On Mon, Jul 16, 2018 at 6:03 PM, Andrey Ryabinin <aryabi...@virtuozzo.com> wrote: > The 'bufs' array contains 'pipe->buffers' elements, but the > fuse_dev_splice_write() uses only 'pipe->nrbufs' elements.
Hmm, only valid with pipe lock held, AFAICS. True for using ->buffers as well... Would you mind resending this series with an additional starting patch that moves the bufs allocations inside pipe_lock()/pipe_unlock() to fix races with fcntl(F_SETPIPE_SZ). Thanks, Miklos
