.to_vec(),
)], )],
@ -168,7 +170,7 @@ pub fn set_upgrade_authority<T: Client>(
new_authority_pubkey: Option<&Pubkey>, new_authority_pubkey: Option<&Pubkey>,
) { ) {
let message = Message::new( let message = Message::new(
&[bpf_loader_upgradeable::set_authority( &[bpf_loader_upgradeable::set_upgrade_authority(
program_pubkey, program_pubkey,
&current_authority_keypair.pubkey(), &current_authority_keypair.pubkey(),
new_authority_pubkey, new_authority_pubkey,

56
sdk/program/src/bpf_loader_upgradeable.rs
View File

@ -24,7 +24,12 @@ pub enum UpgradeableLoaderState {
/// Account is not initialized. /// Account is not initialized.
Uninitialized, Uninitialized,
/// A Buffer account. /// A Buffer account.
Buffer, Buffer {
/// Authority address
authority_address: Option<Pubkey>,
// The raw program data follows this serialized structure in the
// account's data.
},
/// An Program account. /// An Program account.
Program { Program {
/// Address of the ProgramData account. /// Address of the ProgramData account.
@ -43,7 +48,9 @@ pub enum UpgradeableLoaderState {
impl UpgradeableLoaderState { impl UpgradeableLoaderState {
/// Length of an buffer account's data. /// Length of an buffer account's data.
pub fn buffer_len(program_len: usize) -> Result<usize, InstructionError> { pub fn buffer_len(program_len: usize) -> Result<usize, InstructionError> {
Ok(serialized_size(&Self::Buffer) Ok(serialized_size(&Self::Buffer {
authority_address: Some(Pubkey::default()),
})
.map(|len| len as usize) .map(|len| len as usize)
.map_err(|_| InstructionError::InvalidInstructionData)? .map_err(|_| InstructionError::InvalidInstructionData)?
+ program_len) + program_len)
@ -80,9 +87,14 @@ impl UpgradeableLoaderState {
pub fn create_buffer( pub fn create_buffer(
payer_address: &Pubkey, payer_address: &Pubkey,
buffer_address: &Pubkey, buffer_address: &Pubkey,
authority_address: Option<&Pubkey>,
lamports: u64, lamports: u64,
program_len: usize, program_len: usize,
) -> Result<Vec<Instruction>, InstructionError> { ) -> Result<Vec<Instruction>, InstructionError> {
let mut metas = vec![AccountMeta::new(*buffer_address, false)];
if let Some(authority_address) = authority_address {
metas.push(AccountMeta::new(*authority_address, false));
}
Ok(vec![ Ok(vec![
system_instruction::create_account( system_instruction::create_account(
payer_address, payer_address,
@ -91,21 +103,29 @@ pub fn create_buffer(
UpgradeableLoaderState::buffer_len(program_len)? as u64, UpgradeableLoaderState::buffer_len(program_len)? as u64,
&id(), &id(),
), ),
Instruction::new( Instruction::new(id(), &UpgradeableLoaderInstruction::InitializeBuffer, metas),
id(),
&UpgradeableLoaderInstruction::InitializeBuffer,
vec![AccountMeta::new(*buffer_address, false)],
),
]) ])
} }
/// Returns the instructions required to write a chunk of program data to a /// Returns the instructions required to write a chunk of program data to a
/// buffer account. /// buffer account.
pub fn write(buffer_address: &Pubkey, offset: u32, bytes: Vec<u8>) -> Instruction { pub fn write(
buffer_address: &Pubkey,
authority_address: Option<&Pubkey>,
offset: u32,
bytes: Vec<u8>,
) -> Instruction {
let mut metas = vec![
AccountMeta::new(*buffer_address, false),
AccountMeta::new(*buffer_address, true),
];
if let Some(authority_address) = authority_address {
metas[1] = AccountMeta::new(*authority_address, true);
}
Instruction::new( Instruction::new(
id(), id(),
&UpgradeableLoaderInstruction::Write { offset, bytes }, &UpgradeableLoaderInstruction::Write { offset, bytes },
vec![AccountMeta::new(*buffer_address, true)], metas,
) )
} }
@ -176,8 +196,24 @@ pub fn is_upgrade_instruction(instruction_data: &[u8]) -> bool {
3 == instruction_data[0] 3 == instruction_data[0]
} }
/// Returns the instructions required to set a buffers's authority.
pub fn set_buffer_authority(
buffer_address: &Pubkey,
current_authority_address: &Pubkey,
new_authority_address: Option<&Pubkey>,
) -> Instruction {
let mut metas = vec![
AccountMeta::new(*buffer_address, false),
AccountMeta::new_readonly(*current_authority_address, true),
];
if let Some(address) = new_authority_address {
metas.push(AccountMeta::new_readonly(*address, false));
}
Instruction::new(id(), &UpgradeableLoaderInstruction::SetAuthority, metas)
}
/// Returns the instructions required to set a program's authority. /// Returns the instructions required to set a program's authority.
pub fn set_authority( pub fn set_upgrade_authority(
program_address: &Pubkey, program_address: &Pubkey,
current_authority_address: &Pubkey, current_authority_address: &Pubkey,
new_authority_address: Option<&Pubkey>, new_authority_address: Option<&Pubkey>,

6
sdk/program/src/instruction.rs
View File

@ -180,6 +180,12 @@ pub enum InstructionError {
#[error("Program failed to compile")] #[error("Program failed to compile")]
ProgramFailedToCompile, ProgramFailedToCompile,
#[error("Account is immutable")]
Immutable,
#[error("Incorrect authority provided")]
IncorrectAuthority,
} }
#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)] #[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]

13
sdk/program/src/loader_upgradeable_instruction.rs
View File

@ -16,12 +16,15 @@ pub enum UpgradeableLoaderInstruction {
/// ///
/// # Account references /// # Account references
/// 0. [writable] source account to initialize. /// 0. [writable] source account to initialize.
/// 1. [] Buffer authority, optional, if omitted then the buffer will be
/// immutable.
InitializeBuffer, InitializeBuffer,
/// Write program data into a Buffer account. /// Write program data into a Buffer account.
/// ///
/// # Account references /// # Account references
/// 0. [writable, signer] Buffer account to write program data to. /// 0. [writable] Buffer account to write program data to.
/// 1. [signer] Buffer authority
Write { Write {
/// Offset at which to write the given bytes. /// Offset at which to write the given bytes.
offset: u32, offset: u32,
@ -92,11 +95,13 @@ pub enum UpgradeableLoaderInstruction {
/// 6. [signer] The program's authority. /// 6. [signer] The program's authority.
Upgrade, Upgrade,
/// Set a new authority that is allowed to upgrade the program. To /// Set a new authority that is allowed to write the buffer or upgrade the
/// permanently disable program updates omit the new authority. /// program. To permanently make the buffer immutable or disable program
/// updates omit the new authority.
/// ///
/// # Account references /// # Account references
/// 0. `[writable]` The ProgramData account to change the authority of. /// 0. `[writable]` The Buffer or ProgramData account to change the
/// authority of.
/// 1. `[signer]` The current authority. /// 1. `[signer]` The current authority.
/// 2. `[]` The new authority, optional, if omitted then the program will /// 2. `[]` The new authority, optional, if omitted then the program will
/// not be upgradeable. /// not be upgradeable.