xsm: move FLASK_AVC_STATS to Kconfig

author Doug Goldstein <cardoe@cardoe.com>

Wed, 16 Mar 2016 19:18:43 +0000 (14:18 -0500)

committer Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>

Fri, 25 Mar 2016 15:37:31 +0000 (11:37 -0400)
author Doug Goldstein <cardoe@cardoe.com>
Wed, 16 Mar 2016 19:18:43 +0000 (14:18 -0500)
committer Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Fri, 25 Mar 2016 15:37:31 +0000 (11:37 -0400)
diff --git a/xen/common/Kconfig b/xen/common/Kconfig

index 3522ecb8d683a1f6770201757f59e93f861463f6..ad9f7bfe5488a570ef1c4aacd54504b8e0092fa0 100644 (file)
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -23,6 +23,12 @@ config FLASK
  
           If unsure, say N.
  
+config FLASK_AVC_STATS
+       def_bool y
+       depends on FLASK
+       ---help---
+         Maintain statistics on the access vector cache
+
  # Select HAS_DEVICE_TREE if device tree is supported
  config HAS_DEVICE_TREE
         bool
diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h

index 3f8c53dd887edb940dd5b883d5f1fb2e1c71c6c5..ef6e5ee22b46d11095c7ad580f5511a2b5548468 100644 (file)
--- a/xen/include/xen/config.h
+++ b/xen/include/xen/config.h
@@ -78,11 +78,6 @@
  #define __STR(...) #__VA_ARGS__
  #define STR(...) __STR(__VA_ARGS__)
  
-#ifdef CONFIG_FLASK
-/* Maintain statistics on the access vector cache */
-#define FLASK_AVC_STATS 1
-#endif
-
  /* allow existing code to work with Kconfig variable */
  #define NR_CPUS CONFIG_NR_CPUS
  
diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c

index 31bc702da2b13528f1e076ad5e35f6e6443e7938..77643798af700b4d6cf87f7b0e457f05967bb0c7 100644 (file)
--- a/xen/xsm/flask/avc.c
+++ b/xen/xsm/flask/avc.c
@@ -56,7 +56,7 @@ const struct selinux_class_perm selinux_class_perm = {
  #define AVC_DEF_CACHE_THRESHOLD        512
  #define AVC_CACHE_RECLAIM        16
  
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
  #define avc_cache_stats_incr(field)                 \
  do {                                \
      __get_cpu_var(avc_cache_stats).field++;        \
@@ -101,7 +101,7 @@ struct avc_callback_node {
  /* Exported via Flask hypercall */
  unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD;
  
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
  DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
  #endif
  
diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c

index f4f5dd1e8ce71cec344790816e5cb0d31bd0027a..3c9c99ebacf763bd44cf61d0fb4ff4853303be1c 100644 (file)
--- a/xen/xsm/flask/flask_op.c
+++ b/xen/xsm/flask/flask_op.c
@@ -469,7 +469,7 @@ static int flask_security_make_bools(void)
      return ret;
  }
  
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
  
  static int flask_security_avc_cachestats(struct xen_flask_cache_stats *arg)
  {
@@ -761,7 +761,7 @@ ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op)
          rv = avc_get_hash_stats(&op.u.hash_stats);
          break;
  
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
      case FLASK_AVC_CACHESTATS:
          rv = flask_security_avc_cachestats(&op.u.cache_stats);
          break;
diff --git a/xen/xsm/flask/include/avc.h b/xen/xsm/flask/include/avc.h

index 42835620d607492fdb8ccfee6e07f6715abe530e..729856e0608cbdd9fcbc3b69c76197b061a9004c 100644 (file)
--- a/xen/xsm/flask/include/avc.h
+++ b/xen/xsm/flask/include/avc.h
@@ -108,7 +108,7 @@ struct xen_flask_hash_stats;
  int avc_get_hash_stats(struct xen_flask_hash_stats *arg);
  extern unsigned int avc_cache_threshold;
  
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
  DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
  #endif
author	Doug Goldstein <cardoe@cardoe.com>
	Wed, 16 Mar 2016 19:18:43 +0000 (14:18 -0500)
committer	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
	Fri, 25 Mar 2016 15:37:31 +0000 (11:37 -0400)
xen/common/Kconfig		patch \| blob \| history
xen/include/xen/config.h		patch \| blob \| history
xen/xsm/flask/avc.c		patch \| blob \| history
xen/xsm/flask/flask_op.c		patch \| blob \| history
xen/xsm/flask/include/avc.h		patch \| blob \| history