From: Randy Dunlap <rdunlap@infradead.org>
To: Kees Cook <kees@kernel.org>, Nathan Chancellor <nathan@kernel.org>
Cc: Nicolas Schier <nicolas.schier@linux.dev>,
Jonathan Corbet <corbet@lwn.net>,
Masahiro Yamada <masahiroy@kernel.org>,
Arnd Bergmann <arnd@arndb.de>,
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>,
linux-kbuild@vger.kernel.org, linux-doc@vger.kernel.org,
Miguel Ojeda <ojeda@kernel.org>,
Stephen Brennan <stephen.s.brennan@oracle.com>,
Marco Bonelli <marco@mebeim.net>, Petr Vorel <pvorel@suse.cz>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v2] kconfig: Add transitional symbol attribute for migration support
Date: Mon, 1 Sep 2025 09:39:46 -0700 [thread overview]
Message-ID: <a123ab8b-a335-48a1-9ac3-e3b348d78cd1@infradead.org> (raw)
In-Reply-To: <20250830020109.it.598-kees@kernel.org>
Hi Kees,
On 8/29/25 7:01 PM, Kees Cook wrote:
> During kernel option migrations (e.g. CONFIG_CFI_CLANG to CONFIG_CFI),
> existing .config files need to maintain backward compatibility while
> preventing deprecated options from appearing in newly generated
> configurations. This is challenging with existing Kconfig mechanisms
> because:
>
> 1. Simply removing old options breaks existing .config files.
> 2. Manually listing an option as "deprecated" leaves it needlessly
> visible and still writes them to new .config files.
> 3. Using any method to remove visibility (.e.g no 'prompt', 'if n',
> etc) prevents the option from being processed at all.
>
> Add a "transitional" attribute that creates symbols which are:
> - Processed during configuration (can influence other symbols' defaults)
> - Hidden from user menus (no prompts appear)
> - Omitted from newly written .config files (gets migrated)
> - Restricted to only having help sections (no defaults, selects, etc)
> making it truly just a "prior value pass-through" option.
>
> The transitional syntax requires a type argument and prevents type
> redefinition:
>
> config OLD_OPTION
> transitional bool
> help
> Transitional config for OLD_OPTION migration.
>
> config NEW_OPTION
> bool "New option"
> default OLD_OPTION
>
> This allows seamless migration: olddefconfig processes existing
> CONFIG_OLD_OPTION=y settings to enable CONFIG_NEW_OPTION=y, while
> CONFIG_OLD_OPTION is omitted from newly generated .config files.
>
> Implementation details:
> - Parser validates transitional symbols can only have help sections
> - Symbol visibility logic updated: usable = (visible != no || transitional)
> - Transitional symbols preserve user values during configuration
> - Type safety enforced to prevent redefinition after transitional declaration
> - Used distinct struct members instead of new flags for readability
> - Documentation added to show the usage
>
> Signed-off-by: Kees Cook <kees@kernel.org>
> ---
> With help from Claude Code to show me how to navigate the kconfig parser.
Are you (implicitly?) saying that all previous attempts at transitional
kconfig symbols have failed? If so, I just wasn't aware of that.
Or is there some new prime directive that requires this?
Thanks.
--
~Randy
next prev parent reply other threads:[~2025-09-01 16:39 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-30 2:01 [PATCH v2] kconfig: Add transitional symbol attribute for migration support Kees Cook
2025-09-01 8:34 ` Vegard Nossum
2025-09-01 16:56 ` Kees Cook
2025-09-01 18:20 ` Vegard Nossum
2025-09-01 18:31 ` Kees Cook
2025-09-01 18:44 ` Vegard Nossum
2025-09-04 2:51 ` Kees Cook
2025-09-04 17:03 ` Vegard Nossum
2025-09-04 17:10 ` Vegard Nossum
2025-09-05 9:41 ` Vegard Nossum
2025-09-05 16:24 ` Kees Cook
2025-09-05 16:23 ` Kees Cook
2025-09-01 9:09 ` Jani Nikula
2025-09-01 16:48 ` Kees Cook
2025-09-01 16:39 ` Randy Dunlap [this message]
2025-09-01 16:45 ` Kees Cook
2025-09-01 16:54 ` Randy Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a123ab8b-a335-48a1-9ac3-e3b348d78cd1@infradead.org \
--to=rdunlap@infradead.org \
--cc=arnd@arndb.de \
--cc=corbet@lwn.net \
--cc=kees@kernel.org \
--cc=krzysztof.kozlowski@linaro.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marco@mebeim.net \
--cc=masahiroy@kernel.org \
--cc=nathan@kernel.org \
--cc=nicolas.schier@linux.dev \
--cc=ojeda@kernel.org \
--cc=pvorel@suse.cz \
--cc=stephen.s.brennan@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).