On Thu, 21 Dec 2023 at 04:09, Ahelenia Ziemiańska <nabijaczleweli@xxxxxxxxxxxxxxxxxx> wrote: > > Potentially-blocking splice_reads are allowed for normal filesystems > like NFS because they're blessed by root. > > FUSE is commonly used suid-root, and allows anyone to trivially create > a file that, when spliced from, will just sleep forever with the pipe > lock held. > > The only way IPC to the fusing process could be avoided is if > !(ff->open_flags & FOPEN_DIRECT_IO) and the range was already cached > and we weren't past the end. Just refuse it. How is this not going to cause regressions out there? We need to find an alternative to refusing splice, since this is not going to fly, IMO. Thanks, Miklos
