1# SPDX-License-Identifier: GPL-2.0-only 2config HAVE_GCC_PLUGINS 3 bool 4 help 5 An arch should select this symbol if it supports building with 6 GCC plugins. 7 8menuconfig GCC_PLUGINS 9 bool "GCC plugins" 10 depends on HAVE_GCC_PLUGINS 11 depends on CC_IS_GCC 12 depends on $(success,test -e $(shell,$(CC) -print-file-name=plugin)/include/plugin-version.h) 13 default y 14 help 15 GCC plugins are loadable modules that provide extra features to the 16 compiler. They are useful for runtime instrumentation and static analysis. 17 18 See Documentation/kbuild/gcc-plugins.rst for details. 19 20if GCC_PLUGINS 21 22config GCC_PLUGIN_SANCOV 23 bool 24 # Plugin can be removed once the kernel only supports GCC 6+ 25 depends on !CC_HAS_SANCOV_TRACE_PC 26 help 27 This plugin inserts a __sanitizer_cov_trace_pc() call at the start of 28 basic blocks. It supports all gcc versions with plugin support (from 29 gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" 30 by Dmitry Vyukov <dvyukov@google.com>. 31 32config GCC_PLUGIN_LATENT_ENTROPY 33 bool "Generate some entropy during boot and runtime" 34 help 35 By saying Y here the kernel will instrument some kernel code to 36 extract some entropy from both original and artificially created 37 program state. This will help especially embedded systems where 38 there is little 'natural' source of entropy normally. The cost 39 is some slowdown of the boot process (about 0.5%) and fork and 40 irq processing. 41 42 Note that entropy extracted this way is not cryptographically 43 secure! 44 45 This plugin was ported from grsecurity/PaX. More information at: 46 * https://grsecurity.net/ 47 * https://pax.grsecurity.net/ 48 49config GCC_PLUGIN_RANDSTRUCT 50 bool "Randomize layout of sensitive kernel structures" 51 select MODVERSIONS if MODULES 52 help 53 If you say Y here, the layouts of structures that are entirely 54 function pointers (and have not been manually annotated with 55 __no_randomize_layout), or structures that have been explicitly 56 marked with __randomize_layout, will be randomized at compile-time. 57 This can introduce the requirement of an additional information 58 exposure vulnerability for exploits targeting these structure 59 types. 60 61 Enabling this feature will introduce some performance impact, 62 slightly increase memory usage, and prevent the use of forensic 63 tools like Volatility against the system (unless the kernel 64 source tree isn't cleaned after kernel installation). 65 66 The seed used for compilation is located at 67 scripts/gcc-plugins/randomize_layout_seed.h. It remains after 68 a make clean to allow for external modules to be compiled with 69 the existing seed and will be removed by a make mrproper or 70 make distclean. 71 72 This plugin was ported from grsecurity/PaX. More information at: 73 * https://grsecurity.net/ 74 * https://pax.grsecurity.net/ 75 76config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE 77 bool "Use cacheline-aware structure randomization" 78 depends on GCC_PLUGIN_RANDSTRUCT 79 depends on !COMPILE_TEST # do not reduce test coverage 80 help 81 If you say Y here, the RANDSTRUCT randomization will make a 82 best effort at restricting randomization to cacheline-sized 83 groups of elements. It will further not randomize bitfields 84 in structures. This reduces the performance hit of RANDSTRUCT 85 at the cost of weakened randomization. 86 87config GCC_PLUGIN_ARM_SSP_PER_TASK 88 bool 89 depends on GCC_PLUGINS && ARM 90 91endif 92