One of the longest living patchsets we’ve carried in the Fedora kernel is that of execshield. Over time, bits of it have gone upstream (in particular, some of the randomisation bits). In F11, it’s still a 1000 line 30K diff, touching all manner of core kernel functionality. To try and get more of it pushed upstream, I’ve been working on splitting it up into its component parts.

The current state of the diffs is at http://www.codemonkey.org.uk/projects/execshield/.

The emulate-NX-with-segment-limits chunk is unlikely to ever go upstream. A bit of a shame given it’s the largest part of execshield remaining. Linus wasn’t thrilled by it, and it is a pretty nasty hack.
Also, with modern CPUs having hardware-NX, it becomes less useful over time. (Though we still need to carry it judging by the number of old-school 686 users we still have).

So if we do have to keep execshield, we should at least try to make it cleaner and smaller. Every time I poke at it, I manage to shave off another hundred lines or so.