Index: lib/libvmmapi/vmmapi.c
===================================================================
--- lib/libvmmapi/vmmapi.c
+++ lib/libvmmapi/vmmapi.c
@@ -362,7 +362,7 @@
 	size_t objsize, len;
 	vm_paddr_t gpa;
 	char *baseaddr, *ptr;
-	int error, flags;
+	int error;
 
 	assert(vms == VM_MMAP_ALL);
 
@@ -389,12 +389,21 @@
 	 * and the adjoining guard regions.
 	 */
 	len = VM_MMAP_GUARD_SIZE + objsize + VM_MMAP_GUARD_SIZE;
-	flags = MAP_PRIVATE | MAP_ANON | MAP_NOCORE | MAP_ALIGNED_SUPER;
-	ptr = mmap(NULL, len, PROT_NONE, flags, -1, 0);
+	ptr = mmap(NULL, len, PROT_NONE, MAP_GUARD | MAP_ALIGNED_SUPER,
+	    -1, 0);
 	if (ptr == MAP_FAILED)
 		return (-1);
 
-	baseaddr = ptr + VM_MMAP_GUARD_SIZE;
+	baseaddr = mmap(ptr + VM_MMAP_GUARD_SIZE, objsize, PROT_NONE,
+	    MAP_PRIVATE | MAP_ANON | MAP_NOCORE | MAP_ALIGNED_SUPER |
+	    MAP_FIXED, -1, 0);
+	if (baseaddr == MAP_FAILED) {
+		error = errno;
+		munmap(ptr, len);
+		errno = error;
+		return (-1);
+	}
+
 	if (ctx->highmem > 0) {
 		gpa = 4*GB;
 		len = ctx->highmem;
@@ -463,7 +472,6 @@
 vm_create_devmem(struct vmctx *ctx, int segid, const char *name, size_t len)
 {
 	char pathname[MAXPATHLEN];
-	size_t len2;
 	char *base, *ptr;
 	int fd, error, flags;
 
@@ -488,12 +496,11 @@
 		goto done;
 
 	/*
-	 * Stake out a contiguous region covering the device memory and the
-	 * adjoining guard regions.
+	 * Map the entire region with MAP_GUARD first. Remap the
+	 * device memory post-guard.
 	 */
-	len2 = VM_MMAP_GUARD_SIZE + len + VM_MMAP_GUARD_SIZE;
-	flags = MAP_PRIVATE | MAP_ANON | MAP_NOCORE | MAP_ALIGNED_SUPER;
-	base = mmap(NULL, len2, PROT_NONE, flags, -1, 0);
+	base = mmap(NULL, len + VM_MMAP_GUARD_SIZE * 2, PROT_NONE,
+	    MAP_GUARD | MAP_ALIGNED_SUPER, -1, 0);
 	if (base == MAP_FAILED)
 		goto done;