xref: /openbmc/linux/scripts/gcc-plugins/Kconfig (revision 9958d30f)
1# SPDX-License-Identifier: GPL-2.0-only
2config HAVE_GCC_PLUGINS
3	bool
4	help
5	  An arch should select this symbol if it supports building with
6	  GCC plugins.
7
8menuconfig GCC_PLUGINS
9	bool "GCC plugins"
10	depends on HAVE_GCC_PLUGINS
11	depends on CC_IS_GCC
12	depends on $(success,test -e $(shell,$(CC) -print-file-name=plugin)/include/plugin-version.h)
13	default y
14	help
15	  GCC plugins are loadable modules that provide extra features to the
16	  compiler. They are useful for runtime instrumentation and static analysis.
17
18	  See Documentation/kbuild/gcc-plugins.rst for details.
19
20if GCC_PLUGINS
21
22config GCC_PLUGIN_SANCOV
23	bool
24	# Plugin can be removed once the kernel only supports GCC 6+
25	depends on !CC_HAS_SANCOV_TRACE_PC
26	help
27	  This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
28	  basic blocks. It supports all gcc versions with plugin support (from
29	  gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
30	  by Dmitry Vyukov <dvyukov@google.com>.
31
32config GCC_PLUGIN_LATENT_ENTROPY
33	bool "Generate some entropy during boot and runtime"
34	help
35	  By saying Y here the kernel will instrument some kernel code to
36	  extract some entropy from both original and artificially created
37	  program state.  This will help especially embedded systems where
38	  there is little 'natural' source of entropy normally.  The cost
39	  is some slowdown of the boot process (about 0.5%) and fork and
40	  irq processing.
41
42	  Note that entropy extracted this way is not cryptographically
43	  secure!
44
45	  This plugin was ported from grsecurity/PaX. More information at:
46	   * https://grsecurity.net/
47	   * https://pax.grsecurity.net/
48
49config GCC_PLUGIN_RANDSTRUCT
50	bool "Randomize layout of sensitive kernel structures"
51	select MODVERSIONS if MODULES
52	help
53	  If you say Y here, the layouts of structures that are entirely
54	  function pointers (and have not been manually annotated with
55	  __no_randomize_layout), or structures that have been explicitly
56	  marked with __randomize_layout, will be randomized at compile-time.
57	  This can introduce the requirement of an additional information
58	  exposure vulnerability for exploits targeting these structure
59	  types.
60
61	  Enabling this feature will introduce some performance impact,
62	  slightly increase memory usage, and prevent the use of forensic
63	  tools like Volatility against the system (unless the kernel
64	  source tree isn't cleaned after kernel installation).
65
66	  The seed used for compilation is located at
67	  scripts/gcc-plugins/randomize_layout_seed.h.  It remains after
68	  a make clean to allow for external modules to be compiled with
69	  the existing seed and will be removed by a make mrproper or
70	  make distclean.
71
72	  This plugin was ported from grsecurity/PaX. More information at:
73	   * https://grsecurity.net/
74	   * https://pax.grsecurity.net/
75
76config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
77	bool "Use cacheline-aware structure randomization"
78	depends on GCC_PLUGIN_RANDSTRUCT
79	depends on !COMPILE_TEST	# do not reduce test coverage
80	help
81	  If you say Y here, the RANDSTRUCT randomization will make a
82	  best effort at restricting randomization to cacheline-sized
83	  groups of elements.  It will further not randomize bitfields
84	  in structures.  This reduces the performance hit of RANDSTRUCT
85	  at the cost of weakened randomization.
86
87config GCC_PLUGIN_ARM_SSP_PER_TASK
88	bool
89	depends on GCC_PLUGINS && ARM
90
91endif
92