26ec619a30
Pipes consist of two filps (read filp and write filp) and a shared vnode. When the writer leaves the filp reference count drops to zero and subsequent find_filp()s should not find the filp when a reader looks for it and the reader gets EOF. However, the pipe() system call tries to find two filps, marks them in use, and only after a successful node creation on PFS, overwrites the shared vnode with the new vnode. Consequently, this leaves a small window where a just closed 'pipe write filp' gets reused and marked as present, before becoming the actual new 'pipe write filp' for a new pipe. A reader for the old pipe will think a writer is present and wait for that writer to write something or to leave; both actions should revive the suspended reader. This will never happen and the reader will be stuck forever.