Re: [Xen-devel] [PATCH 1/2] xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*

2018-08-17 Thread Daniel De Graaf 

On 06/26/2018 07:09 AM, Andrew Cooper wrote:

Flask is one single XSM module, and another is about to be introduced.
Properly namespace the symbols for clarity.

No functional change.

Signed-off-by: Andrew Cooper 


Acked-by: Daniel De Graaf 


___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH 1/2] xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*

2018-06-27 Thread Doug Goldstein 
On Tue, Jun 26, 2018 at 12:09:07PM +0100, Andrew Cooper wrote:
> Flask is one single XSM module, and another is about to be introduced.
> Properly namespace the symbols for clarity.
> 
> No functional change.
> 
> Signed-off-by: Andrew Cooper 

Reviewed-by: Doug Goldstein 

___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

[Xen-devel] [PATCH 1/2] xen/xsm: Rename CONFIG_FLASK_* to CONFIG_XSM_FLASK_*

2018-06-26 Thread Andrew Cooper 
Flask is one single XSM module, and another is about to be introduced.
Properly namespace the symbols for clarity.

No functional change.

Signed-off-by: Andrew Cooper 
---
CC: Daniel De Graaf 
CC: George Dunlap 
CC: Jan Beulich 
CC: Konrad Rzeszutek Wilk 
CC: Stefano Stabellini 
CC: Tim Deegan 
CC: Wei Liu 
CC: Sergey Dyasli 
CC: Xin Li 
CC: Ming Lu 
---
 xen/common/Kconfig  | 6 +++---
 xen/include/Makefile| 2 +-
 xen/include/xen/sched.h | 2 +-
 xen/include/xsm/xsm.h   | 4 ++--
 xen/xsm/Makefile| 2 +-
 xen/xsm/flask/avc.c | 4 ++--
 xen/xsm/flask/flask_op.c| 4 ++--
 xen/xsm/flask/include/avc.h | 2 +-
 8 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index 9043dce..0f15f72 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -103,7 +103,7 @@ config XSM
 
  If unsure, say N.
 
-config FLASK
+config XSM_FLASK
def_bool y
prompt "FLux Advanced Security Kernel support" if EXPERT = "y"
depends on XSM
@@ -116,10 +116,10 @@ config FLASK
 
  If unsure, say Y.
 
-config FLASK_AVC_STATS
+config XSM_FLASK_AVC_STATS
def_bool y
prompt "Maintain statistics on the FLASK access vector cache" if EXPERT 
= "y"
-   depends on FLASK
+   depends on XSM_FLASK
---help---
  Maintain counters on the access vector cache that can be viewed using
  the FLASK_AVC_CACHESTATS sub-op of the xsm_op hypercall.  Disabling
diff --git a/xen/include/Makefile b/xen/include/Makefile
index 8762ab3..417442a 100644
--- a/xen/include/Makefile
+++ b/xen/include/Makefile
@@ -30,7 +30,7 @@ headers-$(CONFIG_X86) += compat/hvm/dm_op.h
 headers-$(CONFIG_X86) += compat/hvm/hvm_op.h
 headers-$(CONFIG_X86) += compat/hvm/hvm_vcpu.h
 headers-y += compat/arch-$(compat-arch-y).h compat/pmu.h 
compat/xlat.h
-headers-$(CONFIG_FLASK)   += compat/xsm/flask_op.h
+headers-$(CONFIG_XSM_FLASK) += compat/xsm/flask_op.h
 
 cppflags-y:= -include public/xen-compat.h 
-DXEN_GENERATING_COMPAT_HEADERS
 cppflags-$(CONFIG_X86)+= -m32
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 99d2af2..1e1d600 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -122,7 +122,7 @@ struct evtchn
  */
 void *generic;
 #endif
-#ifdef CONFIG_FLASK
+#ifdef CONFIG_XSM_FLASK
 /*
  * Inlining the contents of the structure for FLASK avoids unneeded
  * allocations, and on 64-bit platforms with only FLASK enabled,
diff --git a/xen/include/xsm/xsm.h b/xen/include/xsm/xsm.h
index f0c6fc7..1be3d63 100644
--- a/xen/include/xsm/xsm.h
+++ b/xen/include/xsm/xsm.h
@@ -24,7 +24,7 @@ DEFINE_XEN_GUEST_HANDLE(xsm_op_t);
 /* policy magic number (defined by XSM_MAGIC) */
 typedef u32 xsm_magic_t;
 
-#ifdef CONFIG_FLASK
+#ifdef CONFIG_XSM_FLASK
 #define XSM_MAGIC 0xf97cff8c
 #else
 #define XSM_MAGIC 0x0
@@ -720,7 +720,7 @@ extern int register_xsm(struct xsm_operations *ops);
 extern struct xsm_operations dummy_xsm_ops;
 extern void xsm_fixup_ops(struct xsm_operations *ops);
 
-#ifdef CONFIG_FLASK
+#ifdef CONFIG_XSM_FLASK
 extern void flask_init(const void *policy_buffer, size_t policy_size);
 #else
 static inline void flask_init(const void *policy_buffer, size_t policy_size)
diff --git a/xen/xsm/Makefile b/xen/xsm/Makefile
index 3252c46..8bb4a24 100644
--- a/xen/xsm/Makefile
+++ b/xen/xsm/Makefile
@@ -2,4 +2,4 @@ obj-y += xsm_core.o
 obj-$(CONFIG_XSM) += xsm_policy.o
 obj-$(CONFIG_XSM) += dummy.o
 
-subdir-$(CONFIG_FLASK) += flask
+subdir-$(CONFIG_XSM_FLASK) += flask
diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c
index a3e6108..640c708 100644
--- a/xen/xsm/flask/avc.c
+++ b/xen/xsm/flask/avc.c
@@ -56,7 +56,7 @@ const struct selinux_class_perm selinux_class_perm = {
 #define AVC_DEF_CACHE_THRESHOLD512
 #define AVC_CACHE_RECLAIM16
 
-#ifdef CONFIG_FLASK_AVC_STATS
+#ifdef CONFIG_XSM_FLASK_AVC_STATS
 #define avc_cache_stats_incr(field) \
 do {\
 __get_cpu_var(avc_cache_stats).field++;\
@@ -89,7 +89,7 @@ struct avc_cache {
 /* Exported via Flask hypercall */
 unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD;
 
-#ifdef CONFIG_FLASK_AVC_STATS
+#ifdef CONFIG_XSM_FLASK_AVC_STATS
 DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
 #endif
 
diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
index 03baa28..1c4decc 100644
--- a/xen/xsm/flask/flask_op.c
+++ b/xen/xsm/flask/flask_op.c
@@ -425,7 +425,7 @@ static int flask_security_make_bools(void)
 return ret;
 }
 
-#ifdef CONFIG_FLASK_AVC_STATS
+#ifdef CONFIG_XSM_FLASK_AVC_STATS
 
 static int flask_security_avc_cachestats(struct xen_flask_cache_stats *arg)
 {
@@ -713,7 +713,7 @@ ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) 
u_flask_op)
 rv = avc_get_hash_stats(_stats);
 break;
 
-#ifdef CONFIG_FLASK_AVC_STATS
+#ifdef