NX bit
The NX bit, which stands for No-eXecute, is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (code) or for storage of data, a feature normally only found in Harvard architecture processors. However, the NX bit is being increasingly used in conventional von Neumann architecture processors, for security reasons.
An operating system with support for the NX bit may mark certain areas of memory as non-executable. The processor will then refuse to execute any code residing in these areas of memory. The general technique, known as executable space protection, is used to prevent certain types of malicious software from taking over computers by inserting their code into another program's data storage area and running their own code from within this section; one class of such attacks is known as the buffer overflow attack.
Intel markets the feature as the XD bit, for eXecute Disable. AMD uses the marketing term Enhanced Virus Protection. The ARM architecture refers to the feature as XN for eXecute Never; it was introduced in ARM v6.[1]
Hardware background
x86 processors, since the 80286, included a similar capability implemented at the segment level. However, current operating systems implementing the flat memory model cannot use this capability. There was no 'Executable' flag in the page table entry (page descriptor) in the 80386 and later x86 processors, until, to make this capability available to operating systems using the flat memory model, AMD added a "no-execute" or NX bit to the page table entry in its AMD64 architecture, providing a mechanism that can control execution per page rather than per whole segment.
The page-level mechanism has been supported for years in various other processor architectures such as DEC (now HP) Alpha, Sun SPARC, and IBM System/370-XA, System/390, z/Architecture and PowerPC. Intel implemented a similar feature in its Itanium (Merced) processor—having IA-64 architecture—in 2001, but did not bring it to the more popular x86 processor families (Pentium, Celeron, Xeon, etc.). In the x86 architecture it was first implemented by AMD, as the NX bit, for use by its AMD64 line of processors, such as the Athlon 64 and Opteron. The term NX bit itself is sometimes used to describe similar technologies in other processors.
After AMD's decision to include this functionality in its AMD64 instruction set, Intel implemented the similar XD bit feature in x86 processors beginning with the Pentium 4 processors based on later iterations of the Prescott core.[2] The NX bit specifically refers to bit number 63 (i.e. the most significant bit) of a 64-bit entry in the page table. If this bit is set to 0, then code can be executed from that page; if set to 1, code cannot be executed from that page, and anything residing there is assumed to be data. It is only available with the long mode (64-bit mode) and legacy Physical Address Extension (PAE) page table formats, but not x86's original 32-bit page table format because page table entries in that format lack the 63rd bit used to disable/enable execution.
References
- ↑ "APX and XN (execute never) bits have been added in VMSAv6 [Virtual Memory System Architecture]", ARM Architecture Reference Manual, retrieved 2009/12/01.
- ↑ "Data Execution Prevention" (PDF). Hewlett Packard. 2005. Retrieved 2014-03-23.
External links
- AMD, Intel put antivirus tech into chips
- Microsoft Interviewed on Trustworthy Computing and NX
- LKML NX Announcement
- Changes to Functionality in Microsoft Windows XP Service Pack 2 Part 3: Memory Protection Technologies
- Microsoft Security Developer Center: Windows XP SP 2: Execution Protection