Re: [PATCH v7 7/7] KVM: SEV: Add SEV-SNP CipherTextHiding support

[Kalra, Ashish]

On 8/12/2025 1:40 PM, Kim Phillips wrote:

>>
>>> It's not as immediately obvious that it needs to (0 < x < minimum SEV ASID 100).
>>> OTOH, if the user inputs "ciphertext_hiding_asids=0x1", they now see:
>>>
>>>       kvm_amd: invalid ciphertext_hiding_asids "0x1" or !(0 < 99 < minimum SEV ASID 100)
>>>
>>> which - unlike the original v7 code - shows the user that the '0x1' was not interpreted as a number at all: thus the 99 in the latter condition.
>> This is incorrect, as 0 < 99 < minimum SEV ASID 100 is a valid condition!
> 
> Precisely, meaning it's the '0x' in '0x1' that's the "invalid" part.
> 
>> And how can user input of 0x1, result in max_snp_asid == 99 ?
> 
> It doesn't, again, the 0x is the invalid part.
> 
>> This is the issue with combining the checks and emitting a combined error message:
>>
>> Here, kstroint(0x1) fails with -EINVAL and so, max_snp_asid remains set to 99 and then the combined error conveys a wrong information :
>> !(0 < 99 < minimum SEV ASID 100)
> 
> It's not, it says it's *OR* that condition.

To me this is wrong as 
!(0 < 99 < minimum SEV ASID 100) is simply not a correct statement!

Thanks,
Ashish 

> 
>> The original message is much simpler to understand and correct too:
>> Module parameter ciphertext_hiding_asids (-1) invalid
>