[PATCH 0/7] Support crypto device
Hi, This series supports crypto device, also add support for QEMU. The basic xml schema looks like: <crypto model='virtio' type='qemu'> <backend model='builtin' queues='1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/> </crypto> <crypto model='virtio' type='qemu'> <backend model='lkcf'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/> </crypto> Each patch has been tested by 'ninja -C build test', and launch a QEMU with crypto devices, it works fine. zhenwei pi (7): docs: introduce crypto device conf: support crypto device domain_capabilities: define capabilities for crypto qemu_capabilities: support crypto qemu: alias: support crypto device qemu: command: support crypto device NEWS: Document 'crypto' device NEWS.rst | 3 + docs/formatdomain.rst | 21 ++ src/conf/domain_capabilities.c | 15 ++ src/conf/domain_capabilities.h | 12 ++ src/conf/domain_conf.c | 191 ++++++++++++++++++ src/conf/domain_conf.h | 40 ++++ src/conf/domain_postparse.c | 1 + src/conf/domain_validate.c | 18 ++ src/conf/schemas/domaincaps.rng | 10 + src/conf/virconftypes.h | 2 + src/libvirt_private.syms | 1 + src/qemu/qemu_alias.c | 23 +++ src/qemu/qemu_capabilities.c | 32 +++ src/qemu/qemu_capabilities.h | 8 + src/qemu/qemu_command.c | 109 ++++++++++ src/qemu/qemu_domain.c | 3 + src/qemu/qemu_domain_address.c | 26 +++ src/qemu/qemu_driver.c | 5 + src/qemu/qemu_hotplug.c | 3 + src/qemu/qemu_validate.c | 22 ++ .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 11 + .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 11 + .../qemu_4.2.0-virt.aarch64.xml | 11 + tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 11 + tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 11 + tests/domaincapsdata/qemu_4.2.0.s390x.xml | 11 + tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 11 + .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 11 + .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 11 + .../qemu_5.0.0-virt.aarch64.xml | 11 + tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 11 + tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 11 + tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 11 + .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 11 + .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 11 + tests/domaincapsdata/qemu_5.1.0.sparc.xml | 9 + tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 11 + .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 11 + .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 11 + .../qemu_5.2.0-virt.aarch64.xml | 11 + tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 11 + tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 11 + tests/domaincapsdata/qemu_5.2.0.s390x.xml | 11 + tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 11 + .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 11 + .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 11 + .../qemu_6.0.0-virt.aarch64.xml | 11 + tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 11 + tests/domaincapsdata/qemu_6.0.0.s390x.xml | 11 + tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 11 + .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 11 + .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 11 + tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 11 + .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 11 + .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 11 + .../qemu_6.2.0-virt.aarch64.xml | 11 + tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 11 + tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 11 + tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 11 + .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 11 + .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 11 + .../qemu_7.0.0-virt.aarch64.xml | 11 + tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 11 + tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 11 + tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 11 + .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 11 + .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 11 + tests/domaincapsdata/qemu_7.1.0.ppc64.xml | 11 + tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 11 + .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 12 ++ .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 12 ++ tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 12 ++ .../caps_4.2.0.aarch64.xml | 2 + .../qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 2 + .../qemucapabilitiesdata/caps_4.2.0.s390x.xml | 2 + .../caps_4.2.0.x86_64.xml | 2 + .../caps_5.0.0.aarch64.xml | 2 + .../qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 2 + .../caps_5.0.0.riscv64.xml | 2 + .../caps_5.0.0.x86_64.xml | 2 + .../qemucapabilitiesdata/caps_5.1.0.sparc.xml | 1 + .../caps_5.1.0.x86_64.xml | 2 + .../caps_5.2.0.aarch64.xml | 2 + .../qemucapabilitiesdata/caps_5.2.0.ppc64.xml | 2 + .../caps_5.2.0.riscv64.xml | 2 + .../qemucapabilitiesdata/caps_5.2.0.s390x.xml | 2 + .../caps_5.2.0.x86_64.xml | 2 + .../caps_6.0.0.aarch64.xml | 2 + .../qemucapabilitiesdata/caps_6.0.0.s390x.xml | 2 + .../caps_6.0.0.x86_64.xml | 2 + .../caps_6.1.0.x86_64.xml | 2 + .../caps_6.2.0.aarch64.xml | 2 + .../qemucapabilitiesdata/caps_6.2.0.ppc64.xml | 2 + .../caps_6.2.0.x86_64.xml | 2 + .../caps_7.0.0.aarch64.xml | 2 + .../qemucapabilitiesdata/caps_7.0.0.ppc64.xml | 2 + .../caps_7.0.0.x86_64.xml | 2 + .../qemucapabilitiesdata/caps_7.1.0.ppc64.xml | 2 + .../caps_7.1.0.x86_64.xml | 2 + .../caps_7.2.0.x86_64.xml | 3 + 100 files changed, 1174 insertions(+) -- 2.34.1
Introduce crypto device like: <crypto model='virtio' type='qemu'> <backend model='builtin' queues='1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/> </crypto> <crypto model='virtio' type='qemu'> <backend model='lkcf'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/> </crypto> Currently, crypto model supports virtio only, type supports qemu only (vhost-user in the plan). For the qemu type, backend supports modle builtin/lkcf, and the queues is optional. Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> --- docs/formatdomain.rst | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index d7fffc6e0b..2b46f6c966 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -8225,6 +8225,27 @@ The optional ``driver`` element allows to specify virtio options, see ... +Crypto +~~~~~~ + +A crypto device. The ``model`` attribute defaults to ``virtio``. +:since:`Since v9.0.0` ``model`` supports ``virtio`` only. The ``type`` attribute +defaults to ``qemu``. :since:`Since v9.0.0` ``type`` supports ``qemu`` only. +The optional attribute ``backend`` is required if the ``type`` is ``qemu``, the +``model`` attribute can be ``builtint`` and ``lkcf``, the optional attribute +``queues`` specifies the number of virt queues for virtio crypto. + +:: + + ... + <devices> + <crypto model='virtio' type='qemu'> + <backend model='builtin' queues='1'/> + </crypto> + </devices> + ... + + Security label -------------- -- 2.34.1
On 1/4/23 04:29, zhenwei pi wrote:
Introduce crypto device like:
<crypto model='virtio' type='qemu'> <backend model='builtin' queues='1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/> </crypto>
<crypto model='virtio' type='qemu'> <backend model='lkcf'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/> </crypto>
Currently, crypto model supports virtio only, type supports qemu only (vhost-user in the plan). For the qemu type, backend supports modle builtin/lkcf, and the queues is optional.
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> --- docs/formatdomain.rst | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
This should be merged to 2/7 which actually introduces the device. There's no need to split them. In fact, whomever decides to backport one of these patches will need to backport the other too. Michal
Support a new device type 'crypto'. Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> --- src/conf/domain_conf.c | 191 +++++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 40 +++++++ src/conf/domain_postparse.c | 1 + src/conf/domain_validate.c | 18 ++++ src/conf/virconftypes.h | 2 + src/libvirt_private.syms | 1 + src/qemu/qemu_command.c | 1 + src/qemu/qemu_domain.c | 3 + src/qemu/qemu_domain_address.c | 26 +++++ src/qemu/qemu_driver.c | 5 + src/qemu/qemu_hotplug.c | 3 + src/qemu/qemu_validate.c | 22 ++++ 12 files changed, 313 insertions(+) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 6c088ff295..74448fe627 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -332,6 +332,7 @@ VIR_ENUM_IMPL(virDomainDevice, "iommu", "vsock", "audio", + "crypto", ); VIR_ENUM_IMPL(virDomainDiskDevice, @@ -1314,6 +1315,22 @@ VIR_ENUM_IMPL(virDomainVsockModel, "virtio-non-transitional", ); +VIR_ENUM_IMPL(virDomainCryptoModel, + VIR_DOMAIN_CRYPTO_MODEL_LAST, + "virtio", +); + +VIR_ENUM_IMPL(virDomainCryptoType, + VIR_DOMAIN_CRYPTO_TYPE_LAST, + "qemu", +); + +VIR_ENUM_IMPL(virDomainCryptoBackend, + VIR_DOMAIN_CRYPTO_BACKEND_LAST, + "builtin", + "lkcf", +); + VIR_ENUM_IMPL(virDomainDiskDiscard, VIR_DOMAIN_DISK_DISCARD_LAST, "default", @@ -3464,6 +3481,9 @@ void virDomainDeviceDefFree(virDomainDeviceDef *def) case VIR_DOMAIN_DEVICE_AUDIO: virDomainAudioDefFree(def->data.audio); break; + case VIR_DOMAIN_DEVICE_CRYPTO: + virDomainCryptoDefFree(def->data.crypto); + break; case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: break; @@ -3807,6 +3827,10 @@ void virDomainDefFree(virDomainDef *def) virDomainPanicDefFree(def->panics[i]); g_free(def->panics); + for (i = 0; i < def->ncryptos; i++) + virDomainCryptoDefFree(def->cryptos[i]); + g_free(def->cryptos); + virDomainIOMMUDefFree(def->iommu); g_free(def->idmap.uidmap); @@ -4360,6 +4384,8 @@ virDomainDeviceGetInfo(const virDomainDeviceDef *device) return &device->data.iommu->info; case VIR_DOMAIN_DEVICE_VSOCK: return &device->data.vsock->info; + case VIR_DOMAIN_DEVICE_CRYPTO: + return &device->data.crypto->info; /* The following devices do not contain virDomainDeviceInfo */ case VIR_DOMAIN_DEVICE_LEASE: @@ -4462,6 +4488,9 @@ virDomainDeviceSetData(virDomainDeviceDef *device, case VIR_DOMAIN_DEVICE_AUDIO: device->data.audio = devicedata; break; + case VIR_DOMAIN_DEVICE_CRYPTO: + device->data.crypto = devicedata; + break; case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_LAST: break; @@ -4673,6 +4702,13 @@ virDomainDeviceInfoIterateFlags(virDomainDef *def, return rc; } + device.type = VIR_DOMAIN_DEVICE_CRYPTO; + for (i = 0; i < def->ncryptos; i++) { + device.data.crypto = def->cryptos[i]; + if ((rc = cb(def, &device, &def->cryptos[i]->info, opaque)) != 0) + return rc; + } + /* If the flag below is set, make sure @cb can handle @info being NULL */ if (iteratorFlags & DOMAIN_DEVICE_ITERATE_MISSING_INFO) { device.type = VIR_DOMAIN_DEVICE_GRAPHICS; @@ -4731,6 +4767,7 @@ virDomainDeviceInfoIterateFlags(virDomainDef *def, case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } #endif @@ -13417,6 +13454,94 @@ virDomainVsockDefParseXML(virDomainXMLOption *xmlopt, return g_steal_pointer(&vsock); } + +static virDomainCryptoDef * +virDomainCryptoDefParseXML(virDomainXMLOption *xmlopt, + xmlNodePtr node, + xmlXPathContextPtr ctxt, + unsigned int flags) +{ + virDomainCryptoDef *def; + VIR_XPATH_NODE_AUTORESTORE(ctxt) + int nbackends; + g_autofree xmlNodePtr *backends = NULL; + g_autofree char *model = NULL; + g_autofree char *backend = NULL; + g_autofree char *type = NULL; + + def = g_new0(virDomainCryptoDef, 1); + + if (!(model = virXMLPropString(node, "model"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", _("missing crypto device model")); + goto error; + } + + if ((def->model = virDomainCryptoModelTypeFromString(model)) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("unknown crypto model '%s'"), model); + goto error; + } + + if (!(type = virXMLPropString(node, "type"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", _("missing crypto device type")); + goto error; + } + + if ((def->type = virDomainCryptoTypeTypeFromString(type)) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("unknown crypto type '%s'"), model); + goto error; + } + + ctxt->node = node; + + if ((nbackends = virXPathNodeSet("./backend", ctxt, &backends)) < 0) + goto error; + + if (nbackends != 1) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("only one crypto backend is supported")); + goto error; + } + + if (!(backend = virXMLPropString(backends[0], "model"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing crypto device backend model")); + goto error; + } + + if ((def->backend = virDomainCryptoBackendTypeFromString(backend)) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unknown crypto backend model '%s'"), backend); + goto error; + } + + if (virXMLPropUInt(backends[0], "queues", 10, VIR_XML_PROP_NONE, &def->queues) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("parsing crypto device queues failed")); + goto error; + } + + switch ((virDomainCryptoBackend) def->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + case VIR_DOMAIN_CRYPTO_BACKEND_LKCF: + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + break; + } + + if (virDomainDeviceInfoParseXML(xmlopt, node, ctxt, &def->info, flags) < 0) + goto error; + + if (virDomainVirtioOptionsParseXML(virXPathNode("./driver", ctxt), + &def->virtio) < 0) + goto error; + + return def; + + error: + g_clear_pointer(&def, virDomainCryptoDefFree); + return NULL; +} + + virDomainDeviceDef * virDomainDeviceDefParse(const char *xmlStr, const virDomainDef *def, @@ -13578,6 +13703,11 @@ virDomainDeviceDefParse(const char *xmlStr, flags))) return NULL; break; + case VIR_DOMAIN_DEVICE_CRYPTO: + if (!(dev->data.crypto = virDomainCryptoDefParseXML(xmlopt, node, ctxt, + flags))) + return NULL; + break; case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_LAST: break; @@ -18670,6 +18800,21 @@ virDomainDefParseXML(xmlXPathContextPtr ctxt, } VIR_FREE(nodes); + /* Parse the crypto devices */ + if ((n = virXPathNodeSet("./devices/crypto", ctxt, &nodes)) < 0) + return NULL; + if (n) + def->cryptos = g_new0(virDomainCryptoDef *, n); + for (i = 0; i < n; i++) { + virDomainCryptoDef *crypto = virDomainCryptoDefParseXML(xmlopt, nodes[i], + ctxt, flags); + if (!crypto) + return NULL; + + def->cryptos[def->ncryptos++] = crypto; + } + VIR_FREE(nodes); + /* Parse the TPM devices */ if ((n = virXPathNodeSet("./devices/tpm", ctxt, &nodes)) < 0) return NULL; @@ -21210,6 +21355,7 @@ virDomainDefCheckABIStabilityFlags(virDomainDef *src, case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } #endif @@ -24562,6 +24708,47 @@ virDomainRNGDefFree(virDomainRNGDef *def) } +static int +virDomainCryptoDefFormat(virBuffer *buf, + virDomainCryptoDef *def, + unsigned int flags) +{ + const char *model = virDomainCryptoModelTypeToString(def->model); + const char *type = virDomainCryptoTypeTypeToString(def->model); + const char *backend = virDomainCryptoBackendTypeToString(def->backend); + g_auto(virBuffer) driverAttrBuf = VIR_BUFFER_INITIALIZER; + + virBufferAsprintf(buf, "<crypto model='%s' type='%s'>\n", model, type); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<backend model='%s'", backend); + if (def->queues) + virBufferAsprintf(buf, " queues='%d'", def->queues); + virBufferAddLit(buf, "/>\n"); + + virDomainVirtioOptionsFormat(&driverAttrBuf, def->virtio); + + virXMLFormatElement(buf, "driver", &driverAttrBuf, NULL); + + virDomainDeviceInfoFormat(buf, &def->info, flags); + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</crypto>\n"); + + return 0; +} + +void +virDomainCryptoDefFree(virDomainCryptoDef *def) +{ + if (!def) + return; + + virDomainDeviceInfoClear(&def->info); + g_free(def->virtio); + g_free(def); +} + + static int virDomainMemorySourceDefFormat(virBuffer *buf, virDomainMemoryDef *def) @@ -27261,6 +27448,10 @@ virDomainDefFormatInternalSetRootName(virDomainDef *def, return -1; } + for (n = 0; n < def->ncryptos; n++) { + if (virDomainCryptoDefFormat(buf, def->cryptos[n], flags)) + return -1; + } if (def->iommu) virDomainIOMMUDefFormat(buf, def->iommu); diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 1404c55053..9062250d60 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -86,6 +86,7 @@ typedef enum { VIR_DOMAIN_DEVICE_IOMMU, VIR_DOMAIN_DEVICE_VSOCK, VIR_DOMAIN_DEVICE_AUDIO, + VIR_DOMAIN_DEVICE_CRYPTO, VIR_DOMAIN_DEVICE_LAST } virDomainDeviceType; @@ -118,6 +119,7 @@ struct _virDomainDeviceDef { virDomainIOMMUDef *iommu; virDomainVsockDef *vsock; virDomainAudioDef *audio; + virDomainCryptoDef *crypto; } data; }; @@ -2858,6 +2860,34 @@ struct _virDomainVsockDef { virDomainVirtioOptions *virtio; }; +typedef enum { + VIR_DOMAIN_CRYPTO_MODEL_VIRTIO, + + VIR_DOMAIN_CRYPTO_MODEL_LAST +} virDomainCryptoModel; + +typedef enum { + VIR_DOMAIN_CRYPTO_TYPE_QEMU, + + VIR_DOMAIN_CRYPTO_TYPE_LAST +} virDomainCryptoType; + +typedef enum { + VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN, + VIR_DOMAIN_CRYPTO_BACKEND_LKCF, + + VIR_DOMAIN_CRYPTO_BACKEND_LAST +} virDomainCryptoBackend; + +struct _virDomainCryptoDef { + virDomainCryptoModel model; + virDomainCryptoType type; + virDomainCryptoBackend backend; + unsigned int queues; + virDomainDeviceInfo info; + virDomainVirtioOptions *virtio; +}; + struct _virDomainVirtioOptions { virTristateSwitch iommu; virTristateSwitch ats; @@ -3023,6 +3053,9 @@ struct _virDomainDef { size_t nsysinfo; virSysinfoDef **sysinfo; + size_t ncryptos; + virDomainCryptoDef **cryptos; + /* At maximum 2 TPMs on the domain if a TPM Proxy is present. */ size_t ntpms; virDomainTPMDef **tpms; @@ -3274,6 +3307,7 @@ struct _virDomainXMLPrivateDataCallbacks { virDomainXMLPrivateDataNewFunc vcpuNew; virDomainXMLPrivateDataNewFunc chrSourceNew; virDomainXMLPrivateDataNewFunc vsockNew; + virDomainXMLPrivateDataNewFunc cryptoNew; virDomainXMLPrivateDataNewFunc graphicsNew; virDomainXMLPrivateDataNewFunc networkNew; virDomainXMLPrivateDataNewFunc videoNew; @@ -3440,6 +3474,9 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainIOMMUDef, virDomainIOMMUDefFree); virDomainVsockDef *virDomainVsockDefNew(virDomainXMLOption *xmlopt); void virDomainVsockDefFree(virDomainVsockDef *vsock); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainVsockDef, virDomainVsockDefFree); +virDomainCryptoDef *virDomainCryptoDefNew(virDomainXMLOption *xmlopt); +void virDomainCryptoDefFree(virDomainCryptoDef *crypto); +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainCryptoDef, virDomainCryptoDefFree); void virDomainNetTeamingInfoFree(virDomainNetTeamingInfo *teaming); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainNetTeamingInfo, virDomainNetTeamingInfoFree); void virDomainNetDefFree(virDomainNetDef *def); @@ -4089,6 +4126,9 @@ VIR_ENUM_DECL(virDomainMemorySource); VIR_ENUM_DECL(virDomainMemoryAllocation); VIR_ENUM_DECL(virDomainIOMMUModel); VIR_ENUM_DECL(virDomainVsockModel); +VIR_ENUM_DECL(virDomainCryptoModel); +VIR_ENUM_DECL(virDomainCryptoType); +VIR_ENUM_DECL(virDomainCryptoBackend); VIR_ENUM_DECL(virDomainShmemModel); VIR_ENUM_DECL(virDomainShmemRole); VIR_ENUM_DECL(virDomainLaunchSecurity); diff --git a/src/conf/domain_postparse.c b/src/conf/domain_postparse.c index 9a3e8f494c..c4184a2c28 100644 --- a/src/conf/domain_postparse.c +++ b/src/conf/domain_postparse.c @@ -730,6 +730,7 @@ virDomainDeviceDefPostParseCommon(virDomainDeviceDef *dev, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: ret = 0; break; diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index 2c63a0b343..6651906d73 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -2412,6 +2412,21 @@ virDomainVsockDefValidate(const virDomainVsockDef *vsock) } +static int +virDomainCryptoDefValidate(const virDomainCryptoDef *crypto) +{ + switch (crypto->model) { + case VIR_DOMAIN_CRYPTO_MODEL_VIRTIO: + break; + case VIR_DOMAIN_CRYPTO_MODEL_LAST: + default: + return -1; + } + + return 0; +} + + static int virDomainInputDefValidate(const virDomainInputDef *input, const virDomainDef *def) @@ -2836,6 +2851,9 @@ virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev, case VIR_DOMAIN_DEVICE_VSOCK: return virDomainVsockDefValidate(dev->data.vsock); + case VIR_DOMAIN_DEVICE_CRYPTO: + return virDomainCryptoDefValidate(dev->data.crypto); + case VIR_DOMAIN_DEVICE_INPUT: return virDomainInputDefValidate(dev->data.input, def); diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h index 154805091a..2d7ae66f4b 100644 --- a/src/conf/virconftypes.h +++ b/src/conf/virconftypes.h @@ -248,6 +248,8 @@ typedef struct _virDomainVirtioSerialOpts virDomainVirtioSerialOpts; typedef struct _virDomainVsockDef virDomainVsockDef; +typedef struct _virDomainCryptoDef virDomainCryptoDef; + typedef struct _virDomainWatchdogDef virDomainWatchdogDef; typedef struct _virDomainXMLOption virDomainXMLOption; diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index ae746a2d51..3e7de95446 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -301,6 +301,7 @@ virDomainControllerRemove; virDomainControllerTypeToString; virDomainCpuPlacementModeTypeFromString; virDomainCpuPlacementModeTypeToString; +virDomainCryptoDefFree; virDomainDefAddController; virDomainDefAddImplicitDevices; virDomainDefAddUSBController; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index ee2e873b95..4c001f72a5 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -941,6 +941,7 @@ qemuBuildVirtioDevGetConfigDev(const virDomainDeviceDef *device, case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: default: break; diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 5c05032ce3..3509deb863 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -5917,6 +5917,7 @@ qemuDomainDeviceDefPostParse(virDomainDeviceDef *dev, case VIR_DOMAIN_DEVICE_RNG: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: ret = 0; break; @@ -10039,6 +10040,7 @@ qemuDomainPrepareChardevSourceOne(virDomainDeviceDef *dev, case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } @@ -11781,6 +11783,7 @@ qemuDomainDeviceBackendChardevForeachOne(virDomainDeviceDef *dev, case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: /* no chardev backend */ break; } diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c index b8d1969fbe..9529bd9a8d 100644 --- a/src/qemu/qemu_domain_address.c +++ b/src/qemu/qemu_domain_address.c @@ -405,6 +405,12 @@ qemuDomainPrimeVirtioDeviceAddresses(virDomainDef *def, def->vsock->info.type = type; } } + + for (i = 0; i < def->ncryptos; i++) { + /* All <crypto> devices accepted by the qemu driver are virtio */ + if (def->cryptos[i]->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) + def->cryptos[i]->info.type = type; + } } @@ -544,6 +550,7 @@ qemuDomainDeviceSupportZPCI(virDomainDeviceDef *device) case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: break; case VIR_DOMAIN_DEVICE_NONE: @@ -1045,6 +1052,15 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDef *dev, } break; + case VIR_DOMAIN_DEVICE_CRYPTO: + switch (dev->data.crypto->model) { + case VIR_DOMAIN_CRYPTO_MODEL_VIRTIO: + return pciFlags; + case VIR_DOMAIN_CRYPTO_MODEL_LAST: + return 0; + } + break; + /* These devices don't ever connect with PCI */ case VIR_DOMAIN_DEVICE_NVRAM: case VIR_DOMAIN_DEVICE_TPM: @@ -2428,6 +2444,16 @@ qemuDomainAssignDevicePCISlots(virDomainDef *def, } } + /* the qemu driver only accepts virtio crypto devices */ + for (i = 0; i < def->ncryptos; i++) { + if (!virDeviceInfoPCIAddressIsWanted(&def->cryptos[i]->info)) + continue; + + if (qemuDomainPCIAddressReserveNextAddr(addrs, &def->cryptos[i]->info) < 0) + return -1; + } + + return 0; } diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index d509582719..ed9e32447b 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -6762,6 +6762,7 @@ qemuDomainAttachDeviceLive(virDomainObj *vm, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("live attach of device '%s' is not supported"), @@ -7073,6 +7074,7 @@ qemuDomainUpdateDeviceLive(virDomainObj *vm, case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("live update of device '%s' is not supported"), @@ -7284,6 +7286,7 @@ qemuDomainAttachDeviceConfig(virDomainDef *vmdef, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent attach of device '%s' is not supported"), @@ -7489,6 +7492,7 @@ qemuDomainDetachDeviceConfig(virDomainDef *vmdef, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent detach of device '%s' is not supported"), @@ -7614,6 +7618,7 @@ qemuDomainUpdateDeviceConfig(virDomainDef *vmdef, case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("persistent update of device '%s' is not supported"), diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 6e300f547c..bfb6409051 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -5016,6 +5016,7 @@ qemuDomainRemoveAuditDevice(virDomainObj *vm, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: /* libvirt doesn't yet support detaching these devices */ break; @@ -5119,6 +5120,7 @@ qemuDomainRemoveDevice(virQEMUDriver *driver, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("don't know how to remove a %s device"), @@ -5972,6 +5974,7 @@ qemuDomainDetachDeviceLive(virDomainObj *vm, case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: virReportError(VIR_ERR_OPERATION_UNSUPPORTED, _("live detach of device '%s' is not supported"), diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index c687df0bfc..765906c914 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -4504,6 +4504,25 @@ qemuValidateDomainDeviceDefAudio(virDomainAudioDef *audio, } +static int +qemuValidateDomainDeviceDefCrypto(virDomainCryptoDef *crypto, + const virDomainDef *def G_GNUC_UNUSED, + virQEMUCaps *qemuCaps G_GNUC_UNUSED) +{ + switch (crypto->type) { + case VIR_DOMAIN_CRYPTO_TYPE_QEMU: + break; + + case VIR_DOMAIN_CRYPTO_TYPE_LAST: + default: + virReportEnumRangeError(virDomainCryptoType, crypto->type); + return -1; + } + + return 0; +} + + static int qemuSoundCodecTypeToCaps(int type) { @@ -5211,6 +5230,9 @@ qemuValidateDomainDeviceDef(const virDomainDeviceDef *dev, case VIR_DOMAIN_DEVICE_AUDIO: return qemuValidateDomainDeviceDefAudio(dev->data.audio, def, qemuCaps); + case VIR_DOMAIN_DEVICE_CRYPTO: + return qemuValidateDomainDeviceDefCrypto(dev->data.crypto, def, qemuCaps); + case VIR_DOMAIN_DEVICE_LEASE: case VIR_DOMAIN_DEVICE_PANIC: case VIR_DOMAIN_DEVICE_NONE: -- 2.34.1
On 1/4/23 04:29, zhenwei pi wrote:
Support a new device type 'crypto'.
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> --- src/conf/domain_conf.c | 191 +++++++++++++++++++++++++++++++++ src/conf/domain_conf.h | 40 +++++++ src/conf/domain_postparse.c | 1 + src/conf/domain_validate.c | 18 ++++ src/conf/virconftypes.h | 2 + src/libvirt_private.syms | 1 + src/qemu/qemu_command.c | 1 + src/qemu/qemu_domain.c | 3 + src/qemu/qemu_domain_address.c | 26 +++++ src/qemu/qemu_driver.c | 5 + src/qemu/qemu_hotplug.c | 3 + src/qemu/qemu_validate.c | 22 ++++ 12 files changed, 313 insertions(+)
What I'm missing here is qemuxml2xmltest test case. We surely want to test whether parsing and formatting of the new XML works.
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 6c088ff295..74448fe627 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -332,6 +332,7 @@ VIR_ENUM_IMPL(virDomainDevice, "iommu", "vsock", "audio", + "crypto", );
VIR_ENUM_IMPL(virDomainDiskDevice, @@ -1314,6 +1315,22 @@ VIR_ENUM_IMPL(virDomainVsockModel, "virtio-non-transitional", );
+VIR_ENUM_IMPL(virDomainCryptoModel, + VIR_DOMAIN_CRYPTO_MODEL_LAST, + "virtio", +); + +VIR_ENUM_IMPL(virDomainCryptoType, + VIR_DOMAIN_CRYPTO_TYPE_LAST, + "qemu", +); + +VIR_ENUM_IMPL(virDomainCryptoBackend, + VIR_DOMAIN_CRYPTO_BACKEND_LAST, + "builtin", + "lkcf", +); + VIR_ENUM_IMPL(virDomainDiskDiscard, VIR_DOMAIN_DISK_DISCARD_LAST, "default", @@ -3464,6 +3481,9 @@ void virDomainDeviceDefFree(virDomainDeviceDef *def) case VIR_DOMAIN_DEVICE_AUDIO: virDomainAudioDefFree(def->data.audio); break; + case VIR_DOMAIN_DEVICE_CRYPTO: + virDomainCryptoDefFree(def->data.crypto); + break; case VIR_DOMAIN_DEVICE_LAST: case VIR_DOMAIN_DEVICE_NONE: break; @@ -3807,6 +3827,10 @@ void virDomainDefFree(virDomainDef *def) virDomainPanicDefFree(def->panics[i]); g_free(def->panics);
+ for (i = 0; i < def->ncryptos; i++) + virDomainCryptoDefFree(def->cryptos[i]); + g_free(def->cryptos); + virDomainIOMMUDefFree(def->iommu);
g_free(def->idmap.uidmap); @@ -4360,6 +4384,8 @@ virDomainDeviceGetInfo(const virDomainDeviceDef *device) return &device->data.iommu->info; case VIR_DOMAIN_DEVICE_VSOCK: return &device->data.vsock->info; + case VIR_DOMAIN_DEVICE_CRYPTO: + return &device->data.crypto->info;
/* The following devices do not contain virDomainDeviceInfo */ case VIR_DOMAIN_DEVICE_LEASE: @@ -4462,6 +4488,9 @@ virDomainDeviceSetData(virDomainDeviceDef *device, case VIR_DOMAIN_DEVICE_AUDIO: device->data.audio = devicedata; break; + case VIR_DOMAIN_DEVICE_CRYPTO: + device->data.crypto = devicedata; + break; case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_LAST: break; @@ -4673,6 +4702,13 @@ virDomainDeviceInfoIterateFlags(virDomainDef *def, return rc; }
+ device.type = VIR_DOMAIN_DEVICE_CRYPTO; + for (i = 0; i < def->ncryptos; i++) { + device.data.crypto = def->cryptos[i]; + if ((rc = cb(def, &device, &def->cryptos[i]->info, opaque)) != 0) + return rc; + } + /* If the flag below is set, make sure @cb can handle @info being NULL */ if (iteratorFlags & DOMAIN_DEVICE_ITERATE_MISSING_INFO) { device.type = VIR_DOMAIN_DEVICE_GRAPHICS; @@ -4731,6 +4767,7 @@ virDomainDeviceInfoIterateFlags(virDomainDef *def, case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } #endif @@ -13417,6 +13454,94 @@ virDomainVsockDefParseXML(virDomainXMLOption *xmlopt, return g_steal_pointer(&vsock); }
+ +static virDomainCryptoDef * +virDomainCryptoDefParseXML(virDomainXMLOption *xmlopt, + xmlNodePtr node, + xmlXPathContextPtr ctxt, + unsigned int flags) +{ + virDomainCryptoDef *def; + VIR_XPATH_NODE_AUTORESTORE(ctxt) + int nbackends; + g_autofree xmlNodePtr *backends = NULL; + g_autofree char *model = NULL; + g_autofree char *backend = NULL; + g_autofree char *type = NULL; + + def = g_new0(virDomainCryptoDef, 1); + + if (!(model = virXMLPropString(node, "model"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", _("missing crypto device model")); + goto error; + } + + if ((def->model = virDomainCryptoModelTypeFromString(model)) < 0) {
Problem with this is that compiler may decide that def->model is unsigned (because it's declared as: virDomainCryptoModel model. Now, if virXXXTypeFromString() fails and returns -1, this is then typecased into unsigned int (or whatever unsigned type compiler decided on) and < 0 check is never true. Fortunately, we have a conencient function for getting attribute values and translating them into enums: virXMLPropEnum().
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("unknown crypto model '%s'"), model); + goto error; + } + + if (!(type = virXMLPropString(node, "type"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", _("missing crypto device type")); + goto error; + } + + if ((def->type = virDomainCryptoTypeTypeFromString(type)) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("unknown crypto type '%s'"), model); + goto error; + } + + ctxt->node = node; + + if ((nbackends = virXPathNodeSet("./backend", ctxt, &backends)) < 0) + goto error; + + if (nbackends != 1) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("only one crypto backend is supported")); + goto error; + } + + if (!(backend = virXMLPropString(backends[0], "model"))) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("missing crypto device backend model")); + goto error; + } + + if ((def->backend = virDomainCryptoBackendTypeFromString(backend)) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("unknown crypto backend model '%s'"), backend); + goto error; + } + + if (virXMLPropUInt(backends[0], "queues", 10, VIR_XML_PROP_NONE, &def->queues) < 0) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("parsing crypto device queues failed"));
Nope, this overwrites more specific error message reported by virXMLPropUInt().
+ goto error; + } + + switch ((virDomainCryptoBackend) def->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + case VIR_DOMAIN_CRYPTO_BACKEND_LKCF: + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + break; + }
What's the purpose of this statement?
+ + if (virDomainDeviceInfoParseXML(xmlopt, node, ctxt, &def->info, flags) < 0) + goto error; + + if (virDomainVirtioOptionsParseXML(virXPathNode("./driver", ctxt), + &def->virtio) < 0) + goto error; + + return def; + + error: + g_clear_pointer(&def, virDomainCryptoDefFree);
How about declaring @def as g_autoptr() and dropping this label completely?
+ return NULL; +} + + virDomainDeviceDef * virDomainDeviceDefParse(const char *xmlStr, const virDomainDef *def, @@ -13578,6 +13703,11 @@ virDomainDeviceDefParse(const char *xmlStr, flags))) return NULL; break; + case VIR_DOMAIN_DEVICE_CRYPTO: + if (!(dev->data.crypto = virDomainCryptoDefParseXML(xmlopt, node, ctxt, + flags))) + return NULL; + break; case VIR_DOMAIN_DEVICE_NONE: case VIR_DOMAIN_DEVICE_LAST: break; @@ -18670,6 +18800,21 @@ virDomainDefParseXML(xmlXPathContextPtr ctxt, } VIR_FREE(nodes);
+ /* Parse the crypto devices */ + if ((n = virXPathNodeSet("./devices/crypto", ctxt, &nodes)) < 0) + return NULL; + if (n) + def->cryptos = g_new0(virDomainCryptoDef *, n); + for (i = 0; i < n; i++) { + virDomainCryptoDef *crypto = virDomainCryptoDefParseXML(xmlopt, nodes[i], + ctxt, flags); + if (!crypto) + return NULL; + + def->cryptos[def->ncryptos++] = crypto; + } + VIR_FREE(nodes); + /* Parse the TPM devices */ if ((n = virXPathNodeSet("./devices/tpm", ctxt, &nodes)) < 0) return NULL; @@ -21210,6 +21355,7 @@ virDomainDefCheckABIStabilityFlags(virDomainDef *src, case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_VSOCK: case VIR_DOMAIN_DEVICE_AUDIO: + case VIR_DOMAIN_DEVICE_CRYPTO: break; } #endif @@ -24562,6 +24708,47 @@ virDomainRNGDefFree(virDomainRNGDef *def) }
+static int +virDomainCryptoDefFormat(virBuffer *buf, + virDomainCryptoDef *def, + unsigned int flags) +{ + const char *model = virDomainCryptoModelTypeToString(def->model); + const char *type = virDomainCryptoTypeTypeToString(def->model); + const char *backend = virDomainCryptoBackendTypeToString(def->backend); + g_auto(virBuffer) driverAttrBuf = VIR_BUFFER_INITIALIZER; + + virBufferAsprintf(buf, "<crypto model='%s' type='%s'>\n", model, type); + virBufferAdjustIndent(buf, 2); + virBufferAsprintf(buf, "<backend model='%s'", backend); + if (def->queues) + virBufferAsprintf(buf, " queues='%d'", def->queues); + virBufferAddLit(buf, "/>\n"); + + virDomainVirtioOptionsFormat(&driverAttrBuf, def->virtio); + + virXMLFormatElement(buf, "driver", &driverAttrBuf, NULL); + + virDomainDeviceInfoFormat(buf, &def->info, flags); + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</crypto>\n"); + + return 0;
This is all the function returns. Can this be made void instead?
+} + +void +virDomainCryptoDefFree(virDomainCryptoDef *def) +{ + if (!def) + return; + + virDomainDeviceInfoClear(&def->info); + g_free(def->virtio); + g_free(def); +} + + static int virDomainMemorySourceDefFormat(virBuffer *buf, virDomainMemoryDef *def) @@ -27261,6 +27448,10 @@ virDomainDefFormatInternalSetRootName(virDomainDef *def, return -1; }
+ for (n = 0; n < def->ncryptos; n++) { + if (virDomainCryptoDefFormat(buf, def->cryptos[n], flags)) + return -1; + } if (def->iommu) virDomainIOMMUDefFormat(buf, def->iommu);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 1404c55053..9062250d60 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -86,6 +86,7 @@ typedef enum { VIR_DOMAIN_DEVICE_IOMMU, VIR_DOMAIN_DEVICE_VSOCK, VIR_DOMAIN_DEVICE_AUDIO, + VIR_DOMAIN_DEVICE_CRYPTO,
VIR_DOMAIN_DEVICE_LAST } virDomainDeviceType; @@ -118,6 +119,7 @@ struct _virDomainDeviceDef { virDomainIOMMUDef *iommu; virDomainVsockDef *vsock; virDomainAudioDef *audio; + virDomainCryptoDef *crypto; } data; };
@@ -2858,6 +2860,34 @@ struct _virDomainVsockDef { virDomainVirtioOptions *virtio; };
+typedef enum { + VIR_DOMAIN_CRYPTO_MODEL_VIRTIO, + + VIR_DOMAIN_CRYPTO_MODEL_LAST +} virDomainCryptoModel; + +typedef enum { + VIR_DOMAIN_CRYPTO_TYPE_QEMU, + + VIR_DOMAIN_CRYPTO_TYPE_LAST +} virDomainCryptoType; + +typedef enum { + VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN, + VIR_DOMAIN_CRYPTO_BACKEND_LKCF, + + VIR_DOMAIN_CRYPTO_BACKEND_LAST +} virDomainCryptoBackend; + +struct _virDomainCryptoDef { + virDomainCryptoModel model; + virDomainCryptoType type; + virDomainCryptoBackend backend; + unsigned int queues; + virDomainDeviceInfo info; + virDomainVirtioOptions *virtio; +}; + struct _virDomainVirtioOptions { virTristateSwitch iommu; virTristateSwitch ats; @@ -3023,6 +3053,9 @@ struct _virDomainDef { size_t nsysinfo; virSysinfoDef **sysinfo;
+ size_t ncryptos; + virDomainCryptoDef **cryptos; + /* At maximum 2 TPMs on the domain if a TPM Proxy is present. */ size_t ntpms; virDomainTPMDef **tpms; @@ -3274,6 +3307,7 @@ struct _virDomainXMLPrivateDataCallbacks { virDomainXMLPrivateDataNewFunc vcpuNew; virDomainXMLPrivateDataNewFunc chrSourceNew; virDomainXMLPrivateDataNewFunc vsockNew; + virDomainXMLPrivateDataNewFunc cryptoNew; virDomainXMLPrivateDataNewFunc graphicsNew; virDomainXMLPrivateDataNewFunc networkNew; virDomainXMLPrivateDataNewFunc videoNew; @@ -3440,6 +3474,9 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainIOMMUDef, virDomainIOMMUDefFree); virDomainVsockDef *virDomainVsockDefNew(virDomainXMLOption *xmlopt); void virDomainVsockDefFree(virDomainVsockDef *vsock); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainVsockDef, virDomainVsockDefFree); +virDomainCryptoDef *virDomainCryptoDefNew(virDomainXMLOption *xmlopt);
This function is never defined, only declared here.
+void virDomainCryptoDefFree(virDomainCryptoDef *crypto); +G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainCryptoDef, virDomainCryptoDefFree); void virDomainNetTeamingInfoFree(virDomainNetTeamingInfo *teaming); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virDomainNetTeamingInfo, virDomainNetTeamingInfoFree); void virDomainNetDefFree(virDomainNetDef *def);
Michal
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> --- src/conf/domain_capabilities.c | 15 +++++++++++++++ src/conf/domain_capabilities.h | 12 ++++++++++++ 2 files changed, 27 insertions(+) diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c index 247cfa49de..aacd590601 100644 --- a/src/conf/domain_capabilities.c +++ b/src/conf/domain_capabilities.c @@ -598,6 +598,20 @@ virDomainCapsDeviceChannelFormat(virBuffer *buf, } +static void +virDomainCapsDeviceCryptoFormat(virBuffer *buf, + const virDomainCapsDeviceCrypto *crypto) +{ + FORMAT_PROLOGUE(crypto); + + ENUM_PROCESS(crypto, model, virDomainCryptoModelTypeToString); + ENUM_PROCESS(crypto, type, virDomainCryptoTypeTypeToString); + ENUM_PROCESS(crypto, backendModel, virDomainCryptoBackendTypeToString); + + FORMAT_EPILOGUE(crypto); +} + + /** * virDomainCapsFeatureGICFormat: * @buf: target buffer @@ -748,6 +762,7 @@ virDomainCapsFormat(const virDomainCaps *caps) virDomainCapsDeviceTPMFormat(&buf, &caps->tpm); virDomainCapsDeviceRedirdevFormat(&buf, &caps->redirdev); virDomainCapsDeviceChannelFormat(&buf, &caps->channel); + virDomainCapsDeviceCryptoFormat(&buf, &caps->crypto); virBufferAdjustIndent(&buf, -2); virBufferAddLit(&buf, "</devices>\n"); diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h index 1d504a3506..1b128a3a3c 100644 --- a/src/conf/domain_capabilities.h +++ b/src/conf/domain_capabilities.h @@ -224,6 +224,17 @@ struct _virSGXCapability { virSGXSection *sgxSections; }; +STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_MODEL_LAST); +STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_TYPE_LAST); +STATIC_ASSERT_ENUM(VIR_DOMAIN_CRYPTO_BACKEND_LAST); +typedef struct _virDomainCapsDeviceCrypto virDomainCapsDeviceCrypto; +struct _virDomainCapsDeviceCrypto { + virTristateBool supported; + virDomainCapsEnum model; /* virDomainCryptoModel */ + virDomainCapsEnum type; /* virDomainCryptoType */ + virDomainCapsEnum backendModel; /* virDomainCryptoBackend */ +}; + typedef enum { VIR_DOMAIN_CAPS_FEATURE_IOTHREADS = 0, VIR_DOMAIN_CAPS_FEATURE_VMCOREINFO, @@ -258,6 +269,7 @@ struct _virDomainCaps { virDomainCapsDeviceTPM tpm; virDomainCapsDeviceRedirdev redirdev; virDomainCapsDeviceChannel channel; + virDomainCapsDeviceCrypto crypto; /* add new domain devices here */ virDomainCapsFeatureGIC gic; -- 2.34.1
On 1/4/23 04:29, zhenwei pi wrote:
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> --- src/conf/domain_capabilities.c | 15 +++++++++++++++ src/conf/domain_capabilities.h | 12 ++++++++++++ 2 files changed, 27 insertions(+)
Parts of the next patch should be squashed into this one. Also, you should document this addition in docs/formatdomaincaps.rst. Michal
Detect virtio crypto/crypto backend capabilities from QEMU, then we have a domain(QEMU) like this: <crypto supported='yes'> <enum name='model'> <value>virtio</value> </enum> <enum name='type'> <value>qemu</value> </enum> <enum name='backendModel'> <value>builtin</value> <value>lkcf</value> </enum> </crypto> Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> --- src/conf/schemas/domaincaps.rng | 10 ++++++ src/qemu/qemu_capabilities.c | 32 +++++++++++++++++++ src/qemu/qemu_capabilities.h | 8 +++++ .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 11 +++++++ .../qemu_4.2.0-virt.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 11 +++++++ tests/domaincapsdata/qemu_4.2.0.s390x.xml | 11 +++++++ tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 11 +++++++ .../qemu_5.0.0-virt.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 11 +++++++ tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 11 +++++++ tests/domaincapsdata/qemu_5.1.0.sparc.xml | 9 ++++++ tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 11 +++++++ .../qemu_5.2.0-virt.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 11 +++++++ tests/domaincapsdata/qemu_5.2.0.s390x.xml | 11 +++++++ tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 11 +++++++ .../qemu_6.0.0-virt.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_6.0.0.s390x.xml | 11 +++++++ tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 11 +++++++ tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 11 +++++++ .../qemu_6.2.0-virt.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 11 +++++++ tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 11 +++++++ .../qemu_7.0.0-virt.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 11 +++++++ tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 11 +++++++ tests/domaincapsdata/qemu_7.1.0.ppc64.xml | 11 +++++++ tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 12 +++++++ .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 12 +++++++ tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 12 +++++++ .../caps_4.2.0.aarch64.xml | 2 ++ .../qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 2 ++ .../qemucapabilitiesdata/caps_4.2.0.s390x.xml | 2 ++ .../caps_4.2.0.x86_64.xml | 2 ++ .../caps_5.0.0.aarch64.xml | 2 ++ .../qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 2 ++ .../caps_5.0.0.riscv64.xml | 2 ++ .../caps_5.0.0.x86_64.xml | 2 ++ .../qemucapabilitiesdata/caps_5.1.0.sparc.xml | 1 + .../caps_5.1.0.x86_64.xml | 2 ++ .../caps_5.2.0.aarch64.xml | 2 ++ .../qemucapabilitiesdata/caps_5.2.0.ppc64.xml | 2 ++ .../caps_5.2.0.riscv64.xml | 2 ++ .../qemucapabilitiesdata/caps_5.2.0.s390x.xml | 2 ++ .../caps_5.2.0.x86_64.xml | 2 ++ .../caps_6.0.0.aarch64.xml | 2 ++ .../qemucapabilitiesdata/caps_6.0.0.s390x.xml | 2 ++ .../caps_6.0.0.x86_64.xml | 2 ++ .../caps_6.1.0.x86_64.xml | 2 ++ .../caps_6.2.0.aarch64.xml | 2 ++ .../qemucapabilitiesdata/caps_6.2.0.ppc64.xml | 2 ++ .../caps_6.2.0.x86_64.xml | 2 ++ .../caps_7.0.0.aarch64.xml | 2 ++ .../qemucapabilitiesdata/caps_7.0.0.ppc64.xml | 2 ++ .../caps_7.0.0.x86_64.xml | 2 ++ .../qemucapabilitiesdata/caps_7.1.0.ppc64.xml | 2 ++ .../caps_7.1.0.x86_64.xml | 2 ++ .../caps_7.2.0.x86_64.xml | 3 ++ 83 files changed, 679 insertions(+) diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.rng index b6408bca88..232c976530 100644 --- a/src/conf/schemas/domaincaps.rng +++ b/src/conf/schemas/domaincaps.rng @@ -204,6 +204,9 @@ <optional> <ref name="channel"/> </optional> + <optional> + <ref name="crypto"/> + </optional> </element> </define> @@ -270,6 +273,13 @@ </element> </define> + <define name="crypto"> + <element name="crypto"> + <ref name="supported"/> + <ref name="enum"/> + </element> + </define> + <define name="features"> <element name="features"> <optional> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 3aba9299b1..9baa6a4358 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -680,6 +680,11 @@ VIR_ENUM_IMPL(virQEMUCaps, "sgx-epc", /* QEMU_CAPS_SGX_EPC */ "thread-context", /* QEMU_CAPS_THREAD_CONTEXT */ "screenshot-format-png", /* QEMU_CAPS_SCREENSHOT_FORMAT_PNG */ + + /* 440 */ + "virtio-crypto", /* QEMU_CAPS_DEVICE_VIRTIO_CRYPTO */ + "cryptodev-backend-builtin", /* QEMU_CAPS_OBJECT_CRYPTO_BUILTIN */ + "cryptodev-backend-lkcf", /* QEMU_CAPS_OBJECT_CRYPTO_LKCF */ ); @@ -1387,6 +1392,10 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = { { "virtio-iommu-pci", QEMU_CAPS_DEVICE_VIRTIO_IOMMU_PCI }, { "sgx-epc", QEMU_CAPS_SGX_EPC }, { "thread-context", QEMU_CAPS_THREAD_CONTEXT }, + { "virtio-crypto-pci", QEMU_CAPS_DEVICE_VIRTIO_CRYPTO }, + { "virtio-crypto-device", QEMU_CAPS_DEVICE_VIRTIO_CRYPTO }, + { "cryptodev-backend-builtin", QEMU_CAPS_OBJECT_CRYPTO_BUILTIN }, + { "cryptodev-backend-lkcf", QEMU_CAPS_OBJECT_CRYPTO_LKCF }, }; @@ -6521,6 +6530,27 @@ virQEMUCapsFillDomainDeviceChannelCaps(virQEMUCaps *qemuCaps, } +void +virQEMUCapsFillDomainDeviceCryptoCaps(virQEMUCaps *qemuCaps, + virDomainCapsDeviceCrypto *crypto) +{ + crypto->supported = VIR_TRISTATE_BOOL_YES; + crypto->model.report = true; + crypto->type.report = true; + crypto->backendModel.report = true; + + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VIRTIO_CRYPTO)) + VIR_DOMAIN_CAPS_ENUM_SET(crypto->model, VIR_DOMAIN_CRYPTO_MODEL_VIRTIO); + + VIR_DOMAIN_CAPS_ENUM_SET(crypto->type, VIR_DOMAIN_CRYPTO_TYPE_QEMU); + + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_CRYPTO_BUILTIN)) + VIR_DOMAIN_CAPS_ENUM_SET(crypto->backendModel, VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN); + if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_CRYPTO_LKCF)) + VIR_DOMAIN_CAPS_ENUM_SET(crypto->backendModel, VIR_DOMAIN_CRYPTO_BACKEND_LKCF); +} + + /** * virQEMUCapsSupportsGICVersion: * @qemuCaps: QEMU capabilities @@ -6674,6 +6704,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps, virDomainCapsDeviceRedirdev *redirdev = &domCaps->redirdev; virDomainCapsDeviceChannel *channel = &domCaps->channel; virDomainCapsMemoryBacking *memoryBacking = &domCaps->memoryBacking; + virDomainCapsDeviceCrypto *crypto = &domCaps->crypto; virQEMUCapsFillDomainFeaturesFromQEMUCaps(qemuCaps, domCaps); @@ -6711,6 +6742,7 @@ virQEMUCapsFillDomainCaps(virQEMUCaps *qemuCaps, virQEMUCapsFillDomainFeatureSEVCaps(qemuCaps, domCaps); virQEMUCapsFillDomainFeatureS390PVCaps(qemuCaps, domCaps); virQEMUCapsFillDomainFeatureSGXCaps(qemuCaps, domCaps); + virQEMUCapsFillDomainDeviceCryptoCaps(qemuCaps, crypto); return 0; } diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index cc8b3759ea..de29aba68e 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -660,6 +660,11 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */ QEMU_CAPS_THREAD_CONTEXT, /* -object thread-context */ QEMU_CAPS_SCREENSHOT_FORMAT_PNG, /* screendump command supports png format */ + /* 440 */ + QEMU_CAPS_DEVICE_VIRTIO_CRYPTO, /* virtio-crypto device */ + QEMU_CAPS_OBJECT_CRYPTO_BUILTIN, /* -object cryptodev-backend-builtin */ + QEMU_CAPS_OBJECT_CRYPTO_LKCF, /* -object cryptodev-backend-lkcf */ + QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; @@ -840,6 +845,9 @@ void virQEMUCapsFillDomainDeviceRedirdevCaps(virQEMUCaps *qemuCaps, void virQEMUCapsFillDomainDeviceChannelCaps(virQEMUCaps *qemuCaps, virDomainCapsDeviceChannel *channel); +void virQEMUCapsFillDomainDeviceCryptoCaps(virQEMUCaps *qemuCaps, + virDomainCapsDeviceCrypto *crypto); + bool virQEMUCapsGuestIsNative(virArch host, virArch guest); diff --git a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml index d0bf0bdc7b..17799b15e3 100644 --- a/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-q35.x86_64.xml @@ -229,6 +229,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml index 6a3818fb4e..4427634d7c 100644 --- a/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-tcg.x86_64.xml @@ -244,6 +244,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml index 02aca3e448..981a06856d 100644 --- a/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.2.0-virt.aarch64.xml @@ -172,6 +172,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='yes'> diff --git a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml index 676e1b0739..533b08606e 100644 --- a/tests/domaincapsdata/qemu_4.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.aarch64.xml @@ -170,6 +170,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml index bcc415d7de..6ade73c86a 100644 --- a/tests/domaincapsdata/qemu_4.2.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.ppc64.xml @@ -143,6 +143,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_4.2.0.s390x.xml b/tests/domaincapsdata/qemu_4.2.0.s390x.xml index 4f176e2d37..a4f075412a 100644 --- a/tests/domaincapsdata/qemu_4.2.0.s390x.xml +++ b/tests/domaincapsdata/qemu_4.2.0.s390x.xml @@ -249,6 +249,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml index 36a4081764..1b7e4014c5 100644 --- a/tests/domaincapsdata/qemu_4.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_4.2.0.x86_64.xml @@ -229,6 +229,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml index 05884cdb86..1278e930d2 100644 --- a/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-q35.x86_64.xml @@ -231,6 +231,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml index c53b84c140..39b1b4c1f2 100644 --- a/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-tcg.x86_64.xml @@ -246,6 +246,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml index e74a3d9f5f..f84aec44c9 100644 --- a/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.0.0-virt.aarch64.xml @@ -185,6 +185,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='yes'> diff --git a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml index 605575c793..e38a2a01d2 100644 --- a/tests/domaincapsdata/qemu_5.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.aarch64.xml @@ -183,6 +183,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml index a5b718618b..da40c0a876 100644 --- a/tests/domaincapsdata/qemu_5.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.ppc64.xml @@ -150,6 +150,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml index fd1f42b555..71a01cbcbc 100644 --- a/tests/domaincapsdata/qemu_5.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.0.0.x86_64.xml @@ -231,6 +231,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml index a04c3e7130..1b3fc889d4 100644 --- a/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0-q35.x86_64.xml @@ -232,6 +232,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml index a7b2ff8d7d..8950900e72 100644 --- a/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0-tcg.x86_64.xml @@ -246,6 +246,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.1.0.sparc.xml b/tests/domaincapsdata/qemu_5.1.0.sparc.xml index cde31462bc..6f92de2b6c 100644 --- a/tests/domaincapsdata/qemu_5.1.0.sparc.xml +++ b/tests/domaincapsdata/qemu_5.1.0.sparc.xml @@ -117,6 +117,15 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'/> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml index 45b7dcf6e4..228b0a17c4 100644 --- a/tests/domaincapsdata/qemu_5.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.1.0.x86_64.xml @@ -232,6 +232,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml index 61cfa7d449..d1f0ec76aa 100644 --- a/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.2.0-q35.x86_64.xml @@ -232,6 +232,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml index caced52187..edb622240e 100644 --- a/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.2.0-tcg.x86_64.xml @@ -246,6 +246,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml index f19ad32693..af01bdfbe9 100644 --- a/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.2.0-virt.aarch64.xml @@ -185,6 +185,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='yes'> diff --git a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml index 605575c793..e38a2a01d2 100644 --- a/tests/domaincapsdata/qemu_5.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_5.2.0.aarch64.xml @@ -183,6 +183,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml index 8ae7487c1e..33f60ec813 100644 --- a/tests/domaincapsdata/qemu_5.2.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_5.2.0.ppc64.xml @@ -150,6 +150,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.2.0.s390x.xml b/tests/domaincapsdata/qemu_5.2.0.s390x.xml index 760f514d7b..4ff99ebd64 100644 --- a/tests/domaincapsdata/qemu_5.2.0.s390x.xml +++ b/tests/domaincapsdata/qemu_5.2.0.s390x.xml @@ -251,6 +251,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml index 67f8b0fd83..18c2e6b0f7 100644 --- a/tests/domaincapsdata/qemu_5.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_5.2.0.x86_64.xml @@ -232,6 +232,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml index 08585e6cb0..2c22538349 100644 --- a/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-q35.x86_64.xml @@ -234,6 +234,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml index 7536a42ad5..29b95a836f 100644 --- a/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-tcg.x86_64.xml @@ -249,6 +249,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml index 1235dd0ab7..67889c4572 100644 --- a/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_6.0.0-virt.aarch64.xml @@ -187,6 +187,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='yes'> diff --git a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml index 461e34f1d6..f1d4da661f 100644 --- a/tests/domaincapsdata/qemu_6.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_6.0.0.aarch64.xml @@ -185,6 +185,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_6.0.0.s390x.xml b/tests/domaincapsdata/qemu_6.0.0.s390x.xml index b1968668db..d404db316b 100644 --- a/tests/domaincapsdata/qemu_6.0.0.s390x.xml +++ b/tests/domaincapsdata/qemu_6.0.0.s390x.xml @@ -252,6 +252,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml index 632f7c21d1..f0ff745f92 100644 --- a/tests/domaincapsdata/qemu_6.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.0.0.x86_64.xml @@ -234,6 +234,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml index 35d1014626..bdaf28ec3e 100644 --- a/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.1.0-q35.x86_64.xml @@ -235,6 +235,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml index 9d56f2dda7..7bfe6f802c 100644 --- a/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.1.0-tcg.x86_64.xml @@ -249,6 +249,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml index 591ca12d72..ded6604e04 100644 --- a/tests/domaincapsdata/qemu_6.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.1.0.x86_64.xml @@ -235,6 +235,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml index 7558e78423..e1f1539140 100644 --- a/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.2.0-q35.x86_64.xml @@ -235,6 +235,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml index c667b944da..f15111c590 100644 --- a/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.2.0-tcg.x86_64.xml @@ -251,6 +251,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml index 2c9ba98a0a..241e893df6 100644 --- a/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_6.2.0-virt.aarch64.xml @@ -194,6 +194,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='yes'> diff --git a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml index 9b546f59bc..1f32f6d59a 100644 --- a/tests/domaincapsdata/qemu_6.2.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_6.2.0.aarch64.xml @@ -192,6 +192,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml index fd7c9d8d5a..69f6818a81 100644 --- a/tests/domaincapsdata/qemu_6.2.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_6.2.0.ppc64.xml @@ -149,6 +149,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml index a20d3722fd..688783d267 100644 --- a/tests/domaincapsdata/qemu_6.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_6.2.0.x86_64.xml @@ -235,6 +235,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml index ac9d384bb3..ee6abd2f9d 100644 --- a/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.0.0-q35.x86_64.xml @@ -236,6 +236,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml index 2419875474..6ff9df5766 100644 --- a/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.0.0-tcg.x86_64.xml @@ -252,6 +252,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml index f4eb8a728b..6aa5e78612 100644 --- a/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml +++ b/tests/domaincapsdata/qemu_7.0.0-virt.aarch64.xml @@ -193,6 +193,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='yes'> diff --git a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml index 053bec369b..01b2765242 100644 --- a/tests/domaincapsdata/qemu_7.0.0.aarch64.xml +++ b/tests/domaincapsdata/qemu_7.0.0.aarch64.xml @@ -191,6 +191,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml index 9c09174d77..349223b689 100644 --- a/tests/domaincapsdata/qemu_7.0.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_7.0.0.ppc64.xml @@ -154,6 +154,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml index 886e14ea49..45e226e434 100644 --- a/tests/domaincapsdata/qemu_7.0.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.0.0.x86_64.xml @@ -236,6 +236,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml index 6b5e8a6820..3fc7ae5551 100644 --- a/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.1.0-q35.x86_64.xml @@ -235,6 +235,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml index e44804c21c..b8621b5efd 100644 --- a/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.1.0-tcg.x86_64.xml @@ -250,6 +250,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml index 15cf6a9cf8..b68fb91c98 100644 --- a/tests/domaincapsdata/qemu_7.1.0.ppc64.xml +++ b/tests/domaincapsdata/qemu_7.1.0.ppc64.xml @@ -147,6 +147,17 @@ <value>unix</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml index d4069dd6f0..fe5ac06df3 100644 --- a/tests/domaincapsdata/qemu_7.1.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.1.0.x86_64.xml @@ -235,6 +235,17 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml index e6997ccbc6..50615d437e 100644 --- a/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.2.0-q35.x86_64.xml @@ -240,6 +240,18 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + <value>lkcf</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml index b9bf0b6a04..a5744e41fa 100644 --- a/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.2.0-tcg.x86_64.xml @@ -239,6 +239,18 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + <value>lkcf</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml index 67ecdc0b12..513042e7f2 100644 --- a/tests/domaincapsdata/qemu_7.2.0.x86_64.xml +++ b/tests/domaincapsdata/qemu_7.2.0.x86_64.xml @@ -240,6 +240,18 @@ <value>spicevmc</value> </enum> </channel> + <crypto supported='yes'> + <enum name='model'> + <value>virtio</value> + </enum> + <enum name='type'> + <value>qemu</value> + </enum> + <enum name='backendModel'> + <value>builtin</value> + <value>lkcf</value> + </enum> + </crypto> </devices> <features> <gic supported='no'/> diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml index 1f42ff6cf9..d77bf558d4 100644 --- a/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_4.2.0.aarch64.xml @@ -115,6 +115,8 @@ <flag name='input-linux'/> <flag name='virtio-blk.queue-size'/> <flag name='usb-host.guest-resets-all'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>4002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>61700242</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml index 047abcee8c..1e0083ffd9 100644 --- a/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_4.2.0.ppc64.xml @@ -118,6 +118,8 @@ <flag name='input-linux'/> <flag name='virtio-blk.queue-size'/> <flag name='usb-host.guest-resets-all'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>4002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900242</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml b/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml index 0baeeccb9b..a8a2793802 100644 --- a/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_4.2.0.s390x.xml @@ -79,6 +79,8 @@ <flag name='input-linux'/> <flag name='virtio-blk.queue-size'/> <flag name='usb-host.guest-resets-all'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>4002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>39100242</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml index 438927aad0..bc804dacea 100644 --- a/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_4.2.0.x86_64.xml @@ -156,6 +156,8 @@ <flag name='input-linux'/> <flag name='virtio-blk.queue-size'/> <flag name='usb-host.guest-resets-all'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>4002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100242</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml index ff989e0878..7f7588b310 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.aarch64.xml @@ -127,6 +127,8 @@ <flag name='memory-backend-file.prealloc-threads'/> <flag name='virtio-iommu-pci'/> <flag name='usb-host.guest-resets-all'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>5000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>61700241</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml index e336e71831..d0a7f8d3da 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.ppc64.xml @@ -133,6 +133,8 @@ <flag name='memory-backend-file.prealloc-threads'/> <flag name='virtio-iommu-pci'/> <flag name='usb-host.guest-resets-all'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>5000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900241</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml index 4ce2594557..8487564c81 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.riscv64.xml @@ -119,6 +119,8 @@ <flag name='memory-backend-file.prealloc-threads'/> <flag name='virtio-iommu-pci'/> <flag name='usb-host.guest-resets-all'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>5000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>0</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml index bf32de2ee4..5eeee85764 100644 --- a/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_5.0.0.x86_64.xml @@ -165,6 +165,8 @@ <flag name='memory-backend-file.prealloc-threads'/> <flag name='virtio-iommu-pci'/> <flag name='usb-host.guest-resets-all'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>5000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100241</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.1.0.sparc.xml b/tests/qemucapabilitiesdata/caps_5.1.0.sparc.xml index a791a84940..53b87f73cd 100644 --- a/tests/qemucapabilitiesdata/caps_5.1.0.sparc.xml +++ b/tests/qemucapabilitiesdata/caps_5.1.0.sparc.xml @@ -49,6 +49,7 @@ <flag name='rotation-rate'/> <flag name='input-linux'/> <flag name='memory-backend-file.prealloc-threads'/> + <flag name='cryptodev-backend-builtin'/> <version>5001000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>0</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml index f8c64b4cc2..029fc43693 100644 --- a/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_5.1.0.x86_64.xml @@ -169,6 +169,8 @@ <flag name='virtio-iommu-pci'/> <flag name='virtio-net.rss'/> <flag name='usb-host.guest-resets-all'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>5001000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100242</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.2.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_5.2.0.aarch64.xml index 7c8b98b600..4405808cd4 100644 --- a/tests/qemucapabilitiesdata/caps_5.2.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_5.2.0.aarch64.xml @@ -134,6 +134,8 @@ <flag name='virtio-iommu-pci'/> <flag name='virtio-net.rss'/> <flag name='usb-host.guest-resets-all'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>5002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>61700243</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.2.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_5.2.0.ppc64.xml index 88807f0c3c..f7f239a611 100644 --- a/tests/qemucapabilitiesdata/caps_5.2.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_5.2.0.ppc64.xml @@ -138,6 +138,8 @@ <flag name='virtio-iommu-pci'/> <flag name='virtio-net.rss'/> <flag name='usb-host.guest-resets-all'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>5002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900243</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.2.0.riscv64.xml b/tests/qemucapabilitiesdata/caps_5.2.0.riscv64.xml index 1555b5bcb7..d160194727 100644 --- a/tests/qemucapabilitiesdata/caps_5.2.0.riscv64.xml +++ b/tests/qemucapabilitiesdata/caps_5.2.0.riscv64.xml @@ -124,6 +124,8 @@ <flag name='virtio-iommu-pci'/> <flag name='virtio-net.rss'/> <flag name='usb-host.guest-resets-all'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>5002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>0</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.2.0.s390x.xml b/tests/qemucapabilitiesdata/caps_5.2.0.s390x.xml index 4433caa492..e2f6fd0abc 100644 --- a/tests/qemucapabilitiesdata/caps_5.2.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_5.2.0.s390x.xml @@ -90,6 +90,8 @@ <flag name='memory-backend-file.prealloc-threads'/> <flag name='virtio-iommu-pci'/> <flag name='virtio-net.rss'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>5002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>39100243</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_5.2.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_5.2.0.x86_64.xml index 4c34fcef02..56b6d91a0c 100644 --- a/tests/qemucapabilitiesdata/caps_5.2.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_5.2.0.x86_64.xml @@ -173,6 +173,8 @@ <flag name='virtio-iommu-pci'/> <flag name='virtio-net.rss'/> <flag name='usb-host.guest-resets-all'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>5002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100243</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_6.0.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_6.0.0.aarch64.xml index 6f33a827b3..391aec421a 100644 --- a/tests/qemucapabilitiesdata/caps_6.0.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_6.0.0.aarch64.xml @@ -143,6 +143,8 @@ <flag name='virtio-net.rss'/> <flag name='usb-host.guest-resets-all'/> <flag name='migration.blocked-reasons'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>6000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>61700242</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_6.0.0.s390x.xml b/tests/qemucapabilitiesdata/caps_6.0.0.s390x.xml index f269a8935f..0072f860db 100644 --- a/tests/qemucapabilitiesdata/caps_6.0.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_6.0.0.s390x.xml @@ -99,6 +99,8 @@ <flag name='virtio-iommu-pci'/> <flag name='virtio-net.rss'/> <flag name='migration.blocked-reasons'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>6000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>39100242</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml index ae511fdb96..a1db298ca0 100644 --- a/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml @@ -183,6 +183,8 @@ <flag name='virtio-net.rss'/> <flag name='usb-host.guest-resets-all'/> <flag name='migration.blocked-reasons'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>6000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100242</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml index 72af7d3f01..47ef540a19 100644 --- a/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_6.1.0.x86_64.xml @@ -188,6 +188,8 @@ <flag name='chardev.qemu-vdagent'/> <flag name='usb-host.guest-resets-all'/> <flag name='migration.blocked-reasons'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>6001000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100243</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_6.2.0.aarch64.xml index 10e67e4c5a..4fbfb6c87a 100644 --- a/tests/qemucapabilitiesdata/caps_6.2.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_6.2.0.aarch64.xml @@ -155,6 +155,8 @@ <flag name='chardev.qemu-vdagent'/> <flag name='usb-host.guest-resets-all'/> <flag name='migration.blocked-reasons'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>6001050</version> <kvmVersion>0</kvmVersion> <microcodeVersion>61700244</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_6.2.0.ppc64.xml index 698eb14698..1ebfcc762d 100644 --- a/tests/qemucapabilitiesdata/caps_6.2.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_6.2.0.ppc64.xml @@ -149,6 +149,8 @@ <flag name='virtio-iommu-pci'/> <flag name='virtio-net.rss'/> <flag name='migration.blocked-reasons'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>6002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900244</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml index ef1c66a5d7..90c1653ffa 100644 --- a/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml @@ -190,6 +190,8 @@ <flag name='chardev.qemu-vdagent'/> <flag name='usb-host.guest-resets-all'/> <flag name='migration.blocked-reasons'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>6002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100244</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_7.0.0.aarch64.xml b/tests/qemucapabilitiesdata/caps_7.0.0.aarch64.xml index a59a91a576..2f69e4c14b 100644 --- a/tests/qemucapabilitiesdata/caps_7.0.0.aarch64.xml +++ b/tests/qemucapabilitiesdata/caps_7.0.0.aarch64.xml @@ -163,6 +163,8 @@ <flag name='chardev.qemu-vdagent'/> <flag name='usb-host.guest-resets-all'/> <flag name='migration.blocked-reasons'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>6002092</version> <kvmVersion>0</kvmVersion> <microcodeVersion>61700243</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_7.0.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_7.0.0.ppc64.xml index e8c3886d14..a9225f61be 100644 --- a/tests/qemucapabilitiesdata/caps_7.0.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_7.0.0.ppc64.xml @@ -167,6 +167,8 @@ <flag name='chardev.qemu-vdagent'/> <flag name='usb-host.guest-resets-all'/> <flag name='migration.blocked-reasons'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>7000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900243</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml index d26d0c727a..ff3d21acd6 100644 --- a/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml @@ -196,6 +196,8 @@ <flag name='usb-host.guest-resets-all'/> <flag name='migration.blocked-reasons'/> <flag name='sgx-epc'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>7000000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100243</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_7.1.0.ppc64.xml b/tests/qemucapabilitiesdata/caps_7.1.0.ppc64.xml index 1f43612703..5be3aee836 100644 --- a/tests/qemucapabilitiesdata/caps_7.1.0.ppc64.xml +++ b/tests/qemucapabilitiesdata/caps_7.1.0.ppc64.xml @@ -167,6 +167,8 @@ <flag name='query-stats'/> <flag name='query-stats-schemas'/> <flag name='screenshot-format-png'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>7001000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>42900244</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.xml index 8a2ed2236a..ea05803440 100644 --- a/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_7.1.0.x86_64.xml @@ -199,6 +199,8 @@ <flag name='query-stats'/> <flag name='query-stats-schemas'/> <flag name='screenshot-format-png'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> <version>7001000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100244</microcodeVersion> diff --git a/tests/qemucapabilitiesdata/caps_7.2.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_7.2.0.x86_64.xml index 821fcd3199..ddb3e04e80 100644 --- a/tests/qemucapabilitiesdata/caps_7.2.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_7.2.0.x86_64.xml @@ -201,6 +201,9 @@ <flag name='query-stats-schemas'/> <flag name='thread-context'/> <flag name='screenshot-format-png'/> + <flag name='virtio-crypto'/> + <flag name='cryptodev-backend-builtin'/> + <flag name='cryptodev-backend-lkcf'/> <version>7002000</version> <kvmVersion>0</kvmVersion> <microcodeVersion>43100245</microcodeVersion> -- 2.34.1
On 1/4/23 04:29, zhenwei pi wrote:
Detect virtio crypto/crypto backend capabilities from QEMU, then we have a domain(QEMU) like this: <crypto supported='yes'> <enum name='model'> <value>virtio</value> </enum> <enum name='type'> <value>qemu</value> </enum> <enum name='backendModel'> <value>builtin</value> <value>lkcf</value> </enum> </crypto>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> --- src/conf/schemas/domaincaps.rng | 10 ++++++ src/qemu/qemu_capabilities.c | 32 +++++++++++++++++++ src/qemu/qemu_capabilities.h | 8 +++++ .../domaincapsdata/qemu_4.2.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_4.2.0-tcg.x86_64.xml | 11 +++++++ .../qemu_4.2.0-virt.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_4.2.0.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_4.2.0.ppc64.xml | 11 +++++++ tests/domaincapsdata/qemu_4.2.0.s390x.xml | 11 +++++++ tests/domaincapsdata/qemu_4.2.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_5.0.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_5.0.0-tcg.x86_64.xml | 11 +++++++ .../qemu_5.0.0-virt.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_5.0.0.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_5.0.0.ppc64.xml | 11 +++++++ tests/domaincapsdata/qemu_5.0.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_5.1.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_5.1.0-tcg.x86_64.xml | 11 +++++++ tests/domaincapsdata/qemu_5.1.0.sparc.xml | 9 ++++++ tests/domaincapsdata/qemu_5.1.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_5.2.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_5.2.0-tcg.x86_64.xml | 11 +++++++ .../qemu_5.2.0-virt.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_5.2.0.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_5.2.0.ppc64.xml | 11 +++++++ tests/domaincapsdata/qemu_5.2.0.s390x.xml | 11 +++++++ tests/domaincapsdata/qemu_5.2.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_6.0.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_6.0.0-tcg.x86_64.xml | 11 +++++++ .../qemu_6.0.0-virt.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_6.0.0.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_6.0.0.s390x.xml | 11 +++++++ tests/domaincapsdata/qemu_6.0.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_6.1.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_6.1.0-tcg.x86_64.xml | 11 +++++++ tests/domaincapsdata/qemu_6.1.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_6.2.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_6.2.0-tcg.x86_64.xml | 11 +++++++ .../qemu_6.2.0-virt.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_6.2.0.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_6.2.0.ppc64.xml | 11 +++++++ tests/domaincapsdata/qemu_6.2.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_7.0.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_7.0.0-tcg.x86_64.xml | 11 +++++++ .../qemu_7.0.0-virt.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_7.0.0.aarch64.xml | 11 +++++++ tests/domaincapsdata/qemu_7.0.0.ppc64.xml | 11 +++++++ tests/domaincapsdata/qemu_7.0.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_7.1.0-q35.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_7.1.0-tcg.x86_64.xml | 11 +++++++ tests/domaincapsdata/qemu_7.1.0.ppc64.xml | 11 +++++++ tests/domaincapsdata/qemu_7.1.0.x86_64.xml | 11 +++++++ .../domaincapsdata/qemu_7.2.0-q35.x86_64.xml | 12 +++++++ .../domaincapsdata/qemu_7.2.0-tcg.x86_64.xml | 12 +++++++ tests/domaincapsdata/qemu_7.2.0.x86_64.xml | 12 +++++++ .../caps_4.2.0.aarch64.xml | 2 ++ .../qemucapabilitiesdata/caps_4.2.0.ppc64.xml | 2 ++ .../qemucapabilitiesdata/caps_4.2.0.s390x.xml | 2 ++ .../caps_4.2.0.x86_64.xml | 2 ++ .../caps_5.0.0.aarch64.xml | 2 ++ .../qemucapabilitiesdata/caps_5.0.0.ppc64.xml | 2 ++ .../caps_5.0.0.riscv64.xml | 2 ++ .../caps_5.0.0.x86_64.xml | 2 ++ .../qemucapabilitiesdata/caps_5.1.0.sparc.xml | 1 + .../caps_5.1.0.x86_64.xml | 2 ++ .../caps_5.2.0.aarch64.xml | 2 ++ .../qemucapabilitiesdata/caps_5.2.0.ppc64.xml | 2 ++ .../caps_5.2.0.riscv64.xml | 2 ++ .../qemucapabilitiesdata/caps_5.2.0.s390x.xml | 2 ++ .../caps_5.2.0.x86_64.xml | 2 ++ .../caps_6.0.0.aarch64.xml | 2 ++ .../qemucapabilitiesdata/caps_6.0.0.s390x.xml | 2 ++ .../caps_6.0.0.x86_64.xml | 2 ++ .../caps_6.1.0.x86_64.xml | 2 ++ .../caps_6.2.0.aarch64.xml | 2 ++ .../qemucapabilitiesdata/caps_6.2.0.ppc64.xml | 2 ++ .../caps_6.2.0.x86_64.xml | 2 ++ .../caps_7.0.0.aarch64.xml | 2 ++ .../qemucapabilitiesdata/caps_7.0.0.ppc64.xml | 2 ++ .../caps_7.0.0.x86_64.xml | 2 ++ .../qemucapabilitiesdata/caps_7.1.0.ppc64.xml | 2 ++ .../caps_7.1.0.x86_64.xml | 2 ++ .../caps_7.2.0.x86_64.xml | 3 ++ 83 files changed, 679 insertions(+)
diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.rng index b6408bca88..232c976530 100644 --- a/src/conf/schemas/domaincaps.rng +++ b/src/conf/schemas/domaincaps.rng @@ -204,6 +204,9 @@ <optional> <ref name="channel"/> </optional> + <optional> + <ref name="crypto"/> + </optional> </element> </define>
@@ -270,6 +273,13 @@ </element> </define>
+ <define name="crypto"> + <element name="crypto"> + <ref name="supported"/> + <ref name="enum"/> + </element> + </define> + <define name="features"> <element name="features"> <optional>
These two hunks should be squashed into previous patch. Michal
Support 'cryptoX' alias for a crypto device. Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> --- src/qemu/qemu_alias.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c index ef8e87ab58..de62f57737 100644 --- a/src/qemu/qemu_alias.c +++ b/src/qemu/qemu_alias.c @@ -607,6 +607,26 @@ qemuAssignDeviceIOMMUAlias(virDomainIOMMUDef *iommu) } +static void +qemuAssignDeviceCryptoAlias(virDomainDef *def, + virDomainCryptoDef *crypto) +{ + size_t i; + int maxidx = 0; + int idx; + + if (crypto->info.alias) + return; + + for (i = 0; i < def->ncryptos; i++) { + if ((idx = qemuDomainDeviceAliasIndex(&def->cryptos[i]->info, "crypto")) >= maxidx) + maxidx = idx + 1; + } + + crypto->info.alias = g_strdup_printf("crypto%d", maxidx); +} + + int qemuAssignDeviceAliases(virDomainDef *def) { @@ -693,6 +713,9 @@ qemuAssignDeviceAliases(virDomainDef *def) } if (def->iommu) qemuAssignDeviceIOMMUAlias(def->iommu); + for (i = 0; i < def->ncryptos; i++) { + qemuAssignDeviceCryptoAlias(def, def->cryptos[i]); + } return 0; } -- 2.34.1
Support virtio-crypto device, also support cryptodev types: - builtin - lkcf Finally, we can launch a VM(QEMU) with one or more crypto devices by libvirt. Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> --- src/qemu/qemu_command.c | 110 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 109 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 4c001f72a5..104bab1221 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -925,6 +925,12 @@ qemuBuildVirtioDevGetConfigDev(const virDomainDeviceDef *device, } break; + case VIR_DOMAIN_DEVICE_CRYPTO: { + *baseName = "virtio-crypto"; + *virtioOptions = device->data.crypto->virtio; + break; + } + case VIR_DOMAIN_DEVICE_LEASE: case VIR_DOMAIN_DEVICE_SOUND: case VIR_DOMAIN_DEVICE_WATCHDOG: @@ -941,7 +947,6 @@ qemuBuildVirtioDevGetConfigDev(const virDomainDeviceDef *device, case VIR_DOMAIN_DEVICE_MEMORY: case VIR_DOMAIN_DEVICE_IOMMU: case VIR_DOMAIN_DEVICE_AUDIO: - case VIR_DOMAIN_DEVICE_CRYPTO: case VIR_DOMAIN_DEVICE_LAST: default: break; @@ -9837,6 +9842,106 @@ qemuBuildVsockCommandLine(virCommand *cmd, } +static int +qemuBuildCryptoBackendProps(virDomainCryptoDef *crypto, + virJSONValue **props) +{ + g_autofree char *objAlias = NULL; + + objAlias = g_strdup_printf("obj%s", crypto->info.alias); + + switch ((virDomainCryptoBackend) crypto->backend) { + case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN: + if (qemuMonitorCreateObjectProps(props, "cryptodev-backend-builtin", + objAlias, NULL) < 0) + return -1; + + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LKCF: + if (qemuMonitorCreateObjectProps(props, "cryptodev-backend-lkcf", + objAlias, NULL) < 0) + return -1; + + break; + + case VIR_DOMAIN_CRYPTO_BACKEND_LAST: + break; + } + + if (virJSONValueObjectAdd(props, + "p:queues", crypto->queues, + NULL) < 0) + return -1; + + + return 0; +} + + +static virJSONValue * +qemuBuildCryptoDevProps(const virDomainDef *def, + virDomainCryptoDef *dev, + virQEMUCaps *qemuCaps) +{ + g_autoptr(virJSONValue) props = NULL; + g_autofree char *crypto = g_strdup_printf("obj%s", dev->info.alias); + + if (!(props = qemuBuildVirtioDevProps(VIR_DOMAIN_DEVICE_CRYPTO, dev, qemuCaps))) + return NULL; + + if (virJSONValueObjectAdd(&props, + "s:cryptodev", crypto, + "s:id", dev->info.alias, + NULL) < 0) + return NULL; + + if (qemuBuildDeviceAddressProps(props, def, &dev->info) < 0) + return NULL; + + return g_steal_pointer(&props); +} + + +static int +qemuBuildCryptoCommandLine(virCommand *cmd, + const virDomainDef *def, + virQEMUCaps *qemuCaps) +{ + size_t i; + + for (i = 0; i < def->ncryptos; i++) { + g_autoptr(virJSONValue) props = NULL; + virDomainCryptoDef *crypto = def->cryptos[i]; + g_autoptr(virJSONValue) devprops = NULL; + + if (!crypto->info.alias) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Crypto device is missing alias")); + return -1; + } + + if (qemuBuildCryptoBackendProps(crypto, &props) < 0) + return -1; + + if (qemuBuildObjectCommandlineFromJSON(cmd, props, qemuCaps) < 0) + return -1; + + /* add the device */ + if (qemuCommandAddExtDevice(cmd, &crypto->info, def, qemuCaps) < 0) + return -1; + + if (!(devprops = qemuBuildCryptoDevProps(def, crypto, qemuCaps))) + return -1; + + if (qemuBuildDeviceCommandlineFromJSON(cmd, devprops, def, qemuCaps) < 0) + return -1; + } + + return 0; +} + + typedef enum { QEMU_COMMAND_DEPRECATION_BEHAVIOR_NONE = 0, QEMU_COMMAND_DEPRECATION_BEHAVIOR_OMIT, @@ -10189,6 +10294,9 @@ qemuBuildCommandLine(virDomainObj *vm, qemuBuildVsockCommandLine(cmd, def, def->vsock, qemuCaps) < 0) return NULL; + if (qemuBuildCryptoCommandLine(cmd, def, qemuCaps) < 0) + return NULL; + if (cfg->logTimestamp) virCommandAddArgList(cmd, "-msg", "timestamp=on", NULL); -- 2.34.1
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> --- NEWS.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 39f508a6ce..7d1943472e 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -17,6 +17,9 @@ v9.0.0 (unreleased) * **New features** + * Support crypto device(virtio crypto only), also add support for QEMU with + backend 'builtin' and 'lkcf'. + * **Improvements** * qemu: Prefer PNG for domain screenshots -- 2.34.1
On 1/4/23 04:29, zhenwei pi wrote:
Hi,
This series supports crypto device, also add support for QEMU. The basic xml schema looks like: <crypto model='virtio' type='qemu'> <backend model='builtin' queues='1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/> </crypto>
<crypto model='virtio' type='qemu'> <backend model='lkcf'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/> </crypto>
Each patch has been tested by 'ninja -C build test', and launch a QEMU with crypto devices, it works fine.
I've got couple of suggestions. For patch 2/7 I've created a 'fixup' commit and uploaded the whole branch onto my gitlab: https://gitlab.com/MichalPrivoznik/libvirt/-/commits/crypto_review Please check it out and consider squashing it in. For other suggestions I did not create such commit. Michal
On 1/6/23 19:37, Michal Prívozník wrote:
On 1/4/23 04:29, zhenwei pi wrote:
Hi,
This series supports crypto device, also add support for QEMU. The basic xml schema looks like: <crypto model='virtio' type='qemu'> <backend model='builtin' queues='1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/> </crypto>
<crypto model='virtio' type='qemu'> <backend model='lkcf'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/> </crypto>
Each patch has been tested by 'ninja -C build test', and launch a QEMU with crypto devices, it works fine.
I've got couple of suggestions. For patch 2/7 I've created a 'fixup' commit and uploaded the whole branch onto my gitlab:
https://gitlab.com/MichalPrivoznik/libvirt/-/commits/crypto_review
Please check it out and consider squashing it in. For other suggestions I did not create such commit.
Michal
Thanks! I'll send a v2 version later. -- zhenwei pi
participants (2)
-
Michal Prívozník -
zhenwei pi