# SPDX-License-Identifier: GPL-2.0-only

config HAVE_GCC_PLUGINS
	bool
	help
	  An arch should select this symbol if it supports building with
	  GCC plugins.

config WANT_GCC_PLUGINS
	bool
	depends on HAVE_GCC_PLUGINS && CC_IS_GCC
	select GCC_PLUGINS if !$(failure,$(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(CC)")
	help
	  A Kconfig symbol should select this one iff it strongly suggests to
	  enable gcc plugin support but doesn't want to rely on a user to
	  actually do it manually.

	  Selecting this symbol will force a gcc plugin test, emiting a waring
	  if needed headers or packages are missing. So choose wisely when / if
	  to select this symbol.

menuconfig GCC_PLUGINS
	bool "GCC plugins"
	depends on HAVE_GCC_PLUGINS
	depends on CC_IS_GCC
	depends on $(success,$(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(CC)")
	default y
	help
	  GCC plugins are loadable modules that provide extra features to the
	  compiler. They are useful for runtime instrumentation and static analysis.

	  See Documentation/kbuild/gcc-plugins.rst for details.

if GCC_PLUGINS

config GCC_RELAXED_VERSION_CHECK
	bool "Relax the compatible GCC version check"
	help
	  When using GCC plugins, out-of-tree modules will fail to build with a
	  compiler different than that used to build the kernel.  This is a
	  precautionary measure to ensure ABI compatibility, not only for GCC and
	  the plugins, but also for the generated code.

	  However, this version check is very strict, as in enforcing the very
	  same compiler gets used.  If the compiler was updated in the
	  meantime, e.g. because the distro package was updated, this check
	  will fail and prevent building third party modules.

	  Enabling this option allows to lift this restriction to limit the
	  check to ensure major version compatibility only.  However, be aware
	  that this may lead to hard to debug issues in case the compiler is,
	  in fact, incompatible because it's configured differently or ships
	  backported features making the plugins behave differently.

	  When this option is enabled, loading kernel modules that were built
	  with a different GCC version than that of the kernel will taint the
	  kernel with a new "V" flag and produce a notice in dmesg.

	  If unsure, say N.

config GCC_PLUGIN_CYC_COMPLEXITY
	bool "Compute the cyclomatic complexity of a function" if EXPERT
	default n	# too noisy
	help
	  The complexity M of a function's control flow graph is defined as:
	   M = E - N + 2P
	  where

	  E = the number of edges
	  N = the number of nodes
	  P = the number of connected components (exit nodes).

	  Enabling this plugin reports the complexity to stderr during the
	  build. It mainly serves as a simple example of how to create a
	  gcc plugin for the kernel.

config GCC_PLUGIN_SANCOV
	bool
	# Plugin can be removed once the kernel only supports GCC 6+
	help
	  This plugin inserts a __sanitizer_cov_trace_pc() call at the start of
	  basic blocks. It supports all gcc versions with plugin support (from
	  gcc 5 on). It is based on the commit "Add fuzzing coverage support"
	  by Dmitry Vyukov <dvyukov@google.com>.

config GCC_PLUGIN_LATENT_ENTROPY
	bool "Generate some entropy during boot and runtime"
	depends on PAX_LATENT_ENTROPY
	help
	  By saying Y here the kernel will instrument some kernel code to
	  extract some entropy from both original and artificially created
	  program state.  This will help especially embedded systems where
	  there is little 'natural' source of entropy normally.  The cost
	  is some slowdown of the boot process (about 0.5%) and fork and
	  irq processing.

	  Note that entropy extracted this way is not cryptographically
	  secure!

	  This plugin was ported from grsecurity/PaX. More information at:
	   * https://grsecurity.net/
	   * https://pax.grsecurity.net/

config GCC_PLUGIN_TYPE_CANARY
	bool
	help
	  This plugin implements handling of the 'canary' attribute and will be
	  selected by features needing it.

config GCC_PLUGIN_ARM_SSP_PER_TASK
	bool
	depends on GCC_PLUGINS && ARM

endif
