2 .\" Copyright (C) 2007 Michael Kerrisk <mtk-manpages@gmx.net>
3 .\" and Copyright (C) 1995 Michael Shields <shields@tembel.org>.
5 .\" Permission is granted to make and distribute verbatim copies of this
6 .\" manual provided the copyright notice and this permission notice are
7 .\" preserved on all copies.
9 .\" Permission is granted to copy and distribute modified versions of this
10 .\" manual under the conditions for verbatim copying, provided that the
11 .\" entire resulting derived work is distributed under the terms of a
12 .\" permission notice identical to this one.
14 .\" Since the Linux kernel and libraries are constantly changing, this
15 .\" manual page may be incorrect or out-of-date. The author(s) assume no
16 .\" responsibility for errors or omissions, or for damages resulting from
17 .\" the use of the information contained herein. The author(s) may not
18 .\" have taken the same level of care in the production of this manual,
19 .\" which is licensed free of charge, as they might when working
22 .\" Formatted or processed versions of this manual, if unaccompanied by
23 .\" the source, must acknowledge the copyright and author of this work.
25 .\" Modified 1996-10-22 by Eric S. Raymond <esr@thyrsus.com>
26 .\" Modified 1997-05-31 by Andries Brouwer <aeb@cwi.nl>
27 .\" Modified 2003-08-24 by Andries Brouwer <aeb@cwi.nl>
28 .\" Modified 2004-08-16 by Andi Kleen <ak@muc.de>
29 .\" 2007-06-02, mtk: Fairly substantial rewrites and additions, and
30 .\" a much improved example program.
32 .TH MPROTECT 2 2007-06-02 "Linux" "Linux Programmer's Manual"
34 mprotect \- set protection on a region of memory
37 .B #include <sys/mman.h>
39 \fBint mprotect(const void *\fIaddr\fB, size_t \fIlen\fB, int \fIprot\fB);
43 changes protection for the calling process's memory page(s)
44 containing any part of the address range in the
45 interval [\fIaddr\fP,\ \fIaddr\fP+\fIlen\fP\-1].
47 must be aligned to a page boundary.
49 If the calling process tries to access memory in a manner
50 that violates the protection, then the kernel generates a
52 signal for the process.
57 or a bitwise-or of the other values in the following list:
60 The memory cannot be accessed at all.
63 The memory can be read.
66 The memory can be modified.
69 The memory can be executed.
71 .\" Document PROT_GROWSUP and PROT_GROWSDOWN
76 On error, \-1 is returned, and
82 The memory cannot be given the specified access.
83 This can happen, for example, if you
85 a file to which you have read-only access, then ask
91 The memory cannot be accessed.
94 \fIaddr\fP is not a valid pointer,
95 or not a multiple of the system page size.
96 .\" Or: both PROT_GROWSUP and PROT_GROWSDOWN were specified in 'prot'.
99 Internal kernel structures could not be allocated.
100 Or: addresses in the range
103 are invalid for the address space of the process,
104 or specify one or more pages that are not mapped.
107 .\" SVr4 defines an additional error
108 .\" code EAGAIN. The SVr4 error conditions don't map neatly onto Linux's.
109 POSIX says that the behavior of
111 is unspecified if it is applied to a region of memory that
115 On Linux it is always legal to call
117 on any address in a process's address space (except for the
118 kernel vsyscall area).
119 In particular it can be used
120 to change existing code mappings to be writable.
124 has any effect different from
126 is architecture and kernel version dependent.
128 POSIX.1-2001 says that an implementation may permit access
129 other than that specified in
131 but at a minimum can only allow write access if
133 has been set, and must not allow any access if
137 .\" sigaction.2 refers to this example
139 The program below allocates four pages of memory, makes the third
140 of these pages read-only, and then executes a loop that walks upwards
141 through the allocated region modifying bytes.
143 An example of what we might see when running the program is the
149 Start of region: 0x804c000
150 Got SIGSEGV at address: 0x804e000
161 #include <sys/mman.h>
163 #define die(msg) do { perror(msg); exit(EXIT_FAILURE); } while (0)
168 handler(int sig, siginfo_t *si, void *unused)
170 printf("Got SIGSEGV at address: 0x%lx\\n",
171 (long) si\->si_addr);
176 main(int argc, char *argv[])
182 sa.sa_flags = SA_SIGINFO;
183 sigemptyset(&sa.sa_mask);
184 sa.sa_sigaction = handler;
185 if (sigaction(SIGSEGV, &sa, NULL) == \-1)
188 pagesize = sysconf(_SC_PAGE_SIZE);
192 /* Allocate a buffer aligned on a page boundary;
193 initial protection is PROT_READ | PROT_WRITE */
195 buffer = memalign(pagesize, 4 * pagesize);
199 printf("Start of region: 0x%lx\\n", (long) buffer);
201 if (mprotect(buffer + pagesize * 2, pagesize,
205 for (p = buffer ; ; )
208 printf("Loop completed\\n"); /* Should never happen */