On Thu, Sep 21, 2017 at 10:45 AM, Al Viro <[email protected]> wrote: > On Wed, Sep 20, 2017 at 01:49:59PM -0700, Kees Cook wrote: >> As discussed at the Linux Security Summit, arm64 prefers to use >> REFCOUNT_FULL by default. This enables it for the architecture. >> >> Cc: Ard Biesheuvel <[email protected]> >> Cc: [email protected] >> Cc: Catalin Marinas <[email protected]> >> Cc: Will Deacon <[email protected]> >> Cc: [email protected] >> Signed-off-by: Kees Cook <[email protected]> >> --- >> arch/arm64/Kconfig | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig >> index 0df64a6a56d4..9fe7a7f4c94c 100644 >> --- a/arch/arm64/Kconfig >> +++ b/arch/arm64/Kconfig >> @@ -119,6 +119,7 @@ config ARM64 >> select PCI_ECAM if ACPI >> select POWER_RESET >> select POWER_SUPPLY >> + select REFCOUNT_FULL > > Umm... That does a bit more than "on by default", unless I'm > misreading it. More like "on, and you can't opt out"...
True, I should rephrase it to say "arm64 maintainers perfer to use REFCOUNT_FULL unconditionally". -Kees -- Kees Cook Pixel Security
