[PATCH] hardening: Disable GCC randstruct for COMPILE

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] hardening: Disable GCC randstruct for COMPILE_TEST
@ 2025-04-09 15:11 Kees Cook
  2025-04-09 15:22 ` Arnd Bergmann
  2025-04-09 15:26 ` Mark Brown
  0 siblings, 2 replies; 3+ messages in thread
From: Kees Cook @ 2025-04-09 15:11 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: Kees Cook, Mark Brown, Gustavo A. R. Silva, Paul Moore,
	James Morris, Serge E. Hallyn, linux-hardening,
	linux-security-module, Mickaël Salaün,
	Günther Noack, linux-kernel

There is a GCC crash bug in the randstruct for latest GCC versions that
is being tickled by landlock[1]. Temporarily disable GCC randstruct for
COMPILE_TEST builds to unbreak CI systems for the coming -rc2. This can
be restored once the bug is fixed.

Suggested-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/all/20250407-kbuild-disable-gcc-plugins-v1-1-5d46ae583f5e@kernel.org/ [1]
Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: Paul Moore <paul@paul-moore.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: linux-hardening@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
---
 security/Kconfig.hardening | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index c17366ce8224..3fe9d7b945c4 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -344,7 +344,7 @@ config CC_HAS_RANDSTRUCT
 
 choice
 	prompt "Randomize layout of sensitive kernel structures"
-	default RANDSTRUCT_FULL if COMPILE_TEST && (GCC_PLUGINS || CC_HAS_RANDSTRUCT)
+	default RANDSTRUCT_FULL if COMPILE_TEST && CC_HAS_RANDSTRUCT
 	default RANDSTRUCT_NONE
 	help
 	  If you enable this, the layouts of structures that are entirely
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] hardening: Disable GCC randstruct for COMPILE_TEST
  2025-04-09 15:11 [PATCH] hardening: Disable GCC randstruct for COMPILE_TEST Kees Cook
@ 2025-04-09 15:22 ` Arnd Bergmann
  2025-04-09 15:26 ` Mark Brown
  1 sibling, 0 replies; 3+ messages in thread
From: Arnd Bergmann @ 2025-04-09 15:22 UTC (permalink / raw)
  To: Kees Cook
  Cc: Mark Brown, Gustavo A. R. Silva, Paul Moore, James Morris,
	Serge E. Hallyn, linux-hardening, linux-security-module,
	Mickaël Salaün, Günther Noack, linux-kernel

On Wed, Apr 9, 2025, at 17:11, Kees Cook wrote:
> There is a GCC crash bug in the randstruct for latest GCC versions that
> is being tickled by landlock[1]. Temporarily disable GCC randstruct for
> COMPILE_TEST builds to unbreak CI systems for the coming -rc2. This can
> be restored once the bug is fixed.
>
> Suggested-by: Mark Brown <broonie@kernel.org>
> Link: 
> https://lore.kernel.org/all/20250407-kbuild-disable-gcc-plugins-v1-1-5d46ae583f5e@kernel.org/ 
> [1]
> Signed-off-by: Kees Cook <kees@kernel.org>

Acked-by: Arnd Bergmann <arnd@arndb.de>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] hardening: Disable GCC randstruct for COMPILE_TEST
  2025-04-09 15:11 [PATCH] hardening: Disable GCC randstruct for COMPILE_TEST Kees Cook
  2025-04-09 15:22 ` Arnd Bergmann
@ 2025-04-09 15:26 ` Mark Brown
  1 sibling, 0 replies; 3+ messages in thread
From: Mark Brown @ 2025-04-09 15:26 UTC (permalink / raw)
  To: Kees Cook
  Cc: Arnd Bergmann, Gustavo A. R. Silva, Paul Moore, James Morris,
	Serge E. Hallyn, linux-hardening, linux-security-module,
	Mickaël Salaün, Günther Noack, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 361 bytes --]

On Wed, Apr 09, 2025 at 08:11:58AM -0700, Kees Cook wrote:
> There is a GCC crash bug in the randstruct for latest GCC versions that
> is being tickled by landlock[1]. Temporarily disable GCC randstruct for
> COMPILE_TEST builds to unbreak CI systems for the coming -rc2. This can
> be restored once the bug is fixed.

Acked-by: Mark Brown <broonie@kernel.org>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-04-09 15:26 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-09 15:11 [PATCH] hardening: Disable GCC randstruct for COMPILE_TEST Kees Cook
2025-04-09 15:22 ` Arnd Bergmann
2025-04-09 15:26 ` Mark Brown

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).