On 9/10/18 5:58 PM, Geo Kozey wrote:
I think you may consider disabling CONFIG_PANIC_ON_OOPS in linux-hardened default config. Preventing users from being able to debug and report their issues upstream or even discouraging them from using linux-hardend at all is quite a big cost of it. Asking users to recompile their kernels every time they want to investigate their issues is also a little too much.
There is "oops=panic" cmdline which everyone can use and which is much more flexible to switch between debug/non-debug mode than recompiling. I don't think adding something to cmdline is beyond capabilities of Arch users, especially if they're interested in security.
Yours sincerely
G. K.
I think you are totally missing the point, everyone can happily debug, bisect and get proper crash information. The problem is reporting upstream, which won't be accepted if you use anything but a vanilla kernel (which hardened isn't as it provides custom patches). If you want to approach upstream then reproducing the same thing on the vanilla kernel is the only option you have, otherwise it will be rejected. cheers, Levente