On 09/24/2018 05:18 PM, Kees Cook wrote: > Instead of using argument-based initializers, switch to defining the > contents of struct lsm_info on a per-LSM basis. This also drops > the final use of the now inaccurate "initcall" naming. > > Cc: John Johansen <john.johansen@xxxxxxxxxxxxx> > Cc: James Morris <jmorris@xxxxxxxxx> > Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx> > Cc: Paul Moore <paul@xxxxxxxxxxxxxx> > Cc: Stephen Smalley <sds@xxxxxxxxxxxxx> > Cc: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> > Cc: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > Cc: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> > Cc: linux-security-module@xxxxxxxxxxxxxxx > Cc: selinux@xxxxxxxxxxxxx > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > include/linux/lsm_hooks.h | 6 ++++-- > security/apparmor/lsm.c | 4 +++- > security/integrity/iint.c | 4 +++- > security/selinux/hooks.c | 4 +++- > security/smack/smack_lsm.c | 4 +++- > security/tomoyo/tomoyo.c | 4 +++- > 6 files changed, 19 insertions(+), 7 deletions(-) > > diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h > index ad04761e5587..02ec717189f9 100644 > --- a/include/linux/lsm_hooks.h > +++ b/include/linux/lsm_hooks.h > @@ -2045,11 +2045,13 @@ struct lsm_info { > > extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; > > -#define security_initcall(lsm) \ > +#define DEFINE_LSM(lsm) \ > static struct lsm_info __lsm_##lsm \ > __used __section(.lsm_info.init) \ > __aligned(sizeof(unsigned long)) \ > - = { .init = lsm, } > + = { \ > + > +#define END_LSM } > I am with Tetsuo on this one, I really don't like the END_LSM thing.