torvalds/linux
torvalds/linux
2
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Code
0d60fd5032
linux/kernel/time
History
Wojtek Wasko b4e53b15c0 ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE. 
Many devices implement highly accurate clocks, which the kernel manages
as PTP Hardware Clocks (PHCs). Userspace applications rely on these
clocks to timestamp events, trace workload execution, correlate
timescales across devices, and keep various clocks in sync.

The kernel’s current implementation of PTP clocks does not enforce file
permissions checks for most device operations except for POSIX clock
operations, where file mode is verified in the POSIX layer before
forwarding the call to the PTP subsystem. Consequently, it is common
practice to not give unprivileged userspace applications any access to
PTP clocks whatsoever by giving the PTP chardevs 600 permissions. An
example of users running into this limitation is documented in [1].
Additionally, POSIX layer requires WRITE permission even for readonly
adjtime() calls which are used in PTP layer to return current frequency
offset applied to the PHC.

Add permission checks for functions that modify the state of a PTP
device. Continue enforcing permission checks for POSIX clock operations
(settime, adjtime) in the POSIX layer. Only require WRITE access for
dynamic clocks adjtime() if any flags are set in the modes field.

[1] https://lists.nwtime.org/sympa/arc/linuxptp-users/2024-01/msg00036.html

Changes in v4:
- Require FMODE_WRITE in ajtime() only for calls modifying the clock in
  any way.

Acked-by: Richard Cochran <richardcochran@gmail.com>
Reviewed-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>
Signed-off-by: Wojtek Wasko <wwasko@nvidia.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2025-03-05 12:43:54 +00:00
..
alarmtimer.c alarmtimer: Switch to use hrtimer_setup() and hrtimer_setup_on_stack() 2024-11-07 02:47:07 +01:00
clockevents.c clockevents: Shutdown and unregister current clockevents at CPUHP_AP_TICK_DYING 2024-10-31 10:41:42 +01:00
clocksource-wdtest.c clocksource/wdtest: Print time values for short udelay(1) 2025-01-15 19:49:13 +01:00
clocksource.c clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context 2025-02-03 16:18:56 +01:00
hrtimer.c hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING 2025-01-23 20:06:35 +01:00
itimer.c signal: Confine POSIX_TIMERS properly 2024-10-29 11:43:18 +01:00
jiffies.c clocksource: Make clocksource watchdog test safe for slow-HZ systems 2021-08-28 17:01:32 +02:00
Kconfig timekeeping: Always check for negative motion 2024-11-02 10:14:31 +01:00
Makefile timers: Move *sleep*() and timeout functions into a separate file 2024-10-16 00:36:46 +02:00
namespace.c vdso/timens: Refactor copy-pasted find_timens_vvar_page() helper into one copy 2022-12-01 11:35:40 +01:00
ntp_internal.h ntp: Make sure RTC is synchronized when time goes backwards 2024-09-10 13:50:40 +02:00
ntp.c ntp: Remove invalid cast in time offset math 2024-11-28 12:02:38 +01:00
posix-clock.c ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE. 2025-03-05 12:43:54 +00:00
posix-cpu-timers.c posix-timers: Cleanup SIG_IGN workaround leftovers 2024-11-07 02:14:45 +01:00
posix-stubs.c posix-timers: Get rid of [COMPAT_]SYS_NI() uses 2023-12-20 21:30:27 -08:00
posix-timers.c posix-timers: Fix typo in __lock_timer() 2025-01-15 19:49:13 +01:00
posix-timers.h posix-timers: Cleanup SIG_IGN workaround leftovers 2024-11-07 02:14:45 +01:00
sched_clock.c seqlock, treewide: Switch to non-raw seqcount_latch interface 2024-11-05 12:55:35 +01:00
sleep_timeout.c timers: Switch to use hrtimer_setup_sleeper_on_stack() 2024-11-07 02:47:06 +01:00
test_udelay.c time: Add MODULE_DESCRIPTION() to time test modules 2024-06-03 11:18:50 +02:00
tick-broadcast-hrtimer.c time/tick-broadcast: Remove RCU_NONIDLE() usage 2023-01-13 11:48:16 +01:00
tick-broadcast.c tick/broadcast: Add kernel-doc for function parameters 2025-01-15 19:49:14 +01:00
tick-common.c tick/nohz_full: Don't abuse smp_call_function_single() in tick_setup_device() 2024-06-10 20:18:13 +02:00
tick-internal.h clockevents: Shutdown and unregister current clockevents at CPUHP_AP_TICK_DYING 2024-10-31 10:41:42 +01:00
tick-legacy.c timekeeping: remove xtime_update 2020-10-30 21:57:07 +01:00
tick-oneshot.c time: Fix various kernel-doc problems 2023-01-03 11:07:58 +01:00
tick-sched.c A rather large update for timekeeping and timers: 2024-11-19 16:35:06 -08:00
tick-sched.h tick/sched: Fix struct tick_sched doc warnings 2024-04-01 10:36:35 +02:00
time_test.c time: Add MODULE_DESCRIPTION() to time test modules 2024-06-03 11:18:50 +02:00
time.c time: Fix references to _msecs_to_jiffies() handling of values 2024-10-25 19:50:10 +02:00
timeconst.bc time: Add SPDX license identifiers 2018-11-23 11:51:20 +01:00
timeconv.c time: Improve performance of time64_to_tm() 2021-06-24 11:51:59 +02:00
timecounter.c time/timecounter: Mark 1st argument of timecounter_cyc2time() as const 2021-04-16 21:03:50 +02:00
timekeeping_debug.c timekeeping: Add percpu counter for tracking floor swap events 2024-10-10 10:20:46 +02:00
timekeeping_internal.h clocksource: Make negative motion detection more robust 2024-12-05 16:03:24 +01:00
timekeeping.c timekeeping: Remove unused ktime_get_fast_timestamps() 2025-01-15 19:49:14 +01:00
timekeeping.h asm-generic: cross-architecture timer cleanup 2020-12-16 00:07:17 -08:00
timer_list.c tick: Split nohz and highres features from nohz_mode 2024-02-26 11:37:32 +01:00
timer_migration.c timers/migration: Fix off-by-one root mis-connection 2025-02-07 09:02:16 +01:00
timer_migration.h timer/migration: Fix kernel-doc warnings for union tmigr_state 2025-01-15 19:49:14 +01:00
timer.c treewide: const qualify ctl_tables where applicable 2025-01-28 13:48:37 +01:00
vsyscall.c A rather large update for timekeeping and timers: 2024-11-19 16:35:06 -08:00