为什么Linux内核LSM_HOOK宏定义了许多参数？

Question

在Linux内核中，LSM_HOOK的使用类似于：

LSM_HOOK(int, 0, binder_set_context_mgr, const struct cred *mgr)
LSM_HOOK(int, 0, binder_transaction, const struct cred *from,
     const struct cred *to)
LSM_HOOK(int, 0, binder_transfer_binder, const struct cred *from,
     const struct cred *to)
LSM_HOOK(int, 0, binder_transfer_file, const struct cred *from,
     const struct cred *to, struct file *file)
LSM_HOOK(int, 0, ptrace_access_check, struct task_struct *child,
     unsigned int mode)
LSM_HOOK(int, 0, ptrace_traceme, struct task_struct *parent)
LSM_HOOK(int, 0, capget, struct task_struct *target, kernel_cap_t *effective,
     kernel_cap_t *inheritable, kernel_cap_t *permitted)
LSM_HOOK(int, 0, capset, struct cred *new, const struct cred *old,
     const kernel_cap_t *effective, const kernel_cap_t *inheritable,
     const kernel_cap_t *permitted)
LSM_HOOK(int, 0, capable, const struct cred *cred, struct user_namespace *ns,
     int cap, unsigned int opts)

LSM_HOOK被定义为：

struct security_hook_heads {
    #define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME;
    #include "lsm_hook_defs.h"
    #undef LSM_HOOK
} __randomize_layout;

在这种情况下，除NAME以外的参数都会被丢弃。我很好奇为什么宏观扩张需要这么多像上面这样的论点。谢谢!

Answer 1

这是因为宏LSM_HOOK在不同的子系统或模块中有不同的实现，正如您可以看到的那样，在结构中，它在使用后立即对宏进行undef，因此在这个特定模块中，不需要和忽略其余的参数。但是让我们看看另一个模块，例如在bpf_lsm.h中，它定义LSM_HOOK如下：

#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
    RET bpf_lsm_##NAME(__VA_ARGS__);
#include <linux/lsm_hook_defs.h>
#undef LSM_HOOK

其中额外的参数被传递到bpf_lsm_...函数中。因此，这种宏提供了不同模块之间的可扩展性和灵活性。