From: Eric Biggers <ebiggers3@gmail.com>
To: linux-fsdevel@vger.kernel.org
Cc: Alexander Viro <viro@zeniv.linux.org.uk>,
Joe Lawrence <joe.lawrence@redhat.com>,
Michael Kerrisk <mtk.manpages@gmail.com>,
Willy Tarreau <w@1wt.eu>, Mikulas Patocka <mpatocka@redhat.com>,
"Luis R . Rodriguez" <mcgrof@kernel.org>,
Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org, Eric Biggers <ebiggers@google.com>,
stable@vger.kernel.org
Subject: [PATCH v2 4/7] pipe: fix off-by-one error when checking buffer limits
Date: Wed, 10 Jan 2018 21:28:59 -0800 [thread overview]
Message-ID: <20180111052902.14409-5-ebiggers3@gmail.com> (raw)
In-Reply-To: <20180111052902.14409-1-ebiggers3@gmail.com>
From: Eric Biggers <ebiggers@google.com>
With pipe-user-pages-hard set to 'N', users were actually only allowed
up to 'N - 1' buffers; and likewise for pipe-user-pages-soft.
Fix this to allow up to 'N' buffers, as would be expected.
Fixes: b0b91d18e2e9 ("pipe: fix limit checking in pipe_set_size()")
Cc: stable@vger.kernel.org
Acked-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
fs/pipe.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/pipe.c b/fs/pipe.c
index 847ecc388820..9f20e7128578 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -605,12 +605,12 @@ static unsigned long account_pipe_buffers(struct user_struct *user,
static bool too_many_pipe_buffers_soft(unsigned long user_bufs)
{
- return pipe_user_pages_soft && user_bufs >= pipe_user_pages_soft;
+ return pipe_user_pages_soft && user_bufs > pipe_user_pages_soft;
}
static bool too_many_pipe_buffers_hard(unsigned long user_bufs)
{
- return pipe_user_pages_hard && user_bufs >= pipe_user_pages_hard;
+ return pipe_user_pages_hard && user_bufs > pipe_user_pages_hard;
}
static bool is_unprivileged_user(void)
--
2.15.1
next prev parent reply other threads:[~2018-01-11 5:31 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-11 5:28 [PATCH v2 0/7] pipe: buffer limits fixes and cleanups Eric Biggers
2018-01-11 5:28 ` [PATCH v2 1/7] pipe, sysctl: drop 'min' parameter from pipe-max-size converter Eric Biggers
2018-01-11 5:28 ` [PATCH v2 2/7] pipe, sysctl: remove pipe_proc_fn() Eric Biggers
2018-01-11 5:28 ` [PATCH v2 3/7] pipe: actually allow root to exceed the pipe buffer limits Eric Biggers
2018-01-11 5:28 ` Eric Biggers [this message]
2018-01-11 5:29 ` [PATCH v2 5/7] pipe: reject F_SETPIPE_SZ with size over UINT_MAX Eric Biggers
2018-01-11 5:29 ` [PATCH v2 6/7] pipe: simplify round_pipe_size() Eric Biggers
2018-01-11 5:29 ` [PATCH v2 7/7] pipe: read buffer limits atomically Eric Biggers
2018-01-11 20:36 ` [PATCH v2 0/7] pipe: buffer limits fixes and cleanups Kees Cook
2018-01-11 21:41 ` Joe Lawrence
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180111052902.14409-5-ebiggers3@gmail.com \
--to=ebiggers3@gmail.com \
--cc=ebiggers@google.com \
--cc=joe.lawrence@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=mpatocka@redhat.com \
--cc=mtk.manpages@gmail.com \
--cc=stable@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.