Merge branch 'ulan/run-978' into 'master'

fix: RUN-978: Fix validation of the Wasm memory limit Currently, replica accepts the Wasm memory limit up to 2^64. However, the spec has the upper bound of 2^48. This makes the implementation consistent with the spec. Closes RUN-978 See merge request dfinity-lab/public/ic!19262
dfinity · May 14, 2024 · 33e5e76 · 33e5e76
2 parents 681c33f + 4ef431d
commit 33e5e76
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 5 deletions.
diff --git a/rs/execution_environment/src/canister_settings.rs b/rs/execution_environment/src/canister_settings.rs
@@ -12,6 +12,9 @@ use std::convert::TryFrom;
 
 use crate::canister_manager::CanisterManagerError;
 
+/// These limit comes from the spec and is not expected to change,
+/// which is why it is not part of the replica config.
+const MAX_WASM_MEMORY_LIMIT: u64 = 1 << 48;
 /// Struct used for decoding CanisterSettingsArgs
 #[derive(Default)]
 pub(crate) struct CanisterSettings {
@@ -117,13 +120,18 @@ impl TryFrom<CanisterSettingsArgs> for CanisterSettings {
         };
 
         let wasm_memory_limit = match input.wasm_memory_limit {
-            Some(limit) => Some(
-                limit
+            Some(limit) => {
+                let limit = limit
                     .0
                     .to_u64()
-                    .ok_or(UpdateSettingsError::WasmMemoryLimitOutOfRange { provided: limit })?
-                    .into(),
-            ),
+                    .ok_or(UpdateSettingsError::WasmMemoryLimitOutOfRange { provided: limit })?;
+                if limit > MAX_WASM_MEMORY_LIMIT {
+                    return Err(UpdateSettingsError::WasmMemoryLimitOutOfRange {
+                        provided: limit.into(),
+                    });
+                }
+                Some(limit.into())
+            }
             None => None,
         };
 

diff --git a/rs/execution_environment/src/hypervisor/tests.rs b/rs/execution_environment/src/hypervisor/tests.rs
@@ -7246,3 +7246,21 @@ fn wasm_memory_limit_is_enforced_in_init() {
     let err = test.install_canister(canister_id, wasm).unwrap_err();
     assert_eq!(err.code(), ErrorCode::CanisterWasmMemoryLimitExceeded);
 }
+
+#[test]
+fn wasm_memory_limit_cannot_exceed_256_tb() {
+    let mut test = ExecutionTestBuilder::new().build();
+
+    let canister_id = test.create_canister(Cycles::new(1_000_000_000_000));
+
+    // Setting the limit to 2^48 works.
+    test.canister_update_wasm_memory_limit(canister_id, NumBytes::new(1 << 4))
+        .unwrap();
+
+    // Setting the limit above 2^48 fails.
+    let err = test
+        .canister_update_wasm_memory_limit(canister_id, NumBytes::new((1 << 48) + 1))
+        .unwrap_err();
+
+    assert_eq!(err.code(), ErrorCode::CanisterContractViolation);
+}