613f4b3ed7
To enable the new Clang randstruct implementation[1], move randstruct into its own Makefile and split the CFLAGS from GCC_PLUGINS_CFLAGS into RANDSTRUCT_CFLAGS. [1] https://reviews.llvm.org/D121556 Cc: linux-hardening@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220503205503.3054173-5-keescook@chromium.org
64 lines
2.6 KiB
Makefile
64 lines
2.6 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
|
|
gcc-plugin-$(CONFIG_GCC_PLUGIN_LATENT_ENTROPY) += latent_entropy_plugin.so
|
|
gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_LATENT_ENTROPY) \
|
|
+= -DLATENT_ENTROPY_PLUGIN
|
|
ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY
|
|
DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable
|
|
endif
|
|
export DISABLE_LATENT_ENTROPY_PLUGIN
|
|
|
|
gcc-plugin-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) += structleak_plugin.so
|
|
gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE) \
|
|
+= -fplugin-arg-structleak_plugin-verbose
|
|
gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF) \
|
|
+= -fplugin-arg-structleak_plugin-byref
|
|
gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL) \
|
|
+= -fplugin-arg-structleak_plugin-byref-all
|
|
ifdef CONFIG_GCC_PLUGIN_STRUCTLEAK
|
|
DISABLE_STRUCTLEAK_PLUGIN += -fplugin-arg-structleak_plugin-disable
|
|
endif
|
|
export DISABLE_STRUCTLEAK_PLUGIN
|
|
gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) \
|
|
+= -DSTRUCTLEAK_PLUGIN
|
|
|
|
gcc-plugin-$(CONFIG_GCC_PLUGIN_STACKLEAK) += stackleak_plugin.so
|
|
gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STACKLEAK) \
|
|
+= -DSTACKLEAK_PLUGIN
|
|
gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STACKLEAK) \
|
|
+= -fplugin-arg-stackleak_plugin-track-min-size=$(CONFIG_STACKLEAK_TRACK_MIN_SIZE)
|
|
gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STACKLEAK) \
|
|
+= -fplugin-arg-stackleak_plugin-arch=$(SRCARCH)
|
|
gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STACKLEAK_VERBOSE) \
|
|
+= -fplugin-arg-stackleak_plugin-verbose
|
|
ifdef CONFIG_GCC_PLUGIN_STACKLEAK
|
|
DISABLE_STACKLEAK_PLUGIN += -fplugin-arg-stackleak_plugin-disable
|
|
endif
|
|
export DISABLE_STACKLEAK_PLUGIN
|
|
|
|
gcc-plugin-$(CONFIG_GCC_PLUGIN_ARM_SSP_PER_TASK) += arm_ssp_per_task_plugin.so
|
|
ifdef CONFIG_GCC_PLUGIN_ARM_SSP_PER_TASK
|
|
DISABLE_ARM_SSP_PER_TASK_PLUGIN += -fplugin-arg-arm_ssp_per_task_plugin-disable
|
|
endif
|
|
export DISABLE_ARM_SSP_PER_TASK_PLUGIN
|
|
|
|
# All the plugin CFLAGS are collected here in case a build target needs to
|
|
# filter them out of the KBUILD_CFLAGS.
|
|
GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y))
|
|
export GCC_PLUGINS_CFLAGS
|
|
|
|
# Add the flags to the build!
|
|
KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
|
|
|
|
# Some plugins are enabled outside of this Makefile, but they still need to
|
|
# be included in GCC_PLUGIN so they can get built.
|
|
gcc-plugin-external-$(CONFIG_GCC_PLUGIN_SANCOV) \
|
|
+= sancov_plugin.so
|
|
gcc-plugin-external-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) \
|
|
+= randomize_layout_plugin.so
|
|
|
|
# All enabled GCC plugins are collected here for building in
|
|
# scripts/gcc-scripts/Makefile.
|
|
GCC_PLUGIN := $(gcc-plugin-y) $(gcc-plugin-external-y)
|
|
export GCC_PLUGIN
|