On Thu, Apr 11, 2019 at 1:51 AM Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx> wrote: > > On Thu, Apr 11, 2019 at 1:16 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig > > index 74271dba4f94..01874ef0f883 100644 > > --- a/scripts/gcc-plugins/Kconfig > > +++ b/scripts/gcc-plugins/Kconfig > > @@ -13,10 +13,11 @@ config HAVE_GCC_PLUGINS > > An arch should select this symbol if it supports building with > > GCC plugins. > > > > -menuconfig GCC_PLUGINS > > - bool "GCC plugins" > > +config GCC_PLUGINS > > + bool > > > This will flatten the plugin config options. > > If you want to keep the current menu structure, you can do: > > menu "GCC plugins" > ... > endmenu Ah, excellent point. I'll fix this. > Another side-effect is Kbuild will descend into scripts/gcc-plugins/ > even when no plugin is selected. > It is not a big build speed regression, though. I suspect the plugins Kconfig may disppear eventually with the options spread around other Kconfigs (since now the plugin capability is known at config time). > > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening > > new file mode 100644 > > index 000000000000..8223a8ab1a12 > > --- /dev/null > > +++ b/security/Kconfig.hardening > > @@ -0,0 +1,94 @@ > > +menu "Kernel hardening options" > > + > > +config GCC_PLUGIN_STRUCTLEAK > > + bool > > + depends on GCC_PLUGIN_STRUCTLEAK_USER || GCC_PLUGIN_STRUCTLEAK_BYREF || GCC_PLUGIN_STRUCTLEAK_BYREF_ALL > > > I think this 'depends on' is unnecessary. Okay, I'll drop it. > > > > +menu "Memory initialization" > > + > > +choice > > + prompt "Initialize kernel stack variables at function entry" > > + depends on CC_HAS_AUTO_VAR_INIT || GCC_PLUGINS > > Nit: > CC_HAS_AUTO_VAR_INIT does not exist at this point. > I will be added by 3/3. Oops, yes, I split this chunk in the wrong place. I will fix it. Thanks! -- Kees Cook