From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752045AbdJLOGH (ORCPT ); Thu, 12 Oct 2017 10:06:07 -0400 Received: from mx1.redhat.com ([209.132.183.28]:34586 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751348AbdJLOGF (ORCPT ); Thu, 12 Oct 2017 10:06:05 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 99903820F7 Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=mpatocka@redhat.com Date: Thu, 12 Oct 2017 10:05:57 -0400 (EDT) From: Mikulas Patocka X-X-Sender: mpatocka@file01.intranet.prod.int.rdu2.redhat.com To: Joe Lawrence cc: linux-kernel@vger.kernel.org, Michael Kerrisk , Randy Dunlap Subject: Re: [PATCH v3 0/4] A few round_pipe_size() and pipe-max-size fixups In-Reply-To: <1507658689-11669-1-git-send-email-joe.lawrence@redhat.com> Message-ID: References: <1507658689-11669-1-git-send-email-joe.lawrence@redhat.com> User-Agent: Alpine 2.02 (LRH 1266 2009-07-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Thu, 12 Oct 2017 14:06:05 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Reviewed-by: Mikulas Patocka On Tue, 10 Oct 2017, Joe Lawrence wrote: > While backporting Michael's "pipe: fix limit handling" patchset to a > distro-kernel, Mikulas noticed that current upstream pipe limit handling > contains a few problems: > > 1 - procfs signed wrap: echo'ing a large number into > /proc/sys/fs/pipe-max-size and then cat'ing it back out shows a > negative value. > > 2 - round_pipe_size() nr_pages overflow on 32bit: this would > subsequently try roundup_pow_of_two(0), which is undefined. > > 3 - visible non-rounded pipe-max-size value: there is no mutual > exclusion or protection between the time pipe_max_size is assigned > a raw value from proc_dointvec_minmax() and when it is rounded. > > 4 - unsigned long -> unsigned int conversion makes for potential odd > return errors from do_proc_douintvec_minmax_conv() and > do_proc_dopipe_max_size_conv(). > > This version underwent the same testing as v1: > https://marc.info/?l=linux-kernel&m=150643571406022&w=2 > > v1 (from rfc): > > - Re-arrange patchset order, push smaller fixes to the front > - Add a check so that round_pipe_size(size < pipe_min_size) will round > up to round_pipe_size(pipe_min_size) as per man page [RD] > - Add new procfs proc_dopipe_max_size() and helpers to consolidate user > space read / type validation / rounding / assignment [MP] > > v2: > - Fix !CONFIG_PROC_SYSCTL build case [buildbots] > > v3: > - s/proc_dointvec_minmax/proc_dopipe_max_size/ in comment > preceding pipe_proc_fn() > - Added a fourth patch to address -ERANGE vs. -EINVAL inconsistencies in > do_proc_douintvec_minmax_conv() and do_proc_dopipe_max_size_conv(). > > Joe Lawrence (4): > pipe: match pipe_max_size data type with procfs > pipe: avoid round_pipe_size() nr_pages overflow on 32-bit > pipe: add proc_dopipe_max_size() to safely assign pipe_max_size > sysctl: check for UINT_MAX before unsigned int min/max > > fs/pipe.c | 23 ++++++++++--------- > include/linux/pipe_fs_i.h | 1 + > include/linux/sysctl.h | 3 +++ > kernel/sysctl.c | 57 ++++++++++++++++++++++++++++++++++++++++++++--- > 4 files changed, 70 insertions(+), 14 deletions(-) > > -- > 1.8.3.1 >