Prevent the invoke and upgrade of programs in the same tx batch (#14653)

* Prevent the invoke and upgrade of programs in the same tx batch * Pass program address as writable in the upgrade instruction
2021-01-19 16:24:44 -08:00
parent 4964b0fe61
commit e3bd9e5300
9 changed files with 1544 additions and 162 deletions
--- a/sdk/program/src/bpf_loader_upgradeable.rs
+++ b/sdk/program/src/bpf_loader_upgradeable.rs
@ -182,7 +182,7 @@ pub fn upgrade(
        &UpgradeableLoaderInstruction::Upgrade,
        vec![
            AccountMeta::new(programdata_address, false),
-            AccountMeta::new_readonly(*program_address, false),
+            AccountMeta::new(*program_address, false),
            AccountMeta::new(*buffer_address, false),
            AccountMeta::new(*spill_address, false),
            AccountMeta::new_readonly(sysvar::rent::id(), false),
@ -250,4 +250,45 @@ mod tests {
            UpgradeableLoaderState::programdata_len(42).unwrap()
        );
    }
+
+    #[test]
+    fn test_is_upgrade_instruction() {
+        assert_eq!(
+            false,
+            is_upgrade_instruction(
+                &bincode::serialize(&UpgradeableLoaderInstruction::InitializeBuffer).unwrap()
+            )
+        );
+        assert_eq!(
+            false,
+            is_upgrade_instruction(
+                &bincode::serialize(&UpgradeableLoaderInstruction::Write {
+                    offset: 0,
+                    bytes: vec![],
+                })
+                .unwrap()
+            )
+        );
+        assert_eq!(
+            false,
+            is_upgrade_instruction(
+                &bincode::serialize(&UpgradeableLoaderInstruction::DeployWithMaxDataLen {
+                    max_data_len: 0,
+                })
+                .unwrap()
+            )
+        );
+        assert_eq!(
+            true,
+            is_upgrade_instruction(
+                &bincode::serialize(&UpgradeableLoaderInstruction::Upgrade).unwrap()
+            )
+        );
+        assert_eq!(
+            false,
+            is_upgrade_instruction(
+                &bincode::serialize(&UpgradeableLoaderInstruction::SetAuthority).unwrap()
+            )
+        );
+    }
 }
--- a/sdk/program/src/loader_upgradeable_instruction.rs
+++ b/sdk/program/src/loader_upgradeable_instruction.rs
@ -86,7 +86,7 @@ pub enum UpgradeableLoaderInstruction {
    ///
    /// # Account references
    ///   0. [writable] The ProgramData account.
-    ///   1. [] The Program account.
+    ///   1. [writable] The Program account.
    ///   2. [Writable] The Buffer account where the program data has been
    ///      written.
    ///   3. [writable] The spill account.
--- a/sdk/src/feature_set.rs
+++ b/sdk/src/feature_set.rs
@ -142,6 +142,10 @@ pub mod turbine_retransmit_peers_patch {
    solana_sdk::declare_id!("5Lu3JnWSFwRYpXzwDMkanWSk6XqSuF2i5fpnVhzB5CTc");
 }

+pub mod prevent_upgrade_and_invoke {
+    solana_sdk::declare_id!("BiNjYd8jCYDgAwMqP91uwZs6skWpuHtKrZbckuKESs8N");
+}
+
 lazy_static! {
    /// Map of feature identifiers to user-visible description
    pub static ref FEATURE_NAMES: HashMap<Pubkey, &'static str> = [
@ -179,6 +183,7 @@ lazy_static! {
        (abort_on_all_cpi_failures::id(), "Abort on all CPI failures"),
        (use_loaded_executables::id(), "Use loaded executable accounts"),
        (turbine_retransmit_peers_patch::id(), "turbine retransmit peers patch #14631"),
+        (prevent_upgrade_and_invoke::id(), "Prevent upgrade and invoke in same tx batch"),
        /*************** ADD NEW FEATURES HERE ***************/
    ]
    .iter()