SEP bit disabled in FC
Arjan van de Ven
arjanv at redhat.com
Fri Jun 10 07:32:55 UTC 2005
On Thu, 2005-06-09 at 21:25 -0400, Dave Jones wrote:
> On Thu, Jun 09, 2005 at 06:22:05PM -0700, Jeffrey Buell wrote:
> > In arch/i386/kernel/cpu/common.c:
> >
> > /* hack: disable SEP for non-NX cpus; SEP breaks Execshield. */
> > #ifdef CONFIG_HIGHMEM64G
> > if (!test_bit(X86_FEATURE_NX, c->x86_capability))
> > #endif
> > clear_bit(X86_FEATURE_SEP, c->x86_capability);
> >
> > So, in order to enable Execshield, the SEP cpu bit (sysenter/sysexit) has to
> > be turned off. But this costs a lot of performance: as much as 2.5X in
> > syscall-heavy benchmarks (e.g., process tests in lmbench).
> >
> > How permanent is this hack? Will Execshield be fixed (or removed) by FC5?
>
> It was going to be reeanbled for FC4, but due to a last minute glitch,
> (which we think we fixed), we disabled for it for the release with
> the intention of reenabling it in the first kernel update that goes
> out for FC4.
You're confusing VDSO page with SEP. You can't have both SEP and the
segment limit part of execshield at the same time.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20050610/ba89cb58/attachment.sig>
More information about the fedora-devel-list
mailing list