tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'gcc-minimum-version-6.16' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic

Pull compiler version requirement update from Arnd Bergmann:
"Require gcc-8 and binutils-2.30

x86 already uses gcc-8 as the minimum version, this changes all other
architectures to the same version. gcc-8 is used is Debian 10 and Red
Hat Enterprise Linux 8, both of which are still supported, and
binutils 2.30 is the oldest corresponding version on those.

Ubuntu Pro 18.04 and SUSE Linux Enterprise Server 15 both use gcc-7 as
the system compiler but additionally include toolchains that remain
supported.

With the new minimum toolchain versions, a number of workarounds for
older versions can be dropped, in particular on x86_64 and arm64.
Importantly, the updated compiler version allows removing two of the
five remaining gcc plugins, as support for sancov and structeak
features is already included in modern compiler versions.

I tried collecting the known changes that are possible based on the
new toolchain version, but expect that more cleanups will be possible.

Since this touches multiple architectures, I merged the patches
through the asm-generic tree."

* tag 'gcc-minimum-version-6.16' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic:
Makefile.kcov: apply needed compiler option unconditionally in CFLAGS_KCOV
Documentation: update binutils-2.30 version reference
gcc-plugins: remove SANCOV gcc plugin
Kbuild: remove structleak gcc plugin
arm64: drop binutils version checks
raid6: skip avx512 checks
kbuild: require gcc-8 and binutils-2.30

Linus Torvalds dee264c1 31848987

+25 -677
+1 -1
Documentation/admin-guide/README.rst
··· 259 259 Compiling the kernel 260 260 -------------------- 261 261 262 - - Make sure you have at least gcc 5.1 available. 262 + - Make sure you have at least gcc 8.1 available. 263 263 For more information, refer to :ref:`Documentation/process/changes.rst <changes>`. 264 264 265 265 - Do a ``make`` to create a compressed kernel image. It is also possible to do
+2 -2
Documentation/kbuild/makefiles.rst
··· 625 625 626 626 Example:: 627 627 628 - cflags-$(call gcc-min-version, 70100) := -foo 628 + cflags-$(call gcc-min-version, 110100) := -foo 629 629 630 630 In this example, cflags-y will be assigned the value -foo if $(CC) is gcc and 631 - $(CONFIG_GCC_VERSION) is >= 7.1. 631 + $(CONFIG_GCC_VERSION) is >= 11.1. 632 632 633 633 clang-min-version 634 634 clang-min-version tests if the value of $(CONFIG_CLANG_VERSION) is greater
+3 -3
Documentation/process/changes.rst
··· 29 29 ====================== =============== ======================================== 30 30 Program Minimal version Command to check the version 31 31 ====================== =============== ======================================== 32 - GNU C 5.1 gcc --version 32 + GNU C 8.1 gcc --version 33 33 Clang/LLVM (optional) 13.0.1 clang --version 34 34 Rust (optional) 1.78.0 rustc --version 35 35 bindgen (optional) 0.65.1 bindgen --version 36 36 GNU make 4.0 make --version 37 37 bash 4.2 bash --version 38 - binutils 2.25 ld -v 38 + binutils 2.30 ld -v 39 39 flex 2.5.35 flex --version 40 40 bison 2.0 bison --version 41 41 pahole 1.16 pahole --version ··· 116 116 Binutils 117 117 -------- 118 118 119 - Binutils 2.25 or newer is needed to build the kernel. 119 + Binutils 2.30 or newer is needed to build the kernel. 120 120 121 121 pkg-config 122 122 ----------
+3 -3
Documentation/translations/it_IT/process/changes.rst
··· 32 32 ====================== ================= ======================================== 33 33 Programma Versione minima Comando per verificare la versione 34 34 ====================== ================= ======================================== 35 - GNU C 5.1 gcc --version 35 + GNU C 8.1 gcc --version 36 36 Clang/LLVM (optional) 13.0.0 clang --version 37 37 Rust (opzionale) 1.78.0 rustc --version 38 38 bindgen (opzionale) 0.65.1 bindgen --version 39 39 GNU make 4.0 make --version 40 40 bash 4.2 bash --version 41 - binutils 2.25 ld -v 41 + binutils 2.30 ld -v 42 42 flex 2.5.35 flex --version 43 43 bison 2.0 bison --version 44 44 pahole 1.16 pahole --version ··· 118 118 Binutils 119 119 -------- 120 120 121 - Per generare il kernel è necessario avere Binutils 2.25 o superiore. 121 + Per generare il kernel è necessario avere Binutils 2.30 o superiore. 122 122 123 123 pkg-config 124 124 ----------
+1 -1
Documentation/translations/zh_CN/admin-guide/README.rst
··· 224 224 编译内核 225 225 --------- 226 226 227 - - 确保您至少有gcc 5.1可用。 227 + - 确保您至少有gcc 8.1可用。 228 228 有关更多信息,请参阅 :ref:`Documentation/process/changes.rst <changes>` 。 229 229 230 230 - 执行 ``make`` 来创建压缩内核映像。如果您安装了lilo以适配内核makefile,
+2 -35
arch/arm64/Kconfig
··· 659 659 660 660 If unsure, say Y. 661 661 662 - config ARM64_LD_HAS_FIX_ERRATUM_843419 663 - def_bool $(ld-option,--fix-cortex-a53-843419) 664 - 665 662 config ARM64_ERRATUM_1024718 666 663 bool "Cortex-A55: 1024718: Update of DBM/AP bits without break before make might result in incorrect update" 667 664 default y ··· 1904 1907 The feature is detected at runtime, and will remain as a 'nop' 1905 1908 instruction if the cpu does not implement the feature. 1906 1909 1907 - config AS_HAS_LSE_ATOMICS 1908 - def_bool $(as-instr,.arch_extension lse) 1909 - 1910 1910 config ARM64_LSE_ATOMICS 1911 1911 bool 1912 1912 default ARM64_USE_LSE_ATOMICS 1913 - depends on AS_HAS_LSE_ATOMICS 1914 1913 1915 1914 config ARM64_USE_LSE_ATOMICS 1916 1915 bool "Atomic instructions" ··· 1918 1925 1919 1926 Say Y here to make use of these instructions for the in-kernel 1920 1927 atomic routines. This incurs a small overhead on CPUs that do 1921 - not support these instructions and requires the kernel to be 1922 - built with binutils >= 2.25 in order for the new instructions 1923 - to be used. 1928 + not support these instructions. 1924 1929 1925 1930 endmenu # "ARMv8.1 architectural features" 1926 1931 1927 1932 menu "ARMv8.2 architectural features" 1928 - 1929 - config AS_HAS_ARMV8_2 1930 - def_bool $(cc-option,-Wa$(comma)-march=armv8.2-a) 1931 - 1932 - config AS_HAS_SHA3 1933 - def_bool $(as-instr,.arch armv8.2-a+sha3) 1934 1933 1935 1934 config ARM64_PMEM 1936 1935 bool "Enable support for persistent memory" ··· 1997 2012 bool "Use pointer authentication for kernel" 1998 2013 default y 1999 2014 depends on ARM64_PTR_AUTH 2000 - depends on (CC_HAS_SIGN_RETURN_ADDRESS || CC_HAS_BRANCH_PROT_PAC_RET) && AS_HAS_ARMV8_3 2001 2015 # Modern compilers insert a .note.gnu.property section note for PAC 2002 2016 # which is only understood by binutils starting with version 2.33.1. 2003 2017 depends on LD_IS_LLD || LD_VERSION >= 23301 || (CC_IS_GCC && GCC_VERSION < 90100) ··· 2017 2033 # GCC 9 or later, clang 8 or later 2018 2034 def_bool $(cc-option,-mbranch-protection=pac-ret+leaf) 2019 2035 2020 - config CC_HAS_SIGN_RETURN_ADDRESS 2021 - # GCC 7, 8 2022 - def_bool $(cc-option,-msign-return-address=all) 2023 - 2024 - config AS_HAS_ARMV8_3 2025 - def_bool $(cc-option,-Wa$(comma)-march=armv8.3-a) 2026 - 2027 2036 config AS_HAS_CFI_NEGATE_RA_STATE 2037 + # binutils 2.34+ 2028 2038 def_bool $(as-instr,.cfi_startproc\n.cfi_negate_ra_state\n.cfi_endproc\n) 2029 - 2030 - config AS_HAS_LDAPR 2031 - def_bool $(as-instr,.arch_extension rcpc) 2032 2039 2033 2040 endmenu # "ARMv8.3 architectural features" 2034 2041 ··· 2048 2073 correctly reflect reality. Most commonly, the value read will be 0, 2049 2074 indicating that the counter is not enabled. 2050 2075 2051 - config AS_HAS_ARMV8_4 2052 - def_bool $(cc-option,-Wa$(comma)-march=armv8.4-a) 2053 - 2054 2076 config ARM64_TLB_RANGE 2055 2077 bool "Enable support for tlbi range feature" 2056 2078 default y 2057 - depends on AS_HAS_ARMV8_4 2058 2079 help 2059 2080 ARMv8.4-TLBI provides TLBI invalidation instruction that apply to a 2060 2081 range of input addresses. 2061 - 2062 - The feature introduces new assembly instructions, and they were 2063 - support when binutils >= 2.30. 2064 2082 2065 2083 endmenu # "ARMv8.4 architectural features" 2066 2084 ··· 2130 2162 default y 2131 2163 depends on ARM64_AS_HAS_MTE && ARM64_TAGGED_ADDR_ABI 2132 2164 depends on AS_HAS_ARMV8_5 2133 - depends on AS_HAS_LSE_ATOMICS 2134 2165 # Required for tag checking in the uaccess routines 2135 2166 select ARM64_PAN 2136 2167 select ARCH_HAS_SUBPAGE_FAULTS
+2 -19
arch/arm64/Makefile
··· 16 16 # Pass --no-apply-dynamic-relocs to restore pre-binutils-2.27 behaviour 17 17 # for relative relocs, since this leads to better Image compression 18 18 # with the relocation offsets always being zero. 19 - LDFLAGS_vmlinux += -shared -Bsymbolic -z notext \ 20 - $(call ld-option, --no-apply-dynamic-relocs) 19 + LDFLAGS_vmlinux += -shared -Bsymbolic -z notext --no-apply-dynamic-relocs 21 20 endif 22 21 23 22 ifeq ($(CONFIG_ARM64_ERRATUM_843419),y) 24 - ifeq ($(CONFIG_ARM64_LD_HAS_FIX_ERRATUM_843419),y) 25 23 LDFLAGS_vmlinux += --fix-cortex-a53-843419 26 - endif 27 24 endif 28 25 29 26 cc_has_k_constraint := $(call try-run,echo \ ··· 102 105 # hardware. 103 106 ifeq ($(CONFIG_AS_HAS_ARMV8_5), y) 104 107 asm-arch := armv8.5-a 105 - else ifeq ($(CONFIG_AS_HAS_ARMV8_4), y) 108 + else 106 109 asm-arch := armv8.4-a 107 - else ifeq ($(CONFIG_AS_HAS_ARMV8_3), y) 108 - asm-arch := armv8.3-a 109 - else ifeq ($(CONFIG_AS_HAS_ARMV8_2), y) 110 - asm-arch := armv8.2-a 111 110 endif 112 111 113 112 ifdef asm-arch ··· 194 201 195 202 archprepare: 196 203 $(Q)$(MAKE) $(build)=arch/arm64/tools kapi 197 - ifeq ($(CONFIG_ARM64_ERRATUM_843419),y) 198 - ifneq ($(CONFIG_ARM64_LD_HAS_FIX_ERRATUM_843419),y) 199 - @echo "warning: ld does not support --fix-cortex-a53-843419; kernel may be susceptible to erratum" >&2 200 - endif 201 - endif 202 - ifeq ($(CONFIG_ARM64_USE_LSE_ATOMICS),y) 203 - ifneq ($(CONFIG_ARM64_LSE_ATOMICS),y) 204 - @echo "warning: LSE atomics not supported by binutils" >&2 205 - endif 206 - endif 207 204 208 205 ifeq ($(KBUILD_EXTMOD),) 209 206 # We need to generate vdso-offsets.h before compiling certain files in kernel/.
-4
arch/arm64/include/asm/rwonce.h
··· 12 12 13 13 #ifndef BUILD_VDSO 14 14 15 - #ifdef CONFIG_AS_HAS_LDAPR 16 15 #define __LOAD_RCPC(sfx, regs...) \ 17 16 ALTERNATIVE( \ 18 17 "ldar" #sfx "\t" #regs, \ 19 18 ".arch_extension rcpc\n" \ 20 19 "ldapr" #sfx "\t" #regs, \ 21 20 ARM64_HAS_LDAPR) 22 - #else 23 - #define __LOAD_RCPC(sfx, regs...) "ldar" #sfx "\t" #regs 24 - #endif /* CONFIG_AS_HAS_LDAPR */ 25 21 26 22 /* 27 23 * When building with LTO, there is an increased risk of the compiler
-1
arch/arm64/kvm/Kconfig
··· 19 19 20 20 menuconfig KVM 21 21 bool "Kernel-based Virtual Machine (KVM) support" 22 - depends on AS_HAS_ARMV8_4 23 22 select KVM_COMMON 24 23 select KVM_GENERIC_HARDWARE_ENABLING 25 24 select KVM_GENERIC_MMU_NOTIFIER
+1 -1
arch/arm64/lib/xor-neon.c
··· 319 319 320 320 static int __init xor_neon_init(void) 321 321 { 322 - if (IS_ENABLED(CONFIG_AS_HAS_SHA3) && cpu_have_named_feature(SHA3)) { 322 + if (cpu_have_named_feature(SHA3)) { 323 323 xor_block_inner_neon.do_3 = xor_arm64_eor3_3; 324 324 xor_block_inner_neon.do_4 = xor_arm64_eor3_4; 325 325 xor_block_inner_neon.do_5 = xor_arm64_eor3_5;
+1 -3
arch/um/Makefile
··· 118 118 $(Q)$(MAKE) $(build)=$(HOST_DIR)/um include/generated/user_constants.h 119 119 120 120 LINK-$(CONFIG_LD_SCRIPT_STATIC) += -static 121 - ifdef CONFIG_LD_SCRIPT_DYN 122 - LINK-$(call gcc-min-version, 60100)$(CONFIG_CC_IS_CLANG) += -no-pie 123 - endif 121 + LINK-$(CONFIG_LD_SCRIPT_DYN) += -no-pie 124 122 LINK-$(CONFIG_LD_SCRIPT_DYN_RPATH) += -Wl,-rpath,/lib 125 123 126 124 CFLAGS_NO_HARDENING := $(call cc-option, -fno-PIC,) $(call cc-option, -fno-pic,) \
+1 -5
drivers/gpu/drm/panel/panel-tpo-td028ttec1.c
··· 86 86 87 87 #define to_td028ttec1_device(p) container_of(p, struct td028ttec1_panel, panel) 88 88 89 - /* 90 - * noinline_for_stack so we don't get multiple copies of tx_buf 91 - * on the stack in case of gcc-plugin-structleak 92 - */ 93 - static int noinline_for_stack 89 + static int 94 90 jbt_ret_write_0(struct td028ttec1_panel *lcd, u8 reg, int *err) 95 91 { 96 92 struct spi_device *spi = lcd->spi;
+1 -3
include/linux/unroll.h
··· 11 11 12 12 #ifdef CONFIG_CC_IS_CLANG 13 13 #define __pick_unrolled(x, y) _Pragma(#x) 14 - #elif CONFIG_GCC_VERSION >= 80000 15 - #define __pick_unrolled(x, y) _Pragma(#y) 16 14 #else 17 - #define __pick_unrolled(x, y) /* not supported */ 15 + #define __pick_unrolled(x, y) _Pragma(#y) 18 16 #endif 19 17 20 18 /**
-4
kernel/gcov/gcc_4_7.c
··· 22 22 #define GCOV_COUNTERS 9 23 23 #elif (__GNUC__ >= 10) 24 24 #define GCOV_COUNTERS 8 25 - #elif (__GNUC__ >= 7) 26 - #define GCOV_COUNTERS 9 27 - #elif (__GNUC__ > 5) || (__GNUC__ == 5 && __GNUC_MINOR__ >= 1) 28 - #define GCOV_COUNTERS 10 29 25 #else 30 26 #define GCOV_COUNTERS 9 31 27 #endif
+1 -9
lib/Kconfig.debug
··· 2153 2153 build and run with CONFIG_KCOV. This typically requires 2154 2154 disabling instrumentation for some early boot code. 2155 2155 2156 - config CC_HAS_SANCOV_TRACE_PC 2157 - def_bool $(cc-option,-fsanitize-coverage=trace-pc) 2158 - 2159 - 2160 2156 config KCOV 2161 2157 bool "Code coverage for fuzzing" 2162 2158 depends on ARCH_HAS_KCOV 2163 - depends on CC_HAS_SANCOV_TRACE_PC || GCC_PLUGINS 2164 2159 depends on !ARCH_WANTS_NO_INSTR || HAVE_NOINSTR_HACK || \ 2165 2160 GCC_VERSION >= 120000 || CC_IS_CLANG 2166 2161 select DEBUG_FS 2167 - select GCC_PLUGIN_SANCOV if !CC_HAS_SANCOV_TRACE_PC 2168 2162 select OBJTOOL if HAVE_NOINSTR_HACK 2169 2163 help 2170 2164 KCOV exposes kernel code coverage information in a form suitable ··· 2872 2878 help 2873 2879 Test if the kernel is zero-initializing stack variables and 2874 2880 padding. Coverage is controlled by compiler flags, 2875 - CONFIG_INIT_STACK_ALL_PATTERN, CONFIG_INIT_STACK_ALL_ZERO, 2876 - CONFIG_GCC_PLUGIN_STRUCTLEAK, CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF, 2877 - or CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL. 2881 + CONFIG_INIT_STACK_ALL_PATTERN or CONFIG_INIT_STACK_ALL_ZERO. 2878 2882 2879 2883 config FORTIFY_KUNIT_TEST 2880 2884 tristate "Test fortified str*() and mem*() function internals at runtime" if !KUNIT_ALL_TESTS
-6
lib/raid6/algos.c
··· 28 28 29 29 const struct raid6_calls * const raid6_algos[] = { 30 30 #if defined(__i386__) && !defined(__arch_um__) 31 - #ifdef CONFIG_AS_AVX512 32 31 &raid6_avx512x2, 33 32 &raid6_avx512x1, 34 - #endif 35 33 &raid6_avx2x2, 36 34 &raid6_avx2x1, 37 35 &raid6_sse2x2, ··· 40 42 &raid6_mmxx1, 41 43 #endif 42 44 #if defined(__x86_64__) && !defined(__arch_um__) 43 - #ifdef CONFIG_AS_AVX512 44 45 &raid6_avx512x4, 45 46 &raid6_avx512x2, 46 47 &raid6_avx512x1, 47 - #endif 48 48 &raid6_avx2x4, 49 49 &raid6_avx2x2, 50 50 &raid6_avx2x1, ··· 92 96 93 97 const struct raid6_recov_calls *const raid6_recov_algos[] = { 94 98 #ifdef CONFIG_X86 95 - #ifdef CONFIG_AS_AVX512 96 99 &raid6_recov_avx512, 97 - #endif 98 100 &raid6_recov_avx2, 99 101 &raid6_recov_ssse3, 100 102 #endif
-4
lib/raid6/avx512.c
··· 17 17 * 18 18 */ 19 19 20 - #ifdef CONFIG_AS_AVX512 21 - 22 20 #include <linux/raid/pq.h> 23 21 #include "x86.h" 24 22 ··· 558 560 .priority = 2 /* Prefer AVX512 over priority 1 (SSE2 and others) */ 559 561 }; 560 562 #endif 561 - 562 - #endif /* CONFIG_AS_AVX512 */
-6
lib/raid6/recov_avx512.c
··· 6 6 * Author: Megha Dey <megha.dey@linux.intel.com> 7 7 */ 8 8 9 - #ifdef CONFIG_AS_AVX512 10 - 11 9 #include <linux/raid/pq.h> 12 10 #include "x86.h" 13 11 ··· 375 377 #endif 376 378 .priority = 3, 377 379 }; 378 - 379 - #else 380 - #warning "your version of binutils lacks AVX512 support" 381 - #endif
-3
lib/raid6/test/Makefile
··· 54 54 ifeq ($(IS_X86),yes) 55 55 OBJS += mmx.o sse1.o sse2.o avx2.o recov_ssse3.o recov_avx2.o avx512.o recov_avx512.o 56 56 CFLAGS += -DCONFIG_X86 57 - CFLAGS += $(shell echo "vpmovm2b %k1, %zmm5" | \ 58 - gcc -c -x assembler - >/dev/null 2>&1 && \ 59 - rm ./-.o && echo -DCONFIG_AS_AVX512=1) 60 57 else ifeq ($(HAS_NEON),yes) 61 58 OBJS += neon.o neon1.o neon2.o neon4.o neon8.o recov_neon.o recov_neon_inner.o 62 59 CFLAGS += -DCONFIG_KERNEL_MODE_NEON=1
+1 -4
lib/test_fortify/Makefile
··· 18 18 $(obj)/test_fortify.log: $(addprefix $(obj)/, $(logs)) FORCE 19 19 $(call if_changed,gen_fortify_log) 20 20 21 - # GCC<=7 does not always produce *.d files. 22 - # Run the tests only for GCC>=8 or Clang. 23 - always-$(call gcc-min-version, 80000) += test_fortify.log 24 - always-$(CONFIG_CC_IS_CLANG) += test_fortify.log 21 + always-y += test_fortify.log 25 22 26 23 # Some architectures define __NO_FORTIFY if __SANITIZE_ADDRESS__ is undefined. 27 24 # Pass CFLAGS_KASAN to avoid warnings.
+1 -9
lib/tests/stackinit_kunit.c
··· 1 1 // SPDX-License-Identifier: GPL-2.0-or-later 2 2 /* 3 3 * Test cases for compiler-based stack variable zeroing via 4 - * -ftrivial-auto-var-init={zero,pattern} or CONFIG_GCC_PLUGIN_STRUCTLEAK*. 4 + * -ftrivial-auto-var-init={zero,pattern}. 5 5 * For example, see: 6 6 * "Running tests with kunit_tool" at Documentation/dev-tools/kunit/start.rst 7 7 * ./tools/testing/kunit/kunit.py run stackinit [--raw_output] \ ··· 375 375 #ifdef CONFIG_INIT_STACK_NONE 376 376 # define USER_PASS XFAIL 377 377 # define BYREF_PASS XFAIL 378 - # define STRONG_PASS XFAIL 379 - #elif defined(CONFIG_GCC_PLUGIN_STRUCTLEAK_USER) 380 - # define USER_PASS WANT_SUCCESS 381 - # define BYREF_PASS XFAIL 382 - # define STRONG_PASS XFAIL 383 - #elif defined(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF) 384 - # define USER_PASS WANT_SUCCESS 385 - # define BYREF_PASS WANT_SUCCESS 386 378 # define STRONG_PASS XFAIL 387 379 #else 388 380 # define USER_PASS WANT_SUCCESS
-6
mm/mm_init.c
··· 2667 2667 stack = "all(pattern)"; 2668 2668 else if (IS_ENABLED(CONFIG_INIT_STACK_ALL_ZERO)) 2669 2669 stack = "all(zero)"; 2670 - else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL)) 2671 - stack = "byref_all(zero)"; 2672 - else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF)) 2673 - stack = "byref(zero)"; 2674 - else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_USER)) 2675 - stack = "__user(zero)"; 2676 2670 else 2677 2671 stack = "off"; 2678 2672
+1 -1
scripts/Makefile.compiler
··· 60 60 cc-disable-warning = $(call cc-option,-Wno-$(strip $1)) 61 61 62 62 # gcc-min-version 63 - # Usage: cflags-$(call gcc-min-version, 70100) += -foo 63 + # Usage: cflags-$(call gcc-min-version, 110100) += -foo 64 64 gcc-min-version = $(call test-ge, $(CONFIG_GCC_VERSION), $1) 65 65 66 66 # clang-min-version
-16
scripts/Makefile.gcc-plugins
··· 8 8 endif 9 9 export DISABLE_LATENT_ENTROPY_PLUGIN 10 10 11 - gcc-plugin-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) += structleak_plugin.so 12 - gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE) \ 13 - += -fplugin-arg-structleak_plugin-verbose 14 - gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF) \ 15 - += -fplugin-arg-structleak_plugin-byref 16 - gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL) \ 17 - += -fplugin-arg-structleak_plugin-byref-all 18 - ifdef CONFIG_GCC_PLUGIN_STRUCTLEAK 19 - DISABLE_STRUCTLEAK_PLUGIN += -fplugin-arg-structleak_plugin-disable 20 - endif 21 - export DISABLE_STRUCTLEAK_PLUGIN 22 - gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) \ 23 - += -DSTRUCTLEAK_PLUGIN 24 - 25 11 gcc-plugin-$(CONFIG_GCC_PLUGIN_STACKLEAK) += stackleak_plugin.so 26 12 gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STACKLEAK) \ 27 13 += -DSTACKLEAK_PLUGIN ··· 32 46 33 47 # Some plugins are enabled outside of this Makefile, but they still need to 34 48 # be included in GCC_PLUGIN so they can get built. 35 - gcc-plugin-external-$(CONFIG_GCC_PLUGIN_SANCOV) \ 36 - += sancov_plugin.so 37 49 gcc-plugin-external-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) \ 38 50 += randomize_layout_plugin.so 39 51
+1 -2
scripts/Makefile.kcov
··· 1 1 # SPDX-License-Identifier: GPL-2.0-only 2 - kcov-flags-$(CONFIG_CC_HAS_SANCOV_TRACE_PC) += -fsanitize-coverage=trace-pc 2 + kcov-flags-y += -fsanitize-coverage=trace-pc 3 3 kcov-flags-$(CONFIG_KCOV_ENABLE_COMPARISONS) += -fsanitize-coverage=trace-cmp 4 - kcov-flags-$(CONFIG_GCC_PLUGIN_SANCOV) += -fplugin=$(objtree)/scripts/gcc-plugins/sancov_plugin.so 5 4 6 5 export CFLAGS_KCOV := $(kcov-flags-y)
-10
scripts/gcc-plugins/Kconfig
··· 19 19 20 20 if GCC_PLUGINS 21 21 22 - config GCC_PLUGIN_SANCOV 23 - bool 24 - # Plugin can be removed once the kernel only supports GCC 6+ 25 - depends on !CC_HAS_SANCOV_TRACE_PC 26 - help 27 - This plugin inserts a __sanitizer_cov_trace_pc() call at the start of 28 - basic blocks. It supports all gcc versions with plugin support (from 29 - gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" 30 - by Dmitry Vyukov <dvyukov@google.com>. 31 - 32 22 config GCC_PLUGIN_LATENT_ENTROPY 33 23 bool "Generate some entropy during boot and runtime" 34 24 help
-45
scripts/gcc-plugins/gcc-common.h
··· 3 3 #define GCC_COMMON_H_INCLUDED 4 4 5 5 #include "bversion.h" 6 - #if BUILDING_GCC_VERSION >= 6000 7 6 #include "gcc-plugin.h" 8 - #else 9 - #include "plugin.h" 10 - #endif 11 7 #include "plugin-version.h" 12 8 #include "config.h" 13 9 #include "system.h" ··· 35 39 36 40 #include "hash-map.h" 37 41 38 - #if BUILDING_GCC_VERSION >= 7000 39 42 #include "memmodel.h" 40 - #endif 41 43 #include "emit-rtl.h" 42 44 #include "debug.h" 43 45 #include "target.h" ··· 68 74 #include "context.h" 69 75 #include "tree-ssa-alias.h" 70 76 #include "tree-ssa.h" 71 - #if BUILDING_GCC_VERSION >= 7000 72 77 #include "tree-vrp.h" 73 - #endif 74 78 #include "tree-ssanames.h" 75 79 #include "print-tree.h" 76 80 #include "tree-eh.h" ··· 141 149 return g->get_passes()->get_pass_for_id(id); 142 150 } 143 151 144 - #if BUILDING_GCC_VERSION < 6000 145 - /* gimple related */ 146 - template <> 147 - template <> 148 - inline bool is_a_helper<const gassign *>::test(const_gimple gs) 149 - { 150 - return gs->code == GIMPLE_ASSIGN; 151 - } 152 - #endif 153 - 154 152 #define TODO_verify_ssa TODO_verify_il 155 153 #define TODO_verify_flow TODO_verify_il 156 154 #define TODO_verify_stmts TODO_verify_il ··· 163 181 #define varpool_get_node(decl) varpool_node::get(decl) 164 182 #define dump_varpool_node(file, node) (node)->dump(file) 165 183 166 - #if BUILDING_GCC_VERSION >= 8000 167 184 #define cgraph_create_edge(caller, callee, call_stmt, count, freq) \ 168 185 (caller)->create_edge((callee), (call_stmt), (count)) 169 186 ··· 170 189 old_call_stmt, call_stmt, count, freq, reason) \ 171 190 (caller)->create_edge_including_clones((callee), \ 172 191 (old_call_stmt), (call_stmt), (count), (reason)) 173 - #else 174 - #define cgraph_create_edge(caller, callee, call_stmt, count, freq) \ 175 - (caller)->create_edge((callee), (call_stmt), (count), (freq)) 176 - 177 - #define cgraph_create_edge_including_clones(caller, callee, \ 178 - old_call_stmt, call_stmt, count, freq, reason) \ 179 - (caller)->create_edge_including_clones((callee), \ 180 - (old_call_stmt), (call_stmt), (count), (freq), (reason)) 181 - #endif 182 192 183 193 typedef struct cgraph_node *cgraph_node_ptr; 184 194 typedef struct cgraph_edge *cgraph_edge_p; ··· 265 293 symtab->call_edge_duplication_hooks(cs1, cs2); 266 294 } 267 295 268 - #if BUILDING_GCC_VERSION >= 6000 269 296 typedef gimple *gimple_ptr; 270 297 typedef const gimple *const_gimple_ptr; 271 298 #define gimple gimple_ptr 272 299 #define const_gimple const_gimple_ptr 273 300 #undef CONST_CAST_GIMPLE 274 301 #define CONST_CAST_GIMPLE(X) CONST_CAST(gimple, (X)) 275 - #endif 276 302 277 303 /* gimple related */ 278 304 static inline gimple gimple_build_assign_with_ops(enum tree_code subcode, tree lhs, tree op1, tree op2 MEM_STAT_DECL) ··· 370 400 referring_node->remove_stmt_references(stmt); 371 401 } 372 402 373 - #if BUILDING_GCC_VERSION < 6000 374 - #define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) \ 375 - get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning) 376 - #define gen_rtx_set(ARG0, ARG1) gen_rtx_SET(VOIDmode, (ARG0), (ARG1)) 377 - #endif 378 - 379 - #if BUILDING_GCC_VERSION >= 6000 380 403 #define gen_rtx_set(ARG0, ARG1) gen_rtx_SET((ARG0), (ARG1)) 381 - #endif 382 404 383 405 #ifdef __cplusplus 384 406 static inline void debug_tree(const_tree t) ··· 387 425 #define debug_gimple_stmt(s) debug_gimple_stmt(CONST_CAST_GIMPLE(s)) 388 426 #endif 389 427 390 - #if BUILDING_GCC_VERSION >= 7000 391 428 #define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) \ 392 429 get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep) 393 - #endif 394 - 395 - #if BUILDING_GCC_VERSION < 7000 396 - #define SET_DECL_ALIGN(decl, align) DECL_ALIGN(decl) = (align) 397 - #define SET_DECL_MODE(decl, mode) DECL_MODE(decl) = (mode) 398 - #endif 399 430 400 431 #if BUILDING_GCC_VERSION >= 14000 401 432 #define last_stmt(x) last_nondebug_stmt(x)
-134
scripts/gcc-plugins/sancov_plugin.c
··· 1 - /* 2 - * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com> 3 - * Licensed under the GPL v2, or (at your option) v3 4 - * 5 - * Homepage: 6 - * https://github.com/ephox-gcc-plugins/sancov 7 - * 8 - * This plugin inserts a __sanitizer_cov_trace_pc() call at the start of basic blocks. 9 - * It supports all gcc versions with plugin support (from gcc-4.5 on). 10 - * It is based on the commit "Add fuzzing coverage support" by Dmitry Vyukov <dvyukov@google.com>. 11 - * 12 - * You can read about it more here: 13 - * https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=231296 14 - * https://lwn.net/Articles/674854/ 15 - * https://github.com/google/syzkaller 16 - * https://lwn.net/Articles/677764/ 17 - * 18 - * Usage: 19 - * make run 20 - */ 21 - 22 - #include "gcc-common.h" 23 - 24 - __visible int plugin_is_GPL_compatible; 25 - 26 - tree sancov_fndecl; 27 - 28 - static struct plugin_info sancov_plugin_info = { 29 - .version = PLUGIN_VERSION, 30 - .help = "sancov plugin\n", 31 - }; 32 - 33 - static unsigned int sancov_execute(void) 34 - { 35 - basic_block bb; 36 - 37 - /* Remove this line when this plugin and kcov will be in the kernel. 38 - if (!strcmp(DECL_NAME_POINTER(current_function_decl), DECL_NAME_POINTER(sancov_fndecl))) 39 - return 0; 40 - */ 41 - 42 - FOR_EACH_BB_FN(bb, cfun) { 43 - const_gimple stmt; 44 - gcall *gcall; 45 - gimple_stmt_iterator gsi = gsi_after_labels(bb); 46 - 47 - if (gsi_end_p(gsi)) 48 - continue; 49 - 50 - stmt = gsi_stmt(gsi); 51 - gcall = as_a_gcall(gimple_build_call(sancov_fndecl, 0)); 52 - gimple_set_location(gcall, gimple_location(stmt)); 53 - gsi_insert_before(&gsi, gcall, GSI_SAME_STMT); 54 - } 55 - return 0; 56 - } 57 - 58 - #define PASS_NAME sancov 59 - 60 - #define NO_GATE 61 - #define TODO_FLAGS_FINISH TODO_dump_func | TODO_verify_stmts | TODO_update_ssa_no_phi | TODO_verify_flow 62 - 63 - #include "gcc-generate-gimple-pass.h" 64 - 65 - static void sancov_start_unit(void __unused *gcc_data, void __unused *user_data) 66 - { 67 - tree leaf_attr, nothrow_attr; 68 - tree BT_FN_VOID = build_function_type_list(void_type_node, NULL_TREE); 69 - 70 - sancov_fndecl = build_fn_decl("__sanitizer_cov_trace_pc", BT_FN_VOID); 71 - 72 - DECL_ASSEMBLER_NAME(sancov_fndecl); 73 - TREE_PUBLIC(sancov_fndecl) = 1; 74 - DECL_EXTERNAL(sancov_fndecl) = 1; 75 - DECL_ARTIFICIAL(sancov_fndecl) = 1; 76 - DECL_PRESERVE_P(sancov_fndecl) = 1; 77 - DECL_UNINLINABLE(sancov_fndecl) = 1; 78 - TREE_USED(sancov_fndecl) = 1; 79 - 80 - nothrow_attr = tree_cons(get_identifier("nothrow"), NULL, NULL); 81 - decl_attributes(&sancov_fndecl, nothrow_attr, 0); 82 - gcc_assert(TREE_NOTHROW(sancov_fndecl)); 83 - leaf_attr = tree_cons(get_identifier("leaf"), NULL, NULL); 84 - decl_attributes(&sancov_fndecl, leaf_attr, 0); 85 - } 86 - 87 - __visible int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) 88 - { 89 - int i; 90 - const char * const plugin_name = plugin_info->base_name; 91 - const int argc = plugin_info->argc; 92 - const struct plugin_argument * const argv = plugin_info->argv; 93 - bool enable = true; 94 - 95 - static const struct ggc_root_tab gt_ggc_r_gt_sancov[] = { 96 - { 97 - .base = &sancov_fndecl, 98 - .nelt = 1, 99 - .stride = sizeof(sancov_fndecl), 100 - .cb = &gt_ggc_mx_tree_node, 101 - .pchw = &gt_pch_nx_tree_node 102 - }, 103 - LAST_GGC_ROOT_TAB 104 - }; 105 - 106 - /* BBs can be split afterwards?? */ 107 - PASS_INFO(sancov, "asan", 0, PASS_POS_INSERT_BEFORE); 108 - 109 - if (!plugin_default_version_check(version, &gcc_version)) { 110 - error(G_("incompatible gcc/plugin versions")); 111 - return 1; 112 - } 113 - 114 - for (i = 0; i < argc; ++i) { 115 - if (!strcmp(argv[i].key, "no-sancov")) { 116 - enable = false; 117 - continue; 118 - } 119 - error(G_("unknown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); 120 - } 121 - 122 - register_callback(plugin_name, PLUGIN_INFO, NULL, &sancov_plugin_info); 123 - 124 - if (!enable) 125 - return 0; 126 - 127 - #if BUILDING_GCC_VERSION < 6000 128 - register_callback(plugin_name, PLUGIN_START_UNIT, &sancov_start_unit, NULL); 129 - register_callback(plugin_name, PLUGIN_REGISTER_GGC_ROOTS, NULL, (void *)&gt_ggc_r_gt_sancov); 130 - register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &sancov_pass_info); 131 - #endif 132 - 133 - return 0; 134 - }
-257
scripts/gcc-plugins/structleak_plugin.c
··· 1 - // SPDX-License-Identifier: GPL-2.0-only 2 - /* 3 - * Copyright 2013-2017 by PaX Team <pageexec@freemail.hu> 4 - * 5 - * Note: the choice of the license means that the compilation process is 6 - * NOT 'eligible' as defined by gcc's library exception to the GPL v3, 7 - * but for the kernel it doesn't matter since it doesn't link against 8 - * any of the gcc libraries 9 - * 10 - * gcc plugin to forcibly initialize certain local variables that could 11 - * otherwise leak kernel stack to userland if they aren't properly initialized 12 - * by later code 13 - * 14 - * Homepage: https://pax.grsecurity.net/ 15 - * 16 - * Options: 17 - * -fplugin-arg-structleak_plugin-disable 18 - * -fplugin-arg-structleak_plugin-verbose 19 - * -fplugin-arg-structleak_plugin-byref 20 - * -fplugin-arg-structleak_plugin-byref-all 21 - * 22 - * Usage: 23 - * $ # for 4.5/4.6/C based 4.7 24 - * $ gcc -I`gcc -print-file-name=plugin`/include -I`gcc -print-file-name=plugin`/include/c-family -fPIC -shared -O2 -o structleak_plugin.so structleak_plugin.c 25 - * $ # for C++ based 4.7/4.8+ 26 - * $ g++ -I`g++ -print-file-name=plugin`/include -I`g++ -print-file-name=plugin`/include/c-family -fPIC -shared -O2 -o structleak_plugin.so structleak_plugin.c 27 - * $ gcc -fplugin=./structleak_plugin.so test.c -O2 28 - * 29 - * TODO: eliminate redundant initializers 30 - */ 31 - 32 - #include "gcc-common.h" 33 - 34 - /* unused C type flag in all versions 4.5-6 */ 35 - #define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_5(TYPE) 36 - 37 - __visible int plugin_is_GPL_compatible; 38 - 39 - static struct plugin_info structleak_plugin_info = { 40 - .version = PLUGIN_VERSION, 41 - .help = "disable\tdo not activate plugin\n" 42 - "byref\tinit structs passed by reference\n" 43 - "byref-all\tinit anything passed by reference\n" 44 - "verbose\tprint all initialized variables\n", 45 - }; 46 - 47 - #define BYREF_STRUCT 1 48 - #define BYREF_ALL 2 49 - 50 - static bool verbose; 51 - static int byref; 52 - 53 - static tree handle_user_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs) 54 - { 55 - *no_add_attrs = true; 56 - 57 - /* check for types? for now accept everything linux has to offer */ 58 - if (TREE_CODE(*node) != FIELD_DECL) 59 - return NULL_TREE; 60 - 61 - *no_add_attrs = false; 62 - return NULL_TREE; 63 - } 64 - 65 - static struct attribute_spec user_attr = { }; 66 - 67 - static void register_attributes(void *event_data, void *data) 68 - { 69 - user_attr.name = "user"; 70 - user_attr.handler = handle_user_attribute; 71 - user_attr.affects_type_identity = true; 72 - 73 - register_attribute(&user_attr); 74 - } 75 - 76 - static tree get_field_type(tree field) 77 - { 78 - return strip_array_types(TREE_TYPE(field)); 79 - } 80 - 81 - static bool is_userspace_type(tree type) 82 - { 83 - tree field; 84 - 85 - for (field = TYPE_FIELDS(type); field; field = TREE_CHAIN(field)) { 86 - tree fieldtype = get_field_type(field); 87 - enum tree_code code = TREE_CODE(fieldtype); 88 - 89 - if (code == RECORD_TYPE || code == UNION_TYPE) 90 - if (is_userspace_type(fieldtype)) 91 - return true; 92 - 93 - if (lookup_attribute("user", DECL_ATTRIBUTES(field))) 94 - return true; 95 - } 96 - return false; 97 - } 98 - 99 - static void finish_type(void *event_data, void *data) 100 - { 101 - tree type = (tree)event_data; 102 - 103 - if (type == NULL_TREE || type == error_mark_node) 104 - return; 105 - 106 - if (TREE_CODE(type) == ENUMERAL_TYPE) 107 - return; 108 - 109 - if (TYPE_USERSPACE(type)) 110 - return; 111 - 112 - if (is_userspace_type(type)) 113 - TYPE_USERSPACE(type) = 1; 114 - } 115 - 116 - static void initialize(tree var) 117 - { 118 - basic_block bb; 119 - gimple_stmt_iterator gsi; 120 - tree initializer; 121 - gimple init_stmt; 122 - tree type; 123 - 124 - /* this is the original entry bb before the forced split */ 125 - bb = single_succ(ENTRY_BLOCK_PTR_FOR_FN(cfun)); 126 - 127 - /* first check if variable is already initialized, warn otherwise */ 128 - for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { 129 - gimple stmt = gsi_stmt(gsi); 130 - tree rhs1; 131 - 132 - /* we're looking for an assignment of a single rhs... */ 133 - if (!gimple_assign_single_p(stmt)) 134 - continue; 135 - rhs1 = gimple_assign_rhs1(stmt); 136 - /* ... of a non-clobbering expression... */ 137 - if (TREE_CLOBBER_P(rhs1)) 138 - continue; 139 - /* ... to our variable... */ 140 - if (gimple_get_lhs(stmt) != var) 141 - continue; 142 - /* if it's an initializer then we're good */ 143 - if (TREE_CODE(rhs1) == CONSTRUCTOR) 144 - return; 145 - } 146 - 147 - /* these aren't the 0days you're looking for */ 148 - if (verbose) 149 - inform(DECL_SOURCE_LOCATION(var), 150 - "%s variable will be forcibly initialized", 151 - (byref && TREE_ADDRESSABLE(var)) ? "byref" 152 - : "userspace"); 153 - 154 - /* build the initializer expression */ 155 - type = TREE_TYPE(var); 156 - if (AGGREGATE_TYPE_P(type)) 157 - initializer = build_constructor(type, NULL); 158 - else 159 - initializer = fold_convert(type, integer_zero_node); 160 - 161 - /* build the initializer stmt */ 162 - init_stmt = gimple_build_assign(var, initializer); 163 - gsi = gsi_after_labels(single_succ(ENTRY_BLOCK_PTR_FOR_FN(cfun))); 164 - gsi_insert_before(&gsi, init_stmt, GSI_NEW_STMT); 165 - update_stmt(init_stmt); 166 - } 167 - 168 - static unsigned int structleak_execute(void) 169 - { 170 - basic_block bb; 171 - tree var; 172 - unsigned int i; 173 - 174 - /* split the first bb where we can put the forced initializers */ 175 - gcc_assert(single_succ_p(ENTRY_BLOCK_PTR_FOR_FN(cfun))); 176 - bb = single_succ(ENTRY_BLOCK_PTR_FOR_FN(cfun)); 177 - if (!single_pred_p(bb)) { 178 - split_edge(single_succ_edge(ENTRY_BLOCK_PTR_FOR_FN(cfun))); 179 - gcc_assert(single_succ_p(ENTRY_BLOCK_PTR_FOR_FN(cfun))); 180 - } 181 - 182 - /* enumerate all local variables and forcibly initialize our targets */ 183 - FOR_EACH_LOCAL_DECL(cfun, i, var) { 184 - tree type = TREE_TYPE(var); 185 - 186 - gcc_assert(DECL_P(var)); 187 - if (!auto_var_in_fn_p(var, current_function_decl)) 188 - continue; 189 - 190 - /* only care about structure types unless byref-all */ 191 - if (byref != BYREF_ALL && TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE) 192 - continue; 193 - 194 - /* if the type is of interest, examine the variable */ 195 - if (TYPE_USERSPACE(type) || 196 - (byref && TREE_ADDRESSABLE(var))) 197 - initialize(var); 198 - } 199 - 200 - return 0; 201 - } 202 - 203 - #define PASS_NAME structleak 204 - #define NO_GATE 205 - #define PROPERTIES_REQUIRED PROP_cfg 206 - #define TODO_FLAGS_FINISH TODO_verify_il | TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa | TODO_ggc_collect | TODO_verify_flow 207 - #include "gcc-generate-gimple-pass.h" 208 - 209 - __visible int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) 210 - { 211 - int i; 212 - const char * const plugin_name = plugin_info->base_name; 213 - const int argc = plugin_info->argc; 214 - const struct plugin_argument * const argv = plugin_info->argv; 215 - bool enable = true; 216 - 217 - PASS_INFO(structleak, "early_optimizations", 1, PASS_POS_INSERT_BEFORE); 218 - 219 - if (!plugin_default_version_check(version, &gcc_version)) { 220 - error(G_("incompatible gcc/plugin versions")); 221 - return 1; 222 - } 223 - 224 - if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) { 225 - inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name); 226 - enable = false; 227 - } 228 - 229 - for (i = 0; i < argc; ++i) { 230 - if (!strcmp(argv[i].key, "disable")) { 231 - enable = false; 232 - continue; 233 - } 234 - if (!strcmp(argv[i].key, "verbose")) { 235 - verbose = true; 236 - continue; 237 - } 238 - if (!strcmp(argv[i].key, "byref")) { 239 - byref = BYREF_STRUCT; 240 - continue; 241 - } 242 - if (!strcmp(argv[i].key, "byref-all")) { 243 - byref = BYREF_ALL; 244 - continue; 245 - } 246 - error(G_("unknown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); 247 - } 248 - 249 - register_callback(plugin_name, PLUGIN_INFO, NULL, &structleak_plugin_info); 250 - if (enable) { 251 - register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &structleak_pass_info); 252 - register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL); 253 - } 254 - register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL); 255 - 256 - return 0; 257 - }
+2 -4
scripts/min-tool-version.sh
··· 14 14 15 15 case "$1" in 16 16 binutils) 17 - echo 2.25.0 17 + echo 2.30.0 18 18 ;; 19 19 gcc) 20 20 if [ "$ARCH" = parisc64 ]; then 21 21 echo 12.0.0 22 - elif [ "$SRCARCH" = x86 ]; then 23 - echo 8.1.0 24 22 else 25 - echo 5.1.0 23 + echo 8.1.0 26 24 fi 27 25 ;; 28 26 llvm)
-76
security/Kconfig.hardening
··· 1 1 # SPDX-License-Identifier: GPL-2.0-only 2 2 menu "Kernel hardening options" 3 3 4 - config GCC_PLUGIN_STRUCTLEAK 5 - bool 6 - help 7 - While the kernel is built with warnings enabled for any missed 8 - stack variable initializations, this warning is silenced for 9 - anything passed by reference to another function, under the 10 - occasionally misguided assumption that the function will do 11 - the initialization. As this regularly leads to exploitable 12 - flaws, this plugin is available to identify and zero-initialize 13 - such variables, depending on the chosen level of coverage. 14 - 15 - This plugin was originally ported from grsecurity/PaX. More 16 - information at: 17 - * https://grsecurity.net/ 18 - * https://pax.grsecurity.net/ 19 - 20 4 menu "Memory initialization" 21 5 22 6 config CC_HAS_AUTO_VAR_INIT_PATTERN ··· 20 36 21 37 choice 22 38 prompt "Initialize kernel stack variables at function entry" 23 - default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS 24 39 default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN 25 40 default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO 26 41 default INIT_STACK_NONE ··· 42 59 This leaves the kernel vulnerable to the standard 43 60 classes of uninitialized stack variable exploits 44 61 and information exposures. 45 - 46 - config GCC_PLUGIN_STRUCTLEAK_USER 47 - bool "zero-init structs marked for userspace (weak)" 48 - # Plugin can be removed once the kernel only supports GCC 12+ 49 - depends on GCC_PLUGINS && !CC_HAS_AUTO_VAR_INIT_ZERO 50 - select GCC_PLUGIN_STRUCTLEAK 51 - help 52 - Zero-initialize any structures on the stack containing 53 - a __user attribute. This can prevent some classes of 54 - uninitialized stack variable exploits and information 55 - exposures, like CVE-2013-2141: 56 - https://git.kernel.org/linus/b9e146d8eb3b9eca 57 - 58 - config GCC_PLUGIN_STRUCTLEAK_BYREF 59 - bool "zero-init structs passed by reference (strong)" 60 - # Plugin can be removed once the kernel only supports GCC 12+ 61 - depends on GCC_PLUGINS && !CC_HAS_AUTO_VAR_INIT_ZERO 62 - depends on !(KASAN && KASAN_STACK) 63 - select GCC_PLUGIN_STRUCTLEAK 64 - help 65 - Zero-initialize any structures on the stack that may 66 - be passed by reference and had not already been 67 - explicitly initialized. This can prevent most classes 68 - of uninitialized stack variable exploits and information 69 - exposures, like CVE-2017-1000410: 70 - https://git.kernel.org/linus/06e7e776ca4d3654 71 - 72 - As a side-effect, this keeps a lot of variables on the 73 - stack that can otherwise be optimized out, so combining 74 - this with CONFIG_KASAN_STACK can lead to a stack overflow 75 - and is disallowed. 76 - 77 - config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL 78 - bool "zero-init everything passed by reference (very strong)" 79 - # Plugin can be removed once the kernel only supports GCC 12+ 80 - depends on GCC_PLUGINS && !CC_HAS_AUTO_VAR_INIT_ZERO 81 - depends on !(KASAN && KASAN_STACK) 82 - select GCC_PLUGIN_STRUCTLEAK 83 - help 84 - Zero-initialize any stack variables that may be passed 85 - by reference and had not already been explicitly 86 - initialized. This is intended to eliminate all classes 87 - of uninitialized stack variable exploits and information 88 - exposures. 89 - 90 - As a side-effect, this keeps a lot of variables on the 91 - stack that can otherwise be optimized out, so combining 92 - this with CONFIG_KASAN_STACK can lead to a stack overflow 93 - and is disallowed. 94 62 95 63 config INIT_STACK_ALL_PATTERN 96 64 bool "pattern-init everything (strongest)" ··· 81 147 initialization. 82 148 83 149 endchoice 84 - 85 - config GCC_PLUGIN_STRUCTLEAK_VERBOSE 86 - bool "Report forcefully initialized variables" 87 - depends on GCC_PLUGIN_STRUCTLEAK 88 - depends on !COMPILE_TEST # too noisy 89 - help 90 - This option will cause a warning to be printed each time the 91 - structleak plugin finds a variable it thinks needs to be 92 - initialized. Since not all existing initializers are detected 93 - by the plugin, this can produce false positive warnings. 94 150 95 151 config GCC_PLUGIN_STACKLEAK 96 152 bool "Poison kernel stack before returning from syscalls"