Inexplicable PROT_EXEC flag set on mmap callback

Kenneth Adam Miller kennethadammiller at
Thu Jan 14 11:04:28 EST 2016

I have a custom drive and userland program pair that I'm using for a very
special use case at my workplace where we are mapping specific physical
address ranges into userland memory with a mmap callback. Everything works
together well with a C userland program that calls into our driver's ioctl
and mmap definitions, but for our case we are using an alternative systems
language just for the userland program. That mmap call is failing (properly
as we want) out from the driver's mmap implementation due to the fact that
the vm_flags have the VM_EXEC flag set. We do not want users to be able to
map the memory range as executable, so the driver should check for this as
it does. The issue is in the fact that somewhere between where mmap is
called and when the parameters are given to the driver, the vma->vm_flags
are being set to 255. I've manually checked the values being given to the
mmap call in our non-C binary, and they are *equivalent* in value to that
of the C program.

My question is, is there anything that can cause the vma->vm_flags to be
changed in the trip between when the user land program calls mmap and when
control is delivered to the mmap callback?
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Kernelnewbies mailing list