LuaJIT x64 limited to 31 bit address space, even without MAP_32BIT restrictions?

• From: Dan Eloff <dan.eloff@xxxxxxxxx>
• To: luajit@xxxxxxxxxxxxx
• Date: Tue, 21 Jan 2014 17:35:45 -0500

I recently experimented with an overridden mmap implementation, to see if I
could implement MAP_32BIT to allocate from the bottom 4GB of address space.

I can extend the address space to the bottom 2GB for LuaJIT without issue.

However, if I utilize any address over 2 GB (any address with the 31st bit
set) then I get a segfault in 2.1 git head in what appears to be jitted
code. The address that segfaults appears to be a 64bit sign-extended
pointer to a 128KB region allocated with MAP_32BIT.

Does LuaJIT intentionally only give 31 bit pointers, or is this an
accidental sign extension?

If it's not intentional, would a minimal reproduction help in finding the
issue? It will take maybe an hour to put it together.

The disassembly of the (Jitted?) frame looks like:

0xbcdff02  <+0x0000>         add    %al,(%rax)
0xbcdff04  <+0x0000>         add    %al,(%rax)
0xbcdff06  <+0x0000>         add    %al,(%rax)
0xbcdff08  <+0x0000>         add    %al,(%rax)
0xbcdff0a  <+0x0000>         add    %al,(%rax)
0xbcdff0c  <+0x0000>         add    %al,(%rax)
0xbcdff0e  <+0x0000>         add    %al,(%rax)
0xbcdff10  <+0x0000>         add    %al,(%rax)
0xbcdff12  <+0x0000>         add    %bh,%dh
0xbcdff14  <+0x0000>         add    %al,(%rax)
******0xbcdff16  <+0x0000>         movl   $0x1,0xfffffffffffe0410
******That's a kernel address. The block 0xfffe0000 was the first 128KB
allocated to LuaJIT by the customized mmap.
0xbcdff21  <+0x0000>         movsd  0xfffffffffffa44e8,%xmm6
0xbcdff2a  <+0x0000>         movsd  0xfffffffffffa44e0,%xmm5
0xbcdff33  <+0x0000>         cmpl   $0xfffffffb,0x2c(%rdx)
0xbcdff37  <+0x0000>         jne    0xbcd0010
0xbcdff3d  <+0x0000>         mov    0x28(%rdx),%ebp
0xbcdff40  <+0x0000>         cmp    $0xfffec0a8,%ebp
0xbcdff46  <+0x0000>         jne    0xbcd0014
0xbcdff4c  <+0x0000>         cmpl   $0xfffeffff,0xc(%rdx)
0xbcdff53  <+0x0000>         jae    0xbcd0018
0xbcdff59  <+0x0000>         movsd  0x8(%rdx),%xmm7
0xbcdff5e  <+0x0000>         addsd  %xmm5,%xmm7
0xbcdff62  <+0x0000>         cmp    $0xfffd9468,%ebp
0xbcdff68  <+0x0000>         je     0xbcd001c
0xbcdff6e  <+0x0000>         cmpl   $0xfffffff7,0x14(%rdx)
0xbcdff72  <+0x0000>         jne    0xbcd0020
0xbcdff78  <+0x0000>         mov    0x10(%rdx),%ebp

Cheers,
Dan

• Follow-Ups:
  • Re: LuaJIT x64 limited to 31 bit address space, even without MAP_32BIT restrictions?
    • From: Mike Pall

Other related posts:

• » LuaJIT x64 limited to 31 bit address space, even without MAP_32BIT restrictions? - Dan Eloff
• » Re: LuaJIT x64 limited to 31 bit address space, even without MAP_32BIT restrictions?- Mike Pall
• » Re: LuaJIT x64 limited to 31 bit address space, even without MAP_32BIT restrictions?- Dan Eloff
• » RE: LuaJIT x64 limited to 31 bit address space, even without MAP_32BIT restrictions?- William Adams
• » Re: LuaJIT x64 limited to 31 bit address space, even without MAP_32BIT restrictions?- Cheng, Long
• » Re: LuaJIT x64 limited to 31 bit address space, even without MAP_32BIT restrictions?- Mike Pall
• » Re: LuaJIT x64 limited to 31 bit address space, even without MAP_32BIT restrictions?- Theo Schlossnagle
• » Re: LuaJIT x64 limited to 31 bit address space, even without MAP_32BIT restrictions?- Dan Eloff
• » Re: LuaJIT x64 limited to 31 bit address space, even without MAP_32BIT restrictions?- Theo Schlossnagle

1. Home
2. luajit
3. Archive
4. 01-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---