Re: [PATCH 6/7] pipe: simplify round_pipe_size()

Linux-Fsdevel Archive on lore.kernel.org
help / color / mirror / Atom feed

From: Kees Cook <keescook@chromium.org>
To: Eric Biggers <ebiggers3@gmail.com>
Cc: "linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Joe Lawrence <joe.lawrence@redhat.com>,
	Michael Kerrisk <mtk.manpages@gmail.com>,
	Willy Tarreau <w@1wt.eu>, Mikulas Patocka <mpatocka@redhat.com>,
	"Luis R . Rodriguez" <mcgrof@kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Eric Biggers <ebiggers@google.com>
Subject: Re: [PATCH 6/7] pipe: simplify round_pipe_size()
Date: Tue, 9 Jan 2018 14:27:10 -0800	[thread overview]
Message-ID: <CAGXu5jJ=fPOd9fmZbB0bd8C1JqazDgHCP2RsNDW0_xa9W41Vvg@mail.gmail.com> (raw)
In-Reply-To: <20180108053542.6472-7-ebiggers3@gmail.com>

On Sun, Jan 7, 2018 at 9:35 PM, Eric Biggers <ebiggers3@gmail.com> wrote:
> From: Eric Biggers <ebiggers@google.com>
>
> round_pipe_size() calculates the number of pages the requested size
> corresponds to, then rounds the page count up to the next power of 2.
>
> However, it also rounds everything < PAGE_SIZE up to PAGE_SIZE.
> Therefore, there's no need to actually translate the size into a page
> count; we just need to round the size up to the next power of 2.
>
> We do need to verify that bit 31 isn't set, since on 32-bit systems
> roundup_pow_of_two() would be undefined in that case.  But that can just
> be combined with the UINT_MAX check which we need anyway now.
>
> Finally, also remove the check for '!nr_pages' in pipe_set_size(), since
> round_pipe_size() always returns either 0 or a multiple of PAGE_SIZE.
>
> Signed-off-by: Eric Biggers <ebiggers@google.com>
> ---
>  fs/pipe.c | 15 +++------------
>  1 file changed, 3 insertions(+), 12 deletions(-)
>
> diff --git a/fs/pipe.c b/fs/pipe.c
> index f1ee1e599495..774cafd947dc 100644
> --- a/fs/pipe.c
> +++ b/fs/pipe.c
> @@ -1022,20 +1022,14 @@ const struct file_operations pipefifo_fops = {
>   */
>  unsigned int round_pipe_size(unsigned long size)
>  {
> -       unsigned long nr_pages;
> -
> -       if (size > UINT_MAX)
> +       if (size > (1U << 31))
>                 return 0;
>
>         /* Minimum pipe size, as required by POSIX */
>         if (size < PAGE_SIZE)
> -               size = PAGE_SIZE;
> -
> -       nr_pages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
> -       if (nr_pages == 0)
> -               return 0;
> +               return PAGE_SIZE;
>
> -       return roundup_pow_of_two(nr_pages) << PAGE_SHIFT;
> +       return roundup_pow_of_two(size);
>  }
>
>  /*

Above looks good.

> @@ -1054,9 +1048,6 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long arg)
>                 return -EINVAL;
>         nr_pages = size >> PAGE_SHIFT;
>
> -       if (!nr_pages)
> -               return -EINVAL;
> -

I would just leave this hunk anyway: it's defensive for any future
changes. Maybe add a comment describing why it's currently redundant?

-Kees

>         /*
>          * If trying to increase the pipe capacity, check that an
>          * unprivileged user is not trying to exceed various limits
> --
> 2.15.1
>



-- 
Kees Cook
Pixel Security

next prev parent reply	other threads:[~2018-01-09 22:27 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-08  5:35 [PATCH 0/7] pipe: buffer limits fixes and cleanups Eric Biggers
2018-01-08  5:35 ` [PATCH 1/7] pipe, sysctl: drop 'min' parameter from pipe-max-size converter Eric Biggers
2018-01-09 22:20   ` Kees Cook
2018-01-10  2:29     ` Eric Biggers
2018-01-10 17:30       ` Kees Cook
2018-01-08  5:35 ` [PATCH 2/7] pipe, sysctl: remove pipe_proc_fn() Eric Biggers
2018-01-08  5:35 ` [PATCH 3/7] pipe: actually allow root to exceed the pipe buffer limits Eric Biggers
2018-01-09 22:23   ` Kees Cook
2018-01-10  2:34     ` Eric Biggers
2018-01-08  5:35 ` [PATCH 4/7] pipe: fix off-by-one error when checking " Eric Biggers
2018-01-08  6:42   ` Willy Tarreau
2018-01-08  5:35 ` [PATCH 5/7] pipe: reject F_SETPIPE_SZ with size over UINT_MAX Eric Biggers
2018-01-09 22:24   ` Kees Cook
2018-01-08  5:35 ` [PATCH 6/7] pipe: simplify round_pipe_size() Eric Biggers
2018-01-09 22:27   ` Kees Cook [this message]
2018-01-10  2:52     ` Eric Biggers
2018-01-10  3:13       ` Kees Cook
2018-01-08  5:35 ` [PATCH 7/7] pipe: read buffer limits atomically Eric Biggers
2018-01-09 22:27   ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAGXu5jJ=fPOd9fmZbB0bd8C1JqazDgHCP2RsNDW0_xa9W41Vvg@mail.gmail.com' \
    --to=keescook@chromium.org \
    --cc=ebiggers3@gmail.com \
    --cc=ebiggers@google.com \
    --cc=joe.lawrence@redhat.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mcgrof@kernel.org \
    --cc=mpatocka@redhat.com \
    --cc=mtk.manpages@gmail.com \
    --cc=viro@zeniv.linux.org.uk \
    --cc=w@1wt.eu \
    --subject='Re: [PATCH 6/7] pipe: simplify round_pipe_size()' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).