On Fri, Jan 20, 2023 at 2:32 AM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > > On 1/19/2023 3:10 PM, KP Singh wrote: > > The header defines a MAX_LSM_COUNT constant which is used in a > > subsequent patch to generate the static calls for each LSM hook which > > are named using preprocessor token pasting. Since token pasting does not > > work with arithmetic expressions, generate a simple lsm_count.h header > > which represents the subset of LSMs that can be enabled on a given > > kernel based on the config. > > > > While one can generate static calls for all the possible LSMs that the > > kernel has, this is actually wasteful as most kernels only enable a > > handful of LSMs. > > Why "generate" anything? Why not include your GEN_MAX_LSM_COUNT macro > in security.h and be done with it? I've proposed doing just that in the > stacking patch set for some time. This seems to be much more complicated > than it needs to be. The answer is in the commit description, the count is used in token pasting and you cannot have arithmetic in when you generate tokens in preprocessor macros. you cannot generate bprm_check_security_call_1 + 1 + 1 this does not get resolved by preprocessor.
