From 2d93db9dec950002e153d8e6b052b69d8e2854d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20Mei=C3=9Fner?= <AlexanderMeissner@gmx.net>
Date: Mon, 13 Dec 2021 21:12:07 +0100
Subject: [PATCH] Feature gates for rbpf v0.2.16 (#21590)

- Adds feature reject_section_virtual_address_file_offset_mismatch.
- Adds feature start_verify_shift32_imm.
- Enables enable_symbol_and_section_labels only in the rbpf-cli.
---
 cli/src/program.rs             |  4 +++-
 programs/bpf/tests/programs.rs |  4 ++++
 programs/bpf_loader/src/lib.rs | 13 +++++++++----
 rbpf-cli/src/main.rs           |  1 +
 sdk/src/feature_set.rs         | 10 ++++++++++
 5 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/cli/src/program.rs b/cli/src/program.rs
index 4ad49e50fc..25fb2c2f3d 100644
--- a/cli/src/program.rs
+++ b/cli/src/program.rs
@@ -1992,7 +1992,9 @@ fn read_and_verify_elf(program_location: &str) -> Result<Vec<u8>, Box<dyn std::e
         Some(verifier::check),
         Config {
             reject_unresolved_syscalls: true,
-            verify_mul64_imm_nonzero: true, // TODO: Remove me after feature gate
+            verify_mul64_imm_nonzero: false,
+            verify_shift32_imm: true,
+            reject_section_virtual_address_file_offset_mismatch: true,
             ..Config::default()
         },
         register_syscalls(&mut invoke_context).unwrap(),
diff --git a/programs/bpf/tests/programs.rs b/programs/bpf/tests/programs.rs
index ce228d3ac4..5bca860cac 100644
--- a/programs/bpf/tests/programs.rs
+++ b/programs/bpf/tests/programs.rs
@@ -213,6 +213,10 @@ fn run_program(
 
     let config = Config {
         enable_instruction_tracing: true,
+        reject_unresolved_syscalls: true,
+        reject_section_virtual_address_file_offset_mismatch: true,
+        verify_mul64_imm_nonzero: false,
+        verify_shift32_imm: true,
         ..Config::default()
     };
     let mut executable = Executable::<BpfError, ThisInstructionMeter>::from_elf(
diff --git a/programs/bpf_loader/src/lib.rs b/programs/bpf_loader/src/lib.rs
index 0256dd4c11..09fc322cfa 100644
--- a/programs/bpf_loader/src/lib.rs
+++ b/programs/bpf_loader/src/lib.rs
@@ -34,7 +34,8 @@ use solana_sdk::{
     feature_set::{
         add_missing_program_error_mappings, close_upgradeable_program_accounts, fix_write_privs,
         reduce_required_deploy_balance, reject_deployment_of_unresolved_syscalls,
-        requestable_heap_size, stop_verify_mul64_imm_nonzero, upgradeable_close_instruction,
+        reject_section_virtual_address_file_offset_mismatch, requestable_heap_size,
+        start_verify_shift32_imm, stop_verify_mul64_imm_nonzero, upgradeable_close_instruction,
     },
     ic_logger_msg, ic_msg,
     instruction::{AccountMeta, InstructionError},
@@ -77,7 +78,7 @@ pub fn create_executor(
     program_data_offset: usize,
     invoke_context: &mut dyn InvokeContext,
     use_jit: bool,
-    reject_unresolved_syscalls: bool,
+    reject_deployment_of_broken_elfs: bool,
 ) -> Result<Arc<BpfExecutor>, InstructionError> {
     let syscall_registry = syscalls::register_syscalls(invoke_context).map_err(|e| {
         ic_msg!(invoke_context, "Failed to register syscalls: {}", e);
@@ -88,10 +89,14 @@ pub fn create_executor(
         max_call_depth: bpf_compute_budget.max_call_depth,
         stack_frame_size: bpf_compute_budget.stack_frame_size,
         enable_instruction_tracing: log_enabled!(Trace),
-        reject_unresolved_syscalls: reject_unresolved_syscalls
+        reject_unresolved_syscalls: reject_deployment_of_broken_elfs
             && invoke_context.is_feature_active(&reject_deployment_of_unresolved_syscalls::id()),
+        reject_section_virtual_address_file_offset_mismatch: reject_deployment_of_broken_elfs
+            && invoke_context
+                .is_feature_active(&reject_section_virtual_address_file_offset_mismatch::id()),
         verify_mul64_imm_nonzero: !invoke_context
-            .is_feature_active(&stop_verify_mul64_imm_nonzero::id()), // TODO: Feature gate and then remove me
+            .is_feature_active(&stop_verify_mul64_imm_nonzero::id()),
+        verify_shift32_imm: invoke_context.is_feature_active(&start_verify_shift32_imm::id()),
         ..Config::default()
     };
     let mut executable = {
diff --git a/rbpf-cli/src/main.rs b/rbpf-cli/src/main.rs
index 52e219f356..deda22b36e 100644
--- a/rbpf-cli/src/main.rs
+++ b/rbpf-cli/src/main.rs
@@ -147,6 +147,7 @@ native machine code before execting it in the virtual machine.",
 
     let config = Config {
         enable_instruction_tracing: matches.is_present("trace") || matches.is_present("profile"),
+        enable_symbol_and_section_labels: true,
         ..Config::default()
     };
     let mut accounts = Vec::new();
diff --git a/sdk/src/feature_set.rs b/sdk/src/feature_set.rs
index 9a875c930e..8be6e87886 100644
--- a/sdk/src/feature_set.rs
+++ b/sdk/src/feature_set.rs
@@ -167,6 +167,10 @@ pub mod stop_verify_mul64_imm_nonzero {
     solana_sdk::declare_id!("EHFwHg2vhwUb7ifm7BuY9RMbsyt1rS1rUii7yeDJtGnN");
 }
 
+pub mod start_verify_shift32_imm {
+    solana_sdk::declare_id!("CqvdhqAYMc6Eq6tjW3H42Qg39TK2SCsL8ydMsC363PRp");
+}
+
 pub mod merge_nonce_error_into_system_error {
     solana_sdk::declare_id!("21AWDosvp3pBamFW91KB35pNoaoZVTM7ess8nr2nt53B");
 }
@@ -259,6 +263,10 @@ pub mod reject_deployment_of_unresolved_syscalls {
     solana_sdk::declare_id!("DqniU3MfvdpU3yhmNF1RKeaM5TZQELZuyFGosASRVUoy");
 }
 
+pub mod reject_section_virtual_address_file_offset_mismatch {
+    solana_sdk::declare_id!("5N4NikcJLEiZNqwndhNyvZw15LvFXp1oF7AJQTNTZY5k");
+}
+
 lazy_static! {
     /// Map of feature identifiers to user-visible description
     pub static ref FEATURE_NAMES: HashMap<Pubkey, &'static str> = [
@@ -301,6 +309,7 @@ lazy_static! {
         (rent_for_sysvars::id(), "collect rent from accounts owned by sysvars"),
         (libsecp256k1_0_5_upgrade_enabled::id(), "upgrade libsecp256k1 to v0.5.0"),
         (stop_verify_mul64_imm_nonzero::id(), "Sets rbpf vm config verify_mul64_imm_nonzero to false"),
+        (start_verify_shift32_imm::id(), "sets rbpf vm config verify_shift32_imm to true"),
         (merge_nonce_error_into_system_error::id(), "merge NonceError into SystemError"),
         (spl_token_v2_set_authority_fix::id(), "spl-token set_authority fix"),
         (stake_merge_with_unmatched_credits_observed::id(), "allow merging active stakes with unmatched credits_observed #18985"),
@@ -324,6 +333,7 @@ lazy_static! {
         (requestable_heap_size::id(), "Requestable heap frame size"),
         (add_compute_budget_program::id(), "Add compute_budget_program"),
         (reject_deployment_of_unresolved_syscalls::id(), "Reject deployment of programs with unresolved syscall symbols"),
+        (reject_section_virtual_address_file_offset_mismatch::id(), "enforce section virtual addresses and file offsets in ELF to be equal"),
         /*************** ADD NEW FEATURES HERE ***************/
     ]
     .iter()