From 33edfd997cf13957c2c88714dbc4b6a80c8475a9 Mon Sep 17 00:00:00 2001 From: Alexander Popov Date: Tue, 14 Jan 2020 12:35:38 +0300 Subject: [PATCH] Answer the question about CONFIG_PANIC_ON_OOPS Thanks to @madaidan Refers to #29 --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 63d7952..5801b69 100644 --- a/README.md +++ b/README.md @@ -215,6 +215,13 @@ __Q:__ Why `CONFIG_GCC_PLUGINS` is automatically disabled during the kernel comp __A:__ It means that your gcc doesn't support plugins. For example, if you have `gcc-7` on Ubuntu, try to install `gcc-7-plugin-dev` package, it should help. +
+ +__Q:__ KSPP and CLIP OS recommend `CONFIG_PANIC_ON_OOPS=y`. Why doesn't this tool do the same? + +__A:__ I personally don't support this recommendation because it provides easy denial-of-service +attacks for the whole system (kernel oops is not a rare situation). I think having `CONFIG_BUG` is enough here -- +if we have a kernel oops in the process context, the offending/attacking process is killed. [1]: http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings [2]: https://docs.clip-os.org/clipos/kernel.html#configuration -- 2.31.1