wallet: Fix migration of wallets with txs that have both spendable and watchonly outputs #28868
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
|
It seems like there's a random failure happening where something in BDB is |
|
I also get a test failure at 65b2da9 about half the time. With the first commit a47f220 this test doesn't fail (at least not the first ten times I tried). |
|
While trying to test the first commit, I ran into something odd. It seems that an empty watch-only wallet legacy is treated as a descriptor wallet by
That results in: Once I import an address it does migrate. |
|
Other than that a47f220 works. Without it, when migrating a watch-only wallet it rescans from the wallet birth height. With it, it does not rescan. The test in f06b5c0 also catches it if you revert the commit. Regarding 65b2da9 this gets a bit unwieldy because there are many places the migration can fail. Maybe just let the caller The test in 412c34b also catches the issue if you revert 4dab813, so that's good. |
|
Is (some part of) this meant for backport to 26.x? |
With the current test failure that is hard to debug, no. |
There was a problem hiding this comment.
Nice findings 👌🏼.
I haven't gone deeper over the BDB freeing issue within this context yet. But, can report that in the branch where I changed the underlying db migration mechanism (link), I haven't encountered the issue. I just pulled and ran all this PR new tests there and they all pass successfully in a loop.
One of the ideas of this work is to fix failures like 65b2da9 and others in a safer manner. But can find the detailed reasoning behind it here #28609 (comment).
Note: the all-in-one commit in my branch is currently quite messy. The priority was to validate the feasibility of the approach first. Ensuring all tests pass before making any code cleanup and atomic commits reorg.
Will try to submit a PR with the changes next week.
This is a separate issue in master. I've opened #28976 to address it. |
412c34b to
0cf1ae5
Compare
|
Figured out the random failure, should be all working now. |
There was a problem hiding this comment.
ha, made the same change two hours ago. furszy@193e0c9. Will review.
0cf1ae5 to
b093e5e
Compare
c11c404 tests: Test migration of blank wallets (Andrew Chow) 563b2a6 wallet: Better error message when missing LegacySPKM during migration (Andrew Chow) b1d2c77 wallet: Check for descriptors flag before migration (Andrew Chow) 8c127ff wallet: Skip key and script migration for blank wallets (Andrew Chow) Pull request description: Blank wallets (wallets without any keys are scripts) are being detected as already being descriptor wallets even though they are not. This is because the check for whether a wallet is already a descriptor wallet uses the presence of a `LegacyScriptPubKeyMan` which is only setup when keys or scripts are found. This PR resolves this issue by checking for the descriptor wallet flag instead and subsequently skipping the keys and scripts part of migration for blank wallets. Fixes the issue mentioned in #28868 (comment) ACKs for top commit: furszy: reACK c11c404. CI failure is unrelated. ryanofsky: Code review ACK c11c404 Tree-SHA512: 2466fdf1542eb8489c841253191f85dc88365493f0bb3395b67dee3e43709a9993c68b9d7623657b54b779adbe68fc81962d60efef4802c5d461f154167af7f4
There was a problem hiding this comment.
Code review ACK b093e5e, but only lightly reviewed the tests.
This PR has a merge conflict currently so needs to be updated. Also I think the place where reload_wallet lamba is moved is a little unsafe so would suggest changing that (see below).
When migrating, we should also be writing the bestblock record to the watchonly and solvable wallets to avoid rescanning on the reload as that can be slow.
Migration will unload loaded wallets prior to beginning. It will then perform some checks which may exit early. Such unloaded wallets should be reloaded prior to exiting.
We want to make sure that all of the transactions are being copied to the watchonly and solvable wallets as expected. The automatic rescanning behavior can cause us to pass a test by finding the transaction on loading rather than having it be copied as expected.
It is possible for a transaction that has an output that belongs to the mgirated wallet, and another output that belongs to the watchonly wallet. Such transaction should appear in both wallets during migration.
b093e5e to
4da76ca
Compare
There was a problem hiding this comment.
Code review ACK 4da76ca. This looks great. The code is actually cleaner than before, two bugs are fixed, and the test checking for rescanning is pretty clever and broadens test coverage.
I left a review comment about improving derivation of wallet paths in the MigrateLegacyToDescriptor function, but that isn't really about this PR and would be better addressed in a separate followup.
| // Reload the main wallet | ||
| wallet_dirs.insert(fs::PathFromString(local_wallet->GetDatabase().Filename()).parent_path()); |
There was a problem hiding this comment.
In commit "wallet: Reload the wallet if migration exited early" (78ba0e6)
Not related to this PR, but I think the fs::PathFromString(wallet->GetDatabase().Filename()).parent_path() expression repeated throughout this function is unnecessarily verbose and also potentially dangerous if it is used in another context, or if the surrounding context changes.
It happens to be safe currently, because we know this code is only called after MigrateToSQLite is called, so the database FileName() method will always return the path to a file in a wallet subdirectory. But in other contexts wallet->GetDatabase().Filename() could return the path to a file in a top level wallets directory, or even a top level data directory, so calling fs::remove_all(fs::PathFromString(wallet->GetDatabase().Filename()).parent_path()) could wipe out a lot of other data not part of the wallet we are trying to delete.
To fix this as a start, I think we should be deleting the original wallet path
AbsPathJoin(GetWalletDir(), fs::PathFromString(wallet->GetName())), not the parent of the path of the database inside the wallet. It would also be good to move away from using fs::remove_all which could delete a lot of files unintentially, and instead write a wallet delete function that only deletes files we know about.
|
If @furszy wants to re-ack, or if someone else adds a review, I think this could be merged |
| if (local_wallet->IsWalletFlagSet(WALLET_FLAG_DESCRIPTORS)) { | ||
| if (was_loaded) { | ||
| reload_wallet(local_wallet); | ||
| } | ||
| return util::Error{_("Error: This wallet is already a descriptor wallet")}; |
There was a problem hiding this comment.
in 78ba0e6:
I know that this reload_wallet() call shouldn't fail, but it would be good to log the error if it happens (the error string will be set) and inform the user in the error message that they need to reload the wallet manually.
(same for the others)
When migrating, we should also be writing the bestblock record to the watchonly and solvable wallets to avoid rescanning on the reload as that can be slow. Github-Pull: bitcoin#28868 Rebased-From: 9332c7e
Migration will unload loaded wallets prior to beginning. It will then perform some checks which may exit early. Such unloaded wallets should be reloaded prior to exiting. Github-Pull: bitcoin#28868 Rebased-From: 78ba0e6
We want to make sure that all of the transactions are being copied to the watchonly and solvable wallets as expected. The automatic rescanning behavior can cause us to pass a test by finding the transaction on loading rather than having it be copied as expected. Github-Pull: bitcoin#28868 Rebased-From: 71cb28e
It is possible for a transaction that has an output that belongs to the mgirated wallet, and another output that belongs to the watchonly wallet. Such transaction should appear in both wallets during migration. Github-Pull: bitcoin#28868 Rebased-From: c62a8d0
Github-Pull: bitcoin#28868 Rebased-From: 4da76ca
A transaction does not necessarily have to belong to either the migrated wallet (with the private keys) and the watchonly wallet (with watchonly things), it could have multiple outputs with each isminetype. So we should be putting such transactions in one or the other wallet, but rather putting it in both.
I've added a test for this behavior, however the test also revealed a few other issues. Notably, it revealed that
migratewalletwould have the watchonly wallet rescan from genesis when it is reloaded at the end of migration. This could be a cause for migration appearing to be very slow. This is resolved by first writing best block records to the watchonly and solvable wallets, as well as updating the test to make sure that rescans don't happen.The change to avoid rescans also found an issue where some of our early exits would result in unloading the wallet even though nothing happened. So there is also a commit to reload the wallet for such early exits.