On Fri, Jun 10, 2005 at 09:32:55AM +0200, Arjan van de Ven wrote:
On Thu, 2005-06-09 at 21:25 -0400, Dave Jones wrote:
> On Thu, Jun 09, 2005 at 06:22:05PM -0700, Jeffrey Buell wrote:
> > In arch/i386/kernel/cpu/common.c:
> >
> > /* hack: disable SEP for non-NX cpus; SEP breaks Execshield. */
> > #ifdef CONFIG_HIGHMEM64G
> > if (!test_bit(X86_FEATURE_NX, c->x86_capability))
> > #endif
> > clear_bit(X86_FEATURE_SEP, c->x86_capability);
> >
> > So, in order to enable Execshield, the SEP cpu bit (sysenter/sysexit) has to
> > be turned off. But this costs a lot of performance: as much as 2.5X in
> > syscall-heavy benchmarks (e.g., process tests in lmbench).
> >
> > How permanent is this hack? Will Execshield be fixed (or removed) by FC5?
>
> It was going to be reeanbled for FC4, but due to a last minute glitch,
> (which we think we fixed), we disabled for it for the release with
> the intention of reenabling it in the first kernel update that goes
> out for FC4.
You're confusing VDSO page with SEP.
Indeed.
Dave