Re: [PATCH 4/8] pipe: fix limit checking in pipe_set_size()

[Vegard Nossum]

On 08/20/2016 01:17 AM, Michael Kerrisk (man-pages) wrote:
> On 08/20/2016 08:56 AM, Michael Kerrisk (man-pages) wrote:
> > On 08/19/2016 08:30 PM, Vegard Nossum wrote:
> > > Is there any reason why we couldn't do the (size > pipe_max_size) check
> > > before calling account_pipe_buffers()?
> >
> > No reason that I can see. Just a little more work to be done in the
> > code, I think.
>
> And, just so I make sure we're understanding each other... I assume you
> mean changing the code here to something like:
[...]
>         if (nr_pages > pipe->buffers &&
>                         size > pipe_max_size && !capable(CAP_SYS_RESOURCE))
>                 return -EPERM;
>
>         user_bufs = account_pipe_buffers(pipe->user, pipe->buffers, nr_pages);
>
>         if (nr_pages > pipe->buffers &&
>                         too_many_pipe_buffers_hard(user_bufs ||
>                         too_many_pipe_buffers_soft(user_bufs)) &&
>                         !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) {
>                 ret = -EPERM;
>                 goto out_revert_acct;
>         }
>
> Right?

Yup, that's what I had in mind. (The parantheses are messed up though.)


Vegard