Thanks for the link! It's clear now. You need a recent CPU and a recent gcc to trigger this. -- dr Tóth Attila, Radiológus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057
2012.Február 19.(V) 23:01 időpontban Hinnerk van Bruinehsen ezt írta: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 19.02.2012 20:06, "Tóth Attila" wrote: >> The email I replied to was originally posted by "Hinnerk van >> Bruinehsen". >> >> Let's see my question in details, that might clarify it. Here is >> the part of the ebuild I'm asking questions about: >> >> " if [[ $(gcc-major-version) -lt 4 ]]; then append-cxxflags >> -fno-stack-protector elif [[ $(gcc-major-version) -gt 4 || >> $(gcc-minor-version) -gt 3 ]]; then if use amd64 || use x86; then >> append-flags -mno-avx fi fi " >> >> Break it down: >> >> " if [[ $(gcc-major-version) -lt 4 ]]; then append-cxxflags >> -fno-stack-protector " The first part is a historical remnant from >> times before Zorry. We used gcc-3.4.6 for a long time. It used a >> different implementation for SSP. >> >> " elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3 >> ]]; then if use amd64 || use x86; then append-flags -mno-avx fi fi >> " >> >> The second part disables avx optimisations if the gcc version is >> newer than 4.3. However avx support isn't around so long and it's >> not mature. Avx is an instruction set extension, that is getting >> some attention lately. I'm lucky to have a system, with a capable >> processor. The block disabling the optimisations resides right >> besides the stack-protector statement. That's why I thought some >> hardened floks put it there. And I'm curious about the reason. >> >> Of course it might be simply there, because enabling avx >> optimizations can actually decrease performance. Like you can see >> it here: >> http://www.phoronix.com/scan.php?page=article&item=intel_avx_gcc&num=1 >> >> Security is more important for me compared to speed. That's why >> I'm interested in any security effect of a compiler option (like >> creating textrels or so). If it's a security problem, I won't use >> corei7-avx, but rather go for simple corei7. >> >> Regards: Dw. > > Update: according to [1] it's not security related, but a bug with > mozilla and the avx-extensions. It simply doesn't work together. Since > I have no Sandy Bridge CPU I'm not able to test anythin else... > > > > > [1] http://forums.gentoo.org/viewtopic-t-893300-start-0.html > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.18 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJPQXFVAAoJEJwwOFaNFkYclboIAI4QIEs8IM8jQ8VU7b625qE8 > q+G8kMyJR20V/0Etywv2uM54/gUuwNR/mP0YgEW9Bj7yuvAbpXKQPp1R7kXjFzyq > xNWRYNm6vMlByuakFoYzoB6w7CqqTFVG3dbnujdiVZJVG/+fDM0y/y0MWXIwl6VM > Ng5R5kfzTll/yyp4nYPuAoUinLEAgZy20UOgQJqU33y+AoDdoG4YwqFIrO9FkBFe > ewRLfrwuKpr/+KCm6hvEqavfv32bg5NJMPSAusYIfFSlftNzqoxoxSvVnzanp509 > pde3CaSrMjUux5u6kR/IjJlnKP0lgwVr5kntkErSG3edV8YFXRRfFVrIF6chlvM= > =o5MX > -----END PGP SIGNATURE----- > >
