Merge tag 'meminit-v5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees...

Pull structleak fix from Kees Cook:
 "Disable gcc-based stack variable auto-init under KASAN (Arnd
  Bergmann).

  This fixes a bunch of build warnings under KASAN and the
  gcc-plugin-based stack auto-initialization features (which are
  arguably redundant, so better to let KASAN control this)"

* tag 'meminit-v5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK

diff --combined security/Kconfig.hardening
index a1ffe2eb4d5f5f5eb87f4f544f8b4014070f2989,107176069af396c8bbcdb32ce46fa2749ff4af60..af4c979b38eedb80411654f140a11f6312861dc2
--- 1/security/Kconfig.hardening
--- 2/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@@ -61,6 -61,7 +61,7 @@@ choic
        config GCC_PLUGIN_STRUCTLEAK_BYREF
                bool "zero-init structs passed by reference (strong)"
                depends on GCC_PLUGINS
+               depends on !(KASAN && KASAN_STACK=1)
                select GCC_PLUGIN_STRUCTLEAK
                help
                  Zero-initialize any structures on the stack that may
@@@ -70,9 -71,15 +71,15 @@@
                  exposures, like CVE-2017-1000410:
                  https://git.kernel.org/linus/06e7e776ca4d3654
  
+                 As a side-effect, this keeps a lot of variables on the
+                 stack that can otherwise be optimized out, so combining
+                 this with CONFIG_KASAN_STACK can lead to a stack overflow
+                 and is disallowed.
+ 
        config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
                bool "zero-init anything passed by reference (very strong)"
                depends on GCC_PLUGINS
+               depends on !(KASAN && KASAN_STACK=1)
                select GCC_PLUGIN_STRUCTLEAK
                help
                  Zero-initialize any stack variables that may be passed
@@@ -160,35 -167,6 +167,35 @@@ config STACKLEAK_RUNTIME_DISABL
          runtime to control kernel stack erasing for kernels built with
          CONFIG_GCC_PLUGIN_STACKLEAK.
  
 +config INIT_ON_ALLOC_DEFAULT_ON
 +      bool "Enable heap memory zeroing on allocation by default"
 +      help
 +        This has the effect of setting "init_on_alloc=1" on the kernel
 +        command line. This can be disabled with "init_on_alloc=0".
 +        When "init_on_alloc" is enabled, all page allocator and slab
 +        allocator memory will be zeroed when allocated, eliminating
 +        many kinds of "uninitialized heap memory" flaws, especially
 +        heap content exposures. The performance impact varies by
 +        workload, but most cases see <1% impact. Some synthetic
 +        workloads have measured as high as 7%.
 +
 +config INIT_ON_FREE_DEFAULT_ON
 +      bool "Enable heap memory zeroing on free by default"
 +      help
 +        This has the effect of setting "init_on_free=1" on the kernel
 +        command line. This can be disabled with "init_on_free=0".
 +        Similar to "init_on_alloc", when "init_on_free" is enabled,
 +        all page allocator and slab allocator memory will be zeroed
 +        when freed, eliminating many kinds of "uninitialized heap memory"
 +        flaws, especially heap content exposures. The primary difference
 +        with "init_on_free" is that data lifetime in memory is reduced,
 +        as anything freed is wiped immediately, making live forensics or
 +        cold boot memory attacks unable to recover freed memory contents.
 +        The performance impact varies by workload, but is more expensive
 +        than "init_on_alloc" due to the negative cache effects of
 +        touching "cold" memory areas. Most cases see 3-5% impact. Some
 +        synthetic workloads have measured as high as 8%.
 +
  endmenu
  
  endmenu