From: Boris Fiuczynski <***@linux.vnet.ibm.com>

Add qemu command line tests for virtio-crypto ccw support.

Signed-off-by: Boris Fiuczynski <***@linux.vnet.ibm.com>
Reviewed-by: Marc Hartmayer <***@linux.vnet.ibm.com>
---
.../qemuxml2argv-virtio-crypto-ccw.args | 22 ++++++++++++++++++++++
.../qemuxml2argv-virtio-crypto-ccw.xml | 16 ++++++++++++++++
tests/qemuxml2argvtest.c | 6 ++++++
3 files changed, 44 insertions(+)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.xml

diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.args b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.args
new file mode 100644
index 0000000..1a59a2d
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.args
@@ -0,0 +1,22 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-s390x \
+-name QEMUGuest1 \
+-S \
+-M s390-ccw \
+-m 214 \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-nographic \
+-nodefconfig \
+-nodefaults \
+-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\
+server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=readline \
+-device virtio-balloon-ccw,id=balloon0,devno=fe.0.0000 \
+-object cryptodev-backend-builtin,id=objcrypto0,queues=1 \
+-device virtio-crypto-ccw,cryptodev=objcrypto0,id=crypto0,devno=fe.0.0001
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.xml b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.xml
new file mode 100644
index 0000000..b8d07ff
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-ccw.xml
@@ -0,0 +1,16 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory>219100</memory>
+ <currentMemory>219100</currentMemory>
+ <os>
+ <type arch='s390x' machine='s390-ccw'>hvm</type>
+ </os>
+ <devices>
+ <emulator>/usr/bin/qemu-system-s390x</emulator>
+ <memballoon model='virtio'/>
+ <crypto model='virtio'>
+ <backend type='builtin' queues='1'/>
+ </crypto>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 27eea70..70f85cd 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1781,6 +1781,12 @@ mymain(void)
QEMU_CAPS_VIRTIO_S390, QEMU_CAPS_DEVICE_VIRTIO_RNG,
QEMU_CAPS_OBJECT_RNG_RANDOM);

+ DO_TEST("virtio-crypto-ccw",
+ QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG,
+ QEMU_CAPS_BOOTINDEX, QEMU_CAPS_VIRTIO_CCW,
+ QEMU_CAPS_VIRTIO_S390, QEMU_CAPS_DEVICE_VIRTIO_CRYPTO,
+ QEMU_CAPS_OBJECT_CRYPTO_BUILTIN);
+
DO_TEST("s390-allow-bogus-usb-none",
QEMU_CAPS_CHARDEV, QEMU_CAPS_NODEFCONFIG,
QEMU_CAPS_BOOTINDEX, QEMU_CAPS_VIRTIO_S390,

Signed-off-by: Longpeng(Mike) <***@huawei.com>
---
docs/news.xml | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/docs/news.xml b/docs/news.xml
index a886e2c..b766984 100644
--- a/docs/news.xml
+++ b/docs/news.xml
@@ -35,6 +35,16 @@
<libvirt>
<release version="v3.6.0" date="unreleased">
<section title="New features">
+ <change>
+ <summary>
+ qemu: Add support for virtio-crypto device
+ </summary>
+ <description>
+ QEMU 2.8 introduced the support of virtio-crypto device, which is a
+ virtual crypto accelerator card for VMs. Users can now configure one
+ or more virtio-crypto devices for the VM in the XML.
+ </description>
+ </change>
</section>
<section title="Improvements">
</section>

Two capabilities bits are added to track support for those:

QEMU_CAPS_DEVICE_VIRTIO_CRYPTO - for the device support and
QEMU_CAPS_OBJECT_CRYPTO_BUILTIN - for the backend support.

Signed-off-by: Longpeng(Mike) <***@huawei.com>
---
src/qemu/qemu_capabilities.c | 6 ++++++
src/qemu/qemu_capabilities.h | 4 ++++
tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml | 2 ++
tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml | 2 ++
tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 2 ++
5 files changed, 16 insertions(+)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 61c9a10..01005d5 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -430,6 +430,10 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
"virtio.iommu_platform",
"virtio.ats",
"loadparm",
+ "cryptodev-backend-builtin",
+
+ /* 265 */
+ "virtio-crypto",
);


@@ -1679,6 +1683,8 @@ struct virQEMUCapsStringFlags virQEMUCapsObjectTypes[] = {
{ "nvdimm", QEMU_CAPS_DEVICE_NVDIMM },
{ "pcie-root-port", QEMU_CAPS_DEVICE_PCIE_ROOT_PORT },
{ "qemu-xhci", QEMU_CAPS_DEVICE_QEMU_XHCI },
+ { "cryptodev-backend-builtin", QEMU_CAPS_OBJECT_CRYPTO_BUILTIN },
+ { "virtio-crypto-device", QEMU_CAPS_DEVICE_VIRTIO_CRYPTO },
};

static struct virQEMUCapsStringFlags virQEMUCapsObjectPropsVirtioBalloon[] = {
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 6e95876..50bb7a5 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -416,6 +416,10 @@ typedef enum {
QEMU_CAPS_VIRTIO_PCI_IOMMU_PLATFORM, /* virtio-*-pci.iommu_platform */
QEMU_CAPS_VIRTIO_PCI_ATS, /* virtio-*-pci.ats */
QEMU_CAPS_LOADPARM, /* -machine loadparm */
+ QEMU_CAPS_OBJECT_CRYPTO_BUILTIN, /* -object cryptodev-backend-builtin */
+
+ /* 265 */
+ QEMU_CAPS_DEVICE_VIRTIO_CRYPTO, /* -device virtio-crypto-pci */

QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml b/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml
index 51be9bc..527c765 100644
--- a/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml
@@ -134,6 +134,8 @@
<flag name='query-named-block-nodes'/>
<flag name='kernel-irqchip'/>
<flag name='kernel-irqchip.split'/>
+ <flag name='cryptodev-backend-builtin'/>
+ <flag name='virtio-crypto'/>
<version>2007093</version>
<kvmVersion>0</kvmVersion>
<package></package>
diff --git a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml
index 01edbc8..f10833c 100644
--- a/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml
@@ -207,6 +207,8 @@
<flag name='kernel-irqchip.split'/>
<flag name='intel-iommu.intremap'/>
<flag name='intel-iommu.eim'/>
+ <flag name='cryptodev-backend-builtin'/>
+ <flag name='virtio-crypto'/>
<version>2008000</version>
<kvmVersion>0</kvmVersion>
<package> (v2.8.0)</package>
diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml
index 58dd9f6..af141cc 100644
--- a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml
@@ -218,6 +218,8 @@
<flag name='intel-iommu.device-iotlb'/>
<flag name='virtio.iommu_platform'/>
<flag name='virtio.ats'/>
+ <flag name='cryptodev-backend-builtin'/>
+ <flag name='virtio-crypto'/>
<version>2009000</version>
<kvmVersion>0</kvmVersion>
<package> (v2.9.0)</package>

From: Boris Fiuczynski <***@linux.vnet.ibm.com>

Add device address type ccw which is supported since qemu 2.9.0.

Signed-off-by: Boris Fiuczynski <***@linux.vnet.ibm.com>
Reviewed-by: Marc Hartmayer <***@linux.vnet.ibm.com>
---
src/qemu/qemu_command.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 5278edc..65dfc61 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6051,14 +6051,18 @@ qemuBuildCryptoDevStr(const virDomainDef *def,
goto error;
}

- if (dev->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) {
+ if (dev->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) {
+ virBufferAddLit(&buf, "virtio-crypto-pci");
+ } else if (dev->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW) {
+ virBufferAddLit(&buf, "virtio-crypto-ccw");
+ } else {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("unsupported address type %s for virtio crypto device"),
virDomainDeviceAddressTypeToString(dev->info.type));
goto error;
}

- virBufferAsprintf(&buf, "virtio-crypto-pci,cryptodev=obj%s,id=%s",
+ virBufferAsprintf(&buf, ",cryptodev=obj%s,id=%s",
dev->info.alias, dev->info.alias);

if (qemuBuildDeviceAddressStr(&buf, def, &dev->info, qemuCaps) < 0)

This patch documents XML elements used for support of virtual
crypto devices.

In the devices section in the domain XML users may specify:
<crypto model='virtio'>
<backend type='builtin' queues='1'/>
</crypto>
to enable the crypto device for guests.

Signed-off-by: Longpeng(Mike) <***@huawei.com>
---
docs/formatdomain.html.in | 61 +++++++++++++++++++++++++++++++++++++++++++
docs/schemas/domaincommon.rng | 30 +++++++++++++++++++++
2 files changed, 91 insertions(+)

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 36bea67..7c27ae7 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -7547,6 +7547,67 @@ qemu-kvm -net nic,model=? /dev/null
</dd>
</dl>

+ <h4><a name="elementCrypto">Crypto device</a></h4>
+
+ <p>
+ The virtual crypto device is a virtual crypto accelerator
+ card(provides crypto services, such as CIPHER, MAC, HASH,
+ and AEAD) for virtual machines and it can be added to the
+ guest via the <code>crypto</code> element.
+ <span class="since">Since 3.1.0, QEMU and KVM only</span>
+ </p>
+
+ <p>
+ Example: usage of the crypto device:
+ </p>
+<pre>
+ ...
+ &lt;devices&gt;
+ &lt;crypto model='virtio'&gt;
+ &lt;backend type='builtin' queues='1'/&gt;
+ &lt;/crypto&gt;
+ &lt;/devices&gt;
+ ...
+</pre>
+ <dl>
+ <dt><code>model</code></dt>
+ <dd>
+ <p>
+ The required <code>model</code> attribute specifies what
+ type of crypto device is provide.
+ Currently only 'virtio' is supported and it needs virtio-crypto
+ guest driver.
+ </p>
+ </dd>
+ <dt><code>backend</code></dt>
+ <dd>
+ <p>
+ The <code>backend</code> element specifies the type and
+ number of queues of the crypto device to be used for the
+ domain.
+ </p>
+ <dl>
+ <dt><code>type</code></dt>
+ <dd>
+ <p>
+ The required <code>type</code> element specifies the
+ type of the crypto device.
+ Currently only supports 'builtin' which uses QEMU's
+ crypto APIs to complete the crypto operations.
+ </p>
+ </dd>
+ <dt><code>queues</code></dt>
+ <dd>
+ <p>
+ The optional <code>queues</code> element specifies the
+ number of queues of the crypto device, the default number
+ of queues is 1.
+ </p>
+ </dd>
+ </dl>
+ </dd>
+ </dl>
+
<h3><a name="seclabel">Security label</a></h3>

<p>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index bdf7103..6e3b0fd 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -4506,6 +4506,7 @@
<ref name="tpm"/>
<ref name="shmem"/>
<ref name="memorydev"/>
+ <ref name="crypto"/>
</choice>
</zeroOrMore>
<optional>
@@ -5052,6 +5053,35 @@
</optional>
</define>

+ <define name="crypto">
+ <element name="crypto">
+ <attribute name="model">
+ <choice>
+ <value>virtio</value>
+ </choice>
+ </attribute>
+ <ref name="crypto-backend"/>
+ <optional>
+ <ref name="address"/>
+ </optional>
+ </element>
+ </define>
+
+ <define name="crypto-backend">
+ <element name="backend">
+ <attribute name="type">
+ <choice>
+ <value>builtin</value>
+ </choice>
+ </attribute>
+ <optional>
+ <attribute name="queues">
+ <ref name="positiveInteger"/>
+ </attribute>
+ </optional>
+ </element>
+ </define>
+
<define name="usbmaster">
<element name="master">
<attribute name="startport">

This patch implements support for the virtio-crypto-pci device
and the builtin backend in qemu.

qemu is invoked with these additional parameters if the device
id enabled:

(to add the backend)
-object cryptodev-backend-builtin,id=objcrypto0,queues=1
(to add the device)
-device virtio-crypto-pci,cryptodev=objcrypto0,id=crypto0

Signed-off-by: Longpeng(Mike) <***@huawei.com>
---
src/qemu/qemu_alias.c | 20 +++++++
src/qemu/qemu_alias.h | 3 +
src/qemu/qemu_command.c | 126 +++++++++++++++++++++++++++++++++++++++++
src/qemu/qemu_command.h | 3 +
src/qemu/qemu_domain_address.c | 26 ++++++++-
5 files changed, 177 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c
index 914b2b9..2b6e049 100644
--- a/src/qemu/qemu_alias.c
+++ b/src/qemu/qemu_alias.c
@@ -332,6 +332,26 @@ qemuAssignDeviceRNGAlias(virDomainDefPtr def,
}


+int
+qemuAssignDeviceCryptoAlias(const virDomainDef *def,
+ virDomainCryptoDefPtr crypto)
+{
+ size_t i;
+ int maxidx = 0;
+ int idx;
+
+ for (i = 0; i < def->ncryptos; i++) {
+ if ((idx = qemuDomainDeviceAliasIndex(&def->cryptos[i]->info, "crypto")) >= maxidx)
+ maxidx = idx + 1;
+ }
+
+ if (virAsprintf(&crypto->info.alias, "crypto%d", maxidx) < 0)
+ return -1;
+
+ return 0;
+}
+
+
/**
* qemuAssignDeviceMemoryAlias:
* @def: domain definition. Necessary only if @oldAlias is true.
diff --git a/src/qemu/qemu_alias.h b/src/qemu/qemu_alias.h
index 300fd4d..fe59928 100644
--- a/src/qemu/qemu_alias.h
+++ b/src/qemu/qemu_alias.h
@@ -57,6 +57,9 @@ int qemuAssignDeviceRedirdevAlias(virDomainDefPtr def,
int qemuAssignDeviceRNGAlias(virDomainDefPtr def,
virDomainRNGDefPtr rng);

+int qemuAssignDeviceCryptoAlias(const virDomainDef *def,
+ virDomainCryptoDefPtr crypto);
+
int qemuAssignDeviceMemoryAlias(virDomainDefPtr def,
virDomainMemoryDefPtr mems,
bool oldAlias);
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index c53ab97..5278edc 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -5992,6 +5992,129 @@ qemuBuildRNGCommandLine(virLogManagerPtr logManager,


static char *
+qemuBuildCryptoBackendStr(virDomainCryptoDefPtr crypto,
+ virQEMUCapsPtr qemuCaps)
+{
+ const char *type = NULL;
+ char *alias = NULL;
+ char *queue = NULL;
+ char *backstr = NULL;
+
+ if (virAsprintf(&alias, "obj%s", crypto->info.alias) < 0)
+ goto cleanup;
+
+ if (crypto->queues > 0) {
+ if (virAsprintf(&queue, "queues=%u", crypto->queues) < 0)
+ goto cleanup;
+ }
+
+ switch ((virDomainCryptoBackend)crypto->backend) {
+ case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN:
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_CRYPTO_BUILTIN)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("this qemu doesn't support the builtin backend"));
+ goto cleanup;
+ }
+
+ type = "cryptodev-backend-builtin";
+ break;
+
+ case VIR_DOMAIN_CRYPTO_BACKEND_LAST:
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("unknown crypto backend"));
+ goto cleanup;
+ }
+
+ if (queue)
+ ignore_value(virAsprintf(&backstr, "%s,id=%s,%s", type, alias, queue));
+ else
+ ignore_value(virAsprintf(&backstr, "%s,id=%s", type, alias));
+
+ cleanup:
+ VIR_FREE(alias);
+ return backstr;
+}
+
+
+char *
+qemuBuildCryptoDevStr(const virDomainDef *def,
+ virDomainCryptoDefPtr dev,
+ virQEMUCapsPtr qemuCaps)
+{
+ virBuffer buf = VIR_BUFFER_INITIALIZER;
+
+ if (dev->model != VIR_DOMAIN_CRYPTO_MODEL_VIRTIO ||
+ !virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_VIRTIO_CRYPTO)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("this qemu doesn't support crypto device model '%s'"),
+ virDomainRNGModelTypeToString(dev->model));
+ goto error;
+ }
+
+ if (dev->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("unsupported address type %s for virtio crypto device"),
+ virDomainDeviceAddressTypeToString(dev->info.type));
+ goto error;
+ }
+
+ virBufferAsprintf(&buf, "virtio-crypto-pci,cryptodev=obj%s,id=%s",
+ dev->info.alias, dev->info.alias);
+
+ if (qemuBuildDeviceAddressStr(&buf, def, &dev->info, qemuCaps) < 0)
+ goto error;
+
+ return virBufferContentAndReset(&buf);
+
+ error:
+ virBufferFreeAndReset(&buf);
+ return NULL;
+}
+
+
+static int
+qemuBuildCryptoCommandLine(virCommandPtr cmd,
+ const virDomainDef *def,
+ virQEMUCapsPtr qemuCaps)
+{
+ size_t i;
+
+ for (i = 0; i < def->ncryptos; i++) {
+ virDomainCryptoDefPtr crypto = def->cryptos[i];
+ char *tmp;
+
+ if (qemuAssignDeviceCryptoAlias(def, crypto)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("crypto device assign alias faile"));
+ return -1;
+ }
+
+ if (!crypto->info.alias) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("crypto device is missing alias"));
+ return -1;
+ }
+
+ /* add the crypto backend */
+ if (!(tmp = qemuBuildCryptoBackendStr(crypto, qemuCaps)))
+ return -1;
+
+ virCommandAddArgList(cmd, "-object", tmp, NULL);
+ VIR_FREE(tmp);
+
+ /* add the device */
+ if (!(tmp = qemuBuildCryptoDevStr(def, crypto, qemuCaps)))
+ return -1;
+
+ virCommandAddArgList(cmd, "-device", tmp, NULL);
+ VIR_FREE(tmp);
+ }
+
+ return 0;
+}
+
+
+static char *
qemuBuildSmbiosBiosStr(virSysinfoBIOSDefPtr def)
{
virBuffer buf = VIR_BUFFER_INITIALIZER;
@@ -10220,6 +10343,9 @@ qemuBuildCommandLine(virQEMUDriverPtr driver,
chardevStdioLogd) < 0)
goto error;

+ if (qemuBuildCryptoCommandLine(cmd, def, qemuCaps) < 0)
+ goto error;
+
if (qemuBuildNVRAMCommandLine(cmd, def, qemuCaps) < 0)
goto error;

diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h
index f5e3e5f..996840d 100644
--- a/src/qemu/qemu_command.h
+++ b/src/qemu/qemu_command.h
@@ -204,6 +204,9 @@ char *qemuBuildShmemDevStr(virDomainDefPtr def,
virQEMUCapsPtr qemuCaps)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);

+char *qemuBuildCryptoDevStr(const virDomainDef *def,
+ virDomainCryptoDefPtr dev,
+ virQEMUCapsPtr qemuCaps);


#endif /* __QEMU_COMMAND_H__*/
diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c
index 5209fbe..9bd064b 100644
--- a/src/qemu/qemu_domain_address.c
+++ b/src/qemu/qemu_domain_address.c
@@ -331,6 +331,12 @@ qemuDomainPrimeVirtioDeviceAddresses(virDomainDefPtr def,
def->rngs[i]->info.type = type;
}

+ for (i = 0; i < def->ncryptos; i++) {
+ if (def->cryptos[i]->model == VIR_DOMAIN_CRYPTO_MODEL_VIRTIO &&
+ def->cryptos[i]->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE)
+ def->cryptos[i]->info.type = type;
+ }
+
if (type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW) {
for (i = 0; i < def->nfss; i++) {
if (def->fss[i]->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE)
@@ -738,6 +744,15 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev,
return 0;
}

+ case VIR_DOMAIN_DEVICE_CRYPTO:
+ switch ((virDomainCryptoModel) dev->data.crypto->model) {
+ case VIR_DOMAIN_CRYPTO_MODEL_VIRTIO:
+ return virtioFlags;
+
+ case VIR_DOMAIN_RNG_MODEL_LAST:
+ return 0;
+ }
+
case VIR_DOMAIN_DEVICE_VIDEO:
switch ((virDomainVideoType) dev->data.video->type) {
case VIR_DOMAIN_VIDEO_TYPE_VIRTIO:
@@ -796,7 +811,6 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev,
case VIR_DOMAIN_DEVICE_LEASE:
case VIR_DOMAIN_DEVICE_GRAPHICS:
case VIR_DOMAIN_DEVICE_IOMMU:
- case VIR_DOMAIN_DEVICE_CRYPTO:
case VIR_DOMAIN_DEVICE_LAST:
case VIR_DOMAIN_DEVICE_NONE:
return 0;
@@ -1775,6 +1789,16 @@ qemuDomainAssignDevicePCISlots(virDomainDefPtr def,
goto error;
}

+ /* VirtIO CRYPTO */
+ for (i = 0; i < def->ncryptos; i++) {
+ if (def->cryptos[i]->model != VIR_DOMAIN_CRYPTO_MODEL_VIRTIO ||
+ !virDeviceInfoPCIAddressWanted(&def->cryptos[i]->info))
+ continue;
+
+ if (qemuDomainPCIAddressReserveNextAddr(addrs, &def->cryptos[i]->info) < 0)
+ goto error;
+ }
+
/* A watchdog - check if it is a PCI device */
if (def->watchdog &&
def->watchdog->model == VIR_DOMAIN_WATCHDOG_MODEL_I6300ESB &&

This patch parse the domain XML with virtio-crypto
support, the virtio-crypto XML looks like this:

<crypto model='virtio'>
<backend type='builtin' queues='1'/>
</crypto>

Signed-off-by: Longpeng(Mike) <***@huawei.com>
---
src/conf/domain_conf.c | 213 ++++++++++++++++++++++++++++++++++++++++-
src/conf/domain_conf.h | 32 +++++++
src/libvirt_private.syms | 5 +
src/qemu/qemu_domain_address.c | 1 +
src/qemu/qemu_driver.c | 6 ++
src/qemu/qemu_hotplug.c | 1 +
6 files changed, 257 insertions(+), 1 deletion(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index c3149f9..4c4568d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -253,7 +253,8 @@ VIR_ENUM_IMPL(virDomainDevice, VIR_DOMAIN_DEVICE_LAST,
"tpm",
"panic",
"memory",
- "iommu")
+ "iommu",
+ "crypto")

VIR_ENUM_IMPL(virDomainDeviceAddress, VIR_DOMAIN_DEVICE_ADDRESS_TYPE_LAST,
"none",
@@ -830,6 +831,14 @@ VIR_ENUM_IMPL(virDomainRNGBackend,
"random",
"egd");

+VIR_ENUM_IMPL(virDomainCryptoModel,
+ VIR_DOMAIN_CRYPTO_MODEL_LAST,
+ "virtio");
+
+VIR_ENUM_IMPL(virDomainCryptoBackend,
+ VIR_DOMAIN_CRYPTO_BACKEND_LAST,
+ "builtin");
+
VIR_ENUM_IMPL(virDomainTPMModel, VIR_DOMAIN_TPM_MODEL_LAST,
"tpm-tis")

@@ -2617,6 +2626,9 @@ void virDomainDeviceDefFree(virDomainDeviceDefPtr def)
case VIR_DOMAIN_DEVICE_IOMMU:
VIR_FREE(def->data.iommu);
break;
+ case VIR_DOMAIN_DEVICE_CRYPTO:
+ virDomainCryptoDefFree(def->data.crypto);
+ break;
case VIR_DOMAIN_DEVICE_LAST:
case VIR_DOMAIN_DEVICE_NONE:
break;
@@ -2866,6 +2878,10 @@ void virDomainDefFree(virDomainDefPtr def)

VIR_FREE(def->iommu);

+ for (i = 0; i < def->ncryptos; i++)
+ virDomainCryptoDefFree(def->cryptos[i]);
+ VIR_FREE(def->cryptos);
+
VIR_FREE(def->idmap.uidmap);
VIR_FREE(def->idmap.gidmap);

@@ -3453,6 +3469,8 @@ virDomainDeviceGetInfo(virDomainDeviceDefPtr device)
return &device->data.panic->info;
case VIR_DOMAIN_DEVICE_MEMORY:
return &device->data.memory->info;
+ case VIR_DOMAIN_DEVICE_CRYPTO:
+ return &device->data.crypto->info;

/* The following devices do not contain virDomainDeviceInfo */
case VIR_DOMAIN_DEVICE_LEASE:
@@ -3768,6 +3786,13 @@ virDomainDeviceInfoIterateInternal(virDomainDefPtr def,
return -1;
}

+ device.type = VIR_DOMAIN_DEVICE_CRYPTO;
+ for (i = 0; i < def->ncryptos; i++) {
+ device.data.crypto = def->cryptos[i];
+ if (cb(def, &device, &def->cryptos[i]->info, opaque) < 0)
+ return -1;
+ }
+
/* Coverity is not very happy with this - all dead_error_condition */
#if !STATIC_ANALYSIS
/* This switch statement is here to trigger compiler warning when adding
@@ -3802,6 +3827,7 @@ virDomainDeviceInfoIterateInternal(virDomainDefPtr def,
case VIR_DOMAIN_DEVICE_RNG:
case VIR_DOMAIN_DEVICE_MEMORY:
case VIR_DOMAIN_DEVICE_IOMMU:
+ case VIR_DOMAIN_DEVICE_CRYPTO:
break;
}
#endif
@@ -5095,6 +5121,7 @@ virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev,
case VIR_DOMAIN_DEVICE_PANIC:
case VIR_DOMAIN_DEVICE_MEMORY:
case VIR_DOMAIN_DEVICE_IOMMU:
+ case VIR_DOMAIN_DEVICE_CRYPTO:
case VIR_DOMAIN_DEVICE_NONE:
case VIR_DOMAIN_DEVICE_LAST:
break;
@@ -13048,6 +13075,88 @@ virDomainRNGDefParseXML(virDomainXMLOptionPtr xmlopt,
}


+static virDomainCryptoDefPtr
+virDomainCryptoDefParseXML(xmlNodePtr node,
+ xmlXPathContextPtr ctxt,
+ unsigned int flags)
+{
+ char *model = NULL;
+ char *backend = NULL;
+ char *queues = NULL;
+ virDomainCryptoDefPtr def;
+ xmlNodePtr save = ctxt->node;
+ xmlNodePtr *backends = NULL;
+ int nbackends;
+
+ if (VIR_ALLOC(def) < 0)
+ return NULL;
+
+ if (!(model = virXMLPropString(node, "model"))) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing Crypto device model"));
+ goto error;
+ }
+
+ if ((def->model = virDomainCryptoModelTypeFromString(model)) < 0) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("unknown Crypto model '%s'"), model);
+ goto error;
+ }
+
+ ctxt->node = node;
+
+ if ((nbackends = virXPathNodeSet("./backend", ctxt, &backends)) < 0)
+ goto error;
+
+ if (nbackends != 1) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("only one Crypto backend is supported"));
+ goto error;
+ }
+
+ if (!(backend = virXMLPropString(backends[0], "type"))) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("missing Crypto device backend type"));
+ goto error;
+ }
+
+ if ((def->backend = virDomainCryptoBackendTypeFromString(backend)) < 0) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("unknown Crypto backend model '%s'"), backend);
+ goto error;
+ }
+
+ switch ((virDomainCryptoBackend) def->backend) {
+ case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN:
+ queues = virXMLPropString(backends[0], "queues");
+ if (queues && virStrToLong_ui(queues, NULL, 10, &def->queues) < 0) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("Malformed 'queues' value '%s'"), queues);
+ }
+ break;
+
+ case VIR_DOMAIN_CRYPTO_BACKEND_LAST:
+ break;
+ }
+
+ if (virDomainDeviceInfoParseXML(node, NULL, &def->info, flags) < 0)
+ goto error;
+
+ cleanup:
+ VIR_FREE(model);
+ VIR_FREE(backend);
+ VIR_FREE(queues);
+ VIR_FREE(backends);
+ ctxt->node = save;
+ return def;
+
+ error:
+ virDomainCryptoDefFree(def);
+ def = NULL;
+ goto cleanup;
+}
+
+
static virDomainMemballoonDefPtr
virDomainMemballoonDefParseXML(xmlNodePtr node,
xmlXPathContextPtr ctxt,
@@ -14643,6 +14752,10 @@ virDomainDeviceDefParse(const char *xmlStr,
if (!(dev->data.iommu = virDomainIOMMUDefParseXML(node, ctxt)))
goto error;
break;
+ case VIR_DOMAIN_DEVICE_CRYPTO:
+ if (!(dev->data.crypto = virDomainCryptoDefParseXML(node, ctxt, flags)))
+ goto error;
+ break;
case VIR_DOMAIN_DEVICE_NONE:
case VIR_DOMAIN_DEVICE_LAST:
break;
@@ -17709,6 +17822,22 @@ virDomainDefParseXML(xmlDocPtr xml,
}
VIR_FREE(nodes);

+ /* Parse the crypto devices */
+ if ((n = virXPathNodeSet("./devices/crypto", ctxt, &nodes)) < 0)
+ goto error;
+ if (n && VIR_ALLOC_N(def->cryptos, n) < 0)
+ goto error;
+ for (i = 0; i < n; i++) {
+ virDomainCryptoDefPtr crypto = virDomainCryptoDefParseXML(nodes[i],
+ ctxt,
+ flags);
+ if (!crypto)
+ goto error;
+
+ def->cryptos[def->ncryptos++] = crypto;
+ }
+ VIR_FREE(nodes);
+
if (virCPUDefParseXML(ctxt, "./cpu[1]", VIR_CPU_TYPE_GUEST, &def->cpu) < 0)
goto error;

@@ -19815,6 +19944,25 @@ virDomainRNGDefCheckABIStability(virDomainRNGDefPtr src,


static bool
+virDomainCryptoDefCheckABIStability(virDomainCryptoDefPtr src,
+ virDomainCryptoDefPtr dst)
+{
+ if (src->model != dst->model) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Target Crypto model '%s' does not match source '%s'"),
+ virDomainCryptoModelTypeToString(dst->model),
+ virDomainCryptoModelTypeToString(src->model));
+ return false;
+ }
+
+ if (!virDomainDeviceInfoCheckABIStability(&src->info, &dst->info))
+ return false;
+
+ return true;
+}
+
+
+static bool
virDomainHubDefCheckABIStability(virDomainHubDefPtr src,
virDomainHubDefPtr dst)
{
@@ -20718,6 +20866,17 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src,
!xmlopt->abi.domain(src, dst))
goto error;

+ if (src->ncryptos != dst->ncryptos) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Target domain crypto device count %zu "
+ "does not match source %zu"), dst->ncryptos, src->ncryptos);
+ goto error;
+ }
+
+ for (i = 0; i < src->ncryptos; i++)
+ if (!virDomainCryptoDefCheckABIStability(src->cryptos[i], dst->cryptos[i]))
+ goto error;
+
/* Coverity is not very happy with this - all dead_error_condition */
#if !STATIC_ANALYSIS
/* This switch statement is here to trigger compiler warning when adding
@@ -20751,6 +20910,7 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src,
case VIR_DOMAIN_DEVICE_SHMEM:
case VIR_DOMAIN_DEVICE_MEMORY:
case VIR_DOMAIN_DEVICE_IOMMU:
+ case VIR_DOMAIN_DEVICE_CRYPTO:
break;
}
#endif
@@ -23387,6 +23547,49 @@ virDomainRNGDefFree(virDomainRNGDefPtr def)


static int
+virDomainCryptoDefFormat(virBufferPtr buf,
+ virDomainCryptoDefPtr def,
+ unsigned int flags)
+{
+ const char *model = virDomainCryptoModelTypeToString(def->model);
+ const char *backend = virDomainCryptoBackendTypeToString(def->backend);
+
+ virBufferAsprintf(buf, "<crypto model='%s'>\n", model);
+ virBufferAdjustIndent(buf, 2);
+ virBufferAsprintf(buf, "<backend type='%s'", backend);
+
+ switch ((virDomainCryptoBackend) def->backend) {
+ case VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN:
+ if (def->queues)
+ virBufferAsprintf(buf, " queues='%u'", def->queues);
+
+ virBufferAddLit(buf, "/>\n");
+ break;
+
+ case VIR_DOMAIN_CRYPTO_BACKEND_LAST:
+ break;
+ }
+
+ if (virDomainDeviceInfoFormat(buf, &def->info, flags) < 0)
+ return -1;
+
+ virBufferAdjustIndent(buf, -2);
+ virBufferAddLit(buf, "</crypto>\n");
+ return 0;
+}
+
+void
+virDomainCryptoDefFree(virDomainCryptoDefPtr def)
+{
+ if (!def)
+ return;
+
+ virDomainDeviceInfoClear(&def->info);
+ VIR_FREE(def);
+}
+
+
+static int
virDomainMemorySourceDefFormat(virBufferPtr buf,
virDomainMemoryDefPtr def)
{
@@ -25418,6 +25621,11 @@ virDomainDefFormatInternal(virDomainDefPtr def,
goto error;
}

+ for (n = 0; n < def->ncryptos; n++) {
+ if (virDomainCryptoDefFormat(buf, def->cryptos[n], flags))
+ goto error;
+ }
+
if (def->iommu)
virDomainIOMMUDefFormat(buf, def->iommu);

@@ -26500,6 +26708,9 @@ virDomainDeviceDefCopy(virDomainDeviceDefPtr src,
case VIR_DOMAIN_DEVICE_SHMEM:
rc = virDomainShmemDefFormat(&buf, src->data.shmem, flags);
break;
+ case VIR_DOMAIN_DEVICE_CRYPTO:
+ rc = virDomainCryptoDefFormat(&buf, src->data.crypto, flags);
+ break;

case VIR_DOMAIN_DEVICE_NONE:
case VIR_DOMAIN_DEVICE_SMARTCARD:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 964bc02..3dd809a 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -159,6 +159,9 @@ typedef virDomainIOMMUDef *virDomainIOMMUDefPtr;
typedef struct _virDomainVirtioOptions virDomainVirtioOptions;
typedef virDomainVirtioOptions *virDomainVirtioOptionsPtr;

+typedef struct _virDomainCryptoDef virDomainCryptoDef;
+typedef virDomainCryptoDef *virDomainCryptoDefPtr;
+
/* Flags for the 'type' field in virDomainDeviceDef */
typedef enum {
VIR_DOMAIN_DEVICE_NONE = 0,
@@ -185,6 +188,7 @@ typedef enum {
VIR_DOMAIN_DEVICE_PANIC,
VIR_DOMAIN_DEVICE_MEMORY,
VIR_DOMAIN_DEVICE_IOMMU,
+ VIR_DOMAIN_DEVICE_CRYPTO,

VIR_DOMAIN_DEVICE_LAST
} virDomainDeviceType;
@@ -217,6 +221,7 @@ struct _virDomainDeviceDef {
virDomainPanicDefPtr panic;
virDomainMemoryDefPtr memory;
virDomainIOMMUDefPtr iommu;
+ virDomainCryptoDefPtr crypto;
} data;
};

@@ -2043,6 +2048,26 @@ struct _virDomainRNGDef {
};

typedef enum {
+ VIR_DOMAIN_CRYPTO_MODEL_VIRTIO,
+
+ VIR_DOMAIN_CRYPTO_MODEL_LAST
+} virDomainCryptoModel;
+
+typedef enum {
+ VIR_DOMAIN_CRYPTO_BACKEND_BUILTIN,
+
+ VIR_DOMAIN_CRYPTO_BACKEND_LAST
+} virDomainCryptoBackend;
+
+struct _virDomainCryptoDef {
+ int model;
+ int backend;
+ unsigned int queues; /* Multiqueue virtio-crypto */
+
+ virDomainDeviceInfo info;
+};
+
+typedef enum {
VIR_DOMAIN_MEMORY_MODEL_NONE,
VIR_DOMAIN_MEMORY_MODEL_DIMM, /* dimm hotpluggable memory device */
VIR_DOMAIN_MEMORY_MODEL_NVDIMM, /* nvdimm memory device */
@@ -2380,6 +2405,9 @@ struct _virDomainDef {
size_t npanics;
virDomainPanicDefPtr *panics;

+ size_t ncryptos;
+ virDomainCryptoDefPtr *cryptos;
+
/* Only 1 */
virDomainWatchdogDefPtr watchdog;
virDomainMemballoonDefPtr memballoon;
@@ -2908,6 +2936,8 @@ int virDomainDefCompatibleDevice(virDomainDefPtr def,

void virDomainRNGDefFree(virDomainRNGDefPtr def);

+void virDomainCryptoDefFree(virDomainCryptoDefPtr def);
+
int virDomainDiskIndexByAddress(virDomainDefPtr def,
virPCIDeviceAddressPtr pci_controller,
unsigned int bus, unsigned int target,
@@ -3236,6 +3266,8 @@ VIR_ENUM_DECL(virDomainShutdownReason)
VIR_ENUM_DECL(virDomainShutoffReason)
VIR_ENUM_DECL(virDomainCrashedReason)
VIR_ENUM_DECL(virDomainPMSuspendedReason)
+VIR_ENUM_DECL(virDomainCryptoModel)
+VIR_ENUM_DECL(virDomainCryptoBackend)

const char *virDomainStateReasonToString(virDomainState state, int reason);
int virDomainStateReasonFromString(virDomainState state, const char *reason);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 888412a..8d6bcb6 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -237,6 +237,11 @@ virDomainControllerRemove;
virDomainControllerTypeToString;
virDomainCpuPlacementModeTypeFromString;
virDomainCpuPlacementModeTypeToString;
+virDomainCryptoBackendTypeFromString;
+virDomainCryptoBackendTypeToString;
+virDomainCryptoDefFree;
+virDomainCryptoModelTypeFromString;
+virDomainCryptoModelTypeToString;
virDomainDefAddController;
virDomainDefAddImplicitDevices;
virDomainDefAddUSBController;
diff --git a/src/qemu/qemu_domain_address.c b/src/qemu/qemu_domain_address.c
index b5b863f..5209fbe 100644
--- a/src/qemu/qemu_domain_address.c
+++ b/src/qemu/qemu_domain_address.c
@@ -796,6 +796,7 @@ qemuDomainDeviceCalculatePCIConnectFlags(virDomainDeviceDefPtr dev,
case VIR_DOMAIN_DEVICE_LEASE:
case VIR_DOMAIN_DEVICE_GRAPHICS:
case VIR_DOMAIN_DEVICE_IOMMU:
+ case VIR_DOMAIN_DEVICE_CRYPTO:
case VIR_DOMAIN_DEVICE_LAST:
case VIR_DOMAIN_DEVICE_NONE:
return 0;
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index cdb727b..1c2342c 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -7526,6 +7526,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
case VIR_DOMAIN_DEVICE_TPM:
case VIR_DOMAIN_DEVICE_PANIC:
case VIR_DOMAIN_DEVICE_IOMMU:
+ case VIR_DOMAIN_DEVICE_CRYPTO:
case VIR_DOMAIN_DEVICE_LAST:
virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
_("live attach of device '%s' is not supported"),
@@ -7619,6 +7620,7 @@ qemuDomainDetachDeviceLive(virDomainObjPtr vm,
case VIR_DOMAIN_DEVICE_TPM:
case VIR_DOMAIN_DEVICE_PANIC:
case VIR_DOMAIN_DEVICE_IOMMU:
+ case VIR_DOMAIN_DEVICE_CRYPTO:
case VIR_DOMAIN_DEVICE_LAST:
virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
_("live detach of device '%s' is not supported"),
@@ -7735,6 +7737,7 @@ qemuDomainUpdateDeviceLive(virConnectPtr conn,
case VIR_DOMAIN_DEVICE_TPM:
case VIR_DOMAIN_DEVICE_PANIC:
case VIR_DOMAIN_DEVICE_IOMMU:
+ case VIR_DOMAIN_DEVICE_CRYPTO:
case VIR_DOMAIN_DEVICE_LAST:
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("live update of device '%s' is not supported"),
@@ -7910,6 +7913,7 @@ qemuDomainAttachDeviceConfig(virDomainDefPtr vmdef,
case VIR_DOMAIN_DEVICE_TPM:
case VIR_DOMAIN_DEVICE_PANIC:
case VIR_DOMAIN_DEVICE_IOMMU:
+ case VIR_DOMAIN_DEVICE_CRYPTO:
case VIR_DOMAIN_DEVICE_LAST:
virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
_("persistent attach of device '%s' is not supported"),
@@ -8076,6 +8080,7 @@ qemuDomainDetachDeviceConfig(virDomainDefPtr vmdef,
case VIR_DOMAIN_DEVICE_TPM:
case VIR_DOMAIN_DEVICE_PANIC:
case VIR_DOMAIN_DEVICE_IOMMU:
+ case VIR_DOMAIN_DEVICE_CRYPTO:
case VIR_DOMAIN_DEVICE_LAST:
virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
_("persistent detach of device '%s' is not supported"),
@@ -8163,6 +8168,7 @@ qemuDomainUpdateDeviceConfig(virDomainDefPtr vmdef,
case VIR_DOMAIN_DEVICE_TPM:
case VIR_DOMAIN_DEVICE_PANIC:
case VIR_DOMAIN_DEVICE_IOMMU:
+ case VIR_DOMAIN_DEVICE_CRYPTO:
case VIR_DOMAIN_DEVICE_LAST:
virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
_("persistent update of device '%s' is not supported"),
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index b5b62df..c7db125 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -4325,6 +4325,7 @@ qemuDomainRemoveDevice(virQEMUDriverPtr driver,
case VIR_DOMAIN_DEVICE_TPM:
case VIR_DOMAIN_DEVICE_PANIC:
case VIR_DOMAIN_DEVICE_IOMMU:
+ case VIR_DOMAIN_DEVICE_CRYPTO:
case VIR_DOMAIN_DEVICE_LAST:
virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
_("don't know how to remove a %s device"),

Adds XML parsing and qemu commandline tests for the
virtio-crypto device support.

Signed-off-by: Longpeng(Mike) <***@huawei.com>
---
.../qemuxml2argv-virtio-crypto-builtin.xml | 26 ++++++++++++++++++
.../qemuxml2argv-virtio-crypto.args | 22 +++++++++++++++
.../qemuxml2xmlout-virtio-crypto-builtin.xml | 31 ++++++++++++++++++++++
tests/qemuxml2xmltest.c | 2 ++
4 files changed, 81 insertions(+)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args
create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml

diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml
new file mode 100644
index 0000000..f4e78fa
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto-builtin.xml
@@ -0,0 +1,26 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219100</memory>
+ <currentMemory unit='KiB'>219100</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0'/>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='virtio'/>
+ <crypto model='virtio'>
+ <backend type='builtin' queues='1'/>
+ </crypto>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args
new file mode 100644
index 0000000..430c061
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-virtio-crypto.args
@@ -0,0 +1,22 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/home/test \
+USER=test \
+LOGNAME=test \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-x86_64 \
+-name QEMUGuest1 \
+-S \
+-M pc \
+-m 214 \
+-smp 1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-nographic \
+-nodefaults \
+-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \
+-no-acpi \
+-boot c \
+-usb \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 \
+-object cryptodev-backend-builtin,id=objcrypto0,queues=1 \
+-device virtio-crypto-pci,cryptodev=objcrypto0,id=crypto0,bus=pci.0,addr=0x4
diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml
new file mode 100644
index 0000000..1f06aeb
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-virtio-crypto-builtin.xml
@@ -0,0 +1,31 @@
+<domain type='qemu'>
+ <name>QEMUGuest1</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>219100</memory>
+ <currentMemory unit='KiB'>219100</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='x86_64' machine='pc'>hvm</type>
+ <boot dev='hd'/>
+ </os>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/bin/qemu-system-x86_64</emulator>
+ <controller type='usb' index='0'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
+ </controller>
+ <controller type='pci' index='0' model='pci-root'/>
+ <input type='mouse' bus='ps2'/>
+ <input type='keyboard' bus='ps2'/>
+ <memballoon model='virtio'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+ </memballoon>
+ <crypto model='virtio'>
+ <backend type='builtin' queues='1'/>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+ </crypto>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 1307299..6975af3 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -1045,6 +1045,8 @@ mymain(void)
DO_TEST("smbios", NONE);
DO_TEST("smbios-multiple-type2", NONE);

+ DO_TEST("virtio-crypto-builtin", NONE);
+
DO_TEST("aarch64-aavmf-virtio-mmio",
QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_DTB,
QEMU_CAPS_DEVICE_VIRTIO_MMIO,

Ping...

Hi Mike,

Seems like this topic has gone quiet.. Is there a v5 in the works?

Matt