<div dir="ltr">Hi,<div><br></div><div>I have done TLS testing with this patch series and the tests passed fine with the secAlias fix in place.</div><div><br></div><div>(1) Applied all the v9 patches.</div><div>(2) make install. Reload and restart the libvirtd daemon.</div><div>(3) Make sure able to start guest with TLS enabled VxHS disk in the domain XML.</div><div>(4) Try to hot-plug another TLS disk. libvirtd crashes.</div><div><br></div><div><div>[root@audi libvirt] 2017-09-20 15:59:25# virsh attach-device myfc24 ../../hotplug_disk_1.xml</div><div>error: Disconnected from qemu:///system due to end of file</div><div>error: Failed to attach device from ../../hotplug_disk_1.xml</div><div>error: End of file while reading data: Input/output error</div><div><br></div><div>(5) Now add the secAlias patch</div><div><br></div><div>[amittal2@audi libvirt] 2017-09-20 16:08:37$ git apply ~/20Sep2017_1/0001-Avoid-a-possible-NULL-pointer-dereference-in-qemuDom.patch<br></div><div><br></div><div>[amittal2@audi libvirt] 2017-09-20 16:09:07$ git diff</div><div>diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c</div><div>index 7751a60..bd96272 100644</div><div>--- a/src/qemu/qemu_hotplug.c</div><div>+++ b/src/qemu/qemu_hotplug.c</div><div>@@ -1719,7 +1719,8 @@ qemuDomainGetTLSObjects(virQEMUCapsPtr qemuCaps,</div><div> }</div><div><br></div><div> if (qemuBuildTLSx509BackendProps(tlsCertdir, tlsListen, tlsVerify,</div><div>- *secAlias, qemuCaps, tlsProps) < 0)</div><div>+ secAlias ? *secAlias : NULL, qemuCaps,</div><div>+ tlsProps) < 0)</div><div> return -1;</div><div><br></div><div> if (!(*tlsAlias = qemuAliasTLSObjFromSrcAlias(srcAlias)))</div><div>[amittal2@audi libvirt] 2017-09-20 16:09:15$</div></div><div><br></div><div>(6) Run the new libvirtd</div><div><br></div><div><div>[root@audi libvirt] 2017-09-20 16:13:04# make install</div><div>...</div><div>[root@audi libvirt] 2017-09-20 16:14:05# systemctl daemon-reload<br></div><div>[root@audi libvirt] 2017-09-20 16:14:11# systemctl restart libvirtd.service</div><div>[root@audi libvirt] 2017-09-20 16:14:13#</div></div><div><br></div><div>(7) Attached and detached two TLS enabled VxHS disks several times. All were successful.</div><div><br></div><div><div>[root@audi libvirt] 2017-09-20 16:14:14# virsh attach-device myfc24 ../../hotplug_disk_1.xml<br></div><div>Device attached successfully</div><div><br></div><div>[root@audi libvirt] 2017-09-20 16:14:24# virsh attach-device myfc24 ../../hotplug_disk_2.xml</div><div>Device attached successfully</div></div><div><br></div><div><div>[root@audi libvirt] 2017-09-20 16:14:57# virsh detach-device myfc24 ../../hotplug_disk_1.xml</div><div>Device detached successfully</div><div><br></div><div>[root@audi libvirt] 2017-09-20 16:15:11# virsh detach-device myfc24 ../../hotplug_disk_2.xml</div><div>Device detached successfully</div><div><br></div><div>[root@audi libvirt] 2017-09-20 16:15:16# virsh attach-device myfc24 ../../hotplug_disk_2.xml</div><div>Device attached successfully</div><div><br></div><div>[root@audi libvirt] 2017-09-20 16:15:19# virsh attach-device myfc24 ../../hotplug_disk_1.xml</div><div>Device attached successfully</div><div><br></div><div>[root@audi libvirt] 2017-09-20 16:15:22# virsh attach-device myfc24 ../../hotplug_disk_1.xml</div><div>error: Failed to attach device from ../../hotplug_disk_1.xml</div><div>error: XML error: target 'vdb' duplicated for disk sources '/tmp/test_vxhs_disk_2' and '/tmp/test_vxhs_disk_2'</div><div><br></div><div>[root@audi libvirt] 2017-09-20 16:15:28# virsh detach-device myfc24 ../../hotplug_disk_2.xml</div><div>Device detached successfully</div><div><br></div><div>[root@audi libvirt] 2017-09-20 16:15:51# virsh detach-device myfc24 ../../hotplug_disk_1.xml</div><div>Device detached successfully</div><div><br></div><div>[root@audi libvirt] 2017-09-20 16:15:55#</div></div><div><br></div><div><div>[root@audi libvirt] 2017-09-20 16:28:23# cat ../../hotplug_disk_1.xml</div><div> <disk type='network' device='disk'></div><div> <driver name='qemu' type='raw' cache='none'/></div><div> <source protocol='vxhs' name='/tmp/test_vxhs_disk_2' tls='yes'></div><div> <host name='127.0.0.1' port='9999'/></div><div> </source></div><div> <target dev='vdb' bus='virtio'/></div><div> <serial>eb90327c-8302-4725-9e1b-4e85ed4dc252</serial></div><div> </disk></div><div><br></div><div>[root@audi libvirt] 2017-09-20 16:28:36# cat ../../hotplug_disk_2.xml</div><div> <disk type='network' device='disk'></div><div> <driver name='qemu' type='raw' cache='none'/></div><div> <source protocol='vxhs' name='/tmp/test_vxhs_disk_3' tls='yes'></div><div> <host name='127.0.0.1' port='9999'/></div><div> </source></div><div> <target dev='vda' bus='virtio'/></div><div> <serial>eb90327c-8302-4725-9e1b-4e85ed4dc253</serial></div><div> </disk></div></div><div><br></div><div>IMHO, the patches are good to go :)</div><div><br></div><div>Thanks,</div><div>Ashish</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 19, 2017 at 6:32 PM, John Ferlan <span dir="ltr"><<a href="mailto:jferlan@redhat.com" target="_blank">jferlan@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><span class="gmail-">From: Ashish Mittal <<a href="mailto:Ashish.Mittal@veritas.com">Ashish.Mittal@veritas.com</a>><br>
<br>
Alter qemu command line generation in order to possibly add TLS for<br>
a suitably configured domain.<br>
<br>
Sample TLS args generated by libvirt -<br>
<br>
-object tls-creds-x509,id=objvirtio-<wbr>disk0_tls0,dir=/etc/pki/qemu,\<br>
endpoint=client,verify-peer=<wbr>yes \<br>
-drive file.driver=vxhs,file.tls-<wbr>creds=objvirtio-disk0_tls0,\<br>
file.vdisk-id=eb90327c-8302-<wbr>4725-9e1b-4e85ed4dc251,\<br>
</span> file.server.type=tcp,file.<wbr>server.host=192.168.0.1,\<br>
file.server.port=9999,format=<wbr>raw,if=none,\<br>
<span class="gmail-"> id=drive-virtio-disk0,cache=<wbr>none \<br>
-device virtio-blk-pci,bus=pci.0,addr=<wbr>0x4,drive=drive-virtio-disk0,\<br>
id=virtio-disk0<br>
<br>
Update the qemuxml2argvtest with a couple of examples. One for a<br>
simple case and the other a bit more complex where multiple VxHS disks<br>
are added where at least one uses a VxHS that doesn't require TLS<br>
credentials and thus sets the domain disk source attribute "tls = 'no'".<br>
<br>
Update the hotplug to be able to handle processing the tlsAlias whether<br>
it's to add the TLS object when hotplugging a disk or to remove the TLS<br>
object when hot unplugging a disk. The hot plug/unplug code is largely<br>
generic, but the addition code does make the VXHS specific checks only<br>
because it needs to grab the correct config directory and generate the<br>
object as the command line would do.<br>
<br>
Signed-off-by: Ashish Mittal <<a href="mailto:Ashish.Mittal@veritas.com">Ashish.Mittal@veritas.com</a>><br>
Signed-off-by: John Ferlan <<a href="mailto:jferlan@redhat.com">jferlan@redhat.com</a>><br>
---<br>
src/qemu/qemu_block.c | 8 +++<br>
</span> src/qemu/qemu_command.c | 33 +++++++++<br>
src/qemu/qemu_hotplug.c | 79 ++++++++++++++++++++++<br>
...-disk-drive-network-<wbr>tlsx509-multidisk-vxhs.args | 43 ++++++++++++<br>
...v-disk-drive-network-<wbr>tlsx509-multidisk-vxhs.xml | 50 ++++++++++++++<br>
...muxml2argv-disk-drive-<wbr>network-tlsx509-vxhs.args | 30 ++++++++<br>
tests/qemuxml2argvtest.c | 7 ++<br>
7 files changed, 250 insertions(+)<br>
<span class="gmail-"> create mode 100644 tests/qemuxml2argvdata/<wbr>qemuxml2argv-disk-drive-<wbr>network-tlsx509-multidisk-<wbr>vxhs.args<br>
create mode 100644 tests/qemuxml2argvdata/<wbr>qemuxml2argv-disk-drive-<wbr>network-tlsx509-multidisk-<wbr>vxhs.xml<br>
create mode 100644 tests/qemuxml2argvdata/<wbr>qemuxml2argv-disk-drive-<wbr>network-tlsx509-vxhs.args<br>
<br>
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c<br>
</span>index 3437302dd..77ffc6c51 100644<br>
--- a/src/qemu/qemu_block.c<br>
+++ b/src/qemu/qemu_block.c<br>
@@ -529,16 +529,24 @@ qemuBlockStorageSourceGetVxHSP<wbr>rops(virStorageSourcePtr src)<br>
<span class="gmail-"> return NULL;<br>
}<br>
<br>
+ if (src->haveTLS == VIR_TRISTATE_BOOL_YES && !src->tlsAlias) {<br>
+ virReportError(VIR_ERR_<wbr>INVALID_ARG, "%s",<br>
+ _("VxHS disk does not have TLS alias set"));<br>
+ return NULL;<br>
+ }<br>
+<br>
</span> if (!(server = qemuBlockStorageSourceBuildJSO<wbr>NSocketAddress(src->hosts, true)))<br>
<span class="gmail-"> return NULL;<br>
<br>
/* VxHS disk specification example:<br>
* { driver:"vxhs",<br>
+ * tls-creds:"objvirtio-disk0_<wbr>tls0",<br>
* vdisk-id:"eb90327c-8302-4725-<wbr>4e85ed4dc251",<br>
* server:{type:"tcp", host:"1.2.3.4", port:9999}}<br>
*/<br>
if (virJSONValueObjectCreate(&<wbr>ret,<br>
"s:driver", protocol,<br>
+ "S:tls-creds", src->tlsAlias,<br>
"s:vdisk-id", src->path,<br>
"a:server", server, NULL) < 0)<br>
virJSONValueFree(server);<br>
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c<br>
</span>index 9b3e3fc04..756bf3836 100644<br>
--- a/src/qemu/qemu_command.c<br>
+++ b/src/qemu/qemu_command.c<br>
@@ -794,6 +794,35 @@ qemuBuildTLSx509CommandLine(<wbr>virCommandPtr cmd,<br>
}<br>
<br>
<br>
+/* qemuBuildDiskSrcTLSx509Command<wbr>Line:<br>
+ *<br>
+ * Add TLS object if the disk src uses a secure communication channel<br>
<span class="gmail-">+ *<br>
+ * Returns 0 on success, -1 w/ error on some sort of failure.<br>
+ */<br>
+static int<br>
</span>+<wbr>qemuBuildDiskSrcTLSx509Command<wbr>Line(virCommandPtr cmd,<br>
+ virStorageSourcePtr src,<br>
+ const char *srcalias,<br>
<span class="gmail-">+ virQEMUCapsPtr qemuCaps)<br>
+{<br>
+<br>
</span><span class="gmail-">+<br>
+ /* other protocols may be added later */<br>
+ if (src->protocol == VIR_STORAGE_NET_PROTOCOL_VXHS &&<br>
</span>+ src->haveTLS == VIR_TRISTATE_BOOL_YES) {<br>
+ if (!(src->tlsAlias = qemuAliasTLSObjFromSrcAlias(<wbr>srcalias)))<br>
+ return -1;<br>
+<br>
+ return qemuBuildTLSx509CommandLine(<wbr>cmd, src->tlsCertdir,<br>
+ src->tlsListen, src->tlsVerify,<br>
+ false, srcalias, qemuCaps);<br>
<span class="gmail-">+ }<br>
+<br>
+ return 0;<br>
+}<br>
+<br>
+<br>
static char *<br>
qemuBuildNetworkDriveURI(<wbr>virStorageSourcePtr src,<br>
qemuDomainSecretInfoPtr secinfo)<br>
</span>@@ -2221,6 +2250,10 @@ qemuBuildDiskDriveCommandLine(<wbr>virCommandPtr cmd,<br>
<span class="gmail-"> if (<wbr>qemuBuildDiskSecinfoCommandLin<wbr>e(cmd, encinfo) < 0)<br>
return -1;<br>
<br>
</span>+ if (<wbr>qemuBuildDiskSrcTLSx509Command<wbr>Line(cmd, disk->src, disk->info.alias,<br>
+ qemuCaps) < 0)<br>
<span class="gmail-">+ return -1;<br>
+<br>
virCommandAddArg(cmd, "-drive");<br>
<br>
if (!(optstr = qemuBuildDriveStr(disk, cfg, driveBoot, qemuCaps)))<br>
</span>diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c<br>
index 7dd6e5fd9..7751a608d 100644<br>
--- a/src/qemu/qemu_hotplug.c<br>
+++ b/src/qemu/qemu_hotplug.c<br>
@@ -156,6 +156,52 @@ qemuDomainPrepareDisk(<wbr>virQEMUDriverPtr driver,<br>
<br>
<br>
static int<br>
+<wbr>qemuDomainAddDiskSrcTLSObject(<wbr>virQEMUDriverPtr driver,<br>
+ virDomainObjPtr vm,<br>
+ virStorageSourcePtr src,<br>
+ const char *srcalias)<br>
<span class="gmail-">+{<br>
+ int ret = -1;<br>
</span>+ qemuDomainObjPrivatePtr priv = vm->privateData;<br>
+ virJSONValuePtr tlsProps = NULL;<br>
+<br>
+ /* NB: Initial implementation doesn't require/use a secret to decrypt<br>
<span class="gmail-">+ * a server certificate, so there's no need to manage a tlsSecAlias<br>
+ * and tlsSecProps. See qemuDomainAddChardevTLSObjects for the<br>
+ * methodology required to add a secret object. */<br>
+<br>
</span>+ /* Create the TLS object using the source tls* settings */<br>
+ if (qemuDomainGetTLSObjects(priv-<wbr>>qemuCaps, NULL,<br>
+ src->tlsCertdir,<br>
+ src->tlsListen,<br>
+ src->tlsVerify,<br>
+ srcalias, &tlsProps, &src->tlsAlias,<br>
<span class="gmail-">+ NULL, NULL) < 0)<br>
+ goto cleanup;<br>
+<br>
+ if (qemuDomainAddTLSObjects(<wbr>driver, vm, QEMU_ASYNC_JOB_NONE,<br>
</span>+ NULL, NULL, src->tlsAlias, &tlsProps) < 0)<br>
<span class="gmail-">+ goto cleanup;<br>
+<br>
+ ret = 0;<br>
+<br>
+ cleanup:<br>
+ virJSONValueFree(tlsProps);<br>
+<br>
</span><span class="gmail-">+ return ret;<br>
+}<br>
+<br>
+<br>
</span>+static void<br>
+<wbr>qemuDomainDelDiskSrcTLSObject(<wbr>virQEMUDriverPtr driver,<br>
+ virDomainObjPtr vm,<br>
+ virStorageSourcePtr src)<br>
+{<br>
+ qemuDomainDelTLSObjects(<wbr>driver, vm, QEMU_ASYNC_JOB_NONE, NULL, src->tlsAlias);<br>
<span class="gmail-">+}<br>
+<br>
+<br>
+static int<br>
qemuHotplugWaitForTrayEject(<wbr>virQEMUDriverPtr driver,<br>
virDomainObjPtr vm,<br>
virDomainDiskDefPtr disk,<br>
</span>@@ -376,6 +422,14 @@ qemuDomainAttachVirtioDiskDevi<wbr>ce(virConnectPtr conn,<br>
<span class="gmail-"> if (encinfo && qemuBuildSecretInfoProps(<wbr>encinfo, &encobjProps) < 0)<br>
goto error;<br>
<br>
</span>+ if (<wbr>qemuDomainPrepareDiskSourceTLS<wbr>(disk->src, disk->info.alias, cfg) < 0)<br>
+ goto error;<br>
+<br>
+ if (disk->src->haveTLS &&<br>
+ qemuDomainAddDiskSrcTLSObject(<wbr>driver, vm, disk->src,<br>
+ disk->info.alias) < 0)<br>
<span class="gmail-">+ goto error;<br>
+<br>
if (!(drivestr = qemuBuildDriveStr(disk, cfg, false, priv->qemuCaps)))<br>
goto error;<br>
<br>
</span><span class="gmail-">@@ -453,6 +507,8 @@ qemuDomainAttachVirtioDiskDevi<wbr>ce(virConnectPtr conn,<br>
virDomainAuditDisk(vm, NULL, disk->src, "attach", false);<br>
<br>
error:<br>
</span>+ qemuDomainDelDiskSrcTLSObject(<wbr>driver, vm, disk->src);<br>
<span class="gmail-">+<br>
if (releaseaddr)<br>
qemuDomainReleaseDeviceAddress<wbr>(vm, &disk->info, src);<br>
<br>
</span>@@ -667,6 +723,14 @@ qemuDomainAttachSCSIDisk(<wbr>virConnectPtr conn,<br>
<span class="gmail-"> if (!(devstr = qemuBuildDriveDevStr(vm->def, disk, 0, priv->qemuCaps)))<br>
goto error;<br>
<br>
</span>+ if (<wbr>qemuDomainPrepareDiskSourceTLS<wbr>(disk->src, disk->info.alias, cfg) < 0)<br>
+ goto error;<br>
+<br>
+ if (disk->src->haveTLS &&<br>
+ qemuDomainAddDiskSrcTLSObject(<wbr>driver, vm, disk->src,<br>
+ disk->info.alias) < 0)<br>
<span class="gmail-">+ goto error;<br>
+<br>
if (!(drivestr = qemuBuildDriveStr(disk, cfg, false, priv->qemuCaps)))<br>
goto error;<br>
<br>
</span>@@ -737,6 +801,8 @@ qemuDomainAttachSCSIDisk(<wbr>virConnectPtr conn,<br>
<span class="gmail-"> virDomainAuditDisk(vm, NULL, disk->src, "attach", false);<br>
<br>
error:<br>
</span>+ qemuDomainDelDiskSrcTLSObject(<wbr>driver, vm, disk->src);<br>
<span class="gmail-">+<br>
ignore_value(<wbr>qemuDomainPrepareDisk(driver, vm, disk, NULL, true));<br>
goto cleanup;<br>
}<br>
</span>@@ -777,6 +843,14 @@ qemuDomainAttachUSBMassStorage<wbr>Device(virQEMUDriverPtr driver,<br>
<span class="gmail-"> if (qemuAssignDeviceDiskAlias(vm-<wbr>>def, disk, priv->qemuCaps) < 0)<br>
goto error;<br>
<br>
</span>+ if (<wbr>qemuDomainPrepareDiskSourceTLS<wbr>(disk->src, disk->info.alias, cfg) < 0)<br>
+ goto error;<br>
+<br>
+ if (disk->src->haveTLS &&<br>
+ qemuDomainAddDiskSrcTLSObject(<wbr>driver, vm, disk->src,<br>
+ disk->info.alias) < 0)<br>
<span class="gmail-">+ goto error;<br>
+<br>
if (!(drivestr = qemuBuildDriveStr(disk, cfg, false, priv->qemuCaps)))<br>
goto error;<br>
<br>
</span>@@ -827,6 +901,8 @@ qemuDomainAttachUSBMassStorage<wbr>Device(virQEMUDriverPtr driver,<br>
<span class="gmail-"> virDomainAuditDisk(vm, NULL, disk->src, "attach", false);<br>
<br>
error:<br>
</span>+ qemuDomainDelDiskSrcTLSObject(<wbr>driver, vm, disk->src);<br>
<span class="gmail-">+<br>
ignore_value(<wbr>qemuDomainPrepareDisk(driver, vm, disk, NULL, true));<br>
goto cleanup;<br>
}<br>
</span>@@ -3677,6 +3753,9 @@ qemuDomainRemoveDiskDevice(<wbr>virQEMUDriverPtr driver,<br>
ignore_value(<wbr>qemuMonitorDelObject(priv-><wbr>mon, encAlias));<br>
VIR_FREE(encAlias);<br>
<br>
+ if (disk->src->haveTLS)<br>
<span class="gmail-">+ ignore_value(<wbr>qemuMonitorDelObject(priv-><wbr>mon, disk->src->tlsAlias));<br>
+<br>
if (qemuDomainObjExitMonitor(<wbr>driver, vm) < 0)<br>
return -1;<br>
<br>
diff --git a/tests/qemuxml2argvdata/<wbr>qemuxml2argv-disk-drive-<wbr>network-tlsx509-multidisk-<wbr>vxhs.args b/tests/qemuxml2argvdata/<wbr>qemuxml2argv-disk-drive-<wbr>network-tlsx509-multidisk-<wbr>vxhs.args<br>
new file mode 100644<br>
</span>index 000000000..572c9f36c<br>
<div><div class="gmail-h5">--- /dev/null<br>
+++ b/tests/qemuxml2argvdata/<wbr>qemuxml2argv-disk-drive-<wbr>network-tlsx509-multidisk-<wbr>vxhs.args<br>
@@ -0,0 +1,43 @@<br>
+LC_ALL=C \<br>
+PATH=/bin \<br>
+HOME=/home/test \<br>
+USER=test \<br>
+LOGNAME=test \<br>
+QEMU_AUDIO_DRV=none \<br>
+/usr/bin/qemu-system-x86_64 \<br>
+-name QEMUGuest1 \<br>
+-S \<br>
+-M pc \<br>
+-cpu qemu32 \<br>
+-m 214 \<br>
+-smp 1,sockets=1,cores=1,threads=1 \<br>
+-uuid c7a5fdbd-edaf-9455-926a-<wbr>d65c16db1809 \<br>
+-nographic \<br>
+-nodefaults \<br>
+-chardev socket,id=charmonitor,path=/<wbr>tmp/lib/domain--1-QEMUGuest1/<wbr>monitor.sock,\<br>
+server,nowait \<br>
+-mon chardev=charmonitor,id=<wbr>monitor,mode=readline \<br>
+-no-acpi \<br>
+-boot c \<br>
+-usb \<br>
+-object tls-creds-x509,id=objvirtio-<wbr>disk0_tls0,dir=/etc/pki/qemu,\<br>
+endpoint=client,verify-peer=<wbr>yes \<br>
+-drive file.driver=vxhs,file.tls-<wbr>creds=objvirtio-disk0_tls0,\<br>
</div></div>+file.vdisk-id=eb90327c-8302-<wbr>4725-9e1b-4e85ed4dc251,file.<wbr>server.type=tcp,\<br>
+file.server.host=192.168.0.1,<wbr>file.server.port=9999,format=<wbr>raw,if=none,\<br>
<span class="gmail-">+id=drive-virtio-disk0,cache=<wbr>none \<br>
+-device virtio-blk-pci,bus=pci.0,addr=<wbr>0x4,drive=drive-virtio-disk0,\<br>
+id=virtio-disk0 \<br>
+-object tls-creds-x509,id=objvirtio-<wbr>disk1_tls0,dir=/etc/pki/qemu,\<br>
+endpoint=client,verify-peer=<wbr>yes \<br>
+-drive file.driver=vxhs,file.tls-<wbr>creds=objvirtio-disk1_tls0,\<br>
</span>+file.vdisk-id=eb90327c-8302-<wbr>4725-9e1b-4e85ed4dc252,file.<wbr>server.type=tcp,\<br>
+file.server.host=192.168.0.2,<wbr>file.server.port=9999,format=<wbr>raw,if=none,\<br>
<span class="gmail-">+id=drive-virtio-disk1,cache=<wbr>none \<br>
+-device virtio-blk-pci,bus=pci.0,addr=<wbr>0x5,drive=drive-virtio-disk1,\<br>
+id=virtio-disk1 \<br>
+-drive file.driver=vxhs,file.vdisk-<wbr>id=eb90327c-8302-4725-9e1b-<wbr>4e85ed4dc253,\<br>
</span>+file.server.type=tcp,file.<wbr>server.host=192.168.0.3,file.<wbr>server.port=9999,\<br>
<span class="gmail-">+format=raw,if=none,id=drive-<wbr>virtio-disk2,cache=none \<br>
+-device virtio-blk-pci,bus=pci.0,addr=<wbr>0x6,drive=drive-virtio-disk2,\<br>
+id=virtio-disk2<br>
diff --git a/tests/qemuxml2argvdata/<wbr>qemuxml2argv-disk-drive-<wbr>network-tlsx509-multidisk-<wbr>vxhs.xml b/tests/qemuxml2argvdata/<wbr>qemuxml2argv-disk-drive-<wbr>network-tlsx509-multidisk-<wbr>vxhs.xml<br>
new file mode 100644<br>
</span>index 000000000..a66e81f06<br>
<div><div class="gmail-h5">--- /dev/null<br>
+++ b/tests/qemuxml2argvdata/<wbr>qemuxml2argv-disk-drive-<wbr>network-tlsx509-multidisk-<wbr>vxhs.xml<br>
@@ -0,0 +1,50 @@<br>
+<domain type='qemu'><br>
+ <name>QEMUGuest1</name><br>
+ <uuid>c7a5fdbd-edaf-9455-926a-<wbr>d65c16db1809</uuid><br>
+ <memory unit='KiB'>219136</memory><br>
+ <currentMemory unit='KiB'>219136</<wbr>currentMemory><br>
+ <vcpu placement='static'>1</vcpu><br>
+ <os><br>
+ <type arch='i686' machine='pc'>hvm</type><br>
+ <boot dev='hd'/><br>
+ </os><br>
+ <clock offset='utc'/><br>
+ <on_poweroff>destroy</on_<wbr>poweroff><br>
+ <on_reboot>restart</on_reboot><br>
+ <on_crash>destroy</on_crash><br>
+ <devices><br>
+ <emulator>/usr/bin/qemu-<wbr>system-x86_64</emulator><br>
+ <disk type='network' device='disk'><br>
+ <driver name='qemu' type='raw' cache='none'/><br>
+ <source protocol='vxhs' name='eb90327c-8302-4725-9e1b-<wbr>4e85ed4dc251'><br>
+ <host name='192.168.0.1' port='9999'/><br>
+ </source><br>
+ <target dev='vda' bus='virtio'/><br>
+ <serial>eb90327c-8302-4725-<wbr>9e1b-4e85ed4dc251</serial><br>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/><br>
+ </disk><br>
+ <disk type='network' device='disk'><br>
+ <driver name='qemu' type='raw' cache='none'/><br>
+ <source protocol='vxhs' name='eb90327c-8302-4725-9e1b-<wbr>4e85ed4dc252'><br>
+ <host name='192.168.0.2' port='9999'/><br>
+ </source><br>
+ <target dev='vdb' bus='virtio'/><br>
+ <serial>eb90327c-8302-4725-<wbr>9e1b-4e85ed4dc252</serial><br>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/><br>
+ </disk><br>
+ <disk type='network' device='disk'><br>
+ <driver name='qemu' type='raw' cache='none'/><br>
+ <source protocol='vxhs' name='eb90327c-8302-4725-9e1b-<wbr>4e85ed4dc253' tls='no'><br>
+ <host name='192.168.0.3' port='9999'/><br>
+ </source><br>
+ <target dev='vdc' bus='virtio'/><br>
+ <serial>eb90327c-8302-4725-<wbr>9e1b-4e85ed4dc252</serial><br>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/><br>
+ </disk><br>
+ <controller type='usb' index='0'/><br>
+ <controller type='pci' index='0' model='pci-root'/><br>
+ <input type='mouse' bus='ps2'/><br>
+ <input type='keyboard' bus='ps2'/><br>
+ <memballoon model='none'/><br>
+ </devices><br>
+</domain><br>
diff --git a/tests/qemuxml2argvdata/<wbr>qemuxml2argv-disk-drive-<wbr>network-tlsx509-vxhs.args b/tests/qemuxml2argvdata/<wbr>qemuxml2argv-disk-drive-<wbr>network-tlsx509-vxhs.args<br>
new file mode 100644<br>
</div></div>index 000000000..aaf88635b<br>
<div><div class="gmail-h5">--- /dev/null<br>
+++ b/tests/qemuxml2argvdata/<wbr>qemuxml2argv-disk-drive-<wbr>network-tlsx509-vxhs.args<br>
@@ -0,0 +1,30 @@<br>
+LC_ALL=C \<br>
+PATH=/bin \<br>
+HOME=/home/test \<br>
+USER=test \<br>
+LOGNAME=test \<br>
+QEMU_AUDIO_DRV=none \<br>
+/usr/bin/qemu-system-x86_64 \<br>
+-name QEMUGuest1 \<br>
+-S \<br>
+-M pc \<br>
+-cpu qemu32 \<br>
+-m 214 \<br>
+-smp 1,sockets=1,cores=1,threads=1 \<br>
+-uuid c7a5fdbd-edaf-9455-926a-<wbr>d65c16db1809 \<br>
+-nographic \<br>
+-nodefaults \<br>
+-chardev socket,id=charmonitor,path=/<wbr>tmp/lib/domain--1-QEMUGuest1/<wbr>monitor.sock,\<br>
+server,nowait \<br>
+-mon chardev=charmonitor,id=<wbr>monitor,mode=readline \<br>
+-no-acpi \<br>
+-boot c \<br>
+-usb \<br>
+-object tls-creds-x509,id=objvirtio-<wbr>disk0_tls0,dir=/etc/pki/qemu,\<br>
+endpoint=client,verify-peer=<wbr>yes \<br>
+-drive file.driver=vxhs,file.tls-<wbr>creds=objvirtio-disk0_tls0,\<br>
</div></div>+file.vdisk-id=eb90327c-8302-<wbr>4725-9e1b-4e85ed4dc251,file.<wbr>server.type=tcp,\<br>
+file.server.host=192.168.0.1,<wbr>file.server.port=9999,format=<wbr>raw,if=none,\<br>
<span class="gmail-">+id=drive-virtio-disk0,cache=<wbr>none \<br>
+-device virtio-blk-pci,bus=pci.0,addr=<wbr>0x4,drive=drive-virtio-disk0,\<br>
+id=virtio-disk0<br>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c<br>
</span>index bf43beb10..21f057460 100644<br>
--- a/tests/qemuxml2argvtest.c<br>
+++ b/tests/qemuxml2argvtest.c<br>
@@ -934,6 +934,13 @@ mymain(void)<br>
<span class="gmail-"> DO_TEST("disk-drive-network-<wbr>rbd-ipv6", NONE);<br>
DO_TEST_FAILURE("disk-drive-<wbr>network-rbd-no-colon", NONE);<br>
DO_TEST("disk-drive-network-<wbr>vxhs", QEMU_CAPS_VXHS);<br>
+ driver.config->vxhsTLS = 1;<br>
+ DO_TEST("disk-drive-network-<wbr>tlsx509-vxhs", QEMU_CAPS_VXHS,<br>
+ QEMU_CAPS_OBJECT_TLS_CREDS_<wbr>X509);<br>
+ DO_TEST("disk-drive-network-<wbr>tlsx509-multidisk-vxhs", QEMU_CAPS_VXHS,<br>
+ QEMU_CAPS_OBJECT_TLS_CREDS_<wbr>X509);<br>
+ driver.config->vxhsTLS = 0;<br>
+ VIR_FREE(driver.config-><wbr>vxhsTLSx509certdir);<br>
DO_TEST("disk-drive-no-boot",<br>
QEMU_CAPS_BOOTINDEX);<br>
DO_TEST_PARSE_ERROR("disk-<wbr>device-lun-type-invalid",<br>
--<br>
</span>2.13.5<br>
<br>
</blockquote></div><br></div></div>