Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp738720pxb;
        Wed, 13 Apr 2022 11:13:26 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxAUu+02hNN5VGy8hwqfJIiaAUdu5984CSzxvRI6DKfjCO/q9hK66q3yrsFJ2bUxLT7obCm
X-Received: by 2002:a63:d4f:0:b0:39d:4442:277a with SMTP id 15-20020a630d4f000000b0039d4442277amr14806177pgn.221.1649873604434;
        Wed, 13 Apr 2022 11:13:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649873604; cv=none;
        d=google.com; s=arc-20160816;
        b=r48ElI9APnW1j/hD3i7VB9+YCxrXP6W5IoSNs7FaWUAAvHOiQWmmqUnI5UDo6bH7JG
         kwNdiveO72WQKNz/sYZoQu1kjggMThPOVspZtq8JUNRL0ZOsHV4PW6jwJvOXTK1G5Jrt
         7h9vQqjWqWYFu36A5tgy0F4Jjto30C/DWuP1oDeNnsHcWWxYE+hN3vH7fDRAhJMcbbVb
         jIV9hNxDde8mxjz/D+ur0FZnza9kpB1M685JJ/gia1mLkG3GhStWXfEWMwQf0OQE135b
         T1sIpPX1+6gU4Vz/ThlbnYtzZXKFHjno1oBrITbQwQK5GgQZFOJEkofTZcvw5mNCHFDv
         BWqw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=tgBA8s4Eh6rvde/t7B0/fiNRuz5n6J6jdeQ265aYyH8=;
        b=EEP6+mOQER9LqorD5DyN01MAOiI11IwuJ7uBaVKAFArDWz7UBXrbtkBpa10WuPrxUl
         ZIeovo29/HMGojHAJorO8LNRJEWUexouHNNAiZy8oCt8YN1oOTK3VuItjwpBT/Qai/rg
         zvuAaTFkxKZqF1aq7b2rG0SpE6y3+OE+5+tRFqE22WaVvbRfHoB8vSunjXBwytuftY2O
         kgQOKiDoqngiI3UJ1/TmWEgacIg4dvBV1s+gm5mNS/gAhATYX+hT+XmjtsUClcSfpjvn
         e7XOyLsccALA5nAPaYCbNZrtoqAPiMMc4L9lUNq+Z39bnFq9STlQ7MCKQSXARTSIlSfU
         UUeg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=kpmOrV+K;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id l12-20020a635b4c000000b00382274f6ae9si6054560pgm.589.2022.04.13.11.13.06;
        Wed, 13 Apr 2022 11:13:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=kpmOrV+K;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236449AbiDMPms (ORCPT <rfc822;arunks.linux@gmail.com>
        + 99 others); Wed, 13 Apr 2022 11:42:48 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52106 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232984AbiDMPmr (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 13 Apr 2022 11:42:47 -0400
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B159141F8A
        for <linux-kernel@vger.kernel.org>; Wed, 13 Apr 2022 08:40:25 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id u19so2668770ljd.11
        for <linux-kernel@vger.kernel.org>; Wed, 13 Apr 2022 08:40:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=tgBA8s4Eh6rvde/t7B0/fiNRuz5n6J6jdeQ265aYyH8=;
        b=kpmOrV+KZsPfrkWLBVvU4FwmIyr5wmmpmnDQAUsPiQQOu16NkeZ2WtuBiM882G6/VU
         A6IyFgCWKc7DSGfE4MdQa1eczopD6TLLAIsjH4fnvhiIoRPkdVCl/92a4jVosMZOnVvb
         bTsEKLTuk/zR7e+Do+VVY0voHVMqBsnvtFViju+GZc0XutmNUncDv+N+pwW3K+ZZkA1Z
         y7SBT+/fdHZUPctOpOR/m1oD0SfcuBD7/N8kub9/clKXEeDyPGEouM3iu3OUJdnSmj1b
         U6oezOy5k6nJWprUM1vzUZp5ykPBOy7tUoN93D76aB2uqOFX6ldZbWpMm4ziIHaa2hdX
         JqYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=tgBA8s4Eh6rvde/t7B0/fiNRuz5n6J6jdeQ265aYyH8=;
        b=Y5JEWuTduvvhBG5Dawv0qmx/xN1TOER30PCspbh6r+b6BuVYygi6E1AyWg8sgReiTK
         FhxbcKaPpwOvD0O+xIVLvLlwiWhu0LuUd8tzLCUKPKFqc7Vev5jPhp+kpyy6PeYK3VtB
         M9z5kPKDUKpGDMZUHXFRLRFeuNibDTu8hWXoDFXDr0CmbOADOYVqUTHD2EPEsBrR4cT6
         yRc2OiOWvK47+FYHOL+1hJ73pQeYOgTFlcWSr0gMypPzS4X/5vT6lLKW1KKxmHZVc3l6
         4N2pfB2SXT6qTtfdUcO19mAUtGJqKMcSc6rBQ65ZTcW0F12Hee5bWbA0pMo6qtm/mCfX
         41Hg==
X-Gm-Message-State: AOAM533ZOjTJAd/V65cvU6C9RbqYyGHmnQ16y4AzSKmRrDutgnZ0w1PY
        jqzCpFhIB2xbWHjak0UwwEpVRhrDasOlV0jwyDZa7A==
X-Received: by 2002:a2e:9017:0:b0:24b:6502:d63c with SMTP id
 h23-20020a2e9017000000b0024b6502d63cmr8831954ljg.426.1649864423326; Wed, 13
 Apr 2022 08:40:23 -0700 (PDT)
MIME-Version: 1.0
References: <20220411180006.4187548-1-jackyli@google.com>
In-Reply-To: <20220411180006.4187548-1-jackyli@google.com>
From:   Peter Gonda <pgonda@google.com>
Date:   Wed, 13 Apr 2022 09:40:12 -0600
Message-ID: <CAMkAt6rzVmi6iFM_phsCEtb1c-r2PYL9SYwSGX6JqWARnDWgWw@mail.gmail.com>
Subject: Re: [PATCH] crypto: ccp - Fix the INIT_EX data file open failure
To:     Jacky Li <jackyli@google.com>
Cc:     Brijesh Singh <brijesh.singh@amd.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        John Allen <john.allen@amd.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        Marc Orr <marcorr@google.com>, Alper Gun <alpergun@google.com>,
        Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
        ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,
        T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Apr 11, 2022 at 12:00 PM Jacky Li <jackyli@google.com> wrote:
>
> There are 2 common cases when INIT_EX data file might not be
> opened successfully and fail the sev initialization:
>
> 1. In user namespaces, normal user tasks (e.g. VMM) can change their
>    current->fs->root to point to arbitrary directories. While
>    init_ex_path is provided as a module param related to root file
>    system. Solution: use the root directory of init_task to avoid
>    accessing the wrong file.
>
> 2. Normal user tasks (e.g. VMM) don't have the privilege to access
>    the INIT_EX data file. Solution: open the file as root and
>    restore permissions immediately.
>
> Signed-off-by: Jacky Li <jackyli@google.com>

Reviewed-by: Peter Gonda <pgonda@google.com>

Agreed about the fixes tag.