[thirdparty/man-pages.git] / man2 / mprotect.2

.\" Copyright (C) 2007 Michael Kerrisk <mtk.manpages@gmail.com>
.\" and Copyright (C) 1995 Michael Shields <shields@tembel.org>.
.\"
.\" %%%LICENSE_START(VERBATIM)
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are
.\" preserved on all copies.
.\"
.\" Permission is granted to copy and distribute modified versions of this
.\" manual under the conditions for verbatim copying, provided that the
.\" entire resulting derived work is distributed under the terms of a
.\" permission notice identical to this one.
.\"
.\" Since the Linux kernel and libraries are constantly changing, this
.\" manual page may be incorrect or out-of-date.  The author(s) assume no
.\" responsibility for errors or omissions, or for damages resulting from
.\" the use of the information contained herein.  The author(s) may not
.\" have taken the same level of care in the production of this manual,
.\" which is licensed free of charge, as they might when working
.\" professionally.
.\"
.\" Formatted or processed versions of this manual, if unaccompanied by
.\" the source, must acknowledge the copyright and author of this work.
.\" %%%LICENSE_END
.\"
.\" Modified 1996-10-22 by Eric S. Raymond <esr@thyrsus.com>
.\" Modified 1997-05-31 by Andries Brouwer <aeb@cwi.nl>
.\" Modified 2003-08-24 by Andries Brouwer <aeb@cwi.nl>
.\" Modified 2004-08-16 by Andi Kleen <ak@muc.de>
.\" 2007-06-02, mtk: Fairly substantial rewrites and additions, and
.\" a much improved example program.
.\"
.TH MPROTECT 2 2019-03-06 "Linux" "Linux Programmer's Manual"
.SH NAME
mprotect, pkey_mprotect \- set protection on a region of memory
.SH SYNOPSIS
.nf
.B #include <sys/mman.h>
.PP
.BI "int mprotect(void *" addr ", size_t " len ", int " prot );
.BI "int pkey_mprotect(void *" addr ", size_t " len ", int " prot ", int " pkey ");
.fi
.SH DESCRIPTION
.BR mprotect ()
changes the access protections for the calling process's memory pages
containing any part of the address range in the
interval [\fIaddr\fP,\ \fIaddr\fP+\fIlen\fP\-1].
.I addr
must be aligned to a page boundary.
.PP
If the calling process tries to access memory in a manner
that violates the protections, then the kernel generates a
.B SIGSEGV
signal for the process.
.PP
.I prot
is a combination of the following access flags:
.B PROT_NONE
or a bitwise-or of the other values in the following list:
.TP 1.1i
.B PROT_NONE
The memory cannot be accessed at all.
.TP
.B PROT_READ
The memory can be read.
.TP
.B PROT_WRITE
The memory can be modified.
.TP
.B PROT_EXEC
The memory can be executed.
.TP
.BR PROT_SEM " (since Linux 2.5.7)"
The memory can be used for atomic operations.
This flag was introduced as part of the
.BR futex (2)
implementation (in order to guarantee the ability to perform atomic
operations required by commands such as
.BR FUTEX_WAIT ),
but is not currently used in on any architecture.
.TP
.BR PROT_SAO " (since Linux 2.6.26)"
.\" commit aba46c5027cb59d98052231b36efcbbde9c77a1d
.\" commit ef3d3246a0d06be622867d21af25f997aeeb105f
The memory should have strong access ordering.
This feature is specific to
the PowerPC architecture
(version 2.06 of the architecture specification adds the SAO CPU feature,
and it is available on POWER 7 or PowerPC A2, for example).
.PP
Additionally (since Linux 2.6.0),
.I prot
can have one of the following flags set:
.TP 1.1i
.\" mm/mmap.c:
.\"	vm_flags |= calc_vm_prot_bits(prot, pkey) | calc_vm_flag_bits(flags) |
.\"			mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
.\" And calc_vm_flag_bits converts only GROWSDOWN/DENYWRITE/LOCKED.
.B PROT_GROWSUP
Apply the protection mode up to the end of a mapping
that grows upwards.
(Such mappings are created for the stack area on
architectures\(emfor example, HP-PARISC\(emthat
have an upwardly growing stack.)
.\" The VMA is one that was marked with VM_GROWSUP by the kernel
.\" when the stack was created. Note that (unlike VM_GROWSDOWN),
.\" there is no mmap() flag (analogous to MAP_GROWSDOWN) for
.\" creating a VMA that is marked VM_GROWSUP.
.TP
.B PROT_GROWSDOWN
Apply the protection mode down to the beginning of a mapping
that grows downward
(which should be a stack segment or a segment mapped with the
.B MAP_GROWSDOWN
flag set).
.PP
Like
.BR mprotect (),
.BR pkey_mprotect ()
changes the protection on the pages specified by
.IR addr
and
.IR len .
The
.I pkey
argument specifies the protection key (see
.BR pkeys (7))
to assign to the memory.
The protection key must be allocated with
.BR pkey_alloc (2)
before it is passed to
.BR pkey_mprotect ().
For an example of the use of this system call, see
.BR pkeys (7).
.SH RETURN VALUE
On success,
.BR mprotect ()
and
.BR pkey_mprotect ()
return zero.
On error, these system calls return \-1, and
.I errno
is set appropriately.
.SH ERRORS
.TP
.B EACCES
The memory cannot be given the specified access.
This can happen, for example, if you
.BR mmap (2)
a file to which you have read-only access, then ask
.BR mprotect ()
to mark it
.BR PROT_WRITE .
.TP
.B EINVAL
\fIaddr\fP is not a valid pointer,
or not a multiple of the system page size.
.TP
.BR EINVAL
.RB ( pkey_mprotect ())
\fIpkey\fP has not been allocated with
.BR pkey_alloc (2)
.TP
.BR EINVAL
Both
.BR PROT_GROWSUP
and
.BR PROT_GROWSDOWN
were specified in
.IR prot .
.TP
.BR EINVAL
Invalid flags specified in
.IR prot .
.TP
.BR EINVAL
(PowerPC architecture)
.B PROT_SAO
was specified in
.IR prot ,
but SAO hardware feature is not available.
.TP
.B ENOMEM
Internal kernel structures could not be allocated.
.TP
.B ENOMEM
Addresses in the range
.RI [ addr ,
.IR addr + len \-1]
are invalid for the address space of the process,
or specify one or more pages that are not mapped.
(Before kernel 2.4.19, the error
.BR EFAULT
was incorrectly produced for these cases.)
.TP
.B ENOMEM
Changing the protection of a memory region would result in the total number of
mappings with distinct attributes (e.g., read versus read/write protection)
exceeding the allowed maximum.
.\" I.e., the number of VMAs would exceed the 64 kB maximum
(For example, making the protection of a range
.BR PROT_READ
in the middle of a region currently protected as
.BR PROT_READ|PROT_WRITE
would result in three mappings:
two read/write mappings at each end and a read-only mapping in the middle.)
.SH VERSIONS
.BR pkey_mprotect ()
first appeared in Linux 4.9;
library support was added in glibc 2.27.
.SH CONFORMING TO
.BR mprotect ():
POSIX.1-2001, POSIX.1-2008, SVr4.
.\" SVr4 defines an additional error
.\" code EAGAIN. The SVr4 error conditions don't map neatly onto Linux's.
POSIX says that the behavior of
.BR mprotect ()
is unspecified if it is applied to a region of memory that
was not obtained via
.BR mmap (2).
.PP
.BR pkey_mprotect ()
is a nonportable Linux extension.
.SH NOTES
On Linux, it is always permissible to call
.BR mprotect ()
on any address in a process's address space (except for the
kernel vsyscall area).
In particular, it can be used
to change existing code mappings to be writable.
.PP
Whether
.B PROT_EXEC
has any effect different from
.B PROT_READ
depends on processor architecture, kernel version, and process state.
If
.B READ_IMPLIES_EXEC
is set in the process's personality flags (see
.BR personality (2)),
specifying
.B PROT_READ
will implicitly add
.BR PROT_EXEC .
.PP
On some hardware architectures (e.g., i386),
.B PROT_WRITE
implies
.BR PROT_READ .
.PP
POSIX.1 says that an implementation may permit access
other than that specified in
.IR prot ,
but at a minimum can allow write access only if
.B PROT_WRITE
has been set, and must not allow any access if
.B PROT_NONE
has been set.
.PP
Applications should be careful when mixing use of
.BR mprotect ()
and
.BR pkey_mprotect ().
On x86, when
.BR mprotect ()
is used with
.IR prot
set to
.B PROT_EXEC
a pkey is may be allocated and set on the memory implicitly
by the kernel, but only when the pkey was 0 previously.
.PP
On systems that do not support protection keys in hardware,
.BR pkey_mprotect ()
may still be used, but
.IR pkey
must be set to -1.
When called this way, the operation of
.BR pkey_mprotect ()
is equivalent to
.BR mprotect ().
.SH EXAMPLE
.\" sigaction.2 refers to this example
.PP
The program below demonstrates the use of
.BR mprotect ().
The program allocates four pages of memory, makes the third
of these pages read-only, and then executes a loop that walks upward
through the allocated region modifying bytes.
.PP
An example of what we might see when running the program is the
following:
.PP
.in +4n
.EX
.RB "$" " ./a.out"
Start of region:        0x804c000
Got SIGSEGV at address: 0x804e000
.EE
.in
.SS Program source
\&
.EX
#include <unistd.h>
#include <signal.h>
#include <stdio.h>
#include <malloc.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/mman.h>

#define handle_error(msg) \e
    do { perror(msg); exit(EXIT_FAILURE); } while (0)

static char *buffer;

static void
handler(int sig, siginfo_t *si, void *unused)
{
    /* Note: calling printf() from a signal handler is not safe
       (and should not be done in production programs), since
       printf() is not async\-signal\-safe; see signal-safety(7).
       Nevertheless, we use printf() here as a simple way of
       showing that the handler was called. */

    printf("Got SIGSEGV at address: 0x%lx\en",
            (long) si\->si_addr);
    exit(EXIT_FAILURE);
}

int
main(int argc, char *argv[])
{
    char *p;
    int pagesize;
    struct sigaction sa;

    sa.sa_flags = SA_SIGINFO;
    sigemptyset(&sa.sa_mask);
    sa.sa_sigaction = handler;
    if (sigaction(SIGSEGV, &sa, NULL) == \-1)
        handle_error("sigaction");

    pagesize = sysconf(_SC_PAGE_SIZE);
    if (pagesize == \-1)
        handle_error("sysconf");

    /* Allocate a buffer aligned on a page boundary;
       initial protection is PROT_READ | PROT_WRITE */

    buffer = memalign(pagesize, 4 * pagesize);
    if (buffer == NULL)
        handle_error("memalign");

    printf("Start of region:        0x%lx\en", (long) buffer);

    if (mprotect(buffer + pagesize * 2, pagesize,
                PROT_READ) == \-1)
        handle_error("mprotect");

    for (p = buffer ; ; )
        *(p++) = \(aqa\(aq;

    printf("Loop completed\en");     /* Should never happen */
    exit(EXIT_SUCCESS);
}
.EE
.SH SEE ALSO
.BR mmap (2),
.BR sysconf (3),
.BR pkeys (7)
Commit	Line	Data
c11b1abf	1	.\" Copyright (C) 2007 Michael Kerrisk <mtk.manpages@gmail.com>
2a5e0dcd	2	.\" and Copyright (C) 1995 Michael Shields <shields@tembel.org>.
fea681da	3	.\"
93015253	4	.\" %%%LICENSE_START(VERBATIM)
fea681da MK	5	.\" Permission is granted to make and distribute verbatim copies of this
	6	.\" manual provided the copyright notice and this permission notice are
	7	.\" preserved on all copies.
	8	.\"
	9	.\" Permission is granted to copy and distribute modified versions of this
	10	.\" manual under the conditions for verbatim copying, provided that the
	11	.\" entire resulting derived work is distributed under the terms of a
	12	.\" permission notice identical to this one.
c13182ef	13	.\"
fea681da MK	14	.\" Since the Linux kernel and libraries are constantly changing, this
	15	.\" manual page may be incorrect or out-of-date. The author(s) assume no
	16	.\" responsibility for errors or omissions, or for damages resulting from
	17	.\" the use of the information contained herein. The author(s) may not
	18	.\" have taken the same level of care in the production of this manual,
	19	.\" which is licensed free of charge, as they might when working
	20	.\" professionally.
c13182ef	21	.\"
fea681da MK	22	.\" Formatted or processed versions of this manual, if unaccompanied by
fea681da MK	23	.\" the source, must acknowledge the copyright and author of this work.
4b72fb64	24	.\" %%%LICENSE_END
fea681da MK	25	.\"
	26	.\" Modified 1996-10-22 by Eric S. Raymond <esr@thyrsus.com>
	27	.\" Modified 1997-05-31 by Andries Brouwer <aeb@cwi.nl>
	28	.\" Modified 2003-08-24 by Andries Brouwer <aeb@cwi.nl>
	29	.\" Modified 2004-08-16 by Andi Kleen <ak@muc.de>
2a5e0dcd MK	30	.\" 2007-06-02, mtk: Fairly substantial rewrites and additions, and
2a5e0dcd MK	31	.\" a much improved example program.
bea08fec	32	.\"
9ba01802	33	.TH MPROTECT 2 2019-03-06 "Linux" "Linux Programmer's Manual"
fea681da	34	.SH NAME
d800ae65	35	mprotect, pkey_mprotect \- set protection on a region of memory
fea681da MK	36	.SH SYNOPSIS
	37	.nf
	38	.B #include <sys/mman.h>
68e4db0a	39	.PP
a2f11be3	40	.BI "int mprotect(void *" addr ", size_t " len ", int " prot );
d800ae65	41	.BI "int pkey_mprotect(void *" addr ", size_t " len ", int " prot ", int " pkey ");
fea681da MK	42	.fi
fea681da MK	43	.SH DESCRIPTION
e511ffb6	44	.BR mprotect ()
93d210fd	45	changes the access protections for the calling process's memory pages
988db661	46	containing any part of the address range in the
657e762d	47	interval [\fIaddr\fP,\ \fIaddr\fP+\fIlen\fP\-1].
2a5e0dcd MK	48	.I addr
2a5e0dcd MK	49	must be aligned to a page boundary.
efeece04	50	.PP
2a5e0dcd	51	If the calling process tries to access memory in a manner
93d210fd	52	that violates the protections, then the kernel generates a
2a5e0dcd MK	53	.B SIGSEGV
2a5e0dcd MK	54	signal for the process.
fea681da MK	55	.PP
fea681da MK	56	.I prot
a9799e8a	57	is a combination of the following access flags:
2a5e0dcd MK	58	.B PROT_NONE
2a5e0dcd MK	59	or a bitwise-or of the other values in the following list:
fea681da MK	60	.TP 1.1i
	61	.B PROT_NONE
	62	The memory cannot be accessed at all.
	63	.TP
	64	.B PROT_READ
	65	The memory can be read.
	66	.TP
	67	.B PROT_WRITE
2a5e0dcd	68	The memory can be modified.
fea681da MK	69	.TP
fea681da MK	70	.B PROT_EXEC
fc15ae54	71	The memory can be executed.
a9799e8a ES	72	.TP
a9799e8a ES	73	.BR PROT_SEM " (since Linux 2.5.7)"
be232513	74	The memory can be used for atomic operations.
d88d01c6	75	This flag was introduced as part of the
a9799e8a	76	.BR futex (2)
d88d01c6 MK	77	implementation (in order to guarantee the ability to perform atomic
d88d01c6 MK	78	operations required by commands such as
a9799e8a	79	.BR FUTEX_WAIT ),
d88d01c6	80	but is not currently used in on any architecture.
a9799e8a ES	81	.TP
a9799e8a ES	82	.BR PROT_SAO " (since Linux 2.6.26)"
d88d01c6 MK	83	.\" commit aba46c5027cb59d98052231b36efcbbde9c77a1d
d88d01c6 MK	84	.\" commit ef3d3246a0d06be622867d21af25f997aeeb105f
be232513 MK	85	The memory should have strong access ordering.
be232513 MK	86	This feature is specific to
d88d01c6 MK	87	the PowerPC architecture
d88d01c6 MK	88	(version 2.06 of the architecture specification adds the SAO CPU feature,
be232513	89	and it is available on POWER 7 or PowerPC A2, for example).
a9799e8a ES	90	.PP
	91	Additionally (since Linux 2.6.0),
	92	.I prot
	93	can have one of the following flags set:
	94	.TP 1.1i
	95	.\" mm/mmap.c:
	96	.\" vm_flags \|= calc_vm_prot_bits(prot, pkey) \| calc_vm_flag_bits(flags) \|
	97	.\" mm->def_flags \| VM_MAYREAD \| VM_MAYWRITE \| VM_MAYEXEC;
	98	.\" And calc_vm_flag_bits converts only GROWSDOWN/DENYWRITE/LOCKED.
	99	.B PROT_GROWSUP
d88d01c6 MK	100	Apply the protection mode up to the end of a mapping
	101	that grows upwards.
	102	(Such mappings are created for the stack area on
	103	architectures\(emfor example, HP-PARISC\(emthat
	104	have an upwardly growing stack.)
	105	.\" The VMA is one that was marked with VM_GROWSUP by the kernel
	106	.\" when the stack was created. Note that (unlike VM_GROWSDOWN),
	107	.\" there is no mmap() flag (analogous to MAP_GROWSDOWN) for
	108	.\" creating a VMA that is marked VM_GROWSUP.
a9799e8a ES	109	.TP
a9799e8a ES	110	.B PROT_GROWSDOWN
d88d01c6 MK	111	Apply the protection mode down to the beginning of a mapping
	112	that grows downward
	113	(which should be a stack segment or a segment mapped with the
a9799e8a	114	.B MAP_GROWSDOWN
d88d01c6	115	flag set).
d800ae65	116	.PP
9e7d6be1 MK	117	Like
	118	.BR mprotect (),
	119	.BR pkey_mprotect ()
	120	changes the protection on the pages specified by
	121	.IR addr
	122	and
	123	.IR len .
	124	The
d800ae65	125	.I pkey
9e7d6be1	126	argument specifies the protection key (see
31e0cc44	127	.BR pkeys (7))
9e7d6be1 MK	128	to assign to the memory.
9e7d6be1 MK	129	The protection key must be allocated with
d800ae65 DH	130	.BR pkey_alloc (2)
	131	before it is passed to
	132	.BR pkey_mprotect ().
9e7d6be1	133	For an example of the use of this system call, see
31e0cc44	134	.BR pkeys (7).
47297adb	135	.SH RETURN VALUE
fea681da	136	On success,
e511ffb6	137	.BR mprotect ()
d800ae65 DH	138	and
	139	.BR pkey_mprotect ()
	140	return zero.
9e7d6be1	141	On error, these system calls return \-1, and
fea681da MK	142	.I errno
	143	is set appropriately.
	144	.SH ERRORS
	145	.TP
	146	.B EACCES
c13182ef MK	147	The memory cannot be given the specified access.
c13182ef MK	148	This can happen, for example, if you
fea681da MK	149	.BR mmap (2)
fea681da MK	150	a file to which you have read-only access, then ask
e511ffb6	151	.BR mprotect ()
fea681da MK	152	to mark it
	153	.BR PROT_WRITE .
	154	.TP
fea681da	155	.B EINVAL
a8d55537	156	\fIaddr\fP is not a valid pointer,
2a5e0dcd	157	or not a multiple of the system page size.
9e7d6be1 MK	158	.TP
	159	.BR EINVAL
	160	.RB ( pkey_mprotect ())
	161	\fIpkey\fP has not been allocated with
d800ae65	162	.BR pkey_alloc (2)
a9799e8a ES	163	.TP
	164	.BR EINVAL
	165	Both
be232513 MK	166	.BR PROT_GROWSUP
	167	and
	168	.BR PROT_GROWSDOWN
a9799e8a ES	169	were specified in
	170	.IR prot .
	171	.TP
	172	.BR EINVAL
d88d01c6	173	Invalid flags specified in
a9799e8a ES	174	.IR prot .
	175	.TP
	176	.BR EINVAL
	177	(PowerPC architecture)
	178	.B PROT_SAO
d88d01c6	179	was specified in
a9799e8a ES	180	.IR prot ,
a9799e8a ES	181	but SAO hardware feature is not available.
fea681da MK	182	.TP
fea681da MK	183	.B ENOMEM
c13182ef	184	Internal kernel structures could not be allocated.
22b22831 MK	185	.TP
	186	.B ENOMEM
	187	Addresses in the range
f8ad0aeb	188	.RI [ addr ,
da2336b3	189	.IR addr + len \-1]
f8ad0aeb MK	190	are invalid for the address space of the process,
f8ad0aeb MK	191	or specify one or more pages that are not mapped.
22b22831 MK	192	(Before kernel 2.4.19, the error
	193	.BR EFAULT
	194	was incorrectly produced for these cases.)
4607213d MK	195	.TP
	196	.B ENOMEM
	197	Changing the protection of a memory region would result in the total number of
	198	mappings with distinct attributes (e.g., read versus read/write protection)
	199	exceeding the allowed maximum.
ee8655b5	200	.\" I.e., the number of VMAs would exceed the 64 kB maximum
4607213d MK	201	(For example, making the protection of a range
	202	.BR PROT_READ
	203	in the middle of a region currently protected as
	204	.BR PROT_READ\|PROT_WRITE
	205	would result in three mappings:
	206	two read/write mappings at each end and a read-only mapping in the middle.)
f74aed0e MK	207	.SH VERSIONS
f74aed0e MK	208	.BR pkey_mprotect ()
fe110bff MK	209	first appeared in Linux 4.9;
fe110bff MK	210	library support was added in glibc 2.27.
47297adb	211	.SH CONFORMING TO
8f5484f8	212	.BR mprotect ():
c22f5880	213	POSIX.1-2001, POSIX.1-2008, SVr4.
2b2581ee MK	214	.\" SVr4 defines an additional error
2b2581ee MK	215	.\" code EAGAIN. The SVr4 error conditions don't map neatly onto Linux's.
d9bfdb9c	216	POSIX says that the behavior of
2b2581ee	217	.BR mprotect ()
2a5e0dcd MK	218	is unspecified if it is applied to a region of memory that
2a5e0dcd MK	219	was not obtained via
2b2581ee	220	.BR mmap (2).
efeece04	221	.PP
8f5484f8 MK	222	.BR pkey_mprotect ()
8f5484f8 MK	223	is a nonportable Linux extension.
2b2581ee	224	.SH NOTES
329ad271	225	On Linux, it is always permissible to call
2b2581ee	226	.BR mprotect ()
fc7ba057	227	on any address in a process's address space (except for the
2b2581ee	228	kernel vsyscall area).
3a06e3f7	229	In particular, it can be used
2b2581ee	230	to change existing code mappings to be writable.
efeece04	231	.PP
2b2581ee MK	232	Whether
	233	.B PROT_EXEC
	234	has any effect different from
	235	.B PROT_READ
28d01ac4 MK	236	depends on processor architecture, kernel version, and process state.
28d01ac4 MK	237	If
b22b377b MS	238	.B READ_IMPLIES_EXEC
	239	is set in the process's personality flags (see
	240	.BR personality (2)),
	241	specifying
	242	.B PROT_READ
	243	will implicitly add
d8012462	244	.BR PROT_EXEC .
efeece04	245	.PP
34ccb744	246	On some hardware architectures (e.g., i386),
0daa9e92	247	.B PROT_WRITE
f3edaabb MK	248	implies
f3edaabb MK	249	.BR PROT_READ .
efeece04	250	.PP
c22f5880	251	POSIX.1 says that an implementation may permit access
2a5e0dcd MK	252	other than that specified in
2a5e0dcd MK	253	.IR prot ,
33a0ccb2	254	but at a minimum can allow write access only if
2a5e0dcd MK	255	.B PROT_WRITE
	256	has been set, and must not allow any access if
	257	.B PROT_NONE
	258	has been set.
efeece04	259	.PP
d800ae65 DH	260	Applications should be careful when mixing use of
	261	.BR mprotect ()
	262	and
9e7d6be1	263	.BR pkey_mprotect ().
d800ae65 DH	264	On x86, when
	265	.BR mprotect ()
	266	is used with
	267	.IR prot
	268	set to
	269	.B PROT_EXEC
	270	a pkey is may be allocated and set on the memory implicitly
	271	by the kernel, but only when the pkey was 0 previously.
efeece04	272	.PP
d800ae65 DH	273	On systems that do not support protection keys in hardware,
	274	.BR pkey_mprotect ()
	275	may still be used, but
	276	.IR pkey
a4a0b742	277	must be set to -1.
d800ae65 DH	278	When called this way, the operation of
	279	.BR pkey_mprotect ()
	280	is equivalent to
	281	.BR mprotect ().
fea681da	282	.SH EXAMPLE
2720c2ed	283	.\" sigaction.2 refers to this example
f20d7d8e	284	.PP
9e7d6be1	285	The program below demonstrates the use of
9871c08c	286	.BR mprotect ().
9e7d6be1	287	The program allocates four pages of memory, makes the third
5fab2e7c	288	of these pages read-only, and then executes a loop that walks upward
f20d7d8e	289	through the allocated region modifying bytes.
efeece04	290	.PP
f20d7d8e MK	291	An example of what we might see when running the program is the
f20d7d8e MK	292	following:
efeece04	293	.PP
088a639b	294	.in +4n
b8302363	295	.EX
b43a3b30	296	.RB "$" " ./a.out"
f20d7d8e MK	297	Start of region: 0x804c000
f20d7d8e MK	298	Got SIGSEGV at address: 0x804e000
b8302363	299	.EE
1c32ee47	300	.in
9c330504	301	.SS Program source
d84d0300	302	\&
e7d0bb47	303	.EX
f20d7d8e MK	304	#include <unistd.h>
f20d7d8e MK	305	#include <signal.h>
fea681da	306	#include <stdio.h>
f20d7d8e	307	#include <malloc.h>
fea681da MK	308	#include <stdlib.h>
	309	#include <errno.h>
	310	#include <sys/mman.h>
	311
d1a71985	312	#define handle_error(msg) \e
6a578b88	313	do { perror(msg); exit(EXIT_FAILURE); } while (0)
d3b5ab82	314
22617a74	315	static char *buffer;
f20d7d8e MK	316
	317	static void
	318	handler(int sig, siginfo_t si, void unused)
	319	{
e931e035 MK	320	/* Note: calling printf() from a signal handler is not safe
	321	(and should not be done in production programs), since
	322	printf() is not async\-signal\-safe; see signal-safety(7).
	323	Nevertheless, we use printf() here as a simple way of
	324	showing that the handler was called. */
	325
d1a71985	326	printf("Got SIGSEGV at address: 0x%lx\en",
29059a65	327	(long) si\->si_addr);
f20d7d8e MK	328	exit(EXIT_FAILURE);
f20d7d8e MK	329	}
fea681da MK	330
fea681da MK	331	int
f20d7d8e	332	main(int argc, char *argv[])
fea681da MK	333	{
fea681da MK	334	char *p;
f20d7d8e MK	335	int pagesize;
	336	struct sigaction sa;
	337
	338	sa.sa_flags = SA_SIGINFO;
	339	sigemptyset(&sa.sa_mask);
	340	sa.sa_sigaction = handler;
29059a65	341	if (sigaction(SIGSEGV, &sa, NULL) == \-1)
6a578b88	342	handle_error("sigaction");
fea681da	343
f20d7d8e	344	pagesize = sysconf(_SC_PAGE_SIZE);
29059a65	345	if (pagesize == \-1)
6a578b88	346	handle_error("sysconf");
fea681da	347
988db661	348	/* Allocate a buffer aligned on a page boundary;
f20d7d8e MK	349	initial protection is PROT_READ \| PROT_WRITE */
	350
	351	buffer = memalign(pagesize, 4 * pagesize);
d3b5ab82	352	if (buffer == NULL)
6a578b88	353	handle_error("memalign");
fea681da	354
d1a71985	355	printf("Start of region: 0x%lx\en", (long) buffer);
fea681da	356
988db661	357	if (mprotect(buffer + pagesize * 2, pagesize,
7d9da03f	358	PROT_READ) == \-1)
6a578b88	359	handle_error("mprotect");
fea681da	360
f20d7d8e	361	for (p = buffer ; ; )
f81fb444	362	*(p++) = \(aqa\(aq;
fea681da	363
d1a71985	364	printf("Loop completed\en"); /* Should never happen */
646f46f0	365	exit(EXIT_SUCCESS);
fea681da	366	}
e7d0bb47	367	.EE
47297adb	368	.SH SEE ALSO
2a5e0dcd	369	.BR mmap (2),
9e7d6be1	370	.BR sysconf (3),
31e0cc44	371	.BR pkeys (7)