On Tue, 2025-09-16 at 18:03 -0400, Paul Moore wrote:
> Acked-by: Kees Cook <[email protected]>
> Reviewed-by: John Johansen <[email protected]>
> Signed-off-by: Paul Moore <[email protected]>
For the first couple of iterations, the patch descriptions needed to be added or
improved upon. Some of the patch descriptions are still missing (e.g. 25, 27,
etc). Is this intentional because you feel it is redundant or simply an
oversight because checkpatch.pl is not flagging it? Checkpatch normally flags
missing patch descriptions, but isn't flagging it now because of the additional
tags.
FYI, teaching newbies how to break up a patch set is not easy. This patch set
is nicely broken up and would be a good example. However, leaving out the patch
description would be teaching the wrong thing.
Mimi
> ---
> security/loadpin/loadpin.c | 15 ++++++++-------
> 1 file changed, 8 insertions(+), 7 deletions(-)
>
> diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
> index b9ddf05c5c16..273ffbd6defe 100644
> --- a/security/loadpin/loadpin.c
> +++ b/security/loadpin/loadpin.c
> @@ -270,11 +270,6 @@ static int __init loadpin_init(void)
> return 0;
> }
>
> -DEFINE_LSM(loadpin) = {
> - .id = &loadpin_lsmid,
> - .init = loadpin_init,
> -};
> -
> #ifdef CONFIG_SECURITY_LOADPIN_VERITY
>
> enum loadpin_securityfs_interface_index {
> @@ -434,10 +429,16 @@ static int __init init_loadpin_securityfs(void)
> return 0;
> }
>
> -fs_initcall(init_loadpin_securityfs);
> -
> #endif /* CONFIG_SECURITY_LOADPIN_VERITY */
>
> +DEFINE_LSM(loadpin) = {
> + .id = &loadpin_lsmid,
> + .init = loadpin_init,
> +#ifdef CONFIG_SECURITY_LOADPIN_VERITY
> + .initcall_fs = init_loadpin_securityfs,
> +#endif /* CONFIG_SECURITY_LOADPIN_VERITY */
> +};
> +
> /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */
> module_param(enforce, int, 0);
> MODULE_PARM_DESC(enforce, "Enforce module/firmware pinning");
