kernel: Enable REFCOUNT_FULL on kernels supporting it

REFCOUNT_FULL enables full reference count validation. There is a potential slow down but ti protects against certain use-after-free attacks. Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
2025-07-20 01:29:07 +00:00 · 2017-11-20 15:33:23 +00:00 · 2017-11-20 15:33:23 +00:00 · f79c392ce3
commit f79c392ce3
parent 66342d0646
4 changed files with 4 additions and 4 deletions
--- a/kernel/config-4.13.x-aarch64
+++ b/kernel/config-4.13.x-aarch64
@ -284,7 +284,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
 CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
 CONFIG_STRICT_MODULE_RWX=y
-# CONFIG_REFCOUNT_FULL is not set
+CONFIG_REFCOUNT_FULL=y

 #
 # GCOV-based kernel profiling
--- a/kernel/config-4.13.x-x86_64
+++ b/kernel/config-4.13.x-x86_64
@ -339,7 +339,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
 CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
 CONFIG_STRICT_MODULE_RWX=y
-# CONFIG_REFCOUNT_FULL is not set
+CONFIG_REFCOUNT_FULL=y

 #
 # GCOV-based kernel profiling
--- a/kernel/config-4.14.x-aarch64
+++ b/kernel/config-4.14.x-aarch64
@ -289,7 +289,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
 CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
 CONFIG_STRICT_MODULE_RWX=y
-# CONFIG_REFCOUNT_FULL is not set
+CONFIG_REFCOUNT_FULL=y

 #
 # GCOV-based kernel profiling
--- a/kernel/config-4.14.x-x86_64
+++ b/kernel/config-4.14.x-x86_64
@ -343,7 +343,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
 CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
 CONFIG_STRICT_MODULE_RWX=y
-# CONFIG_REFCOUNT_FULL is not set
+CONFIG_REFCOUNT_FULL=y

 #
 # GCOV-based kernel profiling