diff options
author | Masahiro Yamada <yamada.masahiro@socionext.com> | 2018-07-05 02:24:12 -0400 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2018-07-24 19:11:07 -0400 |
commit | 45332b1bdfdc8d63ae4a9d32cbb10e11bc20baab (patch) | |
tree | ad1a1512e4156cfe292434ce3261c8f11d423459 | |
parent | c17d6179ad5aec2a6ef85f8555454e9cefd4b9fb (diff) |
gcc-plugins: split out Kconfig entries to scripts/gcc-plugins/Kconfig
Collect relevant code into the scripts/gcc-plugins directory.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
-rw-r--r-- | arch/Kconfig | 146 | ||||
-rw-r--r-- | scripts/gcc-plugins/Kconfig | 142 |
2 files changed, 144 insertions, 144 deletions
diff --git a/arch/Kconfig b/arch/Kconfig index 1aa59063f1fd..b6d17877190f 100644 --- a/arch/Kconfig +++ b/arch/Kconfig | |||
@@ -405,150 +405,6 @@ config SECCOMP_FILTER | |||
405 | 405 | ||
406 | See Documentation/userspace-api/seccomp_filter.rst for details. | 406 | See Documentation/userspace-api/seccomp_filter.rst for details. |
407 | 407 | ||
408 | preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC)) | ||
409 | |||
410 | config PLUGIN_HOSTCC | ||
411 | string | ||
412 | default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" | ||
413 | help | ||
414 | Host compiler used to build GCC plugins. This can be $(HOSTCXX), | ||
415 | $(HOSTCC), or a null string if GCC plugin is unsupported. | ||
416 | |||
417 | config HAVE_GCC_PLUGINS | ||
418 | bool | ||
419 | help | ||
420 | An arch should select this symbol if it supports building with | ||
421 | GCC plugins. | ||
422 | |||
423 | menuconfig GCC_PLUGINS | ||
424 | bool "GCC plugins" | ||
425 | depends on HAVE_GCC_PLUGINS | ||
426 | depends on PLUGIN_HOSTCC != "" | ||
427 | help | ||
428 | GCC plugins are loadable modules that provide extra features to the | ||
429 | compiler. They are useful for runtime instrumentation and static analysis. | ||
430 | |||
431 | See Documentation/gcc-plugins.txt for details. | ||
432 | |||
433 | config GCC_PLUGIN_CYC_COMPLEXITY | ||
434 | bool "Compute the cyclomatic complexity of a function" if EXPERT | ||
435 | depends on GCC_PLUGINS | ||
436 | depends on !COMPILE_TEST # too noisy | ||
437 | help | ||
438 | The complexity M of a function's control flow graph is defined as: | ||
439 | M = E - N + 2P | ||
440 | where | ||
441 | |||
442 | E = the number of edges | ||
443 | N = the number of nodes | ||
444 | P = the number of connected components (exit nodes). | ||
445 | |||
446 | Enabling this plugin reports the complexity to stderr during the | ||
447 | build. It mainly serves as a simple example of how to create a | ||
448 | gcc plugin for the kernel. | ||
449 | |||
450 | config GCC_PLUGIN_SANCOV | ||
451 | bool | ||
452 | depends on GCC_PLUGINS | ||
453 | help | ||
454 | This plugin inserts a __sanitizer_cov_trace_pc() call at the start of | ||
455 | basic blocks. It supports all gcc versions with plugin support (from | ||
456 | gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" | ||
457 | by Dmitry Vyukov <dvyukov@google.com>. | ||
458 | |||
459 | config GCC_PLUGIN_LATENT_ENTROPY | ||
460 | bool "Generate some entropy during boot and runtime" | ||
461 | depends on GCC_PLUGINS | ||
462 | help | ||
463 | By saying Y here the kernel will instrument some kernel code to | ||
464 | extract some entropy from both original and artificially created | ||
465 | program state. This will help especially embedded systems where | ||
466 | there is little 'natural' source of entropy normally. The cost | ||
467 | is some slowdown of the boot process (about 0.5%) and fork and | ||
468 | irq processing. | ||
469 | |||
470 | Note that entropy extracted this way is not cryptographically | ||
471 | secure! | ||
472 | |||
473 | This plugin was ported from grsecurity/PaX. More information at: | ||
474 | * https://grsecurity.net/ | ||
475 | * https://pax.grsecurity.net/ | ||
476 | |||
477 | config GCC_PLUGIN_STRUCTLEAK | ||
478 | bool "Force initialization of variables containing userspace addresses" | ||
479 | depends on GCC_PLUGINS | ||
480 | # Currently STRUCTLEAK inserts initialization out of live scope of | ||
481 | # variables from KASAN point of view. This leads to KASAN false | ||
482 | # positive reports. Prohibit this combination for now. | ||
483 | depends on !KASAN_EXTRA | ||
484 | help | ||
485 | This plugin zero-initializes any structures containing a | ||
486 | __user attribute. This can prevent some classes of information | ||
487 | exposures. | ||
488 | |||
489 | This plugin was ported from grsecurity/PaX. More information at: | ||
490 | * https://grsecurity.net/ | ||
491 | * https://pax.grsecurity.net/ | ||
492 | |||
493 | config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL | ||
494 | bool "Force initialize all struct type variables passed by reference" | ||
495 | depends on GCC_PLUGIN_STRUCTLEAK | ||
496 | depends on !COMPILE_TEST | ||
497 | help | ||
498 | Zero initialize any struct type local variable that may be passed by | ||
499 | reference without having been initialized. | ||
500 | |||
501 | config GCC_PLUGIN_STRUCTLEAK_VERBOSE | ||
502 | bool "Report forcefully initialized variables" | ||
503 | depends on GCC_PLUGIN_STRUCTLEAK | ||
504 | depends on !COMPILE_TEST # too noisy | ||
505 | help | ||
506 | This option will cause a warning to be printed each time the | ||
507 | structleak plugin finds a variable it thinks needs to be | ||
508 | initialized. Since not all existing initializers are detected | ||
509 | by the plugin, this can produce false positive warnings. | ||
510 | |||
511 | config GCC_PLUGIN_RANDSTRUCT | ||
512 | bool "Randomize layout of sensitive kernel structures" | ||
513 | depends on GCC_PLUGINS | ||
514 | select MODVERSIONS if MODULES | ||
515 | help | ||
516 | If you say Y here, the layouts of structures that are entirely | ||
517 | function pointers (and have not been manually annotated with | ||
518 | __no_randomize_layout), or structures that have been explicitly | ||
519 | marked with __randomize_layout, will be randomized at compile-time. | ||
520 | This can introduce the requirement of an additional information | ||
521 | exposure vulnerability for exploits targeting these structure | ||
522 | types. | ||
523 | |||
524 | Enabling this feature will introduce some performance impact, | ||
525 | slightly increase memory usage, and prevent the use of forensic | ||
526 | tools like Volatility against the system (unless the kernel | ||
527 | source tree isn't cleaned after kernel installation). | ||
528 | |||
529 | The seed used for compilation is located at | ||
530 | scripts/gcc-plgins/randomize_layout_seed.h. It remains after | ||
531 | a make clean to allow for external modules to be compiled with | ||
532 | the existing seed and will be removed by a make mrproper or | ||
533 | make distclean. | ||
534 | |||
535 | Note that the implementation requires gcc 4.7 or newer. | ||
536 | |||
537 | This plugin was ported from grsecurity/PaX. More information at: | ||
538 | * https://grsecurity.net/ | ||
539 | * https://pax.grsecurity.net/ | ||
540 | |||
541 | config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE | ||
542 | bool "Use cacheline-aware structure randomization" | ||
543 | depends on GCC_PLUGIN_RANDSTRUCT | ||
544 | depends on !COMPILE_TEST # do not reduce test coverage | ||
545 | help | ||
546 | If you say Y here, the RANDSTRUCT randomization will make a | ||
547 | best effort at restricting randomization to cacheline-sized | ||
548 | groups of elements. It will further not randomize bitfields | ||
549 | in structures. This reduces the performance hit of RANDSTRUCT | ||
550 | at the cost of weakened randomization. | ||
551 | |||
552 | config HAVE_STACKPROTECTOR | 408 | config HAVE_STACKPROTECTOR |
553 | bool | 409 | bool |
554 | help | 410 | help |
@@ -972,3 +828,5 @@ config REFCOUNT_FULL | |||
972 | security flaw exploits. | 828 | security flaw exploits. |
973 | 829 | ||
974 | source "kernel/gcov/Kconfig" | 830 | source "kernel/gcov/Kconfig" |
831 | |||
832 | source "scripts/gcc-plugins/Kconfig" | ||
diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig new file mode 100644 index 000000000000..7430a7c77a4a --- /dev/null +++ b/scripts/gcc-plugins/Kconfig | |||
@@ -0,0 +1,142 @@ | |||
1 | preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC)) | ||
2 | |||
3 | config PLUGIN_HOSTCC | ||
4 | string | ||
5 | default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" | ||
6 | help | ||
7 | Host compiler used to build GCC plugins. This can be $(HOSTCXX), | ||
8 | $(HOSTCC), or a null string if GCC plugin is unsupported. | ||
9 | |||
10 | config HAVE_GCC_PLUGINS | ||
11 | bool | ||
12 | help | ||
13 | An arch should select this symbol if it supports building with | ||
14 | GCC plugins. | ||
15 | |||
16 | menuconfig GCC_PLUGINS | ||
17 | bool "GCC plugins" | ||
18 | depends on HAVE_GCC_PLUGINS | ||
19 | depends on PLUGIN_HOSTCC != "" | ||
20 | help | ||
21 | GCC plugins are loadable modules that provide extra features to the | ||
22 | compiler. They are useful for runtime instrumentation and static analysis. | ||
23 | |||
24 | See Documentation/gcc-plugins.txt for details. | ||
25 | |||
26 | if GCC_PLUGINS | ||
27 | |||
28 | config GCC_PLUGIN_CYC_COMPLEXITY | ||
29 | bool "Compute the cyclomatic complexity of a function" if EXPERT | ||
30 | depends on !COMPILE_TEST # too noisy | ||
31 | help | ||
32 | The complexity M of a function's control flow graph is defined as: | ||
33 | M = E - N + 2P | ||
34 | where | ||
35 | |||
36 | E = the number of edges | ||
37 | N = the number of nodes | ||
38 | P = the number of connected components (exit nodes). | ||
39 | |||
40 | Enabling this plugin reports the complexity to stderr during the | ||
41 | build. It mainly serves as a simple example of how to create a | ||
42 | gcc plugin for the kernel. | ||
43 | |||
44 | config GCC_PLUGIN_SANCOV | ||
45 | bool | ||
46 | help | ||
47 | This plugin inserts a __sanitizer_cov_trace_pc() call at the start of | ||
48 | basic blocks. It supports all gcc versions with plugin support (from | ||
49 | gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" | ||
50 | by Dmitry Vyukov <dvyukov@google.com>. | ||
51 | |||
52 | config GCC_PLUGIN_LATENT_ENTROPY | ||
53 | bool "Generate some entropy during boot and runtime" | ||
54 | help | ||
55 | By saying Y here the kernel will instrument some kernel code to | ||
56 | extract some entropy from both original and artificially created | ||
57 | program state. This will help especially embedded systems where | ||
58 | there is little 'natural' source of entropy normally. The cost | ||
59 | is some slowdown of the boot process (about 0.5%) and fork and | ||
60 | irq processing. | ||
61 | |||
62 | Note that entropy extracted this way is not cryptographically | ||
63 | secure! | ||
64 | |||
65 | This plugin was ported from grsecurity/PaX. More information at: | ||
66 | * https://grsecurity.net/ | ||
67 | * https://pax.grsecurity.net/ | ||
68 | |||
69 | config GCC_PLUGIN_STRUCTLEAK | ||
70 | bool "Force initialization of variables containing userspace addresses" | ||
71 | # Currently STRUCTLEAK inserts initialization out of live scope of | ||
72 | # variables from KASAN point of view. This leads to KASAN false | ||
73 | # positive reports. Prohibit this combination for now. | ||
74 | depends on !KASAN_EXTRA | ||
75 | help | ||
76 | This plugin zero-initializes any structures containing a | ||
77 | __user attribute. This can prevent some classes of information | ||
78 | exposures. | ||
79 | |||
80 | This plugin was ported from grsecurity/PaX. More information at: | ||
81 | * https://grsecurity.net/ | ||
82 | * https://pax.grsecurity.net/ | ||
83 | |||
84 | config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL | ||
85 | bool "Force initialize all struct type variables passed by reference" | ||
86 | depends on GCC_PLUGIN_STRUCTLEAK | ||
87 | depends on !COMPILE_TEST | ||
88 | help | ||
89 | Zero initialize any struct type local variable that may be passed by | ||
90 | reference without having been initialized. | ||
91 | |||
92 | config GCC_PLUGIN_STRUCTLEAK_VERBOSE | ||
93 | bool "Report forcefully initialized variables" | ||
94 | depends on GCC_PLUGIN_STRUCTLEAK | ||
95 | depends on !COMPILE_TEST # too noisy | ||
96 | help | ||
97 | This option will cause a warning to be printed each time the | ||
98 | structleak plugin finds a variable it thinks needs to be | ||
99 | initialized. Since not all existing initializers are detected | ||
100 | by the plugin, this can produce false positive warnings. | ||
101 | |||
102 | config GCC_PLUGIN_RANDSTRUCT | ||
103 | bool "Randomize layout of sensitive kernel structures" | ||
104 | select MODVERSIONS if MODULES | ||
105 | help | ||
106 | If you say Y here, the layouts of structures that are entirely | ||
107 | function pointers (and have not been manually annotated with | ||
108 | __no_randomize_layout), or structures that have been explicitly | ||
109 | marked with __randomize_layout, will be randomized at compile-time. | ||
110 | This can introduce the requirement of an additional information | ||
111 | exposure vulnerability for exploits targeting these structure | ||
112 | types. | ||
113 | |||
114 | Enabling this feature will introduce some performance impact, | ||
115 | slightly increase memory usage, and prevent the use of forensic | ||
116 | tools like Volatility against the system (unless the kernel | ||
117 | source tree isn't cleaned after kernel installation). | ||
118 | |||
119 | The seed used for compilation is located at | ||
120 | scripts/gcc-plgins/randomize_layout_seed.h. It remains after | ||
121 | a make clean to allow for external modules to be compiled with | ||
122 | the existing seed and will be removed by a make mrproper or | ||
123 | make distclean. | ||
124 | |||
125 | Note that the implementation requires gcc 4.7 or newer. | ||
126 | |||
127 | This plugin was ported from grsecurity/PaX. More information at: | ||
128 | * https://grsecurity.net/ | ||
129 | * https://pax.grsecurity.net/ | ||
130 | |||
131 | config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE | ||
132 | bool "Use cacheline-aware structure randomization" | ||
133 | depends on GCC_PLUGIN_RANDSTRUCT | ||
134 | depends on !COMPILE_TEST # do not reduce test coverage | ||
135 | help | ||
136 | If you say Y here, the RANDSTRUCT randomization will make a | ||
137 | best effort at restricting randomization to cacheline-sized | ||
138 | groups of elements. It will further not randomize bitfields | ||
139 | in structures. This reduces the performance hit of RANDSTRUCT | ||
140 | at the cost of weakened randomization. | ||
141 | |||
142 | endif | ||