Message ID | 1389304508-10100-1-git-send-email-steven@uplinklabs.net |
---|---|
State | New |
Headers | show |
On 9 January 2014 21:55, Steven Noonan <steven@uplinklabs.net> wrote: > From: Steven Noonan <snoonan@amazon.com> > > The -fstack-protector flag family is useful for ensuring safety and for > debugging, but has a performance impact. Here's a boot time comparison between > a QEMU build of qemu-system-arm with and without the -fstack-protector-all > flag: > > # WITHOUT -fstack-protector-all > [root@localhost ~]# systemd-analyze > Startup finished in 1.744s (kernel) + 11.345s (initrd) + 47.164s (userspace) = 1min 255ms > > # WITH -fstack-protector-all > [root@localhost ~]# systemd-analyze > Startup finished in 1.843s (kernel) + 12.262s (initrd) + 1min 3.480s (userspace) = 1min 17.587s > > This is a sizable delta, and some users may wish to disable the flag. How about benchmarking the intermediate level of protection, ie just "-fstack-protector"? Maybe that's a good enough compromise between security and speed that we don't need to mess with configure... (IIRC there have been discussions before about why we have the -all variant specifically but I don't recall anybody coming up with a convincing argument.) thanks -- PMM
Il 09/01/2014 22:55, Steven Noonan ha scritto: > From: Steven Noonan <snoonan@amazon.com> > > The -fstack-protector flag family is useful for ensuring safety and for > debugging, but has a performance impact. Here's a boot time comparison between > a QEMU build of qemu-system-arm with and without the -fstack-protector-all > flag: > > # WITHOUT -fstack-protector-all > [root@localhost ~]# systemd-analyze > Startup finished in 1.744s (kernel) + 11.345s (initrd) + 47.164s (userspace) = 1min 255ms > > # WITH -fstack-protector-all > [root@localhost ~]# systemd-analyze > Startup finished in 1.843s (kernel) + 12.262s (initrd) + 1min 3.480s (userspace) = 1min 17.587s Can you try -fstack-protector-strong? Probably the right thing to do is to pick in order -fstack-protector-strong, -fstack-protector, and nothing. Paolo
On 09/01/14 5:40 PM, Paolo Bonzini wrote: > Il 09/01/2014 22:55, Steven Noonan ha scritto: >> From: Steven Noonan <snoonan@amazon.com> >> >> The -fstack-protector flag family is useful for ensuring safety and for >> debugging, but has a performance impact. Here's a boot time comparison between >> a QEMU build of qemu-system-arm with and without the -fstack-protector-all >> flag: >> >> # WITHOUT -fstack-protector-all >> [root@localhost ~]# systemd-analyze >> Startup finished in 1.744s (kernel) + 11.345s (initrd) + 47.164s (userspace) = 1min 255ms >> >> # WITH -fstack-protector-all >> [root@localhost ~]# systemd-analyze >> Startup finished in 1.843s (kernel) + 12.262s (initrd) + 1min 3.480s (userspace) = 1min 17.587s > > Can you try -fstack-protector-strong? > > Probably the right thing to do is to pick in order > -fstack-protector-strong, -fstack-protector, and nothing. +1
On Thu, Jan 09, 2014 at 06:18:07PM -0500, Brad Smith wrote: > On 09/01/14 5:40 PM, Paolo Bonzini wrote: > >Il 09/01/2014 22:55, Steven Noonan ha scritto: > >>From: Steven Noonan <snoonan@amazon.com> > >> > >>The -fstack-protector flag family is useful for ensuring safety and for > >>debugging, but has a performance impact. Here's a boot time comparison between > >>a QEMU build of qemu-system-arm with and without the -fstack-protector-all > >>flag: > >> > >> # WITHOUT -fstack-protector-all > >> [root@localhost ~]# systemd-analyze > >> Startup finished in 1.744s (kernel) + 11.345s (initrd) + 47.164s (userspace) = 1min 255ms > >> > >> # WITH -fstack-protector-all > >> [root@localhost ~]# systemd-analyze > >> Startup finished in 1.843s (kernel) + 12.262s (initrd) + 1min 3.480s (userspace) = 1min 17.587s > > > >Can you try -fstack-protector-strong? > > > >Probably the right thing to do is to pick in order > >-fstack-protector-strong, -fstack-protector, and nothing. > > +1 > I think there should still be an option to turn it off, but I agree that there are probably better flags than -fstack-protector-all. I'll try those out and post an update here probably later this evening.
diff --git a/configure b/configure index 07b6be3..c091cdf 100755 --- a/configure +++ b/configure @@ -147,6 +147,7 @@ audio_win_int="" cc_i386=i386-pc-linux-gnu-gcc libs_qga="" debug_info="yes" +stack_protector="yes" # Don't accept a target_list environment variable. unset target_list @@ -879,6 +880,10 @@ for opt do ;; --disable-werror) werror="no" ;; + --enable-stack-protector) stack_protector="yes" + ;; + --disable-stack-protector) stack_protector="no" + ;; --disable-curses) curses="no" ;; --enable-curses) curses="yes" @@ -1117,6 +1122,7 @@ echo " --enable-sparse enable sparse checker" echo " --disable-sparse disable sparse checker (default)" echo " --disable-strip disable stripping binaries" echo " --disable-werror disable compilation abort on warning" +echo " --disable-stack-protector disable GCC-provided stack protection" echo " --disable-sdl disable SDL" echo " --enable-sdl enable SDL" echo " --disable-gtk disable gtk UI" @@ -1298,9 +1304,11 @@ for flag in $gcc_flags; do fi done -if compile_prog "-Werror -fstack-protector-all" "" ; then +if test "$stack_protector" = "yes" ; then + if compile_prog "-Werror -fstack-protector-all" "" ; then QEMU_CFLAGS="$QEMU_CFLAGS -fstack-protector-all" LIBTOOLFLAGS="$LIBTOOLFLAGS -Wc,-fstack-protector-all" + fi fi # Workaround for http://gcc.gnu.org/PR55489. Happens with -fPIE/-fPIC and