From f79c392ce3041e55f9e54224b60c563891fd3bc8 Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Mon, 20 Nov 2017 15:33:23 +0000
Subject: [PATCH] kernel: Enable REFCOUNT_FULL on kernels supporting it

REFCOUNT_FULL enables full reference count validation. There is a
potential slow down but ti protects against certain use-after-free
attacks.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 kernel/config-4.13.x-aarch64 | 2 +-
 kernel/config-4.13.x-x86_64  | 2 +-
 kernel/config-4.14.x-aarch64 | 2 +-
 kernel/config-4.14.x-x86_64  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/kernel/config-4.13.x-aarch64 b/kernel/config-4.13.x-aarch64
index b6e477048..4ab210e3f 100644
--- a/kernel/config-4.13.x-aarch64
+++ b/kernel/config-4.13.x-aarch64
@@ -284,7 +284,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
 CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
 CONFIG_STRICT_MODULE_RWX=y
-# CONFIG_REFCOUNT_FULL is not set
+CONFIG_REFCOUNT_FULL=y
 
 #
 # GCOV-based kernel profiling
diff --git a/kernel/config-4.13.x-x86_64 b/kernel/config-4.13.x-x86_64
index 0a6d24205..ffdf51f47 100644
--- a/kernel/config-4.13.x-x86_64
+++ b/kernel/config-4.13.x-x86_64
@@ -339,7 +339,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
 CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
 CONFIG_STRICT_MODULE_RWX=y
-# CONFIG_REFCOUNT_FULL is not set
+CONFIG_REFCOUNT_FULL=y
 
 #
 # GCOV-based kernel profiling
diff --git a/kernel/config-4.14.x-aarch64 b/kernel/config-4.14.x-aarch64
index 0faa0ca9d..8833c94b0 100644
--- a/kernel/config-4.14.x-aarch64
+++ b/kernel/config-4.14.x-aarch64
@@ -289,7 +289,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
 CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
 CONFIG_STRICT_MODULE_RWX=y
-# CONFIG_REFCOUNT_FULL is not set
+CONFIG_REFCOUNT_FULL=y
 
 #
 # GCOV-based kernel profiling
diff --git a/kernel/config-4.14.x-x86_64 b/kernel/config-4.14.x-x86_64
index a11d00e58..053c7d103 100644
--- a/kernel/config-4.14.x-x86_64
+++ b/kernel/config-4.14.x-x86_64
@@ -343,7 +343,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
 CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
 CONFIG_STRICT_MODULE_RWX=y
-# CONFIG_REFCOUNT_FULL is not set
+CONFIG_REFCOUNT_FULL=y
 
 #
 # GCOV-based kernel profiling