1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 245332b1bSMasahiro Yamadapreferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC)) 345332b1bSMasahiro Yamada 445332b1bSMasahiro Yamadaconfig PLUGIN_HOSTCC 545332b1bSMasahiro Yamada string 6b0441333SKees Cook default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC 745332b1bSMasahiro Yamada help 845332b1bSMasahiro Yamada Host compiler used to build GCC plugins. This can be $(HOSTCXX), 945332b1bSMasahiro Yamada $(HOSTCC), or a null string if GCC plugin is unsupported. 1045332b1bSMasahiro Yamada 1145332b1bSMasahiro Yamadaconfig HAVE_GCC_PLUGINS 1245332b1bSMasahiro Yamada bool 1345332b1bSMasahiro Yamada help 1445332b1bSMasahiro Yamada An arch should select this symbol if it supports building with 1545332b1bSMasahiro Yamada GCC plugins. 1645332b1bSMasahiro Yamada 17a5b0dc5aSArnd Bergmannmenuconfig GCC_PLUGINS 18a5b0dc5aSArnd Bergmann bool "GCC plugins" 1945332b1bSMasahiro Yamada depends on HAVE_GCC_PLUGINS 2045332b1bSMasahiro Yamada depends on PLUGIN_HOSTCC != "" 219f671e58SKees Cook default y 2245332b1bSMasahiro Yamada help 2345332b1bSMasahiro Yamada GCC plugins are loadable modules that provide extra features to the 2445332b1bSMasahiro Yamada compiler. They are useful for runtime instrumentation and static analysis. 2545332b1bSMasahiro Yamada 26*2b4cbd5cSJonathan Corbet See Documentation/kbuild/gcc-plugins.rst for details. 2745332b1bSMasahiro Yamada 28a5b0dc5aSArnd Bergmannif GCC_PLUGINS 2945332b1bSMasahiro Yamada 3045332b1bSMasahiro Yamadaconfig GCC_PLUGIN_CYC_COMPLEXITY 3145332b1bSMasahiro Yamada bool "Compute the cyclomatic complexity of a function" if EXPERT 3245332b1bSMasahiro Yamada depends on !COMPILE_TEST # too noisy 3345332b1bSMasahiro Yamada help 3445332b1bSMasahiro Yamada The complexity M of a function's control flow graph is defined as: 3545332b1bSMasahiro Yamada M = E - N + 2P 3645332b1bSMasahiro Yamada where 3745332b1bSMasahiro Yamada 3845332b1bSMasahiro Yamada E = the number of edges 3945332b1bSMasahiro Yamada N = the number of nodes 4045332b1bSMasahiro Yamada P = the number of connected components (exit nodes). 4145332b1bSMasahiro Yamada 4245332b1bSMasahiro Yamada Enabling this plugin reports the complexity to stderr during the 4345332b1bSMasahiro Yamada build. It mainly serves as a simple example of how to create a 4445332b1bSMasahiro Yamada gcc plugin for the kernel. 4545332b1bSMasahiro Yamada 4645332b1bSMasahiro Yamadaconfig GCC_PLUGIN_SANCOV 4745332b1bSMasahiro Yamada bool 4845332b1bSMasahiro Yamada help 4945332b1bSMasahiro Yamada This plugin inserts a __sanitizer_cov_trace_pc() call at the start of 5045332b1bSMasahiro Yamada basic blocks. It supports all gcc versions with plugin support (from 5145332b1bSMasahiro Yamada gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" 5245332b1bSMasahiro Yamada by Dmitry Vyukov <dvyukov@google.com>. 5345332b1bSMasahiro Yamada 5445332b1bSMasahiro Yamadaconfig GCC_PLUGIN_LATENT_ENTROPY 5545332b1bSMasahiro Yamada bool "Generate some entropy during boot and runtime" 5645332b1bSMasahiro Yamada help 5745332b1bSMasahiro Yamada By saying Y here the kernel will instrument some kernel code to 5845332b1bSMasahiro Yamada extract some entropy from both original and artificially created 5945332b1bSMasahiro Yamada program state. This will help especially embedded systems where 6045332b1bSMasahiro Yamada there is little 'natural' source of entropy normally. The cost 6145332b1bSMasahiro Yamada is some slowdown of the boot process (about 0.5%) and fork and 6245332b1bSMasahiro Yamada irq processing. 6345332b1bSMasahiro Yamada 6445332b1bSMasahiro Yamada Note that entropy extracted this way is not cryptographically 6545332b1bSMasahiro Yamada secure! 6645332b1bSMasahiro Yamada 6745332b1bSMasahiro Yamada This plugin was ported from grsecurity/PaX. More information at: 6845332b1bSMasahiro Yamada * https://grsecurity.net/ 6945332b1bSMasahiro Yamada * https://pax.grsecurity.net/ 7045332b1bSMasahiro Yamada 7145332b1bSMasahiro Yamadaconfig GCC_PLUGIN_RANDSTRUCT 7245332b1bSMasahiro Yamada bool "Randomize layout of sensitive kernel structures" 7345332b1bSMasahiro Yamada select MODVERSIONS if MODULES 7445332b1bSMasahiro Yamada help 7545332b1bSMasahiro Yamada If you say Y here, the layouts of structures that are entirely 7645332b1bSMasahiro Yamada function pointers (and have not been manually annotated with 7745332b1bSMasahiro Yamada __no_randomize_layout), or structures that have been explicitly 7845332b1bSMasahiro Yamada marked with __randomize_layout, will be randomized at compile-time. 7945332b1bSMasahiro Yamada This can introduce the requirement of an additional information 8045332b1bSMasahiro Yamada exposure vulnerability for exploits targeting these structure 8145332b1bSMasahiro Yamada types. 8245332b1bSMasahiro Yamada 8345332b1bSMasahiro Yamada Enabling this feature will introduce some performance impact, 8445332b1bSMasahiro Yamada slightly increase memory usage, and prevent the use of forensic 8545332b1bSMasahiro Yamada tools like Volatility against the system (unless the kernel 8645332b1bSMasahiro Yamada source tree isn't cleaned after kernel installation). 8745332b1bSMasahiro Yamada 8845332b1bSMasahiro Yamada The seed used for compilation is located at 8945332b1bSMasahiro Yamada scripts/gcc-plgins/randomize_layout_seed.h. It remains after 9045332b1bSMasahiro Yamada a make clean to allow for external modules to be compiled with 9145332b1bSMasahiro Yamada the existing seed and will be removed by a make mrproper or 9245332b1bSMasahiro Yamada make distclean. 9345332b1bSMasahiro Yamada 9445332b1bSMasahiro Yamada Note that the implementation requires gcc 4.7 or newer. 9545332b1bSMasahiro Yamada 9645332b1bSMasahiro Yamada This plugin was ported from grsecurity/PaX. More information at: 9745332b1bSMasahiro Yamada * https://grsecurity.net/ 9845332b1bSMasahiro Yamada * https://pax.grsecurity.net/ 9945332b1bSMasahiro Yamada 10045332b1bSMasahiro Yamadaconfig GCC_PLUGIN_RANDSTRUCT_PERFORMANCE 10145332b1bSMasahiro Yamada bool "Use cacheline-aware structure randomization" 10245332b1bSMasahiro Yamada depends on GCC_PLUGIN_RANDSTRUCT 10345332b1bSMasahiro Yamada depends on !COMPILE_TEST # do not reduce test coverage 10445332b1bSMasahiro Yamada help 10545332b1bSMasahiro Yamada If you say Y here, the RANDSTRUCT randomization will make a 10645332b1bSMasahiro Yamada best effort at restricting randomization to cacheline-sized 10745332b1bSMasahiro Yamada groups of elements. It will further not randomize bitfields 10845332b1bSMasahiro Yamada in structures. This reduces the performance hit of RANDSTRUCT 10945332b1bSMasahiro Yamada at the cost of weakened randomization. 11045332b1bSMasahiro Yamada 111189af465SArd Biesheuvelconfig GCC_PLUGIN_ARM_SSP_PER_TASK 112189af465SArd Biesheuvel bool 113189af465SArd Biesheuvel depends on GCC_PLUGINS && ARM 114189af465SArd Biesheuvel 115a5b0dc5aSArnd Bergmannendif 116