|MMAP(2)||System Calls Manual||MMAP(2)|
mmap — allocate
memory, or map files or devices into memory
Standard C Library (libc, -lc)
*addr, size_t len,
system call causes the pages starting at addr and
continuing for at most len bytes to be mapped from the
object described by fd, starting at byte offset
offset. If offset or
len is not a multiple of the pagesize, the mapped
region may extend past the specified range. Any extension beyond the end of
the mapped object will be zero-filled.
The addr argument is used by the system to
determine the starting address of the mapping, and its interpretation is
dependent on the setting of the MAP_FIXED flag. If MAP_FIXED is specified in
flags, the system will try to place the mapping at the
specified address, possibly removing a mapping that already exists at that
location. If MAP_FIXED is not specified, then the system will attempt to use
the range of addresses starting at addr if they do not
overlap any existing mappings, including memory allocated by
malloc(3) and other such allocators.
Otherwise, the system will choose an alternate address for the mapping
(using an implementation dependent algorithm) that does not overlap any
existing mappings. In other words, without
the system will attempt to find an empty location in the address space if
the specified address range has already been mapped by something else. If
addr is zero and MAP_FIXED is not specified, then an
address will be selected by the system so as not to overlap any existing
mappings in the address space. In all cases, the actual starting address of
the region is returned. If MAP_FIXED is specified, a successful
mmap deletes any previous mapping in the allocated
address range. Previous mappings are never deleted if MAP_FIXED is not
The protections (region accessibility) are specified in the prot argument by or'ing the following values:
Note that, due to hardware limitations, on some platforms PROT_WRITE may imply PROT_READ, and PROT_READ may imply PROT_EXEC. Portable programs should not rely on these flags being separately enforceable.
When the hardened runtime is enabled (See the links in the
SEE ALSO section), the protections cannot
PROT_EXEC without also having the flag
MAP_JIT and the process possessing the
The flags argument specifies the type of the mapped object, mapping options and whether modifications made to the mapped copy of the page are private to the process (copy-on-write) or are to be shared with other references. Sharing, mapping type and options are specified in the flags argument by or'ing the following values:
MAP_ANONregions can be used to pass some Mach VM flags, and can be specified as -1 if no such flags are associated with the region. Mach VM flags are defined in
<mach/vm_statistics.h>and the ones that currently apply to
VM_FLAGS_PURGABLE to create Mach purgable (i.e. volatile) memory.
VM_MAKE_TAG(tag) to associate an 8-bit tag with the region.
defines some preset tags (with a VM_MEMORY_ prefix). Users are
encouraged to use tags between 240 and 255. Tags are used by tools such
as vmmap(1) to help identify
specific memory regions.
mmap() will fail. If
MAP_FIXEDis specified, addr must be a multiple of the pagesize. If a
MAP_FIXEDrequest is successful, the mapping established by
mmap() replaces any previous mappings for the process' pages in the range from addr to addr + len. Use of this option is discouraged.
PROT_EXECwhen the hardened is runtime enabled. Without this flag an attempt to create a mapping with both
PROT_EXECset will fail with
MAP_FAILEDon macOS. A writable, but not executable mapping is returned on iOS, watchOS and tvOS.
Usage of this flag requires the caller to have the
com.apple.security.cs.allow-jit entitlement on
mmap() to place the mapping into the first 4 Gigabytes of the process's address space. If there is no free virtual address space in this range,
mmap() will return
Note that in order for this flag to yield addresses below 4GiB, the program's PAGEZERO must be reduced in size, since the default PAGEZERO size for 64-bit programs is at least 4GiB.
Conforming applications must specify either MAP_PRIVATE or MAP_SHARED.
The current design does not allow a process to specify the
location of swap space. In the future we may define an additional mapping
MAP_SWAP, in which the file descriptor
argument specifies a file or device to which swapping should be done.
Upon successful completion,
a pointer to the mapped region. Otherwise, a value of
MAP_FAILED is returned and
errno is set to indicate the error.
mmap() system call will fail if:
PROT_READwas specified as part of the prot argument and fd was not open for reading. The flags
PROT_WRITEwere specified as part of the flags and prot argument and fd was not open for writing.
MAP_FIXEDwas specified and the addr argument was not page aligned, or part of the desired address space resides out of the valid address space for a user process.
MAP_ANONhas not been specified and the file fd refers to does not support mapping.
MAP_FIXEDwas specified and the addr argument was not available.
MAP_FIXEDwas specified and the address range specified exceeds the address space limit for the process.
MAP_ANONwas specified and insufficient memory was available.
The following entitlements only have an effect when the hardened runtime is enabled.
The include file
mmap() now returns with
errno set to EINVAL in places that historically
succeeded. The rules have changed as follows:
On macOS 10.14 Mojave the hardened runtime restricts pages from
having both the
PROT_EXEC protections without the caller also
MAP_JIT flag and
|February 14, 2020||macOS 14.1|