Commit | Line | Data |
---|---|---|
ec8f24b7 | 1 | # SPDX-License-Identifier: GPL-2.0-only |
45332b1b MY |
2 | preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC)) |
3 | ||
4 | config PLUGIN_HOSTCC | |
5 | string | |
b0441333 | 6 | default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC |
45332b1b MY |
7 | help |
8 | Host compiler used to build GCC plugins. This can be $(HOSTCXX), | |
9 | $(HOSTCC), or a null string if GCC plugin is unsupported. | |
10 | ||
11 | config HAVE_GCC_PLUGINS | |
12 | bool | |
13 | help | |
14 | An arch should select this symbol if it supports building with | |
15 | GCC plugins. | |
16 | ||
9f671e58 KC |
17 | config GCC_PLUGINS |
18 | bool | |
45332b1b MY |
19 | depends on HAVE_GCC_PLUGINS |
20 | depends on PLUGIN_HOSTCC != "" | |
9f671e58 | 21 | default y |
45332b1b MY |
22 | help |
23 | GCC plugins are loadable modules that provide extra features to the | |
24 | compiler. They are useful for runtime instrumentation and static analysis. | |
25 | ||
d5ccd65a | 26 | See Documentation/core-api/gcc-plugins.rst for details. |
45332b1b | 27 | |
9f671e58 KC |
28 | menu "GCC plugins" |
29 | depends on GCC_PLUGINS | |
45332b1b MY |
30 | |
31 | config GCC_PLUGIN_CYC_COMPLEXITY | |
32 | bool "Compute the cyclomatic complexity of a function" if EXPERT | |
33 | depends on !COMPILE_TEST # too noisy | |
34 | help | |
35 | The complexity M of a function's control flow graph is defined as: | |
36 | M = E - N + 2P | |
37 | where | |
38 | ||
39 | E = the number of edges | |
40 | N = the number of nodes | |
41 | P = the number of connected components (exit nodes). | |
42 | ||
43 | Enabling this plugin reports the complexity to stderr during the | |
44 | build. It mainly serves as a simple example of how to create a | |
45 | gcc plugin for the kernel. | |
46 | ||
47 | config GCC_PLUGIN_SANCOV | |
48 | bool | |
49 | help | |
50 | This plugin inserts a __sanitizer_cov_trace_pc() call at the start of | |
51 | basic blocks. It supports all gcc versions with plugin support (from | |
52 | gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" | |
53 | by Dmitry Vyukov <dvyukov@google.com>. | |
54 | ||
55 | config GCC_PLUGIN_LATENT_ENTROPY | |
56 | bool "Generate some entropy during boot and runtime" | |
57 | help | |
58 | By saying Y here the kernel will instrument some kernel code to | |
59 | extract some entropy from both original and artificially created | |
60 | program state. This will help especially embedded systems where | |
61 | there is little 'natural' source of entropy normally. The cost | |
62 | is some slowdown of the boot process (about 0.5%) and fork and | |
63 | irq processing. | |
64 | ||
65 | Note that entropy extracted this way is not cryptographically | |
66 | secure! | |
67 | ||
68 | This plugin was ported from grsecurity/PaX. More information at: | |
69 | * https://grsecurity.net/ | |
70 | * https://pax.grsecurity.net/ | |
71 | ||
45332b1b MY |
72 | config GCC_PLUGIN_RANDSTRUCT |
73 | bool "Randomize layout of sensitive kernel structures" | |
74 | select MODVERSIONS if MODULES | |
75 | help | |
76 | If you say Y here, the layouts of structures that are entirely | |
77 | function pointers (and have not been manually annotated with | |
78 | __no_randomize_layout), or structures that have been explicitly | |
79 | marked with __randomize_layout, will be randomized at compile-time. | |
80 | This can introduce the requirement of an additional information | |
81 | exposure vulnerability for exploits targeting these structure | |
82 | types. | |
83 | ||
84 | Enabling this feature will introduce some performance impact, | |
85 | slightly increase memory usage, and prevent the use of forensic | |
86 | tools like Volatility against the system (unless the kernel | |
87 | source tree isn't cleaned after kernel installation). | |
88 | ||
89 | The seed used for compilation is located at | |
90 | scripts/gcc-plgins/randomize_layout_seed.h. It remains after | |
91 | a make clean to allow for external modules to be compiled with | |
92 | the existing seed and will be removed by a make mrproper or | |
93 | make distclean. | |
94 | ||
95 | Note that the implementation requires gcc 4.7 or newer. | |
96 | ||
97 | This plugin was ported from grsecurity/PaX. More information at: | |
98 | * https://grsecurity.net/ | |
99 | * https://pax.grsecurity.net/ | |
100 | ||
101 | config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE | |
102 | bool "Use cacheline-aware structure randomization" | |
103 | depends on GCC_PLUGIN_RANDSTRUCT | |
104 | depends on !COMPILE_TEST # do not reduce test coverage | |
105 | help | |
106 | If you say Y here, the RANDSTRUCT randomization will make a | |
107 | best effort at restricting randomization to cacheline-sized | |
108 | groups of elements. It will further not randomize bitfields | |
109 | in structures. This reduces the performance hit of RANDSTRUCT | |
110 | at the cost of weakened randomization. | |
111 | ||
189af465 AB |
112 | config GCC_PLUGIN_ARM_SSP_PER_TASK |
113 | bool | |
114 | depends on GCC_PLUGINS && ARM | |
115 | ||
9f671e58 | 116 | endmenu |