vmlinux.lds.h: Move LSM_TABLE into INIT_DATA

Since the struct lsm_info table is not an initcall, we can just move it
into INIT_DATA like all the other tables.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: James Morris <james.morris@microsoft.com>
Signed-off-by: James Morris <james.morris@microsoft.com>

diff --git a/arch/arc/kernel/vmlinux.lds.S b/arch/arc/kernel/vmlinux.lds.S
index f35ed57..8fb16bd 100644 (file)
--- a/arch/arc/kernel/vmlinux.lds.S
+++ b/arch/arc/kernel/vmlinux.lds.S
@@ -71,7 +71,6 @@ SECTIONS
                INIT_SETUP(L1_CACHE_BYTES)
                INIT_CALLS
                CON_INITCALL
-               SECURITY_INITCALL
        }
 
        .init.arch.info : {

diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S
index 3593d5c..8c74037 100644 (file)
--- a/arch/arm/kernel/vmlinux-xip.lds.S
+++ b/arch/arm/kernel/vmlinux-xip.lds.S
@@ -96,7 +96,6 @@ SECTIONS
                INIT_SETUP(16)
                INIT_CALLS
                CON_INITCALL
-               SECURITY_INITCALL
                INIT_RAM_FS
        }
 

diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 605d1b6..7d23d59 100644 (file)
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -166,7 +166,6 @@ SECTIONS
                INIT_SETUP(16)
                INIT_CALLS
                CON_INITCALL
-               SECURITY_INITCALL
                INIT_RAM_FS
                *(.init.rodata.* .init.bss)     /* from the EFI stub */
        }

diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S
index 35716a3..49f716c 100644 (file)
--- a/arch/h8300/kernel/vmlinux.lds.S
+++ b/arch/h8300/kernel/vmlinux.lds.S
@@ -56,7 +56,6 @@ SECTIONS
        __init_begin = .;
        INIT_TEXT_SECTION(4)
        INIT_DATA_SECTION(4)
-       SECURITY_INIT
        __init_end = .;
        _edata = . ;
        _begin_data = LOADADDR(.data);

diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S
index 289d0e7..e1f3e87 100644 (file)
--- a/arch/microblaze/kernel/vmlinux.lds.S
+++ b/arch/microblaze/kernel/vmlinux.lds.S
@@ -117,8 +117,6 @@ SECTIONS {
                CON_INITCALL
        }
 
-       SECURITY_INIT
-
        __init_end_before_initramfs = .;
 
        .init.ramfs : AT(ADDR(.init.ramfs) - LOAD_OFFSET) {

diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S
index 07ae018..105a976 100644 (file)
--- a/arch/powerpc/kernel/vmlinux.lds.S
+++ b/arch/powerpc/kernel/vmlinux.lds.S
@@ -212,8 +212,6 @@ SECTIONS
                CON_INITCALL
        }
 
-       SECURITY_INIT
-
        . = ALIGN(8);
        __ftr_fixup : AT(ADDR(__ftr_fixup) - LOAD_OFFSET) {
                __start___ftr_fixup = .;

diff --git a/arch/um/include/asm/common.lds.S b/arch/um/include/asm/common.lds.S
index 7adb4e6..4049f2c 100644 (file)
--- a/arch/um/include/asm/common.lds.S
+++ b/arch/um/include/asm/common.lds.S
@@ -53,8 +53,6 @@
        CON_INITCALL
   }
 
-  SECURITY_INIT
-
   .exitcall : {
        __exitcall_begin = .;
        *(.exitcall.exit)

diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S
index a1c3edb..b727b18 100644 (file)
--- a/arch/xtensa/kernel/vmlinux.lds.S
+++ b/arch/xtensa/kernel/vmlinux.lds.S
@@ -197,7 +197,6 @@ SECTIONS
     INIT_SETUP(XCHAL_ICACHE_LINESIZE)
     INIT_CALLS
     CON_INITCALL
-    SECURITY_INITCALL
     INIT_RAM_FS
   }
 

diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index 5079a96..b31ea8b 100644 (file)
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -203,6 +203,15 @@
 #define EARLYCON_TABLE()
 #endif
 
+#ifdef CONFIG_SECURITY
+#define LSM_TABLE()    . = ALIGN(8);                                   \
+                       __start_lsm_info = .;                           \
+                       KEEP(*(.lsm_info.init))                         \
+                       __end_lsm_info = .;
+#else
+#define LSM_TABLE()
+#endif
+
 #define ___OF_TABLE(cfg, name) _OF_TABLE_##cfg(name)
 #define __OF_TABLE(cfg, name)  ___OF_TABLE(cfg, name)
 #define OF_TABLE(cfg, name)    __OF_TABLE(IS_ENABLED(cfg), name)
@@ -597,7 +606,8 @@
        IRQCHIP_OF_MATCH_TABLE()                                        \
        ACPI_PROBE_TABLE(irqchip)                                       \
        ACPI_PROBE_TABLE(timer)                                         \
-       EARLYCON_TABLE()
+       EARLYCON_TABLE()                                                \
+       LSM_TABLE()
 
 #define INIT_TEXT                                                      \
        *(.init.text .init.text.*)                                      \
@@ -786,17 +796,6 @@
                KEEP(*(.con_initcall.init))                             \
                __con_initcall_end = .;
 
-#define SECURITY_INITCALL                                              \
-               __start_lsm_info = .;                                   \
-               KEEP(*(.lsm_info.init))                                 \
-               __end_lsm_info = .;
-
-/* Older linker script style for security init. */
-#define SECURITY_INIT                                                  \
-       .lsm_info.init : AT(ADDR(.lsm_info.init) - LOAD_OFFSET) {       \
-               LSM_INFO                                                \
-       }
-
 #ifdef CONFIG_BLK_DEV_INITRD
 #define INIT_RAM_FS                                                    \
        . = ALIGN(4);                                                   \
@@ -963,7 +962,6 @@
                INIT_SETUP(initsetup_align)                             \
                INIT_CALLS                                              \
                CON_INITCALL                                            \
-               SECURITY_INITCALL                                       \
                INIT_RAM_FS                                             \
        }