blockworks-foundation
/
solana
mirror of https://github.com/blockworks-foundation/solana.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add buffer authority to upgradeable loader (#14482)

This commit is contained in:
Jack May 2021-01-08 09:37:57 -08:00 committed by GitHub
parent 30038a8849
commit 58487c6360
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 2166 additions and 588 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cli/src/cli.rs
View File

@ -2665,7 +2665,7 @@ mod tests {
let program_id = json
.as_object()
.unwrap()
.get("programId")
.get("ProgramId")
.unwrap()
.as_str()
.unwrap();

1660
cli/src/program.rs
View File

File diff suppressed because it is too large Load Diff

529
cli/tests/program.rs
View File

@ -7,6 +7,7 @@ use solana_client::rpc_client::RpcClient;
use solana_core::test_validator::TestValidator;
use solana_faucet::faucet::run_local_faucet;
use solana_sdk::{
account_utils::StateMut,
bpf_loader,
bpf_loader_upgradeable::{self, UpgradeableLoaderState},
commitment_config::CommitmentConfig,
@ -64,7 +65,7 @@ fn test_cli_program_deploy_non_upgradeable() {
let program_id_str = json
.as_object()
.unwrap()
.get("programId")
.get("ProgramId")
.unwrap()
.as_str()
.unwrap();
@ -191,13 +192,15 @@ fn test_cli_program_deploy_no_authority() {
// Deploy a program with no authority
config.signers = vec![&keypair];
config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: pathbuf.to_str().unwrap().to_string(),
program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: None,
program_pubkey: None,
buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false,
upgrade_authority_signer_index: None,
upgrade_authority_pubkey: None,
is_final: false,
max_len: None,
});
let response = process_command(&config);
@ -205,7 +208,7 @@ fn test_cli_program_deploy_no_authority() {
let program_id_str = json
.as_object()
.unwrap()
.get("programId")
.get("ProgramId")
.unwrap()
.as_str()
.unwrap();
@ -214,13 +217,15 @@ fn test_cli_program_deploy_no_authority() {
// Attempt to upgrade the program
config.signers = vec![&keypair, &upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: pathbuf.to_str().unwrap().to_string(),
program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: None,
program_pubkey: Some(program_id),
buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false,
upgrade_authority_signer_index: Some(1),
upgrade_authority_pubkey: Some(upgrade_authority.pubkey()),
is_final: false,
max_len: None,
});
process_command(&config).unwrap_err();
@ -275,27 +280,29 @@ fn test_cli_program_deploy_with_authority() {
let program_keypair = Keypair::new();
config.signers = vec![&keypair, &upgrade_authority, &program_keypair];
config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: pathbuf.to_str().unwrap().to_string(),
program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: Some(2),
program_pubkey: Some(program_keypair.pubkey()),
buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false,
upgrade_authority_signer_index: Some(1),
upgrade_authority_pubkey: Some(upgrade_authority.pubkey()),
is_final: false,
max_len: Some(max_len),
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let program_id_str = json
let program_pubkey_str = json
.as_object()
.unwrap()
.get("programId")
.get("ProgramId")
.unwrap()
.as_str()
.unwrap();
assert_eq!(
program_keypair.pubkey(),
Pubkey::from_str(&program_id_str).unwrap()
Pubkey::from_str(&program_pubkey_str).unwrap()
);
let program_account = rpc_client
.get_account_with_commitment(&program_keypair.pubkey(), CommitmentConfig::recent())
@ -328,27 +335,29 @@ fn test_cli_program_deploy_with_authority() {
// Deploy the upgradeable program
config.signers = vec![&keypair, &upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: pathbuf.to_str().unwrap().to_string(),
program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: None,
program_pubkey: None,
buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false,
upgrade_authority_signer_index: Some(1),
upgrade_authority_pubkey: Some(upgrade_authority.pubkey()),
is_final: false,
max_len: Some(max_len),
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let program_id_str = json
let program_pubkey_str = json
.as_object()
.unwrap()
.get("programId")
.get("ProgramId")
.unwrap()
.as_str()
.unwrap();
let program_id = Pubkey::from_str(&program_id_str).unwrap();
let program_pubkey = Pubkey::from_str(&program_pubkey_str).unwrap();
let program_account = rpc_client
.get_account_with_commitment(&program_id, CommitmentConfig::recent())
.get_account_with_commitment(&program_pubkey, CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
@ -356,7 +365,7 @@ fn test_cli_program_deploy_with_authority() {
assert_eq!(program_account.owner, bpf_loader_upgradeable::id());
assert_eq!(program_account.executable, true);
let (programdata_pubkey, _) =
Pubkey::find_program_address(&[program_id.as_ref()], &bpf_loader_upgradeable::id());
Pubkey::find_program_address(&[program_pubkey.as_ref()], &bpf_loader_upgradeable::id());
let programdata_account = rpc_client
.get_account_with_commitment(&programdata_pubkey, CommitmentConfig::recent())
.unwrap()
@ -376,27 +385,20 @@ fn test_cli_program_deploy_with_authority() {
// Upgrade the program
config.signers = vec![&keypair, &upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: pathbuf.to_str().unwrap().to_string(),
program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: None,
program_pubkey: Some(program_id),
program_pubkey: Some(program_pubkey),
buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false,
upgrade_authority_signer_index: Some(1),
upgrade_authority_pubkey: Some(upgrade_authority.pubkey()),
is_final: false,
max_len: Some(max_len),
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let program_id_str = json
.as_object()
.unwrap()
.get("programId")
.unwrap()
.as_str()
.unwrap();
let program_id = Pubkey::from_str(&program_id_str).unwrap();
process_command(&config).unwrap();
let program_account = rpc_client
.get_account_with_commitment(&program_id, CommitmentConfig::recent())
.get_account_with_commitment(&program_pubkey, CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
@ -404,7 +406,7 @@ fn test_cli_program_deploy_with_authority() {
assert_eq!(program_account.owner, bpf_loader_upgradeable::id());
assert_eq!(program_account.executable, true);
let (programdata_pubkey, _) =
Pubkey::find_program_address(&[program_id.as_ref()], &bpf_loader_upgradeable::id());
Pubkey::find_program_address(&[program_pubkey.as_ref()], &bpf_loader_upgradeable::id());
let programdata_account = rpc_client
.get_account_with_commitment(&programdata_pubkey, CommitmentConfig::recent())
.unwrap()
@ -425,7 +427,7 @@ fn test_cli_program_deploy_with_authority() {
let new_upgrade_authority = Keypair::new();
config.signers = vec![&keypair, &upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::SetUpgradeAuthority {
program: program_id,
program_pubkey,
upgrade_authority_index: Some(1),
new_upgrade_authority: Some(new_upgrade_authority.pubkey()),
});
@ -434,7 +436,7 @@ fn test_cli_program_deploy_with_authority() {
let new_upgrade_authority_str = json
.as_object()
.unwrap()
.get("UpgradeAuthority")
.get("Authority")
.unwrap()
.as_str()
.unwrap();
@ -446,27 +448,20 @@ fn test_cli_program_deploy_with_authority() {
// Upgrade with new authority
config.signers = vec![&keypair, &new_upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: pathbuf.to_str().unwrap().to_string(),
program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: None,
program_pubkey: Some(program_id),
program_pubkey: Some(program_pubkey),
buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false,
upgrade_authority_signer_index: Some(1),
upgrade_authority_pubkey: Some(new_upgrade_authority.pubkey()),
is_final: false,
max_len: None,
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let program_id_str = json
.as_object()
.unwrap()
.get("programId")
.unwrap()
.as_str()
.unwrap();
let program_id = Pubkey::from_str(&program_id_str).unwrap();
process_command(&config).unwrap();
let program_account = rpc_client
.get_account_with_commitment(&program_id, CommitmentConfig::recent())
.get_account_with_commitment(&program_pubkey, CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
@ -474,7 +469,7 @@ fn test_cli_program_deploy_with_authority() {
assert_eq!(program_account.owner, bpf_loader_upgradeable::id());
assert_eq!(program_account.executable, true);
let (programdata_pubkey, _) =
Pubkey::find_program_address(&[program_id.as_ref()], &bpf_loader_upgradeable::id());
Pubkey::find_program_address(&[program_pubkey.as_ref()], &bpf_loader_upgradeable::id());
let programdata_account = rpc_client
.get_account_with_commitment(&programdata_pubkey, CommitmentConfig::recent())
.unwrap()
@ -494,7 +489,7 @@ fn test_cli_program_deploy_with_authority() {
// Set no authority
config.signers = vec![&keypair, &new_upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::SetUpgradeAuthority {
program: program_id,
program_pubkey,
upgrade_authority_index: Some(1),
new_upgrade_authority: None,
});
@ -503,7 +498,7 @@ fn test_cli_program_deploy_with_authority() {
let new_upgrade_authority_str = json
.as_object()
.unwrap()
.get("UpgradeAuthority")
.get("Authority")
.unwrap()
.as_str()
.unwrap();
@ -512,14 +507,452 @@ fn test_cli_program_deploy_with_authority() {
// Upgrade with no authority
config.signers = vec![&keypair, &new_upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: pathbuf.to_str().unwrap().to_string(),
program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: None,
program_pubkey: Some(program_id),
program_pubkey: Some(program_pubkey),
buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false,
upgrade_authority_signer_index: Some(1),
upgrade_authority_pubkey: Some(new_upgrade_authority.pubkey()),
is_final: false,
max_len: None,
});
process_command(&config).unwrap_err();
// deploy with finality
config.signers = vec![&keypair, &new_upgrade_authority];
config.command = CliCommand::Program(ProgramCliCommand::Deploy {
program_location: Some(pathbuf.to_str().unwrap().to_string()),
program_signer_index: None,
program_pubkey: None,
buffer_signer_index: None,
buffer_pubkey: None,
allow_excessive_balance: false,
upgrade_authority_signer_index: Some(1),
upgrade_authority_pubkey: Some(new_upgrade_authority.pubkey()),
is_final: true,
max_len: None,
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let program_pubkey_str = json
.as_object()
.unwrap()
.get("ProgramId")
.unwrap()
.as_str()
.unwrap();
let program_pubkey = Pubkey::from_str(&program_pubkey_str).unwrap();
let (programdata_pubkey, _) =
Pubkey::find_program_address(&[program_pubkey.as_ref()], &bpf_loader_upgradeable::id());
let programdata_account = rpc_client
.get_account_with_commitment(&programdata_pubkey, CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
if let UpgradeableLoaderState::ProgramData {
slot: _,
upgrade_authority_address,
} = programdata_account.state().unwrap()
{
assert_eq!(upgrade_authority_address, None);
} else {
panic!("not a buffer account");
}
}
#[test]
fn test_cli_program_write_buffer() {
solana_logger::setup();
let mut pathbuf = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
pathbuf.push("tests");
pathbuf.push("fixtures");
pathbuf.push("noop");
pathbuf.set_extension("so");
let mint_keypair = Keypair::new();
let test_validator = TestValidator::with_no_fees(mint_keypair.pubkey());
let (sender, receiver) = channel();
run_local_faucet(mint_keypair, sender, None);
let faucet_addr = receiver.recv().unwrap();
let rpc_client = RpcClient::new(test_validator.rpc_url());
let mut file = File::open(pathbuf.to_str().unwrap()).unwrap();
let mut program_data = Vec::new();
file.read_to_end(&mut program_data).unwrap();
let max_len = program_data.len();
let minimum_balance_for_buffer = rpc_client
.get_minimum_balance_for_rent_exemption(
UpgradeableLoaderState::programdata_len(max_len).unwrap(),
)
.unwrap();
let minimum_balance_for_buffer_default = rpc_client
.get_minimum_balance_for_rent_exemption(
UpgradeableLoaderState::programdata_len(max_len * 2).unwrap(),
)
.unwrap();
let mut config = CliConfig::recent_for_tests();
let keypair = Keypair::new();
config.json_rpc_url = test_validator.rpc_url();
config.signers = vec![&keypair];
config.command = CliCommand::Airdrop {
faucet_host: None,
faucet_port: faucet_addr.port(),
pubkey: None,
lamports: 100 * minimum_balance_for_buffer,
};
process_command(&config).unwrap();
// Write a buffer with default params
config.signers = vec![&keypair];
config.command = CliCommand::Program(ProgramCliCommand::WriteBuffer {
program_location: pathbuf.to_str().unwrap().to_string(),
buffer_signer_index: None,
buffer_pubkey: None,
buffer_authority_signer_index: None,
is_final: false,
max_len: None,
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let buffer_pubkey_str = json
.as_object()
.unwrap()
.get("Buffer")
.unwrap()
.as_str()
.unwrap();
let new_buffer_pubkey = Pubkey::from_str(&buffer_pubkey_str).unwrap();
let buffer_account = rpc_client
.get_account_with_commitment(&new_buffer_pubkey, CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
assert_eq!(buffer_account.lamports, minimum_balance_for_buffer_default);
assert_eq!(buffer_account.owner, bpf_loader_upgradeable::id());
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, Some(keypair.pubkey()));
} else {
panic!("not a buffer account");
}
assert_eq!(
buffer_account.data[UpgradeableLoaderState::buffer_data_offset().unwrap()..],
program_data[..]
);
// Specify buffer keypair and max_len
let buffer_keypair = Keypair::new();
config.signers = vec![&keypair, &buffer_keypair];
config.command = CliCommand::Program(ProgramCliCommand::WriteBuffer {
program_location: pathbuf.to_str().unwrap().to_string(),
buffer_signer_index: Some(1),
buffer_pubkey: Some(buffer_keypair.pubkey()),
buffer_authority_signer_index: None,
is_final: false,
max_len: Some(max_len),
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let buffer_pubkey_str = json
.as_object()
.unwrap()
.get("Buffer")
.unwrap()
.as_str()
.unwrap();
assert_eq!(
buffer_keypair.pubkey(),
Pubkey::from_str(&buffer_pubkey_str).unwrap()
);
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_keypair.pubkey(), CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
assert_eq!(buffer_account.lamports, minimum_balance_for_buffer);
assert_eq!(buffer_account.owner, bpf_loader_upgradeable::id());
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, Some(keypair.pubkey()));
} else {
panic!("not a buffer account");
}
assert_eq!(
buffer_account.data[UpgradeableLoaderState::buffer_data_offset().unwrap()..],
program_data[..]
);
// Specify buffer authority
let buffer_keypair = Keypair::new();
let authority_keypair = Keypair::new();
config.signers = vec![&keypair, &buffer_keypair, &authority_keypair];
config.command = CliCommand::Program(ProgramCliCommand::WriteBuffer {
program_location: pathbuf.to_str().unwrap().to_string(),
buffer_signer_index: Some(1),
buffer_pubkey: Some(buffer_keypair.pubkey()),
buffer_authority_signer_index: Some(2),
is_final: false,
max_len: None,
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let buffer_pubkey_str = json
.as_object()
.unwrap()
.get("Buffer")
.unwrap()
.as_str()
.unwrap();
assert_eq!(
buffer_keypair.pubkey(),
Pubkey::from_str(&buffer_pubkey_str).unwrap()
);
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_keypair.pubkey(), CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
assert_eq!(buffer_account.lamports, minimum_balance_for_buffer_default);
assert_eq!(buffer_account.owner, bpf_loader_upgradeable::id());
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, Some(authority_keypair.pubkey()));
} else {
panic!("not a buffer account");
}
assert_eq!(
buffer_account.data[UpgradeableLoaderState::buffer_data_offset().unwrap()..],
program_data[..]
);
// Specify authority only
let buffer_keypair = Keypair::new();
let authority_keypair = Keypair::new();
config.signers = vec![&keypair, &buffer_keypair, &authority_keypair];
config.command = CliCommand::Program(ProgramCliCommand::WriteBuffer {
program_location: pathbuf.to_str().unwrap().to_string(),
buffer_signer_index: None,
buffer_pubkey: None,
buffer_authority_signer_index: Some(2),
is_final: false,
max_len: None,
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let buffer_pubkey_str = json
.as_object()
.unwrap()
.get("Buffer")
.unwrap()
.as_str()
.unwrap();
let buffer_pubkey = Pubkey::from_str(&buffer_pubkey_str).unwrap();
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_pubkey, CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
assert_eq!(buffer_account.lamports, minimum_balance_for_buffer_default);
assert_eq!(buffer_account.owner, bpf_loader_upgradeable::id());
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, Some(authority_keypair.pubkey()));
} else {
panic!("not a buffer account");
}
assert_eq!(
buffer_account.data[UpgradeableLoaderState::buffer_data_offset().unwrap()..],
program_data[..]
);
// Specify final
let buffer_keypair = Keypair::new();
let authority_keypair = Keypair::new();
config.signers = vec![&keypair, &buffer_keypair, &authority_keypair];
config.command = CliCommand::Program(ProgramCliCommand::WriteBuffer {
program_location: pathbuf.to_str().unwrap().to_string(),
buffer_signer_index: None,
buffer_pubkey: None,
buffer_authority_signer_index: Some(2),
is_final: true,
max_len: None,
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let buffer_pubkey_str = json
.as_object()
.unwrap()
.get("Buffer")
.unwrap()
.as_str()
.unwrap();
let buffer_pubkey = Pubkey::from_str(&buffer_pubkey_str).unwrap();
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_pubkey, CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, None);
} else {
panic!("not a buffer account");
}
}
#[test]
fn test_cli_program_set_buffer_authority() {
solana_logger::setup();
let mut pathbuf = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
pathbuf.push("tests");
pathbuf.push("fixtures");
pathbuf.push("noop");
pathbuf.set_extension("so");
let mint_keypair = Keypair::new();
let test_validator = TestValidator::with_no_fees(mint_keypair.pubkey());
let (sender, receiver) = channel();
run_local_faucet(mint_keypair, sender, None);
let faucet_addr = receiver.recv().unwrap();
let rpc_client = RpcClient::new(test_validator.rpc_url());
let mut file = File::open(pathbuf.to_str().unwrap()).unwrap();
let mut program_data = Vec::new();
file.read_to_end(&mut program_data).unwrap();
let max_len = program_data.len();
let minimum_balance_for_buffer = rpc_client
.get_minimum_balance_for_rent_exemption(
UpgradeableLoaderState::programdata_len(max_len).unwrap(),
)
.unwrap();
let mut config = CliConfig::recent_for_tests();
let keypair = Keypair::new();
config.json_rpc_url = test_validator.rpc_url();
config.signers = vec![&keypair];
config.command = CliCommand::Airdrop {
faucet_host: None,
faucet_port: faucet_addr.port(),
pubkey: None,
lamports: 100 * minimum_balance_for_buffer,
};
process_command(&config).unwrap();
// Write a buffer
let buffer_keypair = Keypair::new();
config.signers = vec![&keypair, &buffer_keypair];
config.command = CliCommand::Program(ProgramCliCommand::WriteBuffer {
program_location: pathbuf.to_str().unwrap().to_string(),
buffer_signer_index: Some(1),
buffer_pubkey: Some(buffer_keypair.pubkey()),
buffer_authority_signer_index: None,
is_final: false,
max_len: None,
});
process_command(&config).unwrap();
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_keypair.pubkey(), CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, Some(keypair.pubkey()));
} else {
panic!("not a buffer account");
}
// Set new authority
let new_buffer_authority = Keypair::new();
config.signers = vec![&keypair, &buffer_keypair];
config.command = CliCommand::Program(ProgramCliCommand::SetBufferAuthority {
buffer_pubkey: buffer_keypair.pubkey(),
buffer_authority_index: Some(0),
new_buffer_authority: Some(new_buffer_authority.pubkey()),
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let new_buffer_authority_str = json
.as_object()
.unwrap()
.get("Authority")
.unwrap()
.as_str()
.unwrap();
assert_eq!(
Pubkey::from_str(&new_buffer_authority_str).unwrap(),
new_buffer_authority.pubkey()
);
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_keypair.pubkey(), CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, Some(new_buffer_authority.pubkey()));
} else {
panic!("not a buffer account");
}
// Set authority to buffer
config.signers = vec![&keypair, &new_buffer_authority];
config.command = CliCommand::Program(ProgramCliCommand::SetBufferAuthority {
buffer_pubkey: buffer_keypair.pubkey(),
buffer_authority_index: Some(1),
new_buffer_authority: Some(buffer_keypair.pubkey()),
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let buffer_authority_str = json
.as_object()
.unwrap()
.get("Authority")
.unwrap()
.as_str()
.unwrap();
assert_eq!(
Pubkey::from_str(&buffer_authority_str).unwrap(),
buffer_keypair.pubkey()
);
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_keypair.pubkey(), CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, Some(buffer_keypair.pubkey()));
} else {
panic!("not a buffer account");
}
// Set authority to None
config.signers = vec![&keypair, &buffer_keypair];
config.command = CliCommand::Program(ProgramCliCommand::SetBufferAuthority {
buffer_pubkey: buffer_keypair.pubkey(),
buffer_authority_index: Some(1),
new_buffer_authority: None,
});
let response = process_command(&config);
let json: Value = serde_json::from_str(&response.unwrap()).unwrap();
let buffer_authority_str = json
.as_object()
.unwrap()
.get("Authority")
.unwrap()
.as_str()
.unwrap();
assert_eq!(buffer_authority_str, "None");
let buffer_account = rpc_client
.get_account_with_commitment(&buffer_keypair.pubkey(), CommitmentConfig::recent())
.unwrap()
.value
.unwrap();
if let UpgradeableLoaderState::Buffer { authority_address } = buffer_account.state().unwrap() {
assert_eq!(authority_address, None);
} else {
panic!("not a buffer account");
}
}

478
programs/bpf_loader/src/lib.rs
View File

@ -59,14 +59,14 @@ impl UserDefinedError for BPFError {}
/// Point all log messages to the log collector
macro_rules! log {
($logger:ident, $message:expr) => {
if let Ok(logger) = $logger.try_borrow_mut() {
if let Ok(logger) = $logger.try_borrow_mut() {
if logger.log_enabled() {
logger.log($message);
}
}
};
($logger:ident, $fmt:expr, $($arg:tt)*) => {
if let Ok(logger) = $logger.try_borrow_mut() {
if let Ok(logger) = $logger.try_borrow_mut() {
if logger.log_enabled() {
logger.log(&format!($fmt, $($arg)*));
}
@ -128,28 +128,19 @@ pub fn create_and_cache_executor(
}
fn write_program_data(
account: &KeyedAccount,
data: &mut [u8],
offset: usize,
bytes: &[u8],
invoke_context: &mut dyn InvokeContext,
) -> Result<(), InstructionError> {
let logger = invoke_context.get_logger();
if account.signer_key().is_none() {
log!(logger, "Buffer account did not sign");
return Err(InstructionError::MissingRequiredSignature);
}
let len = bytes.len();
if account.data_len()? < offset + len {
log!(
logger,
"Write overflow: {} < {}",
account.data_len()?,
offset + len
);
if data.len() < offset + len {
log!(logger, "Write overflow: {} < {}", data.len(), offset + len);
return Err(InstructionError::AccountDataTooSmall);
}
account.try_account_ref_mut()?.data[offset..offset + len].copy_from_slice(&bytes);
data[offset..offset + len].copy_from_slice(&bytes);
Ok(())
}
@ -319,20 +310,41 @@ fn process_loader_upgradeable_instruction(
match limited_deserialize(instruction_data)? {
UpgradeableLoaderInstruction::InitializeBuffer => {
let buffer = next_keyed_account(account_iter)?;
let authority = next_keyed_account(account_iter)
.ok()
.map(|account| account.unsigned_key());
if UpgradeableLoaderState::Uninitialized != buffer.state()? {
log!(logger, "Buffer account already initialized");
return Err(InstructionError::AccountAlreadyInitialized);
}
buffer.set_state(&UpgradeableLoaderState::Buffer)?;
buffer.set_state(&UpgradeableLoaderState::Buffer {
authority_address: authority.cloned(),
})?;
}
UpgradeableLoaderInstruction::Write { offset, bytes } => {
let buffer = next_keyed_account(account_iter)?;
if UpgradeableLoaderState::Buffer != buffer.state()? {
let authority = next_keyed_account(account_iter)?;
if let UpgradeableLoaderState::Buffer { authority_address } = buffer.state()? {
if authority_address == None {
log!(logger, "Buffer is immutable");
return Err(InstructionError::Immutable); // TODO better error code
}
if authority_address != Some(*authority.unsigned_key()) {
log!(logger, "Incorrect buffer authority provided");
return Err(InstructionError::IncorrectAuthority);
}
if authority.signer_key().is_none() {
log!(logger, "Buffer authority did not sign");
return Err(InstructionError::MissingRequiredSignature);
}
} else {
log!(logger, "Invalid Buffer account");
return Err(InstructionError::InvalidAccountData);
}
write_program_data(
buffer,
&mut buffer.try_account_ref_mut()?.data,
UpgradeableLoaderState::buffer_data_offset()? + offset as usize,
&bytes,
invoke_context,
@ -367,7 +379,11 @@ fn process_loader_upgradeable_instruction(
// Verify Buffer account
if UpgradeableLoaderState::Buffer != buffer.state()? {
if let UpgradeableLoaderState::Buffer {
authority_address: _,
} = buffer.state()?
{
} else {
log!(logger, "Invalid Buffer account");
return Err(InstructionError::InvalidArgument);
}
@ -473,9 +489,13 @@ fn process_loader_upgradeable_instruction(
// Verify Buffer account
if UpgradeableLoaderState::Buffer != buffer.state()? {
if let UpgradeableLoaderState::Buffer {
authority_address: _,
} = buffer.state()?
{
} else {
log!(logger, "Invalid Buffer account");
return Err(InstructionError::InvalidAccountData);
return Err(InstructionError::InvalidArgument);
}
let buffer_data_offset = UpgradeableLoaderState::buffer_data_offset()?;
@ -500,11 +520,11 @@ fn process_loader_upgradeable_instruction(
{
if upgrade_authority_address == None {
log!(logger, "Program not upgradeable");
return Err(InstructionError::InvalidArgument);
return Err(InstructionError::Immutable);
}
if upgrade_authority_address != Some(*authority.unsigned_key()) {
log!(logger, "Upgrade authority not present");
return Err(InstructionError::MissingRequiredSignature);
log!(logger, "Incorrect upgrade authority provided");
return Err(InstructionError::IncorrectAuthority);
}
if authority.signer_key().is_none() {
log!(logger, "Upgrade authority did not sign");
@ -551,36 +571,55 @@ fn process_loader_upgradeable_instruction(
log!(logger, "Upgraded program {:?}", program.unsigned_key());
}
UpgradeableLoaderInstruction::SetAuthority => {
let programdata = next_keyed_account(account_iter)?;
let account = next_keyed_account(account_iter)?;
let present_authority = next_keyed_account(account_iter)?;
let new_authority = next_keyed_account(account_iter)
.ok()
.map(|account| account.unsigned_key());
if let UpgradeableLoaderState::ProgramData {
slot,
upgrade_authority_address,
} = programdata.state()?
{
if upgrade_authority_address == None {
log!(logger, "Program not upgradeable");
return Err(InstructionError::InvalidArgument);
match account.state()? {
UpgradeableLoaderState::Buffer { authority_address } => {
if authority_address == None {
log!(logger, "Buffer is immutable");
return Err(InstructionError::Immutable);
}
if authority_address != Some(*present_authority.unsigned_key()) {
log!(logger, "Incorrect buffer authority provided");
return Err(InstructionError::IncorrectAuthority);
}
if present_authority.signer_key().is_none() {
log!(logger, "Buffer authority did not sign");
return Err(InstructionError::MissingRequiredSignature);
}
account.set_state(&UpgradeableLoaderState::Buffer {
authority_address: new_authority.cloned(),
})?;
}
if upgrade_authority_address != Some(*present_authority.unsigned_key()) {
log!(logger, "Upgrade authority not present");
return Err(InstructionError::MissingRequiredSignature);
}
if present_authority.signer_key().is_none() {
log!(logger, "Upgrade authority did not sign");
return Err(InstructionError::MissingRequiredSignature);
}
programdata.set_state(&UpgradeableLoaderState::ProgramData {
UpgradeableLoaderState::ProgramData {
slot,
upgrade_authority_address: new_authority.cloned(),
})?;
} else {
log!(logger, "Not a ProgramData account");
return Err(InstructionError::InvalidAccountData);
upgrade_authority_address,
} => {
if upgrade_authority_address == None {
log!(logger, "Program not upgradeable");
return Err(InstructionError::Immutable);
}
if upgrade_authority_address != Some(*present_authority.unsigned_key()) {
log!(logger, "Incorrect upgrade authority provided");
return Err(InstructionError::IncorrectAuthority);
}
if present_authority.signer_key().is_none() {
log!(logger, "Upgrade authority did not sign");
return Err(InstructionError::MissingRequiredSignature);
}
account.set_state(&UpgradeableLoaderState::ProgramData {
slot,
upgrade_authority_address: new_authority.cloned(),
})?;
}
_ => {
log!(logger, "Account does not support authorities");
return Err(InstructionError::InvalidAccountData);
}
}
log!(logger, "New authority {:?}", new_authority);
@ -607,7 +646,16 @@ fn process_loader_instruction(
}
match limited_deserialize(instruction_data)? {
LoaderInstruction::Write { offset, bytes } => {
write_program_data(program, offset as usize, &bytes, invoke_context)?;
if program.signer_key().is_none() {
log!(logger, "Program account did not sign");
return Err(InstructionError::MissingRequiredSignature);
}
write_program_data(
&mut program.try_account_ref_mut()?.data,
offset as usize,
&bytes,
invoke_context,
)?;
}
LoaderInstruction::Finalize => {
if program.signer_key().is_none() {
@ -1150,26 +1198,68 @@ mod tests {
Ok(()),
process_instruction(
&bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, false, &buffer_account),],
&[KeyedAccount::new(&buffer_address, false, &buffer_account)],
&instruction,
&mut MockInvokeContext::default()
)
);
let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap();
assert_eq!(state, UpgradeableLoaderState::Buffer);
assert_eq!(
state,
UpgradeableLoaderState::Buffer {
authority_address: None
}
);
// Case: Already initialized
assert_eq!(
Err(InstructionError::AccountAlreadyInitialized),
process_instruction(
&bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, false, &buffer_account),],
&[KeyedAccount::new(&buffer_address, false, &buffer_account)],
&instruction,
&mut MockInvokeContext::default()
)
);
let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap();
assert_eq!(state, UpgradeableLoaderState::Buffer);
assert_eq!(
state,
UpgradeableLoaderState::Buffer {
authority_address: None
}
);
// Case: With authority
let buffer_account = Account::new_ref(
1,
UpgradeableLoaderState::buffer_len(9).unwrap(),
&bpf_loader_upgradeable::id(),
);
let authority_address = Pubkey::new_unique();
let authority_account = Account::new_ref(
1,
UpgradeableLoaderState::buffer_len(9).unwrap(),
&bpf_loader_upgradeable::id(),
);
assert_eq!(
Ok(()),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&authority_address, false, &authority_account)
],
&instruction,
&mut MockInvokeContext::default()
)
);
let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap();
assert_eq!(
state,
UpgradeableLoaderState::Buffer {
authority_address: Some(authority_address)
}
);
}
#[test]
@ -1191,7 +1281,10 @@ mod tests {
Err(InstructionError::InvalidAccountData),
process_instruction(
&bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, true, &buffer_account),],
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&buffer_address, true, &buffer_account)
],
&instruction,
&mut MockInvokeContext::default()
)
@ -1205,19 +1298,29 @@ mod tests {
.unwrap();
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer)
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap();
assert_eq!(
Ok(()),
process_instruction(
&bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, true, &buffer_account),],
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&buffer_address, true, &buffer_account)
],
&instruction,
&mut MockInvokeContext::default()
)
);
let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap();
assert_eq!(state, UpgradeableLoaderState::Buffer);
assert_eq!(
state,
UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address)
}
);
assert_eq!(
&buffer_account.borrow().data[UpgradeableLoaderState::buffer_data_offset().unwrap()..],
&[42; 9]
@ -1236,19 +1339,29 @@ mod tests {
);
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer)
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap();
assert_eq!(
Ok(()),
process_instruction(
&bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, true, &buffer_account),],
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&buffer_address, true, &buffer_account)
],
&instruction,
&mut MockInvokeContext::default()
)
);
let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap();
assert_eq!(state, UpgradeableLoaderState::Buffer);
assert_eq!(
state,
UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address)
}
);
assert_eq!(
&buffer_account.borrow().data[UpgradeableLoaderState::buffer_data_offset().unwrap()..],
&[0, 0, 0, 42, 42, 42, 42, 42, 42]
@ -1262,13 +1375,18 @@ mod tests {
.unwrap();
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer)
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap();
assert_eq!(
Err(InstructionError::MissingRequiredSignature),
process_instruction(
&bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, false, &buffer_account),],
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&buffer_address, false, &buffer_account)
],
&instruction,
&mut MockInvokeContext::default()
)
@ -1282,13 +1400,18 @@ mod tests {
.unwrap();
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer)
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap();
assert_eq!(
Err(InstructionError::AccountDataTooSmall),
process_instruction(
&bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, true, &buffer_account),],
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&buffer_address, true, &buffer_account)
],
&instruction,
&mut MockInvokeContext::default()
)
@ -1302,13 +1425,44 @@ mod tests {
.unwrap();
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer)
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap();
assert_eq!(
Err(InstructionError::AccountDataTooSmall),
process_instruction(
&bpf_loader_upgradeable::id(),
&[KeyedAccount::new(&buffer_address, true, &buffer_account),],
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&buffer_address, true, &buffer_account)
],
&instruction,
&mut MockInvokeContext::default()
)
);
// Case: wrong authority
let authority_address = Pubkey::new_unique();
let instruction = bincode::serialize(&UpgradeableLoaderInstruction::Write {
offset: 1,
bytes: vec![42; 9],
})
.unwrap();
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap();
assert_eq!(
Err(InstructionError::IncorrectAuthority),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new(&authority_address, true, &buffer_account)
],
&instruction,
&mut MockInvokeContext::default()
)
@ -1349,7 +1503,9 @@ mod tests {
&bpf_loader_upgradeable::id(),
);
buffer_account
.set_state(&UpgradeableLoaderState::Buffer)
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap();
buffer_account.data[UpgradeableLoaderState::buffer_data_offset().unwrap()..]
.copy_from_slice(&elf);
@ -1771,6 +1927,7 @@ mod tests {
#[allow(clippy::type_complexity)]
fn get_accounts(
buffer_authority: &Pubkey,
programdata_address: &Pubkey,
upgrade_authority_address: &Pubkey,
slot: u64,
@ -1791,7 +1948,9 @@ mod tests {
);
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer)
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(*buffer_authority),
})
.unwrap();
buffer_account.borrow_mut().data
[UpgradeableLoaderState::buffer_data_offset().unwrap()..]
@ -1832,6 +1991,7 @@ mod tests {
// Case: Success
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address,
&upgrade_authority_address,
slot,
@ -1886,6 +2046,7 @@ mod tests {
// Case: not upgradable
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address,
&upgrade_authority_address,
slot,
@ -1902,7 +2063,7 @@ mod tests {
})
.unwrap();
assert_eq!(
Err(InstructionError::InvalidArgument),
Err(InstructionError::Immutable),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
@ -1925,6 +2086,7 @@ mod tests {
// Case: wrong authority
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address,
&upgrade_authority_address,
slot,
@ -1934,7 +2096,7 @@ mod tests {
min_programdata_balance,
);
assert_eq!(
Err(InstructionError::MissingRequiredSignature),
Err(InstructionError::IncorrectAuthority),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
@ -1957,6 +2119,7 @@ mod tests {
// Case: authority did not sign
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address,
&upgrade_authority_address,
slot,
@ -1989,6 +2152,7 @@ mod tests {
// Case: Program account not executable
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address,
&upgrade_authority_address,
slot,
@ -2022,6 +2186,7 @@ mod tests {
// Case: Program account now owned by loader
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address,
&upgrade_authority_address,
slot,
@ -2055,6 +2220,7 @@ mod tests {
// Case: Program account not initialized
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address,
&upgrade_authority_address,
slot,
@ -2091,6 +2257,7 @@ mod tests {
// Case: ProgramData account not initialized
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address,
&upgrade_authority_address,
slot,
@ -2127,6 +2294,7 @@ mod tests {
// Case: Program ProgramData account mismatch
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address,
&upgrade_authority_address,
slot,
@ -2159,6 +2327,7 @@ mod tests {
// Case: Buffer account not initialized
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address,
&upgrade_authority_address,
slot,
@ -2172,7 +2341,7 @@ mod tests {
.set_state(&UpgradeableLoaderState::Uninitialized)
.unwrap();
assert_eq!(
Err(InstructionError::InvalidAccountData),
Err(InstructionError::InvalidArgument),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
@ -2195,6 +2364,7 @@ mod tests {
// Case: Buffer account too big
let (_, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address,
&upgrade_authority_address,
slot,
@ -2210,7 +2380,9 @@ mod tests {
);
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer)
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(buffer_address),
})
.unwrap();
assert_eq!(
Err(InstructionError::AccountDataTooSmall),
@ -2236,6 +2408,7 @@ mod tests {
// Case: bad elf data
let (buffer_account, program_account, programdata_account, spill_account) = get_accounts(
&buffer_address,
&programdata_address,
&upgrade_authority_address,
slot,
@ -2391,7 +2564,7 @@ mod tests {
})
.unwrap();
assert_eq!(
Err(InstructionError::MissingRequiredSignature),
Err(InstructionError::IncorrectAuthority),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
@ -2421,7 +2594,7 @@ mod tests {
})
.unwrap();
assert_eq!(
Err(InstructionError::InvalidArgument),
Err(InstructionError::Immutable),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
@ -2462,6 +2635,165 @@ mod tests {
);
}
#[test]
fn test_bpf_loader_upgradeable_set_buffer_authority() {
let instruction = bincode::serialize(&UpgradeableLoaderInstruction::SetAuthority).unwrap();
let authority_address = Pubkey::new_unique();
let authority_account = Account::new_ref(1, 0, &Pubkey::new_unique());
let new_authority_address = Pubkey::new_unique();
let new_authority_account = Account::new_ref(1, 0, &Pubkey::new_unique());
let buffer_address = Pubkey::new_unique();
let buffer_account = Account::new_ref(
1,
UpgradeableLoaderState::buffer_len(0).unwrap(),
&bpf_loader_upgradeable::id(),
);
// Case: Set to new authority
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(authority_address),
})
.unwrap();
assert_eq!(
Ok(()),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new_readonly(&authority_address, true, &authority_account),
KeyedAccount::new_readonly(
&new_authority_address,
false,
&new_authority_account
)
],
&instruction,
&mut MockInvokeContext::default()
)
);
let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap();
assert_eq!(
state,
UpgradeableLoaderState::Buffer {
authority_address: Some(new_authority_address),
}
);
// Case: Not upgradeable
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(authority_address),
})
.unwrap();
assert_eq!(
Ok(()),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new_readonly(&authority_address, true, &authority_account)
],
&instruction,
&mut MockInvokeContext::default()
)
);
let state: UpgradeableLoaderState = buffer_account.borrow().state().unwrap();
assert_eq!(
state,
UpgradeableLoaderState::Buffer {
authority_address: None,
}
);
// Case: Authority did not sign
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(authority_address),
})
.unwrap();
assert_eq!(
Err(InstructionError::MissingRequiredSignature),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new_readonly(&authority_address, false, &authority_account),
],
&instruction,
&mut MockInvokeContext::default()
)
);
// Case: wrong authority
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: Some(authority_address),
})
.unwrap();
assert_eq!(
Err(InstructionError::IncorrectAuthority),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new_readonly(&Pubkey::new_unique(), true, &authority_account),
KeyedAccount::new_readonly(
&new_authority_address,
false,
&new_authority_account
)
],
&instruction,
&mut MockInvokeContext::default()
)
);
// Case: No authority
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Buffer {
authority_address: None,
})
.unwrap();
assert_eq!(
Err(InstructionError::Immutable),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new_readonly(&Pubkey::new_unique(), true, &authority_account),
],
&bincode::serialize(&UpgradeableLoaderInstruction::SetAuthority).unwrap(),
&mut MockInvokeContext::default()
)
);
// Case: Not a Buffer account
buffer_account
.borrow_mut()
.set_state(&UpgradeableLoaderState::Program {
programdata_address: Pubkey::new_unique(),
})
.unwrap();
assert_eq!(
Err(InstructionError::InvalidAccountData),
process_instruction(
&bpf_loader_upgradeable::id(),
&[
KeyedAccount::new(&buffer_address, false, &buffer_account),
KeyedAccount::new_readonly(&Pubkey::new_unique(), true, &authority_account),
],
&bincode::serialize(&UpgradeableLoaderInstruction::SetAuthority).unwrap(),
&mut MockInvokeContext::default()
)
);
}
/// fuzzing utility function
fn fuzz<F>(
bytes: &[u8],

2
runtime/src/bank.rs
View File

@ -92,7 +92,7 @@ pub const SECONDS_PER_YEAR: f64 = 365.25 * 24.0 * 60.0 * 60.0;
pub const MAX_LEADER_SCHEDULE_STAKES: Epoch = 5;
type BankStatusCache = StatusCache<Result<()>>;
#[frozen_abi(digest = "GSPuprru1pomsgvopKG7XRWiXdqdXJdLPkgJ2arPbkXM")]
#[frozen_abi(digest = "MUmkgPsCRrWL2HEsMEvpkWMis35kbBnaEZtrph5P6bk")]
pub type BankSlotDelta = SlotDelta<Result<()>>;
type TransactionAccountRefCells = Vec<Rc<RefCell<Account>>>;
type TransactionAccountDepRefCells = Vec<(Pubkey, RefCell<Account>)>;

4
runtime/src/loader_utils.rs
View File

@ -69,6 +69,7 @@ pub fn load_buffer_account<T: Client>(
&bpf_loader_upgradeable::create_buffer(
&from_keypair.pubkey(),
&buffer_pubkey,
Some(&buffer_pubkey),
1.max(
bank_client
.get_minimum_balance_for_rent_exemption(program.len())
@ -88,6 +89,7 @@ pub fn load_buffer_account<T: Client>(
let message = Message::new(
&[bpf_loader_upgradeable::write(
&buffer_pubkey,
None,
offset,
chunk.to_vec(),
)],
@ -168,7 +170,7 @@ pub fn set_upgrade_authority<T: Client>(
new_authority_pubkey: Option<&Pubkey>,
) {
let message = Message::new(
&[bpf_loader_upgradeable::set_authority(
&[bpf_loader_upgradeable::set_upgrade_authority(
program_pubkey,
&current_authority_keypair.pubkey(),
new_authority_pubkey,

60
sdk/program/src/bpf_loader_upgradeable.rs
View File

@ -24,7 +24,12 @@ pub enum UpgradeableLoaderState {
/// Account is not initialized.
Uninitialized,
/// A Buffer account.
Buffer,
Buffer {
/// Authority address
authority_address: Option<Pubkey>,
// The raw program data follows this serialized structure in the
// account's data.
},
/// An Program account.
Program {
/// Address of the ProgramData account.
@ -43,9 +48,11 @@ pub enum UpgradeableLoaderState {
impl UpgradeableLoaderState {
/// Length of an buffer account's data.
pub fn buffer_len(program_len: usize) -> Result<usize, InstructionError> {
Ok(serialized_size(&Self::Buffer)
.map(|len| len as usize)
.map_err(|_| InstructionError::InvalidInstructionData)?
Ok(serialized_size(&Self::Buffer {
authority_address: Some(Pubkey::default()),
})
.map(|len| len as usize)
.map_err(|_| InstructionError::InvalidInstructionData)?
+ program_len)
}
/// Offset into the ProgramData account's data of the program bits.
@ -80,9 +87,14 @@ impl UpgradeableLoaderState {
pub fn create_buffer(
payer_address: &Pubkey,
buffer_address: &Pubkey,
authority_address: Option<&Pubkey>,
lamports: u64,
program_len: usize,
) -> Result<Vec<Instruction>, InstructionError> {
let mut metas = vec![AccountMeta::new(*buffer_address, false)];
if let Some(authority_address) = authority_address {
metas.push(AccountMeta::new(*authority_address, false));
}
Ok(vec![
system_instruction::create_account(
payer_address,
@ -91,21 +103,29 @@ pub fn create_buffer(
UpgradeableLoaderState::buffer_len(program_len)? as u64,
&id(),
),
Instruction::new(
id(),
&UpgradeableLoaderInstruction::InitializeBuffer,
vec![AccountMeta::new(*buffer_address, false)],
),
Instruction::new(id(), &UpgradeableLoaderInstruction::InitializeBuffer, metas),
])
}
/// Returns the instructions required to write a chunk of program data to a
/// buffer account.
pub fn write(buffer_address: &Pubkey, offset: u32, bytes: Vec<u8>) -> Instruction {
pub fn write(
buffer_address: &Pubkey,
authority_address: Option<&Pubkey>,
offset: u32,
bytes: Vec<u8>,
) -> Instruction {
let mut metas = vec![
AccountMeta::new(*buffer_address, false),
AccountMeta::new(*buffer_address, true),
];
if let Some(authority_address) = authority_address {
metas[1] = AccountMeta::new(*authority_address, true);
}
Instruction::new(
id(),
&UpgradeableLoaderInstruction::Write { offset, bytes },
vec![AccountMeta::new(*buffer_address, true)],
metas,
)
}
@ -176,8 +196,24 @@ pub fn is_upgrade_instruction(instruction_data: &[u8]) -> bool {
3 == instruction_data[0]
}
/// Returns the instructions required to set a buffers's authority.
pub fn set_buffer_authority(
buffer_address: &Pubkey,
current_authority_address: &Pubkey,
new_authority_address: Option<&Pubkey>,
) -> Instruction {
let mut metas = vec![
AccountMeta::new(*buffer_address, false),
AccountMeta::new_readonly(*current_authority_address, true),
];
if let Some(address) = new_authority_address {
metas.push(AccountMeta::new_readonly(*address, false));
}
Instruction::new(id(), &UpgradeableLoaderInstruction::SetAuthority, metas)
}
/// Returns the instructions required to set a program's authority.
pub fn set_authority(
pub fn set_upgrade_authority(
program_address: &Pubkey,
current_authority_address: &Pubkey,
new_authority_address: Option<&Pubkey>,

6
sdk/program/src/instruction.rs
View File

@ -180,6 +180,12 @@ pub enum InstructionError {
#[error("Program failed to compile")]
ProgramFailedToCompile,
#[error("Account is immutable")]
Immutable,
#[error("Incorrect authority provided")]
IncorrectAuthority,
}
#[derive(Debug, PartialEq, Clone, Serialize, Deserialize)]

13
sdk/program/src/loader_upgradeable_instruction.rs
View File

@ -16,12 +16,15 @@ pub enum UpgradeableLoaderInstruction {
///
/// # Account references
/// 0. [writable] source account to initialize.
/// 1. [] Buffer authority, optional, if omitted then the buffer will be
/// immutable.
InitializeBuffer,
/// Write program data into a Buffer account.
///
/// # Account references
/// 0. [writable, signer] Buffer account to write program data to.
/// 0. [writable] Buffer account to write program data to.
/// 1. [signer] Buffer authority
Write {
/// Offset at which to write the given bytes.
offset: u32,
@ -92,11 +95,13 @@ pub enum UpgradeableLoaderInstruction {
/// 6. [signer] The program's authority.
Upgrade,
/// Set a new authority that is allowed to upgrade the program. To
/// permanently disable program updates omit the new authority.
/// Set a new authority that is allowed to write the buffer or upgrade the
/// program. To permanently make the buffer immutable or disable program
/// updates omit the new authority.
///
/// # Account references
/// 0. `[writable]` The ProgramData account to change the authority of.
/// 0. `[writable]` The Buffer or ProgramData account to change the
/// authority of.
/// 1. `[signer]` The current authority.
/// 2. `[]` The new authority, optional, if omitted then the program will
/// not be upgradeable.