(cherry picked from commit ccdf93e2b8)
Co-authored-by: Jack May <jack@solana.com>
This commit is contained in:
mergify[bot]
GitHub
@ -26,6 +26,7 @@ fn bench_verify_account_changes_data(bencher: &mut Bencher) {
|
|||||||
&post,
|
&post,
|
||||||
&mut ExecuteDetailsTimings::default(),
|
&mut ExecuteDetailsTimings::default(),
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
),
|
),
|
||||||
Ok(())
|
Ok(())
|
||||||
);
|
);
|
||||||
@ -39,6 +40,7 @@ fn bench_verify_account_changes_data(bencher: &mut Bencher) {
|
|||||||
&post,
|
&post,
|
||||||
&mut ExecuteDetailsTimings::default(),
|
&mut ExecuteDetailsTimings::default(),
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
)
|
)
|
||||||
.unwrap();
|
.unwrap();
|
||||||
});
|
});
|
||||||
@ -63,6 +65,7 @@ fn bench_verify_account_changes_data(bencher: &mut Bencher) {
|
|||||||
&post,
|
&post,
|
||||||
&mut ExecuteDetailsTimings::default(),
|
&mut ExecuteDetailsTimings::default(),
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
)
|
)
|
||||||
.unwrap();
|
.unwrap();
|
||||||
});
|
});
|
||||||
|
|||||||
@ -8,7 +8,7 @@ use solana_sdk::{
|
|||||||
account::{AccountSharedData, ReadableAccount, WritableAccount},
|
account::{AccountSharedData, ReadableAccount, WritableAccount},
|
||||||
account_utils::StateMut,
|
account_utils::StateMut,
|
||||||
bpf_loader_upgradeable::{self, UpgradeableLoaderState},
|
bpf_loader_upgradeable::{self, UpgradeableLoaderState},
|
||||||
feature_set::{instructions_sysvar_enabled, FeatureSet},
|
feature_set::{instructions_sysvar_enabled, updated_verify_policy, FeatureSet},
|
||||||
ic_logger_msg, ic_msg,
|
ic_logger_msg, ic_msg,
|
||||||
instruction::{CompiledInstruction, Instruction, InstructionError},
|
instruction::{CompiledInstruction, Instruction, InstructionError},
|
||||||
keyed_account::{create_keyed_accounts_unified, keyed_account_at_index, KeyedAccount},
|
keyed_account::{create_keyed_accounts_unified, keyed_account_at_index, KeyedAccount},
|
||||||
@ -103,6 +103,7 @@ impl PreAccount {
|
|||||||
post: &AccountSharedData,
|
post: &AccountSharedData,
|
||||||
timings: &mut ExecuteDetailsTimings,
|
timings: &mut ExecuteDetailsTimings,
|
||||||
outermost_call: bool,
|
outermost_call: bool,
|
||||||
|
updated_verify_policy: bool,
|
||||||
) -> Result<(), InstructionError> {
|
) -> Result<(), InstructionError> {
|
||||||
let pre = self.account.borrow();
|
let pre = self.account.borrow();
|
||||||
|
|
||||||
@ -171,9 +172,14 @@ impl PreAccount {
|
|||||||
if !rent.is_exempt(post.lamports(), post.data().len()) {
|
if !rent.is_exempt(post.lamports(), post.data().len()) {
|
||||||
return Err(InstructionError::ExecutableAccountNotRentExempt);
|
return Err(InstructionError::ExecutableAccountNotRentExempt);
|
||||||
}
|
}
|
||||||
|
let owner = if updated_verify_policy {
|
||||||
|
post.owner()
|
||||||
|
} else {
|
||||||
|
pre.owner()
|
||||||
|
};
|
||||||
if !is_writable // line coverage used to get branch coverage
|
if !is_writable // line coverage used to get branch coverage
|
||||||
|| pre.executable()
|
|| pre.executable()
|
||||||
|| program_id != post.owner()
|
|| program_id != owner
|
||||||
{
|
{
|
||||||
return Err(InstructionError::ExecutableModified);
|
return Err(InstructionError::ExecutableModified);
|
||||||
}
|
}
|
||||||
@ -401,6 +407,7 @@ impl<'a> InvokeContext for ThisInvokeContext<'a> {
|
|||||||
write_privileges,
|
write_privileges,
|
||||||
&mut self.timings,
|
&mut self.timings,
|
||||||
logger,
|
logger,
|
||||||
|
self.feature_set.is_active(&updated_verify_policy::id()),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
fn get_caller(&self) -> Result<&Pubkey, InstructionError> {
|
fn get_caller(&self) -> Result<&Pubkey, InstructionError> {
|
||||||
@ -984,6 +991,7 @@ impl MessageProcessor {
|
|||||||
rent: &Rent,
|
rent: &Rent,
|
||||||
timings: &mut ExecuteDetailsTimings,
|
timings: &mut ExecuteDetailsTimings,
|
||||||
logger: Rc<RefCell<dyn Logger>>,
|
logger: Rc<RefCell<dyn Logger>>,
|
||||||
|
updated_verify_policy: bool,
|
||||||
) -> Result<(), InstructionError> {
|
) -> Result<(), InstructionError> {
|
||||||
// Verify all executable accounts have zero outstanding refs
|
// Verify all executable accounts have zero outstanding refs
|
||||||
Self::verify_account_references(executable_accounts)?;
|
Self::verify_account_references(executable_accounts)?;
|
||||||
@ -1009,6 +1017,7 @@ impl MessageProcessor {
|
|||||||
&account,
|
&account,
|
||||||
timings,
|
timings,
|
||||||
true,
|
true,
|
||||||
|
updated_verify_policy,
|
||||||
)
|
)
|
||||||
.map_err(|err| {
|
.map_err(|err| {
|
||||||
ic_logger_msg!(
|
ic_logger_msg!(
|
||||||
@ -1044,6 +1053,7 @@ impl MessageProcessor {
|
|||||||
write_privileges: &[bool],
|
write_privileges: &[bool],
|
||||||
timings: &mut ExecuteDetailsTimings,
|
timings: &mut ExecuteDetailsTimings,
|
||||||
logger: Rc<RefCell<dyn Logger>>,
|
logger: Rc<RefCell<dyn Logger>>,
|
||||||
|
updated_verify_policy: bool,
|
||||||
) -> Result<(), InstructionError> {
|
) -> Result<(), InstructionError> {
|
||||||
// Verify the per-account instruction results
|
// Verify the per-account instruction results
|
||||||
let (mut pre_sum, mut post_sum) = (0_u128, 0_u128);
|
let (mut pre_sum, mut post_sum) = (0_u128, 0_u128);
|
||||||
@ -1062,7 +1072,15 @@ impl MessageProcessor {
|
|||||||
}
|
}
|
||||||
let account = account.borrow();
|
let account = account.borrow();
|
||||||
pre_account
|
pre_account
|
||||||
.verify(program_id, is_writable, rent, &account, timings, false)
|
.verify(
|
||||||
|
program_id,
|
||||||
|
is_writable,
|
||||||
|
rent,
|
||||||
|
&account,
|
||||||
|
timings,
|
||||||
|
false,
|
||||||
|
updated_verify_policy,
|
||||||
|
)
|
||||||
.map_err(|err| {
|
.map_err(|err| {
|
||||||
ic_logger_msg!(logger, "failed to verify account {}: {}", key, err);
|
ic_logger_msg!(logger, "failed to verify account {}: {}", key, err);
|
||||||
err
|
err
|
||||||
@ -1152,6 +1170,7 @@ impl MessageProcessor {
|
|||||||
&rent_collector.rent,
|
&rent_collector.rent,
|
||||||
timings,
|
timings,
|
||||||
invoke_context.get_logger(),
|
invoke_context.get_logger(),
|
||||||
|
invoke_context.is_feature_active(&updated_verify_policy::id()),
|
||||||
)?;
|
)?;
|
||||||
|
|
||||||
timings.accumulate(&invoke_context.timings);
|
timings.accumulate(&invoke_context.timings);
|
||||||
@ -1448,6 +1467,7 @@ mod tests {
|
|||||||
&self.post,
|
&self.post,
|
||||||
&mut ExecuteDetailsTimings::default(),
|
&mut ExecuteDetailsTimings::default(),
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -151,6 +151,10 @@ pub mod vote_stake_checked_instructions {
|
|||||||
solana_sdk::declare_id!("BcWknVcgvonN8sL4HE4XFuEVgfcee5MwxWPAgP6ZV89X");
|
solana_sdk::declare_id!("BcWknVcgvonN8sL4HE4XFuEVgfcee5MwxWPAgP6ZV89X");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub mod updated_verify_policy {
|
||||||
|
solana_sdk::declare_id!("k15tVxtkgsmo7dy6iJ56N5hBCxuQAtqRgYwoTDuwbia");
|
||||||
|
}
|
||||||
|
|
||||||
lazy_static! {
|
lazy_static! {
|
||||||
/// Map of feature identifiers to user-visible description
|
/// Map of feature identifiers to user-visible description
|
||||||
pub static ref FEATURE_NAMES: HashMap<Pubkey, &'static str> = [
|
pub static ref FEATURE_NAMES: HashMap<Pubkey, &'static str> = [
|
||||||
@ -188,6 +192,7 @@ lazy_static! {
|
|||||||
(system_transfer_zero_check::id(), "perform all checks for transfers of 0 lamports"),
|
(system_transfer_zero_check::id(), "perform all checks for transfers of 0 lamports"),
|
||||||
(dedupe_config_program_signers::id(), "dedupe config program signers"),
|
(dedupe_config_program_signers::id(), "dedupe config program signers"),
|
||||||
(vote_stake_checked_instructions::id(), "vote/state program checked instructions #18345"),
|
(vote_stake_checked_instructions::id(), "vote/state program checked instructions #18345"),
|
||||||
|
(updated_verify_policy::id(), "Update verify policy"),
|
||||||
/*************** ADD NEW FEATURES HERE ***************/
|
/*************** ADD NEW FEATURES HERE ***************/
|
||||||
]
|
]
|
||||||
.iter()
|
.iter()
|
||||||
|
|||||||
Reference in New Issue
Block a user