After the thundering disinterest when I asked, I've nixed the exec-shield=2 code from rawhide's execshield patch. That leaves no meaning for the exec-shield boot/sysctl parameter except that, on x86-32 kernels only, exec-shield=0 disables segmentation hacks when NX is not available (i.e. non-PAE or ancient hardware). So I've removed it from sysctl except for x86-32. I also removed some random lingering cruft that AFAICT really didn't do anything useful any more. We've whittled execshield.patch down to where all the really crufty parts relate only to the x86-32 segmentation hack for old hardware/non-PAE. There is only one piece of code actually active on other machines/configs, and even that is used only for 32-bit x86 processes. I hope to manage to cajole Ingo into either upstreaming or punting that one thing, the different arch_get_unmapped_area algorithm used for PROT_EXEC mappings. I can't tell if it's actually of any use when we're not using the segmentation hack or not. If it is, some version of it belongs upstream. Thanks, Roland _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel