From fcda5d4a7d0a60f75240cde560f54a9eaa4b1562 Mon Sep 17 00:00:00 2001 From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com> Date: Sat, 4 Sep 2021 06:46:09 +0000 Subject: [PATCH] Demote write locks on transaction program ids (backport #19593) (#19633) * Demote write locks on transaction program ids (#19593) * Add feature * Demote write lock on program ids * Fixup bpf tests * Update MappedMessage::is_writable * Comma nit * Review comments (cherry picked from commit decec3cd8b27dca05814ac884f6d61c23acd3131) # Conflicts: # core/src/banking_stage.rs # core/src/cost_model.rs # core/src/cost_tracker.rs # ledger-tool/src/main.rs # program-runtime/src/instruction_processor.rs # programs/bpf/tests/programs.rs # programs/bpf_loader/src/syscalls.rs # rpc/src/transaction_status_service.rs # runtime/src/accounts.rs # runtime/src/bank.rs # runtime/src/message_processor.rs # sdk/benches/serialize_instructions.rs # sdk/program/src/message/mapped.rs # sdk/program/src/message/sanitized.rs # sdk/src/transaction/sanitized.rs * Fix conflicts Co-authored-by: Tyera Eulberg Co-authored-by: Tyera Eulberg --- cli-output/src/display.rs | 2 +- program-test/src/lib.rs | 7 +- programs/bpf/tests/programs.rs | 97 +---------------- programs/bpf_loader/src/syscalls.rs | 18 +++- rpc/src/transaction_status_service.rs | 5 +- runtime/src/accounts.rs | 131 +++++++++++++++++++---- runtime/src/bank.rs | 30 ++++-- runtime/src/message_processor.rs | 39 +++++-- sdk/benches/serialize_instructions.rs | 8 +- sdk/program/src/message.rs | 43 +++++--- sdk/src/feature_set.rs | 5 + transaction-status/src/parse_accounts.rs | 2 +- 12 files changed, 227 insertions(+), 160 deletions(-) diff --git a/cli-output/src/display.rs b/cli-output/src/display.rs index f8f7e8274a..b44af327c0 100644 --- a/cli-output/src/display.rs +++ b/cli-output/src/display.rs @@ -140,7 +140,7 @@ fn format_account_mode(message: &Message, index: usize) -> String { } else { "-" }, - if message.is_writable(index) { + if message.is_writable(index, /*demote_program_write_locks=*/ true) { "w" // comment for consistent rust fmt (no joking; lol) } else { "-" diff --git a/program-test/src/lib.rs b/program-test/src/lib.rs index 636fa68d60..f839014024 100644 --- a/program-test/src/lib.rs +++ b/program-test/src/lib.rs @@ -19,6 +19,7 @@ use { clock::{Clock, Slot}, entrypoint::{ProgramResult, SUCCESS}, epoch_schedule::EpochSchedule, + feature_set::demote_program_write_locks, fee_calculator::{FeeCalculator, FeeRateGovernor}, genesis_config::{ClusterType, GenesisConfig}, hash::Hash, @@ -258,12 +259,14 @@ impl solana_sdk::program_stubs::SyscallStubs for SyscallStubs { } panic!("Program id {} wasn't found in account_infos", program_id); }; + let demote_program_write_locks = + invoke_context.is_feature_active(&demote_program_write_locks::id()); // TODO don't have the caller's keyed_accounts so can't validate writer or signer escalation or deescalation yet let caller_privileges = message .account_keys .iter() .enumerate() - .map(|(i, _)| message.is_writable(i)) + .map(|(i, _)| message.is_writable(i, demote_program_write_locks)) .collect::>(); stable_log::program_invoke(&logger, &program_id, invoke_context.invoke_depth()); @@ -334,7 +337,7 @@ impl solana_sdk::program_stubs::SyscallStubs for SyscallStubs { // Copy writeable account modifications back into the caller's AccountInfos for (i, (pubkey, account)) in accounts.iter().enumerate().take(message.account_keys.len()) { - if !message.is_writable(i) { + if !message.is_writable(i, demote_program_write_locks) { continue; } for account_info in account_infos { diff --git a/programs/bpf/tests/programs.rs b/programs/bpf/tests/programs.rs index c394f72b98..5183252c21 100644 --- a/programs/bpf/tests/programs.rs +++ b/programs/bpf/tests/programs.rs @@ -1782,7 +1782,7 @@ fn test_program_bpf_upgrade_and_invoke_in_same_tx() { "solana_bpf_rust_panic", ); - // Invoke, then upgrade the program, and then invoke again in same tx + // Attempt to invoke, then upgrade the program in same tx let message = Message::new( &[ invoke_instruction.clone(), @@ -1801,10 +1801,12 @@ fn test_program_bpf_upgrade_and_invoke_in_same_tx() { message.clone(), bank.last_blockhash(), ); + // program_id is automatically demoted to readonly, preventing the upgrade, which requires + // writeability let (result, _) = process_transaction_and_record_inner(&bank, tx); assert_eq!( result.unwrap_err(), - TransactionError::InstructionError(2, InstructionError::ProgramFailedToComplete) + TransactionError::InstructionError(1, InstructionError::InvalidArgument) ); } @@ -2103,97 +2105,6 @@ fn test_program_bpf_upgrade_via_cpi() { assert_ne!(programdata, original_programdata); } -#[cfg(feature = "bpf_rust")] -#[test] -fn test_program_bpf_upgrade_self_via_cpi() { - solana_logger::setup(); - - let GenesisConfigInfo { - genesis_config, - mint_keypair, - .. - } = create_genesis_config(50); - let mut bank = Bank::new(&genesis_config); - let (name, id, entrypoint) = solana_bpf_loader_program!(); - bank.add_builtin(&name, id, entrypoint); - let (name, id, entrypoint) = solana_bpf_loader_upgradeable_program!(); - bank.add_builtin(&name, id, entrypoint); - let bank = Arc::new(bank); - let bank_client = BankClient::new_shared(&bank); - let noop_program_id = load_bpf_program( - &bank_client, - &bpf_loader::id(), - &mint_keypair, - "solana_bpf_rust_noop", - ); - - // Deploy upgradeable program - let buffer_keypair = Keypair::new(); - let program_keypair = Keypair::new(); - let program_id = program_keypair.pubkey(); - let authority_keypair = Keypair::new(); - load_upgradeable_bpf_program( - &bank_client, - &mint_keypair, - &buffer_keypair, - &program_keypair, - &authority_keypair, - "solana_bpf_rust_invoke_and_return", - ); - - let mut invoke_instruction = Instruction::new_with_bytes( - program_id, - &[0], - vec![ - AccountMeta::new(noop_program_id, false), - AccountMeta::new(noop_program_id, false), - AccountMeta::new(clock::id(), false), - AccountMeta::new(fees::id(), false), - ], - ); - - // Call the upgraded program - invoke_instruction.data[0] += 1; - let result = - bank_client.send_and_confirm_instruction(&mint_keypair, invoke_instruction.clone()); - assert!(result.is_ok()); - - // Prepare for upgrade - let buffer_keypair = Keypair::new(); - load_upgradeable_buffer( - &bank_client, - &mint_keypair, - &buffer_keypair, - &authority_keypair, - "solana_bpf_rust_panic", - ); - - // Invoke, then upgrade the program, and then invoke again in same tx - let message = Message::new( - &[ - invoke_instruction.clone(), - bpf_loader_upgradeable::upgrade( - &program_id, - &buffer_keypair.pubkey(), - &authority_keypair.pubkey(), - &mint_keypair.pubkey(), - ), - invoke_instruction, - ], - Some(&mint_keypair.pubkey()), - ); - let tx = Transaction::new( - &[&mint_keypair, &authority_keypair], - message.clone(), - bank.last_blockhash(), - ); - let (result, _) = process_transaction_and_record_inner(&bank, tx); - assert_eq!( - result.unwrap_err(), - TransactionError::InstructionError(2, InstructionError::ProgramFailedToComplete) - ); -} - #[cfg(feature = "bpf_rust")] #[test] fn test_program_bpf_set_upgrade_authority_via_cpi() { diff --git a/programs/bpf_loader/src/syscalls.rs b/programs/bpf_loader/src/syscalls.rs index 3145a14cc1..ed238654de 100644 --- a/programs/bpf_loader/src/syscalls.rs +++ b/programs/bpf_loader/src/syscalls.rs @@ -19,9 +19,9 @@ use solana_sdk::{ entrypoint::{MAX_PERMITTED_DATA_INCREASE, SUCCESS}, epoch_schedule::EpochSchedule, feature_set::{ - close_upgradeable_program_accounts, cpi_data_cost, enforce_aligned_host_addrs, - keccak256_syscall_enabled, libsecp256k1_0_5_upgrade_enabled, mem_overlap_fix, - memory_ops_syscalls, secp256k1_recover_syscall_enabled, + close_upgradeable_program_accounts, cpi_data_cost, demote_program_write_locks, + enforce_aligned_host_addrs, keccak256_syscall_enabled, libsecp256k1_0_5_upgrade_enabled, + mem_overlap_fix, memory_ops_syscalls, secp256k1_recover_syscall_enabled, set_upgrade_authority_via_cpi_enabled, sysvar_via_syscall, update_data_on_realloc, }, hash::{Hasher, HASH_BYTES}, @@ -2244,7 +2244,14 @@ fn call<'a>( signers_seeds_len: u64, memory_mapping: &MemoryMapping, ) -> Result> { - let (message, executables, accounts, account_refs, caller_write_privileges) = { + let ( + message, + executables, + accounts, + account_refs, + caller_write_privileges, + demote_program_write_locks, + ) = { let invoke_context = syscall.get_context()?; invoke_context @@ -2335,6 +2342,7 @@ fn call<'a>( accounts, account_refs, caller_write_privileges, + invoke_context.is_feature_active(&demote_program_write_locks::id()), ) }; @@ -2360,7 +2368,7 @@ fn call<'a>( for (i, ((_key, account), account_ref)) in accounts.iter().zip(account_refs).enumerate() { let account = account.borrow(); if let Some(mut account_ref) = account_ref { - if message.is_writable(i) && !account.executable() { + if message.is_writable(i, demote_program_write_locks) && !account.executable() { *account_ref.lamports = account.lamports(); *account_ref.owner = *account.owner(); if account_ref.data.len() != account.data().len() { diff --git a/rpc/src/transaction_status_service.rs b/rpc/src/transaction_status_service.rs index e79f4d1c6f..60b1f1f7e8 100644 --- a/rpc/src/transaction_status_service.rs +++ b/rpc/src/transaction_status_service.rs @@ -112,8 +112,9 @@ impl TransactionStatusService { }) .expect("FeeCalculator must exist"); let fee = fee_calculator.calculate_fee(transaction.message()); - let (writable_keys, readonly_keys) = - transaction.message.get_account_keys_by_lock_type(); + let (writable_keys, readonly_keys) = transaction + .message + .get_account_keys_by_lock_type(bank.demote_program_write_locks()); let inner_instructions = inner_instructions.map(|inner_instructions| { inner_instructions diff --git a/runtime/src/accounts.rs b/runtime/src/accounts.rs index 57c9960e8d..ebdeb5623d 100644 --- a/runtime/src/accounts.rs +++ b/runtime/src/accounts.rs @@ -179,8 +179,11 @@ impl Accounts { false } - fn construct_instructions_account(message: &Message) -> AccountSharedData { - let mut data = message.serialize_instructions(); + fn construct_instructions_account( + message: &Message, + demote_program_write_locks: bool, + ) -> AccountSharedData { + let mut data = message.serialize_instructions(demote_program_write_locks); // add room for current instruction index. data.resize(data.len() + 2, 0); AccountSharedData::from(Account { @@ -212,6 +215,8 @@ impl Accounts { let mut key_check = MessageProgramIdsCache::new(message); let mut rent_debits = RentDebits::default(); let rent_for_sysvars = feature_set.is_active(&feature_set::rent_for_sysvars::id()); + let demote_program_write_locks = + feature_set.is_active(&feature_set::demote_program_write_locks::id()); for (i, key) in message.account_keys.iter().enumerate() { let account = if key_check.is_non_loader_key(key, i) { @@ -222,16 +227,16 @@ impl Accounts { if solana_sdk::sysvar::instructions::check_id(key) && feature_set.is_active(&feature_set::instructions_sysvar_enabled::id()) { - if message.is_writable(i) { + if message.is_writable(i, demote_program_write_locks) { return Err(TransactionError::InvalidAccountIndex); } - Self::construct_instructions_account(message) + Self::construct_instructions_account(message, demote_program_write_locks) } else { let (account, rent) = self .accounts_db .load_with_fixed_root(ancestors, key) .map(|(mut account, _)| { - if message.is_writable(i) { + if message.is_writable(i, demote_program_write_locks) { let rent_due = rent_collector.collect_from_existing_account( key, &mut account, @@ -860,7 +865,11 @@ impl Accounts { /// same time #[must_use] #[allow(clippy::needless_collect)] - pub fn lock_accounts<'a>(&self, txs: impl Iterator) -> Vec> { + pub fn lock_accounts<'a>( + &self, + txs: impl Iterator, + demote_program_write_locks: bool, + ) -> Vec> { use solana_sdk::sanitize::Sanitize; let keys: Vec> = txs .map(|tx| { @@ -870,7 +879,9 @@ impl Accounts { return Err(TransactionError::AccountLoadedTwice); } - Ok(tx.message().get_account_keys_by_lock_type()) + Ok(tx + .message() + .get_account_keys_by_lock_type(demote_program_write_locks)) }) .collect(); let mut account_locks = &mut self.account_locks.lock().unwrap(); @@ -890,6 +901,7 @@ impl Accounts { &self, txs: impl Iterator, results: &[Result<()>], + demote_program_write_locks: bool, ) { let keys: Vec<_> = txs .zip(results) @@ -897,7 +909,10 @@ impl Accounts { Err(TransactionError::AccountInUse) => None, Err(TransactionError::SanitizeFailure) => None, Err(TransactionError::AccountLoadedTwice) => None, - _ => Some(tx.message.get_account_keys_by_lock_type()), + _ => Some( + tx.message + .get_account_keys_by_lock_type(demote_program_write_locks), + ), }) .collect(); let mut account_locks = self.account_locks.lock().unwrap(); @@ -921,6 +936,7 @@ impl Accounts { fix_recent_blockhashes_sysvar_delay: bool, rent_for_sysvars: bool, merge_nonce_error_into_system_error: bool, + demote_program_write_locks: bool, ) { let accounts_to_store = self.collect_accounts_to_store( txs, @@ -931,6 +947,7 @@ impl Accounts { fix_recent_blockhashes_sysvar_delay, rent_for_sysvars, merge_nonce_error_into_system_error, + demote_program_write_locks, ); self.accounts_db.store_cached(slot, &accounts_to_store); } @@ -947,6 +964,7 @@ impl Accounts { self.accounts_db.add_root(slot) } + #[allow(clippy::too_many_arguments)] fn collect_accounts_to_store<'a>( &self, txs: impl Iterator, @@ -957,6 +975,7 @@ impl Accounts { fix_recent_blockhashes_sysvar_delay: bool, rent_for_sysvars: bool, merge_nonce_error_into_system_error: bool, + demote_program_write_locks: bool, ) -> Vec<(&'a Pubkey, &'a AccountSharedData)> { let mut accounts = Vec::with_capacity(loaded.len()); for (i, ((raccs, _nonce_rollback), tx)) in loaded.iter_mut().zip(txs).enumerate() { @@ -1006,7 +1025,7 @@ impl Accounts { fee_payer_index = Some(i); } let is_fee_payer = Some(i) == fee_payer_index; - if message.is_writable(i) + if message.is_writable(i, demote_program_write_locks) && (res.is_ok() || (maybe_nonce_rollback.is_some() && (is_nonce_account || is_fee_payer))) { @@ -1775,6 +1794,8 @@ mod tests { accounts.store_slow_uncached(0, &keypair2.pubkey(), &account2); accounts.store_slow_uncached(0, &keypair3.pubkey(), &account3); + let demote_program_write_locks = true; + let instructions = vec![CompiledInstruction::new(2, &(), vec![0, 1])]; let message = Message::new_with_compiled_instructions( 1, @@ -1785,7 +1806,7 @@ mod tests { instructions, ); let tx = Transaction::new(&[&keypair0], message, Hash::default()); - let results0 = accounts.lock_accounts([tx.clone()].iter()); + let results0 = accounts.lock_accounts([tx.clone()].iter(), demote_program_write_locks); assert!(results0[0].is_ok()); assert_eq!( @@ -1820,7 +1841,7 @@ mod tests { ); let tx1 = Transaction::new(&[&keypair1], message, Hash::default()); let txs = vec![tx0, tx1]; - let results1 = accounts.lock_accounts(txs.iter()); + let results1 = accounts.lock_accounts(txs.iter(), demote_program_write_locks); assert!(results1[0].is_ok()); // Read-only account (keypair1) can be referenced multiple times assert!(results1[1].is_err()); // Read-only account (keypair1) cannot also be locked as writable @@ -1835,8 +1856,8 @@ mod tests { 2 ); - accounts.unlock_accounts([tx].iter(), &results0); - accounts.unlock_accounts(txs.iter(), &results1); + accounts.unlock_accounts([tx].iter(), &results0, demote_program_write_locks); + accounts.unlock_accounts(txs.iter(), &results1, demote_program_write_locks); let instructions = vec![CompiledInstruction::new(2, &(), vec![0, 1])]; let message = Message::new_with_compiled_instructions( 1, @@ -1847,7 +1868,7 @@ mod tests { instructions, ); let tx = Transaction::new(&[&keypair1], message, Hash::default()); - let results2 = accounts.lock_accounts([tx].iter()); + let results2 = accounts.lock_accounts([tx].iter(), demote_program_write_locks); assert!(results2[0].is_ok()); // Now keypair1 account can be locked as writable // Check that read-only lock with zero references is deleted @@ -1884,6 +1905,8 @@ mod tests { accounts.store_slow_uncached(0, &keypair1.pubkey(), &account1); accounts.store_slow_uncached(0, &keypair2.pubkey(), &account2); + let demote_program_write_locks = true; + let accounts_arc = Arc::new(accounts); let instructions = vec![CompiledInstruction::new(2, &(), vec![0, 1])]; @@ -1916,13 +1939,15 @@ mod tests { let exit_clone = exit_clone.clone(); loop { let txs = vec![writable_tx.clone()]; - let results = accounts_clone.clone().lock_accounts(txs.iter()); + let results = accounts_clone + .clone() + .lock_accounts(txs.iter(), demote_program_write_locks); for result in results.iter() { if result.is_ok() { counter_clone.clone().fetch_add(1, Ordering::SeqCst); } } - accounts_clone.unlock_accounts(txs.iter(), &results); + accounts_clone.unlock_accounts(txs.iter(), &results, demote_program_write_locks); if exit_clone.clone().load(Ordering::Relaxed) { break; } @@ -1931,18 +1956,85 @@ mod tests { let counter_clone = counter; for _ in 0..5 { let txs = vec![readonly_tx.clone()]; - let results = accounts_arc.clone().lock_accounts(txs.iter()); + let results = accounts_arc + .clone() + .lock_accounts(txs.iter(), demote_program_write_locks); if results[0].is_ok() { let counter_value = counter_clone.clone().load(Ordering::SeqCst); thread::sleep(time::Duration::from_millis(50)); assert_eq!(counter_value, counter_clone.clone().load(Ordering::SeqCst)); } - accounts_arc.unlock_accounts(txs.iter(), &results); + accounts_arc.unlock_accounts(txs.iter(), &results, demote_program_write_locks); thread::sleep(time::Duration::from_millis(50)); } exit.store(true, Ordering::Relaxed); } + #[test] + fn test_demote_program_write_locks() { + let keypair0 = Keypair::new(); + let keypair1 = Keypair::new(); + let keypair2 = Keypair::new(); + let keypair3 = Keypair::new(); + + let account0 = AccountSharedData::new(1, 0, &Pubkey::default()); + let account1 = AccountSharedData::new(2, 0, &Pubkey::default()); + let account2 = AccountSharedData::new(3, 0, &Pubkey::default()); + let account3 = AccountSharedData::new(4, 0, &Pubkey::default()); + + let accounts = Accounts::new_with_config( + Vec::new(), + &ClusterType::Development, + AccountSecondaryIndexes::default(), + false, + AccountShrinkThreshold::default(), + ); + accounts.store_slow_uncached(0, &keypair0.pubkey(), &account0); + accounts.store_slow_uncached(0, &keypair1.pubkey(), &account1); + accounts.store_slow_uncached(0, &keypair2.pubkey(), &account2); + accounts.store_slow_uncached(0, &keypair3.pubkey(), &account3); + + let demote_program_write_locks = true; + + let instructions = vec![CompiledInstruction::new(2, &(), vec![0, 1])]; + let message = Message::new_with_compiled_instructions( + 1, + 0, + 0, // All accounts marked as writable + vec![keypair0.pubkey(), keypair1.pubkey(), native_loader::id()], + Hash::default(), + instructions, + ); + let tx = Transaction::new(&[&keypair0], message, Hash::default()); + let results0 = accounts.lock_accounts([tx].iter(), demote_program_write_locks); + + assert!(results0[0].is_ok()); + // Instruction program-id account demoted to readonly + assert_eq!( + *accounts + .account_locks + .lock() + .unwrap() + .readonly_locks + .get(&native_loader::id()) + .unwrap(), + 1 + ); + // Non-program accounts remain writable + assert!(accounts + .account_locks + .lock() + .unwrap() + .write_locks + .contains(&keypair0.pubkey())); + assert!(accounts + .account_locks + .lock() + .unwrap() + .write_locks + .contains(&keypair1.pubkey())); + } + #[test] fn test_collect_accounts_to_store() { let keypair0 = Keypair::new(); @@ -2036,6 +2128,7 @@ mod tests { true, true, true, // merge_nonce_error_into_system_error + true, // demote_program_write_locks ); assert_eq!(collected_accounts.len(), 2); assert!(collected_accounts @@ -2422,6 +2515,7 @@ mod tests { true, true, true, // merge_nonce_error_into_system_error + true, // demote_program_write_locks ); assert_eq!(collected_accounts.len(), 2); assert_eq!( @@ -2540,6 +2634,7 @@ mod tests { true, true, true, // merge_nonce_error_into_system_error + true, // demote_program_write_locks ); assert_eq!(collected_accounts.len(), 1); let collected_nonce_account = collected_accounts diff --git a/runtime/src/bank.rs b/runtime/src/bank.rs index 9659987daa..d810260044 100644 --- a/runtime/src/bank.rs +++ b/runtime/src/bank.rs @@ -2615,10 +2615,10 @@ impl Bank { txs: impl Iterator, ) -> TransactionBatch<'a, 'b> { let hashed_txs: Vec = txs.map(HashedTransaction::from).collect(); - let lock_results = self - .rc - .accounts - .lock_accounts(hashed_txs.as_transactions_iter()); + let lock_results = self.rc.accounts.lock_accounts( + hashed_txs.as_transactions_iter(), + self.demote_program_write_locks(), + ); TransactionBatch::new(lock_results, self, Cow::Owned(hashed_txs)) } @@ -2626,10 +2626,10 @@ impl Bank { &'a self, hashed_txs: &'b [HashedTransaction], ) -> TransactionBatch<'a, 'b> { - let lock_results = self - .rc - .accounts - .lock_accounts(hashed_txs.as_transactions_iter()); + let lock_results = self.rc.accounts.lock_accounts( + hashed_txs.as_transactions_iter(), + self.demote_program_write_locks(), + ); TransactionBatch::new(lock_results, self, Cow::Borrowed(hashed_txs)) } @@ -2708,9 +2708,11 @@ impl Bank { pub fn unlock_accounts(&self, batch: &mut TransactionBatch) { if batch.needs_unlock { batch.needs_unlock = false; - self.rc - .accounts - .unlock_accounts(batch.transactions_iter(), batch.lock_results()) + self.rc.accounts.unlock_accounts( + batch.transactions_iter(), + batch.lock_results(), + self.demote_program_write_locks(), + ) } } @@ -3428,6 +3430,7 @@ impl Bank { self.fix_recent_blockhashes_sysvar_delay(), self.rent_for_sysvars(), self.merge_nonce_error_into_system_error(), + self.demote_program_write_locks(), ); let rent_debits = self.collect_rent(executed, loaded_txs); @@ -5084,6 +5087,11 @@ impl Bank { .is_active(&feature_set::stake_program_advance_activating_credits_observed::id()) } + pub fn demote_program_write_locks(&self) -> bool { + self.feature_set + .is_active(&feature_set::demote_program_write_locks::id()) + } + // Check if the wallclock time from bank creation to now has exceeded the allotted // time for transaction processing pub fn should_bank_still_be_processing_txs( diff --git a/runtime/src/message_processor.rs b/runtime/src/message_processor.rs index fe5348a939..2f44221176 100644 --- a/runtime/src/message_processor.rs +++ b/runtime/src/message_processor.rs @@ -9,7 +9,8 @@ use solana_sdk::{ account_utils::StateMut, bpf_loader_upgradeable::{self, UpgradeableLoaderState}, feature_set::{ - instructions_sysvar_enabled, neon_evm_compute_budget, updated_verify_policy, FeatureSet, + demote_program_write_locks, instructions_sysvar_enabled, neon_evm_compute_budget, + updated_verify_policy, FeatureSet, }, ic_logger_msg, ic_msg, instruction::{CompiledInstruction, Instruction, InstructionError}, @@ -300,6 +301,7 @@ impl<'a> ThisInvokeContext<'a> { instruction, executable_accounts, accounts, + feature_set.is_active(&demote_program_write_locks::id()), ); let mut invoke_context = Self { invoke_stack: Vec::with_capacity(bpf_compute_budget.max_invoke_depth), @@ -611,6 +613,7 @@ impl MessageProcessor { instruction: &'a CompiledInstruction, executable_accounts: &'a [(Pubkey, Rc>)], accounts: &'a [(Pubkey, Rc>)], + demote_program_write_locks: bool, ) -> Vec<(bool, bool, &'a Pubkey, &'a RefCell)> { executable_accounts .iter() @@ -619,7 +622,7 @@ impl MessageProcessor { let index = *index as usize; ( message.is_signer(index), - message.is_writable(index), + message.is_writable(index, demote_program_write_locks), &accounts[index].0, &accounts[index].1 as &RefCell, ) @@ -864,6 +867,8 @@ impl MessageProcessor { { let invoke_context = invoke_context.borrow(); + let demote_program_write_locks = + invoke_context.is_feature_active(&demote_program_write_locks::id()); let keyed_accounts = invoke_context.get_keyed_accounts()?; for (src_keyed_account_index, ((_key, account), dst_keyed_account_index)) in accounts .iter() @@ -872,7 +877,9 @@ impl MessageProcessor { { let dst_keyed_account = &keyed_accounts[dst_keyed_account_index]; let src_keyed_account = account.borrow(); - if message.is_writable(src_keyed_account_index) && !src_keyed_account.executable() { + if message.is_writable(src_keyed_account_index, demote_program_write_locks) + && !src_keyed_account.executable() + { if dst_keyed_account.data_len()? != src_keyed_account.data().len() && dst_keyed_account.data_len()? != 0 { @@ -916,8 +923,15 @@ impl MessageProcessor { invoke_context.verify_and_update(instruction, accounts, caller_write_privileges)?; // Construct keyed accounts - let keyed_accounts = - Self::create_keyed_accounts(message, instruction, executable_accounts, accounts); + let demote_program_write_locks = + invoke_context.is_feature_active(&demote_program_write_locks::id()); + let keyed_accounts = Self::create_keyed_accounts( + message, + instruction, + executable_accounts, + accounts, + demote_program_write_locks, + ); // Invoke callee invoke_context.push(program_id, &keyed_accounts)?; @@ -935,7 +949,7 @@ impl MessageProcessor { if result.is_ok() { // Verify the called program has not misbehaved let write_privileges: Vec = (0..message.account_keys.len()) - .map(|i| message.is_writable(i)) + .map(|i| message.is_writable(i, demote_program_write_locks)) .collect(); result = invoke_context.verify_and_update(instruction, accounts, &write_privileges); } @@ -984,6 +998,7 @@ impl MessageProcessor { } /// Verify the results of an instruction + #[allow(clippy::too_many_arguments)] pub fn verify( message: &Message, instruction: &CompiledInstruction, @@ -994,6 +1009,7 @@ impl MessageProcessor { timings: &mut ExecuteDetailsTimings, logger: Rc>, updated_verify_policy: bool, + demote_program_write_locks: bool, ) -> Result<(), InstructionError> { // Verify all executable accounts have zero outstanding refs Self::verify_account_references(executable_accounts)?; @@ -1014,7 +1030,7 @@ impl MessageProcessor { pre_accounts[unique_index] .verify( program_id, - message.is_writable(account_index), + message.is_writable(account_index, demote_program_write_locks), rent, &account, timings, @@ -1183,6 +1199,7 @@ impl MessageProcessor { timings, invoke_context.get_logger(), invoke_context.is_feature_active(&updated_verify_policy::id()), + invoke_context.is_feature_active(&demote_program_write_locks::id()), )?; timings.accumulate(&invoke_context.timings); @@ -1338,7 +1355,7 @@ mod tests { ))), )); let write_privileges: Vec = (0..message.account_keys.len()) - .map(|i| message.is_writable(i)) + .map(|i| message.is_writable(i, /*demote_program_write_locks=*/ true)) .collect(); invoke_context .verify_and_update(&message.instructions[0], &these_accounts, &write_privileges) @@ -2234,6 +2251,8 @@ mod tests { metas.clone(), ); let message = Message::new(&[instruction], None); + let feature_set = FeatureSet::all_enabled(); + let demote_program_write_locks = feature_set.is_active(&demote_program_write_locks::id()); let ancestors = Ancestors::default(); let mut invoke_context = ThisInvokeContext::new( @@ -2258,7 +2277,7 @@ mod tests { .account_keys .iter() .enumerate() - .map(|(i, _)| message.is_writable(i)) + .map(|(i, _)| message.is_writable(i, demote_program_write_locks)) .collect::>(); accounts[0].1.borrow_mut().data_as_mut_slice()[0] = 1; assert_eq!( @@ -2313,7 +2332,7 @@ mod tests { .account_keys .iter() .enumerate() - .map(|(i, _)| message.is_writable(i)) + .map(|(i, _)| message.is_writable(i, demote_program_write_locks)) .collect::>(); assert_eq!( MessageProcessor::process_cross_program_instruction( diff --git a/sdk/benches/serialize_instructions.rs b/sdk/benches/serialize_instructions.rs index dae549c98e..201089a850 100644 --- a/sdk/benches/serialize_instructions.rs +++ b/sdk/benches/serialize_instructions.rs @@ -14,6 +14,8 @@ fn make_instructions() -> Vec { vec![inst; 4] } +const DEMOTE_PROGRAM_WRITE_LOCKS: bool = true; + #[bench] fn bench_bincode_instruction_serialize(b: &mut Bencher) { let instructions = make_instructions(); @@ -27,7 +29,7 @@ fn bench_manual_instruction_serialize(b: &mut Bencher) { let instructions = make_instructions(); let message = Message::new(&instructions, None); b.iter(|| { - test::black_box(message.serialize_instructions()); + test::black_box(message.serialize_instructions(DEMOTE_PROGRAM_WRITE_LOCKS)); }); } @@ -44,7 +46,7 @@ fn bench_bincode_instruction_deserialize(b: &mut Bencher) { fn bench_manual_instruction_deserialize(b: &mut Bencher) { let instructions = make_instructions(); let message = Message::new(&instructions, None); - let serialized = message.serialize_instructions(); + let serialized = message.serialize_instructions(DEMOTE_PROGRAM_WRITE_LOCKS); b.iter(|| { for i in 0..instructions.len() { test::black_box(instructions::load_instruction_at(i, &serialized).unwrap()); @@ -56,7 +58,7 @@ fn bench_manual_instruction_deserialize(b: &mut Bencher) { fn bench_manual_instruction_deserialize_single(b: &mut Bencher) { let instructions = make_instructions(); let message = Message::new(&instructions, None); - let serialized = message.serialize_instructions(); + let serialized = message.serialize_instructions(DEMOTE_PROGRAM_WRITE_LOCKS); b.iter(|| { test::black_box(instructions::load_instruction_at(3, &serialized).unwrap()); }); diff --git a/sdk/program/src/message.rs b/sdk/program/src/message.rs index 28b44eec37..429c69e91e 100644 --- a/sdk/program/src/message.rs +++ b/sdk/program/src/message.rs @@ -356,6 +356,16 @@ impl Message { .collect() } + pub fn is_key_called_as_program(&self, key_index: usize) -> bool { + if let Ok(key_index) = u8::try_from(key_index) { + self.instructions + .iter() + .any(|ix| ix.program_id_index == key_index) + } else { + false + } + } + pub fn is_key_passed_to_program(&self, index: usize) -> bool { if let Ok(index) = u8::try_from(index) { for ix in self.instructions.iter() { @@ -391,7 +401,7 @@ impl Message { self.program_position(i).is_some() } - pub fn is_writable(&self, i: usize) -> bool { + pub fn is_writable(&self, i: usize, demote_program_write_locks: bool) -> bool { (i < (self.header.num_required_signatures - self.header.num_readonly_signed_accounts) as usize || (i >= self.header.num_required_signatures as usize @@ -401,17 +411,21 @@ impl Message { let key = self.account_keys[i]; sysvar::is_sysvar_id(&key) || BUILTIN_PROGRAMS_KEYS.contains(&key) } + && !(demote_program_write_locks && self.is_key_called_as_program(i)) } pub fn is_signer(&self, i: usize) -> bool { i < self.header.num_required_signatures as usize } - pub fn get_account_keys_by_lock_type(&self) -> (Vec<&Pubkey>, Vec<&Pubkey>) { + pub fn get_account_keys_by_lock_type( + &self, + demote_program_write_locks: bool, + ) -> (Vec<&Pubkey>, Vec<&Pubkey>) { let mut writable_keys = vec![]; let mut readonly_keys = vec![]; for (i, key) in self.account_keys.iter().enumerate() { - if self.is_writable(i) { + if self.is_writable(i, demote_program_write_locks) { writable_keys.push(key); } else { readonly_keys.push(key); @@ -433,7 +447,7 @@ impl Message { // 35..67 - program_id // 67..69 - data len - u16 // 69..data_len - data - pub fn serialize_instructions(&self) -> Vec { + pub fn serialize_instructions(&self, demote_program_write_locks: bool) -> Vec { // 64 bytes is a reasonable guess, calculating exactly is slower in benchmarks let mut data = Vec::with_capacity(self.instructions.len() * (32 * 2)); append_u16(&mut data, self.instructions.len() as u16); @@ -448,7 +462,7 @@ impl Message { for account_index in &instruction.accounts { let account_index = *account_index as usize; let is_signer = self.is_signer(account_index); - let is_writable = self.is_writable(account_index); + let is_writable = self.is_writable(account_index, demote_program_write_locks); let mut meta_byte = 0; if is_signer { meta_byte |= 1 << Self::IS_SIGNER_BIT; @@ -887,12 +901,13 @@ mod tests { recent_blockhash: Hash::default(), instructions: vec![], }; - assert!(message.is_writable(0)); - assert!(!message.is_writable(1)); - assert!(!message.is_writable(2)); - assert!(message.is_writable(3)); - assert!(message.is_writable(4)); - assert!(!message.is_writable(5)); + let demote_program_write_locks = true; + assert!(message.is_writable(0, demote_program_write_locks)); + assert!(!message.is_writable(1, demote_program_write_locks)); + assert!(!message.is_writable(2, demote_program_write_locks)); + assert!(message.is_writable(3, demote_program_write_locks)); + assert!(message.is_writable(4, demote_program_write_locks)); + assert!(!message.is_writable(5, demote_program_write_locks)); } #[test] @@ -920,7 +935,7 @@ mod tests { Some(&id1), ); assert_eq!( - message.get_account_keys_by_lock_type(), + message.get_account_keys_by_lock_type(/*demote_program_write_locks=*/ true), (vec![&id1, &id0], vec![&id3, &id2, &program_id]) ); } @@ -950,7 +965,7 @@ mod tests { ]; let message = Message::new(&instructions, Some(&id1)); - let serialized = message.serialize_instructions(); + let serialized = message.serialize_instructions(/*demote_program_write_locks=*/ true); for (i, instruction) in instructions.iter().enumerate() { assert_eq!( Message::deserialize_instruction(i, &serialized).unwrap(), @@ -971,7 +986,7 @@ mod tests { ]; let message = Message::new(&instructions, Some(&id1)); - let serialized = message.serialize_instructions(); + let serialized = message.serialize_instructions(/*demote_program_write_locks=*/ true); assert_eq!( Message::deserialize_instruction(instructions.len(), &serialized).unwrap_err(), SanitizeError::IndexOutOfBounds, diff --git a/sdk/src/feature_set.rs b/sdk/src/feature_set.rs index 1e9f6f96a9..98ed71a7e8 100644 --- a/sdk/src/feature_set.rs +++ b/sdk/src/feature_set.rs @@ -187,6 +187,10 @@ pub mod stake_program_advance_activating_credits_observed { solana_sdk::declare_id!("SAdVFw3RZvzbo6DvySbSdBnHN4gkzSTH9dSxesyKKPj"); } +pub mod demote_program_write_locks { + solana_sdk::declare_id!("3E3jV7v9VcdJL8iYZUMax9DiDno8j7EWUVbhm9RtShj2"); +} + lazy_static! { /// Map of feature identifiers to user-visible description pub static ref FEATURE_NAMES: HashMap = [ @@ -234,6 +238,7 @@ lazy_static! { (mem_overlap_fix::id(), "Memory overlap fix"), (close_upgradeable_program_accounts::id(), "enable closing upgradeable program accounts"), (stake_program_advance_activating_credits_observed::id(), "Enable advancing credits observed for activation epoch #19309"), + (demote_program_write_locks::id(), "demote program write locks to readonly #19593"), /*************** ADD NEW FEATURES HERE ***************/ ] .iter() diff --git a/transaction-status/src/parse_accounts.rs b/transaction-status/src/parse_accounts.rs index ebef018e71..197643450b 100644 --- a/transaction-status/src/parse_accounts.rs +++ b/transaction-status/src/parse_accounts.rs @@ -13,7 +13,7 @@ pub fn parse_accounts(message: &Message) -> Vec { for (i, account_key) in message.account_keys.iter().enumerate() { accounts.push(ParsedAccount { pubkey: account_key.to_string(), - writable: message.is_writable(i), + writable: message.is_writable(i, /*demote_program_write_locks=*/ true), signer: message.is_signer(i), }); }