lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <56c2b1ce-00a4-403c-9927-79bfd9a23574@infradead.org>
Date: Wed, 27 Aug 2025 00:35:12 -0700
From: Randy Dunlap <rdunlap@...radead.org>
To: Nathan Chancellor <nathan@...nel.org>, Kees Cook <kees@...flux.net>
Cc: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>,
 Kees Cook <kees@...nel.org>, Peter Zijlstra <peterz@...radead.org>,
 Sami Tolvanen <samitolvanen@...gle.com>,
 Linus Walleij <linus.walleij@...aro.org>, Mark Rutland
 <mark.rutland@....com>, Puranjay Mohan <puranjay@...nel.org>,
 David Woodhouse <dwmw2@...radead.org>, Jonathan Corbet <corbet@....net>,
 x86@...nel.org, linux-doc@...r.kernel.org, linux-kbuild@...r.kernel.org,
 linux-arm-kernel@...ts.infradead.org, linux-riscv@...ts.infradead.org,
 llvm@...ts.linux.dev, linux-hardening@...r.kernel.org
Subject: Re: [PATCH 5/5] kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI



On 8/26/25 6:34 PM, Nathan Chancellor wrote:
> On Mon, Aug 25, 2025 at 03:31:34PM -0400, Kees Cook wrote:
>> On August 25, 2025 1:00:22 PM EDT, Miguel Ojeda <miguel.ojeda.sandonis@...il.com> wrote:
>>> On Mon, Aug 25, 2025 at 5:35 PM Kees Cook <kees@...nel.org> wrote:
>>>>
>>>> Yeah, that's a good idea. What the right way to do that?
>>>>
>>>> config CFI_CLANG
>>>>         bool "Use Clang's Control Flow Integrity (CFI)"
>>>>         depends on ARCH_SUPPORTS_CFI
>>>>         select CFI
>>>>
>>>> ?
>>>
>>> I don't recall what is the idiomatic solution for renames, but I
>>> remember Linus talking about this topic and about avoiding losing old
>>> values if possible (perhaps getting a new question in `oldconfig` is
>>> OK as long as the `olddefconfig` respects the old value).
>>>
>>> I think your suggestion above will still make it appear twice in
>>> `menuconfig` -- there may be a way to play with visibility to make it
>>> better.
>>>
>>> A simple possibility I can think of (assuming it works) is having the
>>> CFI symbol for the time being introduced just as a `def_bool
>>> CFI_CLANG` for a few releases so that people get the new one in their
>>> configs.
>>
>> Ah, I think this works:
>>
>> config CFI_CLANG
>>     bool
>>
>> config CFI
>>     bool "...."
>>     default CFI_CLANG
>>
>> I will add that for v2.
> 
> That does not appear to work for me. I applied
> 
> diff --git a/arch/Kconfig b/arch/Kconfig
> index c25a45d9aa96..0d3ed03c76c2 100644
> --- a/arch/Kconfig
> +++ b/arch/Kconfig
> @@ -876,8 +876,12 @@ config ARCH_SUPPORTS_CFI
>  config ARCH_USES_CFI_TRAPS
>         bool
> 
> +config CFI_CLANG
> +       bool
> +
>  config CFI
>         bool "Use Kernel Control Flow Integrity (kCFI)"
> +       default CFI_CLANG
>         depends on ARCH_SUPPORTS_CFI
>         depends on $(cc-option,-fsanitize=kcfi)
>         help
> 
> on top of this series and
> 
>   CONFIG_CFI_CLANG=y
>   # CONFIG_CFI_ICALL_NORMALIZE_INTEGERS is not set
>   # CONFIG_CFI_PERMISSIVE is not set
> 
> gets turned into
> 
>   # CONFIG_CFI is not set
> 
> after olddefconfig. CONFIG_CFI_CLANG has to be user selectable with a

Could/did you test with 'oldconfig' instead?

olddefconfig is going to use the default value from the Kconfig file,
which if CFI_CLANG which is undefined/No/Not set.

oldconfig will use the old value from the .config file.



> prompt but the only solution I can think of at the moment results in a
> duplicate prompt for Clang.
> 
> diff --git a/arch/Kconfig b/arch/Kconfig
> index c25a45d9aa96..93bf9b41a9de 100644
> --- a/arch/Kconfig
> +++ b/arch/Kconfig
> @@ -876,8 +876,17 @@ config ARCH_SUPPORTS_CFI
>  config ARCH_USES_CFI_TRAPS
>         bool
> 
> +config CFI_CLANG
> +       bool "Use Kernel Control Flow Integrity (kCFI) - Transitional" if CC_IS_CLANG
> +       select CFI
> +       depends on ARCH_SUPPORTS_CFI
> +       depends on $(cc-option,-fsanitize=kcfi)
> +       help
> +         This is a transitional symbol to CONFIG_CFI, see its help text
> +         for more information.
> +
>  config CFI
> -       bool "Use Kernel Control Flow Integrity (kCFI)"
> +       bool "Use Kernel Control Flow Integrity (kCFI)" if CC_IS_GCC
>         depends on ARCH_SUPPORTS_CFI
>         depends on $(cc-option,-fsanitize=kcfi)
>         help
> 
> Maybe that does not matter for the sake of keeping things working?
> Otherwise, we could just keep things as they are with the patch set and
> expect people to actually use oldconfig or diff the results of
> olddefconfig (which I think is good practice anyways).
> 
> Cheers,
> Nathan
> 

-- 
~Randy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ