-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 19.02.2012 20:06, "Tóth Attila" wrote: > The email I replied to was originally posted by "Hinnerk van > Bruinehsen". > > Let's see my question in details, that might clarify it. Here is > the part of the ebuild I'm asking questions about: > > " if [[ $(gcc-major-version) -lt 4 ]]; then append-cxxflags > -fno-stack-protector elif [[ $(gcc-major-version) -gt 4 || > $(gcc-minor-version) -gt 3 ]]; then if use amd64 || use x86; then > append-flags -mno-avx fi fi " > > Break it down: > > " if [[ $(gcc-major-version) -lt 4 ]]; then append-cxxflags > -fno-stack-protector " The first part is a historical remnant from > times before Zorry. We used gcc-3.4.6 for a long time. It used a > different implementation for SSP. > > " elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3 > ]]; then if use amd64 || use x86; then append-flags -mno-avx fi fi > " > > The second part disables avx optimisations if the gcc version is > newer than 4.3. However avx support isn't around so long and it's > not mature. Avx is an instruction set extension, that is getting > some attention lately. I'm lucky to have a system, with a capable > processor. The block disabling the optimisations resides right > besides the stack-protector statement. That's why I thought some > hardened floks put it there. And I'm curious about the reason. > > Of course it might be simply there, because enabling avx > optimizations can actually decrease performance. Like you can see > it here: > http://www.phoronix.com/scan.php?page=article&item=intel_avx_gcc&num=1 > > Security is more important for me compared to speed. That's why > I'm interested in any security effect of a compiler option (like > creating textrels or so). If it's a security problem, I won't use > corei7-avx, but rather go for simple corei7. > > Regards: Dw.
Update: according to [1] it's not security related, but a bug with mozilla and the avx-extensions. It simply doesn't work together. Since I have no Sandy Bridge CPU I'm not able to test anythin else... [1] http://forums.gentoo.org/viewtopic-t-893300-start-0.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPQXFVAAoJEJwwOFaNFkYclboIAI4QIEs8IM8jQ8VU7b625qE8 q+G8kMyJR20V/0Etywv2uM54/gUuwNR/mP0YgEW9Bj7yuvAbpXKQPp1R7kXjFzyq xNWRYNm6vMlByuakFoYzoB6w7CqqTFVG3dbnujdiVZJVG/+fDM0y/y0MWXIwl6VM Ng5R5kfzTll/yyp4nYPuAoUinLEAgZy20UOgQJqU33y+AoDdoG4YwqFIrO9FkBFe ewRLfrwuKpr/+KCm6hvEqavfv32bg5NJMPSAusYIfFSlftNzqoxoxSvVnzanp509 pde3CaSrMjUux5u6kR/IjJlnKP0lgwVr5kntkErSG3edV8YFXRRfFVrIF6chlvM= =o5MX -----END PGP SIGNATURE-----
