On Sun, Jul 28, 2019 at 12:43:15PM -0700, Linus Torvalds wrote: > On Sun, Jul 28, 2019 at 12:21 PM Kees Cook <[email protected]> wrote: > > > > Please pull this meminit fix for v5.3-rc2. > > Side noe: I find "meminit" a confusing description for the structleak > thing. When I hear it, it sounds like some generic memory > initialization thing in the VM layer (which we obviously do also > have), not the stack variable initialization.
I will find a better name. :) We dreamed up "meminit" as finding a name for the umbrella of both stack and heap auto-initialization. But I agree, it's confusing. > Also, have you guys talked to gcc people about just making it a real > feature, like I think it is for clang? In particular, I still suspect > that we could/should just make zero-filling the *default* in the long > run, and say "our C standard is that local variables are initialized > to zero, exactly the same way static variables are". Yes, this is on the list for discussion at Plumber's. Having gcc do auto-init is the first part. Convincing Clang that _zero_ init isn't a language-breaking change is the second part. :P That's been a whole other issue. > I know you posted some numbers somewhere (well, I'm pretty sure you > did) and the full stack initialization really was pretty cheap, > wasn't it? Yes, Clang's initialization (which is 0xAA not 0x00 in most cases) is cheap. There are rumors(?) of some pathological workloads, though. I haven't seen real numbers for that though. I'll try to find the Clang numbers (maybe Alexander has them?) but I remember it being the same as (or maybe better than) the gcc-plugin version, which I measured here: https://git.kernel.org/linus/81a56f6dcd20 -- Kees Cook
