SEP bit disabled in FC
Dave Jones
davej at redhat.com
Fri Jun 10 17:04:25 UTC 2005
On Fri, Jun 10, 2005 at 09:32:55AM +0200, Arjan van de Ven wrote:
> On Thu, 2005-06-09 at 21:25 -0400, Dave Jones wrote:
> > On Thu, Jun 09, 2005 at 06:22:05PM -0700, Jeffrey Buell wrote:
> > > In arch/i386/kernel/cpu/common.c:
> > >
> > > /* hack: disable SEP for non-NX cpus; SEP breaks Execshield. */
> > > #ifdef CONFIG_HIGHMEM64G
> > > if (!test_bit(X86_FEATURE_NX, c->x86_capability))
> > > #endif
> > > clear_bit(X86_FEATURE_SEP, c->x86_capability);
> > >
> > > So, in order to enable Execshield, the SEP cpu bit (sysenter/sysexit) has to
> > > be turned off. But this costs a lot of performance: as much as 2.5X in
> > > syscall-heavy benchmarks (e.g., process tests in lmbench).
> > >
> > > How permanent is this hack? Will Execshield be fixed (or removed) by FC5?
> >
> > It was going to be reeanbled for FC4, but due to a last minute glitch,
> > (which we think we fixed), we disabled for it for the release with
> > the intention of reenabling it in the first kernel update that goes
> > out for FC4.
>
> You're confusing VDSO page with SEP.
Indeed.
Dave
More information about the fedora-devel-list
mailing list