Provided by:
manpages-dev_2.17-1_all 
NAME
mprotect - control allowable accesses to a region of memory
SYNOPSIS
#include <sys/mman.h>
int mprotect(const void *addr, size_t len, int prot);
DESCRIPTION
The function mprotect() specifies the desired protection for the memory
page(s) containing part or all of the interval [addr,addr+len-1]. If
an access is disallowed by the protection given it, the program
receives a SIGSEGV.
prot is a bitwise-or of the following values:
PROT_NONE The memory cannot be accessed at all.
PROT_READ The memory can be read.
PROT_WRITE The memory can be written to.
PROT_EXEC The memory can contain executing code.
The new protection replaces any existing protection. For example, if
the memory had previously been marked PROT_READ, and mprotect() is then
called with prot PROT_WRITE, it will no longer be readable.
RETURN VALUE
On success, mprotect() returns zero. On error, -1 is returned, and
errno is set appropriately.
ERRORS
EACCES The memory cannot be given the specified access. This can
happen, for example, if you mmap(2) a file to which you have
read-only access, then ask mprotect() to mark it PROT_WRITE.
EFAULT The memory cannot be accessed.
EINVAL addr is not a valid pointer, or not a multiple of PAGESIZE.
ENOMEM Internal kernel structures could not be allocated. Or: addreses
in the range [addr, addr+len] are invalid for the address space
of the process, or specify one or more pages that are not
mapped.
EXAMPLE
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/mman.h>
#include <limits.h> /* for PAGESIZE */
#ifndef PAGESIZE
#define PAGESIZE 4096
#endif
int
main(void)
{
char *p;
char c;
/* Allocate a buffer; it will have the default
protection of PROT_READ|PROT_WRITE. */
p = malloc(1024+PAGESIZE-1);
if (!p) {
perror("Couldn’t malloc(1024)");
exit(errno);
}
/* Align to a multiple of PAGESIZE, assumed to be a power of two */
p = (char *)(((int) p + PAGESIZE-1) & ~(PAGESIZE-1));
c = p[666]; /* Read; ok */
p[666] = 42; /* Write; ok */
/* Mark the buffer read-only. */
if (mprotect(p, 1024, PROT_READ)) {
perror("Couldn’t mprotect");
exit(errno);
}
c = p[666]; /* Read; ok */
p[666] = 42; /* Write; program dies on SIGSEGV */
exit(0);
}
CONFORMING TO
SVr4, POSIX.1b (formerly POSIX.4). SVr4 defines an additional error
code EAGAIN. The SVr4 error conditions don’t map neatly onto Linux’s.
POSIX says that mprotect() can be used only on regions of memory
obtained from mmap(2).
NOTES
On Linux it is always legal to call mprotect() on any address in a
process’ address space (except for the kernel vsyscall area). In
particular it can be used to change existing code mappings to be
writable.
Whether PROT_EXEC has any effect different from PROT_READ is
architecture and kernel version dependent.
SEE ALSO
mmap(2)