Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > All it's saying is that if you modify the data after sending it off > via splice then the data that will be on the wire is undefined. Er, no. It can literally remove the page from the process's VM and paste it somewhere else - though in this case, that shouldn't happen. However, the buffer passed to SPLICE_F_GIFT should also be page-aligned, which it might not be because they used calloc(). There's no reason to use SPLICE_F_GIFT here. vmsplice() still attaches the > There is no reason why this should crash. Agreed. I'm still looking at it. Interestingly, the output comes out the same, no matter whether vmsplice(), vmsplice() + SPLICE_F_GIFT or writev(), so it looks like the buffers get to > If we can't fix this the patches should be reverted. I didn't change vmsplice() or the way pages are stored in the pipe. And, note, there are also a bunch of GUP changes that could have an effect. David
