Received: (at 46330) by debbugs.gnu.org; 5 Feb 2021 17:13:23 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 05 12:13:23 2021 Received: from localhost ([127.0.0.1]:44626 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1l84fR-0007Yn-K8 for submit <at> debbugs.gnu.org; Fri, 05 Feb 2021 12:13:23 -0500 Received: from eggs.gnu.org ([209.51.188.92]:60050) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1l84fP-0007YY-6R for 46330 <at> debbugs.gnu.org; Fri, 05 Feb 2021 12:13:12 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:48355) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1l84fK-00016C-1C for 46330 <at> debbugs.gnu.org; Fri, 05 Feb 2021 12:13:06 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=36232 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1l84fH-0004iD-Gv for 46330 <at> debbugs.gnu.org; Fri, 05 Feb 2021 12:13:04 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: 46330 <at> debbugs.gnu.org Subject: Re: bug#46330: Guile-provided GMP allocators interfere with GnuTLS References: <87v9b61md4.fsf@HIDDEN> Date: Fri, 05 Feb 2021 18:13:02 +0100 In-Reply-To: <87v9b61md4.fsf@HIDDEN> ("Ludovic =?utf-8?Q?Court=C3=A8s=22?= =?utf-8?Q?'s?= message of "Fri, 05 Feb 2021 17:59:51 +0100") Message-ID: <87im761lr5.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 46330 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s <ludo@HIDDEN> skribis: > In a nutshell, Guile installs its own GMP memory allocation routines > (when =E2=80=98scm_install_gmp_memory_functions=E2=80=99 is true, which i= s the default) > so that GMP allocates via libgc. GnuTLS uses Nettle, which uses GMP, so > Nettle too ends up allocating via libgc; however, since pointers to that > memory are not scanned by libgc, they end up being reclaimed early. One of the solutions is to set: scm_install_gmp_memory_functions =3D 0; in Guile, as Andy suggested on IRC, but it incurs a performance hit on bignum-heavy applications such as the compiler: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D964284#78 However, since Guix now uses its own =E2=80=98guile=E2=80=99 binary, we can= work around the issue like so: --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable diff --git a/gnu/packages/aux-files/guile-launcher.c b/gnu/packages/aux-fil= es/guile-launcher.c index 1dd5d77e66..814084e032 100644 --- a/gnu/packages/aux-files/guile-launcher.c +++ b/gnu/packages/aux-files/guile-launcher.c @@ -1,5 +1,5 @@ /* GNU Guix --- Functional package management for GNU - Copyright 1996-1997,2000-2001,2006,2008,2011,2013,2018,2020 + Copyright 1996-1997,2000-2001,2006,2008,2011,2013,2018,2020,2021 Free Software Foundation, Inc. Copyright (C) 2020 Ludovic Court=C3=A8s <ludo@HIDDEN> =20 @@ -82,7 +82,10 @@ main (int argc, char **argv) unsetenv ("GUILE_LOAD_PATH"); unsetenv ("GUILE_LOAD_COMPILED_PATH"); =20 - scm_install_gmp_memory_functions =3D 1; + /* XXX: Do not let GMP allocate via libgc as this can lead to memory + corruption in GnuTLS/Nettle: <https://issues.guix.gnu.org/46330>. */ + scm_install_gmp_memory_functions =3D 0; + scm_boot_guile (argc, argv, inner_main, 0); return 0; /* never reached */ } --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable The advantage of this hack is that we still get to use upstream =E2=80=98gu= ile=E2=80=99 for compilation purposes (with no performance hit), and we use our own =E2=80=9Csafe=E2=80=9D =E2=80=98guile=E2=80=99 executable for stuff that ma= y use GnuTLS, in particular =E2=80=98guix substitute=E2=80=99 and =E2=80=98guix perform-download=E2=80= =99. There may still be a few cases where we=E2=80=99d use stock =E2=80=98guile= =E2=80=99 together with GnuTLS. The only example that comes to mind is when calling =E2=80=98download-nar=E2=80=99 or =E2=80=98swh-download=E2=80=99 as a fallb= ack in (guix git-download). That=E2=80=99s quite rare though. So I think that the above is a workaround we could deploy right away. It should allow us to wait until we have Guile on mini-GMP. Thoughts? Ludo=E2=80=99. --=-=-=--
bug-guix@HIDDEN
:bug#46330
; Package guix
.
Full text available.Ludovic Courtès <ludo@HIDDEN>
to control <at> debbugs.gnu.org
.
Full text available.Received: (at submit) by debbugs.gnu.org; 5 Feb 2021 16:59:58 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 05 11:59:58 2021 Received: from localhost ([127.0.0.1]:44605 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1l84Sc-0007Bw-93 for submit <at> debbugs.gnu.org; Fri, 05 Feb 2021 11:59:58 -0500 Received: from lists.gnu.org ([209.51.188.17]:53766) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1l84Sa-0007Bp-RA for submit <at> debbugs.gnu.org; Fri, 05 Feb 2021 11:59:57 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:45634) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1l84Sa-00068X-FS for bug-guix@HIDDEN; Fri, 05 Feb 2021 11:59:56 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:47942) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1l84Sa-0003lK-6R for bug-guix@HIDDEN; Fri, 05 Feb 2021 11:59:56 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=36220 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1l84SX-0008Bh-6o for bug-guix@HIDDEN; Fri, 05 Feb 2021 11:59:54 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: bug-guix@HIDDEN Subject: Guile-provided GMP allocators interfere with GnuTLS X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 17 =?utf-8?Q?Pluvi=C3=B4se?= an 229 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 05 Feb 2021 17:59:51 +0100 Message-ID: <87v9b61md4.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Fellow Debian hackers identified a bug causing memory corruption in Nettle data structures used by GnuTLS when GnuTLS is used from Guile: https://bugs.debian.org/964284 In a nutshell, Guile installs its own GMP memory allocation routines (when =E2=80=98scm_install_gmp_memory_functions=E2=80=99 is true, which is = the default) so that GMP allocates via libgc. GnuTLS uses Nettle, which uses GMP, so Nettle too ends up allocating via libgc; however, since pointers to that memory are not scanned by libgc, they end up being reclaimed early. In practice, memory corruption is relatively rare, to the point that we did not notice it in Guix. In Debian, it would lead to a failure of the =E2=80=98tests/reauth.scm=E2=80=99 test in GnuTLS. With minor modification= s to the test, as noted in the thread above, I can reproduce it on Guix as well. The thread above mentions possible workaround, but there=E2=80=99s nothing satisfactory. The longer-term solution is to use mini-GMP in Guile (which is also nice as a way to reduce dependencies). To be continued=E2=80=A6 Ludo=E2=80=99.
Ludovic Courtès <ludo@HIDDEN>
:bug-guix@HIDDEN
.
Full text available.bug-guix@HIDDEN
:bug#46330
; Package guix
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.