Uninitialized static int counters?
Michael ODonnell
michael.odonnell at comcast.net
Fri Feb 6 13:57:30 EST 2009
OK - I'm seeing stuff like this the following in some kernel
syscall handling code and it's making my brain hurt, so I hope
somebody can explain it:
.
.
.
static int mt_ioctl_trans(unsigned int fd, unsigned int cmd, unsigned long arg)
{
mm_segment_t old_fs = get_fs();
struct mtget get;
struct mtget32 __user *umget32;
struct mtpos pos;
struct mtpos32 __user *upos32;
unsigned long kcmd;
void *karg;
int err = 0;
switch(cmd) {
case MTIOCPOS32:
kcmd = MTIOCPOS;
karg = &pos;
break;
case MTIOCGET32:
kcmd = MTIOCGET;
karg = &get;
break;
default:
do {
WTF ?!?! #=->> static int count;
WTF ?!?! #=->> if (++count <= 20)
printk("mt_ioctl: Unknown cmd fd(%d) "
"cmd(%08x) arg(%08x)\n",
(int)fd, (unsigned int)cmd, (unsigned int)arg);
} while(0);
return -EINVAL;
}
.
.
.
...which, as far as I can tell, should yield effectively random behavior,
yes? Depending on the initial value of count we'll print the error
message some number of times (once per pass through that routine) until
count is incremented to a value greater than 19, after which we'll be
silent until it wraps negative. WTF? And this construction is repeated
in several different routines in several different files under fs/ in
the kernel sources on both my linux-2.6.27.6 Debian machine as well as
my 2.6.18 CentOS/RHEL machine.
Here's another:
static int ppp_ioctl_trans(unsigned int fd, unsigned int cmd, unsigned long arg)
{
int err;
switch (cmd) {
case PPPIOCGIDLE32:
err = ppp_gidle(fd, cmd, arg);
break;
case PPPIOCSCOMPRESS32:
err = ppp_scompress(fd, cmd, arg);
break;
default:
do {
static int count;
if (++count <= 20)
printk("ppp_ioctl: Unknown cmd fd(%d) "
"cmd(%08x) arg(%08x)\n",
(int)fd, (unsigned int)cmd, (unsigned int)arg);
} while(0);
err = -EINVAL;
break;
};
return err;
}
More information about the gnhlug-discuss
mailing list