Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp148921pxb;
        Mon, 11 Apr 2022 21:30:06 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw9DgzrueJMnYLiVUpdJsxPfyd3+hjgBpgKMOXvbQ194cP7Xwc3axOrZfwfXcz+xfrTlO6F
X-Received: by 2002:a17:907:a42a:b0:6e7:c4b2:50b5 with SMTP id sg42-20020a170907a42a00b006e7c4b250b5mr33751986ejc.138.1649737805842;
        Mon, 11 Apr 2022 21:30:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649737805; cv=none;
        d=google.com; s=arc-20160816;
        b=u4LCUryXmOyuJmT5DRcl9ZJNxZZfs3GeeMKrmiI8nxGVCLfksgIkD+VgKrcbeNFV8j
         TwVcIoWoyZUqed/gTFZDULvymoXuBKDDa6fPsB/SZsIjDCgAs81alcfjP3bONRS+URGk
         YPwWI8GEzhBiQsacLikOHehdDB5SdJiySsfNZyf4PH0nBvAF/WAmhgK95DczCz80OZgw
         87MotIJ1LEsW9sYW1kdUclQkH4lt37hSpmmynjQpygBkrywJcjbWTXWAPXgcfXV57z+t
         OiUxgnRRH7Zw+AyPVWWJlkl9g5yx8Mvi/W1gTVrB+S7WYxLW0iWaew46MnhW+GrYh10f
         pErw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=ctsBGHHI9fHwwFQuTHX2ntOMJxKsTa2iIDRP2hXt+D0=;
        b=JsZe3xCtsqf+SHu/BKQAvd82zLjG3mG9VWmYm35zw7KNu8BVdjVVemgG8sN/MSuqg2
         trDAi2iOHLTD/HztvHk9Z7DS2+mF7/hERIWoRYrCcr8NGIitLW1ueTOt9n8VdAyZJ9ij
         UMYRDAg/kqEs89dmff73M0lQrchXJuuI7dwl/wqZP4CzghHRWd+4mVdtStPx6Pur7cvw
         jWgLgIsvYeaIBD8qvD6eQRVsr+W0/4DONugetTe34+VLvI+P+KiyhKA3KMZUlwx3JaBb
         WHlwMmqJL35xTKYniEL62jmkF9uMj6tKYbYd2DKanbtlOIgezCaX/6B8WQEjrEOt8mLZ
         2EEQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b="slGV0/Ar";
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id z22-20020a05640240d600b0041d76c3b504si5727093edb.545.2022.04.11.21.29.27;
        Mon, 11 Apr 2022 21:30:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b="slGV0/Ar";
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1349605AbiDKTiK (ORCPT <rfc822;benevolent.opressor@gmail.com>
        + 99 others); Mon, 11 Apr 2022 15:38:10 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43864 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230134AbiDKTiJ (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Mon, 11 Apr 2022 15:38:09 -0400
Received: from mail-yb1-xb36.google.com (mail-yb1-xb36.google.com [IPv6:2607:f8b0:4864:20::b36])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A8A213F0C
        for <linux-crypto@vger.kernel.org>; Mon, 11 Apr 2022 12:35:54 -0700 (PDT)
Received: by mail-yb1-xb36.google.com with SMTP id t67so12530750ybi.2
        for <linux-crypto@vger.kernel.org>; Mon, 11 Apr 2022 12:35:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=ctsBGHHI9fHwwFQuTHX2ntOMJxKsTa2iIDRP2hXt+D0=;
        b=slGV0/Ar19gJuMe7YfVJmI0gWO/MmehfBZr/e3d8u1vwMKQDfD1ZQ7zU9cj9fDFuwp
         wqKkiOUS43bCN4vuYG4V4ux9AgeWG2YzhWrq2NzRnZI5RvWLZudhZiPAxOVSdD2v434n
         cbC2aypUD7NBboBMLUhKyfxLHZXWERTa1uM6W7zwJjsd40XAmUZ+0evN2w6RDLBrYZgu
         bCJEyWbyvNnzOIg+xNefryDdGUVEikcChZsvnbox/NIowRGnvZk7b9YypdOcXQjCcAz+
         qqhXlFPRSyNA47L2ge11qrzzytK2u/YbkE5j/RtysNa8mvW8dlOPXsy5sFU2cjxrUX0w
         rPgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=ctsBGHHI9fHwwFQuTHX2ntOMJxKsTa2iIDRP2hXt+D0=;
        b=rCLZszVGb5WsmfE4soq4brv6kjjGHYm6HLGNnH+QPO99+zEHhDohBwUb+YafBsGacV
         Oybiv6hjH+gf1OoOqqXQC8XwaLP84LPNY3AecRNxaUn0PiNRyhMNm+5EF1/6T/yg3+Qb
         /DYY52F3I79n0hdQ2iq3UpP0wiXf5b6qNdVdJmytpTK8UrtpYWtbqLGe1pwE19jEJHuc
         Br6UqSwJmY5crCI6yIESJQBaIBNUGbqmT9ahB/5MTOMzIkE0gKizXwdOLxkrbDJ0CZ5g
         dT++xs/yrqTmcK7n24lqMx84Ky2Y+F6/TwKaaZky/ypUqYB+2iktIX2IQYIkmERKapOI
         HPEA==
X-Gm-Message-State: AOAM532OVxY0grk43fBmIrTRmkMz85Zmv7/1VhVnCUWKtcmxErClGy8G
        gkzsgmH7a3AXf2ZIFnTg0U5Ces7C2XteV2Fx3Cxn
X-Received: by 2002:a05:6902:706:b0:641:5f7d:8ff2 with SMTP id
 k6-20020a056902070600b006415f7d8ff2mr5176516ybt.80.1649705753449; Mon, 11 Apr
 2022 12:35:53 -0700 (PDT)
MIME-Version: 1.0
References: <20220411180006.4187548-1-jackyli@google.com> <4278ae8b-eb87-06ac-43af-41a1c741f9a9@amd.com>
In-Reply-To: <4278ae8b-eb87-06ac-43af-41a1c741f9a9@amd.com>
From:   Jacky Li <jackyli@google.com>
Date:   Mon, 11 Apr 2022 12:35:42 -0700
Message-ID: <CAJxe5cvAq9+FVfHrCMkN-re9v_v33FZNVsT6b1NyVZb8bdcC8w@mail.gmail.com>
Subject: Re: [PATCH] crypto: ccp - Fix the INIT_EX data file open failure
To:     Tom Lendacky <thomas.lendacky@amd.com>
Cc:     Brijesh Singh <brijesh.singh@amd.com>,
        John Allen <john.allen@amd.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        Marc Orr <marcorr@google.com>, Alper Gun <alpergun@google.com>,
        Peter Gonda <pgonda@google.com>, linux-crypto@vger.kernel.org,
        linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
        ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,
        T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Mon, Apr 11, 2022 at 11:58 AM Tom Lendacky <thomas.lendacky@amd.com> wrote:
>
> On 4/11/22 13:00, Jacky Li wrote:
> > There are 2 common cases when INIT_EX data file might not be
> > opened successfully and fail the sev initialization:
> >
> > 1. In user namespaces, normal user tasks (e.g. VMM) can change their
> >     current->fs->root to point to arbitrary directories. While
> >     init_ex_path is provided as a module param related to root file
> >     system. Solution: use the root directory of init_task to avoid
> >     accessing the wrong file.
> >
> > 2. Normal user tasks (e.g. VMM) don't have the privilege to access
> >     the INIT_EX data file. Solution: open the file as root and
> >     restore permissions immediately.
> >
> > Signed-off-by: Jacky Li <jackyli@google.com>
>
> Should this have a Fixes: tag?

Yes you are right, will add the Fixes: tag in v2.

Thanks,
Jacky

>
> Thanks,
> Tom