From ab35bb8d1ec97295cb2dc5bdac4d54ef8172fea8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20Mei=C3=9Fner?= <AlexanderMeissner@gmx.net>
Date: Wed, 17 Nov 2021 11:55:25 +0100
Subject: [PATCH] Adds a feature gate to reject the deployment of programs with
 unresolved syscall symbols. (#21298)

---
 programs/bpf_loader/src/lib.rs | 16 ++++++++++------
 sdk/src/feature_set.rs         |  5 +++++
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/programs/bpf_loader/src/lib.rs b/programs/bpf_loader/src/lib.rs
index 13ad8aa017b184..b34e5d98a164bb 100644
--- a/programs/bpf_loader/src/lib.rs
+++ b/programs/bpf_loader/src/lib.rs
@@ -32,8 +32,8 @@ use solana_sdk::{
     entrypoint::{HEAP_LENGTH, SUCCESS},
     feature_set::{
         add_missing_program_error_mappings, close_upgradeable_program_accounts, fix_write_privs,
-        reduce_required_deploy_balance, stop_verify_mul64_imm_nonzero,
-        upgradeable_close_instruction,
+        reduce_required_deploy_balance, reject_deployment_of_unresolved_syscalls,
+        stop_verify_mul64_imm_nonzero, upgradeable_close_instruction,
     },
     ic_logger_msg, ic_msg,
     instruction::{AccountMeta, InstructionError},
@@ -76,6 +76,7 @@ pub fn create_executor(
     program_data_offset: usize,
     invoke_context: &mut dyn InvokeContext,
     use_jit: bool,
+    reject_unresolved_syscalls: bool,
 ) -> Result<Arc<BpfExecutor>, InstructionError> {
     let syscall_registry = syscalls::register_syscalls(invoke_context).map_err(|e| {
         ic_msg!(invoke_context, "Failed to register syscalls: {}", e);
@@ -86,6 +87,8 @@ pub fn create_executor(
         max_call_depth: bpf_compute_budget.max_call_depth,
         stack_frame_size: bpf_compute_budget.stack_frame_size,
         enable_instruction_tracing: log_enabled!(Trace),
+        reject_unresolved_syscalls: reject_unresolved_syscalls
+            && invoke_context.is_feature_active(&reject_deployment_of_unresolved_syscalls::id()),
         verify_mul64_imm_nonzero: !invoke_context
             .is_feature_active(&stop_verify_mul64_imm_nonzero::id()), // TODO: Feature gate and then remove me
         ..Config::default()
@@ -236,7 +239,8 @@ fn process_instruction_common(
         let executor = match invoke_context.get_executor(program_id) {
             Some(executor) => executor,
             None => {
-                let executor = create_executor(0, program_data_offset, invoke_context, use_jit)?;
+                let executor =
+                    create_executor(0, program_data_offset, invoke_context, use_jit, false)?;
                 invoke_context.add_executor(program_id, executor.clone());
                 executor
             }
@@ -430,7 +434,7 @@ fn process_loader_upgradeable_instruction(
             )?;
 
             // Load and verify the program bits
-            let executor = create_executor(3, buffer_data_offset, invoke_context, use_jit)?;
+            let executor = create_executor(3, buffer_data_offset, invoke_context, use_jit, true)?;
             invoke_context.add_executor(&new_program_id, executor);
 
             let keyed_accounts = invoke_context.get_keyed_accounts()?;
@@ -562,7 +566,7 @@ fn process_loader_upgradeable_instruction(
             }
 
             // Load and verify the program bits
-            let executor = create_executor(2, buffer_data_offset, invoke_context, use_jit)?;
+            let executor = create_executor(2, buffer_data_offset, invoke_context, use_jit, true)?;
             invoke_context.add_executor(&new_program_id, executor);
 
             let keyed_accounts = invoke_context.get_keyed_accounts()?;
@@ -831,7 +835,7 @@ fn process_loader_instruction(
                 return Err(InstructionError::MissingRequiredSignature);
             }
 
-            let executor = create_executor(0, 0, invoke_context, use_jit)?;
+            let executor = create_executor(0, 0, invoke_context, use_jit, true)?;
             let keyed_accounts = invoke_context.get_keyed_accounts()?;
             let program = keyed_account_at_index(keyed_accounts, 0)?;
             invoke_context.add_executor(program.unsigned_key(), executor);
diff --git a/sdk/src/feature_set.rs b/sdk/src/feature_set.rs
index 55d48658e5c743..9a875c930e39d3 100644
--- a/sdk/src/feature_set.rs
+++ b/sdk/src/feature_set.rs
@@ -255,6 +255,10 @@ pub mod add_compute_budget_program {
     solana_sdk::declare_id!("4d5AKtxoh93Dwm1vHXUU3iRATuMndx1c431KgT2td52r");
 }
 
+pub mod reject_deployment_of_unresolved_syscalls {
+    solana_sdk::declare_id!("DqniU3MfvdpU3yhmNF1RKeaM5TZQELZuyFGosASRVUoy");
+}
+
 lazy_static! {
     /// Map of feature identifiers to user-visible description
     pub static ref FEATURE_NAMES: HashMap<Pubkey, &'static str> = [
@@ -319,6 +323,7 @@ lazy_static! {
         (ed25519_program_enabled::id(), "enable builtin ed25519 signature verify program"),
         (requestable_heap_size::id(), "Requestable heap frame size"),
         (add_compute_budget_program::id(), "Add compute_budget_program"),
+        (reject_deployment_of_unresolved_syscalls::id(), "Reject deployment of programs with unresolved syscall symbols"),
         /*************** ADD NEW FEATURES HERE ***************/
     ]
     .iter()