VM: Enforce a call depth limit

build/params_mainnet.go

@@ -37,7 +37,6 @@ const UpgradeTapeHeight = 140760
 // We still have upgrades and state changes to do, but can happen after signaling timing here.
 const UpgradeLiftoffHeight = 148888
 
-// TODO: Confirm epoch
 const UpgradeKumquatHeight = 170000
 
 func init() {

chain/actors/version.go

@@ -18,7 +18,7 @@ func VersionForNetwork(version network.Version) Version {
 	switch version {
 	case network.Version0, network.Version1, network.Version2, network.Version3:
 		return Version0
-	case network.Version4, network.Version5:
+	case network.Version4, network.Version5, network.Version6:
 		return Version2
 	default:
 		panic(fmt.Sprintf("unsupported network version %d", version))

chain/gen/genesis/miners.go

@@ -405,7 +405,7 @@ func circSupply(ctx context.Context, vmi *vm.VM, maddr address.Address) abi.Toke
 	rt := unsafeVM.MakeRuntime(ctx, &types.Message{
 		GasLimit: 1_000_000_000,
 		From:     maddr,
-	}, maddr, 0, 0, 0)
+	})
 
 	return rt.TotalFilCircSupply()
 }

chain/vm/runtime.go

@@ -72,6 +72,7 @@ type Runtime struct {
 	originNonce uint64
 
 	executionTrace    types.ExecutionTrace
+	depth             uint64
 	numActorsCreated  uint64
 	allowInternal     bool
 	callerValidated   bool

chain/vm/vm.go

@@ -38,6 +38,8 @@ import (
 	"github.com/filecoin-project/lotus/lib/bufbstore"
 )
 
+const MaxCallDepth = 4096
+
 var log = logging.Logger("vm")
 var actorLog = logging.Logger("actors")
 var gasOnActorExec = newGasCharge("OnActorExec", 0, 0)
@@ -97,24 +99,37 @@ func (bs *gasChargingBlocks) Put(blk block.Block) error {
 	return nil
 }
 
-func (vm *VM) makeRuntime(ctx context.Context, msg *types.Message, origin address.Address, originNonce uint64, usedGas int64, nac uint64) *Runtime {
+func (vm *VM) makeRuntime(ctx context.Context, msg *types.Message, parent *Runtime) *Runtime {
 	rt := &Runtime{
 		ctx:         ctx,
 		vm:          vm,
 		state:       vm.cstate,
-		origin:      origin,
+		origin:      msg.From,
-		originNonce: originNonce,
+		originNonce: msg.Nonce,
 		height:      vm.blockHeight,
 
-		gasUsed:          usedGas,
+		gasUsed:          0,
 		gasAvailable:     msg.GasLimit,
-		numActorsCreated: nac,
+		depth:            0,
+		numActorsCreated: 0,
 		pricelist:        PricelistByEpoch(vm.blockHeight),
 		allowInternal:    true,
 		callerValidated:  false,
 		executionTrace:   types.ExecutionTrace{Msg: msg},
 	}
 
+	if parent != nil {
+		rt.gasUsed = parent.gasUsed
+		rt.origin = parent.origin
+		rt.originNonce = parent.originNonce
+		rt.numActorsCreated = parent.numActorsCreated
+		rt.depth = parent.depth + 1
+	}
+
+	if rt.depth > MaxCallDepth && rt.NetworkVersion() >= network.Version6 {
+		rt.Abortf(exitcode.SysErrForbidden, "message execution exceeds call depth")
+	}
+
 	rt.cst = &cbor.BasicIpldStore{
 		Blocks: &gasChargingBlocks{rt.chargeGasFunc(2), rt.pricelist, vm.cst.Blocks},
 		Atlas:  vm.cst.Atlas,
@@ -148,8 +163,8 @@ type UnsafeVM struct {
 	VM *VM
 }
 
-func (vm *UnsafeVM) MakeRuntime(ctx context.Context, msg *types.Message, origin address.Address, originNonce uint64, usedGas int64, nac uint64) *Runtime {
+func (vm *UnsafeVM) MakeRuntime(ctx context.Context, msg *types.Message) *Runtime {
-	return vm.VM.makeRuntime(ctx, msg, origin, originNonce, usedGas, nac)
+	return vm.VM.makeRuntime(ctx, msg, nil)
 }
 
 type CircSupplyCalculator func(context.Context, abi.ChainEpoch, *state.StateTree) (abi.TokenAmount, error)
@@ -224,18 +239,7 @@ func (vm *VM) send(ctx context.Context, msg *types.Message, parent *Runtime,
 
 	st := vm.cstate
 
-	origin := msg.From
+	rt := vm.makeRuntime(ctx, msg, parent)
-	on := msg.Nonce
-	var nac uint64 = 0
-	var gasUsed int64
-	if parent != nil {
-		gasUsed = parent.gasUsed
-		origin = parent.origin
-		on = parent.originNonce
-		nac = parent.numActorsCreated
-	}
-
-	rt := vm.makeRuntime(ctx, msg, origin, on, gasUsed, nac)
 	if EnableGasTracing {
 		rt.lastGasChargeTime = start
 		if parent != nil {