Diego Nieto Cid, le mer. 25 juin 2025 00:44:04 +0100, a ecrit:
> On Wed, Jun 25, 2025 at 01:08:31AM +0200, Samuel Thibault wrote:
> >
> > I meant a vm_protect that changes the maximum protection.
> >
>
> Ah, I think we concluded that the maximum protection can only go
> into strictier values due to the loop here[1].
>
> More specifically the following if:
>
> if ((/* VM_PROT_ALL */ new_prot & (VM_PROT_NOTIFY | /* VM_PROT_NONE */
> current->max_protection))
> != /* VM_PROT_ALL */ new_prot) {
> vm_map_unlock(map);
> return(KERN_PROTECTION_FAILURE);
> }
>
> Then: VM_PROT_ALL & VM_PROT_NONE == VM_PROT_NONE and VM_PROT_NONE !=
> VM_PROT_ALL
> and KERN_PROTECTION_FAILURE is returned.
Oh, right. That makes things simpler indeed :)
Samuel
