Re: [PATCH] arm64: Always use REFCOUNT_FULL

From: Al Viro
Date: Thu Sep 21 2017 - 13:45:56 EST


On Wed, Sep 20, 2017 at 01:49:59PM -0700, Kees Cook wrote:
> As discussed at the Linux Security Summit, arm64 prefers to use
> REFCOUNT_FULL by default. This enables it for the architecture.
>
> Cc: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
> Cc: hw.likun@xxxxxxxxxx
> Cc: Catalin Marinas <catalin.marinas@xxxxxxx>
> Cc: Will Deacon <will.deacon@xxxxxxx>
> Cc: linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> ---
> arch/arm64/Kconfig | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 0df64a6a56d4..9fe7a7f4c94c 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -119,6 +119,7 @@ config ARM64
> select PCI_ECAM if ACPI
> select POWER_RESET
> select POWER_SUPPLY
> + select REFCOUNT_FULL

Umm... That does a bit more than "on by default", unless I'm
misreading it. More like "on, and you can't opt out"...