Mapping memory into process address space

Adam Lackorzynski adam at
Fri Aug 15 00:01:17 CEST 2014

On Thu Aug 14, 2014 at 01:22:31 -0700, Noah Zentzis wrote:
> ------------------------------------------------------------------------
> I don't want to use libloader because I'm trying to create a new process
> with dynamically-generated assembly (and alter it while the process is
> running), so I can't really output an ELF binary.
> On 08/18/2014 08:50, Björn Döbel wrote:
> >The dataspace that prog_attach_ds() is called with is allocated by the
> >ELF loader in libloader/include/elf.
> >
> >reserve_utcb_area() is supposed to not attach a real dataspace but
> >reserve a virtual memory area that will not be used by the new
> >application's RM to attach any other memory, because this is where the
> >UTCBs will later be mapped to by the kernel iirc.
> I'm pretty sure I need to do this myself, since any calls to map() are
> causing the program to freeze (could this be because the task doesn't
> have its UTCB allocated yet?). I'm also not sure what to use for the
> destination offset of the L4::Task::map() call, so that might be the
> issue.
> >At this point your best way to do so is
> >to use the L4::Task::map() operation on the capability of your newly
> >created task.
> How do I specify what point in the target the memory maps to? It looks
> like the L4::Dataspace::map() would work, but without being able to map
> the capability, I can't really check.

Typical arguments for L4::Task::map for memory are (omitting cache
attributes etc.):
   l4_msgtag_t t;
   t = dst_task->map(src_task,
                     l4_fpage(src_address, L4_PAGESHIFT, L4_FPAGE_RWX),
   if (l4_error(t))
     printf("error: %d\n", l4_error(t));
dst_task and src_task are L4::Cap<L4::Task> types and src_address and
dst_address are unsigned longs with the virtual address for each task.
L4_PAGESHIFT: Map one page, increase for more.
Alternative for L4_FPAGE_RWX is L4_FPAGE_RX.
For L4::task::map you do not need any cooperation from dst_task. Mapping
caps works similarly:
   t = dst_task->map(src_task,
                     l4_obj_fpage(src_cap, 0, L4_FPAGE_RW),
                     l4_map_obj_control(dst_cap, L4_MAP_ITEM_MAP));

When a programs runs it will also generate pagefault IPCs to the pager
which must be replied with the proper mapper. For that the pager cap
must be setup in the target, with a task->map call.
So now I do not know how exactly you want to proceed, so I hope this
info is helpful.

Adam                 adam at

More information about the l4-hackers mailing list