Allow SetUpgradeAuthority instruction in CPI calls (backport #16676) (#16954)

* Allow SetUpgradeAuthority instruction in CPI calls (#16676)

* feat: allow SetAuthority in CLI calls

* chore: clippy match_like_matches_macro

* chore: clippy match_like_matches_macro

* chore: rename CLI to CPI

* chore: move check for cpi authorised instruction to syscalls

* chore: add set_upgrade_authority cpi test

* chore: assert upgrade authority was changed

* feat: gate set_upgrade_authority via cpi with a feature

* chore: move feature to the end of the list

* chore: remove white spaces

* chore: remove white spaces

* chore: update comment to rerun build

(cherry picked from commit 1a658c7f31)

# Conflicts:
#	programs/bpf/Cargo.toml
#	programs/bpf_loader/src/syscalls.rs
#	sdk/src/feature_set.rs

* chore: fixe merge conflicts

Co-authored-by: Sebastian Bor <Sebastian_Bor@hotmail.com>
This commit is contained in:
mergify[bot]
2021-04-30 20:47:38 +00:00
committed by GitHub
parent c3dc23e84a
commit b0c0739db9
6 changed files with 187 additions and 40 deletions

View File

@@ -20,7 +20,8 @@ use solana_sdk::{
epoch_schedule::EpochSchedule,
feature_set::{
cpi_data_cost, cpi_share_ro_and_exec_accounts, demote_sysvar_write_locks,
enforce_aligned_host_addrs, sysvar_via_syscall, update_data_on_realloc,
enforce_aligned_host_addrs, set_upgrade_authority_via_cpi_enabled, sysvar_via_syscall,
update_data_on_realloc,
},
hash::{Hasher, HASH_BYTES},
ic_msg,
@@ -1817,12 +1818,16 @@ fn check_account_infos(
fn check_authorized_program(
program_id: &Pubkey,
instruction_data: &[u8],
invoke_context: &Ref<&mut dyn InvokeContext>,
) -> Result<(), EbpfError<BpfError>> {
if native_loader::check_id(program_id)
|| bpf_loader::check_id(program_id)
|| bpf_loader_deprecated::check_id(program_id)
|| (bpf_loader_upgradeable::check_id(program_id)
&& !bpf_loader_upgradeable::is_upgrade_instruction(instruction_data))
&& !(bpf_loader_upgradeable::is_upgrade_instruction(instruction_data)
|| (bpf_loader_upgradeable::is_set_authority_instruction(instruction_data)
&& invoke_context
.is_feature_active(&set_upgrade_authority_via_cpi_enabled::id()))))
{
return Err(SyscallError::ProgramNotSupported(*program_id).into());
}
@@ -1936,7 +1941,7 @@ fn call<'a>(
}
})
.collect::<Vec<bool>>();
check_authorized_program(&callee_program_id, &instruction.data)?;
check_authorized_program(&callee_program_id, &instruction.data, &invoke_context)?;
let (accounts, account_refs) = syscall.translate_accounts(
&message.account_keys,
&caller_write_privileges,