Hello, While working on uploading DPDK to Ubuntu and Debian, we were wondering if anyone had any thoughts/opinions on enabling compiler hardening flags for the DPDK libraries and the possible performance implications.
Especially 2 of the hardening options provided on Debian/Ubuntu [1] explicitly cite performance implications: - "bind now" (ld -z now), which forces to resolve all dynamic symbols immediately at load - "stack protector" (-fstack-protector-strong), which adds safety checks against stack overwrites Any opinions? Would anyone have reservations if we enabled all of these in the packages that will be distributed in Ubuntu and Debian? Thanks! -- Kind regards, Luca Boccassi [1] https://wiki.debian.org/Hardening#Environment_variables
