On Thu, 2005-06-09 at 21:25 -0400, Dave Jones wrote: > On Thu, Jun 09, 2005 at 06:22:05PM -0700, Jeffrey Buell wrote: > > In arch/i386/kernel/cpu/common.c: > > > > /* hack: disable SEP for non-NX cpus; SEP breaks Execshield. */ > > #ifdef CONFIG_HIGHMEM64G > > if (!test_bit(X86_FEATURE_NX, c->x86_capability)) > > #endif > > clear_bit(X86_FEATURE_SEP, c->x86_capability); > > > > So, in order to enable Execshield, the SEP cpu bit (sysenter/sysexit) has to > > be turned off. But this costs a lot of performance: as much as 2.5X in > > syscall-heavy benchmarks (e.g., process tests in lmbench). > > > > How permanent is this hack? Will Execshield be fixed (or removed) by FC5? > > It was going to be reeanbled for FC4, but due to a last minute glitch, > (which we think we fixed), we disabled for it for the release with > the intention of reenabling it in the first kernel update that goes > out for FC4. You're confusing VDSO page with SEP. You can't have both SEP and the segment limit part of execshield at the same time.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
