[net-next,v2,0/3] Permission checks for dynamic POSIX clocks

Message ID	20250211150913.772545-1-wwasko@nvidia.com (mailing list archive)
Headers	show Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2047.outbound.protection.outlook.com [40.107.94.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C8F813D69 for <netdev@vger.kernel.org>; Tue, 11 Feb 2025 15:09:19 +0000 (UTC) From: Wojtek Wasko <wwasko@nvidia.com> To: netdev@vger.kernel.org Cc: richardcochran@gmail.com, vadim.fedorenko@linux.dev, kuba@kernel.org, horms@kernel.org Subject: [PATCH net-next v2 0/3] Permission checks for dynamic POSIX clocks Date: Tue, 11 Feb 2025 17:09:10 +0200 Message-ID: <20250211150913.772545-1-wwasko@nvidia.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk MIME-Version: 1.0
Series	Permission checks for dynamic POSIX clocks \| expand [net-next,v2,0/3] Permission checks for dynamic POSIX clocks [net-next,v2,1/3] posix clocks: Store file pointer in clock context [net-next,v2,2/3] ptp: Add file permission checks on PHCs [net-next,v2,3/3] testptp: Add option to open PHC in readonly mode

Message ID

20250211150913.772545-1-wwasko@nvidia.com (mailing list archive)

Headers

From: Wojtek Wasko <wwasko@nvidia.com>
To: netdev@vger.kernel.org
Cc: richardcochran@gmail.com,
	vadim.fedorenko@linux.dev,
	kuba@kernel.org,
	horms@kernel.org
Subject: [PATCH net-next v2 0/3] Permission checks for dynamic POSIX clocks
Date: Tue, 11 Feb 2025 17:09:10 +0200
Message-ID: <20250211150913.772545-1-wwasko@nvidia.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?BfrhCBdxO5WftylWlLJPFhj+n8Dg?=
	=?utf-8?q?OozZNecv8k+6ahYHgc5zXKooAK21bFCRKCLwRsjPH+uP38+xH96/JB1Hhh5JFalwg?=
	=?utf-8?q?lS3dzzXgloc38TRsL26ltK7X7XieWZGVAWaWEA1OTxBYmPZuXNbGNmEpfOqLwpXAB?=
	=?utf-8?q?k+e0d7TjuihhPpFshSjgpvglkzYEezo8Xveit240j4KEn2kPZsktvfVvQjZWsaPCW?=
	=?utf-8?q?DxWwxh7Zw3XkmtjGa4ZcqqMnRu5CLpKC07fX/hlx9BGpq7dpbZeXCtFH78Jyz0VCF?=
	=?utf-8?q?xqqL2ZBQl5HWoNioSut6A5V9jKVXIhg2a+lrrmcdQkuqzoe1LRtmbMex4Gzo0A/C1?=
	=?utf-8?q?V9xCepiFIW1vOkdpj5Lrvb4yzzOqM2A0s9dAvNi3ZsLjPUvbtH6pTecxk9dEwlIHN?=
	=?utf-8?q?GBxoNCN2VCT220+KpQaQdFrVij7O6/CKMNZL4ZluyCiz3vVyzAlppuX6z+uNp2y7Z?=
	=?utf-8?q?C9BRf2V+/CzvyzMccg7duV2dUWg2z0dsknVnGNxWG2no6cE/nUWLLF78JGUh1OpLl?=
	=?utf-8?q?JKMSSDYiwV5pbiTYYRf4TKljME0REKvVYIuV+cVaUM4qsAn63zDX6gsUvP/TjgRRZ?=
	=?utf-8?q?vd5a8NXBUYu5k5+ED5U0t3+1oxEdQ1IuNXjnS0TaPxRbm3mLJ481VMRpEsJADx8Vi?=
	=?utf-8?q?fgtrGyRQNG+OxhxjabfkF62EEMEw24eruhrfsOnx4PoTS5MvRca9qc+iAfjPQQrBl?=
	=?utf-8?q?NYG5+wZ1YUyZ420wRYk/kxwFH7bEPvJWUV5QydOzhOFTEYU1d2oWZqTn5nKj5HUak?=
	=?utf-8?q?2cSDCbZS55oIHon8aywC3WHt5AecqO2TIjm7RsKWpSEMFrpZW3XW4TottCbQHmYWr?=
	=?utf-8?q?kI//Jv8FLA3Gksc6b1k0XdLBoVVCKosRm6t5r+FBfvFdJOzFlaqyfDcDekvT352XS?=
	=?utf-8?q?1m/CT8d2kJCN4tY/kpJcSxSoCZBPfmigeHrvmXLJKOfhljdB73UAuYfl8XSpMvUP1?=
	=?utf-8?q?fYNrFjs6RlDEsKSMBVP1zP467jLWj0o2jZ6wdkeBxb+5/dZc/OLKCu2a36aKTbNnK?=
	=?utf-8?q?TeidHAZo61tO3Bmpcuba9VbVDvV5NH9OUjDZPksbz2qlW5kn78PXbXD38b/iBmYlS?=
	=?utf-8?q?OpRUctLIF6qx7Dme5GuCExWAx4qMrM/pjearY3/ledtbXK2SyjI1c0PkwL+UwBvbM?=
	=?utf-8?q?igTiqIeAqXQljZJ3y9WVD45LFQ4a9Wtbl3ngTqy2qrtXIY5vMwcR0m5UwOoZgNhup?=
	=?utf-8?q?rX1vig7vcyF2DZ0hFUqdCy/QWFfWHbgFMeKtuXfRoN0EXsY++c2y6j9S9GOPBIegi?=
	=?utf-8?q?OI3bYUJjFqwgTxNwghAnw4HgthQqreejld5pHBDrpPxIHTGqI3RfZtwkFH8rE+qRL?=
	=?utf-8?q?0GOBn3z70j06uL6Ao+4BsVlirB4ewdfDVLZnuwAC81Jha0ByRKdl1OACn3o59Kwg9?=
	=?utf-8?q?D2lfHaKKeuXy2tvf8ct7Eo/ql/gIxv8tabHkYhiE3yI7F99sQ6+q7cAMYkw2f9UBt?=
	=?utf-8?q?uVvzVn5FHGQa0LMhqHZlpHuEEEh1eKVu4am07i0FBXPGPVq7GfxdWWw4fgreDJ/+H?=
	=?utf-8?q?szo4vCo3ep4Y?=
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 3bb8b581-9aa1-4aec-3ee4-08dd4aae0db8
X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB8558.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Feb 2025 15:09:17.3197
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 ZkvHlpXmpNnx6WrkMe6QAeDKIPhTYWAVN6iBpRpP/pOWE73ECz6QQ0NaBDS/3HFtLhG04SUIZCLtPjqOhQcYpQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB8357
X-Patchwork-Delegate: kuba@kernel.org

Series

Permission checks for dynamic POSIX clocks | expand

Message

Wojtek Wasko Feb. 11, 2025, 3:09 p.m. UTC

Dynamic clocks - such as PTP clocks - extend beyond the standard POSIX
clock API by using ioctl calls. While file permissions are enforced for
standard POSIX operations, they are not implemented for ioctl calls,
since the POSIX layer cannot differentiate between calls which modify
the clock's state (like enabling PPS output generation) and those that
don't (such as retrieving the clock's PPS capabilities).

On the other hand, drivers implementing the dynamic clocks lack the
necessary information context to enforce permission checks themselves.

Add a struct file pointer to the POSIX clock context and use it to
implement the appropriate permission checks on PTP chardevs. Add a
readonly option to testptp.

Changes in v2:
- Store file pointer in POSIX clock context rather than fmode in the PTP
  clock's private data, as suggested by Richard.
- Move testptp.c changes into separate patch.

Wojtek Wasko (3):
  posix clocks: Store file pointer in clock context
  ptp: Add file permission checks on PHCs
  testptp: Add option to open PHC in readonly mode

 drivers/ptp/ptp_chardev.c             | 16 ++++++++++++
 include/linux/posix-clock.h           |  6 ++++-
 kernel/time/posix-clock.c             |  1 +
 tools/testing/selftests/ptp/testptp.c | 37 +++++++++++++++++----------
 4 files changed, 45 insertions(+), 15 deletions(-)

Comments

Richard Cochran Feb. 11, 2025, 4:51 p.m. UTC | #1

On Tue, Feb 11, 2025 at 05:09:10PM +0200, Wojtek Wasko wrote:
> Dynamic clocks - such as PTP clocks - extend beyond the standard POSIX
> clock API by using ioctl calls. While file permissions are enforced for
> standard POSIX operations, they are not implemented for ioctl calls,
> since the POSIX layer cannot differentiate between calls which modify
> the clock's state (like enabling PPS output generation) and those that
> don't (such as retrieving the clock's PPS capabilities).
> 
> On the other hand, drivers implementing the dynamic clocks lack the
> necessary information context to enforce permission checks themselves.
> 
> Add a struct file pointer to the POSIX clock context and use it to
> implement the appropriate permission checks on PTP chardevs. Add a
> readonly option to testptp.
> 
> Changes in v2:
> - Store file pointer in POSIX clock context rather than fmode in the PTP
>   clock's private data, as suggested by Richard.
> - Move testptp.c changes into separate patch.
> 
> Wojtek Wasko (3):
>   posix clocks: Store file pointer in clock context
>   ptp: Add file permission checks on PHCs
>   testptp: Add option to open PHC in readonly mode

For the series:

Acked-by: Richard Cochran <richardcochran@gmail.com>

Vadim Fedorenko Feb. 11, 2025, 5:07 p.m. UTC | #2

On 11/02/2025 15:09, Wojtek Wasko wrote:
> Dynamic clocks - such as PTP clocks - extend beyond the standard POSIX
> clock API by using ioctl calls. While file permissions are enforced for
> standard POSIX operations, they are not implemented for ioctl calls,
> since the POSIX layer cannot differentiate between calls which modify
> the clock's state (like enabling PPS output generation) and those that
> don't (such as retrieving the clock's PPS capabilities).
> 
> On the other hand, drivers implementing the dynamic clocks lack the
> necessary information context to enforce permission checks themselves.
> 
> Add a struct file pointer to the POSIX clock context and use it to
> implement the appropriate permission checks on PTP chardevs. Add a
> readonly option to testptp.
> 
> Changes in v2:
> - Store file pointer in POSIX clock context rather than fmode in the PTP
>    clock's private data, as suggested by Richard.
> - Move testptp.c changes into separate patch.
> 
> Wojtek Wasko (3):
>    posix clocks: Store file pointer in clock context
>    ptp: Add file permission checks on PHCs
>    testptp: Add option to open PHC in readonly mode
> 
>   drivers/ptp/ptp_chardev.c             | 16 ++++++++++++
>   include/linux/posix-clock.h           |  6 ++++-
>   kernel/time/posix-clock.c             |  1 +
>   tools/testing/selftests/ptp/testptp.c | 37 +++++++++++++++++----------
>   4 files changed, 45 insertions(+), 15 deletions(-)
> 

For the series:
Reviewed-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>