fbpx
Wikipedia

NX bit

April 11, 2024

The NX bit (no-execute) is a technology used in CPUs to segregate areas of a virtual address space to store either data or processor instructions. An operating system with support for the NX bit may mark certain areas of an address space as non-executable. The processor will then refuse to execute any code residing in these areas of the address space. The general technique, known as executable space protection, also called Write XOR Execute, is used to prevent certain types of malicious software from taking over computers by inserting their code into another program's data storage area and running their own code from within this section; one class of such attacks is known as the buffer overflow attack.

The term NX bit originated with Advanced Micro Devices (AMD), as a marketing term. Intel markets the feature as the XD bit (execute disable). The MIPS architecture refers to the feature as XI bit (execute inhibit). The ARM architecture refers to the feature, which was introduced in ARMv6, as XN (execute never).[1] The term NX bit itself is sometimes used to describe similar technologies in other processors.

Architecture support edit

x86 edit

x86 processors, since the 80286, included a similar capability implemented at the segment level. However, almost all operating systems for the 80386 and later x86 processors implement the flat memory model, so they cannot use this capability. There was no "Executable" flag in the page table entry (page descriptor) in those processors, until, to make this capability available to operating systems using the flat memory model, AMD added a "no-execute" or NX bit to the page table entry in its AMD64 architecture, providing a mechanism that can control execution per page rather than per whole segment.

Intel implemented a similar feature in its Itanium (Merced) processor—having IA-64 architecture—in 2001, but did not bring it to the more popular x86 processor families (Pentium, Celeron, Xeon, etc.). In the x86 architecture it was first implemented by AMD, as the NX bit, for use by its AMD64 line of processors, such as the Athlon 64 and Opteron.[2]

After AMD's decision to include this functionality in its AMD64 instruction set, Intel implemented the similar XD bit feature in x86 processors beginning with the Pentium 4 processors based on later iterations of the Prescott core.[3] The NX bit specifically refers to bit number 63 (i.e. the most significant bit) of a 64-bit entry in the page table. If this bit is set to 0, then code can be executed from that page; if set to 1, code cannot be executed from that page, and anything residing there is assumed to be data. It is only available with the long mode (64-bit mode) or legacy Physical Address Extension (PAE) page-table formats, but not x86's original 32-bit page table format because page table entries in that format lack the 64th bit used to disable and enable execution.

Windows XP SP2 and later support Data Execution Prevention (DEP).

ARM edit

In ARMv6, a new page table entry format was introduced; it includes an "execute never" bit.[1] For ARMv8-A, VMSAv8-64 block and page descriptors, and VMSAv8-32 long-descriptor block and page descriptors, for stage 1 translations have "execute never" bits for both privileged and unprivileged modes, and block and page descriptors for stage 2 translations have a single "execute never" bit (two bits due to ARMv8.2-TTS2UXN feature); VMSAv8-32 short-descriptor translation table descriptors at level 1 have "execute never" bits for both privileged and unprivileged mode and at level 2 have a single "execute never" bit.[4]

Alpha edit

As of the Fourth Edition of the Alpha Architecture manual, DEC (now HP) Alpha has a Fault on Execute bit in page table entries with the OpenVMS, Tru64 UNIX, and Alpha Linux PALcode.[5]

SPARC edit

The SPARC Reference MMU for Sun SPARC version 8 has permission values of Read Only, Read/Write, Read/Execute, and Read/Write/Execute in page table entries,[6] although not all SPARC processors have a SPARC Reference MMU.

A SPARC version 9 MMU may provide, but is not required to provide, any combination of read/write/execute permissions.[7] A Translation Table Entry in a Translation Storage Buffer in Oracle SPARC Architecture 2011, Draft D1.0.0 has separate Executable and Writable bits.[8]

PowerPC/Power ISA edit

Page table entries for IBM PowerPC's hashed page tables have a no-execute page bit.[9] Page table entries for radix-tree page tables in the Power ISA have separate permission bits granting read/write and execute access.[10]

PA-RISC edit

Translation lookaside buffer (TLB) entries and page table entries in PA-RISC 1.1 and PA-RISC 2.0 support read-only, read/write, read/execute, and read/write/execute pages.[11][12]

Itanium edit

TLB entries in Itanium support read-only, read/write, read/execute, and read/write/execute pages.[13]

z/Architecture edit

As of the twelfth edition of the z/Architecture Principles of Operation, z/Architecture processors may support the Instruction-Execution Protection facility, which adds a bit in page table entries that controls whether instructions from a given region, segment, or page can be executed.[14]

See also edit

References edit

  1. ^ a b (PDF). ARM Limited. pp. B4-8,B4-27. Archived from the original (PDF) on 2009-02-06. APX and XN (execute never) bits have been added in VMSAv6 [Virtual Memory System Architecture]
  2. ^ Ted Simpson; Jason Novak (24 May 2017). Hands on Virtual Computing. Cengage Learning. pp. 8–9. ISBN 978-1-337-10193-6.
  3. ^ "Data Execution Prevention" (PDF). Hewlett Packard. 2005. Retrieved 2014-03-23.
  4. ^ "ARM Architecture Reference Manual, ARMv8, for ARMv8-A architecture profile". ARM Limited. pp. D4-1779,D4-1780,D4-1781,G4-4042,G4-4043,G4-4044,G4-4054,G4-4055.
  5. ^ Alpha Architecture Reference Manual (PDF) (Fourth ed.). Compaq Computer. January 2002. pp. 11-5,17-5,22-5.
  6. ^ "The SPARC Architectural Manual, Version 8". SPARC International. p. 244.
  7. ^ (PDF). SPARC International. 1994. F.3.2 Attributes the MMU Associates with Each Mapping, p. 284. ISBN 0-13-825001-4. Archived from the original (PDF) on 2012-01-18.
  8. ^ "Oracle SPARC Architecture 2011, Draft D1.0.0" (PDF). Oracle Corporation. January 12, 2016. p. 452.
  9. ^ PowerPC Operating Environment Architecture Book III, Version 2.01. IBM. December 2003. p. 31.
  10. ^ "Power ISA Version 3.0". IBM. November 30, 2015. p. 1003.
  11. ^ (PDF). Hewlett-Packard. February 1994. p. 3-13. Archived from the original (PDF) on June 7, 2011.
  12. ^ Gerry Kane. (PDF). Hewlett-Packard. p. 3-14. Archived from the original (PDF) on Jan 9, 2017.
  13. ^ . Intel. December 2001. p. 2:46. Archived from the original on Jan 9, 2017.
  14. ^ z/Architecture Principles of Operation (PDF). IBM. September 2017. p. 3-14.

External links edit

  • AMD, Intel put antivirus tech into chips
  • Microsoft Interviewed on Trustworthy Computing and NX
  • LKML NX Announcement
  • Changes to Functionality in Microsoft Windows XP Service Pack 2 Part 3: Memory Protection Technologies
  • Microsoft Security Developer Center: Windows XP SP 2: Execution Protection

April 11, 2024
execute, technology, used, cpus, segregate, areas, virtual, address, space, store, either, data, processor, instructions, operating, system, with, support, mark, certain, areas, address, space, executable, processor, will, then, refuse, execute, code, residing. The NX bit no execute is a technology used in CPUs to segregate areas of a virtual address space to store either data or processor instructions An operating system with support for the NX bit may mark certain areas of an address space as non executable The processor will then refuse to execute any code residing in these areas of the address space The general technique known as executable space protection also called Write XOR Execute is used to prevent certain types of malicious software from taking over computers by inserting their code into another program s data storage area and running their own code from within this section one class of such attacks is known as the buffer overflow attack The term NX bit originated with Advanced Micro Devices AMD as a marketing term Intel markets the feature as the XD bit execute disable The MIPS architecture refers to the feature as XI bit execute inhibit The ARM architecture refers to the feature which was introduced in ARMv6 as XN execute never 1 The term NX bit itself is sometimes used to describe similar technologies in other processors Contents 1 Architecture support 1 1 x86 1 2 ARM 1 3 Alpha 1 4 SPARC 1 5 PowerPC Power ISA 1 6 PA RISC 1 7 Itanium 1 8 z Architecture 2 See also 3 References 4 External linksArchitecture support editx86 edit x86 processors since the 80286 included a similar capability implemented at the segment level However almost all operating systems for the 80386 and later x86 processors implement the flat memory model so they cannot use this capability There was no Executable flag in the page table entry page descriptor in those processors until to make this capability available to operating systems using the flat memory model AMD added a no execute or NX bit to the page table entry in its AMD64 architecture providing a mechanism that can control execution per page rather than per whole segment Intel implemented a similar feature in its Itanium Merced processor having IA 64 architecture in 2001 but did not bring it to the more popular x86 processor families Pentium Celeron Xeon etc In the x86 architecture it was first implemented by AMD as the NX bit for use by its AMD64 line of processors such as the Athlon 64 and Opteron 2 After AMD s decision to include this functionality in its AMD64 instruction set Intel implemented the similar XD bit feature in x86 processors beginning with the Pentium 4 processors based on later iterations of the Prescott core 3 The NX bit specifically refers to bit number 63 i e the most significant bit of a 64 bit entry in the page table If this bit is set to 0 then code can be executed from that page if set to 1 code cannot be executed from that page and anything residing there is assumed to be data It is only available with the long mode 64 bit mode or legacy Physical Address Extension PAE page table formats but not x86 s original 32 bit page table format because page table entries in that format lack the 64th bit used to disable and enable execution Windows XP SP2 and later support Data Execution Prevention DEP ARM edit In ARMv6 a new page table entry format was introduced it includes an execute never bit 1 For ARMv8 A VMSAv8 64 block and page descriptors and VMSAv8 32 long descriptor block and page descriptors for stage 1 translations have execute never bits for both privileged and unprivileged modes and block and page descriptors for stage 2 translations have a single execute never bit two bits due to ARMv8 2 TTS2UXN feature VMSAv8 32 short descriptor translation table descriptors at level 1 have execute never bits for both privileged and unprivileged mode and at level 2 have a single execute never bit 4 Alpha edit As of the Fourth Edition of the Alpha Architecture manual DEC now HP Alpha has a Fault on Execute bit in page table entries with the OpenVMS Tru64 UNIX and Alpha Linux PALcode 5 SPARC edit The SPARC Reference MMU for Sun SPARC version 8 has permission values of Read Only Read Write Read Execute and Read Write Execute in page table entries 6 although not all SPARC processors have a SPARC Reference MMU A SPARC version 9 MMU may provide but is not required to provide any combination of read write execute permissions 7 A Translation Table Entry in a Translation Storage Buffer in Oracle SPARC Architecture 2011 Draft D1 0 0 has separate Executable and Writable bits 8 PowerPC Power ISA edit Page table entries for IBM PowerPC s hashed page tables have a no execute page bit 9 Page table entries for radix tree page tables in the Power ISA have separate permission bits granting read write and execute access 10 PA RISC edit Translation lookaside buffer TLB entries and page table entries in PA RISC 1 1 and PA RISC 2 0 support read only read write read execute and read write execute pages 11 12 Itanium edit TLB entries in Itanium support read only read write read execute and read write execute pages 13 z Architecture edit As of the twelfth edition of the z Architecture Principles of Operation z Architecture processors may support the Instruction Execution Protection facility which adds a bit in page table entries that controls whether instructions from a given region segment or page can be executed 14 See also editExecutable space protectionReferences edit a b ARM Architecture Reference Manual PDF ARM Limited pp B4 8 B4 27 Archived from the original PDF on 2009 02 06 APX and XN execute never bits have been added in VMSAv6 Virtual Memory System Architecture Ted Simpson Jason Novak 24 May 2017 Hands on Virtual Computing Cengage Learning pp 8 9 ISBN 978 1 337 10193 6 Data Execution Prevention PDF Hewlett Packard 2005 Retrieved 2014 03 23 ARM Architecture Reference Manual ARMv8 for ARMv8 A architecture profile ARM Limited pp D4 1779 D4 1780 D4 1781 G4 4042 G4 4043 G4 4044 G4 4054 G4 4055 Alpha Architecture Reference Manual PDF Fourth ed Compaq Computer January 2002 pp 11 5 17 5 22 5 The SPARC Architectural Manual Version 8 SPARC International p 244 The SPARC Architecture Manual Version 9 PDF SPARC International 1994 F 3 2 Attributes the MMU Associates with Each Mapping p 284 ISBN 0 13 825001 4 Archived from the original PDF on 2012 01 18 Oracle SPARC Architecture 2011 Draft D1 0 0 PDF Oracle Corporation January 12 2016 p 452 PowerPC Operating Environment Architecture Book III Version 2 01 IBM December 2003 p 31 Power ISA Version 3 0 IBM November 30 2015 p 1003 PA RISC 1 1 Architecture and Instruction Set Reference Manual Third Edition PDF Hewlett Packard February 1994 p 3 13 Archived from the original PDF on June 7 2011 Gerry Kane PA RISC 2 0 Architecture Chapter 3 Addressing and Access Control PDF Hewlett Packard p 3 14 Archived from the original PDF on Jan 9 2017 Intel Itanium Architecture Software Developer s Manual Volume 2 System Architecture Revision 2 0 Intel December 2001 p 2 46 Archived from the original on Jan 9 2017 z Architecture Principles of Operation PDF IBM September 2017 p 3 14 External links editAMD Intel put antivirus tech into chips Microsoft Interviewed on Trustworthy Computing and NX LKML NX Announcement Changes to Functionality in Microsoft Windows XP Service Pack 2 Part 3 Memory Protection Technologies Microsoft Security Developer Center Windows XP SP 2 Execution Protection Retrieved from https en wikipedia org w index php title NX bit amp oldid 1194416020, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.