Cook: security things in Linux v4.17

Kees Cook describesthe security-oriented changes included in the 4.17 kernel release."It was possible that old memory contents would live in a newprocess's kernel stack. While normally not visible, "uninitialized" memoryread flaws or read overflows could expose these contents (especially stuff"deeper" in the stack that may never get overwritten for the life of theprocess). To avoid this, I made sure that new stacks were alwayszeroed. Oddly, this "priming" of the cache appeared to actually improveperformance, though it was mostly in the noise."