On 28 April 2016 at 23:30, Andrew Morton <a...@linux-foundation.org> wrote: > On Thu, 28 Apr 2016 21:04:18 +0200 Mathias Krause <mini...@googlemail.com> > wrote: > >> If /proc/<PID>/environ gets read before the envp[] array is fully set >> up in create_{aout,elf,elf_fdpic,flat}_tables(), we might end up trying >> to read more bytes than are actually written, as env_start will already >> be set but env_end will still be zero, making the range calculation >> underflow, allowing to read beyond the end of what has been written. >> >> Fix this as it is done for /proc/<PID>/cmdline by testing env_end for >> zero. It is, apparently, intentionally set last in create_*_tables(). > > Also, if this is indeed our design then > > a) the various create_*_tables() should have comments in there which > explain this subtlety to the reader. Or, better, they use a common > helper function for this readiness-signaling operation because.. > > b) we'll need some barriers there to ensure that the environ_read() > caller sees the create_*_tables() writes in the correct order.
I totally agree that this kind of "synchronization" is rather fragile. Adding comments won't help much, I fear. Rather a dedicated flag, signaling "process ready for inspection" may be needed. So far, that's what env_end is (ab-)used for. Regards, Mathias