ContextQMD
Back to Darwin Xnu

Vm Protect

osfmk/man/vm_protect.html

latest2.6 KB
Original Source

vm_protect

Function - Set access privilege attribute for a region of virtual memory.

SYNOPSIS

**kern\_return\_t vm\_protect**** (vm\_task\_t **target\_task,** vm\_address\_t **address,** vm\_size\_t **size,** boolean\_t **set\_maximum,** vm\_prot\_t **new\_protection** );**

PARAMETERS

target_task[in task send right] The port for the task whose address space contains the region.

address[in scalar] The starting address for the region.

size[in scalar] The number of bytes in the region.

set_maximum[in scalar] Maximum/current indicator. If true, the new protection sets the maximum protection for the region. If false, the new protection sets the current protection for the region. If the maximum protection is set below the current protection, the current protection is also reset to the new maximum.

new_protection[in scalar] The new protection for the region. Valid values are obtained by or'ing together the following values:

VM_PROT_READ Allows read access.

VM_PROT_WRITE Allows write access.

VM_PROT_EXECUTE Allows execute access.

DESCRIPTION

The vm_protect function sets access privileges for a region within the specified task's address space. The new_protection parameter specifies a combination of read, write, and execute accesses that are allowed (rather than prohibited).

The region starts at the beginning of the virtual page containing address; it ends at the end of the virtual page containing address + size - 1. Because of this rounding to virtual page boundaries, the amount of memory protected may be greater than size. Use host_page_size to find the current virtual page size.

The enforcement of virtual memory protection is machine-dependent. Nominally read access requires VM_PROT_READ permission, write access requires VM_PROT_WRITE permission, and execute access requires VM_PROT_EXECUTE permission. However, some combinations of access rights may not be supported. In particular, the kernel interface allows write access to require VM_PROT_READ and VM_PROT_WRITE permission and execute access to require VM_PROT_READ permission.

NOTES

This interface is machine word length specific because of the virtual address parameter.

RETURN VALUES

KERN_PROTECTION_FAILURE The new protection increased the current or maximum protection beyond the existing maximum protection.

KERN_INVALID_ADDRESS The address is illegal or specifies a non-allocated region.

Functions: host_page_size, vm_inherit, vm_region.