Loading...
1# SPDX-License-Identifier: GPL-2.0-only
2config HAVE_GCC_PLUGINS
3 bool
4 help
5 An arch should select this symbol if it supports building with
6 GCC plugins.
7
8menuconfig GCC_PLUGINS
9 bool "GCC plugins"
10 depends on HAVE_GCC_PLUGINS
11 depends on CC_IS_GCC
12 depends on $(success,test -e $(shell,$(CC) -print-file-name=plugin)/include/plugin-version.h)
13 default y
14 help
15 GCC plugins are loadable modules that provide extra features to the
16 compiler. They are useful for runtime instrumentation and static analysis.
17
18 See Documentation/kbuild/gcc-plugins.rst for details.
19
20if GCC_PLUGINS
21
22config GCC_PLUGIN_SANCOV
23 bool
24 # Plugin can be removed once the kernel only supports GCC 6+
25 depends on !CC_HAS_SANCOV_TRACE_PC
26 help
27 This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
28 basic blocks. It supports all gcc versions with plugin support (from
29 gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
30 by Dmitry Vyukov <dvyukov@google.com>.
31
32config GCC_PLUGIN_LATENT_ENTROPY
33 bool "Generate some entropy during boot and runtime"
34 help
35 By saying Y here the kernel will instrument some kernel code to
36 extract some entropy from both original and artificially created
37 program state. This will help especially embedded systems where
38 there is little 'natural' source of entropy normally. The cost
39 is some slowdown of the boot process (about 0.5%) and fork and
40 irq processing.
41
42 Note that entropy extracted this way is not cryptographically
43 secure!
44
45 This plugin was ported from grsecurity/PaX. More information at:
46 * https://grsecurity.net/
47 * https://pax.grsecurity.net/
48
49config GCC_PLUGIN_ARM_SSP_PER_TASK
50 bool
51 depends on GCC_PLUGINS && ARM
52
53endif
1# SPDX-License-Identifier: GPL-2.0-only
2config HAVE_GCC_PLUGINS
3 bool
4 help
5 An arch should select this symbol if it supports building with
6 GCC plugins.
7
8menuconfig GCC_PLUGINS
9 bool "GCC plugins"
10 depends on HAVE_GCC_PLUGINS
11 depends on CC_IS_GCC
12 depends on $(success,$(srctree)/scripts/gcc-plugin.sh $(CC))
13 default y
14 help
15 GCC plugins are loadable modules that provide extra features to the
16 compiler. They are useful for runtime instrumentation and static analysis.
17
18 See Documentation/kbuild/gcc-plugins.rst for details.
19
20if GCC_PLUGINS
21
22config GCC_PLUGIN_CYC_COMPLEXITY
23 bool "Compute the cyclomatic complexity of a function" if EXPERT
24 depends on !COMPILE_TEST # too noisy
25 help
26 The complexity M of a function's control flow graph is defined as:
27 M = E - N + 2P
28 where
29
30 E = the number of edges
31 N = the number of nodes
32 P = the number of connected components (exit nodes).
33
34 Enabling this plugin reports the complexity to stderr during the
35 build. It mainly serves as a simple example of how to create a
36 gcc plugin for the kernel.
37
38config GCC_PLUGIN_SANCOV
39 bool
40 help
41 This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
42 basic blocks. It supports all gcc versions with plugin support (from
43 gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
44 by Dmitry Vyukov <dvyukov@google.com>.
45
46config GCC_PLUGIN_LATENT_ENTROPY
47 bool "Generate some entropy during boot and runtime"
48 help
49 By saying Y here the kernel will instrument some kernel code to
50 extract some entropy from both original and artificially created
51 program state. This will help especially embedded systems where
52 there is little 'natural' source of entropy normally. The cost
53 is some slowdown of the boot process (about 0.5%) and fork and
54 irq processing.
55
56 Note that entropy extracted this way is not cryptographically
57 secure!
58
59 This plugin was ported from grsecurity/PaX. More information at:
60 * https://grsecurity.net/
61 * https://pax.grsecurity.net/
62
63config GCC_PLUGIN_RANDSTRUCT
64 bool "Randomize layout of sensitive kernel structures"
65 select MODVERSIONS if MODULES
66 help
67 If you say Y here, the layouts of structures that are entirely
68 function pointers (and have not been manually annotated with
69 __no_randomize_layout), or structures that have been explicitly
70 marked with __randomize_layout, will be randomized at compile-time.
71 This can introduce the requirement of an additional information
72 exposure vulnerability for exploits targeting these structure
73 types.
74
75 Enabling this feature will introduce some performance impact,
76 slightly increase memory usage, and prevent the use of forensic
77 tools like Volatility against the system (unless the kernel
78 source tree isn't cleaned after kernel installation).
79
80 The seed used for compilation is located at
81 scripts/gcc-plugins/randomize_layout_seed.h. It remains after
82 a make clean to allow for external modules to be compiled with
83 the existing seed and will be removed by a make mrproper or
84 make distclean.
85
86 Note that the implementation requires gcc 4.7 or newer.
87
88 This plugin was ported from grsecurity/PaX. More information at:
89 * https://grsecurity.net/
90 * https://pax.grsecurity.net/
91
92config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
93 bool "Use cacheline-aware structure randomization"
94 depends on GCC_PLUGIN_RANDSTRUCT
95 depends on !COMPILE_TEST # do not reduce test coverage
96 help
97 If you say Y here, the RANDSTRUCT randomization will make a
98 best effort at restricting randomization to cacheline-sized
99 groups of elements. It will further not randomize bitfields
100 in structures. This reduces the performance hit of RANDSTRUCT
101 at the cost of weakened randomization.
102
103config GCC_PLUGIN_ARM_SSP_PER_TASK
104 bool
105 depends on GCC_PLUGINS && ARM
106
107endif