diff options
author | Kees Cook <keescook@chromium.org> | 2021-10-20 10:35:53 -0700 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2021-10-21 08:41:38 -0700 |
commit | 8bd51a2ba3c3bb81a693fff17e983d02d914c14c (patch) | |
tree | e92bba2923437c4ee9590f821c470dedb4f2b2b2 /security/Kconfig.hardening | |
parent | 6eb4bd92c1cedcaadd65868b7ade396b422be4be (diff) |
gcc-plugins: Explicitly document purpose and deprecation schedule
GCC plugins should only exist when some compiler feature needs to be
proven but does not exist in either GCC nor Clang. For example, if a
desired feature is already in Clang, it should be added to GCC upstream.
Document this explicitly.
Additionally, mark the plugins with matching upstream GCC features as
removable past their respective GCC versions.
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Michal Marek <michal.lkml@markovi.net>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: linux-hardening@vger.kernel.org
Cc: linux-kbuild@vger.kernel.org
Cc: linux-doc@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Cc: llvm@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Miguel Ojeda <ojeda@kernel.org>
Acked-by: Nick Desaulniers <ndesaulniers@google.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20211020173554.38122-2-keescook@chromium.org
Diffstat (limited to 'security/Kconfig.hardening')
-rw-r--r-- | security/Kconfig.hardening | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index ded17b8abce2..d051f8ceefdd 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -56,7 +56,8 @@ choice config GCC_PLUGIN_STRUCTLEAK_USER bool "zero-init structs marked for userspace (weak)" - depends on GCC_PLUGINS + # Plugin can be removed once the kernel only supports GCC 12+ + depends on GCC_PLUGINS && !CC_HAS_AUTO_VAR_INIT_ZERO select GCC_PLUGIN_STRUCTLEAK help Zero-initialize any structures on the stack containing @@ -67,7 +68,8 @@ choice config GCC_PLUGIN_STRUCTLEAK_BYREF bool "zero-init structs passed by reference (strong)" - depends on GCC_PLUGINS + # Plugin can be removed once the kernel only supports GCC 12+ + depends on GCC_PLUGINS && !CC_HAS_AUTO_VAR_INIT_ZERO depends on !(KASAN && KASAN_STACK) select GCC_PLUGIN_STRUCTLEAK help @@ -85,7 +87,8 @@ choice config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL bool "zero-init everything passed by reference (very strong)" - depends on GCC_PLUGINS + # Plugin can be removed once the kernel only supports GCC 12+ + depends on GCC_PLUGINS && !CC_HAS_AUTO_VAR_INIT_ZERO depends on !(KASAN && KASAN_STACK) select GCC_PLUGIN_STRUCTLEAK help |