BACKPORT: security: Implement Clang's stack initialization

CONFIG_INIT_STACK_ALL turns on stack initialization based on
-ftrivial-auto-var-init in Clang builds, which has greater coverage

-ftrivial-auto-var-init Clang option provides trivial initializers for
uninitialized local variables, variable fields and padding.

It has three possible values:
  pattern - uninitialized locals are filled with a fixed pattern
    (mostly 0xAA on 64-bit platforms, see
    for more details, but 0x000000AA for 32-bit pointers) likely to cause
    crashes when uninitialized value is used;
  zero (it's still debated whether this flag makes it to the official
    Clang release) - uninitialized locals are filled with zeroes;
  uninitialized (default) - uninitialized locals are left intact.

This patch uses only the "pattern" mode when CONFIG_INIT_STACK_ALL is

Developers have the possibility to opt-out of this feature on a
per-variable basis by using __attribute__((uninitialized)), but such
use should be well justified in comments.

The Android 4.14 backport drops CC_HAS_AUTO_VAR_INIT, because Kconfig
is too old to support compiler feature checks.

Change-Id: I9dca079dd015d3cea0446bbdb916e04f4199c626
Co-developed-by: Alexander Potapenko <>
Signed-off-by: Alexander Potapenko <>
Signed-off-by: Kees Cook <>
Tested-by: Alexander Potapenko <>
Acked-by: Masahiro Yamada <>
(cherry picked from commit 709a972efb01efaeb97cad1adc87fe400119c8ab)
Bug: 133428616
Signed-off-by: Alexander Potapenko <>
2 files changed