Change memory protection
Synopsis:
#include <sys/mman.h>
int mprotect( void * addr,
size_t len,
int prot );
Arguments:
- addr
- The beginning of the range of addresses whose protection you want to change.
- len
- The length of the range of addresses, in bytes.
- prot
- The new access capabilities for the mapped memory region(s).
You can combine the following bits, which are defined in
<sys/mman.h>:
- PROT_EXEC — the region can be executed.
Note:
In order to successfully use this flag:
- Your process must have the PROCMGR_AID_PROT_EXEC ability enabled.
- If the calling process has any privileged abilities enabled,
then any memory-mapped files in the region must be from a trusted filesystem.
For more information about trusted filesystems, see
pathtrust
in the Utilities Reference.
For more information about abilities, see
procmgr_ability().
- PROT_NOCACHE — disable caching of the region
(for example, to access dual ported memory).
- PROT_NONE — the region can't be accessed.
- PROT_READ — the region can be read.
- PROT_WRITE — the region can be written.
Note:
In order to simultaneously set
PROT_EXEC and
PROT_WRITE,
your process must have the
PROCMGR_AID_PROT_WRITE_AND_EXEC ability enabled
(in addition to
PROCMGR_AID_PROT_EXEC).
For more information, see
procmgr_ability().
Library:
libc
Use the -l c option to
qcc
to link against this library.
This library is usually included automatically.
Description:
The mprotect() function changes the access protections on any
mappings residing in the range starting at addr, and
continuing for len bytes.
Returns:
- 0
- Success.
- -1
- An error occurred
(errno is set).
Note:
If mprotect() fails,
the protections on some of the pages in the address range
starting at addr and continuing for len bytes may have been changed.
Errors:
- EACCES
- One of the following occurred:
- The memory object wasn't opened for read, regardless of the protection specified.
- The memory object wasn't opened for write, and you specified PROT_WRITE
for a MAP_SHARED type mapping.
- You specified PROT_EXEC for a memory-mapped file mapping,
the file doesn't have execute permission for the client process, and
procnto was started with the -mX option.
- EAGAIN
- The prot argument specifies PROT_WRITE on a
MAP_PRIVATE mapping, and there's insufficient memory
resources to reserve for locking the private pages (if required).
- ENOMEM
- The addresses in the range starting at addr and continuing
for len bytes are outside the range allowed for the address
space of a process, or specify one or more pages that are not mapped.
The prot argument specifies PROT_WRITE on a
MAP_PRIVATE mapping, and locking the private pages (if
required) would need more space than the system can supply to reserve for doing so.
- ENOSYS
- The function mprotect() isn't supported by this implementation.
- EPERM
- The calling process doesn't have the required permission (see
procmgr_ability()),
or it attempted to set PROT_EXEC for a region of memory covered by
an untrusted memory-mapped file.
Classification:
POSIX 1003.1
Safety: |
|
Cancellation point |
No |
Interrupt handler |
No |
Signal handler |
Yes |
Thread |
Yes |