Default panic_on_warn to 1
This replaces WARN () with panic(), which is useful because many security features like CONFIG_DEBUG_CREDENTIALS and CONFIG_DEBUG_LIST trigger a WARN () upon violation. These are enabled by default in Debian’s kernel config, IIRC, but are not particularly useful for security unless the system panics when violations are detected. Unlike panic_on_oops=1, this probably won’t cause lots of issues for people with flaky hardware. Additionally, many miscellaneous cases which should never be hit in the kernel have WARN ()s, even when they can lead to degraded system security.
This can be enabled either with the boot parameter “panic_on_warn”, or by setting the sysctl “kernel.panic_on_warn=1”.
- Related to #11886 (closed)