Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/drivers/crypto/ccp
History
Jacky Li 05def5cacf crypto: ccp - Fix the INIT_EX data file open failure 
There are 2 common cases when INIT_EX data file might not be
opened successfully and fail the sev initialization:

1. In user namespaces, normal user tasks (e.g. VMM) can change their
   current->fs->root to point to arbitrary directories. While
   init_ex_path is provided as a module param related to root file
   system. Solution: use the root directory of init_task to avoid
   accessing the wrong file.

2. Normal user tasks (e.g. VMM) don't have the privilege to access
   the INIT_EX data file. Solution: open the file as root and
   restore permissions immediately.

Fixes: 3d725965f8 ("crypto: ccp - Add SEV_INIT_EX support")
Signed-off-by: Jacky Li <jackyli@google.com>
Reviewed-by: Peter Gonda <pgonda@google.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
 		2022-04-29 13:44:57 +08:00
..
Kconfig
Makefile
ccp-crypto-aes-cmac.c
ccp-crypto-aes-galois.c
ccp-crypto-aes-xts.c
ccp-crypto-aes.c
ccp-crypto-des3.c
ccp-crypto-main.c
ccp-crypto-rsa.c
ccp-crypto-sha.c
ccp-crypto.h
ccp-debugfs.c
ccp-dev-v3.c
ccp-dev-v5.c
ccp-dev.c
ccp-dev.h
ccp-dmaengine.c
ccp-ops.c
psp-dev.c
psp-dev.h
sev-dev.c
sev-dev.h
sp-dev.c
sp-dev.h
sp-pci.c
sp-platform.c
tee-dev.c
tee-dev.h