diff --git a/runtime/benches/message_processor.rs b/runtime/benches/message_processor.rs index 11fb056973..259639b408 100644 --- a/runtime/benches/message_processor.rs +++ b/runtime/benches/message_processor.rs @@ -24,7 +24,8 @@ fn bench_verify_account_changes_data(bencher: &mut Bencher) { false, &Rent::default(), &post, - &mut ExecuteDetailsTimings::default() + &mut ExecuteDetailsTimings::default(), + true ), Ok(()) ); @@ -37,6 +38,7 @@ fn bench_verify_account_changes_data(bencher: &mut Bencher) { &Rent::default(), &post, &mut ExecuteDetailsTimings::default(), + true, ) .unwrap(); }); @@ -60,6 +62,7 @@ fn bench_verify_account_changes_data(bencher: &mut Bencher) { &Rent::default(), &post, &mut ExecuteDetailsTimings::default(), + true, ) .unwrap(); }); diff --git a/runtime/src/message_processor.rs b/runtime/src/message_processor.rs index c6c661c674..21edde69ac 100644 --- a/runtime/src/message_processor.rs +++ b/runtime/src/message_processor.rs @@ -10,7 +10,7 @@ use solana_sdk::{ bpf_loader_upgradeable::{self, UpgradeableLoaderState}, feature_set::{ cpi_share_ro_and_exec_accounts, demote_sysvar_write_locks, instructions_sysvar_enabled, - FeatureSet, + updated_verify_policy, FeatureSet, }, ic_msg, instruction::{CompiledInstruction, Instruction, InstructionError}, @@ -105,6 +105,7 @@ impl PreAccount { rent: &Rent, post: &AccountSharedData, timings: &mut ExecuteDetailsTimings, + updated_verify_policy: bool, ) -> Result<(), InstructionError> { let pre = self.account.borrow(); @@ -173,9 +174,14 @@ impl PreAccount { if !rent.is_exempt(post.lamports, post.data().len()) { return Err(InstructionError::ExecutableAccountNotRentExempt); } + let owner = if updated_verify_policy { + post.owner() + } else { + pre.owner() + }; if !is_writable // line coverage used to get branch coverage || pre.executable - || *program_id != post.owner + || program_id != owner { return Err(InstructionError::ExecutableModified); } @@ -354,6 +360,7 @@ impl<'a> InvokeContext for ThisInvokeContext<'a> { caller_write_privileges, &mut self.timings, self.feature_set.is_active(&demote_sysvar_write_locks::id()), + self.feature_set.is_active(&updated_verify_policy::id()), ), None => Err(InstructionError::GenericError), // Should never happen } @@ -963,6 +970,7 @@ impl MessageProcessor { rent: &Rent, timings: &mut ExecuteDetailsTimings, demote_sysvar_write_locks: bool, + updated_verify_policy: bool, ) -> Result<(), InstructionError> { // Verify all executable accounts have zero outstanding refs Self::verify_account_references(executable_accounts)?; @@ -985,6 +993,7 @@ impl MessageProcessor { rent, &account, timings, + updated_verify_policy, )?; pre_sum += u128::from(pre_accounts[unique_index].lamports()); post_sum += u128::from(account.lamports); @@ -1001,6 +1010,7 @@ impl MessageProcessor { } /// Verify the results of a cross-program instruction + #[allow(clippy::too_many_arguments)] fn verify_and_update( message: &Message, instruction: &CompiledInstruction, @@ -1011,6 +1021,7 @@ impl MessageProcessor { caller_write_privileges: Option<&[bool]>, timings: &mut ExecuteDetailsTimings, demote_sysvar_write_locks: bool, + updated_verify_policy: bool, ) -> Result<(), InstructionError> { // Verify the per-account instruction results let (mut pre_sum, mut post_sum) = (0_u128, 0_u128); @@ -1033,7 +1044,14 @@ impl MessageProcessor { .map_err(|_| InstructionError::AccountBorrowOutstanding)?; } let account = account.borrow(); - pre_account.verify(&program_id, is_writable, &rent, &account, timings)?; + pre_account.verify( + &program_id, + is_writable, + &rent, + &account, + timings, + updated_verify_policy, + )?; pre_sum += u128::from(pre_account.lamports()); post_sum += u128::from(account.lamports); if is_writable && !pre_account.executable() { @@ -1133,6 +1151,7 @@ impl MessageProcessor { &rent_collector.rent, timings, demote_sysvar_write_locks, + invoke_context.is_feature_active(&updated_verify_policy::id()), )?; timings.accumulate(&invoke_context.timings); @@ -1414,6 +1433,7 @@ mod tests { &self.rent, &self.post, &mut ExecuteDetailsTimings::default(), + true, ) } } diff --git a/sdk/src/feature_set.rs b/sdk/src/feature_set.rs index a377384f1a..259dd5b764 100644 --- a/sdk/src/feature_set.rs +++ b/sdk/src/feature_set.rs @@ -158,6 +158,10 @@ pub mod vote_stake_checked_instructions { solana_sdk::declare_id!("BcWknVcgvonN8sL4HE4XFuEVgfcee5MwxWPAgP6ZV89X"); } +pub mod updated_verify_policy { + solana_sdk::declare_id!("k15tVxtkgsmo7dy6iJ56N5hBCxuQAtqRgYwoTDuwbia"); +} + lazy_static! { /// Map of feature identifiers to user-visible description pub static ref FEATURE_NAMES: HashMap = [ @@ -196,6 +200,7 @@ lazy_static! { (memory_ops_syscalls::id(), "add syscalls for memory operations"), (dedupe_config_program_signers::id(), "dedupe config program signers"), (vote_stake_checked_instructions::id(), "vote/state program checked instructions #18345"), + (updated_verify_policy::id(), "Update verify policy"), /*************** ADD NEW FEATURES HERE ***************/ ] .iter()