Make the synchronous calls evident by not hiding the call to
migration_channel_connect_outgoing() in the transport code. Have those
functions return and call the function at the upper level.
This helps with navigation: the transport code returns the ioc,
there's no need to look into them when browsing the code.
It also allows RDMA in the source side to use the same path as the
rest of the transports.
While here, document the async calls which are the exception.
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org>
Link: https://lore.kernel.org/qemu-devel/20260123141656.6765-26-farosas@suse.de
Signed-off-by: Fabiano Rosas <farosas@suse.de>
After cleanups, the qmp_migrate_finish function is now just a call to
migration_connect_outgoing(). Remove qmp_migrate_finish() and rename
the qmp_migrate_finish_cb callback.
This also allows the function's error handling to be removed as it now
receives &local_err like the rest of the callees of qmp_migrate().
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org>
Link: https://lore.kernel.org/qemu-devel/20260123141656.6765-25-farosas@suse.de
Signed-off-by: Fabiano Rosas <farosas@suse.de>
When setting a callback on a Glib source and giving it a data pointer,
it's natural to also provide the destructor for the data in question.
Since migrate_hup_add() already needs to clone the MigrationAddress
when setting the qmp_migrate_finish_cb callback, also pass the
qapi_free_MigrationAddress as the GDestroyNotify callback.
With this the address doesn't need to be freed at the callback body,
making the management of that memory slightly simpler.
Cc: Mark Kanda <mark.kanda@oracle.com>
Cc: Ben Chaney <bchaney@akamai.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org>
Link: https://lore.kernel.org/qemu-devel/20260123141656.6765-23-farosas@suse.de
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Encapsulate the MigrationChannelList parsing in a new
migrate_channels_parse() located at channel.c.
This also makes the memory management of the MigrationAddress more
uniform. Previously, half the parsing code (uri parsing) would
allocate memory for the address while the other half (channel parsing)
would instead pass the original QAPI object along. After this patch,
the MigrationAddress is always QAPI_CLONEd, so the callers can use
g_autoptr(MigrationAddress) in all cases.
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org>
Link: https://lore.kernel.org/qemu-devel/20260123141656.6765-21-farosas@suse.de
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Move the code responsible for the various channels connection into
channel.c. This is all executed before the migration_thread and
process_incoming_migration_co are running, so it helps the reasoning
to have them out of migration.c.
migration_ioc_process_incoming becomes migration_channel_identify
which is more in line with what the function does.
Reviewed-by: Peter Xu <peterx@redhat.com>
Link: https://lore.kernel.org/qemu-devel/20260123141656.6765-19-farosas@suse.de
Signed-off-by: Fabiano Rosas <farosas@suse.de>
To make it easier to follow the code, rename the functions that start
the migration thread and migration coroutine to contain the word
"start".
This will give new contributors the chance of seeing the word start
and reaching the actual migration code, instead of twists and turns of
qio_channel_add_watch and qio_task_run_in_thread.
Remove all other instances of "start" and use wording more suitable to
what the current migration stage is. The transport code such as
fd_start_migration_outgoing becomes fd_connect_outgoing, the early
setup code such as qemu_start_incoming_migration becomes
qemu_setup_incoming_migration and so on.
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org>
Link: https://lore.kernel.org/qemu-devel/20260123141656.6765-18-farosas@suse.de
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Use the common connection paths for the incoming and outgoing sides of
rdma migration. This removes one usage of QEMUFile from rdma.c. It
also allows further unification of the connection code in next
patches.
Move the channels enum to channel.h so rdma.c can access it. The RDMA
channel is considered a CH_MAIN channel.
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org>
Link: https://lore.kernel.org/qemu-devel/20260123141656.6765-15-farosas@suse.de
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Centralize, on both sides of migration, the setting of the to_src_file
and from_dst_file QEMUFiles. This will clean up the interface with
channel.c and rdma.c, allowing those files to stop dealing with
QEMUFile themselves.
(multifd_recv_new_channel was changed to return bool+errp for
convenience)
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org>
Link: https://lore.kernel.org/qemu-devel/20260123141656.6765-14-farosas@suse.de
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Simplify migration_channel_connect() and migration_connect() to not
take an error as input. Move the error handling into the paths that
generate the error.
To achieve this, call migration_connect_error_propagate() from
socket.c and tls.c, which are the async paths.
For the sync paths, the handling is done as normal by returning all
the way to qmp_migrate_finish(), except that now the sync paths don't
pass the error forward into migration_connect() anymore.
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org>
Link: https://lore.kernel.org/qemu-devel/20260123141656.6765-13-farosas@suse.de
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Whenever an error occurs between migrate_init() and the start of
migration_thread, do cleanup immediately.
This allows the special casing for resume to be removed from
migration_connect(), that check is now done at
migration_connect_error_propagate() which already had a case for
resume.
The cleanup at qmp_migrate_finish_cb can also be removed because it
will always be reached either via the error path at
qmp_migrate_finish->migration_connect_error_propagate or via the
migrate_cleanup_bh.
The yank_unregister_instance at qmp_migrate() is now replaced by the
one at migration_cleanup().
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org>
Link: https://lore.kernel.org/qemu-devel/20260123141656.6765-12-farosas@suse.de
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Move the register_instance call to migrate_prepare() so it can be
paired with the unregister_instance at migration_cleanup(). Otherwise,
the cleanup cannot be run when cpr_state_save() fails because the
instance is registered only after it.
When resuming from a paused postcopy migration, migrate_prepare()
returns early, but migration_cleanup() doesn't run, so the yank will
remain paired.
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org>
Link: https://lore.kernel.org/qemu-devel/20260123141656.6765-11-farosas@suse.de
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Freeing the error at migration_connect() is redundant in the normal
migration case. The freeing already happened at migrate_init():
qmp_migrate()
-> migrate_prepare()
-> migrate_init()
-> qmp_migrate_finish()
-> *_start_outgoing_migration()
-> migration_channel_connect()
-> migration_connect()
For the resume case, migrate_prepare() returns early and doesn't reach
migrate_init(). Move the extra migrate_error_free() call to
migrate_prepare() along with the resume check.
Also change migrate_init() to use migrate_error_free(), so it's easier
to see where are the places the error gets freed.
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org>
Link: https://lore.kernel.org/qemu-devel/20260123141656.6765-8-farosas@suse.de
Signed-off-by: Fabiano Rosas <farosas@suse.de>
The TLS hostname is doing a tour around the world just to be cached
into s->hostname. We're already abusing MigrationState by doing that,
so incorporate the s->hostname into migration_tls_hostname() and stop
passing the string around.
The old route was roughly:
-transport code (socket.c, fd.c, etc):
if (SOCKET_ADDRESS_TYPE_INET)
hostname = saddr->u.inet.host
else
hostname = NULL
migration_channel_connect(..., hostname)
s->hostname = hostname;
migration_tls_client_create(..., hostname)
if (migrate_tls_hostname())
qio_channel_tls_new_client(migrate_tls_hostname())
else
qio_channel_tls_new_client(hostname)
-postcopy_preempt_setup:
postcopy_preempt_send_channel_new
migration_tls_client_create(..., s->hostname)
New route is:
-socket.c only:
if SOCKET_ADDRESS_TYPE_INET
s->hostname = saddr->u.inet.host
migration_channel_connect()
migration_tls_client_create()
qio_channel_tls_new_client(migrate_tls_hostname())
-postcopy_preempt_setup:
postcopy_preempt_send_channel_new
migration_tls_client_create()
qio_channel_tls_new_client(migrate_tls_hostname())
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Prasad Pandit <pjp@fedoraproject.org>
Link: https://lore.kernel.org/qemu-devel/20260123141656.6765-5-farosas@suse.de
Signed-off-by: Fabiano Rosas <farosas@suse.de>
The colo-compare option documentation has some formatting issues: it
uses a "@var{...}" syntax which is not used elsewhere and which is
rendered literally into the HTML documentation. The bare "@" sign
also results in an unintended 'mailto:' hyperlink.
Rewrite this into the style we seem to use most in the rest of
the command line options, where an option which takes an argument
is written as "my-option=<thing>".
We take the opportunity to make the documentation a little clearer
by splitting up the long paragraph and using preformatted-text
markup for the names of the suboptions.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Zhang Chen <zhangckid@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260115142629.665319-5-peter.maydell@linaro.org
A few entries in qemu-options.hx use the syntax "my-option=@var{name}"
(or @var{} with no name specified) when documenting an option that takes
an argument. This syntax isn't consistently used, and the documentation
generation has no support for it: it just appears literally in the
HTML output.
Switch these uses to the more common "my-option=<name>". This also
doesn't have any particular support in the documentation generation
and so appears literally in the output, but it is a little less odd
looking to the end-user.
The other common pattern we have is "my-option=name" with no marking
at all that the right hand side of the '=' is not literal text;
using <> seems preferable to me, as it makes it more distinct from
cases where the right hand side is documenting that only certain
values are permitted, as in "my-option=on|off". This patch doesn't
do anything about existing uses of this pattern (except in one case
which was so confused as to use "my-option=@var{}" in the --help
output and "my-option=" in the RST output, where we change both
for consistency), but prefers not to add more of them.
We don't change the uses of @var in the colo-compare documentation,
as that part deserves a slightly more wide-ranging overhaul that
is better in its own commit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Zhang Chen <zhangckid@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260115142629.665319-4-peter.maydell@linaro.org
In rST documents, an '@' character in normal text or a parsed-literal is
assumed to be an email address and will result in a 'mailto:' hyperlink in
the generated HTML. In several places we have mailto: hyperlinks that are
unintended nonsense; correct these by either escaping the @ character or
making the text use ``...`` preformatted rendering.
This commit covers only the simple cases which can be trivially fixed
with escaping or ``..``; the remaining cases will be handled in
separate commits.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Zhang Chen <zhangckid@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20260115142629.665319-3-peter.maydell@linaro.org
Make some minor improvements to the rendering of the docs for
the xlnx-zynq-a9 board:
* use a proper hyperlink rather than a bare URL for the
link to the reference manual
* drop the hex address of the SMC SRAM: the bare '@' is
rendered as bogus mailto: hyperlink, and the information
is not very interesting to the user anyway
* expand out the abbreviations in the list of Cortex-A9
per-CPU devices
* correct the bullet-point list markup so it doesn't render
with odd highlighted lines
* capitalize 'Arm' correctly
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Zhang Chen <zhangckid@gmail.com>
Message-id: 20260115142629.665319-2-peter.maydell@linaro.org
Memory API patches
- Use explicit endianness for cpu_ld/st_data*() on some targets
- Reduce 'qemu/bswap.h' uses
- Introduce ldm_p/stm_p (MemOp) load/store helpers
- Allow restricting the legacy 'native-endian' APIs
- Forbid various targets to use legacy native endianness APIs
- Simplify cpu_address_space_init() API
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmlyBsIACgkQ4+MsLN6t
# wN7sIxAAz/2e04lfoX9bbnQeI7SNEEpLwSrmwvLCCcmzSTDc32RSOJHzs6MOYHkm
# ubib6sRW5XFrW+lg0jLTPxKX7LMAgT2QkRw7Du9yQGFfPMhPHqMUqW8w6zYg6EQi
# IkOrvMLN91KR9rvk4Cy68dyE0ypD3224mhSHjza7Y30F9uVglyjCauXo/ifSbGIj
# pRE5VEMcrDEaXaNLZxbiBiGRYV+8fVoGAZikV80EadQnOxqM4frXpemHfncamuKf
# F6jIa9ggclQv9ebgBv06sCWd+KpF54oEtYiiRK1GC2SEFOrnca4Z/e2BXEmR/jTE
# xAkkpBcxLhB+4m9XauoPCPPRJUK3lHSCIVnYgrigzi2p/Xje7dkha+lZUPUHu5Hd
# MlUJ57qs8tPz0IS+wR3q7i6diLZq7YQoy2GS01A/5P/25etDM8TqZ66ft5rZwz4f
# +3USRA9bKOCy9yKef/o9Pfua3ApC8jm/Kjhufmb70n4N+TMaUYgbl0jeKfAnpLTT
# DJ/a1P85CmZojd5jWr0IiT2Nx9eva2Fx2MISJGWI4EfMHE/0JFIcwYHropJuEyGN
# G2X0wrRS2ypjq0hFXSd+vbVTlvuiYj3/lf4l9437iZOz+8Zi5Fp5kDIEtbjVibvf
# ShsDFuDIgMzMGyq2vmn8KWsR3baVMfEI53jaYI1qoXqzK4QGqnQ=
# =98VE
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 22 Jan 2026 10:15:14 PM AEDT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'memory-api-20260122' of https://github.com/philmd/qemu: (37 commits)
cpus: Allocate maximum number of ASes supported by the arch
target/arm: Add a _MAX sentinel to ARMASIdx enum
target/i386: Add a _MAX sentinel to X86ASIdx enum
target/arm: Initialize AS 0 first
dump: Build stubs once for non-x86 targets
dump: Abort in create_win_dump() on non-x86 guests
configs/targets: Forbid s390x to use legacy native endianness APIs
configs/targets: Forbid Renesas RX to use legacy native endianness API
configs/targets: Forbid TriCore to use legacy native endianness API
configs/targets: Forbid OpenRISC to use legacy native endianness APIs
configs/targets: Forbid LoongArch to use legacy native endianness APIs
configs/targets: Forbid HPPA to use legacy native endianness APIs
configs/targets: Forbid Hexagon to use legacy native endianness API
system: Allow restricting the legacy DEVICE_NATIVE_ENDIAN definition
system: Allow restricting the legacy MO_TE* 'native-endian' definitions
system: Allow restricting the legacy tswap() 'native-endian' API
system: Allow restricting the legacy translator_ld() 'native-endian' API
system: Allow restricting the legacy cpu_ld/st() 'native-endian' API
system: Allow restricting legacy address_space_ldst() native-endian API
system: Allow restricting the legacy ld/st_phys() 'native-endian' API
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Add a new test case 'test_redirector_rx_event_opened' to verify the
handling of the CHR_EVENT_OPENED event in filter-redirector.
The test simulates a scenario where the backend character device (socket)
is disconnected and then reconnected. It works by:
1. Connecting to the redirector's socket (triggers CHR_EVENT_OPENED).
2. Sending a packet to verify initial connectivity.
3. Disconnecting (triggers CHR_EVENT_CLOSED).
4. Reconnecting (triggers CHR_EVENT_OPENED again).
5. Sending another packet to verify that the redirector correctly
re-registers its handlers and resumes passing traffic.
This ensures that the filter-redirector can recover and function correctly
after a backend reconnection.
Reviewed-by: Zhang Chen <zhangckid@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
This patch adds a qtest to test the status change of
filter-redirector. Two subtests were added:
- test_redirector_status: tests dynamic on/off switching at runtime
using qom-set QMP command
- test_redirector_init_status_off: tests creating filter-redirector
with status=off from the start via command line
Both tests verify that:
1. When status is off, data from indev chardev is not received
2. When status is switched to on, data is received correctly
Reviewed-by: Zhang Chen <zhangckid@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Currently, filter-redirector does not implement the status_changed
callback, which means the 'status' property cannot be used to
dynamically enable/disable the filter at runtime. When status is
set to 'off' via QMP/HMP, the filter still receives data from the
indev chardev because the chardev handlers remain registered.
This patch adds proper support for the 'status' property:
1. Implement filter_redirector_status_changed() callback:
- When status changes to 'off': remove chardev read handlers
- When status changes to 'on': re-register chardev handlers
(only if chardev is already open)
2. Update filter_redirector_setup() to respect initial status:
- If filter is created with status=off, do not register handlers
- This allows creating disabled filters via command line or QMP
3. Handle chardev OPENED/CLOSED events to re-arm handlers on reconnect:
- Keep the chr_event callback installed on CLOSE so a later OPENED
can re-register the read handlers when nf->on
- Use qemu_chr_fe_set_handlers_full(..., set_open=false, sync_state=false)
instead of qemu_chr_fe_set_handlers() because the latter forces
sync_state=true and may emit CHR_EVENT_OPENED for an already-open
backend. Doing that from inside the chr_event callback would cause
recursive/re-entrant OPENED handling.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Add test_change_interval_timer to verify that modifying the 'interval'
property of filter-buffer at runtime takes effect immediately.
The test uses socket backend and filter-redirector to verify timer behavior:
- Creates filter-buffer with a very long interval (1000 seconds)
- Sends a packet which gets buffered
- Advances virtual clock by 1 second, verifies packet is still buffered
- Changes interval to 1ms via qom-set (timer should be rescheduled)
- Advances virtual clock by 2ms, verifies packet is now released
- This proves the timer was rescheduled immediately when interval changed
The test uses filter-redirector to observe when packets are released
by filter-buffer, providing end-to-end verification of the timer
rescheduling behavior.
Reviewed-by: Zhang Chen <zhangckid@gmail.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Previously, when the 'interval' property was modified at runtime via
QMP, the new value would only take effect after the current timer
period elapsed. This could lead to unexpected behavior when users
expect immediate changes.
Fix this by checking if the timer is already running when setting
the interval property. If so, reschedule the timer with the new
interval value immediately.
Reviewed-by: Zhang Chen <zhangckid@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Keep NetdevTapOptions related logic in tap.c, and make tap_set_sndbuf a
simple system call wrapper, more like other functions in tap-linux.c
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Maksim Davydov <davydov-max@yandex-team.ru>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Follow common recommendations in include/qapi/error.h of having
a return value together with errp. This allows to avoid error propagation.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Maksim Davydov <davydov-max@yandex-team.ru>
Signed-off-by: Jason Wang <jasowang@redhat.com>
No reason to setup notifier on each queue of multique tap,
when we actually want to run downscript only once.
As well, let's not setup notifier, when downscript is
not enabled (downsciprt="no").
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Maksim Davydov <davydov-max@yandex-team.ru>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Simplify handling scripts: parse all these "no" and '\0' once, and
then keep simpler logic for net_tap_open() and net_init_tap_one(): NULL
means no script to run, otherwise run script.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Maksim Davydov <davydov-max@yandex-team.ru>
Signed-off-by: Jason Wang <jasowang@redhat.com>
