CPUFeatures

Revision 4 as of 2010-02-18 01:05:32

Clear message

CPU Features

Two CPU features on x86-based hardware are not always available by default out of the box. Many BIOS manufacturers filter the features in a conservative attempt to help legacy operating systems that may perform strangely when these features are available.

Ubuntu can fully utilize these features, and as such, this page will attempt to describe where to find these features in BIOS, and how to turn them on.

Non-Executable Memory

Most modern CPUs protect against executing non-executable memory regions (heap, stack, etc) to help block the exploitation of security vulnerabilities. This feature is called either "eXecute-Disable" (XD) or "Non-eXecute" (NX), depending on your BIOS manufacturer.

In reading the system's /proc/cpuinfo file, the first flags line will include nx if the BIOS is not filtering the CPU feature, and the CPU is actually NX-capable. Nearly all 64-bit CPUs are NX-capable. If the flags line contains pae, usually the CPU will support NX: 

  • grep ^flags /proc/cpuinfo | head -n1 | grep ' nx '

In a Dell laptop BIOS, look under "Security" / "CPU XD Support": it should be set to "enabled". In an American Megatrends BIOS, look under "CPU Features" / "Execute Disable Bit": it should be set to "enabled".

On Ubuntu 10.04, you can check if your hardware is expected to have NX available by running the command: 

  • /usr/lib/update-notifier/check-bios-nx --verbose

As far as making use of the CPU feature once it's not disabled in the BIOS, it will automatically be used if you’re running a 64bit kernel. If you're using 32bit, you can start using it if you install the -server or -generic-pae flavor of the 32bit kernel. As a bonus, you get to address all your physical RAM if you do this too (since the "PAE" mode is the kernel mode that allows NX to work). In Ubuntu 9.10 and later, if you run 32bit kernels without PAE, you will still have the partial NX emulation. It is recommended that you use PAE if you want true NX support.

Virtualization

If your system supports hardware virtualization (INTEL-VT or AMD-V). Check the BIOS settings for enabling this feature. For more details on using KVM with hardware virtualization, see the KVM Documentation.

Reference

The expected features for a given CPU can be looked up by manufacturer: