Intel 253668-032US User Manual
5-44 Vol. 3
PROTECTION
5.13.2
Execute-Disable Page Protection
The execute-disable bit in the paging structures enhances page protection for data
pages. Instructions cannot be fetched from a memory page if IA32_EFER.NXE =1
and the execute-disable bit is set in any of the paging-structure entries used to map
the page. Table 5-5 lists the valid usage of a page in relation to the value of execute-
disable bit (bit 63) of the corresponding entry in each level of the paging structures.
Execute-disable protection can be activated using the execute-disable bit at any level
of the paging structure, irrespective of the corresponding entry in other levels. When
execute-disable protection is not activated, the page can be used as code or data.
pages. Instructions cannot be fetched from a memory page if IA32_EFER.NXE =1
and the execute-disable bit is set in any of the paging-structure entries used to map
the page. Table 5-5 lists the valid usage of a page in relation to the value of execute-
disable bit (bit 63) of the corresponding entry in each level of the paging structures.
Execute-disable protection can be activated using the execute-disable bit at any level
of the paging structure, irrespective of the corresponding entry in other levels. When
execute-disable protection is not activated, the page can be used as code or data.
In legacy PAE-enabled mode, Table 5-6 and Table 5-7 show the effect of setting the
execute-disable bit for code and data pages.
execute-disable bit for code and data pages.
Table 5-5. IA-32e Mode Page Level Protection Matrix
with Execute-Disable Bit Capability
Execute Disable Bit Value (Bit 63)
Valid Usage
PML4
PDP
PDE
PTE
Bit 63 = 1 *
*
*
Data
*
Bit 63 = 1 *
*
Data
*
*
Bit 63 = 1
*
Data
*
*
*
Bit 63 = 1
Data
Bit 63 = 0 Bit 63 = 0
Bit 63 = 0
Bit 63 = 0
Data/Code
NOTES:
* Value not checked.