diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-11-01 17:09:03 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-11-01 17:09:03 -0700 |
| commit | f594e28d805aca2c6e158cc647f133cab58a8bb4 (patch) | |
| tree | bbc6044de5bc18185c0de5318fc0d2890f9a32d8 /Documentation | |
| parent | 01463374c50e4fe75abec927fa231f8f5d701852 (diff) | |
| parent | 6425392acf24b6d469932dd1b217dc7b20d6447f (diff) | |
| download | linux-f594e28d805aca2c6e158cc647f133cab58a8bb4.tar.bz2 | |
Merge tag 'hardening-v5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull compiler hardening updates from Kees Cook:
"These are various compiler-related hardening feature updates. Notable
is the addition of an explicit limited rationale for, and deprecation
schedule of, gcc-plugins.
gcc-plugins:
- remove support for GCC 4.9 and older (Ard Biesheuvel)
- remove duplicate include in gcc-common.h (Ye Guojin)
- Explicitly document purpose and deprecation schedule (Kees Cook)
- Remove cyc_complexity (Kees Cook)
instrumentation:
- Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO (Kees Cook)
Clang LTO:
- kallsyms: strip LTO suffixes from static functions (Nick Desaulniers)"
* tag 'hardening-v5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
gcc-plugins: remove duplicate include in gcc-common.h
gcc-plugins: Remove cyc_complexity
gcc-plugins: Explicitly document purpose and deprecation schedule
kallsyms: strip LTO suffixes from static functions
gcc-plugins: remove support for GCC 4.9 and older
hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/kbuild/gcc-plugins.rst | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/Documentation/kbuild/gcc-plugins.rst b/Documentation/kbuild/gcc-plugins.rst index 3349966f213d..0ba76719f1b9 100644 --- a/Documentation/kbuild/gcc-plugins.rst +++ b/Documentation/kbuild/gcc-plugins.rst @@ -32,6 +32,32 @@ This infrastructure was ported from grsecurity [6]_ and PaX [7]_. .. [7] https://pax.grsecurity.net/ +Purpose +======= + +GCC plugins are designed to provide a place to experiment with potential +compiler features that are neither in GCC nor Clang upstream. Once +their utility is proven, the goal is to upstream the feature into GCC +(and Clang), and then to finally remove them from the kernel once the +feature is available in all supported versions of GCC. + +Specifically, new plugins should implement only features that have no +upstream compiler support (in either GCC or Clang). + +When a feature exists in Clang but not GCC, effort should be made to +bring the feature to upstream GCC (rather than just as a kernel-specific +GCC plugin), so the entire ecosystem can benefit from it. + +Similarly, even if a feature provided by a GCC plugin does *not* exist +in Clang, but the feature is proven to be useful, effort should be spent +to upstream the feature to GCC (and Clang). + +After a feature is available in upstream GCC, the plugin will be made +unbuildable for the corresponding GCC version (and later). Once all +kernel-supported versions of GCC provide the feature, the plugin will +be removed from the kernel. + + Files ===== @@ -70,7 +96,6 @@ Enable the GCC plugin infrastructure and some plugin(s) you want to use in the kernel config:: CONFIG_GCC_PLUGINS=y - CONFIG_GCC_PLUGIN_CYC_COMPLEXITY=y CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y ... @@ -89,4 +114,3 @@ The GCC plugins are in scripts/gcc-plugins/. You need to put plugin source files right under scripts/gcc-plugins/. Creating subdirectories is not supported. It must be added to scripts/gcc-plugins/Makefile, scripts/Makefile.gcc-plugins and a relevant Kconfig file. -See the cyc_complexity_plugin.c (CONFIG_GCC_PLUGIN_CYC_COMPLEXITY) GCC plugin. |