On 7/11/2024 11:11 AM, Peter Gonda wrote:
>> +int sev_vm_launch_update(struct kvm_vm *vm, uint32_t policy)
>> +{
>> + struct userspace_mem_region *region;
>> + int ctr, ret;
>>
>> + hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) {
>> + ret = encrypt_region(vm, region, 0);
>> + if (ret)
>> + return ret;
>> + }
>> if (policy & SEV_POLICY_ES)
>> vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL);
>
> Adding the sev-es policy bit for negative testing is a bit confusing,
> but I guess it works. For negative testing should we be more explicit?
> Ditto for other usages of `policy` simply to toggle sev-es features.
You're right. Although it works because the way we want for negative
testing it does go by exercising a different path meant for a different
policy.
Maybe I can refactor the old code to all test for type instead like I
have done with the rest of the patchset just so that we are more
explicit. Would that fare any better?
