diff options
31 files changed, 25 insertions, 677 deletions
diff --git a/Documentation/admin-guide/README.rst b/Documentation/admin-guide/README.rst index 70b02f30013a..05301f03b717 100644 --- a/Documentation/admin-guide/README.rst +++ b/Documentation/admin-guide/README.rst @@ -259,7 +259,7 @@ Configuring the kernel Compiling the kernel -------------------- - - Make sure you have at least gcc 5.1 available. + - Make sure you have at least gcc 8.1 available. For more information, refer to :ref:`Documentation/process/changes.rst <changes>`. - Do a ``make`` to create a compressed kernel image. It is also possible to do diff --git a/Documentation/kbuild/makefiles.rst b/Documentation/kbuild/makefiles.rst index 3b9a8bc671e2..38cc656fac20 100644 --- a/Documentation/kbuild/makefiles.rst +++ b/Documentation/kbuild/makefiles.rst @@ -625,10 +625,10 @@ gcc-min-version Example:: - cflags-$(call gcc-min-version, 70100) := -foo + cflags-$(call gcc-min-version, 110100) := -foo In this example, cflags-y will be assigned the value -foo if $(CC) is gcc and - $(CONFIG_GCC_VERSION) is >= 7.1. + $(CONFIG_GCC_VERSION) is >= 11.1. clang-min-version clang-min-version tests if the value of $(CONFIG_CLANG_VERSION) is greater diff --git a/Documentation/process/changes.rst b/Documentation/process/changes.rst index d564362773b5..b14bd5b7cbc9 100644 --- a/Documentation/process/changes.rst +++ b/Documentation/process/changes.rst @@ -29,13 +29,13 @@ you probably needn't concern yourself with pcmciautils. ====================== =============== ======================================== Program Minimal version Command to check the version ====================== =============== ======================================== -GNU C 5.1 gcc --version +GNU C 8.1 gcc --version Clang/LLVM (optional) 13.0.1 clang --version Rust (optional) 1.78.0 rustc --version bindgen (optional) 0.65.1 bindgen --version GNU make 4.0 make --version bash 4.2 bash --version -binutils 2.25 ld -v +binutils 2.30 ld -v flex 2.5.35 flex --version bison 2.0 bison --version pahole 1.16 pahole --version @@ -116,7 +116,7 @@ Bash 4.2 or newer is needed. Binutils -------- -Binutils 2.25 or newer is needed to build the kernel. +Binutils 2.30 or newer is needed to build the kernel. pkg-config ---------- diff --git a/Documentation/translations/it_IT/process/changes.rst b/Documentation/translations/it_IT/process/changes.rst index c7d05e2fff15..77db13c4022b 100644 --- a/Documentation/translations/it_IT/process/changes.rst +++ b/Documentation/translations/it_IT/process/changes.rst @@ -32,13 +32,13 @@ PC Card, per esempio, probabilmente non dovreste preoccuparvi di pcmciautils. ====================== ================= ======================================== Programma Versione minima Comando per verificare la versione ====================== ================= ======================================== -GNU C 5.1 gcc --version +GNU C 8.1 gcc --version Clang/LLVM (optional) 13.0.0 clang --version Rust (opzionale) 1.78.0 rustc --version bindgen (opzionale) 0.65.1 bindgen --version GNU make 4.0 make --version bash 4.2 bash --version -binutils 2.25 ld -v +binutils 2.30 ld -v flex 2.5.35 flex --version bison 2.0 bison --version pahole 1.16 pahole --version @@ -118,7 +118,7 @@ Questo richiede bash 4.2 o successivo. Binutils -------- -Per generare il kernel è necessario avere Binutils 2.25 o superiore. +Per generare il kernel è necessario avere Binutils 2.30 o superiore. pkg-config ---------- diff --git a/Documentation/translations/zh_CN/admin-guide/README.rst b/Documentation/translations/zh_CN/admin-guide/README.rst index 1bdafdc4c8e2..82e628b77efd 100644 --- a/Documentation/translations/zh_CN/admin-guide/README.rst +++ b/Documentation/translations/zh_CN/admin-guide/README.rst @@ -224,7 +224,7 @@ Linux内核6.x版本 <http://kernel.org/> 编译内核 --------- - - 确保您至少有gcc 5.1可用。 + - 确保您至少有gcc 8.1可用。 有关更多信息,请参阅 :ref:`Documentation/process/changes.rst <changes>` 。 - 执行 ``make`` 来创建压缩内核映像。如果您安装了lilo以适配内核makefile, diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index c314eb429b9f..bcc1773fec77 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -659,9 +659,6 @@ config ARM64_ERRATUM_843419 If unsure, say Y. -config ARM64_LD_HAS_FIX_ERRATUM_843419 - def_bool $(ld-option,--fix-cortex-a53-843419) - config ARM64_ERRATUM_1024718 bool "Cortex-A55: 1024718: Update of DBM/AP bits without break before make might result in incorrect update" default y @@ -1907,13 +1904,9 @@ config ARM64_PAN The feature is detected at runtime, and will remain as a 'nop' instruction if the cpu does not implement the feature. -config AS_HAS_LSE_ATOMICS - def_bool $(as-instr,.arch_extension lse) - config ARM64_LSE_ATOMICS bool default ARM64_USE_LSE_ATOMICS - depends on AS_HAS_LSE_ATOMICS config ARM64_USE_LSE_ATOMICS bool "Atomic instructions" @@ -1925,20 +1918,12 @@ config ARM64_USE_LSE_ATOMICS Say Y here to make use of these instructions for the in-kernel atomic routines. This incurs a small overhead on CPUs that do - not support these instructions and requires the kernel to be - built with binutils >= 2.25 in order for the new instructions - to be used. + not support these instructions. endmenu # "ARMv8.1 architectural features" menu "ARMv8.2 architectural features" -config AS_HAS_ARMV8_2 - def_bool $(cc-option,-Wa$(comma)-march=armv8.2-a) - -config AS_HAS_SHA3 - def_bool $(as-instr,.arch armv8.2-a+sha3) - config ARM64_PMEM bool "Enable support for persistent memory" select ARCH_HAS_PMEM_API @@ -2012,7 +1997,6 @@ config ARM64_PTR_AUTH_KERNEL bool "Use pointer authentication for kernel" default y depends on ARM64_PTR_AUTH - depends on (CC_HAS_SIGN_RETURN_ADDRESS || CC_HAS_BRANCH_PROT_PAC_RET) && AS_HAS_ARMV8_3 # Modern compilers insert a .note.gnu.property section note for PAC # which is only understood by binutils starting with version 2.33.1. depends on LD_IS_LLD || LD_VERSION >= 23301 || (CC_IS_GCC && GCC_VERSION < 90100) @@ -2033,19 +2017,10 @@ config CC_HAS_BRANCH_PROT_PAC_RET # GCC 9 or later, clang 8 or later def_bool $(cc-option,-mbranch-protection=pac-ret+leaf) -config CC_HAS_SIGN_RETURN_ADDRESS - # GCC 7, 8 - def_bool $(cc-option,-msign-return-address=all) - -config AS_HAS_ARMV8_3 - def_bool $(cc-option,-Wa$(comma)-march=armv8.3-a) - config AS_HAS_CFI_NEGATE_RA_STATE + # binutils 2.34+ def_bool $(as-instr,.cfi_startproc\n.cfi_negate_ra_state\n.cfi_endproc\n) -config AS_HAS_LDAPR - def_bool $(as-instr,.arch_extension rcpc) - endmenu # "ARMv8.3 architectural features" menu "ARMv8.4 architectural features" @@ -2073,20 +2048,13 @@ config ARM64_AMU_EXTN correctly reflect reality. Most commonly, the value read will be 0, indicating that the counter is not enabled. -config AS_HAS_ARMV8_4 - def_bool $(cc-option,-Wa$(comma)-march=armv8.4-a) - config ARM64_TLB_RANGE bool "Enable support for tlbi range feature" default y - depends on AS_HAS_ARMV8_4 help ARMv8.4-TLBI provides TLBI invalidation instruction that apply to a range of input addresses. - The feature introduces new assembly instructions, and they were - support when binutils >= 2.30. - endmenu # "ARMv8.4 architectural features" menu "ARMv8.5 architectural features" @@ -2162,7 +2130,6 @@ config ARM64_MTE default y depends on ARM64_AS_HAS_MTE && ARM64_TAGGED_ADDR_ABI depends on AS_HAS_ARMV8_5 - depends on AS_HAS_LSE_ATOMICS # Required for tag checking in the uaccess routines select ARM64_PAN select ARCH_HAS_SUBPAGE_FAULTS diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile index 1d5dfcd1c13e..73a10f65ce8b 100644 --- a/arch/arm64/Makefile +++ b/arch/arm64/Makefile @@ -16,14 +16,11 @@ ifeq ($(CONFIG_RELOCATABLE), y) # Pass --no-apply-dynamic-relocs to restore pre-binutils-2.27 behaviour # for relative relocs, since this leads to better Image compression # with the relocation offsets always being zero. -LDFLAGS_vmlinux += -shared -Bsymbolic -z notext \ - $(call ld-option, --no-apply-dynamic-relocs) +LDFLAGS_vmlinux += -shared -Bsymbolic -z notext --no-apply-dynamic-relocs endif ifeq ($(CONFIG_ARM64_ERRATUM_843419),y) - ifeq ($(CONFIG_ARM64_LD_HAS_FIX_ERRATUM_843419),y) LDFLAGS_vmlinux += --fix-cortex-a53-843419 - endif endif cc_has_k_constraint := $(call try-run,echo \ @@ -105,12 +102,8 @@ endif # hardware. ifeq ($(CONFIG_AS_HAS_ARMV8_5), y) asm-arch := armv8.5-a -else ifeq ($(CONFIG_AS_HAS_ARMV8_4), y) +else asm-arch := armv8.4-a -else ifeq ($(CONFIG_AS_HAS_ARMV8_3), y) - asm-arch := armv8.3-a -else ifeq ($(CONFIG_AS_HAS_ARMV8_2), y) - asm-arch := armv8.2-a endif ifdef asm-arch @@ -201,16 +194,6 @@ install zinstall: archprepare: $(Q)$(MAKE) $(build)=arch/arm64/tools kapi -ifeq ($(CONFIG_ARM64_ERRATUM_843419),y) - ifneq ($(CONFIG_ARM64_LD_HAS_FIX_ERRATUM_843419),y) - @echo "warning: ld does not support --fix-cortex-a53-843419; kernel may be susceptible to erratum" >&2 - endif -endif -ifeq ($(CONFIG_ARM64_USE_LSE_ATOMICS),y) - ifneq ($(CONFIG_ARM64_LSE_ATOMICS),y) - @echo "warning: LSE atomics not supported by binutils" >&2 - endif -endif ifeq ($(KBUILD_EXTMOD),) # We need to generate vdso-offsets.h before compiling certain files in kernel/. diff --git a/arch/arm64/include/asm/rwonce.h b/arch/arm64/include/asm/rwonce.h index 56f7b1d4d54b..97d9256d33c9 100644 --- a/arch/arm64/include/asm/rwonce.h +++ b/arch/arm64/include/asm/rwonce.h @@ -12,16 +12,12 @@ #ifndef BUILD_VDSO -#ifdef CONFIG_AS_HAS_LDAPR #define __LOAD_RCPC(sfx, regs...) \ ALTERNATIVE( \ "ldar" #sfx "\t" #regs, \ ".arch_extension rcpc\n" \ "ldapr" #sfx "\t" #regs, \ ARM64_HAS_LDAPR) -#else -#define __LOAD_RCPC(sfx, regs...) "ldar" #sfx "\t" #regs -#endif /* CONFIG_AS_HAS_LDAPR */ /* * When building with LTO, there is an increased risk of the compiler diff --git a/arch/arm64/kvm/Kconfig b/arch/arm64/kvm/Kconfig index 096e45acadb2..713248f240e0 100644 --- a/arch/arm64/kvm/Kconfig +++ b/arch/arm64/kvm/Kconfig @@ -19,7 +19,6 @@ if VIRTUALIZATION menuconfig KVM bool "Kernel-based Virtual Machine (KVM) support" - depends on AS_HAS_ARMV8_4 select KVM_COMMON select KVM_GENERIC_HARDWARE_ENABLING select KVM_GENERIC_MMU_NOTIFIER diff --git a/arch/arm64/lib/xor-neon.c b/arch/arm64/lib/xor-neon.c index f9a53b7f9842..8fffebfa17b2 100644 --- a/arch/arm64/lib/xor-neon.c +++ b/arch/arm64/lib/xor-neon.c @@ -319,7 +319,7 @@ static void xor_arm64_eor3_5(unsigned long bytes, static int __init xor_neon_init(void) { - if (IS_ENABLED(CONFIG_AS_HAS_SHA3) && cpu_have_named_feature(SHA3)) { + if (cpu_have_named_feature(SHA3)) { xor_block_inner_neon.do_3 = xor_arm64_eor3_3; xor_block_inner_neon.do_4 = xor_arm64_eor3_4; xor_block_inner_neon.do_5 = xor_arm64_eor3_5; diff --git a/arch/um/Makefile b/arch/um/Makefile index 9ed792e565c9..7be0143b5ba3 100644 --- a/arch/um/Makefile +++ b/arch/um/Makefile @@ -118,9 +118,7 @@ archprepare: $(Q)$(MAKE) $(build)=$(HOST_DIR)/um include/generated/user_constants.h LINK-$(CONFIG_LD_SCRIPT_STATIC) += -static -ifdef CONFIG_LD_SCRIPT_DYN -LINK-$(call gcc-min-version, 60100)$(CONFIG_CC_IS_CLANG) += -no-pie -endif +LINK-$(CONFIG_LD_SCRIPT_DYN) += -no-pie LINK-$(CONFIG_LD_SCRIPT_DYN_RPATH) += -Wl,-rpath,/lib CFLAGS_NO_HARDENING := $(call cc-option, -fno-PIC,) $(call cc-option, -fno-pic,) \ diff --git a/drivers/gpu/drm/panel/panel-tpo-td028ttec1.c b/drivers/gpu/drm/panel/panel-tpo-td028ttec1.c index 4dbf8b88f264..11d460d2ea19 100644 --- a/drivers/gpu/drm/panel/panel-tpo-td028ttec1.c +++ b/drivers/gpu/drm/panel/panel-tpo-td028ttec1.c @@ -86,11 +86,7 @@ struct td028ttec1_panel { #define to_td028ttec1_device(p) container_of(p, struct td028ttec1_panel, panel) -/* - * noinline_for_stack so we don't get multiple copies of tx_buf - * on the stack in case of gcc-plugin-structleak - */ -static int noinline_for_stack +static int jbt_ret_write_0(struct td028ttec1_panel *lcd, u8 reg, int *err) { struct spi_device *spi = lcd->spi; diff --git a/include/linux/unroll.h b/include/linux/unroll.h index 863fb69f6a7e..186b71de740f 100644 --- a/include/linux/unroll.h +++ b/include/linux/unroll.h @@ -11,10 +11,8 @@ #ifdef CONFIG_CC_IS_CLANG #define __pick_unrolled(x, y) _Pragma(#x) -#elif CONFIG_GCC_VERSION >= 80000 -#define __pick_unrolled(x, y) _Pragma(#y) #else -#define __pick_unrolled(x, y) /* not supported */ +#define __pick_unrolled(x, y) _Pragma(#y) #endif /** diff --git a/kernel/gcov/gcc_4_7.c b/kernel/gcov/gcc_4_7.c index fd75b4a484d7..a08cc076f332 100644 --- a/kernel/gcov/gcc_4_7.c +++ b/kernel/gcov/gcc_4_7.c @@ -22,10 +22,6 @@ #define GCOV_COUNTERS 9 #elif (__GNUC__ >= 10) #define GCOV_COUNTERS 8 -#elif (__GNUC__ >= 7) -#define GCOV_COUNTERS 9 -#elif (__GNUC__ > 5) || (__GNUC__ == 5 && __GNUC_MINOR__ >= 1) -#define GCOV_COUNTERS 10 #else #define GCOV_COUNTERS 9 #endif diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 6479cec900c7..87517564e698 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2153,18 +2153,12 @@ config ARCH_HAS_KCOV build and run with CONFIG_KCOV. This typically requires disabling instrumentation for some early boot code. -config CC_HAS_SANCOV_TRACE_PC - def_bool $(cc-option,-fsanitize-coverage=trace-pc) - - config KCOV bool "Code coverage for fuzzing" depends on ARCH_HAS_KCOV - depends on CC_HAS_SANCOV_TRACE_PC || GCC_PLUGINS depends on !ARCH_WANTS_NO_INSTR || HAVE_NOINSTR_HACK || \ GCC_VERSION >= 120000 || CC_IS_CLANG select DEBUG_FS - select GCC_PLUGIN_SANCOV if !CC_HAS_SANCOV_TRACE_PC select OBJTOOL if HAVE_NOINSTR_HACK help KCOV exposes kernel code coverage information in a form suitable @@ -2878,9 +2872,7 @@ config STACKINIT_KUNIT_TEST help Test if the kernel is zero-initializing stack variables and padding. Coverage is controlled by compiler flags, - CONFIG_INIT_STACK_ALL_PATTERN, CONFIG_INIT_STACK_ALL_ZERO, - CONFIG_GCC_PLUGIN_STRUCTLEAK, CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF, - or CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL. + CONFIG_INIT_STACK_ALL_PATTERN or CONFIG_INIT_STACK_ALL_ZERO. config FORTIFY_KUNIT_TEST tristate "Test fortified str*() and mem*() function internals at runtime" if !KUNIT_ALL_TESTS diff --git a/lib/raid6/algos.c b/lib/raid6/algos.c index cd2e88ee1f14..dfd3f800ac9b 100644 --- a/lib/raid6/algos.c +++ b/lib/raid6/algos.c @@ -28,10 +28,8 @@ EXPORT_SYMBOL_GPL(raid6_call); const struct raid6_calls * const raid6_algos[] = { #if defined(__i386__) && !defined(__arch_um__) -#ifdef CONFIG_AS_AVX512 &raid6_avx512x2, &raid6_avx512x1, -#endif &raid6_avx2x2, &raid6_avx2x1, &raid6_sse2x2, @@ -42,11 +40,9 @@ const struct raid6_calls * const raid6_algos[] = { &raid6_mmxx1, #endif #if defined(__x86_64__) && !defined(__arch_um__) -#ifdef CONFIG_AS_AVX512 &raid6_avx512x4, &raid6_avx512x2, &raid6_avx512x1, -#endif &raid6_avx2x4, &raid6_avx2x2, &raid6_avx2x1, @@ -96,9 +92,7 @@ EXPORT_SYMBOL_GPL(raid6_datap_recov); const struct raid6_recov_calls *const raid6_recov_algos[] = { #ifdef CONFIG_X86 -#ifdef CONFIG_AS_AVX512 &raid6_recov_avx512, -#endif &raid6_recov_avx2, &raid6_recov_ssse3, #endif diff --git a/lib/raid6/avx512.c b/lib/raid6/avx512.c index 9c3e822e1adf..009bd0adeebf 100644 --- a/lib/raid6/avx512.c +++ b/lib/raid6/avx512.c @@ -17,8 +17,6 @@ * */ -#ifdef CONFIG_AS_AVX512 - #include <linux/raid/pq.h> #include "x86.h" @@ -560,5 +558,3 @@ const struct raid6_calls raid6_avx512x4 = { .priority = 2 /* Prefer AVX512 over priority 1 (SSE2 and others) */ }; #endif - -#endif /* CONFIG_AS_AVX512 */ diff --git a/lib/raid6/recov_avx512.c b/lib/raid6/recov_avx512.c index fd9e15bf3f30..310c715db313 100644 --- a/lib/raid6/recov_avx512.c +++ b/lib/raid6/recov_avx512.c @@ -6,8 +6,6 @@ * Author: Megha Dey <megha.dey@linux.intel.com> */ -#ifdef CONFIG_AS_AVX512 - #include <linux/raid/pq.h> #include "x86.h" @@ -377,7 +375,3 @@ const struct raid6_recov_calls raid6_recov_avx512 = { #endif .priority = 3, }; - -#else -#warning "your version of binutils lacks AVX512 support" -#endif diff --git a/lib/raid6/test/Makefile b/lib/raid6/test/Makefile index 2abe0076a636..8f2dd2210ba8 100644 --- a/lib/raid6/test/Makefile +++ b/lib/raid6/test/Makefile @@ -54,9 +54,6 @@ endif ifeq ($(IS_X86),yes) OBJS += mmx.o sse1.o sse2.o avx2.o recov_ssse3.o recov_avx2.o avx512.o recov_avx512.o CFLAGS += -DCONFIG_X86 - CFLAGS += $(shell echo "vpmovm2b %k1, %zmm5" | \ - gcc -c -x assembler - >/dev/null 2>&1 && \ - rm ./-.o && echo -DCONFIG_AS_AVX512=1) else ifeq ($(HAS_NEON),yes) OBJS += neon.o neon1.o neon2.o neon4.o neon8.o recov_neon.o recov_neon_inner.o CFLAGS += -DCONFIG_KERNEL_MODE_NEON=1 diff --git a/lib/test_fortify/Makefile b/lib/test_fortify/Makefile index 1c3f82ad8bb2..399cae880e1d 100644 --- a/lib/test_fortify/Makefile +++ b/lib/test_fortify/Makefile @@ -18,10 +18,7 @@ quiet_cmd_gen_fortify_log = CAT $@ $(obj)/test_fortify.log: $(addprefix $(obj)/, $(logs)) FORCE $(call if_changed,gen_fortify_log) -# GCC<=7 does not always produce *.d files. -# Run the tests only for GCC>=8 or Clang. -always-$(call gcc-min-version, 80000) += test_fortify.log -always-$(CONFIG_CC_IS_CLANG) += test_fortify.log +always-y += test_fortify.log # Some architectures define __NO_FORTIFY if __SANITIZE_ADDRESS__ is undefined. # Pass CFLAGS_KASAN to avoid warnings. diff --git a/lib/tests/stackinit_kunit.c b/lib/tests/stackinit_kunit.c index 63aa78e6f5c1..ff2784769772 100644 --- a/lib/tests/stackinit_kunit.c +++ b/lib/tests/stackinit_kunit.c @@ -1,7 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-or-later /* * Test cases for compiler-based stack variable zeroing via - * -ftrivial-auto-var-init={zero,pattern} or CONFIG_GCC_PLUGIN_STRUCTLEAK*. + * -ftrivial-auto-var-init={zero,pattern}. * For example, see: * "Running tests with kunit_tool" at Documentation/dev-tools/kunit/start.rst * ./tools/testing/kunit/kunit.py run stackinit [--raw_output] \ @@ -376,14 +376,6 @@ union test_small_end { # define USER_PASS XFAIL # define BYREF_PASS XFAIL # define STRONG_PASS XFAIL -#elif defined(CONFIG_GCC_PLUGIN_STRUCTLEAK_USER) -# define USER_PASS WANT_SUCCESS -# define BYREF_PASS XFAIL -# define STRONG_PASS XFAIL -#elif defined(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF) -# define USER_PASS WANT_SUCCESS -# define BYREF_PASS WANT_SUCCESS -# define STRONG_PASS XFAIL #else # define USER_PASS WANT_SUCCESS # define BYREF_PASS WANT_SUCCESS diff --git a/mm/mm_init.c b/mm/mm_init.c index eedce9321e13..7cbe52851d67 100644 --- a/mm/mm_init.c +++ b/mm/mm_init.c @@ -2667,12 +2667,6 @@ static void __init report_meminit(void) stack = "all(pattern)"; else if (IS_ENABLED(CONFIG_INIT_STACK_ALL_ZERO)) stack = "all(zero)"; - else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL)) - stack = "byref_all(zero)"; - else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF)) - stack = "byref(zero)"; - else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_USER)) - stack = "__user(zero)"; else stack = "off"; diff --git a/scripts/Makefile.compiler b/scripts/Makefile.compiler index 65cfa72e376b..ef91910de265 100644 --- a/scripts/Makefile.compiler +++ b/scripts/Makefile.compiler @@ -60,7 +60,7 @@ cc-option-yn = $(if $(call cc-option,$1),y,n) cc-disable-warning = $(call cc-option,-Wno-$(strip $1)) # gcc-min-version -# Usage: cflags-$(call gcc-min-version, 70100) += -foo +# Usage: cflags-$(call gcc-min-version, 110100) += -foo gcc-min-version = $(call test-ge, $(CONFIG_GCC_VERSION), $1) # clang-min-version diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins index e50dc931be49..435ab3f0ec44 100644 --- a/scripts/Makefile.gcc-plugins +++ b/scripts/Makefile.gcc-plugins @@ -8,20 +8,6 @@ ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY endif export DISABLE_LATENT_ENTROPY_PLUGIN -gcc-plugin-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) += structleak_plugin.so -gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE) \ - += -fplugin-arg-structleak_plugin-verbose -gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF) \ - += -fplugin-arg-structleak_plugin-byref -gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL) \ - += -fplugin-arg-structleak_plugin-byref-all -ifdef CONFIG_GCC_PLUGIN_STRUCTLEAK - DISABLE_STRUCTLEAK_PLUGIN += -fplugin-arg-structleak_plugin-disable -endif -export DISABLE_STRUCTLEAK_PLUGIN -gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) \ - += -DSTRUCTLEAK_PLUGIN - gcc-plugin-$(CONFIG_GCC_PLUGIN_STACKLEAK) += stackleak_plugin.so gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STACKLEAK) \ += -DSTACKLEAK_PLUGIN @@ -46,8 +32,6 @@ KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) # Some plugins are enabled outside of this Makefile, but they still need to # be included in GCC_PLUGIN so they can get built. -gcc-plugin-external-$(CONFIG_GCC_PLUGIN_SANCOV) \ - += sancov_plugin.so gcc-plugin-external-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) \ += randomize_layout_plugin.so diff --git a/scripts/Makefile.kcov b/scripts/Makefile.kcov index 67e8cfe3474b..01616472f43e 100644 --- a/scripts/Makefile.kcov +++ b/scripts/Makefile.kcov @@ -1,6 +1,5 @@ # SPDX-License-Identifier: GPL-2.0-only -kcov-flags-$(CONFIG_CC_HAS_SANCOV_TRACE_PC) += -fsanitize-coverage=trace-pc +kcov-flags-y += -fsanitize-coverage=trace-pc kcov-flags-$(CONFIG_KCOV_ENABLE_COMPARISONS) += -fsanitize-coverage=trace-cmp -kcov-flags-$(CONFIG_GCC_PLUGIN_SANCOV) += -fplugin=$(objtree)/scripts/gcc-plugins/sancov_plugin.so export CFLAGS_KCOV := $(kcov-flags-y) diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig index 231f4a20d617..6b34ba19358d 100644 --- a/scripts/gcc-plugins/Kconfig +++ b/scripts/gcc-plugins/Kconfig @@ -19,16 +19,6 @@ menuconfig GCC_PLUGINS if GCC_PLUGINS -config GCC_PLUGIN_SANCOV - bool - # Plugin can be removed once the kernel only supports GCC 6+ - depends on !CC_HAS_SANCOV_TRACE_PC - help - This plugin inserts a __sanitizer_cov_trace_pc() call at the start of - basic blocks. It supports all gcc versions with plugin support (from - gcc-4.5 on). It is based on the commit "Add fuzzing coverage support" - by Dmitry Vyukov <dvyukov@google.com>. - config GCC_PLUGIN_LATENT_ENTROPY bool "Generate some entropy during boot and runtime" help diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h index 3222c1070444..3fdaf1c4b258 100644 --- a/scripts/gcc-plugins/gcc-common.h +++ b/scripts/gcc-plugins/gcc-common.h @@ -3,11 +3,7 @@ #define GCC_COMMON_H_INCLUDED #include "bversion.h" -#if BUILDING_GCC_VERSION >= 6000 #include "gcc-plugin.h" -#else -#include "plugin.h" -#endif #include "plugin-version.h" #include "config.h" #include "system.h" @@ -39,9 +35,7 @@ #include "hash-map.h" -#if BUILDING_GCC_VERSION >= 7000 #include "memmodel.h" -#endif #include "emit-rtl.h" #include "debug.h" #include "target.h" @@ -74,9 +68,7 @@ #include "context.h" #include "tree-ssa-alias.h" #include "tree-ssa.h" -#if BUILDING_GCC_VERSION >= 7000 #include "tree-vrp.h" -#endif #include "tree-ssanames.h" #include "print-tree.h" #include "tree-eh.h" @@ -149,16 +141,6 @@ static inline opt_pass *get_pass_for_id(int id) return g->get_passes()->get_pass_for_id(id); } -#if BUILDING_GCC_VERSION < 6000 -/* gimple related */ -template <> -template <> -inline bool is_a_helper<const gassign *>::test(const_gimple gs) -{ - return gs->code == GIMPLE_ASSIGN; -} -#endif - #define TODO_verify_ssa TODO_verify_il #define TODO_verify_flow TODO_verify_il #define TODO_verify_stmts TODO_verify_il @@ -181,7 +163,6 @@ static inline const char *get_decl_section_name(const_tree decl) #define varpool_get_node(decl) varpool_node::get(decl) #define dump_varpool_node(file, node) (node)->dump(file) -#if BUILDING_GCC_VERSION >= 8000 #define cgraph_create_edge(caller, callee, call_stmt, count, freq) \ (caller)->create_edge((callee), (call_stmt), (count)) @@ -189,15 +170,6 @@ static inline const char *get_decl_section_name(const_tree decl) old_call_stmt, call_stmt, count, freq, reason) \ (caller)->create_edge_including_clones((callee), \ (old_call_stmt), (call_stmt), (count), (reason)) -#else -#define cgraph_create_edge(caller, callee, call_stmt, count, freq) \ - (caller)->create_edge((callee), (call_stmt), (count), (freq)) - -#define cgraph_create_edge_including_clones(caller, callee, \ - old_call_stmt, call_stmt, count, freq, reason) \ - (caller)->create_edge_including_clones((callee), \ - (old_call_stmt), (call_stmt), (count), (freq), (reason)) -#endif typedef struct cgraph_node *cgraph_node_ptr; typedef struct cgraph_edge *cgraph_edge_p; @@ -293,14 +265,12 @@ static inline void cgraph_call_edge_duplication_hooks(cgraph_edge *cs1, cgraph_e symtab->call_edge_duplication_hooks(cs1, cs2); } -#if BUILDING_GCC_VERSION >= 6000 typedef gimple *gimple_ptr; typedef const gimple *const_gimple_ptr; #define gimple gimple_ptr #define const_gimple const_gimple_ptr #undef CONST_CAST_GIMPLE #define CONST_CAST_GIMPLE(X) CONST_CAST(gimple, (X)) -#endif /* gimple related */ static inline gimple gimple_build_assign_with_ops(enum tree_code subcode, tree lhs, tree op1, tree op2 MEM_STAT_DECL) @@ -400,15 +370,7 @@ static inline void ipa_remove_stmt_references(symtab_node *referring_node, gimpl referring_node->remove_stmt_references(stmt); } -#if BUILDING_GCC_VERSION < 6000 -#define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) \ - get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, pvolatilep, keep_aligning) -#define gen_rtx_set(ARG0, ARG1) gen_rtx_SET(VOIDmode, (ARG0), (ARG1)) -#endif - -#if BUILDING_GCC_VERSION >= 6000 #define gen_rtx_set(ARG0, ARG1) gen_rtx_SET((ARG0), (ARG1)) -#endif #ifdef __cplusplus static inline void debug_tree(const_tree t) @@ -425,15 +387,8 @@ static inline void debug_gimple_stmt(const_gimple s) #define debug_gimple_stmt(s) debug_gimple_stmt(CONST_CAST_GIMPLE(s)) #endif -#if BUILDING_GCC_VERSION >= 7000 #define get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep, keep_aligning) \ get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep) -#endif - -#if BUILDING_GCC_VERSION < 7000 -#define SET_DECL_ALIGN(decl, align) DECL_ALIGN(decl) = (align) -#define SET_DECL_MODE(decl, mode) DECL_MODE(decl) = (mode) -#endif #if BUILDING_GCC_VERSION >= 14000 #define last_stmt(x) last_nondebug_stmt(x) diff --git a/scripts/gcc-plugins/sancov_plugin.c b/scripts/gcc-plugins/sancov_plugin.c deleted file mode 100644 index b76cb9c42cec..000000000000 --- a/scripts/gcc-plugins/sancov_plugin.c +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com> - * Licensed under the GPL v2, or (at your option) v3 - * - * Homepage: - * https://github.com/ephox-gcc-plugins/sancov - * - * This plugin inserts a __sanitizer_cov_trace_pc() call at the start of basic blocks. - * It supports all gcc versions with plugin support (from gcc-4.5 on). - * It is based on the commit "Add fuzzing coverage support" by Dmitry Vyukov <dvyukov@google.com>. - * - * You can read about it more here: - * https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=231296 - * https://lwn.net/Articles/674854/ - * https://github.com/google/syzkaller - * https://lwn.net/Articles/677764/ - * - * Usage: - * make run - */ - -#include "gcc-common.h" - -__visible int plugin_is_GPL_compatible; - -tree sancov_fndecl; - -static struct plugin_info sancov_plugin_info = { - .version = PLUGIN_VERSION, - .help = "sancov plugin\n", -}; - -static unsigned int sancov_execute(void) -{ - basic_block bb; - - /* Remove this line when this plugin and kcov will be in the kernel. - if (!strcmp(DECL_NAME_POINTER(current_function_decl), DECL_NAME_POINTER(sancov_fndecl))) - return 0; - */ - - FOR_EACH_BB_FN(bb, cfun) { - const_gimple stmt; - gcall *gcall; - gimple_stmt_iterator gsi = gsi_after_labels(bb); - - if (gsi_end_p(gsi)) - continue; - - stmt = gsi_stmt(gsi); - gcall = as_a_gcall(gimple_build_call(sancov_fndecl, 0)); - gimple_set_location(gcall, gimple_location(stmt)); - gsi_insert_before(&gsi, gcall, GSI_SAME_STMT); - } - return 0; -} - -#define PASS_NAME sancov - -#define NO_GATE -#define TODO_FLAGS_FINISH TODO_dump_func | TODO_verify_stmts | TODO_update_ssa_no_phi | TODO_verify_flow - -#include "gcc-generate-gimple-pass.h" - -static void sancov_start_unit(void __unused *gcc_data, void __unused *user_data) -{ - tree leaf_attr, nothrow_attr; - tree BT_FN_VOID = build_function_type_list(void_type_node, NULL_TREE); - - sancov_fndecl = build_fn_decl("__sanitizer_cov_trace_pc", BT_FN_VOID); - - DECL_ASSEMBLER_NAME(sancov_fndecl); - TREE_PUBLIC(sancov_fndecl) = 1; - DECL_EXTERNAL(sancov_fndecl) = 1; - DECL_ARTIFICIAL(sancov_fndecl) = 1; - DECL_PRESERVE_P(sancov_fndecl) = 1; - DECL_UNINLINABLE(sancov_fndecl) = 1; - TREE_USED(sancov_fndecl) = 1; - - nothrow_attr = tree_cons(get_identifier("nothrow"), NULL, NULL); - decl_attributes(&sancov_fndecl, nothrow_attr, 0); - gcc_assert(TREE_NOTHROW(sancov_fndecl)); - leaf_attr = tree_cons(get_identifier("leaf"), NULL, NULL); - decl_attributes(&sancov_fndecl, leaf_attr, 0); -} - -__visible int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) -{ - int i; - const char * const plugin_name = plugin_info->base_name; - const int argc = plugin_info->argc; - const struct plugin_argument * const argv = plugin_info->argv; - bool enable = true; - - static const struct ggc_root_tab gt_ggc_r_gt_sancov[] = { - { - .base = &sancov_fndecl, - .nelt = 1, - .stride = sizeof(sancov_fndecl), - .cb = >_ggc_mx_tree_node, - .pchw = >_pch_nx_tree_node - }, - LAST_GGC_ROOT_TAB - }; - - /* BBs can be split afterwards?? */ - PASS_INFO(sancov, "asan", 0, PASS_POS_INSERT_BEFORE); - - if (!plugin_default_version_check(version, &gcc_version)) { - error(G_("incompatible gcc/plugin versions")); - return 1; - } - - for (i = 0; i < argc; ++i) { - if (!strcmp(argv[i].key, "no-sancov")) { - enable = false; - continue; - } - error(G_("unknown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); - } - - register_callback(plugin_name, PLUGIN_INFO, NULL, &sancov_plugin_info); - - if (!enable) - return 0; - -#if BUILDING_GCC_VERSION < 6000 - register_callback(plugin_name, PLUGIN_START_UNIT, &sancov_start_unit, NULL); - register_callback(plugin_name, PLUGIN_REGISTER_GGC_ROOTS, NULL, (void *)>_ggc_r_gt_sancov); - register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &sancov_pass_info); -#endif - - return 0; -} diff --git a/scripts/gcc-plugins/structleak_plugin.c b/scripts/gcc-plugins/structleak_plugin.c deleted file mode 100644 index d8c744233832..000000000000 --- a/scripts/gcc-plugins/structleak_plugin.c +++ /dev/null @@ -1,257 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0-only -/* - * Copyright 2013-2017 by PaX Team <pageexec@freemail.hu> - * - * Note: the choice of the license means that the compilation process is - * NOT 'eligible' as defined by gcc's library exception to the GPL v3, - * but for the kernel it doesn't matter since it doesn't link against - * any of the gcc libraries - * - * gcc plugin to forcibly initialize certain local variables that could - * otherwise leak kernel stack to userland if they aren't properly initialized - * by later code - * - * Homepage: https://pax.grsecurity.net/ - * - * Options: - * -fplugin-arg-structleak_plugin-disable - * -fplugin-arg-structleak_plugin-verbose - * -fplugin-arg-structleak_plugin-byref - * -fplugin-arg-structleak_plugin-byref-all - * - * Usage: - * $ # for 4.5/4.6/C based 4.7 - * $ gcc -I`gcc -print-file-name=plugin`/include -I`gcc -print-file-name=plugin`/include/c-family -fPIC -shared -O2 -o structleak_plugin.so structleak_plugin.c - * $ # for C++ based 4.7/4.8+ - * $ g++ -I`g++ -print-file-name=plugin`/include -I`g++ -print-file-name=plugin`/include/c-family -fPIC -shared -O2 -o structleak_plugin.so structleak_plugin.c - * $ gcc -fplugin=./structleak_plugin.so test.c -O2 - * - * TODO: eliminate redundant initializers - */ - -#include "gcc-common.h" - -/* unused C type flag in all versions 4.5-6 */ -#define TYPE_USERSPACE(TYPE) TYPE_LANG_FLAG_5(TYPE) - -__visible int plugin_is_GPL_compatible; - -static struct plugin_info structleak_plugin_info = { - .version = PLUGIN_VERSION, - .help = "disable\tdo not activate plugin\n" - "byref\tinit structs passed by reference\n" - "byref-all\tinit anything passed by reference\n" - "verbose\tprint all initialized variables\n", -}; - -#define BYREF_STRUCT 1 -#define BYREF_ALL 2 - -static bool verbose; -static int byref; - -static tree handle_user_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs) -{ - *no_add_attrs = true; - - /* check for types? for now accept everything linux has to offer */ - if (TREE_CODE(*node) != FIELD_DECL) - return NULL_TREE; - - *no_add_attrs = false; - return NULL_TREE; -} - -static struct attribute_spec user_attr = { }; - -static void register_attributes(void *event_data, void *data) -{ - user_attr.name = "user"; - user_attr.handler = handle_user_attribute; - user_attr.affects_type_identity = true; - - register_attribute(&user_attr); -} - -static tree get_field_type(tree field) -{ - return strip_array_types(TREE_TYPE(field)); -} - -static bool is_userspace_type(tree type) -{ - tree field; - - for (field = TYPE_FIELDS(type); field; field = TREE_CHAIN(field)) { - tree fieldtype = get_field_type(field); - enum tree_code code = TREE_CODE(fieldtype); - - if (code == RECORD_TYPE || code == UNION_TYPE) - if (is_userspace_type(fieldtype)) - return true; - - if (lookup_attribute("user", DECL_ATTRIBUTES(field))) - return true; - } - return false; -} - -static void finish_type(void *event_data, void *data) -{ - tree type = (tree)event_data; - - if (type == NULL_TREE || type == error_mark_node) - return; - - if (TREE_CODE(type) == ENUMERAL_TYPE) - return; - - if (TYPE_USERSPACE(type)) - return; - - if (is_userspace_type(type)) - TYPE_USERSPACE(type) = 1; -} - -static void initialize(tree var) -{ - basic_block bb; - gimple_stmt_iterator gsi; - tree initializer; - gimple init_stmt; - tree type; - - /* this is the original entry bb before the forced split */ - bb = single_succ(ENTRY_BLOCK_PTR_FOR_FN(cfun)); - - /* first check if variable is already initialized, warn otherwise */ - for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { - gimple stmt = gsi_stmt(gsi); - tree rhs1; - - /* we're looking for an assignment of a single rhs... */ - if (!gimple_assign_single_p(stmt)) - continue; - rhs1 = gimple_assign_rhs1(stmt); - /* ... of a non-clobbering expression... */ - if (TREE_CLOBBER_P(rhs1)) - continue; - /* ... to our variable... */ - if (gimple_get_lhs(stmt) != var) - continue; - /* if it's an initializer then we're good */ - if (TREE_CODE(rhs1) == CONSTRUCTOR) - return; - } - - /* these aren't the 0days you're looking for */ - if (verbose) - inform(DECL_SOURCE_LOCATION(var), - "%s variable will be forcibly initialized", - (byref && TREE_ADDRESSABLE(var)) ? "byref" - : "userspace"); - - /* build the initializer expression */ - type = TREE_TYPE(var); - if (AGGREGATE_TYPE_P(type)) - initializer = build_constructor(type, NULL); - else - initializer = fold_convert(type, integer_zero_node); - - /* build the initializer stmt */ - init_stmt = gimple_build_assign(var, initializer); - gsi = gsi_after_labels(single_succ(ENTRY_BLOCK_PTR_FOR_FN(cfun))); - gsi_insert_before(&gsi, init_stmt, GSI_NEW_STMT); - update_stmt(init_stmt); -} - -static unsigned int structleak_execute(void) -{ - basic_block bb; - tree var; - unsigned int i; - - /* split the first bb where we can put the forced initializers */ - gcc_assert(single_succ_p(ENTRY_BLOCK_PTR_FOR_FN(cfun))); - bb = single_succ(ENTRY_BLOCK_PTR_FOR_FN(cfun)); - if (!single_pred_p(bb)) { - split_edge(single_succ_edge(ENTRY_BLOCK_PTR_FOR_FN(cfun))); - gcc_assert(single_succ_p(ENTRY_BLOCK_PTR_FOR_FN(cfun))); - } - - /* enumerate all local variables and forcibly initialize our targets */ - FOR_EACH_LOCAL_DECL(cfun, i, var) { - tree type = TREE_TYPE(var); - - gcc_assert(DECL_P(var)); - if (!auto_var_in_fn_p(var, current_function_decl)) - continue; - - /* only care about structure types unless byref-all */ - if (byref != BYREF_ALL && TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE) - continue; - - /* if the type is of interest, examine the variable */ - if (TYPE_USERSPACE(type) || - (byref && TREE_ADDRESSABLE(var))) - initialize(var); - } - - return 0; -} - -#define PASS_NAME structleak -#define NO_GATE -#define PROPERTIES_REQUIRED PROP_cfg -#define TODO_FLAGS_FINISH TODO_verify_il | TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa | TODO_ggc_collect | TODO_verify_flow -#include "gcc-generate-gimple-pass.h" - -__visible int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) -{ - int i; - const char * const plugin_name = plugin_info->base_name; - const int argc = plugin_info->argc; - const struct plugin_argument * const argv = plugin_info->argv; - bool enable = true; - - PASS_INFO(structleak, "early_optimizations", 1, PASS_POS_INSERT_BEFORE); - - if (!plugin_default_version_check(version, &gcc_version)) { - error(G_("incompatible gcc/plugin versions")); - return 1; - } - - if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) { - inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name); - enable = false; - } - - for (i = 0; i < argc; ++i) { - if (!strcmp(argv[i].key, "disable")) { - enable = false; - continue; - } - if (!strcmp(argv[i].key, "verbose")) { - verbose = true; - continue; - } - if (!strcmp(argv[i].key, "byref")) { - byref = BYREF_STRUCT; - continue; - } - if (!strcmp(argv[i].key, "byref-all")) { - byref = BYREF_ALL; - continue; - } - error(G_("unknown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); - } - - register_callback(plugin_name, PLUGIN_INFO, NULL, &structleak_plugin_info); - if (enable) { - register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &structleak_pass_info); - register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL); - } - register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL); - - return 0; -} diff --git a/scripts/min-tool-version.sh b/scripts/min-tool-version.sh index 787868183b84..0d223b4a9445 100755 --- a/scripts/min-tool-version.sh +++ b/scripts/min-tool-version.sh @@ -14,15 +14,13 @@ fi case "$1" in binutils) - echo 2.25.0 + echo 2.30.0 ;; gcc) if [ "$ARCH" = parisc64 ]; then echo 12.0.0 - elif [ "$SRCARCH" = x86 ]; then - echo 8.1.0 else - echo 5.1.0 + echo 8.1.0 fi ;; llvm) diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index c17366ce8224..fd1238753cad 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -1,22 +1,6 @@ # SPDX-License-Identifier: GPL-2.0-only menu "Kernel hardening options" -config GCC_PLUGIN_STRUCTLEAK - bool - help - While the kernel is built with warnings enabled for any missed - stack variable initializations, this warning is silenced for - anything passed by reference to another function, under the - occasionally misguided assumption that the function will do - the initialization. As this regularly leads to exploitable - flaws, this plugin is available to identify and zero-initialize - such variables, depending on the chosen level of coverage. - - This plugin was originally ported from grsecurity/PaX. More - information at: - * https://grsecurity.net/ - * https://pax.grsecurity.net/ - menu "Memory initialization" config CC_HAS_AUTO_VAR_INIT_PATTERN @@ -36,7 +20,6 @@ config CC_HAS_AUTO_VAR_INIT_ZERO choice prompt "Initialize kernel stack variables at function entry" - default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO default INIT_STACK_NONE @@ -60,55 +43,6 @@ choice classes of uninitialized stack variable exploits and information exposures. - config GCC_PLUGIN_STRUCTLEAK_USER - bool "zero-init structs marked for userspace (weak)" - # Plugin can be removed once the kernel only supports GCC 12+ - depends on GCC_PLUGINS && !CC_HAS_AUTO_VAR_INIT_ZERO - select GCC_PLUGIN_STRUCTLEAK - help - Zero-initialize any structures on the stack containing - a __user attribute. This can prevent some classes of - uninitialized stack variable exploits and information - exposures, like CVE-2013-2141: - https://git.kernel.org/linus/b9e146d8eb3b9eca - - config GCC_PLUGIN_STRUCTLEAK_BYREF - bool "zero-init structs passed by reference (strong)" - # Plugin can be removed once the kernel only supports GCC 12+ - depends on GCC_PLUGINS && !CC_HAS_AUTO_VAR_INIT_ZERO - depends on !(KASAN && KASAN_STACK) - select GCC_PLUGIN_STRUCTLEAK - help - Zero-initialize any structures on the stack that may - be passed by reference and had not already been - explicitly initialized. This can prevent most classes - of uninitialized stack variable exploits and information - exposures, like CVE-2017-1000410: - https://git.kernel.org/linus/06e7e776ca4d3654 - - As a side-effect, this keeps a lot of variables on the - stack that can otherwise be optimized out, so combining - this with CONFIG_KASAN_STACK can lead to a stack overflow - and is disallowed. - - config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL - bool "zero-init everything passed by reference (very strong)" - # Plugin can be removed once the kernel only supports GCC 12+ - depends on GCC_PLUGINS && !CC_HAS_AUTO_VAR_INIT_ZERO - depends on !(KASAN && KASAN_STACK) - select GCC_PLUGIN_STRUCTLEAK - help - Zero-initialize any stack variables that may be passed - by reference and had not already been explicitly - initialized. This is intended to eliminate all classes - of uninitialized stack variable exploits and information - exposures. - - As a side-effect, this keeps a lot of variables on the - stack that can otherwise be optimized out, so combining - this with CONFIG_KASAN_STACK can lead to a stack overflow - and is disallowed. - config INIT_STACK_ALL_PATTERN bool "pattern-init everything (strongest)" depends on CC_HAS_AUTO_VAR_INIT_PATTERN @@ -148,16 +82,6 @@ choice endchoice -config GCC_PLUGIN_STRUCTLEAK_VERBOSE - bool "Report forcefully initialized variables" - depends on GCC_PLUGIN_STRUCTLEAK - depends on !COMPILE_TEST # too noisy - help - This option will cause a warning to be printed each time the - structleak plugin finds a variable it thinks needs to be - initialized. Since not all existing initializers are detected - by the plugin, this can produce false positive warnings. - config GCC_PLUGIN_STACKLEAK bool "Poison kernel stack before returning from syscalls" depends on GCC_PLUGINS |