From patchwork Thu Jul 5 06:24:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahiro Yamada X-Patchwork-Id: 141110 Delivered-To: patch@linaro.org Received: by 2002:a2e:9754:0:0:0:0:0 with SMTP id f20-v6csp1566331ljj; Wed, 4 Jul 2018 23:25:46 -0700 (PDT) X-Google-Smtp-Source: AAOMgpebd9+7IkOTTuSX7eaQtT3yjqp09ZRbDd3kaYvM+yoSuE6BmCVCgp75dlAv4l4MuOZq5eUi X-Received: by 2002:a62:e903:: with SMTP id j3-v6mr5050043pfh.228.1530771946305; Wed, 04 Jul 2018 23:25:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530771946; cv=none; d=google.com; s=arc-20160816; b=blgk0uVss2KC0EfDj7v1DiFV+4lCowjt5ZflcyH4a5VgkKncQZfqmXfgIsJo5MCsHi egqbG+Er5kxQBsr0xVkM1sQgpkxw/dd+lquaPh+azTGXeexQSaC7VQOzPlyB4zTT+DQ/ gwdkatJn55LjGSWUtjo+g62oB6E0YUdPH3Bh+DXlPbiKc0NNYthsUhZRLdcSNDUZUFsq 6XzkCmaTybzeVdlOZGuAKUZ1rmZk1p79BL5Ltwe1n2KH4nYbWEEKTCDCllzaAdTs4ZJy IyHO6M7eo+kWinTjOOV3E6LqpgtV5l21PM65gbL59SFUg3jIHs5Z/VFSsfiTuoRl2MzO wq1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:dkim-filter:arc-authentication-results; bh=5oI2ChnzEIDE2Osts7AAq/sWZxPAar60MPL9MBvHQW0=; b=DfBztASbWqzNh8m/OGsNUEXIeR4C9JczSigvIDMW1vSVU4wURxP1PXBnQjphepqmrp 8ZibiXmPNQSytaYoisfq7/sQspM3Se0gPuNmsRl5xdGqtKzRPL7353fXf3boy3uXIHT8 wpYHYvw1lNNmqGL7OfjHRjj+KPBq/eMKaxszs51BA5UPiVgDhJfU+UjD5bbmOXOrUyI1 Fo5A/ffUrqzdC85wrhk8PwX/Nh2TtySUR66frGHdpjK58fkmI7UP4+91cJaU6GSeyco+ aRZz9cYgyFCmhDosF2iY6Br6eJJ0+9DuKah5+iTkC/Dg9NlWZL6mPEUAjPMAGGoagJ3j Qe8w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b="s/qOYdWH"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m15-v6si1928616pls.439.2018.07.04.23.25.46; Wed, 04 Jul 2018 23:25:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b="s/qOYdWH"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753322AbeGEGZo (ORCPT + 31 others); Thu, 5 Jul 2018 02:25:44 -0400 Received: from conuserg-07.nifty.com ([210.131.2.74]:45880 "EHLO conuserg-07.nifty.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750884AbeGEGZm (ORCPT ); Thu, 5 Jul 2018 02:25:42 -0400 Received: from pug.e01.socionext.com (p14092-ipngnfx01kyoto.kyoto.ocn.ne.jp [153.142.97.92]) (authenticated) by conuserg-07.nifty.com with ESMTP id w656ONnq010824; Thu, 5 Jul 2018 15:24:24 +0900 DKIM-Filter: OpenDKIM Filter v2.10.3 conuserg-07.nifty.com w656ONnq010824 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com; s=dec2015msa; t=1530771865; bh=5oI2ChnzEIDE2Osts7AAq/sWZxPAar60MPL9MBvHQW0=; h=From:To:Cc:Subject:Date:From; b=s/qOYdWHTHGUFQzwpJsy+Kvw96fz8wN+ackqrbOhnmcWIxARjYj/S/rmWBXD8fOpA p6oxAfEHOhgoO3lbRUoFzzglbwpzDpNMKQeSgh8FyNj+LqAd1jR5S9JJLWnKdtjqE9 FHN+cDgAYV+wysCGkv/KXZWWLNDbT0X2nAL1qdtR6vk2CDKfHTeXscRkR55k8P32+h pKLrsI1WSA15LiZsSBp05v8BvHLXEsWCWvGeZpZrB9+7AkcWWbh/vw8bIrxJr5OERn jclt9sddNqWW2lqphpYLGj0AUus/SWIohHGeItPAVjglWCzhwNELeojh1Hp/X63cWd 3CLhnYJ4MHuiQ== X-Nifty-SrcIP: [153.142.97.92] From: Masahiro Yamada To: Kees Cook , Emese Revfy , kernel-hardening@lists.openwall.com Cc: Masahiro Yamada , Arnd Bergmann , Alexei Starovoitov , Deepa Dinamani , linux-kernel@vger.kernel.org, Nicholas Piggin , Josef Bacik , Andrew Morton Subject: [PATCH] gcc-plugins: split out Kconfig entries to scripts/gcc-plugins/Kconfig Date: Thu, 5 Jul 2018 15:24:12 +0900 Message-Id: <1530771852-21998-1-git-send-email-yamada.masahiro@socionext.com> X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Collect relevant code into the scripts/gcc-plugins directory. Signed-off-by: Masahiro Yamada --- arch/Kconfig | 146 +------------------------------------------- scripts/gcc-plugins/Kconfig | 141 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 143 insertions(+), 144 deletions(-) create mode 100644 scripts/gcc-plugins/Kconfig -- 2.7.4 diff --git a/arch/Kconfig b/arch/Kconfig index 1aa5906..b6d1787 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -405,150 +405,6 @@ config SECCOMP_FILTER See Documentation/userspace-api/seccomp_filter.rst for details. -preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC)) - -config PLUGIN_HOSTCC - string - default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" - help - Host compiler used to build GCC plugins. This can be $(HOSTCXX), - $(HOSTCC), or a null string if GCC plugin is unsupported. - -config HAVE_GCC_PLUGINS - bool - help - An arch should select this symbol if it supports building with - GCC plugins. - -menuconfig GCC_PLUGINS - bool "GCC plugins" - depends on HAVE_GCC_PLUGINS - depends on PLUGIN_HOSTCC != "" - help - GCC plugins are loadable modules that provide extra features to the - compiler. They are useful for runtime instrumentation and static analysis. - - See Documentation/gcc-plugins.txt for details. - -config GCC_PLUGIN_CYC_COMPLEXITY - bool "Compute the cyclomatic complexity of a function" if EXPERT - depends on GCC_PLUGINS - depends on !COMPILE_TEST # too noisy - help - The complexity M of a function's control flow graph is defined as: - M = E - N + 2P - where - - E = the number of edges - N = the number of nodes - P = the number of connected components (exit nodes). - - Enabling this plugin reports the complexity to stderr during the - build. It mainly serves as a simple example of how to create a - gcc plugin for the kernel. - -config GCC_PLUGIN_SANCOV - bool - depends on GCC_PLUGINS - help - This plugin inserts a __sanitizer_cov_trace_pc() call at the start of - basic blocks. It supports all gcc versions with plugin support (from - gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" - by Dmitry Vyukov . - -config GCC_PLUGIN_LATENT_ENTROPY - bool "Generate some entropy during boot and runtime" - depends on GCC_PLUGINS - help - By saying Y here the kernel will instrument some kernel code to - extract some entropy from both original and artificially created - program state. This will help especially embedded systems where - there is little 'natural' source of entropy normally. The cost - is some slowdown of the boot process (about 0.5%) and fork and - irq processing. - - Note that entropy extracted this way is not cryptographically - secure! - - This plugin was ported from grsecurity/PaX. More information at: - * https://grsecurity.net/ - * https://pax.grsecurity.net/ - -config GCC_PLUGIN_STRUCTLEAK - bool "Force initialization of variables containing userspace addresses" - depends on GCC_PLUGINS - # Currently STRUCTLEAK inserts initialization out of live scope of - # variables from KASAN point of view. This leads to KASAN false - # positive reports. Prohibit this combination for now. - depends on !KASAN_EXTRA - help - This plugin zero-initializes any structures containing a - __user attribute. This can prevent some classes of information - exposures. - - This plugin was ported from grsecurity/PaX. More information at: - * https://grsecurity.net/ - * https://pax.grsecurity.net/ - -config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL - bool "Force initialize all struct type variables passed by reference" - depends on GCC_PLUGIN_STRUCTLEAK - depends on !COMPILE_TEST - help - Zero initialize any struct type local variable that may be passed by - reference without having been initialized. - -config GCC_PLUGIN_STRUCTLEAK_VERBOSE - bool "Report forcefully initialized variables" - depends on GCC_PLUGIN_STRUCTLEAK - depends on !COMPILE_TEST # too noisy - help - This option will cause a warning to be printed each time the - structleak plugin finds a variable it thinks needs to be - initialized. Since not all existing initializers are detected - by the plugin, this can produce false positive warnings. - -config GCC_PLUGIN_RANDSTRUCT - bool "Randomize layout of sensitive kernel structures" - depends on GCC_PLUGINS - select MODVERSIONS if MODULES - help - If you say Y here, the layouts of structures that are entirely - function pointers (and have not been manually annotated with - __no_randomize_layout), or structures that have been explicitly - marked with __randomize_layout, will be randomized at compile-time. - This can introduce the requirement of an additional information - exposure vulnerability for exploits targeting these structure - types. - - Enabling this feature will introduce some performance impact, - slightly increase memory usage, and prevent the use of forensic - tools like Volatility against the system (unless the kernel - source tree isn't cleaned after kernel installation). - - The seed used for compilation is located at - scripts/gcc-plgins/randomize_layout_seed.h. It remains after - a make clean to allow for external modules to be compiled with - the existing seed and will be removed by a make mrproper or - make distclean. - - Note that the implementation requires gcc 4.7 or newer. - - This plugin was ported from grsecurity/PaX. More information at: - * https://grsecurity.net/ - * https://pax.grsecurity.net/ - -config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE - bool "Use cacheline-aware structure randomization" - depends on GCC_PLUGIN_RANDSTRUCT - depends on !COMPILE_TEST # do not reduce test coverage - help - If you say Y here, the RANDSTRUCT randomization will make a - best effort at restricting randomization to cacheline-sized - groups of elements. It will further not randomize bitfields - in structures. This reduces the performance hit of RANDSTRUCT - at the cost of weakened randomization. - config HAVE_STACKPROTECTOR bool help @@ -972,3 +828,5 @@ config REFCOUNT_FULL security flaw exploits. source "kernel/gcov/Kconfig" + +source "scripts/gcc-plugins/Kconfig" diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig new file mode 100644 index 0000000..5a5a747 --- /dev/null +++ b/scripts/gcc-plugins/Kconfig @@ -0,0 +1,141 @@ +preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC)) + +config PLUGIN_HOSTCC + string + default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" + help + Host compiler used to build GCC plugins. This can be $(HOSTCXX), + $(HOSTCC), or a null string if GCC plugin is unsupported. + +config HAVE_GCC_PLUGINS + bool + help + An arch should select this symbol if it supports building with + GCC plugins. + +menuconfig GCC_PLUGINS + bool "GCC plugins" + depends on HAVE_GCC_PLUGINS + depends on PLUGIN_HOSTCC != "" + help + GCC plugins are loadable modules that provide extra features to the + compiler. They are useful for runtime instrumentation and static analysis. + + See Documentation/gcc-plugins.txt for details. + +if GCC_PLUGINS + +config GCC_PLUGIN_CYC_COMPLEXITY + bool "Compute the cyclomatic complexity of a function" if EXPERT + depends on !COMPILE_TEST # too noisy + help + The complexity M of a function's control flow graph is defined as: + M = E - N + 2P + where + + E = the number of edges + N = the number of nodes + P = the number of connected components (exit nodes). + + Enabling this plugin reports the complexity to stderr during the + build. It mainly serves as a simple example of how to create a + gcc plugin for the kernel. + +config GCC_PLUGIN_SANCOV + bool + help + This plugin inserts a __sanitizer_cov_trace_pc() call at the start of + basic blocks. It supports all gcc versions with plugin support (from + gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" + by Dmitry Vyukov . + +config GCC_PLUGIN_LATENT_ENTROPY + bool "Generate some entropy during boot and runtime" + help + By saying Y here the kernel will instrument some kernel code to + extract some entropy from both original and artificially created + program state. This will help especially embedded systems where + there is little 'natural' source of entropy normally. The cost + is some slowdown of the boot process (about 0.5%) and fork and + irq processing. + + Note that entropy extracted this way is not cryptographically + secure! + + This plugin was ported from grsecurity/PaX. More information at: + * https://grsecurity.net/ + * https://pax.grsecurity.net/ + +config GCC_PLUGIN_STRUCTLEAK + bool "Force initialization of variables containing userspace addresses" + # Currently STRUCTLEAK inserts initialization out of live scope of + # variables from KASAN point of view. This leads to KASAN false + # positive reports. Prohibit this combination for now. + depends on !KASAN_EXTRA + help + This plugin zero-initializes any structures containing a + __user attribute. This can prevent some classes of information + exposures. + + This plugin was ported from grsecurity/PaX. More information at: + * https://grsecurity.net/ + * https://pax.grsecurity.net/ + +config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL + bool "Force initialize all struct type variables passed by reference" + depends on GCC_PLUGIN_STRUCTLEAK + depends on !COMPILE_TEST + help + Zero initialize any struct type local variable that may be passed by + reference without having been initialized. + +config GCC_PLUGIN_STRUCTLEAK_VERBOSE + bool "Report forcefully initialized variables" + depends on GCC_PLUGIN_STRUCTLEAK + depends on !COMPILE_TEST # too noisy + help + This option will cause a warning to be printed each time the + structleak plugin finds a variable it thinks needs to be + initialized. Since not all existing initializers are detected + by the plugin, this can produce false positive warnings. + +config GCC_PLUGIN_RANDSTRUCT + bool "Randomize layout of sensitive kernel structures" + select MODVERSIONS if MODULES + help + If you say Y here, the layouts of structures that are entirely + function pointers (and have not been manually annotated with + __no_randomize_layout), or structures that have been explicitly + marked with __randomize_layout, will be randomized at compile-time. + This can introduce the requirement of an additional information + exposure vulnerability for exploits targeting these structure + types. + + Enabling this feature will introduce some performance impact, + slightly increase memory usage, and prevent the use of forensic + tools like Volatility against the system (unless the kernel + source tree isn't cleaned after kernel installation). + + The seed used for compilation is located at + scripts/gcc-plgins/randomize_layout_seed.h. It remains after + a make clean to allow for external modules to be compiled with + the existing seed and will be removed by a make mrproper or + make distclean. + + Note that the implementation requires gcc 4.7 or newer. + + This plugin was ported from grsecurity/PaX. More information at: + * https://grsecurity.net/ + * https://pax.grsecurity.net/ + +config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE + bool "Use cacheline-aware structure randomization" + depends on !COMPILE_TEST # do not reduce test coverage + help + If you say Y here, the RANDSTRUCT randomization will make a + best effort at restricting randomization to cacheline-sized + groups of elements. It will further not randomize bitfields + in structures. This reduces the performance hit of RANDSTRUCT + at the cost of weakened randomization. + +endif