Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2335718imm; Thu, 7 Jun 2018 09:00:01 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIGQ7aWdRhgCc+hAwl6nFRzZg6CBaD78wXEajNZM0glHUq4J1VzpISD4IyN/99/I1XsK51R X-Received: by 2002:a17:902:7406:: with SMTP id g6-v6mr2600625pll.90.1528387201651; Thu, 07 Jun 2018 09:00:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528387201; cv=none; d=google.com; s=arc-20160816; b=nUnZHQf3JDRrSNQBjP6Txwj2t1DA1oVZ2PbPInRcG8SxWPtfgJZa7US8ECGFj/aqDB I7HI68/jLJVM0u7xspQ/2oEk7OUNnKVouJ0NhqcrQM87W+tapwUJ5lDjsv27ASAFivl+ 3DYof+QqWrT+B2XgXofbtaWL8rLq7rJe1FjLggaVFB1VPKgSYZ0xFGVna+98dUEuKY2E gaq4y4Hy4Hhgp5dcHsZRCeGFk7TjBGFN7OwM8GDG80d8PqbUcRv9xfAwPfPHQztc7V8n xfFG118CU62SB8uT0nXzgTguMj8PJK+BZZpAqBbijfERQqVIhVzYx/bSZBBtPTqgOVFg bcQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition :arc-authentication-results; bh=Qkhl1NJeAtBmCJ7UokhtBsoPGedaSuyXQ1rnevFLb18=; b=uwHRm+4LU6uGEyVSUI50PwHFRDsW/Mpv7r+Nstk9ZS0JwjBIvIqiw76A31u7LRQfYG 3s5yzmnapQwevFk2YTEhtVl8a/BoabYTbtpt74ZxtN4HYUAvESAdtS5V3BrAFW71gc6P L9GAga8lJ7qnBoU0N1EG45OwrjxDDXK5FaUROtYc9BvJab1dDnr0h3hKoFV4eMSjQ1c2 +yTGqI1pVukehOYjS2gukjLlFc6RHweEqNS7rz4dPFgnqWVp2hMtJdNupMBp+r/69lQA zM7oI+WkBtU5wbUTzv2RXQA6X6QMa8bF7uEqge87wWohcFdOOJWz7JCT8pkG27hoqQ7g 2IpA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b3-v6si10330919plk.584.2018.06.07.08.59.46; Thu, 07 Jun 2018 09:00:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933908AbeFGP5Z (ORCPT + 99 others); Thu, 7 Jun 2018 11:57:25 -0400 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:39386 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932876AbeFGOJI (ORCPT ); Thu, 7 Jun 2018 10:09:08 -0400 Received: from [148.252.241.226] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1fQvb7-0005fJ-Q4; Thu, 07 Jun 2018 15:09:06 +0100 Received: from ben by deadeye with local (Exim 4.91) (envelope-from ) id 1fQvb6-0002zw-6U; Thu, 07 Jun 2018 15:09:04 +0100 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "Linus Torvalds" , "Michael Kerrisk (man-pages)" , "Vegard Nossum" , "Tetsuo Handa" , "Jens Axboe" , "Willy Tarreau" , "Al Viro" , "" Date: Thu, 07 Jun 2018 15:05:21 +0100 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) Subject: [PATCH 3.16 206/410] pipe: cap initial pipe capacity according to pipe-max-size limit In-Reply-To: X-SA-Exim-Connect-IP: 148.252.241.226 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.57-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: "Michael Kerrisk (man-pages)" commit 086e774a57fba4695f14383c0818994c0b31da7c upstream. This is a patch that provides behavior that is more consistent, and probably less surprising to users. I consider the change optional, and welcome opinions about whether it should be applied. By default, pipes are created with a capacity of 64 kiB. However, /proc/sys/fs/pipe-max-size may be set smaller than this value. In this scenario, an unprivileged user could thus create a pipe whose initial capacity exceeds the limit. Therefore, it seems logical to cap the initial pipe capacity according to the value of pipe-max-size. The test program shown earlier in this patch series can be used to demonstrate the effect of the change brought about with this patch: # cat /proc/sys/fs/pipe-max-size 1048576 # sudo -u mtk ./test_F_SETPIPE_SZ 1 Initial pipe capacity: 65536 # echo 10000 > /proc/sys/fs/pipe-max-size # cat /proc/sys/fs/pipe-max-size 16384 # sudo -u mtk ./test_F_SETPIPE_SZ 1 Initial pipe capacity: 16384 # ./test_F_SETPIPE_SZ 1 Initial pipe capacity: 65536 The last two executions of 'test_F_SETPIPE_SZ' show that pipe-max-size caps the initial allocation for a new pipe for unprivileged users, but not for privileged users. Link: http://lkml.kernel.org/r/31dc7064-2a17-9c5b-1df1-4e3012ee992c@gmail.com Signed-off-by: Michael Kerrisk Reviewed-by: Vegard Nossum Cc: Willy Tarreau Cc: Cc: Tetsuo Handa Cc: Jens Axboe Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Ben Hutchings --- fs/pipe.c | 3 +++ 1 file changed, 3 insertions(+) --- a/fs/pipe.c +++ b/fs/pipe.c @@ -617,6 +617,9 @@ struct pipe_inode_info *alloc_pipe_info( if (pipe == NULL) goto out_free_uid; + if (pipe_bufs * PAGE_SIZE > pipe_max_size && !capable(CAP_SYS_RESOURCE)) + pipe_bufs = pipe_max_size >> PAGE_SHIFT; + user_bufs = account_pipe_buffers(user, 0, pipe_bufs); if (too_many_pipe_buffers_soft(user_bufs)) {