1 # SPDX-License-Identifier: GPL-2.0-only !! 1 preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC))
>> 2
>> 3 config PLUGIN_HOSTCC
>> 4 string
>> 5 default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC
>> 6 help
>> 7 Host compiler used to build GCC plugins. This can be $(HOSTCXX),
>> 8 $(HOSTCC), or a null string if GCC plugin is unsupported.
>> 9
2 config HAVE_GCC_PLUGINS 10 config HAVE_GCC_PLUGINS
3 bool 11 bool
4 help 12 help
5 An arch should select this symbol if 13 An arch should select this symbol if it supports building with
6 GCC plugins. 14 GCC plugins.
7 15
8 menuconfig GCC_PLUGINS 16 menuconfig GCC_PLUGINS
9 bool "GCC plugins" 17 bool "GCC plugins"
10 depends on HAVE_GCC_PLUGINS 18 depends on HAVE_GCC_PLUGINS
11 depends on CC_IS_GCC !! 19 depends on PLUGIN_HOSTCC != ""
12 depends on $(success,test -e $(shell,$ <<
13 default y <<
14 help 20 help
15 GCC plugins are loadable modules tha 21 GCC plugins are loadable modules that provide extra features to the
16 compiler. They are useful for runtim 22 compiler. They are useful for runtime instrumentation and static analysis.
17 23
18 See Documentation/kbuild/gcc-plugins !! 24 See Documentation/gcc-plugins.txt for details.
19 25
20 if GCC_PLUGINS 26 if GCC_PLUGINS
21 27
>> 28 config GCC_PLUGIN_CYC_COMPLEXITY
>> 29 bool "Compute the cyclomatic complexity of a function" if EXPERT
>> 30 depends on !COMPILE_TEST # too noisy
>> 31 help
>> 32 The complexity M of a function's control flow graph is defined as:
>> 33 M = E - N + 2P
>> 34 where
>> 35
>> 36 E = the number of edges
>> 37 N = the number of nodes
>> 38 P = the number of connected components (exit nodes).
>> 39
>> 40 Enabling this plugin reports the complexity to stderr during the
>> 41 build. It mainly serves as a simple example of how to create a
>> 42 gcc plugin for the kernel.
>> 43
22 config GCC_PLUGIN_SANCOV 44 config GCC_PLUGIN_SANCOV
23 bool 45 bool
24 # Plugin can be removed once the kerne <<
25 depends on !CC_HAS_SANCOV_TRACE_PC <<
26 help 46 help
27 This plugin inserts a __sanitizer_co 47 This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
28 basic blocks. It supports all gcc ve 48 basic blocks. It supports all gcc versions with plugin support (from
29 gcc-4.5 on). It is based on the comm 49 gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
30 by Dmitry Vyukov <dvyukov@google.com> 50 by Dmitry Vyukov <dvyukov@google.com>.
31 51
32 config GCC_PLUGIN_LATENT_ENTROPY 52 config GCC_PLUGIN_LATENT_ENTROPY
33 bool "Generate some entropy during boo 53 bool "Generate some entropy during boot and runtime"
34 help 54 help
35 By saying Y here the kernel will ins 55 By saying Y here the kernel will instrument some kernel code to
36 extract some entropy from both origi 56 extract some entropy from both original and artificially created
37 program state. This will help espec 57 program state. This will help especially embedded systems where
38 there is little 'natural' source of 58 there is little 'natural' source of entropy normally. The cost
39 is some slowdown of the boot process 59 is some slowdown of the boot process (about 0.5%) and fork and
40 irq processing. 60 irq processing.
41 61
42 Note that entropy extracted this way 62 Note that entropy extracted this way is not cryptographically
43 secure! 63 secure!
44 64
45 This plugin was ported from grsecuri 65 This plugin was ported from grsecurity/PaX. More information at:
46 * https://grsecurity.net/ 66 * https://grsecurity.net/
47 * https://pax.grsecurity.net/ 67 * https://pax.grsecurity.net/
>> 68
>> 69 config GCC_PLUGIN_STRUCTLEAK
>> 70 bool "Zero initialize stack variables"
>> 71 help
>> 72 While the kernel is built with warnings enabled for any missed
>> 73 stack variable initializations, this warning is silenced for
>> 74 anything passed by reference to another function, under the
>> 75 occasionally misguided assumption that the function will do
>> 76 the initialization. As this regularly leads to exploitable
>> 77 flaws, this plugin is available to identify and zero-initialize
>> 78 such variables, depending on the chosen level of coverage.
>> 79
>> 80 This plugin was originally ported from grsecurity/PaX. More
>> 81 information at:
>> 82 * https://grsecurity.net/
>> 83 * https://pax.grsecurity.net/
>> 84
>> 85 choice
>> 86 prompt "Coverage"
>> 87 depends on GCC_PLUGIN_STRUCTLEAK
>> 88 default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
>> 89 help
>> 90 This chooses the level of coverage over classes of potentially
>> 91 uninitialized variables. The selected class will be
>> 92 zero-initialized before use.
>> 93
>> 94 config GCC_PLUGIN_STRUCTLEAK_USER
>> 95 bool "structs marked for userspace"
>> 96 help
>> 97 Zero-initialize any structures on the stack containing
>> 98 a __user attribute. This can prevent some classes of
>> 99 uninitialized stack variable exploits and information
>> 100 exposures, like CVE-2013-2141:
>> 101 https://git.kernel.org/linus/b9e146d8eb3b9eca
>> 102
>> 103 config GCC_PLUGIN_STRUCTLEAK_BYREF
>> 104 bool "structs passed by reference"
>> 105 help
>> 106 Zero-initialize any structures on the stack that may
>> 107 be passed by reference and had not already been
>> 108 explicitly initialized. This can prevent most classes
>> 109 of uninitialized stack variable exploits and information
>> 110 exposures, like CVE-2017-1000410:
>> 111 https://git.kernel.org/linus/06e7e776ca4d3654
>> 112
>> 113 config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
>> 114 bool "anything passed by reference"
>> 115 help
>> 116 Zero-initialize any stack variables that may be passed
>> 117 by reference and had not already been explicitly
>> 118 initialized. This is intended to eliminate all classes
>> 119 of uninitialized stack variable exploits and information
>> 120 exposures.
>> 121
>> 122 endchoice
>> 123
>> 124 config GCC_PLUGIN_STRUCTLEAK_VERBOSE
>> 125 bool "Report forcefully initialized variables"
>> 126 depends on GCC_PLUGIN_STRUCTLEAK
>> 127 depends on !COMPILE_TEST # too noisy
>> 128 help
>> 129 This option will cause a warning to be printed each time the
>> 130 structleak plugin finds a variable it thinks needs to be
>> 131 initialized. Since not all existing initializers are detected
>> 132 by the plugin, this can produce false positive warnings.
>> 133
>> 134 config GCC_PLUGIN_RANDSTRUCT
>> 135 bool "Randomize layout of sensitive kernel structures"
>> 136 select MODVERSIONS if MODULES
>> 137 help
>> 138 If you say Y here, the layouts of structures that are entirely
>> 139 function pointers (and have not been manually annotated with
>> 140 __no_randomize_layout), or structures that have been explicitly
>> 141 marked with __randomize_layout, will be randomized at compile-time.
>> 142 This can introduce the requirement of an additional information
>> 143 exposure vulnerability for exploits targeting these structure
>> 144 types.
>> 145
>> 146 Enabling this feature will introduce some performance impact,
>> 147 slightly increase memory usage, and prevent the use of forensic
>> 148 tools like Volatility against the system (unless the kernel
>> 149 source tree isn't cleaned after kernel installation).
>> 150
>> 151 The seed used for compilation is located at
>> 152 scripts/gcc-plgins/randomize_layout_seed.h. It remains after
>> 153 a make clean to allow for external modules to be compiled with
>> 154 the existing seed and will be removed by a make mrproper or
>> 155 make distclean.
>> 156
>> 157 Note that the implementation requires gcc 4.7 or newer.
>> 158
>> 159 This plugin was ported from grsecurity/PaX. More information at:
>> 160 * https://grsecurity.net/
>> 161 * https://pax.grsecurity.net/
>> 162
>> 163 config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
>> 164 bool "Use cacheline-aware structure randomization"
>> 165 depends on GCC_PLUGIN_RANDSTRUCT
>> 166 depends on !COMPILE_TEST # do not reduce test coverage
>> 167 help
>> 168 If you say Y here, the RANDSTRUCT randomization will make a
>> 169 best effort at restricting randomization to cacheline-sized
>> 170 groups of elements. It will further not randomize bitfields
>> 171 in structures. This reduces the performance hit of RANDSTRUCT
>> 172 at the cost of weakened randomization.
>> 173
>> 174 config GCC_PLUGIN_STACKLEAK
>> 175 bool "Erase the kernel stack before returning from syscalls"
>> 176 depends on GCC_PLUGINS
>> 177 depends on HAVE_ARCH_STACKLEAK
>> 178 help
>> 179 This option makes the kernel erase the kernel stack before
>> 180 returning from system calls. That reduces the information which
>> 181 kernel stack leak bugs can reveal and blocks some uninitialized
>> 182 stack variable attacks.
>> 183
>> 184 The tradeoff is the performance impact: on a single CPU system kernel
>> 185 compilation sees a 1% slowdown, other systems and workloads may vary
>> 186 and you are advised to test this feature on your expected workload
>> 187 before deploying it.
>> 188
>> 189 This plugin was ported from grsecurity/PaX. More information at:
>> 190 * https://grsecurity.net/
>> 191 * https://pax.grsecurity.net/
>> 192
>> 193 config STACKLEAK_TRACK_MIN_SIZE
>> 194 int "Minimum stack frame size of functions tracked by STACKLEAK"
>> 195 default 100
>> 196 range 0 4096
>> 197 depends on GCC_PLUGIN_STACKLEAK
>> 198 help
>> 199 The STACKLEAK gcc plugin instruments the kernel code for tracking
>> 200 the lowest border of the kernel stack (and for some other purposes).
>> 201 It inserts the stackleak_track_stack() call for the functions with
>> 202 a stack frame size greater than or equal to this parameter.
>> 203 If unsure, leave the default value 100.
>> 204
>> 205 config STACKLEAK_METRICS
>> 206 bool "Show STACKLEAK metrics in the /proc file system"
>> 207 depends on GCC_PLUGIN_STACKLEAK
>> 208 depends on PROC_FS
>> 209 help
>> 210 If this is set, STACKLEAK metrics for every task are available in
>> 211 the /proc file system. In particular, /proc/<pid>/stack_depth
>> 212 shows the maximum kernel stack consumption for the current and
>> 213 previous syscalls. Although this information is not precise, it
>> 214 can be useful for estimating the STACKLEAK performance impact for
>> 215 your workloads.
>> 216
>> 217 config STACKLEAK_RUNTIME_DISABLE
>> 218 bool "Allow runtime disabling of kernel stack erasing"
>> 219 depends on GCC_PLUGIN_STACKLEAK
>> 220 help
>> 221 This option provides 'stack_erasing' sysctl, which can be used in
>> 222 runtime to control kernel stack erasing for kernels built with
>> 223 CONFIG_GCC_PLUGIN_STACKLEAK.
48 224
49 config GCC_PLUGIN_ARM_SSP_PER_TASK 225 config GCC_PLUGIN_ARM_SSP_PER_TASK
50 bool 226 bool
51 depends on GCC_PLUGINS && ARM 227 depends on GCC_PLUGINS && ARM
52 228
53 endif 229 endif
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.