xref: /openbmc/linux/scripts/gcc-plugins/Kconfig (revision 3557b3fd)
1preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC))
2
3config PLUGIN_HOSTCC
4	string
5	default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC
6	help
7	  Host compiler used to build GCC plugins.  This can be $(HOSTCXX),
8	  $(HOSTCC), or a null string if GCC plugin is unsupported.
9
10config HAVE_GCC_PLUGINS
11	bool
12	help
13	  An arch should select this symbol if it supports building with
14	  GCC plugins.
15
16menuconfig GCC_PLUGINS
17	bool "GCC plugins"
18	depends on HAVE_GCC_PLUGINS
19	depends on PLUGIN_HOSTCC != ""
20	help
21	  GCC plugins are loadable modules that provide extra features to the
22	  compiler. They are useful for runtime instrumentation and static analysis.
23
24	  See Documentation/gcc-plugins.txt for details.
25
26if GCC_PLUGINS
27
28config GCC_PLUGIN_CYC_COMPLEXITY
29	bool "Compute the cyclomatic complexity of a function" if EXPERT
30	depends on !COMPILE_TEST	# too noisy
31	help
32	  The complexity M of a function's control flow graph is defined as:
33	   M = E - N + 2P
34	  where
35
36	  E = the number of edges
37	  N = the number of nodes
38	  P = the number of connected components (exit nodes).
39
40	  Enabling this plugin reports the complexity to stderr during the
41	  build. It mainly serves as a simple example of how to create a
42	  gcc plugin for the kernel.
43
44config GCC_PLUGIN_SANCOV
45	bool
46	help
47	  This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
48	  basic blocks. It supports all gcc versions with plugin support (from
49	  gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
50	  by Dmitry Vyukov <dvyukov@google.com>.
51
52config GCC_PLUGIN_LATENT_ENTROPY
53	bool "Generate some entropy during boot and runtime"
54	help
55	  By saying Y here the kernel will instrument some kernel code to
56	  extract some entropy from both original and artificially created
57	  program state.  This will help especially embedded systems where
58	  there is little 'natural' source of entropy normally.  The cost
59	  is some slowdown of the boot process (about 0.5%) and fork and
60	  irq processing.
61
62	  Note that entropy extracted this way is not cryptographically
63	  secure!
64
65	  This plugin was ported from grsecurity/PaX. More information at:
66	   * https://grsecurity.net/
67	   * https://pax.grsecurity.net/
68
69config GCC_PLUGIN_STRUCTLEAK
70	bool "Zero initialize stack variables"
71	help
72	  While the kernel is built with warnings enabled for any missed
73	  stack variable initializations, this warning is silenced for
74	  anything passed by reference to another function, under the
75	  occasionally misguided assumption that the function will do
76	  the initialization. As this regularly leads to exploitable
77	  flaws, this plugin is available to identify and zero-initialize
78	  such variables, depending on the chosen level of coverage.
79
80	  This plugin was originally ported from grsecurity/PaX. More
81	  information at:
82	   * https://grsecurity.net/
83	   * https://pax.grsecurity.net/
84
85choice
86	prompt "Coverage"
87	depends on GCC_PLUGIN_STRUCTLEAK
88	default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
89	help
90	  This chooses the level of coverage over classes of potentially
91	  uninitialized variables. The selected class will be
92	  zero-initialized before use.
93
94	config GCC_PLUGIN_STRUCTLEAK_USER
95		bool "structs marked for userspace"
96		help
97		  Zero-initialize any structures on the stack containing
98		  a __user attribute. This can prevent some classes of
99		  uninitialized stack variable exploits and information
100		  exposures, like CVE-2013-2141:
101		  https://git.kernel.org/linus/b9e146d8eb3b9eca
102
103	config GCC_PLUGIN_STRUCTLEAK_BYREF
104		bool "structs passed by reference"
105		help
106		  Zero-initialize any structures on the stack that may
107		  be passed by reference and had not already been
108		  explicitly initialized. This can prevent most classes
109		  of uninitialized stack variable exploits and information
110		  exposures, like CVE-2017-1000410:
111		  https://git.kernel.org/linus/06e7e776ca4d3654
112
113	config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
114		bool "anything passed by reference"
115		help
116		  Zero-initialize any stack variables that may be passed
117		  by reference and had not already been explicitly
118		  initialized. This is intended to eliminate all classes
119		  of uninitialized stack variable exploits and information
120		  exposures.
121
122endchoice
123
124config GCC_PLUGIN_STRUCTLEAK_VERBOSE
125	bool "Report forcefully initialized variables"
126	depends on GCC_PLUGIN_STRUCTLEAK
127	depends on !COMPILE_TEST	# too noisy
128	help
129	  This option will cause a warning to be printed each time the
130	  structleak plugin finds a variable it thinks needs to be
131	  initialized. Since not all existing initializers are detected
132	  by the plugin, this can produce false positive warnings.
133
134config GCC_PLUGIN_RANDSTRUCT
135	bool "Randomize layout of sensitive kernel structures"
136	select MODVERSIONS if MODULES
137	help
138	  If you say Y here, the layouts of structures that are entirely
139	  function pointers (and have not been manually annotated with
140	  __no_randomize_layout), or structures that have been explicitly
141	  marked with __randomize_layout, will be randomized at compile-time.
142	  This can introduce the requirement of an additional information
143	  exposure vulnerability for exploits targeting these structure
144	  types.
145
146	  Enabling this feature will introduce some performance impact,
147	  slightly increase memory usage, and prevent the use of forensic
148	  tools like Volatility against the system (unless the kernel
149	  source tree isn't cleaned after kernel installation).
150
151	  The seed used for compilation is located at
152	  scripts/gcc-plgins/randomize_layout_seed.h.  It remains after
153	  a make clean to allow for external modules to be compiled with
154	  the existing seed and will be removed by a make mrproper or
155	  make distclean.
156
157	  Note that the implementation requires gcc 4.7 or newer.
158
159	  This plugin was ported from grsecurity/PaX. More information at:
160	   * https://grsecurity.net/
161	   * https://pax.grsecurity.net/
162
163config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
164	bool "Use cacheline-aware structure randomization"
165	depends on GCC_PLUGIN_RANDSTRUCT
166	depends on !COMPILE_TEST	# do not reduce test coverage
167	help
168	  If you say Y here, the RANDSTRUCT randomization will make a
169	  best effort at restricting randomization to cacheline-sized
170	  groups of elements.  It will further not randomize bitfields
171	  in structures.  This reduces the performance hit of RANDSTRUCT
172	  at the cost of weakened randomization.
173
174config GCC_PLUGIN_STACKLEAK
175	bool "Erase the kernel stack before returning from syscalls"
176	depends on GCC_PLUGINS
177	depends on HAVE_ARCH_STACKLEAK
178	help
179	  This option makes the kernel erase the kernel stack before
180	  returning from system calls. That reduces the information which
181	  kernel stack leak bugs can reveal and blocks some uninitialized
182	  stack variable attacks.
183
184	  The tradeoff is the performance impact: on a single CPU system kernel
185	  compilation sees a 1% slowdown, other systems and workloads may vary
186	  and you are advised to test this feature on your expected workload
187	  before deploying it.
188
189	  This plugin was ported from grsecurity/PaX. More information at:
190	   * https://grsecurity.net/
191	   * https://pax.grsecurity.net/
192
193config STACKLEAK_TRACK_MIN_SIZE
194	int "Minimum stack frame size of functions tracked by STACKLEAK"
195	default 100
196	range 0 4096
197	depends on GCC_PLUGIN_STACKLEAK
198	help
199	  The STACKLEAK gcc plugin instruments the kernel code for tracking
200	  the lowest border of the kernel stack (and for some other purposes).
201	  It inserts the stackleak_track_stack() call for the functions with
202	  a stack frame size greater than or equal to this parameter.
203	  If unsure, leave the default value 100.
204
205config STACKLEAK_METRICS
206	bool "Show STACKLEAK metrics in the /proc file system"
207	depends on GCC_PLUGIN_STACKLEAK
208	depends on PROC_FS
209	help
210	  If this is set, STACKLEAK metrics for every task are available in
211	  the /proc file system. In particular, /proc/<pid>/stack_depth
212	  shows the maximum kernel stack consumption for the current and
213	  previous syscalls. Although this information is not precise, it
214	  can be useful for estimating the STACKLEAK performance impact for
215	  your workloads.
216
217config STACKLEAK_RUNTIME_DISABLE
218	bool "Allow runtime disabling of kernel stack erasing"
219	depends on GCC_PLUGIN_STACKLEAK
220	help
221	  This option provides 'stack_erasing' sysctl, which can be used in
222	  runtime to control kernel stack erasing for kernels built with
223	  CONFIG_GCC_PLUGIN_STACKLEAK.
224
225config GCC_PLUGIN_ARM_SSP_PER_TASK
226	bool
227	depends on GCC_PLUGINS && ARM
228
229endif
230