lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <9CCDBE93-7DBD-41D0-B9B6-05900F2AB1EE@outflux.net>
Date: Mon, 25 Aug 2025 15:31:34 -0400
From: Kees Cook <kees@...flux.net>
To: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>,
        Kees Cook <kees@...nel.org>
CC: Peter Zijlstra <peterz@...radead.org>,
        Sami Tolvanen <samitolvanen@...gle.com>,
        Linus Walleij <linus.walleij@...aro.org>,
        Mark Rutland <mark.rutland@....com>,
        Puranjay Mohan <puranjay@...nel.org>,
        David Woodhouse <dwmw2@...radead.org>,
        Jonathan Corbet <corbet@....net>,
        Nathan Chancellor <nathan@...nel.org>, x86@...nel.org,
        linux-doc@...r.kernel.org, linux-kbuild@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org, linux-riscv@...ts.infradead.org,
        llvm@...ts.linux.dev, linux-hardening@...r.kernel.org
Subject: Re: [PATCH 5/5] kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI



On August 25, 2025 1:00:22 PM EDT, Miguel Ojeda <miguel.ojeda.sandonis@...il.com> wrote:
>On Mon, Aug 25, 2025 at 5:35 PM Kees Cook <kees@...nel.org> wrote:
>>
>> Yeah, that's a good idea. What the right way to do that?
>>
>> config CFI_CLANG
>>         bool "Use Clang's Control Flow Integrity (CFI)"
>>         depends on ARCH_SUPPORTS_CFI
>>         select CFI
>>
>> ?
>
>I don't recall what is the idiomatic solution for renames, but I
>remember Linus talking about this topic and about avoiding losing old
>values if possible (perhaps getting a new question in `oldconfig` is
>OK as long as the `olddefconfig` respects the old value).
>
>I think your suggestion above will still make it appear twice in
>`menuconfig` -- there may be a way to play with visibility to make it
>better.
>
>A simple possibility I can think of (assuming it works) is having the
>CFI symbol for the time being introduced just as a `def_bool
>CFI_CLANG` for a few releases so that people get the new one in their
>configs.

Ah, I think this works:

config CFI_CLANG
    bool

config CFI
    bool "...."
    default CFI_CLANG

I will add that for v2.

-Kees

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ