Update a number of comments:

- Replace XXX with Note: in several cases where observations are made about
  future functionality rather than problems or bugs.

- Remove an XXX comment about byte order and au_to_ip() -- IP headers must
  be submitted in network byte order.  Add a comment to this effect.

- Mention that we don't implement select/poll for /dev/audit.

Obtained from:	TrustedBSD Project

4 files changed, 22 insertions, 23 deletions

diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c
index c8121a0..698ca81 100644
--- a/sys/security/audit/audit.c
+++ b/sys/security/audit/audit.c
@@ -312,9 +312,9 @@ audit_new(int event, struct thread *td)
 		return (NULL);
 
 	/*
-	 * XXX: The number of outstanding uncommitted audit records is
-	 * limited to the number of concurrent threads servicing system
-	 * calls in the kernel.
+	 * Note: the number of outstanding uncommitted audit records is
+	 * limited to the number of concurrent threads servicing system calls
+	 * in the kernel.
 	 */
 	ar = uma_zalloc_arg(audit_record_zone, td, M_WAITOK);
 	ar->k_ar.ar_event = event;
@@ -503,7 +503,7 @@ audit_syscall_enter(unsigned short code, struct thread *td)
 		 * processes, do that here rather than trying to allocate
 		 * another audit record.
 		 *
-		 * XXXRW: We might wish to be able to continue here in the
+		 * Note: we might wish to be able to continue here in the
 		 * future, if the system recovers.  That should be possible
 		 * by means of checking the condition in a loop around
 		 * cv_wait().  It might be desirable to reevaluate whether an
diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c
index ca19a2b..d5af2df 100644
--- a/sys/security/audit/audit_bsm_token.c
+++ b/sys/security/audit/audit_bsm_token.c
@@ -338,6 +338,8 @@ au_to_in_addr_ex(struct in6_addr *internet_addr)
 /*
  * token ID                1 byte
  * ip header		   20 bytes
+ *
+ * The IP header should be submitted in network byte order.
  */
 token_t *
 au_to_ip(struct ip *ip)
@@ -348,9 +350,6 @@ au_to_ip(struct ip *ip)
 	GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(struct ip));
 
 	ADD_U_CHAR(dptr, AUT_IP);
-	/*
-	 * XXXRW: Any byte order work needed on the IP header before writing?
-	 */
 	ADD_MEM(dptr, ip, sizeof(struct ip));
 
 	return (t);
diff --git a/sys/security/audit/audit_trigger.c b/sys/security/audit/audit_trigger.c
index 52f67cd..c3f47b7 100644
--- a/sys/security/audit/audit_trigger.c
+++ b/sys/security/audit/audit_trigger.c
@@ -42,12 +42,17 @@
 
 /*
  * Structures and operations to support the basic character special device
- * used to communicate with userland.
+ * used to communicate with userland.  /dev/audit reliably delivers one-byte
+ * messages to a listening application (or discards them if there is no
+ * listening application).
+ *
+ * Currently, select/poll are not supported on the trigger device.
  */
 struct trigger_info {
 	unsigned int			trigger;
 	TAILQ_ENTRY(trigger_info)	list;
 };
+
 static MALLOC_DEFINE(M_AUDITTRIGGER, "audit_trigger", "Audit trigger events");
 static struct cdev *audit_dev;
 static int audit_isopen = 0;
@@ -132,7 +137,7 @@ send_trigger(unsigned int trigger)
 		return (ENODEV);
 
 	/*
-	 * XXXAUDIT: Use a condition variable instead of msleep/wakeup?
+	 * Note: Use a condition variable instead of msleep/wakeup?
 	 */
 	ti = malloc(sizeof *ti, M_AUDITTRIGGER, M_WAITOK);
 	mtx_lock(&audit_trigger_mtx);
diff --git a/sys/security/audit/audit_worker.c b/sys/security/audit/audit_worker.c
index 18f76fd..73ae66a 100644
--- a/sys/security/audit/audit_worker.c
+++ b/sys/security/audit/audit_worker.c
@@ -226,7 +226,7 @@ audit_record_write(struct vnode *vp, struct ucred *cred, struct thread *td,
 			audit_in_failure = 1;
 		} else if (audit_in_failure) {
 			/*
-			 * XXXRW: If we want to handle recovery, this is the
+			 * Note: if we want to handle recovery, this is the
 			 * spot to do it: unset audit_in_failure, and issue a
 			 * wakeup on the cv.
 			 */
@@ -246,8 +246,8 @@ audit_record_write(struct vnode *vp, struct ucred *cred, struct thread *td,
 	 * true, since audit_in_failure can only be set of audit_fail_stop is
 	 * set.
 	 *
-	 * XXXRW: If we handle recovery from audit_in_failure, then we need
-	 * to make panic here conditional.
+	 * Note: if we handle recovery from audit_in_failure, then we need to
+	 * make panic here conditional.
 	 */
 	if (audit_in_failure) {
 		if (audit_q_len == 0 && audit_pre_q_len == 0) {
@@ -297,9 +297,9 @@ fail:
  * the global replacement variables.  Signal consumers as needed that the
  * rotation has taken place.
  *
- * XXXRW: The global variables and CVs used to signal the audit_worker to
- * perform a rotation are essentially a message queue of depth 1.  It would
- * be much nicer to actually use a message queue.
+ * The global variables and CVs used to signal the audit_worker to perform a
+ * rotation are essentially a message queue of depth 1.  It would be much
+ * nicer to actually use a message queue.
  */
 static void
 audit_worker_rotate(struct ucred **audit_credp, struct vnode **audit_vpp,
@@ -323,9 +323,6 @@ audit_worker_rotate(struct ucred **audit_credp, struct vnode **audit_vpp,
 
 		audit_enabled = (*audit_vpp != NULL);
 
-		/*
-		 * XXX: What to do about write failures here?
-		 */
 		if (old_vp != NULL) {
 			AUDIT_PRINTF(("Closing old audit file\n"));
 			mtx_unlock(&audit_mtx);
@@ -520,11 +517,9 @@ audit_worker(void *arg)
  * this call, so the caller should not release either.
  *
  * XXXAUDIT: Review synchronize communication logic.  Really, this is a
- * message queue of depth 1.
- *
- * XXXAUDIT: Enhance the comments below to indicate that we are basically
- * acquiring ownership of the communications queue, inserting our message,
- * and waiting for an acknowledgement.
+ * message queue of depth 1.  We are essentially acquiring ownership of the
+ * communications queue, inserting our message, and waiting for an
+ * acknowledgement.
  */
 void
 audit_rotate_vnode(struct ucred *cred, struct vnode *vp)