| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <47783816-ff18-4ae0-a1c8-b81df6d2f4ef@amd.com> Date: Tue, 12 Aug 2025 14:38:46 -0500 From: "Kalra, Ashish" <ashish.kalra@....com> To: Kim Phillips <kim.phillips@....com>, Tom Lendacky <thomas.lendacky@....com>, corbet@....net, seanjc@...gle.com, pbonzini@...hat.com, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com, john.allen@....com, herbert@...dor.apana.org.au, davem@...emloft.net, akpm@...ux-foundation.org, rostedt@...dmis.org, paulmck@...nel.org Cc: nikunj@....com, Neeraj.Upadhyay@....com, aik@....com, ardb@...nel.org, michael.roth@....com, arnd@...db.de, linux-doc@...r.kernel.org, linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org, kvm@...r.kernel.org Subject: Re: [PATCH v7 7/7] KVM: SEV: Add SEV-SNP CipherTextHiding support On 8/12/2025 2:11 PM, Kim Phillips wrote: > > > On 8/12/25 1:52 PM, Kalra, Ashish wrote: >> >> On 8/12/2025 1:40 PM, Kim Phillips wrote: >> >>>>> It's not as immediately obvious that it needs to (0 < x < minimum SEV ASID 100). >>>>> OTOH, if the user inputs "ciphertext_hiding_asids=0x1", they now see: >>>>> >>>>> kvm_amd: invalid ciphertext_hiding_asids "0x1" or !(0 < 99 < minimum SEV ASID 100) >>>>> >>>>> which - unlike the original v7 code - shows the user that the '0x1' was not interpreted as a number at all: thus the 99 in the latter condition. >>>> This is incorrect, as 0 < 99 < minimum SEV ASID 100 is a valid condition! >>> Precisely, meaning it's the '0x' in '0x1' that's the "invalid" part. >>> >>>> And how can user input of 0x1, result in max_snp_asid == 99 ? >>> It doesn't, again, the 0x is the invalid part. >>> >>>> This is the issue with combining the checks and emitting a combined error message: >>>> >>>> Here, kstroint(0x1) fails with -EINVAL and so, max_snp_asid remains set to 99 and then the combined error conveys a wrong information : >>>> !(0 < 99 < minimum SEV ASID 100) >>> It's not, it says it's *OR* that condition. >> To me this is wrong as >> !(0 < 99 < minimum SEV ASID 100) is simply not a correct statement! > > The diff I provided emits exactly this: > > kvm_amd: invalid ciphertext_hiding_asids "0x1" or !(0 < 99 < minimum SEV ASID 100) > > > which means *EITHER*: > > invalid ciphertext_hiding_asids "0x1" > > *OR* > > !(0 < 99 < minimum SEV ASID 100) > > but since the latter is 'true', the user is pointed to the former > "0x1" as being the interpretation problem. > > Would adding the word "Either" help?: > > kvm_amd: Either invalid ciphertext_hiding_asids "0x1", or !(0 < 99 < minimum SEV ASID 100) > > ? No, i simply won't put an invalid expression out there: !(0 < 99 < minimum SEV ASID 100) > > If not, feel free to separate them: the code is still much cleaner. > Separating the checks will make the code not very different from the original function, so i am going to keep the original code. Thanks, Ashish > Thanks, > > Kim >
Powered by blists - more mailing lists