NAME
mprotect
—
control the protection of
pages
LIBRARY
library “libc”
SYNOPSIS
#include
<sys/mman.h>
int
mprotect
(void
*addr, size_t len,
int prot);
DESCRIPTION
Themprotect
()
system call changes the specified pages to have protection
prot. Not all implementations will guarantee protection
on a page basis; the granularity of protection changes may be as large as an
entire region. A region is the virtual address space defined by the start and
end addresses of a struct vm_map_entry.
Currently these protection bits are known, which can be combined, OR'd together:
PROT_NONE
- No permissions at all.
PROT_READ
- The pages can be read.
PROT_WRITE
- The pages can be written.
PROT_EXEC
- The pages can be executed.
In addition to these protection flags,
FreeBSD provides the ability to set the maximum
protection of a region (which prevents mprotect
from
upgrading the permissions). This is accomplished by
or'ing one or more
PROT_
values wrapped in the
PROT_MAX()
macro into the prot
argument.
RETURN VALUES
The mprotect
() function returns the
value 0 if successful; otherwise the value -1 is returned and
the global variable errno is set to indicate the
error.
ERRORS
The mprotect
() system call will fail
if:
- [
EACCES
] - The calling process was not allowed to change the protection to the value specified by the prot argument.
- [
EINVAL
] - The virtual address range specified by the addr and len arguments is not valid.
- [
EINVAL
] - The prot argument contains unhandled bits.
- [
ENOTSUP
] - The prot argument contains permissions which are not a subset of the specified maximum permissions.
SEE ALSO
HISTORY
The mprotect
() system call was first
documented in 4.2BSD and first appeared in
4.4BSD.
The PROT_MAX
functionality was introduced
in FreeBSD 13.