Changeset View
Changeset View
Standalone View
Standalone View
lib/libc/sys/mprotect.2
Show All 22 Lines | |||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" @(#)mprotect.2 8.1 (Berkeley) 6/9/93 | .\" @(#)mprotect.2 8.1 (Berkeley) 6/9/93 | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" | .\" | ||||
.Dd February 26, 2020 | .Dd June 11, 2021 | ||||
.Dt MPROTECT 2 | .Dt MPROTECT 2 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm mprotect | .Nm mprotect | ||||
.Nd control the protection of pages | .Nd control the protection of pages | ||||
.Sh LIBRARY | .Sh LIBRARY | ||||
.Lb libc | .Lb libc | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
.In sys/mman.h | .In sys/mman.h | ||||
.Ft int | .Ft int | ||||
.Fn mprotect "void *addr" "size_t len" "int prot" | .Fn mprotect "void *addr" "size_t len" "int prot" | ||||
.Sh DESCRIPTION | .Sh DESCRIPTION | ||||
The | The | ||||
.Fn mprotect | .Fn mprotect | ||||
system call | system call | ||||
changes the specified pages to have protection | changes the specified pages to have protection | ||||
.Fa prot . | .Fa prot . | ||||
Not all implementations will guarantee protection on a page basis; | |||||
the granularity of protection changes may be as large as an entire region. | |||||
A region is the virtual address space defined by the start | |||||
and end addresses of a | |||||
.Vt "struct vm_map_entry" . | |||||
.Pp | .Pp | ||||
Currently these protection bits are known, | Some architectures support more than one page size. | ||||
which can be combined, OR'd together: | For mapping with page sizes larger than the default | ||||
.Dv PAGE_SIZE , | |||||
the | |||||
.Fa addr | |||||
and | |||||
.Fa len | |||||
arguments must cover then entire page. | |||||
kib: s/allocation/page/ perhaps | |||||
alcUnsubmitted Not Done Inline ActionsI'm afraid that this is going to cause confusion. While this is true for explicit large pages, it is not true for transparent superpages. As I believe John already mentioned, for transparent superpages, the kernel will automatically demote the page size and then perform the requested protection changes. alc: I'm afraid that this is going to cause confusion. While this is true for explicit large pages… | |||||
brooksAuthorUnsubmitted Done Inline ActionsI guess the question is, should we go back to my original proposal of deleting the original (outright wrong) text and leaving documentation of large pages for later or try to explain the difference between superpages and large pages here? brooks: I guess the question is, should we go back to my original proposal of deleting the original… | |||||
.Pp | .Pp | ||||
The | |||||
.Fa prot | |||||
argument shall be the bitwise OR of one or more of the following values: | |||||
Not Done Inline ActionsWhile we're here, I find this nearby sentence to be incomprehensible. Could you please try to fix it too? alc: While we're here, I find this nearby sentence to be incomprehensible. Could you please try to… | |||||
.Pp | |||||
.Bl -tag -width ".Dv PROT_WRITE" -compact | .Bl -tag -width ".Dv PROT_WRITE" -compact | ||||
.It Dv PROT_NONE | .It Dv PROT_NONE | ||||
No permissions at all. | No permissions at all. | ||||
.It Dv PROT_READ | .It Dv PROT_READ | ||||
The pages can be read. | The pages can be read. | ||||
.It Dv PROT_WRITE | .It Dv PROT_WRITE | ||||
The pages can be written. | The pages can be written. | ||||
.It Dv PROT_EXEC | .It Dv PROT_EXEC | ||||
The pages can be executed. | The pages can be executed. | ||||
.El | .El | ||||
.Pp | .Pp | ||||
In addition to these protection flags, | In addition to these standard protection flags, | ||||
the | |||||
.Fx | .Fx | ||||
implementation of | |||||
.Fn mprotect | |||||
provides the ability to set the maximum protection of a region | provides the ability to set the maximum protection of a region | ||||
(which prevents | (which prevents | ||||
.Nm | .Nm | ||||
from upgrading the permissions). | from upgrading the permissions). | ||||
This is accomplished by | This is accomplished by | ||||
.Em or Ns 'ing | .Em or Ns 'ing | ||||
one or more | one or more | ||||
.Dv PROT_ | .Dv PROT_ | ||||
▲ Show 20 Lines • Show All 51 Lines • Show Last 20 Lines |
s/allocation/page/ perhaps