On Thu, Apr 11, 2019 at 1:16 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig > index 74271dba4f94..01874ef0f883 100644 > --- a/scripts/gcc-plugins/Kconfig > +++ b/scripts/gcc-plugins/Kconfig > @@ -13,10 +13,11 @@ config HAVE_GCC_PLUGINS > An arch should select this symbol if it supports building with > GCC plugins. > > -menuconfig GCC_PLUGINS > - bool "GCC plugins" > +config GCC_PLUGINS > + bool This will flatten the plugin config options. If you want to keep the current menu structure, you can do: menu "GCC plugins" ... endmenu Another side-effect is Kbuild will descend into scripts/gcc-plugins/ even when no plugin is selected. It is not a big build speed regression, though. > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening > new file mode 100644 > index 000000000000..8223a8ab1a12 > --- /dev/null > +++ b/security/Kconfig.hardening > @@ -0,0 +1,94 @@ > +menu "Kernel hardening options" > + > +config GCC_PLUGIN_STRUCTLEAK > + bool > + depends on GCC_PLUGIN_STRUCTLEAK_USER || GCC_PLUGIN_STRUCTLEAK_BYREF || GCC_PLUGIN_STRUCTLEAK_BYREF_ALL I think this 'depends on' is unnecessary. > +menu "Memory initialization" > + > +choice > + prompt "Initialize kernel stack variables at function entry" > + depends on CC_HAS_AUTO_VAR_INIT || GCC_PLUGINS Nit: CC_HAS_AUTO_VAR_INIT does not exist at this point. I will be added by 3/3. -- Best Regards Masahiro Yamada