参数解析：
start：映射区的起始地址，一般置NULL，即交给内核自动分配
length：映射区的大小。
prot：被映射的内存在映射区的保护方式
          可取如下几个值的或：PROT_READ（可读） , PROT_WRITE （可写）, PROT_EXEC （可执行）, PROT_NONE（不可访问）。
flags：映射区的类型
         flags由以下几个常值指定：MAP_SHARED , MAP_PRIVATE , MAP_FIXED，其中，MAP_SHARED , MAP_PRIVATE必选其一，而MAP_FIXED则不推荐使用。
offset：实际数据在映射区的偏移值，一般置0，表示从文件的开头进行映射。


返回值：即映射到进程空间的地址。
PS：在man手册里面其中的参数会有很好的解释。

调用过程：

当用户层调用mmap函数时，应用程序通知系统告诉内核需要执行一个系统调用，希望系统切换到内核态。这种机制靠软件中断实现。
实现过程如下：首先用户程序为系统调用设置参数，其中一个参数是调用编号，设置完毕后，系统切换到内核态，通过一个基址+前面设置的编号，跳转到需要执行的系统调用
函数的地址上。该表一般在sys/entry.S中定义，如下：


再看看sys_mmap和sys_mmap2是如何定义的：



然后linux系统会做什么了，我想应该是通过一个宏函数 SYSCALL_DEFINE6来继续往下执行（不是很懂，若有错误，望不吝指教）

此处是SYSCALL_DEFINE6的宏定义：


sys_mmap_pgoff()函数做了如下几件事：
1、一些常规的错误检查工作
2、通过file = fget(fd);得到对应的struct file对象指针
3、调用do_mmap_pgoff(file, addr, len, prot, flags, pgoff)函数完成后续的映射工作。

do_mmap_pgoff(）函数原型及用法：

点击(此处)折叠或打开

1. unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
   
2.             unsigned long len, unsigned long prot,
   
3.             unsigned long flags, unsigned long pgoff)
   
4. {
   
5.     struct mm_struct * mm = current->mm;
   
6.     struct inode *inode;
   
7.     unsigned int vm_flags;
   
8.     int error;
   
9.     unsigned long reqprot = prot;
   
10. 
    
11.     /*
    
12.      * Does the application expect PROT_READ to imply PROT_EXEC?
    
13.      *
    
14.      * (the exception is when the underlying filesystem is noexec
    
15.      * mounted, in which case we dont add PROT_EXEC.)
    
16.      */
    
17.     if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))         //防御性代码检查，即参数的合法性检查
    
18.         if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC)))
    
19.             prot |= PROT_EXEC;
    
20. 
    
21.     if (!len)
    
22.         return -EINVAL;
    
23. 
    
24.     if (!(flags & MAP_FIXED))
    
25.         addr = round_hint_to_min(addr);
    
26. 
    
27.     /* Careful about overflows.. */
    
28.     len = PAGE_ALIGN(len);               //确保映射区的长度为一个PAGE大小的整数倍
    
29.     if (!len)
    
30.         return -ENOMEM;
    
31. 
    
32.     /* offset overflow? */
    
33.     if ((pgoff + (len >> PAGE_SHIFT)) < pgoff)         //检查pageoffset是否溢出，即offset参数的合法性
    
34.                return -EOVERFLOW;
    
35. 
    
36.     /* Too many mappings? */
    
37.     if (mm->map_count > sysctl_max_map_count)
    
38.         return -ENOMEM;
    
39. 
    
40.     /* Obtain the address to map to. we verify (or select) it and ensure
    
41.      * that it represents a valid section of the address space.
    
42.      */
    
43.     addr = get_unmapped_area(file, addr, len, pgoff, flags);     //用来在用户进程的3GB的虚拟地址空间内分配一段空闲区域，传统的布局方式
    
44.     if (addr & ~PAGE_MASK)
    
45.         return addr;
    
46. 
    
47.     /* Do simple checking here so the lower-level routines won't have
    
48.      * to. we assume access permissions have been handled by the open
    
49.      * of the memory object, so we don't do any here.
    
50.      */
    
51.     vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
    
52.             mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
    
53. 
    
54.     if (flags & MAP_LOCKED)
    
55.         if (!can_do_mlock())
    
56.             return -EPERM;
    
57. 
    
58.     /* mlock MCL_FUTURE? */
    
59.     if (vm_flags & VM_LOCKED) {
    
60.         unsigned long locked, lock_limit;
    
61.         locked = len >> PAGE_SHIFT;
    
62.         locked += mm->locked_vm;
    
63.         lock_limit = rlimit(RLIMIT_MEMLOCK);
    
64.         lock_limit >>= PAGE_SHIFT;
    
65.         if (locked > lock_limit && !capable(CAP_IPC_LOCK))
    
66.             return -EAGAIN;
    
67.     }
    
68. 
    
69.     inode = file ? file->f_path.dentry->d_inode : NULL;
    
70. 
    
71.     if (file) {
    
72.         switch (flags & MAP_TYPE) {
    
73.         case MAP_SHARED:
    
74.             if ((prot&PROT_WRITE) && !(file->f_mode&FMODE_WRITE))
    
75.                 return -EACCES;
    
76. 
    
77.             /*
    
78.              * Make sure we don't allow writing to an append-only
    
79.              * file..
    
80.              */
    
81.             if (IS_APPEND(inode) && (file->f_mode & FMODE_WRITE))
    
82.                 return -EACCES;
    
83. 
    
84.             /*
    
85.              * Make sure there are no mandatory locks on the file.
    
86.              */
    
87.             if (locks_verify_locked(inode))
    
88.                 return -EAGAIN;
    
89. 
    
90.             vm_flags |= VM_SHARED | VM_MAYSHARE;
    
91.             if (!(file->f_mode & FMODE_WRITE))
    
92.                 vm_flags &= ~(VM_MAYWRITE | VM_SHARED);
    
93. 
    
94.             /* fall through */
    
95.         case MAP_PRIVATE:
    
96.             if (!(file->f_mode & FMODE_READ))
    
97.                 return -EACCES;
    
98.             if (file->f_path.mnt->mnt_flags & MNT_NOEXEC) {
    
99.                 if (vm_flags & VM_EXEC)
    
100.                     return -EPERM;
     
101.                 vm_flags &= ~VM_MAYEXEC;
     
102.             }
     
103. 
     
104.             if (!file->f_op || !file->f_op->mmap)
     
105.                 return -ENODEV;
     
106.             break;
     
107. 
     
108.         default:
     
109.             return -EINVAL;
     
110.         }
     
111.     } else {
     
112.         switch (flags & MAP_TYPE) {
     
113.         case MAP_SHARED:
     
114.             /*
     
115.              * Ignore pgoff.
     
116.              */
     
117.             pgoff = 0;
     
118.             vm_flags |= VM_SHARED | VM_MAYSHARE;
     
119.             break;
     
120.         case MAP_PRIVATE:
     
121.             /*
     
122.              * Set pgoff according to addr for anon_vma.
     
123.              */
     
124.             pgoff = addr >> PAGE_SHIFT;
     
125.             break;
     
126.         default:
     
127.             return -EINVAL;
     
128.         }
     
129.     }
     
130. 
     
131.     error = security_file_mmap(file, reqprot, prot, flags, addr, 0);
     
132.     if (error)
     
133.         return error;
     
134. 
     
135.     return mmap_region(file, addr, len, flags, vm_flags, pgoff);//核心功能，此函数实现
     
136. }

mmap_region原型及用法：

点击(此处)折叠或打开

1. unsigned long mmap_region(struct file *file, unsigned long addr,
   
2.              unsigned long len, unsigned long flags,
   
3.              unsigned int vm_flags, unsigned long pgoff)
   
4. {
   
5.     struct mm_struct *mm = current->mm;
   
6.     struct vm_area_struct *vma, *prev;
   
7.     int correct_wcount = 0;
   
8.     int error;
   
9.     struct rb_node **rb_link, *rb_parent;
   
10.     unsigned long charged = 0;
    
11.     struct inode *inode = file ? file->f_path.dentry->d_inode : NULL;
    
12. 
    
13.     /* Clear old maps */
    
14.     error = -ENOMEM;
    
15. munmap_back:
    
16.     vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
    
17.     if (vma && vma->vm_start < addr + len) {
    
18.         if (do_munmap(mm, addr, len))
    
19.             return -ENOMEM;
    
20.         goto munmap_back;
    
21.     }
    
22. 
    
23.     /* Check against address space limit. */
    
24.     if (!may_expand_vm(mm, len >> PAGE_SHIFT))
    
25.         return -ENOMEM;
    
26. 
    
27.     /*
    
28.      * Set 'VM_NORESERVE' if we should not account for the
    
29.      * memory use of this mapping.
    
30.      */
    
31.     if ((flags & MAP_NORESERVE)) {
    
32.         /* We honor MAP_NORESERVE if allowed to overcommit */
    
33.         if (sysctl_overcommit_memory != OVERCOMMIT_NEVER)
    
34.             vm_flags |= VM_NORESERVE;
    
35. 
    
36.         /* hugetlb applies strict overcommit unless MAP_NORESERVE */
    
37.         if (file && is_file_hugepages(file))
    
38.             vm_flags |= VM_NORESERVE;
    
39.     }
    
40. 
    
41.     /*
    
42.      * Private writable mapping: check memory availability
    
43.      */
    
44.     if (accountable_mapping(file, vm_flags)) {
    
45.         charged = len >> PAGE_SHIFT;
    
46.         if (security_vm_enough_memory(charged))
    
47.             return -ENOMEM;
    
48.         vm_flags |= VM_ACCOUNT;
    
49.     }
    
50. 
    
51.     /*
    
52.      * Can we just expand an old mapping?
    
53.      */
    
54.     vma = vma_merge(mm, prev, addr, addr + len, vm_flags, NULL, file, pgoff, NULL);
    
55.     if (vma)
    
56.         goto out;
    
57. 
    
58.     /*
    
59.      * Determine the object being mapped and call the appropriate
    
60.      * specific mapper. the address has already been validated, but
    
61.      * not unmapped, but the maps are removed from the list.
    
62.      */
    
63.     vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
    
64.     if (!vma) {
    
65.         error = -ENOMEM;
    
66.         goto unacct_error;
    
67.     }
    
68. 
    
69.     vma->vm_mm = mm;
    
70.     vma->vm_start = addr;
    
71.     vma->vm_end = addr + len;
    
72.     vma->vm_flags = vm_flags;
    
73.     vma->vm_page_prot = vm_get_page_prot(vm_flags);
    
74.     vma->vm_pgoff = pgoff;
    
75.     INIT_LIST_HEAD(&vma->anon_vma_chain);
    
76. 
    
77.     if (file) {
    
78.         error = -EINVAL;
    
79.         if (vm_flags & (VM_GROWSDOWN|VM_GROWSUP))
    
80.             goto free_vma;
    
81.         if (vm_flags & VM_DENYWRITE) {
    
82.             error = deny_write_access(file);
    
83.             if (error)
    
84.                 goto free_vma;
    
85.             correct_wcount = 1;
    
86.         }
    
87.         vma->vm_file = file;
    
88.         get_file(file);
    
89.         error = file->f_op->mmap(file, vma);                //------------------------------------------------------引用驱动程序中的mmap方法
    
90.         if (error)
    
91.             goto unmap_and_free_vma;
    
92.         if (vm_flags & VM_EXECUTABLE)
    
93.             added_exe_file_vma(mm);
    
94. 
    
95.         /* Can addr have changed??
    
96.          *
    
97.          * Answer: Yes, several device drivers can do it in their
    
98.          * f_op->mmap method. -DaveM
    
99.          */
    
100.         addr = vma->vm_start;
     
101.         pgoff = vma->vm_pgoff;
     
102.         vm_flags = vma->vm_flags;
     
103.     } else if (vm_flags & VM_SHARED) {
     
104.         error = shmem_zero_setup(vma);
     
105.         if (error)
     
106.             goto free_vma;
     
107.     }
     
108. 
     
109.     if (vma_wants_writenotify(vma)) {
     
110.         pgprot_t pprot = vma->vm_page_prot;
     
111. 
     
112.         /* Can vma->vm_page_prot have changed??
     
113.          *
     
114.          * Answer: Yes, drivers may have changed it in their
     
115.          * f_op->mmap method.
     
116.          *
     
117.          * Ensures that vmas marked as uncached stay that way.
     
118.          */
     
119.         vma->vm_page_prot = vm_get_page_prot(vm_flags & ~VM_SHARED);
     
120.         if (pgprot_val(pprot) == pgprot_val(pgprot_noncached(pprot)))
     
121.             vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
     
122.     }
     
123. 
     
124.     vma_link(mm, vma, prev, rb_link, rb_parent);
     
125.     file = vma->vm_file;
     
126. 
     
127.     /* Once vma denies write, undo our temporary denial count */
     
128.     if (correct_wcount)
     
129.         atomic_inc(&inode->i_writecount);
     
130. out:
     
131.     perf_event_mmap(vma);
     
132. 
     
133.     mm->total_vm += len >> PAGE_SHIFT;
     
134.     vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
     
135.     if (vm_flags & VM_LOCKED) {
     
136.         if (!mlock_vma_pages_range(vma, addr, addr + len))
     
137.             mm->locked_vm += (len >> PAGE_SHIFT);
     
138.     } else if ((flags & MAP_POPULATE) && !(flags & MAP_NONBLOCK))
     
139.         make_pages_present(addr, addr + len);
     
140.     return addr;
     
141. 
     
142. unmap_and_free_vma:
     
143.     if (correct_wcount)
     
144.         atomic_inc(&inode->i_writecount);
     
145.     vma->vm_file = NULL;
     
146.     fput(file);
     
147. 
     
148.     /* Undo any partial mapping done by a device driver. */
     
149.     unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
     
150.     charged = 0;
     
151. free_vma:
     
152.     kmem_cache_free(vm_area_cachep, vma);
     
153. unacct_error:
     
154.     if (charged)
     
155.         vm_unacct_memory(charged);
     
156.     return error;
     
157. }

该函数实现的主要功能：当该函数被调用的时候，参数addr指向了一块空闲的待映射的MMAP区域的起始地址，利用kmem_cache_zalloc分配出一个struct vm_area_struct实例对象，然后对其进行相应的初始化，


然后执行error = file->f_op->mmap(file, vma)；引用驱动程序中mmap方法，至此用户层如何调用驱动层的mmap方法已全部实现。