On Thu, Apr 12, 2018 at 10:06 PM, Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx> wrote: > +stackp-flags-$(CONFIG_CC_HAS_STACKPROTECTOR_NONE) := -fno-stack-protector > +stackp-flags-$(CONFIG_CC_STACKPROTECTOR) := -fstack-protector > +stackp-flags-$(CONFIG_CC_STACKPROTECTOR_STRONG) := -fstack-protector-strong > + > +KBUILD_CFLAGS += $(stackp-flags-y) So, technically, this works just fine. I wonder if it has an overly confusing result, in that the compiler under normal situations will see: gcc ... -fno-stack-protector -fstack-protector -fstack-protector-strong ... How about something like this instead: ifdef CONFIG_CC_STACKPROTECTOR_STRONG KBUILD_CFLAGS += -fstack-protector-strong else ifdef CONFIG_CC_STACKPROTECTOR KBUILD_CFLAGS += -fstack-protector else KBUILD_CFLAGS += -fno-stack-protector endif endif -Kees -- Kees Cook Pixel Security -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
