Hi Linus, I was curious, after the last week of discussion, what you thought of the future of Alexander's port of the STACKLEAK plugin. Given that there is progress being made (by at least 8 people at last count) to actually remove VLAs (and bogus warnings), and that there appears to be consensus on the approach for how to deal with uninitialized stack variables, this still leaves an aspect of STACKLEAK unaddressed, which is reducing the lifetime of stack content validity.
We have options available for heap memory poison-on-free (which can serve both as a debugging feature and a security feature), but we continue not to have this for the stack. I'd still like to be able to provide coverage here. AIUI, your objections revolved around not directly addressing the VLA and uninit cases (which are now underway). Would you reconsider your NACK, and if not, what do you think the right approach would be for performing stack clearing at the end of syscalls? Thanks! -Kees  http://www.openwall.com/lists/kernel-hardening/2018/03/03/7  https://patchwork.kernel.org/project/LKML/list/?q=VLA  https://marc.info/?l=kernel-hardening&m=152036383124266&w=2  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/mm/Kconfig.debug?h=v4.15#n42 -- Kees Cook Pixel Security