Skip to content

Commit

Permalink
mmap: Document PROT_CAP_*
Browse files Browse the repository at this point in the history 
Consolidate the docuementation in mmap.2 rather than duplicating the
increasingly long description.
  • Loading branch information
@brooksdavis
brooksdavis committed Jan 19, 2021
1 parent 71334bd commit 51af0b5
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 29 deletions.
29 changes: 28 additions & 1 deletion lib/libc/sys/mmap.2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ argument by
.Em or Ns 'ing
the following values:
.Pp
.Bl -tag -width PROT_WRITE -compact
.Bl -tag -width PROT_CAP_WRITE -compact
.It Dv PROT_NONE
Pages may not be accessed.
.It Dv PROT_READ
Expand All @@ -116,8 +116,35 @@ Pages may be read.
Pages may be written.
.It Dv PROT_EXEC
Pages may be executed.
.It Dv PROT_CAP_READ
CHERI capabilities may be written to pages.
.It Dv PROT_CAP_WRITE
CHERI capabilities may be read from pages.
.It Dv PROT_CAP_NONE
CHERI capabilities may not be accessed in pages.
.El
.Pp
When
.Dv PROT_CAP_NONE
is combined with
.Dv PROT_CAP_READ
or
.Dv PROT_CAP_WRITE
it has no effect.
If no
.Dv PROT_CAP_*
flags are included in
.Fa prot
than
.Dv PROT_CAP_READ
and
.Dv PROT_CAP_WRITE
are implied by the presence of
.Dv PROT_READ
and
.Dv PROT_WRITE
respectively.
.Pp
In addition to these protection flags,
.Fx
provides the ability to set the maximum protection of a region allocated by
Expand Down
34 changes: 6 additions & 28 deletions lib/libc/sys/mprotect.2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,35 +47,13 @@ system call
changes the specified pages to have protection
.Fa prot .
.Pp
Currently these protection bits are known,
which can be combined, OR'd together:
.Pp
.Bl -tag -width ".Dv PROT_WRITE" -compact
.It Dv PROT_NONE
No permissions at all.
.It Dv PROT_READ
The pages can be read.
.It Dv PROT_WRITE
The pages can be written.
.It Dv PROT_EXEC
The pages can be executed.
.El
.Pp
In addition to these protection flags,
.Fx
provides the ability to set the maximum protection of a region
(which prevents
The set of protection bits is documented in
.Xr mmap 2 .
Like
.Xr mmap 2 ,
.Nm
from upgrading the permissions).
This is accomplished by
.Em or Ns 'ing
one or more
.Dv PROT_
values wrapped in the
.Dv PROT_MAX()
macro into the
.Fa prot
argument.
can set the maximum protection of a region
(which prevents upgrading the permissions).
.Sh RETURN VALUES
.Rv -std mprotect
.Sh ERRORS
Expand Down

0 comments on commit 51af0b5

Please sign in to comment.