2018-07-05 00:24:12 -06:00
|
|
|
preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC))
|
|
|
|
|
|
|
|
|
|
config PLUGIN_HOSTCC
|
|
|
|
|
string
|
2018-08-23 00:02:31 -06:00
|
|
|
default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC
|
2018-07-05 00:24:12 -06:00
|
|
|
help
|
|
|
|
|
Host compiler used to build GCC plugins. This can be $(HOSTCXX),
|
|
|
|
|
$(HOSTCC), or a null string if GCC plugin is unsupported.
|
|
|
|
|
|
|
|
|
|
config HAVE_GCC_PLUGINS
|
|
|
|
|
bool
|
|
|
|
|
help
|
|
|
|
|
An arch should select this symbol if it supports building with
|
|
|
|
|
GCC plugins.
|
|
|
|
|
|
|
|
|
|
menuconfig GCC_PLUGINS
|
|
|
|
|
bool "GCC plugins"
|
|
|
|
|
depends on HAVE_GCC_PLUGINS
|
|
|
|
|
depends on PLUGIN_HOSTCC != ""
|
|
|
|
|
help
|
|
|
|
|
GCC plugins are loadable modules that provide extra features to the
|
|
|
|
|
compiler. They are useful for runtime instrumentation and static analysis.
|
|
|
|
|
|
|
|
|
|
See Documentation/gcc-plugins.txt for details.
|
|
|
|
|
|
|
|
|
|
if GCC_PLUGINS
|
|
|
|
|
|
|
|
|
|
config GCC_PLUGIN_CYC_COMPLEXITY
|
|
|
|
|
bool "Compute the cyclomatic complexity of a function" if EXPERT
|
|
|
|
|
depends on !COMPILE_TEST # too noisy
|
|
|
|
|
help
|
|
|
|
|
The complexity M of a function's control flow graph is defined as:
|
|
|
|
|
M = E - N + 2P
|
|
|
|
|
where
|
|
|
|
|
|
|
|
|
|
E = the number of edges
|
|
|
|
|
N = the number of nodes
|
|
|
|
|
P = the number of connected components (exit nodes).
|
|
|
|
|
|
|
|
|
|
Enabling this plugin reports the complexity to stderr during the
|
|
|
|
|
build. It mainly serves as a simple example of how to create a
|
|
|
|
|
gcc plugin for the kernel.
|
|
|
|
|
|
|
|
|
|
config GCC_PLUGIN_SANCOV
|
|
|
|
|
bool
|
|
|
|
|
help
|
|
|
|
|
This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
|
|
|
|
|
basic blocks. It supports all gcc versions with plugin support (from
|
|
|
|
|
gcc-4.5 on). It is based on the commit "Add fuzzing coverage support"
|
|
|
|
|
by Dmitry Vyukov <dvyukov@google.com>.
|
|
|
|
|
|
|
|
|
|
config GCC_PLUGIN_LATENT_ENTROPY
|
|
|
|
|
bool "Generate some entropy during boot and runtime"
|
|
|
|
|
help
|
|
|
|
|
By saying Y here the kernel will instrument some kernel code to
|
|
|
|
|
extract some entropy from both original and artificially created
|
|
|
|
|
program state. This will help especially embedded systems where
|
|
|
|
|
there is little 'natural' source of entropy normally. The cost
|
|
|
|
|
is some slowdown of the boot process (about 0.5%) and fork and
|
|
|
|
|
irq processing.
|
|
|
|
|
|
|
|
|
|
Note that entropy extracted this way is not cryptographically
|
|
|
|
|
secure!
|
|
|
|
|
|
|
|
|
|
This plugin was ported from grsecurity/PaX. More information at:
|
|
|
|
|
* https://grsecurity.net/
|
|
|
|
|
* https://pax.grsecurity.net/
|
|
|
|
|
|
|
|
|
|
config GCC_PLUGIN_STRUCTLEAK
|
2019-01-23 16:19:29 -07:00
|
|
|
bool "Zero initialize stack variables"
|
2018-07-05 00:24:12 -06:00
|
|
|
# Currently STRUCTLEAK inserts initialization out of live scope of
|
|
|
|
|
# variables from KASAN point of view. This leads to KASAN false
|
|
|
|
|
# positive reports. Prohibit this combination for now.
|
|
|
|
|
depends on !KASAN_EXTRA
|
|
|
|
|
help
|
2019-01-23 16:19:29 -07:00
|
|
|
While the kernel is built with warnings enabled for any missed
|
|
|
|
|
stack variable initializations, this warning is silenced for
|
|
|
|
|
anything passed by reference to another function, under the
|
|
|
|
|
occasionally misguided assumption that the function will do
|
|
|
|
|
the initialization. As this regularly leads to exploitable
|
|
|
|
|
flaws, this plugin is available to identify and zero-initialize
|
|
|
|
|
such variables, depending on the chosen level of coverage.
|
|
|
|
|
|
|
|
|
|
This plugin was originally ported from grsecurity/PaX. More
|
|
|
|
|
information at:
|
2018-07-05 00:24:12 -06:00
|
|
|
* https://grsecurity.net/
|
|
|
|
|
* https://pax.grsecurity.net/
|
|
|
|
|
|
2019-01-23 16:19:29 -07:00
|
|
|
choice
|
|
|
|
|
prompt "Coverage"
|
2018-07-05 00:24:12 -06:00
|
|
|
depends on GCC_PLUGIN_STRUCTLEAK
|
2019-01-23 16:19:29 -07:00
|
|
|
default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
|
2018-07-05 00:24:12 -06:00
|
|
|
help
|
2019-01-23 16:19:29 -07:00
|
|
|
This chooses the level of coverage over classes of potentially
|
|
|
|
|
uninitialized variables. The selected class will be
|
|
|
|
|
zero-initialized before use.
|
|
|
|
|
|
|
|
|
|
config GCC_PLUGIN_STRUCTLEAK_USER
|
|
|
|
|
bool "structs marked for userspace"
|
|
|
|
|
help
|
|
|
|
|
Zero-initialize any structures on the stack containing
|
|
|
|
|
a __user attribute. This can prevent some classes of
|
|
|
|
|
uninitialized stack variable exploits and information
|
|
|
|
|
exposures, like CVE-2013-2141:
|
|
|
|
|
https://git.kernel.org/linus/b9e146d8eb3b9eca
|
|
|
|
|
|
|
|
|
|
config GCC_PLUGIN_STRUCTLEAK_BYREF
|
|
|
|
|
bool "structs passed by reference"
|
|
|
|
|
help
|
|
|
|
|
Zero-initialize any structures on the stack that may
|
|
|
|
|
be passed by reference and had not already been
|
|
|
|
|
explicitly initialized. This can prevent most classes
|
|
|
|
|
of uninitialized stack variable exploits and information
|
|
|
|
|
exposures, like CVE-2017-1000410:
|
|
|
|
|
https://git.kernel.org/linus/06e7e776ca4d3654
|
|
|
|
|
|
|
|
|
|
config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
|
|
|
|
|
bool "anything passed by reference"
|
|
|
|
|
help
|
|
|
|
|
Zero-initialize any stack variables that may be passed
|
|
|
|
|
by reference and had not already been explicitly
|
|
|
|
|
initialized. This is intended to eliminate all classes
|
|
|
|
|
of uninitialized stack variable exploits and information
|
|
|
|
|
exposures.
|
|
|
|
|
|
|
|
|
|
endchoice
|
2018-07-05 00:24:12 -06:00
|
|
|
|
|
|
|
|
config GCC_PLUGIN_STRUCTLEAK_VERBOSE
|
|
|
|
|
bool "Report forcefully initialized variables"
|
|
|
|
|
depends on GCC_PLUGIN_STRUCTLEAK
|
|
|
|
|
depends on !COMPILE_TEST # too noisy
|
|
|
|
|
help
|
|
|
|
|
This option will cause a warning to be printed each time the
|
|
|
|
|
structleak plugin finds a variable it thinks needs to be
|
|
|
|
|
initialized. Since not all existing initializers are detected
|
|
|
|
|
by the plugin, this can produce false positive warnings.
|
|
|
|
|
|
|
|
|
|
config GCC_PLUGIN_RANDSTRUCT
|
|
|
|
|
bool "Randomize layout of sensitive kernel structures"
|
|
|
|
|
select MODVERSIONS if MODULES
|
|
|
|
|
help
|
|
|
|
|
If you say Y here, the layouts of structures that are entirely
|
|
|
|
|
function pointers (and have not been manually annotated with
|
|
|
|
|
__no_randomize_layout), or structures that have been explicitly
|
|
|
|
|
marked with __randomize_layout, will be randomized at compile-time.
|
|
|
|
|
This can introduce the requirement of an additional information
|
|
|
|
|
exposure vulnerability for exploits targeting these structure
|
|
|
|
|
types.
|
|
|
|
|
|
|
|
|
|
Enabling this feature will introduce some performance impact,
|
|
|
|
|
slightly increase memory usage, and prevent the use of forensic
|
|
|
|
|
tools like Volatility against the system (unless the kernel
|
|
|
|
|
source tree isn't cleaned after kernel installation).
|
|
|
|
|
|
|
|
|
|
The seed used for compilation is located at
|
|
|
|
|
scripts/gcc-plgins/randomize_layout_seed.h. It remains after
|
|
|
|
|
a make clean to allow for external modules to be compiled with
|
|
|
|
|
the existing seed and will be removed by a make mrproper or
|
|
|
|
|
make distclean.
|
|
|
|
|
|
|
|
|
|
Note that the implementation requires gcc 4.7 or newer.
|
|
|
|
|
|
|
|
|
|
This plugin was ported from grsecurity/PaX. More information at:
|
|
|
|
|
* https://grsecurity.net/
|
|
|
|
|
* https://pax.grsecurity.net/
|
|
|
|
|
|
|
|
|
|
config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
|
|
|
|
|
bool "Use cacheline-aware structure randomization"
|
|
|
|
|
depends on GCC_PLUGIN_RANDSTRUCT
|
|
|
|
|
depends on !COMPILE_TEST # do not reduce test coverage
|
|
|
|
|
help
|
|
|
|
|
If you say Y here, the RANDSTRUCT randomization will make a
|
|
|
|
|
best effort at restricting randomization to cacheline-sized
|
|
|
|
|
groups of elements. It will further not randomize bitfields
|
|
|
|
|
in structures. This reduces the performance hit of RANDSTRUCT
|
|
|
|
|
at the cost of weakened randomization.
|
|
|
|
|
|
2018-08-16 16:16:58 -06:00
|
|
|
config GCC_PLUGIN_STACKLEAK
|
|
|
|
|
bool "Erase the kernel stack before returning from syscalls"
|
|
|
|
|
depends on GCC_PLUGINS
|
|
|
|
|
depends on HAVE_ARCH_STACKLEAK
|
|
|
|
|
help
|
|
|
|
|
This option makes the kernel erase the kernel stack before
|
|
|
|
|
returning from system calls. That reduces the information which
|
|
|
|
|
kernel stack leak bugs can reveal and blocks some uninitialized
|
|
|
|
|
stack variable attacks.
|
|
|
|
|
|
|
|
|
|
The tradeoff is the performance impact: on a single CPU system kernel
|
|
|
|
|
compilation sees a 1% slowdown, other systems and workloads may vary
|
|
|
|
|
and you are advised to test this feature on your expected workload
|
|
|
|
|
before deploying it.
|
|
|
|
|
|
|
|
|
|
This plugin was ported from grsecurity/PaX. More information at:
|
|
|
|
|
* https://grsecurity.net/
|
|
|
|
|
* https://pax.grsecurity.net/
|
|
|
|
|
|
2018-08-16 16:16:59 -06:00
|
|
|
config STACKLEAK_TRACK_MIN_SIZE
|
|
|
|
|
int "Minimum stack frame size of functions tracked by STACKLEAK"
|
|
|
|
|
default 100
|
|
|
|
|
range 0 4096
|
|
|
|
|
depends on GCC_PLUGIN_STACKLEAK
|
|
|
|
|
help
|
|
|
|
|
The STACKLEAK gcc plugin instruments the kernel code for tracking
|
|
|
|
|
the lowest border of the kernel stack (and for some other purposes).
|
|
|
|
|
It inserts the stackleak_track_stack() call for the functions with
|
|
|
|
|
a stack frame size greater than or equal to this parameter.
|
|
|
|
|
If unsure, leave the default value 100.
|
|
|
|
|
|
2018-08-16 16:17:01 -06:00
|
|
|
config STACKLEAK_METRICS
|
|
|
|
|
bool "Show STACKLEAK metrics in the /proc file system"
|
|
|
|
|
depends on GCC_PLUGIN_STACKLEAK
|
|
|
|
|
depends on PROC_FS
|
|
|
|
|
help
|
|
|
|
|
If this is set, STACKLEAK metrics for every task are available in
|
|
|
|
|
the /proc file system. In particular, /proc/<pid>/stack_depth
|
|
|
|
|
shows the maximum kernel stack consumption for the current and
|
|
|
|
|
previous syscalls. Although this information is not precise, it
|
|
|
|
|
can be useful for estimating the STACKLEAK performance impact for
|
|
|
|
|
your workloads.
|
|
|
|
|
|
2018-08-16 16:17:03 -06:00
|
|
|
config STACKLEAK_RUNTIME_DISABLE
|
|
|
|
|
bool "Allow runtime disabling of kernel stack erasing"
|
|
|
|
|
depends on GCC_PLUGIN_STACKLEAK
|
|
|
|
|
help
|
|
|
|
|
This option provides 'stack_erasing' sysctl, which can be used in
|
|
|
|
|
runtime to control kernel stack erasing for kernels built with
|
|
|
|
|
CONFIG_GCC_PLUGIN_STACKLEAK.
|
|
|
|
|
|
2018-12-06 01:32:57 -07:00
|
|
|
config GCC_PLUGIN_ARM_SSP_PER_TASK
|
|
|
|
|
bool
|
|
|
|
|
depends on GCC_PLUGINS && ARM
|
|
|
|
|
|
2018-07-05 00:24:12 -06:00
|
|
|
endif
|
