On 28/03/14 2:04 PM, Noonan, Steven wrote:
On 3/28/14, 10:51 AM, "Paolo Bonzini" <pbonz...@redhat.com> wrote:
Il 28/03/2014 18:41, Laurent Desnogues ha scritto:
+ gcc_flags="-fstack-protector-strong -fstack-protector-all"
+ for flag in $gcc_flags; do
+ if compile_prog "-Werror $flag" "" ; then
+ QEMU_CFLAGS="$QEMU_CFLAGS $flag"
+ LIBTOOLFLAGS="$LIBTOOLFLAGS -Wc,$flag"
+ break
+ fi
+ done
fi
My understanding is that -fstack-protector, -fstack-protector-strong,
and -fstack-protector-all are strictly ordered in terms of the number
of functions that are checked, so you have changed the default
behavior to check less functions for compilers that support
-fstack-protector-strong. Is that what you had in mind?
Yes. -fstack-protector-all adds protection in places where it doesn't
really matter, and that's why it has such a high cost.
Correct, -fstack-protector-all was too high impact. Sadly
-fstack-protector-strong seems to only exist in RedHat-provided compilers,
which I don't always use -- thus the new default this change provides
doesn't really help, so I'd need to just do 'configure
--disable-stack-protector' to avoid the performance penalty.
-fstack-protector-strong exists in OpenBSD's GCC and now LLVM too.
I'd very much be interested in seeing this go in as we're already
using -strong in our own package.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
