## Host environment - Operating system: Linux - OS/kernel version: Linux simon-macbookpro 6.19.11+ #1 SMP PREEMPT_DYNAMIC Wed Apr 8 12:57:43 CEST 2026 aarch64 GNU/Linux - Architecture: ARM - QEMU flavor: qemu-x86_64 - QEMU version: qemu-x86_64 version 10.2.2 ## Emulated/Virtualized environment - Operating system: Linux - Architecture: x86 ## Description of problem Inside a segfault handler function the third argument `context` contains information about the type of fault in the `error_code` variable via `context->uc_mcontext.gregs[REG_ERR]`. Specifically, the 4th bit (`PF_INSTR`) indicates whether the fault was due to missing executable permissions. When running qemu in **user-mode** emulation this 4th bit is **never** set. Thus missing executable permissions cannot be distinguished. ## Steps to reproduce 1. Execute `qemu-x86_64` with the following C program: ```c #define _GNU_SOURCE #include <signal.h> #include <stdio.h> #include <stdlib.h> #include <sys/mman.h> #include <ucontext.h> #include <unistd.h> #define PF_INSTR (1 << 4) void segfaultHandler(int sig, siginfo_t *info, void *context) { ucontext_t *uc = (ucontext_t *)context; int err_code = uc->uc_mcontext.gregs[REG_ERR]; if (err_code & PF_INSTR) { printf("Fault Type: EXECUTE\n"); } exit(1); } int main() { struct sigaction sa; sigemptyset(&sa.sa_mask); sa.sa_flags = SA_SIGINFO; sa.sa_sigaction = segfaultHandler; sigaction(SIGSEGV, &sa, NULL); char *ptr = (char *)0xdeadbeef000; auto x = mmap(ptr, 4096, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); // HLT *ptr = 0xF4; ((void (*)(void))ptr)(); return 0; } ``` 2. Observer that `Fault Type: EXECUTE` is **not** printed.