Drop write lock on sysvars (#15497)

* Drop write lock on sysvars * adds env var for demoting sysvar write lock demotion * moves demote logic to is_writable * feature gates sysvar write lock demotion * adds builtins to write lock demotion * adds system program id to builtins * adds Feature111... * adds an abi-freeze test * mvines set of builtin program keys Co-authored-by: Michael Vines <mvines@gmail.com> * update tests * adds bpf loader keys * Add test sysvar * Plumb demote_sysvar to is_writable * more plumbing of demote_sysvar_write_locks to is_writable * patches test_program_bpf_instruction_introspection * hard codes demote_sysvar_write_locks to false for serialization/encoding methods * Revert "hard codes demote_sysvar_write_locks to false for serialization/encoding methods" This reverts commit ae3e2d2e777437bddd753933097a210dcbc1b1fc. * change the hardcoded ones to demote_sysvar_write_locks=true * Use data_as_mut_slice Co-authored-by: behzad nouri <behzadnouri@gmail.com> Co-authored-by: Michael Vines <mvines@gmail.com>
2021-03-30 10:05:09 -07:00
parent 527adbed34
commit 54c68ea83f
12 changed files with 316 additions and 69 deletions
--- a/programs/bpf/tests/programs.rs
+++ b/programs/bpf/tests/programs.rs
@ -1323,7 +1323,9 @@ fn test_program_bpf_instruction_introspection() {
    let result = bank_client.send_and_confirm_instruction(&mint_keypair, instruction);
    assert_eq!(
        result.unwrap_err().unwrap(),
-        TransactionError::InvalidAccountIndex
+        // sysvar write locks are demoted to read only. So this will no longer
+        // cause InvalidAccountIndex error.
+        TransactionError::InstructionError(0, InstructionError::ProgramFailedToComplete),
    );

    // No accounts, should error
--- a/programs/bpf_loader/src/syscalls.rs
+++ b/programs/bpf_loader/src/syscalls.rs
@ -16,7 +16,10 @@ use solana_sdk::{
    bpf_loader, bpf_loader_deprecated,
    bpf_loader_upgradeable::{self, UpgradeableLoaderState},
    entrypoint::{MAX_PERMITTED_DATA_INCREASE, SUCCESS},
-    feature_set::{cpi_data_cost, cpi_share_ro_and_exec_accounts, ristretto_mul_syscall_enabled},
+    feature_set::{
+        cpi_data_cost, cpi_share_ro_and_exec_accounts, demote_sysvar_write_locks,
+        ristretto_mul_syscall_enabled,
+    },
    hash::{Hasher, HASH_BYTES},
    ic_msg,
    instruction::{AccountMeta, Instruction, InstructionError},
@ -1571,7 +1574,14 @@ fn call<'a>(
    signers_seeds_len: u64,
    memory_mapping: &MemoryMapping,
 ) -> Result<u64, EbpfError<BpfError>> {
-    let (message, executables, accounts, account_refs, caller_write_privileges) = {
+    let (
+        message,
+        executables,
+        accounts,
+        account_refs,
+        caller_write_privileges,
+        demote_sysvar_write_locks,
+    ) = {
        let invoke_context = syscall.get_context()?;

        invoke_context
@ -1653,6 +1663,7 @@ fn call<'a>(
            accounts,
            account_refs,
            caller_write_privileges,
+            invoke_context.is_feature_active(&demote_sysvar_write_locks::id()),
        )
    };

@ -1678,7 +1689,7 @@ fn call<'a>(
        for (i, (account, account_ref)) in accounts.iter().zip(account_refs).enumerate() {
            let account = account.borrow();
            if let Some(account_ref) = account_ref {
-                if message.is_writable(i) && !account.executable {
+                if message.is_writable(i, demote_sysvar_write_locks) && !account.executable {
                    *account_ref.lamports = account.lamports;
                    *account_ref.owner = account.owner;
                    if account_ref.data.len() != account.data().len() {