-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 19.02.2012 20:06, "Tóth Attila" wrote: > The email I replied to was originally posted by "Hinnerk van > Bruinehsen". > > Let's see my question in details, that might clarify it. Here is > the part of the ebuild I'm asking questions about: > > " if [[ $(gcc-major-version) -lt 4 ]]; then append-cxxflags > -fno-stack-protector elif [[ $(gcc-major-version) -gt 4 || > $(gcc-minor-version) -gt 3 ]]; then if use amd64 || use x86; then > append-flags -mno-avx fi fi " > > Break it down: > > " if [[ $(gcc-major-version) -lt 4 ]]; then append-cxxflags > -fno-stack-protector " The first part is a historical remnant from > times before Zorry. We used gcc-3.4.6 for a long time. It used a > different implementation for SSP. > > " elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3 > ]]; then if use amd64 || use x86; then append-flags -mno-avx fi fi > " > > The second part disables avx optimisations if the gcc version is > newer than 4.3. However avx support isn't around so long and it's > not mature. Avx is an instruction set extension, that is getting > some attention lately. I'm lucky to have a system, with a capable > processor. The block disabling the optimisations resides right > besides the stack-protector statement. That's why I thought some > hardened floks put it there. And I'm curious about the reason. > > Of course it might be simply there, because enabling avx > optimizations can actually decrease performance. Like you can see > it here: > http://www.phoronix.com/scan.php?page=article&item=intel_avx_gcc&num=1 > > Security is more important for me compared to speed. That's why > I'm interested in any security effect of a compiler option (like > creating textrels or so). If it's a security problem, I won't use > corei7-avx, but rather go for simple corei7. > > Regards: Dw.
Hi, that part is in the normal icecat-ebuild in the tree. It's also within the firefox ebuild. I don't know if it's needed, but mozilla herd as maintainers may be the right people to ask. Regards, Hinnerk -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPQWgMAAoJEJwwOFaNFkYc1UMH/3kAIY4TaptxnzmgcPMKswJS GxkLqsLxYcO3WJpSpW6+U/fCfVdZko6Tz/qG5P6kiLNSdFTwz6gesH/DJnnNcBq5 wSh4k6MSyPw26ifdTBlp4Inhi2Gmn/ZhtpUQVKXjX3z7zHXXgj4TwBpGvojGbglO pbSUxGhYy+qEDdufvqR50Ti67Gaxgcf7VYitfhUgDyMWMuGZIxRYeqQFpMI0jO9L vIoD4fey0ZIEdTdiJpW6ONXvE76d3CJ86TFAqTUMyxqqUNBoPstH2Zh+btp5c03C Pn6XGscSOxcpKLxbeBxRZHv9EfUqoCs9pc7gn/T6+r1s2t74hcHF+K5c/13Df+k= =+Ef/ -----END PGP SIGNATURE-----
