Hi Tim,

One more quick question:

On 10/05/2011 13:47, Tim Gardner wrote:
+static struct fb_info *get_framebuffer_info(int idx)
+__acquires(&registered_lock)
+__releases(&registered_lock)
+{
+	struct fb_info *fb_info;
+
+	spin_lock(&registered_lock);
+	fb_info = registered_fb[idx];
+	fb_info->ref_count++;
+	spin_unlock(&registered_lock);
+
+	return fb_info;
+}

[snip]

 static int
 fb_open(struct inode *inode, struct file *file)
 __acquires(&info->lock)

@@ -1363,13 +1421,18 @@ __releases(&info->lock)

 	if (fbidx >= FB_MAX)
 		return -ENODEV;
-	info = registered_fb[fbidx];
-	if (!info)
+	info = get_framebuffer_info(fbidx);
+	if (!info) {
 		request_module("fb%d", fbidx);
-	info = registered_fb[fbidx];
+		info = get_framebuffer_info(fbidx);
+	}
 	if (!info)
 		return -ENODEV;

This section of code implies that get_framebuffer_info can return NULL
but in that case wouldn't the fb_info->ref_count++ have oopsed?

You could add the simple case of

if(fb_info)
	fb_info->ref_count++

to get_framebuffer_info. That should cover it.

Thanks,

Jack