| 1 |
The email I replied to was originally posted by "Hinnerk van Bruinehsen". |
| 2 |
|
| 3 |
Let's see my question in details, that might clarify it. Here is the part |
| 4 |
of the ebuild I'm asking questions about: |
| 5 |
|
| 6 |
" |
| 7 |
if [[ $(gcc-major-version) -lt 4 ]]; then |
| 8 |
append-cxxflags -fno-stack-protector |
| 9 |
elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3 |
| 10 |
]]; then |
| 11 |
if use amd64 || use x86; then |
| 12 |
append-flags -mno-avx |
| 13 |
fi |
| 14 |
fi |
| 15 |
" |
| 16 |
|
| 17 |
Break it down: |
| 18 |
|
| 19 |
" |
| 20 |
if [[ $(gcc-major-version) -lt 4 ]]; then |
| 21 |
append-cxxflags -fno-stack-protector |
| 22 |
" |
| 23 |
The first part is a historical remnant from times before Zorry. We used |
| 24 |
gcc-3.4.6 for a long time. It used a different implementation for SSP. |
| 25 |
|
| 26 |
" |
| 27 |
elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3 |
| 28 |
]]; then |
| 29 |
if use amd64 || use x86; then |
| 30 |
append-flags -mno-avx |
| 31 |
fi |
| 32 |
fi |
| 33 |
" |
| 34 |
|
| 35 |
The second part disables avx optimisations if the gcc version is newer |
| 36 |
than 4.3. However avx support isn't around so long and it's not mature. |
| 37 |
Avx is an instruction set extension, that is getting some attention |
| 38 |
lately. I'm lucky to have a system, with a capable processor. The block |
| 39 |
disabling the optimisations resides right besides the stack-protector |
| 40 |
statement. That's why I thought some hardened floks put it there. And I'm |
| 41 |
curious about the reason. |
| 42 |
|
| 43 |
Of course it might be simply there, because enabling avx optimizations can |
| 44 |
actually decrease performance. Like you can see it here: |
| 45 |
http://www.phoronix.com/scan.php?page=article&item=intel_avx_gcc&num=1 |
| 46 |
|
| 47 |
Security is more important for me compared to speed. That's why I'm |
| 48 |
interested in any security effect of a compiler option (like creating |
| 49 |
textrels or so). If it's a security problem, I won't use corei7-avx, but |
| 50 |
rather go for simple corei7. |
| 51 |
|
| 52 |
Regards: |
| 53 |
Dw. |
| 54 |
-- |
| 55 |
dr Tóth Attila, Radiológus, 06-20-825-8057 |
| 56 |
Attila Toth MD, Radiologist, +36-20-825-8057 |
| 57 |
|
| 58 |
2012.Február 19.(V) 19:32 időpontban Grant ezt írta: |
| 59 |
>> There's a snippet in your ebuild: |
| 60 |
>> "append-flags -mno-avx" |
| 61 |
>> |
| 62 |
>> What is the problem with avx? Is it an option counteracting with |
| 63 |
>> security? |
| 64 |
> |
| 65 |
> I'm sorry but I'm not sure what you mean. I should change the firefox |
| 66 |
> ebuild? |
| 67 |
> |
| 68 |
> - Grant |
| 69 |
> |
| 70 |
> |
| 71 |
>>>>>>>> Firefox won't compile on my system due to the issue |
| 72 |
>>>>>>>> described here: |
| 73 |
>>>>>>>> |
| 74 |
>>>>>>>> http://www.gossamer-threads.com/lists/gentoo/hardened/245060 |
| 75 |
>>>>>>> |
| 76 |
>>>>>>> |
| 77 |
>>>>>>>> |
| 78 |
>>> FWIW: I had no trouble compiling Firefox 9.0 on my amd64 system |
| 79 |
>>>>>>> using the current stable 3.2.2-r1 kernel, gcc 4.5.3, |
| 80 |
>>>>>>> grsec/pax enabled. |
| 81 |
>>>>>> |
| 82 |
>>>>>> To confirm, you aren't on a hardened profile? |
| 83 |
>>>>> |
| 84 |
>>>>> I am on a hardened profile, currently using |
| 85 |
>>>>> hardened/linux/amd64/no-multilib/selinux profile, only running |
| 86 |
>>>>> stable software. |
| 87 |
>>>> |
| 88 |
>>>> I don't get it then. Does anyone know why I can't compile Firefox |
| 89 |
>>>> as described in the link above? This sums it up: |
| 90 |
>>>> |
| 91 |
>>>> "firefox-9.0 ebuild stalls at the install phase while xpcshell |
| 92 |
>>>> command tops CPU usage for hours." |
| 93 |
>>>> |
| 94 |
>>>> Although xpcshell doesn't use any CPU for me. It just sits there |
| 95 |
>>>> and the install phase doesn't proceed. |
| 96 |
>>>> |
| 97 |
>>>> - Grant |
| 98 |
>>>> |
| 99 |
>>> |
| 100 |
>>> I can compile Icecat with a customized ebuild. since it's basically |
| 101 |
>>> the same as Firefox, maybe that helps. Basically it disables jit. |
| 102 |
> |
| 103 |
> |
Archives