Re: [PATCH v2 1/2] seccomp: notify user trap about unused filter

From: Kees Cook
Date: Fri May 29 2020 - 04:02:31 EST


On Fri, May 29, 2020 at 09:47:44AM +0200, Christian Brauner wrote:
> Well the correct way would probably be:
> "usage" -> "refs"
> "live" -> "users"

Yeah, I like it! :)

> So we'd need a first patch to convert "usage" to "refs" and then
> introduce "users".

Yup, sounds right.

> > signal_struct has "sigcnt" and "live". I find "sigcnt" to be an
> > unhelpful name too. (And why isn't it refcount_t?)
>
> I think I once looked that up and there was some sort of "not needed, no
> gain" style rationale.

hrm. it uses _inc and _dec_and_test... imo, that should make it be a
refcount_t. Even if we're not protecting some clear UAF issue, it's
still good to notification of potential bugs.

--
Kees Cook