xref: /openbmc/linux/scripts/gcc-plugins/Kconfig (revision ebd09753)
1preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC))
2
3config PLUGIN_HOSTCC
4	string
5	default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC
6	help
7	  Host compiler used to build GCC plugins.  This can be $(HOSTCXX),
8	  $(HOSTCC), or a null string if GCC plugin is unsupported.
9
10config HAVE_GCC_PLUGINS
11	bool
12	help
13	  An arch should select this symbol if it supports building with
14	  GCC plugins.
15
16menuconfig GCC_PLUGINS
17	bool "GCC plugins"
18	depends on HAVE_GCC_PLUGINS
19	depends on PLUGIN_HOSTCC != ""
20	help
21	  GCC plugins are loadable modules that provide extra features to the
22	  compiler. They are useful for runtime instrumentation and static analysis.
23
24	  See Documentation/gcc-plugins.txt for details.
25
26if GCC_PLUGINS
27
28config GCC_PLUGIN_CYC_COMPLEXITY
29	bool "Compute the cyclomatic complexity of a function" if EXPERT
30	depends on !COMPILE_TEST	# too noisy
31	help
32	  The complexity M of a function's control flow graph is defined as:
33	   M = E - N + 2P
34	  where
35
36	  E = the number of edges
37	  N = the number of nodes
38	  P = the number of connected components (exit nodes).
39
40	  Enabling this plugin reports the complexity to stderr during the
41	  build. It mainly serves as a simple example of how to create a
42	  gcc plugin for the kernel.
43
44config GCC_PLUGIN_SANCOV
45	bool
46	help
47	  This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
48	  basic blocks. It supports all gcc versions with plugin support (from
49	  gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
50	  by Dmitry Vyukov <dvyukov@google.com>.
51
52config GCC_PLUGIN_LATENT_ENTROPY
53	bool "Generate some entropy during boot and runtime"
54	help
55	  By saying Y here the kernel will instrument some kernel code to
56	  extract some entropy from both original and artificially created
57	  program state.  This will help especially embedded systems where
58	  there is little 'natural' source of entropy normally.  The cost
59	  is some slowdown of the boot process (about 0.5%) and fork and
60	  irq processing.
61
62	  Note that entropy extracted this way is not cryptographically
63	  secure!
64
65	  This plugin was ported from grsecurity/PaX. More information at:
66	   * https://grsecurity.net/
67	   * https://pax.grsecurity.net/
68
69config GCC_PLUGIN_STRUCTLEAK
70	bool "Force initialization of variables containing userspace addresses"
71	# Currently STRUCTLEAK inserts initialization out of live scope of
72	# variables from KASAN point of view. This leads to KASAN false
73	# positive reports. Prohibit this combination for now.
74	depends on !KASAN_EXTRA
75	help
76	  This plugin zero-initializes any structures containing a
77	  __user attribute. This can prevent some classes of information
78	  exposures.
79
80	  This plugin was ported from grsecurity/PaX. More information at:
81	   * https://grsecurity.net/
82	   * https://pax.grsecurity.net/
83
84config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
85	bool "Force initialize all struct type variables passed by reference"
86	depends on GCC_PLUGIN_STRUCTLEAK
87	depends on !COMPILE_TEST
88	help
89	  Zero initialize any struct type local variable that may be passed by
90	  reference without having been initialized.
91
92config GCC_PLUGIN_STRUCTLEAK_VERBOSE
93	bool "Report forcefully initialized variables"
94	depends on GCC_PLUGIN_STRUCTLEAK
95	depends on !COMPILE_TEST	# too noisy
96	help
97	  This option will cause a warning to be printed each time the
98	  structleak plugin finds a variable it thinks needs to be
99	  initialized. Since not all existing initializers are detected
100	  by the plugin, this can produce false positive warnings.
101
102config GCC_PLUGIN_RANDSTRUCT
103	bool "Randomize layout of sensitive kernel structures"
104	select MODVERSIONS if MODULES
105	help
106	  If you say Y here, the layouts of structures that are entirely
107	  function pointers (and have not been manually annotated with
108	  __no_randomize_layout), or structures that have been explicitly
109	  marked with __randomize_layout, will be randomized at compile-time.
110	  This can introduce the requirement of an additional information
111	  exposure vulnerability for exploits targeting these structure
112	  types.
113
114	  Enabling this feature will introduce some performance impact,
115	  slightly increase memory usage, and prevent the use of forensic
116	  tools like Volatility against the system (unless the kernel
117	  source tree isn't cleaned after kernel installation).
118
119	  The seed used for compilation is located at
120	  scripts/gcc-plgins/randomize_layout_seed.h.  It remains after
121	  a make clean to allow for external modules to be compiled with
122	  the existing seed and will be removed by a make mrproper or
123	  make distclean.
124
125	  Note that the implementation requires gcc 4.7 or newer.
126
127	  This plugin was ported from grsecurity/PaX. More information at:
128	   * https://grsecurity.net/
129	   * https://pax.grsecurity.net/
130
131config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
132	bool "Use cacheline-aware structure randomization"
133	depends on GCC_PLUGIN_RANDSTRUCT
134	depends on !COMPILE_TEST	# do not reduce test coverage
135	help
136	  If you say Y here, the RANDSTRUCT randomization will make a
137	  best effort at restricting randomization to cacheline-sized
138	  groups of elements.  It will further not randomize bitfields
139	  in structures.  This reduces the performance hit of RANDSTRUCT
140	  at the cost of weakened randomization.
141
142config GCC_PLUGIN_STACKLEAK
143	bool "Erase the kernel stack before returning from syscalls"
144	depends on GCC_PLUGINS
145	depends on HAVE_ARCH_STACKLEAK
146	help
147	  This option makes the kernel erase the kernel stack before
148	  returning from system calls. That reduces the information which
149	  kernel stack leak bugs can reveal and blocks some uninitialized
150	  stack variable attacks.
151
152	  The tradeoff is the performance impact: on a single CPU system kernel
153	  compilation sees a 1% slowdown, other systems and workloads may vary
154	  and you are advised to test this feature on your expected workload
155	  before deploying it.
156
157	  This plugin was ported from grsecurity/PaX. More information at:
158	   * https://grsecurity.net/
159	   * https://pax.grsecurity.net/
160
161config STACKLEAK_TRACK_MIN_SIZE
162	int "Minimum stack frame size of functions tracked by STACKLEAK"
163	default 100
164	range 0 4096
165	depends on GCC_PLUGIN_STACKLEAK
166	help
167	  The STACKLEAK gcc plugin instruments the kernel code for tracking
168	  the lowest border of the kernel stack (and for some other purposes).
169	  It inserts the stackleak_track_stack() call for the functions with
170	  a stack frame size greater than or equal to this parameter.
171	  If unsure, leave the default value 100.
172
173config STACKLEAK_METRICS
174	bool "Show STACKLEAK metrics in the /proc file system"
175	depends on GCC_PLUGIN_STACKLEAK
176	depends on PROC_FS
177	help
178	  If this is set, STACKLEAK metrics for every task are available in
179	  the /proc file system. In particular, /proc/<pid>/stack_depth
180	  shows the maximum kernel stack consumption for the current and
181	  previous syscalls. Although this information is not precise, it
182	  can be useful for estimating the STACKLEAK performance impact for
183	  your workloads.
184
185config STACKLEAK_RUNTIME_DISABLE
186	bool "Allow runtime disabling of kernel stack erasing"
187	depends on GCC_PLUGIN_STACKLEAK
188	help
189	  This option provides 'stack_erasing' sysctl, which can be used in
190	  runtime to control kernel stack erasing for kernels built with
191	  CONFIG_GCC_PLUGIN_STACKLEAK.
192
193endif
194