6

Are there any differences how hardware DEP is implemented on CPUs from different manufacturers (Intel, AMD, nVidia, Texas,...)?

Are there any significant differences how hardware DEP works on x86 and ARM?

Gilles 'SO- stop being evil'
  • 51,415
  • 13
  • 121
  • 180
StupidOne
  • 2,812
  • 22
  • 35
  • 1
    This is often called [NX bit](http://en.wikipedia.org/wiki/NX_bit) (Never eXecute) after the Intel name (the AMD name, in fact). On ARM it's the XN bit (eXecute Never). – Gilles 'SO- stop being evil' Aug 20 '12 at 17:41
  • @Gilles Actually, NX is the generic name for the technology. Each microprocessor manufacturer has a different name for it: Intel calls it XD (eXecute Disable), AMD calls it EVP (Enhanced Virus Protection), ARM has XN (eXecute Never). – Polynomial Aug 20 '12 at 18:43

1 Answers1

8

The x86-compatible CPU are aptly named: they are compatible with each other. This means that the same OS code will work on all of them. So, from the point of view of the code which runs on the processor (which includes the operating system itself), things do not vary (much) depending on the brand. Things change depending on the generation: the newer systems have the NX bit while older systems must rely on tricks with segment registers or complicated TLB/cache dances (see this answer for details).

The core concept is the same for all modern CPU: address space is split into fixed-size pages (or, if different page sizes are supported, their lengths are all multiple of a given atomic length, normally 4 or 8 kB). Access rights are enforced at a page granularity: a whole page is readable and/or writable and/or executable.

Hardware-wise, details on the implementation of the MMU can vary quite a lot, but within a rather generic framework: access rights for each page are stored in tables (the address of a master table being recorded in a specific CPU register) and cached in a dedicated structure (the TLB) for faster access. Upon every memory access, the rights for the target page are loaded from the TLB (the TLB being filled from RAM if necessary) and compared with the access type. The CPU is well aware of what kind of memory access it is doing (whether it is code execution or data read or data write). The lack of hardware support for DEP in older x86 MMU is an omission from the Intel designers of that time (circa 1982 for the 80386); it probably saved a layer of transistors somewhere. The venerable 68000 from 1979 did not include a MMU but was smart enough to advertise the access type on its connectors for each access, and it did distinguish code execution from data reads.

On ARM CPU, the same concepts are in force (it is still page-wise access rights) but the MMU table format is different from that of the x86.

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955