On Mon, Dec 30, 2013 at 1:37 PM, David Rientjes <rientjes@xxxxxxxxxx> wrote: > 8779657d29c0 ("stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG") > causes the build to break when the compiler doesn't support > -fstack-protector-strong: > > cc1: error: unrecognized command line option ‘-fstack-protector-strong’ > cc1: error: unrecognized command line option ‘-fstack-protector-strong’ > > with at least gcc 4.6.3. > > Instead of breaking the build, just warn of the failure and disable the > feature. NAK. If you have selected CONFIG_CC_STACKPROTECTOR_STRONG, the build the fail hard. Without this, it means you'll end up with kernels that build and show a stackprotector option in their config, which is false. -Kees > > Signed-off-by: David Rientjes <rientjes@xxxxxxxxxx> > --- > Makefile | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/Makefile b/Makefile > --- a/Makefile > +++ b/Makefile > @@ -603,10 +603,11 @@ ifdef CONFIG_CC_STACKPROTECTOR_REGULAR > -fstack-protector not supported by compiler)) > endif > else ifdef CONFIG_CC_STACKPROTECTOR_STRONG > - stackp-flag := -fstack-protector-strong > - ifeq ($(call cc-option, $(stackp-flag)),) > + ifeq ($(call cc-option, -fstack-protector-strong),) > $(warning Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: \ > -fstack-protector-strong not supported by compiler) > + else > + stackp-flag := -fstack-protector-strong > endif > else > # Force off for distro compilers that enable stack protector by default. -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html