fix(llmq): retain signHash marker on recSig truncation and drop late sigShares

PastaPastaPasta · PastaPastaPasta · commit d15ce14d6d99 · 2025-11-20T18:31:59.000-06:00
- Problem: After we process a recovered signature, TruncateRecoveredSig removes the id/signHash indexes (rs_r/rs_s). A very late sigShare for
    that session then sees HasRecoveredSigForId as false, recreates a session, and eventually times out, even though we already finished the
    session.
  - Behavior change: Keep the rs_s entry (signHash -&gt; 1) when truncating recovered sigs so HasRecoveredSigForSession(signHash) stays true after
    truncation. Cleanup still removes the remaining keys when appropriate.
  - Handling late shares: CSigSharesManager::ProcessMessageSigShare now also checks HasRecoveredSigForSession and logs/drops sigShares for sessions
    already completed, preventing “zombie” sessions/timeouts.
  - Notes: This leaves the recSig hash path (rs_h) unchanged; full deletions (conflict/cleanup) still remove all indexes. No extra caching
    insertions to keep behavior parallel to rs_h.
diff --git a/src/llmq/signing.cpp b/src/llmq/signing.cpp
@@ -183,8 +183,8 @@ void CRecoveredSigsDb::RemoveRecoveredSig(CDBBatch& batch, Consensus::LLMQType l
     batch.Erase(k2);
     if (deleteHashKey) {
         batch.Erase(k3);
+        batch.Erase(k4);
     }
-    batch.Erase(k4);
 
     if (deleteTimeKey) {
         CDataStream writeTimeDs(SER_DISK, CLIENT_VERSION);
@@ -199,8 +199,8 @@ void CRecoveredSigsDb::RemoveRecoveredSig(CDBBatch& batch, Consensus::LLMQType l
 
     LOCK(cs_cache);
     hasSigForIdCache.erase(std::make_pair(recSig.getLlmqType(), recSig.getId()));
-    hasSigForSessionCache.erase(signHash.Get());
     if (deleteHashKey) {
+        hasSigForSessionCache.erase(signHash.Get());
         hasSigForHashCache.erase(recSig.GetHash());
     }
 }
diff --git a/src/llmq/signing.h b/src/llmq/signing.h
@@ -204,8 +204,8 @@ class CSigningManager
 
     // This is called when a recovered signature can be safely removed from the DB. This is only safe when some other
     // mechanism prevents possible conflicts. As an example, ChainLocks prevent conflicts in confirmed TXs InstantSend votes
-    // This won't completely remove all traces of the recovered sig but instead leave the hash entry in the DB. This
-    // allows AlreadyHave to keep returning true. Cleanup will later remove the remains
+    // This won't completely remove all traces of the recovered sig but instead leave the hash and signHash entries in the
+    // DB. This allows AlreadyHave/late-share filtering to keep returning true. Cleanup will later remove the remains
     void TruncateRecoveredSig(Consensus::LLMQType llmqType, const uint256& id);
 
 private:
diff --git a/src/llmq/signing_shares.cpp b/src/llmq/signing_shares.cpp
@@ -503,14 +503,23 @@ void CSigSharesManager::ProcessMessageSigShare(NodeId fromId, const CSigShare& s
         return;
     }
 
+    const auto signHash = sigShare.GetSignHash();
+    const bool alreadyRecovered = sigman.HasRecoveredSigForId(sigShare.getLlmqType(), sigShare.getId()) ||
+                                  sigman.HasRecoveredSigForSession(signHash);
+
     {
         LOCK(cs);
 
-        if (sigShares.Has(sigShare.GetKey())) {
+        if (alreadyRecovered) {
+            LogPrint(BCLog::LLMQ_SIGS,
+                     "CSigSharesManager::%s -- dropping sigShare for recovered session. signHash=%s, id=%s, "
+                     "msgHash=%s, member=%d, node=%d\n",
+                     __func__, signHash.ToString(), sigShare.getId().ToString(), sigShare.getMsgHash().ToString(),
+                     sigShare.getQuorumMember(), fromId);
             return;
         }
 
-        if (sigman.HasRecoveredSigForId(sigShare.getLlmqType(), sigShare.getId())) {
+        if (sigShares.Has(sigShare.GetKey())) {
             return;
         }
 
@@ -519,7 +528,7 @@ void CSigSharesManager::ProcessMessageSigShare(NodeId fromId, const CSigShare& s
     }
 
     LogPrint(BCLog::LLMQ_SIGS, "CSigSharesManager::%s -- signHash=%s, id=%s, msgHash=%s, member=%d, node=%d\n", __func__,
-             sigShare.GetSignHash().ToString(), sigShare.getId().ToString(), sigShare.getMsgHash().ToString(), sigShare.getQuorumMember(), fromId);
+             signHash.ToString(), sigShare.getId().ToString(), sigShare.getMsgHash().ToString(), sigShare.getQuorumMember(), fromId);
 }
 
 bool CSigSharesManager::PreVerifyBatchedSigShares(const CActiveMasternodeManager& mn_activeman, const CQuorumManager& quorum_manager,

Original file line number	Diff line number	Diff line change
`@@ -183,8 +183,8 @@ void CRecoveredSigsDb::RemoveRecoveredSig(CDBBatch& batch, Consensus::LLMQType l`
`183`	`183`	`batch.Erase(k2);`
`184`	`184`	`if (deleteHashKey) {`
`185`	`185`	`batch.Erase(k3);`
	`186`	`+ batch.Erase(k4);`
`186`	`187`	`}`
`187`		`- batch.Erase(k4);`
`188`	`188`
`189`	`189`	`if (deleteTimeKey) {`
`190`	`190`	`CDataStream writeTimeDs(SER_DISK, CLIENT_VERSION);`
`@@ -199,8 +199,8 @@ void CRecoveredSigsDb::RemoveRecoveredSig(CDBBatch& batch, Consensus::LLMQType l`
`199`	`199`
`200`	`200`	`LOCK(cs_cache);`
`201`	`201`	`hasSigForIdCache.erase(std::make_pair(recSig.getLlmqType(), recSig.getId()));`
`202`		`- hasSigForSessionCache.erase(signHash.Get());`
`203`	`202`	`if (deleteHashKey) {`
	`203`	`+ hasSigForSessionCache.erase(signHash.Get());`
`204`	`204`	`hasSigForHashCache.erase(recSig.GetHash());`
`205`	`205`	`}`
`206`	`206`	`}`
Original file line number	Diff line number	Diff line change
`@@ -503,14 +503,23 @@ void CSigSharesManager::ProcessMessageSigShare(NodeId fromId, const CSigShare& s`
`503`	`503`	`return;`
`504`	`504`	`}`
`505`	`505`
	`506`	`+ const auto signHash = sigShare.GetSignHash();`
	`507`	`+ const bool alreadyRecovered = sigman.HasRecoveredSigForId(sigShare.getLlmqType(), sigShare.getId()) \|\|`
	`508`	`+ sigman.HasRecoveredSigForSession(signHash);`
	`509`	`+`
`506`	`510`	`{`
`507`	`511`	`LOCK(cs);`
`508`	`512`
`509`		`- if (sigShares.Has(sigShare.GetKey())) {`
	`513`	`+ if (alreadyRecovered) {`
	`514`	`+ LogPrint(BCLog::LLMQ_SIGS,`
	`515`	`+ "CSigSharesManager::%s -- dropping sigShare for recovered session. signHash=%s, id=%s, "`
	`516`	`+ "msgHash=%s, member=%d, node=%d\n",`
	`517`	`+ __func__, signHash.ToString(), sigShare.getId().ToString(), sigShare.getMsgHash().ToString(),`
	`518`	`+ sigShare.getQuorumMember(), fromId);`
`510`	`519`	`return;`
`511`	`520`	`}`
`512`	`521`
`513`		`- if (sigman.HasRecoveredSigForId(sigShare.getLlmqType(), sigShare.getId())) {`
	`522`	`+ if (sigShares.Has(sigShare.GetKey())) {`
`514`	`523`	`return;`
`515`	`524`	`}`
`516`	`525`
`@@ -519,7 +528,7 @@ void CSigSharesManager::ProcessMessageSigShare(NodeId fromId, const CSigShare& s`
`519`	`528`	`}`
`520`	`529`
`521`	`530`	`LogPrint(BCLog::LLMQ_SIGS, "CSigSharesManager::%s -- signHash=%s, id=%s, msgHash=%s, member=%d, node=%d\n", __func__,`
`522`		`- sigShare.GetSignHash().ToString(), sigShare.getId().ToString(), sigShare.getMsgHash().ToString(), sigShare.getQuorumMember(), fromId);`
	`531`	`+ signHash.ToString(), sigShare.getId().ToString(), sigShare.getMsgHash().ToString(), sigShare.getQuorumMember(), fromId);`
`523`	`532`	`}`
`524`	`533`
`525`	`534`	`bool CSigSharesManager::PreVerifyBatchedSigShares(const CActiveMasternodeManager& mn_activeman, const CQuorumManager& quorum_manager,`