Merge tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...

Pull gcc-plugins updates from Kees Cook:
 "This includes infrastructure updates and the structleak plugin, which
  performs forced initialization of certain structures to avoid possible
  information exposures to userspace.

  Summary:

   - infrastructure updates (gcc-common.h)

   - introduce structleak plugin for forced initialization of some
     structures"

* tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  gcc-plugins: Add structleak for more stack initialization
  gcc-plugins: consolidate on PASS_INFO macro
  gcc-plugins: add PASS_INFO and build_const_char_string()

diff --combined arch/Kconfig
index 33f5a555c32a5820f614341bb758a88447dbd2cb,646ba0f42c5fdd88abf6f62fa99af4817ddd9c88..2bbf5baff6905aec2d6345dbff994696c980fa05
--- 1/arch/Kconfig
--- 2/arch/Kconfig
+++ b/arch/Kconfig
@@@ -410,6 -410,28 +410,28 @@@ config GCC_PLUGIN_LATENT_ENTROP
           * https://grsecurity.net/
           * https://pax.grsecurity.net/
  
+ config GCC_PLUGIN_STRUCTLEAK
+       bool "Force initialization of variables containing userspace addresses"
+       depends on GCC_PLUGINS
+       help
+         This plugin zero-initializes any structures that containing a
+         __user attribute. This can prevent some classes of information
+         exposures.
+ 
+         This plugin was ported from grsecurity/PaX. More information at:
+          * https://grsecurity.net/
+          * https://pax.grsecurity.net/
+ 
+ config GCC_PLUGIN_STRUCTLEAK_VERBOSE
+       bool "Report forcefully initialized variables"
+       depends on GCC_PLUGIN_STRUCTLEAK
+       depends on !COMPILE_TEST
+       help
+         This option will cause a warning to be printed each time the
+         structleak plugin finds a variable it thinks needs to be
+         initialized. Since not all existing initializers are detected
+         by the plugin, this can produce false positive warnings.
+ 
  config HAVE_CC_STACKPROTECTOR
        bool
        help
@@@ -781,38 -803,4 +803,38 @@@ config VMAP_STAC
          the stack to map directly to the KASAN shadow map using a formula
          that is incorrect if the stack is in vmalloc space.
  
 +config ARCH_OPTIONAL_KERNEL_RWX
 +      def_bool n
 +
 +config ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
 +      def_bool n
 +
 +config ARCH_HAS_STRICT_KERNEL_RWX
 +      def_bool n
 +
 +config STRICT_KERNEL_RWX
 +      bool "Make kernel text and rodata read-only" if ARCH_OPTIONAL_KERNEL_RWX
 +      depends on ARCH_HAS_STRICT_KERNEL_RWX
 +      default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
 +      help
 +        If this is set, kernel text and rodata memory will be made read-only,
 +        and non-text memory will be made non-executable. This provides
 +        protection against certain security exploits (e.g. executing the heap
 +        or modifying text)
 +
 +        These features are considered standard security practice these days.
 +        You should say Y here in almost all cases.
 +
 +config ARCH_HAS_STRICT_MODULE_RWX
 +      def_bool n
 +
 +config STRICT_MODULE_RWX
 +      bool "Set loadable kernel module data as NX and text as RO" if ARCH_OPTIONAL_KERNEL_RWX
 +      depends on ARCH_HAS_STRICT_MODULE_RWX && MODULES
 +      default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
 +      help
 +        If this is set, module text and rodata memory will be made read-only,
 +        and non-text memory will be made non-executable. This provides
 +        protection against certain security exploits (e.g. writing to text)
 +
  source "kernel/gcov/Kconfig"