From: Nathan Chancellor <nathan@kernel.org>
To: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
Cc: Randy Dunlap <rdunlap@infradead.org>,
Kees Cook <kees@outflux.net>, Kees Cook <kees@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Sami Tolvanen <samitolvanen@google.com>,
Linus Walleij <linus.walleij@linaro.org>,
Mark Rutland <mark.rutland@arm.com>,
Puranjay Mohan <puranjay@kernel.org>,
David Woodhouse <dwmw2@infradead.org>,
Jonathan Corbet <corbet@lwn.net>,
x86@kernel.org, linux-doc@vger.kernel.org,
linux-kbuild@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-riscv@lists.infradead.org, llvm@lists.linux.dev,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH 5/5] kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI
Date: Thu, 28 Aug 2025 13:19:15 -0700 [thread overview]
Message-ID: <20250828201915.GA219815@ax162> (raw)
In-Reply-To: <CANiq72nX7d3XQtQKDdeUh2RFy5HqSg360m4pzesJyBP+y9K7FA@mail.gmail.com>
On Thu, Aug 28, 2025 at 02:11:51PM +0200, Miguel Ojeda wrote:
> On Wed, Aug 27, 2025 at 9:38 PM Nathan Chancellor <nathan@kernel.org> wrote:
> > Another idea I had to avoid this is introducing CONFIG_CFI_GCC as a user
> > selectable symbol and making CONFIG_CFI the hidden symbol that both
> > compiler symbols select. After a couple of releases (or maybe the next
> > LTS), both CONFIG_CFI_CLANG and CONFIG_CFI_GCC could be eliminated with
> > CONFIG_CFI becoming user selectable, which would keep things working
> > since CONFIG_CFI=y will be present in the previous configuration.
>
> If we are OK with something like this (i.e. waiting a few releases),
> then isn't it simpler the `def_bool` approach I mentioned? i.e. it
> means one less symbol and one less rename later, right?
Ah yes, I reread your suggestion and that would probably be the best
course of action, as it does avoid the extra symbol (although I am not
sure what you mean by one less rename?). As I understand it:
config CFI_CLANG
bool "Use Kernel Control Flow Integrity (kCFI)"
depends on ARCH_SUPPORTS_CFI
depends on $(cc-option,-fsanitize=kcfi)
help
<generic help text>
config CFI
def_bool CFI_CLANG
then keep the rest of the change the same with the rename? I guess the
CLANG in the symbol name could be confusing for some people but thinking
about the timeline more, kCFI would not ship until GCC 16 in the spring
of 2026, which would be after the Linux LTS release at the end of 2025.
That means we could easily drop CONFIG_CFI_CLANG in the first release of
2026 so that compatible GCC users should only ever see CONFIG_CFI from
mainline. They could see CONFIG_CFI_CLANG in the LTS release but at
least it would work.
Cheers,
Nathan
next prev parent reply other threads:[~2025-08-28 20:19 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-25 14:25 [PATCH 0/5] kcfi: Prepare for GCC support Kees Cook
2025-08-25 14:25 ` [PATCH 1/5] compiler_types.h: Move __nocfi out of compiler-specific header Kees Cook
2025-08-27 19:46 ` Nathan Chancellor
2025-08-25 14:25 ` [PATCH 2/5] x86/traps: Clarify KCFI instruction layout Kees Cook
2025-08-25 14:25 ` [PATCH 3/5] x86/cfi: Add option for cfi=debug bootparam Kees Cook
2025-08-25 15:34 ` Kees Cook
2025-08-25 15:59 ` Peter Zijlstra
2025-08-25 16:16 ` Kees Cook
2025-08-27 19:57 ` Nathan Chancellor
2025-08-29 1:49 ` Kees Cook
2025-08-25 14:25 ` [PATCH 4/5] x86/cfi: Remove __noinitretpoline and __noretpoline Kees Cook
2025-08-25 14:25 ` [PATCH 5/5] kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI Kees Cook
2025-08-25 15:01 ` Miguel Ojeda
2025-08-25 15:35 ` Kees Cook
2025-08-25 17:00 ` Miguel Ojeda
2025-08-25 19:31 ` Kees Cook
2025-08-27 1:34 ` Nathan Chancellor
2025-08-27 7:35 ` Randy Dunlap
2025-08-27 19:38 ` Nathan Chancellor
2025-08-28 6:14 ` Randy Dunlap
2025-08-28 12:11 ` Miguel Ojeda
2025-08-28 20:19 ` Nathan Chancellor [this message]
2025-08-28 20:32 ` Kees Cook
2025-08-28 22:22 ` Nathan Chancellor
2025-08-28 22:55 ` Miguel Ojeda
2025-08-28 22:46 ` Miguel Ojeda
2025-08-26 21:49 ` Jeff Johnson
2025-08-28 12:08 ` Linus Walleij
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250828201915.GA219815@ax162 \
--to=nathan@kernel.org \
--cc=corbet@lwn.net \
--cc=dwmw2@infradead.org \
--cc=kees@kernel.org \
--cc=kees@outflux.net \
--cc=linus.walleij@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=llvm@lists.linux.dev \
--cc=mark.rutland@arm.com \
--cc=miguel.ojeda.sandonis@gmail.com \
--cc=peterz@infradead.org \
--cc=puranjay@kernel.org \
--cc=rdunlap@infradead.org \
--cc=samitolvanen@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).