SEP bit disabled in FC

Jeffrey Buell jbuell at vmware.com
Fri Jun 10 01:22:05 UTC 2005


In arch/i386/kernel/cpu/common.c:

        /* hack: disable SEP for non-NX cpus; SEP breaks Execshield. */
        #ifdef CONFIG_HIGHMEM64G
        if (!test_bit(X86_FEATURE_NX, c->x86_capability))
        #endif
                clear_bit(X86_FEATURE_SEP, c->x86_capability);

So, in order to enable Execshield, the SEP cpu bit (sysenter/sysexit) has to
be turned off.  But this costs a lot of performance: as much as 2.5X in
syscall-heavy benchmarks (e.g., process tests in lmbench).

How permanent is this hack?  Will Execshield be fixed (or removed) by FC5?
Ever?  Note that SEP is enabled in SuSE 9.3, for instance.

Jeff




More information about the devel mailing list