On 9/10/18 5:58 PM, Geo Kozey wrote: > I think you may consider disabling CONFIG_PANIC_ON_OOPS in linux-hardened > default config. Preventing users from being able to debug and report their > issues upstream or even discouraging them from using linux-hardend at all is > quite a big cost of it. Asking users to recompile their kernels every time they want > to investigate their issues is also a little too much. > > There is "oops=panic" cmdline which everyone can use and which is much more > flexible to switch between debug/non-debug mode than recompiling. I don't think > adding something to cmdline is beyond capabilities of Arch users, especially if > they're interested in security. > > Yours sincerely > > G. K. > I think you are totally missing the point, everyone can happily debug, bisect and get proper crash information. The problem is reporting upstream, which won't be accepted if you use anything but a vanilla kernel (which hardened isn't as it provides custom patches). If you want to approach upstream then reproducing the same thing on the vanilla kernel is the only option you have, otherwise it will be rejected. cheers, Levente
Attachment:
signature.asc
Description: OpenPGP digital signature
