On Wed, Jun 25, 2025 at 01:08:31AM +0200, Samuel Thibault wrote:
>
> I meant a vm_protect that changes the maximum protection.
>
Ah, I think we concluded that the maximum protection can only go
into strictier values due to the loop here[1].
More specifically the following if:
if ((/* VM_PROT_ALL */ new_prot & (VM_PROT_NOTIFY | /* VM_PROT_NONE */
current->max_protection))
!= /* VM_PROT_ALL */ new_prot) {
vm_map_unlock(map);
return(KERN_PROTECTION_FAILURE);
}
Then: VM_PROT_ALL & VM_PROT_NONE == VM_PROT_NONE and VM_PROT_NONE != VM_PROT_ALL
and KERN_PROTECTION_FAILURE is returned.
[1]
https://cgit.git.savannah.gnu.org/cgit/hurd/gnumach.git/tree/vm/vm_map.c#n1650
