Change memory protection
Synopsis:
#include <sys/mman.h>
int mprotect( void * addr,
size_t len,
int prot );
Arguments:
- addr
- The beginning of the range of addresses whose protection you want to change.
- len
- The length of the range of addresses, in bytes.
- prot
- The new access capabilities for the mapped memory region(s).
You can combine the following bits, which are defined in
<sys/mman.h>:
- PROT_EXEC — the region can be executed.
Note: To successfully use this flag:
- Your process must have the PROCMGR_AID_PROT_EXEC ability
enabled. For more information, see procmgr_ability().
For more information about abilities, see procmgr_ability().
- PROT_NOCACHE — disable caching of the region
(for example, to access dual ported memory).
Note:
On 32- and 64-bit ARM targets,
PROT_NOCACHE causes RAM to be mapped as normal noncached, but
non-RAM to be mapped as strongly ordered device memory.
For finer control, see
shm_ctl_special().
- PROT_NONE — the region can't be accessed.
- PROT_READ — the region can be read.
- PROT_WRITE — the region can be written.
Note:
In order to simultaneously set
PROT_EXEC and
PROT_WRITE,
your process must have the
PROCMGR_AID_PROT_WRITE_AND_EXEC ability enabled
(in addition to
PROCMGR_AID_PROT_EXEC).
For more information, see
procmgr_ability().
Library:
libc
Use the -l c option to
qcc
to link against this library.
This library is usually included automatically.
Description:
The mprotect() function changes the access protections on any
mappings residing in the range starting at addr, and
continuing for len bytes.
If a MAP_ANON mapping created with the protection of PROT_NONE
is changed to have PROT_READ and/or PROT_WRITE by a call to
mprotect(), then at the time of the call the needed system RAM will be
allocated. A further mprotect() call back to PROT_NONE
will not free the memory. Instead, it needs to be unmapped to be freed.
Returns:
- 0
- Success.
- -1
- An error occurred
(errno is set).
Note:
If mprotect() fails,
the protections on some of the pages in the address range
starting at addr and continuing for len bytes may have been changed.
Errors:
- EACCES
- One of the following occurred:
- The memory object wasn't opened for read, regardless of the protection specified.
- The memory object wasn't opened for write, and you specified PROT_WRITE
for a MAP_SHARED type mapping.
- You specified PROT_EXEC for a memory-mapped file mapping,
the file doesn't have execute permission for the client process, and
procnto was started with the -mX option.
- EAGAIN
- The prot argument specifies PROT_WRITE on a
MAP_PRIVATE mapping, and there's insufficient memory
resources to reserve for locking the private pages (if required).
- ENOMEM
- The addresses in the range starting at addr and continuing
for len bytes are outside the range allowed for the address
space of a process, or specify one or more pages that are not mapped.
The prot argument specifies PROT_WRITE on a
MAP_PRIVATE mapping, and locking the private pages (if
required) would need more space than the system can supply to reserve for doing so.
There is insufficient system RAM available to convert a PROT_NONE mapping
to PROT_READ and/or PROT_WRITE.
- ENOSYS
- The function mprotect() isn't supported by this implementation.
- EPERM
- The calling process doesn't have the required permission (see
procmgr_ability()),
or it attempted to set PROT_EXEC for a region of memory covered by
an untrusted memory-mapped file.
Classification:
POSIX 1003.1
| Safety: |
|
|---|
| Cancellation point |
No |
| Interrupt handler |
No |
| Signal handler |
Yes |
| Thread |
Yes |