mprotect - 控制允許訪問的內存區域

內容簡介

#include <sys/mman.h>

int mprotect(const void **addr*, size_t len**, int** prot**);**

描述

The function  mprotect () specifies the desired protection for the memory page(s) containing part or all of the interval [ addr , addr + len -1]. If an access is disallowed by the protection given it, the program receives a  SIGSEGV .

prot is a bitwise-or of the following values:

標籤

描述

PROT_NONE

The memory cannot be accessed at all.

PROT_READ

The memory can be read.

PROT_WRITE

The memory can be written to.

PROT_EXEC

The memory can contain executing code.

The new protection replaces any existing protection. For example, if the memory had previously been marked  PROT_READ , and  mprotect () is then called with  prot PROT_WRITE , it will no longer be readable.

返回值

On success,  mprotect () returns zero. On error, -1 is returned, and  errno  is set appropriately.

錯誤

標籤

描述

EACCES

The memory cannot be given the specified access. This can happen, for example, if you mmap(2) a file to which you have read-only access, then ask mprotect() to mark it PROT_WRITE.

EFAULT

The memory cannot be accessed.

EINVAL

addr is not a valid pointer, or not a multiple of PAGESIZE.

ENOMEM

Internal kernel structures could not be allocated. Or: addresses in the range [addr, addr+len] are invalid for the address space of the process, or specify one or more pages that are not mapped.

實例：

#include <stdlib.h>
#include <errno.h>
#include <sys/mman.h>
#include

#include

#include 

 #include 

  #include 

   /\* for PAGESIZE \*/ #ifndef PAGESIZE #define PAGESIZE 4096 #endif int main(void) { char \*p; char c; /\* Allocate a buffer; it will have the default protection of PROT\_READ|PROT\_WRITE. \*/ p = malloc(1024+PAGESIZE-1); if (!p) { perror("Couldn’t malloc(1024)"); exit(errno); } /\* Align to a multiple of PAGESIZE, assumed to be a power of two \*/ p = (char \*)(((int) p + PAGESIZE-1) & ~(PAGESIZE-1)); c = p\[666\]; /\* Read; ok \*/ p\[666\] = 42; /\* Write; ok \*/ /\* Mark the buffer read-only. \*/ if (mprotect(p, 1024, PROT\_READ)) { perror("Couldn’t mprotect"); exit(errno); } c = p\[666\]; /\* Read; ok \*/ p\[666\] = 42; /\* Write; program dies on SIGSEGV \*/ exit(0); } 

遵循於

SVr4, POSIX.1-2001. POSIX says that  mprotect () can be used only on regions of memory obtained from  mmap (2).

注意

On Linux it is always legal to call  mprotect () on any address in a process’ address space (except for the kernel vsyscall area). In particular it can be used to change existing code mappings to be writable.

Whether PROT_EXEC has any effect different from PROT_READ is architecture and kernel version dependent.

另請參閱

• mmap (2)