Update a number of comments:

- Replace XXX with Note: in several cases where observations are made about
  future functionality rather than problems or bugs.

- Remove an XXX comment about byte order and au_to_ip() -- IP headers must
  be submitted in network byte order.  Add a comment to this effect.

- Mention that we don't implement select/poll for /dev/audit.

Obtained from:	TrustedBSD Project
This commit is contained in:
Robert Watson 2006-12-28 22:18:43 +00:00
parent bd8a9c45aa
commit 1afabae4db
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=165604
4 changed files with 22 additions and 23 deletions

View File

@ -312,9 +312,9 @@ audit_new(int event, struct thread *td)
return (NULL);
/*
* XXX: The number of outstanding uncommitted audit records is
* limited to the number of concurrent threads servicing system
* calls in the kernel.
* Note: the number of outstanding uncommitted audit records is
* limited to the number of concurrent threads servicing system calls
* in the kernel.
*/
ar = uma_zalloc_arg(audit_record_zone, td, M_WAITOK);
ar->k_ar.ar_event = event;
@ -503,7 +503,7 @@ audit_syscall_enter(unsigned short code, struct thread *td)
* processes, do that here rather than trying to allocate
* another audit record.
*
* XXXRW: We might wish to be able to continue here in the
* Note: we might wish to be able to continue here in the
* future, if the system recovers. That should be possible
* by means of checking the condition in a loop around
* cv_wait(). It might be desirable to reevaluate whether an

View File

@ -338,6 +338,8 @@ au_to_in_addr_ex(struct in6_addr *internet_addr)
/*
* token ID 1 byte
* ip header 20 bytes
*
* The IP header should be submitted in network byte order.
*/
token_t *
au_to_ip(struct ip *ip)
@ -348,9 +350,6 @@ au_to_ip(struct ip *ip)
GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(struct ip));
ADD_U_CHAR(dptr, AUT_IP);
/*
* XXXRW: Any byte order work needed on the IP header before writing?
*/
ADD_MEM(dptr, ip, sizeof(struct ip));
return (t);

View File

@ -42,12 +42,17 @@
/*
* Structures and operations to support the basic character special device
* used to communicate with userland.
* used to communicate with userland. /dev/audit reliably delivers one-byte
* messages to a listening application (or discards them if there is no
* listening application).
*
* Currently, select/poll are not supported on the trigger device.
*/
struct trigger_info {
unsigned int trigger;
TAILQ_ENTRY(trigger_info) list;
};
static MALLOC_DEFINE(M_AUDITTRIGGER, "audit_trigger", "Audit trigger events");
static struct cdev *audit_dev;
static int audit_isopen = 0;
@ -132,7 +137,7 @@ send_trigger(unsigned int trigger)
return (ENODEV);
/*
* XXXAUDIT: Use a condition variable instead of msleep/wakeup?
* Note: Use a condition variable instead of msleep/wakeup?
*/
ti = malloc(sizeof *ti, M_AUDITTRIGGER, M_WAITOK);
mtx_lock(&audit_trigger_mtx);

View File

@ -226,7 +226,7 @@ audit_record_write(struct vnode *vp, struct ucred *cred, struct thread *td,
audit_in_failure = 1;
} else if (audit_in_failure) {
/*
* XXXRW: If we want to handle recovery, this is the
* Note: if we want to handle recovery, this is the
* spot to do it: unset audit_in_failure, and issue a
* wakeup on the cv.
*/
@ -246,8 +246,8 @@ audit_record_write(struct vnode *vp, struct ucred *cred, struct thread *td,
* true, since audit_in_failure can only be set of audit_fail_stop is
* set.
*
* XXXRW: If we handle recovery from audit_in_failure, then we need
* to make panic here conditional.
* Note: if we handle recovery from audit_in_failure, then we need to
* make panic here conditional.
*/
if (audit_in_failure) {
if (audit_q_len == 0 && audit_pre_q_len == 0) {
@ -297,9 +297,9 @@ audit_record_write(struct vnode *vp, struct ucred *cred, struct thread *td,
* the global replacement variables. Signal consumers as needed that the
* rotation has taken place.
*
* XXXRW: The global variables and CVs used to signal the audit_worker to
* perform a rotation are essentially a message queue of depth 1. It would
* be much nicer to actually use a message queue.
* The global variables and CVs used to signal the audit_worker to perform a
* rotation are essentially a message queue of depth 1. It would be much
* nicer to actually use a message queue.
*/
static void
audit_worker_rotate(struct ucred **audit_credp, struct vnode **audit_vpp,
@ -323,9 +323,6 @@ audit_worker_rotate(struct ucred **audit_credp, struct vnode **audit_vpp,
audit_enabled = (*audit_vpp != NULL);
/*
* XXX: What to do about write failures here?
*/
if (old_vp != NULL) {
AUDIT_PRINTF(("Closing old audit file\n"));
mtx_unlock(&audit_mtx);
@ -520,11 +517,9 @@ audit_worker(void *arg)
* this call, so the caller should not release either.
*
* XXXAUDIT: Review synchronize communication logic. Really, this is a
* message queue of depth 1.
*
* XXXAUDIT: Enhance the comments below to indicate that we are basically
* acquiring ownership of the communications queue, inserting our message,
* and waiting for an acknowledgement.
* message queue of depth 1. We are essentially acquiring ownership of the
* communications queue, inserting our message, and waiting for an
* acknowledgement.
*/
void
audit_rotate_vnode(struct ucred *cred, struct vnode *vp)