mprotect - Modifies access protections of memory mapping
int mprotect (
int prot );
The following definitions of the addr parameter do not conform to current
standards and are supported only for backward compatibility:
const void addr
Interfaces documented on this reference page conform to industry standards
Refer to the standards(5) reference page for more information about indus-
try standards and associated tags.
addr Points to the address of the region to be modified.
len Specifies the length in bytes of the region to be modified.
prot Specifies access permissions as PROT_NONE or any combination of
PROT_READ, PROT_WRITE, and PROT_EXEC ORed together.
The mprotect() function modifies the access protection of a mapped file or
shared memory region. The addr and len parameters specify the address and
length in bytes of the region to be modified. The len parameter must be a
multiple of the page size as returned by sysconf(_SC_PAGE_SIZE). If len is
not a multiple of the page size as returned by sysconf(_SC_PAGE_SIZE), the
length of the region will be rounded up to the next multiple of the page
The prot parameter specifies the new access protection for the region. The
sys/mman.h header file defines the following access options:
PROT_READ The mapped region can be read.
The mapped region can be written.
PROT_EXEC The mapped region can be executed.
PROT_NONE The mapped region cannot be accessed.
The prot parameter can be PROT_NONE or any combination of PROT_READ,
PROT_WRITE, and PROT_EXEC ORed together. If PROT_NONE is not specified,
access permissions may be granted to the region in addition to those expli-
citly requested, except that write access will not be granted unless
PROT_WRITE is specified.
If the region is a mapped file which was mapped with MAP_SHARED, the mpro-
tect() function grants read or execute access permission only if the file
descriptor used to map the file is open for reading, and grants write
access permission only if the file descriptor used to map the file is open
for writing. If the region is a mapped file which was mapped with
MAP_PRIVATE, the mprotect() function grants read, write, or execute access
permission only if the file descriptor used to map the file is open for
reading. If the region is a shared memory region which was mapped with
MAP_ANONYMOUS, the mprotect() function grants all requested access permis-
The mprotect() function does not modify the access permission of any region
which lies outside of the specified region, except that the effect on
addresses between the end of the region and the end of the page containing
the end of the region is unspecified.
If the mprotect() function fails under a condition other than that speci-
fied by [EINVAL], the access protection of some of the pages in the range
[addr, addr + len) may have been changed. For example, if the error occurs
on some page at an addr2, mprotect() may have modified the protections of
all whole pages in the range [addr, addr2).
Upon successful completion, the mprotect() function returns 0 (zero). Oth-
erwise, mprotect() returns -1 and sets errno to indicate the error.
The mprotect() function sets errno to the specified values for the follow-
[EACCES] The prot parameter specifies a protection that conflicts with the
access permission set for the underlying file.
[EAGAIN] The prot parameter specifies PROT_WRITE over a MAP_PRIVATE map-
ping and there are insufficient memory resources to reserve for
locking the private page.
[EBUSY] [Tru64 UNIX] Some or all of the addresses in the range starting
at addr and continuing for len bytes are locked.
[EFAULT] [Tru64 UNIX] The range [addr, addr + len) includes an invalid
[EINVAL] The prot parameter is invalid, or the addr parameter is not a
multiple of the page size as returned by sysconf(_SC_PAGE_SIZE).
[ENOMEM] [Tru64 UNIX] Addresses in the range [addr, addr + len) are
invalid for the address space of a process, or specify one or
more unmapped pages.
[Tru64 UNIX] A system resource was exhausted or a system limit
was exceeded. The most common case occurs when the calling
process exceeds the kernel configuration parameter VPAGEMAX.
This limit specifies the maximum number of pages per process that
can reside in regions of contiguous virtual address space which
have mixed page protections. The system administrator can over-
ride the default VPAGEMAX value by setting the vpagemax nnn
option in the system configuration file, then reconfiguring the
kernel, and finally rebooting the system.
Functions: getpagesize(2), mmap(2), msync(2), sysconf(3)