mprotect(2) mprotect(2)
NAME
mprotect - set protection of memory mapping
SYNOPSIS
#include <sys/types.h>
#include <sys/mman.h>
int mprotect(void *addr, sizet len, int prot);
DESCRIPTION
The function mprotect changes the access protections on the mappings
specified by the range [addr, addr + len) to be that specified by prot.
Legitimate values for prot are the same as those permitted for mmap and
are defined in <sys/mman.h> as:
PROTREAD /* page can be read */
PROTWRITE /* page can be written */
PROTEXEC /* page can be executed */
PROTNONE /* page can not be accessed */
Not all implementations literally provide all possible combinations.
PROTWRITE is often implemented as PROTREAD|PROTWRITE and PROTEXEC as
PROTREAD|PROTEXEC. This is true for all SGI implementations. In
particular, MIPS processors do not support a separate execute permission.
Any page that can be read can be executed from, even if PROTEXEC is not
specified. As described below, the operating system uses PROTEXEC as a
flag to indicate it may need to perform certain platform dependent
functions that may be needed to properly execute instructions from the
associated page. However, no implementation will permit a store to
succeed where PROTWRITE has not been set.
Applications such as compiling interpreters that generate code in their
data areas and then wish to execute it, should use mprotect to add
PROTEXEC permission to the corresponding pages. This must be done after
the code has been generated, but before it is executed. This causes any
necessary machine dependent activities, such as cache flushing, to occur
that are required prior to executing from any part of the process's
address space other than the program or library text segments. If the
generated instructions are altered after the previous call to mprotect
was made to mark the data as executable, then mprotect must be called to
again add PROTEXEC before the new code is executed in order to prepare
the new contents of the page(s) for proper execution.
RETURN VALUE
On success, mprotect returns 0; on failure, mprotect returns -1 and sets
errno to indicate an error.
ERRORS
Under the following conditions, the function mprotect fails and sets
errno to:
Page 1