xref: /linux/scripts/gcc-plugins/Kconfig (revision 81a56f6dcd20325607d6008f4bb560c96f4c821a) 
1preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC))
2
3config PLUGIN_HOSTCC
4	string
5	default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC
6	help
7	  Host compiler used to build GCC plugins.  This can be $(HOSTCXX),
8	  $(HOSTCC), or a null string if GCC plugin is unsupported.
9
10config HAVE_GCC_PLUGINS
11	bool
12	help
13	  An arch should select this symbol if it supports building with
14	  GCC plugins.
15
16menuconfig GCC_PLUGINS
17	bool "GCC plugins"
18	depends on HAVE_GCC_PLUGINS
19	depends on PLUGIN_HOSTCC != ""
20	help
21	  GCC plugins are loadable modules that provide extra features to the
22	  compiler. They are useful for runtime instrumentation and static analysis.
23
24	  See Documentation/gcc-plugins.txt for details.
25
26if GCC_PLUGINS
27
28config GCC_PLUGIN_CYC_COMPLEXITY
29	bool "Compute the cyclomatic complexity of a function" if EXPERT
30	depends on !COMPILE_TEST	# too noisy
31	help
32	  The complexity M of a function's control flow graph is defined as:
33	   M = E - N + 2P
34	  where
35
36	  E = the number of edges
37	  N = the number of nodes
38	  P = the number of connected components (exit nodes).
39
40	  Enabling this plugin reports the complexity to stderr during the
41	  build. It mainly serves as a simple example of how to create a
42	  gcc plugin for the kernel.
43
44config GCC_PLUGIN_SANCOV
45	bool
46	help
47	  This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
48	  basic blocks. It supports all gcc versions with plugin support (from
49	  gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
50	  by Dmitry Vyukov <dvyukov@google.com>.
51
52config GCC_PLUGIN_LATENT_ENTROPY
53	bool "Generate some entropy during boot and runtime"
54	help
55	  By saying Y here the kernel will instrument some kernel code to
56	  extract some entropy from both original and artificially created
57	  program state.  This will help especially embedded systems where
58	  there is little 'natural' source of entropy normally.  The cost
59	  is some slowdown of the boot process (about 0.5%) and fork and
60	  irq processing.
61
62	  Note that entropy extracted this way is not cryptographically
63	  secure!
64
65	  This plugin was ported from grsecurity/PaX. More information at:
66	   * https://grsecurity.net/
67	   * https://pax.grsecurity.net/
68
69config GCC_PLUGIN_STRUCTLEAK
70	bool "Zero initialize stack variables"
71	# Currently STRUCTLEAK inserts initialization out of live scope of
72	# variables from KASAN point of view. This leads to KASAN false
73	# positive reports. Prohibit this combination for now.
74	depends on !KASAN_EXTRA
75	help
76	  While the kernel is built with warnings enabled for any missed
77	  stack variable initializations, this warning is silenced for
78	  anything passed by reference to another function, under the
79	  occasionally misguided assumption that the function will do
80	  the initialization. As this regularly leads to exploitable
81	  flaws, this plugin is available to identify and zero-initialize
82	  such variables, depending on the chosen level of coverage.
83
84	  This plugin was originally ported from grsecurity/PaX. More
85	  information at:
86	   * https://grsecurity.net/
87	   * https://pax.grsecurity.net/
88
89choice
90	prompt "Coverage"
91	depends on GCC_PLUGIN_STRUCTLEAK
92	default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
93	help
94	  This chooses the level of coverage over classes of potentially
95	  uninitialized variables. The selected class will be
96	  zero-initialized before use.
97
98	config GCC_PLUGIN_STRUCTLEAK_USER
99		bool "structs marked for userspace"
100		help
101		  Zero-initialize any structures on the stack containing
102		  a __user attribute. This can prevent some classes of
103		  uninitialized stack variable exploits and information
104		  exposures, like CVE-2013-2141:
105		  https://git.kernel.org/linus/b9e146d8eb3b9eca
106
107	config GCC_PLUGIN_STRUCTLEAK_BYREF
108		bool "structs passed by reference"
109		help
110		  Zero-initialize any structures on the stack that may
111		  be passed by reference and had not already been
112		  explicitly initialized. This can prevent most classes
113		  of uninitialized stack variable exploits and information
114		  exposures, like CVE-2017-1000410:
115		  https://git.kernel.org/linus/06e7e776ca4d3654
116
117	config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
118		bool "anything passed by reference"
119		help
120		  Zero-initialize any stack variables that may be passed
121		  by reference and had not already been explicitly
122		  initialized. This is intended to eliminate all classes
123		  of uninitialized stack variable exploits and information
124		  exposures.
125
126endchoice
127
128config GCC_PLUGIN_STRUCTLEAK_VERBOSE
129	bool "Report forcefully initialized variables"
130	depends on GCC_PLUGIN_STRUCTLEAK
131	depends on !COMPILE_TEST	# too noisy
132	help
133	  This option will cause a warning to be printed each time the
134	  structleak plugin finds a variable it thinks needs to be
135	  initialized. Since not all existing initializers are detected
136	  by the plugin, this can produce false positive warnings.
137
138config GCC_PLUGIN_RANDSTRUCT
139	bool "Randomize layout of sensitive kernel structures"
140	select MODVERSIONS if MODULES
141	help
142	  If you say Y here, the layouts of structures that are entirely
143	  function pointers (and have not been manually annotated with
144	  __no_randomize_layout), or structures that have been explicitly
145	  marked with __randomize_layout, will be randomized at compile-time.
146	  This can introduce the requirement of an additional information
147	  exposure vulnerability for exploits targeting these structure
148	  types.
149
150	  Enabling this feature will introduce some performance impact,
151	  slightly increase memory usage, and prevent the use of forensic
152	  tools like Volatility against the system (unless the kernel
153	  source tree isn't cleaned after kernel installation).
154
155	  The seed used for compilation is located at
156	  scripts/gcc-plgins/randomize_layout_seed.h.  It remains after
157	  a make clean to allow for external modules to be compiled with
158	  the existing seed and will be removed by a make mrproper or
159	  make distclean.
160
161	  Note that the implementation requires gcc 4.7 or newer.
162
163	  This plugin was ported from grsecurity/PaX. More information at:
164	   * https://grsecurity.net/
165	   * https://pax.grsecurity.net/
166
167config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
168	bool "Use cacheline-aware structure randomization"
169	depends on GCC_PLUGIN_RANDSTRUCT
170	depends on !COMPILE_TEST	# do not reduce test coverage
171	help
172	  If you say Y here, the RANDSTRUCT randomization will make a
173	  best effort at restricting randomization to cacheline-sized
174	  groups of elements.  It will further not randomize bitfields
175	  in structures.  This reduces the performance hit of RANDSTRUCT
176	  at the cost of weakened randomization.
177
178config GCC_PLUGIN_STACKLEAK
179	bool "Erase the kernel stack before returning from syscalls"
180	depends on GCC_PLUGINS
181	depends on HAVE_ARCH_STACKLEAK
182	help
183	  This option makes the kernel erase the kernel stack before
184	  returning from system calls. That reduces the information which
185	  kernel stack leak bugs can reveal and blocks some uninitialized
186	  stack variable attacks.
187
188	  The tradeoff is the performance impact: on a single CPU system kernel
189	  compilation sees a 1% slowdown, other systems and workloads may vary
190	  and you are advised to test this feature on your expected workload
191	  before deploying it.
192
193	  This plugin was ported from grsecurity/PaX. More information at:
194	   * https://grsecurity.net/
195	   * https://pax.grsecurity.net/
196
197config STACKLEAK_TRACK_MIN_SIZE
198	int "Minimum stack frame size of functions tracked by STACKLEAK"
199	default 100
200	range 0 4096
201	depends on GCC_PLUGIN_STACKLEAK
202	help
203	  The STACKLEAK gcc plugin instruments the kernel code for tracking
204	  the lowest border of the kernel stack (and for some other purposes).
205	  It inserts the stackleak_track_stack() call for the functions with
206	  a stack frame size greater than or equal to this parameter.
207	  If unsure, leave the default value 100.
208
209config STACKLEAK_METRICS
210	bool "Show STACKLEAK metrics in the /proc file system"
211	depends on GCC_PLUGIN_STACKLEAK
212	depends on PROC_FS
213	help
214	  If this is set, STACKLEAK metrics for every task are available in
215	  the /proc file system. In particular, /proc/<pid>/stack_depth
216	  shows the maximum kernel stack consumption for the current and
217	  previous syscalls. Although this information is not precise, it
218	  can be useful for estimating the STACKLEAK performance impact for
219	  your workloads.
220
221config STACKLEAK_RUNTIME_DISABLE
222	bool "Allow runtime disabling of kernel stack erasing"
223	depends on GCC_PLUGIN_STACKLEAK
224	help
225	  This option provides 'stack_erasing' sysctl, which can be used in
226	  runtime to control kernel stack erasing for kernels built with
227	  CONFIG_GCC_PLUGIN_STACKLEAK.
228
229config GCC_PLUGIN_ARM_SSP_PER_TASK
230	bool
231	depends on GCC_PLUGINS && ARM
232
233endif
234