On 2022/11/25 14:33, Al Viro wrote: > On Thu, Nov 17, 2022 at 07:53:23PM +0800, Zhen Lei wrote: >> Accessing buf->flags after pipe_buf_release(pipe, buf) is unsafe, because >> the 'buf' memory maybe freed. > > Huh? What are you talking about? > struct pipe_buffer *buf = &pipe->bufs[tail & mask]; > To free *buf you would need to free the entire damn array, which is > obviously not going to be possible here; if you are talking about reuse > of *buf - that's controlled by pipe->tail, and we do not assign it until > later. > > Fetching any fields of *buf is safe; what can get freed is buf->page, not > buf itself. So that buf->flags access is fine. Right. Thank you for explaining clearly. Sorry, I misunderstood in the course of learning. > > . > -- Regards, Zhen Lei
