| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250519153032.655953-1-wwasko@nvidia.com>
Date: Mon, 19 May 2025 18:30:32 +0300
From: Wojtek Wasko <wwasko@...dia.com>
To: richardcochran@...il.com,
vadim.fedorenko@...ux.dev,
kuba@...nel.org,
andrew@...n.ch,
gregkh@...uxfoundation.org
Cc: netdev@...r.kernel.org,
Wojtek Wasko <wwasko@...dia.com>
Subject: [PATCH v2] ptp: Add sysfs attribute to show PTP device is safe to open RO
Recent patches introduced in 6.15 implement permissions checks for PTP
clocks [1]. Prior to those, a process with readonly access could modify
the state of PTP devices, in particular the generation and consumption
of PPS signals. This security hole was not widely exposed as userspace
managing the ownership and permissions of PTP device nodes (e.g. udev)
typically disabled unprivileged access entirely as a stopgap workaround.
Although the security vulnerability has been fixed in the kernel,
userspace has no reliable way to detect whether the necessary
permissions checks are actually in place. As a result, it must continue
restricting PTP device permissions, even though unprivileged users can
now be granted readonly access.
There is little precedent for fixing device permissions security hole
covered by a long-standing userspace workaround. In previous cases where
device permission checks were tightened [2-4], there were no userspace
workarounds to remove/disable and so kernel fixes were applied silently
without notifying the userspace.
A possible solution that would not require new ABI is for userspace to
check the kernel version to detect whether the fix is in place. However,
this approach is unreliable and error-prone, especially if backports are
considered [5].
Add a readonly sysfs attribute to PTP clocks, "ro_safe", backed by a
static string.
[1] https://lore.kernel.org/netdev/20250303161345.3053496-1-wwasko@nvidia.com/
[2] https://lore.kernel.org/lkml/20070723145105.01b3acc3@the-village.bc.nu/
[3] https://lore.kernel.org/linux-mtd/20200716115346.GA1667288@kroah.com/
[4] https://lore.kernel.org/linux-mtd/20210303155735.25887-1-michael@walle.cc/
[5] https://github.com/systemd/systemd/pull/37302#issuecomment-2850510329
Changes in v2:
- Document the new sysfs node
Signed-off-by: Wojtek Wasko <wwasko@...dia.com>
---
Documentation/ABI/testing/sysfs-ptp | 8 ++++++++
drivers/ptp/ptp_sysfs.c | 3 +++
2 files changed, 11 insertions(+)
diff --git a/Documentation/ABI/testing/sysfs-ptp b/Documentation/ABI/testing/sysfs-ptp
index 9c317ac7c47a..1968199dcf1c 100644
--- a/Documentation/ABI/testing/sysfs-ptp
+++ b/Documentation/ABI/testing/sysfs-ptp
@@ -140,3 +140,11 @@ Description:
PPS events to the Linux PPS subsystem. To enable PPS
events, write a "1" into the file. To disable events,
write a "0" into the file.
+
+What: /sys/class/ptp/ptp<N>/ro_safe
+Date: May 2025
+Contact: Wojtek Wasko <wwasko@...dia.com>
+Description:
+ This read-only file conveys whether the kernel
+ implements necessary permissions checks to allow
+ safe readonly access to PTP devices.
diff --git a/drivers/ptp/ptp_sysfs.c b/drivers/ptp/ptp_sysfs.c
index 6b1b8f57cd95..763fc54cf267 100644
--- a/drivers/ptp/ptp_sysfs.c
+++ b/drivers/ptp/ptp_sysfs.c
@@ -28,6 +28,8 @@ static ssize_t max_phase_adjustment_show(struct device *dev,
}
static DEVICE_ATTR_RO(max_phase_adjustment);
+static DEVICE_STRING_ATTR_RO(ro_safe, 0444, "1\n");
+
#define PTP_SHOW_INT(name, var) \
static ssize_t var##_show(struct device *dev, \
struct device_attribute *attr, char *page) \
@@ -320,6 +322,7 @@ static DEVICE_ATTR_RW(max_vclocks);
static struct attribute *ptp_attrs[] = {
&dev_attr_clock_name.attr,
+ &dev_attr_ro_safe.attr.attr,
&dev_attr_max_adjustment.attr,
&dev_attr_max_phase_adjustment.attr,
--
2.43.5
Powered by blists - more mailing lists