diff options
| author | Jacky Li <jackyli@google.com> | 2022-04-14 16:23:25 +0000 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2022-04-29 13:44:57 +0800 |
| commit | 05def5cacfa0bd5ba380116046747da07ff5bd78 (patch) | |
| tree | c2cdb42364cf79bedd7184a39051786c96bbf914 /fs/nls/mac-roman.c | |
| parent | c6d3ffae0d3229e06097f2790f459c96fca5e367 (diff) | |
| download | linux-next-05def5cacfa0bd5ba380116046747da07ff5bd78.tar.gz | |
crypto: ccp - Fix the INIT_EX data file open failure
There are 2 common cases when INIT_EX data file might not be
opened successfully and fail the sev initialization:
1. In user namespaces, normal user tasks (e.g. VMM) can change their
current->fs->root to point to arbitrary directories. While
init_ex_path is provided as a module param related to root file
system. Solution: use the root directory of init_task to avoid
accessing the wrong file.
2. Normal user tasks (e.g. VMM) don't have the privilege to access
the INIT_EX data file. Solution: open the file as root and
restore permissions immediately.
Fixes: 3d725965f836 ("crypto: ccp - Add SEV_INIT_EX support")
Signed-off-by: Jacky Li <jackyli@google.com>
Reviewed-by: Peter Gonda <pgonda@google.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'fs/nls/mac-roman.c')
0 files changed, 0 insertions, 0 deletions