From: Brad Smith <brad@comstyle.com>
To: "Noonan, Steven" <snoonan@amazon.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Laurent Desnogues <laurent.desnogues@gmail.com>
Cc: Steven Noonan <steven@uplinklabs.net>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
"Liguori, Anthony" <aliguori@amazon.com>
Subject: Re: [Qemu-devel] [PATCH for-2.0] configure: add option to disable -fstack-protector flags
Date: Fri, 28 Mar 2014 16:53:20 -0400 [thread overview]
Message-ID: <5335E140.6030500@comstyle.com> (raw)
In-Reply-To: <CF5B0729.21A50%snoonan@amazon.com>
On 28/03/14 2:04 PM, Noonan, Steven wrote:
> On 3/28/14, 10:51 AM, "Paolo Bonzini" <pbonzini@redhat.com> wrote:
>
>> Il 28/03/2014 18:41, Laurent Desnogues ha scritto:
>>>>> + gcc_flags="-fstack-protector-strong -fstack-protector-all"
>>>>> + for flag in $gcc_flags; do
>>>>> + if compile_prog "-Werror $flag" "" ; then
>>>>> + QEMU_CFLAGS="$QEMU_CFLAGS $flag"
>>>>> + LIBTOOLFLAGS="$LIBTOOLFLAGS -Wc,$flag"
>>>>> + break
>>>>> + fi
>>>>> + done
>>>>> fi
>>> My understanding is that -fstack-protector, -fstack-protector-strong,
>>> and -fstack-protector-all are strictly ordered in terms of the number
>>> of functions that are checked, so you have changed the default
>>> behavior to check less functions for compilers that support
>>> -fstack-protector-strong. Is that what you had in mind?
>>
>> Yes. -fstack-protector-all adds protection in places where it doesn't
>> really matter, and that's why it has such a high cost.
>
> Correct, -fstack-protector-all was too high impact. Sadly
> -fstack-protector-strong seems to only exist in RedHat-provided compilers,
> which I don't always use -- thus the new default this change provides
> doesn't really help, so I'd need to just do 'configure
> --disable-stack-protector' to avoid the performance penalty.
-fstack-protector-strong exists in OpenBSD's GCC and now LLVM too.
I'd very much be interested in seeing this go in as we're already
using -strong in our own package.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
next prev parent reply other threads:[~2014-03-28 20:53 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-28 16:19 [Qemu-devel] [PATCH for-2.0] configure: add option to disable -fstack-protector flags Paolo Bonzini
2014-03-28 17:41 ` Laurent Desnogues
2014-03-28 17:51 ` Paolo Bonzini
2014-03-28 18:04 ` Noonan, Steven
2014-03-28 20:53 ` Brad Smith [this message]
2014-03-31 20:50 ` Peter Maydell
2014-04-08 20:37 ` Peter Maydell
2014-04-08 20:47 ` Noonan, Steven
2014-04-09 7:40 ` Peter Maydell
2014-04-09 9:29 ` Noonan, Steven
2014-04-09 9:34 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5335E140.6030500@comstyle.com \
--to=brad@comstyle.com \
--cc=aliguori@amazon.com \
--cc=laurent.desnogues@gmail.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=snoonan@amazon.com \
--cc=steven@uplinklabs.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).