lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250407-kbuild-disable-gcc-plugins-v1-1-5d46ae583f5e@kernel.org>
Date: Mon, 07 Apr 2025 21:57:32 +0100
From: Mark Brown <broonie@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>, 
 Kees Cook <kees@...nel.org>, 
 Mickaël Salaün <mic@...ikod.net>, 
 Günther Noack <gnoack@...gle.com>
Cc: Arnd Bergmann <arnd@...db.de>, linux-hardening@...r.kernel.org, 
 linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, 
 Mark Brown <broonie@...nel.org>
Subject: [PATCH] gcc-plugins: Disable GCC plugins for compile test builds

In current mainline x86_64 allmodconfig builds done with tuxmake GCC 13
and GCC 14 toolchains (which are Debian ones packaged up into containers)
generate ICEs in landlock:

Event                            | Plugins
PLUGIN_FINISH_TYPE               | randomize_layout_plugin
PLUGIN_FINISH_DECL               | randomize_layout_plugin
PLUGIN_ATTRIBUTES                | latent_entropy_plugin randomize_layout_plugin
PLUGIN_START_UNIT                | latent_entropy_plugin stackleak_plugin
PLUGIN_ALL_IPA_PASSES_START      | randomize_layout_plugin
/build/stage/linux/security/landlock/fs.c: In function ‘hook_file_ioctl_common’:
/build/stage/linux/security/landlock/fs.c:1745:61: internal compiler error: in c
ount_type_elements, at expr.cc:7075
 1745 |                         .u.op = &(struct lsm_ioctlop_audit) {
      |                                                             ^

Arnd bisected this to c56f649646ec ("landlock: Log mount-related
denials") but that commit is fairly obviously not really at fault here,
most likely this is an issue in the plugin.  Given how disruptive having
key configs like this failing let's disable the plugins for compile test
builds until a fix is found.

Suggested-by: Arnd Bergmann <arnd@...db.de>
Signed-off-by: Mark Brown <broonie@...nel.org>
---
 scripts/gcc-plugins/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig
index e383cda05367..29b03c136165 100644
--- a/scripts/gcc-plugins/Kconfig
+++ b/scripts/gcc-plugins/Kconfig
@@ -7,6 +7,7 @@ config HAVE_GCC_PLUGINS
 
 menuconfig GCC_PLUGINS
 	bool "GCC plugins"
+	depends on !COMPILE_TEST
 	depends on HAVE_GCC_PLUGINS
 	depends on CC_IS_GCC
 	depends on $(success,test -e $(shell,$(CC) -print-file-name=plugin)/include/plugin-version.h)

---
base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8
change-id: 20250407-kbuild-disable-gcc-plugins-8701aa609cb3

Best regards,
-- 
Mark Brown <broonie@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ