aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMasahiro Yamada <yamada.masahiro@socionext.com>2018-07-05 02:24:12 -0400
committerKees Cook <keescook@chromium.org>2018-07-24 19:11:07 -0400
commit45332b1bdfdc8d63ae4a9d32cbb10e11bc20baab (patch)
treead1a1512e4156cfe292434ce3261c8f11d423459
parentc17d6179ad5aec2a6ef85f8555454e9cefd4b9fb (diff)
gcc-plugins: split out Kconfig entries to scripts/gcc-plugins/Kconfig
Collect relevant code into the scripts/gcc-plugins directory. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Signed-off-by: Kees Cook <keescook@chromium.org>
-rw-r--r--arch/Kconfig146
-rw-r--r--scripts/gcc-plugins/Kconfig142
2 files changed, 144 insertions, 144 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index 1aa59063f1fd..b6d17877190f 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -405,150 +405,6 @@ config SECCOMP_FILTER
405 405
406 See Documentation/userspace-api/seccomp_filter.rst for details. 406 See Documentation/userspace-api/seccomp_filter.rst for details.
407 407
408preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC))
409
410config PLUGIN_HOSTCC
411 string
412 default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")"
413 help
414 Host compiler used to build GCC plugins. This can be $(HOSTCXX),
415 $(HOSTCC), or a null string if GCC plugin is unsupported.
416
417config HAVE_GCC_PLUGINS
418 bool
419 help
420 An arch should select this symbol if it supports building with
421 GCC plugins.
422
423menuconfig GCC_PLUGINS
424 bool "GCC plugins"
425 depends on HAVE_GCC_PLUGINS
426 depends on PLUGIN_HOSTCC != ""
427 help
428 GCC plugins are loadable modules that provide extra features to the
429 compiler. They are useful for runtime instrumentation and static analysis.
430
431 See Documentation/gcc-plugins.txt for details.
432
433config GCC_PLUGIN_CYC_COMPLEXITY
434 bool "Compute the cyclomatic complexity of a function" if EXPERT
435 depends on GCC_PLUGINS
436 depends on !COMPILE_TEST # too noisy
437 help
438 The complexity M of a function's control flow graph is defined as:
439 M = E - N + 2P
440 where
441
442 E = the number of edges
443 N = the number of nodes
444 P = the number of connected components (exit nodes).
445
446 Enabling this plugin reports the complexity to stderr during the
447 build. It mainly serves as a simple example of how to create a
448 gcc plugin for the kernel.
449
450config GCC_PLUGIN_SANCOV
451 bool
452 depends on GCC_PLUGINS
453 help
454 This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
455 basic blocks. It supports all gcc versions with plugin support (from
456 gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
457 by Dmitry Vyukov <dvyukov@google.com>.
458
459config GCC_PLUGIN_LATENT_ENTROPY
460 bool "Generate some entropy during boot and runtime"
461 depends on GCC_PLUGINS
462 help
463 By saying Y here the kernel will instrument some kernel code to
464 extract some entropy from both original and artificially created
465 program state. This will help especially embedded systems where
466 there is little 'natural' source of entropy normally. The cost
467 is some slowdown of the boot process (about 0.5%) and fork and
468 irq processing.
469
470 Note that entropy extracted this way is not cryptographically
471 secure!
472
473 This plugin was ported from grsecurity/PaX. More information at:
474 * https://grsecurity.net/
475 * https://pax.grsecurity.net/
476
477config GCC_PLUGIN_STRUCTLEAK
478 bool "Force initialization of variables containing userspace addresses"
479 depends on GCC_PLUGINS
480 # Currently STRUCTLEAK inserts initialization out of live scope of
481 # variables from KASAN point of view. This leads to KASAN false
482 # positive reports. Prohibit this combination for now.
483 depends on !KASAN_EXTRA
484 help
485 This plugin zero-initializes any structures containing a
486 __user attribute. This can prevent some classes of information
487 exposures.
488
489 This plugin was ported from grsecurity/PaX. More information at:
490 * https://grsecurity.net/
491 * https://pax.grsecurity.net/
492
493config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
494 bool "Force initialize all struct type variables passed by reference"
495 depends on GCC_PLUGIN_STRUCTLEAK
496 depends on !COMPILE_TEST
497 help
498 Zero initialize any struct type local variable that may be passed by
499 reference without having been initialized.
500
501config GCC_PLUGIN_STRUCTLEAK_VERBOSE
502 bool "Report forcefully initialized variables"
503 depends on GCC_PLUGIN_STRUCTLEAK
504 depends on !COMPILE_TEST # too noisy
505 help
506 This option will cause a warning to be printed each time the
507 structleak plugin finds a variable it thinks needs to be
508 initialized. Since not all existing initializers are detected
509 by the plugin, this can produce false positive warnings.
510
511config GCC_PLUGIN_RANDSTRUCT
512 bool "Randomize layout of sensitive kernel structures"
513 depends on GCC_PLUGINS
514 select MODVERSIONS if MODULES
515 help
516 If you say Y here, the layouts of structures that are entirely
517 function pointers (and have not been manually annotated with
518 __no_randomize_layout), or structures that have been explicitly
519 marked with __randomize_layout, will be randomized at compile-time.
520 This can introduce the requirement of an additional information
521 exposure vulnerability for exploits targeting these structure
522 types.
523
524 Enabling this feature will introduce some performance impact,
525 slightly increase memory usage, and prevent the use of forensic
526 tools like Volatility against the system (unless the kernel
527 source tree isn't cleaned after kernel installation).
528
529 The seed used for compilation is located at
530 scripts/gcc-plgins/randomize_layout_seed.h. It remains after
531 a make clean to allow for external modules to be compiled with
532 the existing seed and will be removed by a make mrproper or
533 make distclean.
534
535 Note that the implementation requires gcc 4.7 or newer.
536
537 This plugin was ported from grsecurity/PaX. More information at:
538 * https://grsecurity.net/
539 * https://pax.grsecurity.net/
540
541config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
542 bool "Use cacheline-aware structure randomization"
543 depends on GCC_PLUGIN_RANDSTRUCT
544 depends on !COMPILE_TEST # do not reduce test coverage
545 help
546 If you say Y here, the RANDSTRUCT randomization will make a
547 best effort at restricting randomization to cacheline-sized
548 groups of elements. It will further not randomize bitfields
549 in structures. This reduces the performance hit of RANDSTRUCT
550 at the cost of weakened randomization.
551
552config HAVE_STACKPROTECTOR 408config HAVE_STACKPROTECTOR
553 bool 409 bool
554 help 410 help
@@ -972,3 +828,5 @@ config REFCOUNT_FULL
972 security flaw exploits. 828 security flaw exploits.
973 829
974source "kernel/gcov/Kconfig" 830source "kernel/gcov/Kconfig"
831
832source "scripts/gcc-plugins/Kconfig"
diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig
new file mode 100644
index 000000000000..7430a7c77a4a
--- /dev/null
+++ b/scripts/gcc-plugins/Kconfig
@@ -0,0 +1,142 @@
1preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC))
2
3config PLUGIN_HOSTCC
4 string
5 default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")"
6 help
7 Host compiler used to build GCC plugins. This can be $(HOSTCXX),
8 $(HOSTCC), or a null string if GCC plugin is unsupported.
9
10config HAVE_GCC_PLUGINS
11 bool
12 help
13 An arch should select this symbol if it supports building with
14 GCC plugins.
15
16menuconfig GCC_PLUGINS
17 bool "GCC plugins"
18 depends on HAVE_GCC_PLUGINS
19 depends on PLUGIN_HOSTCC != ""
20 help
21 GCC plugins are loadable modules that provide extra features to the
22 compiler. They are useful for runtime instrumentation and static analysis.
23
24 See Documentation/gcc-plugins.txt for details.
25
26if GCC_PLUGINS
27
28config GCC_PLUGIN_CYC_COMPLEXITY
29 bool "Compute the cyclomatic complexity of a function" if EXPERT
30 depends on !COMPILE_TEST # too noisy
31 help
32 The complexity M of a function's control flow graph is defined as:
33 M = E - N + 2P
34 where
35
36 E = the number of edges
37 N = the number of nodes
38 P = the number of connected components (exit nodes).
39
40 Enabling this plugin reports the complexity to stderr during the
41 build. It mainly serves as a simple example of how to create a
42 gcc plugin for the kernel.
43
44config GCC_PLUGIN_SANCOV
45 bool
46 help
47 This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
48 basic blocks. It supports all gcc versions with plugin support (from
49 gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
50 by Dmitry Vyukov <dvyukov@google.com>.
51
52config GCC_PLUGIN_LATENT_ENTROPY
53 bool "Generate some entropy during boot and runtime"
54 help
55 By saying Y here the kernel will instrument some kernel code to
56 extract some entropy from both original and artificially created
57 program state. This will help especially embedded systems where
58 there is little 'natural' source of entropy normally. The cost
59 is some slowdown of the boot process (about 0.5%) and fork and
60 irq processing.
61
62 Note that entropy extracted this way is not cryptographically
63 secure!
64
65 This plugin was ported from grsecurity/PaX. More information at:
66 * https://grsecurity.net/
67 * https://pax.grsecurity.net/
68
69config GCC_PLUGIN_STRUCTLEAK
70 bool "Force initialization of variables containing userspace addresses"
71 # Currently STRUCTLEAK inserts initialization out of live scope of
72 # variables from KASAN point of view. This leads to KASAN false
73 # positive reports. Prohibit this combination for now.
74 depends on !KASAN_EXTRA
75 help
76 This plugin zero-initializes any structures containing a
77 __user attribute. This can prevent some classes of information
78 exposures.
79
80 This plugin was ported from grsecurity/PaX. More information at:
81 * https://grsecurity.net/
82 * https://pax.grsecurity.net/
83
84config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
85 bool "Force initialize all struct type variables passed by reference"
86 depends on GCC_PLUGIN_STRUCTLEAK
87 depends on !COMPILE_TEST
88 help
89 Zero initialize any struct type local variable that may be passed by
90 reference without having been initialized.
91
92config GCC_PLUGIN_STRUCTLEAK_VERBOSE
93 bool "Report forcefully initialized variables"
94 depends on GCC_PLUGIN_STRUCTLEAK
95 depends on !COMPILE_TEST # too noisy
96 help
97 This option will cause a warning to be printed each time the
98 structleak plugin finds a variable it thinks needs to be
99 initialized. Since not all existing initializers are detected
100 by the plugin, this can produce false positive warnings.
101
102config GCC_PLUGIN_RANDSTRUCT
103 bool "Randomize layout of sensitive kernel structures"
104 select MODVERSIONS if MODULES
105 help
106 If you say Y here, the layouts of structures that are entirely
107 function pointers (and have not been manually annotated with
108 __no_randomize_layout), or structures that have been explicitly
109 marked with __randomize_layout, will be randomized at compile-time.
110 This can introduce the requirement of an additional information
111 exposure vulnerability for exploits targeting these structure
112 types.
113
114 Enabling this feature will introduce some performance impact,
115 slightly increase memory usage, and prevent the use of forensic
116 tools like Volatility against the system (unless the kernel
117 source tree isn't cleaned after kernel installation).
118
119 The seed used for compilation is located at
120 scripts/gcc-plgins/randomize_layout_seed.h. It remains after
121 a make clean to allow for external modules to be compiled with
122 the existing seed and will be removed by a make mrproper or
123 make distclean.
124
125 Note that the implementation requires gcc 4.7 or newer.
126
127 This plugin was ported from grsecurity/PaX. More information at:
128 * https://grsecurity.net/
129 * https://pax.grsecurity.net/
130
131config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
132 bool "Use cacheline-aware structure randomization"
133 depends on GCC_PLUGIN_RANDSTRUCT
134 depends on !COMPILE_TEST # do not reduce test coverage
135 help
136 If you say Y here, the RANDSTRUCT randomization will make a
137 best effort at restricting randomization to cacheline-sized
138 groups of elements. It will further not randomize bitfields
139 in structures. This reduces the performance hit of RANDSTRUCT
140 at the cost of weakened randomization.
141
142endif