内核升级后,我的xinetd守护程序突然停止工作(从2.6.24到2.6.33)。 我跑了一个strace,发现了这个:
[...]
close(3) = 0
munmap(0x7f1a93b43000, 4096) = 0
getrlimit(RLIMIT_NOFILE, {rlim_cur=8*1024, rlim_max=16*1024}) = 0
setrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024}) = 0
close(3) = 4294967287
exit_group(1) = ?
基本上,看起来close系统调用返回的内容不同于0或-1
我做了几次测试,看起来它只发生在64位可执行文件中:
$ file closetest32
closetest32: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped
$ strace closetest32
execve("./closetest32", ["closetest32"], [/* 286 vars */]) = 0
[ Process PID=4731 runs in 32 bit mode. ]
open("/proc/mounts", O_RDONLY) = 3
close(3) = 0
close(3) = -1 EBADF (Bad file descriptor)
_exit(0) = ?
$ file closetest64
closetest64: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), statically linked, not stripped
$ strace closetest64
execve("./closetest64", ["closetest64"], [/* 286 vars */]) = 0
open("/proc/mounts", O_RDONLY) = 3
close(3) = 0
close(3) = 4294967287
_exit(0) = ?
我正在运行以下内核:
Linux foobar01 2.6.33.9-rt31.64.el5rt #1 SMP PREEMPT RT Wed May 4 10:34:12 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
最糟糕的是,我无法在具有相同内核的另一台机器上重现该错误。
有什么想法吗?
编辑:根据要求:这是用于closetest32和closetest64的代码
closetest32.asm:
.section .data
filename:
.ascii "/proc/mounts"
.section .text
.globl _start
_start:
xorl %edi, %edi
movl $5, %eax # open() i386 system call
leal filename, %ebx # %ebx ---> filename
movl $0, %esi # O_RDONLY flag into esi
int $0x80
xorl %edi, %edi
movl $6, %eax # close() i386 system call
movl $3, %ebx # fd 3
int $0x80
xorl %edi, %edi
movl $6, %eax # close() i386 system call
movl $3, %ebx # fd 3
int $0x80
## terminate program via _exit () system call
movl $1, %eax # %eax = _exit() i386 system call
xorl %ebx, %ebx # %ebx = 0 normal program return code
int $0x80
编译为:
as test32.asm -o test32.o --32
ld -m elf_i386 test32.o -o closetest32
closetest64.asm:
.section .data
filename:
.ascii "/proc/mounts"
.section .text
.globl _start
_start:
xorq %rdi, %rdi
movq $2, %rax # open() system call
leaq filename, %rdi # %rdi ---> filename
movq $0, %rsi # O_RDONLY flag into rsi
syscall
xorq %rdi, %rdi
movq $3, %rax # close() system call
movq $3, %rdi # fd 3
syscall
xorq %rdi, %rdi
movq $3, %rax # close() system call
movq $3, %rdi # fd 3
syscall
## terminate program via _exit () system call
movq $60, %rax # %rax = _exit() system call
xorq %rdi, %rdi # %rdi = 0 normal program return code
syscall
汇编:
as test64.asm -o test64.o
ld test64.o -o closetest64
答案 0 :(得分:1)
正如所料,回滚到以前的内核版本解决了这个问题。我不是真正的内核专家,但据我所知,@ R给出的答案是有道理的:
这是一台64位计算机,因此不应出现1<<< 32-9。问题是内核在内部使用unsigned而不是int来获取其中一些函数的返回值,然后返回-EBADF,它减少模2 ^ 32而不是模2 ^ 64
问题是处理系统调用错误返回的libc系统调用包装器中的通用代码必须将返回值视为long(因为它可能是指针或某些系统调用的长指针)进行比较以查看它是否为一个小的负值,表示错误。但内核返回(长)(无符号)-9,这与(长)-9非常不同。或(无符号长)-9(其中任何一个都有效)。