Manualshelf

Intel 64 and IA-32 Architectures Software Developers Manual Volume 3A, System Programming Guide, Part 1

ManualsBrandsIntel ManualsOtherIntel Pentium 4 Processor 2.80 GHz, 512K Cache, 533 MHz FSB
171172173174175176177178179180
Vol. 3A 4-43
PROTECTION
4.13 PAGE-LEVEL PROTECTION AND EXECUTE-DISABLE
BIT
In addition to page-level protection offered by the U/S and R/W flags, enhanced PAE-
enabled paging structures (see Section 3.10.3, “Enhanced Paging Data Structures”)
provide the execute-disable bit. This bit offers additional protection for data pages.
An Intel 64 or IA-32 processor with the execute disable bit capability can prevent
data pages from being used by malicious software to execute code. This capability is
provided in:
32-bit protected mode with PAE enabled.
IA-32e mode.
While the execute disable bit capability does not introduce new instructions, it does
require operating systems to use a PAE-enabled environment and establish a page-
granular protection policy for memory pages.
If the execute disable bit of a memory page is set, that page can be used only as
data. An attempt to execute code from a memory page with the execute-disable bit
set causes a page-fault exception.
The page sizes and physical address sizes supported by execute disable bit capability
are shown in Table 4-4. Existing page-level protection mechanisms (see Section
4.11, “Page-Level Protection”) continue to apply to memory pages independent of
the execute-disable bit setting.
4.13.1 Detecting and Enabling the Execute-Disable Bit Capability
Detect the presence of the execute disable bit capability using the CPUID instruction.
CPUID.80000001H. EDX[bit 20] = 1 indicates the bit is available.
If the bit is available and PAE is enabled, enable the execute disable bit capability by
setting the IA32_EFER.NXE[bit 11] = 1. IA32_EFER is available if
CPUID.80000001H.EDX[bit 20 or 29] = 1.
Table 4-4. Page Sizes and Physical Address Sizes Supported by
Execute-Disable Bit Capability
PG Flag,
CR0
PAE Flag,
CR4
PS Flag,
PDE
CPUID Feature
Flag ECX[IA-32e] Page Size Physical Address Size
1 1 0 0 4 KBytes Implementation specific
1 1 1 0 2 MBytes Implementation specific
11 0 1 4 KBytes40 Bits
11 1 1 2 MBytes40 Bits