On 06/26/2013 10:55 AM, Jiri Slaby wrote: > On 06/26/2013 10:51 AM, channing wrote: >> >> In tty_buffer_find(), it scans all tty buffers in >> free buffer queue, if it finds matched one, >> tty->buf.free will point to matched one's next buffer, > > Oh, how is that true? tbh is moved with every iteration, right? Then: > *tbh = t->next; > 't' is what we return, 't->next' is the next one and '*tbh' is where > 'next' of the previous one will point. So we just set it so we remove > 't' from the list, or am I missing something?
Actually yes. The code is pretty messy and is hiding that bug pretty nicely. Let me figure out if there is a nice solution which would make the code more understandable. And we should CC: stable with the fix as it is there forever. -- js suse labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
