man2/mprotect.2

   1 .\" -*- nroff -*-
   2 .\"
   3 .\" Copyright (C) 1995 Michael Shields <shields@tembel.org>.
   4 .\"
   5 .\" Permission is granted to make and distribute verbatim copies of this
   6 .\" manual provided the copyright notice and this permission notice are
   7 .\" preserved on all copies.
   8 .\"
   9 .\" Permission is granted to copy and distribute modified versions of this
  10 .\" manual under the conditions for verbatim copying, provided that the
  11 .\" entire resulting derived work is distributed under the terms of a
  12 .\" permission notice identical to this one.
  13 .\"
  14 .\" Since the Linux kernel and libraries are constantly changing, this
  15 .\" manual page may be incorrect or out-of-date.  The author(s) assume no
  16 .\" responsibility for errors or omissions, or for damages resulting from
  17 .\" the use of the information contained herein.  The author(s) may not
  18 .\" have taken the same level of care in the production of this manual,
  19 .\" which is licensed free of charge, as they might when working
  20 .\" professionally.
  21 .\"
  22 .\" Formatted or processed versions of this manual, if unaccompanied by
  23 .\" the source, must acknowledge the copyright and author of this work.
  24 .\"
  25 .\" Modified 1996-10-22 by Eric S. Raymond <esr@thyrsus.com>
  26 .\" Modified 1997-05-31 by Andries Brouwer <aeb@cwi.nl>
  27 .\" Modified 2003-08-24 by Andries Brouwer <aeb@cwi.nl>
  28 .\" Modified 2004-08-16 by Andi Kleen <ak@muc.de>
  29 .\"
  30 .TH MPROTECT 2 2003-08-24 "Linux 2.4" "Linux Programmer's Manual"
  31 .SH NAME
  32 mprotect \- control allowable accesses to a region of memory
  33 .SH SYNOPSIS
  34 .nf
  35 .B #include <sys/mman.h>
  36 .sp
  37 \fBint mprotect(const void *\fIaddr\fB, size_t \fIlen\fB, int \fIprot\fB);
  38 .fi
  39 .SH DESCRIPTION
  40 The function
  41 .BR mprotect ()
  42 specifies the desired protection for the memory page(s) containing
  43 part or all of the interval [\fIaddr\fP,\fIaddr\fP+\fIlen\fP-1].
  44 If an access is disallowed by the protection given it, the program receives a
  45 .BR SIGSEGV .
  46 .PP
  47 .I prot
  48 is a bitwise-or of the following values:
  49 .TP 1.1i
  50 .B PROT_NONE
  51 The memory cannot be accessed at all.
  52 .TP
  53 .B PROT_READ
  54 The memory can be read.
  55 .TP
  56 .B PROT_WRITE
  57 The memory can be written to.
  58 .TP
  59 .B PROT_EXEC
  60 The memory can contain executing code.
  61 .PP
  62 The new protection replaces any existing protection.  For example, if the
  63 memory had previously been marked \fBPROT_READ\fR, and \fBmprotect\fR()
  64 is then called with \fIprot\fR \fBPROT_WRITE\fR, it will no longer
  65 be readable.
  66 .SH "RETURN VALUE"
  67 On success,
  68 .BR mprotect ()
  69 returns zero.  On error, \-1 is returned, and
  70 .I errno
  71 is set appropriately.
  72 .SH ERRORS
  73 .TP
  74 .B EACCES
  75 The memory cannot be given the specified access.  This can happen,
  76 for example, if you
  77 .BR mmap (2)
  78 a file to which you have read-only access, then ask
  79 .BR mprotect ()
  80 to mark it
  81 .BR PROT_WRITE .
  82 .TP
  83 .B EFAULT
  84 The memory cannot be accessed.
  85 .TP
  86 .B EINVAL
  87 \fIaddr\fR is not a valid pointer, or not a multiple of PAGESIZE.
  88 .TP
  89 .B ENOMEM
  90 Internal kernel structures could not be allocated.
  91 Or: addresses  in the range
  92 .RI [ addr ,
  93 .IR addr + len ]
  94 are invalid for the address space of the process,
  95 or specify one or more pages that are not mapped.
  96 .SH EXAMPLE
  97 .nf
  98 #include <stdio.h>
  99 #include <stdlib.h>
 100 #include <errno.h>
 101 #include <sys/mman.h>
 102
 103 #include <limits.h>    /* for PAGESIZE */
 104 #ifndef PAGESIZE
 105 #define PAGESIZE 4096
 106 #endif
 107
 108 int
 109 main(void)
 110 {
 111     char *p;
 112     char c;
 113
 114     /* Allocate a buffer; it will have the default
 115        protection of PROT_READ|PROT_WRITE. */
 116     p = malloc(1024+PAGESIZE-1);
 117     if (!p) {
 118         perror("Couldn't malloc(1024)");
 119         exit(errno);
 120     }
 121
 122     /* Align to a multiple of PAGESIZE, assumed to be a power of two */
 123     p = (char *)(((int) p + PAGESIZE-1) & ~(PAGESIZE-1));
 124
 125     c = p[666];         /* Read; ok */
 126     p[666] = 42;        /* Write; ok */
 127
 128     /* Mark the buffer read-only. */
 129     if (mprotect(p, 1024, PROT_READ)) {
 130         perror("Couldn't mprotect");
 131         exit(errno);
 132     }
 133
 134     c = p[666];         /* Read; ok */
 135     p[666] = 42;        /* Write; program dies on SIGSEGV */
 136
 137     exit(0);
 138 }
 139 .fi
 140 .SH "CONFORMING TO"
 141 SVr4, POSIX.1b (formerly POSIX.4).  SVr4 defines an additional error
 142 code EAGAIN. The SVr4 error conditions don't map neatly onto Linux's.
 143 POSIX says that
 144 .BR mprotect ()
 145 can be used only on regions of memory obtained from
 146 .BR mmap (2).
 147 .SH NOTES
 148 On Linux it is always legal to call
 149 .BR mprotect ()
 150 on any address in a process' address space (except for the
 151 kernel vsyscall area). In particular it can be used
 152 to change existing code mappings to be writable.
 153
 154 Whether
 155 .B PROT_EXEC
 156 has any effect different from
 157 .B PROT_READ
 158 is architecture and kernel version dependent.
 159 .SH "SEE ALSO"
 160 .BR mmap (2)