drivers/tty/tty_audit.c
Source file repositories/reference/linux-study-clean/drivers/tty/tty_audit.c
File Facts
- System
- Linux kernel
- Corpus path
drivers/tty/tty_audit.c- Extension
.c- Size
- 5645 bytes
- Lines
- 252
- Domain
- Driver Families
- Bucket
- drivers/tty
- Inferred role
- Driver Families: implementation source
- Status
- source implementation candidate
Why This File Exists
Repeatable hardware-adapter layer. Deep compatibility for every driver is out of scope; this atlas records patterns, probe lifecycles, bus glue, IRQ/DMA usage, and links back to core abstractions.
- Repeatable hardware-adapter layer. Deep compatibility for every driver is out of scope; this atlas records patterns, probe lifecycles, bus glue, IRQ/DMA usage, and links back to core abstractions.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/audit.hlinux/slab.hlinux/tty.htty.h
Detected Declarations
struct tty_audit_buffunction tty_audit_buf_freefunction tty_audit_logfunction tty_audit_buf_pushfunction tty_audit_exitfunction tty_audit_forkfunction tty_audit_tiocstifunction tty_audit_pushfunction ERR_PTRfunction tty_audit_add_data
Annotated Snippet
struct tty_audit_buf {
struct mutex mutex; /* Protects all data below */
dev_t dev; /* The TTY which the data is from */
bool icanon;
size_t valid;
u8 *data; /* Allocated size TTY_AUDIT_BUF_SIZE */
};
static struct tty_audit_buf *tty_audit_buf_ref(void)
{
struct tty_audit_buf *buf;
buf = current->signal->tty_audit_buf;
WARN_ON(buf == ERR_PTR(-ESRCH));
return buf;
}
static struct tty_audit_buf *tty_audit_buf_alloc(void)
{
struct tty_audit_buf *buf;
buf = kzalloc_obj(*buf);
if (!buf)
goto err;
buf->data = kmalloc(TTY_AUDIT_BUF_SIZE, GFP_KERNEL);
if (!buf->data)
goto err_buf;
mutex_init(&buf->mutex);
return buf;
err_buf:
kfree(buf);
err:
return NULL;
}
static void tty_audit_buf_free(struct tty_audit_buf *buf)
{
WARN_ON(buf->valid != 0);
kfree(buf->data);
kfree(buf);
}
static void tty_audit_log(const char *description, dev_t dev,
const u8 *data, size_t size)
{
struct audit_buffer *ab;
pid_t pid = task_pid_nr(current);
uid_t uid = from_kuid(&init_user_ns, task_uid(current));
uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(current));
unsigned int sessionid = audit_get_sessionid(current);
char name[TASK_COMM_LEN];
ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_TTY);
if (!ab)
return;
audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u major=%d minor=%d comm=",
description, pid, uid, loginuid, sessionid,
MAJOR(dev), MINOR(dev));
get_task_comm(name, current);
audit_log_untrustedstring(ab, name);
audit_log_format(ab, " data=");
audit_log_n_hex(ab, data, size);
audit_log_end(ab);
}
/*
* tty_audit_buf_push - Push buffered data out
*
* Generate an audit message from the contents of @buf, which is owned by
* the current task. @buf->mutex must be locked.
*/
static void tty_audit_buf_push(struct tty_audit_buf *buf)
{
if (buf->valid == 0)
return;
if (audit_enabled == AUDIT_OFF) {
buf->valid = 0;
return;
}
tty_audit_log("tty", buf->dev, buf->data, buf->valid);
buf->valid = 0;
}
/**
* tty_audit_exit - Handle a task exit
Annotation
- Immediate include surface: `linux/audit.h`, `linux/slab.h`, `linux/tty.h`, `tty.h`.
- Detected declarations: `struct tty_audit_buf`, `function tty_audit_buf_free`, `function tty_audit_log`, `function tty_audit_buf_push`, `function tty_audit_exit`, `function tty_audit_fork`, `function tty_audit_tiocsti`, `function tty_audit_push`, `function ERR_PTR`, `function tty_audit_add_data`.
- Atlas domain: Driver Families / drivers/tty.
- Implementation status: source implementation candidate.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.