Merge tag 'gcc-plugin-cleanup-v4.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

+2 -144

arch/Kconfig

··· 408 408 409 409 See Documentation/userspace-api/seccomp_filter.rst for details. 410 410 411 - preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC)) 412 - 413 - config PLUGIN_HOSTCC 414 - string 415 - default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" 416 - help 417 - Host compiler used to build GCC plugins. This can be $(HOSTCXX), 418 - $(HOSTCC), or a null string if GCC plugin is unsupported. 419 - 420 - config HAVE_GCC_PLUGINS 421 - bool 422 - help 423 - An arch should select this symbol if it supports building with 424 - GCC plugins. 425 - 426 - menuconfig GCC_PLUGINS 427 - bool "GCC plugins" 428 - depends on HAVE_GCC_PLUGINS 429 - depends on PLUGIN_HOSTCC != "" 430 - help 431 - GCC plugins are loadable modules that provide extra features to the 432 - compiler. They are useful for runtime instrumentation and static analysis. 433 - 434 - See Documentation/gcc-plugins.txt for details. 435 - 436 - config GCC_PLUGIN_CYC_COMPLEXITY 437 - bool "Compute the cyclomatic complexity of a function" if EXPERT 438 - depends on GCC_PLUGINS 439 - depends on !COMPILE_TEST # too noisy 440 - help 441 - The complexity M of a function's control flow graph is defined as: 442 - M = E - N + 2P 443 - where 444 - 445 - E = the number of edges 446 - N = the number of nodes 447 - P = the number of connected components (exit nodes). 448 - 449 - Enabling this plugin reports the complexity to stderr during the 450 - build. It mainly serves as a simple example of how to create a 451 - gcc plugin for the kernel. 452 - 453 - config GCC_PLUGIN_SANCOV 454 - bool 455 - depends on GCC_PLUGINS 456 - help 457 - This plugin inserts a __sanitizer_cov_trace_pc() call at the start of 458 - basic blocks. It supports all gcc versions with plugin support (from 459 - gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" 460 - by Dmitry Vyukov <dvyukov@google.com>. 461 - 462 - config GCC_PLUGIN_LATENT_ENTROPY 463 - bool "Generate some entropy during boot and runtime" 464 - depends on GCC_PLUGINS 465 - help 466 - By saying Y here the kernel will instrument some kernel code to 467 - extract some entropy from both original and artificially created 468 - program state. This will help especially embedded systems where 469 - there is little 'natural' source of entropy normally. The cost 470 - is some slowdown of the boot process (about 0.5%) and fork and 471 - irq processing. 472 - 473 - Note that entropy extracted this way is not cryptographically 474 - secure! 475 - 476 - This plugin was ported from grsecurity/PaX. More information at: 477 - * https://grsecurity.net/ 478 - * https://pax.grsecurity.net/ 479 - 480 - config GCC_PLUGIN_STRUCTLEAK 481 - bool "Force initialization of variables containing userspace addresses" 482 - depends on GCC_PLUGINS 483 - # Currently STRUCTLEAK inserts initialization out of live scope of 484 - # variables from KASAN point of view. This leads to KASAN false 485 - # positive reports. Prohibit this combination for now. 486 - depends on !KASAN_EXTRA 487 - help 488 - This plugin zero-initializes any structures containing a 489 - __user attribute. This can prevent some classes of information 490 - exposures. 491 - 492 - This plugin was ported from grsecurity/PaX. More information at: 493 - * https://grsecurity.net/ 494 - * https://pax.grsecurity.net/ 495 - 496 - config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL 497 - bool "Force initialize all struct type variables passed by reference" 498 - depends on GCC_PLUGIN_STRUCTLEAK 499 - depends on !COMPILE_TEST 500 - help 501 - Zero initialize any struct type local variable that may be passed by 502 - reference without having been initialized. 503 - 504 - config GCC_PLUGIN_STRUCTLEAK_VERBOSE 505 - bool "Report forcefully initialized variables" 506 - depends on GCC_PLUGIN_STRUCTLEAK 507 - depends on !COMPILE_TEST # too noisy 508 - help 509 - This option will cause a warning to be printed each time the 510 - structleak plugin finds a variable it thinks needs to be 511 - initialized. Since not all existing initializers are detected 512 - by the plugin, this can produce false positive warnings. 513 - 514 - config GCC_PLUGIN_RANDSTRUCT 515 - bool "Randomize layout of sensitive kernel structures" 516 - depends on GCC_PLUGINS 517 - select MODVERSIONS if MODULES 518 - help 519 - If you say Y here, the layouts of structures that are entirely 520 - function pointers (and have not been manually annotated with 521 - __no_randomize_layout), or structures that have been explicitly 522 - marked with __randomize_layout, will be randomized at compile-time. 523 - This can introduce the requirement of an additional information 524 - exposure vulnerability for exploits targeting these structure 525 - types. 526 - 527 - Enabling this feature will introduce some performance impact, 528 - slightly increase memory usage, and prevent the use of forensic 529 - tools like Volatility against the system (unless the kernel 530 - source tree isn't cleaned after kernel installation). 531 - 532 - The seed used for compilation is located at 533 - scripts/gcc-plgins/randomize_layout_seed.h. It remains after 534 - a make clean to allow for external modules to be compiled with 535 - the existing seed and will be removed by a make mrproper or 536 - make distclean. 537 - 538 - Note that the implementation requires gcc 4.7 or newer. 539 - 540 - This plugin was ported from grsecurity/PaX. More information at: 541 - * https://grsecurity.net/ 542 - * https://pax.grsecurity.net/ 543 - 544 - config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE 545 - bool "Use cacheline-aware structure randomization" 546 - depends on GCC_PLUGIN_RANDSTRUCT 547 - depends on !COMPILE_TEST # do not reduce test coverage 548 - help 549 - If you say Y here, the RANDSTRUCT randomization will make a 550 - best effort at restricting randomization to cacheline-sized 551 - groups of elements. It will further not randomize bitfields 552 - in structures. This reduces the performance hit of RANDSTRUCT 553 - at the cost of weakened randomization. 554 - 555 411 config HAVE_STACKPROTECTOR 556 412 bool 557 413 help ··· 831 975 security flaw exploits. 832 976 833 977 source "kernel/gcov/Kconfig" 978 + 979 + source "scripts/gcc-plugins/Kconfig"

+30 -19

scripts/Makefile.gcc-plugins

··· 1 1 # SPDX-License-Identifier: GPL-2.0 2 + 2 3 gcc-plugin-$(CONFIG_GCC_PLUGIN_CYC_COMPLEXITY) += cyc_complexity_plugin.so 3 4 4 5 gcc-plugin-$(CONFIG_GCC_PLUGIN_LATENT_ENTROPY) += latent_entropy_plugin.so 5 - gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_LATENT_ENTROPY) += -DLATENT_ENTROPY_PLUGIN 6 + gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_LATENT_ENTROPY) \ 7 + += -DLATENT_ENTROPY_PLUGIN 6 8 ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY 7 - DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable 9 + DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable 8 10 endif 9 - 10 - gcc-plugin-$(CONFIG_GCC_PLUGIN_SANCOV) += sancov_plugin.so 11 - gcc-plugin-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) += structleak_plugin.so 12 - gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE) += -fplugin-arg-structleak_plugin-verbose 13 - gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL) += -fplugin-arg-structleak_plugin-byref-all 14 - gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) += -DSTRUCTLEAK_PLUGIN 15 - 16 - gcc-plugin-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) += randomize_layout_plugin.so 17 - gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) += -DRANDSTRUCT_PLUGIN 18 - gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE) += -fplugin-arg-randomize_layout_plugin-performance-mode 19 - 20 - GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y)) 21 - 22 - export GCC_PLUGINS_CFLAGS GCC_PLUGIN GCC_PLUGIN_SUBDIR 23 11 export DISABLE_LATENT_ENTROPY_PLUGIN 24 12 25 - # sancov_plugin.so can be only in CFLAGS_KCOV because avoid duplication. 26 - GCC_PLUGINS_CFLAGS := $(filter-out %/sancov_plugin.so, $(GCC_PLUGINS_CFLAGS)) 13 + gcc-plugin-$(CONFIG_GCC_PLUGIN_SANCOV) += sancov_plugin.so 27 14 15 + gcc-plugin-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) += structleak_plugin.so 16 + gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE) \ 17 + += -fplugin-arg-structleak_plugin-verbose 18 + gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL) \ 19 + += -fplugin-arg-structleak_plugin-byref-all 20 + gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) \ 21 + += -DSTRUCTLEAK_PLUGIN 22 + 23 + gcc-plugin-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) += randomize_layout_plugin.so 24 + gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) \ 25 + += -DRANDSTRUCT_PLUGIN 26 + gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE) \ 27 + += -fplugin-arg-randomize_layout_plugin-performance-mode 28 + 29 + # All the plugin CFLAGS are collected here in case a build target needs to 30 + # filter them out of the KBUILD_CFLAGS. 31 + GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y)) 32 + # The sancov_plugin.so is included via CFLAGS_KCOV, so it is removed here. 33 + GCC_PLUGINS_CFLAGS := $(filter-out %/sancov_plugin.so, $(GCC_PLUGINS_CFLAGS)) 34 + export GCC_PLUGINS_CFLAGS 35 + 36 + # Add the flags to the build! 28 37 KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) 38 + 39 + # All enabled GCC plugins are collected here for building below. 29 40 GCC_PLUGIN := $(gcc-plugin-y) 30 - GCC_PLUGIN_SUBDIR := $(gcc-plugin-subdir-y) 41 + export GCC_PLUGIN 31 42 32 43 # Actually do the build, if requested. 33 44 PHONY += gcc-plugins

+142

scripts/gcc-plugins/Kconfig

··· 1 + preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC)) 2 + 3 + config PLUGIN_HOSTCC 4 + string 5 + default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" 6 + help 7 + Host compiler used to build GCC plugins. This can be $(HOSTCXX), 8 + $(HOSTCC), or a null string if GCC plugin is unsupported. 9 + 10 + config HAVE_GCC_PLUGINS 11 + bool 12 + help 13 + An arch should select this symbol if it supports building with 14 + GCC plugins. 15 + 16 + menuconfig GCC_PLUGINS 17 + bool "GCC plugins" 18 + depends on HAVE_GCC_PLUGINS 19 + depends on PLUGIN_HOSTCC != "" 20 + help 21 + GCC plugins are loadable modules that provide extra features to the 22 + compiler. They are useful for runtime instrumentation and static analysis. 23 + 24 + See Documentation/gcc-plugins.txt for details. 25 + 26 + if GCC_PLUGINS 27 + 28 + config GCC_PLUGIN_CYC_COMPLEXITY 29 + bool "Compute the cyclomatic complexity of a function" if EXPERT 30 + depends on !COMPILE_TEST # too noisy 31 + help 32 + The complexity M of a function's control flow graph is defined as: 33 + M = E - N + 2P 34 + where 35 + 36 + E = the number of edges 37 + N = the number of nodes 38 + P = the number of connected components (exit nodes). 39 + 40 + Enabling this plugin reports the complexity to stderr during the 41 + build. It mainly serves as a simple example of how to create a 42 + gcc plugin for the kernel. 43 + 44 + config GCC_PLUGIN_SANCOV 45 + bool 46 + help 47 + This plugin inserts a __sanitizer_cov_trace_pc() call at the start of 48 + basic blocks. It supports all gcc versions with plugin support (from 49 + gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" 50 + by Dmitry Vyukov <dvyukov@google.com>. 51 + 52 + config GCC_PLUGIN_LATENT_ENTROPY 53 + bool "Generate some entropy during boot and runtime" 54 + help 55 + By saying Y here the kernel will instrument some kernel code to 56 + extract some entropy from both original and artificially created 57 + program state. This will help especially embedded systems where 58 + there is little 'natural' source of entropy normally. The cost 59 + is some slowdown of the boot process (about 0.5%) and fork and 60 + irq processing. 61 + 62 + Note that entropy extracted this way is not cryptographically 63 + secure! 64 + 65 + This plugin was ported from grsecurity/PaX. More information at: 66 + * https://grsecurity.net/ 67 + * https://pax.grsecurity.net/ 68 + 69 + config GCC_PLUGIN_STRUCTLEAK 70 + bool "Force initialization of variables containing userspace addresses" 71 + # Currently STRUCTLEAK inserts initialization out of live scope of 72 + # variables from KASAN point of view. This leads to KASAN false 73 + # positive reports. Prohibit this combination for now. 74 + depends on !KASAN_EXTRA 75 + help 76 + This plugin zero-initializes any structures containing a 77 + __user attribute. This can prevent some classes of information 78 + exposures. 79 + 80 + This plugin was ported from grsecurity/PaX. More information at: 81 + * https://grsecurity.net/ 82 + * https://pax.grsecurity.net/ 83 + 84 + config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL 85 + bool "Force initialize all struct type variables passed by reference" 86 + depends on GCC_PLUGIN_STRUCTLEAK 87 + depends on !COMPILE_TEST 88 + help 89 + Zero initialize any struct type local variable that may be passed by 90 + reference without having been initialized. 91 + 92 + config GCC_PLUGIN_STRUCTLEAK_VERBOSE 93 + bool "Report forcefully initialized variables" 94 + depends on GCC_PLUGIN_STRUCTLEAK 95 + depends on !COMPILE_TEST # too noisy 96 + help 97 + This option will cause a warning to be printed each time the 98 + structleak plugin finds a variable it thinks needs to be 99 + initialized. Since not all existing initializers are detected 100 + by the plugin, this can produce false positive warnings. 101 + 102 + config GCC_PLUGIN_RANDSTRUCT 103 + bool "Randomize layout of sensitive kernel structures" 104 + select MODVERSIONS if MODULES 105 + help 106 + If you say Y here, the layouts of structures that are entirely 107 + function pointers (and have not been manually annotated with 108 + __no_randomize_layout), or structures that have been explicitly 109 + marked with __randomize_layout, will be randomized at compile-time. 110 + This can introduce the requirement of an additional information 111 + exposure vulnerability for exploits targeting these structure 112 + types. 113 + 114 + Enabling this feature will introduce some performance impact, 115 + slightly increase memory usage, and prevent the use of forensic 116 + tools like Volatility against the system (unless the kernel 117 + source tree isn't cleaned after kernel installation). 118 + 119 + The seed used for compilation is located at 120 + scripts/gcc-plgins/randomize_layout_seed.h. It remains after 121 + a make clean to allow for external modules to be compiled with 122 + the existing seed and will be removed by a make mrproper or 123 + make distclean. 124 + 125 + Note that the implementation requires gcc 4.7 or newer. 126 + 127 + This plugin was ported from grsecurity/PaX. More information at: 128 + * https://grsecurity.net/ 129 + * https://pax.grsecurity.net/ 130 + 131 + config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE 132 + bool "Use cacheline-aware structure randomization" 133 + depends on GCC_PLUGIN_RANDSTRUCT 134 + depends on !COMPILE_TEST # do not reduce test coverage 135 + help 136 + If you say Y here, the RANDSTRUCT randomization will make a 137 + best effort at restricting randomization to cacheline-sized 138 + groups of elements. It will further not randomize bitfields 139 + in structures. This reduces the performance hit of RANDSTRUCT 140 + at the cost of weakened randomization. 141 + 142 + endif

-5

scripts/gcc-plugins/Makefile

··· 14 14 export HOST_EXTRACXXFLAGS 15 15 endif 16 16 17 - export HOSTLIBS 18 - 19 17 $(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h 20 18 quiet_cmd_create_randomize_layout_seed = GENSEED $@ 21 19 cmd_create_randomize_layout_seed = \ ··· 26 28 always := $($(HOSTLIBS)-y) 27 29 28 30 $(foreach p,$($(HOSTLIBS)-y:%.so=%),$(eval $(p)-objs := $(p).o)) 29 - 30 - subdir-y := $(GCC_PLUGIN_SUBDIR) 31 - subdir- += $(GCC_PLUGIN_SUBDIR) 32 31 33 32 clean-files += *.so

+16 -10

scripts/gcc-plugins/gcc-common.h

··· 392 392 } 393 393 #endif 394 394 395 - #if BUILDING_GCC_VERSION >= 4007 && BUILDING_GCC_VERSION <= 4009 396 - #define cgraph_create_edge(caller, callee, call_stmt, count, freq, nest) \ 397 - cgraph_create_edge((caller), (callee), (call_stmt), (count), (freq)) 398 - #define cgraph_create_edge_including_clones(caller, callee, old_call_stmt, call_stmt, count, freq, nest, reason) \ 399 - cgraph_create_edge_including_clones((caller), (callee), (old_call_stmt), (call_stmt), (count), (freq), (reason)) 400 - #endif 401 - 402 395 #if BUILDING_GCC_VERSION <= 4008 403 396 #define ENTRY_BLOCK_PTR_FOR_FN(FN) ENTRY_BLOCK_PTR_FOR_FUNCTION(FN) 404 397 #define EXIT_BLOCK_PTR_FOR_FN(FN) EXIT_BLOCK_PTR_FOR_FUNCTION(FN) ··· 716 723 #define varpool_get_node(decl) varpool_node::get(decl) 717 724 #define dump_varpool_node(file, node) (node)->dump(file) 718 725 719 - #define cgraph_create_edge(caller, callee, call_stmt, count, freq, nest) \ 726 + #if BUILDING_GCC_VERSION >= 8000 727 + #define cgraph_create_edge(caller, callee, call_stmt, count, freq) \ 728 + (caller)->create_edge((callee), (call_stmt), (count)) 729 + 730 + #define cgraph_create_edge_including_clones(caller, callee, \ 731 + old_call_stmt, call_stmt, count, freq, reason) \ 732 + (caller)->create_edge_including_clones((callee), \ 733 + (old_call_stmt), (call_stmt), (count), (reason)) 734 + #else 735 + #define cgraph_create_edge(caller, callee, call_stmt, count, freq) \ 720 736 (caller)->create_edge((callee), (call_stmt), (count), (freq)) 721 - #define cgraph_create_edge_including_clones(caller, callee, old_call_stmt, call_stmt, count, freq, nest, reason) \ 722 - (caller)->create_edge_including_clones((callee), (old_call_stmt), (call_stmt), (count), (freq), (reason)) 737 + 738 + #define cgraph_create_edge_including_clones(caller, callee, \ 739 + old_call_stmt, call_stmt, count, freq, reason) \ 740 + (caller)->create_edge_including_clones((callee), \ 741 + (old_call_stmt), (call_stmt), (count), (freq), (reason)) 742 + #endif 723 743 724 744 typedef struct cgraph_node *cgraph_node_ptr; 725 745 typedef struct cgraph_edge *cgraph_edge_p;