| xj | b04a402 | 2021-11-25 15:01:52 +0800 | [diff] [blame] | 1 | preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC)) | 
|  | 2 |  | 
|  | 3 | config PLUGIN_HOSTCC | 
|  | 4 | string | 
|  | 5 | default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC | 
|  | 6 | help | 
|  | 7 | Host compiler used to build GCC plugins.  This can be $(HOSTCXX), | 
|  | 8 | $(HOSTCC), or a null string if GCC plugin is unsupported. | 
|  | 9 |  | 
|  | 10 | config HAVE_GCC_PLUGINS | 
|  | 11 | bool | 
|  | 12 | help | 
|  | 13 | An arch should select this symbol if it supports building with | 
|  | 14 | GCC plugins. | 
|  | 15 |  | 
|  | 16 | config GCC_PLUGINS | 
|  | 17 | bool | 
|  | 18 | depends on HAVE_GCC_PLUGINS | 
|  | 19 | depends on PLUGIN_HOSTCC != "" | 
|  | 20 | default y | 
|  | 21 | help | 
|  | 22 | GCC plugins are loadable modules that provide extra features to the | 
|  | 23 | compiler. They are useful for runtime instrumentation and static analysis. | 
|  | 24 |  | 
|  | 25 | See Documentation/gcc-plugins.txt for details. | 
|  | 26 |  | 
|  | 27 | menu "GCC plugins" | 
|  | 28 | depends on GCC_PLUGINS | 
|  | 29 |  | 
|  | 30 | config GCC_PLUGIN_CYC_COMPLEXITY | 
|  | 31 | bool "Compute the cyclomatic complexity of a function" if EXPERT | 
|  | 32 | depends on !COMPILE_TEST	# too noisy | 
|  | 33 | help | 
|  | 34 | The complexity M of a function's control flow graph is defined as: | 
|  | 35 | M = E - N + 2P | 
|  | 36 | where | 
|  | 37 |  | 
|  | 38 | E = the number of edges | 
|  | 39 | N = the number of nodes | 
|  | 40 | P = the number of connected components (exit nodes). | 
|  | 41 |  | 
|  | 42 | Enabling this plugin reports the complexity to stderr during the | 
|  | 43 | build. It mainly serves as a simple example of how to create a | 
|  | 44 | gcc plugin for the kernel. | 
|  | 45 |  | 
|  | 46 | config GCC_PLUGIN_SANCOV | 
|  | 47 | bool | 
|  | 48 | help | 
|  | 49 | This plugin inserts a __sanitizer_cov_trace_pc() call at the start of | 
|  | 50 | basic blocks. It supports all gcc versions with plugin support (from | 
|  | 51 | gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" | 
|  | 52 | by Dmitry Vyukov <dvyukov@google.com>. | 
|  | 53 |  | 
|  | 54 | config GCC_PLUGIN_LATENT_ENTROPY | 
|  | 55 | bool "Generate some entropy during boot and runtime" | 
|  | 56 | help | 
|  | 57 | By saying Y here the kernel will instrument some kernel code to | 
|  | 58 | extract some entropy from both original and artificially created | 
|  | 59 | program state.  This will help especially embedded systems where | 
|  | 60 | there is little 'natural' source of entropy normally.  The cost | 
|  | 61 | is some slowdown of the boot process (about 0.5%) and fork and | 
|  | 62 | irq processing. | 
|  | 63 |  | 
|  | 64 | Note that entropy extracted this way is not cryptographically | 
|  | 65 | secure! | 
|  | 66 |  | 
|  | 67 | This plugin was ported from grsecurity/PaX. More information at: | 
|  | 68 | * https://grsecurity.net/ | 
|  | 69 | * https://pax.grsecurity.net/ | 
|  | 70 |  | 
|  | 71 | config GCC_PLUGIN_RANDSTRUCT | 
|  | 72 | bool "Randomize layout of sensitive kernel structures" | 
|  | 73 | select MODVERSIONS if MODULES | 
|  | 74 | help | 
|  | 75 | If you say Y here, the layouts of structures that are entirely | 
|  | 76 | function pointers (and have not been manually annotated with | 
|  | 77 | __no_randomize_layout), or structures that have been explicitly | 
|  | 78 | marked with __randomize_layout, will be randomized at compile-time. | 
|  | 79 | This can introduce the requirement of an additional information | 
|  | 80 | exposure vulnerability for exploits targeting these structure | 
|  | 81 | types. | 
|  | 82 |  | 
|  | 83 | Enabling this feature will introduce some performance impact, | 
|  | 84 | slightly increase memory usage, and prevent the use of forensic | 
|  | 85 | tools like Volatility against the system (unless the kernel | 
|  | 86 | source tree isn't cleaned after kernel installation). | 
|  | 87 |  | 
|  | 88 | The seed used for compilation is located at | 
|  | 89 | scripts/gcc-plgins/randomize_layout_seed.h.  It remains after | 
|  | 90 | a make clean to allow for external modules to be compiled with | 
|  | 91 | the existing seed and will be removed by a make mrproper or | 
|  | 92 | make distclean. | 
|  | 93 |  | 
|  | 94 | Note that the implementation requires gcc 4.7 or newer. | 
|  | 95 |  | 
|  | 96 | This plugin was ported from grsecurity/PaX. More information at: | 
|  | 97 | * https://grsecurity.net/ | 
|  | 98 | * https://pax.grsecurity.net/ | 
|  | 99 |  | 
|  | 100 | config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE | 
|  | 101 | bool "Use cacheline-aware structure randomization" | 
|  | 102 | depends on GCC_PLUGIN_RANDSTRUCT | 
|  | 103 | depends on !COMPILE_TEST	# do not reduce test coverage | 
|  | 104 | help | 
|  | 105 | If you say Y here, the RANDSTRUCT randomization will make a | 
|  | 106 | best effort at restricting randomization to cacheline-sized | 
|  | 107 | groups of elements.  It will further not randomize bitfields | 
|  | 108 | in structures.  This reduces the performance hit of RANDSTRUCT | 
|  | 109 | at the cost of weakened randomization. | 
|  | 110 |  | 
|  | 111 | endmenu |