Q&A: How the NX bit relates to segment protection

Q&A: How the NX bit relates to segment protection

The following is an inquiry received by Intel Software Network Support, followed by the response provided by our Application Engineers:

Q. Segment descriptors already have code/data protection (bits 8-11). How does the NX bit relate to the segment protection mechanism?


A. Initially, looking at the protection the segment registers offer and the NX bit offers, it seems theres duplication. In fact, the type of protection is the same, but the reason the two types exist has to do with how the usages have evolved. The segment registers provide memory protection when the memory accessed is being driven through a segment-based OS, and thus the segment registers are used to drive memory access and provide protection.

The latest generation of operating systems access memory in a flat memory model, taking advantage of the larger available address space. The flat memory model completely bypasses the segment register system and now uses the Paging Unit to gain access to pages of memory. The Paging Unit did not provide memory protection until the NX bit was added. With the NX bit, the Paging Unit is able to support the type of memory protection that was previously offered via the segment registers, now to all page sizes and types.

This article contains a detailed look at using the NX bit. It discusses how the bit applies to different sizes and types of pages. It gives a very detailed view of how the bit is used to support memory protection. In a paragraph at the top of page 2, we find this quote which answers the initial question: Existing page-level protection mechanisms continue to apply to memory pages, independent of the Execute Disable Bit setting for that memory page:
Execute Disable Bit Functionality Blocks Malware Code Execution
http://www.intel.com/cd/ids/developer/asmo-na/eng/149307.htm

This article should contain the answers to any implementation-specific questions concerning the NX bit. Usage of the segment registers has been rendered obsolete due to the newer operating systems using a flat memory model.

==

Lexi S.

IntelSoftware NetworkSupport

http://www.intel.com/software

Contact us

Message Edited by intel.software.network.support on 12-02-2005 08:46 PM

1 post / 0 new
For more complete information about compiler optimizations, see our Optimization Notice.