diff options
Diffstat (limited to 'sys/security/audit')
-rw-r--r-- | sys/security/audit/audit.c | 8 | ||||
-rw-r--r-- | sys/security/audit/audit_bsm_token.c | 5 | ||||
-rw-r--r-- | sys/security/audit/audit_trigger.c | 9 | ||||
-rw-r--r-- | sys/security/audit/audit_worker.c | 23 |
4 files changed, 22 insertions, 23 deletions
diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c index c8121a0..698ca81 100644 --- a/sys/security/audit/audit.c +++ b/sys/security/audit/audit.c @@ -312,9 +312,9 @@ audit_new(int event, struct thread *td) return (NULL); /* - * XXX: The number of outstanding uncommitted audit records is - * limited to the number of concurrent threads servicing system - * calls in the kernel. + * Note: the number of outstanding uncommitted audit records is + * limited to the number of concurrent threads servicing system calls + * in the kernel. */ ar = uma_zalloc_arg(audit_record_zone, td, M_WAITOK); ar->k_ar.ar_event = event; @@ -503,7 +503,7 @@ audit_syscall_enter(unsigned short code, struct thread *td) * processes, do that here rather than trying to allocate * another audit record. * - * XXXRW: We might wish to be able to continue here in the + * Note: we might wish to be able to continue here in the * future, if the system recovers. That should be possible * by means of checking the condition in a loop around * cv_wait(). It might be desirable to reevaluate whether an diff --git a/sys/security/audit/audit_bsm_token.c b/sys/security/audit/audit_bsm_token.c index ca19a2b..d5af2df 100644 --- a/sys/security/audit/audit_bsm_token.c +++ b/sys/security/audit/audit_bsm_token.c @@ -338,6 +338,8 @@ au_to_in_addr_ex(struct in6_addr *internet_addr) /* * token ID 1 byte * ip header 20 bytes + * + * The IP header should be submitted in network byte order. */ token_t * au_to_ip(struct ip *ip) @@ -348,9 +350,6 @@ au_to_ip(struct ip *ip) GET_TOKEN_AREA(t, dptr, sizeof(u_char) + sizeof(struct ip)); ADD_U_CHAR(dptr, AUT_IP); - /* - * XXXRW: Any byte order work needed on the IP header before writing? - */ ADD_MEM(dptr, ip, sizeof(struct ip)); return (t); diff --git a/sys/security/audit/audit_trigger.c b/sys/security/audit/audit_trigger.c index 52f67cd..c3f47b7 100644 --- a/sys/security/audit/audit_trigger.c +++ b/sys/security/audit/audit_trigger.c @@ -42,12 +42,17 @@ /* * Structures and operations to support the basic character special device - * used to communicate with userland. + * used to communicate with userland. /dev/audit reliably delivers one-byte + * messages to a listening application (or discards them if there is no + * listening application). + * + * Currently, select/poll are not supported on the trigger device. */ struct trigger_info { unsigned int trigger; TAILQ_ENTRY(trigger_info) list; }; + static MALLOC_DEFINE(M_AUDITTRIGGER, "audit_trigger", "Audit trigger events"); static struct cdev *audit_dev; static int audit_isopen = 0; @@ -132,7 +137,7 @@ send_trigger(unsigned int trigger) return (ENODEV); /* - * XXXAUDIT: Use a condition variable instead of msleep/wakeup? + * Note: Use a condition variable instead of msleep/wakeup? */ ti = malloc(sizeof *ti, M_AUDITTRIGGER, M_WAITOK); mtx_lock(&audit_trigger_mtx); diff --git a/sys/security/audit/audit_worker.c b/sys/security/audit/audit_worker.c index 18f76fd..73ae66a 100644 --- a/sys/security/audit/audit_worker.c +++ b/sys/security/audit/audit_worker.c @@ -226,7 +226,7 @@ audit_record_write(struct vnode *vp, struct ucred *cred, struct thread *td, audit_in_failure = 1; } else if (audit_in_failure) { /* - * XXXRW: If we want to handle recovery, this is the + * Note: if we want to handle recovery, this is the * spot to do it: unset audit_in_failure, and issue a * wakeup on the cv. */ @@ -246,8 +246,8 @@ audit_record_write(struct vnode *vp, struct ucred *cred, struct thread *td, * true, since audit_in_failure can only be set of audit_fail_stop is * set. * - * XXXRW: If we handle recovery from audit_in_failure, then we need - * to make panic here conditional. + * Note: if we handle recovery from audit_in_failure, then we need to + * make panic here conditional. */ if (audit_in_failure) { if (audit_q_len == 0 && audit_pre_q_len == 0) { @@ -297,9 +297,9 @@ fail: * the global replacement variables. Signal consumers as needed that the * rotation has taken place. * - * XXXRW: The global variables and CVs used to signal the audit_worker to - * perform a rotation are essentially a message queue of depth 1. It would - * be much nicer to actually use a message queue. + * The global variables and CVs used to signal the audit_worker to perform a + * rotation are essentially a message queue of depth 1. It would be much + * nicer to actually use a message queue. */ static void audit_worker_rotate(struct ucred **audit_credp, struct vnode **audit_vpp, @@ -323,9 +323,6 @@ audit_worker_rotate(struct ucred **audit_credp, struct vnode **audit_vpp, audit_enabled = (*audit_vpp != NULL); - /* - * XXX: What to do about write failures here? - */ if (old_vp != NULL) { AUDIT_PRINTF(("Closing old audit file\n")); mtx_unlock(&audit_mtx); @@ -520,11 +517,9 @@ audit_worker(void *arg) * this call, so the caller should not release either. * * XXXAUDIT: Review synchronize communication logic. Really, this is a - * message queue of depth 1. - * - * XXXAUDIT: Enhance the comments below to indicate that we are basically - * acquiring ownership of the communications queue, inserting our message, - * and waiting for an acknowledgement. + * message queue of depth 1. We are essentially acquiring ownership of the + * communications queue, inserting our message, and waiting for an + * acknowledgement. */ void audit_rotate_vnode(struct ucred *cred, struct vnode *vp) |