2018-04-14 1:41 GMT+09:00 Kees Cook <keescook@xxxxxxxxxxxx>: > On Thu, Apr 12, 2018 at 10:06 PM, Masahiro Yamada > <yamada.masahiro@xxxxxxxxxxxxx> wrote: >> +stackp-flags-$(CONFIG_CC_HAS_STACKPROTECTOR_NONE) := -fno-stack-protector >> +stackp-flags-$(CONFIG_CC_STACKPROTECTOR) := -fstack-protector >> +stackp-flags-$(CONFIG_CC_STACKPROTECTOR_STRONG) := -fstack-protector-strong >> + >> +KBUILD_CFLAGS += $(stackp-flags-y) > > So, technically, this works just fine. I wonder if it has an overly > confusing result, in that the compiler under normal situations will > see: > > gcc ... -fno-stack-protector -fstack-protector -fstack-protector-strong ... Kees, you are wrong. Look at my code closely. I used := operator instead of +=. $(stackp-flags-y) contains only one flag at most. > How about something like this instead: > > ifdef CONFIG_CC_STACKPROTECTOR_STRONG > KBUILD_CFLAGS += -fstack-protector-strong > else > ifdef CONFIG_CC_STACKPROTECTOR > KBUILD_CFLAGS += -fstack-protector > else > KBUILD_CFLAGS += -fno-stack-protector > endif > endif > My code is much cleaner, and working fine. -- Best Regards Masahiro Yamada -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
