* AccountSharedData: make data_mut() private
This ensures that the inner Vec is never handed out. This is in
preparation of enforcing that the capacity of the inner vec never
shrinks, which is required for direct mapping.
* Adds the feature bpf_account_data_direct_mapping.
* Remaps EbpfError::AccessViolation into InstructionError::ReadonlyDataModified.
* WIP: Memory regions for each instruction account in create_vm().
* Fix serialization benches, run both copy and !copy variants
* rbpf-cli: fix build
* BorrowedAccount: ensure that account capacity is never reduced
Accounts can be directly mapped in address space. Their capacity can't
be reduced mid transaction as that would create holes in vm address
space that point to invalid host memory.
* bpf_load: run serialization tests for both copy and !copy account data
* bpf_loader: add Serializer::write_account
* fix lints
* BorrowedAccount: make_data_mut is host only
* Fix unused import warning
* Fix lints
* cpi: add explicit direct_mapping arg to update_(callee|caller)_account
* cpi: rename account_data_or_only_realloc_padding to serialized_data
* cpi: add CallerAccount::original_data_len comment
* cpi: add update_callee_account direct_mapping test
* cpi: add test_update_caller_account_data_direct_mapping and fix bug
We used to have a bug in zeroing data when shrinking account, where we zeroed
the spare account capacity but not the realloc padding.
* cpi: add tests for mutated readonly accounts
* cpi: update_caller_account doesn't need to change .serialized_data when direct_mapping is on
* cpi: update_caller_account: ensure that account capacity is always enough
Introduce a better way to ensure that account capacity never goes below what
might be mapped in memory regions.
* cpi: zero account capacity using the newly introduced BorrowedAccount::spare_data_capacity_mut()
Before we were using BorrowedAccount::get_data_mut() to get the base pointer to
the account data, then we were slicing the spare capacity from it. Calling
get_data_mut() doesn't work if an account has been closed tho, since the
current program doesn't own the account anymore and therefore get_data_mut()
errors out.
* bpf_loader: fix same lint for the umpteenth time
* bpf_loader: map AccessViolation to ReadonlyDataModified only for account region violations
* programs/sbf: realloc: add test for large write after realloc
Add a test that after a realloc does a large write that spans the
original account length and the realloc area. This ensures that memory
mapping works correctly across the boundary.
* programs/sbf: run test_program_sbf_realloc with both direct_mapping on and off
By default test banks test with all features on. This ensures we keep
testing the existing code until the new feature is enabled.
* bpf_loader: tweak memcmp syscall
Split the actual memcmp code in a separate function. Remove check
indexing the slices since the slices are guaranteed to have the correct
length by construction.
* bpf_loader: tweak the memset syscall
Use slice::fill, which is effectively memset.
* bpf_loader: syscalls: update mem syscalls to work with non contiguous memory
With direct mapping enabled, accounts can now span multiple memory
regions.
* fix lint, rebase mem_ops
* Implement CoW for writable accounts
* Fix CI
* Move CoW to the MemoryMapping level
* Update after rbpf API change
* Fix merge screwup
* Add create_vm macro. Fix benches.
* cpi: simplify update_caller_account
Simplify the logic to update a caller's memory region when a callee
causes an account data pointer to change (eg during CoW)
* benches/bpf_loader: move serialization out of create_vm bench
* benches/bpf_loader: don't copy accounts when direct mapping is on
* Fix review nits
* bpf_loader: mem_ops: handle u64 overflow in MemoryChunkIterator::new
When starting at u64::MAX, the chunk iterator would always return the
empty sequence (None on the first next()) call, instead of returning a
memory access violation.
Use checked instead of saturating arithmetic to detect the condition and
error out.
This commit also adds more tests around boundary conditions.
* Fix loader-v3 tests: data_mut => data_as_mut_slice
* Fix CI
* bpf_loader: fix tuner bench: account must be writable
With direct mapping on, invalid writes are caught early meaning the
tuner would fail on the first store and not consume the whole budget
like the benchmark expects.
---------
Co-authored-by: Alexander Meißner <AlexanderMeissner@gmx.net>
Add new vote state version that replaces Lockout with LandedVote to allow vote latency to be tracked in a future change.
Includes a feature to be enabled which will when enabled cause the vote state to be written in the new form.
* Adds the feature gate stop_truncating_strings_in_syscalls.
* Removes the truncation of everything after the first NULL byte in translate_string_and_do().
* add feature gate
* builtins consume statically defined units at beginning of process_instruction()
* Add new instructionError; return error if builtin did not consume units to enforce builtin to consume units;
* updated related tests
* updated ProgramTest with deactivated native_programs_consume_cu feature to continue support existing mock/test programs that do not consume units
* include loaded accounts data size limit in transaction base fee calculation
* citing compute_budget for heap cost;
* update sbf tests
Co-authored-by: Trent Nelson <trent.a.b.nelson@gmail.com>
* Add new vote state version that replaces Lockout with LandedVote to allow vote latency to be tracked in a future change. Includes a feature to be enabled which will when enabled cause the vote state to be written in the new form.
* Update feature set key to one owned by ashwin
---------
Co-authored-by: Ashwin Sekar <ashwin@solana.com>
* Use three separate HashMaps instead of the enum TxBankExecutorCacheDiff.
* Replaces all places which deploy programs by a macro.
* Adds a feature gate.
* Adjust tests.
* Makes undeployment visible immediately.
* check android builds
* feature: set rent_epoch to Epoch::MAX
* tweaks
* Update runtime/src/rent_collector.rs
Co-authored-by: Brooks Prumo <brooks@prumo.org>
* simplify changes to tests
* back out some test changes
* calculate_rent_result passes through Exempt
* move calc outside loop
* if rent epoch is already max, use 'NoRentCollectionNow'
Co-authored-by: Brooks Prumo <brooks@prumo.org>
The commit allocates 2% of slots to running experiments with different
turbine fanouts based on the slot number.
The experiment is feature gated with an additional feature to disable
the experiment.
* vote: Prevent commission update in the second half of epochs
* Address feedback
* Fix tests
* Make the feature enabled by single-contributor
* Use a cooler pubkey
* Registers the feature enable_program_redeployment_cooldown.
* Adds redeployment slot constraint.
* Adds test to assert that closed programs can not be reopened.
* Ensure that program close truncates the account data.
* Adds set_sysvar_for_tests() to SBF program tests.
- Add new compute-budget instruction to set transaction-wide accounts data size limit
- Set default accounts data limit to 10MB, and max to 100MB, per transaction;
- Add getters to make changing default and/or max values easier in the future with feature gates;
- added error counter for transactions exceed data size limit
* SetAuthorityChecked
* restore old logic for loader
* add more upgrade authority checked test cases
* setBufferAuthority checked tests
* format
* add set_buffer_authority_checked instruction to sdk
* Update transaction-status/src/parse_bpf_loader.rs
Co-authored-by: Justin Starry <justin.m.starry@gmail.com>
* add is_set_authority_checked function
* fix set_buffer_authority_checked sdk instruction
* feature gate setAuthorityChecked
* add bpf loader tests for setAuthorityChecked ixs
* test that you can set to same authority
* allow set_authority_checked to be called via cpi (if feature is enabled)
* fix ci
* fmt
Co-authored-by: Justin Starry <justin.m.starry@gmail.com>
Co-authored-by: Justin Starry <justin@solana.com>
* Extends is_nonoverlapping() to be able to deal with two different lengths.
* Uses is_nonoverlapping() for syscall output parameters.
* Feature gates the new throws of SyscallError::CopyOverlapping.
* Adds tests which trigger SyscallError::CopyOverlapping.
* add Eq, PartialEq to EpochInfo
* add Eq, PartialEq related to transactions and messages
* add Eq, PartialEq to Ed25519SignatureOffsets
* add Eq, PartialEq to FeatureSet
* add Eq, PartialEq to fee.rs
* add Eq, PartialEq to GenesisConfig
* don't add Eq to GenesisConfig because floats
* add Eq, PartialEq to PohConfig
* add Eq, PartialEq to SecpSignatureOffsets
* add some missing derives to transaction_context.rs
* add Eq, PartialEq to ProcessedSiblingInstruction