jnewbery
commented at 3:38 pm on November 5, 2020:
member
wtxid relay (#18044) was backported to 0.20 in #19606. This PR backports the follow-up “Enable fetching of orphan parents from wtxid peers” #19569.
Also included is commit p2p: ensure inv is GenMsgTx before ToGenTxid in inv processing from #19610 to prevent a possible remote crash bug.
doc: list support for BIP 339 in doc/bips.mdb456adae6e
refactor: add GenTxid (=txid or wtxid) type and use it for tx request logic71017eefca
p2p: enable fetching of orphans from wtxid peers
Based on a commit by Anthony Towns.
fefafe3937
test: request parents of orphan from wtxid relay peerf160607c72
[net processing] ensure inv is a tx type before ToGenTxid in inv processing
Otherwise log that an unknown inv type was received.
In inv processing, when handling transaction type inv messages,
ToGenTxid() expects that we constructed the CInv ourselves or that we
verified that it is for a transaction type CInv.
Therefore, change this 'else' branch into an 'else if tx in inv type' to
make this safer and log any inv that fall through.
961b02dd75
jnewbery added the label
Backport
on Nov 5, 2020
jnewbery added the label
P2P
on Nov 5, 2020
jnewbery added this to the milestone 0.20.2
on Nov 5, 2020
gmaxwell
commented at 7:59 pm on November 5, 2020:
contributor
I don’t understand why this should be done at this point, I believe #19620 addressed the (limited) justification for backporting wtxid relay. Am I confused?
jnewbery
commented at 9:36 pm on November 5, 2020:
member
19:25 < wumpus> so the plan is to backport #19606 to 0.20 and #19620 to 0.19 and 0.20?
[…]
19:25 < jnewbery> wumpus: sounds good to me
[…]
19:25 < sdaftuar> sounds good
19:26 < sipa> sounds reasonable if wtxid relay (and followups) are easy to do in 0.20
#19569 should really have been a part of the original wtxid relay PR. It makes sense to backport them together. I only didn’t include this in #19606 to make review easier.
fanquake
commented at 7:38 am on November 6, 2020:
member
It’s too late for #19606, however this PR is also missing the GitHub-Pull: # and Rebased-From: metadata. See #20166 for an example.
gmaxwell
commented at 7:57 am on November 6, 2020:
contributor
I am confused by this discussion.
19:16:35 we can make an exception to normallly not backporting p2p features as it’s requirement for taproot
Wtxid relay is not a requirement for taproot. Without #19620 there was a narrow justification, though I don’t think too big of one, but with 19620 in place there isn’t any duplicated fetching– so there is no connection to taproot anymore.
19:15:08 my opinion is that there’s no strong reason not to backport wtxid relay to 0.20.
At the time of this statement people weren’t aware that this change relay introduced a crash vulnerability (which was accidentally fixed by a separate re-factoring change). But people didn’t need to be aware, because that’s the reason that features aren’t normally backported unless there is a really good reason.
But even after reading that discussion, I don’t see any reason why this or wtxid relay should be backported to 0.20. Unless I’m missing something this (and 19606) is a pure feature backport, but I don’t know the reason for doing it because I don’t see it in the discussion– what I see given (that it’s needed for taproot) just isn’t true.
Am I missing something in the discussion?
jnewbery
commented at 10:22 am on November 6, 2020:
member
19:16:35 we can make an exception to normallly not backporting p2p features as it’s requirement for taproot
That wasn’t the reason given for backporting. The reason for backporting was not that it was a requirement for taproot. It was discussed as being an independently useful change. wtxid relay has been wanted since segwit was introduced (#8279), the feature was developed against 0.20, and missed feature freeze by a few weeks, so was a trivial backport.
people weren’t aware that this change relay introduced a crash vulnerability (which was accidentally fixed by a separate re-factoring change)
The crash vulnerability that you’re refering to wasn’t introduced in #18044. It came in commit 9efd86a (#19569) in the follow-up PR. It wasn’t ‘accidentally fixed by a separate refactoring change’ - I explicitly pointed out the problem in review here: #19569 (review), and wrote a fix here: fb56d37 (#19610), which was included in the follow-up PR. I’ve also included that commit in this backport.
I still think it’s useful to have wtxid relay widely deployed (and also have the ability to request orphan parents from wtxid peers). If other people disagree, then we can close this PR.
MarcoFalke
commented at 11:30 am on November 6, 2020:
member
The crash bug has been introduced in neither of those feature prs. It has been introduced (and fixed) in the refactoring pr. If it was introduced in a pr different from one that fixed it, it would be highly alarming because our fuzzers are meaningless and can’t even find the most trivial crash seed.
A side effect of AlreadyHave was to (also) skip requesting of the tx with unknown type flags. AlreadyHave is still used in 0.20, so the last commit does not necessarily need backport. As in: The commit doesn’t fix an exploitable bug that exists anywhere prior to it.
The bug has been introduced by splitting AlreadyHave (commit 42ca5618cae0fd9ef97d2006b17d896bc58cc17c) and then fixed later by adding the sanity check (commit fb56d37612dea6666e7da73d671311a697570dae) in the same refactoring pr.
practicalswift
commented at 12:07 pm on November 6, 2020:
contributor
The crash bug has been introduced in neither of those feature prs. It has been introduced (and fixed) in the refactoring pr.
As the person who identified the condition which triggers the bug and reported it to security@bitcoincore.org (with a working PoC) I can tell you with certainty that the bug was introduced in #19569 and fixed in #19610 :)
If it was introduced in a pr different from one that fixed it, it would be highly alarming because our fuzzers are meaningless and can’t even find the most trivial crash seed.
That seems somewhat hyperbolic :) FWIW I found the bug by fuzzing using one of the fuzzers in our repo (with a one line downstream change).
jnewbery
commented at 12:08 pm on November 6, 2020:
member
The bug has been introduced by splitting AlreadyHave (commit 42ca561) and then fixed later by adding the sanity check (commit fb56d37) in the same refactoring pr.
MarcoFalke
commented at 1:29 pm on November 6, 2020:
member
Oh, I see my bad. So in 9efd86a it works with only type MSG_WITNESS_BLOCK and in 42ca561 in works with any unknown type.
gmaxwell
commented at 4:36 pm on November 7, 2020:
contributor
I still think it’s useful to have wtxid relay widely deployed
Why? I’m not following why this bundle of features is atypically important. Wtxid relay is a fine change overall in the long term, but part of the reason it took a long time to do is because it wasn’t especially important.
ajtowns
commented at 4:59 am on November 9, 2020:
member
I don’t understand why this should be done at this point, I believe #19620 addressed the (limited) justification for backporting wtxid relay. Am I confused?
That matches my understanding – the risk was that if taproot was deployed, then nodes running 0.20 and earlier would see soft-rejects txs spending taproot UTXOs, but only due to the witness being non-standard, so would re-request the tx from each other peer that advertised the tx, wasting bandwidth. But #19681 and #19680 fixed this in 0.19 and 0.20 already.
But that’s an argument for why #19606 wasn’t necessary; this PR fixes a regression in orphan handling introduced by that change.
fanquake deleted a comment
on Nov 9, 2020
fanquake deleted a comment
on Nov 10, 2020
MarcoFalke deleted a comment
on Nov 10, 2020
MarcoFalke deleted a comment
on Nov 10, 2020
MarcoFalke referenced this in commit
fa8dd34e91
on Nov 10, 2020
sidhujag referenced this in commit
bf9794723e
on Nov 11, 2020
willyko referenced this in commit
0587b9108b
on Nov 12, 2020
MarcoFalke
commented at 5:20 pm on November 15, 2020:
member
Due to the other bugfixes in the 0.20 branch, we should be aiming for a release soon. wtxid relay and this followup are not a regression bugfix, so if they don’t receive enough review to make it in soon, or are controversial, we should drop them or postpone them to the next minor release in the 0.20 series.
sipa
commented at 7:39 pm on November 15, 2020:
member
I probably contributed to the initial sentiment that wtxid relay was particularly important as a feature. Since the immediate concern about BIP340-342 deployment is addressed through #19620, that’s not really the case (anymore).
So I think we should take both wtxid relay and this PR in 0.20, or neither. I believe that just wtxid relay may be a slight regression as it may hurt orphan handling once wtxid peers are widespread.
If reverting wtxid relay from the 0.20 branch is easy, that’s probably the best option.
MarcoFalke
commented at 6:52 am on November 16, 2020:
member
If reverting wtxid relay from the 0.20 branch is easy, that’s probably the best option.
This is a metadata mirror of the GitHub repository
bitcoin/bitcoin.
This site is not affiliated with GitHub.
Content is generated from a GitHub metadata backup.
generated: 2024-12-18 21:12 UTC
This site is hosted by @0xB10C More mirrored repositories can be found on mirror.b10c.me