github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-09-05 17:02:00 +00:00
Code Issues Projects Releases Wiki Activity

kernel: Enable REFCOUNT_FULL on kernels supporting it

Browse Source 
REFCOUNT_FULL enables full reference count validation. There is a
potential slow down but ti protects against certain use-after-free
attacks.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
This commit is contained in:
Rolf Neugebauer
2017-11-20 15:33:23 +00:00
parent 66342d0646
commit f79c392ce3
4 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kernel/config-4.13.x-aarch64
View File

@@ -284,7 +284,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
CONFIG_STRICT_KERNEL_RWX=y
CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
CONFIG_STRICT_MODULE_RWX=y
# CONFIG_REFCOUNT_FULL is not set
CONFIG_REFCOUNT_FULL=y
#
# GCOV-based kernel profiling

2
kernel/config-4.13.x-x86_64
View File

@@ -339,7 +339,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
CONFIG_STRICT_KERNEL_RWX=y
CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
CONFIG_STRICT_MODULE_RWX=y
# CONFIG_REFCOUNT_FULL is not set
CONFIG_REFCOUNT_FULL=y
#
# GCOV-based kernel profiling

2
kernel/config-4.14.x-aarch64
View File

@@ -289,7 +289,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
CONFIG_STRICT_KERNEL_RWX=y
CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
CONFIG_STRICT_MODULE_RWX=y
# CONFIG_REFCOUNT_FULL is not set
CONFIG_REFCOUNT_FULL=y
#
# GCOV-based kernel profiling

2
kernel/config-4.14.x-x86_64
View File

@@ -343,7 +343,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
CONFIG_STRICT_KERNEL_RWX=y
CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
CONFIG_STRICT_MODULE_RWX=y
# CONFIG_REFCOUNT_FULL is not set
CONFIG_REFCOUNT_FULL=y
#
# GCOV-based kernel profiling