From nobody Fri May  3 18:00:59 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1633516222472364.1776462769128;
 Wed, 6 Oct 2021 03:30:22 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-319-Kje8zxysOL2Xd5hiyQYtZA-1; Wed, 06 Oct 2021 06:30:20 -0400
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1AB81802C92;
	Wed,  6 Oct 2021 10:30:15 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id EF3F62B399;
	Wed,  6 Oct 2021 10:30:14 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id AE0EE1832DD2;
	Wed,  6 Oct 2021 10:30:14 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
	[10.11.54.5])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 196AJ57C024910 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 6 Oct 2021 06:19:05 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 6CC0B1132B; Wed,  6 Oct 2021 10:19:05 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 6240C7AF6
	for <libvir-list@redhat.com>; Wed,  6 Oct 2021 10:19:02 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7A589811E7A
	for <libvir-list@redhat.com>; Wed,  6 Oct 2021 10:19:02 +0000 (UTC)
Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-176-7cJMHbe3ON2dLeXGGpgIug-1; Wed, 06 Oct 2021 06:19:00 -0400
Received: from pps.filterd (m0127361.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	19692F3R003040
	for <libvir-list@redhat.com>; Wed, 6 Oct 2021 06:19:00 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bh2nc8vb1-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Wed, 06 Oct 2021 06:18:59 -0400
Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 196AIsaC027650
	for <libvir-list@redhat.com>; Wed, 6 Oct 2021 06:18:59 -0400
Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com
	[169.63.121.186])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bh2nc8var-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Wed, 06 Oct 2021 06:18:59 -0400
Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1])
	by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 196ACXQ1021029;
	Wed, 6 Oct 2021 10:18:57 GMT
Received: from b01cxnp23033.gho.pok.ibm.com (b01cxnp23033.gho.pok.ibm.com
	[9.57.198.28]) by ppma03wdc.us.ibm.com with ESMTP id 3bef2benn7-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Wed, 06 Oct 2021 10:18:57 +0000
Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com
	[9.57.199.111])
	by b01cxnp23033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
	196AIpab35389942
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Wed, 6 Oct 2021 10:18:51 GMT
Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 40B52AC077;
	Wed,  6 Oct 2021 10:18:51 +0000 (GMT)
Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id C5428AC06E;
	Wed,  6 Oct 2021 10:18:50 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP;
	Wed,  6 Oct 2021 10:18:50 +0000 (GMT)
X-MC-Unique: Kje8zxysOL2Xd5hiyQYtZA-1
X-MC-Unique: 7cJMHbe3ON2dLeXGGpgIug-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v3 1/5] qemu: add disk post parse to qemublocktest
Date: Wed,  6 Oct 2021 05:18:42 -0500
Message-Id: <20211006101846.588584-2-oro@il.ibm.com>
In-Reply-To: <20211006101846.588584-1-oro@il.ibm.com>
References: <20211006101846.588584-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: 4IpW6yOaAMY6xJvhPBwxQL4jsQHpxzPx
X-Proofpoint-ORIG-GUID: Aysna3gLzMwF0v8WldGglp9phvLpbZrR
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-06_02,2021-10-04_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	impostorscore=0 bulkscore=0 clxscore=1015 mlxscore=0 mlxlogscore=999
	malwarescore=0 suspectscore=0 spamscore=0 phishscore=0
	lowpriorityscore=0
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110060063
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633516222797100001
Content-Type: text/plain; charset="utf-8"

The post parse callback is part of the real (non-test) processing flow.
This commit adds it (for disks) to the qemublocktest flow as well.
Specifically, this will be needed for tests that use luks encryption,
so that the default encryption engine (which is added in an upcoming commit)
will be overridden by qemu.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_domain.c | 2 +-
 src/qemu/qemu_domain.h | 3 +++
 tests/qemublocktest.c  | 3 +++
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a755f8678e..288a40bca6 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5259,7 +5259,7 @@ qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDo=
mainDiskDef *disk,
 }
=20
=20
-static int
+int
 qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
                                  unsigned int parseFlags)
 {
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 64f92988b7..0642e44fbc 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -872,6 +872,9 @@ int qemuDomainSecretPrepare(virQEMUDriver *driver,
 int qemuDomainDeviceDefValidateDisk(const virDomainDiskDef *disk,
                                     virQEMUCaps *qemuCaps);
=20
+int qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
+                                     unsigned int parseFlags);
+
 int qemuDomainPrepareChannel(virDomainChrDef *chr,
                              const char *domainChannelTargetDir)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c
index 3e61e923a9..0e4bb146c9 100644
--- a/tests/qemublocktest.c
+++ b/tests/qemublocktest.c
@@ -276,6 +276,9 @@ testQemuDiskXMLToProps(const void *opaque)
                                        VIR_DOMAIN_DEF_PARSE_STATUS)))
         return -1;
=20
+    if (qemuDomainDeviceDiskDefPostParse(disk, 0) < 0)
+        return -1;
+
     if (!(vmdef =3D virDomainDefNew(data->driver->xmlopt)))
         return -1;
=20
--=20
2.25.1

From nobody Fri May  3 18:00:59 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1633516186197643.4445195844919;
 Wed, 6 Oct 2021 03:29:46 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-364-4EKDH08uOXSNySxiTAgp2g-1; Wed, 06 Oct 2021 06:29:43 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id F1BA519057B0;
	Wed,  6 Oct 2021 10:29:38 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id CF74F60C13;
	Wed,  6 Oct 2021 10:29:38 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9EE931806D01;
	Wed,  6 Oct 2021 10:29:38 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 196AJ9eK024958 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 6 Oct 2021 06:19:09 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 446EB118637E; Wed,  6 Oct 2021 10:19:09 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 3F90E11301DC
	for <libvir-list@redhat.com>; Wed,  6 Oct 2021 10:19:03 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[207.211.31.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D8750100B8DD
	for <libvir-list@redhat.com>; Wed,  6 Oct 2021 10:19:03 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-497-2igCGQotPjmyQBXow55uZg-1; Wed, 06 Oct 2021 06:19:02 -0400
Received: from pps.filterd (m0098419.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	19696k5q025454
	for <libvir-list@redhat.com>; Wed, 6 Oct 2021 06:19:01 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bh8cat3kg-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Wed, 06 Oct 2021 06:19:01 -0400
Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 19698TOd032168
	for <libvir-list@redhat.com>; Wed, 6 Oct 2021 06:19:00 -0400
Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com
	[169.62.189.11])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bh8cat3jx-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Wed, 06 Oct 2021 06:19:00 -0400
Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1])
	by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 196ACDhG016848;
	Wed, 6 Oct 2021 10:18:58 GMT
Received: from b01cxnp23033.gho.pok.ibm.com (b01cxnp23033.gho.pok.ibm.com
	[9.57.198.28]) by ppma03dal.us.ibm.com with ESMTP id 3bef2c7q25-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Wed, 06 Oct 2021 10:18:58 +0000
Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com
	[9.57.199.111])
	by b01cxnp23033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
	196AIqPu26935584
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Wed, 6 Oct 2021 10:18:52 GMT
Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id C742AAC083;
	Wed,  6 Oct 2021 10:18:51 +0000 (GMT)
Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 5F806AC081;
	Wed,  6 Oct 2021 10:18:51 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP;
	Wed,  6 Oct 2021 10:18:51 +0000 (GMT)
X-MC-Unique: 4EKDH08uOXSNySxiTAgp2g-1
X-MC-Unique: 2igCGQotPjmyQBXow55uZg-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v3 2/5] qemu: add rbd encryption capability probing
Date: Wed,  6 Oct 2021 05:18:43 -0500
Message-Id: <20211006101846.588584-3-oro@il.ibm.com>
In-Reply-To: <20211006101846.588584-1-oro@il.ibm.com>
References: <20211006101846.588584-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: joKzdecEeAIA5U2Hok-MKlLLXRluszBH
X-Proofpoint-GUID: qQpZ2NXzOgWsyxcZTD11RIfhjxYqyDWf
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-06_02,2021-10-04_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	mlxscore=0 suspectscore=0
	clxscore=1015 adultscore=0 mlxlogscore=789 spamscore=0
	lowpriorityscore=0
	bulkscore=0 malwarescore=0 impostorscore=0 phishscore=0
	priorityscore=1501
	classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110060063
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633516186596100001
Content-Type: text/plain; charset="utf-8"

rbd encryption is new in qemu 6.1.0.
This commit adds capability probing for it.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
---
 src/qemu/qemu_capabilities.c                     | 2 ++
 src/qemu/qemu_capabilities.h                     | 1 +
 tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml | 1 +
 3 files changed, 4 insertions(+)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 82687dbf39..ea0734db15 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -644,6 +644,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
               "virtio-mem-pci", /* QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI */
               "memory-backend-file.reserve", /* QEMU_CAPS_MEMORY_BACKEND_R=
ESERVE */
               "piix4.acpi-root-pci-hotplug", /* QEMU_CAPS_PIIX4_ACPI_ROOT_=
PCI_HOTPLUG */
+              "rbd-encryption", /* QEMU_CAPS_RBD_ENCRYPTION */
     );
=20
=20
@@ -1565,6 +1566,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSc=
hemaQueries[] =3D {
     { "blockdev-add/arg-type/+file/$dynamic-auto-read-only", QEMU_CAPS_BLO=
CK_FILE_AUTO_READONLY_DYNAMIC },
     { "blockdev-add/arg-type/+nvme", QEMU_CAPS_DRIVE_NVME },
     { "blockdev-add/arg-type/+file/aio/^io_uring", QEMU_CAPS_AIO_IO_URING =
},
+    { "blockdev-add/arg-type/+rbd/encrypt", QEMU_CAPS_RBD_ENCRYPTION },
     { "blockdev-add/arg-type/discard", QEMU_CAPS_DRIVE_DISCARD },
     { "blockdev-add/arg-type/detect-zeroes", QEMU_CAPS_DRIVE_DETECT_ZEROES=
 },
     { "blockdev-backup", QEMU_CAPS_BLOCKDEV_BACKUP },
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 2bbfc15dc4..674da98539 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -624,6 +624,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for =
syntax-check */
     QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI, /* -device virtio-mem-pci */
     QEMU_CAPS_MEMORY_BACKEND_RESERVE, /* -object memory-backend-*.reserve=
=3D */
     QEMU_CAPS_PIIX4_ACPI_ROOT_PCI_HOTPLUG, /* -M pc PIIX4_PM.acpi-root-pci=
-hotplug */
+    QEMU_CAPS_RBD_ENCRYPTION, /* Ceph RBD encryption support */
=20
     QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_6.1.0.x86_64.xml
index 87b37a2b7c..8180cfd6c2 100644
--- a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
@@ -243,6 +243,7 @@
   <flag name=3D'virtio-mem-pci'/>
   <flag name=3D'memory-backend-file.reserve'/>
   <flag name=3D'piix4.acpi-root-pci-hotplug'/>
+  <flag name=3D'rbd-encryption'/>
   <version>6001000</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>43100243</microcodeVersion>
--=20
2.25.1

From nobody Fri May  3 18:00:59 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1633516262098110.5487823148926;
 Wed, 6 Oct 2021 03:31:02 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-537-UUHv0SoZMRGC4Iq1DoMW1g-1; Wed, 06 Oct 2021 06:30:58 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 69B5B1006AA5;
	Wed,  6 Oct 2021 10:30:53 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 43E2760C17;
	Wed,  6 Oct 2021 10:30:53 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0D6A718199EE;
	Wed,  6 Oct 2021 10:30:53 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
	[10.11.54.5])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 196AJ5SD024921 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 6 Oct 2021 06:19:06 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id E17847AE6; Wed,  6 Oct 2021 10:19:05 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id DB45629EC
	for <libvir-list@redhat.com>; Wed,  6 Oct 2021 10:19:05 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C2286100B8E4
	for <libvir-list@redhat.com>; Wed,  6 Oct 2021 10:19:05 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-309-R-ETb8MWNvCRe0vCINs0dw-1; Wed, 06 Oct 2021 06:19:04 -0400
Received: from pps.filterd (m0187473.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	1969iS1i007388
	for <libvir-list@redhat.com>; Wed, 6 Oct 2021 06:19:02 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bh1wvhp2a-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Wed, 06 Oct 2021 06:19:01 -0400
Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 1969UqGm021291
	for <libvir-list@redhat.com>; Wed, 6 Oct 2021 06:19:00 -0400
Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com
	[169.63.121.186])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bh1wvhp1v-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Wed, 06 Oct 2021 06:19:00 -0400
Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1])
	by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 196ACXXm021050;
	Wed, 6 Oct 2021 10:18:58 GMT
Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com
	[9.57.198.29]) by ppma03wdc.us.ibm.com with ESMTP id 3bef2bennx-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Wed, 06 Oct 2021 10:18:58 +0000
Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com
	[9.57.199.111])
	by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
	196AIqFE40042862
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Wed, 6 Oct 2021 10:18:52 GMT
Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 67CC2AC067;
	Wed,  6 Oct 2021 10:18:52 +0000 (GMT)
Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id EFB2DAC07A;
	Wed,  6 Oct 2021 10:18:51 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP;
	Wed,  6 Oct 2021 10:18:51 +0000 (GMT)
X-MC-Unique: UUHv0SoZMRGC4Iq1DoMW1g-1
X-MC-Unique: R-ETb8MWNvCRe0vCINs0dw-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v3 3/5] conf: add luks2 encryption format
Date: Wed,  6 Oct 2021 05:18:44 -0500
Message-Id: <20211006101846.588584-4-oro@il.ibm.com>
In-Reply-To: <20211006101846.588584-1-oro@il.ibm.com>
References: <20211006101846.588584-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: USNEbb00-HjL7HEPl24jF5W86dSTfst4
X-Proofpoint-GUID: mgcTzNZyzvkdN8K22hpSwHs3RDMbBOKt
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-06_02,2021-10-04_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	mlxscore=0 spamscore=0
	malwarescore=0 phishscore=0 adultscore=0 clxscore=1015
	priorityscore=1501
	lowpriorityscore=0 mlxlogscore=970 bulkscore=0 suspectscore=0
	impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110060063
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633516264014100001
Content-Type: text/plain; charset="utf-8"

This commit extends libvirt XML configuration to support luks2 encryption f=
ormat.
This means that <encryption format=3D"luks2"> becomes valid.
Actual handler (other than returning "not supported") for this new format w=
ill be added in an upcoming commit.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
---
 docs/formatstorageencryption.html.in | 2 +-
 docs/schemas/storagecommon.rng       | 1 +
 src/conf/storage_encryption_conf.c   | 2 +-
 src/conf/storage_encryption_conf.h   | 1 +
 src/qemu/qemu_block.c                | 1 +
 src/qemu/qemu_domain.c               | 3 ++-
 6 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index 7215c307d7..b2631ab25d 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -18,7 +18,7 @@
       is <code>encryption</code>, with a mandatory
       attribute <code>format</code>.  Currently defined values
       of <code>format</code> are <code>default</code>, <code>qcow</code>,
-      and <code>luks</code>.
+      <code>luks</code>, and <code>luks2</code>.
       Each value of <code>format</code> implies some expectations about the
       content of the <code>encryption</code> tag.  Other format values may=
 be
       defined in the future.
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 9ebb27700d..7d1d066289 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -13,6 +13,7 @@
           <value>default</value>
           <value>qcow</value>
           <value>luks</value>
+          <value>luks2</value>
         </choice>
       </attribute>
       <interleave>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index 9112b96cc7..2df4ec96af 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -44,7 +44,7 @@ VIR_ENUM_IMPL(virStorageEncryptionSecret,
=20
 VIR_ENUM_IMPL(virStorageEncryptionFormat,
               VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
-              "default", "qcow", "luks",
+              "default", "qcow", "luks", "luks2",
 );
=20
 static void
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index 34adbd5f7b..32e3a1243a 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -56,6 +56,7 @@ typedef enum {
     VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT =3D 0,
     VIR_STORAGE_ENCRYPTION_FORMAT_QCOW, /* Both qcow and qcow2 */
     VIR_STORAGE_ENCRYPTION_FORMAT_LUKS,
+    VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2,
=20
     VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
 } virStorageEncryptionFormatType;
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 393d3f44d7..31b6b3566b 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1328,6 +1328,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource=
 *src,
         break;
=20
     case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+    case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
     case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
     default:
         virReportEnumRangeError(virStorageEncryptionFormatType,
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 288a40bca6..cd65e8b365 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1228,7 +1228,8 @@ static bool
 qemuDomainDiskHasEncryptionSecret(virStorageSource *src)
 {
     if (!virStorageSourceIsEmpty(src) && src->encryption &&
-        src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS =
&&
+        (src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS=
 ||
+         src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS=
2) &&
         src->encryption->nsecrets > 0)
         return true;
=20
--=20
2.25.1

From nobody Fri May  3 18:00:59 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1633516133634798.9867598250484;
 Wed, 6 Oct 2021 03:28:53 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-164-SmbaO2JRN6Gof6Ck_S9Duw-1; Wed, 06 Oct 2021 06:28:38 -0400
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E70C61006AA5;
	Wed,  6 Oct 2021 10:28:32 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 420485D9C6;
	Wed,  6 Oct 2021 10:28:32 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0D78B1801241;
	Wed,  6 Oct 2021 10:28:31 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
	[10.11.54.5])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 196AJ5To024912 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 6 Oct 2021 06:19:05 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 9DDD37AD9; Wed,  6 Oct 2021 10:19:05 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9783929EC
	for <libvir-list@redhat.com>; Wed,  6 Oct 2021 10:19:05 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 78678811E7A
	for <libvir-list@redhat.com>; Wed,  6 Oct 2021 10:19:05 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-250-NrrXh3irPJm0vLYdtaTEVQ-1; Wed, 06 Oct 2021 06:19:03 -0400
Received: from pps.filterd (m0098394.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	1968aaQo028978
	for <libvir-list@redhat.com>; Wed, 6 Oct 2021 06:19:02 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bh33k7uvj-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Wed, 06 Oct 2021 06:19:01 -0400
Received: from m0098394.ppops.net (m0098394.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 1969sxaQ022688
	for <libvir-list@redhat.com>; Wed, 6 Oct 2021 06:19:01 -0400
Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com
	[169.55.85.253])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bh33k7uv6-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Wed, 06 Oct 2021 06:19:01 -0400
Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1])
	by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 196ACgng007384;
	Wed, 6 Oct 2021 10:18:59 GMT
Received: from b01cxnp22035.gho.pok.ibm.com (b01cxnp22035.gho.pok.ibm.com
	[9.57.198.25]) by ppma01wdc.us.ibm.com with ESMTP id 3bef2b6ndw-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Wed, 06 Oct 2021 10:18:59 +0000
Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com
	[9.57.199.111])
	by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
	196AIs6h29753682
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Wed, 6 Oct 2021 10:18:54 GMT
Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 10D5DAC07E;
	Wed,  6 Oct 2021 10:18:54 +0000 (GMT)
Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 8EE8FAC069;
	Wed,  6 Oct 2021 10:18:52 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP;
	Wed,  6 Oct 2021 10:18:52 +0000 (GMT)
X-MC-Unique: SmbaO2JRN6Gof6Ck_S9Duw-1
X-MC-Unique: NrrXh3irPJm0vLYdtaTEVQ-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v3 4/5] conf: add encryption engine property
Date: Wed,  6 Oct 2021 05:18:45 -0500
Message-Id: <20211006101846.588584-5-oro@il.ibm.com>
In-Reply-To: <20211006101846.588584-1-oro@il.ibm.com>
References: <20211006101846.588584-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: qhtbLo83Bn8U2U4jxBo9830IP6bJHcwT
X-Proofpoint-GUID: w9BWPo3y_c3ks0FSnwLCDxjDqE4zMQV9
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-06_02,2021-10-04_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	mlxscore=0 phishscore=0
	mlxlogscore=999 adultscore=0 lowpriorityscore=0 malwarescore=0
	suspectscore=0 bulkscore=0 clxscore=1015 impostorscore=0
	priorityscore=1501 spamscore=0 classifier=spam adjust=0 reason=mlx
	scancount=1 engine=8.12.0-2109230001 definitions=main-2110060063
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633516135329100001
Content-Type: text/plain; charset="utf-8"

This commit extends libvirt XML configuration to support a custom encryptio=
n engine.
This means that <encryption format=3D"luks" engine=3D"qemu">  becomes valid.
The only engine for now is qemu. However, a new engine (librbd) will be add=
ed in an upcoming commit.
If no engine is specified, qemu will be used (assuming qemu driver is used).

Signed-off-by: Or Ozeri <oro@il.ibm.com>
---
 docs/formatstorageencryption.html.in          |   6 +
 docs/schemas/domainbackup.rng                 |   7 +
 docs/schemas/storagecommon.rng                |   7 +
 src/conf/storage_encryption_conf.c            |  31 +++-
 src/conf/storage_encryption_conf.h            |   9 +
 src/qemu/qemu_block.c                         |   2 +
 src/qemu/qemu_domain.c                        |   8 +
 tests/qemustatusxml2xmldata/upgrade-out.xml   |   6 +-
 tests/qemuxml2xmloutdata/disk-nvme.xml        |  65 ++++++-
 .../disk-slices.x86_64-latest.xml             |   4 +-
 .../encrypted-disk-usage.xml                  |  38 ++++-
 tests/qemuxml2xmloutdata/encrypted-disk.xml   |   2 +-
 .../luks-disks-source-qcow2.x86_64-latest.xml |  14 +-
 .../qemuxml2xmloutdata/luks-disks-source.xml  |  10 +-
 tests/qemuxml2xmloutdata/luks-disks.xml       |  47 +++++-
 tests/qemuxml2xmloutdata/user-aliases.xml     | 159 +++++++++++++++++-
 16 files changed, 392 insertions(+), 23 deletions(-)
 mode change 120000 =3D> 100644 tests/qemuxml2xmloutdata/disk-nvme.xml
 mode change 120000 =3D> 100644 tests/qemuxml2xmloutdata/encrypted-disk-usa=
ge.xml
 mode change 120000 =3D> 100644 tests/qemuxml2xmloutdata/luks-disks.xml
 mode change 120000 =3D> 100644 tests/qemuxml2xmloutdata/user-aliases.xml

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index b2631ab25d..5783381a4a 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -23,6 +23,12 @@
       content of the <code>encryption</code> tag.  Other format values may=
 be
       defined in the future.
     </p>
+    <p>
+      The <code>encryption</code> tag supports an optional <code>engine</c=
ode>
+      tag, which allows selecting which component actually handles
+      the encryption. Currently defined values of <code>engine</code> are
+      <code>qemu</code>.
+    </p>
     <p>
       The <code>encryption</code> tag can currently contain a sequence of
       <code>secret</code> tags, each with mandatory attributes <code>type<=
/code>
diff --git a/docs/schemas/domainbackup.rng b/docs/schemas/domainbackup.rng
index c03455a5a7..05cc28ab00 100644
--- a/docs/schemas/domainbackup.rng
+++ b/docs/schemas/domainbackup.rng
@@ -14,6 +14,13 @@
           <value>luks</value>
         </choice>
       </attribute>
+      <optional>
+        <attribute name=3D"engine">
+          <choice>
+            <value>qemu</value>
+          </choice>
+        </attribute>
+      </optional>
       <interleave>
         <ref name=3D"secret"/>
         <optional>
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 7d1d066289..b34577c582 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -16,6 +16,13 @@
           <value>luks2</value>
         </choice>
       </attribute>
+      <optional>
+        <attribute name=3D"engine">
+          <choice>
+            <value>qemu</value>
+          </choice>
+        </attribute>
+      </optional>
       <interleave>
         <ref name=3D"secret"/>
         <optional>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index 2df4ec96af..e8da02b605 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -47,6 +47,11 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
               "default", "qcow", "luks", "luks2",
 );
=20
+VIR_ENUM_IMPL(virStorageEncryptionEngine,
+              VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+              "default", "qemu",
+);
+
 static void
 virStorageEncryptionInfoDefClear(virStorageEncryptionInfoDef *def)
 {
@@ -120,6 +125,7 @@ virStorageEncryptionCopy(const virStorageEncryption *sr=
c)
     ret->secrets =3D g_new0(virStorageEncryptionSecret *, src->nsecrets);
     ret->nsecrets =3D src->nsecrets;
     ret->format =3D src->format;
+    ret->engine =3D src->engine;
=20
     for (i =3D 0; i < src->nsecrets; i++) {
         if (!(ret->secrets[i] =3D virStorageEncryptionSecretCopy(src->secr=
ets[i])))
@@ -217,6 +223,7 @@ virStorageEncryptionParseNode(xmlNodePtr node,
     xmlNodePtr *nodes =3D NULL;
     virStorageEncryption *encdef =3D NULL;
     virStorageEncryption *ret =3D NULL;
+    g_autofree char *engine_str =3D NULL;
     g_autofree char *format_str =3D NULL;
     int n;
     size_t i;
@@ -239,6 +246,16 @@ virStorageEncryptionParseNode(xmlNodePtr node,
         goto cleanup;
     }
=20
+    if ((engine_str =3D virXPathString("string(./@engine)", ctxt))) {
+        if ((encdef->engine =3D
+             virStorageEncryptionEngineTypeFromString(engine_str)) < 0) {
+            virReportError(VIR_ERR_XML_ERROR,
+                           _("unknown volume encryption engine type %s"),
+                           engine_str);
+            goto cleanup;
+        }
+    }
+
     if ((n =3D virXPathNodeSet("./secret", ctxt, &nodes)) < 0)
         goto cleanup;
=20
@@ -327,6 +344,7 @@ int
 virStorageEncryptionFormat(virBuffer *buf,
                            virStorageEncryption *enc)
 {
+    const char *engine;
     const char *format;
     size_t i;
=20
@@ -335,7 +353,18 @@ virStorageEncryptionFormat(virBuffer *buf,
                        "%s", _("unexpected encryption format"));
         return -1;
     }
-    virBufferAsprintf(buf, "<encryption format=3D'%s'>\n", format);
+    if (enc->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT) {
+        virBufferAsprintf(buf, "<encryption format=3D'%s'>\n", format);
+    } else {
+        if (!(engine =3D virStorageEncryptionEngineTypeToString(enc->engin=
e))) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           "%s", _("unexpected encryption engine"));
+            return -1;
+        }
+        virBufferAsprintf(buf, "<encryption format=3D'%s' engine=3D'%s'>\n=
",
+                          format, engine);
+    }
+
     virBufferAdjustIndent(buf, 2);
=20
     for (i =3D 0; i < enc->nsecrets; i++) {
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index 32e3a1243a..c722f832f5 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -51,6 +51,14 @@ struct _virStorageEncryptionInfoDef {
     char *ivgen_hash;
 };
=20
+typedef enum {
+    VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT =3D 0,
+    VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+
+    VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+} virStorageEncryptionEngineType;
+VIR_ENUM_DECL(virStorageEncryptionEngine);
+
 typedef enum {
     /* "default" is only valid for volume creation */
     VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT =3D 0,
@@ -64,6 +72,7 @@ VIR_ENUM_DECL(virStorageEncryptionFormat);
=20
 typedef struct _virStorageEncryption virStorageEncryption;
 struct _virStorageEncryption {
+    int engine; /* virStorageEncryptionEngineType */
     int format; /* virStorageEncryptionFormatType */
     int payload_offset;
=20
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 31b6b3566b..a43831ce18 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1314,6 +1314,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource=
 *src,
     *encprops =3D NULL;
=20
     if (!src->encryption ||
+        src->encryption->engine !=3D VIR_STORAGE_ENCRYPTION_ENGINE_QEMU ||
         !srcpriv ||
         !srcpriv->encinfo)
         return 0;
@@ -1449,6 +1450,7 @@ qemuBlockStorageSourceGetBlockdevFormatProps(virStora=
geSource *src)
          * put a raw layer on top */
     case VIR_STORAGE_FILE_RAW:
         if (src->encryption &&
+            src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_Q=
EMU &&
             src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_L=
UKS) {
             if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0)
                 return NULL;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index cd65e8b365..21099d7635 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5264,6 +5264,8 @@ int
 qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
                                  unsigned int parseFlags)
 {
+    virStorageSource *n;
+
     /* set default disk types and drivers */
     if (!virDomainDiskGetDriver(disk))
         virDomainDiskSetDriver(disk, "qemu");
@@ -5278,6 +5280,12 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *d=
isk,
         disk->mirror->format =3D=3D VIR_STORAGE_FILE_NONE)
         disk->mirror->format =3D VIR_STORAGE_FILE_RAW;
=20
+    /* default disk encryption engine */
+    for (n =3D disk->src; virStorageSourceIsBacking(n); n =3D n->backingSt=
ore) {
+        if (n->encryption && n->encryption->engine =3D=3D VIR_STORAGE_ENCR=
YPTION_ENGINE_DEFAULT)
+            n->encryption->engine =3D VIR_STORAGE_ENCRYPTION_ENGINE_QEMU;
+    }
+
     if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, parseFlags) =
< 0)
         return -1;
=20
diff --git a/tests/qemustatusxml2xmldata/upgrade-out.xml b/tests/qemustatus=
xml2xmldata/upgrade-out.xml
index f9476731f6..5218092cb9 100644
--- a/tests/qemustatusxml2xmldata/upgrade-out.xml
+++ b/tests/qemustatusxml2xmldata/upgrade-out.xml
@@ -316,7 +316,7 @@
       <disk type=3D'file' device=3D'disk'>
         <driver name=3D'qemu' type=3D'qcow2'/>
         <source file=3D'/var/lib/libvirt/images/b.qcow2'>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
           <privateData>
@@ -333,7 +333,7 @@
       <disk type=3D'file' device=3D'disk'>
         <driver name=3D'qemu' type=3D'qcow2'/>
         <source file=3D'/var/lib/libvirt/images/c.qcow2'>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
           <privateData>
@@ -354,7 +354,7 @@
           <auth username=3D'testuser-iscsi'>
             <secret type=3D'iscsi' usage=3D'testuser-iscsi-secret'/>
           </auth>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
           <privateData>
diff --git a/tests/qemuxml2xmloutdata/disk-nvme.xml b/tests/qemuxml2xmloutd=
ata/disk-nvme.xml
deleted file mode 120000
index ea9eb267ac..0000000000
--- a/tests/qemuxml2xmloutdata/disk-nvme.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/disk-nvme.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/disk-nvme.xml b/tests/qemuxml2xmloutd=
ata/disk-nvme.xml
new file mode 100644
index 0000000000..9a5fafce7d
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/disk-nvme.xml
@@ -0,0 +1,64 @@
+<domain type=3D'qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit=3D'KiB'>219136</memory>
+  <currentMemory unit=3D'KiB'>219136</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'i686' machine=3D'pc'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-i386</emulator>
+    <disk type=3D'nvme' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source type=3D'pci' managed=3D'yes' namespace=3D'1'>
+        <address domain=3D'0x0000' bus=3D'0x01' slot=3D'0x00' function=3D'=
0x0'/>
+      </source>
+      <target dev=3D'vda' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'nvme' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source type=3D'pci' managed=3D'yes' namespace=3D'2'>
+        <address domain=3D'0x0000' bus=3D'0x01' slot=3D'0x00' function=3D'=
0x0'/>
+      </source>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'nvme' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source type=3D'pci' managed=3D'no' namespace=3D'1'>
+        <address domain=3D'0x0000' bus=3D'0x02' slot=3D'0x00' function=3D'=
0x0'/>
+      </source>
+      <target dev=3D'vdc' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x06' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'nvme' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'qcow2' cache=3D'none'/>
+      <source type=3D'pci' managed=3D'no' namespace=3D'2'>
+        <address domain=3D'0x0001' bus=3D'0x02' slot=3D'0x00' function=3D'=
0x0'/>
+        <encryption format=3D'luks' engine=3D'qemu'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdd' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x07' f=
unction=3D'0x0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <controller type=3D'scsi' index=3D'0' model=3D'virtio-scsi'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </controller>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'none'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml b/tests=
/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
index be5cd25084..a058cbad61 100644
--- a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
@@ -49,7 +49,7 @@
         <slices>
           <slice type=3D'storage' offset=3D'1234' size=3D'321'/>
         </slices>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
@@ -75,7 +75,7 @@
         <slices>
           <slice type=3D'storage' offset=3D'1234' size=3D'321'/>
         </slices>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml b/tests/qemu=
xml2xmloutdata/encrypted-disk-usage.xml
deleted file mode 120000
index a1a4f841e9..0000000000
--- a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/encrypted-disk-usage.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml b/tests/qemu=
xml2xmloutdata/encrypted-disk-usage.xml
new file mode 100644
index 0000000000..d2b87b94b6
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/encrypted-disk-usage.xml
@@ -0,0 +1,37 @@
+<domain type=3D'qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>524288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'i686' machine=3D'pc'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-i386</emulator>
+    <disk type=3D'file' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'qcow2'/>
+      <source file=3D'/storage/guest_disks/encryptdisk'/>
+      <target dev=3D'vda' bus=3D'virtio'/>
+      <encryption format=3D'luks' engine=3D'qemu'>
+        <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryptd=
isk'/>
+      </encryption>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk.xml b/tests/qemuxml2xm=
loutdata/encrypted-disk.xml
index 06f2c5b47c..e30c8a36e8 100644
--- a/tests/qemuxml2xmloutdata/encrypted-disk.xml
+++ b/tests/qemuxml2xmloutdata/encrypted-disk.xml
@@ -18,7 +18,7 @@
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk'/>
       <target dev=3D'vda' bus=3D'virtio'/>
-      <encryption format=3D'luks'>
+      <encryption format=3D'luks' engine=3D'qemu'>
         <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2=
f80d6f'/>
       </encryption>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest=
.xml b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
index 5f600f5ba7..7f98dd597e 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
@@ -20,7 +20,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
@@ -30,7 +30,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk2'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryp=
tdisk2'/>
         </encryption>
       </source>
@@ -44,7 +44,7 @@
         <auth username=3D'myname'>
           <secret type=3D'iscsi' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2f80=
e80'/>
         </auth>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f77'/>
         </encryption>
       </source>
@@ -54,7 +54,7 @@
     <disk type=3D'volume' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source pool=3D'pool-iscsi' volume=3D'unit:0:0:3' mode=3D'direct'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f80'/>
         </encryption>
       </source>
@@ -67,7 +67,7 @@
         <host name=3D'mon1.example.org' port=3D'6321'/>
         <host name=3D'mon2.example.org' port=3D'6322'/>
         <host name=3D'mon3.example.org' port=3D'6322'/>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
         </encryption>
       </source>
@@ -77,14 +77,14 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk5'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
       <backingStore type=3D'file'>
         <format type=3D'qcow2'/>
         <source file=3D'/storage/guest_disks/base.qcow2'>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
         </source>
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source.xml b/tests/qemuxml=
2xmloutdata/luks-disks-source.xml
index 5333d4ac6e..891b5d9d17 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source.xml
@@ -17,7 +17,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'raw'/>
       <source file=3D'/storage/guest_disks/encryptdisk'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
@@ -27,7 +27,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'raw'/>
       <source file=3D'/storage/guest_disks/encryptdisk2'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryp=
tdisk2'/>
         </encryption>
       </source>
@@ -41,7 +41,7 @@
         <auth username=3D'myname'>
           <secret type=3D'iscsi' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2f80=
e80'/>
         </auth>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f77'/>
         </encryption>
       </source>
@@ -51,7 +51,7 @@
     <disk type=3D'volume' device=3D'disk'>
       <driver name=3D'qemu' type=3D'raw'/>
       <source pool=3D'pool-iscsi' volume=3D'unit:0:0:3' mode=3D'direct'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f80'/>
         </encryption>
       </source>
@@ -64,7 +64,7 @@
         <host name=3D'mon1.example.org' port=3D'6321'/>
         <host name=3D'mon2.example.org' port=3D'6322'/>
         <host name=3D'mon3.example.org' port=3D'6322'/>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
         </encryption>
       </source>
diff --git a/tests/qemuxml2xmloutdata/luks-disks.xml b/tests/qemuxml2xmlout=
data/luks-disks.xml
deleted file mode 120000
index d65e470c32..0000000000
--- a/tests/qemuxml2xmloutdata/luks-disks.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/luks-disks.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/luks-disks.xml b/tests/qemuxml2xmlout=
data/luks-disks.xml
new file mode 100644
index 0000000000..1c76f0dc26
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/luks-disks.xml
@@ -0,0 +1,46 @@
+<domain type=3D'qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>524288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-2.1'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'file' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source file=3D'/storage/guest_disks/encryptdisk'/>
+      <target dev=3D'vda' bus=3D'virtio'/>
+      <encryption format=3D'luks' engine=3D'qemu'>
+        <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2=
f80d6f'/>
+      </encryption>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'file' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source file=3D'/storage/guest_disks/encryptdisk2'/>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+      <encryption format=3D'luks' engine=3D'qemu'>
+        <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryptd=
isk2'/>
+      </encryption>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05' f=
unction=3D'0x0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/user-aliases.xml b/tests/qemuxml2xmlo=
utdata/user-aliases.xml
deleted file mode 120000
index b5a27f08cd..0000000000
--- a/tests/qemuxml2xmloutdata/user-aliases.xml
+++ /dev/null
@@ -1 +0,0 @@
-../qemuxml2argvdata/user-aliases.xml
\ No newline at end of file
diff --git a/tests/qemuxml2xmloutdata/user-aliases.xml b/tests/qemuxml2xmlo=
utdata/user-aliases.xml
new file mode 100644
index 0000000000..10b7749521
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/user-aliases.xml
@@ -0,0 +1,158 @@
+<domain type=3D'kvm'>
+  <name>gentoo</name>
+  <uuid>a75aca4b-a02f-2bcb-4a91-c93cd848c34b</uuid>
+  <memory unit=3D'KiB'>4194304</memory>
+  <currentMemory unit=3D'KiB'>4194304</currentMemory>
+  <memoryBacking>
+    <hugepages>
+      <page size=3D'1048576' unit=3D'KiB' nodeset=3D'0-3'/>
+    </hugepages>
+  </memoryBacking>
+  <vcpu placement=3D'static'>4</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-1.4'>hvm</type>
+    <boot dev=3D'hd'/>
+    <boot dev=3D'cdrom'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <pae/>
+  </features>
+  <cpu>
+    <numa>
+      <cell id=3D'0' cpus=3D'0' memory=3D'1048576' unit=3D'KiB'/>
+      <cell id=3D'1' cpus=3D'1' memory=3D'1048576' unit=3D'KiB'/>
+      <cell id=3D'2' cpus=3D'2' memory=3D'1048576' unit=3D'KiB'/>
+      <cell id=3D'3' cpus=3D'3' memory=3D'1048576' unit=3D'KiB'/>
+    </numa>
+  </cpu>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <pm>
+    <suspend-to-mem enabled=3D'yes'/>
+    <suspend-to-disk enabled=3D'yes'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'file' device=3D'floppy'>
+      <driver name=3D'qemu' type=3D'raw' cache=3D'none'/>
+      <source file=3D'/var/lib/libvirt/images/fd.img'/>
+      <target dev=3D'fda' bus=3D'fdc'/>
+      <alias name=3D'ua-myDisk1'/>
+      <address type=3D'drive' controller=3D'0' bus=3D'0' target=3D'0' unit=
=3D'0'/>
+    </disk>
+    <disk type=3D'file' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'qcow2'/>
+      <source file=3D'/var/lib/libvirt/images/gentoo.qcow2'/>
+      <target dev=3D'vda' bus=3D'virtio'/>
+      <alias name=3D'ua-myDisk2'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'file' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'qcow2'/>
+      <source file=3D'/var/lib/libvirt/images/OtherDemo.img'/>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+      <encryption format=3D'luks' engine=3D'qemu'>
+        <secret type=3D'passphrase' uuid=3D'e78d4b51-a2af-485f-b0f5-afca70=
9a80f4'/>
+      </encryption>
+      <alias name=3D'ua-myEncryptedDisk1'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x07' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'file' device=3D'cdrom'>
+      <driver name=3D'qemu' type=3D'raw' cache=3D'none'/>
+      <source file=3D'/home/zippy/tmp/install-amd64-minimal-20140619.iso'/>
+      <target dev=3D'hdc' bus=3D'ide'/>
+      <readonly/>
+      <shareable/>
+      <alias name=3D'ua-WhatAnAwesomeCDROM'/>
+      <address type=3D'drive' controller=3D'0' bus=3D'1' target=3D'0' unit=
=3D'0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'>
+      <alias name=3D'ua-SomeWeirdController'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'>
+      <alias name=3D'ua-MyPCIRootController'/>
+    </controller>
+    <controller type=3D'ide' index=3D'0'>
+      <alias name=3D'ua-DoesAnybodyStillUseIDE'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x1'/>
+    </controller>
+    <controller type=3D'virtio-serial' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x08' f=
unction=3D'0x0'/>
+    </controller>
+    <controller type=3D'fdc' index=3D'0'/>
+    <controller type=3D'ccid' index=3D'0'>
+      <alias name=3D'ua-myCCID'/>
+      <address type=3D'usb' bus=3D'0' port=3D'1'/>
+    </controller>
+    <controller type=3D'ccid' index=3D'1'>
+      <alias name=3D'ua-myCCID2'/>
+      <address type=3D'usb' bus=3D'0' port=3D'2'/>
+    </controller>
+    <interface type=3D'ethernet'>
+      <mac address=3D'52:54:00:d6:c0:0b'/>
+      <model type=3D'virtio'/>
+      <alias name=3D'ua-CheckoutThisNIC'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </interface>
+    <interface type=3D'server'>
+      <mac address=3D'52:54:00:22:c9:42'/>
+      <source address=3D'127.0.0.1' port=3D'1234'/>
+      <bandwidth>
+        <inbound average=3D'1234'/>
+        <outbound average=3D'5678'/>
+      </bandwidth>
+      <model type=3D'rtl8139'/>
+      <alias name=3D'ua-WeCanAlsoDoServerMode'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x09' f=
unction=3D'0x0'/>
+    </interface>
+    <interface type=3D'client'>
+      <mac address=3D'52:54:00:8c:b1:f8'/>
+      <source address=3D'127.0.0.1' port=3D'1234'/>
+      <model type=3D'rtl8139'/>
+      <alias name=3D'ua-AndAlsoClientMode'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x0a' f=
unction=3D'0x0'/>
+    </interface>
+    <smartcard mode=3D'host'>
+      <address type=3D'ccid' controller=3D'0' slot=3D'0'/>
+    </smartcard>
+    <serial type=3D'pty'>
+      <target type=3D'isa-serial' port=3D'0'>
+        <model name=3D'isa-serial'/>
+      </target>
+    </serial>
+    <serial type=3D'pty'>
+      <target type=3D'isa-serial' port=3D'1'>
+        <model name=3D'isa-serial'/>
+      </target>
+    </serial>
+    <console type=3D'pty'>
+      <target type=3D'serial' port=3D'0'/>
+    </console>
+    <channel type=3D'unix'>
+      <source mode=3D'bind' path=3D'/var/lib/libvirt/qemu/channel/target/g=
entoo.org.qemu.guest_agent.0'/>
+      <target type=3D'virtio' name=3D'org.qemu.guest_agent.0'/>
+      <address type=3D'virtio-serial' controller=3D'0' bus=3D'0' port=3D'1=
'/>
+    </channel>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <graphics type=3D'vnc' port=3D'-1' autoport=3D'yes'>
+      <listen type=3D'address'/>
+    </graphics>
+    <sound model=3D'ich6'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
+    </sound>
+    <audio id=3D'1' type=3D'none'/>
+    <video>
+      <model type=3D'cirrus' vram=3D'16384' heads=3D'1' primary=3D'yes'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x02' f=
unction=3D'0x0'/>
+    </video>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x06' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
--=20
2.25.1

From nobody Fri May  3 18:00:59 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1633516283573266.95035528301116;
 Wed, 6 Oct 2021 03:31:23 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-530-UKqhvflqNLuafpYmNuJthQ-1; Wed, 06 Oct 2021 06:31:20 -0400
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9DBAC1084681;
	Wed,  6 Oct 2021 10:31:15 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7C1759AA2F;
	Wed,  6 Oct 2021 10:31:15 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 10C114EA40;
	Wed,  6 Oct 2021 10:31:15 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
	[10.11.54.5])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 196AJ6QT024931 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 6 Oct 2021 06:19:07 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id C3EED7AD9; Wed,  6 Oct 2021 10:19:06 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id BDEAF29EC
	for <libvir-list@redhat.com>; Wed,  6 Oct 2021 10:19:06 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[207.211.31.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A15D2100B8E0
	for <libvir-list@redhat.com>; Wed,  6 Oct 2021 10:19:06 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-583-Xn__u8sBMye4jVJowClwVA-1; Wed, 06 Oct 2021 06:19:05 -0400
Received: from pps.filterd (m0098393.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	196A2pR4011301
	for <libvir-list@redhat.com>; Wed, 6 Oct 2021 06:19:04 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bh386g67m-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Wed, 06 Oct 2021 06:19:03 -0400
Received: from m0098393.ppops.net (m0098393.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 196A5XrH020340
	for <libvir-list@redhat.com>; Wed, 6 Oct 2021 06:19:02 -0400
Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com
	[169.63.121.186])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bh386g66t-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Wed, 06 Oct 2021 06:19:02 -0400
Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1])
	by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 196ACX0m021036;
	Wed, 6 Oct 2021 10:19:00 GMT
Received: from b01cxnp22035.gho.pok.ibm.com (b01cxnp22035.gho.pok.ibm.com
	[9.57.198.25]) by ppma03wdc.us.ibm.com with ESMTP id 3bef2benr2-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Wed, 06 Oct 2021 10:19:00 +0000
Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com
	[9.57.199.111])
	by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
	196AIsa433882576
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Wed, 6 Oct 2021 10:18:54 GMT
Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 7AD35AC06B;
	Wed,  6 Oct 2021 10:18:54 +0000 (GMT)
Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 06C9DAC05E;
	Wed,  6 Oct 2021 10:18:54 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP;
	Wed,  6 Oct 2021 10:18:53 +0000 (GMT)
X-MC-Unique: UKqhvflqNLuafpYmNuJthQ-1
X-MC-Unique: Xn__u8sBMye4jVJowClwVA-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v3 5/5] qemu: add librbd encryption engine
Date: Wed,  6 Oct 2021 05:18:46 -0500
Message-Id: <20211006101846.588584-6-oro@il.ibm.com>
In-Reply-To: <20211006101846.588584-1-oro@il.ibm.com>
References: <20211006101846.588584-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: T1gMDuLaIJArWs7fvMS3gMD10_D6jFPy
X-Proofpoint-ORIG-GUID: eAUHXR-SXlu48XFuvwFNvwU1wb7Ff99u
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-06_02,2021-10-04_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	lowpriorityscore=0 malwarescore=0 clxscore=1015 impostorscore=0
	mlxlogscore=999 phishscore=0 spamscore=0 adultscore=0 bulkscore=0
	mlxscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx
	scancount=1
	engine=8.12.0-2109230001 definitions=main-2110060063
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633516284709100001
Content-Type: text/plain; charset="utf-8"

rbd encryption is new in qemu 6.1.0.
This commit adds a new encryption engine property which
allows the user to use this new encryption engine.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
---
 docs/formatstorageencryption.html.in          |  2 +-
 docs/schemas/storagecommon.rng                |  1 +
 src/conf/storage_encryption_conf.c            |  2 +-
 src/conf/storage_encryption_conf.h            |  1 +
 src/qemu/qemu_block.c                         | 30 +++++++
 src/qemu/qemu_domain.c                        | 24 ++++++
 ...sk-network-rbd-encryption.x86_64-6.0.0.err |  1 +
 ...-network-rbd-encryption.x86_64-latest.args | 49 +++++++++++
 .../disk-network-rbd-encryption.xml           | 75 +++++++++++++++++
 tests/qemuxml2argvtest.c                      |  2 +
 ...k-network-rbd-encryption.x86_64-latest.xml | 83 +++++++++++++++++++
 tests/qemuxml2xmltest.c                       |  1 +
 12 files changed, 269 insertions(+), 2 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_=
64-6.0.0.err
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_=
64-latest.args
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
 create mode 100644 tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x8=
6_64-latest.xml

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index 5783381a4a..31ec2698a1 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -27,7 +27,7 @@
       The <code>encryption</code> tag supports an optional <code>engine</c=
ode>
       tag, which allows selecting which component actually handles
       the encryption. Currently defined values of <code>engine</code> are
-      <code>qemu</code>.
+      <code>qemu</code> and <code>librbd</code>.
     </p>
     <p>
       The <code>encryption</code> tag can currently contain a sequence of
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index b34577c582..591a158209 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -20,6 +20,7 @@
         <attribute name=3D"engine">
           <choice>
             <value>qemu</value>
+            <value>librbd</value>
           </choice>
         </attribute>
       </optional>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index e8da02b605..2639b43119 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -49,7 +49,7 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
=20
 VIR_ENUM_IMPL(virStorageEncryptionEngine,
               VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
-              "default", "qemu",
+              "default", "qemu", "librbd",
 );
=20
 static void
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index c722f832f5..2e6f9193bd 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -54,6 +54,7 @@ struct _virStorageEncryptionInfoDef {
 typedef enum {
     VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT =3D 0,
     VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+    VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD,
=20
     VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
 } virStorageEncryptionEngineType;
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index a43831ce18..62c40d39d1 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -875,6 +875,8 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src,
     qemuDomainStorageSourcePrivate *srcPriv =3D QEMU_DOMAIN_STORAGE_SOURCE=
_PRIVATE(src);
     g_autoptr(virJSONValue) servers =3D NULL;
     virJSONValue *ret =3D NULL;
+    g_autoptr(virJSONValue) encrypt =3D NULL;
+    const char *encformat;
     const char *username =3D NULL;
     g_autoptr(virJSONValue) authmodes =3D NULL;
     g_autoptr(virJSONValue) mode =3D NULL;
@@ -899,12 +901,40 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *s=
rc,
             return NULL;
     }
=20
+    if (src->encryption &&
+        src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_LIBRB=
D) {
+        switch ((virStorageEncryptionFormatType) src->encryption->format) {
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+                encformat =3D "luks";
+                break;
+
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
+                encformat =3D "luks2";
+                break;
+
+            case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+            case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+            default:
+                virReportEnumRangeError(virStorageEncryptionFormatType,
+                                        src->encryption->format);
+                return NULL;
+        }
+
+        if (virJSONValueObjectCreate(&encrypt,
+                                     "s:format", encformat,
+                                     "s:key-secret", srcPriv->encinfo->ali=
as,
+                                     NULL) < 0)
+            return NULL;
+    }
+
     if (virJSONValueObjectCreate(&ret,
                                  "s:pool", src->volume,
                                  "s:image", src->path,
                                  "S:snapshot", src->snapshot,
                                  "S:conf", src->configFile,
                                  "A:server", &servers,
+                                 "A:encrypt", &encrypt,
                                  "S:user", username,
                                  "A:auth-client-required", &authmodes,
                                  "S:key-secret", keysecret,
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 21099d7635..871a708a19 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4812,6 +4812,30 @@ qemuDomainValidateStorageSource(virStorageSource *sr=
c,
         }
     }
=20
+    if (src->encryption &&
+        src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_LIBRB=
D) {
+        if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("librbd encryption is not supported by this Q=
EMU binary"));
+            return -1;
+        }
+
+        switch ((virStorageEncryptionFormatType) src->encryption->format) {
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
+                break;
+
+            case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+            case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+            default:
+                virReportEnumRangeError(virStorageEncryptionFormatType,
+                                        src->encryption->format);
+                return -1;
+        }
+    }
+
+
     return 0;
 }
=20
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.=
0.err b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
new file mode 100644
index 0000000000..edd8481a20
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
@@ -0,0 +1 @@
+unsupported configuration: librbd encryption is not supported by this QEMU=
 binary
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-late=
st.args b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.=
args
new file mode 100644
index 0000000000..9b3e8d31b8
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
@@ -0,0 +1,49 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/tmp/lib/domain--1-encryptdisk \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/tmp/lib/domain--1-encryptdisk/.local/share \
+XDG_CACHE_HOME=3D/tmp/lib/domain--1-encryptdisk/.cache \
+XDG_CONFIG_HOME=3D/tmp/lib/domain--1-encryptdisk/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3Dencryptdisk,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm=
p/lib/domain--1-encryptdisk/master-key.aes"}' \
+-machine pc-i440fx-2.1,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff,memory-=
backend=3Dpc.ram \
+-cpu qemu64 \
+-m 1024 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}=
' \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-no-acpi \
+-boot strict=3Don \
+-device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \
+-object '{"qom-type":"secret","id":"libvirt-4-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-4-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-4-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-4-format-encryption-secret0","file":"libvirt-4-sto=
rage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x2,drive=3Dlibvirt-4-format,id=
=3Dvirtio-disk0,bootindex=3D1 \
+-object '{"qom-type":"secret","id":"libvirt-3-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-3-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-3-format-encryption-secret0","file":"libvirt-3-sto=
rage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Dlibvirt-3-format,id=
=3Dvirtio-disk1 \
+-object '{"qom-type":"secret","id":"libvirt-2-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks","ke=
y-secret":"libvirt-2-format-encryption-secret0"},"node-name":"libvirt-2-sto=
rage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw=
","file":"libvirt-2-storage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Dlibvirt-2-format,id=
=3Dvirtio-disk2 \
+-object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image2","server":[{"host=
":"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322=
"},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks2","=
key-secret":"libvirt-1-format-encryption-secret0"},"node-name":"libvirt-1-s=
torage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw=
","file":"libvirt-1-storage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x6,drive=3Dlibvirt-1-format,id=
=3Dvirtio-disk3 \
+-audiodev id=3Daudio1,driver=3Dnone \
+-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x3 \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml b/tests=
/qemuxml2argvdata/disk-network-rbd-encryption.xml
new file mode 100644
index 0000000000..eeadbfeeba
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
@@ -0,0 +1,75 @@
+<domain type=3D'qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>524288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-2.1'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vda' bus=3D'virtio'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'qemu'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdc' bus=3D'virtio'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image2'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks2' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdd' bus=3D'virtio'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 94aaa2f53e..b14154fd0c 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1349,6 +1349,8 @@ mymain(void)
     DO_TEST_CAPS_LATEST("disk-network-gluster");
     DO_TEST_CAPS_VER("disk-network-rbd", "2.12.0");
     DO_TEST_CAPS_LATEST("disk-network-rbd");
+    DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-rbd-encryption", "6.0.0");
+    DO_TEST_CAPS_LATEST("disk-network-rbd-encryption");
     DO_TEST_CAPS_VER_FAILURE("disk-network-rbd-no-colon", "4.1.0");
     DO_TEST_CAPS_LATEST("disk-network-rbd-no-colon");
     DO_TEST_CAPS_VER("disk-network-sheepdog", "2.12.0");
diff --git a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-la=
test.xml b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-late=
st.xml
new file mode 100644
index 0000000000..a91504202a
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
@@ -0,0 +1,83 @@
+<domain type=3D'qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>524288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-2.1'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <cpu mode=3D'custom' match=3D'exact' check=3D'none'>
+    <model fallback=3D'forbid'>qemu64</model>
+  </cpu>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'qemu'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vda' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x02' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'qemu'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdc' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image2'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks2' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdd' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x06' f=
unction=3D'0x0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0' model=3D'piix3-uhci'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 69363ef85c..290ab1bed1 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -315,6 +315,7 @@ mymain(void)
             QEMU_CAPS_SCSI_BLOCK);
     DO_TEST_NOCAPS("disk-network-gluster");
     DO_TEST_NOCAPS("disk-network-rbd");
+    DO_TEST_CAPS_LATEST("disk-network-rbd-encryption");
     DO_TEST_NOCAPS("disk-network-source-auth");
     DO_TEST_NOCAPS("disk-network-sheepdog");
     DO_TEST_NOCAPS("disk-network-vxhs");
--=20
2.25.1