Require GCC for the GCC plugins (part II)

The current result on arm64_full_hardened_5.17_clang.config (clang 12): [+] Special report mode: show_fail [+] Kconfig file to check: my/arm64_full_hardened_5.17_clang.config [+] Detected architecture: ARM64 [+] Detected kernel version: 5.17 ========================================================================================================================= option name | type |desired val | decision | reason | check result ========================================================================================================================= CONFIG_GCC_PLUGINS |kconfig| y |defconfig | self_protection | FAIL: CONFIG_CC_IS_GCC not "y" CONFIG_STACKPROTECTOR_PER_TASK |kconfig| y |defconfig | self_protection | FAIL: not found CONFIG_FORTIFY_SOURCE |kconfig| y | kspp | self_protection | FAIL: not found CONFIG_GCC_PLUGIN_LATENT_ENTROPY |kconfig| y | kspp | self_protection | FAIL: CONFIG_CC_IS_GCC not "y" CONFIG_ZERO_CALL_USED_REGS |kconfig| y | kspp | self_protection | FAIL: not found CONFIG_GCC_PLUGIN_RANDSTRUCT |kconfig| y | kspp | self_protection | FAIL: CONFIG_CC_IS_GCC not "y" CONFIG_GCC_PLUGIN_STACKLEAK |kconfig| y | kspp | self_protection | FAIL: CONFIG_CC_IS_GCC not "y" CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE|kconfig| is not set | clipos | self_protection | FAIL: CONFIG_CC_IS_GCC not "y" CONFIG_STACKLEAK_METRICS |kconfig| is not set | clipos | self_protection | FAIL: CONFIG_CC_IS_GCC not "y" CONFIG_STACKLEAK_RUNTIME_DISABLE |kconfig| is not set | clipos | self_protection | FAIL: CONFIG_CC_IS_GCC not "y" CONFIG_STACKPROTECTOR_PER_TASK, CONFIG_FORTIFY_SOURCE and CONFIG_ZERO_CALL_USED_REGS will be supported for clang in future (WIP).

Require GCC for the GCC plugins (part II)
1780bea6 · Alexander Popov · f630654c · 1780bea6
Commit 1780bea6 authored Aug 20, 2022 by Alexander Popov
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 3 deletions

__init__.py kconfig_hardened_check/__init__.py +6 -3

No files found.
--- a/kconfig_hardened_check/__init__.py
+++ b/kconfig_hardened_check/__init__.py
@@ -462,12 +462,15 @@ def add_kconfig_checks(l, arch):
    l += [KconfigCheck('self_protection', 'clipos', 'RANDOM_TRUST_BOOTLOADER', 'is not set')]
    l += [KconfigCheck('self_protection', 'clipos', 'RANDOM_TRUST_CPU', 'is not set')]
    l += [AND(KconfigCheck('self_protection', 'clipos', 'GCC_PLUGIN_RANDSTRUCT_PERFORMANCE', 'is not set'),
-              randstruct_is_set)]
+              randstruct_is_set,
+              cc_is_gcc)]
    if arch in ('X86_64', 'ARM64', 'X86_32'):
        l += [AND(KconfigCheck('self_protection', 'clipos', 'STACKLEAK_METRICS', 'is not set'),
-                  stackleak_is_set)]
+                  stackleak_is_set,
+                  cc_is_gcc)]
        l += [AND(KconfigCheck('self_protection', 'clipos', 'STACKLEAK_RUNTIME_DISABLE', 'is not set'),
-                  stackleak_is_set)]
+                  stackleak_is_set,
+                  cc_is_gcc)]
    if arch in ('X86_64', 'X86_32'):
        l += [AND(KconfigCheck('self_protection', 'clipos', 'INTEL_IOMMU_DEFAULT_ON', 'y'),
                  iommu_support_is_set)]