From: Alexander Popov <alex.popov@linux.com>
Date: Tue, 14 Jan 2020 09:35:38 +0000 (+0300)
Subject: Answer the question about CONFIG_PANIC_ON_OOPS
X-Git-Tag: v0.5.5~47
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=33edfd997cf13957c2c88714dbc4b6a80c8475a9;hp=981bd163fa19fccbc5ce5d4182e639d67e484475;p=kconfig-hardened-check.git

Answer the question about CONFIG_PANIC_ON_OOPS

Thanks to @madaidan
Refers to #29
---

diff --git a/README.md b/README.md
index 63d7952..5801b69 100644
--- a/README.md
+++ b/README.md
@@ -215,6 +215,13 @@ __Q:__ Why `CONFIG_GCC_PLUGINS` is automatically disabled during the kernel comp
 __A:__ It means that your gcc doesn't support plugins. For example, if you have `gcc-7` on Ubuntu,
 try to install `gcc-7-plugin-dev` package, it should help.
 
+<br />
+
+__Q:__ KSPP and CLIP OS recommend `CONFIG_PANIC_ON_OOPS=y`. Why doesn't this tool do the same?
+
+__A:__ I personally don't support this recommendation because it provides easy denial-of-service
+attacks for the whole system (kernel oops is not a rare situation). I think having `CONFIG_BUG` is enough here --
+if we have a kernel oops in the process context, the offending/attacking process is killed.
 
 [1]: http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
 [2]: https://docs.clip-os.org/clipos/kernel.html#configuration