Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 160889 - mmap(,,PROT_NONE,MAP_FIXED,,) gives PROT_EXEC
Summary: mmap(,,PROT_NONE,MAP_FIXED,,) gives PROT_EXEC
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 4
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Ingo Molnar
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2005-06-18 03:24 UTC by John Reiser
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-09-15 19:47:04 UTC

Attachments (Terms of Use)

Description John Reiser 2005-06-18 03:24:54 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
The combination PROT_NONE with MAP_FIXED as arguments to syscall mmap() results in PROT_EXEC (--xp) instead of PROT_NONE (---p).

Reproducible testcase (using glibc-2.3.5-10):
#include <sys/mman.h>
#include <stdio.h>
#include <stdlib.h>

        char buf[80];
        char *p=mmap(0x1000, 4096, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED, 0, 0);
        sprintf(buf, "echo PROT_NONE=0x%x; cat /proc/%d/maps", PROT_NONE, getpid());
        popen(buf, "w");
        return 0;

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Compile and execute the program given in the Description.

Actual Results:  The first line of the /proc/PID/maps is
00001000-00002000 --xp 00001000 00:00 0

[Note the actual "--xp" instead of the desired "---p".]

Expected Results:  The first line of the /proc/PID/maps should be
00001000-00002000 ---p 00001000 00:00 0

[Note the desired "---p" instead of the actual "--xp".]

Additional info:

Comment 1 Dave Jones 2005-07-15 21:50:22 UTC
[This comment has been added as a mass update for all FC4 kernel bugs.
 If you have migrated this bug from an FC3 bug today, ignore this comment.]

Please retest your problem with todays 2.6.12-1.1398_FC4 update.

If your problem involved being unable to boot, or some hardware not being
detected correctly, please make sure your /etc/modprobe.conf is correct *BEFORE*
installing any kernel updates.
If in doubt, you can recreate this file using..

mv /etc/sysconfig/hwconf /etc/sysconfig/hwconf.bak
mv /etc/modprobe.conf /etc/modprobe.conf.bak

Thank you.

Comment 2 John Reiser 2005-07-15 23:31:25 UTC
The problem still occurs in kernel-2.6.12-1.1398_FC4 on i686.

Comment 3 Ingo Molnar 2005-09-15 19:47:04 UTC
we started marking all truly executable mappings as "x" in /proc/<pid>/maps to
reflect reality on x86. On NX-capable kernel, running a PAE kernel, you should
be getting ---p.

with exec-shield, even on x86, areas marked at non-x are truly non-executable.
On the stock Linux kernel, all mappings are executable on x86.

Note You need to log in before you can comment on or make changes to this bug.