Dont call precompiled programs (#19930)

2021-09-28 23:25:08 -07:00
parent ee8621a8bd
commit 8fee9a2e1a
27 changed files with 604 additions and 386 deletions
--- a/programs/bpf_loader/src/lib.rs
+++ b/programs/bpf_loader/src/lib.rs
@@ -1672,7 +1672,7 @@ mod tests {
        bank.feature_set = Arc::new(FeatureSet::all_enabled());
        bank.add_builtin(
            "solana_bpf_loader_upgradeable_program",
-            bpf_loader_upgradeable::id(),
+            &bpf_loader_upgradeable::id(),
            process_instruction,
        );
        let bank = Arc::new(bank);
--- a/programs/bpf_loader/src/syscalls.rs
+++ b/programs/bpf_loader/src/syscalls.rs
@@ -22,8 +22,8 @@ use solana_sdk::{
        allow_native_ids, blake3_syscall_enabled, check_seed_length,
        close_upgradeable_program_accounts, demote_program_write_locks, disable_fees_sysvar,
        do_support_realloc, libsecp256k1_0_5_upgrade_enabled, mem_overlap_fix,
-        return_data_syscall_enabled, secp256k1_recover_syscall_enabled,
-        sol_log_data_syscall_enabled,
+        prevent_calling_precompiles_as_programs, return_data_syscall_enabled,
+        secp256k1_recover_syscall_enabled, sol_log_data_syscall_enabled,
    },
    hash::{Hasher, HASH_BYTES},
    ic_msg,
@@ -31,6 +31,7 @@ use solana_sdk::{
    keccak,
    message::Message,
    native_loader,
+    precompiles::is_precompile,
    process_instruction::{self, stable_log, ComputeMeter, InvokeContext, Logger},
    program::MAX_RETURN_DATA,
    pubkey::{Pubkey, PubkeyError, MAX_SEEDS, MAX_SEED_LEN},
@@ -2157,16 +2158,21 @@ fn check_account_infos(
 fn check_authorized_program(
    program_id: &Pubkey,
    instruction_data: &[u8],
-    close_upgradeable_program_accounts: bool,
+    invoke_context: &dyn InvokeContext,
 ) -> Result<(), EbpfError<BpfError>> {
+    #[allow(clippy::blocks_in_if_conditions)]
    if native_loader::check_id(program_id)
        || bpf_loader::check_id(program_id)
        || bpf_loader_deprecated::check_id(program_id)
        || (bpf_loader_upgradeable::check_id(program_id)
            && !(bpf_loader_upgradeable::is_upgrade_instruction(instruction_data)
                || bpf_loader_upgradeable::is_set_authority_instruction(instruction_data)
-                || (close_upgradeable_program_accounts
+                || (invoke_context.is_feature_active(&close_upgradeable_program_accounts::id())
                    && bpf_loader_upgradeable::is_close_instruction(instruction_data))))
+        || (invoke_context.is_feature_active(&prevent_calling_precompiles_as_programs::id())
+            && is_precompile(program_id, |feature_id: &Pubkey| {
+                invoke_context.is_feature_active(feature_id)
+            }))
    {
        return Err(SyscallError::ProgramNotSupported(*program_id).into());
    }
@@ -2204,11 +2210,7 @@ fn call<'a>(
    let (message, caller_write_privileges, program_indices) =
        InstructionProcessor::create_message(&instruction, &signers, &invoke_context)
            .map_err(SyscallError::InstructionError)?;
-    check_authorized_program(
-        &instruction.program_id,
-        &instruction.data,
-        invoke_context.is_feature_active(&close_upgradeable_program_accounts::id()),
-    )?;
+    check_authorized_program(&instruction.program_id, &instruction.data, *invoke_context)?;
    let (account_indices, mut accounts) = syscall.translate_accounts(
        &message,
        account_infos_addr,