Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
NX bit
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{short description|Technology used in CPUs}} The '''NX bit''' ('''no-execute bit''') is a [[Central processing unit|processor]] feature that separates areas of a [[virtual address space]] (the memory layout a program uses) into sections for storing data or program instructions. An [[operating system]] supporting the NX bit can mark certain areas of the virtual address space as non-executable, preventing the processor from running any code stored there. This technique, known as [[executable space protection]] or [[Write XOR Execute]], protects computers from malicious software that attempts to insert harmful code into another program’s data storage area and execute it, such as in a [[buffer overflow]] attack. The term "NX bit" was introduced by [[Advanced Micro Devices]] (AMD) as a marketing term. [[Intel]] markets this feature as the '''XD bit''' ('''execute disable'''), while the [[MIPS architecture]] refers to it as the '''XI bit''' ('''execute inhibit'''). In the [[ARM architecture]], introduced in [[ARMv6]], it is known as '''XN''' ('''execute never''').<ref name="arm-pte">{{cite web |title=ARM Architecture Reference Manual |url=http://www.arm.com/miscPDFs/14128.pdf |archive-url=https://web.archive.org/web/20090206061248/http://arm.com/miscPDFs/14128.pdf |archive-date=2009-02-06 |publisher=[[ARM Limited]] |pages=B4{{hyp}}8, B4{{hyp}}27 |quote=APX and XN (execute never) bits have been added in VMSAv6 [Virtual Memory System Architecture]}}</ref> The term NX bit is often used broadly to describe similar executable space protection technologies in other processors. ==Architecture support== === x86 === [[x86]] processors, since the [[80286]], included a similar capability implemented at the [[memory segment|segment]] level. However, almost all operating systems for the [[80386]] and later x86 processors implement the [[flat memory model]], so they cannot use this capability. There was no "Executable" flag in the page table entry (page descriptor) in those processors, until, to make this capability available to operating systems using the flat memory model, AMD added a "no-execute" or NX bit to the page table entry in its [[AMD64]] architecture, providing a mechanism that can control execution per [[page (computer memory)|page]] rather than per whole segment. Intel implemented a similar feature in its [[Itanium]] (''Merced'') processor—having [[IA-64]] architecture—in 2001, but did not bring it to the more popular x86 processor families ([[Pentium]], [[Celeron]], [[Xeon]], etc.). In the x86 architecture it was first implemented by AMD, as the ''NX bit'', for use by its [[AMD64]] line of processors, such as the [[Athlon 64]] and [[Opteron]].<ref name="SimpsonNovak2017">{{cite book|author1=Ted Simpson|author2=Jason Novak|title=Hands on Virtual Computing|url=https://books.google.com/books?id=CZZXDgAAQBAJ&pg=PA8|date=24 May 2017|publisher=Cengage Learning|isbn=978-1-337-10193-6|pages=8–9}}</ref> After AMD's decision to include this functionality in its AMD64 instruction set, Intel implemented the similar XD bit feature in x86 processors beginning with the [[Pentium 4]] processors based on later iterations of the Prescott core.<ref>{{cite web | url = http://h10032.www1.hp.com/ctg/Manual/c00387685.pdf | title = Data Execution Prevention | year = 2005 | access-date = 2014-03-23 | publisher = Hewlett Packard }}</ref> The NX bit specifically refers to bit number 63 (i.e. the most significant bit) of a 64-bit entry in the [[page table]]. If this bit is set to 0, then code can be executed from that page; if set to 1, code cannot be executed from that page, and anything residing there is assumed to be data. It is only available with the long mode (64-bit mode) or legacy [[Physical Address Extension]] (PAE) page-table formats, but not x86's original 32-bit page table format because page table entries in that format lack the 64th bit used to disable and enable execution. Windows XP SP2 and later support [[Data Execution Prevention]] (DEP). ===ARM=== In [[ARMv6]], a new page table entry format was introduced; it includes an "execute never" bit.<ref name="arm-pte"/> For [[ARMv8-A]], VMSAv8-64 block and page descriptors, and VMSAv8-32 long-descriptor block and page descriptors, for stage 1 translations have "execute never" bits for both privileged and unprivileged modes, and block and page descriptors for stage 2 translations have a single "execute never" bit (two bits due to ARMv8.2-TTS2UXN feature); VMSAv8-32 short-descriptor translation table descriptors at level 1 have "execute never" bits for both privileged and unprivileged mode and at level 2 have a single "execute never" bit.<ref>{{cite web|url=http://infocenter.arm.com/help/topic/com.arm.doc.ddi0487a.k_10775/index.html|title=ARM Architecture Reference Manual, ARMv8, for ARMv8-A architecture profile|pages=D4{{hyp}}1779, D4{{hyp}}1780, D4{{hyp}}1781, G4{{hyp}}4042, G4{{hyp}}4043, G4{{hyp}}4044, G4{{hyp}}4054, G4{{hyp}}4055|publisher=ARM Limited}}</ref> ===Alpha=== As of the Fourth Edition of the Alpha Architecture manual, [[Digital Equipment Corporation|DEC]] (now HP) [[DEC Alpha|Alpha]] has a Fault on Execute bit in page table entries with the [[OpenVMS]], [[Tru64 UNIX]], and Alpha Linux [[PALcode]].<ref>{{cite book|url=http://download.majix.org/dec/alpha_arch_ref.pdf|title=Alpha Architecture Reference Manual|edition=Fourth|pages=11{{hyp}}5,17{{hyp}}5,22{{hyp}}5|date=January 2002|publisher=[[Compaq Computer]]}}</ref> ===SPARC=== The SPARC Reference MMU for [[Sun Microsystems|Sun]] [[SPARC]] version 8 has permission values of Read Only, Read/Write, Read/Execute, and Read/Write/Execute in page table entries,<ref>{{cite web|url=http://sparc.org/wp-content/uploads/2014/01/v8.pdf.gz|title=The SPARC Architectural Manual, Version 8|page=244|publisher=[[SPARC International]]}}</ref> although not all SPARC processors have a SPARC Reference MMU. A SPARC version 9 MMU may provide, but is not required to provide, any combination of read/write/execute permissions.<ref>{{cite book|url=http://www.sparc.org/standards/SPARCV9.pdf|title=The SPARC Architecture Manual, Version 9|at=F.3.2 Attributes the MMU Associates with Each Mapping, p. 284|publisher=SPARC International|year=1994|isbn=0-13-825001-4|archive-url=https://web.archive.org/web/20120118213535/http://www.sparc.org/standards/SPARCV9.pdf|archive-date=2012-01-18|url-status=dead}}</ref> A Translation Table Entry in a Translation Storage Buffer in Oracle SPARC Architecture 2011, Draft D1.0.0 has separate Executable and Writable bits.<ref>{{cite web|url=http://www.oracle.com/technetwork/server-storage/sun-sparc-enterprise/documentation/140521-ua2011-d096-p-ext-2306580.pdf|title=Oracle SPARC Architecture 2011, Draft D1.0.0|page=452|publisher=[[Oracle Corporation]]|date=January 12, 2016}}</ref> ===PowerPC/Power ISA=== Page table entries for [[IBM]] [[PowerPC]]'s hashed page tables have a no-execute page bit.<ref>{{cite book|title=PowerPC Operating Environment Architecture Book III, Version 2.01|date=December 2003|page=31|publisher=[[IBM]]}}</ref> Page table entries for radix-tree page tables in the Power ISA have separate permission bits granting read/write and execute access.<ref>{{cite web|url=https://openpowerfoundation.org/?resource_lib=power-isa-version-3-0|title=Power ISA Version 3.0|page=1003|publisher=IBM|date=November 30, 2015}}</ref> ===PA-RISC=== [[Translation lookaside buffer]] (TLB) entries and page table entries in [[PA-RISC]] 1.1 and PA-RISC 2.0 support read-only, read/write, read/execute, and read/write/execute pages.<ref>{{cite web|url=http://h21007.www2.hp.com/portal/download/files/unprot/parisc/pa1-1/acd.pdf|title=PA-RISC 1.1 Architecture and Instruction Set Reference Manual, Third Edition|page=3{{hyp}}13|date=February 1994|publisher=[[Hewlett-Packard]]|archive-url=https://web.archive.org/web/20110607140514/http://h21007.www2.hp.com/portal/download/files/unprot/parisc/pa1-1/acd.pdf|archive-date=June 7, 2011|url-status=dead}}</ref><ref>{{cite web|url=http://h21007.www2.hpe.com/portal/download/files/unprot/parisc20/PA_3_addressing.pdf|title=PA-RISC 2.0 Architecture, Chapter 3: Addressing and Access Control|author=Gerry Kane|page=3{{hyp}}14|publisher=Hewlett-Packard|archive-url=https://web.archive.org/web/20170109185034/http://h21007.www2.hpe.com/portal/download/files/unprot/parisc20/PA_3_addressing.pdf|archive-date=Jan 9, 2017|url-status=dead}}</ref> ===Itanium=== TLB entries in [[Itanium]] support read-only, read/write, read/execute, and read/write/execute pages.<ref>{{cite web|url=http://h21007.www2.hpe.com/portal/StaticDownload?attachment_ciid=d861e0aecd2b7110VgnVCM100000275d6e10RCRD&ciid=1cd124be1d0c7110VgnVCM100000275d6e10RCRD|title=Intel Itanium Architecture Software Developer's Manual, Volume 2: System Architecture, Revision 2.0|page=2:46|publisher=Intel|date=December 2001|archive-url=https://web.archive.org/web/20170109184919/http://h21007.www2.hpe.com/portal/StaticDownload?attachment_ciid=d861e0aecd2b7110VgnVCM100000275d6e10RCRD&ciid=1cd124be1d0c7110VgnVCM100000275d6e10RCRD|archive-date=Jan 9, 2017|url-status=dead}}</ref> ===z/Architecture=== As of the twelfth edition of the [[z/Architecture]] Principles of Operation, z/Architecture processors may support the Instruction-Execution Protection facility, which adds a bit in page table entries that controls whether instructions from a given region, segment, or page can be executed.<ref>{{cite book|url=http://publibfp.dhe.ibm.com/epubs/pdf/dz9zr011.pdf|title=z/Architecture Principles of Operation|page=3{{hyp}}14|date=September 2017|publisher=IBM}}</ref> == See also == * [[Executable space protection]] * [[W^X]] == References == {{Reflist}} == External links == * [https://www.zdnet.com/article/amd-intel-put-antivirus-tech-into-chips/ AMD, Intel put antivirus tech into chips] * [http://www.microsoft.com/technet/community/chats/trans/security/sec0212.mspx Microsoft Interviewed on Trustworthy Computing and NX] * [http://lkml.iu.edu/hypermail/linux/kernel/0406.0/0497.html LKML NX Announcement] * [http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2mempr.mspx ''Changes to Functionality in Microsoft Windows XP Service Pack 2'' Part 3: Memory Protection Technologies] * [http://msdn.microsoft.com/security/productinfo/XPSP2/memoryprotection/execprotection.aspx Microsoft Security Developer Center: Windows XP SP 2: Execution Protection] {{CPU technologies}} [[Category:Central processing unit]] [[Category:Operating system security]] [[Category:X86 architecture]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:CPU technologies
(
edit
)
Template:Cite book
(
edit
)
Template:Cite web
(
edit
)
Template:Reflist
(
edit
)
Template:Short description
(
edit
)