Projects (at) Tadryanom (dot) Me

author	Tulio A M Mendes <[email protected]>
	Mon, 25 May 2026 19:57:13 +0000 (16:57 -0300)
committer	Tulio A M Mendes <[email protected]>
	Wed, 3 Jun 2026 04:02:35 +0000 (01:02 -0300)
commit	fff1d28c3ca54c461ae3c59d310d4fa111640f43
tree	3463be4fa0cc7a1b3f2001701243b5bddaf3e69d	tree \| snapshot
parent	165d81c4e29137617aff2750bbd9f0b9afb383e1	commit \| diff

kernel: implement NX (No-Execute) support via IA32_EFER.NXE

Fix A01 (W^X/NX) which was deferred due to IA32_EFER.NXE MSR instability.
Root cause: NX bit was being set in PTEs without NXE enabled, causing
undefined behavior and kernel panic.

Changes:
- boot.S: Check CPUID.0x80000001:EDX bit 20 for NX support before enabling
- boot.S: Enable IA32_EFER.NXE (MSR 0xC0000080, bit 11) if NX supported
- vmm.c: Add g_nxe_enabled flag and check_nxe_enabled() function
- vmm.c: Conditionalize X86_PTE_NX usage based on g_nxe_enabled
- vmm.c: Print NX status in vmm_init()
- Makefile: Add -cpu qemu32,+nx to expose NX support in QEMU
- smoke_test.exp: Add -cpu qemu32,+nx for testing

Behavior:
- With NX support: NXE enabled, VMM uses NX bit for non-executable pages
- Without NX support: NXE not enabled, VMM ignores VMM_FLAG_NX
- W^X now works correctly for ELF loading, mmap/mprotect, etc.

Test: 119/119 PASS (SMP=4)

Makefile		diff \| blob \| blame \| history
src/arch/x86/boot.S		diff \| blob \| blame \| history
src/arch/x86/vmm.c		diff \| blob \| blame \| history
tests/smoke_test.exp		diff \| blob \| blame \| history