TheNX bit(no-execute) is a technology used inCPUsto segregate areas of avirtual address spaceto store either data or processor instructions. Anoperating systemwith support for the NX bit may mark certain areas of an address space as non-executable. The processor will then refuse to execute any code residing in these areas of the address space. The general technique, known asexecutable space protection,also calledWrite XOR Execute,is used to prevent certain types of malicious software from taking over computers by inserting their code into another program's data storage area and running their own code from within this section; one class of such attacks is known as thebuffer overflowattack.

The termNX bitoriginated withAdvanced Micro Devices(AMD), as a marketing term.Intelmarkets the feature as theXD bit(execute disable). TheMIPS architecturerefers to the feature asXI bit(execute inhibit). TheARM architecturerefers to the feature, which was introduced inARMv6,asXN(execute never).[1]The termNX bititself is sometimes used to describe similar technologies in other processors.

Architecture support

edit

x86processors, since the80286,included a similar capability implemented at thesegmentlevel. However, almost all operating systems for the80386and later x86 processors implement theflat memory model,so they cannot use this capability. There was no "Executable" flag in the page table entry (page descriptor) in those processors, until, to make this capability available to operating systems using the flat memory model, AMD added a "no-execute" or NX bit to the page table entry in itsAMD64architecture, providing a mechanism that can control execution perpagerather than per whole segment.

Intel implemented a similar feature in itsItanium(Merced) processor—havingIA-64architecture—in 2001, but did not bring it to the more popular x86 processor families (Pentium,Celeron,Xeon,etc.). In the x86 architecture it was first implemented by AMD, as theNX bit,for use by itsAMD64line of processors, such as theAthlon 64andOpteron.[2]

After AMD's decision to include this functionality in its AMD64 instruction set, Intel implemented the similar XD bit feature in x86 processors beginning with thePentium 4processors based on later iterations of the Prescott core.[3]The NX bit specifically refers to bit number 63 (i.e. the most significant bit) of a 64-bit entry in thepage table.If this bit is set to 0, then code can be executed from that page; if set to 1, code cannot be executed from that page, and anything residing there is assumed to be data. It is only available with the long mode (64-bit mode) or legacyPhysical Address Extension(PAE) page-table formats, but not x86's original 32-bit page table format because page table entries in that format lack the 64th bit used to disable and enable execution.

Windows XP SP2 and later supportData Execution Prevention(DEP).

InARMv6,a new page table entry format was introduced; it includes an "execute never" bit.[1]ForARMv8-A,VMSAv8-64 block and page descriptors, and VMSAv8-32 long-descriptor block and page descriptors, for stage 1 translations have "execute never" bits for both privileged and unprivileged modes, and block and page descriptors for stage 2 translations have a single "execute never" bit (two bits due to ARMv8.2-TTS2UXN feature); VMSAv8-32 short-descriptor translation table descriptors at level 1 have "execute never" bits for both privileged and unprivileged mode and at level 2 have a single "execute never" bit.[4]

Alpha

edit

As of the Fourth Edition of the Alpha Architecture manual,DEC(now HP)Alphahas a Fault on Execute bit in page table entries with theOpenVMS,Tru64 UNIX,and Alpha LinuxPALcode.[5]

SPARC

edit

The SPARC Reference MMU forSunSPARCversion 8 has permission values of Read Only, Read/Write, Read/Execute, and Read/Write/Execute in page table entries,[6]although not all SPARC processors have a SPARC Reference MMU.

A SPARC version 9 MMU may provide, but is not required to provide, any combination of read/write/execute permissions.[7]A Translation Table Entry in a Translation Storage Buffer in Oracle SPARC Architecture 2011, Draft D1.0.0 has separate Executable and Writable bits.[8]

PowerPC/Power ISA

edit

Page table entries forIBMPowerPC's hashed page tables have a no-execute page bit.[9]Page table entries for radix-tree page tables in the Power ISA have separate permission bits granting read/write and execute access.[10]

PA-RISC

edit

Translation lookaside buffer(TLB) entries and page table entries inPA-RISC1.1 and PA-RISC 2.0 support read-only, read/write, read/execute, and read/write/execute pages.[11][12]

Itanium

edit

TLB entries inItaniumsupport read-only, read/write, read/execute, and read/write/execute pages.[13]

z/Architecture

edit

As of the twelfth edition of thez/ArchitecturePrinciples of Operation, z/Architecture processors may support the Instruction-Execution Protection facility, which adds a bit in page table entries that controls whether instructions from a given region, segment, or page can be executed.[14]

See also

edit

References

edit
  1. ^ab"ARM Architecture Reference Manual"(PDF).ARM Limited.pp. B4-8, B4-27. Archived fromthe original(PDF)on 2009-02-06.APX and XN (execute never) bits have been added in VMSAv6 [Virtual Memory System Architecture]
  2. ^Ted Simpson; Jason Novak (24 May 2017).Hands on Virtual Computing.Cengage Learning. pp. 8–9.ISBN978-1-337-10193-6.
  3. ^"Data Execution Prevention"(PDF).Hewlett Packard. 2005.Retrieved2014-03-23.
  4. ^"ARM Architecture Reference Manual, ARMv8, for ARMv8-A architecture profile".ARM Limited. pp. D4-1779, D4-1780, D4-1781, G4-4042, G4-4043, G4-4044, G4-4054, G4-4055.
  5. ^Alpha Architecture Reference Manual(PDF)(Fourth ed.).Compaq Computer.January 2002. pp. 11–5, 17–5, 22–5.
  6. ^"The SPARC Architectural Manual, Version 8".SPARC International.p. 244.
  7. ^The SPARC Architecture Manual, Version 9(PDF).SPARC International. 1994. F.3.2 Attributes the MMU Associates with Each Mapping, p. 284.ISBN0-13-825001-4.Archived fromthe original(PDF)on 2012-01-18.
  8. ^"Oracle SPARC Architecture 2011, Draft D1.0.0"(PDF).Oracle Corporation.January 12, 2016. p. 452.
  9. ^PowerPC Operating Environment Architecture Book III, Version 2.01.IBM.December 2003. p. 31.
  10. ^"Power ISA Version 3.0".IBM. November 30, 2015. p. 1003.
  11. ^"PA-RISC 1.1 Architecture and Instruction Set Reference Manual, Third Edition"(PDF).Hewlett-Packard.February 1994. p. 3-13. Archived fromthe original(PDF)on June 7, 2011.
  12. ^Gerry Kane."PA-RISC 2.0 Architecture, Chapter 3: Addressing and Access Control"(PDF).Hewlett-Packard. p. 3-14. Archived fromthe original(PDF)on Jan 9, 2017.
  13. ^"Intel Itanium Architecture Software Developer's Manual, Volume 2: System Architecture, Revision 2.0".Intel. December 2001. p. 2:46. Archived fromthe originalon Jan 9, 2017.
  14. ^z/Architecture Principles of Operation(PDF).IBM. September 2017. p. 3-14.
edit