Re: [PATCH 4/8] pipe: fix limit checking in pipe_set_size()

[Michael Kerrisk (man-pages)]

On 08/21/2016 10:33 PM, Vegard Nossum wrote:
> On 08/20/2016 01:17 AM, Michael Kerrisk (man-pages) wrote:
>> On 08/20/2016 08:56 AM, Michael Kerrisk (man-pages) wrote:
>>> On 08/19/2016 08:30 PM, Vegard Nossum wrote:
>>>> Is there any reason why we couldn't do the (size > pipe_max_size) check
>>>> before calling account_pipe_buffers()?
>>>
>>> No reason that I can see. Just a little more work to be done in the
>>> code, I think.
>>
>> And, just so I make sure we're understanding each other... I assume you
>> mean changing the code here to something like:
> [...]
>>         if (nr_pages > pipe->buffers &&
>>                         size > pipe_max_size && !capable(CAP_SYS_RESOURCE))
>>                 return -EPERM;
>>
>>         user_bufs = account_pipe_buffers(pipe->user, pipe->buffers, nr_pages);
>>
>>         if (nr_pages > pipe->buffers &&
>>                         too_many_pipe_buffers_hard(user_bufs ||
>>                         too_many_pipe_buffers_soft(user_bufs)) &&
>>                         !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) {
>>                 ret = -EPERM;
>>                 goto out_revert_acct;
>>         }
>>
>> Right?
> 
> Yup, that's what I had in mind.

Okay -- changed.

> (The parantheses are messed up though.)

Yup, was just a quick untested edit to make sure we meant the same thing.

Thanks,

Michael


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/