pipe: set lower and upper limit on max pages in the pipe page array

[safe/jmp/linux-2.6] / fs / pipe.c

diff --git a/fs/pipe.c b/fs/pipe.c
index 054b8a6..d79872e 100644 (file)
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -19,11 +19,18 @@
 #include <linux/pagemap.h>
 #include <linux/audit.h>
 #include <linux/syscalls.h>
+#include <linux/fcntl.h>
 
 #include <asm/uaccess.h>
 #include <asm/ioctls.h>
 
 /*
+ * The max size that a non-root user is allowed to grow the pipe. Can
+ * be set by root in /proc/sys/fs/pipe-max-pages
+ */
+unsigned int pipe_max_pages = PIPE_DEF_BUFFERS * 16;
+
+/*
  * We use a start+len construction, which provides full use of the 
  * allocated memory.
  * -- Florian Coosmann (FGC)
@@ -1162,6 +1169,14 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
 
        switch (cmd) {
        case F_SETPIPE_SZ:
+               if (!capable(CAP_SYS_ADMIN) && arg > pipe_max_pages)
+                       return -EINVAL;
+               /*
+                * The pipe needs to be at least 2 pages large to
+                * guarantee POSIX behaviour.
+                */
+               if (arg < 2)
+                       return -EINVAL;
                ret = pipe_set_size(pipe, arg);
                break;
        case F_GETPIPE_SZ: