On 9 January 2014 21:55, Steven Noonan <ste...@uplinklabs.net> wrote: > From: Steven Noonan <snoo...@amazon.com> > > The -fstack-protector flag family is useful for ensuring safety and for > debugging, but has a performance impact. Here's a boot time comparison between > a QEMU build of qemu-system-arm with and without the -fstack-protector-all > flag: > > # WITHOUT -fstack-protector-all > [root@localhost ~]# systemd-analyze > Startup finished in 1.744s (kernel) + 11.345s (initrd) + 47.164s > (userspace) = 1min 255ms > > # WITH -fstack-protector-all > [root@localhost ~]# systemd-analyze > Startup finished in 1.843s (kernel) + 12.262s (initrd) + 1min 3.480s > (userspace) = 1min 17.587s > > This is a sizable delta, and some users may wish to disable the flag.
How about benchmarking the intermediate level of protection, ie just "-fstack-protector"? Maybe that's a good enough compromise between security and speed that we don't need to mess with configure... (IIRC there have been discussions before about why we have the -all variant specifically but I don't recall anybody coming up with a convincing argument.) thanks -- PMM
