This option makes the kernel erase the kernel stack before
returning from system calls. This has the effect of leaving
the stack initialized to the poison value, which both reduces
the lifetime of any sensitive stack contents and reduces
potential for uninitialized stack variable exploits or information
exposures (it does not cover functions reaching the same stack
depth as prior functions during the same syscall). This blocks
most uninitialized stack variable attacks, with the performance
impact being driven by the depth of the stack usage, rather than
the function calling complexity.

The performance impact on a single CPU system kernel compilation
sees a 1% slowdown, other systems and workloads may vary and you
are advised to test this feature on your expected workload before
deploying it.

This plugin was ported from grsecurity/PaX. More information at:
* https://grsecurity.net/
* https://pax.grsecurity.net/

source code:

kernel/stackleak.c