+int sev_vm_launch_update(struct kvm_vm *vm, uint32_t policy) +{
struct userspace_mem_region *region;
int ctr, ret;
hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) {
ret = encrypt_region(vm, region, 0);
if (ret)
return ret;
} if (policy & SEV_POLICY_ES) vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL);
Adding the sev-es policy bit for negative testing is a bit confusing, but I guess it works. For negative testing should we be more explicit? Ditto for other usages of `policy` simply to toggle sev-es features.