2 files changed, 19 insertions, 0 deletions

diff --git a/Makefile b/Makefile
index c0a34064c574..a7d9c6cd0267 100644
--- a/Makefile
+++ b/Makefile
@@ -745,6 +745,11 @@ KBUILD_CFLAGS	+= -fomit-frame-pointer
 endif
 endif
 
+# Initialize all stack variables with a pattern, if desired.
+ifdef CONFIG_INIT_STACK_ALL
+KBUILD_CFLAGS   += -ftrivial-auto-var-init=pattern
+endif
+
 DEBUG_CFLAGS    := $(call cc-option, -fno-var-tracking-assignments)
 
 ifdef CONFIG_DEBUG_INFO
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index a96d4a43ca65..0a1d4ca314f4 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -18,9 +18,13 @@ config GCC_PLUGIN_STRUCTLEAK
 
 menu "Memory initialization"
 
+config CC_HAS_AUTO_VAR_INIT
+        def_bool $(cc-option,-ftrivial-auto-var-init=pattern)
+
 choice
         prompt "Initialize kernel stack variables at function entry"
         default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS
+        default INIT_STACK_ALL if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT
         default INIT_STACK_NONE
         help
           This option enables initialization of stack variables at
@@ -76,6 +80,16 @@ choice
                   of uninitialized stack variable exploits and information
                   exposures.
 
+        config INIT_STACK_ALL
+                bool "0xAA-init everything on the stack (strongest)"
+                depends on CC_HAS_AUTO_VAR_INIT
+                help
+                  Initializes everything on the stack with a 0xAA
+                  pattern. This is intended to eliminate all classes
+                  of uninitialized stack variable exploits and information
+                  exposures, even variables that were warned to have been
+                  left uninitialized.
+
 endchoice
 
 config GCC_PLUGIN_STRUCTLEAK_VERBOSE