This may be a bit of an elementary question, but is this line expressing that audit_dtrace.c is compiled when either or both dtaudit and audit are set? Will this correspond to an option called DTAUDIT alongside AUDIT from sys/conf/options? If so, should there be entries in sys/conf/NOTES and sys/conf/options as well?

Is the | dtraceall [...] part of the line declaring a dependency? Sorry again for a very basic question, but I haven't yet managed to find the documentation for this file's syntax (it's not in config(5) or config(8)).

And 2017 at all?

I don't believe that the name ene has been used in this function: should the comment refer to dtaudit_state instead?

allocated -> allocate?

Ditto re: ene... perhaps referencing evname_elem would make sense here?

Is evname_elem likely to grow a reference count in the future? If so, might it make sense to introduce an EVNAME_PUT that #ifdefs away to nothing for now but will help prevent future foot-shooting? Perhaps not...

Surely someone will rant about two (TWO!) blank lines here. :)

It seems perhaps a bit early for DTRACE_STABILITY_STABLE... would DTRACE_STABILITY_EVOLVING or even DTRACE_STABILITY_UNSTABLE make sense?

I suppose a DTrace script might want to inspect the commit flags? What's the cost of doing the pointer indirection in DTrace instead of this C code?

Also, what is a struct uthread? I don't see it anywhere under sys or include...

I've never really understood this syntax, and lifted it from other DTrace parts. There likely should be a NOTES entry. I'm not sure an options entry is required, as one appears not to be present for dtnfscl? If someone has a specific suggestion on how to improve the above I'm happy to do so -- but also find it quite opaque.

This code was written and distributed via GitHub in 2016, hence the date. If I make substantive changes (e.g., during review) I will be sure to update it :-).

This reflects some evolution of the code towards trying to hide dtaudit details from the audit framework here. I'll update the comment.

Will fix, thanks!

I think it will, but I'm not quite sure how soon. I'm not sure I want to put in placeholders though, as they will probably prove to be incorrect. But keeping the comment here to warn future comers is definitely useful.

Surely me if it were anyone else's patch :-).

Will fix, thanks!

Will fix, thanks!

This was lifted from existing DTrace code style elsewhere -- but more than happy to upgrade.

Nice catch -- this is a long-present "hanger on" from XNU, where there's a struct uthread. I'll fix this in a separate commit, however, so as not to entangle it with dtaudit.

Indeed -- will fix!

Will fix, thanks.

Left over from a prior iteration when I exposed that k_dtaudit_state was of a specific type; will fix.

For whatever reason, it looks like DTrace modules generally don't appear in NOTES -- hence my not adding it after grepping around for things that modules normally do. This probably ought to be fixed more generally, but perhaps as a separate commit?

Unfortunately, I now remember why these can't be const: dtrace_probe_lookup() takes a non-const string argument for the probe name:

/usr/home/robert/freebsd/svncommit/base/head/sys/security/audit/audit_dtrace.c:380:39: error: 
      passing 'const char *' to parameter of type 'char *' discards qualifiers
      [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
            (dtrace_probe_lookup(dtaudit_id, dtaudit_module_str,
                                             ^~~~~~~~~~~~~~~~~~
/usr/home/robert/freebsd/svncommit/base/head/sys/cddl/contrib/opensolaris/uts/common/sys/dtrace.h:2151:68: note: 
      passing argument to parameter here
extern dtrace_id_t dtrace_probe_lookup(dtrace_provider_id_t, char *,
                                                                   ^

This is worth fixing .. but in a separate commit.

This unfortunately proves to be a bad idea, as marking a probe as unstable leads to it being unusable via default DTrace command-line incantations:

robert@lemongrass-freebsd64:~/cadets/freebsd> sudo dtrace -n 'audit:::commit { trace(args[0]); }'
dtrace: invalid probe specifier audit:::commit { trace(args[0]); }: in action list: args[ ] may not be referenced because probe description audit:::commit matches an unstable set of probes

I will revert the change in an updated patch.