From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752863AbcHUKfd (ORCPT ); Sun, 21 Aug 2016 06:35:33 -0400 Received: from userp1050.oracle.com ([156.151.31.82]:25907 "EHLO userp1050.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752189AbcHUKfb (ORCPT ); Sun, 21 Aug 2016 06:35:31 -0400 Subject: Re: [PATCH 4/8] pipe: fix limit checking in pipe_set_size() To: "Michael Kerrisk (man-pages)" , Andrew Morton References: <67ce15aa-cf43-0c89-d079-2d966177c56d@gmail.com> <7f0732a9-6172-e92d-7c5b-473b769fe37e@gmail.com> <57B6C3B7.2000903@oracle.com> Cc: Willy Tarreau , socketpair@gmail.com, Tetsuo Handa , Jens Axboe , Al Viro , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org From: Vegard Nossum Message-ID: Date: Sun, 21 Aug 2016 12:33:44 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Source-IP: userp1040.oracle.com [156.151.31.81] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 08/20/2016 01:17 AM, Michael Kerrisk (man-pages) wrote: > On 08/20/2016 08:56 AM, Michael Kerrisk (man-pages) wrote: >> On 08/19/2016 08:30 PM, Vegard Nossum wrote: >>> Is there any reason why we couldn't do the (size > pipe_max_size) check >>> before calling account_pipe_buffers()? >> >> No reason that I can see. Just a little more work to be done in the >> code, I think. > > And, just so I make sure we're understanding each other... I assume you > mean changing the code here to something like: [...] > if (nr_pages > pipe->buffers && > size > pipe_max_size && !capable(CAP_SYS_RESOURCE)) > return -EPERM; > > user_bufs = account_pipe_buffers(pipe->user, pipe->buffers, nr_pages); > > if (nr_pages > pipe->buffers && > too_many_pipe_buffers_hard(user_bufs || > too_many_pipe_buffers_soft(user_bufs)) && > !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) { > ret = -EPERM; > goto out_revert_acct; > } > > Right? Yup, that's what I had in mind. (The parantheses are messed up though.) Vegard From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vegard Nossum Subject: Re: [PATCH 4/8] pipe: fix limit checking in pipe_set_size() Date: Sun, 21 Aug 2016 12:33:44 +0200 Message-ID: References: <67ce15aa-cf43-0c89-d079-2d966177c56d@gmail.com> <7f0732a9-6172-e92d-7c5b-473b769fe37e@gmail.com> <57B6C3B7.2000903@oracle.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: "Michael Kerrisk (man-pages)" , Andrew Morton Cc: Willy Tarreau , socketpair-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org, Tetsuo Handa , Jens Axboe , Al Viro , linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: linux-api@vger.kernel.org On 08/20/2016 01:17 AM, Michael Kerrisk (man-pages) wrote: > On 08/20/2016 08:56 AM, Michael Kerrisk (man-pages) wrote: >> On 08/19/2016 08:30 PM, Vegard Nossum wrote: >>> Is there any reason why we couldn't do the (size > pipe_max_size) check >>> before calling account_pipe_buffers()? >> >> No reason that I can see. Just a little more work to be done in the >> code, I think. > > And, just so I make sure we're understanding each other... I assume you > mean changing the code here to something like: [...] > if (nr_pages > pipe->buffers && > size > pipe_max_size && !capable(CAP_SYS_RESOURCE)) > return -EPERM; > > user_bufs = account_pipe_buffers(pipe->user, pipe->buffers, nr_pages); > > if (nr_pages > pipe->buffers && > too_many_pipe_buffers_hard(user_bufs || > too_many_pipe_buffers_soft(user_bufs)) && > !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) { > ret = -EPERM; > goto out_revert_acct; > } > > Right? Yup, that's what I had in mind. (The parantheses are messed up though.) Vegard