GNU bug report logs - #46330
Guile-provided GMP allocators interfere with GnuTLS

Message received at 46330-done <at> debbugs.gnu.org:

Received: (at 46330-done) by debbugs.gnu.org; 25 May 2021 20:19:29 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue May 25 16:19:29 2021
Received: from localhost ([127.0.0.1]:47019 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lldWT-0005QQ-FJ
	for submit <at> debbugs.gnu.org; Tue, 25 May 2021 16:19:29 -0400
Received: from eggs.gnu.org ([209.51.188.92]:52408)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1lldWR-0005QA-C2
 for 46330-done <at> debbugs.gnu.org; Tue, 25 May 2021 16:19:28 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:34414)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>) id 1lldWM-0001Wo-66
 for 46330-done <at> debbugs.gnu.org; Tue, 25 May 2021 16:19:22 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38842 helo=ribbon)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1lldWL-0006cg-Q4; Tue, 25 May 2021 16:19:21 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Marius Bakke <marius@HIDDEN>
Subject: Re: bug#46330: Guile-provided GMP allocators interfere with GnuTLS
References: <87v9b61md4.fsf@HIDDEN> <87im761lr5.fsf@HIDDEN>
 <87lfbzxzpy.fsf@HIDDEN> <87tumtqzg3.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 6 Prairial an 229 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Tue, 25 May 2021 22:19:19 +0200
In-Reply-To: <87tumtqzg3.fsf@HIDDEN> (Marius Bakke's message of "Sun, 23 May
 2021 16:47:40 +0200")
Message-ID: <87fsya1s8o.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46330-done
Cc: 46330-done <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi Marius,

Marius Bakke <marius@HIDDEN> skribis:

> Ludovic Court=C3=A8s <ludo@HIDDEN> skriver:
>
>> Ludovic Court=C3=A8s <ludo@HIDDEN> skribis:
>>
>>> One of the solutions is to set:
>>>
>>>   scm_install_gmp_memory_functions =3D 0;
>>
>> Done in a53f711422f63d7e32b8639b968cf00bcc69ffea, followed by an update
>> of the =E2=80=98guix=E2=80=99 package in 63d4b74420563c4e2dbdfa29b3816d1=
dad9cd723.
>>
>> This mostly solves the problem on the Guix side, but the issue remains
>> in GnuTLS.  I practical terms, we could experience random test failures
>> in the guile-gnutls test suite, like the Debian folks did.
>>
>> At the very least we=E2=80=99ll need to work around that possibility in
>> =E2=80=98core-updates=E2=80=99.  We could skip them, or add =E2=80=98gc-=
disable=E2=80=99 calls there.
>> Or we could build GnuTLS against Nettle-with-mini-GMP when that becomes
>> an option.
>>
>> The other option coming up is to build Guile against mini-GMP.  Mike
>> Gran just started looked into it and it may be that 3.0.6 will offer it.
>>
>> I=E2=80=99m keeping the bug open until this is sorted out.
>
> I believe this was sorted with the mini-gmp in Guile 3.0.6.  Please
> reopen if I'm mistaken.  :-)

Definitely; it=E2=80=99s wonderful.  :-)

I adjusted =E2=80=98guile-launcher.c=E2=80=99 accordingly in
d92ee0a8bdc324726e737bf4ef099d75724ce8c9.

Thanks,
Ludo=E2=80=99.

Message received at 46330-done <at> debbugs.gnu.org:

Received: (at 46330-done) by debbugs.gnu.org; 23 May 2021 14:47:51 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun May 23 10:47:51 2021
Received: from localhost ([127.0.0.1]:41543 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lkpOR-0000Pq-HX
	for submit <at> debbugs.gnu.org; Sun, 23 May 2021 10:47:51 -0400
Received: from eggs.gnu.org ([209.51.188.92]:34156)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <marius@HIDDEN>) id 1lkpOP-0000Pe-TQ
 for 46330-done <at> debbugs.gnu.org; Sun, 23 May 2021 10:47:50 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:33290)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <marius@HIDDEN>)
 id 1lkpOK-0002sJ-7u; Sun, 23 May 2021 10:47:44 -0400
Received: from host-37-191-231-185.lynet.no ([37.191.231.185]:42890
 helo=localhost)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <marius@HIDDEN>)
 id 1lkpOJ-0007MI-Ls; Sun, 23 May 2021 10:47:44 -0400
From: Marius Bakke <marius@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 46330-done <at> debbugs.gnu.org
Subject: Re: bug#46330: Guile-provided GMP allocators interfere with GnuTLS
In-Reply-To: <87lfbzxzpy.fsf@HIDDEN>
References: <87v9b61md4.fsf@HIDDEN> <87im761lr5.fsf@HIDDEN>
 <87lfbzxzpy.fsf@HIDDEN>
Date: Sun, 23 May 2021 16:47:40 +0200
Message-ID: <87tumtqzg3.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46330-done
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Ludovic Court=C3=A8s <ludo@HIDDEN> skriver:

> Ludovic Court=C3=A8s <ludo@HIDDEN> skribis:
>
>> One of the solutions is to set:
>>
>>   scm_install_gmp_memory_functions =3D 0;
>
> Done in a53f711422f63d7e32b8639b968cf00bcc69ffea, followed by an update
> of the =E2=80=98guix=E2=80=99 package in 63d4b74420563c4e2dbdfa29b3816d1d=
ad9cd723.
>
> This mostly solves the problem on the Guix side, but the issue remains
> in GnuTLS.  I practical terms, we could experience random test failures
> in the guile-gnutls test suite, like the Debian folks did.
>
> At the very least we=E2=80=99ll need to work around that possibility in
> =E2=80=98core-updates=E2=80=99.  We could skip them, or add =E2=80=98gc-d=
isable=E2=80=99 calls there.
> Or we could build GnuTLS against Nettle-with-mini-GMP when that becomes
> an option.
>
> The other option coming up is to build Guile against mini-GMP.  Mike
> Gran just started looked into it and it may be that 3.0.6 will offer it.
>
> I=E2=80=99m keeping the bug open until this is sorted out.

I believe this was sorted with the mini-gmp in Guile 3.0.6.  Please
reopen if I'm mistaken.  :-)

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIUEARYKAC0WIQRNTknu3zbaMQ2ddzTocYulkRQQdwUCYKprDA8cbWFyaXVzQGdu
dS5vcmcACgkQ6HGLpZEUEHcHMgD/cD1VlvhnW1caal1DZUSzMUltYw0qDZVG2Wq8
ObQ7QZoBALpsLvFU4bRYVq/YJuaMPT/8hdagiBJfE8B+laGKkPsM
=qAfT
-----END PGP SIGNATURE-----
--=-=-=--

Message received at 46330 <at> debbugs.gnu.org:

Received: (at 46330) by debbugs.gnu.org; 7 Feb 2021 22:47:16 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 07 17:47:16 2021
Received: from localhost ([127.0.0.1]:49167 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1l8spn-0001uY-M8
	for submit <at> debbugs.gnu.org; Sun, 07 Feb 2021 17:47:16 -0500
Received: from eggs.gnu.org ([209.51.188.92]:59180)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1l8spk-0001uK-KP
 for 46330 <at> debbugs.gnu.org; Sun, 07 Feb 2021 17:47:15 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:39888)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>) id 1l8spf-00055f-6a
 for 46330 <at> debbugs.gnu.org; Sun, 07 Feb 2021 17:47:07 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=51558 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1l8spe-0000Ri-Ol
 for 46330 <at> debbugs.gnu.org; Sun, 07 Feb 2021 17:47:07 -0500
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: 46330 <at> debbugs.gnu.org
Subject: Re: bug#46330: Guile-provided GMP allocators interfere with GnuTLS
References: <87v9b61md4.fsf@HIDDEN> <87im761lr5.fsf@HIDDEN>
Date: Sun, 07 Feb 2021 23:47:05 +0100
In-Reply-To: <87im761lr5.fsf@HIDDEN> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?=
 =?utf-8?Q?s?= message of "Fri, 05 Feb 2021 18:13:02 +0100")
Message-ID: <87lfbzxzpy.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46330
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Ludovic Court=C3=A8s <ludo@HIDDEN> skribis:

> One of the solutions is to set:
>
>   scm_install_gmp_memory_functions =3D 0;

Done in a53f711422f63d7e32b8639b968cf00bcc69ffea, followed by an update
of the =E2=80=98guix=E2=80=99 package in 63d4b74420563c4e2dbdfa29b3816d1dad=
9cd723.

This mostly solves the problem on the Guix side, but the issue remains
in GnuTLS.  I practical terms, we could experience random test failures
in the guile-gnutls test suite, like the Debian folks did.

At the very least we=E2=80=99ll need to work around that possibility in
=E2=80=98core-updates=E2=80=99.  We could skip them, or add =E2=80=98gc-dis=
able=E2=80=99 calls there.
Or we could build GnuTLS against Nettle-with-mini-GMP when that becomes
an option.

The other option coming up is to build Guile against mini-GMP.  Mike
Gran just started looked into it and it may be that 3.0.6 will offer it.

I=E2=80=99m keeping the bug open until this is sorted out.

Ludo=E2=80=99.

Message received at 46330 <at> debbugs.gnu.org:

Received: (at 46330) by debbugs.gnu.org; 7 Feb 2021 21:25:09 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Feb 07 16:25:09 2021
Received: from localhost ([127.0.0.1]:49012 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1l8rYF-0008Hm-Rd
	for submit <at> debbugs.gnu.org; Sun, 07 Feb 2021 16:25:09 -0500
Received: from eggs.gnu.org ([209.51.188.92]:39098)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1l8rYD-0008HF-TD
 for 46330 <at> debbugs.gnu.org; Sun, 07 Feb 2021 16:25:02 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:38011)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>) id 1l8rY7-00017E-NG
 for 46330 <at> debbugs.gnu.org; Sun, 07 Feb 2021 16:24:55 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=48260 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1l8rY5-000881-SP
 for 46330 <at> debbugs.gnu.org; Sun, 07 Feb 2021 16:24:55 -0500
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: 46330 <at> debbugs.gnu.org
Subject: Re: bug#46330: Guile-provided GMP allocators interfere with GnuTLS
References: <87v9b61md4.fsf@HIDDEN>
Date: Sun, 07 Feb 2021 22:24:52 +0100
In-Reply-To: <87v9b61md4.fsf@HIDDEN> ("Ludovic =?utf-8?Q?Court=C3=A8s=22?=
 =?utf-8?Q?'s?= message of "Fri, 05 Feb 2021 17:59:51 +0100")
Message-ID: <87sg67y3iz.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46330
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Ludovic Court=C3=A8s <ludo@HIDDEN> skribis:

> In a nutshell, Guile installs its own GMP memory allocation routines
> (when =E2=80=98scm_install_gmp_memory_functions=E2=80=99 is true, which i=
s the default)
> so that GMP allocates via libgc.  GnuTLS uses Nettle, which uses GMP, so
> Nettle too ends up allocating via libgc; however, since pointers to that
> memory are not scanned by libgc, they end up being reclaimed early.

For the record, one option I considered is to link GnuTLS against
Nettle-with-mini-GMP, whereby Nettle uses a bundled mini-GMP instead of
mini-GMP.

Another option is to build GnuTLS --with-nettle-mini, where GnuTLS links
against a bundled mini-Nettle, instead linked against a bundled mini-GMP (!=
).

Currently both options lead to build failures in GnuTLS:

  https://lists.gnutls.org/pipermail/gnutls-help/2021-February/004680.html

(Package definitions attached for posterity.)

Ludo=E2=80=99.


--=-=-=
Content-Type: text/x-patch; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

diff --git a/gnu/packages/nettle.scm b/gnu/packages/nettle.scm
index f5e7188ff0..875a858946 100644
--- a/gnu/packages/nettle.scm
+++ b/gnu/packages/nettle.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright =C2=A9 2012, 2013, 2014, 2015 Ludovic Court=C3=A8s <ludo@gnu=
.org>
+;;; Copyright =C2=A9 2012, 2013, 2014, 2015, 2021 Ludovic Court=C3=A8s <lu=
do@HIDDEN>
 ;;; Copyright =C2=A9 2016 Mark H Weaver <mhw@HIDDEN>
 ;;; Copyright =C2=A9 2017 Efraim Flashner <efraim@HIDDEN>
 ;;;
@@ -89,3 +89,12 @@ themselves.")
         ;; Build "fat" binaries where the right implementation is chosen
         ;; at run time based on CPU features (starting from 3.1.)
         `(cons "--enable-fat" ,flags))))))
+
+(define-public nettle/mini-gmp
+  (package/inherit nettle
+    (name "nettle-mini-gmp")
+    (arguments
+     (substitute-keyword-arguments (package-arguments nettle)
+       ((#:configure-flags flags)
+        `(cons "--enable-mini-gmp" ,flags))))
+    (propagated-inputs '())))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 775e915534..fe2ec88a9e 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright =C2=A9 2012, 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovi=
c Court=C3=A8s <ludo@HIDDEN>
+;;; Copyright =C2=A9 2012, 2013, 2014, 2015, 2016, 2017, 2019, 2020, 2021 =
Ludovic Court=C3=A8s <ludo@HIDDEN>
 ;;; Copyright =C2=A9 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netri=
s.org>
 ;;; Copyright =C2=A9 2014 Ian Denhardt <ian@HIDDEN>
 ;;; Copyright =C2=A9 2013, 2015 Andreas Enge <andreas@HIDDEN>
@@ -165,6 +165,7 @@ living in the same process.")
   (package
     (name "gnutls")
     (version "3.6.15")
+    (replacement gnutls/mini-nettle)
     (source (origin
               (method url-fetch)
               ;; Note: Releases are no longer on ftp.gnu.org since the
@@ -256,6 +257,31 @@ required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
=20
+;; (define-public gnutls/nettle-mini-gmp
+;;   (package/inherit gnutls
+;;     (arguments
+;;      (substitute-keyword-arguments (package-arguments gnutls)
+;;        ((#:phases phases '%standard-phases)
+;;         `(modify-phases ,phases
+;;            (add-before 'configure 'dont-link-against-libgmp
+;;              (lambda _
+;;                (substitute* "configure"
+;;                  (("GMP_LIBS=3D\"-lgmp\"")
+;;                   "GMP_LIBS=3D\"\""))))))))
+;;     (propagated-inputs
+;;      `(("nettle" ,nettle/mini-gmp)
+;;        ,@(alist-delete "nettle" (package-propagated-inputs gnutls))))))
+
+(define-public gnutls/mini-nettle
+  (package/inherit gnutls
+    (arguments
+      (substitute-keyword-arguments (package-arguments gnutls)
+        ((#:configure-flags flags ''())
+         `(cons "--with-nettle-mini" ,flags))))
+    ;; (propagated-inputs
+    ;;  (alist-delete "nettle" (package-propagated-inputs gnutls)))
+    ))
+
 (define-public gnutls/guile-2.0
   ;; GnuTLS for Guile 2.0.
   (package/inherit gnutls

--=-=-=--

Message received at 46330 <at> debbugs.gnu.org:

Received: (at 46330) by debbugs.gnu.org; 5 Feb 2021 17:13:23 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 05 12:13:23 2021
Received: from localhost ([127.0.0.1]:44626 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1l84fR-0007Yn-K8
	for submit <at> debbugs.gnu.org; Fri, 05 Feb 2021 12:13:23 -0500
Received: from eggs.gnu.org ([209.51.188.92]:60050)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1l84fP-0007YY-6R
 for 46330 <at> debbugs.gnu.org; Fri, 05 Feb 2021 12:13:12 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:48355)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>) id 1l84fK-00016C-1C
 for 46330 <at> debbugs.gnu.org; Fri, 05 Feb 2021 12:13:06 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=36232 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1l84fH-0004iD-Gv
 for 46330 <at> debbugs.gnu.org; Fri, 05 Feb 2021 12:13:04 -0500
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: 46330 <at> debbugs.gnu.org
Subject: Re: bug#46330: Guile-provided GMP allocators interfere with GnuTLS
References: <87v9b61md4.fsf@HIDDEN>
Date: Fri, 05 Feb 2021 18:13:02 +0100
In-Reply-To: <87v9b61md4.fsf@HIDDEN> ("Ludovic =?utf-8?Q?Court=C3=A8s=22?=
 =?utf-8?Q?'s?= message of "Fri, 05 Feb 2021 17:59:51 +0100")
Message-ID: <87im761lr5.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46330
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Ludovic Court=C3=A8s <ludo@HIDDEN> skribis:

> In a nutshell, Guile installs its own GMP memory allocation routines
> (when =E2=80=98scm_install_gmp_memory_functions=E2=80=99 is true, which i=
s the default)
> so that GMP allocates via libgc.  GnuTLS uses Nettle, which uses GMP, so
> Nettle too ends up allocating via libgc; however, since pointers to that
> memory are not scanned by libgc, they end up being reclaimed early.

One of the solutions is to set:

  scm_install_gmp_memory_functions =3D 0;

in Guile, as Andy suggested on IRC, but it incurs a performance hit on
bignum-heavy applications such as the compiler:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D964284#78

However, since Guix now uses its own =E2=80=98guile=E2=80=99 binary, we can=
 work around
the issue like so:


--=-=-=
Content-Type: text/x-patch; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

diff --git a/gnu/packages/aux-files/guile-launcher.c b/gnu/packages/aux-fil=
es/guile-launcher.c
index 1dd5d77e66..814084e032 100644
--- a/gnu/packages/aux-files/guile-launcher.c
+++ b/gnu/packages/aux-files/guile-launcher.c
@@ -1,5 +1,5 @@
 /* GNU Guix --- Functional package management for GNU
-   Copyright 1996-1997,2000-2001,2006,2008,2011,2013,2018,2020
+   Copyright 1996-1997,2000-2001,2006,2008,2011,2013,2018,2020,2021
       Free Software Foundation, Inc.
    Copyright (C) 2020 Ludovic Court=C3=A8s <ludo@HIDDEN>
=20
@@ -82,7 +82,10 @@ main (int argc, char **argv)
   unsetenv ("GUILE_LOAD_PATH");
   unsetenv ("GUILE_LOAD_COMPILED_PATH");
=20
-  scm_install_gmp_memory_functions =3D 1;
+  /* XXX: Do not let GMP allocate via libgc as this can lead to memory
+     corruption in GnuTLS/Nettle: <https://issues.guix.gnu.org/46330>.  */
+  scm_install_gmp_memory_functions =3D 0;
+
   scm_boot_guile (argc, argv, inner_main, 0);
   return 0; /* never reached */
 }

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


The advantage of this hack is that we still get to use upstream =E2=80=98gu=
ile=E2=80=99
for compilation purposes (with no performance hit), and we use our own
=E2=80=9Csafe=E2=80=9D =E2=80=98guile=E2=80=99 executable for stuff that ma=
y use GnuTLS, in particular
=E2=80=98guix substitute=E2=80=99 and =E2=80=98guix perform-download=E2=80=
=99.

There may still be a few cases where we=E2=80=99d use stock =E2=80=98guile=
=E2=80=99 together
with GnuTLS.  The only example that comes to mind is when calling
=E2=80=98download-nar=E2=80=99 or =E2=80=98swh-download=E2=80=99 as a fallb=
ack in (guix git-download).
That=E2=80=99s quite rare though.

So I think that the above is a workaround we could deploy right away.
It should allow us to wait until we have Guile on mini-GMP.

Thoughts?

Ludo=E2=80=99.

--=-=-=--

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 5 Feb 2021 16:59:58 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 05 11:59:58 2021
Received: from localhost ([127.0.0.1]:44605 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1l84Sc-0007Bw-93
	for submit <at> debbugs.gnu.org; Fri, 05 Feb 2021 11:59:58 -0500
Received: from lists.gnu.org ([209.51.188.17]:53766)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1l84Sa-0007Bp-RA
 for submit <at> debbugs.gnu.org; Fri, 05 Feb 2021 11:59:57 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:45634)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1l84Sa-00068X-FS
 for bug-guix@HIDDEN; Fri, 05 Feb 2021 11:59:56 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:47942)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>) id 1l84Sa-0003lK-6R
 for bug-guix@HIDDEN; Fri, 05 Feb 2021 11:59:56 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=36220 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>) id 1l84SX-0008Bh-6o
 for bug-guix@HIDDEN; Fri, 05 Feb 2021 11:59:54 -0500
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: bug-guix@HIDDEN
Subject: Guile-provided GMP allocators interfere with GnuTLS
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 17 =?utf-8?Q?Pluvi=C3=B4se?= an 229 de la
 =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Fri, 05 Feb 2021 17:59:51 +0100
Message-ID: <87v9b61md4.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Fellow Debian hackers identified a bug causing memory corruption in
Nettle data structures used by GnuTLS when GnuTLS is used from Guile:

  https://bugs.debian.org/964284

In a nutshell, Guile installs its own GMP memory allocation routines
(when =E2=80=98scm_install_gmp_memory_functions=E2=80=99 is true, which is =
the default)
so that GMP allocates via libgc.  GnuTLS uses Nettle, which uses GMP, so
Nettle too ends up allocating via libgc; however, since pointers to that
memory are not scanned by libgc, they end up being reclaimed early.

In practice, memory corruption is relatively rare, to the point that we
did not notice it in Guix.  In Debian, it would lead to a failure of the
=E2=80=98tests/reauth.scm=E2=80=99 test in GnuTLS.  With minor modification=
s to the
test, as noted in the thread above, I can reproduce it on Guix as well.

The thread above mentions possible workaround, but there=E2=80=99s nothing
satisfactory.

The longer-term solution is to use mini-GMP in Guile (which is also nice
as a way to reduce dependencies).

To be continued=E2=80=A6

Ludo=E2=80=99.