On Fri, Jun 10, 2005 at 09:32:55AM +0200, Arjan van de Ven wrote: > On Thu, 2005-06-09 at 21:25 -0400, Dave Jones wrote: > > On Thu, Jun 09, 2005 at 06:22:05PM -0700, Jeffrey Buell wrote: > > > In arch/i386/kernel/cpu/common.c: > > > > > > /* hack: disable SEP for non-NX cpus; SEP breaks Execshield. */ > > > #ifdef CONFIG_HIGHMEM64G > > > if (!test_bit(X86_FEATURE_NX, c->x86_capability)) > > > #endif > > > clear_bit(X86_FEATURE_SEP, c->x86_capability); > > > > > > So, in order to enable Execshield, the SEP cpu bit (sysenter/sysexit) has to > > > be turned off. But this costs a lot of performance: as much as 2.5X in > > > syscall-heavy benchmarks (e.g., process tests in lmbench). > > > > > > How permanent is this hack? Will Execshield be fixed (or removed) by FC5? > > > > It was going to be reeanbled for FC4, but due to a last minute glitch, > > (which we think we fixed), we disabled for it for the release with > > the intention of reenabling it in the first kernel update that goes > > out for FC4. > > You're confusing VDSO page with SEP. Indeed. Dave -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
