From nobody Sat Feb  7 06:05:09 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1635069186889571.0609869886525;
 Sun, 24 Oct 2021 02:53:06 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-584-kuWDGBFOM-y0OqJ8AVZkhg-1; Sun, 24 Oct 2021 05:53:02 -0400
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A4E681006AA2;
	Sun, 24 Oct 2021 09:52:57 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 87BD569117;
	Sun, 24 Oct 2021 09:52:57 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5765D1818480;
	Sun, 24 Oct 2021 09:52:57 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 19O9pnCU030325 for <libvir-list@listman.util.phx.redhat.com>;
	Sun, 24 Oct 2021 05:51:49 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 5FED51121319; Sun, 24 Oct 2021 09:51:49 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5B1481121315
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 09:51:46 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 896BA800B24
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 09:51:46 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-136-2uR2UUBENDiuxenSgQqrzg-1; Sun, 24 Oct 2021 05:51:44 -0400
Received: from pps.filterd (m0098404.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	19O3L7Tl022703
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:43 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bvygqv1qu-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:43 -0400
Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 19O9gwZu031152
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:42 -0400
Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com
	[169.53.41.122])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bvygqv1qr-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Sun, 24 Oct 2021 05:51:42 -0400
Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1])
	by ppma04dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 19O9loeD001664;
	Sun, 24 Oct 2021 09:51:42 GMT
Received: from b03cxnp07027.gho.boulder.ibm.com
	(b03cxnp07027.gho.boulder.ibm.com [9.17.130.14])
	by ppma04dal.us.ibm.com with ESMTP id 3bva19q4rq-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Sun, 24 Oct 2021 09:51:41 +0000
Received: from b03ledav004.gho.boulder.ibm.com
	(b03ledav004.gho.boulder.ibm.com [9.17.130.235])
	by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id 19O9pdXg35914182
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Sun, 24 Oct 2021 09:51:39 GMT
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 29BEB7805E;
	Sun, 24 Oct 2021 09:51:39 +0000 (GMT)
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 4FF187805C;
	Sun, 24 Oct 2021 09:51:38 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP;
	Sun, 24 Oct 2021 09:51:38 +0000 (GMT)
X-MC-Unique: kuWDGBFOM-y0OqJ8AVZkhg-1
X-MC-Unique: 2uR2UUBENDiuxenSgQqrzg-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v5 1/5] qemu: add disk post parse to qemublocktest
Date: Sun, 24 Oct 2021 04:51:26 -0500
Message-Id: <20211024095130.1171230-2-oro@il.ibm.com>
In-Reply-To: <20211024095130.1171230-1-oro@il.ibm.com>
References: <20211024095130.1171230-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: f7D_izyP2Ey6oaWfmi-XTs35T7LXQi4Y
X-Proofpoint-ORIG-GUID: wx3xfeLoeMzUeer4E6yyCQ-c1GqSBBzA
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.425,
	FMLib:17.0.607.475
	definitions=2021-10-23_08,2021-10-22_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	suspectscore=0
	mlxlogscore=999 lowpriorityscore=0 mlxscore=0 bulkscore=0 phishscore=0
	malwarescore=0 priorityscore=1501 clxscore=1015 spamscore=0
	adultscore=0
	impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110240069
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1635069188107100002
Content-Type: text/plain; charset="utf-8"

The post parse callback is part of the real (non-test) processing flow.
This commit adds it (for disks) to the qemublocktest flow as well.
Specifically, this will be needed for tests that use luks encryption,
so that the default encryption engine (which is added in an upcoming commit)
will be overridden by qemu.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_domain.c |  2 +-
 src/qemu/qemu_domain.h |  3 +++
 tests/qemublocktest.c  | 29 ++++++++++++-----------------
 3 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 1bd3730281..5ff602e3af 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -5218,7 +5218,7 @@ qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDo=
mainDiskDef *disk,
 }
=20
=20
-static int
+int
 qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
                                  unsigned int parseFlags)
 {
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 9cf5d5479e..6728ab047e 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -857,6 +857,9 @@ int qemuDomainSecretPrepare(virQEMUDriver *driver,
 int qemuDomainDeviceDefValidateDisk(const virDomainDiskDef *disk,
                                     virQEMUCaps *qemuCaps);
=20
+int qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
+                                     unsigned int parseFlags);
+
 int qemuDomainPrepareChannel(virDomainChrDef *chr,
                              const char *domainChannelTargetDir)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c
index 3e61e923a9..0176fbd3f4 100644
--- a/tests/qemublocktest.c
+++ b/tests/qemublocktest.c
@@ -276,6 +276,9 @@ testQemuDiskXMLToProps(const void *opaque)
                                        VIR_DOMAIN_DEF_PARSE_STATUS)))
         return -1;
=20
+    if (qemuDomainDeviceDiskDefPostParse(disk, 0) < 0)
+        return -1;
+
     if (!(vmdef =3D virDomainDefNew(data->driver->xmlopt)))
         return -1;
=20
@@ -470,32 +473,24 @@ testQemuImageCreateLoadDiskXML(const char *name,
                                virDomainXMLOption *xmlopt)
=20
 {
-    virDomainSnapshotDiskDef *diskdef =3D NULL;
-    g_autoptr(xmlDoc) doc =3D NULL;
-    g_autoptr(xmlXPathContext) ctxt =3D NULL;
-    xmlNodePtr node;
+    virDomainDiskDef *disk =3D NULL;
     g_autofree char *xmlpath =3D NULL;
-    virStorageSource *ret =3D NULL;
+    g_autofree char *xmlstr =3D NULL;
=20
     xmlpath =3D g_strdup_printf("%s%s.xml", testQemuImageCreatePath, name);
=20
-    if (!(doc =3D virXMLParseFileCtxt(xmlpath, &ctxt)))
+    if (virTestLoadFile(xmlpath, &xmlstr) < 0)
         return NULL;
=20
-    if (!(node =3D virXPathNode("//disk", ctxt))) {
-        VIR_TEST_VERBOSE("failed to find <source> element\n");
+    /* qemu stores node names in the status XML portion */
+    if (!(disk =3D virDomainDiskDefParse(xmlstr, xmlopt,
+                                       VIR_DOMAIN_DEF_PARSE_STATUS)))
         return NULL;
-    }
=20
-    diskdef =3D g_new0(virDomainSnapshotDiskDef, 1);
-
-    if (virDomainSnapshotDiskDefParseXML(node, ctxt, diskdef,
-                                         VIR_DOMAIN_DEF_PARSE_STATUS,
-                                         xmlopt) =3D=3D 0)
-        ret =3D g_steal_pointer(&diskdef->src);
+    if (qemuDomainDeviceDiskDefPostParse(disk, 0) < 0)
+        return NULL;
=20
-    virDomainSnapshotDiskDefFree(diskdef);
-    return ret;
+    return disk->src;
 }
=20
=20
--=20
2.25.1

From nobody Sat Feb  7 06:05:09 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1635069243663338.76218350209865;
 Sun, 24 Oct 2021 02:54:03 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-397-KsMdB2cwP1SPY4p19gbPSQ-1; Sun, 24 Oct 2021 05:53:05 -0400
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 58577801B0C;
	Sun, 24 Oct 2021 09:53:00 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 389725C25D;
	Sun, 24 Oct 2021 09:53:00 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 03AE34EA29;
	Sun, 24 Oct 2021 09:53:00 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 19O9pnM9030326 for <libvir-list@listman.util.phx.redhat.com>;
	Sun, 24 Oct 2021 05:51:49 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 5FE161121318; Sun, 24 Oct 2021 09:51:49 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5B0931121314
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 09:51:48 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 42041185A7A4
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 09:51:48 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-192-7_69P2KkPli3jK-oJOhJXg-1; Sun, 24 Oct 2021 05:51:46 -0400
Received: from pps.filterd (m0098419.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	19O359uG022320
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:45 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bvy97m30k-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:45 -0400
Received: from m0098419.ppops.net (m0098419.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 19O9f6YE023644
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:45 -0400
Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com
	[169.63.121.186])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bvy97m30e-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Sun, 24 Oct 2021 05:51:45 -0400
Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1])
	by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 19O9mDwR004466;
	Sun, 24 Oct 2021 09:51:44 GMT
Received: from b03cxnp08025.gho.boulder.ibm.com
	(b03cxnp08025.gho.boulder.ibm.com [9.17.130.17])
	by ppma03wdc.us.ibm.com with ESMTP id 3bva19m4b5-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Sun, 24 Oct 2021 09:51:44 +0000
Received: from b03ledav004.gho.boulder.ibm.com
	(b03ledav004.gho.boulder.ibm.com [9.17.130.235])
	by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id 19O9pfbG42336620
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Sun, 24 Oct 2021 09:51:41 GMT
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id BF61178064;
	Sun, 24 Oct 2021 09:51:41 +0000 (GMT)
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id E5BD27805C;
	Sun, 24 Oct 2021 09:51:40 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP;
	Sun, 24 Oct 2021 09:51:40 +0000 (GMT)
X-MC-Unique: KsMdB2cwP1SPY4p19gbPSQ-1
X-MC-Unique: 7_69P2KkPli3jK-oJOhJXg-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v5 2/5] qemu: capablities: Detect presence of 'rbd-encryption'
	as QEMU_CAPS_RBD_ENCRYPTION
Date: Sun, 24 Oct 2021 04:51:27 -0500
Message-Id: <20211024095130.1171230-3-oro@il.ibm.com>
In-Reply-To: <20211024095130.1171230-1-oro@il.ibm.com>
References: <20211024095130.1171230-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: NJFUmMh4HcSHXrjInCYISSq9vz97ydKA
X-Proofpoint-ORIG-GUID: kxDwqgy5OyvNoadZYWJi_D3EAVgc4ypr
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.425,
	FMLib:17.0.607.475
	definitions=2021-10-23_08,2021-10-22_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	clxscore=1015 spamscore=0
	mlxlogscore=609 suspectscore=0 phishscore=0 adultscore=0 malwarescore=0
	mlxscore=0 impostorscore=0 bulkscore=0 priorityscore=1501
	lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110240069
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1635069244362100001
Content-Type: text/plain; charset="utf-8"

rbd encryption is new in qemu 6.1.0.
This commit adds capability probing for it.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_capabilities.c                     | 2 ++
 src/qemu/qemu_capabilities.h                     | 1 +
 tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml | 1 +
 tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml | 1 +
 4 files changed, 5 insertions(+)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index cddd39924d..6e72a18455 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -651,6 +651,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
               "chardev.json", /* QEMU_CAPS_CHARDEV_JSON */
               "device.json", /* QEMU_CAPS_DEVICE_JSON */
               "query-dirty-rate", /* QEMU_CAPS_QUERY_DIRTY_RATE */
+              "rbd-encryption", /* QEMU_CAPS_RBD_ENCRYPTION */
     );
=20
=20
@@ -1561,6 +1562,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSc=
hemaQueries[] =3D {
     { "blockdev-add/arg-type/+file/$dynamic-auto-read-only", QEMU_CAPS_BLO=
CK_FILE_AUTO_READONLY_DYNAMIC },
     { "blockdev-add/arg-type/+nvme", QEMU_CAPS_DRIVE_NVME },
     { "blockdev-add/arg-type/+file/aio/^io_uring", QEMU_CAPS_AIO_IO_URING =
},
+    { "blockdev-add/arg-type/+rbd/encrypt", QEMU_CAPS_RBD_ENCRYPTION },
     { "blockdev-add/arg-type/discard", QEMU_CAPS_DRIVE_DISCARD },
     { "blockdev-add/arg-type/detect-zeroes", QEMU_CAPS_DRIVE_DETECT_ZEROES=
 },
     { "blockdev-backup", QEMU_CAPS_BLOCKDEV_BACKUP },
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index bb53d9ae46..338470ac5d 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -631,6 +631,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for =
syntax-check */
     QEMU_CAPS_CHARDEV_JSON, /* -chardev accepts JSON */
     QEMU_CAPS_DEVICE_JSON, /* -device accepts JSON */
     QEMU_CAPS_QUERY_DIRTY_RATE, /* accepts query-dirty-rate */
+    QEMU_CAPS_RBD_ENCRYPTION, /* Ceph RBD encryption support */
=20
     QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_6.1.0.x86_64.xml
index 98c2fcedce..e60ed4705b 100644
--- a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml
@@ -240,6 +240,7 @@
   <flag name=3D'piix4.acpi-root-pci-hotplug'/>
   <flag name=3D'ich9.acpi-hotplug-bridge'/>
   <flag name=3D'query-dirty-rate'/>
+  <flag name=3D'rbd-encryption'/>
   <version>6001000</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>43100243</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml b/tests/qemuc=
apabilitiesdata/caps_6.2.0.x86_64.xml
index 5a46da0a6a..5622745347 100644
--- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
@@ -241,6 +241,7 @@
   <flag name=3D'ich9.acpi-hotplug-bridge'/>
   <flag name=3D'device.json'/>
   <flag name=3D'query-dirty-rate'/>
+  <flag name=3D'rbd-encryption'/>
   <version>6001050</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>43100244</microcodeVersion>
--=20
2.25.1

From nobody Sat Feb  7 06:05:09 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1635069192444864.5784179038674;
 Sun, 24 Oct 2021 02:53:12 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-318-yjjZv3y1MeOKv7GD-6SRTQ-1; Sun, 24 Oct 2021 05:53:09 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9362210A8E04;
	Sun, 24 Oct 2021 09:53:04 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 76133101F6D5;
	Sun, 24 Oct 2021 09:53:04 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 409391832DD2;
	Sun, 24 Oct 2021 09:53:04 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
	[10.11.54.5])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 19O9ptle030357 for <libvir-list@listman.util.phx.redhat.com>;
	Sun, 24 Oct 2021 05:51:55 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 29E1651DD; Sun, 24 Oct 2021 09:51:55 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 2366851DC
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 09:51:52 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4D6571066559
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 09:51:52 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-9-oERrBd9fPYCD0GuqEkiqUA-1; Sun, 24 Oct 2021 05:51:50 -0400
Received: from pps.filterd (m0098410.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	19O6CYAR003883
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:49 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bvycyc52w-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:48 -0400
Received: from m0098410.ppops.net (m0098410.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 19O9oHBL012439
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:48 -0400
Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com
	[169.62.189.11])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bvycyc52s-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Sun, 24 Oct 2021 05:51:48 -0400
Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1])
	by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 19O9liVa017539;
	Sun, 24 Oct 2021 09:51:47 GMT
Received: from b03cxnp08027.gho.boulder.ibm.com
	(b03cxnp08027.gho.boulder.ibm.com [9.17.130.19])
	by ppma03dal.us.ibm.com with ESMTP id 3bva19y4u3-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Sun, 24 Oct 2021 09:51:47 +0000
Received: from b03ledav004.gho.boulder.ibm.com
	(b03ledav004.gho.boulder.ibm.com [9.17.130.235])
	by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id 19O9pigZ18154002
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Sun, 24 Oct 2021 09:51:44 GMT
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id A1A4F7805F;
	Sun, 24 Oct 2021 09:51:44 +0000 (GMT)
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id AC3A87805C;
	Sun, 24 Oct 2021 09:51:43 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP;
	Sun, 24 Oct 2021 09:51:43 +0000 (GMT)
X-MC-Unique: yjjZv3y1MeOKv7GD-6SRTQ-1
X-MC-Unique: oERrBd9fPYCD0GuqEkiqUA-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v5 3/5] conf: add encryption engine property
Date: Sun, 24 Oct 2021 04:51:28 -0500
Message-Id: <20211024095130.1171230-4-oro@il.ibm.com>
In-Reply-To: <20211024095130.1171230-1-oro@il.ibm.com>
References: <20211024095130.1171230-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: kdzcU_kMEQlJsnm7zk7yutijWQedPJ6-
X-Proofpoint-GUID: E1Ot5O3zI6DTRE8DMM-ecDm0-PMfTdqa
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.425,
	FMLib:17.0.607.475
	definitions=2021-10-23_08,2021-10-22_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	lowpriorityscore=0
	adultscore=0 spamscore=0 malwarescore=0 suspectscore=0 mlxlogscore=999
	clxscore=1015 phishscore=0 priorityscore=1501 mlxscore=0
	impostorscore=0
	bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110240069
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1635069194220100001
Content-Type: text/plain; charset="utf-8"

This commit extends libvirt XML configuration to support a custom encryptio=
n engine.
This means that <encryption format=3D"luks" engine=3D"qemu">  becomes valid.
The only engine for now is qemu. However, a new engine (librbd) will be add=
ed in an upcoming commit.
If no engine is specified, qemu will be used (assuming qemu driver is used).

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 docs/formatstorageencryption.html.in          |  6 +++++
 docs/schemas/domainbackup.rng                 |  7 +++++
 docs/schemas/storagecommon.rng                |  7 +++++
 src/conf/storage_encryption_conf.c            | 26 ++++++++++++++++++-
 src/conf/storage_encryption_conf.h            |  9 +++++++
 src/qemu/qemu_block.c                         |  2 ++
 src/qemu/qemu_domain.c                        | 20 ++++++++++++++
 tests/qemustatusxml2xmldata/upgrade-out.xml   |  6 ++---
 tests/qemuxml2argvdata/disk-nvme.xml          |  2 +-
 .../qemuxml2argvdata/encrypted-disk-usage.xml |  2 +-
 tests/qemuxml2argvdata/luks-disks.xml         |  4 +--
 tests/qemuxml2argvdata/user-aliases.xml       |  2 +-
 .../disk-slices.x86_64-latest.xml             |  4 +--
 tests/qemuxml2xmloutdata/encrypted-disk.xml   |  2 +-
 .../luks-disks-source-qcow2.x86_64-latest.xml | 14 +++++-----
 .../qemuxml2xmloutdata/luks-disks-source.xml  | 10 +++----
 16 files changed, 99 insertions(+), 24 deletions(-)

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index 7215c307d7..178fcd0d7c 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -23,6 +23,12 @@
       content of the <code>encryption</code> tag.  Other format values may=
 be
       defined in the future.
     </p>
+    <p>
+      The <code>encryption</code> tag supports an optional <code>engine</c=
ode>
+      tag, which allows selecting which component actually handles
+      the encryption. Currently defined values of <code>engine</code> are
+      <code>qemu</code>.
+    </p>
     <p>
       The <code>encryption</code> tag can currently contain a sequence of
       <code>secret</code> tags, each with mandatory attributes <code>type<=
/code>
diff --git a/docs/schemas/domainbackup.rng b/docs/schemas/domainbackup.rng
index c03455a5a7..05cc28ab00 100644
--- a/docs/schemas/domainbackup.rng
+++ b/docs/schemas/domainbackup.rng
@@ -14,6 +14,13 @@
           <value>luks</value>
         </choice>
       </attribute>
+      <optional>
+        <attribute name=3D"engine">
+          <choice>
+            <value>qemu</value>
+          </choice>
+        </attribute>
+      </optional>
       <interleave>
         <ref name=3D"secret"/>
         <optional>
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 9ebb27700d..60dcfac06c 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -15,6 +15,13 @@
           <value>luks</value>
         </choice>
       </attribute>
+      <optional>
+        <attribute name=3D"engine">
+          <choice>
+            <value>qemu</value>
+          </choice>
+        </attribute>
+      </optional>
       <interleave>
         <ref name=3D"secret"/>
         <optional>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index 9112b96cc7..7fd601e4a2 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -47,6 +47,11 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
               "default", "qcow", "luks",
 );
=20
+VIR_ENUM_IMPL(virStorageEncryptionEngine,
+              VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+              "default", "qemu",
+);
+
 static void
 virStorageEncryptionInfoDefClear(virStorageEncryptionInfoDef *def)
 {
@@ -120,6 +125,7 @@ virStorageEncryptionCopy(const virStorageEncryption *sr=
c)
     ret->secrets =3D g_new0(virStorageEncryptionSecret *, src->nsecrets);
     ret->nsecrets =3D src->nsecrets;
     ret->format =3D src->format;
+    ret->engine =3D src->engine;
=20
     for (i =3D 0; i < src->nsecrets; i++) {
         if (!(ret->secrets[i] =3D virStorageEncryptionSecretCopy(src->secr=
ets[i])))
@@ -239,6 +245,12 @@ virStorageEncryptionParseNode(xmlNodePtr node,
         goto cleanup;
     }
=20
+    if (virXMLPropEnum(node, "engine",
+                       virStorageEncryptionEngineTypeFromString,
+                       VIR_XML_PROP_NONZERO,
+                       &encdef->engine) < 0)
+      goto cleanup;
+
     if ((n =3D virXPathNodeSet("./secret", ctxt, &nodes)) < 0)
         goto cleanup;
=20
@@ -327,6 +339,7 @@ int
 virStorageEncryptionFormat(virBuffer *buf,
                            virStorageEncryption *enc)
 {
+    const char *engine;
     const char *format;
     size_t i;
=20
@@ -335,7 +348,18 @@ virStorageEncryptionFormat(virBuffer *buf,
                        "%s", _("unexpected encryption format"));
         return -1;
     }
-    virBufferAsprintf(buf, "<encryption format=3D'%s'>\n", format);
+    if (enc->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT) {
+        virBufferAsprintf(buf, "<encryption format=3D'%s'>\n", format);
+    } else {
+        if (!(engine =3D virStorageEncryptionEngineTypeToString(enc->engin=
e))) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           "%s", _("unexpected encryption engine"));
+            return -1;
+        }
+        virBufferAsprintf(buf, "<encryption format=3D'%s' engine=3D'%s'>\n=
",
+                          format, engine);
+    }
+
     virBufferAdjustIndent(buf, 2);
=20
     for (i =3D 0; i < enc->nsecrets; i++) {
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index 34adbd5f7b..e0ac0fe4bf 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -51,6 +51,14 @@ struct _virStorageEncryptionInfoDef {
     char *ivgen_hash;
 };
=20
+typedef enum {
+    VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT =3D 0,
+    VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+
+    VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
+} virStorageEncryptionEngine;
+VIR_ENUM_DECL(virStorageEncryptionEngine);
+
 typedef enum {
     /* "default" is only valid for volume creation */
     VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT =3D 0,
@@ -63,6 +71,7 @@ VIR_ENUM_DECL(virStorageEncryptionFormat);
=20
 typedef struct _virStorageEncryption virStorageEncryption;
 struct _virStorageEncryption {
+    virStorageEncryptionEngine engine;
     int format; /* virStorageEncryptionFormatType */
     int payload_offset;
=20
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index b6d6d95692..0e2395278a 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -1314,6 +1314,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource=
 *src,
     *encprops =3D NULL;
=20
     if (!src->encryption ||
+        src->encryption->engine !=3D VIR_STORAGE_ENCRYPTION_ENGINE_QEMU ||
         !srcpriv ||
         !srcpriv->encinfo)
         return 0;
@@ -1448,6 +1449,7 @@ qemuBlockStorageSourceGetBlockdevFormatProps(virStora=
geSource *src)
          * put a raw layer on top */
     case VIR_STORAGE_FILE_RAW:
         if (src->encryption &&
+            src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_Q=
EMU &&
             src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_L=
UKS) {
             if (qemuBlockStorageSourceGetFormatLUKSProps(src, props) < 0)
                 return NULL;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 5ff602e3af..75cc656ed9 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4770,6 +4770,18 @@ qemuDomainValidateStorageSource(virStorageSource *sr=
c,
         }
     }
=20
+    if (src->encryption) {
+        switch (src->encryption->engine) {
+            case VIR_STORAGE_ENCRYPTION_ENGINE_QEMU:
+                break;
+            case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT:
+            case VIR_STORAGE_ENCRYPTION_ENGINE_LAST:
+                virReportEnumRangeError(virStorageEncryptionEngine,
+                                        src->encryption->engine);
+                return -1;
+        }
+    }
+
     return 0;
 }
=20
@@ -5222,6 +5234,8 @@ int
 qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
                                  unsigned int parseFlags)
 {
+    virStorageSource *n;
+
     /* set default disk types and drivers */
     if (!virDomainDiskGetDriver(disk))
         virDomainDiskSetDriver(disk, "qemu");
@@ -5236,6 +5250,12 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *d=
isk,
         disk->mirror->format =3D=3D VIR_STORAGE_FILE_NONE)
         disk->mirror->format =3D VIR_STORAGE_FILE_RAW;
=20
+    /* default disk encryption engine */
+    for (n =3D disk->src; virStorageSourceIsBacking(n); n =3D n->backingSt=
ore) {
+        if (n->encryption && n->encryption->engine =3D=3D VIR_STORAGE_ENCR=
YPTION_ENGINE_DEFAULT)
+            n->encryption->engine =3D VIR_STORAGE_ENCRYPTION_ENGINE_QEMU;
+    }
+
     if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, parseFlags) =
< 0)
         return -1;
=20
diff --git a/tests/qemustatusxml2xmldata/upgrade-out.xml b/tests/qemustatus=
xml2xmldata/upgrade-out.xml
index f9476731f6..5218092cb9 100644
--- a/tests/qemustatusxml2xmldata/upgrade-out.xml
+++ b/tests/qemustatusxml2xmldata/upgrade-out.xml
@@ -316,7 +316,7 @@
       <disk type=3D'file' device=3D'disk'>
         <driver name=3D'qemu' type=3D'qcow2'/>
         <source file=3D'/var/lib/libvirt/images/b.qcow2'>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
           <privateData>
@@ -333,7 +333,7 @@
       <disk type=3D'file' device=3D'disk'>
         <driver name=3D'qemu' type=3D'qcow2'/>
         <source file=3D'/var/lib/libvirt/images/c.qcow2'>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
           <privateData>
@@ -354,7 +354,7 @@
           <auth username=3D'testuser-iscsi'>
             <secret type=3D'iscsi' usage=3D'testuser-iscsi-secret'/>
           </auth>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
           <privateData>
diff --git a/tests/qemuxml2argvdata/disk-nvme.xml b/tests/qemuxml2argvdata/=
disk-nvme.xml
index 1ccbbfd598..9a5fafce7d 100644
--- a/tests/qemuxml2argvdata/disk-nvme.xml
+++ b/tests/qemuxml2argvdata/disk-nvme.xml
@@ -42,7 +42,7 @@
       <driver name=3D'qemu' type=3D'qcow2' cache=3D'none'/>
       <source type=3D'pci' managed=3D'no' namespace=3D'2'>
         <address domain=3D'0x0001' bus=3D'0x02' slot=3D'0x00' function=3D'=
0x0'/>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
diff --git a/tests/qemuxml2argvdata/encrypted-disk-usage.xml b/tests/qemuxm=
l2argvdata/encrypted-disk-usage.xml
index 7c2da9ee83..d2b87b94b6 100644
--- a/tests/qemuxml2argvdata/encrypted-disk-usage.xml
+++ b/tests/qemuxml2argvdata/encrypted-disk-usage.xml
@@ -18,7 +18,7 @@
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk'/>
       <target dev=3D'vda' bus=3D'virtio'/>
-      <encryption format=3D'luks'>
+      <encryption format=3D'luks' engine=3D'qemu'>
         <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryptd=
isk'/>
       </encryption>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
diff --git a/tests/qemuxml2argvdata/luks-disks.xml b/tests/qemuxml2argvdata=
/luks-disks.xml
index ae6d3d996c..1c76f0dc26 100644
--- a/tests/qemuxml2argvdata/luks-disks.xml
+++ b/tests/qemuxml2argvdata/luks-disks.xml
@@ -18,7 +18,7 @@
       <driver name=3D'qemu' type=3D'raw'/>
       <source file=3D'/storage/guest_disks/encryptdisk'/>
       <target dev=3D'vda' bus=3D'virtio'/>
-      <encryption format=3D'luks'>
+      <encryption format=3D'luks' engine=3D'qemu'>
         <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2=
f80d6f'/>
       </encryption>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
@@ -27,7 +27,7 @@
       <driver name=3D'qemu' type=3D'raw'/>
       <source file=3D'/storage/guest_disks/encryptdisk2'/>
       <target dev=3D'vdb' bus=3D'virtio'/>
-      <encryption format=3D'luks'>
+      <encryption format=3D'luks' engine=3D'qemu'>
         <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryptd=
isk2'/>
       </encryption>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05' f=
unction=3D'0x0'/>
diff --git a/tests/qemuxml2argvdata/user-aliases.xml b/tests/qemuxml2argvda=
ta/user-aliases.xml
index 47bfc56e73..10b7749521 100644
--- a/tests/qemuxml2argvdata/user-aliases.xml
+++ b/tests/qemuxml2argvdata/user-aliases.xml
@@ -55,7 +55,7 @@
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/var/lib/libvirt/images/OtherDemo.img'/>
       <target dev=3D'vdb' bus=3D'virtio'/>
-      <encryption format=3D'luks'>
+      <encryption format=3D'luks' engine=3D'qemu'>
         <secret type=3D'passphrase' uuid=3D'e78d4b51-a2af-485f-b0f5-afca70=
9a80f4'/>
       </encryption>
       <alias name=3D'ua-myEncryptedDisk1'/>
diff --git a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml b/tests=
/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
index be5cd25084..a058cbad61 100644
--- a/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/disk-slices.x86_64-latest.xml
@@ -49,7 +49,7 @@
         <slices>
           <slice type=3D'storage' offset=3D'1234' size=3D'321'/>
         </slices>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
@@ -75,7 +75,7 @@
         <slices>
           <slice type=3D'storage' offset=3D'1234' size=3D'321'/>
         </slices>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
diff --git a/tests/qemuxml2xmloutdata/encrypted-disk.xml b/tests/qemuxml2xm=
loutdata/encrypted-disk.xml
index 06f2c5b47c..e30c8a36e8 100644
--- a/tests/qemuxml2xmloutdata/encrypted-disk.xml
+++ b/tests/qemuxml2xmloutdata/encrypted-disk.xml
@@ -18,7 +18,7 @@
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk'/>
       <target dev=3D'vda' bus=3D'virtio'/>
-      <encryption format=3D'luks'>
+      <encryption format=3D'luks' engine=3D'qemu'>
         <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2=
f80d6f'/>
       </encryption>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest=
.xml b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
index 5f600f5ba7..7f98dd597e 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source-qcow2.x86_64-latest.xml
@@ -20,7 +20,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
@@ -30,7 +30,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk2'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryp=
tdisk2'/>
         </encryption>
       </source>
@@ -44,7 +44,7 @@
         <auth username=3D'myname'>
           <secret type=3D'iscsi' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2f80=
e80'/>
         </auth>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f77'/>
         </encryption>
       </source>
@@ -54,7 +54,7 @@
     <disk type=3D'volume' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source pool=3D'pool-iscsi' volume=3D'unit:0:0:3' mode=3D'direct'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f80'/>
         </encryption>
       </source>
@@ -67,7 +67,7 @@
         <host name=3D'mon1.example.org' port=3D'6321'/>
         <host name=3D'mon2.example.org' port=3D'6322'/>
         <host name=3D'mon3.example.org' port=3D'6322'/>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
         </encryption>
       </source>
@@ -77,14 +77,14 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'qcow2'/>
       <source file=3D'/storage/guest_disks/encryptdisk5'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
       <backingStore type=3D'file'>
         <format type=3D'qcow2'/>
         <source file=3D'/storage/guest_disks/base.qcow2'>
-          <encryption format=3D'luks'>
+          <encryption format=3D'luks' engine=3D'qemu'>
             <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21=
ccc2f80d6f'/>
           </encryption>
         </source>
diff --git a/tests/qemuxml2xmloutdata/luks-disks-source.xml b/tests/qemuxml=
2xmloutdata/luks-disks-source.xml
index 5333d4ac6e..891b5d9d17 100644
--- a/tests/qemuxml2xmloutdata/luks-disks-source.xml
+++ b/tests/qemuxml2xmloutdata/luks-disks-source.xml
@@ -17,7 +17,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'raw'/>
       <source file=3D'/storage/guest_disks/encryptdisk'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80d6f'/>
         </encryption>
       </source>
@@ -27,7 +27,7 @@
     <disk type=3D'file' device=3D'disk'>
       <driver name=3D'qemu' type=3D'raw'/>
       <source file=3D'/storage/guest_disks/encryptdisk2'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' usage=3D'/storage/guest_disks/encryp=
tdisk2'/>
         </encryption>
       </source>
@@ -41,7 +41,7 @@
         <auth username=3D'myname'>
           <secret type=3D'iscsi' uuid=3D'0a81f5b2-8403-7b23-c8d6-21ccc2f80=
e80'/>
         </auth>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f77'/>
         </encryption>
       </source>
@@ -51,7 +51,7 @@
     <disk type=3D'volume' device=3D'disk'>
       <driver name=3D'qemu' type=3D'raw'/>
       <source pool=3D'pool-iscsi' volume=3D'unit:0:0:3' mode=3D'direct'>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80f80'/>
         </encryption>
       </source>
@@ -64,7 +64,7 @@
         <host name=3D'mon1.example.org' port=3D'6321'/>
         <host name=3D'mon2.example.org' port=3D'6322'/>
         <host name=3D'mon3.example.org' port=3D'6322'/>
-        <encryption format=3D'luks'>
+        <encryption format=3D'luks' engine=3D'qemu'>
           <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
         </encryption>
       </source>
--=20
2.25.1

From nobody Sat Feb  7 06:05:09 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1635069186028638.6941709193418;
 Sun, 24 Oct 2021 02:53:06 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-541-bK6Oqt5OPbW03ftYlRv3GA-1; Sun, 24 Oct 2021 05:52:07 -0400
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9B19A80A5C0;
	Sun, 24 Oct 2021 09:52:01 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D9A625D9D5;
	Sun, 24 Oct 2021 09:51:59 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 75F6E4A703;
	Sun, 24 Oct 2021 09:51:55 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
	[10.11.54.1])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 19O9pr1e030349 for <libvir-list@listman.util.phx.redhat.com>;
	Sun, 24 Oct 2021 05:51:53 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id A132840CFD11; Sun, 24 Oct 2021 09:51:53 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9AC9A40CFD05
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 09:51:53 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7A4C38032EB
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 09:51:53 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-373-DmBYLOOwP6evWagszEmnIw-1; Sun, 24 Oct 2021 05:51:51 -0400
Received: from pps.filterd (m0098420.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	19O9kXJa016920
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:51 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bvy9pm53m-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:50 -0400
Received: from m0098420.ppops.net (m0098420.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 19O9gtvJ029263
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:50 -0400
Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com
	[169.63.121.186])
	by mx0b-001b2d01.pphosted.com with ESMTP id 3bvy9pm53f-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Sun, 24 Oct 2021 05:51:50 -0400
Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1])
	by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 19O9mDbm004463;
	Sun, 24 Oct 2021 09:51:49 GMT
Received: from b03cxnp07027.gho.boulder.ibm.com
	(b03cxnp07027.gho.boulder.ibm.com [9.17.130.14])
	by ppma03wdc.us.ibm.com with ESMTP id 3bva19m4bv-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Sun, 24 Oct 2021 09:51:49 +0000
Received: from b03ledav004.gho.boulder.ibm.com
	(b03ledav004.gho.boulder.ibm.com [9.17.130.235])
	by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id 19O9pk0O32899350
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Sun, 24 Oct 2021 09:51:47 GMT
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id DCBE17805F;
	Sun, 24 Oct 2021 09:51:46 +0000 (GMT)
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 05BA27805C;
	Sun, 24 Oct 2021 09:51:46 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP;
	Sun, 24 Oct 2021 09:51:45 +0000 (GMT)
X-MC-Unique: bK6Oqt5OPbW03ftYlRv3GA-1
X-MC-Unique: DmBYLOOwP6evWagszEmnIw-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v5 4/5] qemu: add librbd encryption engine
Date: Sun, 24 Oct 2021 04:51:29 -0500
Message-Id: <20211024095130.1171230-5-oro@il.ibm.com>
In-Reply-To: <20211024095130.1171230-1-oro@il.ibm.com>
References: <20211024095130.1171230-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: QnAfAjBfbqn-IiVNHXRlFGlp-n7HgFX7
X-Proofpoint-GUID: P1BkD6squX-SwzRkJysv-73pSAudtsAr
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.425,
	FMLib:17.0.607.475
	definitions=2021-10-23_08,2021-10-22_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	impostorscore=0 mlxscore=0
	spamscore=0 priorityscore=1501 lowpriorityscore=0 adultscore=0
	mlxlogscore=999 clxscore=1015 suspectscore=0 malwarescore=0
	phishscore=0
	bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1
	engine=8.12.0-2109230001 definitions=main-2110240069
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1635069188075100001
Content-Type: text/plain; charset="utf-8"

rbd encryption is new in qemu 6.1.0.
This commit adds a new encryption engine property which
allows the user to use this new encryption engine.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 docs/formatstorageencryption.html.in          | 11 ++-
 docs/schemas/storagecommon.rng                |  1 +
 src/conf/storage_encryption_conf.c            |  2 +-
 src/conf/storage_encryption_conf.h            |  1 +
 src/qemu/qemu_block.c                         | 30 ++++++++
 src/qemu/qemu_domain.c                        | 38 ++++++++++
 ...sk-network-rbd-encryption.x86_64-6.0.0.err |  1 +
 ...-network-rbd-encryption.x86_64-latest.args | 45 ++++++++++++
 .../disk-network-rbd-encryption.xml           | 63 +++++++++++++++++
 tests/qemuxml2argvtest.c                      |  2 +
 ...k-network-rbd-encryption.x86_64-latest.xml | 70 +++++++++++++++++++
 tests/qemuxml2xmltest.c                       |  1 +
 12 files changed, 263 insertions(+), 2 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_=
64-6.0.0.err
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_=
64-latest.args
 create mode 100644 tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
 create mode 100644 tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x8=
6_64-latest.xml

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index 178fcd0d7c..fb04a6a0ad 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -27,7 +27,16 @@
       The <code>encryption</code> tag supports an optional <code>engine</c=
ode>
       tag, which allows selecting which component actually handles
       the encryption. Currently defined values of <code>engine</code> are
-      <code>qemu</code>.
+      <code>qemu</code> and <code>librbd</code>.
+      Both <code>qemu</code> and <code>librbd</code> require using the qemu
+      driver.
+      The <code>librbd</code> engine requires qemu version >=3D 6.1.0,
+      and is only applicable for RBD network disks.
+      If the engine tag is not specified, the <code>qemu</code> engine wil=
l be
+      used by default (assuming the qemu driver is used).
+      Note that <code>librbd</code> engine is currently only supported by =
the
+      qemu VM driver, and is not supported by the storage driver. Furtherm=
ore,
+      the storage driver currently ignores the <code>engine</code> tag.
     </p>
     <p>
       The <code>encryption</code> tag can currently contain a sequence of
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 60dcfac06c..3ddff02e43 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -19,6 +19,7 @@
         <attribute name=3D"engine">
           <choice>
             <value>qemu</value>
+            <value>librbd</value>
           </choice>
         </attribute>
       </optional>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index 7fd601e4a2..d45ad717a0 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -49,7 +49,7 @@ VIR_ENUM_IMPL(virStorageEncryptionFormat,
=20
 VIR_ENUM_IMPL(virStorageEncryptionEngine,
               VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
-              "default", "qemu",
+              "default", "qemu", "librbd",
 );
=20
 static void
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index e0ac0fe4bf..0931618608 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -54,6 +54,7 @@ struct _virStorageEncryptionInfoDef {
 typedef enum {
     VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT =3D 0,
     VIR_STORAGE_ENCRYPTION_ENGINE_QEMU,
+    VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD,
=20
     VIR_STORAGE_ENCRYPTION_ENGINE_LAST,
 } virStorageEncryptionEngine;
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 0e2395278a..4af06aea1b 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -875,6 +875,8 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src,
     qemuDomainStorageSourcePrivate *srcPriv =3D QEMU_DOMAIN_STORAGE_SOURCE=
_PRIVATE(src);
     g_autoptr(virJSONValue) servers =3D NULL;
     virJSONValue *ret =3D NULL;
+    g_autoptr(virJSONValue) encrypt =3D NULL;
+    const char *encformat;
     const char *username =3D NULL;
     g_autoptr(virJSONValue) authmodes =3D NULL;
     g_autoptr(virJSONValue) mode =3D NULL;
@@ -899,12 +901,40 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *s=
rc,
             return NULL;
     }
=20
+    if (src->encryption &&
+        src->encryption->engine =3D=3D VIR_STORAGE_ENCRYPTION_ENGINE_LIBRB=
D) {
+        switch ((virStorageEncryptionFormatType) src->encryption->format) {
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+                encformat =3D "luks";
+                break;
+
+            case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("librbd encryption engine only supports l=
uks/luks2 formats"));
+                return NULL;
+
+            case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+            default:
+                virReportEnumRangeError(virStorageEncryptionFormatType,
+                                        src->encryption->format);
+                return NULL;
+        }
+
+        if (virJSONValueObjectCreate(&encrypt,
+                                     "s:format", encformat,
+                                     "s:key-secret", srcPriv->encinfo->ali=
as,
+                                     NULL) < 0)
+            return NULL;
+    }
+
     if (virJSONValueObjectCreate(&ret,
                                  "s:pool", src->volume,
                                  "s:image", src->path,
                                  "S:snapshot", src->snapshot,
                                  "S:conf", src->configFile,
                                  "A:server", &servers,
+                                 "A:encrypt", &encrypt,
                                  "S:user", username,
                                  "A:auth-client-required", &authmodes,
                                  "S:key-secret", keysecret,
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 75cc656ed9..71cebec4e8 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4773,6 +4773,44 @@ qemuDomainValidateStorageSource(virStorageSource *sr=
c,
     if (src->encryption) {
         switch (src->encryption->engine) {
             case VIR_STORAGE_ENCRYPTION_ENGINE_QEMU:
+                switch ((virStorageEncryptionFormatType) src->encryption->=
format) {
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+                        break;
+
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+                    default:
+                        virReportEnumRangeError(virStorageEncryptionFormat=
Type,
+                                                src->encryption->format);
+                        return -1;
+                }
+
+                break;
+            case VIR_STORAGE_ENCRYPTION_ENGINE_LIBRBD:
+                if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_RBD_ENCRYPTION)) {
+                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                   _("librbd encryption is not supported b=
y this QEMU binary"));
+                    return -1;
+                }
+
+                switch ((virStorageEncryptionFormatType) src->encryption->=
format) {
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+                        break;
+
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
+                        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                       _("librbd encryption engine only su=
pports luks/luks2 formats"));
+                        return -1;
+
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
+                    default:
+                        virReportEnumRangeError(virStorageEncryptionFormat=
Type,
+                                                src->encryption->format);
+                        return -1;
+                }
+
                 break;
             case VIR_STORAGE_ENCRYPTION_ENGINE_DEFAULT:
             case VIR_STORAGE_ENCRYPTION_ENGINE_LAST:
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.=
0.err b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
new file mode 100644
index 0000000000..edd8481a20
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-6.0.0.err
@@ -0,0 +1 @@
+unsupported configuration: librbd encryption is not supported by this QEMU=
 binary
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-late=
st.args b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.=
args
new file mode 100644
index 0000000000..474c245d60
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
@@ -0,0 +1,45 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/tmp/lib/domain--1-encryptdisk \
+USER=3Dtest \
+LOGNAME=3Dtest \
+XDG_DATA_HOME=3D/tmp/lib/domain--1-encryptdisk/.local/share \
+XDG_CACHE_HOME=3D/tmp/lib/domain--1-encryptdisk/.cache \
+XDG_CONFIG_HOME=3D/tmp/lib/domain--1-encryptdisk/.config \
+/usr/bin/qemu-system-x86_64 \
+-name guest=3Dencryptdisk,debug-threads=3Don \
+-S \
+-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/tm=
p/lib/domain--1-encryptdisk/master-key.aes"}' \
+-machine pc-i440fx-2.1,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff,memory-=
backend=3Dpc.ram \
+-cpu qemu64 \
+-m 1024 \
+-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}=
' \
+-overcommit mem-lock=3Doff \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,fd=3D1729,server=3Don,wait=3Doff \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-no-acpi \
+-boot strict=3Don \
+-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0=
x2"}' \
+-object '{"qom-type":"secret","id":"libvirt-3-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-3-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-3-format-encryption-secret0","file":"libvirt-3-sto=
rage"}' \
+-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x2","drive":"li=
bvirt-3-format","id":"virtio-disk0","bootindex":1}' \
+-object '{"qom-type":"secret","id":"libvirt-2-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-2-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-2-format-encryption-secret0","file":"libvirt-2-sto=
rage"}' \
+-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x4","drive":"li=
bvirt-2-format","id":"virtio-disk1"}' \
+-object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks","ke=
y-secret":"libvirt-1-format-encryption-secret0"},"node-name":"libvirt-1-sto=
rage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw=
","file":"libvirt-1-storage"}' \
+-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x5","drive":"li=
bvirt-1-format","id":"virtio-disk2"}' \
+-audiodev id=3Daudio1,driver=3Dnone \
+-device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","add=
r":"0x3"}' \
+-sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
+-msg timestamp=3Don
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml b/tests=
/qemuxml2argvdata/disk-network-rbd-encryption.xml
new file mode 100644
index 0000000000..d8c2d3dbe2
--- /dev/null
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
@@ -0,0 +1,63 @@
+<domain type=3D'qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>524288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-2.1'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vda' bus=3D'virtio'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'qemu'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdc' bus=3D'virtio'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index e209b48fce..df7cfe020e 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1344,6 +1344,8 @@ mymain(void)
     DO_TEST_CAPS_LATEST("disk-network-gluster");
     DO_TEST_CAPS_VER("disk-network-rbd", "2.12.0");
     DO_TEST_CAPS_LATEST("disk-network-rbd");
+    DO_TEST_CAPS_VER_PARSE_ERROR("disk-network-rbd-encryption", "6.0.0");
+    DO_TEST_CAPS_LATEST("disk-network-rbd-encryption");
     DO_TEST_CAPS_VER_FAILURE("disk-network-rbd-no-colon", "4.1.0");
     DO_TEST_CAPS_LATEST("disk-network-rbd-no-colon");
     DO_TEST_CAPS_VER("disk-network-sheepdog", "2.12.0");
diff --git a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-la=
test.xml b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-late=
st.xml
new file mode 100644
index 0000000000..d4942718bb
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
@@ -0,0 +1,70 @@
+<domain type=3D'qemu'>
+  <name>encryptdisk</name>
+  <uuid>496898a6-e6ff-f7c8-5dc2-3cf410945ee9</uuid>
+  <memory unit=3D'KiB'>1048576</memory>
+  <currentMemory unit=3D'KiB'>524288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-2.1'>hvm</type>
+    <boot dev=3D'hd'/>
+  </os>
+  <cpu mode=3D'custom' match=3D'exact' check=3D'none'>
+    <model fallback=3D'forbid'>qemu64</model>
+  </cpu>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'qemu'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vda' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x02' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'qemu'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdb' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x04' f=
unction=3D'0x0'/>
+    </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdc' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05' f=
unction=3D'0x0'/>
+    </disk>
+    <controller type=3D'usb' index=3D'0' model=3D'piix3-uhci'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <audio id=3D'1' type=3D'none'/>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index b0a1212a54..90813f8cd8 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -315,6 +315,7 @@ mymain(void)
             QEMU_CAPS_SCSI_BLOCK);
     DO_TEST_NOCAPS("disk-network-gluster");
     DO_TEST_NOCAPS("disk-network-rbd");
+    DO_TEST_CAPS_LATEST("disk-network-rbd-encryption");
     DO_TEST_NOCAPS("disk-network-source-auth");
     DO_TEST_NOCAPS("disk-network-sheepdog");
     DO_TEST_NOCAPS("disk-network-vxhs");
--=20
2.25.1

From nobody Sat Feb  7 06:05:09 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=il.ibm.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1635069153325692.0040314778507;
 Sun, 24 Oct 2021 02:52:33 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-330-QNgvtSGzPoixy2jclNMBNw-1; Sun, 24 Oct 2021 05:52:28 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 6F75E1006AA2;
	Sun, 24 Oct 2021 09:52:23 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 27C7A1001B3B;
	Sun, 24 Oct 2021 09:52:23 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id C84801806D03;
	Sun, 24 Oct 2021 09:52:21 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com
	[10.11.54.4])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 19O9pxmk030382 for <libvir-list@listman.util.phx.redhat.com>;
	Sun, 24 Oct 2021 05:51:59 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 396E2202696C; Sun, 24 Oct 2021 09:51:59 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 332B82026D60
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 09:51:56 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6258F8556F4
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 09:51:56 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-40-VoUPx-UEN-KMKXDJNPbhdA-1; Sun, 24 Oct 2021 05:51:54 -0400
Received: from pps.filterd (m0098399.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
	19O3K9VI003013
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:53 -0400
Received: from pps.reinject (localhost [127.0.0.1])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bvyg944jf-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:53 -0400
Received: from m0098399.ppops.net (m0098399.ppops.net [127.0.0.1])
	by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 19O9g7Z6000954
	for <libvir-list@redhat.com>; Sun, 24 Oct 2021 05:51:52 -0400
Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com
	[169.47.144.27])
	by mx0a-001b2d01.pphosted.com with ESMTP id 3bvyg944jb-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Sun, 24 Oct 2021 05:51:52 -0400
Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1])
	by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 19O9mKSK029942;
	Sun, 24 Oct 2021 09:51:51 GMT
Received: from b03cxnp08026.gho.boulder.ibm.com
	(b03cxnp08026.gho.boulder.ibm.com [9.17.130.18])
	by ppma05wdc.us.ibm.com with ESMTP id 3bva19c4qr-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Sun, 24 Oct 2021 09:51:51 +0000
Received: from b03ledav004.gho.boulder.ibm.com
	(b03ledav004.gho.boulder.ibm.com [9.17.130.235])
	by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id 19O9pnRr12517768
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=OK); Sun, 24 Oct 2021 09:51:49 GMT
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 016807805C;
	Sun, 24 Oct 2021 09:51:49 +0000 (GMT)
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 27B5078066;
	Sun, 24 Oct 2021 09:51:48 +0000 (GMT)
Received: from oro.sl.cloud9.ibm.com (unknown [9.59.192.176])
	by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP;
	Sun, 24 Oct 2021 09:51:48 +0000 (GMT)
X-MC-Unique: QNgvtSGzPoixy2jclNMBNw-1
X-MC-Unique: VoUPx-UEN-KMKXDJNPbhdA-1
From: Or Ozeri <oro@il.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v5 5/5] conf: add luks2 encryption format
Date: Sun, 24 Oct 2021 04:51:30 -0500
Message-Id: <20211024095130.1171230-6-oro@il.ibm.com>
In-Reply-To: <20211024095130.1171230-1-oro@il.ibm.com>
References: <20211024095130.1171230-1-oro@il.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: G_hsO-J08q1SFITBhM4eKLyhWacJz4BH
X-Proofpoint-ORIG-GUID: VhnIaWu73VzB8JdNsHuN4bxQRwR-kxJb
X-Proofpoint-Virus-Version: vendor=baseguard
	engine=ICAP:2.0.182.1, Aquarius:18.0.790, Hydra:6.0.425,
	FMLib:17.0.607.475
	definitions=2021-10-23_08,2021-10-22_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	malwarescore=0
	lowpriorityscore=0 spamscore=0 impostorscore=0 clxscore=1015
	priorityscore=1501 phishscore=0 mlxscore=0 mlxlogscore=999 adultscore=0
	bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx
	scancount=1
	engine=8.12.0-2109230001 definitions=main-2110240069
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4
X-loop: libvir-list@redhat.com
Cc: idryomov@gmail.com, Or Ozeri <oro@il.ibm.com>, to.my.trociny@gmail.com,
	dannyh@il.ibm.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1635069155136100001
Content-Type: text/plain; charset="utf-8"

This commit extends libvirt XML configuration to support luks2 encryption f=
ormat.
This means that <encryption format=3D"luks2" engine=3D"librbd"> becomes val=
id.
Currently librbd is the only engine that supports this new format.

Signed-off-by: Or Ozeri <oro@il.ibm.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 docs/formatstorageencryption.html.in             | 14 +++++++++++++-
 docs/schemas/storagecommon.rng                   |  1 +
 src/conf/storage_encryption_conf.c               |  2 +-
 src/conf/storage_encryption_conf.h               |  1 +
 src/qemu/qemu_block.c                            |  9 +++++++++
 src/qemu/qemu_domain.c                           |  9 ++++++++-
 ...isk-network-rbd-encryption.x86_64-latest.args | 16 ++++++++++------
 .../disk-network-rbd-encryption.xml              | 12 ++++++++++++
 ...disk-network-rbd-encryption.x86_64-latest.xml | 13 +++++++++++++
 9 files changed, 68 insertions(+), 9 deletions(-)

diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencry=
ption.html.in
index fb04a6a0ad..86d884f93d 100644
--- a/docs/formatstorageencryption.html.in
+++ b/docs/formatstorageencryption.html.in
@@ -18,7 +18,7 @@
       is <code>encryption</code>, with a mandatory
       attribute <code>format</code>.  Currently defined values
       of <code>format</code> are <code>default</code>, <code>qcow</code>,
-      and <code>luks</code>.
+      <code>luks</code>, and <code>luks2</code>.
       Each value of <code>format</code> implies some expectations about the
       content of the <code>encryption</code> tag.  Other format values may=
 be
       defined in the future.
@@ -125,6 +125,18 @@
       </dd>
     </dl>
=20
+    <h3><a id=3D"StorageEncryptionLuks2">"luks2" format</a></h3>
+    <p>
+      The <code>luks2</code> format is currently supported only by the
+      <code>librbd</code> engine, and can only be applied to RBD network d=
isks.
+      Since the <code>librbd</code> engine is currently not supported by t=
he
+      storage driver, you cannot use it to control such disks. However,
+      pre-formatted RBD luks2 disks can be loaded to a qemu VM using the q=
emu
+      VM driver.
+      A single
+      <code>&lt;secret type=3D'passphrase'...&gt;</code> element is expect=
ed.
+    </p>
+
=20
     <h2><a id=3D"example">Examples</a></h2>
=20
diff --git a/docs/schemas/storagecommon.rng b/docs/schemas/storagecommon.rng
index 3ddff02e43..591a158209 100644
--- a/docs/schemas/storagecommon.rng
+++ b/docs/schemas/storagecommon.rng
@@ -13,6 +13,7 @@
           <value>default</value>
           <value>qcow</value>
           <value>luks</value>
+          <value>luks2</value>
         </choice>
       </attribute>
       <optional>
diff --git a/src/conf/storage_encryption_conf.c b/src/conf/storage_encrypti=
on_conf.c
index d45ad717a0..a65ef1f8a2 100644
--- a/src/conf/storage_encryption_conf.c
+++ b/src/conf/storage_encryption_conf.c
@@ -44,7 +44,7 @@ VIR_ENUM_IMPL(virStorageEncryptionSecret,
=20
 VIR_ENUM_IMPL(virStorageEncryptionFormat,
               VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
-              "default", "qcow", "luks",
+              "default", "qcow", "luks", "luks2",
 );
=20
 VIR_ENUM_IMPL(virStorageEncryptionEngine,
diff --git a/src/conf/storage_encryption_conf.h b/src/conf/storage_encrypti=
on_conf.h
index 0931618608..312599ad44 100644
--- a/src/conf/storage_encryption_conf.h
+++ b/src/conf/storage_encryption_conf.h
@@ -65,6 +65,7 @@ typedef enum {
     VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT =3D 0,
     VIR_STORAGE_ENCRYPTION_FORMAT_QCOW, /* Both qcow and qcow2 */
     VIR_STORAGE_ENCRYPTION_FORMAT_LUKS,
+    VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2,
=20
     VIR_STORAGE_ENCRYPTION_FORMAT_LAST,
 } virStorageEncryptionFormatType;
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 4af06aea1b..34fdec2c4b 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -908,6 +908,10 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *sr=
c,
                 encformat =3D "luks";
                 break;
=20
+            case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
+                encformat =3D "luks2";
+                break;
+
             case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
                 virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                                _("librbd encryption engine only supports l=
uks/luks2 formats"));
@@ -1358,6 +1362,11 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSourc=
e *src,
         encformat =3D "luks";
         break;
=20
+    case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("luks2 is currently not supported by the qemu enc=
ryption engine"));
+        return -1;
+
     case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
     case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
     default:
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 71cebec4e8..4080671dd8 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1188,7 +1188,8 @@ static bool
 qemuDomainDiskHasEncryptionSecret(virStorageSource *src)
 {
     if (!virStorageSourceIsEmpty(src) && src->encryption &&
-        src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS =
&&
+        (src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS=
 ||
+         src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS=
2) &&
         src->encryption->nsecrets > 0)
         return true;
=20
@@ -4778,6 +4779,11 @@ qemuDomainValidateStorageSource(virStorageSource *sr=
c,
                     case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
                         break;
=20
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
+                        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                       _("luks2 is currently not supported=
 by the qemu encryption engine"));
+                        return -1;
+
                     case VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT:
                     case VIR_STORAGE_ENCRYPTION_FORMAT_LAST:
                     default:
@@ -4796,6 +4802,7 @@ qemuDomainValidateStorageSource(virStorageSource *src,
=20
                 switch ((virStorageEncryptionFormatType) src->encryption->=
format) {
                     case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS:
+                    case VIR_STORAGE_ENCRYPTION_FORMAT_LUKS2:
                         break;
=20
                     case VIR_STORAGE_ENCRYPTION_FORMAT_QCOW:
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-late=
st.args b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.=
args
index 474c245d60..00f6168e96 100644
--- a/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.x86_64-latest.args
@@ -27,18 +27,22 @@ XDG_CONFIG_HOME=3D/tmp/lib/domain--1-encryptdisk/.confi=
g \
 -no-acpi \
 -boot strict=3Don \
 -device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0=
x2"}' \
+-object '{"qom-type":"secret","id":"libvirt-4-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-4-storage=
","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-4-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-4-format-encryption-secret0","file":"libvirt-4-sto=
rage"}' \
+-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x2","drive":"li=
bvirt-4-format","id":"virtio-disk0","bootindex":1}' \
 -object '{"qom-type":"secret","id":"libvirt-3-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
 -blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-3-storage=
","auto-read-only":true,"discard":"unmap"}' \
 -blockdev '{"node-name":"libvirt-3-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-3-format-encryption-secret0","file":"libvirt-3-sto=
rage"}' \
--device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x2","drive":"li=
bvirt-3-format","id":"virtio-disk0","bootindex":1}' \
+-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x4","drive":"li=
bvirt-3-format","id":"virtio-disk1"}' \
 -object '{"qom-type":"secret","id":"libvirt-2-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
--blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"node-name":"libvirt-2-storage=
","auto-read-only":true,"discard":"unmap"}' \
--blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"luk=
s","key-secret":"libvirt-2-format-encryption-secret0","file":"libvirt-2-sto=
rage"}' \
--device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x4","drive":"li=
bvirt-2-format","id":"virtio-disk1"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks","ke=
y-secret":"libvirt-2-format-encryption-secret0"},"node-name":"libvirt-2-sto=
rage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"node-name":"libvirt-2-format","read-only":false,"driver":"raw=
","file":"libvirt-2-storage"}' \
+-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x5","drive":"li=
bvirt-2-format","id":"virtio-disk2"}' \
 -object '{"qom-type":"secret","id":"libvirt-1-format-encryption-secret0","=
data":"9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1","k=
eyid":"masterKey0","iv":"AAECAwQFBgcICQoLDA0ODw=3D=3D","format":"base64"}' \
--blockdev '{"driver":"rbd","pool":"pool","image":"image","server":[{"host"=
:"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322"=
},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks","ke=
y-secret":"libvirt-1-format-encryption-secret0"},"node-name":"libvirt-1-sto=
rage","auto-read-only":true,"discard":"unmap"}' \
+-blockdev '{"driver":"rbd","pool":"pool","image":"image2","server":[{"host=
":"mon1.example.org","port":"6321"},{"host":"mon2.example.org","port":"6322=
"},{"host":"mon3.example.org","port":"6322"}],"encrypt":{"format":"luks2","=
key-secret":"libvirt-1-format-encryption-secret0"},"node-name":"libvirt-1-s=
torage","auto-read-only":true,"discard":"unmap"}' \
 -blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"raw=
","file":"libvirt-1-storage"}' \
--device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x5","drive":"li=
bvirt-1-format","id":"virtio-disk2"}' \
+-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x6","drive":"li=
bvirt-1-format","id":"virtio-disk3"}' \
 -audiodev id=3Daudio1,driver=3Dnone \
 -device '{"driver":"virtio-balloon-pci","id":"balloon0","bus":"pci.0","add=
r":"0x3"}' \
 -sandbox on,obsolete=3Ddeny,elevateprivileges=3Ddeny,spawn=3Ddeny,resource=
control=3Ddeny \
diff --git a/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml b/tests=
/qemuxml2argvdata/disk-network-rbd-encryption.xml
index d8c2d3dbe2..eeadbfeeba 100644
--- a/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
+++ b/tests/qemuxml2argvdata/disk-network-rbd-encryption.xml
@@ -50,6 +50,18 @@
       </source>
       <target dev=3D'vdc' bus=3D'virtio'/>
     </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image2'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks2' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdd' bus=3D'virtio'/>
+    </disk>
     <controller type=3D'usb' index=3D'0'>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
     </controller>
diff --git a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-la=
test.xml b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-late=
st.xml
index d4942718bb..a91504202a 100644
--- a/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
+++ b/tests/qemuxml2xmloutdata/disk-network-rbd-encryption.x86_64-latest.xml
@@ -56,6 +56,19 @@
       <target dev=3D'vdc' bus=3D'virtio'/>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05' f=
unction=3D'0x0'/>
     </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw'/>
+      <source protocol=3D'rbd' name=3D'pool/image2'>
+        <host name=3D'mon1.example.org' port=3D'6321'/>
+        <host name=3D'mon2.example.org' port=3D'6322'/>
+        <host name=3D'mon3.example.org' port=3D'6322'/>
+        <encryption format=3D'luks2' engine=3D'librbd'>
+          <secret type=3D'passphrase' uuid=3D'0a81f5b2-8403-7b23-c8d6-21cc=
c2f80fb0'/>
+        </encryption>
+      </source>
+      <target dev=3D'vdd' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x06' f=
unction=3D'0x0'/>
+    </disk>
     <controller type=3D'usb' index=3D'0' model=3D'piix3-uhci'>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
     </controller>
--=20
2.25.1