[v2] fs,kthread: start all kthreads in nullfs

[PATCH RFC v2 04/23] crypto: ccp: use scoped_with_init_fs() for SEV file access

Posted by Christian Brauner 1 month ago

Replace the manual init_task root retrieval with scoped_with_init_fs()
to temporarily override current->fs. This allows using the simpler
filp_open() instead of the init_root() + file_open_root() pattern.

open_file_as_root() ← sev_read_init_ex_file() / sev_write_init_ex_file()
← sev_platform_init() ← __sev_guest_init() ← KVM ioctl — user process context

Needs init's root because the SEV init_ex file path should resolve
against the real root, not a KVM user's chroot.

Signed-off-by: Christian Brauner <brauner@kernel.org>
---
 drivers/crypto/ccp/sev-dev.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 096f993974d1..4320054da0f6 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -260,20 +260,16 @@ static int sev_cmd_buffer_len(int cmd)
 
 static struct file *open_file_as_root(const char *filename, int flags, umode_t mode)
 {
-	struct path root __free(path_put) = {};
-
-	task_lock(&init_task);
-	get_fs_root(init_task.fs, &root);
-	task_unlock(&init_task);
-
 	CLASS(prepare_creds, cred)();
 	if (!cred)
 		return ERR_PTR(-ENOMEM);
 
 	cred->fsuid = GLOBAL_ROOT_UID;
 
-	scoped_with_creds(cred)
-		return file_open_root(&root, filename, flags, mode);
+	scoped_with_init_fs() {
+		scoped_with_creds(cred)
+			return filp_open(filename, flags, mode);
+	}
 }
 
 static int sev_read_init_ex_file(void)

-- 
2.47.3

Re: [PATCH RFC v2 04/23] crypto: ccp: use scoped_with_init_fs() for SEV file access

Posted by Jann Horn 1 month ago

On Fri, Mar 6, 2026 at 12:30 AM Christian Brauner <brauner@kernel.org> wrote:
> Replace the manual init_task root retrieval with scoped_with_init_fs()
> to temporarily override current->fs. This allows using the simpler
> filp_open() instead of the init_root() + file_open_root() pattern.
>
> open_file_as_root() ← sev_read_init_ex_file() / sev_write_init_ex_file()
> ← sev_platform_init() ← __sev_guest_init() ← KVM ioctl — user process context
>
> Needs init's root because the SEV init_ex file path should resolve
> against the real root, not a KVM user's chroot.
>
> Signed-off-by: Christian Brauner <brauner@kernel.org>
> ---
>  drivers/crypto/ccp/sev-dev.c | 12 ++++--------
>  1 file changed, 4 insertions(+), 8 deletions(-)
>
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index 096f993974d1..4320054da0f6 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -260,20 +260,16 @@ static int sev_cmd_buffer_len(int cmd)
>
>  static struct file *open_file_as_root(const char *filename, int flags, umode_t mode)
>  {
> -       struct path root __free(path_put) = {};
> -
> -       task_lock(&init_task);
> -       get_fs_root(init_task.fs, &root);
> -       task_unlock(&init_task);
> -
>         CLASS(prepare_creds, cred)();
>         if (!cred)
>                 return ERR_PTR(-ENOMEM);
>
>         cred->fsuid = GLOBAL_ROOT_UID;
>
> -       scoped_with_creds(cred)
> -               return file_open_root(&root, filename, flags, mode);
> +       scoped_with_init_fs() {
> +               scoped_with_creds(cred)
> +                       return filp_open(filename, flags, mode);
> +       }

This patch, along with the others that start using
scoped_with_init_fs, should probably go closer to the end of the
series? As-is, if someone bisects to just after this patch, SEV will
be in a broken state where it wrongly looks up a file from the process
root.

Re: [PATCH RFC v2 04/23] crypto: ccp: use scoped_with_init_fs() for SEV file access

Posted by Christian Brauner 1 month ago

On Mon, Mar 09, 2026 at 04:37:44PM +0100, Jann Horn wrote:
> On Fri, Mar 6, 2026 at 12:30 AM Christian Brauner <brauner@kernel.org> wrote:
> > Replace the manual init_task root retrieval with scoped_with_init_fs()
> > to temporarily override current->fs. This allows using the simpler
> > filp_open() instead of the init_root() + file_open_root() pattern.
> >
> > open_file_as_root() ← sev_read_init_ex_file() / sev_write_init_ex_file()
> > ← sev_platform_init() ← __sev_guest_init() ← KVM ioctl — user process context
> >
> > Needs init's root because the SEV init_ex file path should resolve
> > against the real root, not a KVM user's chroot.
> >
> > Signed-off-by: Christian Brauner <brauner@kernel.org>
> > ---
> >  drivers/crypto/ccp/sev-dev.c | 12 ++++--------
> >  1 file changed, 4 insertions(+), 8 deletions(-)
> >
> > diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> > index 096f993974d1..4320054da0f6 100644
> > --- a/drivers/crypto/ccp/sev-dev.c
> > +++ b/drivers/crypto/ccp/sev-dev.c
> > @@ -260,20 +260,16 @@ static int sev_cmd_buffer_len(int cmd)
> >
> >  static struct file *open_file_as_root(const char *filename, int flags, umode_t mode)
> >  {
> > -       struct path root __free(path_put) = {};
> > -
> > -       task_lock(&init_task);
> > -       get_fs_root(init_task.fs, &root);
> > -       task_unlock(&init_task);
> > -
> >         CLASS(prepare_creds, cred)();
> >         if (!cred)
> >                 return ERR_PTR(-ENOMEM);
> >
> >         cred->fsuid = GLOBAL_ROOT_UID;
> >
> > -       scoped_with_creds(cred)
> > -               return file_open_root(&root, filename, flags, mode);
> > +       scoped_with_init_fs() {
> > +               scoped_with_creds(cred)
> > +                       return filp_open(filename, flags, mode);
> > +       }
> 
> This patch, along with the others that start using
> scoped_with_init_fs, should probably go closer to the end of the
> series? As-is, if someone bisects to just after this patch, SEV will
> be in a broken state where it wrongly looks up a file from the process
> root.

Oh yeah, that's dumb. I think the fix is to simply grab init_task.fs and
use that until the series is done. Then it's 1:1 for all callers. Thanks
for spotting that!