From patchwork Mon Feb 17 09:50:04 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Wojtek Wasko <wwasko@nvidia.com>
X-Patchwork-Id: 13977395
X-Patchwork-Delegate: kuba@kernel.org
Received: from NAM12-MW2-obe.outbound.protection.outlook.com
 (mail-mw2nam12on2046.outbound.protection.outlook.com [40.107.244.46])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C463215F76
	for <netdev@vger.kernel.org>; Mon, 17 Feb 2025 09:50:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=fail smtp.client-ip=40.107.244.46
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1739785822; cv=fail;
 b=DoagsmJPIJmgxmpuxM814gSOxHxJ0wWyyyf+vyZ5gqA0d7JhUse3t0/rjt3hGBQaN3ybEpwc6Chb0sM0rrGLMkHPx4eLL3yGlvuc1PA1+Lbv2Xed/eNJgQiElsrBOSlBff0UghC28EdkqJJzjR6+8jKnA3+l7r6YexQOQS7gHEw=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1739785822; c=relaxed/simple;
	bh=Hu5sMgv3UMkah8TOi3SPcC+v9GWp/HYsb93hsyj5xcU=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 Content-Type:MIME-Version;
 b=e2Gvi2LYBR4yYQ08FzgtoDRmn3/NjwzcusAHtSJmYfV7RIz8a1uNfGjDKThncuPY58lucx35d1fRjfK5Jr7nrVs/FRweqStH2/BY/jbKvh23z+n73dKGntXfGa0tLaQBYfyQHEfN6lHcRhUm60r5q1OPvYbnaqykL6ifsz/myRE=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=nvidia.com;
 spf=fail smtp.mailfrom=nvidia.com;
 dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com
 header.b=PjTFIfjf; arc=fail smtp.client-ip=40.107.244.46
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=nvidia.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=fail smtp.mailfrom=nvidia.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com
 header.b="PjTFIfjf"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=evsaSo3ng6CjDL8GMDwtlgb97J3krnASWnK0H5IFeGFLlaevsRdmSadq0yo5ZsFDfVnQNBaD2DgHMWr8z31k224P6Icqf2yk34HXO7osrfqZq4RQiVeDU5WTbru+ENm1fmZ6wX+f7U/MbT8D4td4L0e7cJ/JjpeQZrLHLsLFKuAN6AP7/VtsmMolOQ/XUZwh4QiXOXsi+VImkQPnbo1/foqB/J6CQpESfJ9pdtM0fuzYDLN6UCe1J+seGDtFJkDRMRtAQ8sm6dlKk9SQHCgZ73rAEe9ZGsaikCrNdqs02dzTo5utf865jIGc/hmaLnlTHvjemo9gNQ+h3JGE+IUXyg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=9AcwJ4tX7zWI7r57BV2QzXWD9sTmSbwZ+tfnkihGf8U=;
 b=ywJLZZWKw+7SIhrWjpYFzSRJM1mDLlSoHPfdAf5UH5XUd3nSrvbKh6RUQXTaF0VyV8pX57v8e+KnM8djhEbv+c5qmcb5fQZaomsMXW4ysQ7G1I4vrBSzd7rFut+Ps6GNTxTtyxWsQaj0N1NeouubC4JplvyrgpAedb/iVZwVoWfqA/DCIqFOjzQpxadU/CUZVgq8vEZBqnqsy9VFyZa55Lh64NiQ71yOR0jkc6yBKBtlo6fAO49dnTpFqU0a+e+BGdVrI2DvNfCqTQpvX0mBvs/0w3ZypYB20obJ0KDFnO+2lqksjtFLRDnl0chxWibArDpaCHtAE2TC3AIRm/odKg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com;
 dkim=pass header.d=nvidia.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=9AcwJ4tX7zWI7r57BV2QzXWD9sTmSbwZ+tfnkihGf8U=;
 b=PjTFIfjfwqJR6TqkgmqwwVtVkdlH4mBIBAEHAJR7j680JyiJpiaBEyGNm36BTJ0w6vrvCMGa7G7Qz3Xqu9vDpf2qaij5SfU3Frrbr0tf/6QEYfX2qeLMYHdfA8BB1eVvUU6yODpwXdokXzRslSoqeAK54kNw+Ex5KO62vn/TRbtYyMXl3m06wzfNIaPwVdmsMbl8dPhpwK5UqHQxO3jBEZqa2S8ACtYJhMr+PHY9sB0rHQLuLsYfy4Q1v1rrLXn+qxyLAoATQthEZhE0v7gpS+nxO4I3zP7p8L8LT/oKgzk5vg+ZxoyAQNIi5r1ryZxCuwj2jfI4AMKGVDU6Y5j6Lw==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=nvidia.com;
Received: from DM4PR12MB8558.namprd12.prod.outlook.com (2603:10b6:8:187::22)
 by SJ2PR12MB7961.namprd12.prod.outlook.com (2603:10b6:a03:4c0::20) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8445.19; Mon, 17 Feb
 2025 09:50:16 +0000
Received: from DM4PR12MB8558.namprd12.prod.outlook.com
 ([fe80::5ce:264f:c63c:2703]) by DM4PR12MB8558.namprd12.prod.outlook.com
 ([fe80::5ce:264f:c63c:2703%5]) with mapi id 15.20.8445.017; Mon, 17 Feb 2025
 09:50:16 +0000
From: Wojtek Wasko <wwasko@nvidia.com>
To: netdev@vger.kernel.org
Cc: richardcochran@gmail.com,
	vadim.fedorenko@linux.dev,
	kuba@kernel.org,
	horms@kernel.org,
	anna-maria@linutronix.de,
	frederic@kernel.org,
	pabeni@redhat.com,
	tglx@linutronix.de
Subject: [PATCH net-next v3 2/3] ptp: Add file permission checks on PHCs
Date: Mon, 17 Feb 2025 11:50:04 +0200
Message-ID: <20250217095005.1453413-3-wwasko@nvidia.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <20250217095005.1453413-1-wwasko@nvidia.com>
References: <20250217095005.1453413-1-wwasko@nvidia.com>
X-ClientProxiedBy: LO0P265CA0013.GBRP265.PROD.OUTLOOK.COM
 (2603:10a6:600:355::8) To DM4PR12MB8558.namprd12.prod.outlook.com
 (2603:10b6:8:187::22)
Precedence: bulk
X-Mailing-List: netdev@vger.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM4PR12MB8558:EE_|SJ2PR12MB7961:EE_
X-MS-Office365-Filtering-Correlation-Id: d8f2be40-7666-4c77-f71f-08dd4f387b4b
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016;
X-Microsoft-Antispam-Message-Info: =?utf-8?q?t+lJkVCBEMffHZeKhQXZFZBeyvDgutW?=
	=?utf-8?q?wN9pIWNKphqtygqQcn3gwjVt4IYFVjNa5Oyk4lJDPgwei01wD1NrRWsmbs0viZloA?=
	=?utf-8?q?NFJBB5cgR3+WSicCIdwbQZQN8zlQlCGDr2/ETpKPix3iadFiVpyhKsFxNmlWzw2an?=
	=?utf-8?q?CXrgr45G9dWRKJTRHukOULUXYnUxVV0OXfb9nilaz7LyAv/5NjuHrP05KpbqNjj5f?=
	=?utf-8?q?zW0ogVtOyZDmco7tJ68nm45YtkVMb9OmEHRH4Fdkoc9vseIf3sH+QHGJklXLe821z?=
	=?utf-8?q?5ZqOvLI5ga97OOpklhpJDtBYUowdfH4QEUjVIuXQ0HeDVzFPO2XYw7NcIxGYlyDOe?=
	=?utf-8?q?t8QilVPBWvfoPlR1cbcuNfyKnmkfoQjEe8YJ2vcJx8c5w3XHQB3hvODcE4IiPiju7?=
	=?utf-8?q?CB0YaiXJReSwgE97LKlHVXXl5xbvL58rY1RyK8DI1QBD06wRLlWqqrg3cvy+xf5bI?=
	=?utf-8?q?CC5+O0nizHg0awKHkzylfHVJq/953YKEDela7dSlUDEywPn6PLfjbqTDbhC/JWe5h?=
	=?utf-8?q?T0mmB7EdV3xb3B5mfVS+QSIWt4d158QYApr59ikoZE9qwog7Tj7QXPi1Uqw/+9ceS?=
	=?utf-8?q?TPYBWiLoMG5c8+fBwoe9b6g2N2RQSUm8J56Y6Us2+aG/L2hB8cVmZaYVF+1exgaoX?=
	=?utf-8?q?Z4hYckeOOBvcwp1HeGVYGdi9GVlGk/CHz9iNFB8JI2JkOsbpjeGUOGMRMo8IO45ZL?=
	=?utf-8?q?wpjNDxyaFQ3Xda7hes7VqSmj0fFXitO0DchknrR0CauVNC/SInnj2YBlH1HTFcO8o?=
	=?utf-8?q?Y42lr71S+C1CflNG6irLJsq2iKDsmZjDWwfEJXDTsbCYK3cQ+TyA8iIk+aN4mBhzB?=
	=?utf-8?q?Hg+RfvenFdPH9Ke7ATxNpNmQsz72J/7LZNViJ33qFzMBK/MY9aEfxzLGse/OuTUcQ?=
	=?utf-8?q?TFtfKxZxocj0QHUnc5zS7Q4jsPcwEPsX3cPrRDDzHWFwwyEPnX+spAKtDqWTfEBes?=
	=?utf-8?q?qMPkDmE37GZiVKxzEpfePEXmZqLB/W8wIGsnsnA7XbFgLcpCI2hI/57Np0pLtFMLP?=
	=?utf-8?q?vmRnWWnK3sRVnVjHpDDMO2cH47yx9k11jRx00wUdB+IG9m0Ka+86y4gt43Emgei4N?=
	=?utf-8?q?1uVJxcUnEgZiz9ZPSQ3XTW2SWHlgaLpiUlrUFyL4SCU2JdSUnGZ3BOY5bArx+OL7r?=
	=?utf-8?q?DeTBt7av18PSsXo8hhX4MbQgwhYxWZJ3jKxhgNJppjOuUWu23QgNQDfSiY/HdHkKP?=
	=?utf-8?q?wtxcOWDzaagqgkh9D0/T20/KEok5EoyhEBU/pF0N7n4oNQbmb47EnSSG3hIxsLP42?=
	=?utf-8?q?7HTE+UUnrB6ZwTrvoQwfajLqAtYtnaIn3tyAKU/7UYgFCbng5slTpI1KgjEyyEakU?=
	=?utf-8?q?LxpT8Az2SakC?=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR12MB8558.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?TUa6yjHy77NtW4lR/p11HibFq1y4?=
	=?utf-8?q?FEABTD5KHlV84IP9CyH1gc31j4PIMHwveh3huiAJPAW7PuppOXzKm+QGrcV24JlHa?=
	=?utf-8?q?nzo3cWL3Q8Ad5bOVr2hcbdULr2Osavi9IFJCu9hbD9c9bS8t3LgxvpUy5TnEJKLtz?=
	=?utf-8?q?lbhzVmP9Pa7l3VSurKInMcVZ5Qnu3UBbZJXF9jJTiL0Hzthp2ShIWiTE+2wkovZjG?=
	=?utf-8?q?1M2WpMZEHHi3EHTf5yMFopoX14TAwKjmlbefKjAOq2B2zadvc27dCiifpd0tXnAMG?=
	=?utf-8?q?913J4mv/4SOMgpUUT974uVMBOX+/SBKjUpZ/HhVnJgLcsSLCPG0R21f2SM8CHbJfq?=
	=?utf-8?q?uIG5+OV0s4/K5GPc4MTulgN45lW9qAHuKW/HZ+1T2nbDventgCcptg1hZZ1Zz3hkJ?=
	=?utf-8?q?Zs2fDLv2Vpk2qXTtCErgV0pXePDBylGhz6OeZiYtb7iUCNk7WlifOlzwU9Y6CGLkn?=
	=?utf-8?q?clfP0rQqSnTRWg90VLpd7v2bp/JyRlw7+jFrFIvlJtzuRhtz5cyXnZvJv6f8zeQMj?=
	=?utf-8?q?sgDaXGghIFNzVjEH/MUKCP82ZnMjjtGC0ZaRwhulH8p5Xey/jM/oCHtTUjiY2Gqwj?=
	=?utf-8?q?/6zfv/nmPZon5iYNhVd9Gt2mcizWUFGaLZsJVO4of4A38B6so9OoICiUR76vg1xYq?=
	=?utf-8?q?eNnlYh81S6GEofLFlR2vvtqjdvv2Uq+jOlPpTFYy1Je/sC46YPtR/ew3ztlRZvHDO?=
	=?utf-8?q?JTddV9P3VTKm+yLSBiiQiNh6fpesWepsZTzr/dK9lqHQlz+QvIx+ylbcXkiaDV9bf?=
	=?utf-8?q?E//7sb7r+o4rOeTnYiigRlR/7smSQ0Fe6EUn77KZcPhUqduiBKN/dqeKi5wOgbBg6?=
	=?utf-8?q?XzCoRv3DDjJViUdoPeVavZMA0iOcyEdUwwNYWeDk2AxrSRJ6MCvM3+z8zD9F6Jh+m?=
	=?utf-8?q?BkDpeVK66/qskLS5furp5XIQ3G7sXMLFofEMhECfeefAlMhgIY3jd8YMQMDshp3QA?=
	=?utf-8?q?DHThpADt0MHThcz8ApWYzM/v3e7LhT1eO9/SrAi0jqEeHq3m6LhcC2uS+G9s15Nsk?=
	=?utf-8?q?PQVuVdHal5/vm6+GCw4VBRhRH+5PAj55REIRMJwKUZGkxj98l2SF6HGoWkJ55LY5d?=
	=?utf-8?q?5TY6FdNEcvHvGwYY/6w7fQ7duoomud/9nI3GwrPJi0hHv/TAr3DJCUrnOkPdkG30+?=
	=?utf-8?q?mvAENURjDUwxGrOrbEHUZIwSS81CUPl/CGIeHOadRMHcJeTsIjCwTSjkyU4Sa/QFO?=
	=?utf-8?q?qaX8UqQ/SQCR1mCTAJFlu0gzg6dZpaL5/Kbmoyy6wxIT0Ee6UtI6z2TKBYly4IKf7?=
	=?utf-8?q?LoZDZ50FVMfsY/K9EyeDFCoyI/gKhtoWgff+rI+qO3IzyIgYJR0msSNG004Zkfgs+?=
	=?utf-8?q?RNAt+grZ4TI27d+zFO5uHLlVlK+yQ2vsKlt95V7lcUwEj6+ZjkzV8S1qo5j/RIA3t?=
	=?utf-8?q?quGD148cXgNv0u/kH9/pHPKjbmybL/wxhnikp6Vt2YPA66KgaGa2ndBnIJKBiMsYH?=
	=?utf-8?q?LH8DEKIRpe+FMuiPRYyq0bAHombn+kzWj7apNsayhmh8Ryz2oy+O0cBUlMs5gzvYm?=
	=?utf-8?q?tAW6HvN3ZlNF?=
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 d8f2be40-7666-4c77-f71f-08dd4f387b4b
X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB8558.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Feb 2025 09:50:16.2697
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 aZBlTnkKcDY+eiF2j9eh3FgNpW+mSy2cUUP9EqWaWnKPUhBC+I9dwpz/9IvEY/Y6RlF44F4aqZLwsDUCmQsnPw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB7961
X-Patchwork-Delegate: kuba@kernel.org

Many devices implement highly accurate clocks, which the kernel manages
as PTP Hardware Clocks (PHCs). Userspace applications rely on these
clocks to timestamp events, trace workload execution, correlate
timescales across devices, and keep various clocks in sync.

The kernel’s current implementation of PTP clocks does not enforce file
permissions checks for most device operations except for POSIX clock
operations, where file mode is verified in the POSIX layer before
forwarding the call to the PTP subsystem. Consequently, it is common
practice to not give unprivileged userspace applications any access to
PTP clocks whatsoever by giving the PTP chardevs 600 permissions. An
example of users running into this limitation is documented in [1].

Add permission checks for functions that modify the state of a PTP
device. Continue enforcing permission checks for POSIX clock operations
(settime, adjtime) in the POSIX layer. One limitation remains: querying
the adjusted frequency of a PTP device (using adjtime() with an empty
modes field) is not supported for chardevs opened without WRITE
permissions, as the POSIX layer mandates WRITE access for any adjtime
operation.

[1] https://lists.nwtime.org/sympa/arc/linuxptp-users/2024-01/msg00036.html

Signed-off-by: Wojtek Wasko <wwasko@nvidia.com>
---
 drivers/ptp/ptp_chardev.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/drivers/ptp/ptp_chardev.c b/drivers/ptp/ptp_chardev.c
index bf6468c56419..4380e6ddb849 100644
--- a/drivers/ptp/ptp_chardev.c
+++ b/drivers/ptp/ptp_chardev.c
@@ -205,6 +205,10 @@ long ptp_ioctl(struct posix_clock_context *pccontext, unsigned int cmd,
 
 	case PTP_EXTTS_REQUEST:
 	case PTP_EXTTS_REQUEST2:
+		if ((pccontext->fp->f_mode & FMODE_WRITE) == 0) {
+			err = -EACCES;
+			break;
+		}
 		memset(&req, 0, sizeof(req));
 
 		if (copy_from_user(&req.extts, (void __user *)arg,
@@ -246,6 +250,10 @@ long ptp_ioctl(struct posix_clock_context *pccontext, unsigned int cmd,
 
 	case PTP_PEROUT_REQUEST:
 	case PTP_PEROUT_REQUEST2:
+		if ((pccontext->fp->f_mode & FMODE_WRITE) == 0) {
+			err = -EACCES;
+			break;
+		}
 		memset(&req, 0, sizeof(req));
 
 		if (copy_from_user(&req.perout, (void __user *)arg,
@@ -314,6 +322,10 @@ long ptp_ioctl(struct posix_clock_context *pccontext, unsigned int cmd,
 
 	case PTP_ENABLE_PPS:
 	case PTP_ENABLE_PPS2:
+		if ((pccontext->fp->f_mode & FMODE_WRITE) == 0) {
+			err = -EACCES;
+			break;
+		}
 		memset(&req, 0, sizeof(req));
 
 		if (!capable(CAP_SYS_TIME))
@@ -456,6 +468,10 @@ long ptp_ioctl(struct posix_clock_context *pccontext, unsigned int cmd,
 
 	case PTP_PIN_SETFUNC:
 	case PTP_PIN_SETFUNC2:
+		if ((pccontext->fp->f_mode & FMODE_WRITE) == 0) {
+			err = -EACCES;
+			break;
+		}
 		if (copy_from_user(&pd, (void __user *)arg, sizeof(pd))) {
 			err = -EFAULT;
 			break;