-
Notifications
You must be signed in to change notification settings - Fork 36.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backport wtxid orphan fetch to v0.20 #20317
Conversation
Based on a commit by Anthony Towns.
…essing Otherwise log that an unknown inv type was received. In inv processing, when handling transaction type inv messages, ToGenTxid() expects that we constructed the CInv ourselves or that we verified that it is for a transaction type CInv. Therefore, change this 'else' branch into an 'else if tx in inv type' to make this safer and log any inv that fall through.
I don't understand why this should be done at this point, I believe #19620 addressed the (limited) justification for backporting wtxid relay. Am I confused? |
This was discussed in the IRC meeting on July 30th: http://www.erisian.com.au/meetbot/bitcoin-core-dev/2020/bitcoin-core-dev.2020-07-30-19.00.log.html#l-47
#19569 should really have been a part of the original wtxid relay PR. It makes sense to backport them together. I only didn't include this in #19606 to make review easier. |
I am confused by this discussion.
Wtxid relay is not a requirement for taproot. Without #19620 there was a narrow justification, though I don't think too big of one, but with 19620 in place there isn't any duplicated fetching-- so there is no connection to taproot anymore.
At the time of this statement people weren't aware that this change relay introduced a crash vulnerability (which was accidentally fixed by a separate re-factoring change). But people didn't need to be aware, because that's the reason that features aren't normally backported unless there is a really good reason. But even after reading that discussion, I don't see any reason why this or wtxid relay should be backported to 0.20. Unless I'm missing something this (and 19606) is a pure feature backport, but I don't know the reason for doing it because I don't see it in the discussion-- what I see given (that it's needed for taproot) just isn't true. Am I missing something in the discussion? |
That wasn't the reason given for backporting. The reason for backporting was not that it was a requirement for taproot. It was discussed as being an independently useful change. wtxid relay has been wanted since segwit was introduced (#8279), the feature was developed against 0.20, and missed feature freeze by a few weeks, so was a trivial backport.
The crash vulnerability that you're refering to wasn't introduced in #18044. It came in commit I still think it's useful to have wtxid relay widely deployed (and also have the ability to request orphan parents from wtxid peers). If other people disagree, then we can close this PR. |
The crash bug has been introduced in neither of those feature prs. It has been introduced (and fixed) in the refactoring pr. If it was introduced in a pr different from one that fixed it, it would be highly alarming because our fuzzers are meaningless and can't even find the most trivial crash seed. A side effect of The bug has been introduced by splitting |
As the person who identified the condition which triggers the bug and reported it to
That seems somewhat hyperbolic :) FWIW I found the bug by fuzzing using one of the fuzzers in our repo (with a one line downstream change). |
No, the bug was introduced in bitcoin/src/net_processing.cpp Line 2681 in 9efd86a
|
Why? I'm not following why this bundle of features is atypically important. Wtxid relay is a fine change overall in the long term, but part of the reason it took a long time to do is because it wasn't especially important. |
That matches my understanding -- the risk was that if taproot was deployed, then nodes running 0.20 and earlier would see soft-rejects txs spending taproot UTXOs, but only due to the witness being non-standard, so would re-request the tx from each other peer that advertised the tx, wasting bandwidth. But #19681 and #19680 fixed this in 0.19 and 0.20 already. But that's an argument for why #19606 wasn't necessary; this PR fixes a regression in orphan handling introduced by that change. |
fa4234d test: Mock IBD in net_processing fuzzers (MarcoFalke) Pull request description: Without this the fuzzers fail to detect trivial crasher bugs, such as bitcoin/bitcoin#20317 (comment) ACKs for top commit: practicalswift: Tested ACK fa4234d Tree-SHA512: ce5da5c0a604b7559805a98ffdde882b44ca4f91b003b493d6e1be230714ce4cccb11dbfc1fc175f9d8fc779551c0a4103ceb4b473552928207d7d78ae329e10
fa4234d test: Mock IBD in net_processing fuzzers (MarcoFalke) Pull request description: Without this the fuzzers fail to detect trivial crasher bugs, such as bitcoin#20317 (comment) ACKs for top commit: practicalswift: Tested ACK fa4234d Tree-SHA512: ce5da5c0a604b7559805a98ffdde882b44ca4f91b003b493d6e1be230714ce4cccb11dbfc1fc175f9d8fc779551c0a4103ceb4b473552928207d7d78ae329e10
fa4234d877ea3193bfd0e18ff68dcb8fb84b47b5 test: Mock IBD in net_processing fuzzers (MarcoFalke) Pull request description: Without this the fuzzers fail to detect trivial crasher bugs, such as bitcoin/bitcoin#20317 (comment) ACKs for top commit: practicalswift: Tested ACK fa4234d877ea3193bfd0e18ff68dcb8fb84b47b5 Tree-SHA512: ce5da5c0a604b7559805a98ffdde882b44ca4f91b003b493d6e1be230714ce4cccb11dbfc1fc175f9d8fc779551c0a4103ceb4b473552928207d7d78ae329e10 Former-commit-id: bf9794723ebf37244ccdae86754d422345ea6c52
Due to the other bugfixes in the 0.20 branch, we should be aiming for a release soon. wtxid relay and this followup are not a regression bugfix, so if they don't receive enough review to make it in soon, or are controversial, we should drop them or postpone them to the next minor release in the 0.20 series. |
I probably contributed to the initial sentiment that wtxid relay was particularly important as a feature. Since the immediate concern about BIP340-342 deployment is addressed through #19620, that's not really the case (anymore). So I think we should take both wtxid relay and this PR in 0.20, or neither. I believe that just wtxid relay may be a slight regression as it may hurt orphan handling once wtxid peers are widespread. If reverting wtxid relay from the 0.20 branch is easy, that's probably the best option. |
Done in #20399 |
I am catching up on the IRC backlog: https://bitcoin.jonasschnelli.ch/ircmeetings/logs/bitcoin-core-dev/2020/bitcoin-core-dev.2020-11-17-15.00.moin.txt @jnewbery Is this still relevant or can this be closed? |
This can be closed. We agreed at the meeting to revert 19606. |
fa074d2 Revert "Merge #19606: Backport wtxid relay to v0.20" (MarcoFalke) Pull request description: The 0.20 branch has bugfixes that should be released. However, a tag can currently not be created because the latest merge introduced a regression and is not a bugfix (#20317 (comment), #20317 (comment)). Fix that by reverting the last merge. Can be reviewed by re-doing the revert or calling `git diff HEAD HEAD~2 | wc` and observing an empty diff. ACKs for top commit: laanwj: Code review ACK fa074d2 Tree-SHA512: 1a1314b9bb85f44696dc307845e80292998d6c9c000e7386c48405e74400d9cd22be6996e555f198da917e04024a1c8e609dfd830759a27fe4070168b0d272bb
wtxid relay (#18044) was backported to 0.20 in #19606. This PR backports the follow-up "Enable fetching of orphan parents from wtxid peers" #19569.
Also included is commit p2p: ensure inv is GenMsgTx before ToGenTxid in inv processing from #19610 to prevent a possible remote crash bug.