On 7/11/2024 11:11 AM, Peter Gonda wrote:
+int sev_vm_launch_update(struct kvm_vm *vm, uint32_t policy) +{
struct userspace_mem_region *region;
int ctr, ret;
hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) {
ret = encrypt_region(vm, region, 0);
if (ret)
return ret;
} if (policy & SEV_POLICY_ES) vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL);
Adding the sev-es policy bit for negative testing is a bit confusing, but I guess it works. For negative testing should we be more explicit? Ditto for other usages of `policy` simply to toggle sev-es features.
You're right. Although it works because the way we want for negative testing it does go by exercising a different path meant for a different policy.
Maybe I can refactor the old code to all test for type instead like I have done with the rest of the patchset just so that we are more explicit. Would that fare any better?