Clean up audit comments--formatting, spelling, etc.

svn path=/head/; revision=170196

sys/security/audit/audit.c

@@ -77,10 +77,9 @@ MALLOC_DEFINE(M_AUDITPATH, "audit_path", "Audit path storage");
 MALLOC_DEFINE(M_AUDITTEXT, "audit_text", "Audit text storage");
 
 /*
- * Audit control settings that are set/read by system calls and are
- * hence non-static.
- */
-/*
+ * Audit control settings that are set/read by system calls and are hence
+ * non-static.
+ *
  * Define the audit control flags.
  */
 int			audit_enabled;
@@ -117,12 +116,12 @@ struct au_mask		audit_nae_mask;
 struct mtx		audit_mtx;
 
 /*
- * Queue of audit records ready for delivery to disk.  We insert new
- * records at the tail, and remove records from the head.  Also,
- * a count of the number of records used for checking queue depth.
- * In addition, a counter of records that we have allocated but are
- * not yet in the queue, which is needed to estimate the total
- * size of the combined set of records outstanding in the system.
+ * Queue of audit records ready for delivery to disk.  We insert new records
+ * at the tail, and remove records from the head.  Also, a count of the
+ * number of records used for checking queue depth.  In addition, a counter
+ * of records that we have allocated but are not yet in the queue, which is
+ * needed to estimate the total size of the combined set of records
+ * outstanding in the system.
  */
 struct kaudit_queue	audit_q;
 int			audit_q_len;
@@ -134,9 +133,8 @@ int			audit_pre_q_len;
 struct au_qctrl		audit_qctrl;
 
 /*
- * Condition variable to signal to the worker that it has work to do:
- * either new records are in the queue, or a log replacement is taking
- * place.
+ * Condition variable to signal to the worker that it has work to do: either
+ * new records are in the queue, or a log replacement is taking place.
  */
 struct cv		audit_worker_cv;
 
@@ -149,8 +147,8 @@ struct cv		audit_watermark_cv;
 
 /*
  * Condition variable for  auditing threads wait on when in fail-stop mode.
- * Threads wait on this CV forever (and ever), never seeing the light of
- * day again.
+ * Threads wait on this CV forever (and ever), never seeing the light of day
+ * again.
  */
 static struct cv	audit_fail_cv;
 
@@ -185,7 +183,6 @@ audit_record_ctor(void *mem, int size, void *arg, int flags)
 	ar->k_ar.ar_subj_amask = td->td_proc->p_au->ai_mask;
 	ar->k_ar.ar_subj_term_addr = td->td_proc->p_au->ai_termid;
 	PROC_UNLOCK(td->td_proc);
-
 	return (0);
 }
 
@@ -229,7 +226,7 @@ audit_init(void)
 	audit_argv = 0;
 	audit_arge = 0;
 
-	audit_fstat.af_filesz = 0;	/* '0' means unset, unbounded */
+	audit_fstat.af_filesz = 0;	/* '0' means unset, unbounded. */
 	audit_fstat.af_currsz = 0;
 	audit_nae_mask.am_success = AU_NULL;
 	audit_nae_mask.am_failure = AU_NULL;
@@ -343,9 +340,8 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
 		return;
 
 	/*
-	 * Decide whether to commit the audit record by checking the
-	 * error value from the system call and using the appropriate
-	 * audit mask.
+	 * Decide whether to commit the audit record by checking the error
+	 * value from the system call and using the appropriate audit mask.
 	 *
 	 * XXXAUDIT: Synchronize access to audit_nae_mask?
 	 */
@@ -360,11 +356,11 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
 		sorf = AU_PRS_SUCCESS;
 
 	switch(ar->k_ar.ar_event) {
-
 	case AUE_OPEN_RWTC:
-		/* The open syscall always writes a AUE_OPEN_RWTC event; change
-		 * it to the proper type of event based on the flags and the
-		 * error value.
+		/*
+		 * The open syscall always writes a AUE_OPEN_RWTC event;
+		 * change it to the proper type of event based on the flags
+		 * and the error value.
 		 */
 		ar->k_ar.ar_event = flags_and_error_to_openevent(
 		    ar->k_ar.ar_arg_fflags, error);
@@ -404,8 +400,8 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
 	ar->k_ar.ar_retval = retval;
 
 	/*
-	 * We might want to do some system-wide post-filtering
-	 * here at some point.
+	 * We might want to do some system-wide post-filtering here at some
+	 * point.
 	 */
 
 	/*
@@ -413,12 +409,11 @@ audit_commit(struct kaudit_record *ar, int error, int retval)
 	 */
 	nanotime(&ar->k_ar.ar_endtime);
 
-	mtx_lock(&audit_mtx);
-
 	/*
 	 * Note: it could be that some records initiated while audit was
 	 * enabled should still be committed?
 	 */
+	mtx_lock(&audit_mtx);
 	if (audit_suspended || !audit_enabled) {
 		audit_pre_q_len--;
 		mtx_unlock(&audit_mtx);
@@ -482,8 +477,8 @@ audit_syscall_enter(unsigned short code, struct thread *td)
 		aumask = &td->td_proc->p_au->ai_mask;
 
 	/*
-	 * Allocate an audit record, if preselection allows it, and store
-	 * in the thread for later use.
+	 * Allocate an audit record, if preselection allows it, and store in
+	 * the thread for later use.
 	 */
 	class = au_event_class(event);
 	if (au_preselect(event, class, aumask, AU_PRS_BOTH)) {
@@ -522,12 +517,11 @@ audit_syscall_exit(int error, struct thread *td)
 	int retval;
 
 	/*
-	 * Commit the audit record as desired; once we pass the record
-	 * into audit_commit(), the memory is owned by the audit
-	 * subsystem.
-	 * The return value from the system call is stored on the user
-	 * thread. If there was an error, the return value is set to -1,
-	 * imitating the behavior of the cerror routine.
+	 * Commit the audit record as desired; once we pass the record into
+	 * audit_commit(), the memory is owned by the audit subsystem.  The
+	 * return value from the system call is stored on the user thread.
+	 * If there was an error, the return value is set to -1, imitating
+	 * the behavior of the cerror routine.
 	 */
 	if (error)
 		retval = -1;
@@ -583,6 +577,7 @@ audit_proc_kproc0(struct proc *p)
 
 	KASSERT(p->p_au != NULL, ("audit_proc_kproc0: p->p_au == NULL (%d)",
 	    p->p_pid));
+
 	bzero(p->p_au, sizeof(*(p)->p_au));
 }
 
@@ -592,13 +587,14 @@ audit_proc_init(struct proc *p)
 
 	KASSERT(p->p_au != NULL, ("audit_proc_init: p->p_au == NULL (%d)",
 	    p->p_pid));
+
 	bzero(p->p_au, sizeof(*(p)->p_au));
 	p->p_au->ai_auid = AU_DEFAUDITID;
 }
 
 /*
- * Copy the audit info from the parent process to the child process when
- * a fork takes place.
+ * Copy the audit info from the parent process to the child process when a
+ * fork takes place.
  */
 void
 audit_proc_fork(struct proc *parent, struct proc *child)
@@ -610,6 +606,7 @@ audit_proc_fork(struct proc *parent, struct proc *child)
 	    ("audit_proc_fork: parent->p_au == NULL (%d)", parent->p_pid));
 	KASSERT(child->p_au != NULL,
 	    ("audit_proc_fork: child->p_au == NULL (%d)", child->p_pid));
+
 	bcopy(parent->p_au, child->p_au, sizeof(*child->p_au));
 }
 
@@ -621,6 +618,7 @@ audit_proc_free(struct proc *p)
 {
 
 	KASSERT(p->p_au != NULL, ("p->p_au == NULL (%d)", p->p_pid));
+
 	free(p->p_au, M_AUDITPROC);
 	p->p_au = NULL;
 }

sys/security/audit/audit.h

@@ -48,10 +48,10 @@
 
 /*
  * Audit subsystem condition flags.  The audit_enabled flag is set and
- * removed automatically as a result of configuring log files, and
- * can be observed but should not be directly manipulated.  The audit
- * suspension flag permits audit to be temporarily disabled without
- * reconfiguring the audit target.
+ * removed automatically as a result of configuring log files, and can be
+ * observed but should not be directly manipulated.  The audit suspension
+ * flag permits audit to be temporarily disabled without reconfiguring the
+ * audit target.
  */
 extern int	audit_enabled;
 extern int	audit_suspended;
@@ -121,9 +121,9 @@ void	 audit_syscall_enter(unsigned short code, struct thread *td);
 void	 audit_syscall_exit(int error, struct thread *td);
 
 /*
- * The remaining kernel functions are conditionally compiled in as they
- * are wrapped by a macro, and the macro should be the only place in
- * the source tree where these functions are referenced.
+ * The remaining kernel functions are conditionally compiled in as they are
+ * wrapped by a macro, and the macro should be the only place in the source
+ * tree where these functions are referenced.
  */
 #ifdef AUDIT
 struct ipc_perm;
@@ -196,7 +196,7 @@ void	 audit_thread_free(struct thread *td);
 
 /*
  * Wrap the audit_syscall_exit() function so that it is called only when
- * auditing is enabled, or we have a audit record on the thread. It is
+ * auditing is enabled, or we have a audit record on the thread.  It is
  * possible that an audit record was begun before auditing was turned off.
  */
 #define	AUDIT_SYSCALL_EXIT(error, td)	do {				\

sys/security/audit/audit_arg.c

@@ -51,11 +51,10 @@
 
 /*
  * Calls to manipulate elements of the audit record structure from system
- * call code.  Macro wrappers will prevent this functions from being
- * entered if auditing is disabled, avoiding the function call cost.  We
- * check the thread audit record pointer anyway, as the audit condition
- * could change, and pre-selection may not have allocated an audit
- * record for this event.
+ * call code.  Macro wrappers will prevent this functions from being entered
+ * if auditing is disabled, avoiding the function call cost.  We check the
+ * thread audit record pointer anyway, as the audit condition could change,
+ * and pre-selection may not have allocated an audit record for this event.
  *
  * XXXAUDIT: Should we assert, in each case, that this field of the record
  * hasn't already been filled in?
@@ -693,11 +692,13 @@ audit_arg_upath(struct thread *td, char *upath, u_int64_t flag)
  * It is assumed that the caller will hold any vnode locks necessary to
  * perform a VOP_GETATTR() on the passed vnode.
  *
- * XXX: The attr code is very similar to vfs_vnops.c:vn_stat(), but
- * always provides access to the generation number as we need that
- * to construct the BSM file ID.
- * XXX: We should accept the process argument from the caller, since
- * it's very likely they already have a reference.
+ * XXX: The attr code is very similar to vfs_vnops.c:vn_stat(), but always
+ * provides access to the generation number as we need that to construct the
+ * BSM file ID.
+ *
+ * XXX: We should accept the process argument from the caller, since it's
+ * very likely they already have a reference.
+ *
  * XXX: Error handling in this function is poor.
  *
  * XXXAUDIT: Possibly KASSERT the path pointer is NULL?

sys/security/audit/audit_bsm.c

@@ -119,7 +119,7 @@ kau_close(struct au_record *rec, struct timespec *ctime, short event)
 
 	tot_rec_size = rec->len + AUDIT_HEADER_SIZE + AUDIT_TRAILER_SIZE;
 	rec->data = malloc(tot_rec_size, M_AUDITBSM, M_WAITOK | M_ZERO);
-	/* Create the header token */
+
 	tm.tv_usec = ctime->tv_nsec / 1000;
 	tm.tv_sec = ctime->tv_sec;
 	hdr = au_to_header32_tm(tot_rec_size, event, 0, tm);
@@ -128,7 +128,6 @@ kau_close(struct au_record *rec, struct timespec *ctime, short event)
 	trail = au_to_trailer(tot_rec_size);
 	TAILQ_INSERT_TAIL(&rec->token_q, trail, tokens);
 
-	/* Serialize token data to the record. */
 	rec->len = tot_rec_size;
 	dptr = rec->data;
 	TAILQ_FOREACH(cur, &rec->token_q, tokens) {
@@ -160,7 +159,7 @@ kau_free(struct au_record *rec)
 }
 
 /*
- * XXX May want turn some (or all) of these macros into functions in order
+ * XXX: May want turn some (or all) of these macros into functions in order
  * to reduce the generated code sized.
  *
  * XXXAUDIT: These macros assume that 'kar', 'ar', 'rec', and 'tok' in the

sys/security/audit/audit_bsm_klib.c

@@ -311,9 +311,9 @@ flags_and_error_to_openevent(int oflags, int error)
 
 #if 0
 	/*
-	 * Convert chatty errors to better matching events.
-	 * Failures to find a file are really just attribute
-	 * events - so recast them as such.
+	 * Convert chatty errors to better matching events.  Failures to
+	 * find a file are really just attribute events -- so recast them as
+	 * such.
 	 *
 	 * XXXAUDIT: Solaris defines that AUE_OPEN will never be returned, it
 	 * is just a placeholder.  However, in Darwin we return that in
@@ -352,7 +352,7 @@ msgctl_to_event(int cmd)
 		return (AUE_MSGCTL_STAT);
 
 	default:
-		/* We will audit a bad command */
+		/* We will audit a bad command. */
 		return (AUE_MSGCTL);
 	}
 }
@@ -472,7 +472,7 @@ auditon_command_event(int cmd)
 /*
  * Create a canonical path from given path by prefixing either the root
  * directory, or the current working directory.  If the process working
- * directory is NULL, we could use 'rootvnode' to obtain the root directoty,
+ * directory is NULL, we could use 'rootvnode' to obtain the root directory,
  * but this results in a volfs name written to the audit log. So we will
  * leave the filename starting with '/' in the audit log in this case.
  *
@@ -542,7 +542,6 @@ canon_path(struct thread *td, char *path, char *cpath)
 			cpath[0] = '\0';
 		vput(vnp);
 		VFS_UNLOCK_GIANT(vfslocked);
-	} else {
+	} else
 		strlcpy(cpath, bufp, MAXPATHLEN);
-	}
 }

sys/security/audit/audit_pipe.c

@@ -328,7 +328,7 @@ audit_pipe_preselect_flush(struct audit_pipe *ap)
 	mtx_unlock(&audit_pipe_mtx);
 }
 
-/*
+/*-
  * Determine whether a specific audit pipe matches a record with these
  * properties.  Algorithm is as follows:
  *

sys/security/audit/audit_private.h

@@ -291,7 +291,7 @@ extern int			audit_in_failure;
 /*
  * Some of the BSM tokenizer functions take different parameters in the
  * kernel implementations in order to save the copying of large kernel data
- * structures. The prototypes of these functions are declared here.
+ * structures.  The prototypes of these functions are declared here.
  */
 token_t		*kau_to_socket(struct socket_au_info *soi);
 

sys/security/audit/audit_worker.c

@@ -338,12 +338,11 @@ audit_worker_rotate(struct ucred **audit_credp, struct vnode **audit_vpp,
 	}
 
 	/*
-	 * Signal that replacement have occurred to wake up and
-	 * start any other replacements started in parallel.  We can
-	 * continue about our business in the mean time.  We
-	 * broadcast so that both new replacements can be inserted,
-	 * but also so that the source(s) of replacement can return
-	 * successfully.
+	 * Signal that replacement have occurred to wake up and start any
+	 * other replacements started in parallel.  We can continue about our
+	 * business in the mean time.  We broadcast so that both new
+	 * replacements can be inserted, but also so that the source(s) of
+	 * replacement can return successfully.
 	 */
 	if (do_replacement_signal)
 		cv_broadcast(&audit_replacement_cv);