diff --git a/Documentation/kbuild/gcc-plugins.rst b/Documentation/kbuild/gcc-plugins.rst index 3349966f213dcff110e855fcc42efbb638a9cae6..4b28c7a4032ffcff538a156ec130657e4fa1d676 100644 --- a/Documentation/kbuild/gcc-plugins.rst +++ b/Documentation/kbuild/gcc-plugins.rst @@ -32,6 +32,32 @@ This infrastructure was ported from grsecurity [6]_ and PaX [7]_. .. [7] https://pax.grsecurity.net/ +Purpose +======= + +GCC plugins are designed to provide a place to experiment with potential +compiler features that are neither in GCC nor Clang upstream. Once +their utility is proven, the goal is to upstream the feature into GCC +(and Clang), and then to finally remove them from the kernel once the +feature is available in all supported versions of GCC. + +Specifically, new plugins should implement only features that have no +upstream compiler support (in either GCC or Clang). + +When a feature exists in Clang but not GCC, effort should be made to +bring the feature to upstream GCC (rather than just as a kernel-specific +GCC plugin), so the entire ecosystem can benefit from it. + +Similarly, even if a feature provided by a GCC plugin does *not* exist +in Clang, but the feature is proven to be useful, effort should be spent +to upstream the feature to GCC (and Clang). + +After a feature is available in upstream GCC, the plugin will be made +unbuildable for the corresponding GCC version (and later). Once all +kernel-supported versions of GCC provide the feature, the plugin will +be removed from the kernel. + + Files ===== diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig index ab9eb4cbe33a661e8d98a0dbd7cddde15b53175d..7c7ba3b0d3cd60257c27ca95583957dfe1a914a1 100644 --- a/scripts/gcc-plugins/Kconfig +++ b/scripts/gcc-plugins/Kconfig @@ -37,6 +37,8 @@ config GCC_PLUGIN_CYC_COMPLEXITY config GCC_PLUGIN_SANCOV bool + # Plugin can be removed once the kernel only supports GCC 6+ + depends on !CC_HAS_SANCOV_TRACE_PC help This plugin inserts a __sanitizer_cov_trace_pc() call at the start of basic blocks. It supports all gcc versions with plugin support (from @@ -83,8 +85,6 @@ config GCC_PLUGIN_RANDSTRUCT the existing seed and will be removed by a make mrproper or make distclean. - Note that the implementation requires gcc 4.7 or newer. - This plugin was ported from grsecurity/PaX. More information at: * https://grsecurity.net/ * https://pax.grsecurity.net/ diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index ded17b8abce2d74cbb66ba8e90eb60adbb2c2f28..d051f8ceefddd1cc821d74860708112f8bfa28b3 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -56,7 +56,8 @@ choice config GCC_PLUGIN_STRUCTLEAK_USER bool "zero-init structs marked for userspace (weak)" - depends on GCC_PLUGINS + # Plugin can be removed once the kernel only supports GCC 12+ + depends on GCC_PLUGINS && !CC_HAS_AUTO_VAR_INIT_ZERO select GCC_PLUGIN_STRUCTLEAK help Zero-initialize any structures on the stack containing @@ -67,7 +68,8 @@ choice config GCC_PLUGIN_STRUCTLEAK_BYREF bool "zero-init structs passed by reference (strong)" - depends on GCC_PLUGINS + # Plugin can be removed once the kernel only supports GCC 12+ + depends on GCC_PLUGINS && !CC_HAS_AUTO_VAR_INIT_ZERO depends on !(KASAN && KASAN_STACK) select GCC_PLUGIN_STRUCTLEAK help @@ -85,7 +87,8 @@ choice config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL bool "zero-init everything passed by reference (very strong)" - depends on GCC_PLUGINS + # Plugin can be removed once the kernel only supports GCC 12+ + depends on GCC_PLUGINS && !CC_HAS_AUTO_VAR_INIT_ZERO depends on !(KASAN && KASAN_STACK) select GCC_PLUGIN_STRUCTLEAK help