On Thu, Jun 09, 2005 at 06:22:05PM -0700, Jeffrey Buell wrote: > In arch/i386/kernel/cpu/common.c: > > /* hack: disable SEP for non-NX cpus; SEP breaks Execshield. */ > #ifdef CONFIG_HIGHMEM64G > if (!test_bit(X86_FEATURE_NX, c->x86_capability)) > #endif > clear_bit(X86_FEATURE_SEP, c->x86_capability); > > So, in order to enable Execshield, the SEP cpu bit (sysenter/sysexit) has to > be turned off. But this costs a lot of performance: as much as 2.5X in > syscall-heavy benchmarks (e.g., process tests in lmbench). > > How permanent is this hack? Will Execshield be fixed (or removed) by FC5? It was going to be reeanbled for FC4, but due to a last minute glitch, (which we think we fixed), we disabled for it for the release with the intention of reenabling it in the first kernel update that goes out for FC4. Dave -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
