Commit | Line | Data |
---|---|---|
45332b1b MY |
1 | preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC)) |
2 | ||
3 | config PLUGIN_HOSTCC | |
4 | string | |
b0441333 | 5 | default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC |
45332b1b MY |
6 | help |
7 | Host compiler used to build GCC plugins. This can be $(HOSTCXX), | |
8 | $(HOSTCC), or a null string if GCC plugin is unsupported. | |
9 | ||
10 | config HAVE_GCC_PLUGINS | |
11 | bool | |
12 | help | |
13 | An arch should select this symbol if it supports building with | |
14 | GCC plugins. | |
15 | ||
16 | menuconfig GCC_PLUGINS | |
17 | bool "GCC plugins" | |
18 | depends on HAVE_GCC_PLUGINS | |
19 | depends on PLUGIN_HOSTCC != "" | |
20 | help | |
21 | GCC plugins are loadable modules that provide extra features to the | |
22 | compiler. They are useful for runtime instrumentation and static analysis. | |
23 | ||
24 | See Documentation/gcc-plugins.txt for details. | |
25 | ||
26 | if GCC_PLUGINS | |
27 | ||
28 | config GCC_PLUGIN_CYC_COMPLEXITY | |
29 | bool "Compute the cyclomatic complexity of a function" if EXPERT | |
30 | depends on !COMPILE_TEST # too noisy | |
31 | help | |
32 | The complexity M of a function's control flow graph is defined as: | |
33 | M = E - N + 2P | |
34 | where | |
35 | ||
36 | E = the number of edges | |
37 | N = the number of nodes | |
38 | P = the number of connected components (exit nodes). | |
39 | ||
40 | Enabling this plugin reports the complexity to stderr during the | |
41 | build. It mainly serves as a simple example of how to create a | |
42 | gcc plugin for the kernel. | |
43 | ||
44 | config GCC_PLUGIN_SANCOV | |
45 | bool | |
46 | help | |
47 | This plugin inserts a __sanitizer_cov_trace_pc() call at the start of | |
48 | basic blocks. It supports all gcc versions with plugin support (from | |
49 | gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" | |
50 | by Dmitry Vyukov <dvyukov@google.com>. | |
51 | ||
52 | config GCC_PLUGIN_LATENT_ENTROPY | |
53 | bool "Generate some entropy during boot and runtime" | |
54 | help | |
55 | By saying Y here the kernel will instrument some kernel code to | |
56 | extract some entropy from both original and artificially created | |
57 | program state. This will help especially embedded systems where | |
58 | there is little 'natural' source of entropy normally. The cost | |
59 | is some slowdown of the boot process (about 0.5%) and fork and | |
60 | irq processing. | |
61 | ||
62 | Note that entropy extracted this way is not cryptographically | |
63 | secure! | |
64 | ||
65 | This plugin was ported from grsecurity/PaX. More information at: | |
66 | * https://grsecurity.net/ | |
67 | * https://pax.grsecurity.net/ | |
68 | ||
69 | config GCC_PLUGIN_STRUCTLEAK | |
81a56f6d | 70 | bool "Zero initialize stack variables" |
45332b1b | 71 | help |
81a56f6d KC |
72 | While the kernel is built with warnings enabled for any missed |
73 | stack variable initializations, this warning is silenced for | |
74 | anything passed by reference to another function, under the | |
75 | occasionally misguided assumption that the function will do | |
76 | the initialization. As this regularly leads to exploitable | |
77 | flaws, this plugin is available to identify and zero-initialize | |
78 | such variables, depending on the chosen level of coverage. | |
79 | ||
80 | This plugin was originally ported from grsecurity/PaX. More | |
81 | information at: | |
45332b1b MY |
82 | * https://grsecurity.net/ |
83 | * https://pax.grsecurity.net/ | |
84 | ||
81a56f6d KC |
85 | choice |
86 | prompt "Coverage" | |
45332b1b | 87 | depends on GCC_PLUGIN_STRUCTLEAK |
81a56f6d | 88 | default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL |
45332b1b | 89 | help |
81a56f6d KC |
90 | This chooses the level of coverage over classes of potentially |
91 | uninitialized variables. The selected class will be | |
92 | zero-initialized before use. | |
93 | ||
94 | config GCC_PLUGIN_STRUCTLEAK_USER | |
95 | bool "structs marked for userspace" | |
96 | help | |
97 | Zero-initialize any structures on the stack containing | |
98 | a __user attribute. This can prevent some classes of | |
99 | uninitialized stack variable exploits and information | |
100 | exposures, like CVE-2013-2141: | |
101 | https://git.kernel.org/linus/b9e146d8eb3b9eca | |
102 | ||
103 | config GCC_PLUGIN_STRUCTLEAK_BYREF | |
104 | bool "structs passed by reference" | |
105 | help | |
106 | Zero-initialize any structures on the stack that may | |
107 | be passed by reference and had not already been | |
108 | explicitly initialized. This can prevent most classes | |
109 | of uninitialized stack variable exploits and information | |
110 | exposures, like CVE-2017-1000410: | |
111 | https://git.kernel.org/linus/06e7e776ca4d3654 | |
112 | ||
113 | config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL | |
114 | bool "anything passed by reference" | |
115 | help | |
116 | Zero-initialize any stack variables that may be passed | |
117 | by reference and had not already been explicitly | |
118 | initialized. This is intended to eliminate all classes | |
119 | of uninitialized stack variable exploits and information | |
120 | exposures. | |
121 | ||
122 | endchoice | |
45332b1b MY |
123 | |
124 | config GCC_PLUGIN_STRUCTLEAK_VERBOSE | |
125 | bool "Report forcefully initialized variables" | |
126 | depends on GCC_PLUGIN_STRUCTLEAK | |
127 | depends on !COMPILE_TEST # too noisy | |
128 | help | |
129 | This option will cause a warning to be printed each time the | |
130 | structleak plugin finds a variable it thinks needs to be | |
131 | initialized. Since not all existing initializers are detected | |
132 | by the plugin, this can produce false positive warnings. | |
133 | ||
134 | config GCC_PLUGIN_RANDSTRUCT | |
135 | bool "Randomize layout of sensitive kernel structures" | |
136 | select MODVERSIONS if MODULES | |
137 | help | |
138 | If you say Y here, the layouts of structures that are entirely | |
139 | function pointers (and have not been manually annotated with | |
140 | __no_randomize_layout), or structures that have been explicitly | |
141 | marked with __randomize_layout, will be randomized at compile-time. | |
142 | This can introduce the requirement of an additional information | |
143 | exposure vulnerability for exploits targeting these structure | |
144 | types. | |
145 | ||
146 | Enabling this feature will introduce some performance impact, | |
147 | slightly increase memory usage, and prevent the use of forensic | |
148 | tools like Volatility against the system (unless the kernel | |
149 | source tree isn't cleaned after kernel installation). | |
150 | ||
151 | The seed used for compilation is located at | |
152 | scripts/gcc-plgins/randomize_layout_seed.h. It remains after | |
153 | a make clean to allow for external modules to be compiled with | |
154 | the existing seed and will be removed by a make mrproper or | |
155 | make distclean. | |
156 | ||
157 | Note that the implementation requires gcc 4.7 or newer. | |
158 | ||
159 | This plugin was ported from grsecurity/PaX. More information at: | |
160 | * https://grsecurity.net/ | |
161 | * https://pax.grsecurity.net/ | |
162 | ||
163 | config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE | |
164 | bool "Use cacheline-aware structure randomization" | |
165 | depends on GCC_PLUGIN_RANDSTRUCT | |
166 | depends on !COMPILE_TEST # do not reduce test coverage | |
167 | help | |
168 | If you say Y here, the RANDSTRUCT randomization will make a | |
169 | best effort at restricting randomization to cacheline-sized | |
170 | groups of elements. It will further not randomize bitfields | |
171 | in structures. This reduces the performance hit of RANDSTRUCT | |
172 | at the cost of weakened randomization. | |
173 | ||
afaef01c AP |
174 | config GCC_PLUGIN_STACKLEAK |
175 | bool "Erase the kernel stack before returning from syscalls" | |
176 | depends on GCC_PLUGINS | |
177 | depends on HAVE_ARCH_STACKLEAK | |
178 | help | |
179 | This option makes the kernel erase the kernel stack before | |
180 | returning from system calls. That reduces the information which | |
181 | kernel stack leak bugs can reveal and blocks some uninitialized | |
182 | stack variable attacks. | |
183 | ||
184 | The tradeoff is the performance impact: on a single CPU system kernel | |
185 | compilation sees a 1% slowdown, other systems and workloads may vary | |
186 | and you are advised to test this feature on your expected workload | |
187 | before deploying it. | |
188 | ||
189 | This plugin was ported from grsecurity/PaX. More information at: | |
190 | * https://grsecurity.net/ | |
191 | * https://pax.grsecurity.net/ | |
192 | ||
10e9ae9f AP |
193 | config STACKLEAK_TRACK_MIN_SIZE |
194 | int "Minimum stack frame size of functions tracked by STACKLEAK" | |
195 | default 100 | |
196 | range 0 4096 | |
197 | depends on GCC_PLUGIN_STACKLEAK | |
198 | help | |
199 | The STACKLEAK gcc plugin instruments the kernel code for tracking | |
200 | the lowest border of the kernel stack (and for some other purposes). | |
201 | It inserts the stackleak_track_stack() call for the functions with | |
202 | a stack frame size greater than or equal to this parameter. | |
203 | If unsure, leave the default value 100. | |
204 | ||
c8d12627 AP |
205 | config STACKLEAK_METRICS |
206 | bool "Show STACKLEAK metrics in the /proc file system" | |
207 | depends on GCC_PLUGIN_STACKLEAK | |
208 | depends on PROC_FS | |
209 | help | |
210 | If this is set, STACKLEAK metrics for every task are available in | |
211 | the /proc file system. In particular, /proc/<pid>/stack_depth | |
212 | shows the maximum kernel stack consumption for the current and | |
213 | previous syscalls. Although this information is not precise, it | |
214 | can be useful for estimating the STACKLEAK performance impact for | |
215 | your workloads. | |
216 | ||
964c9dff AP |
217 | config STACKLEAK_RUNTIME_DISABLE |
218 | bool "Allow runtime disabling of kernel stack erasing" | |
219 | depends on GCC_PLUGIN_STACKLEAK | |
220 | help | |
221 | This option provides 'stack_erasing' sysctl, which can be used in | |
222 | runtime to control kernel stack erasing for kernels built with | |
223 | CONFIG_GCC_PLUGIN_STACKLEAK. | |
224 | ||
189af465 AB |
225 | config GCC_PLUGIN_ARM_SSP_PER_TASK |
226 | bool | |
227 | depends on GCC_PLUGINS && ARM | |
228 | ||
45332b1b | 229 | endif |