If the compiler didn't support a build mode, the second empty test would
still trip. This moves it to an "else" test for the non-AUTO modes.
Reported-by: Robert Jarzmik <robert.jarz...@free.fr>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
Robert, can you test this fix?
---
Makefile | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/Makefile b/Makefile
index aad7a1ae4791..ba88227fb2bd 100644
--- a/Makefile
+++ b/Makefile
@@ -1092,16 +1092,17 @@ PHONY += prepare-compiler-check
prepare-compiler-check: FORCE
# Make sure compiler supports requested stack protector flag.
ifdef stackp-name
- # Warn about CONFIG_CC_STACKPROTECTOR_AUTO having found no option.
ifeq ($(stackp-flag),)
+ # Warn about CONFIG_CC_STACKPROTECTOR_AUTO having found no option.
@echo CONFIG_CC_STACKPROTECTOR_$(stackp-name): \
Compiler does not support any known stack-protector >&2
- endif
- # Fail if specifically requested stack protector is missing.
+ else
ifeq ($(call cc-option, $(stackp-flag)),)
+ # Fail if specifically requested stack protector is missing.
@echo Cannot use CONFIG_CC_STACKPROTECTOR_$(stackp-name): \
$(stackp-flag) not supported by compiler >&2 && exit 1
endif
+ endif
endif
# Make sure compiler does not have buggy stack-protector support.
ifdef stackp-check
--
2.7.4
--
Kees Cook
Pixel Security
