On Tue, Jan 9, 2018 at 6:29 PM, Eric Biggers <ebiggers3@xxxxxxxxx> wrote: > On Tue, Jan 09, 2018 at 02:20:45PM -0800, Kees Cook wrote: >> On Sun, Jan 7, 2018 at 9:35 PM, Eric Biggers <ebiggers3@xxxxxxxxx> wrote: >> > From: Eric Biggers <ebiggers@xxxxxxxxxx> >> > >> > Before validating the given value against pipe_min_size, >> > do_proc_dopipe_max_size_conv() calls round_pipe_size(), which rounds the >> > value up to pipe_min_size. Therefore, the second check against >> > pipe_min_size is redundant. Remove it. >> >> Well, it's not redundant: it provides a hint to anyone trying to tweak >> the sysctl about the minimum value. I think this should stay, but that >> pipe_min_size should be made const. >> >> -Kees >> > > It *is* redundant, because it doesn't do anything. round_pipe_size() already > rounds the value up to the minimum. Ah, yes, I see it now. Wow are the sysctl functions convoluted here! Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> -Kees -- Kees Cook Pixel Security
