On 08/21/2016 10:33 PM, Vegard Nossum wrote:
> On 08/20/2016 01:17 AM, Michael Kerrisk (man-pages) wrote:
>> On 08/20/2016 08:56 AM, Michael Kerrisk (man-pages) wrote:
>>> On 08/19/2016 08:30 PM, Vegard Nossum wrote:
>>>> Is there any reason why we couldn't do the (size > pipe_max_size) check
>>>> before calling account_pipe_buffers()?
>>>
>>> No reason that I can see. Just a little more work to be done in the
>>> code, I think.
>>
>> And, just so I make sure we're understanding each other... I assume you
>> mean changing the code here to something like:
> [...]
>> if (nr_pages > pipe->buffers &&
>> size > pipe_max_size && !capable(CAP_SYS_RESOURCE))
>> return -EPERM;
>>
>> user_bufs = account_pipe_buffers(pipe->user, pipe->buffers,
>> nr_pages);
>>
>> if (nr_pages > pipe->buffers &&
>> too_many_pipe_buffers_hard(user_bufs ||
>> too_many_pipe_buffers_soft(user_bufs)) &&
>> !capable(CAP_SYS_RESOURCE) &&
>> !capable(CAP_SYS_ADMIN)) {
>> ret = -EPERM;
>> goto out_revert_acct;
>> }
>>
>> Right?
>
> Yup, that's what I had in mind.
Okay -- changed.
> (The parantheses are messed up though.)
Yup, was just a quick untested edit to make sure we meant the same thing.
Thanks,
Michael
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
