Re: [PATCH v7 7/7] KVM: SEV: Add SEV-SNP CipherTextHiding support

[Kim Phillips]

On 8/12/25 1:52 PM, Kalra, Ashish wrote:
> On 8/12/2025 1:40 PM, Kim Phillips wrote:
>
> > > > It's not as immediately obvious that it needs to (0 < x < minimum SEV ASID 100).
> > > > OTOH, if the user inputs "ciphertext_hiding_asids=0x1", they now see:
> > > >
> > > >        kvm_amd: invalid ciphertext_hiding_asids "0x1" or !(0 < 99 < minimum SEV ASID 100)
> > > >
> > > > which - unlike the original v7 code - shows the user that the '0x1' was not interpreted as a number at all: thus the 99 in the latter condition.
> > > This is incorrect, as 0 < 99 < minimum SEV ASID 100 is a valid condition!
> > Precisely, meaning it's the '0x' in '0x1' that's the "invalid" part.
> >
> > > And how can user input of 0x1, result in max_snp_asid == 99 ?
> > It doesn't, again, the 0x is the invalid part.
> >
> > > This is the issue with combining the checks and emitting a combined error message:
> > >
> > > Here, kstroint(0x1) fails with -EINVAL and so, max_snp_asid remains set to 99 and then the combined error conveys a wrong information :
> > > !(0 < 99 < minimum SEV ASID 100)
> > It's not, it says it's *OR* that condition.
> To me this is wrong as
> !(0 < 99 < minimum SEV ASID 100) is simply not a correct statement!

The diff I provided emits exactly this:

kvm_amd: invalid ciphertext_hiding_asids "0x1" or !(0 < 99 < minimum SEV ASID 100)


which means *EITHER*:

invalid ciphertext_hiding_asids "0x1"

*OR*

!(0 < 99 < minimum SEV ASID 100)

but since the latter is 'true', the user is pointed to the former
"0x1" as being the interpretation problem.

Would adding the word "Either" help?:

kvm_amd: Either invalid ciphertext_hiding_asids "0x1", or !(0 < 99 < minimum SEV ASID 100)

?

If not, feel free to separate them: the code is still much cleaner.

Thanks,

Kim