* AccountSharedData: make data_mut() private
This ensures that the inner Vec is never handed out. This is in
preparation of enforcing that the capacity of the inner vec never
shrinks, which is required for direct mapping.
* Adds the feature bpf_account_data_direct_mapping.
* Remaps EbpfError::AccessViolation into InstructionError::ReadonlyDataModified.
* WIP: Memory regions for each instruction account in create_vm().
* Fix serialization benches, run both copy and !copy variants
* rbpf-cli: fix build
* BorrowedAccount: ensure that account capacity is never reduced
Accounts can be directly mapped in address space. Their capacity can't
be reduced mid transaction as that would create holes in vm address
space that point to invalid host memory.
* bpf_load: run serialization tests for both copy and !copy account data
* bpf_loader: add Serializer::write_account
* fix lints
* BorrowedAccount: make_data_mut is host only
* Fix unused import warning
* Fix lints
* cpi: add explicit direct_mapping arg to update_(callee|caller)_account
* cpi: rename account_data_or_only_realloc_padding to serialized_data
* cpi: add CallerAccount::original_data_len comment
* cpi: add update_callee_account direct_mapping test
* cpi: add test_update_caller_account_data_direct_mapping and fix bug
We used to have a bug in zeroing data when shrinking account, where we zeroed
the spare account capacity but not the realloc padding.
* cpi: add tests for mutated readonly accounts
* cpi: update_caller_account doesn't need to change .serialized_data when direct_mapping is on
* cpi: update_caller_account: ensure that account capacity is always enough
Introduce a better way to ensure that account capacity never goes below what
might be mapped in memory regions.
* cpi: zero account capacity using the newly introduced BorrowedAccount::spare_data_capacity_mut()
Before we were using BorrowedAccount::get_data_mut() to get the base pointer to
the account data, then we were slicing the spare capacity from it. Calling
get_data_mut() doesn't work if an account has been closed tho, since the
current program doesn't own the account anymore and therefore get_data_mut()
errors out.
* bpf_loader: fix same lint for the umpteenth time
* bpf_loader: map AccessViolation to ReadonlyDataModified only for account region violations
* programs/sbf: realloc: add test for large write after realloc
Add a test that after a realloc does a large write that spans the
original account length and the realloc area. This ensures that memory
mapping works correctly across the boundary.
* programs/sbf: run test_program_sbf_realloc with both direct_mapping on and off
By default test banks test with all features on. This ensures we keep
testing the existing code until the new feature is enabled.
* bpf_loader: tweak memcmp syscall
Split the actual memcmp code in a separate function. Remove check
indexing the slices since the slices are guaranteed to have the correct
length by construction.
* bpf_loader: tweak the memset syscall
Use slice::fill, which is effectively memset.
* bpf_loader: syscalls: update mem syscalls to work with non contiguous memory
With direct mapping enabled, accounts can now span multiple memory
regions.
* fix lint, rebase mem_ops
* Implement CoW for writable accounts
* Fix CI
* Move CoW to the MemoryMapping level
* Update after rbpf API change
* Fix merge screwup
* Add create_vm macro. Fix benches.
* cpi: simplify update_caller_account
Simplify the logic to update a caller's memory region when a callee
causes an account data pointer to change (eg during CoW)
* benches/bpf_loader: move serialization out of create_vm bench
* benches/bpf_loader: don't copy accounts when direct mapping is on
* Fix review nits
* bpf_loader: mem_ops: handle u64 overflow in MemoryChunkIterator::new
When starting at u64::MAX, the chunk iterator would always return the
empty sequence (None on the first next()) call, instead of returning a
memory access violation.
Use checked instead of saturating arithmetic to detect the condition and
error out.
This commit also adds more tests around boundary conditions.
* Fix loader-v3 tests: data_mut => data_as_mut_slice
* Fix CI
* bpf_loader: fix tuner bench: account must be writable
With direct mapping on, invalid writes are caught early meaning the
tuner would fail on the first store and not consume the whole budget
like the benchmark expects.
---------
Co-authored-by: Alexander Meißner <AlexanderMeissner@gmx.net>
* Add failing test
* Add config struct for vote-account creation
* Add create-vote-account ix builders that use CreateVoteAccountConfig
* Test now passes; add case to demonstrate failure after activation
* Deprecate existing ix builders
* Use new builders in solana-cli
* Query feature status to use correct VoteState size in solana-cli
* Fix tests and clippy warnings
* Improve ugly conditional block
* Enforce used_underscore_binding
* Fix all
* Work around for cfg()-ed code...
* ci....
* Make clipply fixes more pleasant
* Clone exit signal while intentionally shadowing
* Use more verbose code to avoid any #[allow(...)]s
* AHV processes the snapshot dirs in place
Let account pacakge use the snapshot dir, so AHV computes the accounts hash and turns the pre snapshot dir into a post snapshot dir
* fix status cache path to maintain the archive layout for the in-place snapshot dir archiving
* fix test_package_snapshots
* Fix test_concurrent_snapshot_packaging
* Remove debug change.
* Fix snapshot_links path
* change to borrow for bank_snapshots_dir
* Reverted changes in create_and_verify_snapshot
* Fix param errors
* Fix rebase errors
* Remove NOTE 1
* Remove unwrap
* Remove the variables to make it apparent taht snapshot_links is the bank_snapshots_dir
* Use soft link instead of hard link for snapshot and status cache
* After switching to soft symlinking, the src path should be absolute
* Moves the registration of bpf_loader built-ins from the ledger into the runtime.
* Removes bpf_loader built-ins registration in tests and benchmarks.
* Removes declare_builtin!() of bpf_loader built-ins.
* Removes built-ins from the SDK.
* Adjusts tests.
* Enables JIT everywhere by default.
* Removes the CLI argument "no-bpf-jit" and its plumbering through out the validator code base.
* Removes with_jit bpf_loader variants.
* Removes the to_builtin!() macro.
When ReplayStage repeatedly fails to compute the correct for a block
after purging and repairing, it panics on the assumption that something
is very wrong and will require human intervention.
If this is the case, there is typically something to be debugged, and
having the slot available locally is valuable. This change does the
retry check that will panic before purging the failure slot.
* remove unnecessary files
* unify the hooks's header
* don't use set -e in post-checkout
* shellcheck.sh include .buildkite/hooks
* xxx: make ci unhappy
* Revert "xxx: make ci unhappy"
This reverts commit a0fdfb40db8aa226a2669e474a06fb0f45f8c5c4.
Xiang Zhu
Alessandro Decina
Yihau Chen
Brooks
Tyera
dependabot[bot]
Brennan
Pankaj Garg
behzad nouri
Andrew Fitzgerald
Jeff Washington (jwash)
Kevin Heavey
Dmitri Makarov
Alexander Meißner
Ryo Onodera
steviez
Illia Bobyr