On 08/20/2016 01:17 AM, Michael Kerrisk (man-pages) wrote:
On 08/20/2016 08:56 AM, Michael Kerrisk (man-pages) wrote:
On 08/19/2016 08:30 PM, Vegard Nossum wrote:
Is there any reason why we couldn't do the (size > pipe_max_size) check
before calling account_pipe_buffers()?
No reason that I can see. Just a little more work to be done in the
code, I think.
And, just so I make sure we're understanding each other... I assume you
mean changing the code here to something like:
[...]
if (nr_pages > pipe->buffers &&
size > pipe_max_size && !capable(CAP_SYS_RESOURCE))
return -EPERM;
user_bufs = account_pipe_buffers(pipe->user, pipe->buffers, nr_pages);
if (nr_pages > pipe->buffers &&
too_many_pipe_buffers_hard(user_bufs ||
too_many_pipe_buffers_soft(user_bufs)) &&
!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) {
ret = -EPERM;
goto out_revert_acct;
}
Right?
Yup, that's what I had in mind. (The parantheses are messed up though.)
Vegard
