1preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC)) 2 3config PLUGIN_HOSTCC 4 string 5 default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC 6 help 7 Host compiler used to build GCC plugins. This can be $(HOSTCXX), 8 $(HOSTCC), or a null string if GCC plugin is unsupported. 9 10config HAVE_GCC_PLUGINS 11 bool 12 help 13 An arch should select this symbol if it supports building with 14 GCC plugins. 15 16menuconfig GCC_PLUGINS 17 bool "GCC plugins" 18 depends on HAVE_GCC_PLUGINS 19 depends on PLUGIN_HOSTCC != "" 20 help 21 GCC plugins are loadable modules that provide extra features to the 22 compiler. They are useful for runtime instrumentation and static analysis. 23 24 See Documentation/gcc-plugins.txt for details. 25 26if GCC_PLUGINS 27 28config GCC_PLUGIN_CYC_COMPLEXITY 29 bool "Compute the cyclomatic complexity of a function" if EXPERT 30 depends on !COMPILE_TEST # too noisy 31 help 32 The complexity M of a function's control flow graph is defined as: 33 M = E - N + 2P 34 where 35 36 E = the number of edges 37 N = the number of nodes 38 P = the number of connected components (exit nodes). 39 40 Enabling this plugin reports the complexity to stderr during the 41 build. It mainly serves as a simple example of how to create a 42 gcc plugin for the kernel. 43 44config GCC_PLUGIN_SANCOV 45 bool 46 help 47 This plugin inserts a __sanitizer_cov_trace_pc() call at the start of 48 basic blocks. It supports all gcc versions with plugin support (from 49 gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" 50 by Dmitry Vyukov <dvyukov@google.com>. 51 52config GCC_PLUGIN_LATENT_ENTROPY 53 bool "Generate some entropy during boot and runtime" 54 help 55 By saying Y here the kernel will instrument some kernel code to 56 extract some entropy from both original and artificially created 57 program state. This will help especially embedded systems where 58 there is little 'natural' source of entropy normally. The cost 59 is some slowdown of the boot process (about 0.5%) and fork and 60 irq processing. 61 62 Note that entropy extracted this way is not cryptographically 63 secure! 64 65 This plugin was ported from grsecurity/PaX. More information at: 66 * https://grsecurity.net/ 67 * https://pax.grsecurity.net/ 68 69config GCC_PLUGIN_STRUCTLEAK 70 bool "Zero initialize stack variables" 71 help 72 While the kernel is built with warnings enabled for any missed 73 stack variable initializations, this warning is silenced for 74 anything passed by reference to another function, under the 75 occasionally misguided assumption that the function will do 76 the initialization. As this regularly leads to exploitable 77 flaws, this plugin is available to identify and zero-initialize 78 such variables, depending on the chosen level of coverage. 79 80 This plugin was originally ported from grsecurity/PaX. More 81 information at: 82 * https://grsecurity.net/ 83 * https://pax.grsecurity.net/ 84 85choice 86 prompt "Coverage" 87 depends on GCC_PLUGIN_STRUCTLEAK 88 default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL 89 help 90 This chooses the level of coverage over classes of potentially 91 uninitialized variables. The selected class will be 92 zero-initialized before use. 93 94 config GCC_PLUGIN_STRUCTLEAK_USER 95 bool "structs marked for userspace" 96 help 97 Zero-initialize any structures on the stack containing 98 a __user attribute. This can prevent some classes of 99 uninitialized stack variable exploits and information 100 exposures, like CVE-2013-2141: 101 https://git.kernel.org/linus/b9e146d8eb3b9eca 102 103 config GCC_PLUGIN_STRUCTLEAK_BYREF 104 bool "structs passed by reference" 105 help 106 Zero-initialize any structures on the stack that may 107 be passed by reference and had not already been 108 explicitly initialized. This can prevent most classes 109 of uninitialized stack variable exploits and information 110 exposures, like CVE-2017-1000410: 111 https://git.kernel.org/linus/06e7e776ca4d3654 112 113 config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL 114 bool "anything passed by reference" 115 help 116 Zero-initialize any stack variables that may be passed 117 by reference and had not already been explicitly 118 initialized. This is intended to eliminate all classes 119 of uninitialized stack variable exploits and information 120 exposures. 121 122endchoice 123 124config GCC_PLUGIN_STRUCTLEAK_VERBOSE 125 bool "Report forcefully initialized variables" 126 depends on GCC_PLUGIN_STRUCTLEAK 127 depends on !COMPILE_TEST # too noisy 128 help 129 This option will cause a warning to be printed each time the 130 structleak plugin finds a variable it thinks needs to be 131 initialized. Since not all existing initializers are detected 132 by the plugin, this can produce false positive warnings. 133 134config GCC_PLUGIN_RANDSTRUCT 135 bool "Randomize layout of sensitive kernel structures" 136 select MODVERSIONS if MODULES 137 help 138 If you say Y here, the layouts of structures that are entirely 139 function pointers (and have not been manually annotated with 140 __no_randomize_layout), or structures that have been explicitly 141 marked with __randomize_layout, will be randomized at compile-time. 142 This can introduce the requirement of an additional information 143 exposure vulnerability for exploits targeting these structure 144 types. 145 146 Enabling this feature will introduce some performance impact, 147 slightly increase memory usage, and prevent the use of forensic 148 tools like Volatility against the system (unless the kernel 149 source tree isn't cleaned after kernel installation). 150 151 The seed used for compilation is located at 152 scripts/gcc-plgins/randomize_layout_seed.h. It remains after 153 a make clean to allow for external modules to be compiled with 154 the existing seed and will be removed by a make mrproper or 155 make distclean. 156 157 Note that the implementation requires gcc 4.7 or newer. 158 159 This plugin was ported from grsecurity/PaX. More information at: 160 * https://grsecurity.net/ 161 * https://pax.grsecurity.net/ 162 163config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE 164 bool "Use cacheline-aware structure randomization" 165 depends on GCC_PLUGIN_RANDSTRUCT 166 depends on !COMPILE_TEST # do not reduce test coverage 167 help 168 If you say Y here, the RANDSTRUCT randomization will make a 169 best effort at restricting randomization to cacheline-sized 170 groups of elements. It will further not randomize bitfields 171 in structures. This reduces the performance hit of RANDSTRUCT 172 at the cost of weakened randomization. 173 174config GCC_PLUGIN_STACKLEAK 175 bool "Erase the kernel stack before returning from syscalls" 176 depends on GCC_PLUGINS 177 depends on HAVE_ARCH_STACKLEAK 178 help 179 This option makes the kernel erase the kernel stack before 180 returning from system calls. That reduces the information which 181 kernel stack leak bugs can reveal and blocks some uninitialized 182 stack variable attacks. 183 184 The tradeoff is the performance impact: on a single CPU system kernel 185 compilation sees a 1% slowdown, other systems and workloads may vary 186 and you are advised to test this feature on your expected workload 187 before deploying it. 188 189 This plugin was ported from grsecurity/PaX. More information at: 190 * https://grsecurity.net/ 191 * https://pax.grsecurity.net/ 192 193config STACKLEAK_TRACK_MIN_SIZE 194 int "Minimum stack frame size of functions tracked by STACKLEAK" 195 default 100 196 range 0 4096 197 depends on GCC_PLUGIN_STACKLEAK 198 help 199 The STACKLEAK gcc plugin instruments the kernel code for tracking 200 the lowest border of the kernel stack (and for some other purposes). 201 It inserts the stackleak_track_stack() call for the functions with 202 a stack frame size greater than or equal to this parameter. 203 If unsure, leave the default value 100. 204 205config STACKLEAK_METRICS 206 bool "Show STACKLEAK metrics in the /proc file system" 207 depends on GCC_PLUGIN_STACKLEAK 208 depends on PROC_FS 209 help 210 If this is set, STACKLEAK metrics for every task are available in 211 the /proc file system. In particular, /proc/<pid>/stack_depth 212 shows the maximum kernel stack consumption for the current and 213 previous syscalls. Although this information is not precise, it 214 can be useful for estimating the STACKLEAK performance impact for 215 your workloads. 216 217config STACKLEAK_RUNTIME_DISABLE 218 bool "Allow runtime disabling of kernel stack erasing" 219 depends on GCC_PLUGIN_STACKLEAK 220 help 221 This option provides 'stack_erasing' sysctl, which can be used in 222 runtime to control kernel stack erasing for kernels built with 223 CONFIG_GCC_PLUGIN_STACKLEAK. 224 225config GCC_PLUGIN_ARM_SSP_PER_TASK 226 bool 227 depends on GCC_PLUGINS && ARM 228 229endif 230