missing bits of "splice: fix racy pipe->buffers uses" that commit has fixed only the parts of that mess in fs/splice.c itself; there had been more in several other ->splice_read() instances... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

commit: a786c06d9f2719203c00b3d97b21f9a96980d0b5 [log] [tgz]
author: Al Viro <viro@zeniv.linux.org.uk> Fri Apr 11 12:01:03 2014 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> Sat Apr 12 07:04:19 2014 -0400
tree: 29a5e2ea710084cc115ec496e667658704ab72c2
parent: 19dfc1f5f2ef03a52aa30c8257c5745edef23f55 [diff] [blame]
diff --git a/mm/shmem.c b/mm/shmem.c
index 17d3799d..37400a1 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c

@@ -1613,7 +1613,7 @@
 	index = *ppos >> PAGE_CACHE_SHIFT;
 	loff = *ppos & ~PAGE_CACHE_MASK;
 	req_pages = (len + loff + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
-	nr_pages = min(req_pages, pipe->buffers);
+	nr_pages = min(req_pages, spd.nr_pages_max);
 
 	spd.nr_pages = find_get_pages_contig(mapping, index,
 						nr_pages, spd.pages);
commit	a786c06d9f2719203c00b3d97b21f9a96980d0b5	[log] [tgz]
author	Al Viro <viro@zeniv.linux.org.uk>	Fri Apr 11 12:01:03 2014 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	Sat Apr 12 07:04:19 2014 -0400
tree	29a5e2ea710084cc115ec496e667658704ab72c2
parent	19dfc1f5f2ef03a52aa30c8257c5745edef23f55 [diff] [blame]