sbpf: simplify calldests handling

Author: riptl

src/ballet/sbpf/fd_sbpf_calldests.h

@@ -0,0 +1,51 @@
+#ifndef HEADER_fd_src_ballet_sbpf_fd_sbpf_calldests_h
+#define HEADER_fd_src_ballet_sbpf_fd_sbpf_calldests_h
+
+/* fd_sbpf_calldests.h provides a bit vector of valid call destinations.
+   Should be configured to fit any possible program counter.  The max
+   program counter is <size of text section> divided by 8. */
+
+#define SET_NAME fd_sbpf_calldests1
+#include "../../util/tmpl/fd_set_dynamic.c"
+
+/* Unfortunately, fd_set_dynamic.c has UB if the set size is zero.
+   So, wrap set definition to support zero size.  Also handle OOB jumps
+   from malicious programs. */
+
+typedef fd_sbpf_calldests1_t fd_sbpf_calldests_t;
+
+#define fd_sbpf_calldests_align  fd_sbpf_calldests1_align
+#define fd_sbpf_calldests_join   fd_sbpf_calldests1_join
+#define fd_sbpf_calldests_leave  fd_sbpf_calldests1_leave
+#define fd_sbpf_calldests_delete fd_sbpf_calldests1_delete
+
+FD_PROTOTYPES_BEGIN
+
+static inline ulong
+fd_sbpf_calldests_footprint( ulong pc_max ) {
+  return fd_sbpf_calldests1_footprint( fd_ulong_min( pc_max, 1UL ) );
+}
+
+static inline void *
+fd_sbpf_calldests_new( void * mem,
+                       ulong  pc_max ) {
+  return fd_sbpf_calldests1_new( mem, fd_ulong_min( pc_max, 1UL ) );
+}
+
+static inline void
+fd_sbpf_calldests_insert( fd_sbpf_calldests_t * calldests,
+                          ulong                 pc ) {
+  if( FD_UNLIKELY( !fd_sbpf_calldests1_valid_idx( calldests, pc ) ) ) return;
+  fd_sbpf_calldests1_insert( calldests, pc );
+}
+
+static inline int
+fd_sbpf_calldests_test( fd_sbpf_calldests_t const * calldests,
+                        ulong                       pc ) {
+  if( FD_UNLIKELY( !fd_sbpf_calldests1_valid_idx( calldests, pc ) ) ) return 0;
+  return fd_sbpf_calldests1_test( calldests, pc );
+}
+
+FD_PROTOTYPES_END
+
+#endif /* HEADER_fd_src_ballet_sbpf_fd_sbpf_calldests_h */

src/ballet/sbpf/fd_sbpf_loader.c

@@ -1,7 +1,7 @@
 #include "fd_sbpf_loader.h"
 #include "fd_sbpf_instr.h"
 #include "fd_sbpf_opcodes.h"
-#include "../../util/fd_util.h"
+#include "../elf/fd_elf64.h"
 #include "../../util/bits/fd_sat.h"
 #include "../murmur3/fd_murmur3.h"
 
@@ -127,18 +127,17 @@ fd_sbpf_program_align( void ) {
   return alignof( fd_sbpf_program_t );
 }
 
+static inline ulong
+fd_sbpf_program_calldests_max( fd_sbpf_elf_info_t const * info ) {
+  if( fd_sbpf_enable_stricter_elf_headers_enabled( info->sbpf_version ) ) return 0UL;
+  return info->text_cnt;
+}
+
 ulong
 fd_sbpf_program_footprint( fd_sbpf_elf_info_t const * info ) {
-  FD_COMPILER_UNPREDICTABLE( info ); /* Make this appear as FD_FN_PURE (e.g. footprint might depened on info contents in future) */
-  if( FD_UNLIKELY( fd_sbpf_enable_stricter_elf_headers_enabled( info->sbpf_version ) ) ) {
-    /* SBPF v3+ no longer neeeds calldests bitmap */
-    return FD_LAYOUT_FINI( FD_LAYOUT_APPEND( FD_LAYOUT_INIT,
-      alignof(fd_sbpf_program_t), sizeof(fd_sbpf_program_t) ),
-      alignof(fd_sbpf_program_t) );
-  }
   return FD_LAYOUT_FINI( FD_LAYOUT_APPEND( FD_LAYOUT_APPEND( FD_LAYOUT_INIT,
     alignof(fd_sbpf_program_t), sizeof(fd_sbpf_program_t) ),
-    fd_sbpf_calldests_align(), fd_sbpf_calldests_footprint( info->text_cnt ) ),  /* calldests bitmap */
+    fd_sbpf_calldests_align(), fd_sbpf_calldests_footprint( fd_sbpf_program_calldests_max( info ) ) ),
     alignof(fd_sbpf_program_t) );
 }
 
@@ -183,19 +182,13 @@ fd_sbpf_program_new( void *                     prog_mem,
   };
 
   /* If the text section is empty, then we do not need a calldests map. */
-  ulong pc_max = elf_info->text_cnt;
-  if( FD_UNLIKELY( fd_sbpf_enable_stricter_elf_headers_enabled( elf_info->sbpf_version ) || pc_max==0UL ) ) {
-    /* No calldests map in SBPF v3+ or if text_cnt is 0. */
-    prog->calldests_shmem = NULL;
-    prog->calldests       = NULL;
-  } else {
-    /* Initialize calldests map. */
-    prog->calldests_shmem = fd_sbpf_calldests_new(
-          FD_SCRATCH_ALLOC_APPEND( laddr, fd_sbpf_calldests_align(),
-                                          fd_sbpf_calldests_footprint( pc_max ) ),
-          pc_max );
-    prog->calldests = fd_sbpf_calldests_join( prog->calldests_shmem );
-  }
+  ulong calldests_max = fd_sbpf_program_calldests_max( elf_info );
+  /* Initialize calldests map. */
+  prog->calldests_shmem = fd_sbpf_calldests_new(
+        FD_SCRATCH_ALLOC_APPEND( laddr, fd_sbpf_calldests_align(),
+                                        fd_sbpf_calldests_footprint( calldests_max ) ),
+        fd_sbpf_calldests_footprint( calldests_max ) );
+  prog->calldests = fd_sbpf_calldests_join( prog->calldests_shmem );
 
   return prog;
 }
@@ -215,7 +208,7 @@ fd_sbpf_program_delete( fd_sbpf_program_t * mem ) {
 
 struct fd_sbpf_loader {
   /* External objects */
-  ulong *              calldests; /* owned by program. NULL if text_cnt = 0 or SBPF v3+ */
+  ulong *              calldests; /* owned by program */
   fd_sbpf_syscalls_t * syscalls;  /* owned by caller */
 };
 typedef struct fd_sbpf_loader fd_sbpf_loader_t;
@@ -361,9 +354,7 @@ fd_sbpf_register_function_hashed_legacy( fd_sbpf_loader_t *  loader,
      make sure that target_pc <= text_cnt, otherwise the insertion is
      UB. It's fine to skip inserting these entries because the calldests
      are write-only in the SBPF loader and only queried from the VM. */
-  if( FD_LIKELY( !is_entrypoint &&
-                  loader->calldests &&
-                  fd_sbpf_calldests_valid_idx( loader->calldests, target_pc ) ) ) {
+  if( FD_LIKELY( !is_entrypoint ) ) {
     fd_sbpf_calldests_insert( loader->calldests, target_pc );
   }
 

src/ballet/sbpf/fd_sbpf_loader.h

@@ -9,8 +9,7 @@
    program header table and instead load specific sections at predefined
    addresses.  However, it will perform dynamic relocation. */
 
-#include "../../util/fd_util_base.h"
-#include "../elf/fd_elf64.h"
+#include "fd_sbpf_calldests.h"
 
 /* Error types ********************************************************/
 
@@ -80,13 +79,6 @@
 
 /* Program struct *****************************************************/
 
-/* fd_sbpf_calldests is a bit vector of valid call destinations.
-   Should be configured to fit any possible program counter.  The max
-   program counter is <size of ELF binary> divided by 8. */
-
-#define SET_NAME fd_sbpf_calldests
-#include "../../util/tmpl/fd_set_dynamic.c"
-
 /* fd_sbpf_syscall_func_t is a callback implementing an sBPF syscall.
    vm is a handle to the running VM.  Returns 0 on suceess or an integer
    error code on failure.

src/ballet/sbpf/fuzz_sbpf_loader.c

@@ -2,6 +2,7 @@
 #error "This target requires FD_HAS_HOSTED"
 #endif
 
+#include "../../util/fd_util.h"
 #include "../../util/sanitize/fd_fuzz.h"
 #include "fd_sbpf_loader.h"
 

src/flamenco/runtime/tests/fd_elf_harness.c

@@ -102,7 +102,7 @@ fd_solfuzz_elf_loader_run( fd_solfuzz_runner_t * runner,
 
     pb_size_t max_calldests_sz = 1U;
     if( FD_LIKELY( prog->calldests ) ) {
-      max_calldests_sz += (pb_size_t)fd_sbpf_calldests_cnt( prog->calldests);
+      max_calldests_sz += (pb_size_t)fd_sbpf_calldests1_cnt( prog->calldests );
     }
 
     elf_effects->calldests     = FD_SCRATCH_ALLOC_APPEND(l, 8UL, max_calldests_sz * sizeof(uint64_t));
@@ -115,9 +115,9 @@ fd_solfuzz_elf_loader_run( fd_solfuzz_runner_t * runner,
 
     /* Add the rest of the calldests */
     if( FD_LIKELY( prog->calldests ) ) {
-      for( ulong target_pc=fd_sbpf_calldests_const_iter_init(prog->calldests);
-                          !fd_sbpf_calldests_const_iter_done(target_pc);
-                target_pc=fd_sbpf_calldests_const_iter_next(prog->calldests, target_pc) ) {
+      for( ulong target_pc=fd_sbpf_calldests1_const_iter_init( prog->calldests );
+                          !fd_sbpf_calldests1_const_iter_done( target_pc);
+                target_pc=fd_sbpf_calldests1_const_iter_next( prog->calldests, target_pc ) ) {
         if( FD_LIKELY( target_pc!=prog->entry_pc ) ) {
           elf_effects->calldests[elf_effects->calldests_count++] = target_pc;
         }