diff --git a/Cargo.lock b/Cargo.lock index 0f84975b9f4c01..640481ab11d1cb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -5887,9 +5887,9 @@ dependencies = [ [[package]] name = "solana_rbpf" -version = "0.2.18" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c7a237a92714db63de655e20af29a3b59c007881f2dfbdc2d3838ca3675f45f" +checksum = "4b4ea641d81290842c822f1348ce9f35ff3e11d09553e709c894af9765b7934c" dependencies = [ "byteorder", "combine", diff --git a/cli/Cargo.toml b/cli/Cargo.toml index 88073b26641877..c2e0da755e06b3 100644 --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -40,7 +40,7 @@ solana-config-program = { path = "../programs/config", version = "=1.8.11" } solana-faucet = { path = "../faucet", version = "=1.8.11" } solana-logger = { path = "../logger", version = "=1.8.11" } solana-net-utils = { path = "../net-utils", version = "=1.8.11" } -solana_rbpf = "=0.2.18" +solana_rbpf = "=0.2.19" solana-remote-wallet = { path = "../remote-wallet", version = "=1.8.11" } solana-sdk = { path = "../sdk", version = "=1.8.11" } solana-transaction-status = { path = "../transaction-status", version = "=1.8.11" } diff --git a/programs/bpf/Cargo.lock b/programs/bpf/Cargo.lock index 8c6042bc6d1945..d57f043d1a2b45 100644 --- a/programs/bpf/Cargo.lock +++ b/programs/bpf/Cargo.lock @@ -3699,9 +3699,9 @@ dependencies = [ [[package]] name = "solana_rbpf" -version = "0.2.18" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c7a237a92714db63de655e20af29a3b59c007881f2dfbdc2d3838ca3675f45f" +checksum = "4b4ea641d81290842c822f1348ce9f35ff3e11d09553e709c894af9765b7934c" dependencies = [ "byteorder 1.3.4", "combine", diff --git a/programs/bpf/Cargo.toml b/programs/bpf/Cargo.toml index 63725e892d6c06..67d33a595cebf2 100644 --- a/programs/bpf/Cargo.toml +++ b/programs/bpf/Cargo.toml @@ -30,7 +30,7 @@ solana-bpf-loader-program = { path = "../bpf_loader", version = "=1.8.11" } solana-cli-output = { path = "../../cli-output", version = "=1.8.11" } solana-logger = { path = "../../logger", version = "=1.8.11" } solana-measure = { path = "../../measure", version = "=1.8.11" } -solana_rbpf = "=0.2.18" +solana_rbpf = "=0.2.19" solana-runtime = { path = "../../runtime", version = "=1.8.11" } solana-sdk = { path = "../../sdk", version = "=1.8.11" } solana-transaction-status = { path = "../../transaction-status", version = "=1.8.11" } diff --git a/programs/bpf/benches/bpf_loader.rs b/programs/bpf/benches/bpf_loader.rs index 5acb491a006076..9d8e3f58a6a1da 100644 --- a/programs/bpf/benches/bpf_loader.rs +++ b/programs/bpf/benches/bpf_loader.rs @@ -105,7 +105,7 @@ fn bench_program_alu(bencher: &mut Bencher) { register_syscalls(&mut invoke_context).unwrap(), ) .unwrap(); - executable.jit_compile().unwrap(); + Executable::::jit_compile(&mut executable).unwrap(); let compute_meter = invoke_context.get_compute_meter(); let mut instruction_meter = ThisInstructionMeter { compute_meter }; let mut vm = create_vm( diff --git a/programs/bpf/tests/programs.rs b/programs/bpf/tests/programs.rs index 5bca860cace6c8..81a65329849ce8 100644 --- a/programs/bpf/tests/programs.rs +++ b/programs/bpf/tests/programs.rs @@ -226,7 +226,7 @@ fn run_program( register_syscalls(&mut invoke_context).unwrap(), ) .unwrap(); - executable.jit_compile().unwrap(); + Executable::::jit_compile(&mut executable).unwrap(); let mut instruction_count = 0; let mut tracer = None; diff --git a/programs/bpf_loader/Cargo.toml b/programs/bpf_loader/Cargo.toml index 505b495bc00f61..44f9572f8694e5 100644 --- a/programs/bpf_loader/Cargo.toml +++ b/programs/bpf_loader/Cargo.toml @@ -22,7 +22,7 @@ sha3 = "0.9.1" solana-measure = { path = "../../measure", version = "=1.8.11" } solana-runtime = { path = "../../runtime", version = "=1.8.11" } solana-sdk = { path = "../../sdk", version = "=1.8.11" } -solana_rbpf = "=0.2.18" +solana_rbpf = "=0.2.19" thiserror = "1.0" [dev-dependencies] diff --git a/programs/bpf_loader/src/lib.rs b/programs/bpf_loader/src/lib.rs index 09fc322cfa0552..827e0e15175c20 100644 --- a/programs/bpf_loader/src/lib.rs +++ b/programs/bpf_loader/src/lib.rs @@ -33,9 +33,10 @@ use solana_sdk::{ entrypoint::{HEAP_LENGTH, SUCCESS}, feature_set::{ add_missing_program_error_mappings, close_upgradeable_program_accounts, fix_write_privs, - reduce_required_deploy_balance, reject_deployment_of_unresolved_syscalls, - reject_section_virtual_address_file_offset_mismatch, requestable_heap_size, - start_verify_shift32_imm, stop_verify_mul64_imm_nonzero, upgradeable_close_instruction, + reduce_required_deploy_balance, reject_all_elf_rw, + reject_deployment_of_unresolved_syscalls, + reject_section_virtual_address_file_offset_mismatch, start_verify_shift32_imm, + stop_verify_mul64_imm_nonzero, upgradeable_close_instruction, }, ic_logger_msg, ic_msg, instruction::{AccountMeta, InstructionError}, @@ -49,7 +50,7 @@ use solana_sdk::{ rent::Rent, system_instruction::{self, MAX_PERMITTED_DATA_LENGTH}, }; -use std::{cell::RefCell, fmt::Debug, rc::Rc, sync::Arc}; +use std::{cell::RefCell, fmt::Debug, pin::Pin, rc::Rc, sync::Arc}; use thiserror::Error; solana_sdk::declare_builtin!( @@ -97,6 +98,7 @@ pub fn create_executor( verify_mul64_imm_nonzero: !invoke_context .is_feature_active(&stop_verify_mul64_imm_nonzero::id()), verify_shift32_imm: invoke_context.is_feature_active(&start_verify_shift32_imm::id()), + reject_all_writable_sections: invoke_context.is_feature_active(&reject_all_elf_rw::id()), ..Config::default() }; let mut executable = { @@ -111,7 +113,8 @@ pub fn create_executor( verifier::check(text_bytes, &config) .map_err(|e| map_ebpf_error(invoke_context, EbpfError::UserError(e.into())))?; if use_jit { - if let Err(err) = executable.jit_compile() { + if let Err(err) = Executable::::jit_compile(&mut executable) + { ic_msg!(invoke_context, "Failed to compile program {:?}", err); return Err(InstructionError::ProgramFailedToCompile); } @@ -152,7 +155,7 @@ fn check_loader_id(id: &Pubkey) -> bool { /// Create the BPF virtual machine pub fn create_vm<'a>( loader_id: &'a Pubkey, - program: &'a Executable, + program: &'a Pin>>, parameter_bytes: &mut [u8], invoke_context: &'a mut dyn InvokeContext, ) -> Result, EbpfError> { @@ -874,7 +877,7 @@ impl InstructionMeter for ThisInstructionMeter { /// BPF Loader's Executor implementation pub struct BpfExecutor { - executable: Executable, + executable: Pin>>, } // Well, implement Debug for solana_rbpf::vm::Executable in solana-rbpf... diff --git a/rbpf-cli/src/main.rs b/rbpf-cli/src/main.rs index deda22b36e7b26..70a6ccc128d55f 100644 --- a/rbpf-cli/src/main.rs +++ b/rbpf-cli/src/main.rs @@ -210,7 +210,7 @@ native machine code before execting it in the virtual machine.", let text_bytes = executable.get_text_bytes().1; check(text_bytes, &config).unwrap(); } - executable.jit_compile().unwrap(); + Executable::::jit_compile(&mut executable).unwrap(); let analysis = Analysis::from_executable(&executable); match matches.value_of("use") { diff --git a/sdk/src/feature_set.rs b/sdk/src/feature_set.rs index 8be6e87886adcc..1647ec0aec0553 100644 --- a/sdk/src/feature_set.rs +++ b/sdk/src/feature_set.rs @@ -267,6 +267,10 @@ pub mod reject_section_virtual_address_file_offset_mismatch { solana_sdk::declare_id!("5N4NikcJLEiZNqwndhNyvZw15LvFXp1oF7AJQTNTZY5k"); } +pub mod reject_all_elf_rw { + solana_sdk::declare_id!("DeMpxgMq51j3rZfNK2hQKZyXknQvqevPSFPJFNTbXxsS"); +} + lazy_static! { /// Map of feature identifiers to user-visible description pub static ref FEATURE_NAMES: HashMap = [ @@ -334,6 +338,7 @@ lazy_static! { (add_compute_budget_program::id(), "Add compute_budget_program"), (reject_deployment_of_unresolved_syscalls::id(), "Reject deployment of programs with unresolved syscall symbols"), (reject_section_virtual_address_file_offset_mismatch::id(), "enforce section virtual addresses and file offsets in ELF to be equal"), + (reject_all_elf_rw::id(), "reject all read-write data in program elfs"), /*************** ADD NEW FEATURES HERE ***************/ ] .iter()