- Red Hat Enterprise Linux 5.
- Red Hat Enterprise Linux 6.
- Red Hat Enterprise Linux 7.
- Red Hat Enterprise Linux 8.
- What is NX/XD feature ?
- How to check whether NX/XD is enabled ?
- How to enable or disable NX/XD?
NX/XD is a hardware cpu feature which is provided in almost all the hardware. Some BIOS has advanced option of enabling or disabling it.
NX stands for No eXecute and XD stands for eXecute Disable. Both are same and is a technology used in processors to prevent execution of certain types of code.
Checking the status
- If the cpu has this feature it is enabled by default , Unless it is over-ridden by
To check whether the feature is enabled on the system check the boot messages either from
/var/log/messages or from
- From the
# cat /var/log/messages | grep "Execute Disable" Feb 20 23:20:41 localhost kernel: NX (Execute Disable) protection: active
- From the
# dmesg | grep "Execute Disable" [ 0.000000] NX (Execute Disable) protection: active
It is possible for both
dmesg to have enough messages that the initial boot messages have disappeared or been rotated in which case the message will not be visible. As a workaround you can also try checking
/var/log/dmesg and in Red Hat Enterprise Linux 7 only, you can use
journalctl -b | grep 'Execute Disable'.
The NX bit status boot messages are not present in RHEL-6/RHEL-5.
- To check whether or not the CPU supports the nx feature, check
/proc/cpuinfofor the nx flag:
# cat proc/cpuinfo | grep nx | uniq flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt aes xsave avx hypervisor lahf_lm ida arat epb pln pts dts
Although we do not recommend you disable NX/XD, it is possible to explicitly enable or disable the feature using the
noexec kernel option. From the kernel source documentation:
noexec [X86] On X86-32 available only on PAE configured kernels. noexec=on: enable non-executable mappings (default) noexec=off: disable non-executable mappings
For instructions on how to modify kernel parameters, please check the following solution:
- Red Hat Enterprise Linux
- Learn more
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.