> The email I replied to was originally posted by "Hinnerk van Bruinehsen".
Crazy, gmail is acting like it was in response to my message about compiling firefox. Sorry about that. - Grant > Let's see my question in details, that might clarify it. Here is the part > of the ebuild I'm asking questions about: > > " > if [[ $(gcc-major-version) -lt 4 ]]; then > append-cxxflags -fno-stack-protector > elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3 > ]]; then > if use amd64 || use x86; then > append-flags -mno-avx > fi > fi > " > > Break it down: > > " > if [[ $(gcc-major-version) -lt 4 ]]; then > append-cxxflags -fno-stack-protector > " > The first part is a historical remnant from times before Zorry. We used > gcc-3.4.6 for a long time. It used a different implementation for SSP. > > " > elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3 > ]]; then > if use amd64 || use x86; then > append-flags -mno-avx > fi > fi > " > > The second part disables avx optimisations if the gcc version is newer > than 4.3. However avx support isn't around so long and it's not mature. > Avx is an instruction set extension, that is getting some attention > lately. I'm lucky to have a system, with a capable processor. The block > disabling the optimisations resides right besides the stack-protector > statement. That's why I thought some hardened floks put it there. And I'm > curious about the reason. > > Of course it might be simply there, because enabling avx optimizations can > actually decrease performance. Like you can see it here: > http://www.phoronix.com/scan.php?page=article&item=intel_avx_gcc&num=1 > > Security is more important for me compared to speed. That's why I'm > interested in any security effect of a compiler option (like creating > textrels or so). If it's a security problem, I won't use corei7-avx, but > rather go for simple corei7. > > Regards: > Dw. > -- > dr Tóth Attila, Radiológus, 06-20-825-8057 > Attila Toth MD, Radiologist, +36-20-825-8057 > > 2012.Február 19.(V) 19:32 időpontban Grant ezt írta: >>> There's a snippet in your ebuild: >>> "append-flags -mno-avx" >>> >>> What is the problem with avx? Is it an option counteracting with >>> security? >> >> I'm sorry but I'm not sure what you mean. I should change the firefox >> ebuild? >> >> - Grant >> >> >>>>>>>>> Firefox won't compile on my system due to the issue >>>>>>>>> described here: >>>>>>>>> >>>>>>>>> http://www.gossamer-threads.com/lists/gentoo/hardened/245060 >>>>>>>> >>>>>>>> >>>>>>>>> >>>> FWIW: I had no trouble compiling Firefox 9.0 on my amd64 system >>>>>>>> using the current stable 3.2.2-r1 kernel, gcc 4.5.3, >>>>>>>> grsec/pax enabled. >>>>>>> >>>>>>> To confirm, you aren't on a hardened profile? >>>>>> >>>>>> I am on a hardened profile, currently using >>>>>> hardened/linux/amd64/no-multilib/selinux profile, only running >>>>>> stable software. >>>>> >>>>> I don't get it then. Does anyone know why I can't compile Firefox >>>>> as described in the link above? This sums it up: >>>>> >>>>> "firefox-9.0 ebuild stalls at the install phase while xpcshell >>>>> command tops CPU usage for hours." >>>>> >>>>> Although xpcshell doesn't use any CPU for me. It just sits there >>>>> and the install phase doesn't proceed. >>>>> >>>>> - Grant >>>>> >>>> >>>> I can compile Icecat with a customized ebuild. since it's basically >>>> the same as Firefox, maybe that helps. Basically it disables jit.
