From: Matt Corallo <git@bluematt.me>
Date: Wed, 23 Feb 2022 22:06:33 +0000 (+0000)
Subject: Ignore .tmp files when loading ChannelMonitors in persister
X-Git-Tag: v0.0.105~6^2
X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=a2a90ee959ee5bd1b653ea5c0ef22bf1ef7bb3f8;p=rust-lightning

Ignore .tmp files when loading ChannelMonitors in persister

If we are in the middle of persisting an update to a
`ChannelMonitor` when we shutdown (or crash), we'll start up with
a .tmp file lying around. We should ignore it, as failure to
return from the update call should have prevented the
`ChannelManager` from taking any irrevocable action based on the
update.

We're somewhat protected from any filesystem inconsistency behavior
as the `ChannelManager` will refuse to load if we're outright
missing `ChannelMonitor`s.

Fixes #1330.
---

diff --git a/lightning-persister/src/lib.rs b/lightning-persister/src/lib.rs
index 558f4b8f..b8212f0f 100644
--- a/lightning-persister/src/lib.rs
+++ b/lightning-persister/src/lib.rs
@@ -122,6 +122,12 @@ impl FilesystemPersister {
 					"Invalid ChannelMonitor file name",
 				));
 			}
+			if filename.unwrap().ends_with(".tmp") {
+				// If we were in the middle of committing an new update and crashed, it should be
+				// safe to ignore the update - we should never have returned to the caller and
+				// irrevocably committed to the new state in any way.
+				continue;
+			}
 
 			let txid = Txid::from_hex(filename.unwrap().split_at(64).0);
 			if txid.is_err() {