#252 Large account allocations in the BPF System Program
buffalojoecbuffalojoecopened on 2/27/2025
Ideas

In the context of migrating the System program from a builtin to an on-chain BPF program.

Because it's a builtin program, the System program can allocate large accounts, beyond the limits of BPF programs. This is due to the fact that accounts for builtin programs actually live in host memory, so they can be resized with a greater delta than if they were inside the VM.

On the builtin side, host-memory account resizing is limited to MAX_PERMITTED_DATA_LENGTH (10 * 1024 * 1024), while on the BPF side, VM-memory account resizing is limited to MAX_PERMITTED_DATA_INCREASE (1_024 * 10).

One solution is to introduce a syscall that can only be invoked by 11111111111111111111111111111111. This syscall would effectively let System allocate a huge account, but it would invalidate any account references in the VM (AccountInfo) afterward. So, it would have to be the very last thing the System program does.

The potential drawback here is that the VM deserialization stage will check to make sure MAX_PERMITTED_DATA_INCREASE isn't violated, so we'll also need to special-case here, which stinks.

Open to alternative suggestions!

Comments (0)