1 /* 2 * Copyright (c) 2000-2021 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 /* 29 * @OSF_COPYRIGHT@ 30 */ 31 /* 32 * Mach Operating System 33 * Copyright (c) 1991,1990,1989,1988,1987 Carnegie Mellon University 34 * All Rights Reserved. 35 * 36 * Permission to use, copy, modify and distribute this software and its 37 * documentation is hereby granted, provided that both the copyright 38 * notice and this permission notice appear in all copies of the 39 * software, derivative works or modified versions, and any portions 40 * thereof, and that both notices appear in supporting documentation. 41 * 42 * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" 43 * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR 44 * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. 45 * 46 * Carnegie Mellon requests users of this software to return to 47 * 48 * Software Distribution Coordinator or [email protected] 49 * School of Computer Science 50 * Carnegie Mellon University 51 * Pittsburgh PA 15213-3890 52 * 53 * any improvements or extensions that they make and grant Carnegie Mellon 54 * the rights to redistribute these changes. 55 */ 56 /* 57 */ 58 /* 59 * File: mach/vm_prot.h 60 * Author: Avadis Tevanian, Jr., Michael Wayne Young 61 * 62 * Virtual memory protection definitions. 63 * 64 */ 65 66 #ifndef _MACH_VM_PROT_H_ 67 #define _MACH_VM_PROT_H_ 68 69 /* 70 * Types defined: 71 * 72 * vm_prot_t VM protection values. 73 */ 74 75 typedef int vm_prot_t; 76 77 /* 78 * Protection values, defined as bits within the vm_prot_t type 79 * 80 * When making a new VM_PROT_*, update tests vm_parameter_validation_[user|kern] 81 * and their expected results; they deliberately call VM functions with invalid 82 * vm_prot values and you may be turning one of those invalid protections valid. 83 */ 84 85 #define VM_PROT_NONE ((vm_prot_t) 0x00) 86 87 #define VM_PROT_READ ((vm_prot_t) 0x01) /* read permission */ 88 #define VM_PROT_WRITE ((vm_prot_t) 0x02) /* write permission */ 89 #define VM_PROT_EXECUTE ((vm_prot_t) 0x04) /* execute permission */ 90 91 /* 92 * The default protection for newly-created virtual memory 93 */ 94 95 #define VM_PROT_DEFAULT (VM_PROT_READ|VM_PROT_WRITE) 96 97 /* 98 * The maximum privileges possible, for parameter checking. 99 */ 100 101 #define VM_PROT_ALL (VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE) 102 103 /* 104 * This is an alias to VM_PROT_EXECUTE to identify callers that 105 * want to allocate an hardware assisted Read-only/read-write 106 * trusted path in userland. 107 */ 108 #define VM_PROT_RORW_TP (VM_PROT_EXECUTE) 109 110 /* 111 * An invalid protection value. 112 * Used only by memory_object_lock_request to indicate no change 113 * to page locks. Using -1 here is a bad idea because it 114 * looks like VM_PROT_ALL and then some. 115 */ 116 117 #define VM_PROT_NO_CHANGE_LEGACY ((vm_prot_t) 0x08) 118 #define VM_PROT_NO_CHANGE ((vm_prot_t) 0x01000000) 119 120 /* 121 * When a caller finds that he cannot obtain write permission on a 122 * mapped entry, the following flag can be used. The entry will 123 * be made "needs copy" effectively copying the object (using COW), 124 * and write permission will be added to the maximum protections 125 * for the associated entry. 126 */ 127 128 #define VM_PROT_COPY ((vm_prot_t) 0x10) 129 130 131 /* 132 * Another invalid protection value. 133 * Used only by memory_object_data_request upon an object 134 * which has specified a copy_call copy strategy. It is used 135 * when the kernel wants a page belonging to a copy of the 136 * object, and is only asking the object as a result of 137 * following a shadow chain. This solves the race between pages 138 * being pushed up by the memory manager and the kernel 139 * walking down the shadow chain. 140 */ 141 142 #define VM_PROT_WANTS_COPY ((vm_prot_t) 0x10) 143 144 #ifdef PRIVATE 145 /* 146 * The caller wants this memory region treated as if it had a valid 147 * code signature. 148 */ 149 150 #define VM_PROT_TRUSTED ((vm_prot_t) 0x20) 151 #endif /* PRIVATE */ 152 153 /* 154 * Another invalid protection value. 155 * Indicates that the other protection bits are to be applied as a mask 156 * against the actual protection bits of the map entry. 157 */ 158 #define VM_PROT_IS_MASK ((vm_prot_t) 0x40) 159 160 /* 161 * Another invalid protection value to support execute-only protection. 162 * VM_PROT_STRIP_READ is a special marker that tells mprotect to not 163 * set VM_PROT_READ. We have to do it this way because existing code 164 * expects the system to set VM_PROT_READ if VM_PROT_EXECUTE is set. 165 * VM_PROT_EXECUTE_ONLY is just a convenience value to indicate that 166 * the memory should be executable and explicitly not readable. It will 167 * be ignored on platforms that do not support this type of protection. 168 */ 169 #define VM_PROT_STRIP_READ ((vm_prot_t) 0x80) 170 #define VM_PROT_EXECUTE_ONLY (VM_PROT_EXECUTE|VM_PROT_STRIP_READ) 171 172 #ifdef PRIVATE 173 /* 174 * When using VM_PROT_COPY, fail instead of copying an executable mapping, 175 * since that could cause code-signing violations. 176 */ 177 #define VM_PROT_COPY_FAIL_IF_EXECUTABLE ((vm_prot_t)0x100) 178 #endif /* PRIVATE */ 179 180 /* 181 * Another invalid protection value to support pager TPRO protection. 182 * VM_PROT_TPRO is a special marker that tells the a pager to 183 * set TPRO flags on a given entry. We do it this way to prevent 184 * bloating the pager structures and it allows dyld to pass through 185 * this flag in lieue of specifying explicit VM flags, allowing us to handle 186 * the final permissions internally. 187 */ 188 #define VM_PROT_TPRO ((vm_prot_t) 0x200) 189 190 #if defined(__x86_64__) 191 /* 192 * Another invalid protection value to support specifying different 193 * execute permissions for user- and supervisor- modes. When 194 * MBE is enabled in a VM, VM_PROT_EXECUTE is used to indicate 195 * supervisor-mode execute permission, and VM_PROT_UEXEC specifies 196 * user-mode execute permission. Currently only used by the 197 * x86 Hypervisor kext. 198 */ 199 #define VM_PROT_UEXEC ((vm_prot_t) 0x8) /* User-mode Execute Permission */ 200 201 #define VM_PROT_ALLEXEC (VM_PROT_EXECUTE | VM_PROT_UEXEC) 202 #else 203 #define VM_PROT_ALLEXEC (VM_PROT_EXECUTE) 204 #endif /* defined(__x86_64__) */ 205 206 207 #endif /* _MACH_VM_PROT_H_ */ 208