From: Steven Noonan <snoo...@amazon.com> The -fstack-protector flag family is useful for ensuring safety and for debugging, but has a performance impact. Here's a boot time comparison between a QEMU build of qemu-system-arm with and without the -fstack-protector-all flag:
# WITHOUT -fstack-protector-all [root@localhost ~]# systemd-analyze Startup finished in 1.744s (kernel) + 11.345s (initrd) + 47.164s (userspace) = 1min 255ms # WITH -fstack-protector-all [root@localhost ~]# systemd-analyze Startup finished in 1.843s (kernel) + 12.262s (initrd) + 1min 3.480s (userspace) = 1min 17.587s This is a sizable delta, and some users may wish to disable the flag. Signed-off-by: Steven Noonan <snoo...@amazon.com> Cc: Anthony Liguori <aligu...@amazon.com> --- configure | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/configure b/configure index 07b6be3..c091cdf 100755 --- a/configure +++ b/configure @@ -147,6 +147,7 @@ audio_win_int="" cc_i386=i386-pc-linux-gnu-gcc libs_qga="" debug_info="yes" +stack_protector="yes" # Don't accept a target_list environment variable. unset target_list @@ -879,6 +880,10 @@ for opt do ;; --disable-werror) werror="no" ;; + --enable-stack-protector) stack_protector="yes" + ;; + --disable-stack-protector) stack_protector="no" + ;; --disable-curses) curses="no" ;; --enable-curses) curses="yes" @@ -1117,6 +1122,7 @@ echo " --enable-sparse enable sparse checker" echo " --disable-sparse disable sparse checker (default)" echo " --disable-strip disable stripping binaries" echo " --disable-werror disable compilation abort on warning" +echo " --disable-stack-protector disable GCC-provided stack protection" echo " --disable-sdl disable SDL" echo " --enable-sdl enable SDL" echo " --disable-gtk disable gtk UI" @@ -1298,9 +1304,11 @@ for flag in $gcc_flags; do fi done -if compile_prog "-Werror -fstack-protector-all" "" ; then +if test "$stack_protector" = "yes" ; then + if compile_prog "-Werror -fstack-protector-all" "" ; then QEMU_CFLAGS="$QEMU_CFLAGS -fstack-protector-all" LIBTOOLFLAGS="$LIBTOOLFLAGS -Wc,-fstack-protector-all" + fi fi # Workaround for http://gcc.gnu.org/PR55489. Happens with -fPIE/-fPIC and -- 1.8.5.2