NX bit


The NX bit is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions or for storage of data, a feature normally only found in Harvard architecture processors. However, the NX bit is being increasingly used in conventional von Neumann architecture processors for security reasons.
An operating system with support for the NX bit may mark certain areas of memory as non-executable. The processor will then refuse to execute any code residing in these areas of memory. The general technique, known as executable space protection, is used to prevent certain types of malicious software from taking over computers by inserting their code into another program's data storage area and running their own code from within this section; one class of such attacks is known as the buffer overflow attack.
Intel markets the feature as the XD bit. Advanced Micro Devices uses the marketing term Enhanced Virus Protection. The ARM architecture refers to the feature, which was introduced in ARMv6, as XN. The term NX bit itself is sometimes used to describe similar technologies in other processors.

Architecture support

x86

processors, since the 80286, included a similar capability implemented at the segment level. However, almost all operating systems for the 80386 and later x86 processors implement the flat memory model, so they cannot use this capability. There was no 'Executable' flag in the page table entry in those processors, until, to make this capability available to operating systems using the flat memory model, AMD added a "no-execute" or NX bit to the page table entry in its AMD64 architecture, providing a mechanism that can control execution per page rather than per whole segment.
Intel implemented a similar feature in its Itanium processor—having IA-64 architecture—in 2001, but did not bring it to the more popular x86 processor families. In the x86 architecture it was first implemented by AMD, as the NX bit, for use by its AMD64 line of processors, such as the Athlon 64 and Opteron.
After AMD's decision to include this functionality in its AMD64 instruction set, Intel implemented the similar XD bit feature in x86 processors beginning with the Pentium 4 processors based on later iterations of the Prescott core. The NX bit specifically refers to bit number 63 of a 64-bit entry in the page table. If this bit is set to 0, then code can be executed from that page; if set to 1, code cannot be executed from that page, and anything residing there is assumed to be data. It is only available with the long mode or legacy Physical Address Extension page-table formats, but not x86's original 32-bit page table format because page table entries in that format lack the 63rd bit used to disable and enable execution.

ARM

In ARMv6, a new page table entry format was introduced; it includes an "execute never" bit. For ARMv8-A, VMSAv8-64 block and page descriptors, and VMSAv8-32 long-descriptor block and page descriptors, for stage 1 translations have "execute never" bits for both privileged and unprivileged modes, and block and page descriptors for stage 2 translations have a single "execute never" bit; VMSAv8-32 short-descriptor translation table descriptors at level 1 have "execute never" bits for both privileged and unprivileged mode and at level 2 have a single "execute never" bit.

Alpha

As of the Fourth Edition of the Alpha Architecture manual, DEC Alpha has a Fault on Execute bit in page table entries with the OpenVMS, Tru64 UNIX, and Alpha Linux PALcode.

SPARC

The SPARC Reference MMU for Sun SPARC version 8 has permission values of Read Only, Read/Write, Read/Execute, and Read/Write/Execute in page table entries, although not all SPARC processors have a SPARC Reference MMU.
A SPARC version 9 MMU may provide, but is not required to provide, any combination of read/write/execute permissions. A Translation Table Entry in a Translation Storage Buffer in Oracle SPARC Architecture 2011, Draft D1.0.0 has separate Executable and Writable bits.

PowerPC/Power ISA

Page table entries for IBM PowerPC's hashed page tables have a no-execute page bit. Page table entries for radix-tree page tables in the Power ISA have separate permission bits granting read/write and execute access.

PA-RISC

entries and page table entries in PA-RISC 1.1 and PA-RISC 2.0 support read-only, read/write, read/execute, and read/write/execute pages.

Itanium

TLB entries in Itanium support read-only, read/write, read/execute, and read/write/execute pages.

z/Architecture

As of the twelfth edition of the z/Architecture Principles of Operation, z/Architecture processors may support the Instruction-Execution Protection facility, which adds a bit in page table entries that controls whether instructions from a given region, segment, or page can be executed.