diff -uNr a/src/gallium/auxiliary/rtasm/rtasm_execmem.c b/src/gallium/auxiliary/rtasm/rtasm_execmem.c
--- a/src/gallium/auxiliary/rtasm/rtasm_execmem.c	2014-01-17 19:32:06.162056839 +0100
+++ b/src/gallium/auxiliary/rtasm/rtasm_execmem.c	2014-01-17 19:32:49.556057529 +0100
@@ -69,9 +69,32 @@
 static unsigned char *exec_mem = NULL;
 
 
-static void
+static int
 init_heap(void)
 {
+   /* check for PaX mprotect
+    * http://pax.grsecurity.net/docs/mprotect.txt */
+   char *buf = NULL;
+   size_t len = 0;
+   FILE *f;
+   int canexecmem;
+   f = fopen ("/proc/self/status", "r");
+   if (f == NULL)
+      return 0;
+   canexecmem = 0;
+
+   while (getline (&buf, &len, f) != -1)
+      if (!strncmp (buf, "PaX:", 4)) {
+         char memexec;
+         if (sscanf (buf, "%*s %*c%*c%c", &memexec) == 1)
+            canexecmem = (memexec == 'm');
+         break;
+      }
+   free (buf);
+   fclose (f);
+   if (!canexecmem)
+      return 0;
+
    if (!exec_heap)
       exec_heap = u_mmInit( 0, EXEC_HEAP_SIZE );
    
@@ -79,6 +102,8 @@
       exec_mem = (unsigned char *) mmap(0, EXEC_HEAP_SIZE, 
 					PROT_EXEC | PROT_READ | PROT_WRITE, 
 					MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+
+   return (exec_mem != MAP_FAILED);
 }
 
 
@@ -90,7 +115,8 @@
 
    pipe_mutex_lock(exec_mutex);
 
-   init_heap();
+   if (!init_heap())
+      goto bail;
 
    if (exec_heap) {
       size = (size + 31) & ~31;  /* next multiple of 32 bytes */
@@ -101,7 +127,8 @@
       addr = exec_mem + block->ofs;
    else 
       debug_printf("rtasm_exec_malloc failed\n");
-   
+
+bail:
    pipe_mutex_unlock(exec_mutex);
    
    return addr;