Re: [PATCH RFC v2 04/23] crypto: ccp: use scoped_with_init_fs() for SEV file access

[Jann Horn]

On Fri, Mar 6, 2026 at 12:30 AM Christian Brauner <brauner@xxxxxxxxxx> wrote:
> Replace the manual init_task root retrieval with scoped_with_init_fs()
> to temporarily override current->fs. This allows using the simpler
> filp_open() instead of the init_root() + file_open_root() pattern.
>
> open_file_as_root() ← sev_read_init_ex_file() / sev_write_init_ex_file()
> ← sev_platform_init() ← __sev_guest_init() ← KVM ioctl — user process context
>
> Needs init's root because the SEV init_ex file path should resolve
> against the real root, not a KVM user's chroot.
>
> Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx>
> ---
>  drivers/crypto/ccp/sev-dev.c | 12 ++++--------
>  1 file changed, 4 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index 096f993974d1..4320054da0f6 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -260,20 +260,16 @@ static int sev_cmd_buffer_len(int cmd)
>
>  static struct file *open_file_as_root(const char *filename, int flags, umode_t mode)
>  {
> -       struct path root __free(path_put) = {};
> -
> -       task_lock(&init_task);
> -       get_fs_root(init_task.fs, &root);
> -       task_unlock(&init_task);
> -
>         CLASS(prepare_creds, cred)();
>         if (!cred)
>                 return ERR_PTR(-ENOMEM);
>
>         cred->fsuid = GLOBAL_ROOT_UID;
>
> -       scoped_with_creds(cred)
> -               return file_open_root(&root, filename, flags, mode);
> +       scoped_with_init_fs() {
> +               scoped_with_creds(cred)
> +                       return filp_open(filename, flags, mode);
> +       }

This patch, along with the others that start using
scoped_with_init_fs, should probably go closer to the end of the
series? As-is, if someone bisects to just after this patch, SEV will
be in a broken state where it wrongly looks up a file from the process
root.