blob: d9fd9988ef271368034ea814148c4b2fb975c47a [file] [log] [blame]
Masahiro Yamada45332b12018-07-05 15:24:12 +09001preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC))
2
3config PLUGIN_HOSTCC
4 string
Kees Cookb0441332018-08-22 23:02:31 -07005 default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC
Masahiro Yamada45332b12018-07-05 15:24:12 +09006 help
7 Host compiler used to build GCC plugins. This can be $(HOSTCXX),
8 $(HOSTCC), or a null string if GCC plugin is unsupported.
9
10config HAVE_GCC_PLUGINS
11 bool
12 help
13 An arch should select this symbol if it supports building with
14 GCC plugins.
15
16menuconfig GCC_PLUGINS
17 bool "GCC plugins"
18 depends on HAVE_GCC_PLUGINS
19 depends on PLUGIN_HOSTCC != ""
20 help
21 GCC plugins are loadable modules that provide extra features to the
22 compiler. They are useful for runtime instrumentation and static analysis.
23
24 See Documentation/gcc-plugins.txt for details.
25
26if GCC_PLUGINS
27
28config GCC_PLUGIN_CYC_COMPLEXITY
29 bool "Compute the cyclomatic complexity of a function" if EXPERT
30 depends on !COMPILE_TEST # too noisy
31 help
32 The complexity M of a function's control flow graph is defined as:
33 M = E - N + 2P
34 where
35
36 E = the number of edges
37 N = the number of nodes
38 P = the number of connected components (exit nodes).
39
40 Enabling this plugin reports the complexity to stderr during the
41 build. It mainly serves as a simple example of how to create a
42 gcc plugin for the kernel.
43
44config GCC_PLUGIN_SANCOV
45 bool
46 help
47 This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
48 basic blocks. It supports all gcc versions with plugin support (from
49 gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
50 by Dmitry Vyukov <dvyukov@google.com>.
51
52config GCC_PLUGIN_LATENT_ENTROPY
53 bool "Generate some entropy during boot and runtime"
54 help
55 By saying Y here the kernel will instrument some kernel code to
56 extract some entropy from both original and artificially created
57 program state. This will help especially embedded systems where
58 there is little 'natural' source of entropy normally. The cost
59 is some slowdown of the boot process (about 0.5%) and fork and
60 irq processing.
61
62 Note that entropy extracted this way is not cryptographically
63 secure!
64
65 This plugin was ported from grsecurity/PaX. More information at:
66 * https://grsecurity.net/
67 * https://pax.grsecurity.net/
68
69config GCC_PLUGIN_STRUCTLEAK
70 bool "Force initialization of variables containing userspace addresses"
Masahiro Yamada45332b12018-07-05 15:24:12 +090071 help
72 This plugin zero-initializes any structures containing a
73 __user attribute. This can prevent some classes of information
74 exposures.
75
76 This plugin was ported from grsecurity/PaX. More information at:
77 * https://grsecurity.net/
78 * https://pax.grsecurity.net/
79
80config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
81 bool "Force initialize all struct type variables passed by reference"
82 depends on GCC_PLUGIN_STRUCTLEAK
83 depends on !COMPILE_TEST
84 help
85 Zero initialize any struct type local variable that may be passed by
86 reference without having been initialized.
87
88config GCC_PLUGIN_STRUCTLEAK_VERBOSE
89 bool "Report forcefully initialized variables"
90 depends on GCC_PLUGIN_STRUCTLEAK
91 depends on !COMPILE_TEST # too noisy
92 help
93 This option will cause a warning to be printed each time the
94 structleak plugin finds a variable it thinks needs to be
95 initialized. Since not all existing initializers are detected
96 by the plugin, this can produce false positive warnings.
97
98config GCC_PLUGIN_RANDSTRUCT
99 bool "Randomize layout of sensitive kernel structures"
100 select MODVERSIONS if MODULES
101 help
102 If you say Y here, the layouts of structures that are entirely
103 function pointers (and have not been manually annotated with
104 __no_randomize_layout), or structures that have been explicitly
105 marked with __randomize_layout, will be randomized at compile-time.
106 This can introduce the requirement of an additional information
107 exposure vulnerability for exploits targeting these structure
108 types.
109
110 Enabling this feature will introduce some performance impact,
111 slightly increase memory usage, and prevent the use of forensic
112 tools like Volatility against the system (unless the kernel
113 source tree isn't cleaned after kernel installation).
114
115 The seed used for compilation is located at
116 scripts/gcc-plgins/randomize_layout_seed.h. It remains after
117 a make clean to allow for external modules to be compiled with
118 the existing seed and will be removed by a make mrproper or
119 make distclean.
120
121 Note that the implementation requires gcc 4.7 or newer.
122
123 This plugin was ported from grsecurity/PaX. More information at:
124 * https://grsecurity.net/
125 * https://pax.grsecurity.net/
126
127config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
128 bool "Use cacheline-aware structure randomization"
129 depends on GCC_PLUGIN_RANDSTRUCT
130 depends on !COMPILE_TEST # do not reduce test coverage
131 help
132 If you say Y here, the RANDSTRUCT randomization will make a
133 best effort at restricting randomization to cacheline-sized
134 groups of elements. It will further not randomize bitfields
135 in structures. This reduces the performance hit of RANDSTRUCT
136 at the cost of weakened randomization.
137
Alexander Popovafaef012018-08-17 01:16:58 +0300138config GCC_PLUGIN_STACKLEAK
139 bool "Erase the kernel stack before returning from syscalls"
140 depends on GCC_PLUGINS
141 depends on HAVE_ARCH_STACKLEAK
142 help
143 This option makes the kernel erase the kernel stack before
144 returning from system calls. That reduces the information which
145 kernel stack leak bugs can reveal and blocks some uninitialized
146 stack variable attacks.
147
148 The tradeoff is the performance impact: on a single CPU system kernel
149 compilation sees a 1% slowdown, other systems and workloads may vary
150 and you are advised to test this feature on your expected workload
151 before deploying it.
152
153 This plugin was ported from grsecurity/PaX. More information at:
154 * https://grsecurity.net/
155 * https://pax.grsecurity.net/
156
Alexander Popov10e9ae92018-08-17 01:16:59 +0300157config STACKLEAK_TRACK_MIN_SIZE
158 int "Minimum stack frame size of functions tracked by STACKLEAK"
159 default 100
160 range 0 4096
161 depends on GCC_PLUGIN_STACKLEAK
162 help
163 The STACKLEAK gcc plugin instruments the kernel code for tracking
164 the lowest border of the kernel stack (and for some other purposes).
165 It inserts the stackleak_track_stack() call for the functions with
166 a stack frame size greater than or equal to this parameter.
167 If unsure, leave the default value 100.
168
Alexander Popovc8d12622018-08-17 01:17:01 +0300169config STACKLEAK_METRICS
170 bool "Show STACKLEAK metrics in the /proc file system"
171 depends on GCC_PLUGIN_STACKLEAK
172 depends on PROC_FS
173 help
174 If this is set, STACKLEAK metrics for every task are available in
175 the /proc file system. In particular, /proc/<pid>/stack_depth
176 shows the maximum kernel stack consumption for the current and
177 previous syscalls. Although this information is not precise, it
178 can be useful for estimating the STACKLEAK performance impact for
179 your workloads.
180
Alexander Popov964c9df2018-08-17 01:17:03 +0300181config STACKLEAK_RUNTIME_DISABLE
182 bool "Allow runtime disabling of kernel stack erasing"
183 depends on GCC_PLUGIN_STACKLEAK
184 help
185 This option provides 'stack_erasing' sysctl, which can be used in
186 runtime to control kernel stack erasing for kernels built with
187 CONFIG_GCC_PLUGIN_STACKLEAK.
188
Ard Biesheuvel189af462018-12-06 09:32:57 +0100189config GCC_PLUGIN_ARM_SSP_PER_TASK
190 bool
191 depends on GCC_PLUGINS && ARM
192
Masahiro Yamada45332b12018-07-05 15:24:12 +0900193endif