On Tue, Sep 23, 2014 at 5:49 AM, Walter Dnes <[email protected]> wrote: > I did an emerge update just now, and figured it was time to jump to > the latest stable kernel (3.14.16). I ran "make oldconfig". Amongst > the new features, I selected "stack-protector-strong". When trying to > build the new kernel, I got... > > scripts/kconfig/conf --silentoldconfig Kconfig > Makefile:615: Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: > -fstack-protector-strong not supported by compiler > SYSHDR arch/x86/syscalls/../include/generated/uapi/asm/unistd_32.h > SYSHDR arch/x86/syscalls/../include/generated/uapi/asm/unistd_64.h > SYSHDR arch/x86/syscalls/../include/generated/uapi/asm/unistd_x32.h > SYSTBL arch/x86/syscalls/../include/generated/asm/syscalls_32.h > HOSTCC arch/x86/tools/relocs_32.o > HOSTCC arch/x86/tools/relocs_64.o > HOSTCC arch/x86/tools/relocs_common.o > HOSTLD arch/x86/tools/relocs > CHK include/config/kernel.release > UPD include/config/kernel.release > WRAP arch/x86/include/generated/asm/clkdev.h > CHK include/generated/uapi/linux/version.h > UPD include/generated/uapi/linux/version.h > CHK include/generated/utsrelease.h > UPD include/generated/utsrelease.h > CC kernel/bounds.s > gcc: error: unrecognized command line option '-fstack-protector-strong' > make[1]: *** [kernel/bounds.s] Error 1 > make: *** [prepare0] Error 2 > > I switched stack-protector to "regular", and it built OK. I rebooted > into it, and it works OK. > > My gcc version data... > > [d531][root][/usr/src/linux] gcc --version > gcc (Gentoo 4.7.3-r1 p1.4, pie-0.5.5) 4.7.3 > Copyright (C) 2012 Free Software Foundation, Inc. > This is free software; see the source for copying conditions. There is NO > warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > > My install is 32-bit > > [d531][waltdnes][~] uname -a > Linux d531 3.14.16-gentoo #1 SMP Mon Sep 22 20:43:33 EDT 2014 i686 Intel(R) > Core(TM)2 Duo CPU E4600 @ 2.40GHz GenuineIntel GNU/Linux > > -- > Walter Dnes <[email protected]> > I don't run "desktop environments"; I run useful applications >
Looks like support for '-fstack-protector-strong' was implemented in more recent versions of gcc. The the URL below for details: https://securityblog.redhat.com/tag/stack-protector/
