From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49337)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <brad@comstyle.com>) id 1WTdmN-000790-1j
	for qemu-devel@nongnu.org; Fri, 28 Mar 2014 16:53:31 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <brad@comstyle.com>) id 1WTdmM-00016k-5D
	for qemu-devel@nongnu.org; Fri, 28 Mar 2014 16:53:30 -0400
Received: from speedy.comstyle.com ([2001:470:1d:8c::2]:22671
	helo=mail.comstyle.com) by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <brad@comstyle.com>) id 1WTdmM-00016H-0T
	for qemu-devel@nongnu.org; Fri, 28 Mar 2014 16:53:30 -0400
Message-ID: <5335E140.6030500@comstyle.com>
Date: Fri, 28 Mar 2014 16:53:20 -0400
From: Brad Smith <brad@comstyle.com>
MIME-Version: 1.0
References: <1396023542-19667-1-git-send-email-pbonzini@redhat.com>	<CABoDooO=rofd1xs10uoCgvkpBermR+wemxOOpmFdZWBvrEVizA@mail.gmail.com>	<5335B68F.8050504@redhat.com>
	<CF5B0729.21A50%snoonan@amazon.com>
In-Reply-To: <CF5B0729.21A50%snoonan@amazon.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH for-2.0] configure: add option to disable
 -fstack-protector flags
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Noonan, Steven" <snoonan@amazon.com>, Paolo Bonzini <pbonzini@redhat.com>, Laurent Desnogues <laurent.desnogues@gmail.com>
Cc: Steven Noonan <steven@uplinklabs.net>, "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>, "Liguori,
	Anthony" <aliguori@amazon.com>

On 28/03/14 2:04 PM, Noonan, Steven wrote:
> On 3/28/14, 10:51 AM, "Paolo Bonzini" <pbonzini@redhat.com> wrote:
>
>> Il 28/03/2014 18:41, Laurent Desnogues ha scritto:
>>>>> +  gcc_flags="-fstack-protector-strong -fstack-protector-all"
>>>>> +  for flag in $gcc_flags; do
>>>>> +    if compile_prog "-Werror $flag" "" ; then
>>>>> +      QEMU_CFLAGS="$QEMU_CFLAGS $flag"
>>>>> +      LIBTOOLFLAGS="$LIBTOOLFLAGS -Wc,$flag"
>>>>> +      break
>>>>> +    fi
>>>>> +  done
>>>>>   fi
>>> My understanding is that -fstack-protector, -fstack-protector-strong,
>>> and -fstack-protector-all are strictly ordered in terms of the number
>>> of functions that are checked, so you have changed the default
>>> behavior to check less functions for compilers that support
>>> -fstack-protector-strong.  Is that what you had in mind?
>>
>> Yes.  -fstack-protector-all adds protection in places where it doesn't
>> really matter, and that's why it has such a high cost.
>
> Correct, -fstack-protector-all was too high impact. Sadly
> -fstack-protector-strong seems to only exist in RedHat-provided compilers,
> which I don't always use -- thus the new default this change provides
> doesn't really help, so I'd need to just do 'configure
> --disable-stack-protector' to avoid the performance penalty.

-fstack-protector-strong exists in OpenBSD's GCC and now LLVM too.

I'd very much be interested in seeing this go in as we're already
using -strong in our own package.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.