diff --git a/runtime/benches/message_processor.rs b/runtime/benches/message_processor.rs index d36eb865a9..1a3665607f 100644 --- a/runtime/benches/message_processor.rs +++ b/runtime/benches/message_processor.rs @@ -26,6 +26,7 @@ fn bench_verify_account_changes_data(bencher: &mut Bencher) { &post, &mut ExecuteDetailsTimings::default(), false, + true, ), Ok(()) ); @@ -39,6 +40,7 @@ fn bench_verify_account_changes_data(bencher: &mut Bencher) { &post, &mut ExecuteDetailsTimings::default(), false, + true, ) .unwrap(); }); @@ -63,6 +65,7 @@ fn bench_verify_account_changes_data(bencher: &mut Bencher) { &post, &mut ExecuteDetailsTimings::default(), false, + true, ) .unwrap(); }); diff --git a/runtime/src/message_processor.rs b/runtime/src/message_processor.rs index 4e2d4502e8..6bddaa21fc 100644 --- a/runtime/src/message_processor.rs +++ b/runtime/src/message_processor.rs @@ -8,7 +8,7 @@ use solana_sdk::{ account::{AccountSharedData, ReadableAccount, WritableAccount}, account_utils::StateMut, bpf_loader_upgradeable::{self, UpgradeableLoaderState}, - feature_set::{instructions_sysvar_enabled, FeatureSet}, + feature_set::{instructions_sysvar_enabled, updated_verify_policy, FeatureSet}, ic_logger_msg, ic_msg, instruction::{CompiledInstruction, Instruction, InstructionError}, keyed_account::{create_keyed_accounts_unified, keyed_account_at_index, KeyedAccount}, @@ -103,6 +103,7 @@ impl PreAccount { post: &AccountSharedData, timings: &mut ExecuteDetailsTimings, outermost_call: bool, + updated_verify_policy: bool, ) -> Result<(), InstructionError> { let pre = self.account.borrow(); @@ -171,9 +172,14 @@ impl PreAccount { if !rent.is_exempt(post.lamports(), post.data().len()) { return Err(InstructionError::ExecutableAccountNotRentExempt); } + let owner = if updated_verify_policy { + post.owner() + } else { + pre.owner() + }; if !is_writable // line coverage used to get branch coverage || pre.executable() - || program_id != post.owner() + || program_id != owner { return Err(InstructionError::ExecutableModified); } @@ -401,6 +407,7 @@ impl<'a> InvokeContext for ThisInvokeContext<'a> { write_privileges, &mut self.timings, logger, + self.feature_set.is_active(&updated_verify_policy::id()), ) } fn get_caller(&self) -> Result<&Pubkey, InstructionError> { @@ -984,6 +991,7 @@ impl MessageProcessor { rent: &Rent, timings: &mut ExecuteDetailsTimings, logger: Rc>, + updated_verify_policy: bool, ) -> Result<(), InstructionError> { // Verify all executable accounts have zero outstanding refs Self::verify_account_references(executable_accounts)?; @@ -1009,6 +1017,7 @@ impl MessageProcessor { &account, timings, true, + updated_verify_policy, ) .map_err(|err| { ic_logger_msg!( @@ -1044,6 +1053,7 @@ impl MessageProcessor { write_privileges: &[bool], timings: &mut ExecuteDetailsTimings, logger: Rc>, + updated_verify_policy: bool, ) -> Result<(), InstructionError> { // Verify the per-account instruction results let (mut pre_sum, mut post_sum) = (0_u128, 0_u128); @@ -1062,7 +1072,15 @@ impl MessageProcessor { } let account = account.borrow(); pre_account - .verify(program_id, is_writable, rent, &account, timings, false) + .verify( + program_id, + is_writable, + rent, + &account, + timings, + false, + updated_verify_policy, + ) .map_err(|err| { ic_logger_msg!(logger, "failed to verify account {}: {}", key, err); err @@ -1152,6 +1170,7 @@ impl MessageProcessor { &rent_collector.rent, timings, invoke_context.get_logger(), + invoke_context.is_feature_active(&updated_verify_policy::id()), )?; timings.accumulate(&invoke_context.timings); @@ -1448,6 +1467,7 @@ mod tests { &self.post, &mut ExecuteDetailsTimings::default(), false, + true, ) } } diff --git a/sdk/src/feature_set.rs b/sdk/src/feature_set.rs index cc9f6e111e..d6bf079f28 100644 --- a/sdk/src/feature_set.rs +++ b/sdk/src/feature_set.rs @@ -151,6 +151,10 @@ pub mod vote_stake_checked_instructions { solana_sdk::declare_id!("BcWknVcgvonN8sL4HE4XFuEVgfcee5MwxWPAgP6ZV89X"); } +pub mod updated_verify_policy { + solana_sdk::declare_id!("k15tVxtkgsmo7dy6iJ56N5hBCxuQAtqRgYwoTDuwbia"); +} + lazy_static! { /// Map of feature identifiers to user-visible description pub static ref FEATURE_NAMES: HashMap = [ @@ -188,6 +192,7 @@ lazy_static! { (system_transfer_zero_check::id(), "perform all checks for transfers of 0 lamports"), (dedupe_config_program_signers::id(), "dedupe config program signers"), (vote_stake_checked_instructions::id(), "vote/state program checked instructions #18345"), + (updated_verify_policy::id(), "Update verify policy"), /*************** ADD NEW FEATURES HERE ***************/ ] .iter()