Re: [PATCH RFC v2 04/23] crypto: ccp: use scoped_with_init_fs() for SEV file access

[Christian Brauner]

On Mon, Mar 09, 2026 at 04:37:44PM +0100, Jann Horn wrote:
> On Fri, Mar 6, 2026 at 12:30 AM Christian Brauner <brauner@xxxxxxxxxx> wrote:
> > Replace the manual init_task root retrieval with scoped_with_init_fs()
> > to temporarily override current->fs. This allows using the simpler
> > filp_open() instead of the init_root() + file_open_root() pattern.
> >
> > open_file_as_root() ← sev_read_init_ex_file() / sev_write_init_ex_file()
> > ← sev_platform_init() ← __sev_guest_init() ← KVM ioctl — user process context
> >
> > Needs init's root because the SEV init_ex file path should resolve
> > against the real root, not a KVM user's chroot.
> >
> > Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx>
> > ---
> >  drivers/crypto/ccp/sev-dev.c | 12 ++++--------
> >  1 file changed, 4 insertions(+), 8 deletions(-)
> >
> > diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> > index 096f993974d1..4320054da0f6 100644
> > --- a/drivers/crypto/ccp/sev-dev.c
> > +++ b/drivers/crypto/ccp/sev-dev.c
> > @@ -260,20 +260,16 @@ static int sev_cmd_buffer_len(int cmd)
> >
> >  static struct file *open_file_as_root(const char *filename, int flags, umode_t mode)
> >  {
> > -       struct path root __free(path_put) = {};
> > -
> > -       task_lock(&init_task);
> > -       get_fs_root(init_task.fs, &root);
> > -       task_unlock(&init_task);
> > -
> >         CLASS(prepare_creds, cred)();
> >         if (!cred)
> >                 return ERR_PTR(-ENOMEM);
> >
> >         cred->fsuid = GLOBAL_ROOT_UID;
> >
> > -       scoped_with_creds(cred)
> > -               return file_open_root(&root, filename, flags, mode);
> > +       scoped_with_init_fs() {
> > +               scoped_with_creds(cred)
> > +                       return filp_open(filename, flags, mode);
> > +       }
> 
> This patch, along with the others that start using
> scoped_with_init_fs, should probably go closer to the end of the
> series? As-is, if someone bisects to just after this patch, SEV will
> be in a broken state where it wrongly looks up a file from the process
> root.

Oh yeah, that's dumb. I think the fix is to simply grab init_task.fs and
use that until the series is done. Then it's 1:1 for all callers. Thanks
for spotting that!