Commit | Line | Data |
---|---|---|
45332b1b MY |
1 | preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC)) |
2 | ||
3 | config PLUGIN_HOSTCC | |
4 | string | |
b0441333 | 5 | default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC |
45332b1b MY |
6 | help |
7 | Host compiler used to build GCC plugins. This can be $(HOSTCXX), | |
8 | $(HOSTCC), or a null string if GCC plugin is unsupported. | |
9 | ||
10 | config HAVE_GCC_PLUGINS | |
11 | bool | |
12 | help | |
13 | An arch should select this symbol if it supports building with | |
14 | GCC plugins. | |
15 | ||
16 | menuconfig GCC_PLUGINS | |
17 | bool "GCC plugins" | |
18 | depends on HAVE_GCC_PLUGINS | |
19 | depends on PLUGIN_HOSTCC != "" | |
20 | help | |
21 | GCC plugins are loadable modules that provide extra features to the | |
22 | compiler. They are useful for runtime instrumentation and static analysis. | |
23 | ||
24 | See Documentation/gcc-plugins.txt for details. | |
25 | ||
26 | if GCC_PLUGINS | |
27 | ||
28 | config GCC_PLUGIN_CYC_COMPLEXITY | |
29 | bool "Compute the cyclomatic complexity of a function" if EXPERT | |
30 | depends on !COMPILE_TEST # too noisy | |
31 | help | |
32 | The complexity M of a function's control flow graph is defined as: | |
33 | M = E - N + 2P | |
34 | where | |
35 | ||
36 | E = the number of edges | |
37 | N = the number of nodes | |
38 | P = the number of connected components (exit nodes). | |
39 | ||
40 | Enabling this plugin reports the complexity to stderr during the | |
41 | build. It mainly serves as a simple example of how to create a | |
42 | gcc plugin for the kernel. | |
43 | ||
44 | config GCC_PLUGIN_SANCOV | |
45 | bool | |
46 | help | |
47 | This plugin inserts a __sanitizer_cov_trace_pc() call at the start of | |
48 | basic blocks. It supports all gcc versions with plugin support (from | |
49 | gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" | |
50 | by Dmitry Vyukov <dvyukov@google.com>. | |
51 | ||
52 | config GCC_PLUGIN_LATENT_ENTROPY | |
53 | bool "Generate some entropy during boot and runtime" | |
54 | help | |
55 | By saying Y here the kernel will instrument some kernel code to | |
56 | extract some entropy from both original and artificially created | |
57 | program state. This will help especially embedded systems where | |
58 | there is little 'natural' source of entropy normally. The cost | |
59 | is some slowdown of the boot process (about 0.5%) and fork and | |
60 | irq processing. | |
61 | ||
62 | Note that entropy extracted this way is not cryptographically | |
63 | secure! | |
64 | ||
65 | This plugin was ported from grsecurity/PaX. More information at: | |
66 | * https://grsecurity.net/ | |
67 | * https://pax.grsecurity.net/ | |
68 | ||
69 | config GCC_PLUGIN_STRUCTLEAK | |
70 | bool "Force initialization of variables containing userspace addresses" | |
71 | # Currently STRUCTLEAK inserts initialization out of live scope of | |
72 | # variables from KASAN point of view. This leads to KASAN false | |
73 | # positive reports. Prohibit this combination for now. | |
74 | depends on !KASAN_EXTRA | |
75 | help | |
76 | This plugin zero-initializes any structures containing a | |
77 | __user attribute. This can prevent some classes of information | |
78 | exposures. | |
79 | ||
80 | This plugin was ported from grsecurity/PaX. More information at: | |
81 | * https://grsecurity.net/ | |
82 | * https://pax.grsecurity.net/ | |
83 | ||
84 | config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL | |
85 | bool "Force initialize all struct type variables passed by reference" | |
86 | depends on GCC_PLUGIN_STRUCTLEAK | |
87 | depends on !COMPILE_TEST | |
88 | help | |
89 | Zero initialize any struct type local variable that may be passed by | |
90 | reference without having been initialized. | |
91 | ||
92 | config GCC_PLUGIN_STRUCTLEAK_VERBOSE | |
93 | bool "Report forcefully initialized variables" | |
94 | depends on GCC_PLUGIN_STRUCTLEAK | |
95 | depends on !COMPILE_TEST # too noisy | |
96 | help | |
97 | This option will cause a warning to be printed each time the | |
98 | structleak plugin finds a variable it thinks needs to be | |
99 | initialized. Since not all existing initializers are detected | |
100 | by the plugin, this can produce false positive warnings. | |
101 | ||
102 | config GCC_PLUGIN_RANDSTRUCT | |
103 | bool "Randomize layout of sensitive kernel structures" | |
104 | select MODVERSIONS if MODULES | |
105 | help | |
106 | If you say Y here, the layouts of structures that are entirely | |
107 | function pointers (and have not been manually annotated with | |
108 | __no_randomize_layout), or structures that have been explicitly | |
109 | marked with __randomize_layout, will be randomized at compile-time. | |
110 | This can introduce the requirement of an additional information | |
111 | exposure vulnerability for exploits targeting these structure | |
112 | types. | |
113 | ||
114 | Enabling this feature will introduce some performance impact, | |
115 | slightly increase memory usage, and prevent the use of forensic | |
116 | tools like Volatility against the system (unless the kernel | |
117 | source tree isn't cleaned after kernel installation). | |
118 | ||
119 | The seed used for compilation is located at | |
120 | scripts/gcc-plgins/randomize_layout_seed.h. It remains after | |
121 | a make clean to allow for external modules to be compiled with | |
122 | the existing seed and will be removed by a make mrproper or | |
123 | make distclean. | |
124 | ||
125 | Note that the implementation requires gcc 4.7 or newer. | |
126 | ||
127 | This plugin was ported from grsecurity/PaX. More information at: | |
128 | * https://grsecurity.net/ | |
129 | * https://pax.grsecurity.net/ | |
130 | ||
131 | config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE | |
132 | bool "Use cacheline-aware structure randomization" | |
133 | depends on GCC_PLUGIN_RANDSTRUCT | |
134 | depends on !COMPILE_TEST # do not reduce test coverage | |
135 | help | |
136 | If you say Y here, the RANDSTRUCT randomization will make a | |
137 | best effort at restricting randomization to cacheline-sized | |
138 | groups of elements. It will further not randomize bitfields | |
139 | in structures. This reduces the performance hit of RANDSTRUCT | |
140 | at the cost of weakened randomization. | |
141 | ||
afaef01c AP |
142 | config GCC_PLUGIN_STACKLEAK |
143 | bool "Erase the kernel stack before returning from syscalls" | |
144 | depends on GCC_PLUGINS | |
145 | depends on HAVE_ARCH_STACKLEAK | |
146 | help | |
147 | This option makes the kernel erase the kernel stack before | |
148 | returning from system calls. That reduces the information which | |
149 | kernel stack leak bugs can reveal and blocks some uninitialized | |
150 | stack variable attacks. | |
151 | ||
152 | The tradeoff is the performance impact: on a single CPU system kernel | |
153 | compilation sees a 1% slowdown, other systems and workloads may vary | |
154 | and you are advised to test this feature on your expected workload | |
155 | before deploying it. | |
156 | ||
157 | This plugin was ported from grsecurity/PaX. More information at: | |
158 | * https://grsecurity.net/ | |
159 | * https://pax.grsecurity.net/ | |
160 | ||
10e9ae9f AP |
161 | config STACKLEAK_TRACK_MIN_SIZE |
162 | int "Minimum stack frame size of functions tracked by STACKLEAK" | |
163 | default 100 | |
164 | range 0 4096 | |
165 | depends on GCC_PLUGIN_STACKLEAK | |
166 | help | |
167 | The STACKLEAK gcc plugin instruments the kernel code for tracking | |
168 | the lowest border of the kernel stack (and for some other purposes). | |
169 | It inserts the stackleak_track_stack() call for the functions with | |
170 | a stack frame size greater than or equal to this parameter. | |
171 | If unsure, leave the default value 100. | |
172 | ||
45332b1b | 173 | endif |