Cook: Security things in Linux v4.20

Kees Cook summarizesthe security-related improvements in the 4.20 kernel."Enabling CONFIG_GCC_PLUGIN_STACKLEAK=y means almost alluninitialized variable flaws go away, with only a very minor performancehit (it appears to be under 1% for most workloads). It's still possiblethat, within a single syscall, a later buggy function call could use'uninitialized' bytes from the stack from an earlier function. Fixing thiswill need compiler support for pre-initialization (this is underdevelopment already for Clang, for example), but that may have largerperformance implications."