background image

5-30 Vol. 3A

PROTECTION

5.13 

PAGE-LEVEL PROTECTION AND EXECUTE-DISABLE BIT

In addition to page-level protection offered by the U/S and R/W flags, paging structures used with PAE paging and 
IA-32e paging (see Chapter 4) provide the execute-disable bit. This bit offers additional protection for data pages. 
An Intel 64 or IA-32 processor with the execute-disable bit capability can prevent data pages from being used by 
malicious software to execute code. This capability is provided in:

32-bit protected mode with PAE enabled.

IA-32e mode.

While the execute-disable bit capability does not introduce new instructions, it does require operating systems to 
use a PAE-enabled environment and establish a page-granular protection policy for memory pages. 
If the execute-disable bit of a memory page is set, that page can be used only as data. An attempt to execute code 
from a memory page with the execute-disable bit set causes a page-fault exception. 
The execute-disable capability is supported only with PAE paging and IA-32e paging. It is not supported with 32-bit 
paging. Existing page-level protection mechanisms (see Section 5.11, “Page-Level Protection”) continue to apply 
to memory pages independent of the execute-disable setting.

5.13.1 

Detecting and Enabling the Execute-Disable Capability

Software can detect the presence of the execute-disable capability using the CPUID instruction. 
CPUID.80000001H:EDX.NX [bit 20] = 1 indicates the capability is available.
If the capability is available, software can enable it by setting IA32_EFER.NXE[bit 11] to 1. IA32_EFER is available 
if CPUID.80000001H.EDX[bit 20 or 29] = 1. 
If the execute-disable capability is not available, a write to set IA32_EFER.NXE produces a #GP exception. See 
Table 5-4.

5.13.2 

Execute-Disable Page Protection

The execute-disable bit in the paging structures enhances page protection for data pages. Instructions cannot be 
fetched from a memory page if IA32_EFER.NXE =1 and the execute-disable bit is set in any of the paging-structure 
entries used to map the page. Table 5-5 lists the valid usage of a page in relation to the value of execute-disable bit 
(bit 63) of the corresponding entry in each level of the paging structures. Execute-disable protection can be acti-
vated using the execute-disable bit at any level of the paging structure, irrespective of the corresponding entry in 
other levels. When execute-disable protection is not activated, the page can be used as code or data.

Table 5-4.  Extended Feature Enable MSR (IA32_EFER)

63:12

11

10

9

8

7:1

0

Reserved

Execute-disable bit 

enable (NXE)

IA-32e mode 

active (LMA)

Reserved

IA-32e mode 

enable (LME)

Reserved

SysCall enable (SCE)