SEP bit disabled in FC

Jeffrey Buell jbuell at
Fri Jun 10 01:22:05 UTC 2005

In arch/i386/kernel/cpu/common.c:

        /* hack: disable SEP for non-NX cpus; SEP breaks Execshield. */
        #ifdef CONFIG_HIGHMEM64G
        if (!test_bit(X86_FEATURE_NX, c->x86_capability))
                clear_bit(X86_FEATURE_SEP, c->x86_capability);

So, in order to enable Execshield, the SEP cpu bit (sysenter/sysexit) has to
be turned off.  But this costs a lot of performance: as much as 2.5X in
syscall-heavy benchmarks (e.g., process tests in lmbench).

How permanent is this hack?  Will Execshield be fixed (or removed) by FC5?
Ever?  Note that SEP is enabled in SuSE 9.3, for instance.


More information about the devel mailing list