Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp980837pxb; Fri, 15 Apr 2022 17:18:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzl5/ktSnJA25lVqVcY+sHNQZ2LYeFvnFaXMY3U3dB3HLh4TfcQX13c+0nLe1DPrJxATIkP X-Received: by 2002:a63:5061:0:b0:39c:d0da:677b with SMTP id q33-20020a635061000000b0039cd0da677bmr1062244pgl.599.1650068287751; Fri, 15 Apr 2022 17:18:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650068287; cv=none; d=google.com; s=arc-20160816; b=zxpbaybPSTUoM4Vy10UeJ/zJ0ke5ZGYoyl2v63868+p/1AaZ2b6c3745sLTWMcYQVX re9ZGbeUhVJ5SaABgkxLW8Nlh8GPAE3BfNL8r2aHN7p3SP0+TZeE/d/oBSo0j01XDNW4 /EKeLyxOKDlHupfqxScmYw/G1vrWpGp6HdfHI7ayGt7IZjLuloGG6M84TEifMI5ujO+6 KX0GXer7qLVhL1FQDUVogW4ucZSZHkvZNzZFsIqwkr4ZCeZrrr2eBosw/+xzcw4F8RVn jgx4zzKGjweTxMP3bFdw0ZP+AQevM/CiCtJ1/A5kD9W/DO3lSBE2+ImVPqt78bAwxn4p EllA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=rBexj3eQsZ3wqG1HL5nZa5jhi+e1ylFf5sIYb7x7L1I=; b=Qf4R/dQNGug9Nb34uWRCJjJggiAS5p4F16g+k8M0++VxJ0Kzp7bLjXOEad5XzdEg5a z+baOgGPciRy/9cNWhQAcgHs0JqS+EehPpdhKjgsQgtCLrur00Zw/md71ClTGY2tpdMt dmcrPDFQrrOC+tdxkA4YO0ovLX6OnoYlHtL54spzhToB5xdeAMMJU8Egt+8lW17wlU12 mAC4hFYoZXZDyt369R3kSsyYQ/OVdmX4e5ypQaVxF7H3r08LoXxEIltEIM6DsztJb5tg WART6oQFInQ8D9+/1yYuyghiKDwmAwjIQGvYFsXbcuIeXlGGnJ1iEY6y1Yd28xIptcX9 Rbww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="lyJP4p0/"; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id r14-20020a6560ce000000b0039924bbfdb7si2758866pgv.372.2022.04.15.17.18.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Apr 2022 17:18:07 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="lyJP4p0/"; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 67E74CD658; Fri, 15 Apr 2022 17:17:47 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1355810AbiDOQXZ (ORCPT + 99 others); Fri, 15 Apr 2022 12:23:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1354079AbiDOQXX (ORCPT ); Fri, 15 Apr 2022 12:23:23 -0400 Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 659B39E9E9 for ; Fri, 15 Apr 2022 09:20:54 -0700 (PDT) Received: by mail-lf1-x12c.google.com with SMTP id p10so14666401lfa.12 for ; Fri, 15 Apr 2022 09:20:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rBexj3eQsZ3wqG1HL5nZa5jhi+e1ylFf5sIYb7x7L1I=; b=lyJP4p0/jTYul0L7lAjkhp1x44jUqCwvtCr08WvTa6Wqh6aKOdBE87Mfec1WJaP2uE 4Dq4pu8IkavHpAxUT6GKabeIGzkQqgVuAIlfyToWC7pWqLSXwj2hE888qZJJu1Q3DAjN drPpFeFdvPi+4WmjvdD1BhjcgY+QaPsGSWhbIY1E+55M10pBPjDuH3w/p6j4/4X5wbeo G2u3zFHxaL/HxCuWzoiatweF31uhkMLF0xo2JrwPEPmdMiyIC6iB8C9jmBwRyoXaRB1H yoQR8IpsNm7npG5MUVn0g/jn9UhMb2yhQF6shscDSV0nKbJF/GnJQbk4bUOFo234pkR0 wcgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rBexj3eQsZ3wqG1HL5nZa5jhi+e1ylFf5sIYb7x7L1I=; b=Osd54YDw67ToQU9UXD2Qnp4+uDN7B7BOtMnu6PGzFCkF3wy9mPkuGbjUGIuNWkKvbh ubvxvg4CllW3IkgsVXFsCABZTmVgatRKjdZVPZelKKbJSAmwAEWl/JaSSnhPXzD8ki8R q93kk/Hsqvb9D7h8l/SklP+WuBVK2IHZMqkHw7WjK7UAzdkiQ3M6bU+zTJ5T/vkVAJJP hSDu2SvTUlcxGY/p3OrLA1g71KB+zC4EjL8R6taomlcdnC1HSYnJo6qZeP58ohcA0MFp kl+jr3pe93NcHS7FZrA/y0RJ/7CM088HfAt17l+cS/KcZfcP4afZxvFL5HMMsk+1oqGQ zjpg== X-Gm-Message-State: AOAM531oHZhLxMd+1xqXkp0ykT3kJLtIP8OODNyrvcp7iHnahxQl3/ce NLEMR4ku7Nf1Tj7XtaKIDOfAuSJ9Gx6ERlmwMGYzyg== X-Received: by 2002:a05:6512:687:b0:46b:8d08:36da with SMTP id t7-20020a056512068700b0046b8d0836damr5435405lfe.402.1650039652290; Fri, 15 Apr 2022 09:20:52 -0700 (PDT) MIME-Version: 1.0 References: <20220414162325.1830014-1-jackyli@google.com> In-Reply-To: From: Peter Gonda Date: Fri, 15 Apr 2022 10:20:40 -0600 Message-ID: Subject: Re: [PATCH v2] crypto: ccp - Fix the INIT_EX data file open failure To: Tom Lendacky Cc: Jacky Li , Brijesh Singh , John Allen , Herbert Xu , "David S. Miller" , Marc Orr , Alper Gun , Linux Crypto Mailing List , LKML Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 15, 2022 at 7:49 AM Tom Lendacky wrote: > > On 4/14/22 11:23, Jacky Li wrote: > > There are 2 common cases when INIT_EX data file might not be > > opened successfully and fail the sev initialization: > > > > 1. In user namespaces, normal user tasks (e.g. VMM) can change their > > current->fs->root to point to arbitrary directories. While > > init_ex_path is provided as a module param related to root file > > system. Solution: use the root directory of init_task to avoid > > accessing the wrong file. > > > > 2. Normal user tasks (e.g. VMM) don't have the privilege to access > > the INIT_EX data file. Solution: open the file as root and > > restore permissions immediately. > > > > Fixes: 3d725965f836 ("crypto: ccp - Add SEV_INIT_EX support") > > Signed-off-by: Jacky Li > > Reviewed-by: Peter Gonda > > Looks good, just a quick question. Should there be any type of access > checks before switching credentials? Should we check access to /dev/sev or > such? Or is the capability to load the module enough? I thought this was fine because regardless of if an admin sets psp_init_on_probe=true or false, their intention is that people who have rw access to /dev/sev can use the commands which require the PSP to be init. In the case of psp_init_on_probe=false only rw users can cause the file to be created. The case of psp_init_on_probe=true seems a little less clear to me but if a user can modprobe ccp that seems like sufficient privilege to create the file. What do you think, Tom?