On Thu, Sep 18, 2025 at 11:51 AM Mimi Zohar <[email protected]> wrote: > On Tue, 2025-09-16 at 18:03 -0400, Paul Moore wrote: > > Move away from an init specific init_debug() macro to a more general > > lsm_pr()/lsm_pr_cont()/lsm_pr_dbg() set of macros that are available > > both before and after init. In the process we do a number of minor > > changes to improve the LSM initialization output and cleanup the code > > somewhat. > > > > Reviewed-by: Casey Schaufler <[email protected]> > > Reviewed-by: John Johansen <[email protected]> > > Signed-off-by: Paul Moore <[email protected]> > > --- > > security/lsm.h | 11 ++++ > > security/lsm_init.c | 123 +++++++++++++++++++------------------------- > > security/security.c | 2 + > > 3 files changed, 66 insertions(+), 70 deletions(-) > > > > diff --git a/security/lsm.h b/security/lsm.h > > index dbe755c45e57..8dc267977ae0 100644 > > --- a/security/lsm.h > > +++ b/security/lsm.h > > @@ -6,9 +6,20 @@ > > #ifndef _LSM_H_ > > #define _LSM_H_ > > > > +#include <linux/printk.h> > > #include <linux/lsm_hooks.h> > > #include <linux/lsm_count.h> > > > > +/* LSM debugging */ > > +extern bool lsm_debug; > > +#define lsm_pr(...) pr_info(__VA_ARGS__) > > +#define lsm_pr_cont(...) pr_cont(__VA_ARGS__) > > +#define lsm_pr_dbg(...) > > > > \ > > + do { \ > > + if (lsm_debug) \ > > + pr_info(__VA_ARGS__); \ > > + } while (0) > > The existing pr_info and pr_cont themselves are #defines. Is there a reason > for > these new "#define"? If there is a valid reason for having these new defines, > why aren't they simply prefixed with "lsm"?
With the creation of the lsm_pr_dbg() macro which gates the output on the "lsm.debug" flag, I felt it was more consistent to name things this way, even if lsm_pr() and lsm_pr_cont() are just effectively renames of the existing pr_info() and pr_cont() symbols. -- paul-moore.com
