By default, the maximum permissions are the passed PROT_* flags. In
order to allow a map that will be upgraded later, add new PROT_MAX_*
flagA new macro PROT_MAX() alters a protection value so it can be OR'd with a regular protection value to specify the maximum permissions. If present, these flags specify the maximum permissions.
Use PROT_MAX(xxx) flags where mmap() mappings are to be upgraded laterWhile these flags are non-portable, they can be used in portable code with simple ifdefs to expand PROT_MAX() to 0.
Note: this is an extract from CheriBSD and is too aggressiveThis change allows (e.g.) a region that must be writable during run-time linking or JIT code generation to be made permanently read+execute after writes are complete. This complements W^X protections allowing more precise control by the programmer.
In addition to explicit setting of the maximum permissions, an experimental sysctl vm.imply_prot_max causes mmap to assume that the initial permissions requested should be the maximum when the sysctl is set to 1. This behavior is known to break code that uses PROT_NONE reservations before mapping contents into part of the reservation. A final version this is expected to provide per-binary and per-process opt-in/out options and this sysctl will go away in its current form. GettingAs such it is undocumented.
this behavior should be opt-in (and we should opt-in the base system by
default once we have share/mk infrastrcture).