Kconfig (597473720f4dc69749542bfcfed4a927a43d935e) Kconfig (d5ccd65ab6272f21f442695b0022a4f553d818e5)
1# SPDX-License-Identifier: GPL-2.0-only
1preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC))
2
3config PLUGIN_HOSTCC
4 string
5 default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC
6 help
7 Host compiler used to build GCC plugins. This can be $(HOSTCXX),
8 $(HOSTCC), or a null string if GCC plugin is unsupported.
9
10config HAVE_GCC_PLUGINS
11 bool
12 help
13 An arch should select this symbol if it supports building with
14 GCC plugins.
15
2preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC))
3
4config PLUGIN_HOSTCC
5 string
6 default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC
7 help
8 Host compiler used to build GCC plugins. This can be $(HOSTCXX),
9 $(HOSTCC), or a null string if GCC plugin is unsupported.
10
11config HAVE_GCC_PLUGINS
12 bool
13 help
14 An arch should select this symbol if it supports building with
15 GCC plugins.
16
16menuconfig GCC_PLUGINS
17 bool "GCC plugins"
17config GCC_PLUGINS
18 bool
18 depends on HAVE_GCC_PLUGINS
19 depends on PLUGIN_HOSTCC != ""
19 depends on HAVE_GCC_PLUGINS
20 depends on PLUGIN_HOSTCC != ""
21 default y
20 help
21 GCC plugins are loadable modules that provide extra features to the
22 compiler. They are useful for runtime instrumentation and static analysis.
23
22 help
23 GCC plugins are loadable modules that provide extra features to the
24 compiler. They are useful for runtime instrumentation and static analysis.
25
24 See Documentation/gcc-plugins.txt for details.
26 See Documentation/core-api/gcc-plugins.rst for details.
25
27
26if GCC_PLUGINS
28menu "GCC plugins"
29 depends on GCC_PLUGINS
27
28config GCC_PLUGIN_CYC_COMPLEXITY
29 bool "Compute the cyclomatic complexity of a function" if EXPERT
30 depends on !COMPILE_TEST # too noisy
31 help
32 The complexity M of a function's control flow graph is defined as:
33 M = E - N + 2P
34 where

--- 26 unchanged lines hidden (view full) ---

61
62 Note that entropy extracted this way is not cryptographically
63 secure!
64
65 This plugin was ported from grsecurity/PaX. More information at:
66 * https://grsecurity.net/
67 * https://pax.grsecurity.net/
68
30
31config GCC_PLUGIN_CYC_COMPLEXITY
32 bool "Compute the cyclomatic complexity of a function" if EXPERT
33 depends on !COMPILE_TEST # too noisy
34 help
35 The complexity M of a function's control flow graph is defined as:
36 M = E - N + 2P
37 where

--- 26 unchanged lines hidden (view full) ---

64
65 Note that entropy extracted this way is not cryptographically
66 secure!
67
68 This plugin was ported from grsecurity/PaX. More information at:
69 * https://grsecurity.net/
70 * https://pax.grsecurity.net/
71
69config GCC_PLUGIN_STRUCTLEAK
70 bool "Zero initialize stack variables"
71 help
72 While the kernel is built with warnings enabled for any missed
73 stack variable initializations, this warning is silenced for
74 anything passed by reference to another function, under the
75 occasionally misguided assumption that the function will do
76 the initialization. As this regularly leads to exploitable
77 flaws, this plugin is available to identify and zero-initialize
78 such variables, depending on the chosen level of coverage.
79
80 This plugin was originally ported from grsecurity/PaX. More
81 information at:
82 * https://grsecurity.net/
83 * https://pax.grsecurity.net/
84
85choice
86 prompt "Coverage"
87 depends on GCC_PLUGIN_STRUCTLEAK
88 default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
89 help
90 This chooses the level of coverage over classes of potentially
91 uninitialized variables. The selected class will be
92 zero-initialized before use.
93
94 config GCC_PLUGIN_STRUCTLEAK_USER
95 bool "structs marked for userspace"
96 help
97 Zero-initialize any structures on the stack containing
98 a __user attribute. This can prevent some classes of
99 uninitialized stack variable exploits and information
100 exposures, like CVE-2013-2141:
101 https://git.kernel.org/linus/b9e146d8eb3b9eca
102
103 config GCC_PLUGIN_STRUCTLEAK_BYREF
104 bool "structs passed by reference"
105 help
106 Zero-initialize any structures on the stack that may
107 be passed by reference and had not already been
108 explicitly initialized. This can prevent most classes
109 of uninitialized stack variable exploits and information
110 exposures, like CVE-2017-1000410:
111 https://git.kernel.org/linus/06e7e776ca4d3654
112
113 config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
114 bool "anything passed by reference"
115 help
116 Zero-initialize any stack variables that may be passed
117 by reference and had not already been explicitly
118 initialized. This is intended to eliminate all classes
119 of uninitialized stack variable exploits and information
120 exposures.
121
122endchoice
123
124config GCC_PLUGIN_STRUCTLEAK_VERBOSE
125 bool "Report forcefully initialized variables"
126 depends on GCC_PLUGIN_STRUCTLEAK
127 depends on !COMPILE_TEST # too noisy
128 help
129 This option will cause a warning to be printed each time the
130 structleak plugin finds a variable it thinks needs to be
131 initialized. Since not all existing initializers are detected
132 by the plugin, this can produce false positive warnings.
133
134config GCC_PLUGIN_RANDSTRUCT
135 bool "Randomize layout of sensitive kernel structures"
136 select MODVERSIONS if MODULES
137 help
138 If you say Y here, the layouts of structures that are entirely
139 function pointers (and have not been manually annotated with
140 __no_randomize_layout), or structures that have been explicitly
141 marked with __randomize_layout, will be randomized at compile-time.

--- 24 unchanged lines hidden (view full) ---

166 depends on !COMPILE_TEST # do not reduce test coverage
167 help
168 If you say Y here, the RANDSTRUCT randomization will make a
169 best effort at restricting randomization to cacheline-sized
170 groups of elements. It will further not randomize bitfields
171 in structures. This reduces the performance hit of RANDSTRUCT
172 at the cost of weakened randomization.
173
72config GCC_PLUGIN_RANDSTRUCT
73 bool "Randomize layout of sensitive kernel structures"
74 select MODVERSIONS if MODULES
75 help
76 If you say Y here, the layouts of structures that are entirely
77 function pointers (and have not been manually annotated with
78 __no_randomize_layout), or structures that have been explicitly
79 marked with __randomize_layout, will be randomized at compile-time.

--- 24 unchanged lines hidden (view full) ---

104 depends on !COMPILE_TEST # do not reduce test coverage
105 help
106 If you say Y here, the RANDSTRUCT randomization will make a
107 best effort at restricting randomization to cacheline-sized
108 groups of elements. It will further not randomize bitfields
109 in structures. This reduces the performance hit of RANDSTRUCT
110 at the cost of weakened randomization.
111
174config GCC_PLUGIN_STACKLEAK
175 bool "Erase the kernel stack before returning from syscalls"
176 depends on GCC_PLUGINS
177 depends on HAVE_ARCH_STACKLEAK
178 help
179 This option makes the kernel erase the kernel stack before
180 returning from system calls. That reduces the information which
181 kernel stack leak bugs can reveal and blocks some uninitialized
182 stack variable attacks.
183
184 The tradeoff is the performance impact: on a single CPU system kernel
185 compilation sees a 1% slowdown, other systems and workloads may vary
186 and you are advised to test this feature on your expected workload
187 before deploying it.
188
189 This plugin was ported from grsecurity/PaX. More information at:
190 * https://grsecurity.net/
191 * https://pax.grsecurity.net/
192
193config STACKLEAK_TRACK_MIN_SIZE
194 int "Minimum stack frame size of functions tracked by STACKLEAK"
195 default 100
196 range 0 4096
197 depends on GCC_PLUGIN_STACKLEAK
198 help
199 The STACKLEAK gcc plugin instruments the kernel code for tracking
200 the lowest border of the kernel stack (and for some other purposes).
201 It inserts the stackleak_track_stack() call for the functions with
202 a stack frame size greater than or equal to this parameter.
203 If unsure, leave the default value 100.
204
205config STACKLEAK_METRICS
206 bool "Show STACKLEAK metrics in the /proc file system"
207 depends on GCC_PLUGIN_STACKLEAK
208 depends on PROC_FS
209 help
210 If this is set, STACKLEAK metrics for every task are available in
211 the /proc file system. In particular, /proc/<pid>/stack_depth
212 shows the maximum kernel stack consumption for the current and
213 previous syscalls. Although this information is not precise, it
214 can be useful for estimating the STACKLEAK performance impact for
215 your workloads.
216
217config STACKLEAK_RUNTIME_DISABLE
218 bool "Allow runtime disabling of kernel stack erasing"
219 depends on GCC_PLUGIN_STACKLEAK
220 help
221 This option provides 'stack_erasing' sysctl, which can be used in
222 runtime to control kernel stack erasing for kernels built with
223 CONFIG_GCC_PLUGIN_STACKLEAK.
224
225config GCC_PLUGIN_ARM_SSP_PER_TASK
226 bool
227 depends on GCC_PLUGINS && ARM
228
112config GCC_PLUGIN_ARM_SSP_PER_TASK
113 bool
114 depends on GCC_PLUGINS && ARM
115
229endif
116endmenu