LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware
User Name
Password
Linux - Hardware This forum is for Hardware issues.
Having trouble installing a piece of hardware? Want to know if that peripheral is compatible with Linux?

Notices

Reply
 
Search this Thread
Old 12-16-2010, 04:30 AM   #1
alan_ri
Senior Member
 
Registered: Dec 2007
Location: Croatia
Distribution: Debian GNU/Linux
Posts: 1,733
Blog Entries: 5

Rep: Reputation: 127Reputation: 127
Execute Disable Bit (nx flag)


So today I've enabled through my BIOS, CPU feature called either "eXecute-Disable" (XD) or "Non-eXecute" (NX) or EDB (Execute Disable Bit), depends on your BIOS manufacturer. I've set EDB from "Not Available" to "Available". I'm on 32 bit machine, but to get true NX support you need PAE kernel, which I didn't install for the time being.

As it is, two CPU features on x86-based hardware are not always available by default out of the box. Many BIOS manufacturers disable the features in a conservative attempt to help legacy operating systems that may perform strangely when these features are available. Ubuntu/Kubuntu can fully utilize these features and it's recommended that you enable them.
Quote:
Most modern CPUs protect against executing non-executable memory regions (heap, stack, etc) to help block the exploitation of security vulnerabilities.
In reading the system's /proc/cpuinfo file, the first flags line will include nx if the BIOS is not disabling the CPU feature, and the CPU is actually NX-capable. Nearly all 64-bit CPUs are NX-capable. If the flags line contains pae, usually the CPU will support NX:
Code:
grep ^flags /proc/cpuinfo | head -n1 | egrep --color=auto ' (pae|nx) '
On Ubuntu/Kubuntu 10.04 and later, you can check if your hardware is expected to have NX available by running the command:
Code:
/usr/bin/check-bios-nx --verbose
Quote:
As far as making use of the CPU feature once it's not disabled in the BIOS, it will automatically be used if you’re running a 64bit kernel. If you're using 32bit, you can start using it if you install the -server or -generic-pae flavor of the 32bit kernel. As a bonus, you get to address all your physical RAM if you do this too (since the "PAE" mode is the kernel mode that allows NX to work).

In Ubuntu 9.10 and later, if you run 32bit kernels without PAE, you will still have the partial NX emulation. It is required that you use PAE if you want true NX support.

If you believe you are incorrectly getting the boot-time warning, please open a bug report against the cpu-checker package, or disable the check by removing the motd module: sudo rm /etc/update-motd.d/20-cpu-checker
So, what I'm asking is whoever has nx flag enabled, do you use PAE kernel or not and did you encouter any issues whatsoever? I'm testing this feature on my laptop, so would like to get some input.

Feature 2 is hardware virtualization, but I'm not into that right now.

Last edited by alan_ri; 12-16-2010 at 04:32 AM.
 
Old 12-17-2010, 03:06 AM   #2
Electro
Guru
 
Registered: Jan 2002
Posts: 6,042

Rep: Reputation: Disabled
The NX bit is the extra feature of PAE. PAE can be disabled, but that is a register hack. Having the NX bit is not required. You can go ahead and skip the NX bit feature to use a virtual machine. I do have CONFIG_HIGHMEM in the kernel set which is PAE.

IMHO, hardware virtualization is not what it is crack up to be. I do not notice any difference in performance. What I do notice is use a hard drive that has a high throughput or better use RAID-0 or RAID-10 for good performance in a virtual machine. Using XFS as the file system helps even further. Also AMD processors are the best when using virtual machines.
 
1 members found this post helpful.
Old 12-17-2010, 03:35 AM   #3
alan_ri
Senior Member
 
Registered: Dec 2007
Location: Croatia
Distribution: Debian GNU/Linux
Posts: 1,733
Blog Entries: 5

Original Poster
Rep: Reputation: 127Reputation: 127
Thanks for the reply Electro, useful info, but I'm not into virtualization. I'm more into security features of this option.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba adds execute flag to all new files the3kgt2 Linux - Server 3 10-20-2011 12:52 PM
PHP enable xmlreader when it was compiled with the --disable--xmlreader flag jax8 Linux - Server 1 12-04-2010 06:22 AM
setuid without execute bit venmugil Linux - General 1 01-24-2010 08:57 AM
Disable execute confirmation dialog? Ken_C Linux - Newbie 5 04-16-2009 06:44 PM
Which program should I use to execute a shell script In Ubuntu 8.04 64-bit? joel.breger Linux - Newbie 4 05-26-2008 10:29 AM


All times are GMT -5. The time now is 01:45 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration