hardening updates for v6.18-rc1

- Clean up usage of TRAILING_OVERLAP() (Gustavo A. R. Silva) - lkdtm: fortify: Fix potential NULL dereference on kmalloc failure (Junjie Cao) - Add str_assert_deassert() helper (Lad Prabhakar) - gcc-plugins: Remove TODO_verify_il for GCC >= 16 - kconfig: Fix BrokenPipeError warnings in selftests - kconfig: Add transitional symbol attribute for migration support - kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQRSPkdeREjth1dHnSE2KwveOeQkuwUCaNraNQAKCRA2KwveOeQk u/DkAPwKPP5BSmVR2wkdpQaXIr3PGA+cbBYp34DMJNujZ9piIwD/WZ+HfGTLoERy +2Q6HLj9hUdd+Rx3IZ8/w1QmnhUIUAU= =AwV9 -----END PGP SIGNATURE----- Merge tag 'hardening-v6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull hardening updates from Kees Cook: "One notable addition is the creation of the 'transitional' keyword for kconfig so CONFIG renaming can go more smoothly. This has been a long-standing deficiency, and with the renaming of CONFIG_CFI_CLANG to CONFIG_CFI (since GCC will soon have KCFI support), this came up again. The breadth of the diffstat is mainly this renaming. - Clean up usage of TRAILING_OVERLAP() (Gustavo A. R. Silva) - lkdtm: fortify: Fix potential NULL dereference on kmalloc failure (Junjie Cao) - Add str_assert_deassert() helper (Lad Prabhakar) - gcc-plugins: Remove TODO_verify_il for GCC >= 16 - kconfig: Fix BrokenPipeError warnings in selftests - kconfig: Add transitional symbol attribute for migration support - kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI" * tag 'hardening-v6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: lib/string_choices: Add str_assert_deassert() helper kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI kconfig: Add transitional symbol attribute for migration support kconfig: Fix BrokenPipeError warnings in selftests gcc-plugins: Remove TODO_verify_il for GCC >= 16 stddef: Introduce __TRAILING_OVERLAP() stddef: Remove token-pasting in TRAILING_OVERLAP() lkdtm: fortify: Fix potential NULL dereference on kmalloc failure
2025-09-29 17:48:27 -07:00 · 2025-09-29 17:48:27 -07:00 · a5ba183bde
parent a240a79d43 c8a935a31b
commit a5ba183bde
72 changed files with 464 additions and 99 deletions
--- a/Documentation/kbuild/kconfig-language.rst
+++ b/Documentation/kbuild/kconfig-language.rst
@ -232,6 +232,38 @@ applicable everywhere (see syntax).
  enables the third modular state for all config symbols.
  At most one symbol may have the "modules" option set.
 - transitional attribute: "transitional"
  This declares the symbol as transitional, meaning it should be processed
  during configuration but omitted from newly written .config files.
  Transitional symbols are useful for backward compatibility during config
  option migrations - they allow olddefconfig to process existing .config
  files while ensuring the old option doesn't appear in new configurations.
  A transitional symbol:
  - Has no prompt (is not visible to users in menus)
  - Is processed normally during configuration (values are read and used)
  - Can be referenced in default expressions of other symbols
  - Is not written to new .config files
  - Cannot have any other properties (it is a pass-through option)
  Example migration from OLD_NAME to NEW_NAME::
    config NEW_NAME
 	bool "New option name"
 	default OLD_NAME
 	help
 	  This replaces the old CONFIG_OLD_NAME option.
    config OLD_NAME
 	bool
 	transitional
 	help
 	  Transitional config for OLD_NAME to NEW_NAME migration.
  With this setup, existing .config files with "CONFIG_OLD_NAME=y" will
  result in "CONFIG_NEW_NAME=y" being set, while CONFIG_OLD_NAME will be
  omitted from newly written .config files.
 Menu dependencies
 -----------------
--- a/2
+++ b/2
@ -1020,7 +1020,7 @@ KBUILD_AFLAGS	+= -fno-lto
 export CC_FLAGS_LTO
 endif
-ifdef CONFIG_CFI_CLANG
+ifdef CONFIG_CFI
 CC_FLAGS_CFI	:= -fsanitize=kcfi
 ifdef CONFIG_CFI_ICALL_NORMALIZE_INTEGERS
 	CC_FLAGS_CFI	+= -fsanitize-cfi-icall-experimental-normalize-integers
--- a/arch/Kconfig
+++ b/arch/Kconfig
@ -867,22 +867,26 @@ config PROPELLER_CLANG
 	  If unsure, say N.
-config ARCH_SUPPORTS_CFI_CLANG
+config ARCH_SUPPORTS_CFI
 	bool
 	help
-	  An architecture should select this option if it can support Clang's
+	  An architecture should select this option if it can support Kernel
-	  Control-Flow Integrity (CFI) checking.
+	  Control-Flow Integrity (CFI) checking (-fsanitize=kcfi).
 config ARCH_USES_CFI_TRAPS
 	bool
 	help
 	  An architecture should select this option if it requires the
 	  .kcfi_traps section for KCFI trap handling.
-config CFI_CLANG
+config CFI
-	bool "Use Clang's Control Flow Integrity (CFI)"
+	bool "Use Kernel Control Flow Integrity (kCFI)"
-	depends on ARCH_SUPPORTS_CFI_CLANG
+	default CFI_CLANG
 	depends on ARCH_SUPPORTS_CFI
 	depends on $(cc-option,-fsanitize=kcfi)
 	help
-	  This option enables Clang's forward-edge Control Flow Integrity
+	  This option enables forward-edge Control Flow Integrity (CFI)
-	  (CFI) checking, where the compiler injects a runtime check to each
+	  checking, where the compiler injects a runtime check to each
 	  indirect function call to ensure the target is a valid function with
 	  the correct static type. This restricts possible call targets and
 	  makes it more difficult for an attacker to exploit bugs that allow
@ -891,10 +895,16 @@ config CFI_CLANG
 	    https://clang.llvm.org/docs/ControlFlowIntegrity.html
 config CFI_CLANG
 	bool
 	transitional
 	help
 	  Transitional config for CFI_CLANG to CFI migration.
 config CFI_ICALL_NORMALIZE_INTEGERS
 	bool "Normalize CFI tags for integers"
-	depends on CFI_CLANG
+	depends on CFI
-	depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG
+	depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS
 	help
 	  This option normalizes the CFI tags for integer types so that all
 	  integer types of the same size and signedness receive the same CFI
@ -907,7 +917,7 @@ config CFI_ICALL_NORMALIZE_INTEGERS
 	  This option is necessary for using CFI with Rust. If unsure, say N.
-config HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG
+config HAVE_CFI_ICALL_NORMALIZE_INTEGERS
 	def_bool y
 	depends on $(cc-option,-fsanitize=kcfi -fsanitize-cfi-icall-experimental-normalize-integers)
 	# With GCOV/KASAN we need this fix: https://github.com/llvm/llvm-project/pull/104826
@ -915,7 +925,7 @@ config HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG
 config HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC
 	def_bool y
-	depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG
+	depends on HAVE_CFI_ICALL_NORMALIZE_INTEGERS
 	depends on RUSTC_VERSION >= 107900
 	# With GCOV/KASAN we need this fix: https://github.com/rust-lang/rust/pull/129373
 	depends on (RUSTC_LLVM_VERSION >= 190103 && RUSTC_VERSION >= 108200) || \
@ -923,7 +933,7 @@ config HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC
 config CFI_PERMISSIVE
 	bool "Use CFI in permissive mode"
-	depends on CFI_CLANG
+	depends on CFI
 	help
 	  When selected, Control Flow Integrity (CFI) violations result in a
 	  warning instead of a kernel panic. This option should only be used
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@ -38,7 +38,7 @@ config ARM
 	select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT if CPU_V7
 	select ARCH_NEED_CMPXCHG_1_EMU if CPU_V6
 	select ARCH_SUPPORTS_ATOMIC_RMW
-	select ARCH_SUPPORTS_CFI_CLANG
+	select ARCH_SUPPORTS_CFI
 	select ARCH_SUPPORTS_HUGETLBFS if ARM_LPAE
 	select ARCH_SUPPORTS_PER_VMA_LOCK
 	select ARCH_USE_BUILTIN_BSWAP
--- a/arch/arm/kernel/hw_breakpoint.c
+++ b/arch/arm/kernel/hw_breakpoint.c
@ -904,7 +904,7 @@ unlock:
 	watchpoint_single_step_handler(addr);
 }
-#ifdef CONFIG_CFI_CLANG
+#ifdef CONFIG_CFI
 static void hw_breakpoint_cfi_handler(struct pt_regs *regs)
 {
 	/*
--- a/arch/arm/mm/Makefile
+++ b/arch/arm/mm/Makefile
@ -89,7 +89,7 @@ obj-$(CONFIG_CPU_V6)		+= proc-v6.o
 obj-$(CONFIG_CPU_V6K)		+= proc-v6.o
 obj-$(CONFIG_CPU_V7)		+= proc-v7.o proc-v7-bugs.o
 obj-$(CONFIG_CPU_V7M)		+= proc-v7m.o
-obj-$(CONFIG_CFI_CLANG)		+= proc.o
+obj-$(CONFIG_CFI)		+= proc.o
 obj-$(CONFIG_OUTER_CACHE)	+= l2c-common.o
 obj-$(CONFIG_CACHE_B15_RAC)	+= cache-b15-rac.o
--- a/arch/arm/mm/cache-fa.S
+++ b/arch/arm/mm/cache-fa.S
@ -112,7 +112,7 @@ SYM_FUNC_END(fa_flush_user_cache_range)
 *	- end	 - virtual end address
 */
 SYM_TYPED_FUNC_START(fa_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	fa_coherent_user_range
 #endif
 SYM_FUNC_END(fa_coherent_kern_range)
--- a/arch/arm/mm/cache-v4.S
+++ b/arch/arm/mm/cache-v4.S
@ -104,7 +104,7 @@ SYM_FUNC_END(v4_coherent_user_range)
 *	- size	- region size
 */
 SYM_TYPED_FUNC_START(v4_flush_kern_dcache_area)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	v4_dma_flush_range
 #endif
 SYM_FUNC_END(v4_flush_kern_dcache_area)
--- a/arch/arm/mm/cache-v4wb.S
+++ b/arch/arm/mm/cache-v4wb.S
@ -136,7 +136,7 @@ SYM_FUNC_END(v4wb_flush_user_cache_range)
 */
 SYM_TYPED_FUNC_START(v4wb_flush_kern_dcache_area)
 	add	r1, r0, r1
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	v4wb_coherent_user_range
 #endif
 SYM_FUNC_END(v4wb_flush_kern_dcache_area)
@ -152,7 +152,7 @@ SYM_FUNC_END(v4wb_flush_kern_dcache_area)
 *	- end	 - virtual end address
 */
 SYM_TYPED_FUNC_START(v4wb_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	v4wb_coherent_user_range
 #endif
 SYM_FUNC_END(v4wb_coherent_kern_range)
--- a/arch/arm/mm/cache-v4wt.S
+++ b/arch/arm/mm/cache-v4wt.S
@ -108,7 +108,7 @@ SYM_FUNC_END(v4wt_flush_user_cache_range)
 *	- end	 - virtual end address
 */
 SYM_TYPED_FUNC_START(v4wt_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	v4wt_coherent_user_range
 #endif
 SYM_FUNC_END(v4wt_coherent_kern_range)
--- a/arch/arm/mm/cache-v6.S
+++ b/arch/arm/mm/cache-v6.S
@ -117,7 +117,7 @@ SYM_FUNC_END(v6_flush_user_cache_range)
 *	- the Icache does not read data from the write buffer
 */
 SYM_TYPED_FUNC_START(v6_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	v6_coherent_user_range
 #endif
 SYM_FUNC_END(v6_coherent_kern_range)
--- a/arch/arm/mm/cache-v7.S
+++ b/arch/arm/mm/cache-v7.S
@ -261,7 +261,7 @@ SYM_FUNC_END(v7_flush_user_cache_range)
 *	- the Icache does not read data from the write buffer
 */
 SYM_TYPED_FUNC_START(v7_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	v7_coherent_user_range
 #endif
 SYM_FUNC_END(v7_coherent_kern_range)
--- a/arch/arm/mm/cache-v7m.S
+++ b/arch/arm/mm/cache-v7m.S
@ -286,7 +286,7 @@ SYM_FUNC_END(v7m_flush_user_cache_range)
 *	- the Icache does not read data from the write buffer
 */
 SYM_TYPED_FUNC_START(v7m_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	v7m_coherent_user_range
 #endif
 SYM_FUNC_END(v7m_coherent_kern_range)
--- a/arch/arm/mm/proc-arm1020.S
+++ b/arch/arm/mm/proc-arm1020.S
@ -203,7 +203,7 @@ SYM_FUNC_END(arm1020_flush_user_cache_range)
 *	- end	- virtual end address
 */
 SYM_TYPED_FUNC_START(arm1020_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	arm1020_coherent_user_range
 #endif
 SYM_FUNC_END(arm1020_coherent_kern_range)
--- a/arch/arm/mm/proc-arm1020e.S
+++ b/arch/arm/mm/proc-arm1020e.S
@ -200,7 +200,7 @@ SYM_FUNC_END(arm1020e_flush_user_cache_range)
 *	- end	- virtual end address
 */
 SYM_TYPED_FUNC_START(arm1020e_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	arm1020e_coherent_user_range
 #endif
 SYM_FUNC_END(arm1020e_coherent_kern_range)
--- a/arch/arm/mm/proc-arm1022.S
+++ b/arch/arm/mm/proc-arm1022.S
@ -199,7 +199,7 @@ SYM_FUNC_END(arm1022_flush_user_cache_range)
 *	- end	- virtual end address
 */
 SYM_TYPED_FUNC_START(arm1022_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	arm1022_coherent_user_range
 #endif
 SYM_FUNC_END(arm1022_coherent_kern_range)
--- a/arch/arm/mm/proc-arm1026.S
+++ b/arch/arm/mm/proc-arm1026.S
@ -194,7 +194,7 @@ SYM_FUNC_END(arm1026_flush_user_cache_range)
 *	- end	- virtual end address
 */
 SYM_TYPED_FUNC_START(arm1026_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	arm1026_coherent_user_range
 #endif
 SYM_FUNC_END(arm1026_coherent_kern_range)
--- a/arch/arm/mm/proc-arm920.S
+++ b/arch/arm/mm/proc-arm920.S
@ -180,7 +180,7 @@ SYM_FUNC_END(arm920_flush_user_cache_range)
 *	- end	- virtual end address
 */
 SYM_TYPED_FUNC_START(arm920_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	arm920_coherent_user_range
 #endif
 SYM_FUNC_END(arm920_coherent_kern_range)
--- a/arch/arm/mm/proc-arm922.S
+++ b/arch/arm/mm/proc-arm922.S
@ -182,7 +182,7 @@ SYM_FUNC_END(arm922_flush_user_cache_range)
 *	- end	- virtual end address
 */
 SYM_TYPED_FUNC_START(arm922_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	arm922_coherent_user_range
 #endif
 SYM_FUNC_END(arm922_coherent_kern_range)
--- a/arch/arm/mm/proc-arm925.S
+++ b/arch/arm/mm/proc-arm925.S
@ -229,7 +229,7 @@ SYM_FUNC_END(arm925_flush_user_cache_range)
 *	- end	- virtual end address
 */
 SYM_TYPED_FUNC_START(arm925_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	arm925_coherent_user_range
 #endif
 SYM_FUNC_END(arm925_coherent_kern_range)
--- a/arch/arm/mm/proc-arm926.S
+++ b/arch/arm/mm/proc-arm926.S
@ -192,7 +192,7 @@ SYM_FUNC_END(arm926_flush_user_cache_range)
 *	- end	- virtual end address
 */
 SYM_TYPED_FUNC_START(arm926_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	arm926_coherent_user_range
 #endif
 SYM_FUNC_END(arm926_coherent_kern_range)
--- a/arch/arm/mm/proc-arm940.S
+++ b/arch/arm/mm/proc-arm940.S
@ -153,7 +153,7 @@ SYM_FUNC_END(arm940_coherent_kern_range)
 *	- end	- virtual end address
 */
 SYM_TYPED_FUNC_START(arm940_coherent_user_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	arm940_flush_kern_dcache_area
 #endif
 SYM_FUNC_END(arm940_coherent_user_range)
--- a/arch/arm/mm/proc-arm946.S
+++ b/arch/arm/mm/proc-arm946.S
@ -173,7 +173,7 @@ SYM_FUNC_END(arm946_flush_user_cache_range)
 *	- end	- virtual end address
 */
 SYM_TYPED_FUNC_START(arm946_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	arm946_coherent_user_range
 #endif
 SYM_FUNC_END(arm946_coherent_kern_range)
--- a/arch/arm/mm/proc-feroceon.S
+++ b/arch/arm/mm/proc-feroceon.S
@ -208,7 +208,7 @@ SYM_FUNC_END(feroceon_flush_user_cache_range)
 */
 	.align	5
 SYM_TYPED_FUNC_START(feroceon_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	feroceon_coherent_user_range
 #endif
 SYM_FUNC_END(feroceon_coherent_kern_range)
--- a/arch/arm/mm/proc-mohawk.S
+++ b/arch/arm/mm/proc-mohawk.S
@ -163,7 +163,7 @@ SYM_FUNC_END(mohawk_flush_user_cache_range)
 *	- end	- virtual end address
 */
 SYM_TYPED_FUNC_START(mohawk_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	mohawk_coherent_user_range
 #endif
 SYM_FUNC_END(mohawk_coherent_kern_range)
--- a/arch/arm/mm/proc-xsc3.S
+++ b/arch/arm/mm/proc-xsc3.S
@ -223,7 +223,7 @@ SYM_FUNC_END(xsc3_flush_user_cache_range)
 *	it also trashes the mini I-cache used by JTAG debuggers.
 */
 SYM_TYPED_FUNC_START(xsc3_coherent_kern_range)
-#ifdef CONFIG_CFI_CLANG /* Fallthrough if !CFI */
+#ifdef CONFIG_CFI /* Fallthrough if !CFI */
 	b	xsc3_coherent_user_range
 #endif
 SYM_FUNC_END(xsc3_coherent_kern_range)
--- a/arch/arm/mm/tlb-v4.S
+++ b/arch/arm/mm/tlb-v4.S
@ -52,7 +52,7 @@ SYM_FUNC_END(v4_flush_user_tlb_range)
 *	- start - virtual address (may not be aligned)
 *	- end   - virtual address (may not be aligned)
 */
-#ifdef CONFIG_CFI_CLANG
+#ifdef CONFIG_CFI
 SYM_TYPED_FUNC_START(v4_flush_kern_tlb_range)
 	b	.v4_flush_kern_tlb_range
 SYM_FUNC_END(v4_flush_kern_tlb_range)
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@ -100,7 +100,7 @@ config ARM64
 	select ARCH_SUPPORTS_SHADOW_CALL_STACK if CC_HAVE_SHADOW_CALL_STACK
 	select ARCH_SUPPORTS_LTO_CLANG if CPU_LITTLE_ENDIAN
 	select ARCH_SUPPORTS_LTO_CLANG_THIN
-	select ARCH_SUPPORTS_CFI_CLANG
+	select ARCH_SUPPORTS_CFI
 	select ARCH_SUPPORTS_ATOMIC_RMW
 	select ARCH_SUPPORTS_INT128 if CC_HAS_INT128
 	select ARCH_SUPPORTS_NUMA_BALANCING
@ -212,7 +212,7 @@ config ARM64
 	select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS \
 		if DYNAMIC_FTRACE_WITH_ARGS && DYNAMIC_FTRACE_WITH_CALL_OPS
 	select HAVE_DYNAMIC_FTRACE_WITH_CALL_OPS \
-		if (DYNAMIC_FTRACE_WITH_ARGS && !CFI_CLANG && \
+		if (DYNAMIC_FTRACE_WITH_ARGS && !CFI && \
 		    (CC_IS_CLANG || !CC_OPTIMIZE_FOR_SIZE))
 	select FTRACE_MCOUNT_USE_PATCHABLE_FUNCTION_ENTRY \
 		if DYNAMIC_FTRACE_WITH_ARGS
--- a/arch/arm64/kernel/debug-monitors.c
+++ b/arch/arm64/kernel/debug-monitors.c
@ -212,7 +212,7 @@ static int call_el1_break_hook(struct pt_regs *regs, unsigned long esr)
 	if (esr_brk_comment(esr) == BUG_BRK_IMM)
 		return bug_brk_handler(regs, esr);
-	if (IS_ENABLED(CONFIG_CFI_CLANG) && esr_is_cfi_brk(esr))
+	if (IS_ENABLED(CONFIG_CFI) && esr_is_cfi_brk(esr))
 		return cfi_brk_handler(regs, esr);
 	if (esr_brk_comment(esr) == FAULT_BRK_IMM)
--- a/arch/arm64/kernel/traps.c
+++ b/arch/arm64/kernel/traps.c
@ -1015,7 +1015,7 @@ int bug_brk_handler(struct pt_regs *regs, unsigned long esr)
 	return DBG_HOOK_HANDLED;
 }
-#ifdef CONFIG_CFI_CLANG
+#ifdef CONFIG_CFI
 int cfi_brk_handler(struct pt_regs *regs, unsigned long esr)
 {
 	unsigned long target;
@ -1039,7 +1039,7 @@ int cfi_brk_handler(struct pt_regs *regs, unsigned long esr)
 	arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE);
 	return DBG_HOOK_HANDLED;
 }
-#endif /* CONFIG_CFI_CLANG */
+#endif /* CONFIG_CFI */
 int reserved_fault_brk_handler(struct pt_regs *regs, unsigned long esr)
 {
--- a/arch/arm64/kvm/handle_exit.c
+++ b/arch/arm64/kvm/handle_exit.c
@ -545,7 +545,7 @@ void __noreturn __cold nvhe_hyp_panic_handler(u64 esr, u64 spsr,
 			kvm_err("nVHE hyp BUG at: %s:%u!\n", file, line);
 		else
 			print_nvhe_hyp_panic("BUG", panic_addr);
-	} else if (IS_ENABLED(CONFIG_CFI_CLANG) && esr_is_cfi_brk(esr)) {
+	} else if (IS_ENABLED(CONFIG_CFI) && esr_is_cfi_brk(esr)) {
 		kvm_nvhe_report_cfi_failure(panic_addr);
 	} else if (IS_ENABLED(CONFIG_UBSAN_KVM_EL2) &&
 		   ESR_ELx_EC(esr) == ESR_ELx_EC_BRK64 &&
--- a/arch/arm64/net/bpf_jit_comp.c
+++ b/arch/arm64/net/bpf_jit_comp.c
@ -185,7 +185,7 @@ static inline void emit_bti(u32 insn, struct jit_ctx *ctx)
 static inline void emit_kcfi(u32 hash, struct jit_ctx *ctx)
 {
-	if (IS_ENABLED(CONFIG_CFI_CLANG))
+	if (IS_ENABLED(CONFIG_CFI))
 		emit_u32_data(hash, ctx);
 }
--- a/arch/riscv/Kconfig
+++ b/arch/riscv/Kconfig
@ -61,7 +61,7 @@ config RISCV
 	select ARCH_STACKWALK
 	select ARCH_SUPPORTS_ATOMIC_RMW
 	# clang >= 17: https://github.com/llvm/llvm-project/commit/62fa708ceb027713b386c7e0efda994f8bdc27e2
-	select ARCH_SUPPORTS_CFI_CLANG if CLANG_VERSION >= 170000
+	select ARCH_SUPPORTS_CFI if (!CC_IS_CLANG || CLANG_VERSION >= 170000)
 	select ARCH_SUPPORTS_DEBUG_PAGEALLOC if MMU
 	select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE
 	select ARCH_SUPPORTS_HUGETLBFS if MMU
@ -77,7 +77,7 @@ config RISCV
 	select ARCH_USE_MEMTEST
 	select ARCH_USE_QUEUED_RWLOCKS
 	select ARCH_USE_SYM_ANNOTATIONS
-	select ARCH_USES_CFI_TRAPS if CFI_CLANG
+	select ARCH_USES_CFI_TRAPS if CFI
 	select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH if MMU
 	select ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT if MMU
 	select ARCH_WANT_FRAME_POINTERS
@ -155,7 +155,7 @@ config RISCV
 	select HAVE_DYNAMIC_FTRACE if !XIP_KERNEL && MMU && (CLANG_SUPPORTS_DYNAMIC_FTRACE || GCC_SUPPORTS_DYNAMIC_FTRACE)
 	select FUNCTION_ALIGNMENT_4B if HAVE_DYNAMIC_FTRACE && RISCV_ISA_C
 	select HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS if HAVE_DYNAMIC_FTRACE_WITH_CALL_OPS
-	select HAVE_DYNAMIC_FTRACE_WITH_CALL_OPS if (DYNAMIC_FTRACE_WITH_ARGS && !CFI_CLANG)
+	select HAVE_DYNAMIC_FTRACE_WITH_CALL_OPS if (DYNAMIC_FTRACE_WITH_ARGS && !CFI)
 	select HAVE_DYNAMIC_FTRACE_WITH_ARGS if HAVE_DYNAMIC_FTRACE
 	select HAVE_FTRACE_GRAPH_FUNC
 	select HAVE_FUNCTION_GRAPH_TRACER if HAVE_DYNAMIC_FTRACE_WITH_ARGS
--- a/arch/riscv/include/asm/cfi.h
+++ b/arch/riscv/include/asm/cfi.h
@ -11,7 +11,7 @@
 struct pt_regs;
-#ifdef CONFIG_CFI_CLANG
+#ifdef CONFIG_CFI
 enum bug_trap_type handle_cfi_failure(struct pt_regs *regs);
 #define __bpfcall
 #else
@ -19,6 +19,6 @@ static inline enum bug_trap_type handle_cfi_failure(struct pt_regs *regs)
 {
 	return BUG_TRAP_TYPE_NONE;
 }
-#endif /* CONFIG_CFI_CLANG */
+#endif /* CONFIG_CFI */
 #endif /* _ASM_RISCV_CFI_H */
--- a/arch/riscv/kernel/Makefile
+++ b/arch/riscv/kernel/Makefile
@ -113,7 +113,7 @@ obj-$(CONFIG_VMCORE_INFO)	+= vmcore_info.o
 obj-$(CONFIG_JUMP_LABEL)	+= jump_label.o
-obj-$(CONFIG_CFI_CLANG)		+= cfi.o
+obj-$(CONFIG_CFI)		+= cfi.o
 obj-$(CONFIG_EFI)		+= efi.o
 obj-$(CONFIG_COMPAT)		+= compat_syscall_table.o
--- a/arch/riscv/net/bpf_jit_comp64.c
+++ b/arch/riscv/net/bpf_jit_comp64.c
@ -18,7 +18,7 @@
 #define RV_MAX_REG_ARGS 8
 #define RV_FENTRY_NINSNS 2
 #define RV_FENTRY_NBYTES (RV_FENTRY_NINSNS * 4)
-#define RV_KCFI_NINSNS (IS_ENABLED(CONFIG_CFI_CLANG) ? 1 : 0)
+#define RV_KCFI_NINSNS (IS_ENABLED(CONFIG_CFI) ? 1 : 0)
 /* imm that allows emit_imm to emit max count insns */
 #define RV_MAX_COUNT_IMM 0x7FFF7FF7FF7FF7FF
@ -469,7 +469,7 @@ static int emit_call(u64 addr, bool fixed_addr, struct rv_jit_context *ctx)
 static inline void emit_kcfi(u32 hash, struct rv_jit_context *ctx)
 {
-	if (IS_ENABLED(CONFIG_CFI_CLANG))
+	if (IS_ENABLED(CONFIG_CFI))
 		emit(hash, ctx);
 }
--- a/arch/riscv/purgatory/Makefile
+++ b/arch/riscv/purgatory/Makefile
@ -71,7 +71,7 @@ ifdef CONFIG_STACKPROTECTOR_STRONG
 PURGATORY_CFLAGS_REMOVE		+= -fstack-protector-strong
 endif
-ifdef CONFIG_CFI_CLANG
+ifdef CONFIG_CFI
 PURGATORY_CFLAGS_REMOVE		+= $(CC_FLAGS_CFI)
 endif
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@ -127,8 +127,8 @@ config X86
 	select ARCH_SUPPORTS_PAGE_TABLE_CHECK	if X86_64
 	select ARCH_SUPPORTS_NUMA_BALANCING	if X86_64
 	select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP	if NR_CPUS <= 4096
-	select ARCH_SUPPORTS_CFI_CLANG		if X86_64
+	select ARCH_SUPPORTS_CFI		if X86_64
-	select ARCH_USES_CFI_TRAPS		if X86_64 && CFI_CLANG
+	select ARCH_USES_CFI_TRAPS		if X86_64 && CFI
 	select ARCH_SUPPORTS_LTO_CLANG
 	select ARCH_SUPPORTS_LTO_CLANG_THIN
 	select ARCH_SUPPORTS_RT
@ -2396,11 +2396,11 @@ config FUNCTION_PADDING_CFI
 	default  3 if FUNCTION_ALIGNMENT_8B
 	default  0
-# Basically: FUNCTION_ALIGNMENT - 5*CFI_CLANG
+# Basically: FUNCTION_ALIGNMENT - 5*CFI
 # except Kconfig can't do arithmetic :/
 config FUNCTION_PADDING_BYTES
 	int
-	default FUNCTION_PADDING_CFI if CFI_CLANG
+	default FUNCTION_PADDING_CFI if CFI
 	default FUNCTION_ALIGNMENT
 config CALL_PADDING
@ -2410,7 +2410,7 @@ config CALL_PADDING
 config FINEIBT
 	def_bool y
-	depends on X86_KERNEL_IBT && CFI_CLANG && MITIGATION_RETPOLINE
+	depends on X86_KERNEL_IBT && CFI && MITIGATION_RETPOLINE
 	select CALL_PADDING
 config FINEIBT_BHI
@ -2427,7 +2427,7 @@ config CALL_THUNKS
 config PREFIX_SYMBOLS
 	def_bool y
-	depends on CALL_PADDING && !CFI_CLANG
+	depends on CALL_PADDING && !CFI
 menuconfig CPU_MITIGATIONS
 	bool "Mitigations for CPU vulnerabilities"
--- a/arch/x86/include/asm/cfi.h
+++ b/arch/x86/include/asm/cfi.h
@ -113,7 +113,7 @@ extern bhi_thunk __bhi_args_end[];
 struct pt_regs;
-#ifdef CONFIG_CFI_CLANG
+#ifdef CONFIG_CFI
 enum bug_trap_type handle_cfi_failure(struct pt_regs *regs);
 #define __bpfcall
@ -157,7 +157,7 @@ static inline int cfi_get_func_arity(void *func)
 {
 	return 0;
 }
-#endif /* CONFIG_CFI_CLANG */
+#endif /* CONFIG_CFI */
 #if HAS_KERNEL_IBT == 1
 #define CFI_NOSEAL(x)	asm(IBT_NOSEAL(__stringify(x)))
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@ -148,7 +148,7 @@ obj-$(CONFIG_UNWINDER_ORC)		+= unwind_orc.o
 obj-$(CONFIG_UNWINDER_FRAME_POINTER)	+= unwind_frame.o
 obj-$(CONFIG_UNWINDER_GUESS)		+= unwind_guess.o
-obj-$(CONFIG_CFI_CLANG)			+= cfi.o
+obj-$(CONFIG_CFI)			+= cfi.o
 obj-$(CONFIG_CALL_THUNKS)		+= callthunks.o
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@ -1170,7 +1170,7 @@ void __init_or_module apply_seal_endbr(s32 *start, s32 *end) { }
 #ifdef CONFIG_CFI_AUTO_DEFAULT
 # define __CFI_DEFAULT CFI_AUTO
-#elif defined(CONFIG_CFI_CLANG)
+#elif defined(CONFIG_CFI)
 # define __CFI_DEFAULT CFI_KCFI
 #else
 # define __CFI_DEFAULT CFI_OFF
@ -1182,7 +1182,7 @@ enum cfi_mode cfi_mode __ro_after_init = __CFI_DEFAULT;
 bool cfi_bhi __ro_after_init = false;
 #endif
-#ifdef CONFIG_CFI_CLANG
+#ifdef CONFIG_CFI
 u32 cfi_get_func_hash(void *func)
 {
 	u32 hash;
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
@ -339,7 +339,7 @@ static bool can_probe(unsigned long paddr)
 	if (is_exception_insn(&insn))
 		return false;
-	if (IS_ENABLED(CONFIG_CFI_CLANG)) {
+	if (IS_ENABLED(CONFIG_CFI)) {
 		/*
 		 * The compiler generates the following instruction sequence
 		 * for indirect call checks and cfi.c decodes this;
--- a/arch/x86/purgatory/Makefile
+++ b/arch/x86/purgatory/Makefile
@ -57,7 +57,7 @@ ifdef CONFIG_MITIGATION_RETPOLINE
 PURGATORY_CFLAGS_REMOVE		+= $(RETPOLINE_CFLAGS)
 endif
-ifdef CONFIG_CFI_CLANG
+ifdef CONFIG_CFI
 PURGATORY_CFLAGS_REMOVE		+= $(CC_FLAGS_CFI)
 endif
--- a/drivers/misc/lkdtm/cfi.c
+++ b/drivers/misc/lkdtm/cfi.c
@ -43,7 +43,7 @@ static void lkdtm_CFI_FORWARD_PROTO(void)
 	lkdtm_indirect_call((void *)lkdtm_increment_int);
 	pr_err("FAIL: survived mismatched prototype function call!\n");
-	pr_expected_config(CONFIG_CFI_CLANG);
+	pr_expected_config(CONFIG_CFI);
 }
 /*
--- a/drivers/misc/lkdtm/fortify.c
+++ b/drivers/misc/lkdtm/fortify.c
@ -44,6 +44,9 @@ static void lkdtm_FORTIFY_STR_MEMBER(void)
 	char *src;
 	src = kmalloc(size, GFP_KERNEL);
 	if (!src)
 		return;
 	strscpy(src, "over ten bytes", size);
 	size = strlen(src) + 1;
@ -109,6 +112,9 @@ static void lkdtm_FORTIFY_MEM_MEMBER(void)
 	char *src;
 	src = kmalloc(size, GFP_KERNEL);
 	if (!src)
 		return;
 	strscpy(src, "over ten bytes", size);
 	size = strlen(src) + 1;
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@ -157,7 +157,7 @@ defined(CONFIG_AUTOFDO_CLANG) || defined(CONFIG_PROPELLER_CLANG)
 #define PATCHABLE_DISCARDS	*(__patchable_function_entries)
 #endif
-#ifndef CONFIG_ARCH_SUPPORTS_CFI_CLANG
+#ifndef CONFIG_ARCH_SUPPORTS_CFI
 /*
 * Simply points to ftrace_stub, but with the proper protocol.
 * Defined by the linker script in linux/vmlinux.lds.h
--- a/include/linux/cfi.h
+++ b/include/linux/cfi.h
@ -11,7 +11,7 @@
 #include <linux/module.h>
 #include <asm/cfi.h>
-#ifdef CONFIG_CFI_CLANG
+#ifdef CONFIG_CFI
 extern bool cfi_warn;
 enum bug_trap_type report_cfi_failure(struct pt_regs *regs, unsigned long addr,
@ -52,7 +52,7 @@ static inline u32 cfi_get_func_hash(void *func)
 extern u32 cfi_bpf_hash;
 extern u32 cfi_bpf_subprog_hash;
-#else /* CONFIG_CFI_CLANG */
+#else /* CONFIG_CFI */
 static inline int cfi_get_offset(void) { return 0; }
 static inline u32 cfi_get_func_hash(void *func) { return 0; }
@ -60,7 +60,7 @@ static inline u32 cfi_get_func_hash(void *func) { return 0; }
 #define cfi_bpf_hash 0U
 #define cfi_bpf_subprog_hash 0U
-#endif /* CONFIG_CFI_CLANG */
+#endif /* CONFIG_CFI */
 #ifdef CONFIG_ARCH_USES_CFI_TRAPS
 bool is_cfi_trap(unsigned long addr);
--- a/include/linux/cfi_types.h
+++ b/include/linux/cfi_types.h
@ -8,7 +8,7 @@
 #ifdef __ASSEMBLY__
 #include <linux/linkage.h>
-#ifdef CONFIG_CFI_CLANG
+#ifdef CONFIG_CFI
 /*
 * Use the __kcfi_typeid_<function> type identifier symbol to
 * annotate indirectly called assembly functions. The compiler emits
@ -29,12 +29,12 @@
 #define SYM_TYPED_START(name, linkage, align...)	\
 	SYM_TYPED_ENTRY(name, linkage, align)
-#else /* CONFIG_CFI_CLANG */
+#else /* CONFIG_CFI */
 #define SYM_TYPED_START(name, linkage, align...)	\
 	SYM_START(name, linkage, align)
-#endif /* CONFIG_CFI_CLANG */
+#endif /* CONFIG_CFI */
 #ifndef SYM_TYPED_FUNC_START
 #define SYM_TYPED_FUNC_START(name) 			\
@ -43,7 +43,7 @@
 #else /* __ASSEMBLY__ */
-#ifdef CONFIG_CFI_CLANG
+#ifdef CONFIG_CFI
 #define DEFINE_CFI_TYPE(name, func)						\
 	/*									\
 	 * Force a reference to the function so the compiler generates		\
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@ -248,7 +248,7 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
 #endif /* __KERNEL__ */
-#if defined(CONFIG_CFI_CLANG) && !defined(__DISABLE_EXPORTS) && !defined(BUILD_VDSO)
+#if defined(CONFIG_CFI) && !defined(__DISABLE_EXPORTS) && !defined(BUILD_VDSO)
 /*
 * Force a reference to the external symbol so the compiler generates
 * __kcfi_typid.
--- a/include/linux/stddef.h
+++ b/include/linux/stddef.h
@ -93,6 +93,28 @@ enum {
 #define DECLARE_FLEX_ARRAY(TYPE, NAME) \
 	__DECLARE_FLEX_ARRAY(TYPE, NAME)
 /**
 * __TRAILING_OVERLAP() - Overlap a flexible-array member with trailing
 *			  members.
 *
 * Creates a union between a flexible-array member (FAM) in a struct and a set
 * of additional members that would otherwise follow it.
 *
 * @TYPE: Flexible structure type name, including "struct" keyword.
 * @NAME: Name for a variable to define.
 * @FAM: The flexible-array member within @TYPE
 * @ATTRS: Any struct attributes (usually empty)
 * @MEMBERS: Trailing overlapping members.
 */
 #define __TRAILING_OVERLAP(TYPE, NAME, FAM, ATTRS, MEMBERS)			\
 	union {									\
 		TYPE NAME;							\
 		struct {							\
 			unsigned char __offset_to_FAM[offsetof(TYPE, FAM)];	\
 			MEMBERS							\
 		} ATTRS;							\
 	}
 /**
 * TRAILING_OVERLAP() - Overlap a flexible-array member with trailing members.
 *
@ -105,12 +127,6 @@ enum {
 * @MEMBERS: Trailing overlapping members.
 */
 #define TRAILING_OVERLAP(TYPE, NAME, FAM, MEMBERS)				\
-	union {									\
+	__TRAILING_OVERLAP(TYPE, NAME, FAM, /* no attrs */, MEMBERS)
 		TYPE NAME;							\
 		struct {							\
 			unsigned char __offset_to_##FAM[offsetof(TYPE, FAM)];	\
 			MEMBERS							\
 		};								\
 	}
 #endif
--- a/include/linux/string_choices.h
+++ b/include/linux/string_choices.h
@ -17,6 +17,12 @@
 #include <linux/types.h>
 static inline const char *str_assert_deassert(bool v)
 {
 	return v ? "assert" : "deassert";
 }
 #define str_deassert_assert(v)		str_assert_deassert(!(v))
 static inline const char *str_enable_disable(bool v)
 {
 	return v ? "enable" : "disable";
--- a/init/Kconfig
+++ b/init/Kconfig
@ -2071,8 +2071,8 @@ config RUST
 	depends on !GCC_PLUGIN_RANDSTRUCT
 	depends on !RANDSTRUCT
 	depends on !DEBUG_INFO_BTF || (PAHOLE_HAS_LANG_EXCLUDE && !LTO)
-	depends on !CFI_CLANG || HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC
+	depends on !CFI || HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC
-	select CFI_ICALL_NORMALIZE_INTEGERS if CFI_CLANG
+	select CFI_ICALL_NORMALIZE_INTEGERS if CFI
 	depends on !CALL_PADDING || RUSTC_VERSION >= 108100
 	depends on !KASAN_SW_TAGS
 	depends on !(MITIGATION_RETHUNK && KASAN) || RUSTC_VERSION >= 108300
--- a/kernel/Makefile
+++ b/kernel/Makefile
@ -122,7 +122,7 @@ obj-$(CONFIG_KCSAN) += kcsan/
 obj-$(CONFIG_SHADOW_CALL_STACK) += scs.o
 obj-$(CONFIG_HAVE_STATIC_CALL) += static_call.o
 obj-$(CONFIG_HAVE_STATIC_CALL_INLINE) += static_call_inline.o
-obj-$(CONFIG_CFI_CLANG) += cfi.o
+obj-$(CONFIG_CFI) += cfi.o
 obj-$(CONFIG_PERF_EVENTS) += events/
--- a/kernel/configs/hardening.config
+++ b/kernel/configs/hardening.config
@ -93,8 +93,8 @@ CONFIG_SECCOMP_FILTER=y
 # Provides some protections against SYN flooding.
 CONFIG_SYN_COOKIES=y
-# Enable Kernel Control Flow Integrity (currently Clang only).
+# Enable Kernel Control Flow Integrity.
-CONFIG_CFI_CLANG=y
+CONFIG_CFI=y
 # CONFIG_CFI_PERMISSIVE is not set
 # Attack surface reduction: do not autoload TTY line disciplines.
--- a/kernel/module/Kconfig
+++ b/kernel/module/Kconfig
@ -460,6 +460,6 @@ config UNUSED_KSYMS_WHITELIST
 config MODULES_TREE_LOOKUP
 	def_bool y
-	depends on PERF_EVENTS || TRACING || CFI_CLANG
+	depends on PERF_EVENTS || TRACING || CFI
 endif # MODULES
--- a/kernel/module/tree_lookup.c
+++ b/kernel/module/tree_lookup.c
@ -14,7 +14,7 @@
 * Use a latched RB-tree for __module_address(); this allows us to use
 * RCU lookups of the address from any context.
 *
- * This is conditional on PERF_EVENTS || TRACING || CFI_CLANG because those can
+ * This is conditional on PERF_EVENTS || TRACING || CFI because those can
 * really hit __module_address() hard by doing a lot of stack unwinding;
 * potentially from NMI context.
 */
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@ -2908,7 +2908,7 @@ config FORTIFY_KUNIT_TEST
 config LONGEST_SYM_KUNIT_TEST
 	tristate "Test the longest symbol possible" if !KUNIT_ALL_TESTS
 	depends on KUNIT && KPROBES
-	depends on !PREFIX_SYMBOLS && !CFI_CLANG && !GCOV_KERNEL
+	depends on !PREFIX_SYMBOLS && !CFI && !GCOV_KERNEL
 	default KUNIT_ALL_TESTS
 	help
 	  Tests the longest symbol possible
--- a/scripts/gcc-plugins/gcc-common.h
+++ b/scripts/gcc-plugins/gcc-common.h
@ -173,10 +173,17 @@ static inline opt_pass *get_pass_for_id(int id)
 	return g->get_passes()->get_pass_for_id(id);
 }
 #if BUILDING_GCC_VERSION < 16000
 #define TODO_verify_ssa TODO_verify_il
 #define TODO_verify_flow TODO_verify_il
 #define TODO_verify_stmts TODO_verify_il
 #define TODO_verify_rtl_sharing TODO_verify_il
 #else
 #define TODO_verify_ssa 0
 #define TODO_verify_flow 0
 #define TODO_verify_stmts 0
 #define TODO_verify_rtl_sharing 0
 #endif
 #define INSN_DELETED_P(insn) (insn)->deleted()
--- a/scripts/kconfig/expr.h
+++ b/scripts/kconfig/expr.h
@ -145,6 +145,7 @@ struct symbol {
 #define SYMBOL_CONST      0x0001  /* symbol is const */
 #define SYMBOL_CHECK      0x0008  /* used during dependency checking */
 #define SYMBOL_VALID      0x0080  /* set when symbol.curr is calculated */
 #define SYMBOL_TRANS      0x0100  /* symbol is transitional only (not visible)*/
 #define SYMBOL_WRITE      0x0200  /* write symbol to file (KCONFIG_CONFIG) */
 #define SYMBOL_WRITTEN    0x0800  /* track info to avoid double-write to .config */
 #define SYMBOL_CHECKED    0x2000  /* used during dependency checking */
--- a/scripts/kconfig/lexer.l
+++ b/scripts/kconfig/lexer.l
@ -126,6 +126,7 @@ n	[A-Za-z0-9_-]
 "select"		return T_SELECT;
 "source"		return T_SOURCE;
 "string"		return T_STRING;
 "transitional"		return T_TRANSITIONAL;
 "tristate"		return T_TRISTATE;
 "visible"		return T_VISIBLE;
 "||"			return T_OR;
--- a/scripts/kconfig/parser.y
+++ b/scripts/kconfig/parser.y
@ -75,6 +75,7 @@ struct menu *current_menu, *current_entry, *current_choice;
 %token T_SELECT
 %token T_SOURCE
 %token T_STRING
 %token T_TRANSITIONAL
 %token T_TRISTATE
 %token T_VISIBLE
 %token T_EOL
@ -205,6 +206,12 @@ config_option: T_PROMPT T_WORD_QUOTE if_expr T_EOL
 	printd(DEBUG_PARSE, "%s:%d:prompt\n", cur_filename, cur_lineno);
 };
 config_option: T_TRANSITIONAL T_EOL
 {
 	current_entry->sym->flags |= SYMBOL_TRANS;
 	printd(DEBUG_PARSE, "%s:%d:transitional\n", cur_filename, cur_lineno);
 };
 config_option: default expr if_expr T_EOL
 {
 	menu_add_expr(P_DEFAULT, $2, $3);
@ -482,6 +489,43 @@ assign_val:
 %%
 /**
 * transitional_check_sanity - check transitional symbols have no other
 *			       properties
 *
 * @menu: menu of the potentially transitional symbol
 *
 * Return: -1 if an error is found, 0 otherwise.
 */
 static int transitional_check_sanity(const struct menu *menu)
 {
 	struct property *prop;
 	if (!menu->sym || !(menu->sym->flags & SYMBOL_TRANS))
 		return 0;
 	/* Check for depends and visible conditions. */
 	if ((menu->dep && !expr_is_yes(menu->dep)) ||
 	    (menu->visibility && !expr_is_yes(menu->visibility))) {
 		fprintf(stderr, "%s:%d: error: %s",
 			menu->filename, menu->lineno,
 			"transitional symbols can only have help sections\n");
 		return -1;
 	}
 	/* Check for any property other than "help". */
 	for (prop = menu->sym->prop; prop; prop = prop->next) {
 		if (prop->type != P_COMMENT) {
 			fprintf(stderr, "%s:%d: error: %s",
 				prop->filename, prop->lineno,
 				"transitional symbols can only have help sections\n");
 			return -1;
 		}
 	}
 	return 0;
 }
 /**
 * choice_check_sanity - check sanity of a choice member
 *
@ -558,6 +602,9 @@ void conf_parse(const char *name)
 		if (menu->sym && sym_check_deps(menu->sym))
 			yynerrs++;
 		if (transitional_check_sanity(menu))
 			yynerrs++;
 		if (menu->sym && sym_is_choice(menu->sym)) {
 			menu_for_each_sub_entry(child, menu)
 				if (child->sym && choice_check_sanity(child))
--- a/scripts/kconfig/symbol.c
+++ b/scripts/kconfig/symbol.c
@ -214,6 +214,11 @@ static void sym_calc_visibility(struct symbol *sym)
 	struct property *prop;
 	tristate tri;
 	if (sym->flags & SYMBOL_TRANS) {
 		sym->visible = yes;
 		return;
 	}
 	/* any prompt visible? */
 	tri = no;
 	for_all_prompts(sym, prop) {
@ -526,7 +531,7 @@ void sym_calc_value(struct symbol *sym)
 		}
 	}
-	if (sym_is_choice(sym))
+	if (sym_is_choice(sym) || sym->flags & SYMBOL_TRANS)
 		sym->flags &= ~SYMBOL_WRITE;
 }
--- a/scripts/kconfig/tests/conftest.py
+++ b/scripts/kconfig/tests/conftest.py
@ -81,7 +81,22 @@ class Conf:
                # For interactive modes such as oldaskconfig, oldconfig,
                # send 'Enter' key until the program finishes.
                if interactive:
-                    ps.stdin.write(b'\n')
+                    try:
                        ps.stdin.write(b'\n')
                        ps.stdin.flush()
                    except (BrokenPipeError, OSError):
                        # Process has exited, stop sending input
                        break
            # Close stdin gracefully
            try:
                ps.stdin.close()
            except (BrokenPipeError, OSError):
                # Ignore broken pipe on close
                pass
            # Wait for process to complete
            ps.wait()
            self.retcode = ps.returncode
            self.stdout = ps.stdout.read().decode()
--- a/scripts/kconfig/tests/err_transitional/Kconfig
+++ b/scripts/kconfig/tests/err_transitional/Kconfig
@ -0,0 +1,52 @@
 # SPDX-License-Identifier: GPL-2.0
 # Test that transitional symbols cannot have properties other than help
 config BAD_DEFAULT
 	bool
 	transitional
 	default y
 	help
 	  This transitional symbol illegally has a default property.
 config BAD_PROMPT
 	bool
 	transitional
 	prompt "Bad prompt"
 	help
 	  This transitional symbol illegally has a prompt.
 config BAD_SELECT
 	bool
 	transitional
 	select OTHER_SYMBOL
 	help
 	  This transitional symbol illegally has a select.
 config BAD_IMPLY
 	bool
 	transitional
 	imply OTHER_SYMBOL
 	help
 	  This transitional symbol illegally has an imply.
 config BAD_DEPENDS
 	bool
 	transitional
 	depends on OTHER_SYMBOL
 	help
 	  This transitional symbol illegally has a depends.
 config BAD_RANGE
 	int
 	transitional
 	range 1 10
 	help
 	  This transitional symbol illegally has a range.
 config BAD_NO_TYPE
 	transitional
 	help
 	  This transitional symbol illegally has no type specified.
 config OTHER_SYMBOL
 	bool
--- a/scripts/kconfig/tests/err_transitional/init.py
+++ b/scripts/kconfig/tests/err_transitional/init.py
@ -0,0 +1,14 @@
 # SPDX-License-Identifier: GPL-2.0
 """
 Test that transitional symbols with invalid properties are rejected.
 Transitional symbols can only have help sections. Any other properties
 (default, select, depends, etc.) should cause a parser error.
 """
 def test(conf):
    # This should fail with exit code 1 due to invalid transitional symbol
    assert conf.olddefconfig() == 1
    # Check that the error message is about transitional symbols
    assert conf.stderr_contains('expected_stderr')
--- a/scripts/kconfig/tests/err_transitional/expected_stderr
+++ b/scripts/kconfig/tests/err_transitional/expected_stderr
@ -0,0 +1,7 @@
 Kconfig:46:warning: config symbol defined without type
 Kconfig:7: error: transitional symbols can only have help sections
 Kconfig:14: error: transitional symbols can only have help sections
 Kconfig:21: error: transitional symbols can only have help sections
 Kconfig:28: error: transitional symbols can only have help sections
 Kconfig:32: error: transitional symbols can only have help sections
 Kconfig:42: error: transitional symbols can only have help sections
--- a/scripts/kconfig/tests/transitional/Kconfig
+++ b/scripts/kconfig/tests/transitional/Kconfig
@ -0,0 +1,100 @@
 # SPDX-License-Identifier: GPL-2.0
 # Test transitional symbols for config migration with all Kconfig types
 # Enable module support for tristate testing
 config MODULES
 	bool "Enable loadable module support"
 	modules
 	default y
 # Basic migration tests for all types
 config NEW_BOOL
 	bool "New bool option"
 	default OLD_BOOL
 config OLD_BOOL
 	bool
 	transitional
 config NEW_TRISTATE
 	tristate "New tristate option"
 	default OLD_TRISTATE
 config OLD_TRISTATE
 	tristate
 	transitional
 config NEW_STRING
 	string "New string option"
 	default OLD_STRING
 config OLD_STRING
 	string
 	transitional
 config NEW_HEX
 	hex "New hex option"
 	default OLD_HEX
 config OLD_HEX
 	hex
 	transitional
 config NEW_INT
 	int "New int option"
 	default OLD_INT
 config OLD_INT
 	int
 	transitional
 # Precedence tests for all types
 config NEW_BOOL_PRECEDENCE
 	bool "New bool option with precedence"
 	default OLD_BOOL_PRECEDENCE
 config OLD_BOOL_PRECEDENCE
 	bool
 	transitional
 config NEW_STRING_PRECEDENCE
 	string "New string option with precedence"
 	default OLD_STRING_PRECEDENCE
 config OLD_STRING_PRECEDENCE
 	string
 	transitional
 config NEW_TRISTATE_PRECEDENCE
 	tristate "New tristate option with precedence"
 	default OLD_TRISTATE_PRECEDENCE
 config OLD_TRISTATE_PRECEDENCE
 	tristate
 	transitional
 config NEW_HEX_PRECEDENCE
 	hex "New hex option with precedence"
 	default OLD_HEX_PRECEDENCE
 config OLD_HEX_PRECEDENCE
 	hex
 	transitional
 config NEW_INT_PRECEDENCE
 	int "New int option with precedence"
 	default OLD_INT_PRECEDENCE
 config OLD_INT_PRECEDENCE
 	int
 	transitional
 # Test that help sections are allowed for transitional symbols
 config OLD_WITH_HELP
 	bool
 	transitional
 	help
 	  This transitional symbol has a help section to validate that help is allowed.
 config REGULAR_OPTION
 	bool "Regular option"
--- a/scripts/kconfig/tests/transitional/init.py
+++ b/scripts/kconfig/tests/transitional/init.py
@ -0,0 +1,18 @@
 # SPDX-License-Identifier: GPL-2.0
 """
 Test transitional symbol migration functionality for all Kconfig types.
 This tests that:
 - OLD_* options in existing .config cause NEW_* options to be set
 - OLD_* options are not written to the new .config file
 - NEW_* options appear in the new .config file with correct values
 - All Kconfig types work correctly: bool, tristate, string, hex, int
 - User-set NEW values take precedence over conflicting OLD transitional values
 """
 def test(conf):
    # Run olddefconfig to process the migration with the initial config
    assert conf.olddefconfig(dot_config='initial_config') == 0
    # Check that the configuration matches expected output
    assert conf.config_contains('expected_config')
--- a/scripts/kconfig/tests/transitional/expected_config
+++ b/scripts/kconfig/tests/transitional/expected_config
@ -0,0 +1,12 @@
 CONFIG_MODULES=y
 CONFIG_NEW_BOOL=y
 CONFIG_NEW_TRISTATE=m
 CONFIG_NEW_STRING="test string"
 CONFIG_NEW_HEX=0x1234
 CONFIG_NEW_INT=42
 # CONFIG_NEW_BOOL_PRECEDENCE is not set
 CONFIG_NEW_STRING_PRECEDENCE="user value"
 CONFIG_NEW_TRISTATE_PRECEDENCE=y
 CONFIG_NEW_HEX_PRECEDENCE=0xABCD
 CONFIG_NEW_INT_PRECEDENCE=100
 # CONFIG_REGULAR_OPTION is not set
--- a/scripts/kconfig/tests/transitional/initial_config
+++ b/scripts/kconfig/tests/transitional/initial_config
@ -0,0 +1,16 @@
 CONFIG_MODULES=y
 CONFIG_OLD_BOOL=y
 CONFIG_OLD_TRISTATE=m
 CONFIG_OLD_STRING="test string"
 CONFIG_OLD_HEX=0x1234
 CONFIG_OLD_INT=42
 # CONFIG_NEW_BOOL_PRECEDENCE is not set
 CONFIG_OLD_BOOL_PRECEDENCE=y
 CONFIG_NEW_STRING_PRECEDENCE="user value"
 CONFIG_OLD_STRING_PRECEDENCE="old value"
 CONFIG_NEW_TRISTATE_PRECEDENCE=y
 CONFIG_OLD_TRISTATE_PRECEDENCE=m
 CONFIG_NEW_HEX_PRECEDENCE=0xABCD
 CONFIG_OLD_HEX_PRECEDENCE=0x5678
 CONFIG_NEW_INT_PRECEDENCE=100
 CONFIG_OLD_INT_PRECEDENCE=200
--- a/tools/include/linux/cfi_types.h
+++ b/tools/include/linux/cfi_types.h
@ -8,7 +8,7 @@
 #ifdef __ASSEMBLY__
 #include <linux/linkage.h>
-#ifdef CONFIG_CFI_CLANG
+#ifdef CONFIG_CFI
 /*
 * Use the __kcfi_typeid_<function> type identifier symbol to
 * annotate indirectly called assembly functions. The compiler emits
@ -29,12 +29,12 @@
 #define SYM_TYPED_START(name, linkage, align...)	\
 	SYM_TYPED_ENTRY(name, linkage, align)
-#else /* CONFIG_CFI_CLANG */
+#else /* CONFIG_CFI */
 #define SYM_TYPED_START(name, linkage, align...)	\
 	SYM_START(name, linkage, align)
-#endif /* CONFIG_CFI_CLANG */
+#endif /* CONFIG_CFI */
 #ifndef SYM_TYPED_FUNC_START
 #define SYM_TYPED_FUNC_START(name) 			\
--- a/tools/perf/util/include/linux/linkage.h
+++ b/tools/perf/util/include/linux/linkage.h
@ -120,7 +120,7 @@
 #endif
 // In the kernel sources (include/linux/cfi_types.h), this has a different
-// definition when CONFIG_CFI_CLANG is used, for tools/ just use the !clang
+// definition when CONFIG_CFI is used, for tools/ just use the !cfi
 // definition:
 #ifndef SYM_TYPED_START
 #define SYM_TYPED_START(name, linkage, align...)        \