1*4882a593Smuzhiyun# SPDX-License-Identifier: GPL-2.0-only 2*4882a593Smuzhiyunconfig HAVE_GCC_PLUGINS 3*4882a593Smuzhiyun bool 4*4882a593Smuzhiyun help 5*4882a593Smuzhiyun An arch should select this symbol if it supports building with 6*4882a593Smuzhiyun GCC plugins. 7*4882a593Smuzhiyun 8*4882a593Smuzhiyunmenuconfig GCC_PLUGINS 9*4882a593Smuzhiyun bool "GCC plugins" 10*4882a593Smuzhiyun depends on HAVE_GCC_PLUGINS 11*4882a593Smuzhiyun depends on CC_IS_GCC 12*4882a593Smuzhiyun depends on $(success,test -e $(shell,$(CC) -print-file-name=plugin)/include/plugin-version.h) 13*4882a593Smuzhiyun default y 14*4882a593Smuzhiyun help 15*4882a593Smuzhiyun GCC plugins are loadable modules that provide extra features to the 16*4882a593Smuzhiyun compiler. They are useful for runtime instrumentation and static analysis. 17*4882a593Smuzhiyun 18*4882a593Smuzhiyun See Documentation/kbuild/gcc-plugins.rst for details. 19*4882a593Smuzhiyun 20*4882a593Smuzhiyunif GCC_PLUGINS 21*4882a593Smuzhiyun 22*4882a593Smuzhiyunconfig GCC_PLUGIN_CYC_COMPLEXITY 23*4882a593Smuzhiyun bool "Compute the cyclomatic complexity of a function" if EXPERT 24*4882a593Smuzhiyun depends on !COMPILE_TEST # too noisy 25*4882a593Smuzhiyun help 26*4882a593Smuzhiyun The complexity M of a function's control flow graph is defined as: 27*4882a593Smuzhiyun M = E - N + 2P 28*4882a593Smuzhiyun where 29*4882a593Smuzhiyun 30*4882a593Smuzhiyun E = the number of edges 31*4882a593Smuzhiyun N = the number of nodes 32*4882a593Smuzhiyun P = the number of connected components (exit nodes). 33*4882a593Smuzhiyun 34*4882a593Smuzhiyun Enabling this plugin reports the complexity to stderr during the 35*4882a593Smuzhiyun build. It mainly serves as a simple example of how to create a 36*4882a593Smuzhiyun gcc plugin for the kernel. 37*4882a593Smuzhiyun 38*4882a593Smuzhiyunconfig GCC_PLUGIN_SANCOV 39*4882a593Smuzhiyun bool 40*4882a593Smuzhiyun help 41*4882a593Smuzhiyun This plugin inserts a __sanitizer_cov_trace_pc() call at the start of 42*4882a593Smuzhiyun basic blocks. It supports all gcc versions with plugin support (from 43*4882a593Smuzhiyun gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" 44*4882a593Smuzhiyun by Dmitry Vyukov <dvyukov@google.com>. 45*4882a593Smuzhiyun 46*4882a593Smuzhiyunconfig GCC_PLUGIN_LATENT_ENTROPY 47*4882a593Smuzhiyun bool "Generate some entropy during boot and runtime" 48*4882a593Smuzhiyun help 49*4882a593Smuzhiyun By saying Y here the kernel will instrument some kernel code to 50*4882a593Smuzhiyun extract some entropy from both original and artificially created 51*4882a593Smuzhiyun program state. This will help especially embedded systems where 52*4882a593Smuzhiyun there is little 'natural' source of entropy normally. The cost 53*4882a593Smuzhiyun is some slowdown of the boot process (about 0.5%) and fork and 54*4882a593Smuzhiyun irq processing. 55*4882a593Smuzhiyun 56*4882a593Smuzhiyun Note that entropy extracted this way is not cryptographically 57*4882a593Smuzhiyun secure! 58*4882a593Smuzhiyun 59*4882a593Smuzhiyun This plugin was ported from grsecurity/PaX. More information at: 60*4882a593Smuzhiyun * https://grsecurity.net/ 61*4882a593Smuzhiyun * https://pax.grsecurity.net/ 62*4882a593Smuzhiyun 63*4882a593Smuzhiyunconfig GCC_PLUGIN_RANDSTRUCT 64*4882a593Smuzhiyun bool "Randomize layout of sensitive kernel structures" 65*4882a593Smuzhiyun select MODVERSIONS if MODULES 66*4882a593Smuzhiyun help 67*4882a593Smuzhiyun If you say Y here, the layouts of structures that are entirely 68*4882a593Smuzhiyun function pointers (and have not been manually annotated with 69*4882a593Smuzhiyun __no_randomize_layout), or structures that have been explicitly 70*4882a593Smuzhiyun marked with __randomize_layout, will be randomized at compile-time. 71*4882a593Smuzhiyun This can introduce the requirement of an additional information 72*4882a593Smuzhiyun exposure vulnerability for exploits targeting these structure 73*4882a593Smuzhiyun types. 74*4882a593Smuzhiyun 75*4882a593Smuzhiyun Enabling this feature will introduce some performance impact, 76*4882a593Smuzhiyun slightly increase memory usage, and prevent the use of forensic 77*4882a593Smuzhiyun tools like Volatility against the system (unless the kernel 78*4882a593Smuzhiyun source tree isn't cleaned after kernel installation). 79*4882a593Smuzhiyun 80*4882a593Smuzhiyun The seed used for compilation is located at 81*4882a593Smuzhiyun scripts/gcc-plugins/randomize_layout_seed.h. It remains after 82*4882a593Smuzhiyun a make clean to allow for external modules to be compiled with 83*4882a593Smuzhiyun the existing seed and will be removed by a make mrproper or 84*4882a593Smuzhiyun make distclean. 85*4882a593Smuzhiyun 86*4882a593Smuzhiyun Note that the implementation requires gcc 4.7 or newer. 87*4882a593Smuzhiyun 88*4882a593Smuzhiyun This plugin was ported from grsecurity/PaX. More information at: 89*4882a593Smuzhiyun * https://grsecurity.net/ 90*4882a593Smuzhiyun * https://pax.grsecurity.net/ 91*4882a593Smuzhiyun 92*4882a593Smuzhiyunconfig GCC_PLUGIN_RANDSTRUCT_PERFORMANCE 93*4882a593Smuzhiyun bool "Use cacheline-aware structure randomization" 94*4882a593Smuzhiyun depends on GCC_PLUGIN_RANDSTRUCT 95*4882a593Smuzhiyun depends on !COMPILE_TEST # do not reduce test coverage 96*4882a593Smuzhiyun help 97*4882a593Smuzhiyun If you say Y here, the RANDSTRUCT randomization will make a 98*4882a593Smuzhiyun best effort at restricting randomization to cacheline-sized 99*4882a593Smuzhiyun groups of elements. It will further not randomize bitfields 100*4882a593Smuzhiyun in structures. This reduces the performance hit of RANDSTRUCT 101*4882a593Smuzhiyun at the cost of weakened randomization. 102*4882a593Smuzhiyun 103*4882a593Smuzhiyunconfig GCC_PLUGIN_ARM_SSP_PER_TASK 104*4882a593Smuzhiyun bool 105*4882a593Smuzhiyun depends on GCC_PLUGINS && ARM 106*4882a593Smuzhiyun 107*4882a593Smuzhiyunendif 108