Remove - `lift_cpi_caller_restriction` (#6828)

* Cleans the feature gate of lift_cpi_caller_restriction.

* Adjusts test_bpf_loader_upgradeable_deploy_with_max_len.

* Adjusts test_program_sbf_caller_has_access_to_cpi_program.

* Removes lift_cpi_caller_restriction from the feature list too.

feature-set/src/lib.rs

@@ -102,7 +102,6 @@ impl FeatureSet {
 
     pub fn runtime_features(&self) -> SVMFeatureSet {
         SVMFeatureSet {
-            lift_cpi_caller_restriction: self.is_active(&lift_cpi_caller_restriction::id()),
             move_precompile_verification_to_svm: self
                 .is_active(&move_precompile_verification_to_svm::id()),
             remove_accounts_executable_flag_checks: self
@@ -1020,10 +1019,6 @@ pub mod remove_accounts_executable_flag_checks {
     solana_pubkey::declare_id!("FXs1zh47QbNnhXcnB6YiAQoJ4sGB91tKF3UFHLcKT7PM");
 }
 
-pub mod lift_cpi_caller_restriction {
-    solana_pubkey::declare_id!("HcW8ZjBezYYgvcbxNJwqv1t484Y2556qJsfNDWvJGZRH");
-}
-
 pub mod disable_account_loader_special_case {
     solana_pubkey::declare_id!("EQUMpNFr7Nacb1sva56xn1aLfBxppEoSBH8RRVdkcD1x");
 }
@@ -1330,7 +1325,6 @@ pub static FEATURE_NAMES: LazyLock<AHashMap<Pubkey, &'static str>> = LazyLock::n
         (enable_sbpf_v2_deployment_and_execution::id(), "SIMD-0173 and SIMD-0174: Enable deployment and execution of SBPFv2 programs"),
         (enable_sbpf_v3_deployment_and_execution::id(), "SIMD-0178, SIMD-0179 and SIMD-0189: Enable deployment and execution of SBPFv3 programs"),
         (remove_accounts_executable_flag_checks::id(), "SIMD-0162: Remove checks of accounts is_executable flag"),
-        (lift_cpi_caller_restriction::id(), "Lift the restriction in CPI that the caller must have the callee as an instruction account #2202"),
         (disable_account_loader_special_case::id(), "Disable account loader special case #3513"),
         (accounts_lt_hash::id(), "SIMD-0215: enables lattice-based accounts hash"),
         (snapshots_lt_hash::id(), "SIMD-0220: snapshots use lattice-based accounts hash"),

program-runtime/src/invoke_context.rs

@@ -424,33 +424,24 @@ impl<'a> InvokeContext<'a> {
 
         // Find and validate executables / program accounts
         let callee_program_id = instruction.program_id;
-        let program_account_index = if self.get_feature_set().lift_cpi_caller_restriction {
-            self.transaction_context
-                .find_index_of_program_account(&callee_program_id)
-                .ok_or_else(|| {
-                    ic_msg!(self, "Unknown program {}", callee_program_id);
-                    InstructionError::MissingAccount
-                })?
-        } else {
-            let program_account_index = instruction_context
-                .find_index_of_instruction_account(self.transaction_context, &callee_program_id)
-                .ok_or_else(|| {
-                    ic_msg!(self, "Unknown program {}", callee_program_id);
-                    InstructionError::MissingAccount
-                })?;
-            let borrowed_program_account = instruction_context
-                .try_borrow_instruction_account(self.transaction_context, program_account_index)?;
-            #[allow(deprecated)]
-            if !self
-                .get_feature_set()
-                .remove_accounts_executable_flag_checks
-                && !borrowed_program_account.is_executable()
-            {
-                ic_msg!(self, "Account {} is not executable", callee_program_id);
-                return Err(InstructionError::AccountNotExecutable);
-            }
-            borrowed_program_account.get_index_in_transaction()
-        };
+        let program_account_index = instruction_context
+            .find_index_of_instruction_account(self.transaction_context, &callee_program_id)
+            .ok_or_else(|| {
+                ic_msg!(self, "Unknown program {}", callee_program_id);
+                InstructionError::MissingAccount
+            })?;
+        let borrowed_program_account = instruction_context
+            .try_borrow_instruction_account(self.transaction_context, program_account_index)?;
+        #[allow(deprecated)]
+        if !self
+            .get_feature_set()
+            .remove_accounts_executable_flag_checks
+            && !borrowed_program_account.is_executable()
+        {
+            ic_msg!(self, "Account {} is not executable", callee_program_id);
+            return Err(InstructionError::AccountNotExecutable);
+        }
+        let program_account_index = borrowed_program_account.get_index_in_transaction();
 
         Ok((instruction_accounts, vec![program_account_index]))
     }

programs/sbf/tests/programs.rs

@@ -1140,7 +1140,10 @@ fn test_program_sbf_caller_has_access_to_cpi_program() {
     ];
     let instruction = Instruction::new_with_bytes(caller_pubkey, &[1], account_metas.clone());
     let result = bank_client.send_and_confirm_instruction(&mint_keypair, instruction);
-    assert!(result.is_ok());
+    assert_eq!(
+        result.unwrap_err().unwrap(),
+        TransactionError::InstructionError(0, InstructionError::MissingAccount),
+    );
 }
 
 #[test]

runtime/src/bank/tests.rs

@@ -6465,34 +6465,6 @@ fn test_bpf_loader_upgradeable_deploy_with_max_len(formalize_loaded_transaction_
             .unwrap()
     );
 
-    // Test not the system account
-    bank.clear_signatures();
-    bank.store_account(&buffer_address, &buffer_account);
-    bank.store_account(&program_keypair.pubkey(), &AccountSharedData::default());
-    bank.store_account(&programdata_address, &AccountSharedData::default());
-    let mut instructions = solana_loader_v3_interface::instruction::deploy_with_max_program_len(
-        &mint_keypair.pubkey(),
-        &program_keypair.pubkey(),
-        &buffer_address,
-        &upgrade_authority_keypair.pubkey(),
-        min_program_balance,
-        elf.len(),
-    )
-    .unwrap();
-    *instructions
-        .get_mut(1)
-        .unwrap()
-        .accounts
-        .get_mut(6)
-        .unwrap() = AccountMeta::new_readonly(Pubkey::new_unique(), false);
-    let message = Message::new(&instructions, Some(&mint_keypair.pubkey()));
-    assert!(bank_client
-        .send_and_confirm_message(
-            &[&mint_keypair, &program_keypair, &upgrade_authority_keypair],
-            message
-        )
-        .is_ok());
-
     fn truncate_data(account: &mut AccountSharedData, len: usize) {
         let mut data = account.data().to_vec();
         data.truncate(len);

svm-feature-set/src/lib.rs

@@ -1,6 +1,5 @@
 #[derive(Clone, Copy, Default)]
 pub struct SVMFeatureSet {
-    pub lift_cpi_caller_restriction: bool,
     pub move_precompile_verification_to_svm: bool,
     pub remove_accounts_executable_flag_checks: bool,
     pub bpf_account_data_direct_mapping: bool,
@@ -43,7 +42,6 @@ pub struct SVMFeatureSet {
 impl SVMFeatureSet {
     pub fn all_enabled() -> Self {
         Self {
-            lift_cpi_caller_restriction: true,
             move_precompile_verification_to_svm: true,
             remove_accounts_executable_flag_checks: true,
             bpf_account_data_direct_mapping: true,