On Mon, Dec 30, 2013 at 1:37 PM, David Rientjes <rientjes@xxxxxxxxxx> wrote:
> 8779657d29c0 ("stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG")
> causes the build to break when the compiler doesn't support
> -fstack-protector-strong:
>
> cc1: error: unrecognized command line option ‘-fstack-protector-strong’
> cc1: error: unrecognized command line option ‘-fstack-protector-strong’
>
> with at least gcc 4.6.3.
>
> Instead of breaking the build, just warn of the failure and disable the
> feature.
NAK. If you have selected CONFIG_CC_STACKPROTECTOR_STRONG, the build
the fail hard. Without this, it means you'll end up with kernels that
build and show a stackprotector option in their config, which is
false.
-Kees
>
> Signed-off-by: David Rientjes <rientjes@xxxxxxxxxx>
> ---
> Makefile | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/Makefile b/Makefile
> --- a/Makefile
> +++ b/Makefile
> @@ -603,10 +603,11 @@ ifdef CONFIG_CC_STACKPROTECTOR_REGULAR
> -fstack-protector not supported by compiler))
> endif
> else ifdef CONFIG_CC_STACKPROTECTOR_STRONG
> - stackp-flag := -fstack-protector-strong
> - ifeq ($(call cc-option, $(stackp-flag)),)
> + ifeq ($(call cc-option, -fstack-protector-strong),)
> $(warning Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: \
> -fstack-protector-strong not supported by compiler)
> + else
> + stackp-flag := -fstack-protector-strong
> endif
> else
> # Force off for distro compilers that enable stack protector by default.
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
