On 07/17/2018 05:47 PM, Miklos Szeredi wrote: > On Mon, Jul 16, 2018 at 6:03 PM, Andrey Ryabinin > <aryabinin@xxxxxxxxxxxxx> wrote: >> The 'bufs' array contains 'pipe->buffers' elements, but the >> fuse_dev_splice_write() uses only 'pipe->nrbufs' elements. > > Hmm, only valid with pipe lock held, AFAICS. > > True for using ->buffers as well... > > Would you mind resending this series with an additional starting patch > that moves the bufs allocations inside pipe_lock()/pipe_unlock() to > fix races with fcntl(F_SETPIPE_SZ). > Sure, will do shortly. I suppose the patch should go with a stable tag, right? > Thanks, > Miklos >
