From nobody Sat Apr 27 00:36:00 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1633636310848944.6453265967401;
 Thu, 7 Oct 2021 12:51:50 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-163-QAU6fjf-Paav_6rWHOO9WQ-1; Thu, 07 Oct 2021 15:51:48 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3A8225721D;
	Thu,  7 Oct 2021 19:51:40 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B57261E6E6D;
	Thu,  7 Oct 2021 19:51:39 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 03FBE4EA38;
	Thu,  7 Oct 2021 19:51:38 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
	[10.11.54.4])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 197JS7lm031014 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 7 Oct 2021 15:28:07 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 49F5B202696C; Thu,  7 Oct 2021 19:28:07 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 3B9682027EB4
	for <libvir-list@redhat.com>; Thu,  7 Oct 2021 19:28:01 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[207.211.31.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A8F7C91B3E9
	for <libvir-list@redhat.com>; Thu,  7 Oct 2021 19:21:33 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-461-oxOJ3gR9NjKBtKE8w2wN6Q-1; Thu, 07 Oct 2021 15:21:32 -0400
Received: from pps.filterd (m0098420.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	197J2fGA022834
	for <libvir-list@redhat.com>; Thu, 7 Oct 2021 15:21:31 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bj6pxgavh-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Thu, 07 Oct 2021 15:21:31 -0400
Received: from m0098420.ppops.net (m0098420.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 197J2f2c022760
	for <libvir-list@redhat.com>; Thu, 7 Oct 2021 15:21:30 -0400
Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com
	[169.63.214.131])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bj6pxgav8-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Thu, 07 Oct 2021 15:21:30 -0400
Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1])
	by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 197JIFYj016874;
	Thu, 7 Oct 2021 19:21:30 GMT
Received: from b03cxnp08026.gho.boulder.ibm.com
	(b03cxnp08026.gho.boulder.ibm.com [9.17.130.18])
	by ppma01dal.us.ibm.com with ESMTP id 3bef2fhc4y-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Thu, 07 Oct 2021 19:21:29 +0000
Received: from b03ledav001.gho.boulder.ibm.com
	(b03ledav001.gho.boulder.ibm.com [9.17.130.232])
	by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id 197JLRGZ36241764
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Thu, 7 Oct 2021 19:21:27 GMT
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id F25F66E059;
	Thu,  7 Oct 2021 19:21:26 +0000 (GMT)
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 3B25E6E04E;
	Thu,  7 Oct 2021 19:21:26 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
	Thu,  7 Oct 2021 19:21:26 +0000 (GMT)
X-MC-Unique: QAU6fjf-Paav_6rWHOO9WQ-1
X-MC-Unique: oxOJ3gR9NjKBtKE8w2wN6Q-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v4 1/5] qemu: add disk post parse to qemublocktest
Date: Thu,  7 Oct 2021 14:21:17 -0500
Message-Id: <20211007192121.1052752-2-oro@il.ibm.com>
In-Reply-To: <20211007192121.1052752-1-oro@il.ibm.com>
References: <20211007192121.1052752-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: DMN0kPFacbRsk3dRLoOsHToBFct1BPp7
X-Proofpoint-ORIG-GUID: oPF3KJKVte0khFghdlL7rr-ES2fKDcEN
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-07_04,2021-10-07_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	mlxscore=0 lowpriorityscore=0
	malwarescore=0 adultscore=0 suspectscore=0 spamscore=0 phishscore=0
	impostorscore=0 mlxlogscore=999 clxscore=1015 bulkscore=0
	priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110070123
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633636312318100001
Content-Type: text/plain; charset="utf-8"

The post parse callback is part of the real (non-test) processing flow.
This commit adds it (for disks) to the qemublocktest flow as well.
Specifically, this will be needed for tests that use luks encryption,
so that the default encryption engine (which is added in an upcoming commit)
will be overridden by qemu.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
---
 src/qemu/qemu_domain.c |  2 +-
 src/qemu/qemu_domain.h |  3 +++
 tests/qemublocktest.c  | 29 ++++++++++++-----------------
 3 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a755f8678e..288a40bca6 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5259,7 +5259,7 @@ qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDo=
mainDiskDef *disk,
 }
=20
=20
-static int
+int
 qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
                                  unsigned int parseFlags)
 {
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 64f92988b7..0642e44fbc 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -872,6 +872,9 @@ int qemuDomainSecretPrepare(virQEMUDriver *driver,
 int qemuDomainDeviceDefValidateDisk(const virDomainDiskDef *disk,
                                     virQEMUCaps *qemuCaps);
=20
+int qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
+                                     unsigned int parseFlags);
+
 int qemuDomainPrepareChannel(virDomainChrDef *chr,
                              const char *domainChannelTargetDir)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c
index 3e61e923a9..0176fbd3f4 100644
--- a/tests/qemublocktest.c
+++ b/tests/qemublocktest.c
@@ -276,6 +276,9 @@ testQemuDiskXMLToProps(const void *opaque)
                                        VIR_DOMAIN_DEF_PARSE_STATUS)))
         return -1;
=20
+    if (qemuDomainDeviceDiskDefPostParse(disk, 0) < 0)
+        return -1;
+
     if (!(vmdef =3D virDomainDefNew(data->driver->xmlopt)))
         return -1;
=20
@@ -470,32 +473,24 @@ testQemuImageCreateLoadDiskXML(const char *name,
                                virDomainXMLOption *xmlopt)
=20
 {
-    virDomainSnapshotDiskDef *diskdef =3D NULL;
-    g_autoptr(xmlDoc) doc =3D NULL;
-    g_autoptr(xmlXPathContext) ctxt =3D NULL;
-    xmlNodePtr node;
+    virDomainDiskDef *disk =3D NULL;
     g_autofree char *xmlpath =3D NULL;
-    virStorageSource *ret =3D NULL;
+    g_autofree char *xmlstr =3D NULL;
=20
     xmlpath =3D g_strdup_printf("%s%s.xml", testQemuImageCreatePath, name);
=20
-    if (!(doc =3D virXMLParseFileCtxt(xmlpath, &ctxt)))
+    if (virTestLoadFile(xmlpath, &xmlstr) < 0)
         return NULL;
=20
-    if (!(node =3D virXPathNode("//disk", ctxt))) {
-        VIR_TEST_VERBOSE("failed to find <source> element\n");
+    /* qemu stores node names in the status XML portion */
+    if (!(disk =3D virDomainDiskDefParse(xmlstr, xmlopt,
+                                       VIR_DOMAIN_DEF_PARSE_STATUS)))
         return NULL;
-    }
=20
-    diskdef =3D g_new0(virDomainSnapshotDiskDef, 1);
-
-    if (virDomainSnapshotDiskDefParseXML(node, ctxt, diskdef,
-                                         VIR_DOMAIN_DEF_PARSE_STATUS,
-                                         xmlopt) =3D=3D 0)
-        ret =3D g_steal_pointer(&diskdef->src);
+    if (qemuDomainDeviceDiskDefPostParse(disk, 0) < 0)
+        return NULL;
=20
-    virDomainSnapshotDiskDefFree(diskdef);
-    return ret;
+    return disk->src;
 }
=20
=20
--=20
2.25.1

From nobody Sat Apr 27 00:36:00 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1633639444087166.5181705692636;
 Thu, 7 Oct 2021 13:44:04 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-450-Z3rU_q0-NcinqFKrBhcQ-g-1; Thu, 07 Oct 2021 16:43:54 -0400
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E58D0E5185;
	Thu,  7 Oct 2021 20:32:49 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 3E9E96D003;
	Thu,  7 Oct 2021 20:32:49 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7B9274E590;
	Thu,  7 Oct 2021 20:32:47 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
	[10.11.54.4])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 197Jc2bN031962 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 7 Oct 2021 15:38:02 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 1AF7920268FE; Thu,  7 Oct 2021 19:38:02 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 1212F2026D46
	for <libvir-list@redhat.com>; Thu,  7 Oct 2021 19:38:02 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9505910BABA2
	for <libvir-list@redhat.com>; Thu,  7 Oct 2021 19:21:35 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-29-skXftx-MNGOKMwCoVPSgdg-1; Thu, 07 Oct 2021 15:21:31 -0400
Received: from pps.filterd (m0098393.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	197Hb2AR023563
	for <libvir-list@redhat.com>; Thu, 7 Oct 2021 15:21:30 -0400
Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com
	[169.62.189.11])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bhynjm6fp-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Thu, 07 Oct 2021 15:21:30 -0400
Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1])
	by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 197JIMgn004717
	for <libvir-list@redhat.com>; Thu, 7 Oct 2021 19:21:29 GMT
Received: from b03cxnp08027.gho.boulder.ibm.com
	(b03cxnp08027.gho.boulder.ibm.com [9.17.130.19])
	by ppma03dal.us.ibm.com with ESMTP id 3bef2e1ea1-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Thu, 07 Oct 2021 19:21:29 +0000
Received: from b03ledav001.gho.boulder.ibm.com
	(b03ledav001.gho.boulder.ibm.com [9.17.130.232])
	by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id 197JLSS919989180
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK) for <libvir-list@redhat.com>; Thu, 7 Oct 2021 19:21:28 GMT
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id E645A6E04E;
	Thu,  7 Oct 2021 19:21:27 +0000 (GMT)
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 2F5C46E054;
	Thu,  7 Oct 2021 19:21:27 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
	Thu,  7 Oct 2021 19:21:27 +0000 (GMT)
X-MC-Unique: Z3rU_q0-NcinqFKrBhcQ-g-1
X-MC-Unique: skXftx-MNGOKMwCoVPSgdg-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v4 2/5] qemu: capablities: Detect presence of 'rbd-encryption'
	as QEMU_CAPS_RBD_ENCRYPTION
Date: Thu,  7 Oct 2021 14:21:18 -0500
Message-Id: <20211007192121.1052752-3-oro@il.ibm.com>
In-Reply-To: <20211007192121.1052752-1-oro@il.ibm.com>
References: <20211007192121.1052752-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: TE7LglEQ6d7T9FKvnrzRIRIB2Yre0plV
X-Proofpoint-ORIG-GUID: TE7LglEQ6d7T9FKvnrzRIRIB2Yre0plV
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-07_03,2021-10-07_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	phishscore=0 suspectscore=0 spamscore=0 lowpriorityscore=0
	clxscore=1015
	adultscore=0 impostorscore=0 mlxscore=0 bulkscore=0 mlxlogscore=592
	malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110070123
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633639445529100001
Content-Type: text/plain; charset="utf-8"

rbd encryption is new in qemu 6.1.0.
This commit adds capability probing for it.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_capabilities.c                     | 2 ++
 src/qemu/qemu_capabilities.h                     | 1 +
 tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml | 1 +
 3 files changed, 4 insertions(+)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 82687dbf39..ea0734db15 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -644,6 +644,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
               "virtio-mem-pci", /* QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI */
               "memory-backend-file.reserve", /* QEMU_CAPS_MEMORY_BACKEND_R=
ESERVE */
               "piix4.acpi-root-pci-hotplug", /* QEMU_CAPS_PIIX4_ACPI_ROOT_=
PCI_HOTPLUG */
+              "rbd-encryption", /* QEMU_CAPS_RBD_ENCRYPTION */
     );
=20
=20
@@ -1565,6 +1566,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSc=
hemaQueries[] =3D {
     { "blockdev-add/arg-type/+file/$dynamic-auto-read-only", QEMU_CAPS_BLO=
CK_FILE_AUTO_READONLY_DYNAMIC },
     { "blockdev-add/arg-type/+nvme", QEMU_CAPS_DRIVE_NVME },
     { "blockdev-add/arg-type/+file/aio/^io_uring", QEMU_CAPS_AIO_IO_URING =
},
+    { "blockdev-add/arg-type/+rbd/encrypt", QEMU_CAPS_RBD_ENCRYPTION },
     { "blockdev-add/arg-type/discard", QEMU_CAPS_DRIVE_DISCARD },
     { "blockdev-add/arg-type/detect-zeroes", QEMU_CAPS_DRIVE_DETECT_ZEROES=
 },
     { "blockdev-backup", QEMU_CAPS_BLOCKDEV_BACKUP },
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 2bbfc15dc4..674da98539 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -624,6 +624,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for =
syntax-check */
     QEMU_CAPS_DEVICE_VIRTIO_MEM_PCI, /* -device virtio-mem-pci */
     QEMU_CAPS_MEMORY_BACKEND_RESERVE, /* -object memory-backend-*.reserve=
=3D */
     QEMU_CAPS_PIIX4_ACPI_ROOT_PCI_HOTPLUG, /* -M pc PIIX4_PM.acpi-root-pci=
-hotplug */
+    QEMU_CAPS_RBD_ENCRYPTION, /* Ceph RBD encryption support */
=20
     QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_6.1.0.x86_64.xml
index 87b37a2b7c..8180cfd6c2 100644
--- a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
@@ -243,6 +243,7 @@
   <flag name=3D'virtio-mem-pci'/>
   <flag name=3D'memory-backend-file.reserve'/>
   <flag name=3D'piix4.acpi-root-pci-hotplug'/>
+  <flag name=3D'rbd-encryption'/>
   <version>6001000</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>43100243</microcodeVersion>
--=20
2.25.1

From nobody Sat Apr 27 00:36:00 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1633637043911596.0883249221656;
 Thu, 7 Oct 2021 13:04:03 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-300-Dbdx6e6vPwGLgtCDD6gCxQ-1; Thu, 07 Oct 2021 16:04:00 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A3E5CA71C6;
	Thu,  7 Oct 2021 20:02:23 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 4BAAE10372C2;
	Thu,  7 Oct 2021 20:02:21 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id E2E804EA39;
	Thu,  7 Oct 2021 20:02:18 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 197JLaaT030649 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 7 Oct 2021 15:21:36 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id BA6092166B26; Thu,  7 Oct 2021 19:21:36 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B4BC12166B2F
	for <libvir-list@redhat.com>; Thu,  7 Oct 2021 19:21:36 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9606F80A0B6
	for <libvir-list@redhat.com>; Thu,  7 Oct 2021 19:21:36 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-482-CGIQK4H7NMWub0laZ9Sbbw-1; Thu, 07 Oct 2021 15:21:34 -0400
Received: from pps.filterd (m0098414.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	197HX2bZ014738
	for <libvir-list@redhat.com>; Thu, 7 Oct 2021 15:21:33 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bj4gm3srm-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Thu, 07 Oct 2021 15:21:33 -0400
Received: from m0098414.ppops.net (m0098414.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 197Isb0M025851
	for <libvir-list@redhat.com>; Thu, 7 Oct 2021 15:21:32 -0400
Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com
	[169.55.91.170])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bj4gm3sr9-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Thu, 07 Oct 2021 15:21:32 -0400
Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1])
	by ppma02wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 197JHN3c020349;
	Thu, 7 Oct 2021 19:21:32 GMT
Received: from b03cxnp08028.gho.boulder.ibm.com
	(b03cxnp08028.gho.boulder.ibm.com [9.17.130.20])
	by ppma02wdc.us.ibm.com with ESMTP id 3bef2cne1b-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Thu, 07 Oct 2021 19:21:32 +0000
Received: from b03ledav001.gho.boulder.ibm.com
	(b03ledav001.gho.boulder.ibm.com [9.17.130.232])
	by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id 197JLT8Y39780792
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Thu, 7 Oct 2021 19:21:29 GMT
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id EB2026E050;
	Thu,  7 Oct 2021 19:21:28 +0000 (GMT)
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 2535F6E04E;
	Thu,  7 Oct 2021 19:21:28 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
	Thu,  7 Oct 2021 19:21:28 +0000 (GMT)
X-MC-Unique: Dbdx6e6vPwGLgtCDD6gCxQ-1
X-MC-Unique: CGIQK4H7NMWub0laZ9Sbbw-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v4 3/5] conf: add encryption engine property
Date: Thu,  7 Oct 2021 14:21:19 -0500
Message-Id: <20211007192121.1052752-4-oro@il.ibm.com>
In-Reply-To: <20211007192121.1052752-1-oro@il.ibm.com>
References: <20211007192121.1052752-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: RPzjvGDQ4w30MH3kpuey1WXIkzZWmytl
X-Proofpoint-ORIG-GUID: E3xo07wfmpCBIhO284pa3jCObLd2zCZk
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-07_03,2021-10-07_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	clxscore=1015 mlxscore=0
	spamscore=0 mlxlogscore=999 lowpriorityscore=0 impostorscore=0
	malwarescore=0 bulkscore=0 suspectscore=0 phishscore=0
	priorityscore=1501
	adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110070123
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633637046089100001
Content-Type: text/plain; charset="utf-8"

This commit extends libvirt XML configuration to support a custom encryptio=
n engine.
This means that <encryption format=3D"luks" engine=3D"qemu">  becomes valid.
The only engine for now is qemu. However, a new engine (librbd) will be add=
ed in an upcoming commit.
If no engine is specified, qemu will be used (assuming qemu driver is used).

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 docs/formatstorageencryption.html.in          |  6 +++++
 docs/schemas/domainbackup.rng                 |  7 +++++
 docs/schemas/storagecommon.rng                |  7 +++++
 src/conf/storage_encryption_conf.c            | 27 ++++++++++++++++++-
 src/conf/storage_encryption_conf.h            |  9 +++++++
 src/qemu/qemu_block.c                         |  2 ++
 src/qemu/qemu_domain.c                        | 20 ++++++++++++++
 tests/qemustatusxml2xmldata/upgrade-out.xml   |  6 ++---
 tests/qemuxml2argvdata/disk-nvme.xml          |  2 +-
 .../qemuxml2argvdata/encrypted-disk-usage.xml |  2 +-
 tests/qemuxml2argvdata/luks-disks.xml         |  4 +--
 tests/qemuxml2argvdata/user-aliases.xml       |  2 +-
 .../disk-slices.x86_64-latest.xml             |  4 +--
 tests/qemuxml2xmloutdata/encrypted-disk.xml   |  2 +-
 .../luks-disks-source-qcow2.x86_64-latest.xml | 14 +++++-----
 .../qemuxml2xmloutdata/luks-disks-source.xml  | 10 +++----
 16 files changed, 100 insertions(+), 24 deletions(-)

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index 7215c307d7..178fcd0d7c 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -23,6 +23,12 @@
       content of the <code>encryption</code> tag.  Other format values may=
 be
       defined in the future.
     </p>
+    <p>
+      The <code>encryption</code> tag supports an optional <code>engine</c=
ode>
+      tag, which allows selecting which component actually handles
+      the encryption. Currently defined values of <code>engine</code> are
+      <code>qemu</code>.
+    </p>
     <p>
       The <code>encryption</code> tag can currently contain a sequence of
       <code>secret</code> tags, each with mandatory attributes <code>type<=
/code>
diff --git a/docs/schemas/domainbackup.rng b/docs/schemas/domainbackup.rng
index c03455a5a7..05cc28ab00 100644
--- a/docs/schemas/domainbackup.rng
+++ b/docs/schemas/domainbackup.rng
@@ -14,6 +14,13 @@
           <value>luks</value>
         </choice>
       </attribute>
+      <optional>
+        <attribute name=3D"engine">
+          <choice>
+            <value>qemu</value>
+          </choice>
+        </attribute>
+      </optional>
       <interleave>
         <ref name=3D"secret"/>
         <optional>
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 9ebb27700d..60dcfac06c 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -15,6 +15,13 @@
           <value>luks</value>
         </choice>
       </attribute>
+      <optional>
+        <attribute name=3D"engine">
+          <choice>
+            <value>qemu</value>
+          </choice>
+        </attribute>
+      </optional>
       <interleave>
         <ref name=3D"secret"/>
         <optional>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index 9112b96cc7..59178b41ef 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -47,6 +47,11 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
               "default", "qcow", "luks",
 );
=20
+VIR_ENUM_IMPL(virStorageEncryptionEngine,
+              VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+              "default", "qemu",
+);
+
 static void
 virStorageEncryptionInfoDefClear(virStorageEncryptionInfoDef *def)
 {
@@ -120,6 +125,7 @@ virStorageEncryptionCopy(const virStorageEncryption *sr=
c)
     ret->secrets =3D g_new0(virStorageEncryptionSecret *, src->nsecrets);
     ret->nsecrets =3D src->nsecrets;
     ret->format =3D src->format;
+    ret->engine =3D src->engine;
=20
     for (i =3D 0; i < src->nsecrets; i++) {
         if (!(ret->secrets[i] =3D virStorageEncryptionSecretCopy(src->secr=
ets[i])))
@@ -217,6 +223,7 @@ virStorageEncryptionParseNode(xmlNodePtr node,
     xmlNodePtr *nodes =3D NULL;
     virStorageEncryption *encdef =3D NULL;
     virStorageEncryption *ret =3D NULL;
+    g_autofree char *engine_str =3D NULL;
     g_autofree char *format_str =3D NULL;
     int n;
     size_t i;
@@ -239,6 +246,12 @@ virStorageEncryptionParseNode(xmlNodePtr node,
         goto cleanup;
     }
=20
+    if (virXMLPropEnum(node, "engine",
+                       virStorageEncryptionEngineTypeFromString,
+                       VIR_XML_PROP_NONZERO,
+                       &encdef->engine) < 0)
+      goto cleanup;
+
     if ((n =3D virXPathNodeSet("./secret", ctxt, &nodes)) < 0)
         goto cleanup;
=20
@@ -327,6 +340,7 @@ int
 virStorageEncryptionFormat(virBuffer *buf,
                            virStorageEncryption *enc)
 {
+    const char *engine;
     const char *format;
     size_t i;
=20
@@ -335,7 +349,18 @@ virStorageEncryptionFormat(virBuffer *buf,
                        "%s", _("unexpected encryption format"));
         return -1;
     }
-    virBufferAsprintf(buf, "<encryption format=3D'%s'>\n", format);
+    if (enc->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT) {
+        virBufferAsprintf(buf, "<encryption format=3D'%s'>\n", format);
+    } else {
+        if (!(engine =3D virStorageEncryptionEngineTypeToString(enc->engin=
e))) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           "%s", _("unexpected encryption engine"));
+            return -1;
+        }
+        virBufferAsprintf(buf, "<encryption format=3D'%s' engine=3D'%s'>\n=
",
+                          format, engine);
+    }
+
     virBufferAdjustIndent(buf, 2);
=20
     for (i =3D 0; i < enc->nsecrets; i++) {
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index 34adbd5f7b..e0ac0fe4bf 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -51,6 +51,14 @@ struct _virStorageEncryptionInfoDef {
     char *ivgen_hash;
 };
=20
+typedef enum {
+    VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT =3D 0,
+    VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+
+    VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+} virStorageEncryptionEngine;
+VIR_ENUM_DECL(virStorageEncryptionEngine);
+
 typedef enum {
     /* "default" is only valid for volume creation */
     VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT =3D 0,
@@ -63,6 +71,7 @@ VIR_ENUM_DECL(virStorageEncryptionFormat);
=20
 typedef struct _virStorageEncryption virStorageEncryption;
 struct _virStorageEncryption {
+    virStorageEncryptionEngine engine;
     int format; /* virStorageEncryptionFormatType */
     int payload_offset;
=20
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 393d3f44d7..18c5852d2e 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1314,6 +1314,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource=
 *src,
     *encprops =3D NULL;
=20
     if (!src->encryption ||
+        src->encryption->engine !=3D VIR_STORAGE_ENCRYPTION_ENGINE_QEMU ||
         !srcpriv ||
         !srcpriv->encinfo)
         return 0;
@@ -1448,6 +1449,7 @@ qemuBlockStorageSourceGetBlockdevFormatProps(virStora=
geSource *src)
          * put a raw layer on top */
     case VIR_STORAGE_FILE_RAW:
         if (src->encryption &&
+            src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_Q=
EMU &&
             src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_L=
UKS) {
             if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0)
                 return NULL;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 288a40bca6..354f65c6d5 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4811,6 +4811,18 @@ qemuDomainValidateStorageSource(virStorageSource *sr=
c,
         }
     }
=20
+    if (src->encryption) {
+        switch (src->encryption->engine) {
+            case VIR_STORAGE_ENCRYPTION_ENGINE_QEMU:
+                break;
+            case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT:
+            case VIR_STORAGE_ENCRYPTION_ENGINE_LAST:
+                virReportEnumRangeError(virStorageEncryptionEngine,
+                                        src->encryption->engine);
+                return -1;
+        }
+    }
+
     return 0;
 }
=20
@@ -5263,6 +5275,8 @@ int
 qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
                                  unsigned int parseFlags)
 {
+    virStorageSource *n;
+
     /* set default disk types and drivers */
     if (!virDomainDiskGetDriver(disk))
         virDomainDiskSetDriver(disk, "qemu");
@@ -5277,6 +5291,12 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *d=
isk,
         disk->mirror->format =3D=3D VIR_STORAGE_FILE_NONE)
         disk->mirror->format =3D VIR_STORAGE_FILE_RAW;
=20
+    /* default disk encryption engine */
+    for (n =3D disk->src; virStorageSourceIsBacking(n); n =3D n->backingSt=
ore) {
+        if (n->encryption && n->encryption->engine =3D=3D VIR_STORAGE_ENCR=
YPTION_ENGINE_DEFAULT)
+            n->encryption->engine =3D VIR_STORAGE_ENCRYPTION_ENGINE_QEMU;
+    }
+
     if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, parseFlags) =
< 0)
         return -1;
=20
diff --git a/tests/qemustatusxml2xmldata/upgrade-out.xml b/tests/qemustatus=
xml2xmldata/upgrade-out.xml
index f9476731f6..5218092cb9 100644
--- a/tests/qemustatusxml2xmldata/upgrade-out.xml
+++ b/tests/qemustatusxml2xmldata/upgrade-out.xml
@@ -316,7 +316,7 @@
       <disk type=3D'file' device=3D'disk'>
         <driver name=3D'qemu' type=3D'qcow2'/>
         <source file=3D'/var/lib/libvirt/images/b.qcow2'>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
           <privateData>
@@ -333,7 +333,7 @@
       <disk type=3D'file' device=3D'disk'>
         <driver name=3D'qemu' type=3D'qcow2'/>
         <source file=3D'/var/lib/libvirt/images/c.qcow2'>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
           <privateData>
@@ -354,7 +354,7 @@
           <auth username=3D'testuser-iscsi'>
             <secret type=3D'iscsi' usage=3D'testuser-iscsi-secret'/>
           </auth>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
           <privateData>
diff --git a/tests/qemuxml2argvdata/disk-nvme.xml b/tests/qemuxml2argvdata/=
disk-nvme.xml
index 1ccbbfd598..9a5fafce7d 100644
--- a/tests/qemuxml2argvdata/disk-nvme.xml
+++ b/tests/qemuxml2argvdata/disk-nvme.xml
@@ -42,7 +42,7 @@
       <driver name=3D'qemu' type=3D'qcow2' cache=3D'none'/>
       <source type=3D'pci' managed=3D'no' namespace=3D'2'>
         <address domain=3D'0x0001' bus=3D'0x02' slot=3D'0x00' function=3D'=
0x0'/>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
diff --git a/tests/qemuxml2argvdata/encrypted-disk-usage.xml b/tests/qemuxm=
l2argvdata/encrypted-disk-usage.xml
index 7c2da9ee83..d2b87b94b6 100644
--- a/tests/qemuxml2argvdata/encrypted-disk-usage.xml
+++ b/tests/qemuxml2argvdata/encrypted-disk-usage.xml
@@ -18,7 +18,7 @@
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk'/>
       <target dev=3D'vda' bus=3D'virtio'/>
-      <encryption format=3D'luks'>
+      <encryption format=3D'luks' engine=3D'qemu'>
         <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryptd=
isk'/>
       </encryption>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
diff --git a/tests/qemuxml2argvdata/luks-disks.xml b/tests/qemuxml2argvdata=
/luks-disks.xml
index ae6d3d996c..1c76f0dc26 100644
--- a/tests/qemuxml2argvdata/luks-disks.xml
+++ b/tests/qemuxml2argvdata/luks-disks.xml
@@ -18,7 +18,7 @@
       <driver name=3D'qemu' type=3D'raw'/>
       <source file=3D'/storage/guest_disks/encryptdisk'/>
       <target dev=3D'vda' bus=3D'virtio'/>
-      <encryption format=3D'luks'>
+      <encryption format=3D'luks' engine=3D'qemu'>
         <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2=
f80d6f'/>
       </encryption>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
@@ -27,7 +27,7 @@
       <driver name=3D'qemu' type=3D'raw'/>
       <source file=3D'/storage/guest_disks/encryptdisk2'/>
       <target dev=3D'vdb' bus=3D'virtio'/>
-      <encryption format=3D'luks'>
+      <encryption format=3D'luks' engine=3D'qemu'>
         <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryptd=
isk2'/>
       </encryption>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05' f=
unction=3D'0x0'/>
diff --git a/tests/qemuxml2argvdata/user-aliases.xml b/tests/qemuxml2argvda=
ta/user-aliases.xml
index 47bfc56e73..10b7749521 100644
--- a/tests/qemuxml2argvdata/user-aliases.xml
+++ b/tests/qemuxml2argvdata/user-aliases.xml
@@ -55,7 +55,7 @@
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/var/lib/libvirt/images/OtherDemo.img'/>
       <target dev=3D'vdb' bus=3D'virtio'/>
-      <encryption format=3D'luks'>
+      <encryption format=3D'luks' engine=3D'qemu'>
         <secret type=3D'passphrase' uuid=3D'e78d4b51-a2af-485f-b0f5-afca70=
9a80f4'/>
       </encryption>
       <alias name=3D'ua-myEncryptedDisk1'/>
diff --git a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml b/tests=
/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
index be5cd25084..a058cbad61 100644
--- a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
@@ -49,7 +49,7 @@
         <slices>
           <slice type=3D'storage' offset=3D'1234' size=3D'321'/>
         </slices>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
@@ -75,7 +75,7 @@
         <slices>
           <slice type=3D'storage' offset=3D'1234' size=3D'321'/>
         </slices>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk.xml b/tests/qemuxml2xm=
loutdata/encrypted-disk.xml
index 06f2c5b47c..e30c8a36e8 100644
--- a/tests/qemuxml2xmloutdata/encrypted-disk.xml
+++ b/tests/qemuxml2xmloutdata/encrypted-disk.xml
@@ -18,7 +18,7 @@
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk'/>
       <target dev=3D'vda' bus=3D'virtio'/>
-      <encryption format=3D'luks'>
+      <encryption format=3D'luks' engine=3D'qemu'>
         <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2=
f80d6f'/>
       </encryption>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest=
.xml b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
index 5f600f5ba7..7f98dd597e 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
@@ -20,7 +20,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
@@ -30,7 +30,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk2'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryp=
tdisk2'/>
         </encryption>
       </source>
@@ -44,7 +44,7 @@
         <auth username=3D'myname'>
           <secret type=3D'iscsi' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2f80=
e80'/>
         </auth>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f77'/>
         </encryption>
       </source>
@@ -54,7 +54,7 @@
     <disk type=3D'volume' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source pool=3D'pool-iscsi' volume=3D'unit:0:0:3' mode=3D'direct'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f80'/>
         </encryption>
       </source>
@@ -67,7 +67,7 @@
         <host name=3D'mon1.example.org' port=3D'6321'/>
         <host name=3D'mon2.example.org' port=3D'6322'/>
         <host name=3D'mon3.example.org' port=3D'6322'/>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
         </encryption>
       </source>
@@ -77,14 +77,14 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk5'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
       <backingStore type=3D'file'>
         <format type=3D'qcow2'/>
         <source file=3D'/storage/guest_disks/base.qcow2'>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
         </source>
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source.xml b/tests/qemuxml=
2xmloutdata/luks-disks-source.xml
index 5333d4ac6e..891b5d9d17 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source.xml
@@ -17,7 +17,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'raw'/>
       <source file=3D'/storage/guest_disks/encryptdisk'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
@@ -27,7 +27,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'raw'/>
       <source file=3D'/storage/guest_disks/encryptdisk2'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryp=
tdisk2'/>
         </encryption>
       </source>
@@ -41,7 +41,7 @@
         <auth username=3D'myname'>
           <secret type=3D'iscsi' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2f80=
e80'/>
         </auth>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f77'/>
         </encryption>
       </source>
@@ -51,7 +51,7 @@
     <disk type=3D'volume' device=3D'disk'>
       <driver name=3D'qemu' type=3D'raw'/>
       <source pool=3D'pool-iscsi' volume=3D'unit:0:0:3' mode=3D'direct'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f80'/>
         </encryption>
       </source>
@@ -64,7 +64,7 @@
         <host name=3D'mon1.example.org' port=3D'6321'/>
         <host name=3D'mon2.example.org' port=3D'6322'/>
         <host name=3D'mon3.example.org' port=3D'6322'/>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
         </encryption>
       </source>
--=20
2.25.1

From nobody Sat Apr 27 00:36:00 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1633637064847657.7094329780865;
 Thu, 7 Oct 2021 13:04:24 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-302-pbIzhy6XOW6_n7unnW_oVg-1; Thu, 07 Oct 2021 16:04:22 -0400
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4F1701009447;
	Thu,  7 Oct 2021 20:03:11 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 460A3A7BB;
	Thu,  7 Oct 2021 20:03:10 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id B97F1180598A;
	Thu,  7 Oct 2021 20:02:49 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 197JLcsd030659 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 7 Oct 2021 15:21:38 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id DDE682166B26; Thu,  7 Oct 2021 19:21:37 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D88672166B2F
	for <libvir-list@redhat.com>; Thu,  7 Oct 2021 19:21:37 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BA73A189FE99
	for <libvir-list@redhat.com>; Thu,  7 Oct 2021 19:21:37 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-326-qPdJ3tcSN2y9a7eWzZQrAA-1; Thu, 07 Oct 2021 15:21:35 -0400
Received: from pps.filterd (m0098394.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	197IVfF1023054
	for <libvir-list@redhat.com>; Thu, 7 Oct 2021 15:21:34 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bj68js0u7-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Thu, 07 Oct 2021 15:21:34 -0400
Received: from m0098394.ppops.net (m0098394.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 197IWWVl030749
	for <libvir-list@redhat.com>; Thu, 7 Oct 2021 15:21:34 -0400
Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com
	[169.62.189.10])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bj68js0u2-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Thu, 07 Oct 2021 15:21:34 -0400
Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1])
	by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 197JIlPE004714;
	Thu, 7 Oct 2021 19:21:33 GMT
Received: from b03cxnp07027.gho.boulder.ibm.com
	(b03cxnp07027.gho.boulder.ibm.com [9.17.130.14])
	by ppma02dal.us.ibm.com with ESMTP id 3bef2e1du5-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Thu, 07 Oct 2021 19:21:33 +0000
Received: from b03ledav001.gho.boulder.ibm.com
	(b03ledav001.gho.boulder.ibm.com [9.17.130.232])
	by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id 197JLU2M35389778
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Thu, 7 Oct 2021 19:21:30 GMT
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id E35886E05D;
	Thu,  7 Oct 2021 19:21:29 +0000 (GMT)
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 345E36E059;
	Thu,  7 Oct 2021 19:21:29 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
	Thu,  7 Oct 2021 19:21:29 +0000 (GMT)
X-MC-Unique: pbIzhy6XOW6_n7unnW_oVg-1
X-MC-Unique: qPdJ3tcSN2y9a7eWzZQrAA-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v4 4/5] qemu: add librbd encryption engine
Date: Thu,  7 Oct 2021 14:21:20 -0500
Message-Id: <20211007192121.1052752-5-oro@il.ibm.com>
In-Reply-To: <20211007192121.1052752-1-oro@il.ibm.com>
References: <20211007192121.1052752-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: N6Cl0pCjqiOUkNk1ptH5fRdL8tOZaX-w
X-Proofpoint-GUID: wdSrt66HspncpWQUmDP83TyiJkcZUUHf
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-07_03,2021-10-07_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	mlxscore=0 bulkscore=0
	suspectscore=0 clxscore=1015 lowpriorityscore=0 spamscore=0
	malwarescore=0
	priorityscore=1501 impostorscore=0 adultscore=0 phishscore=0
	mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110070123
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633637066594100001
Content-Type: text/plain; charset="utf-8"

rbd encryption is new in qemu 6.1.0.
This commit adds a new encryption engine property which
allows the user to use this new encryption engine.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 docs/formatstorageencryption.html.in          |  7 +-
 docs/schemas/storagecommon.rng                |  1 +
 src/conf/storage_encryption_conf.c            |  2 +-
 src/conf/storage_encryption_conf.h            |  1 +
 src/qemu/qemu_block.c                         | 26 +++++++
 src/qemu/qemu_domain.c                        | 34 +++++++++
 ...sk-network-rbd-encryption.x86_64-6.0.0.err |  1 +
 ...-network-rbd-encryption.x86_64-latest.args | 45 ++++++++++++
 .../disk-network-rbd-encryption.xml           | 63 +++++++++++++++++
 tests/qemuxml2argvtest.c                      |  2 +
 ...k-network-rbd-encryption.x86_64-latest.xml | 70 +++++++++++++++++++
 tests/qemuxml2xmltest.c                       |  1 +
 12 files changed, 251 insertions(+), 2 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_=
64-6.0.0.err
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_=
64-latest.args
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
 create mode 100644 tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x8=
6_64-latest.xml

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index 178fcd0d7c..02ee8f8ca3 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -27,7 +27,12 @@
       The <code>encryption</code> tag supports an optional <code>engine</c=
ode>
       tag, which allows selecting which component actually handles
       the encryption. Currently defined values of <code>engine</code> are
-      <code>qemu</code>.
+      <code>qemu</code> and <code>librbd</code>.
+      Both <code>qemu</code> and <code>librbd</code> require using the qem=
u driver.
+      The <code>librbd</code> engine requires qemu version >=3D 6.1.0,
+      and is only applicable for RBD network disks.
+      If the engine tag is not specified, the <code>qemu</code> engine wil=
l be
+      used by default (assuming the qemu driver is used).
     </p>
     <p>
       The <code>encryption</code> tag can currently contain a sequence of
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 60dcfac06c..3ddff02e43 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -19,6 +19,7 @@
         <attribute name=3D"engine">
           <choice>
             <value>qemu</value>
+            <value>librbd</value>
           </choice>
         </attribute>
       </optional>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index 59178b41ef..3c1267ed40 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -49,7 +49,7 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
=20
 VIR_ENUM_IMPL(virStorageEncryptionEngine,
               VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
-              "default", "qemu",
+              "default", "qemu", "librbd",
 );
=20
 static void
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index e0ac0fe4bf..0931618608 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -54,6 +54,7 @@ struct _virStorageEncryptionInfoDef {
 typedef enum {
     VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT =3D 0,
     VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+    VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD,
=20
     VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
 } virStorageEncryptionEngine;
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 18c5852d2e..5b1b5bea2e 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -875,6 +875,8 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src,
     qemuDomainStorageSourcePrivate *srcPriv =3D QEMU_DOMAIN_STORAGE_SOURCE=
_PRIVATE(src);
     g_autoptr(virJSONValue) servers =3D NULL;
     virJSONValue *ret =3D NULL;
+    g_autoptr(virJSONValue) encrypt =3D NULL;
+    const char *encformat;
     const char *username =3D NULL;
     g_autoptr(virJSONValue) authmodes =3D NULL;
     g_autoptr(virJSONValue) mode =3D NULL;
@@ -899,12 +901,36 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *s=
rc,
             return NULL;
     }
=20
+    if (src->encryption &&
+        src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_LIBRB=
D) {
+        switch ((virStorageEncryptionFormatType) src->encryption->format) {
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+                encformat =3D "luks";
+                break;
+
+            case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+            case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+            default:
+                virReportEnumRangeError(virStorageEncryptionFormatType,
+                                        src->encryption->format);
+                return NULL;
+        }
+
+        if (virJSONValueObjectCreate(&encrypt,
+                                     "s:format", encformat,
+                                     "s:key-secret", srcPriv->encinfo->ali=
as,
+                                     NULL) < 0)
+            return NULL;
+    }
+
     if (virJSONValueObjectCreate(&ret,
                                  "s:pool", src->volume,
                                  "s:image", src->path,
                                  "S:snapshot", src->snapshot,
                                  "S:conf", src->configFile,
                                  "A:server", &servers,
+                                 "A:encrypt", &encrypt,
                                  "S:user", username,
                                  "A:auth-client-required", &authmodes,
                                  "S:key-secret", keysecret,
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 354f65c6d5..13869dd79b 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4814,6 +4814,40 @@ qemuDomainValidateStorageSource(virStorageSource *sr=
c,
     if (src->encryption) {
         switch (src->encryption->engine) {
             case VIR_STORAGE_ENCRYPTION_ENGINE_QEMU:
+                switch ((virStorageEncryptionFormatType) src->encryption->=
format) {
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+                        break;
+
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+                    default:
+                        virReportEnumRangeError(virStorageEncryptionFormat=
Type,
+                                                src->encryption->format);
+                        return -1;
+                }
+
+                break;
+            case VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD:
+                if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION)) {
+                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                   _("librbd encryption is not supported b=
y this QEMU binary"));
+                    return -1;
+                }
+
+                switch ((virStorageEncryptionFormatType) src->encryption->=
format) {
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+                        break;
+
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+                    default:
+                        virReportEnumRangeError(virStorageEncryptionFormat=
Type,
+                                                src->encryption->format);
+                        return -1;
+                }
+
                 break;
             case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT:
             case VIR_STORAGE_ENCRYPTION_ENGINE_LAST:
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.=
0.err b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
new file mode 100644
index 0000000000..edd8481a20
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
@@ -0,0 +1 @@
+unsupported configuration: librbd encryption is not supported by this QEMU=
 binary
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-late=
st.args b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.=
args
new file mode 100644
index 0000000000..69837a8003
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
@@ -0,0 +1,45 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/tmp/lib/domain--1-encryptdisk \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/tmp/lib/domain--1-encryptdisk/.local/share \
+XDG_CACHE_HOME=3D/tmp/lib/domain--1-encryptdisk/.cache \
+XDG_CONFIG_HOME=3D/tmp/lib/domain--1-encryptdisk/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3Dencryptdisk,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm=
p/lib/domain--1-encryptdisk/master-key.aes"}' \
+-machine pc-i440fx-2.1,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff,memory-=
backend=3Dpc.ram \
+-cpu qemu64 \
+-m 1024 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}=
' \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-no-acpi \
+-boot strict=3Don \
+-device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \
+-object '{"qom-type":"secret","id":"libvirt-3-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-3-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-3-format-encryption-secret0","file":"libvirt-3-sto=
rage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x2,drive=3Dlibvirt-3-format,id=
=3Dvirtio-disk0,bootindex=3D1 \
+-object '{"qom-type":"secret","id":"libvirt-2-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-2-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-2-format-encryption-secret0","file":"libvirt-2-sto=
rage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Dlibvirt-2-format,id=
=3Dvirtio-disk1 \
+-object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks","ke=
y-secret":"libvirt-1-format-encryption-secret0"},"node-name":"libvirt-1-sto=
rage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw=
","file":"libvirt-1-storage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Dlibvirt-1-format,id=
=3Dvirtio-disk2 \
+-audiodev id=3Daudio1,driver=3Dnone \
+-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x3 \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml b/tests=
/qemuxml2argvdata/disk-network-rbd-encryption.xml
new file mode 100644
index 0000000000..d8c2d3dbe2
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
@@ -0,0 +1,63 @@
+<domain type=3D'qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>524288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-2.1'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vda' bus=3D'virtio'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'qemu'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdc' bus=3D'virtio'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 94aaa2f53e..b14154fd0c 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1349,6 +1349,8 @@ mymain(void)
     DO_TEST_CAPS_LATEST("disk-network-gluster");
     DO_TEST_CAPS_VER("disk-network-rbd", "2.12.0");
     DO_TEST_CAPS_LATEST("disk-network-rbd");
+    DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-rbd-encryption", "6.0.0");
+    DO_TEST_CAPS_LATEST("disk-network-rbd-encryption");
     DO_TEST_CAPS_VER_FAILURE("disk-network-rbd-no-colon", "4.1.0");
     DO_TEST_CAPS_LATEST("disk-network-rbd-no-colon");
     DO_TEST_CAPS_VER("disk-network-sheepdog", "2.12.0");
diff --git a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-la=
test.xml b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-late=
st.xml
new file mode 100644
index 0000000000..d4942718bb
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
@@ -0,0 +1,70 @@
+<domain type=3D'qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>524288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-2.1'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <cpu mode=3D'custom' match=3D'exact' check=3D'none'>
+    <model fallback=3D'forbid'>qemu64</model>
+  </cpu>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'qemu'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vda' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x02' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'qemu'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdc' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05' f=
unction=3D'0x0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0' model=3D'piix3-uhci'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 69363ef85c..290ab1bed1 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -315,6 +315,7 @@ mymain(void)
             QEMU_CAPS_SCSI_BLOCK);
     DO_TEST_NOCAPS("disk-network-gluster");
     DO_TEST_NOCAPS("disk-network-rbd");
+    DO_TEST_CAPS_LATEST("disk-network-rbd-encryption");
     DO_TEST_NOCAPS("disk-network-source-auth");
     DO_TEST_NOCAPS("disk-network-sheepdog");
     DO_TEST_NOCAPS("disk-network-vxhs");
--=20
2.25.1

From nobody Sat Apr 27 00:36:00 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1633637597056902.1951791271449;
 Thu, 7 Oct 2021 13:13:17 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-19-r-VYBPgiN0COSeNNmx_pzw-1; Thu, 07 Oct 2021 16:13:14 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 23E951A272F;
	Thu,  7 Oct 2021 20:06:02 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id CBC1B829D5;
	Thu,  7 Oct 2021 20:06:01 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7B1361806D01;
	Thu,  7 Oct 2021 20:06:01 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 197JLbfD030654 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 7 Oct 2021 15:21:37 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 4ECCB2166B2F; Thu,  7 Oct 2021 19:21:37 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 48C412166B26
	for <libvir-list@redhat.com>; Thu,  7 Oct 2021 19:21:37 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2B36618154E6
	for <libvir-list@redhat.com>; Thu,  7 Oct 2021 19:21:37 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-303-a_Nl2I9yNVKMM2a9wYmkCQ-1; Thu, 07 Oct 2021 15:21:35 -0400
Received: from pps.filterd (m0098413.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	197IcO1w028145
	for <libvir-list@redhat.com>; Thu, 7 Oct 2021 15:21:34 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bhx6dnr0v-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Thu, 07 Oct 2021 15:21:34 -0400
Received: from m0098413.ppops.net (m0098413.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 197JG6x0008479
	for <libvir-list@redhat.com>; Thu, 7 Oct 2021 15:21:34 -0400
Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com
	[169.55.85.253])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bhx6dnr0m-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Thu, 07 Oct 2021 15:21:34 -0400
Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1])
	by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 197JHtjt020346;
	Thu, 7 Oct 2021 19:21:33 GMT
Received: from b03cxnp07027.gho.boulder.ibm.com
	(b03cxnp07027.gho.boulder.ibm.com [9.17.130.14])
	by ppma01wdc.us.ibm.com with ESMTP id 3bef2cndm2-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Thu, 07 Oct 2021 19:21:33 +0000
Received: from b03ledav001.gho.boulder.ibm.com
	(b03ledav001.gho.boulder.ibm.com [9.17.130.232])
	by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id 197JLVZG15204696
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Thu, 7 Oct 2021 19:21:31 GMT
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id E1C5C6E059;
	Thu,  7 Oct 2021 19:21:30 +0000 (GMT)
Received: from b03ledav001.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 2B9BA6E053;
	Thu,  7 Oct 2021 19:21:30 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b03ledav001.gho.boulder.ibm.com (Postfix) with ESMTP;
	Thu,  7 Oct 2021 19:21:30 +0000 (GMT)
X-MC-Unique: r-VYBPgiN0COSeNNmx_pzw-1
X-MC-Unique: a_Nl2I9yNVKMM2a9wYmkCQ-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v4 5/5] conf: add luks2 encryption format
Date: Thu,  7 Oct 2021 14:21:21 -0500
Message-Id: <20211007192121.1052752-6-oro@il.ibm.com>
In-Reply-To: <20211007192121.1052752-1-oro@il.ibm.com>
References: <20211007192121.1052752-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: S5twEGZTx7xtRHlPkwWFeVX3vLtlATDW
X-Proofpoint-GUID: qP7sLkkotCin-PzNUITXo41ikzKL2_87
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.391,
	FMLib:17.0.607.475
	definitions=2021-10-07_04,2021-10-07_02,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	adultscore=0 mlxscore=0
	lowpriorityscore=0 priorityscore=1501 impostorscore=0 malwarescore=0
	suspectscore=0 mlxlogscore=999 spamscore=0 clxscore=1015 bulkscore=0
	phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110070123
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633637598875100001
Content-Type: text/plain; charset="utf-8"

This commit extends libvirt XML configuration to support luks2 encryption f=
ormat.
This means that <encryption format=3D"luks2" engine=3D"librbd"> becomes val=
id.
Currently librbd is the only engine that supports this new format.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 docs/formatstorageencryption.html.in             | 12 +++++++++++-
 docs/schemas/storagecommon.rng                   |  1 +
 src/conf/storage_encryption_conf.c               |  2 +-
 src/conf/storage_encryption_conf.h               |  1 +
 src/qemu/qemu_block.c                            |  5 +++++
 src/qemu/qemu_domain.c                           |  5 ++++-
 ...isk-network-rbd-encryption.x86_64-latest.args | 16 ++++++++++------
 .../disk-network-rbd-encryption.xml              | 12 ++++++++++++
 ...disk-network-rbd-encryption.x86_64-latest.xml | 13 +++++++++++++
 9 files changed, 58 insertions(+), 9 deletions(-)

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index 02ee8f8ca3..6cf1f94a9f 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -18,7 +18,7 @@
       is <code>encryption</code>, with a mandatory
       attribute <code>format</code>.  Currently defined values
       of <code>format</code> are <code>default</code>, <code>qcow</code>,
-      and <code>luks</code>.
+      <code>luks</code>, and <code>luks2</code>.
       Each value of <code>format</code> implies some expectations about the
       content of the <code>encryption</code> tag.  Other format values may=
 be
       defined in the future.
@@ -121,6 +121,16 @@
       </dd>
     </dl>
=20
+    <h3><a id=3D"StorageEncryptionLuks2">"luks2" format</a></h3>
+    <p>
+      The <code>luks2</code> format is currently supported only by the
+      <code>librbd</code> engine, and can only be applied to RBD network d=
isks.
+      <code>luks2</code> encrypted RBD disks can be decrypted by the domai=
n,
+      but creation of such disks is currently not supported through libvir=
t.
+      A single
+      <code>&lt;secret type=3D'passphrase'...&gt;</code> element is expect=
ed.
+    </p>
+
=20
     <h2><a id=3D"example">Examples</a></h2>
=20
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 3ddff02e43..591a158209 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -13,6 +13,7 @@
           <value>default</value>
           <value>qcow</value>
           <value>luks</value>
+          <value>luks2</value>
         </choice>
       </attribute>
       <optional>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index 3c1267ed40..c312236d4c 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -44,7 +44,7 @@ VIR_ENUM_IMPL(virStorageEncryptionSecret,
=20
 VIR_ENUM_IMPL(virStorageEncryptionFormat,
               VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
-              "default", "qcow", "luks",
+              "default", "qcow", "luks", "luks2",
 );
=20
 VIR_ENUM_IMPL(virStorageEncryptionEngine,
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index 0931618608..312599ad44 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -65,6 +65,7 @@ typedef enum {
     VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT =3D 0,
     VIR_STORAGE_ENCRYPTION_FORMAT_QCOW, /* Both qcow and qcow2 */
     VIR_STORAGE_ENCRYPTION_FORMAT_LUKS,
+    VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2,
=20
     VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
 } virStorageEncryptionFormatType;
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 5b1b5bea2e..62c40d39d1 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -908,6 +908,10 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *sr=
c,
                 encformat =3D "luks";
                 break;
=20
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
+                encformat =3D "luks2";
+                break;
+
             case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
             case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
             case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
@@ -1355,6 +1359,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource=
 *src,
         break;
=20
     case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+    case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
     case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
     default:
         virReportEnumRangeError(virStorageEncryptionFormatType,
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 13869dd79b..8c2a5408da 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1228,7 +1228,8 @@ static bool
 qemuDomainDiskHasEncryptionSecret(virStorageSource *src)
 {
     if (!virStorageSourceIsEmpty(src) && src->encryption &&
-        src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS =
&&
+        (src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS=
 ||
+         src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS=
2) &&
         src->encryption->nsecrets > 0)
         return true;
=20
@@ -4820,6 +4821,7 @@ qemuDomainValidateStorageSource(virStorageSource *src,
                         break;
=20
                     case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
                     case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
                     default:
                         virReportEnumRangeError(virStorageEncryptionFormat=
Type,
@@ -4837,6 +4839,7 @@ qemuDomainValidateStorageSource(virStorageSource *src,
=20
                 switch ((virStorageEncryptionFormatType) src->encryption->=
format) {
                     case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
                         break;
=20
                     case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-late=
st.args b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.=
args
index 69837a8003..9b3e8d31b8 100644
--- a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
@@ -27,18 +27,22 @@ XDG_CONFIG_HOME=3D/tmp/lib/domain--1-encryptdisk/.confi=
g \
 -no-acpi \
 -boot strict=3Don \
 -device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \
+-object '{"qom-type":"secret","id":"libvirt-4-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-4-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-4-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-4-format-encryption-secret0","file":"libvirt-4-sto=
rage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x2,drive=3Dlibvirt-4-format,id=
=3Dvirtio-disk0,bootindex=3D1 \
 -object '{"qom-type":"secret","id":"libvirt-3-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
 -blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-3-storage=
","auto-read-only":true,"discard":"unmap"}' \
 -blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-3-format-encryption-secret0","file":"libvirt-3-sto=
rage"}' \
--device virtio-blk-pci,bus=3Dpci.0,addr=3D0x2,drive=3Dlibvirt-3-format,id=
=3Dvirtio-disk0,bootindex=3D1 \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Dlibvirt-3-format,id=
=3Dvirtio-disk1 \
 -object '{"qom-type":"secret","id":"libvirt-2-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
--blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-2-storage=
","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-2-format-encryption-secret0","file":"libvirt-2-sto=
rage"}' \
--device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Dlibvirt-2-format,id=
=3Dvirtio-disk1 \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks","ke=
y-secret":"libvirt-2-format-encryption-secret0"},"node-name":"libvirt-2-sto=
rage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw=
","file":"libvirt-2-storage"}' \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Dlibvirt-2-format,id=
=3Dvirtio-disk2 \
 -object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
--blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks","ke=
y-secret":"libvirt-1-format-encryption-secret0"},"node-name":"libvirt-1-sto=
rage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image2","server":[{"host=
":"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322=
"},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks2","=
key-secret":"libvirt-1-format-encryption-secret0"},"node-name":"libvirt-1-s=
torage","auto-read-only":true,"discard":"unmap"}' \
 -blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw=
","file":"libvirt-1-storage"}' \
--device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Dlibvirt-1-format,id=
=3Dvirtio-disk2 \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x6,drive=3Dlibvirt-1-format,id=
=3Dvirtio-disk3 \
 -audiodev id=3Daudio1,driver=3Dnone \
 -device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x3 \
 -sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml b/tests=
/qemuxml2argvdata/disk-network-rbd-encryption.xml
index d8c2d3dbe2..eeadbfeeba 100644
--- a/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
@@ -50,6 +50,18 @@
       </source>
       <target dev=3D'vdc' bus=3D'virtio'/>
     </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image2'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks2' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdd' bus=3D'virtio'/>
+    </disk>
     <controller type=3D'usb' index=3D'0'>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
     </controller>
diff --git a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-la=
test.xml b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-late=
st.xml
index d4942718bb..a91504202a 100644
--- a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
@@ -56,6 +56,19 @@
       <target dev=3D'vdc' bus=3D'virtio'/>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05' f=
unction=3D'0x0'/>
     </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image2'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks2' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdd' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x06' f=
unction=3D'0x0'/>
+    </disk>
     <controller type=3D'usb' index=3D'0' model=3D'piix3-uhci'>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
     </controller>
--=20
2.25.1