On 9/10/18 1:43 PM, Carsten Mattner wrote:
On 9/10/18, Levente Polyak via arch-general firstname.lastname@example.org wrote:
Just a crazy idea but how about contributing back instead of just complaining? People on the bug tracker always help guiding how to report upstream or finding relevant commits. Yeah, i know it takes a while to compile, but it's not that complicated:
- take a look at the panic in hardened
- peek the code around it to find out which of the protective config values may have triggered it (if not already obvious from the panic)
- reproduce on stock/vanilla kernel by building it including the responsible configs
- report upstream using the gathered information of the vanilla kernel
- bonus points for git bisecting the commit that broke it
This would not only contribute to make hardened run on your or similar setups, all vanilla linux users would benefit by helping to fix a bug that can or does result in a corruption.
I did and do. I have open bugs in freedesktop and kernel bugzilla which are not resolved and in NEW state for months and years. These are usually regressions in drivers due to the Linux driver packaging model and insufficient testing on supported hardware configurations. What happens is that a driver that works flawlessly on hardware rev-1.8 suddenly starts misbehaving with a newer kernel that has seen improvements, refactorings, and support for newer hardware. It's most prominent in the graphics stack, which is complex, hard to test, and easy to break. I don't blame the developers for having a hard time, I'm discouraged stable drivers for old hardware get regressions and stop being tested as well as hardware of years -2/+2 years.
Therefore, I hope you don't mind if my frustration level with the issues I'm tracking right now is high enough that I'm not in the mood to debug and track issues I can avoid by using a different stable kernel branch.
Nice to hear that you do or at least did, bear with me for overgeneralizing in in your case.
However, the point of my whole response was that you are most definitively triggering/encountering the very same bug on the stock kernel, stock variant just tries to go ahead instead of panic, which means it may result in corruption and possibly killing kittens. Whatever is encountered there is at least a "regular regression" and possibly could provide surface for exploitation.
If you are not using linux-lts you are pretty much using the very same stable branch/tag in linux-hardened that vanilla linux uses so there is no "different stable kernel branch". If former is the case you can pretty much blame vanilla linux package to an equal amount as the hardened variant for being buggy.