From: Kees Cook <kees@kernel.org>
To: Palmer Dabbelt <palmer@dabbelt.com>
Cc: broonie@kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
mic@digikod.net, gnoack@google.com, Arnd Bergmann <arnd@arndb.de>,
linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] gcc-plugins: Disable GCC plugins for compile test builds
Date: Tue, 15 Apr 2025 13:41:58 -0700 [thread overview]
Message-ID: <202504151341.C84890628@keescook> (raw)
In-Reply-To: <mhng-812ee330-2f86-4561-8b88-cbb6a51f8515@palmer-ri-x1c9a>
On Tue, Apr 15, 2025 at 01:26:34PM -0700, Palmer Dabbelt wrote:
> On Mon, 07 Apr 2025 13:57:32 PDT (-0700), broonie@kernel.org wrote:
> > In current mainline x86_64 allmodconfig builds done with tuxmake GCC 13
> > and GCC 14 toolchains (which are Debian ones packaged up into containers)
> > generate ICEs in landlock:
> >
> > Event | Plugins
> > PLUGIN_FINISH_TYPE | randomize_layout_plugin
> > PLUGIN_FINISH_DECL | randomize_layout_plugin
> > PLUGIN_ATTRIBUTES | latent_entropy_plugin randomize_layout_plugin
> > PLUGIN_START_UNIT | latent_entropy_plugin stackleak_plugin
> > PLUGIN_ALL_IPA_PASSES_START | randomize_layout_plugin
> > /build/stage/linux/security/landlock/fs.c: In function ‘hook_file_ioctl_common’:
> > /build/stage/linux/security/landlock/fs.c:1745:61: internal compiler error: in c
> > ount_type_elements, at expr.cc:7075
> > 1745 | .u.op = &(struct lsm_ioctlop_audit) {
> > | ^
> >
> > Arnd bisected this to c56f649646ec ("landlock: Log mount-related
> > denials") but that commit is fairly obviously not really at fault here,
> > most likely this is an issue in the plugin. Given how disruptive having
> > key configs like this failing let's disable the plugins for compile test
> > builds until a fix is found.
> >
> > Suggested-by: Arnd Bergmann <arnd@arndb.de>
> > Signed-off-by: Mark Brown <broonie@kernel.org>
> > ---
> > scripts/gcc-plugins/Kconfig | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig
> > index e383cda05367..29b03c136165 100644
> > --- a/scripts/gcc-plugins/Kconfig
> > +++ b/scripts/gcc-plugins/Kconfig
> > @@ -7,6 +7,7 @@ config HAVE_GCC_PLUGINS
> >
> > menuconfig GCC_PLUGINS
> > bool "GCC plugins"
> > + depends on !COMPILE_TEST
> > depends on HAVE_GCC_PLUGINS
> > depends on CC_IS_GCC
> > depends on $(success,test -e $(shell,$(CC) -print-file-name=plugin)/include/plugin-version.h)
> >
> > ---
> > base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8
> > change-id: 20250407-kbuild-disable-gcc-plugins-8701aa609cb3
> >
> > Best regards,
>
> This one's been biting me too. It manifests for me on gcc-12 and gcc-13
> (both locally built toolchains off the release branches, cross compiling for
> RISC-V).
>
> Tested-by: Palmer Dabbelt <palmer@rivosinc.com>
Thanks! This is fixed differently in -next:
https://web.git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-linus/hardening&id=1ded828affa35f4b216e99f53d8d031a392f2b0a
--
Kees Cook
prev parent reply other threads:[~2025-04-15 20:42 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-07 20:57 [PATCH] gcc-plugins: Disable GCC plugins for compile test builds Mark Brown
2025-04-07 21:33 ` Linus Torvalds
2025-04-07 22:02 ` Mark Brown
2025-04-08 9:22 ` Arnd Bergmann
2025-04-08 20:37 ` Kees Cook
2025-04-10 7:58 ` Arnd Bergmann
2025-04-08 23:32 ` Kees Cook
2025-04-09 5:43 ` Arnd Bergmann
2025-04-09 12:19 ` Mark Brown
2025-04-09 15:33 ` Linus Torvalds
2025-04-09 17:29 ` Mark Brown
2025-04-09 17:42 ` Linus Torvalds
2025-04-09 17:46 ` Kees Cook
2025-04-09 18:09 ` Mark Brown
2025-04-09 19:24 ` Arnd Bergmann
2025-04-15 20:26 ` Palmer Dabbelt
2025-04-15 20:41 ` Mark Brown
2025-04-15 20:43 ` Kees Cook
2025-04-15 20:41 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202504151341.C84890628@keescook \
--to=kees@kernel.org \
--cc=arnd@arndb.de \
--cc=broonie@kernel.org \
--cc=gnoack@google.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=palmer@dabbelt.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.