SEP bit disabled in FC

Dave Jones davej at redhat.com
Fri Jun 10 01:25:32 UTC 2005


On Thu, Jun 09, 2005 at 06:22:05PM -0700, Jeffrey Buell wrote:
 > In arch/i386/kernel/cpu/common.c:
 > 
 >         /* hack: disable SEP for non-NX cpus; SEP breaks Execshield. */
 >         #ifdef CONFIG_HIGHMEM64G
 >         if (!test_bit(X86_FEATURE_NX, c->x86_capability))
 >         #endif
 >                 clear_bit(X86_FEATURE_SEP, c->x86_capability);
 > 
 > So, in order to enable Execshield, the SEP cpu bit (sysenter/sysexit) has to
 > be turned off.  But this costs a lot of performance: as much as 2.5X in
 > syscall-heavy benchmarks (e.g., process tests in lmbench).
 > 
 > How permanent is this hack?  Will Execshield be fixed (or removed) by FC5?

It was going to be reeanbled for FC4, but due to a last minute glitch,
(which we think we fixed), we disabled for it for the release with
the intention of reenabling it in the first kernel update that goes
out for FC4.

		Dave




More information about the devel mailing list