Commit | Line | Data |
---|---|---|
ec8f24b7 | 1 | # SPDX-License-Identifier: GPL-2.0-only |
45332b1b MY |
2 | config HAVE_GCC_PLUGINS |
3 | bool | |
4 | help | |
5 | An arch should select this symbol if it supports building with | |
6 | GCC plugins. | |
7 | ||
a5b0dc5a AB |
8 | menuconfig GCC_PLUGINS |
9 | bool "GCC plugins" | |
45332b1b | 10 | depends on HAVE_GCC_PLUGINS |
77342a02 MY |
11 | depends on CC_IS_GCC && GCC_VERSION >= 40800 |
12 | depends on $(success,$(srctree)/scripts/gcc-plugin.sh $(CC)) | |
9f671e58 | 13 | default y |
45332b1b MY |
14 | help |
15 | GCC plugins are loadable modules that provide extra features to the | |
16 | compiler. They are useful for runtime instrumentation and static analysis. | |
17 | ||
2b4cbd5c | 18 | See Documentation/kbuild/gcc-plugins.rst for details. |
45332b1b | 19 | |
a5b0dc5a | 20 | if GCC_PLUGINS |
45332b1b MY |
21 | |
22 | config GCC_PLUGIN_CYC_COMPLEXITY | |
23 | bool "Compute the cyclomatic complexity of a function" if EXPERT | |
24 | depends on !COMPILE_TEST # too noisy | |
25 | help | |
26 | The complexity M of a function's control flow graph is defined as: | |
27 | M = E - N + 2P | |
28 | where | |
29 | ||
30 | E = the number of edges | |
31 | N = the number of nodes | |
32 | P = the number of connected components (exit nodes). | |
33 | ||
34 | Enabling this plugin reports the complexity to stderr during the | |
35 | build. It mainly serves as a simple example of how to create a | |
36 | gcc plugin for the kernel. | |
37 | ||
38 | config GCC_PLUGIN_SANCOV | |
39 | bool | |
40 | help | |
41 | This plugin inserts a __sanitizer_cov_trace_pc() call at the start of | |
42 | basic blocks. It supports all gcc versions with plugin support (from | |
43 | gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" | |
44 | by Dmitry Vyukov <dvyukov@google.com>. | |
45 | ||
46 | config GCC_PLUGIN_LATENT_ENTROPY | |
47 | bool "Generate some entropy during boot and runtime" | |
48 | help | |
49 | By saying Y here the kernel will instrument some kernel code to | |
50 | extract some entropy from both original and artificially created | |
51 | program state. This will help especially embedded systems where | |
52 | there is little 'natural' source of entropy normally. The cost | |
53 | is some slowdown of the boot process (about 0.5%) and fork and | |
54 | irq processing. | |
55 | ||
56 | Note that entropy extracted this way is not cryptographically | |
57 | secure! | |
58 | ||
59 | This plugin was ported from grsecurity/PaX. More information at: | |
60 | * https://grsecurity.net/ | |
61 | * https://pax.grsecurity.net/ | |
62 | ||
45332b1b MY |
63 | config GCC_PLUGIN_RANDSTRUCT |
64 | bool "Randomize layout of sensitive kernel structures" | |
65 | select MODVERSIONS if MODULES | |
66 | help | |
67 | If you say Y here, the layouts of structures that are entirely | |
68 | function pointers (and have not been manually annotated with | |
69 | __no_randomize_layout), or structures that have been explicitly | |
70 | marked with __randomize_layout, will be randomized at compile-time. | |
71 | This can introduce the requirement of an additional information | |
72 | exposure vulnerability for exploits targeting these structure | |
73 | types. | |
74 | ||
75 | Enabling this feature will introduce some performance impact, | |
76 | slightly increase memory usage, and prevent the use of forensic | |
77 | tools like Volatility against the system (unless the kernel | |
78 | source tree isn't cleaned after kernel installation). | |
79 | ||
80 | The seed used for compilation is located at | |
81 | scripts/gcc-plgins/randomize_layout_seed.h. It remains after | |
82 | a make clean to allow for external modules to be compiled with | |
83 | the existing seed and will be removed by a make mrproper or | |
84 | make distclean. | |
85 | ||
86 | Note that the implementation requires gcc 4.7 or newer. | |
87 | ||
88 | This plugin was ported from grsecurity/PaX. More information at: | |
89 | * https://grsecurity.net/ | |
90 | * https://pax.grsecurity.net/ | |
91 | ||
92 | config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE | |
93 | bool "Use cacheline-aware structure randomization" | |
94 | depends on GCC_PLUGIN_RANDSTRUCT | |
95 | depends on !COMPILE_TEST # do not reduce test coverage | |
96 | help | |
97 | If you say Y here, the RANDSTRUCT randomization will make a | |
98 | best effort at restricting randomization to cacheline-sized | |
99 | groups of elements. It will further not randomize bitfields | |
100 | in structures. This reduces the performance hit of RANDSTRUCT | |
101 | at the cost of weakened randomization. | |
102 | ||
189af465 AB |
103 | config GCC_PLUGIN_ARM_SSP_PER_TASK |
104 | bool | |
105 | depends on GCC_PLUGINS && ARM | |
106 | ||
a5b0dc5a | 107 | endif |