From: Thomas Gleixner <tglx@linutronix.de>
To: Wojtek Wasko <wwasko@nvidia.com>, netdev@vger.kernel.org
Cc: richardcochran@gmail.com, vadim.fedorenko@linux.dev,
kuba@kernel.org, horms@kernel.org, anna-maria@linutronix.de,
frederic@kernel.org, pabeni@redhat.com
Subject: Re: [PATCH net-next v3 2/3] ptp: Add file permission checks on PHCs
Date: Mon, 17 Feb 2025 21:24:23 +0100 [thread overview]
Message-ID: <87cyfgjp54.ffs@tglx> (raw)
In-Reply-To: <20250217095005.1453413-3-wwasko@nvidia.com>
On Mon, Feb 17 2025 at 11:50, Wojtek Wasko wrote:
> Many devices implement highly accurate clocks, which the kernel manages
> as PTP Hardware Clocks (PHCs). Userspace applications rely on these
> clocks to timestamp events, trace workload execution, correlate
> timescales across devices, and keep various clocks in sync.
>
> The kernel’s current implementation of PTP clocks does not enforce file
> permissions checks for most device operations except for POSIX clock
> operations, where file mode is verified in the POSIX layer before
> forwarding the call to the PTP subsystem. Consequently, it is common
> practice to not give unprivileged userspace applications any access to
> PTP clocks whatsoever by giving the PTP chardevs 600 permissions. An
> example of users running into this limitation is documented in [1].
>
> Add permission checks for functions that modify the state of a PTP
> device. Continue enforcing permission checks for POSIX clock operations
> (settime, adjtime) in the POSIX layer. One limitation remains: querying
> the adjusted frequency of a PTP device (using adjtime() with an empty
> modes field) is not supported for chardevs opened without WRITE
> permissions, as the POSIX layer mandates WRITE access for any adjtime
> operation.
That's a fixable problem, no?
next prev parent reply other threads:[~2025-02-17 20:24 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-17 9:50 [PATCH net-next v3 0/3] Permission checks for dynamic POSIX clocks Wojtek Wasko
2025-02-17 9:50 ` [PATCH net-next v3 1/3] posix-clock: Store file pointer in struct posix_clock_context Wojtek Wasko
2025-02-17 20:23 ` Thomas Gleixner
2025-02-17 9:50 ` [PATCH net-next v3 2/3] ptp: Add file permission checks on PHCs Wojtek Wasko
2025-02-17 20:24 ` Thomas Gleixner [this message]
2025-02-19 9:45 ` Wojtek Wasko
2025-02-20 12:53 ` Thomas Gleixner
2025-02-20 14:07 ` Wojtek Wasko
2025-02-17 9:50 ` [PATCH net-next v3 3/3] testptp: add option to open PHC in readonly mode Wojtek Wasko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87cyfgjp54.ffs@tglx \
--to=tglx@linutronix.de \
--cc=anna-maria@linutronix.de \
--cc=frederic@kernel.org \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=richardcochran@gmail.com \
--cc=vadim.fedorenko@linux.dev \
--cc=wwasko@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.