> +int sev_vm_launch_update(struct kvm_vm *vm, uint32_t policy)
> +{
> + struct userspace_mem_region *region;
> + int ctr, ret;
>
> + hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) {
> + ret = encrypt_region(vm, region, 0);
> + if (ret)
> + return ret;
> + }
> if (policy & SEV_POLICY_ES)
> vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL);
Adding the sev-es policy bit for negative testing is a bit confusing,
but I guess it works. For negative testing should we be more explicit?
Ditto for other usages of `policy` simply to toggle sev-es features.
