On Mon, Aug 25, 2025 at 03:31:34PM -0400, Kees Cook wrote:

quoted

On August 25, 2025 1:00:22 PM EDT, Miguel Ojeda [off-list ref] wrote:

quoted

On Mon, Aug 25, 2025 at 5:35 PM Kees Cook [off-list ref] wrote:

quoted

Yeah, that's a good idea. What the right way to do that?

config CFI_CLANG
        bool "Use Clang's Control Flow Integrity (CFI)"
        depends on ARCH_SUPPORTS_CFI
        select CFI

?

I don't recall what is the idiomatic solution for renames, but I
remember Linus talking about this topic and about avoiding losing old
values if possible (perhaps getting a new question in `oldconfig` is
OK as long as the `olddefconfig` respects the old value).

I think your suggestion above will still make it appear twice in
`menuconfig` -- there may be a way to play with visibility to make it
better.

A simple possibility I can think of (assuming it works) is having the
CFI symbol for the time being introduced just as a `def_bool
CFI_CLANG` for a few releases so that people get the new one in their
configs.

Ah, I think this works:

config CFI_CLANG
    bool

config CFI
    bool "...."
    default CFI_CLANG

I will add that for v2.

That does not appear to work for me. I applied

diff --git a/arch/Kconfig b/arch/Kconfig
index c25a45d9aa96..0d3ed03c76c2 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig

@@ -876,8 +876,12 @@ config ARCH_SUPPORTS_CFI
 config ARCH_USES_CFI_TRAPS
        bool

+config CFI_CLANG
+       bool
+
 config CFI
        bool "Use Kernel Control Flow Integrity (kCFI)"
+       default CFI_CLANG
        depends on ARCH_SUPPORTS_CFI
        depends on $(cc-option,-fsanitize=kcfi)
        help

on top of this series and

  CONFIG_CFI_CLANG=y
  # CONFIG_CFI_ICALL_NORMALIZE_INTEGERS is not set
  # CONFIG_CFI_PERMISSIVE is not set

gets turned into

  # CONFIG_CFI is not set

after olddefconfig. CONFIG_CFI_CLANG has to be user selectable with a

prompt but the only solution I can think of at the moment results in a
duplicate prompt for Clang.

diff --git a/arch/Kconfig b/arch/Kconfig
index c25a45d9aa96..93bf9b41a9de 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig

@@ -876,8 +876,17 @@ config ARCH_SUPPORTS_CFI
 config ARCH_USES_CFI_TRAPS
        bool

+config CFI_CLANG
+       bool "Use Kernel Control Flow Integrity (kCFI) - Transitional" if CC_IS_CLANG
+       select CFI
+       depends on ARCH_SUPPORTS_CFI
+       depends on $(cc-option,-fsanitize=kcfi)
+       help
+         This is a transitional symbol to CONFIG_CFI, see its help text
+         for more information.
+
 config CFI
-       bool "Use Kernel Control Flow Integrity (kCFI)"
+       bool "Use Kernel Control Flow Integrity (kCFI)" if CC_IS_GCC
        depends on ARCH_SUPPORTS_CFI
        depends on $(cc-option,-fsanitize=kcfi)
        help

Maybe that does not matter for the sake of keeping things working?
Otherwise, we could just keep things as they are with the patch set and
expect people to actually use oldconfig or diff the results of
olddefconfig (which I think is good practice anyways).

Cheers,
Nathan