1# SPDX-License-Identifier: GPL-2.0-only 2config HAVE_GCC_PLUGINS 3 bool 4 help 5 An arch should select this symbol if it supports building with 6 GCC plugins. 7 8menuconfig GCC_PLUGINS 9 bool "GCC plugins" 10 depends on HAVE_GCC_PLUGINS 11 depends on CC_IS_GCC 12 depends on $(success,$(srctree)/scripts/gcc-plugin.sh $(CC)) 13 default y 14 help 15 GCC plugins are loadable modules that provide extra features to the 16 compiler. They are useful for runtime instrumentation and static analysis. 17 18 See Documentation/kbuild/gcc-plugins.rst for details. 19 20if GCC_PLUGINS 21 22config GCC_PLUGIN_CYC_COMPLEXITY 23 bool "Compute the cyclomatic complexity of a function" if EXPERT 24 depends on !COMPILE_TEST # too noisy 25 help 26 The complexity M of a function's control flow graph is defined as: 27 M = E - N + 2P 28 where 29 30 E = the number of edges 31 N = the number of nodes 32 P = the number of connected components (exit nodes). 33 34 Enabling this plugin reports the complexity to stderr during the 35 build. It mainly serves as a simple example of how to create a 36 gcc plugin for the kernel. 37 38config GCC_PLUGIN_SANCOV 39 bool 40 help 41 This plugin inserts a __sanitizer_cov_trace_pc() call at the start of 42 basic blocks. It supports all gcc versions with plugin support (from 43 gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" 44 by Dmitry Vyukov <dvyukov@google.com>. 45 46config GCC_PLUGIN_LATENT_ENTROPY 47 bool "Generate some entropy during boot and runtime" 48 help 49 By saying Y here the kernel will instrument some kernel code to 50 extract some entropy from both original and artificially created 51 program state. This will help especially embedded systems where 52 there is little 'natural' source of entropy normally. The cost 53 is some slowdown of the boot process (about 0.5%) and fork and 54 irq processing. 55 56 Note that entropy extracted this way is not cryptographically 57 secure! 58 59 This plugin was ported from grsecurity/PaX. More information at: 60 * https://grsecurity.net/ 61 * https://pax.grsecurity.net/ 62 63config GCC_PLUGIN_RANDSTRUCT 64 bool "Randomize layout of sensitive kernel structures" 65 select MODVERSIONS if MODULES 66 help 67 If you say Y here, the layouts of structures that are entirely 68 function pointers (and have not been manually annotated with 69 __no_randomize_layout), or structures that have been explicitly 70 marked with __randomize_layout, will be randomized at compile-time. 71 This can introduce the requirement of an additional information 72 exposure vulnerability for exploits targeting these structure 73 types. 74 75 Enabling this feature will introduce some performance impact, 76 slightly increase memory usage, and prevent the use of forensic 77 tools like Volatility against the system (unless the kernel 78 source tree isn't cleaned after kernel installation). 79 80 The seed used for compilation is located at 81 scripts/gcc-plgins/randomize_layout_seed.h. It remains after 82 a make clean to allow for external modules to be compiled with 83 the existing seed and will be removed by a make mrproper or 84 make distclean. 85 86 Note that the implementation requires gcc 4.7 or newer. 87 88 This plugin was ported from grsecurity/PaX. More information at: 89 * https://grsecurity.net/ 90 * https://pax.grsecurity.net/ 91 92config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE 93 bool "Use cacheline-aware structure randomization" 94 depends on GCC_PLUGIN_RANDSTRUCT 95 depends on !COMPILE_TEST # do not reduce test coverage 96 help 97 If you say Y here, the RANDSTRUCT randomization will make a 98 best effort at restricting randomization to cacheline-sized 99 groups of elements. It will further not randomize bitfields 100 in structures. This reduces the performance hit of RANDSTRUCT 101 at the cost of weakened randomization. 102 103config GCC_PLUGIN_ARM_SSP_PER_TASK 104 bool 105 depends on GCC_PLUGINS && ARM 106 107endif 108