Merge tag 'powerpc-5.1-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

[linux.git] / scripts / gcc-plugins / Kconfig

preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC))

config PLUGIN_HOSTCC
        string
        default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC
        help
          Host compiler used to build GCC plugins.  This can be $(HOSTCXX),
          $(HOSTCC), or a null string if GCC plugin is unsupported.

config HAVE_GCC_PLUGINS
        bool
        help
          An arch should select this symbol if it supports building with
          GCC plugins.

menuconfig GCC_PLUGINS
        bool "GCC plugins"
        depends on HAVE_GCC_PLUGINS
        depends on PLUGIN_HOSTCC != ""
        help
          GCC plugins are loadable modules that provide extra features to the
          compiler. They are useful for runtime instrumentation and static analysis.

          See Documentation/gcc-plugins.txt for details.

if GCC_PLUGINS

config GCC_PLUGIN_CYC_COMPLEXITY
        bool "Compute the cyclomatic complexity of a function" if EXPERT
        depends on !COMPILE_TEST        # too noisy
        help
          The complexity M of a function's control flow graph is defined as:
           M = E - N + 2P
          where

          E = the number of edges
          N = the number of nodes
          P = the number of connected components (exit nodes).

          Enabling this plugin reports the complexity to stderr during the
          build. It mainly serves as a simple example of how to create a
          gcc plugin for the kernel.

config GCC_PLUGIN_SANCOV
        bool
        help
          This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
          basic blocks. It supports all gcc versions with plugin support (from
          gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
          by Dmitry Vyukov <dvyukov@google.com>.

config GCC_PLUGIN_LATENT_ENTROPY
        bool "Generate some entropy during boot and runtime"
        help
          By saying Y here the kernel will instrument some kernel code to
          extract some entropy from both original and artificially created
          program state.  This will help especially embedded systems where
          there is little 'natural' source of entropy normally.  The cost
          is some slowdown of the boot process (about 0.5%) and fork and
          irq processing.

          Note that entropy extracted this way is not cryptographically
          secure!

          This plugin was ported from grsecurity/PaX. More information at:
           * https://grsecurity.net/
           * https://pax.grsecurity.net/

config GCC_PLUGIN_STRUCTLEAK
        bool "Zero initialize stack variables"
        help
          While the kernel is built with warnings enabled for any missed
          stack variable initializations, this warning is silenced for
          anything passed by reference to another function, under the
          occasionally misguided assumption that the function will do
          the initialization. As this regularly leads to exploitable
          flaws, this plugin is available to identify and zero-initialize
          such variables, depending on the chosen level of coverage.

          This plugin was originally ported from grsecurity/PaX. More
          information at:
           * https://grsecurity.net/
           * https://pax.grsecurity.net/

choice
        prompt "Coverage"
        depends on GCC_PLUGIN_STRUCTLEAK
        default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
        help
          This chooses the level of coverage over classes of potentially
          uninitialized variables. The selected class will be
          zero-initialized before use.

        config GCC_PLUGIN_STRUCTLEAK_USER
                bool "structs marked for userspace"
                help
                  Zero-initialize any structures on the stack containing
                  a __user attribute. This can prevent some classes of
                  uninitialized stack variable exploits and information
                  exposures, like CVE-2013-2141:
                  https://git.kernel.org/linus/b9e146d8eb3b9eca

        config GCC_PLUGIN_STRUCTLEAK_BYREF
                bool "structs passed by reference"
                help
                  Zero-initialize any structures on the stack that may
                  be passed by reference and had not already been
                  explicitly initialized. This can prevent most classes
                  of uninitialized stack variable exploits and information
                  exposures, like CVE-2017-1000410:
                  https://git.kernel.org/linus/06e7e776ca4d3654

        config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
                bool "anything passed by reference"
                help
                  Zero-initialize any stack variables that may be passed
                  by reference and had not already been explicitly
                  initialized. This is intended to eliminate all classes
                  of uninitialized stack variable exploits and information
                  exposures.

endchoice

config GCC_PLUGIN_STRUCTLEAK_VERBOSE
        bool "Report forcefully initialized variables"
        depends on GCC_PLUGIN_STRUCTLEAK
        depends on !COMPILE_TEST        # too noisy
        help
          This option will cause a warning to be printed each time the
          structleak plugin finds a variable it thinks needs to be
          initialized. Since not all existing initializers are detected
          by the plugin, this can produce false positive warnings.

config GCC_PLUGIN_RANDSTRUCT
        bool "Randomize layout of sensitive kernel structures"
        select MODVERSIONS if MODULES
        help
          If you say Y here, the layouts of structures that are entirely
          function pointers (and have not been manually annotated with
          __no_randomize_layout), or structures that have been explicitly
          marked with __randomize_layout, will be randomized at compile-time.
          This can introduce the requirement of an additional information
          exposure vulnerability for exploits targeting these structure
          types.

          Enabling this feature will introduce some performance impact,
          slightly increase memory usage, and prevent the use of forensic
          tools like Volatility against the system (unless the kernel
          source tree isn't cleaned after kernel installation).

          The seed used for compilation is located at
          scripts/gcc-plgins/randomize_layout_seed.h.  It remains after
          a make clean to allow for external modules to be compiled with
          the existing seed and will be removed by a make mrproper or
          make distclean.

          Note that the implementation requires gcc 4.7 or newer.

          This plugin was ported from grsecurity/PaX. More information at:
           * https://grsecurity.net/
           * https://pax.grsecurity.net/

config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
        bool "Use cacheline-aware structure randomization"
        depends on GCC_PLUGIN_RANDSTRUCT
        depends on !COMPILE_TEST        # do not reduce test coverage
        help
          If you say Y here, the RANDSTRUCT randomization will make a
          best effort at restricting randomization to cacheline-sized
          groups of elements.  It will further not randomize bitfields
          in structures.  This reduces the performance hit of RANDSTRUCT
          at the cost of weakened randomization.

config GCC_PLUGIN_STACKLEAK
        bool "Erase the kernel stack before returning from syscalls"
        depends on GCC_PLUGINS
        depends on HAVE_ARCH_STACKLEAK
        help
          This option makes the kernel erase the kernel stack before
          returning from system calls. That reduces the information which
          kernel stack leak bugs can reveal and blocks some uninitialized
          stack variable attacks.

          The tradeoff is the performance impact: on a single CPU system kernel
          compilation sees a 1% slowdown, other systems and workloads may vary
          and you are advised to test this feature on your expected workload
          before deploying it.

          This plugin was ported from grsecurity/PaX. More information at:
           * https://grsecurity.net/
           * https://pax.grsecurity.net/

config STACKLEAK_TRACK_MIN_SIZE
        int "Minimum stack frame size of functions tracked by STACKLEAK"
        default 100
        range 0 4096
        depends on GCC_PLUGIN_STACKLEAK
        help
          The STACKLEAK gcc plugin instruments the kernel code for tracking
          the lowest border of the kernel stack (and for some other purposes).
          It inserts the stackleak_track_stack() call for the functions with
          a stack frame size greater than or equal to this parameter.
          If unsure, leave the default value 100.

config STACKLEAK_METRICS
        bool "Show STACKLEAK metrics in the /proc file system"
        depends on GCC_PLUGIN_STACKLEAK
        depends on PROC_FS
        help
          If this is set, STACKLEAK metrics for every task are available in
          the /proc file system. In particular, /proc/<pid>/stack_depth
          shows the maximum kernel stack consumption for the current and
          previous syscalls. Although this information is not precise, it
          can be useful for estimating the STACKLEAK performance impact for
          your workloads.

config STACKLEAK_RUNTIME_DISABLE
        bool "Allow runtime disabling of kernel stack erasing"
        depends on GCC_PLUGIN_STACKLEAK
        help
          This option provides 'stack_erasing' sysctl, which can be used in
          runtime to control kernel stack erasing for kernels built with
          CONFIG_GCC_PLUGIN_STACKLEAK.

config GCC_PLUGIN_ARM_SSP_PER_TASK
        bool
        depends on GCC_PLUGINS && ARM

endif