On Sun, Feb 11, 2018 at 10:34 AM, Ulf Magnusson <ulfalizer@xxxxxxxxx> wrote: > On Sun, Feb 11, 2018 at 6:56 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: >> Old? That's not the case. The check for -fno-stack-protector will >> likely be needed forever, as some distro compilers enable >> stack-protector by default. So when someone wants to explicitly build >> without stack-protector (or if the compiler's stack-protector is >> detected as broken), we must force it off for the kernel build. > > What I meant is whether it makes sense to test if the > -fno-stack-protector option is supported. Can we reasonably assume > that passing -fno-stack-protector to the compiler won't cause an > error? That isn't something I've tested; but I can check if it's useful. > Is it possible to build GCC with no "no stack protector" support? Do > we need to support any compilers that would choke on the > -fno-stack-protector flag itself? > > If we can reasonably assume that passing -fno-stack-protector is safe, > then CC_HAS_STACKPROTECTOR_NONE isn't needed. Well, there are two situations: - does the user want to build _without_ stack protector? (which is something some people want to do, no matter what I think of it) - did _AUTO discover that stack protector output is broken? In both cases, we need to pass -fno-stack-protector in case the distro compiler was built with stack protector enabled by default. -Kees -- Kees Cook Pixel Security -- To unsubscribe from this list: send the line "unsubscribe linux-s390" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html