Series comparison

-[Qemu-devel] [PULL 0/2] Block patches
+[PULL v3 00/27] Block patches
-The following changes since commit ca4e667dbf431d4a2a5a619cde79d30dd2ac3eb2:
+The following changes since commit e2c5093c993ef646e4e28f7aa78429853bcc06ac:
-  Merge remote-tracking branch 'remotes/kraxel/tags/usb-20170717-pull-request' into staging (2017-07-17 17:54:17 +0100)
+  iotests: 30: drop from auto group (and effectively from make check) (2021-02-05 15:16:13 +0000)
-are available in the git repository at:
+are available in the Git repository at:
-  git://github.com/codyprime/qemu-kvm-jtc.git tags/block-pull-request
+  https://gitlab.com/stefanha/qemu.git tags/block-pull-request
-for you to fetch changes up to 8508eee740c78d1465e25dad7c3e06137485dfbc:
+for you to fetch changes up to b07011f375bda3319cf72eee7cb18d310078387b:
-  live-block-ops.txt: Rename, rewrite, and improve it (2017-07-18 00:11:01 -0400)
+  docs: fix Parallels Image "dirty bitmap" section (2021-02-05 16:36:36 +0000)
 ----------------------------------------------------------------
-Block patches (documentation)
+Pull request
 v3:
  * Replace {0} array initialization with {} to make clang happy [Peter]
 ----------------------------------------------------------------
-Kashyap Chamarthy (2):
+Denis V. Lunev (1):
-  bitmaps.md: Convert to rST; move it into 'interop' dir
+  docs: fix Parallels Image "dirty bitmap" section
   live-block-ops.txt: Rename, rewrite, and improve it
- docs/devel/bitmaps.md                  |  505 ---------------
+Elena Ufimtseva (8):
- docs/interop/bitmaps.rst               |  555 ++++++++++++++++
+  multi-process: add configure and usage information
- docs/interop/live-block-operations.rst | 1088 ++++++++++++++++++++++++++++++++
+  io: add qio_channel_writev_full_all helper
- docs/live-block-ops.txt                |   72 ---
+  io: add qio_channel_readv_full_all_eof & qio_channel_readv_full_all
-files changed, 1643 insertions(+), 577 deletions(-)
+    helpers
- delete mode 100644 docs/devel/bitmaps.md
+  multi-process: define MPQemuMsg format and transmission functions
- create mode 100644 docs/interop/bitmaps.rst
+  multi-process: introduce proxy object
- create mode 100644 docs/interop/live-block-operations.rst
+  multi-process: add proxy communication functions
- delete mode 100644 docs/live-block-ops.txt
+  multi-process: Forward PCI config space acceses to the remote process
   multi-process: perform device reset in the remote process
 Jagannathan Raman (11):
   memory: alloc RAM from file at offset
   multi-process: Add config option for multi-process QEMU
   multi-process: setup PCI host bridge for remote device
   multi-process: setup a machine object for remote device process
   multi-process: Initialize message handler in remote device
   multi-process: Associate fd of a PCIDevice with its object
   multi-process: setup memory manager for remote device
   multi-process: PCI BAR read/write handling for proxy & remote
     endpoints
   multi-process: Synchronize remote memory
   multi-process: create IOHUB object to handle irq
   multi-process: Retrieve PCI info from remote process
 John G Johnson (1):
   multi-process: add the concept description to
     docs/devel/qemu-multiprocess
 Stefan Hajnoczi (6):
   .github: point Repo Lockdown bot to GitLab repo
   gitmodules: use GitLab repos instead of qemu.org
   gitlab-ci: remove redundant GitLab repo URL command
   docs: update README to use GitLab repo URLs
   pc-bios: update mirror URLs to GitLab
   get_maintainer: update repo URL to GitLab
  MAINTAINERS                               |  24 +
  README.rst                                |   4 +-
  docs/devel/index.rst                      |   1 +
  docs/devel/multi-process.rst              | 966 ++++++++++++++++++++++
  docs/system/index.rst                     |   1 +
  docs/system/multi-process.rst             |  64 ++
  docs/interop/parallels.txt                |   2 +-
  configure                                 |  10 +
  meson.build                               |   5 +-
  hw/remote/trace.h                         |   1 +
  include/exec/memory.h                     |   2 +
  include/exec/ram_addr.h                   |   4 +-
  include/hw/pci-host/remote.h              |  30 +
  include/hw/pci/pci_ids.h                  |   3 +
  include/hw/remote/iohub.h                 |  42 +
  include/hw/remote/machine.h               |  38 +
  include/hw/remote/memory.h                |  19 +
  include/hw/remote/mpqemu-link.h           |  99 +++
  include/hw/remote/proxy-memory-listener.h |  28 +
  include/hw/remote/proxy.h                 |  48 ++
  include/io/channel.h                      |  78 ++
  include/qemu/mmap-alloc.h                 |   4 +-
  include/sysemu/iothread.h                 |   6 +
  backends/hostmem-memfd.c                  |   2 +-
  hw/misc/ivshmem.c                         |   3 +-
  hw/pci-host/remote.c                      |  75 ++
  hw/remote/iohub.c                         | 119 +++
  hw/remote/machine.c                       |  80 ++
  hw/remote/memory.c                        |  65 ++
  hw/remote/message.c                       | 230 ++++++
  hw/remote/mpqemu-link.c                   | 267 ++++++
  hw/remote/proxy-memory-listener.c         | 227 +++++
  hw/remote/proxy.c                         | 379 +++++++++
  hw/remote/remote-obj.c                    | 203 +++++
  io/channel.c                              | 116 ++-
  iothread.c                                |   6 +
  softmmu/memory.c                          |   3 +-
  softmmu/physmem.c                         |  12 +-
  util/mmap-alloc.c                         |   8 +-
  util/oslib-posix.c                        |   2 +-
  .github/lockdown.yml                      |   8 +-
  .gitlab-ci.yml                            |   1 -
  .gitmodules                               |  44 +-
  Kconfig.host                              |   4 +
  hw/Kconfig                                |   1 +
  hw/meson.build                            |   1 +
  hw/pci-host/Kconfig                       |   3 +
  hw/pci-host/meson.build                   |   1 +
  hw/remote/Kconfig                         |   4 +
  hw/remote/meson.build                     |  13 +
  hw/remote/trace-events                    |   4 +
  pc-bios/README                            |   4 +-
  scripts/get_maintainer.pl                 |   2 +-
 files changed, 3296 insertions(+), 70 deletions(-)
  create mode 100644 docs/devel/multi-process.rst
  create mode 100644 docs/system/multi-process.rst
  create mode 100644 hw/remote/trace.h
  create mode 100644 include/hw/pci-host/remote.h
  create mode 100644 include/hw/remote/iohub.h
  create mode 100644 include/hw/remote/machine.h
  create mode 100644 include/hw/remote/memory.h
  create mode 100644 include/hw/remote/mpqemu-link.h
  create mode 100644 include/hw/remote/proxy-memory-listener.h
  create mode 100644 include/hw/remote/proxy.h
  create mode 100644 hw/pci-host/remote.c
  create mode 100644 hw/remote/iohub.c
  create mode 100644 hw/remote/machine.c
  create mode 100644 hw/remote/memory.c
  create mode 100644 hw/remote/message.c
  create mode 100644 hw/remote/mpqemu-link.c
  create mode 100644 hw/remote/proxy-memory-listener.c
  create mode 100644 hw/remote/proxy.c
  create mode 100644 hw/remote/remote-obj.c
  create mode 100644 hw/remote/Kconfig
  create mode 100644 hw/remote/meson.build
  create mode 100644 hw/remote/trace-events
 --
-.9.4
+.29.2

-New patch
+[PULL v3 01/27] .github: point Repo Lockdown bot to GitLab repo
+Use the GitLab repo URL as the main repo location in order to reduce
+load on qemu.org.
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Message-id: 20210111115017.156802-2-stefanha@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ .github/lockdown.yml | 8 ++++----
+file changed, 4 insertions(+), 4 deletions(-)
+diff --git a/.github/lockdown.yml b/.github/lockdown.yml
+index XXXXXXX..XXXXXXX 100644
+--- a/.github/lockdown.yml
++++ b/.github/lockdown.yml
+@@ -XXX,XX +XXX,XX @@ issues:
+   comment: |
+     Thank you for your interest in the QEMU project.
+-    This repository is a read-only mirror of the project's master
+-    repostories hosted on https://git.qemu.org/git/qemu.git.
++    This repository is a read-only mirror of the project's repostories hosted
++    at https://gitlab.com/qemu-project/qemu.git.
+     The project does not process issues filed on GitHub.
+     The project issues are tracked on Launchpad:
+@@ -XXX,XX +XXX,XX @@ pulls:
+   comment: |
+     Thank you for your interest in the QEMU project.
+-    This repository is a read-only mirror of the project's master
+-    repostories hosted on https://git.qemu.org/git/qemu.git.
++    This repository is a read-only mirror of the project's repostories hosted
++    on https://gitlab.com/qemu-project/qemu.git.
+     The project does not process merge requests filed on GitHub.
+     QEMU welcomes contributions of code (either fixing bugs or adding new
+--
+.29.2

-New patch
+[PULL v3 02/27] gitmodules: use GitLab repos instead of qemu.org
+qemu.org is running out of bandwidth and the QEMU project is moving
+towards a gating CI on GitLab. Use the GitLab repos instead of qemu.org
+(they will become mirrors).
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20210111115017.156802-3-stefanha@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ .gitmodules | 44 ++++++++++++++++++++++----------------------
+file changed, 22 insertions(+), 22 deletions(-)
+diff --git a/.gitmodules b/.gitmodules
+index XXXXXXX..XXXXXXX 100644
+--- a/.gitmodules
++++ b/.gitmodules
+@@ -XXX,XX +XXX,XX @@
+ [submodule "roms/seabios"]
+     path = roms/seabios
+-    url = https://git.qemu.org/git/seabios.git/
++    url = https://gitlab.com/qemu-project/seabios.git/
+ [submodule "roms/SLOF"]
+     path = roms/SLOF
+-    url = https://git.qemu.org/git/SLOF.git
++    url = https://gitlab.com/qemu-project/SLOF.git
+ [submodule "roms/ipxe"]
+     path = roms/ipxe
+-    url = https://git.qemu.org/git/ipxe.git
++    url = https://gitlab.com/qemu-project/ipxe.git
+ [submodule "roms/openbios"]
+     path = roms/openbios
+-    url = https://git.qemu.org/git/openbios.git
++    url = https://gitlab.com/qemu-project/openbios.git
+ [submodule "roms/qemu-palcode"]
+     path = roms/qemu-palcode
+-    url = https://git.qemu.org/git/qemu-palcode.git
++    url = https://gitlab.com/qemu-project/qemu-palcode.git
+ [submodule "roms/sgabios"]
+     path = roms/sgabios
+-    url = https://git.qemu.org/git/sgabios.git
++    url = https://gitlab.com/qemu-project/sgabios.git
+ [submodule "dtc"]
+     path = dtc
+-    url = https://git.qemu.org/git/dtc.git
++    url = https://gitlab.com/qemu-project/dtc.git
+ [submodule "roms/u-boot"]
+     path = roms/u-boot
+-    url = https://git.qemu.org/git/u-boot.git
++    url = https://gitlab.com/qemu-project/u-boot.git
+ [submodule "roms/skiboot"]
+     path = roms/skiboot
+-    url = https://git.qemu.org/git/skiboot.git
++    url = https://gitlab.com/qemu-project/skiboot.git
+ [submodule "roms/QemuMacDrivers"]
+     path = roms/QemuMacDrivers
+-    url = https://git.qemu.org/git/QemuMacDrivers.git
++    url = https://gitlab.com/qemu-project/QemuMacDrivers.git
+ [submodule "ui/keycodemapdb"]
+     path = ui/keycodemapdb
+-    url = https://git.qemu.org/git/keycodemapdb.git
++    url = https://gitlab.com/qemu-project/keycodemapdb.git
+ [submodule "capstone"]
+     path = capstone
+-    url = https://git.qemu.org/git/capstone.git
++    url = https://gitlab.com/qemu-project/capstone.git
+ [submodule "roms/seabios-hppa"]
+     path = roms/seabios-hppa
+-    url = https://git.qemu.org/git/seabios-hppa.git
++    url = https://gitlab.com/qemu-project/seabios-hppa.git
+ [submodule "roms/u-boot-sam460ex"]
+     path = roms/u-boot-sam460ex
+-    url = https://git.qemu.org/git/u-boot-sam460ex.git
++    url = https://gitlab.com/qemu-project/u-boot-sam460ex.git
+ [submodule "tests/fp/berkeley-testfloat-3"]
+     path = tests/fp/berkeley-testfloat-3
+-    url = https://git.qemu.org/git/berkeley-testfloat-3.git
++    url = https://gitlab.com/qemu-project/berkeley-testfloat-3.git
+ [submodule "tests/fp/berkeley-softfloat-3"]
+     path = tests/fp/berkeley-softfloat-3
+-    url = https://git.qemu.org/git/berkeley-softfloat-3.git
++    url = https://gitlab.com/qemu-project/berkeley-softfloat-3.git
+ [submodule "roms/edk2"]
+     path = roms/edk2
+-    url = https://git.qemu.org/git/edk2.git
++    url = https://gitlab.com/qemu-project/edk2.git
+ [submodule "slirp"]
+     path = slirp
+-    url = https://git.qemu.org/git/libslirp.git
++    url = https://gitlab.com/qemu-project/libslirp.git
+ [submodule "roms/opensbi"]
+     path = roms/opensbi
+-    url =     https://git.qemu.org/git/opensbi.git
++    url =     https://gitlab.com/qemu-project/opensbi.git
+ [submodule "roms/qboot"]
+     path = roms/qboot
+-    url = https://git.qemu.org/git/qboot.git
++    url = https://gitlab.com/qemu-project/qboot.git
+ [submodule "meson"]
+     path = meson
+-    url = https://git.qemu.org/git/meson.git
++    url = https://gitlab.com/qemu-project/meson.git
+ [submodule "roms/vbootrom"]
+     path = roms/vbootrom
+-    url = https://git.qemu.org/git/vbootrom.git
++    url = https://gitlab.com/qemu-project/vbootrom.git
+--
+.29.2

-New patch
+[PULL v3 03/27] gitlab-ci: remove redundant GitLab repo URL command
+It is no longer necessary to point .gitmodules at GitLab repos when
+running in GitLab CI since they are now used all the time.
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20210111115017.156802-4-stefanha@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ .gitlab-ci.yml | 1 -
+file changed, 1 deletion(-)
+diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
+index XXXXXXX..XXXXXXX 100644
+--- a/.gitlab-ci.yml
++++ b/.gitlab-ci.yml
+@@ -XXX,XX +XXX,XX @@ include:
+   image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
+   before_script:
+     - JOBS=$(expr $(nproc) + 1)
+-    - sed -i s,git.qemu.org/git,gitlab.com/qemu-project, .gitmodules
+   script:
+     - mkdir build
+     - cd build
+--
+.29.2

-New patch
+[PULL v3 04/27] docs: update README to use GitLab repo URLs
+qemu.org is running out of bandwidth and the QEMU project is moving
+towards a gating CI on GitLab. Use the GitLab repos instead of qemu.org
+(they will become mirrors).
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20210111115017.156802-5-stefanha@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ README.rst | 4 ++--
+file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/README.rst b/README.rst
+index XXXXXXX..XXXXXXX 100644
+--- a/README.rst
++++ b/README.rst
+@@ -XXX,XX +XXX,XX @@ The QEMU source code is maintained under the GIT version control system.
+ .. code-block:: shell
+-   git clone https://git.qemu.org/git/qemu.git
++   git clone https://gitlab.com/qemu-project/qemu.git
+ When submitting patches, one common approach is to use 'git
+ format-patch' and/or 'git send-email' to format & send the mail to the
+@@ -XXX,XX +XXX,XX @@ The QEMU website is also maintained under source control.
+ .. code-block:: shell
+-  git clone https://git.qemu.org/git/qemu-web.git
++  git clone https://gitlab.com/qemu-project/qemu-web.git
+ * `<https://www.qemu.org/2017/02/04/the-new-qemu-website-is-up/>`_
+--
+.29.2

-New patch
+[PULL v3 05/27] pc-bios: update mirror URLs to GitLab
+qemu.org is running out of bandwidth and the QEMU project is moving
+towards a gating CI on GitLab. Use the GitLab repos instead of qemu.org
+(they will become mirrors).
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20210111115017.156802-6-stefanha@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ pc-bios/README | 4 ++--
+file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/pc-bios/README b/pc-bios/README
+index XXXXXXX..XXXXXXX 100644
+--- a/pc-bios/README
++++ b/pc-bios/README
+@@ -XXX,XX +XXX,XX @@
+   legacy x86 software to communicate with an attached serial console as
+   if a video card were attached.  The master sources reside in a subversion
+   repository at http://sgabios.googlecode.com/svn/trunk.  A git mirror is
+-  available at https://git.qemu.org/git/sgabios.git.
++  available at https://gitlab.com/qemu-project/sgabios.git.
+ - The PXE roms come from the iPXE project. Built with BANNER_TIME 0.
+   Sources available at http://ipxe.org.  Vendor:Device ID -> ROM mapping:
+@@ -XXX,XX +XXX,XX @@
+ - The u-boot binary for e500 comes from the upstream denx u-boot project where
+   it was compiled using the qemu-ppce500 target.
+-  A git mirror is available at: https://git.qemu.org/git/u-boot.git
++  A git mirror is available at: https://gitlab.com/qemu-project/u-boot.git
+   The hash used to compile the current version is: 2072e72
+ - Skiboot (https://github.com/open-power/skiboot/) is an OPAL
+--
+.29.2

-New patch
+[PULL v3 06/27] get_maintainer: update repo URL to GitLab
+qemu.org is running out of bandwidth and the QEMU project is moving
+towards a gating CI on GitLab. Use the GitLab repos instead of qemu.org
+(they will become mirrors).
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Message-id: 20210111115017.156802-7-stefanha@redhat.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ scripts/get_maintainer.pl | 2 +-
+file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/scripts/get_maintainer.pl b/scripts/get_maintainer.pl
+index XXXXXXX..XXXXXXX 100755
+--- a/scripts/get_maintainer.pl
++++ b/scripts/get_maintainer.pl
+@@ -XXX,XX +XXX,XX @@ sub vcs_exists {
+     warn("$P: No supported VCS found.  Add --nogit to options?\n");
+     warn("Using a git repository produces better results.\n");
+     warn("Try latest git repository using:\n");
+-    warn("git clone https://git.qemu.org/git/qemu.git\n");
++    warn("git clone https://gitlab.com/qemu-project/qemu.git\n");
+     $printed_novcs = 1;
+     }
+     return 0;
+--
+.29.2

-[Qemu-devel] [PULL 2/2] live-block-ops.txt: Rename, rewrite, and improve it
+[PULL v3 07/27] multi-process: add the concept description to docs/devel/qemu-multiprocess
-From: Kashyap Chamarthy <kchamart@redhat.com>
+From: John G Johnson <john.g.johnson@oracle.com>
-This patch documents (including their QMP invocations) all the four
+Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
-major kinds of live block operations:
+Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
 Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
 Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
 Message-id: 02a68adef99f5df6a380bf8fd7b90948777e411c.1611938319.git.jag.raman@oracle.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
  MAINTAINERS                  |   7 +
  docs/devel/index.rst         |   1 +
  docs/devel/multi-process.rst | 966 +++++++++++++++++++++++++++++++++++
 files changed, 974 insertions(+)
  create mode 100644 docs/devel/multi-process.rst
-  - `block-stream`
+diff --git a/MAINTAINERS b/MAINTAINERS
-  - `block-commit`
+index XXXXXXX..XXXXXXX 100644
-  - `drive-mirror` (& `blockdev-mirror`)
+--- a/MAINTAINERS
-  - `drive-backup` (& `blockdev-backup`)
++++ b/MAINTAINERS
+@@ -XXX,XX +XXX,XX @@ S: Maintained
-Things considered while writing this document:
+ F: hw/semihosting/
+ F: include/hw/semihosting/
-  - Use reStructuredText as markup language (with the goal of generating
-    the HTML output using the Sphinx Documentation Generator).  It is
++Multi-process QEMU
-    gentler on the eye, and can be trivially converted to different
++M: Elena Ufimtseva <elena.ufimtseva@oracle.com>
-    formats.  (Another reason: upstream QEMU is considering to switch to
++M: Jagannathan Raman <jag.raman@oracle.com>
-    Sphinx, which uses reStructuredText as its markup language.)
++M: John G Johnson <john.g.johnson@oracle.com>
++S: Maintained
-  - Raw QMP JSON output vs. 'qmp-shell'.  I debated with myself whether
++F: docs/devel/multi-process.rst
-    to only show raw QMP JSON output (as that is the canonical
++
-    representation), or use 'qmp-shell', which takes key-value pairs.  I
+ Build and test automation
-    settled on the approach of: for the first occurrence of a command,
+ -------------------------
-    use raw JSON; for subsequent occurrences, use 'qmp-shell', with an
+ Build and test automation
-    occasional exception.
+diff --git a/docs/devel/index.rst b/docs/devel/index.rst
+index XXXXXXX..XXXXXXX 100644
-  - Usage of `-blockdev` command-line.
+--- a/docs/devel/index.rst
++++ b/docs/devel/index.rst
-  - Usage of 'node-name' vs. file path to refer to disks.  While we have
+@@ -XXX,XX +XXX,XX @@ Contents:
-    `blockdev-{mirror, backup}` as 'node-name'-alternatives for
+    clocks
-    `drive-{mirror, backup}`, the `block-commit` command still operates
+    qom
-    on file names for parameters 'base' and 'top'.  So I added a caveat
+    block-coroutine-wrapper
-    at the beginning to that effect.
++   multi-process
+diff --git a/docs/devel/multi-process.rst b/docs/devel/multi-process.rst
     Refer this related thread that I started (where I learnt
     `block-stream` was recently reworked to accept 'node-name' for 'top'
     and 'base' parameters):
     https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg06466.html
     "[RFC] Making 'block-stream', and 'block-commit' accept node-name"
 All commands showed in this document were tested while documenting.
 Thanks: Eric Blake for the section: "A note on points-in-time vs file
 names".  This useful bit was originally articulated by Eric in his
 KVMForum 2015 presentation, so I included that specific bit in this
 document.
 Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
 Reviewed-by: Eric Blake <eblake@redhat.com>
 Message-id: 20170717105205.32639-3-kchamart@redhat.com
 Signed-off-by: Jeff Cody <jcody@redhat.com>
 ---
  docs/interop/live-block-operations.rst | 1088 ++++++++++++++++++++++++++++++++
  docs/live-block-ops.txt                |   72 ---
 files changed, 1088 insertions(+), 72 deletions(-)
  create mode 100644 docs/interop/live-block-operations.rst
  delete mode 100644 docs/live-block-ops.txt
 diff --git a/docs/interop/live-block-operations.rst b/docs/interop/live-block-operations.rst
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
-+++ b/docs/interop/live-block-operations.rst
++++ b/docs/devel/multi-process.rst
 @@ -XXX,XX +XXX,XX @@
-+..
++This is the design document for multi-process QEMU. It does not
-+    Copyright (C) 2017 Red Hat Inc.
++necessarily reflect the status of the current implementation, which
-+
++may lack features or be considerably different from what is described
-+    This work is licensed under the terms of the GNU GPL, version 2 or
++in this document. This document is still useful as a description of
-+    later.  See the COPYING file in the top-level directory.
++the goals and general direction of this feature.
 +
-+============================
++Please refer to the following wiki for latest details:
-+Live Block Device Operations
++https://wiki.qemu.org/Features/MultiProcessQEMU
-+============================
++
-+
++Multi-process QEMU
-+QEMU Block Layer currently (as of QEMU 2.9) supports four major kinds of
++===================
-+live block device jobs -- stream, commit, mirror, and backup.  These can
++
-+be used to manipulate disk image chains to accomplish certain tasks,
++QEMU is often used as the hypervisor for virtual machines running in the
-+namely: live copy data from backing files into overlays; shorten long
++Oracle cloud. Since one of the advantages of cloud computing is the
-+disk image chains by merging data from overlays into backing files; live
++ability to run many VMs from different tenants in the same cloud
-+synchronize data from a disk image chain (including current active disk)
++infrastructure, a guest that compromised its hypervisor could
-+to another target image; and point-in-time (and incremental) backups of
++potentially use the hypervisor's access privileges to access data it is
-+a block device.  Below is a description of the said block (QMP)
++not authorized for.
-+primitives, and some (non-exhaustive list of) examples to illustrate
++
-+their use.
++QEMU can be susceptible to security attacks because it is a large,
-+
++monolithic program that provides many features to the VMs it services.
-+.. note::
++Many of these features can be configured out of QEMU, but even a reduced
-+    The file ``qapi/block-core.json`` in the QEMU source tree has the
++configuration QEMU has a large amount of code a guest can potentially
-+    canonical QEMU API (QAPI) schema documentation for the QMP
++attack. Separating QEMU reduces the attack surface by aiding to
-+    primitives discussed here.
++limit each component in the system to only access the resources that
-+
++it needs to perform its job.
-+.. todo (kashyapc):: Remove the ".. contents::" directive when Sphinx is
++
-+                     integrated.
++QEMU services
-+
++-------------
-+.. contents::
++
-+
++QEMU can be broadly described as providing three main services. One is a
-+Disk image backing chain notation
++VM control point, where VMs can be created, migrated, re-configured, and
-+---------------------------------
++destroyed. A second is to emulate the CPU instructions within the VM,
-+
++often accelerated by HW virtualization features such as Intel's VT
-+A simple disk image chain.  (This can be created live using QMP
++extensions. Finally, it provides IO services to the VM by emulating HW
-+``blockdev-snapshot-sync``, or offline via ``qemu-img``)::
++IO devices, such as disk and network devices.
 +
-+                   (Live QEMU)
++A multi-process QEMU
-+                        |
++~~~~~~~~~~~~~~~~~~~~
-+                        .
++
-+                        V
++A multi-process QEMU involves separating QEMU services into separate
-+
++host processes. Each of these processes can be given only the privileges
-+            [A] <----- [B]
++it needs to provide its service, e.g., a disk service could be given
-+
++access only to the disk images it provides, and not be allowed to
-+    (backing file)    (overlay)
++access other files, or any network devices. An attacker who compromised
-+
++this service would not be able to use this exploit to access files or
-+The arrow can be read as: Image [A] is the backing file of disk image
++devices beyond what the disk service was given access to.
-+[B].  And live QEMU is currently writing to image [B], consequently, it
++
-+is also referred to as the "active layer".
++A QEMU control process would remain, but in multi-process mode, will
-+
++have no direct interfaces to the VM. During VM execution, it would still
-+There are two kinds of terminology that are common when referring to
++provide the user interface to hot-plug devices or live migrate the VM.
-+files in a disk image backing chain:
++
-+
++A first step in creating a multi-process QEMU is to separate IO services
-+(1) Directional: 'base' and 'top'.  Given the simple disk image chain
++from the main QEMU program, which would continue to provide CPU
-+    above, image [A] can be referred to as 'base', and image [B] as
++emulation. i.e., the control process would also be the CPU emulation
-+    'top'.  (This terminology can be seen in in QAPI schema file,
++process. In a later phase, CPU emulation could be separated from the
-+    block-core.json.)
++control process.
 +
-+(2) Relational: 'backing file' and 'overlay'.  Again, taking the same
++Separating IO services
-+    simple disk image chain from the above, disk image [A] is referred
++----------------------
-+    to as the backing file, and image [B] as overlay.
++
-+
++Separating IO services into individual host processes is a good place to
-+   Throughout this document, we will use the relational terminology.
++begin for a couple of reasons. One is the sheer number of IO devices QEMU
-+
++can emulate provides a large surface of interfaces which could potentially
-+.. important::
++be exploited, and, indeed, have been a source of exploits in the past.
-+    The overlay files can generally be any format that supports a
++Another is the modular nature of QEMU device emulation code provides
-+    backing file, although QCOW2 is the preferred format and the one
++interface points where the QEMU functions that perform device emulation
-+    used in this document.
++can be separated from the QEMU functions that manage the emulation of
-+
++guest CPU instructions. The devices emulated in the separate process are
-+
++referred to as remote devices.
-+Brief overview of live block QMP primitives
++
 +QEMU device emulation
 +~~~~~~~~~~~~~~~~~~~~~
 +
 +QEMU uses an object oriented SW architecture for device emulation code.
 +Configured objects are all compiled into the QEMU binary, then objects
 +are instantiated by name when used by the guest VM. For example, the
 +code to emulate a device named "foo" is always present in QEMU, but its
 +instantiation code is only run when the device is included in the target
 +VM. (e.g., via the QEMU command line as *-device foo*)
 +
 +The object model is hierarchical, so device emulation code names its
 +parent object (such as "pci-device" for a PCI device) and QEMU will
 +instantiate a parent object before calling the device's instantiation
 +code.
 +
 +Current separation models
 +~~~~~~~~~~~~~~~~~~~~~~~~~
 +
 +In order to separate the device emulation code from the CPU emulation
 +code, the device object code must run in a different process. There are
 +a couple of existing QEMU features that can run emulation code
 +separately from the main QEMU process. These are examined below.
 +
 +vhost user model
 +^^^^^^^^^^^^^^^^
 +
 +Virtio guest device drivers can be connected to vhost user applications
 +in order to perform their IO operations. This model uses special virtio
 +device drivers in the guest and vhost user device objects in QEMU, but
 +once the QEMU vhost user code has configured the vhost user application,
 +mission-mode IO is performed by the application. The vhost user
 +application is a daemon process that can be contacted via a known UNIX
 +domain socket.
 +
 +vhost socket
 +''''''''''''
 +
 +As mentioned above, one of the tasks of the vhost device object within
 +QEMU is to contact the vhost application and send it configuration
 +information about this device instance. As part of the configuration
 +process, the application can also be sent other file descriptors over
 +the socket, which then can be used by the vhost user application in
 +various ways, some of which are described below.
 +
 +vhost MMIO store acceleration
 +'''''''''''''''''''''''''''''
 +
 +VMs are often run using HW virtualization features via the KVM kernel
 +driver. This driver allows QEMU to accelerate the emulation of guest CPU
 +instructions by running the guest in a virtual HW mode. When the guest
 +executes instructions that cannot be executed by virtual HW mode,
 +execution returns to the KVM driver so it can inform QEMU to emulate the
 +instructions in SW.
 +
 +One of the events that can cause a return to QEMU is when a guest device
 +driver accesses an IO location. QEMU then dispatches the memory
 +operation to the corresponding QEMU device object. In the case of a
 +vhost user device, the memory operation would need to be sent over a
 +socket to the vhost application. This path is accelerated by the QEMU
 +virtio code by setting up an eventfd file descriptor that the vhost
 +application can directly receive MMIO store notifications from the KVM
 +driver, instead of needing them to be sent to the QEMU process first.
 +
 +vhost interrupt acceleration
 +''''''''''''''''''''''''''''
 +
 +Another optimization used by the vhost application is the ability to
 +directly inject interrupts into the VM via the KVM driver, again,
 +bypassing the need to send the interrupt back to the QEMU process first.
 +The QEMU virtio setup code configures the KVM driver with an eventfd
 +that triggers the device interrupt in the guest when the eventfd is
 +written. This irqfd file descriptor is then passed to the vhost user
 +application program.
 +
 +vhost access to guest memory
 +''''''''''''''''''''''''''''
 +
 +The vhost application is also allowed to directly access guest memory,
 +instead of needing to send the data as messages to QEMU. This is also
 +done with file descriptors sent to the vhost user application by QEMU.
 +These descriptors can be passed to ``mmap()`` by the vhost application
 +to map the guest address space into the vhost application.
 +
 +IOMMUs introduce another level of complexity, since the address given to
 +the guest virtio device to DMA to or from is not a guest physical
 +address. This case is handled by having vhost code within QEMU register
 +as a listener for IOMMU mapping changes. The vhost application maintains
 +a cache of IOMMMU translations: sending translation requests back to
 +QEMU on cache misses, and in turn receiving flush requests from QEMU
 +when mappings are purged.
 +
 +applicability to device separation
 +''''''''''''''''''''''''''''''''''
 +
 +Much of the vhost model can be re-used by separated device emulation. In
 +particular, the ideas of using a socket between QEMU and the device
 +emulation application, using a file descriptor to inject interrupts into
 +the VM via KVM, and allowing the application to ``mmap()`` the guest
 +should be re used.
 +
 +There are, however, some notable differences between how a vhost
 +application works and the needs of separated device emulation. The most
 +basic is that vhost uses custom virtio device drivers which always
 +trigger IO with MMIO stores. A separated device emulation model must
 +work with existing IO device models and guest device drivers. MMIO loads
 +break vhost store acceleration since they are synchronous - guest
 +progress cannot continue until the load has been emulated. By contrast,
 +stores are asynchronous, the guest can continue after the store event
 +has been sent to the vhost application.
 +
 +Another difference is that in the vhost user model, a single daemon can
 +support multiple QEMU instances. This is contrary to the security regime
 +desired, in which the emulation application should only be allowed to
 +access the files or devices the VM it's running on behalf of can access.
 +#### qemu-io model
 +
 +Qemu-io is a test harness used to test changes to the QEMU block backend
 +object code. (e.g., the code that implements disk images for disk driver
 +emulation) Qemu-io is not a device emulation application per se, but it
 +does compile the QEMU block objects into a separate binary from the main
 +QEMU one. This could be useful for disk device emulation, since its
 +emulation applications will need to include the QEMU block objects.
 +
 +New separation model based on proxy objects
 +-------------------------------------------
 +
-+The following are the four different kinds of live block operations that
++A different model based on proxy objects in the QEMU program
-+QEMU block layer supports.
++communicating with remote emulation programs could provide separation
-+
++while minimizing the changes needed to the device emulation code. The
-+(1) ``block-stream``: Live copy of data from backing files into overlay
++rest of this section is a discussion of how a proxy object model would
-+    files.
++work.
 +
-+    .. note:: Once the 'stream' operation has finished, three things to
++Remote emulation processes
-+              note:
++~~~~~~~~~~~~~~~~~~~~~~~~~~
 +
-+                (a) QEMU rewrites the backing chain to remove
++The remote emulation process will run the QEMU object hierarchy without
-+                    reference to the now-streamed and redundant backing
++modification. The device emulation objects will be also be based on the
-+                    file;
++QEMU code, because for anything but the simplest device, it would not be
-+
++a tractable to re-implement both the object model and the many device
-+                (b) the streamed file *itself* won't be removed by QEMU,
++backends that QEMU has.
-+                    and must be explicitly discarded by the user;
++
-+
++The processes will communicate with the QEMU process over UNIX domain
-+                (c) the streamed file remains valid -- i.e. further
++sockets. The processes can be executed either as standalone processes,
-+                    overlays can be created based on it.  Refer the
++or be executed by QEMU. In both cases, the host backends the emulation
-+                    ``block-stream`` section further below for more
++processes will provide are specified on its command line, as they would
-+                    details.
++be for QEMU. For example:
 +
-+(2) ``block-commit``: Live merge of data from overlay files into backing
++::
-+    files (with the optional goal of removing the overlay file from the
++
-+    chain).  Since QEMU 2.0, this includes "active ``block-commit``"
++    disk-proc -blockdev driver=file,node-name=file0,filename=disk-file0  \
-+    (i.e. merge the current active layer into the base image).
++    -blockdev driver=qcow2,node-name=drive0,file=file0
 +
-+    .. note:: Once the 'commit' operation has finished, there are three
++would indicate process *disk-proc* uses a qcow2 emulated disk named
-+              things to note here as well:
++*file0* as its backend.
 +
-+                (a) QEMU rewrites the backing chain to remove reference
++Emulation processes may emulate more than one guest controller. A common
-+                    to now-redundant overlay images that have been
++configuration might be to put all controllers of the same device class
-+                    committed into a backing file;
++(e.g., disk, network, etc.) in a single process, so that all backends of
-+
++the same type can be managed by a single QMP monitor.
-+                (b) the committed file *itself* won't be removed by QEMU
++
-+                    -- it ought to be manually removed;
++communication with QEMU
-+
++^^^^^^^^^^^^^^^^^^^^^^^
-+                (c) however, unlike in the case of ``block-stream``, the
++
-+                    intermediate images will be rendered invalid -- i.e.
++The first argument to the remote emulation process will be a Unix domain
-+                    no more further overlays can be created based on
++socket that connects with the Proxy object. This is a required argument.
-+                    them.  Refer the ``block-commit`` section further
++
-+                    below for more details.
++::
 +
-+(3) ``drive-mirror`` (and ``blockdev-mirror``): Synchronize a running
++    disk-proc <socket number> <backend list>
-+    disk to another image.
++
-+
++remote process QMP monitor
-+(4) ``drive-backup`` (and ``blockdev-backup``): Point-in-time (live) copy
++^^^^^^^^^^^^^^^^^^^^^^^^^^
-+    of a block device to a destination.
++
-+
++Remote emulation processes can be monitored via QMP, similar to QEMU
-+
++itself. The QMP monitor socket is specified the same as for a QEMU
-+.. _`Interacting with a QEMU instance`:
++process:
 +
-+Interacting with a QEMU instance
++::
-+--------------------------------
++
-+
++    disk-proc -qmp unix:/tmp/disk-mon,server
-+To show some example invocations of command-line, we will use the
++
-+following invocation of QEMU, with a QMP server running over UNIX
++can be monitored over the UNIX socket path */tmp/disk-mon*.
-+socket::
++
-+
++QEMU command line
-+    $ ./x86_64-softmmu/qemu-system-x86_64 -display none -nodefconfig \
++~~~~~~~~~~~~~~~~~
-+        -M q35 -nodefaults -m 512 \
++
-+        -blockdev node-name=node-A,driver=qcow2,file.driver=file,file.node-name=file,file.filename=./a.qcow2 \
++Each remote device emulated in a remote process on the host is
-+        -device virtio-blk,drive=node-A,id=virtio0 \
++represented as a *-device* of type *pci-proxy-dev*. A socket
-+        -monitor stdio -qmp unix:/tmp/qmp-sock,server,nowait
++sub-option to this option specifies the Unix socket that connects
-+
++to the remote process. An *id* sub-option is required, and it should
-+The ``-blockdev`` command-line option, used above, is available from
++be the same id as used in the remote process.
-+QEMU 2.9 onwards.  In the above invocation, notice the ``node-name``
++
-+parameter that is used to refer to the disk image a.qcow2 ('node-A') --
++::
-+this is a cleaner way to refer to a disk image (as opposed to referring
++
-+to it by spelling out file paths).  So, we will continue to designate a
++    qemu-system-x86_64 ... -device pci-proxy-dev,id=lsi0,socket=3
-+``node-name`` to each further disk image created (either via
++
-+``blockdev-snapshot-sync``, or ``blockdev-add``) as part of the disk
++can be used to add a device emulated in a remote process
-+image chain, and continue to refer to the disks using their
++
-+``node-name`` (where possible, because ``block-commit`` does not yet, as
++
-+of QEMU 2.9, accept ``node-name`` parameter) when performing various
++QEMU management of remote processes
 +block operations.
 +
 +To interact with the QEMU instance launched above, we will use the
 +``qmp-shell`` utility (located at: ``qemu/scripts/qmp``, as part of the
 +QEMU source directory), which takes key-value pairs for QMP commands.
 +Invoke it as below (which will also print out the complete raw JSON
 +syntax for reference -- examples in the following sections)::
 +
 +    $ ./qmp-shell -v -p /tmp/qmp-sock
 +    (QEMU)
 +
 +.. note::
 +    In the event we have to repeat a certain QMP command, we will: for
 +    the first occurrence of it, show the ``qmp-shell`` invocation, *and*
 +    the corresponding raw JSON QMP syntax; but for subsequent
 +    invocations, present just the ``qmp-shell`` syntax, and omit the
 +    equivalent JSON output.
 +
 +
 +Example disk image chain
 +------------------------
 +
 +We will use the below disk image chain (and occasionally spelling it
 +out where appropriate) when discussing various primitives::
 +
 +    [A] <-- [B] <-- [C] <-- [D]
 +
 +Where [A] is the original base image; [B] and [C] are intermediate
 +overlay images; image [D] is the active layer -- i.e. live QEMU is
 +writing to it.  (The rule of thumb is: live QEMU will always be pointing
 +to the rightmost image in a disk image chain.)
 +
 +The above image chain can be created by invoking
 +``blockdev-snapshot-sync`` commands as following (which shows the
 +creation of overlay image [B]) using the ``qmp-shell`` (our invocation
 +also prints the raw JSON invocation of it)::
 +
 +    (QEMU) blockdev-snapshot-sync node-name=node-A snapshot-file=b.qcow2 snapshot-node-name=node-B format=qcow2
 +    {
 +        "execute": "blockdev-snapshot-sync",
 +        "arguments": {
 +            "node-name": "node-A",
 +            "snapshot-file": "b.qcow2",
 +            "format": "qcow2",
 +            "snapshot-node-name": "node-B"
 +        }
 +    }
 +
 +Here, "node-A" is the name QEMU internally uses to refer to the base
 +image [A] -- it is the backing file, based on which the overlay image,
 +[B], is created.
 +
 +To create the rest of the overlay images, [C], and [D] (omitting the raw
 +JSON output for brevity)::
 +
 +    (QEMU) blockdev-snapshot-sync node-name=node-B snapshot-file=c.qcow2 snapshot-node-name=node-C format=qcow2
 +    (QEMU) blockdev-snapshot-sync node-name=node-C snapshot-file=d.qcow2 snapshot-node-name=node-D format=qcow2
 +
 +
 +A note on points-in-time vs file names
 +--------------------------------------
 +
 +In our disk image chain::
 +
 +    [A] <-- [B] <-- [C] <-- [D]
 +
 +We have *three* points in time and an active layer:
 +
 +- Point 1: Guest state when [B] was created is contained in file [A]
 +- Point 2: Guest state when [C] was created is contained in [A] + [B]
 +- Point 3: Guest state when [D] was created is contained in
 +  [A] + [B] + [C]
 +- Active layer: Current guest state is contained in [A] + [B] + [C] +
 +  [D]
 +
 +Therefore, be aware with naming choices:
 +
 +- Naming a file after the time it is created is misleading -- the
 +  guest data for that point in time is *not* contained in that file
 +  (as explained earlier)
 +- Rather, think of files as a *delta* from the backing file
 +
 +
 +Live block streaming --- ``block-stream``
 +-----------------------------------------
 +
 +The ``block-stream`` command allows you to do live copy data from backing
 +files into overlay images.
 +
 +Given our original example disk image chain from earlier::
 +
 +    [A] <-- [B] <-- [C] <-- [D]
 +
 +The disk image chain can be shortened in one of the following different
 +ways (not an exhaustive list).
 +
 +.. _`Case-1`:
 +
 +(1) Merge everything into the active layer: I.e. copy all contents from
 +    the base image, [A], and overlay images, [B] and [C], into [D],
 +    *while* the guest is running.  The resulting chain will be a
 +    standalone image, [D] -- with contents from [A], [B] and [C] merged
 +    into it (where live QEMU writes go to)::
 +
 +        [D]
 +
 +.. _`Case-2`:
 +
 +(2) Taking the same example disk image chain mentioned earlier, merge
 +    only images [B] and [C] into [D], the active layer.  The result will
 +    be contents of images [B] and [C] will be copied into [D], and the
 +    backing file pointer of image [D] will be adjusted to point to image
 +    [A].  The resulting chain will be::
 +
 +        [A] <-- [D]
 +
 +.. _`Case-3`:
 +
 +(3) Intermediate streaming (available since QEMU 2.8): Starting afresh
 +    with the original example disk image chain, with a total of four
 +    images, it is possible to copy contents from image [B] into image
 +    [C].  Once the copy is finished, image [B] can now be (optionally)
 +    discarded; and the backing file pointer of image [C] will be
 +    adjusted to point to [A].  I.e. after performing "intermediate
 +    streaming" of [B] into [C], the resulting image chain will be (where
 +    live QEMU is writing to [D])::
 +
 +        [A] <-- [C] <-- [D]
 +
 +
 +QMP invocation for ``block-stream``
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 +
-+For `Case-1`_, to merge contents of all the backing files into the
++QEMU is not aware of the type of type of the remote PCI device. It is
-+active layer, where 'node-D' is the current active image (by default
++a pass through device as far as QEMU is concerned.
-+``block-stream`` will flatten the entire chain); ``qmp-shell`` (and its
++
-+corresponding JSON output)::
++communication with emulation process
-+
++^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-+    (QEMU) block-stream device=node-D job-id=job0
++
-+    {
++primary channel
-+        "execute": "block-stream",
++'''''''''''''''
-+        "arguments": {
++
-+            "device": "node-D",
++The primary channel (referred to as com in the code) is used to bootstrap
-+            "job-id": "job0"
++the remote process. It is also used to pass on device-agnostic commands
-+        }
++like reset.
-+    }
++
-+
++per-device channels
-+For `Case-2`_, merge contents of the images [B] and [C] into [D], where
++'''''''''''''''''''
-+image [D] ends up referring to image [A] as its backing file::
++
-+
++Each remote device communicates with QEMU using a dedicated communication
-+    (QEMU) block-stream device=node-D base-node=node-A job-id=job0
++channel. The proxy object sets up this channel using the primary
-+
++channel during its initialization.
-+And for `Case-3`_, of "intermediate" streaming", merge contents of
++
-+images [B] into [C], where [C] ends up referring to [A] as its backing
++QEMU device proxy objects
-+image::
++~~~~~~~~~~~~~~~~~~~~~~~~~
 +
-+    (QEMU) block-stream device=node-C base-node=node-A job-id=job0
++QEMU has an object model based on sub-classes inherited from the
-+
++"object" super-class. The sub-classes that are of interest here are the
-+Progress of a ``block-stream`` operation can be monitored via the QMP
++"device" and "bus" sub-classes whose child sub-classes make up the
-+command::
++device tree of a QEMU emulated system.
 +
-+    (QEMU) query-block-jobs
++The proxy object model will use device proxy objects to replace the
-+    {
++device emulation code within the QEMU process. These objects will live
-+        "execute": "query-block-jobs",
++in the same place in the object and bus hierarchies as the objects they
-+        "arguments": {}
++replace. i.e., the proxy object for an LSI SCSI controller will be a
-+    }
++sub-class of the "pci-device" class, and will have the same PCI bus
-+
++parent and the same SCSI bus child objects as the LSI controller object
-+
++it replaces.
-+Once the ``block-stream`` operation has completed, QEMU will emit an
++
-+event, ``BLOCK_JOB_COMPLETED``.  The intermediate overlays remain valid,
++It is worth noting that the same proxy object is used to mediate with
-+and can now be (optionally) discarded, or retained to create further
++all types of remote PCI devices.
-+overlays based on them.  Finally, the ``block-stream`` jobs can be
++
-+restarted at anytime.
++object initialization
-+
++^^^^^^^^^^^^^^^^^^^^^
 +
-+Live block commit --- ``block-commit``
++The Proxy device objects are initialized in the exact same manner in
-+--------------------------------------
++which any other QEMU device would be initialized.
 +
-+The ``block-commit`` command lets you merge live data from overlay
++In addition, the Proxy objects perform the following two tasks:
-+images into backing file(s).  Since QEMU 2.0, this includes "live active
++- Parses the "socket" sub option and connects to the remote process
-+commit" (i.e. it is possible to merge the "active layer", the right-most
++using this channel
-+image in a disk image chain where live QEMU will be writing to, into the
++- Uses the "id" sub-option to connect to the emulated device on the
-+base image).  This is analogous to ``block-stream``, but in the opposite
++separate process
-+direction.
++
-+
++class\_init
-+Again, starting afresh with our example disk image chain, where live
++'''''''''''
-+QEMU is writing to the right-most image in the chain, [D]::
++
-+
++The ``class_init()`` method of a proxy object will, in general behave
-+    [A] <-- [B] <-- [C] <-- [D]
++similarly to the object it replaces, including setting any static
-+
++properties and methods needed by the proxy.
-+The disk image chain can be shortened in one of the following ways:
++
-+
++instance\_init / realize
-+.. _`block-commit_Case-1`:
++''''''''''''''''''''''''
 +
-+(1) Commit content from only image [B] into image [A].  The resulting
++The ``instance_init()`` and ``realize()`` functions would only need to
-+    chain is the following, where image [C] is adjusted to point at [A]
++perform tasks related to being a proxy, such are registering its own
-+    as its new backing file::
++MMIO handlers, or creating a child bus that other proxy devices can be
-+
++attached to later.
-+        [A] <-- [C] <-- [D]
++
-+
++Other tasks will be device-specific. For example, PCI device objects
-+(2) Commit content from images [B] and [C] into image [A].  The
++will initialize the PCI config space in order to make a valid PCI device
-+    resulting chain, where image [D] is adjusted to point to image [A]
++tree within the QEMU process.
-+    as its new backing file::
++
-+
++address space registration
-+        [A] <-- [D]
++^^^^^^^^^^^^^^^^^^^^^^^^^^
 +
-+.. _`block-commit_Case-3`:
++Most devices are driven by guest device driver accesses to IO addresses
-+
++or ports. The QEMU device emulation code uses QEMU's memory region
-+(3) Commit content from images [B], [C], and the active layer [D] into
++function calls (such as ``memory_region_init_io()``) to add callback
-+    image [A].  The resulting chain (in this case, a consolidated single
++functions that QEMU will invoke when the guest accesses the device's
-+    image)::
++areas of the IO address space. When a guest driver does access the
-+
++device, the VM will exit HW virtualization mode and return to QEMU,
-+        [A]
++which will then lookup and execute the corresponding callback function.
 +
-+(4) Commit content from image only image [C] into image [B].  The
++A proxy object would need to mirror the memory region calls the actual
-+    resulting chain::
++device emulator would perform in its initialization code, but with its
-+
++own callbacks. When invoked by QEMU as a result of a guest IO operation,
-+    [A] <-- [B] <-- [D]
++they will forward the operation to the device emulation process.
 +
-+(5) Commit content from image [C] and the active layer [D] into image
++PCI config space
-+    [B].  The resulting chain::
++^^^^^^^^^^^^^^^^
 +
-+    [A] <-- [B]
++PCI devices also have a configuration space that can be accessed by the
-+
++guest driver. Guest accesses to this space is not handled by the device
-+
++emulation object, but by its PCI parent object. Much of this space is
-+QMP invocation for ``block-commit``
++read-only, but certain registers (especially BAR and MSI-related ones)
-+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
++need to be propagated to the emulation process.
 +
-+For :ref:`Case-1 <block-commit_Case-1>`, to merge contents only from
++PCI parent proxy
-+image [B] into image [A], the invocation is as follows::
++''''''''''''''''
 +
-+    (QEMU) block-commit device=node-D base=a.qcow2 top=b.qcow2 job-id=job0
++One way to propagate guest PCI config accesses is to create a
-+    {
++"pci-device-proxy" class that can serve as the parent of a PCI device
-+        "execute": "block-commit",
++proxy object. This class's parent would be "pci-device" and it would
-+        "arguments": {
++override the PCI parent's ``config_read()`` and ``config_write()``
-+            "device": "node-D",
++methods with ones that forward these operations to the emulation
-+            "job-id": "job0",
++program.
-+            "top": "b.qcow2",
++
-+            "base": "a.qcow2"
++interrupt receipt
-+        }
++^^^^^^^^^^^^^^^^^
-+    }
++
-+
++A proxy for a device that generates interrupts will need to create a
-+Once the above ``block-commit`` operation has completed, a
++socket to receive interrupt indications from the emulation process. An
-+``BLOCK_JOB_COMPLETED`` event will be issued, and no further action is
++incoming interrupt indication would then be sent up to its bus parent to
-+required.  As the end result, the backing file of image [C] is adjusted
++be injected into the guest. For example, a PCI device object may use
-+to point to image [A], and the original 4-image chain will end up being
++``pci_set_irq()``.
-+transformed to::
++
-+
++live migration
-+    [A] <-- [C] <-- [D]
++^^^^^^^^^^^^^^
 +
-+.. note::
++The proxy will register to save and restore any *vmstate* it needs over
-+    The intermediate image [B] is invalid (as in: no more further
++a live migration event. The device proxy does not need to manage the
-+    overlays based on it can be created).
++remote device's *vmstate*; that will be handled by the remote process
-+
++proxy (see below).
-+    Reasoning: An intermediate image after a 'stream' operation still
++
-+    represents that old point-in-time, and may be valid in that context.
++QEMU remote device operation
 +    However, an intermediate image after a 'commit' operation no longer
 +    represents any point-in-time, and is invalid in any context.
 +
 +
 +However, :ref:`Case-3 <block-commit_Case-3>` (also called: "active
 +``block-commit``") is a *two-phase* operation: In the first phase, the
 +content from the active overlay, along with the intermediate overlays,
 +is copied into the backing file (also called the base image).  In the
 +second phase, adjust the said backing file as the current active image
 +-- possible via issuing the command ``block-job-complete``.  Optionally,
 +the ``block-commit`` operation can be cancelled by issuing the command
 +``block-job-cancel``, but be careful when doing this.
 +
 +Once the ``block-commit`` operation has completed, the event
 +``BLOCK_JOB_READY`` will be emitted, signalling that the synchronization
 +has finished.  Now the job can be gracefully completed by issuing the
 +command ``block-job-complete`` -- until such a command is issued, the
 +'commit' operation remains active.
 +
 +The following is the flow for :ref:`Case-3 <block-commit_Case-3>` to
 +convert a disk image chain such as this::
 +
 +    [A] <-- [B] <-- [C] <-- [D]
 +
 +Into::
 +
 +    [A]
 +
 +Where content from all the subsequent overlays, [B], and [C], including
 +the active layer, [D], is committed back to [A] -- which is where live
 +QEMU is performing all its current writes).
 +
 +Start the "active ``block-commit``" operation::
 +
 +    (QEMU) block-commit device=node-D base=a.qcow2 top=d.qcow2 job-id=job0
 +    {
 +        "execute": "block-commit",
 +        "arguments": {
 +            "device": "node-D",
 +            "job-id": "job0",
 +            "top": "d.qcow2",
 +            "base": "a.qcow2"
 +        }
 +    }
 +
 +
 +Once the synchronization has completed, the event ``BLOCK_JOB_READY`` will
 +be emitted.
 +
 +Then, optionally query for the status of the active block operations.
 +We can see the 'commit' job is now ready to be completed, as indicated
 +by the line *"ready": true*::
 +
 +    (QEMU) query-block-jobs
 +    {
 +        "execute": "query-block-jobs",
 +        "arguments": {}
 +    }
 +    {
 +        "return": [
 +            {
 +                "busy": false,
 +                "type": "commit",
 +                "len": 1376256,
 +                "paused": false,
 +                "ready": true,
 +                "io-status": "ok",
 +                "offset": 1376256,
 +                "device": "job0",
 +                "speed": 0
 +            }
 +        ]
 +    }
 +
 +Gracefully complete the 'commit' block device job::
 +
 +    (QEMU) block-job-complete device=job0
 +    {
 +        "execute": "block-job-complete",
 +        "arguments": {
 +            "device": "job0"
 +        }
 +    }
 +    {
 +        "return": {}
 +    }
 +
 +Finally, once the above job is completed, an event
 +``BLOCK_JOB_COMPLETED`` will be emitted.
 +
 +.. note::
 +    The invocation for rest of the cases (2, 4, and 5), discussed in the
 +    previous section, is omitted for brevity.
 +
 +
 +Live disk synchronization --- ``drive-mirror`` and ``blockdev-mirror``
 +----------------------------------------------------------------------
 +
 +Synchronize a running disk image chain (all or part of it) to a target
 +image.
 +
 +Again, given our familiar disk image chain::
 +
 +    [A] <-- [B] <-- [C] <-- [D]
 +
 +The ``drive-mirror`` (and its newer equivalent ``blockdev-mirror``) allows
 +you to copy data from the entire chain into a single target image (which
 +can be located on a different host).
 +
 +Once a 'mirror' job has started, there are two possible actions while a
 +``drive-mirror`` job is active:
 +
 +(1) Issuing the command ``block-job-cancel`` after it emits the event
 +    ``BLOCK_JOB_CANCELLED``: will (after completing synchronization of
 +    the content from the disk image chain to the target image, [E])
 +    create a point-in-time (which is at the time of *triggering* the
 +    cancel command) copy, contained in image [E], of the the entire disk
 +    image chain (or only the top-most image, depending on the ``sync``
 +    mode).
 +
 +(2) Issuing the command ``block-job-complete`` after it emits the event
 +    ``BLOCK_JOB_COMPLETED``: will, after completing synchronization of
 +    the content, adjust the guest device (i.e. live QEMU) to point to
 +    the target image, and, causing all the new writes from this point on
 +    to happen there.  One use case for this is live storage migration.
 +
 +About synchronization modes: The synchronization mode determines
 +*which* part of the disk image chain will be copied to the target.
 +Currently, there are four different kinds:
 +
 +(1) ``full`` -- Synchronize the content of entire disk image chain to
 +    the target
 +
 +(2) ``top`` -- Synchronize only the contents of the top-most disk image
 +    in the chain to the target
 +
 +(3) ``none`` -- Synchronize only the new writes from this point on.
 +
 +    .. note:: In the case of ``drive-backup`` (or ``blockdev-backup``),
 +              the behavior of ``none`` synchronization mode is different.
 +              Normally, a ``backup`` job consists of two parts: Anything
 +              that is overwritten by the guest is first copied out to
 +              the backup, and in the background the whole image is
 +              copied from start to end. With ``sync=none``, it's only
 +              the first part.
 +
 +(4) ``incremental`` -- Synchronize content that is described by the
 +    dirty bitmap
 +
 +.. note::
 +    Refer to the :doc:`bitmaps` document in the QEMU source
 +    tree to learn about the detailed workings of the ``incremental``
 +    synchronization mode.
 +
 +
 +QMP invocation for ``drive-mirror``
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 +
 +To copy the contents of the entire disk image chain, from [A] all the
 +way to [D], to a new target (``drive-mirror`` will create the destination
 +file, if it doesn't already exist), call it [E]::
 +
 +    (QEMU) drive-mirror device=node-D target=e.qcow2 sync=full job-id=job0
 +    {
 +        "execute": "drive-mirror",
 +        "arguments": {
 +            "device": "node-D",
 +            "job-id": "job0",
 +            "target": "e.qcow2",
 +            "sync": "full"
 +        }
 +    }
 +
 +The ``"sync": "full"``, from the above, means: copy the *entire* chain
 +to the destination.
 +
 +Following the above, querying for active block jobs will show that a
 +'mirror' job is "ready" to be completed (and QEMU will also emit an
 +event, ``BLOCK_JOB_READY``)::
 +
 +    (QEMU) query-block-jobs
 +    {
 +        "execute": "query-block-jobs",
 +        "arguments": {}
 +    }
 +    {
 +        "return": [
 +            {
 +                "busy": false,
 +                "type": "mirror",
 +                "len": 21757952,
 +                "paused": false,
 +                "ready": true,
 +                "io-status": "ok",
 +                "offset": 21757952,
 +                "device": "job0",
 +                "speed": 0
 +            }
 +        ]
 +    }
 +
 +And, as noted in the previous section, there are two possible actions
 +at this point:
 +
 +(a) Create a point-in-time snapshot by ending the synchronization.  The
 +    point-in-time is at the time of *ending* the sync.  (The result of
 +    the following being: the target image, [E], will be populated with
 +    content from the entire chain, [A] to [D])::
 +
 +        (QEMU) block-job-cancel device=job0
 +        {
 +            "execute": "block-job-cancel",
 +            "arguments": {
 +                "device": "job0"
 +            }
 +        }
 +
 +(b) Or, complete the operation and pivot the live QEMU to the target
 +    copy::
 +
 +        (QEMU) block-job-complete device=job0
 +
 +In either of the above cases, if you once again run the
 +`query-block-jobs` command, there should not be any active block
 +operation.
 +
 +Comparing 'commit' and 'mirror': In both then cases, the overlay images
 +can be discarded.  However, with 'commit', the *existing* base image
 +will be modified (by updating it with contents from overlays); while in
 +the case of 'mirror', a *new* target image is populated with the data
 +from the disk image chain.
 +
 +
 +QMP invocation for live storage migration with ``drive-mirror`` + NBD
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 +
 +Live storage migration (without shared storage setup) is one of the most
 +common use-cases that takes advantage of the ``drive-mirror`` primitive
 +and QEMU's built-in Network Block Device (NBD) server.  Here's a quick
 +walk-through of this setup.
 +
 +Given the disk image chain::
 +
 +    [A] <-- [B] <-- [C] <-- [D]
 +
 +Instead of copying content from the entire chain, synchronize *only* the
 +contents of the *top*-most disk image (i.e. the active layer), [D], to a
 +target, say, [TargetDisk].
 +
 +.. important::
 +    The destination host must already have the contents of the backing
 +    chain, involving images [A], [B], and [C], visible via other means
 +    -- whether by ``cp``, ``rsync``, or by some storage array-specific
 +    command.)
 +
 +Sometimes, this is also referred to as "shallow copy" -- because only
 +the "active layer", and not the rest of the image chain, is copied to
 +the destination.
 +
 +.. note::
 +    In this example, for the sake of simplicity, we'll be using the same
 +    ``localhost`` as both source and destination.
 +
 +As noted earlier, on the destination host the contents of the backing
 +chain -- from images [A] to [C] -- are already expected to exist in some
 +form (e.g. in a file called, ``Contents-of-A-B-C.qcow2``).  Now, on the
 +destination host, let's create a target overlay image (with the image
 +``Contents-of-A-B-C.qcow2`` as its backing file), to which the contents
 +of image [D] (from the source QEMU) will be mirrored to::
 +
 +    $ qemu-img create -f qcow2 -b ./Contents-of-A-B-C.qcow2 \
 +        -F qcow2 ./target-disk.qcow2
 +
 +And start the destination QEMU (we already have the source QEMU running
 +-- discussed in the section: `Interacting with a QEMU instance`_)
 +instance, with the following invocation.  (As noted earlier, for
 +simplicity's sake, the destination QEMU is started on the same host, but
 +it could be located elsewhere)::
 +
 +    $ ./x86_64-softmmu/qemu-system-x86_64 -display none -nodefconfig \
 +        -M q35 -nodefaults -m 512 \
 +        -blockdev node-name=node-TargetDisk,driver=qcow2,file.driver=file,file.node-name=file,file.filename=./target-disk.qcow2 \
 +        -device virtio-blk,drive=node-TargetDisk,id=virtio0 \
 +        -S -monitor stdio -qmp unix:./qmp-sock2,server,nowait \
 +        -incoming tcp:localhost:6666
 +
 +Given the disk image chain on source QEMU::
 +
 +    [A] <-- [B] <-- [C] <-- [D]
 +
 +On the destination host, it is expected that the contents of the chain
 +``[A] <-- [B] <-- [C]`` are *already* present, and therefore copy *only*
 +the content of image [D].
 +
 +(1) [On *destination* QEMU] As part of the first step, start the
 +    built-in NBD server on a given host (local host, represented by
 +    ``::``)and port::
 +
 +        (QEMU) nbd-server-start addr={"type":"inet","data":{"host":"::","port":"49153"}}
 +        {
 +            "execute": "nbd-server-start",
 +            "arguments": {
 +                "addr": {
 +                    "data": {
 +                        "host": "::",
 +                        "port": "49153"
 +                    },
 +                    "type": "inet"
 +                }
 +            }
 +        }
 +
 +(2) [On *destination* QEMU] And export the destination disk image using
 +    QEMU's built-in NBD server::
 +
 +        (QEMU) nbd-server-add device=node-TargetDisk writable=true
 +        {
 +            "execute": "nbd-server-add",
 +            "arguments": {
 +                "device": "node-TargetDisk"
 +            }
 +        }
 +
 +(3) [On *source* QEMU] Then, invoke ``drive-mirror`` (NB: since we're
 +    running ``drive-mirror`` with ``mode=existing`` (meaning:
 +    synchronize to a pre-created file, therefore 'existing', file on the
 +    target host), with the synchronization mode as 'top' (``"sync:
 +    "top"``)::
 +
 +        (QEMU) drive-mirror device=node-D target=nbd:localhost:49153:exportname=node-TargetDisk sync=top mode=existing job-id=job0
 +        {
 +            "execute": "drive-mirror",
 +            "arguments": {
 +                "device": "node-D",
 +                "mode": "existing",
 +                "job-id": "job0",
 +                "target": "nbd:localhost:49153:exportname=node-TargetDisk",
 +                "sync": "top"
 +            }
 +        }
 +
 +(4) [On *source* QEMU] Once ``drive-mirror`` copies the entire data, and the
 +    event ``BLOCK_JOB_READY`` is emitted, issue ``block-job-cancel`` to
 +    gracefully end the synchronization, from source QEMU::
 +
 +        (QEMU) block-job-cancel device=job0
 +        {
 +            "execute": "block-job-cancel",
 +            "arguments": {
 +                "device": "job0"
 +            }
 +        }
 +
 +(5) [On *destination* QEMU] Then, stop the NBD server::
 +
 +        (QEMU) nbd-server-stop
 +        {
 +            "execute": "nbd-server-stop",
 +            "arguments": {}
 +        }
 +
 +(6) [On *destination* QEMU] Finally, resume the guest vCPUs by issuing the
 +    QMP command `cont`::
 +
 +        (QEMU) cont
 +        {
 +            "execute": "cont",
 +            "arguments": {}
 +        }
 +
 +.. note::
 +    Higher-level libraries (e.g. libvirt) automate the entire above
 +    process (although note that libvirt does not allow same-host
 +    migrations to localhost for other reasons).
 +
 +
 +Notes on ``blockdev-mirror``
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 +
-+The ``blockdev-mirror`` command is equivalent in core functionality to
++Generic device operations, such as DMA, will be performed by the remote
-+``drive-mirror``, except that it operates at node-level in a BDS graph.
++process proxy by sending messages to the remote process.
 +
-+Also: for ``blockdev-mirror``, the 'target' image needs to be explicitly
++DMA operations
-+created (using ``qemu-img``) and attach it to live QEMU via
++^^^^^^^^^^^^^^
-+``blockdev-add``, which assigns a name to the to-be created target node.
++
-+
++DMA operations would be handled much like vhost applications do. One of
-+E.g. the sequence of actions to create a point-in-time backup of an
++the initial messages sent to the emulation process is a guest memory
-+entire disk image chain, to a target, using ``blockdev-mirror`` would be:
++table. Each entry in this table consists of a file descriptor and size
-+
++that the emulation process can ``mmap()`` to directly access guest
-+(0) Create the QCOW2 overlays, to arrive at a backing chain of desired
++memory, similar to ``vhost_user_set_mem_table()``. Note guest memory
-+    depth
++must be backed by file descriptors, such as when QEMU is given the
-+
++*-mem-path* command line option.
-+(1) Create the target image (using ``qemu-img``), say, ``e.qcow2``
++
-+
++IOMMU operations
-+(2) Attach the above created file (``e.qcow2``), run-time, using
++^^^^^^^^^^^^^^^^
-+    ``blockdev-add`` to QEMU
++
-+
++When the emulated system includes an IOMMU, the remote process proxy in
-+(3) Perform ``blockdev-mirror`` (use ``"sync": "full"`` to copy the
++QEMU will need to create a socket for IOMMU requests from the emulation
-+    entire chain to the target).  And notice the event
++process. It will handle those requests with an
-+    ``BLOCK_JOB_READY``
++``address_space_get_iotlb_entry()`` call. In order to handle IOMMU
-+
++unmaps, the remote process proxy will also register as a listener on the
-+(4) Optionally, query for active block jobs, there should be a 'mirror'
++device's DMA address space. When an IOMMU memory region is created
-+    job ready to be completed
++within the DMA address space, an IOMMU notifier for unmaps will be added
-+
++to the memory region that will forward unmaps to the emulation process
-+(5) Gracefully complete the 'mirror' block device job, and notice the
++over the IOMMU socket.
-+    the event ``BLOCK_JOB_COMPLETED``
++
-+
++device hot-plug via QMP
-+(6) Shutdown the guest by issuing the QMP ``quit`` command so that
++^^^^^^^^^^^^^^^^^^^^^^^
-+    caches are flushed
++
-+
++An QMP "device\_add" command can add a device emulated by a remote
-+(7) Then, finally, compare the contents of the disk image chain, and
++process. It will also have "rid" option to the command, just as the
-+    the target copy with ``qemu-img compare``.  You should notice:
++*-device* command line option does. The remote process may either be one
-+    "Images are identical"
++started at QEMU startup, or be one added by the "add-process" QMP
-+
++command described above. In either case, the remote process proxy will
-+
++forward the new device's JSON description to the corresponding emulation
-+QMP invocation for ``blockdev-mirror``
++process.
-+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
++
-+
++live migration
-+Given the disk image chain::
++^^^^^^^^^^^^^^
 +
-+    [A] <-- [B] <-- [C] <-- [D]
++The remote process proxy will also register for live migration
-+
++notifications with ``vmstate_register()``. When called to save state,
-+To copy the contents of the entire disk image chain, from [A] all the
++the proxy will send the remote process a secondary socket file
-+way to [D], to a new target, call it [E].  The following is the flow.
++descriptor to save the remote process's device *vmstate* over. The
-+
++incoming byte stream length and data will be saved as the proxy's
-+Create the overlay images, [B], [C], and [D]::
++*vmstate*. When the proxy is resumed on its new host, this *vmstate*
-+
++will be extracted, and a secondary socket file descriptor will be sent
-+    (QEMU) blockdev-snapshot-sync node-name=node-A snapshot-file=b.qcow2 snapshot-node-name=node-B format=qcow2
++to the new remote process through which it receives the *vmstate* in
-+    (QEMU) blockdev-snapshot-sync node-name=node-B snapshot-file=c.qcow2 snapshot-node-name=node-C format=qcow2
++order to restore the devices there.
-+    (QEMU) blockdev-snapshot-sync node-name=node-C snapshot-file=d.qcow2 snapshot-node-name=node-D format=qcow2
++
-+
++device emulation in remote process
-+Create the target image, [E]::
++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 +
-+    $ qemu-img create -f qcow2 e.qcow2 39M
++The parts of QEMU that the emulation program will need include the
-+
++object model; the memory emulation objects; the device emulation objects
-+Add the above created target image to QEMU, via ``blockdev-add``::
++of the targeted device, and any dependent devices; and, the device's
-+
++backends. It will also need code to setup the machine environment,
-+    (QEMU) blockdev-add driver=qcow2 node-name=node-E file={"driver":"file","filename":"e.qcow2"}
++handle requests from the QEMU process, and route machine-level requests
-+    {
++(such as interrupts or IOMMU mappings) back to the QEMU process.
-+        "execute": "blockdev-add",
++
-+        "arguments": {
++initialization
-+            "node-name": "node-E",
++^^^^^^^^^^^^^^
-+            "driver": "qcow2",
++
-+            "file": {
++The process initialization sequence will follow the same sequence
-+                "driver": "file",
++followed by QEMU. It will first initialize the backend objects, then
-+                "filename": "e.qcow2"
++device emulation objects. The JSON descriptions sent by the QEMU process
-+            }
++will drive which objects need to be created.
-+        }
++
-+    }
++-  address spaces
 +
-+Perform ``blockdev-mirror``, and notice the event ``BLOCK_JOB_READY``::
++Before the device objects are created, the initial address spaces and
-+
++memory regions must be configured with ``memory_map_init()``. This
-+    (QEMU) blockdev-mirror device=node-B target=node-E sync=full job-id=job0
++creates a RAM memory region object (*system\_memory*) and an IO memory
-+    {
++region object (*system\_io*).
-+        "execute": "blockdev-mirror",
++
-+        "arguments": {
++-  RAM
-+            "device": "node-D",
++
-+            "job-id": "job0",
++RAM memory region creation will follow how ``pc_memory_init()`` creates
-+            "target": "node-E",
++them, but must use ``memory_region_init_ram_from_fd()`` instead of
-+            "sync": "full"
++``memory_region_allocate_system_memory()``. The file descriptors needed
-+        }
++will be supplied by the guest memory table from above. Those RAM regions
-+    }
++would then be added to the *system\_memory* memory region with
-+
++``memory_region_add_subregion()``.
-+Query for active block jobs, there should be a 'mirror' job ready::
++
-+
++-  PCI
-+    (QEMU) query-block-jobs
++
-+    {
++IO initialization will be driven by the JSON descriptions sent from the
-+        "execute": "query-block-jobs",
++QEMU process. For a PCI device, a PCI bus will need to be created with
-+        "arguments": {}
++``pci_root_bus_new()``, and a PCI memory region will need to be created
-+    }
++and added to the *system\_memory* memory region with
-+    {
++``memory_region_add_subregion_overlap()``. The overlap version is
-+        "return": [
++required for architectures where PCI memory overlaps with RAM memory.
-+            {
++
-+                "busy": false,
++MMIO handling
-+                "type": "mirror",
++^^^^^^^^^^^^^
-+                "len": 21561344,
++
-+                "paused": false,
++The device emulation objects will use ``memory_region_init_io()`` to
-+                "ready": true,
++install their MMIO handlers, and ``pci_register_bar()`` to associate
-+                "io-status": "ok",
++those handlers with a PCI BAR, as they do within QEMU currently.
-+                "offset": 21561344,
++
-+                "device": "job0",
++In order to use ``address_space_rw()`` in the emulation process to
-+                "speed": 0
++handle MMIO requests from QEMU, the PCI physical addresses must be the
-+            }
++same in the QEMU process and the device emulation process. In order to
-+        ]
++accomplish that, guest BAR programming must also be forwarded from QEMU
-+    }
++to the emulation process.
 +
-+Gracefully complete the block device job operation, and notice the
++interrupt injection
-+event ``BLOCK_JOB_COMPLETED``::
++^^^^^^^^^^^^^^^^^^^
 +
-+    (QEMU) block-job-complete device=job0
++When device emulation wants to inject an interrupt into the VM, the
-+    {
++request climbs the device's bus object hierarchy until the point where a
-+        "execute": "block-job-complete",
++bus object knows how to signal the interrupt to the guest. The details
-+        "arguments": {
++depend on the type of interrupt being raised.
-+            "device": "job0"
++
-+        }
++-  PCI pin interrupts
-+    }
++
-+    {
++On x86 systems, there is an emulated IOAPIC object attached to the root
-+        "return": {}
++PCI bus object, and the root PCI object forwards interrupt requests to
-+    }
++it. The IOAPIC object, in turn, calls the KVM driver to inject the
-+
++corresponding interrupt into the VM. The simplest way to handle this in
-+Shutdown the guest, by issuing the ``quit`` QMP command::
++an emulation process would be to setup the root PCI bus driver (via
-+
++``pci_bus_irqs()``) to send a interrupt request back to the QEMU
-+    (QEMU) quit
++process, and have the device proxy object reflect it up the PCI tree
-+    {
++there.
-+        "execute": "quit",
++
-+        "arguments": {}
++-  PCI MSI/X interrupts
-+    }
++
-+
++PCI MSI/X interrupts are implemented in HW as DMA writes to a
-+
++CPU-specific PCI address. In QEMU on x86, a KVM APIC object receives
-+Live disk backup --- ``drive-backup`` and ``blockdev-backup``
++these DMA writes, then calls into the KVM driver to inject the interrupt
-+-------------------------------------------------------------
++into the VM. A simple emulation process implementation would be to send
-+
++the MSI DMA address from QEMU as a message at initialization, then
-+The ``drive-backup`` (and its newer equivalent ``blockdev-backup``) allows
++install an address space handler at that address which forwards the MSI
-+you to create a point-in-time snapshot.
++message back to QEMU.
 +
-+In this case, the point-in-time is when you *start* the ``drive-backup``
++DMA operations
-+(or its newer equivalent ``blockdev-backup``) command.
++^^^^^^^^^^^^^^
 +
-+
++When a emulation object wants to DMA into or out of guest memory, it
-+QMP invocation for ``drive-backup``
++first must use dma\_memory\_map() to convert the DMA address to a local
-+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
++virtual address. The emulation process memory region objects setup above
-+
++will be used to translate the DMA address to a local virtual address the
-+Yet again, starting afresh with our example disk image chain::
++device emulation code can access.
 +
-+    [A] <-- [B] <-- [C] <-- [D]
++IOMMU
-+
++^^^^^
-+To create a target image [E], with content populated from image [A] to
++
-+[D], from the above chain, the following is the syntax.  (If the target
++When an IOMMU is in use in QEMU, DMA translation uses IOMMU memory
-+image does not exist, ``drive-backup`` will create it)::
++regions to translate the DMA address to a guest physical address before
-+
++that physical address can be translated to a local virtual address. The
-+    (QEMU) drive-backup device=node-D sync=full target=e.qcow2 job-id=job0
++emulation process will need similar functionality.
-+    {
++
-+        "execute": "drive-backup",
++-  IOTLB cache
-+        "arguments": {
++
-+            "device": "node-D",
++The emulation process will maintain a cache of recent IOMMU translations
-+            "job-id": "job0",
++(the IOTLB). When the translate() callback of an IOMMU memory region is
-+            "sync": "full",
++invoked, the IOTLB cache will be searched for an entry that will map the
-+            "target": "e.qcow2"
++DMA address to a guest PA. On a cache miss, a message will be sent back
-+        }
++to QEMU requesting the corresponding translation entry, which be both be
-+    }
++used to return a guest address and be added to the cache.
 +
-+Once the above ``drive-backup`` has completed, a ``BLOCK_JOB_COMPLETED`` event
++-  IOTLB purge
-+will be issued, indicating the live block device job operation has
++
-+completed, and no further action is required.
++The IOMMU emulation will also need to act on unmap requests from QEMU.
-+
++These happen when the guest IOMMU driver purges an entry from the
-+
++guest's translation table.
-+Notes on ``blockdev-backup``
++
 +live migration
 +^^^^^^^^^^^^^^
 +
 +When a remote process receives a live migration indication from QEMU, it
 +will set up a channel using the received file descriptor with
 +``qio_channel_socket_new_fd()``. This channel will be used to create a
 +*QEMUfile* that can be passed to ``qemu_save_device_state()`` to send
 +the process's device state back to QEMU. This method will be reversed on
 +restore - the channel will be passed to ``qemu_loadvm_state()`` to
 +restore the device state.
 +
 +Accelerating device emulation
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 +
 +The messages that are required to be sent between QEMU and the emulation
 +process can add considerable latency to IO operations. The optimizations
 +described below attempt to ameliorate this effect by allowing the
 +emulation process to communicate directly with the kernel KVM driver.
 +The KVM file descriptors created would be passed to the emulation process
 +via initialization messages, much like the guest memory table is done.
 +#### MMIO acceleration
 +
 +Vhost user applications can receive guest virtio driver stores directly
 +from KVM. The issue with the eventfd mechanism used by vhost user is
 +that it does not pass any data with the event indication, so it cannot
 +handle guest loads or guest stores that carry store data. This concept
 +could, however, be expanded to cover more cases.
 +
 +The expanded idea would require a new type of KVM device:
 +*KVM\_DEV\_TYPE\_USER*. This device has two file descriptors: a master
 +descriptor that QEMU can use for configuration, and a slave descriptor
 +that the emulation process can use to receive MMIO notifications. QEMU
 +would create both descriptors using the KVM driver, and pass the slave
 +descriptor to the emulation process via an initialization message.
 +
 +data structures
 +^^^^^^^^^^^^^^^
 +
 +-  guest physical range
 +
 +The guest physical range structure describes the address range that a
 +device will respond to. It includes the base and length of the range, as
 +well as which bus the range resides on (e.g., on an x86machine, it can
 +specify whether the range refers to memory or IO addresses).
 +
 +A device can have multiple physical address ranges it responds to (e.g.,
 +a PCI device can have multiple BARs), so the structure will also include
 +an enumerated identifier to specify which of the device's ranges is
 +being referred to.
 +
 ++--------+----------------------------+
 +| Name   | Description                |
 ++========+============================+
 +| addr   | range base address         |
 ++--------+----------------------------+
 +| len    | range length               |
 ++--------+----------------------------+
 +| bus    | addr type (memory or IO)   |
 ++--------+----------------------------+
 +| id     | range ID (e.g., PCI BAR)   |
 ++--------+----------------------------+
 +
 +-  MMIO request structure
 +
 +This structure describes an MMIO operation. It includes which guest
 +physical range the MMIO was within, the offset within that range, the
 +MMIO type (e.g., load or store), and its length and data. It also
 +includes a sequence number that can be used to reply to the MMIO, and
 +the CPU that issued the MMIO.
 +
 ++----------+------------------------+
 +| Name     | Description            |
 ++==========+========================+
 +| rid      | range MMIO is within   |
 ++----------+------------------------+
 +| offset   | offset withing *rid*   |
 ++----------+------------------------+
 +| type     | e.g., load or store    |
 ++----------+------------------------+
 +| len      | MMIO length            |
 ++----------+------------------------+
 +| data     | store data             |
 ++----------+------------------------+
 +| seq      | sequence ID            |
 ++----------+------------------------+
 +
 +-  MMIO request queues
 +
 +MMIO request queues are FIFO arrays of MMIO request structures. There
 +are two queues: pending queue is for MMIOs that haven't been read by the
 +emulation program, and the sent queue is for MMIOs that haven't been
 +acknowledged. The main use of the second queue is to validate MMIO
 +replies from the emulation program.
 +
 +-  scoreboard
 +
 +Each CPU in the VM is emulated in QEMU by a separate thread, so multiple
 +MMIOs may be waiting to be consumed by an emulation program and multiple
 +threads may be waiting for MMIO replies. The scoreboard would contain a
 +wait queue and sequence number for the per-CPU threads, allowing them to
 +be individually woken when the MMIO reply is received from the emulation
 +program. It also tracks the number of posted MMIO stores to the device
 +that haven't been replied to, in order to satisfy the PCI constraint
 +that a load to a device will not complete until all previous stores to
 +that device have been completed.
 +
 +-  device shadow memory
 +
 +Some MMIO loads do not have device side-effects. These MMIOs can be
 +completed without sending a MMIO request to the emulation program if the
 +emulation program shares a shadow image of the device's memory image
 +with the KVM driver.
 +
 +The emulation program will ask the KVM driver to allocate memory for the
 +shadow image, and will then use ``mmap()`` to directly access it. The
 +emulation program can control KVM access to the shadow image by sending
 +KVM an access map telling it which areas of the image have no
 +side-effects (and can be completed immediately), and which require a
 +MMIO request to the emulation program. The access map can also inform
 +the KVM drive which size accesses are allowed to the image.
 +
 +master descriptor
 +^^^^^^^^^^^^^^^^^
 +
 +The master descriptor is used by QEMU to configure the new KVM device.
 +The descriptor would be returned by the KVM driver when QEMU issues a
 +*KVM\_CREATE\_DEVICE* ``ioctl()`` with a *KVM\_DEV\_TYPE\_USER* type.
 +
 +KVM\_DEV\_TYPE\_USER device ops
 +
 +
 +The *KVM\_DEV\_TYPE\_USER* operations vector will be registered by a
 +``kvm_register_device_ops()`` call when the KVM system in initialized by
 +``kvm_init()``. These device ops are called by the KVM driver when QEMU
 +executes certain ``ioctl()`` operations on its KVM file descriptor. They
 +include:
 +
 +-  create
 +
 +This routine is called when QEMU issues a *KVM\_CREATE\_DEVICE*
 +``ioctl()`` on its per-VM file descriptor. It will allocate and
 +initialize a KVM user device specific data structure, and assign the
 +*kvm\_device* private field to it.
 +
 +-  ioctl
 +
 +This routine is invoked when QEMU issues an ``ioctl()`` on the master
 +descriptor. The ``ioctl()`` commands supported are defined by the KVM
 +device type. *KVM\_DEV\_TYPE\_USER* ones will need several commands:
 +
 +*KVM\_DEV\_USER\_SLAVE\_FD* creates the slave file descriptor that will
 +be passed to the device emulation program. Only one slave can be created
 +by each master descriptor. The file operations performed by this
 +descriptor are described below.
 +
 +The *KVM\_DEV\_USER\_PA\_RANGE* command configures a guest physical
 +address range that the slave descriptor will receive MMIO notifications
 +for. The range is specified by a guest physical range structure
 +argument. For buses that assign addresses to devices dynamically, this
 +command can be executed while the guest is running, such as the case
 +when a guest changes a device's PCI BAR registers.
 +
 +*KVM\_DEV\_USER\_PA\_RANGE* will use ``kvm_io_bus_register_dev()`` to
 +register *kvm\_io\_device\_ops* callbacks to be invoked when the guest
 +performs a MMIO operation within the range. When a range is changed,
 +``kvm_io_bus_unregister_dev()`` is used to remove the previous
 +instantiation.
 +
 +*KVM\_DEV\_USER\_TIMEOUT* will configure a timeout value that specifies
 +how long KVM will wait for the emulation process to respond to a MMIO
 +indication.
 +
 +-  destroy
 +
 +This routine is called when the VM instance is destroyed. It will need
 +to destroy the slave descriptor; and free any memory allocated by the
 +driver, as well as the *kvm\_device* structure itself.
 +
 +slave descriptor
 +^^^^^^^^^^^^^^^^
 +
 +The slave descriptor will have its own file operations vector, which
 +responds to system calls on the descriptor performed by the device
 +emulation program.
 +
 +-  read
 +
 +A read returns any pending MMIO requests from the KVM driver as MMIO
 +request structures. Multiple structures can be returned if there are
 +multiple MMIO operations pending. The MMIO requests are moved from the
 +pending queue to the sent queue, and if there are threads waiting for
 +space in the pending to add new MMIO operations, they will be woken
 +here.
 +
 +-  write
 +
 +A write also consists of a set of MMIO requests. They are compared to
 +the MMIO requests in the sent queue. Matches are removed from the sent
 +queue, and any threads waiting for the reply are woken. If a store is
 +removed, then the number of posted stores in the per-CPU scoreboard is
 +decremented. When the number is zero, and a non side-effect load was
 +waiting for posted stores to complete, the load is continued.
 +
 +-  ioctl
 +
 +There are several ioctl()s that can be performed on the slave
 +descriptor.
 +
 +A *KVM\_DEV\_USER\_SHADOW\_SIZE* ``ioctl()`` causes the KVM driver to
 +allocate memory for the shadow image. This memory can later be
 +``mmap()``\ ed by the emulation process to share the emulation's view of
 +device memory with the KVM driver.
 +
 +A *KVM\_DEV\_USER\_SHADOW\_CTRL* ``ioctl()`` controls access to the
 +shadow image. It will send the KVM driver a shadow control map, which
 +specifies which areas of the image can complete guest loads without
 +sending the load request to the emulation program. It will also specify
 +the size of load operations that are allowed.
 +
 +-  poll
 +
 +An emulation program will use the ``poll()`` call with a *POLLIN* flag
 +to determine if there are MMIO requests waiting to be read. It will
 +return if the pending MMIO request queue is not empty.
 +
 +-  mmap
 +
 +This call allows the emulation program to directly access the shadow
 +image allocated by the KVM driver. As device emulation updates device
 +memory, changes with no side-effects will be reflected in the shadow,
 +and the KVM driver can satisfy guest loads from the shadow image without
 +needing to wait for the emulation program.
 +
 +kvm\_io\_device ops
 +^^^^^^^^^^^^^^^^^^^
 +
 +Each KVM per-CPU thread can handle MMIO operation on behalf of the guest
 +VM. KVM will use the MMIO's guest physical address to search for a
 +matching *kvm\_io\_device* to see if the MMIO can be handled by the KVM
 +driver instead of exiting back to QEMU. If a match is found, the
 +corresponding callback will be invoked.
 +
 +-  read
 +
 +This callback is invoked when the guest performs a load to the device.
 +Loads with side-effects must be handled synchronously, with the KVM
 +driver putting the QEMU thread to sleep waiting for the emulation
 +process reply before re-starting the guest. Loads that do not have
 +side-effects may be optimized by satisfying them from the shadow image,
 +if there are no outstanding stores to the device by this CPU. PCI memory
 +ordering demands that a load cannot complete before all older stores to
 +the same device have been completed.
 +
 +-  write
 +
 +Stores can be handled asynchronously unless the pending MMIO request
 +queue is full. In this case, the QEMU thread must sleep waiting for
 +space in the queue. Stores will increment the number of posted stores in
 +the per-CPU scoreboard, in order to implement the PCI ordering
 +constraint above.
 +
 +interrupt acceleration
 +^^^^^^^^^^^^^^^^^^^^^^
 +
 +This performance optimization would work much like a vhost user
 +application does, where the QEMU process sets up *eventfds* that cause
 +the device's corresponding interrupt to be triggered by the KVM driver.
 +These irq file descriptors are sent to the emulation process at
 +initialization, and are used when the emulation code raises a device
 +interrupt.
 +
 +intx acceleration
 +'''''''''''''''''
 +
 +Traditional PCI pin interrupts are level based, so, in addition to an
 +irq file descriptor, a re-sampling file descriptor needs to be sent to
 +the emulation program. This second file descriptor allows multiple
 +devices sharing an irq to be notified when the interrupt has been
 +acknowledged by the guest, so they can re-trigger the interrupt if their
 +device has not de-asserted its interrupt.
 +
 +intx irq descriptor
 +
 +
 +The irq descriptors are created by the proxy object
 +``using event_notifier_init()`` to create the irq and re-sampling
 +*eventds*, and ``kvm_vm_ioctl(KVM_IRQFD)`` to bind them to an interrupt.
 +The interrupt route can be found with
 +``pci_device_route_intx_to_irq()``.
 +
 +intx routing changes
 +
 +
 +Intx routing can be changed when the guest programs the APIC the device
 +pin is connected to. The proxy object in QEMU will use
 +``pci_device_set_intx_routing_notifier()`` to be informed of any guest
 +changes to the route. This handler will broadly follow the VFIO
 +interrupt logic to change the route: de-assigning the existing irq
 +descriptor from its route, then assigning it the new route. (see
 +``vfio_intx_update()``)
 +
 +MSI/X acceleration
 +''''''''''''''''''
 +
 +MSI/X interrupts are sent as DMA transactions to the host. The interrupt
 +data contains a vector that is programmed by the guest, A device may have
 +multiple MSI interrupts associated with it, so multiple irq descriptors
 +may need to be sent to the emulation program.
 +
 +MSI/X irq descriptor
 +
 +
 +This case will also follow the VFIO example. For each MSI/X interrupt,
 +an *eventfd* is created, a virtual interrupt is allocated by
 +``kvm_irqchip_add_msi_route()``, and the virtual interrupt is bound to
 +the eventfd with ``kvm_irqchip_add_irqfd_notifier()``.
 +
 +MSI/X config space changes
 +
 +
 +The guest may dynamically update several MSI-related tables in the
 +device's PCI config space. These include per-MSI interrupt enables and
 +vector data. Additionally, MSIX tables exist in device memory space, not
 +config space. Much like the BAR case above, the proxy object must look
 +at guest config space programming to keep the MSI interrupt state
 +consistent between QEMU and the emulation program.
 +
 +--------------
 +
 +Disaggregated CPU emulation
 +---------------------------
 +
 +After IO services have been disaggregated, a second phase would be to
 +separate a process to handle CPU instruction emulation from the main
 +QEMU control function. There are no object separation points for this
 +code, so the first task would be to create one.
 +
 +Host access controls
 +--------------------
 +
 +Separating QEMU relies on the host OS's access restriction mechanisms to
 +enforce that the differing processes can only access the objects they
 +are entitled to. There are a couple types of mechanisms usually provided
 +by general purpose OSs.
 +
 +Discretionary access control
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 +
-+The ``blockdev-backup`` command is equivalent in functionality to
++Discretionary access control allows each user to control who can access
-+``drive-backup``, except that it operates at node-level in a Block Driver
++their files. In Linux, this type of control is usually too coarse for
-+State (BDS) graph.
++QEMU separation, since it only provides three separate access controls:
-+
++one for the same user ID, the second for users IDs with the same group
-+E.g. the sequence of actions to create a point-in-time backup
++ID, and the third for all other user IDs. Each device instance would
-+of an entire disk image chain, to a target, using ``blockdev-backup``
++need a separate user ID to provide access control, which is likely to be
-+would be:
++unwieldy for dynamically created VMs.
 +
-+(0) Create the QCOW2 overlays, to arrive at a backing chain of desired
++Mandatory access control
-+    depth
++~~~~~~~~~~~~~~~~~~~~~~~~
 +
-+(1) Create the target image (using ``qemu-img``), say, ``e.qcow2``
++Mandatory access control allows the OS to add an additional set of
-+
++controls on top of discretionary access for the OS to control. It also
-+(2) Attach the above created file (``e.qcow2``), run-time, using
++adds other attributes to processes and files such as types, roles, and
-+    ``blockdev-add`` to QEMU
++categories, and can establish rules for how processes and files can
-+
++interact.
-+(3) Perform ``blockdev-backup`` (use ``"sync": "full"`` to copy the
++
-+    entire chain to the target).  And notice the event
++Type enforcement
-+    ``BLOCK_JOB_COMPLETED``
++^^^^^^^^^^^^^^^^
 +
-+(4) Shutdown the guest, by issuing the QMP ``quit`` command, so that
++Type enforcement assigns a *type* attribute to processes and files, and
-+    caches are flushed
++allows rules to be written on what operations a process with a given
-+
++type can perform on a file with a given type. QEMU separation could take
-+(5) Then, finally, compare the contents of the disk image chain, and
++advantage of type enforcement by running the emulation processes with
-+    the target copy with ``qemu-img compare``.  You should notice:
++different types, both from the main QEMU process, and from the emulation
-+    "Images are identical"
++processes of different classes of devices.
 +
-+The following section shows an example QMP invocation for
++For example, guest disk images and disk emulation processes could have
-+``blockdev-backup``.
++types separate from the main QEMU process and non-disk emulation
-+
++processes, and the type rules could prevent processes other than disk
-+QMP invocation for ``blockdev-backup``
++emulation ones from accessing guest disk images. Similarly, network
-+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
++emulation processes can have a type separate from the main QEMU process
-+
++and non-network emulation process, and only that type can access the
-+Given a disk image chain of depth 1 where image [B] is the active
++host tun/tap device used to provide guest networking.
-+overlay (live QEMU is writing to it)::
++
-+
++Category enforcement
-+    [A] <-- [B]
++^^^^^^^^^^^^^^^^^^^^
 +
-+The following is the procedure to copy the content from the entire chain
++Category enforcement assigns a set of numbers within a given range to
-+to a target image (say, [E]), which has the full content from [A] and
++the process or file. The process is granted access to the file if the
-+[B].
++process's set is a superset of the file's set. This enforcement can be
-+
++used to separate multiple instances of devices in the same class.
-+Create the overlay [B]::
++
-+
++For example, if there are multiple disk devices provides to a guest,
-+    (QEMU) blockdev-snapshot-sync node-name=node-A snapshot-file=b.qcow2 snapshot-node-name=node-B format=qcow2
++each device emulation process could be provisioned with a separate
-+    {
++category. The different device emulation processes would not be able to
-+        "execute": "blockdev-snapshot-sync",
++access each other's backing disk images.
-+        "arguments": {
++
-+            "node-name": "node-A",
++Alternatively, categories could be used in lieu of the type enforcement
-+            "snapshot-file": "b.qcow2",
++scheme described above. In this scenario, different categories would be
-+            "format": "qcow2",
++used to prevent device emulation processes in different classes from
-+            "snapshot-node-name": "node-B"
++accessing resources assigned to other classes.
 +        }
 +    }
 +
 +
 +Create a target image that will contain the copy::
 +
 +    $ qemu-img create -f qcow2 e.qcow2 39M
 +
 +Then add it to QEMU via ``blockdev-add``::
 +
 +    (QEMU) blockdev-add driver=qcow2 node-name=node-E file={"driver":"file","filename":"e.qcow2"}
 +    {
 +        "execute": "blockdev-add",
 +        "arguments": {
 +            "node-name": "node-E",
 +            "driver": "qcow2",
 +            "file": {
 +                "driver": "file",
 +                "filename": "e.qcow2"
 +            }
 +        }
 +    }
 +
 +Then invoke ``blockdev-backup`` to copy the contents from the entire
 +image chain, consisting of images [A] and [B] to the target image
 +'e.qcow2'::
 +
 +    (QEMU) blockdev-backup device=node-B target=node-E sync=full job-id=job0
 +    {
 +        "execute": "blockdev-backup",
 +        "arguments": {
 +            "device": "node-B",
 +            "job-id": "job0",
 +            "target": "node-E",
 +            "sync": "full"
 +        }
 +    }
 +
 +Once the above 'backup' operation has completed, the event,
 +``BLOCK_JOB_COMPLETED`` will be emitted, signalling successful
 +completion.
 +
 +Next, query for any active block device jobs (there should be none)::
 +
 +    (QEMU) query-block-jobs
 +    {
 +        "execute": "query-block-jobs",
 +        "arguments": {}
 +    }
 +
 +Shutdown the guest::
 +
 +    (QEMU) quit
 +    {
 +            "execute": "quit",
 +                "arguments": {}
 +    }
 +            "return": {}
 +    }
 +
 +.. note::
 +    The above step is really important; if forgotten, an error, "Failed
 +    to get shared "write" lock on e.qcow2", will be thrown when you do
 +    ``qemu-img compare`` to verify the integrity of the disk image
 +    with the backup content.
 +
 +
 +The end result will be the image 'e.qcow2' containing a
 +point-in-time backup of the disk image chain -- i.e. contents from
 +images [A] and [B] at the time the ``blockdev-backup`` command was
 +initiated.
 +
 +One way to confirm the backup disk image contains the identical content
 +with the disk image chain is to compare the backup and the contents of
 +the chain, you should see "Images are identical".  (NB: this is assuming
 +QEMU was launched with ``-S`` option, which will not start the CPUs at
 +guest boot up)::
 +
 +    $ qemu-img compare b.qcow2 e.qcow2
 +    Warning: Image size mismatch!
 +    Images are identical.
 +
 +NOTE: The "Warning: Image size mismatch!" is expected, as we created the
 +target image (e.qcow2) with 39M size.
 diff --git a/docs/live-block-ops.txt b/docs/live-block-ops.txt
 deleted file mode 100644
 index XXXXXXX..XXXXXXX
 --- a/docs/live-block-ops.txt
 +++ /dev/null
@@ -XXX,XX +XXX,XX @@
 -LIVE BLOCK OPERATIONS
 -=====================
 -
 -High level description of live block operations. Note these are not
 -supported for use with the raw format at the moment.
 -
 -Note also that this document is incomplete and it currently only
 -covers the 'stream' operation. Other operations supported by QEMU such
 -as 'commit', 'mirror' and 'backup' are not described here yet. Please
 -refer to the qapi/block-core.json file for an overview of those.
 -
 -Snapshot live merge
 -===================
 -
 -Given a snapshot chain, described in this document in the following
 -format:
 -
 -[A] <- [B] <- [C] <- [D] <- [E]
 -
 -Where the rightmost object ([E] in the example) described is the current
 -image which the guest OS has write access to. To the left of it is its base
 -image, and so on accordingly until the leftmost image, which has no
 -base.
 -
 -The snapshot live merge operation transforms such a chain into a
 -smaller one with fewer elements, such as this transformation relative
 -to the first example:
 -
 -[A] <- [E]
 -
 -Data is copied in the right direction with destination being the
 -rightmost image, but any other intermediate image can be specified
 -instead. In this example data is copied from [C] into [D], so [D] can
 -be backed by [B]:
 -
 -[A] <- [B] <- [D] <- [E]
 -
 -The operation is implemented in QEMU through image streaming facilities.
 -
 -The basic idea is to execute 'block_stream virtio0' while the guest is
 -running. Progress can be monitored using 'info block-jobs'. When the
 -streaming operation completes it raises a QMP event. 'block_stream'
 -copies data from the backing file(s) into the active image. When finished,
 -it adjusts the backing file pointer.
 -
 -The 'base' parameter specifies an image which data need not be
 -streamed from. This image will be used as the backing file for the
 -destination image when the operation is finished.
 -
 -In the first example above, the command would be:
 -
 -(qemu) block_stream virtio0 file-A.img
 -
 -In order to specify a destination image different from the active
 -(rightmost) one we can use its node name instead.
 -
 -In the second example above, the command would be:
 -
 -(qemu) block_stream node-D file-B.img
 -
 -Live block copy
 -===============
 -
 -To copy an in use image to another destination in the filesystem, one
 -should create a live snapshot in the desired destination, then stream
 -into that image. Example:
 -
 -(qemu) snapshot_blkdev ide0-hd0 /new-path/disk.img qcow2
 -
 -(qemu) block_stream ide0-hd0
 -
 -
 --
-.9.4
+.29.2

-New patch
+[PULL v3 08/27] multi-process: add configure and usage information
+From: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Adds documentation explaining the command-line arguments needed
+to use multi-process.
+Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
+Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-id: 49f757a84e5dd6fae14b22544897d1124c5fdbad.1611938319.git.jag.raman@oracle.com
+[Move orphan docs/multi-process.rst document into docs/system/ and add
+it to index.rst to prevent Sphinx "document isn't included in any
+toctree" error.
+--Stefan]
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ MAINTAINERS                   |  1 +
+ docs/system/index.rst         |  1 +
+ docs/system/multi-process.rst | 64 +++++++++++++++++++++++++++++++++++
+files changed, 66 insertions(+)
+ create mode 100644 docs/system/multi-process.rst
+diff --git a/MAINTAINERS b/MAINTAINERS
+index XXXXXXX..XXXXXXX 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -XXX,XX +XXX,XX @@ M: Jagannathan Raman <jag.raman@oracle.com>
+ M: John G Johnson <john.g.johnson@oracle.com>
+ S: Maintained
+ F: docs/devel/multi-process.rst
++F: docs/system/multi-process.rst
+ Build and test automation
+ -------------------------
+diff --git a/docs/system/index.rst b/docs/system/index.rst
+index XXXXXXX..XXXXXXX 100644
+--- a/docs/system/index.rst
++++ b/docs/system/index.rst
+@@ -XXX,XX +XXX,XX @@ Contents:
+    pr-manager
+    targets
+    security
++   multi-process
+    deprecated
+    removed-features
+    build-platforms
+diff --git a/docs/system/multi-process.rst b/docs/system/multi-process.rst
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/docs/system/multi-process.rst
+@@ -XXX,XX +XXX,XX @@
++Multi-process QEMU
++==================
++
++This document describes how to configure and use multi-process qemu.
++For the design document refer to docs/devel/qemu-multiprocess.
++
++1) Configuration
++----------------
++
++multi-process is enabled by default for targets that enable KVM
++
++
++2) Usage
++--------
++
++Multi-process QEMU requires an orchestrator to launch.
++
++Following is a description of command-line used to launch mpqemu.
++
++* Orchestrator:
++
++  - The Orchestrator creates a unix socketpair
++
++  - It launches the remote process and passes one of the
++    sockets to it via command-line.
++
++  - It then launches QEMU and specifies the other socket as an option
++    to the Proxy device object
++
++* Remote Process:
++
++  - QEMU can enter remote process mode by using the "remote" machine
++    option.
++
++  - The orchestrator creates a "remote-object" with details about
++    the device and the file descriptor for the device
++
++  - The remaining options are no different from how one launches QEMU with
++    devices.
++
++  - Example command-line for the remote process is as follows:
++
++      /usr/bin/qemu-system-x86_64                                        \
++      -machine x-remote                                                  \
++      -device lsi53c895a,id=lsi0                                         \
++      -drive id=drive_image2,file=/build/ol7-nvme-test-1.qcow2           \
++      -device scsi-hd,id=drive2,drive=drive_image2,bus=lsi0.0,scsi-id=0  \
++      -object x-remote-object,id=robj1,devid=lsi1,fd=4,
++
++* QEMU:
++
++  - Since parts of the RAM are shared between QEMU & remote process, a
++    memory-backend-memfd is required to facilitate this, as follows:
++
++    -object memory-backend-memfd,id=mem,size=2G
++
++  - A "x-pci-proxy-dev" device is created for each of the PCI devices emulated
++    in the remote process. A "socket" sub-option specifies the other end of
++    unix channel created by orchestrator. The "id" sub-option must be specified
++    and should be the same as the "id" specified for the remote PCI device
++
++  - Example commandline for QEMU is as follows:
++
++      -device x-pci-proxy-dev,id=lsi0,socket=3
+--
+.29.2

-New patch
+[PULL v3 09/27] memory: alloc RAM from file at offset
+From: Jagannathan Raman <jag.raman@oracle.com>
 Allow RAM MemoryRegion to be created from an offset in a file, instead
 of allocating at offset of 0 by default. This is needed to synchronize
 RAM between QEMU & remote process.
 Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
 Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
 Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
 Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
 Message-id: 609996697ad8617e3b01df38accc5c208c24d74e.1611938319.git.jag.raman@oracle.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
  include/exec/memory.h     |  2 ++
  include/exec/ram_addr.h   |  4 ++--
  include/qemu/mmap-alloc.h |  4 +++-
  backends/hostmem-memfd.c  |  2 +-
  hw/misc/ivshmem.c         |  3 ++-
  softmmu/memory.c          |  3 ++-
  softmmu/physmem.c         | 12 +++++++-----
  util/mmap-alloc.c         |  8 +++++---
  util/oslib-posix.c        |  2 +-
 files changed, 25 insertions(+), 15 deletions(-)
 diff --git a/include/exec/memory.h b/include/exec/memory.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/exec/memory.h
 +++ b/include/exec/memory.h
@@ -XXX,XX +XXX,XX @@ void memory_region_init_ram_from_file(MemoryRegion *mr,
   * @size: size of the region.
   * @share: %true if memory must be mmaped with the MAP_SHARED flag
   * @fd: the fd to mmap.
 + * @offset: offset within the file referenced by fd
   * @errp: pointer to Error*, to store an error if it happens.
   *
   * Note that this function does not do anything to cause the data in the
@@ -XXX,XX +XXX,XX @@ void memory_region_init_ram_from_fd(MemoryRegion *mr,
                                      uint64_t size,
                                      bool share,
                                      int fd,
 +                                    ram_addr_t offset,
                                      Error **errp);
  #endif
 diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/exec/ram_addr.h
 +++ b/include/exec/ram_addr.h
@@ -XXX,XX +XXX,XX @@ RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
                                     uint32_t ram_flags, const char *mem_path,
                                     bool readonly, Error **errp);
  RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
 -                                 uint32_t ram_flags, int fd, bool readonly,
 -                                 Error **errp);
 +                                 uint32_t ram_flags, int fd, off_t offset,
 +                                 bool readonly, Error **errp);
  RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
                                    MemoryRegion *mr, Error **errp);
 diff --git a/include/qemu/mmap-alloc.h b/include/qemu/mmap-alloc.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/qemu/mmap-alloc.h
 +++ b/include/qemu/mmap-alloc.h
@@ -XXX,XX +XXX,XX @@ size_t qemu_mempath_getpagesize(const char *mem_path);
   *  @readonly: true for a read-only mapping, false for read/write.
   *  @shared: map has RAM_SHARED flag.
   *  @is_pmem: map has RAM_PMEM flag.
 + *  @map_offset: map starts at offset of map_offset from the start of fd
   *
   * Return:
   *  On success, return a pointer to the mapped area.
@@ -XXX,XX +XXX,XX @@ void *qemu_ram_mmap(int fd,
                      size_t align,
                      bool readonly,
                      bool shared,
 -                    bool is_pmem);
 +                    bool is_pmem,
 +                    off_t map_offset);
  void qemu_ram_munmap(int fd, void *ptr, size_t size);
 diff --git a/backends/hostmem-memfd.c b/backends/hostmem-memfd.c
 index XXXXXXX..XXXXXXX 100644
 --- a/backends/hostmem-memfd.c
 +++ b/backends/hostmem-memfd.c
@@ -XXX,XX +XXX,XX @@ memfd_backend_memory_alloc(HostMemoryBackend *backend, Error **errp)
      name = host_memory_backend_get_name(backend);
      memory_region_init_ram_from_fd(&backend->mr, OBJECT(backend),
                                     name, backend->size,
 -                                   backend->share, fd, errp);
 +                                   backend->share, fd, 0, errp);
      g_free(name);
  }
 diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/misc/ivshmem.c
 +++ b/hw/misc/ivshmem.c
@@ -XXX,XX +XXX,XX @@ static void process_msg_shmem(IVShmemState *s, int fd, Error **errp)
      /* mmap the region and map into the BAR2 */
      memory_region_init_ram_from_fd(&s->server_bar2, OBJECT(s),
 -                                   "ivshmem.bar2", size, true, fd, &local_err);
 +                                   "ivshmem.bar2", size, true, fd, 0,
 +                                   &local_err);
      if (local_err) {
          error_propagate(errp, local_err);
          return;
 diff --git a/softmmu/memory.c b/softmmu/memory.c
 index XXXXXXX..XXXXXXX 100644
 --- a/softmmu/memory.c
 +++ b/softmmu/memory.c
@@ -XXX,XX +XXX,XX @@ void memory_region_init_ram_from_fd(MemoryRegion *mr,
                                      uint64_t size,
                                      bool share,
                                      int fd,
 +                                    ram_addr_t offset,
                                      Error **errp)
  {
      Error *err = NULL;
@@ -XXX,XX +XXX,XX @@ void memory_region_init_ram_from_fd(MemoryRegion *mr,
      mr->destructor = memory_region_destructor_ram;
      mr->ram_block = qemu_ram_alloc_from_fd(size, mr,
                                             share ? RAM_SHARED : 0,
 -                                           fd, false, &err);
 +                                           fd, offset, false, &err);
      if (err) {
          mr->size = int128_zero();
          object_unparent(OBJECT(mr));
 diff --git a/softmmu/physmem.c b/softmmu/physmem.c
 index XXXXXXX..XXXXXXX 100644
 --- a/softmmu/physmem.c
 +++ b/softmmu/physmem.c
@@ -XXX,XX +XXX,XX @@ static void *file_ram_alloc(RAMBlock *block,
                              int fd,
                              bool readonly,
                              bool truncate,
 +                            off_t offset,
                              Error **errp)
  {
      void *area;
@@ -XXX,XX +XXX,XX @@ static void *file_ram_alloc(RAMBlock *block,
      }
      area = qemu_ram_mmap(fd, memory, block->mr->align, readonly,
 -                         block->flags & RAM_SHARED, block->flags & RAM_PMEM);
 +                         block->flags & RAM_SHARED, block->flags & RAM_PMEM,
 +                         offset);
      if (area == MAP_FAILED) {
          error_setg_errno(errp, errno,
                           "unable to map backing store for guest RAM");
@@ -XXX,XX +XXX,XX @@ static void ram_block_add(RAMBlock *new_block, Error **errp, bool shared)
  #ifdef CONFIG_POSIX
  RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
 -                                 uint32_t ram_flags, int fd, bool readonly,
 -                                 Error **errp)
 +                                 uint32_t ram_flags, int fd, off_t offset,
 +                                 bool readonly, Error **errp)
  {
      RAMBlock *new_block;
      Error *local_err = NULL;
@@ -XXX,XX +XXX,XX @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
      new_block->max_length = size;
      new_block->flags = ram_flags;
      new_block->host = file_ram_alloc(new_block, size, fd, readonly,
 -                                     !file_size, errp);
 +                                     !file_size, offset, errp);
      if (!new_block->host) {
          g_free(new_block);
          return NULL;
@@ -XXX,XX +XXX,XX @@ RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
          return NULL;
      }
 -    block = qemu_ram_alloc_from_fd(size, mr, ram_flags, fd, readonly, errp);
 +    block = qemu_ram_alloc_from_fd(size, mr, ram_flags, fd, 0, readonly, errp);
      if (!block) {
          if (created) {
              unlink(mem_path);
 diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/mmap-alloc.c
 +++ b/util/mmap-alloc.c
@@ -XXX,XX +XXX,XX @@ void *qemu_ram_mmap(int fd,
                      size_t align,
                      bool readonly,
                      bool shared,
 -                    bool is_pmem)
 +                    bool is_pmem,
 +                    off_t map_offset)
  {
      int prot;
      int flags;
@@ -XXX,XX +XXX,XX @@ void *qemu_ram_mmap(int fd,
      prot = PROT_READ | (readonly ? 0 : PROT_WRITE);
 -    ptr = mmap(guardptr + offset, size, prot, flags | map_sync_flags, fd, 0);
 +    ptr = mmap(guardptr + offset, size, prot,
 +               flags | map_sync_flags, fd, map_offset);
      if (ptr == MAP_FAILED && map_sync_flags) {
          if (errno == ENOTSUP) {
@@ -XXX,XX +XXX,XX @@ void *qemu_ram_mmap(int fd,
           * if map failed with MAP_SHARED_VALIDATE | MAP_SYNC,
           * we will remove these flags to handle compatibility.
           */
 -        ptr = mmap(guardptr + offset, size, prot, flags, fd, 0);
 +        ptr = mmap(guardptr + offset, size, prot, flags, fd, map_offset);
      }
      if (ptr == MAP_FAILED) {
 diff --git a/util/oslib-posix.c b/util/oslib-posix.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/oslib-posix.c
 +++ b/util/oslib-posix.c
@@ -XXX,XX +XXX,XX @@ void *qemu_memalign(size_t alignment, size_t size)
  void *qemu_anon_ram_alloc(size_t size, uint64_t *alignment, bool shared)
  {
      size_t align = QEMU_VMALLOC_ALIGN;
 -    void *ptr = qemu_ram_mmap(-1, size, align, false, shared, false);
 +    void *ptr = qemu_ram_mmap(-1, size, align, false, shared, false, 0);
      if (ptr == MAP_FAILED) {
          return NULL;
 --
 .29.2

-New patch
+[PULL v3 10/27] multi-process: Add config option for multi-process QEMU
+From: Jagannathan Raman <jag.raman@oracle.com>
+Add configuration options to enable or disable multiprocess QEMU code
+Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
+Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
+Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-id: 6cc37253e35418ebd7b675a31a3df6e3c7a12dc1.1611938319.git.jag.raman@oracle.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ configure         | 10 ++++++++++
+ meson.build       |  4 +++-
+ Kconfig.host      |  4 ++++
+ hw/Kconfig        |  1 +
+ hw/remote/Kconfig |  3 +++
+files changed, 21 insertions(+), 1 deletion(-)
+ create mode 100644 hw/remote/Kconfig
+diff --git a/configure b/configure
+index XXXXXXX..XXXXXXX 100755
+--- a/configure
++++ b/configure
+@@ -XXX,XX +XXX,XX @@ skip_meson=no
+ gettext="auto"
+ fuse="auto"
+ fuse_lseek="auto"
++multiprocess="no"
+ malloc_trim="auto"
+@@ -XXX,XX +XXX,XX @@ Linux)
+   linux="yes"
+   linux_user="yes"
+   vhost_user=${default_feature:-yes}
++  multiprocess=${default_feature:-yes}
+ ;;
+ esac
+@@ -XXX,XX +XXX,XX @@ for opt do
+   ;;
+   --disable-fuse-lseek) fuse_lseek="disabled"
+   ;;
++  --enable-multiprocess) multiprocess="yes"
++  ;;
++  --disable-multiprocess) multiprocess="no"
++  ;;
+   *)
+       echo "ERROR: unknown option $opt"
+       echo "Try '$0 --help' for more information"
+@@ -XXX,XX +XXX,XX @@ disabled with --disable-FEATURE, default is enabled if available
+   libdaxctl       libdaxctl support
+   fuse            FUSE block device export
+   fuse-lseek      SEEK_HOLE/SEEK_DATA support for FUSE exports
++  multiprocess    Multiprocess QEMU support
+ NOTE: The object files are built at the place where configure is launched
+ EOF
+@@ -XXX,XX +XXX,XX @@ fi
+ if test "$have_mlockall" = "yes" ; then
+   echo "HAVE_MLOCKALL=y" >> $config_host_mak
+ fi
++if test "$multiprocess" = "yes" ; then
++  echo "CONFIG_MULTIPROCESS_ALLOWED=y" >> $config_host_mak
++fi
+ if test "$fuzzing" = "yes" ; then
+   # If LIB_FUZZING_ENGINE is set, assume we are running on OSS-Fuzz, and the
+   # needed CFLAGS have already been provided
+diff --git a/meson.build b/meson.build
+index XXXXXXX..XXXXXXX 100644
+--- a/meson.build
++++ b/meson.build
+@@ -XXX,XX +XXX,XX @@ host_kconfig = \
+   ('CONFIG_VHOST_KERNEL' in config_host ? ['CONFIG_VHOST_KERNEL=y'] : []) + \
+   (have_virtfs ? ['CONFIG_VIRTFS=y'] : []) + \
+   ('CONFIG_LINUX' in config_host ? ['CONFIG_LINUX=y'] : []) + \
+-  ('CONFIG_PVRDMA' in config_host ? ['CONFIG_PVRDMA=y'] : [])
++  ('CONFIG_PVRDMA' in config_host ? ['CONFIG_PVRDMA=y'] : []) + \
++  ('CONFIG_MULTIPROCESS_ALLOWED' in config_host ? ['CONFIG_MULTIPROCESS_ALLOWED=y'] : [])
+ ignored = [ 'TARGET_XML_FILES', 'TARGET_ABI_DIR', 'TARGET_ARCH' ]
+@@ -XXX,XX +XXX,XX @@ summary_info += {'libpmem support':   config_host.has_key('CONFIG_LIBPMEM')}
+ summary_info += {'libdaxctl support': config_host.has_key('CONFIG_LIBDAXCTL')}
+ summary_info += {'libudev':           libudev.found()}
+ summary_info += {'FUSE lseek':        fuse_lseek.found()}
++summary_info += {'Multiprocess QEMU': config_host.has_key('CONFIG_MULTIPROCESS_ALLOWED')}
+ summary(summary_info, bool_yn: true, section: 'Dependencies')
+ if not supported_cpus.contains(cpu)
+diff --git a/Kconfig.host b/Kconfig.host
+index XXXXXXX..XXXXXXX 100644
+--- a/Kconfig.host
++++ b/Kconfig.host
+@@ -XXX,XX +XXX,XX @@ config VIRTFS
+ config PVRDMA
+     bool
++
++config MULTIPROCESS_ALLOWED
++    bool
++    imply MULTIPROCESS
+diff --git a/hw/Kconfig b/hw/Kconfig
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/Kconfig
++++ b/hw/Kconfig
+@@ -XXX,XX +XXX,XX @@ source pci-host/Kconfig
+ source pcmcia/Kconfig
+ source pci/Kconfig
+ source rdma/Kconfig
++source remote/Kconfig
+ source rtc/Kconfig
+ source scsi/Kconfig
+ source sd/Kconfig
+diff --git a/hw/remote/Kconfig b/hw/remote/Kconfig
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/hw/remote/Kconfig
+@@ -XXX,XX +XXX,XX @@
++config MULTIPROCESS
++    bool
++    depends on PCI && KVM
+--
+.29.2

-New patch
+[PULL v3 11/27] multi-process: setup PCI host bridge for remote device
+From: Jagannathan Raman <jag.raman@oracle.com>
+PCI host bridge is setup for the remote device process. It is
+implemented using remote-pcihost object. It is an extension of the PCI
+host bridge setup by QEMU.
+Remote-pcihost configures a PCI bus which could be used by the remote
+PCI device to latch on to.
+Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
+Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
+Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-id: 0871ba857abb2eafacde07e7fe66a3f12415bfb2.1611938319.git.jag.raman@oracle.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ MAINTAINERS                  |  2 +
+ include/hw/pci-host/remote.h | 29 ++++++++++++++
+ hw/pci-host/remote.c         | 75 ++++++++++++++++++++++++++++++++++++
+ hw/pci-host/Kconfig          |  3 ++
+ hw/pci-host/meson.build      |  1 +
+ hw/remote/Kconfig            |  1 +
+files changed, 111 insertions(+)
+ create mode 100644 include/hw/pci-host/remote.h
+ create mode 100644 hw/pci-host/remote.c
+diff --git a/MAINTAINERS b/MAINTAINERS
+index XXXXXXX..XXXXXXX 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -XXX,XX +XXX,XX @@ M: John G Johnson <john.g.johnson@oracle.com>
+ S: Maintained
+ F: docs/devel/multi-process.rst
+ F: docs/system/multi-process.rst
++F: hw/pci-host/remote.c
++F: include/hw/pci-host/remote.h
+ Build and test automation
+ -------------------------
+diff --git a/include/hw/pci-host/remote.h b/include/hw/pci-host/remote.h
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/include/hw/pci-host/remote.h
+@@ -XXX,XX +XXX,XX @@
++/*
++ * PCI Host for remote device
++ *
++ * Copyright © 2018, 2021 Oracle and/or its affiliates.
++ *
++ * This work is licensed under the terms of the GNU GPL, version 2 or later.
++ * See the COPYING file in the top-level directory.
++ *
++ */
++
++#ifndef REMOTE_PCIHOST_H
++#define REMOTE_PCIHOST_H
++
++#include "exec/memory.h"
++#include "hw/pci/pcie_host.h"
++
++#define TYPE_REMOTE_PCIHOST "remote-pcihost"
++OBJECT_DECLARE_SIMPLE_TYPE(RemotePCIHost, REMOTE_PCIHOST)
++
++struct RemotePCIHost {
++    /*< private >*/
++    PCIExpressHost parent_obj;
++    /*< public >*/
++
++    MemoryRegion *mr_pci_mem;
++    MemoryRegion *mr_sys_io;
++};
++
++#endif
+diff --git a/hw/pci-host/remote.c b/hw/pci-host/remote.c
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/hw/pci-host/remote.c
+@@ -XXX,XX +XXX,XX @@
++/*
++ * Remote PCI host device
++ *
++ * Unlike PCI host devices that model physical hardware, the purpose
++ * of this PCI host is to host multi-process QEMU devices.
++ *
++ * Multi-process QEMU extends the PCI host of a QEMU machine into a
++ * remote process. Any PCI device attached to the remote process is
++ * visible in the QEMU guest. This allows existing QEMU device models
++ * to be reused in the remote process.
++ *
++ * This PCI host is purely a container for PCI devices. It's fake in the
++ * sense that the guest never sees this PCI host and has no way of
++ * accessing it. Its job is just to provide the environment that QEMU
++ * PCI device models need when running in a remote process.
++ *
++ * Copyright © 2018, 2021 Oracle and/or its affiliates.
++ *
++ * This work is licensed under the terms of the GNU GPL, version 2 or later.
++ * See the COPYING file in the top-level directory.
++ *
++ */
++
++#include "qemu/osdep.h"
++#include "qemu-common.h"
++
++#include "hw/pci/pci.h"
++#include "hw/pci/pci_host.h"
++#include "hw/pci/pcie_host.h"
++#include "hw/qdev-properties.h"
++#include "hw/pci-host/remote.h"
++#include "exec/memory.h"
++
++static const char *remote_pcihost_root_bus_path(PCIHostState *host_bridge,
++                                                PCIBus *rootbus)
++{
++    return "0000:00";
++}
++
++static void remote_pcihost_realize(DeviceState *dev, Error **errp)
++{
++    PCIHostState *pci = PCI_HOST_BRIDGE(dev);
++    RemotePCIHost *s = REMOTE_PCIHOST(dev);
++
++    pci->bus = pci_root_bus_new(DEVICE(s), "remote-pci",
++                                s->mr_pci_mem, s->mr_sys_io,
++                                0, TYPE_PCIE_BUS);
++}
++
++static void remote_pcihost_class_init(ObjectClass *klass, void *data)
++{
++    DeviceClass *dc = DEVICE_CLASS(klass);
++    PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass);
++
++    hc->root_bus_path = remote_pcihost_root_bus_path;
++    dc->realize = remote_pcihost_realize;
++
++    dc->user_creatable = false;
++    set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
++    dc->fw_name = "pci";
++}
++
++static const TypeInfo remote_pcihost_info = {
++    .name = TYPE_REMOTE_PCIHOST,
++    .parent = TYPE_PCIE_HOST_BRIDGE,
++    .instance_size = sizeof(RemotePCIHost),
++    .class_init = remote_pcihost_class_init,
++};
++
++static void remote_pcihost_register(void)
++{
++    type_register_static(&remote_pcihost_info);
++}
++
++type_init(remote_pcihost_register)
+diff --git a/hw/pci-host/Kconfig b/hw/pci-host/Kconfig
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/pci-host/Kconfig
++++ b/hw/pci-host/Kconfig
+@@ -XXX,XX +XXX,XX @@ config PCI_POWERNV
+     select PCI_EXPRESS
+     select MSI_NONBROKEN
+     select PCIE_PORT
++
++config REMOTE_PCIHOST
++    bool
+diff --git a/hw/pci-host/meson.build b/hw/pci-host/meson.build
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/pci-host/meson.build
++++ b/hw/pci-host/meson.build
+@@ -XXX,XX +XXX,XX @@ pci_ss.add(when: 'CONFIG_PCI_EXPRESS_XILINX', if_true: files('xilinx-pcie.c'))
+ pci_ss.add(when: 'CONFIG_PCI_I440FX', if_true: files('i440fx.c'))
+ pci_ss.add(when: 'CONFIG_PCI_SABRE', if_true: files('sabre.c'))
+ pci_ss.add(when: 'CONFIG_XEN_IGD_PASSTHROUGH', if_true: files('xen_igd_pt.c'))
++pci_ss.add(when: 'CONFIG_REMOTE_PCIHOST', if_true: files('remote.c'))
+ # PPC devices
+ pci_ss.add(when: 'CONFIG_PREP_PCI', if_true: files('prep.c'))
+diff --git a/hw/remote/Kconfig b/hw/remote/Kconfig
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/remote/Kconfig
++++ b/hw/remote/Kconfig
+@@ -XXX,XX +XXX,XX @@
+ config MULTIPROCESS
+     bool
+     depends on PCI && KVM
++    select REMOTE_PCIHOST
+--
+.29.2

-New patch
+[PULL v3 12/27] multi-process: setup a machine object for remote device process
+From: Jagannathan Raman <jag.raman@oracle.com>
+x-remote-machine object sets up various subsystems of the remote
+device process. Instantiate PCI host bridge object and initialize RAM, IO &
+PCI memory regions.
+Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
+Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
+Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-id: c537f38d17f90453ca610c6b70cf3480274e0ba1.1611938319.git.jag.raman@oracle.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ MAINTAINERS                  |  2 ++
+ include/hw/pci-host/remote.h |  1 +
+ include/hw/remote/machine.h  | 27 ++++++++++++++
+ hw/remote/machine.c          | 70 ++++++++++++++++++++++++++++++++++++
+ hw/meson.build               |  1 +
+ hw/remote/meson.build        |  5 +++
+files changed, 106 insertions(+)
+ create mode 100644 include/hw/remote/machine.h
+ create mode 100644 hw/remote/machine.c
+ create mode 100644 hw/remote/meson.build
+diff --git a/MAINTAINERS b/MAINTAINERS
+index XXXXXXX..XXXXXXX 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -XXX,XX +XXX,XX @@ F: docs/devel/multi-process.rst
+ F: docs/system/multi-process.rst
+ F: hw/pci-host/remote.c
+ F: include/hw/pci-host/remote.h
++F: hw/remote/machine.c
++F: include/hw/remote/machine.h
+ Build and test automation
+ -------------------------
+diff --git a/include/hw/pci-host/remote.h b/include/hw/pci-host/remote.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/hw/pci-host/remote.h
++++ b/include/hw/pci-host/remote.h
+@@ -XXX,XX +XXX,XX @@ struct RemotePCIHost {
+     MemoryRegion *mr_pci_mem;
+     MemoryRegion *mr_sys_io;
++    MemoryRegion *mr_sys_mem;
+ };
+ #endif
+diff --git a/include/hw/remote/machine.h b/include/hw/remote/machine.h
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/include/hw/remote/machine.h
+@@ -XXX,XX +XXX,XX @@
++/*
++ * Remote machine configuration
++ *
++ * Copyright © 2018, 2021 Oracle and/or its affiliates.
++ *
++ * This work is licensed under the terms of the GNU GPL, version 2 or later.
++ * See the COPYING file in the top-level directory.
++ *
++ */
++
++#ifndef REMOTE_MACHINE_H
++#define REMOTE_MACHINE_H
++
++#include "qom/object.h"
++#include "hw/boards.h"
++#include "hw/pci-host/remote.h"
++
++struct RemoteMachineState {
++    MachineState parent_obj;
++
++    RemotePCIHost *host;
++};
++
++#define TYPE_REMOTE_MACHINE "x-remote-machine"
++OBJECT_DECLARE_SIMPLE_TYPE(RemoteMachineState, REMOTE_MACHINE)
++
++#endif
+diff --git a/hw/remote/machine.c b/hw/remote/machine.c
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/hw/remote/machine.c
+@@ -XXX,XX +XXX,XX @@
++/*
++ * Machine for remote device
++ *
++ *  This machine type is used by the remote device process in multi-process
++ *  QEMU. QEMU device models depend on parent busses, interrupt controllers,
++ *  memory regions, etc. The remote machine type offers this environment so
++ *  that QEMU device models can be used as remote devices.
++ *
++ * Copyright © 2018, 2021 Oracle and/or its affiliates.
++ *
++ * This work is licensed under the terms of the GNU GPL, version 2 or later.
++ * See the COPYING file in the top-level directory.
++ *
++ */
++
++#include "qemu/osdep.h"
++#include "qemu-common.h"
++
++#include "hw/remote/machine.h"
++#include "exec/address-spaces.h"
++#include "exec/memory.h"
++#include "qapi/error.h"
++
++static void remote_machine_init(MachineState *machine)
++{
++    MemoryRegion *system_memory, *system_io, *pci_memory;
++    RemoteMachineState *s = REMOTE_MACHINE(machine);
++    RemotePCIHost *rem_host;
++
++    system_memory = get_system_memory();
++    system_io = get_system_io();
++
++    pci_memory = g_new(MemoryRegion, 1);
++    memory_region_init(pci_memory, NULL, "pci", UINT64_MAX);
++
++    rem_host = REMOTE_PCIHOST(qdev_new(TYPE_REMOTE_PCIHOST));
++
++    rem_host->mr_pci_mem = pci_memory;
++    rem_host->mr_sys_mem = system_memory;
++    rem_host->mr_sys_io = system_io;
++
++    s->host = rem_host;
++
++    object_property_add_child(OBJECT(s), "remote-pcihost", OBJECT(rem_host));
++    memory_region_add_subregion_overlap(system_memory, 0x0, pci_memory, -1);
++
++    qdev_realize(DEVICE(rem_host), sysbus_get_default(), &error_fatal);
++}
++
++static void remote_machine_class_init(ObjectClass *oc, void *data)
++{
++    MachineClass *mc = MACHINE_CLASS(oc);
++
++    mc->init = remote_machine_init;
++    mc->desc = "Experimental remote machine";
++}
++
++static const TypeInfo remote_machine = {
++    .name = TYPE_REMOTE_MACHINE,
++    .parent = TYPE_MACHINE,
++    .instance_size = sizeof(RemoteMachineState),
++    .class_init = remote_machine_class_init,
++};
++
++static void remote_machine_register_types(void)
++{
++    type_register_static(&remote_machine);
++}
++
++type_init(remote_machine_register_types);
+diff --git a/hw/meson.build b/hw/meson.build
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/meson.build
++++ b/hw/meson.build
+@@ -XXX,XX +XXX,XX @@ subdir('moxie')
+ subdir('nios2')
+ subdir('openrisc')
+ subdir('ppc')
++subdir('remote')
+ subdir('riscv')
+ subdir('rx')
+ subdir('s390x')
+diff --git a/hw/remote/meson.build b/hw/remote/meson.build
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/hw/remote/meson.build
+@@ -XXX,XX +XXX,XX @@
++remote_ss = ss.source_set()
++
++remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('machine.c'))
++
++softmmu_ss.add_all(when: 'CONFIG_MULTIPROCESS', if_true: remote_ss)
+--
+.29.2

-New patch
+[PULL v3 13/27] io: add qio_channel_writev_full_all helper
+From: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Adds qio_channel_writev_full_all() to transmit both data and FDs.
+Refactors existing code to use this helper.
+Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
+Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Acked-by: Daniel P. Berrangé <berrange@redhat.com>
+Message-id: 480fbf1fe4152495d60596c9b665124549b426a5.1611938319.git.jag.raman@oracle.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ include/io/channel.h | 25 +++++++++++++++++++++++++
+ io/channel.c         | 15 ++++++++++++++-
+files changed, 39 insertions(+), 1 deletion(-)
+diff --git a/include/io/channel.h b/include/io/channel.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/io/channel.h
++++ b/include/io/channel.h
+@@ -XXX,XX +XXX,XX @@ void qio_channel_set_aio_fd_handler(QIOChannel *ioc,
+                                     IOHandler *io_write,
+                                     void *opaque);
++/**
++ * qio_channel_writev_full_all:
++ * @ioc: the channel object
++ * @iov: the array of memory regions to write data from
++ * @niov: the length of the @iov array
++ * @fds: an array of file handles to send
++ * @nfds: number of file handles in @fds
++ * @errp: pointer to a NULL-initialized error object
++ *
++ *
++ * Behaves like qio_channel_writev_full but will attempt
++ * to send all data passed (file handles and memory regions).
++ * The function will wait for all requested data
++ * to be written, yielding from the current coroutine
++ * if required.
++ *
++ * Returns: 0 if all bytes were written, or -1 on error
++ */
++
++int qio_channel_writev_full_all(QIOChannel *ioc,
++                                const struct iovec *iov,
++                                size_t niov,
++                                int *fds, size_t nfds,
++                                Error **errp);
++
+ #endif /* QIO_CHANNEL_H */
+diff --git a/io/channel.c b/io/channel.c
+index XXXXXXX..XXXXXXX 100644
+--- a/io/channel.c
++++ b/io/channel.c
+@@ -XXX,XX +XXX,XX @@ int qio_channel_writev_all(QIOChannel *ioc,
+                            const struct iovec *iov,
+                            size_t niov,
+                            Error **errp)
++{
++    return qio_channel_writev_full_all(ioc, iov, niov, NULL, 0, errp);
++}
++
++int qio_channel_writev_full_all(QIOChannel *ioc,
++                                const struct iovec *iov,
++                                size_t niov,
++                                int *fds, size_t nfds,
++                                Error **errp)
+ {
+     int ret = -1;
+     struct iovec *local_iov = g_new(struct iovec, niov);
+@@ -XXX,XX +XXX,XX @@ int qio_channel_writev_all(QIOChannel *ioc,
+     while (nlocal_iov > 0) {
+         ssize_t len;
+-        len = qio_channel_writev(ioc, local_iov, nlocal_iov, errp);
++        len = qio_channel_writev_full(ioc, local_iov, nlocal_iov, fds, nfds,
++                                      errp);
+         if (len == QIO_CHANNEL_ERR_BLOCK) {
+             if (qemu_in_coroutine()) {
+                 qio_channel_yield(ioc, G_IO_OUT);
+@@ -XXX,XX +XXX,XX @@ int qio_channel_writev_all(QIOChannel *ioc,
+         }
+         iov_discard_front(&local_iov, &nlocal_iov, len);
++
++        fds = NULL;
++        nfds = 0;
+     }
+     ret = 0;
+--
+.29.2

-New patch
+[PULL v3 14/27] io: add qio_channel_readv_full_all_eof & qio_channel_readv_full_all helpers
+From: Elena Ufimtseva <elena.ufimtseva@oracle.com>
 Adds qio_channel_readv_full_all_eof() and qio_channel_readv_full_all()
 to read both data and FDs. Refactors existing code to use these helpers.
 Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
 Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
 Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
 Acked-by: Daniel P. Berrangé <berrange@redhat.com>
 Message-id: b059c4cc0fb741e794d644c144cc21372cad877d.1611938319.git.jag.raman@oracle.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
  include/io/channel.h |  53 +++++++++++++++++++++++
  io/channel.c         | 101 ++++++++++++++++++++++++++++++++++---------
 files changed, 134 insertions(+), 20 deletions(-)
 diff --git a/include/io/channel.h b/include/io/channel.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/io/channel.h
 +++ b/include/io/channel.h
@@ -XXX,XX +XXX,XX @@ void qio_channel_set_aio_fd_handler(QIOChannel *ioc,
                                      IOHandler *io_write,
                                      void *opaque);
 +/**
 + * qio_channel_readv_full_all_eof:
 + * @ioc: the channel object
 + * @iov: the array of memory regions to read data to
 + * @niov: the length of the @iov array
 + * @fds: an array of file handles to read
 + * @nfds: number of file handles in @fds
 + * @errp: pointer to a NULL-initialized error object
 + *
 + *
 + * Performs same function as qio_channel_readv_all_eof.
 + * Additionally, attempts to read file descriptors shared
 + * over the channel. The function will wait for all
 + * requested data to be read, yielding from the current
 + * coroutine if required. data refers to both file
 + * descriptors and the iovs.
 + *
 + * Returns: 1 if all bytes were read, 0 if end-of-file
 + *          occurs without data, or -1 on error
 + */
 +
 +int qio_channel_readv_full_all_eof(QIOChannel *ioc,
 +                                   const struct iovec *iov,
 +                                   size_t niov,
 +                                   int **fds, size_t *nfds,
 +                                   Error **errp);
 +
 +/**
 + * qio_channel_readv_full_all:
 + * @ioc: the channel object
 + * @iov: the array of memory regions to read data to
 + * @niov: the length of the @iov array
 + * @fds: an array of file handles to read
 + * @nfds: number of file handles in @fds
 + * @errp: pointer to a NULL-initialized error object
 + *
 + *
 + * Performs same function as qio_channel_readv_all_eof.
 + * Additionally, attempts to read file descriptors shared
 + * over the channel. The function will wait for all
 + * requested data to be read, yielding from the current
 + * coroutine if required. data refers to both file
 + * descriptors and the iovs.
 + *
 + * Returns: 0 if all bytes were read, or -1 on error
 + */
 +
 +int qio_channel_readv_full_all(QIOChannel *ioc,
 +                               const struct iovec *iov,
 +                               size_t niov,
 +                               int **fds, size_t *nfds,
 +                               Error **errp);
 +
  /**
   * qio_channel_writev_full_all:
   * @ioc: the channel object
 diff --git a/io/channel.c b/io/channel.c
 index XXXXXXX..XXXXXXX 100644
 --- a/io/channel.c
 +++ b/io/channel.c
@@ -XXX,XX +XXX,XX @@ int qio_channel_readv_all_eof(QIOChannel *ioc,
                                const struct iovec *iov,
                                size_t niov,
                                Error **errp)
 +{
 +    return qio_channel_readv_full_all_eof(ioc, iov, niov, NULL, NULL, errp);
 +}
 +
 +int qio_channel_readv_all(QIOChannel *ioc,
 +                          const struct iovec *iov,
 +                          size_t niov,
 +                          Error **errp)
 +{
 +    return qio_channel_readv_full_all(ioc, iov, niov, NULL, NULL, errp);
 +}
 +
 +int qio_channel_readv_full_all_eof(QIOChannel *ioc,
 +                                   const struct iovec *iov,
 +                                   size_t niov,
 +                                   int **fds, size_t *nfds,
 +                                   Error **errp)
  {
      int ret = -1;
      struct iovec *local_iov = g_new(struct iovec, niov);
      struct iovec *local_iov_head = local_iov;
      unsigned int nlocal_iov = niov;
 +    int **local_fds = fds;
 +    size_t *local_nfds = nfds;
      bool partial = false;
 +    if (nfds) {
 +        *nfds = 0;
 +    }
 +
 +    if (fds) {
 +        *fds = NULL;
 +    }
 +
      nlocal_iov = iov_copy(local_iov, nlocal_iov,
                            iov, niov,
 , iov_size(iov, niov));
 -    while (nlocal_iov > 0) {
 +    while ((nlocal_iov > 0) || local_fds) {
          ssize_t len;
 -        len = qio_channel_readv(ioc, local_iov, nlocal_iov, errp);
 +        len = qio_channel_readv_full(ioc, local_iov, nlocal_iov, local_fds,
 +                                     local_nfds, errp);
          if (len == QIO_CHANNEL_ERR_BLOCK) {
              if (qemu_in_coroutine()) {
                  qio_channel_yield(ioc, G_IO_IN);
@@ -XXX,XX +XXX,XX @@ int qio_channel_readv_all_eof(QIOChannel *ioc,
                  qio_channel_wait(ioc, G_IO_IN);
              }
              continue;
 -        } else if (len < 0) {
 -            goto cleanup;
 -        } else if (len == 0) {
 -            if (partial) {
 -                error_setg(errp,
 -                           "Unexpected end-of-file before all bytes were read");
 -            } else {
 +        }
 +
 +        if (len == 0) {
 +            if (local_nfds && *local_nfds) {
 +                /*
 +                 * Got some FDs, but no data yet. This isn't an EOF
 +                 * scenario (yet), so carry on to try to read data
 +                 * on next loop iteration
 +                 */
 +                goto next_iter;
 +            } else if (!partial) {
 +                /* No fds and no data - EOF before any data read */
                  ret = 0;
 +                goto cleanup;
 +            } else {
 +                len = -1;
 +                error_setg(errp,
 +                           "Unexpected end-of-file before all data were read");
 +                /* Fallthrough into len < 0 handling */
 +            }
 +        }
 +
 +        if (len < 0) {
 +            /* Close any FDs we previously received */
 +            if (nfds && fds) {
 +                size_t i;
 +                for (i = 0; i < (*nfds); i++) {
 +                    close((*fds)[i]);
 +                }
 +                g_free(*fds);
 +                *fds = NULL;
 +                *nfds = 0;
              }
              goto cleanup;
          }
 +        if (nlocal_iov) {
 +            iov_discard_front(&local_iov, &nlocal_iov, len);
 +        }
 +
 +next_iter:
          partial = true;
 -        iov_discard_front(&local_iov, &nlocal_iov, len);
 +        local_fds = NULL;
 +        local_nfds = NULL;
      }
      ret = 1;
@@ -XXX,XX +XXX,XX @@ int qio_channel_readv_all_eof(QIOChannel *ioc,
      return ret;
  }
 -int qio_channel_readv_all(QIOChannel *ioc,
 -                          const struct iovec *iov,
 -                          size_t niov,
 -                          Error **errp)
 +int qio_channel_readv_full_all(QIOChannel *ioc,
 +                               const struct iovec *iov,
 +                               size_t niov,
 +                               int **fds, size_t *nfds,
 +                               Error **errp)
  {
 -    int ret = qio_channel_readv_all_eof(ioc, iov, niov, errp);
 +    int ret = qio_channel_readv_full_all_eof(ioc, iov, niov, fds, nfds, errp);
      if (ret == 0) {
 -        ret = -1;
 -        error_setg(errp,
 -                   "Unexpected end-of-file before all bytes were read");
 -    } else if (ret == 1) {
 -        ret = 0;
 +        error_prepend(errp,
 +                      "Unexpected end-of-file before all data were read.");
 +        return -1;
      }
 +    if (ret == 1) {
 +        return 0;
 +    }
 +
      return ret;
  }
 --
 .29.2

-New patch
+[PULL v3 15/27] multi-process: define MPQemuMsg format and transmission functions
+From: Elena Ufimtseva <elena.ufimtseva@oracle.com>
 Defines MPQemuMsg, which is the message that is sent to the remote
 process. This message is sent over QIOChannel and is used to
 command the remote process to perform various tasks.
 Define transmission functions used by proxy and by remote.
 Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
 Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
 Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
 Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
 Message-id: 56ca8bcf95195b2b195b08f6b9565b6d7410bce5.1611938319.git.jag.raman@oracle.com
 [Replace struct iovec send[2] = {0} with {} to make clang happy as
 suggested by Peter Maydell <peter.maydell@linaro.org>.
 --Stefan]
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
  MAINTAINERS                     |   2 +
  meson.build                     |   1 +
  hw/remote/trace.h               |   1 +
  include/hw/remote/mpqemu-link.h |  63 ++++++++++
  include/sysemu/iothread.h       |   6 +
  hw/remote/mpqemu-link.c         | 205 ++++++++++++++++++++++++++++++++
  iothread.c                      |   6 +
  hw/remote/meson.build           |   1 +
  hw/remote/trace-events          |   4 +
 files changed, 289 insertions(+)
  create mode 100644 hw/remote/trace.h
  create mode 100644 include/hw/remote/mpqemu-link.h
  create mode 100644 hw/remote/mpqemu-link.c
  create mode 100644 hw/remote/trace-events
 diff --git a/MAINTAINERS b/MAINTAINERS
 index XXXXXXX..XXXXXXX 100644
 --- a/MAINTAINERS
 +++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ F: hw/pci-host/remote.c
  F: include/hw/pci-host/remote.h
  F: hw/remote/machine.c
  F: include/hw/remote/machine.h
 +F: hw/remote/mpqemu-link.c
 +F: include/hw/remote/mpqemu-link.h
  Build and test automation
  -------------------------
 diff --git a/meson.build b/meson.build
 index XXXXXXX..XXXXXXX 100644
 --- a/meson.build
 +++ b/meson.build
@@ -XXX,XX +XXX,XX @@ if have_system
      'net',
      'softmmu',
      'ui',
 +    'hw/remote',
    ]
  endif
  trace_events_subdirs += [
 diff --git a/hw/remote/trace.h b/hw/remote/trace.h
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
 +++ b/hw/remote/trace.h
@@ -0,0 +1 @@
 +#include "trace/trace-hw_remote.h"
 diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
 +++ b/include/hw/remote/mpqemu-link.h
@@ -XXX,XX +XXX,XX @@
 +/*
 + * Communication channel between QEMU and remote device process
 + *
 + * Copyright © 2018, 2021 Oracle and/or its affiliates.
 + *
 + * This work is licensed under the terms of the GNU GPL, version 2 or later.
 + * See the COPYING file in the top-level directory.
 + *
 + */
 +
 +#ifndef MPQEMU_LINK_H
 +#define MPQEMU_LINK_H
 +
 +#include "qom/object.h"
 +#include "qemu/thread.h"
 +#include "io/channel.h"
 +
 +#define REMOTE_MAX_FDS 8
 +
 +#define MPQEMU_MSG_HDR_SIZE offsetof(MPQemuMsg, data.u64)
 +
 +/**
 + * MPQemuCmd:
 + *
 + * MPQemuCmd enum type to specify the command to be executed on the remote
 + * device.
 + *
 + * This uses a private protocol between QEMU and the remote process. vfio-user
 + * protocol would supersede this in the future.
 + *
 + */
 +typedef enum {
 +    MPQEMU_CMD_MAX,
 +} MPQemuCmd;
 +
 +/**
 + * MPQemuMsg:
 + * @cmd: The remote command
 + * @size: Size of the data to be shared
 + * @data: Structured data
 + * @fds: File descriptors to be shared with remote device
 + *
 + * MPQemuMsg Format of the message sent to the remote device from QEMU.
 + *
 + */
 +typedef struct {
 +    int cmd;
 +    size_t size;
 +
 +    union {
 +        uint64_t u64;
 +    } data;
 +
 +    int fds[REMOTE_MAX_FDS];
 +    int num_fds;
 +} MPQemuMsg;
 +
 +bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp);
 +bool mpqemu_msg_recv(MPQemuMsg *msg, QIOChannel *ioc, Error **errp);
 +
 +bool mpqemu_msg_valid(MPQemuMsg *msg);
 +
 +#endif
 diff --git a/include/sysemu/iothread.h b/include/sysemu/iothread.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/sysemu/iothread.h
 +++ b/include/sysemu/iothread.h
@@ -XXX,XX +XXX,XX @@ IOThread *iothread_create(const char *id, Error **errp);
  void iothread_stop(IOThread *iothread);
  void iothread_destroy(IOThread *iothread);
 +/*
 + * Returns true if executing withing IOThread context,
 + * false otherwise.
 + */
 +bool qemu_in_iothread(void);
 +
  #endif /* IOTHREAD_H */
 diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
 +++ b/hw/remote/mpqemu-link.c
@@ -XXX,XX +XXX,XX @@
 +/*
 + * Communication channel between QEMU and remote device process
 + *
 + * Copyright © 2018, 2021 Oracle and/or its affiliates.
 + *
 + * This work is licensed under the terms of the GNU GPL, version 2 or later.
 + * See the COPYING file in the top-level directory.
 + *
 + */
 +
 +#include "qemu/osdep.h"
 +#include "qemu-common.h"
 +
 +#include "qemu/module.h"
 +#include "hw/remote/mpqemu-link.h"
 +#include "qapi/error.h"
 +#include "qemu/iov.h"
 +#include "qemu/error-report.h"
 +#include "qemu/main-loop.h"
 +#include "io/channel.h"
 +#include "sysemu/iothread.h"
 +#include "trace.h"
 +
 +/*
 + * Send message over the ioc QIOChannel.
 + * This function is safe to call from:
 + * - main loop in co-routine context. Will block the main loop if not in
 + *   co-routine context;
 + * - vCPU thread with no co-routine context and if the channel is not part
 + *   of the main loop handling;
 + * - IOThread within co-routine context, outside of co-routine context
 + *   will block IOThread;
 + * Returns true if no errors were encountered, false otherwise.
 + */
 +bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
 +{
 +    ERRP_GUARD();
 +    bool iolock = qemu_mutex_iothread_locked();
 +    bool iothread = qemu_in_iothread();
 +    struct iovec send[2] = {};
 +    int *fds = NULL;
 +    size_t nfds = 0;
 +    bool ret = false;
 +
 +    send[0].iov_base = msg;
 +    send[0].iov_len = MPQEMU_MSG_HDR_SIZE;
 +
 +    send[1].iov_base = (void *)&msg->data;
 +    send[1].iov_len = msg->size;
 +
 +    if (msg->num_fds) {
 +        nfds = msg->num_fds;
 +        fds = msg->fds;
 +    }
 +
 +    /*
 +     * Dont use in IOThread out of co-routine context as
 +     * it will block IOThread.
 +     */
 +    assert(qemu_in_coroutine() || !iothread);
 +
 +    /*
 +     * Skip unlocking/locking iothread lock when the IOThread is running
 +     * in co-routine context. Co-routine context is asserted above
 +     * for IOThread case.
 +     * Also skip lock handling while in a co-routine in the main context.
 +     */
 +    if (iolock && !iothread && !qemu_in_coroutine()) {
 +        qemu_mutex_unlock_iothread();
 +    }
 +
 +    if (!qio_channel_writev_full_all(ioc, send, G_N_ELEMENTS(send),
 +                                    fds, nfds, errp)) {
 +        ret = true;
 +    } else {
 +        trace_mpqemu_send_io_error(msg->cmd, msg->size, nfds);
 +    }
 +
 +    if (iolock && !iothread && !qemu_in_coroutine()) {
 +        /* See above comment why skip locking here. */
 +        qemu_mutex_lock_iothread();
 +    }
 +
 +    return ret;
 +}
 +
 +/*
 + * Read message from the ioc QIOChannel.
 + * This function is safe to call from:
 + * - From main loop in co-routine context. Will block the main loop if not in
 + *   co-routine context;
 + * - From vCPU thread with no co-routine context and if the channel is not part
 + *   of the main loop handling;
 + * - From IOThread within co-routine context, outside of co-routine context
 + *   will block IOThread;
 + */
 +static ssize_t mpqemu_read(QIOChannel *ioc, void *buf, size_t len, int **fds,
 +                           size_t *nfds, Error **errp)
 +{
 +    ERRP_GUARD();
 +    struct iovec iov = { .iov_base = buf, .iov_len = len };
 +    bool iolock = qemu_mutex_iothread_locked();
 +    bool iothread = qemu_in_iothread();
 +    int ret = -1;
 +
 +    /*
 +     * Dont use in IOThread out of co-routine context as
 +     * it will block IOThread.
 +     */
 +    assert(qemu_in_coroutine() || !iothread);
 +
 +    if (iolock && !iothread && !qemu_in_coroutine()) {
 +        qemu_mutex_unlock_iothread();
 +    }
 +
 +    ret = qio_channel_readv_full_all_eof(ioc, &iov, 1, fds, nfds, errp);
 +
 +    if (iolock && !iothread && !qemu_in_coroutine()) {
 +        qemu_mutex_lock_iothread();
 +    }
 +
 +    return (ret <= 0) ? ret : iov.iov_len;
 +}
 +
 +bool mpqemu_msg_recv(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
 +{
 +    ERRP_GUARD();
 +    g_autofree int *fds = NULL;
 +    size_t nfds = 0;
 +    ssize_t len;
 +    bool ret = false;
 +
 +    len = mpqemu_read(ioc, msg, MPQEMU_MSG_HDR_SIZE, &fds, &nfds, errp);
 +    if (len <= 0) {
 +        goto fail;
 +    } else if (len != MPQEMU_MSG_HDR_SIZE) {
 +        error_setg(errp, "Message header corrupted");
 +        goto fail;
 +    }
 +
 +    if (msg->size > sizeof(msg->data)) {
 +        error_setg(errp, "Invalid size for message");
 +        goto fail;
 +    }
 +
 +    if (!msg->size) {
 +        goto copy_fds;
 +    }
 +
 +    len = mpqemu_read(ioc, &msg->data, msg->size, NULL, NULL, errp);
 +    if (len <= 0) {
 +        goto fail;
 +    }
 +    if (len != msg->size) {
 +        error_setg(errp, "Unable to read full message");
 +        goto fail;
 +    }
 +
 +copy_fds:
 +    msg->num_fds = nfds;
 +    if (nfds > G_N_ELEMENTS(msg->fds)) {
 +        error_setg(errp,
 +                   "Overflow error: received %zu fds, more than max of %d fds",
 +                   nfds, REMOTE_MAX_FDS);
 +        goto fail;
 +    }
 +    if (nfds) {
 +        memcpy(msg->fds, fds, nfds * sizeof(int));
 +    }
 +
 +    ret = true;
 +
 +fail:
 +    if (*errp) {
 +        trace_mpqemu_recv_io_error(msg->cmd, msg->size, nfds);
 +    }
 +    while (*errp && nfds) {
 +        close(fds[nfds - 1]);
 +        nfds--;
 +    }
 +
 +    return ret;
 +}
 +
 +bool mpqemu_msg_valid(MPQemuMsg *msg)
 +{
 +    if (msg->cmd >= MPQEMU_CMD_MAX && msg->cmd < 0) {
 +        return false;
 +    }
 +
 +    /* Verify FDs. */
 +    if (msg->num_fds >= REMOTE_MAX_FDS) {
 +        return false;
 +    }
 +
 +    if (msg->num_fds > 0) {
 +        for (int i = 0; i < msg->num_fds; i++) {
 +            if (fcntl(msg->fds[i], F_GETFL) == -1) {
 +                return false;
 +            }
 +        }
 +    }
 +
 +    return true;
 +}
 diff --git a/iothread.c b/iothread.c
 index XXXXXXX..XXXXXXX 100644
 --- a/iothread.c
 +++ b/iothread.c
@@ -XXX,XX +XXX,XX @@ IOThread *iothread_by_id(const char *id)
  {
      return IOTHREAD(object_resolve_path_type(id, TYPE_IOTHREAD, NULL));
  }
 +
 +bool qemu_in_iothread(void)
 +{
 +    return qemu_get_current_aio_context() == qemu_get_aio_context() ?
 +                    false : true;
 +}
 diff --git a/hw/remote/meson.build b/hw/remote/meson.build
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/remote/meson.build
 +++ b/hw/remote/meson.build
@@ -XXX,XX +XXX,XX @@
  remote_ss = ss.source_set()
  remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('machine.c'))
 +remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('mpqemu-link.c'))
  softmmu_ss.add_all(when: 'CONFIG_MULTIPROCESS', if_true: remote_ss)
 diff --git a/hw/remote/trace-events b/hw/remote/trace-events
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
 +++ b/hw/remote/trace-events
@@ -XXX,XX +XXX,XX @@
 +# multi-process trace events
 +
 +mpqemu_send_io_error(int cmd, int size, int nfds) "send command %d size %d, %d file descriptors to remote process"
 +mpqemu_recv_io_error(int cmd, int size, int nfds) "failed to receive %d size %d, %d file descriptors to remote process"
 --
 .29.2

-New patch
+[PULL v3 16/27] multi-process: Initialize message handler in remote device
+From: Jagannathan Raman <jag.raman@oracle.com>
+Initializes the message handler function in the remote process. It is
+called whenever there's an event pending on QIOChannel that registers
+this function.
+Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
+Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-id: 99d38d8b93753a6409ac2340e858858cda59ab1b.1611938319.git.jag.raman@oracle.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ MAINTAINERS                 |  1 +
+ include/hw/remote/machine.h |  9 ++++++
+ hw/remote/message.c         | 57 +++++++++++++++++++++++++++++++++++++
+ hw/remote/meson.build       |  1 +
+files changed, 68 insertions(+)
+ create mode 100644 hw/remote/message.c
+diff --git a/MAINTAINERS b/MAINTAINERS
+index XXXXXXX..XXXXXXX 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -XXX,XX +XXX,XX @@ F: hw/remote/machine.c
+ F: include/hw/remote/machine.h
+ F: hw/remote/mpqemu-link.c
+ F: include/hw/remote/mpqemu-link.h
++F: hw/remote/message.c
+ Build and test automation
+ -------------------------
+diff --git a/include/hw/remote/machine.h b/include/hw/remote/machine.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/hw/remote/machine.h
++++ b/include/hw/remote/machine.h
+@@ -XXX,XX +XXX,XX @@
+ #include "qom/object.h"
+ #include "hw/boards.h"
+ #include "hw/pci-host/remote.h"
++#include "io/channel.h"
+ struct RemoteMachineState {
+     MachineState parent_obj;
+@@ -XXX,XX +XXX,XX @@ struct RemoteMachineState {
+     RemotePCIHost *host;
+ };
++/* Used to pass to co-routine device and ioc. */
++typedef struct RemoteCommDev {
++    PCIDevice *dev;
++    QIOChannel *ioc;
++} RemoteCommDev;
++
+ #define TYPE_REMOTE_MACHINE "x-remote-machine"
+ OBJECT_DECLARE_SIMPLE_TYPE(RemoteMachineState, REMOTE_MACHINE)
++void coroutine_fn mpqemu_remote_msg_loop_co(void *data);
++
+ #endif
+diff --git a/hw/remote/message.c b/hw/remote/message.c
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/hw/remote/message.c
+@@ -XXX,XX +XXX,XX @@
++/*
++ * Copyright © 2020, 2021 Oracle and/or its affiliates.
++ *
++ * This work is licensed under the terms of the GNU GPL-v2, version 2 or later.
++ *
++ * See the COPYING file in the top-level directory.
++ *
++ */
++
++#include "qemu/osdep.h"
++#include "qemu-common.h"
++
++#include "hw/remote/machine.h"
++#include "io/channel.h"
++#include "hw/remote/mpqemu-link.h"
++#include "qapi/error.h"
++#include "sysemu/runstate.h"
++
++void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
++{
++    g_autofree RemoteCommDev *com = (RemoteCommDev *)data;
++    PCIDevice *pci_dev = NULL;
++    Error *local_err = NULL;
++
++    assert(com->ioc);
++
++    pci_dev = com->dev;
++    for (; !local_err;) {
++        MPQemuMsg msg = {0};
++
++        if (!mpqemu_msg_recv(&msg, com->ioc, &local_err)) {
++            break;
++        }
++
++        if (!mpqemu_msg_valid(&msg)) {
++            error_setg(&local_err, "Received invalid message from proxy"
++                                   "in remote process pid="FMT_pid"",
++                                   getpid());
++            break;
++        }
++
++        switch (msg.cmd) {
++        default:
++            error_setg(&local_err,
++                       "Unknown command (%d) received for device %s"
++                       " (pid="FMT_pid")",
++                       msg.cmd, DEVICE(pci_dev)->id, getpid());
++        }
++    }
++
++    if (local_err) {
++        error_report_err(local_err);
++        qemu_system_shutdown_request(SHUTDOWN_CAUSE_HOST_ERROR);
++    } else {
++        qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
++    }
++}
+diff --git a/hw/remote/meson.build b/hw/remote/meson.build
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/remote/meson.build
++++ b/hw/remote/meson.build
+@@ -XXX,XX +XXX,XX @@ remote_ss = ss.source_set()
+ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('machine.c'))
+ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('mpqemu-link.c'))
++remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('message.c'))
+ softmmu_ss.add_all(when: 'CONFIG_MULTIPROCESS', if_true: remote_ss)
+--
+.29.2

-New patch
+[PULL v3 17/27] multi-process: Associate fd of a PCIDevice with its object
+From: Jagannathan Raman <jag.raman@oracle.com>
 Associate the file descriptor for a PCIDevice in remote process with
 DeviceState object.
 Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
 Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
 Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
 Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
 Message-id: f405a2ed5d7518b87bea7c59cfdf334d67e5ee51.1611938319.git.jag.raman@oracle.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
  MAINTAINERS            |   1 +
  hw/remote/remote-obj.c | 203 +++++++++++++++++++++++++++++++++++++++++
  hw/remote/meson.build  |   1 +
 files changed, 205 insertions(+)
  create mode 100644 hw/remote/remote-obj.c
 diff --git a/MAINTAINERS b/MAINTAINERS
 index XXXXXXX..XXXXXXX 100644
 --- a/MAINTAINERS
 +++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ F: include/hw/remote/machine.h
  F: hw/remote/mpqemu-link.c
  F: include/hw/remote/mpqemu-link.h
  F: hw/remote/message.c
 +F: hw/remote/remote-obj.c
  Build and test automation
  -------------------------
 diff --git a/hw/remote/remote-obj.c b/hw/remote/remote-obj.c
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
 +++ b/hw/remote/remote-obj.c
@@ -XXX,XX +XXX,XX @@
 +/*
 + * Copyright © 2020, 2021 Oracle and/or its affiliates.
 + *
 + * This work is licensed under the terms of the GNU GPL-v2, version 2 or later.
 + *
 + * See the COPYING file in the top-level directory.
 + *
 + */
 +
 +#include "qemu/osdep.h"
 +#include "qemu-common.h"
 +
 +#include "qemu/error-report.h"
 +#include "qemu/notify.h"
 +#include "qom/object_interfaces.h"
 +#include "hw/qdev-core.h"
 +#include "io/channel.h"
 +#include "hw/qdev-core.h"
 +#include "hw/remote/machine.h"
 +#include "io/channel-util.h"
 +#include "qapi/error.h"
 +#include "sysemu/sysemu.h"
 +#include "hw/pci/pci.h"
 +#include "qemu/sockets.h"
 +#include "monitor/monitor.h"
 +
 +#define TYPE_REMOTE_OBJECT "x-remote-object"
 +OBJECT_DECLARE_TYPE(RemoteObject, RemoteObjectClass, REMOTE_OBJECT)
 +
 +struct RemoteObjectClass {
 +    ObjectClass parent_class;
 +
 +    unsigned int nr_devs;
 +    unsigned int max_devs;
 +};
 +
 +struct RemoteObject {
 +    /* private */
 +    Object parent;
 +
 +    Notifier machine_done;
 +
 +    int32_t fd;
 +    char *devid;
 +
 +    QIOChannel *ioc;
 +
 +    DeviceState *dev;
 +    DeviceListener listener;
 +};
 +
 +static void remote_object_set_fd(Object *obj, const char *str, Error **errp)
 +{
 +    RemoteObject *o = REMOTE_OBJECT(obj);
 +    int fd = -1;
 +
 +    fd = monitor_fd_param(monitor_cur(), str, errp);
 +    if (fd == -1) {
 +        error_prepend(errp, "Could not parse remote object fd %s:", str);
 +        return;
 +    }
 +
 +    if (!fd_is_socket(fd)) {
 +        error_setg(errp, "File descriptor '%s' is not a socket", str);
 +        close(fd);
 +        return;
 +    }
 +
 +    o->fd = fd;
 +}
 +
 +static void remote_object_set_devid(Object *obj, const char *str, Error **errp)
 +{
 +    RemoteObject *o = REMOTE_OBJECT(obj);
 +
 +    g_free(o->devid);
 +
 +    o->devid = g_strdup(str);
 +}
 +
 +static void remote_object_unrealize_listener(DeviceListener *listener,
 +                                             DeviceState *dev)
 +{
 +    RemoteObject *o = container_of(listener, RemoteObject, listener);
 +
 +    if (o->dev == dev) {
 +        object_unref(OBJECT(o));
 +    }
 +}
 +
 +static void remote_object_machine_done(Notifier *notifier, void *data)
 +{
 +    RemoteObject *o = container_of(notifier, RemoteObject, machine_done);
 +    DeviceState *dev = NULL;
 +    QIOChannel *ioc = NULL;
 +    Coroutine *co = NULL;
 +    RemoteCommDev *comdev = NULL;
 +    Error *err = NULL;
 +
 +    dev = qdev_find_recursive(sysbus_get_default(), o->devid);
 +    if (!dev || !object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
 +        error_report("%s is not a PCI device", o->devid);
 +        return;
 +    }
 +
 +    ioc = qio_channel_new_fd(o->fd, &err);
 +    if (!ioc) {
 +        error_report_err(err);
 +        return;
 +    }
 +    qio_channel_set_blocking(ioc, false, NULL);
 +
 +    o->dev = dev;
 +
 +    o->listener.unrealize = remote_object_unrealize_listener;
 +    device_listener_register(&o->listener);
 +
 +    /* co-routine should free this. */
 +    comdev = g_new0(RemoteCommDev, 1);
 +    *comdev = (RemoteCommDev) {
 +        .ioc = ioc,
 +        .dev = PCI_DEVICE(dev),
 +    };
 +
 +    co = qemu_coroutine_create(mpqemu_remote_msg_loop_co, comdev);
 +    qemu_coroutine_enter(co);
 +}
 +
 +static void remote_object_init(Object *obj)
 +{
 +    RemoteObjectClass *k = REMOTE_OBJECT_GET_CLASS(obj);
 +    RemoteObject *o = REMOTE_OBJECT(obj);
 +
 +    if (k->nr_devs >= k->max_devs) {
 +        error_report("Reached maximum number of devices: %u", k->max_devs);
 +        return;
 +    }
 +
 +    o->ioc = NULL;
 +    o->fd = -1;
 +    o->devid = NULL;
 +
 +    k->nr_devs++;
 +
 +    o->machine_done.notify = remote_object_machine_done;
 +    qemu_add_machine_init_done_notifier(&o->machine_done);
 +}
 +
 +static void remote_object_finalize(Object *obj)
 +{
 +    RemoteObjectClass *k = REMOTE_OBJECT_GET_CLASS(obj);
 +    RemoteObject *o = REMOTE_OBJECT(obj);
 +
 +    device_listener_unregister(&o->listener);
 +
 +    if (o->ioc) {
 +        qio_channel_shutdown(o->ioc, QIO_CHANNEL_SHUTDOWN_BOTH, NULL);
 +        qio_channel_close(o->ioc, NULL);
 +    }
 +
 +    object_unref(OBJECT(o->ioc));
 +
 +    k->nr_devs--;
 +    g_free(o->devid);
 +}
 +
 +static void remote_object_class_init(ObjectClass *klass, void *data)
 +{
 +    RemoteObjectClass *k = REMOTE_OBJECT_CLASS(klass);
 +
 +    /*
 +     * Limit number of supported devices to 1. This is done to avoid devices
 +     * from one VM accessing the RAM of another VM. This is done until we
 +     * start using separate address spaces for individual devices.
 +     */
 +    k->max_devs = 1;
 +    k->nr_devs = 0;
 +
 +    object_class_property_add_str(klass, "fd", NULL, remote_object_set_fd);
 +    object_class_property_add_str(klass, "devid", NULL,
 +                                  remote_object_set_devid);
 +}
 +
 +static const TypeInfo remote_object_info = {
 +    .name = TYPE_REMOTE_OBJECT,
 +    .parent = TYPE_OBJECT,
 +    .instance_size = sizeof(RemoteObject),
 +    .instance_init = remote_object_init,
 +    .instance_finalize = remote_object_finalize,
 +    .class_size = sizeof(RemoteObjectClass),
 +    .class_init = remote_object_class_init,
 +    .interfaces = (InterfaceInfo[]) {
 +        { TYPE_USER_CREATABLE },
 +        { }
 +    }
 +};
 +
 +static void register_types(void)
 +{
 +    type_register_static(&remote_object_info);
 +}
 +
 +type_init(register_types);
 diff --git a/hw/remote/meson.build b/hw/remote/meson.build
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/remote/meson.build
 +++ b/hw/remote/meson.build
@@ -XXX,XX +XXX,XX @@ remote_ss = ss.source_set()
  remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('machine.c'))
  remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('mpqemu-link.c'))
  remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('message.c'))
 +remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('remote-obj.c'))
  softmmu_ss.add_all(when: 'CONFIG_MULTIPROCESS', if_true: remote_ss)
 --
 .29.2

-New patch
+[PULL v3 18/27] multi-process: setup memory manager for remote device
+From: Jagannathan Raman <jag.raman@oracle.com>
 SyncSysMemMsg message format is defined. It is used to send
 file descriptors of the RAM regions to remote device.
 RAM on the remote device is configured with a set of file descriptors.
 Old RAM regions are deleted and new regions, each with an fd, is
 added to the RAM.
 Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
 Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
 Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
 Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
 Message-id: 7d2d1831d812e85f681e7a8ab99e032cf4704689.1611938319.git.jag.raman@oracle.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
  MAINTAINERS                     |  2 +
  include/hw/remote/memory.h      | 19 ++++++++++
  include/hw/remote/mpqemu-link.h | 10 +++++
  hw/remote/memory.c              | 65 +++++++++++++++++++++++++++++++++
  hw/remote/mpqemu-link.c         | 11 ++++++
  hw/remote/meson.build           |  2 +
 files changed, 109 insertions(+)
  create mode 100644 include/hw/remote/memory.h
  create mode 100644 hw/remote/memory.c
 diff --git a/MAINTAINERS b/MAINTAINERS
 index XXXXXXX..XXXXXXX 100644
 --- a/MAINTAINERS
 +++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ F: hw/remote/mpqemu-link.c
  F: include/hw/remote/mpqemu-link.h
  F: hw/remote/message.c
  F: hw/remote/remote-obj.c
 +F: include/hw/remote/memory.h
 +F: hw/remote/memory.c
  Build and test automation
  -------------------------
 diff --git a/include/hw/remote/memory.h b/include/hw/remote/memory.h
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
 +++ b/include/hw/remote/memory.h
@@ -XXX,XX +XXX,XX @@
 +/*
 + * Memory manager for remote device
 + *
 + * Copyright © 2018, 2021 Oracle and/or its affiliates.
 + *
 + * This work is licensed under the terms of the GNU GPL, version 2 or later.
 + * See the COPYING file in the top-level directory.
 + *
 + */
 +
 +#ifndef REMOTE_MEMORY_H
 +#define REMOTE_MEMORY_H
 +
 +#include "exec/hwaddr.h"
 +#include "hw/remote/mpqemu-link.h"
 +
 +void remote_sysmem_reconfig(MPQemuMsg *msg, Error **errp);
 +
 +#endif
 diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/hw/remote/mpqemu-link.h
 +++ b/include/hw/remote/mpqemu-link.h
@@ -XXX,XX +XXX,XX @@
  #include "qom/object.h"
  #include "qemu/thread.h"
  #include "io/channel.h"
 +#include "exec/hwaddr.h"
  #define REMOTE_MAX_FDS 8
@@ -XXX,XX +XXX,XX @@
   *
   */
  typedef enum {
 +    MPQEMU_CMD_SYNC_SYSMEM,
      MPQEMU_CMD_MAX,
  } MPQemuCmd;
 +typedef struct {
 +    hwaddr gpas[REMOTE_MAX_FDS];
 +    uint64_t sizes[REMOTE_MAX_FDS];
 +    off_t offsets[REMOTE_MAX_FDS];
 +} SyncSysmemMsg;
 +
  /**
   * MPQemuMsg:
   * @cmd: The remote command
@@ -XXX,XX +XXX,XX @@ typedef enum {
   * MPQemuMsg Format of the message sent to the remote device from QEMU.
   *
   */
 +
  typedef struct {
      int cmd;
      size_t size;
      union {
          uint64_t u64;
 +        SyncSysmemMsg sync_sysmem;
      } data;
      int fds[REMOTE_MAX_FDS];
 diff --git a/hw/remote/memory.c b/hw/remote/memory.c
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
 +++ b/hw/remote/memory.c
@@ -XXX,XX +XXX,XX @@
 +/*
 + * Memory manager for remote device
 + *
 + * Copyright © 2018, 2021 Oracle and/or its affiliates.
 + *
 + * This work is licensed under the terms of the GNU GPL, version 2 or later.
 + * See the COPYING file in the top-level directory.
 + *
 + */
 +
 +#include "qemu/osdep.h"
 +#include "qemu-common.h"
 +
 +#include "hw/remote/memory.h"
 +#include "exec/address-spaces.h"
 +#include "exec/ram_addr.h"
 +#include "qapi/error.h"
 +
 +static void remote_sysmem_reset(void)
 +{
 +    MemoryRegion *sysmem, *subregion, *next;
 +
 +    sysmem = get_system_memory();
 +
 +    QTAILQ_FOREACH_SAFE(subregion, &sysmem->subregions, subregions_link, next) {
 +        if (subregion->ram) {
 +            memory_region_del_subregion(sysmem, subregion);
 +            object_unparent(OBJECT(subregion));
 +        }
 +    }
 +}
 +
 +void remote_sysmem_reconfig(MPQemuMsg *msg, Error **errp)
 +{
 +    ERRP_GUARD();
 +    SyncSysmemMsg *sysmem_info = &msg->data.sync_sysmem;
 +    MemoryRegion *sysmem, *subregion;
 +    static unsigned int suffix;
 +    int region;
 +
 +    sysmem = get_system_memory();
 +
 +    remote_sysmem_reset();
 +
 +    for (region = 0; region < msg->num_fds; region++) {
 +        g_autofree char *name;
 +        subregion = g_new(MemoryRegion, 1);
 +        name = g_strdup_printf("remote-mem-%u", suffix++);
 +        memory_region_init_ram_from_fd(subregion, NULL,
 +                                       name, sysmem_info->sizes[region],
 +                                       true, msg->fds[region],
 +                                       sysmem_info->offsets[region],
 +                                       errp);
 +
 +        if (*errp) {
 +            g_free(subregion);
 +            remote_sysmem_reset();
 +            return;
 +        }
 +
 +        memory_region_add_subregion(sysmem, sysmem_info->gpas[region],
 +                                    subregion);
 +
 +    }
 +}
 diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/remote/mpqemu-link.c
 +++ b/hw/remote/mpqemu-link.c
@@ -XXX,XX +XXX,XX @@ bool mpqemu_msg_valid(MPQemuMsg *msg)
          }
      }
 +     /* Verify message specific fields. */
 +    switch (msg->cmd) {
 +    case MPQEMU_CMD_SYNC_SYSMEM:
 +        if (msg->num_fds == 0 || msg->size != sizeof(SyncSysmemMsg)) {
 +            return false;
 +        }
 +        break;
 +    default:
 +        break;
 +    }
 +
      return true;
  }
 diff --git a/hw/remote/meson.build b/hw/remote/meson.build
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/remote/meson.build
 +++ b/hw/remote/meson.build
@@ -XXX,XX +XXX,XX @@ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('mpqemu-link.c'))
  remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('message.c'))
  remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('remote-obj.c'))
 +specific_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('memory.c'))
 +
  softmmu_ss.add_all(when: 'CONFIG_MULTIPROCESS', if_true: remote_ss)
 --
 .29.2

-[Qemu-devel] [PULL 1/2] bitmaps.md: Convert to rST; move it into 'interop' dir
+[PULL v3 19/27] multi-process: introduce proxy object
-From: Kashyap Chamarthy <kchamart@redhat.com>
+From: Elena Ufimtseva <elena.ufimtseva@oracle.com>
-This is part of the on-going effort to convert QEMU upstream
+Defines a PCI Device proxy object as a child of TYPE_PCI_DEVICE.
 documentation syntax to reStructuredText (rST).
-The conversion to rST was done using:
+Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
 Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
 Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
 Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
 Message-id: b5186ebfedf8e557044d09a768846c59230ad3a7.1611938319.git.jag.raman@oracle.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
  MAINTAINERS               |  2 +
  include/hw/remote/proxy.h | 33 +++++++++++++
  hw/remote/proxy.c         | 99 +++++++++++++++++++++++++++++++++++++++
  hw/remote/meson.build     |  1 +
 files changed, 135 insertions(+)
  create mode 100644 include/hw/remote/proxy.h
  create mode 100644 hw/remote/proxy.c
-    $ pandoc -f markdown -t rst bitmaps.md -o bitmaps.rst
+diff --git a/MAINTAINERS b/MAINTAINERS
+index XXXXXXX..XXXXXXX 100644
-Then, make a couple of small syntactical adjustments.  While at it,
+--- a/MAINTAINERS
-reword a statement to avoid ambiguity.  Addressing the feedback from
++++ b/MAINTAINERS
-this thread:
+@@ -XXX,XX +XXX,XX @@ F: hw/remote/message.c
+ F: hw/remote/remote-obj.c
-    https://lists.nongnu.org/archive/html/qemu-devel/2017-06/msg05428.html
+ F: include/hw/remote/memory.h
+ F: hw/remote/memory.c
-Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
++F: hw/remote/proxy.c
-Reviewed-by: John Snow <jsnow@redhat.com>
++F: include/hw/remote/proxy.h
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Message-id: 20170717105205.32639-2-kchamart@redhat.com
+ Build and test automation
-Signed-off-by: Jeff Cody <jcody@redhat.com>
+ -------------------------
----
+diff --git a/include/hw/remote/proxy.h b/include/hw/remote/proxy.h
  docs/devel/bitmaps.md    | 505 ------------------------------------------
  docs/interop/bitmaps.rst | 555 +++++++++++++++++++++++++++++++++++++++++++++++
 files changed, 555 insertions(+), 505 deletions(-)
  delete mode 100644 docs/devel/bitmaps.md
  create mode 100644 docs/interop/bitmaps.rst
 diff --git a/docs/devel/bitmaps.md b/docs/devel/bitmaps.md
 deleted file mode 100644
 index XXXXXXX..XXXXXXX
 --- a/docs/devel/bitmaps.md
 +++ /dev/null
@@ -XXX,XX +XXX,XX @@
 -<!--
 -Copyright 2015 John Snow <jsnow@redhat.com> and Red Hat, Inc.
 -All rights reserved.
 -
 -This file is licensed via The FreeBSD Documentation License, the full text of
 -which is included at the end of this document.
 --->
 -
 -# Dirty Bitmaps and Incremental Backup
 -
 -* Dirty Bitmaps are objects that track which data needs to be backed up for the
 -  next incremental backup.
 -
 -* Dirty bitmaps can be created at any time and attached to any node
 -  (not just complete drives.)
 -
 -## Dirty Bitmap Names
 -
 -* A dirty bitmap's name is unique to the node, but bitmaps attached to different
 -  nodes can share the same name.
 -
 -* Dirty bitmaps created for internal use by QEMU may be anonymous and have no
 -  name, but any user-created bitmaps may not be. There can be any number of
 -  anonymous bitmaps per node.
 -
 -* The name of a user-created bitmap must not be empty ("").
 -
 -## Bitmap Modes
 -
 -* A Bitmap can be "frozen," which means that it is currently in-use by a backup
 -  operation and cannot be deleted, renamed, written to, reset,
 -  etc.
 -
 -* The normal operating mode for a bitmap is "active."
 -
 -## Basic QMP Usage
 -
 -### Supported Commands ###
 -
 -* block-dirty-bitmap-add
 -* block-dirty-bitmap-remove
 -* block-dirty-bitmap-clear
 -
 -### Creation
 -
 -* To create a new bitmap, enabled, on the drive with id=drive0:
 -
 -```json
 -{ "execute": "block-dirty-bitmap-add",
 -  "arguments": {
 -    "node": "drive0",
 -    "name": "bitmap0"
 -  }
 -}
 -```
 -
 -* This bitmap will have a default granularity that matches the cluster size of
 -  its associated drive, if available, clamped to between [4KiB, 64KiB].
 -  The current default for qcow2 is 64KiB.
 -
 -* To create a new bitmap that tracks changes in 32KiB segments:
 -
 -```json
 -{ "execute": "block-dirty-bitmap-add",
 -  "arguments": {
 -    "node": "drive0",
 -    "name": "bitmap0",
 -    "granularity": 32768
 -  }
 -}
 -```
 -
 -### Deletion
 -
 -* Bitmaps that are frozen cannot be deleted.
 -
 -* Deleting the bitmap does not impact any other bitmaps attached to the same
 -  node, nor does it affect any backups already created from this node.
 -
 -* Because bitmaps are only unique to the node to which they are attached,
 -  you must specify the node/drive name here, too.
 -
 -```json
 -{ "execute": "block-dirty-bitmap-remove",
 -  "arguments": {
 -    "node": "drive0",
 -    "name": "bitmap0"
 -  }
 -}
 -```
 -
 -### Resetting
 -
 -* Resetting a bitmap will clear all information it holds.
 -
 -* An incremental backup created from an empty bitmap will copy no data,
 -  as if nothing has changed.
 -
 -```json
 -{ "execute": "block-dirty-bitmap-clear",
 -  "arguments": {
 -    "node": "drive0",
 -    "name": "bitmap0"
 -  }
 -}
 -```
 -
 -## Transactions
 -
 -### Justification
 -
 -Bitmaps can be safely modified when the VM is paused or halted by using
 -the basic QMP commands. For instance, you might perform the following actions:
 -
 -1. Boot the VM in a paused state.
 -2. Create a full drive backup of drive0.
 -3. Create a new bitmap attached to drive0.
 -4. Resume execution of the VM.
 -5. Incremental backups are ready to be created.
 -
 -At this point, the bitmap and drive backup would be correctly in sync,
 -and incremental backups made from this point forward would be correctly aligned
 -to the full drive backup.
 -
 -This is not particularly useful if we decide we want to start incremental
 -backups after the VM has been running for a while, for which we will need to
 -perform actions such as the following:
 -
 -1. Boot the VM and begin execution.
 -2. Using a single transaction, perform the following operations:
 -    * Create bitmap0.
 -    * Create a full drive backup of drive0.
 -3. Incremental backups are now ready to be created.
 -
 -### Supported Bitmap Transactions
 -
 -* block-dirty-bitmap-add
 -* block-dirty-bitmap-clear
 -
 -The usages are identical to their respective QMP commands, but see below
 -for examples.
 -
 -### Example: New Incremental Backup
 -
 -As outlined in the justification, perhaps we want to create a new incremental
 -backup chain attached to a drive.
 -
 -```json
 -{ "execute": "transaction",
 -  "arguments": {
 -    "actions": [
 -      {"type": "block-dirty-bitmap-add",
 -       "data": {"node": "drive0", "name": "bitmap0"} },
 -      {"type": "drive-backup",
 -       "data": {"device": "drive0", "target": "/path/to/full_backup.img",
 -                "sync": "full", "format": "qcow2"} }
 -    ]
 -  }
 -}
 -```
 -
 -### Example: New Incremental Backup Anchor Point
 -
 -Maybe we just want to create a new full backup with an existing bitmap and
 -want to reset the bitmap to track the new chain.
 -
 -```json
 -{ "execute": "transaction",
 -  "arguments": {
 -    "actions": [
 -      {"type": "block-dirty-bitmap-clear",
 -       "data": {"node": "drive0", "name": "bitmap0"} },
 -      {"type": "drive-backup",
 -       "data": {"device": "drive0", "target": "/path/to/new_full_backup.img",
 -                "sync": "full", "format": "qcow2"} }
 -    ]
 -  }
 -}
 -```
 -
 -## Incremental Backups
 -
 -The star of the show.
 -
 -**Nota Bene!** Only incremental backups of entire drives are supported for now.
 -So despite the fact that you can attach a bitmap to any arbitrary node, they are
 -only currently useful when attached to the root node. This is because
 -drive-backup only supports drives/devices instead of arbitrary nodes.
 -
 -### Example: First Incremental Backup
 -
 -1. Create a full backup and sync it to the dirty bitmap, as in the transactional
 -examples above; or with the VM offline, manually create a full copy and then
 -create a new bitmap before the VM begins execution.
 -
 -    * Let's assume the full backup is named 'full_backup.img'.
 -    * Let's assume the bitmap you created is 'bitmap0' attached to 'drive0'.
 -
 -2. Create a destination image for the incremental backup that utilizes the
 -full backup as a backing image.
 -
 -    * Let's assume it is named 'incremental.0.img'.
 -
 -    ```sh
 -    # qemu-img create -f qcow2 incremental.0.img -b full_backup.img -F qcow2
 -    ```
 -
 -3. Issue the incremental backup command:
 -
 -    ```json
 -    { "execute": "drive-backup",
 -      "arguments": {
 -        "device": "drive0",
 -        "bitmap": "bitmap0",
 -        "target": "incremental.0.img",
 -        "format": "qcow2",
 -        "sync": "incremental",
 -        "mode": "existing"
 -      }
 -    }
 -    ```
 -
 -### Example: Second Incremental Backup
 -
 -1. Create a new destination image for the incremental backup that points to the
 -   previous one, e.g.: 'incremental.1.img'
 -
 -    ```sh
 -    # qemu-img create -f qcow2 incremental.1.img -b incremental.0.img -F qcow2
 -    ```
 -
 -2. Issue a new incremental backup command. The only difference here is that we
 -   have changed the target image below.
 -
 -    ```json
 -    { "execute": "drive-backup",
 -      "arguments": {
 -        "device": "drive0",
 -        "bitmap": "bitmap0",
 -        "target": "incremental.1.img",
 -        "format": "qcow2",
 -        "sync": "incremental",
 -        "mode": "existing"
 -      }
 -    }
 -    ```
 -
 -## Errors
 -
 -* In the event of an error that occurs after a backup job is successfully
 -  launched, either by a direct QMP command or a QMP transaction, the user
 -  will receive a BLOCK_JOB_COMPLETE event with a failure message, accompanied
 -  by a BLOCK_JOB_ERROR event.
 -
 -* In the case of an event being cancelled, the user will receive a
 -  BLOCK_JOB_CANCELLED event instead of a pair of COMPLETE and ERROR events.
 -
 -* In either case, the incremental backup data contained within the bitmap is
 -  safely rolled back, and the data within the bitmap is not lost. The image
 -  file created for the failed attempt can be safely deleted.
 -
 -* Once the underlying problem is fixed (e.g. more storage space is freed up),
 -  you can simply retry the incremental backup command with the same bitmap.
 -
 -### Example
 -
 -1. Create a target image:
 -
 -    ```sh
 -    # qemu-img create -f qcow2 incremental.0.img -b full_backup.img -F qcow2
 -    ```
 -
 -2. Attempt to create an incremental backup via QMP:
 -
 -    ```json
 -    { "execute": "drive-backup",
 -      "arguments": {
 -        "device": "drive0",
 -        "bitmap": "bitmap0",
 -        "target": "incremental.0.img",
 -        "format": "qcow2",
 -        "sync": "incremental",
 -        "mode": "existing"
 -      }
 -    }
 -    ```
 -
 -3. Receive an event notifying us of failure:
 -
 -    ```json
 -    { "timestamp": { "seconds": 1424709442, "microseconds": 844524 },
 -      "data": { "speed": 0, "offset": 0, "len": 67108864,
 -                "error": "No space left on device",
 -                "device": "drive1", "type": "backup" },
 -      "event": "BLOCK_JOB_COMPLETED" }
 -    ```
 -
 -4. Delete the failed incremental, and re-create the image.
 -
 -    ```sh
 -    # rm incremental.0.img
 -    # qemu-img create -f qcow2 incremental.0.img -b full_backup.img -F qcow2
 -    ```
 -
 -5. Retry the command after fixing the underlying problem,
 -   such as freeing up space on the backup volume:
 -
 -    ```json
 -    { "execute": "drive-backup",
 -      "arguments": {
 -        "device": "drive0",
 -        "bitmap": "bitmap0",
 -        "target": "incremental.0.img",
 -        "format": "qcow2",
 -        "sync": "incremental",
 -        "mode": "existing"
 -      }
 -    }
 -    ```
 -
 -6. Receive confirmation that the job completed successfully:
 -
 -    ```json
 -    { "timestamp": { "seconds": 1424709668, "microseconds": 526525 },
 -      "data": { "device": "drive1", "type": "backup",
 -                "speed": 0, "len": 67108864, "offset": 67108864},
 -      "event": "BLOCK_JOB_COMPLETED" }
 -    ```
 -
 -### Partial Transactional Failures
 -
 -* Sometimes, a transaction will succeed in launching and return success,
 -  but then later the backup jobs themselves may fail. It is possible that
 -  a management application may have to deal with a partial backup failure
 -  after a successful transaction.
 -
 -* If multiple backup jobs are specified in a single transaction, when one of
 -  them fails, it will not interact with the other backup jobs in any way.
 -
 -* The job(s) that succeeded will clear the dirty bitmap associated with the
 -  operation, but the job(s) that failed will not. It is not "safe" to delete
 -  any incremental backups that were created successfully in this scenario,
 -  even though others failed.
 -
 -#### Example
 -
 -* QMP example highlighting two backup jobs:
 -
 -    ```json
 -    { "execute": "transaction",
 -      "arguments": {
 -        "actions": [
 -          { "type": "drive-backup",
 -            "data": { "device": "drive0", "bitmap": "bitmap0",
 -                      "format": "qcow2", "mode": "existing",
 -                      "sync": "incremental", "target": "d0-incr-1.qcow2" } },
 -          { "type": "drive-backup",
 -            "data": { "device": "drive1", "bitmap": "bitmap1",
 -                      "format": "qcow2", "mode": "existing",
 -                      "sync": "incremental", "target": "d1-incr-1.qcow2" } },
 -        ]
 -      }
 -    }
 -    ```
 -
 -* QMP example response, highlighting one success and one failure:
 -    * Acknowledgement that the Transaction was accepted and jobs were launched:
 -        ```json
 -        { "return": {} }
 -        ```
 -
 -    * Later, QEMU sends notice that the first job was completed:
 -        ```json
 -        { "timestamp": { "seconds": 1447192343, "microseconds": 615698 },
 -          "data": { "device": "drive0", "type": "backup",
 -                     "speed": 0, "len": 67108864, "offset": 67108864 },
 -          "event": "BLOCK_JOB_COMPLETED"
 -        }
 -        ```
 -
 -    * Later yet, QEMU sends notice that the second job has failed:
 -        ```json
 -        { "timestamp": { "seconds": 1447192399, "microseconds": 683015 },
 -          "data": { "device": "drive1", "action": "report",
 -                    "operation": "read" },
 -          "event": "BLOCK_JOB_ERROR" }
 -        ```
 -
 -        ```json
 -        { "timestamp": { "seconds": 1447192399, "microseconds": 685853 },
 -          "data": { "speed": 0, "offset": 0, "len": 67108864,
 -                    "error": "Input/output error",
 -                    "device": "drive1", "type": "backup" },
 -          "event": "BLOCK_JOB_COMPLETED" }
 -
 -* In the above example, "d0-incr-1.qcow2" is valid and must be kept,
 -  but "d1-incr-1.qcow2" is invalid and should be deleted. If a VM-wide
 -  incremental backup of all drives at a point-in-time is to be made,
 -  new backups for both drives will need to be made, taking into account
 -  that a new incremental backup for drive0 needs to be based on top of
 -  "d0-incr-1.qcow2."
 -
 -### Grouped Completion Mode
 -
 -* While jobs launched by transactions normally complete or fail on their own,
 -  it is possible to instruct them to complete or fail together as a group.
 -
 -* QMP transactions take an optional properties structure that can affect
 -  the semantics of the transaction.
 -
 -* The "completion-mode" transaction property can be either "individual"
 -  which is the default, legacy behavior described above, or "grouped,"
 -  a new behavior detailed below.
 -
 -* Delayed Completion: In grouped completion mode, no jobs will report
 -  success until all jobs are ready to report success.
 -
 -* Grouped failure: If any job fails in grouped completion mode, all remaining
 -  jobs will be cancelled. Any incremental backups will restore their dirty
 -  bitmap objects as if no backup command was ever issued.
 -
 -    * Regardless of if QEMU reports a particular incremental backup job as
 -      CANCELLED or as an ERROR, the in-memory bitmap will be restored.
 -
 -#### Example
 -
 -* Here's the same example scenario from above with the new property:
 -
 -    ```json
 -    { "execute": "transaction",
 -      "arguments": {
 -        "actions": [
 -          { "type": "drive-backup",
 -            "data": { "device": "drive0", "bitmap": "bitmap0",
 -                      "format": "qcow2", "mode": "existing",
 -                      "sync": "incremental", "target": "d0-incr-1.qcow2" } },
 -          { "type": "drive-backup",
 -            "data": { "device": "drive1", "bitmap": "bitmap1",
 -                      "format": "qcow2", "mode": "existing",
 -                      "sync": "incremental", "target": "d1-incr-1.qcow2" } },
 -        ],
 -        "properties": {
 -          "completion-mode": "grouped"
 -        }
 -      }
 -    }
 -    ```
 -
 -* QMP example response, highlighting a failure for drive2:
 -    * Acknowledgement that the Transaction was accepted and jobs were launched:
 -        ```json
 -        { "return": {} }
 -        ```
 -
 -    * Later, QEMU sends notice that the second job has errored out,
 -      but that the first job was also cancelled:
 -        ```json
 -        { "timestamp": { "seconds": 1447193702, "microseconds": 632377 },
 -          "data": { "device": "drive1", "action": "report",
 -                    "operation": "read" },
 -          "event": "BLOCK_JOB_ERROR" }
 -        ```
 -
 -        ```json
 -        { "timestamp": { "seconds": 1447193702, "microseconds": 640074 },
 -          "data": { "speed": 0, "offset": 0, "len": 67108864,
 -                    "error": "Input/output error",
 -                    "device": "drive1", "type": "backup" },
 -          "event": "BLOCK_JOB_COMPLETED" }
 -        ```
 -
 -        ```json
 -        { "timestamp": { "seconds": 1447193702, "microseconds": 640163 },
 -          "data": { "device": "drive0", "type": "backup", "speed": 0,
 -                    "len": 67108864, "offset": 16777216 },
 -          "event": "BLOCK_JOB_CANCELLED" }
 -        ```
 -
 -<!--
 -The FreeBSD Documentation License
 -
 -Redistribution and use in source (Markdown) and 'compiled' forms (SGML, HTML,
 -PDF, PostScript, RTF and so forth) with or without modification, are permitted
 -provided that the following conditions are met:
 -
 -Redistributions of source code (Markdown) must retain the above copyright
 -notice, this list of conditions and the following disclaimer of this file
 -unmodified.
 -
 -Redistributions in compiled form (transformed to other DTDs, converted to PDF,
 -PostScript, RTF and other formats) must reproduce the above copyright notice,
 -this list of conditions and the following disclaimer in the documentation and/or
 -other materials provided with the distribution.
 -
 -THIS DOCUMENTATION IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR  PURPOSE ARE
 -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS  BE LIABLE
 -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 -THIS DOCUMENTATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 --->
 diff --git a/docs/interop/bitmaps.rst b/docs/interop/bitmaps.rst
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
-+++ b/docs/interop/bitmaps.rst
++++ b/include/hw/remote/proxy.h
 @@ -XXX,XX +XXX,XX @@
-+..
++/*
-+   Copyright 2015 John Snow <jsnow@redhat.com> and Red Hat, Inc.
++ * Copyright © 2018, 2021 Oracle and/or its affiliates.
-+   All rights reserved.
++ *
 + * This work is licensed under the terms of the GNU GPL, version 2 or later.
 + * See the COPYING file in the top-level directory.
 + *
 + */
 +
-+   This file is licensed via The FreeBSD Documentation License, the full
++#ifndef PROXY_H
-+   text of which is included at the end of this document.
++#define PROXY_H
 +
-+====================================
++#include "hw/pci/pci.h"
-+Dirty Bitmaps and Incremental Backup
++#include "io/channel.h"
 +====================================
 +
-+-  Dirty Bitmaps are objects that track which data needs to be backed up
++#define TYPE_PCI_PROXY_DEV "x-pci-proxy-dev"
-+   for the next incremental backup.
++OBJECT_DECLARE_SIMPLE_TYPE(PCIProxyDev, PCI_PROXY_DEV)
 +
-+-  Dirty bitmaps can be created at any time and attached to any node
++struct PCIProxyDev {
-+   (not just complete drives).
++    PCIDevice parent_dev;
 +    char *fd;
 +
-+.. contents::
++    /*
 +     * Mutex used to protect the QIOChannel fd from
 +     * the concurrent access by the VCPUs since proxy
 +     * blocks while awaiting for the replies from the
 +     * process remote.
 +     */
 +    QemuMutex io_mutex;
 +    QIOChannel *ioc;
 +    Error *migration_blocker;
 +};
 +
-+Dirty Bitmap Names
++#endif /* PROXY_H */
-+------------------
+diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
 new file mode 100644
 index XXXXXXX..XXXXXXX
 --- /dev/null
 +++ b/hw/remote/proxy.c
@@ -XXX,XX +XXX,XX @@
 +/*
 + * Copyright © 2018, 2021 Oracle and/or its affiliates.
 + *
 + * This work is licensed under the terms of the GNU GPL, version 2 or later.
 + * See the COPYING file in the top-level directory.
 + *
 + */
 +
-+-  A dirty bitmap's name is unique to the node, but bitmaps attached to
++#include "qemu/osdep.h"
-+   different nodes can share the same name.
++#include "qemu-common.h"
 +
-+-  Dirty bitmaps created for internal use by QEMU may be anonymous and
++#include "hw/remote/proxy.h"
-+   have no name, but any user-created bitmaps must have a name. There
++#include "hw/pci/pci.h"
-+   can be any number of anonymous bitmaps per node.
++#include "qapi/error.h"
 +#include "io/channel-util.h"
 +#include "hw/qdev-properties.h"
 +#include "monitor/monitor.h"
 +#include "migration/blocker.h"
 +#include "qemu/sockets.h"
 +
-+-  The name of a user-created bitmap must not be empty ("").
++static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
 +{
 +    ERRP_GUARD();
 +    PCIProxyDev *dev = PCI_PROXY_DEV(device);
 +    int fd;
 +
-+Bitmap Modes
++    if (!dev->fd) {
-+------------
++        error_setg(errp, "fd parameter not specified for %s",
-+
++                   DEVICE(device)->id);
-+-  A bitmap can be "frozen," which means that it is currently in-use by
++        return;
 +   a backup operation and cannot be deleted, renamed, written to, reset,
 +   etc.
 +
 +-  The normal operating mode for a bitmap is "active."
 +
 +Basic QMP Usage
 +---------------
 +
 +Supported Commands
 +~~~~~~~~~~~~~~~~~~
 +
 +- ``block-dirty-bitmap-add``
 +- ``block-dirty-bitmap-remove``
 +- ``block-dirty-bitmap-clear``
 +
 +Creation
 +~~~~~~~~
 +
 +-  To create a new bitmap, enabled, on the drive with id=drive0:
 +
 +.. code:: json
 +
 +    { "execute": "block-dirty-bitmap-add",
 +      "arguments": {
 +        "node": "drive0",
 +        "name": "bitmap0"
 +      }
 +    }
 +
-+-  This bitmap will have a default granularity that matches the cluster
++    fd = monitor_fd_param(monitor_cur(), dev->fd, errp);
-+   size of its associated drive, if available, clamped to between [4KiB,
++    if (fd == -1) {
-+   64KiB]. The current default for qcow2 is 64KiB.
++        error_prepend(errp, "proxy: unable to parse fd %s: ", dev->fd);
-+
++        return;
 +-  To create a new bitmap that tracks changes in 32KiB segments:
 +
 +.. code:: json
 +
 +    { "execute": "block-dirty-bitmap-add",
 +      "arguments": {
 +        "node": "drive0",
 +        "name": "bitmap0",
 +        "granularity": 32768
 +      }
 +    }
 +
-+Deletion
++    if (!fd_is_socket(fd)) {
-+~~~~~~~~
++        error_setg(errp, "proxy: fd %d is not a socket", fd);
-+
++        close(fd);
-+-  Bitmaps that are frozen cannot be deleted.
++        return;
 +
 +-  Deleting the bitmap does not impact any other bitmaps attached to the
 +   same node, nor does it affect any backups already created from this
 +   node.
 +
 +-  Because bitmaps are only unique to the node to which they are
 +   attached, you must specify the node/drive name here, too.
 +
 +.. code:: json
 +
 +    { "execute": "block-dirty-bitmap-remove",
 +      "arguments": {
 +        "node": "drive0",
 +        "name": "bitmap0"
 +      }
 +    }
 +
-+Resetting
++    dev->ioc = qio_channel_new_fd(fd, errp);
 +~~~~~~~~~
 +
-+-  Resetting a bitmap will clear all information it holds.
++    error_setg(&dev->migration_blocker, "%s does not support migration",
 +               TYPE_PCI_PROXY_DEV);
 +    migrate_add_blocker(dev->migration_blocker, errp);
 +
-+-  An incremental backup created from an empty bitmap will copy no data,
++    qemu_mutex_init(&dev->io_mutex);
-+   as if nothing has changed.
++    qio_channel_set_blocking(dev->ioc, true, NULL);
 +}
 +
-+.. code:: json
++static void pci_proxy_dev_exit(PCIDevice *pdev)
 +{
 +    PCIProxyDev *dev = PCI_PROXY_DEV(pdev);
 +
-+    { "execute": "block-dirty-bitmap-clear",
++    if (dev->ioc) {
-+      "arguments": {
++        qio_channel_close(dev->ioc, NULL);
 +        "node": "drive0",
 +        "name": "bitmap0"
 +      }
 +    }
 +
-+Transactions
++    migrate_del_blocker(dev->migration_blocker);
 +------------
 +
-+Justification
++    error_free(dev->migration_blocker);
-+~~~~~~~~~~~~~
++}
 +
-+Bitmaps can be safely modified when the VM is paused or halted by using
++static Property proxy_properties[] = {
-+the basic QMP commands. For instance, you might perform the following
++    DEFINE_PROP_STRING("fd", PCIProxyDev, fd),
-+actions:
++    DEFINE_PROP_END_OF_LIST(),
 +};
 +
-+1. Boot the VM in a paused state.
++static void pci_proxy_dev_class_init(ObjectClass *klass, void *data)
-+2. Create a full drive backup of drive0.
++{
-+3. Create a new bitmap attached to drive0.
++    DeviceClass *dc = DEVICE_CLASS(klass);
-+4. Resume execution of the VM.
++    PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
 +5. Incremental backups are ready to be created.
 +
-+At this point, the bitmap and drive backup would be correctly in sync,
++    k->realize = pci_proxy_dev_realize;
-+and incremental backups made from this point forward would be correctly
++    k->exit = pci_proxy_dev_exit;
-+aligned to the full drive backup.
++    device_class_set_props(dc, proxy_properties);
 +}
 +
-+This is not particularly useful if we decide we want to start
++static const TypeInfo pci_proxy_dev_type_info = {
-+incremental backups after the VM has been running for a while, for which
++    .name          = TYPE_PCI_PROXY_DEV,
-+we will need to perform actions such as the following:
++    .parent        = TYPE_PCI_DEVICE,
 +    .instance_size = sizeof(PCIProxyDev),
 +    .class_init    = pci_proxy_dev_class_init,
 +    .interfaces = (InterfaceInfo[]) {
 +        { INTERFACE_CONVENTIONAL_PCI_DEVICE },
 +        { },
 +    },
 +};
 +
-+1. Boot the VM and begin execution.
++static void pci_proxy_dev_register_types(void)
-+2. Using a single transaction, perform the following operations:
++{
 +    type_register_static(&pci_proxy_dev_type_info);
 +}
 +
-+   -  Create ``bitmap0``.
++type_init(pci_proxy_dev_register_types)
-+   -  Create a full drive backup of ``drive0``.
+diff --git a/hw/remote/meson.build b/hw/remote/meson.build
-+
+index XXXXXXX..XXXXXXX 100644
-+3. Incremental backups are now ready to be created.
+--- a/hw/remote/meson.build
-+
++++ b/hw/remote/meson.build
-+Supported Bitmap Transactions
+@@ -XXX,XX +XXX,XX @@ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('machine.c'))
-+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('mpqemu-link.c'))
-+
+ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('message.c'))
-+-  ``block-dirty-bitmap-add``
+ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('remote-obj.c'))
-+-  ``block-dirty-bitmap-clear``
++remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('proxy.c'))
-+
-+The usages are identical to their respective QMP commands, but see below
+ specific_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('memory.c'))
-+for examples.
 +
 +Example: New Incremental Backup
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 +
 +As outlined in the justification, perhaps we want to create a new
 +incremental backup chain attached to a drive.
 +
 +.. code:: json
 +
 +    { "execute": "transaction",
 +      "arguments": {
 +        "actions": [
 +          {"type": "block-dirty-bitmap-add",
 +           "data": {"node": "drive0", "name": "bitmap0"} },
 +          {"type": "drive-backup",
 +           "data": {"device": "drive0", "target": "/path/to/full_backup.img",
 +                    "sync": "full", "format": "qcow2"} }
 +        ]
 +      }
 +    }
 +
 +Example: New Incremental Backup Anchor Point
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 +
 +Maybe we just want to create a new full backup with an existing bitmap
 +and want to reset the bitmap to track the new chain.
 +
 +.. code:: json
 +
 +    { "execute": "transaction",
 +      "arguments": {
 +        "actions": [
 +          {"type": "block-dirty-bitmap-clear",
 +           "data": {"node": "drive0", "name": "bitmap0"} },
 +          {"type": "drive-backup",
 +           "data": {"device": "drive0", "target": "/path/to/new_full_backup.img",
 +                    "sync": "full", "format": "qcow2"} }
 +        ]
 +      }
 +    }
 +
 +Incremental Backups
 +-------------------
 +
 +The star of the show.
 +
 +**Nota Bene!** Only incremental backups of entire drives are supported
 +for now. So despite the fact that you can attach a bitmap to any
 +arbitrary node, they are only currently useful when attached to the root
 +node. This is because drive-backup only supports drives/devices instead
 +of arbitrary nodes.
 +
 +Example: First Incremental Backup
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 +
 +1. Create a full backup and sync it to the dirty bitmap, as in the
 +   transactional examples above; or with the VM offline, manually create
 +   a full copy and then create a new bitmap before the VM begins
 +   execution.
 +
 +   -  Let's assume the full backup is named ``full_backup.img``.
 +   -  Let's assume the bitmap you created is ``bitmap0`` attached to
 +      ``drive0``.
 +
 +2. Create a destination image for the incremental backup that utilizes
 +   the full backup as a backing image.
 +
 +   -  Let's assume the new incremental image is named
 +      ``incremental.0.img``.
 +
 +   .. code:: bash
 +
 +       $ qemu-img create -f qcow2 incremental.0.img -b full_backup.img -F qcow2
 +
 +3. Issue the incremental backup command:
 +
 +   .. code:: json
 +
 +       { "execute": "drive-backup",
 +         "arguments": {
 +           "device": "drive0",
 +           "bitmap": "bitmap0",
 +           "target": "incremental.0.img",
 +           "format": "qcow2",
 +           "sync": "incremental",
 +           "mode": "existing"
 +         }
 +       }
 +
 +Example: Second Incremental Backup
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 +
 +1. Create a new destination image for the incremental backup that points
 +   to the previous one, e.g.: ``incremental.1.img``
 +
 +   .. code:: bash
 +
 +       $ qemu-img create -f qcow2 incremental.1.img -b incremental.0.img -F qcow2
 +
 +2. Issue a new incremental backup command. The only difference here is
 +   that we have changed the target image below.
 +
 +   .. code:: json
 +
 +       { "execute": "drive-backup",
 +         "arguments": {
 +           "device": "drive0",
 +           "bitmap": "bitmap0",
 +           "target": "incremental.1.img",
 +           "format": "qcow2",
 +           "sync": "incremental",
 +           "mode": "existing"
 +         }
 +       }
 +
 +Errors
 +------
 +
 +-  In the event of an error that occurs after a backup job is
 +   successfully launched, either by a direct QMP command or a QMP
 +   transaction, the user will receive a ``BLOCK_JOB_COMPLETE`` event with
 +   a failure message, accompanied by a ``BLOCK_JOB_ERROR`` event.
 +
 +-  In the case of an event being cancelled, the user will receive a
 +   ``BLOCK_JOB_CANCELLED`` event instead of a pair of COMPLETE and ERROR
 +   events.
 +
 +-  In either case, the incremental backup data contained within the
 +   bitmap is safely rolled back, and the data within the bitmap is not
 +   lost. The image file created for the failed attempt can be safely
 +   deleted.
 +
 +-  Once the underlying problem is fixed (e.g. more storage space is
 +   freed up), you can simply retry the incremental backup command with
 +   the same bitmap.
 +
 +Example
 +~~~~~~~
 +
 +1. Create a target image:
 +
 +   .. code:: bash
 +
 +       $ qemu-img create -f qcow2 incremental.0.img -b full_backup.img -F qcow2
 +
 +2. Attempt to create an incremental backup via QMP:
 +
 +   .. code:: json
 +
 +       { "execute": "drive-backup",
 +         "arguments": {
 +           "device": "drive0",
 +           "bitmap": "bitmap0",
 +           "target": "incremental.0.img",
 +           "format": "qcow2",
 +           "sync": "incremental",
 +           "mode": "existing"
 +         }
 +       }
 +
 +3. Receive an event notifying us of failure:
 +
 +   .. code:: json
 +
 +       { "timestamp": { "seconds": 1424709442, "microseconds": 844524 },
 +         "data": { "speed": 0, "offset": 0, "len": 67108864,
 +                   "error": "No space left on device",
 +                   "device": "drive1", "type": "backup" },
 +         "event": "BLOCK_JOB_COMPLETED" }
 +
 +4. Delete the failed incremental, and re-create the image.
 +
 +   .. code:: bash
 +
 +       $ rm incremental.0.img
 +       $ qemu-img create -f qcow2 incremental.0.img -b full_backup.img -F qcow2
 +
 +5. Retry the command after fixing the underlying problem, such as
 +   freeing up space on the backup volume:
 +
 +   .. code:: json
 +
 +       { "execute": "drive-backup",
 +         "arguments": {
 +           "device": "drive0",
 +           "bitmap": "bitmap0",
 +           "target": "incremental.0.img",
 +           "format": "qcow2",
 +           "sync": "incremental",
 +           "mode": "existing"
 +         }
 +       }
 +
 +6. Receive confirmation that the job completed successfully:
 +
 +   .. code:: json
 +
 +       { "timestamp": { "seconds": 1424709668, "microseconds": 526525 },
 +         "data": { "device": "drive1", "type": "backup",
 +                   "speed": 0, "len": 67108864, "offset": 67108864},
 +         "event": "BLOCK_JOB_COMPLETED" }
 +
 +Partial Transactional Failures
 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 +
 +-  Sometimes, a transaction will succeed in launching and return
 +   success, but then later the backup jobs themselves may fail. It is
 +   possible that a management application may have to deal with a
 +   partial backup failure after a successful transaction.
 +
 +-  If multiple backup jobs are specified in a single transaction, when
 +   one of them fails, it will not interact with the other backup jobs in
 +   any way.
 +
 +-  The job(s) that succeeded will clear the dirty bitmap associated with
 +   the operation, but the job(s) that failed will not. It is not "safe"
 +   to delete any incremental backups that were created successfully in
 +   this scenario, even though others failed.
 +
 +Example
 +^^^^^^^
 +
 +-  QMP example highlighting two backup jobs:
 +
 +   .. code:: json
 +
 +       { "execute": "transaction",
 +         "arguments": {
 +           "actions": [
 +             { "type": "drive-backup",
 +               "data": { "device": "drive0", "bitmap": "bitmap0",
 +                         "format": "qcow2", "mode": "existing",
 +                         "sync": "incremental", "target": "d0-incr-1.qcow2" } },
 +             { "type": "drive-backup",
 +               "data": { "device": "drive1", "bitmap": "bitmap1",
 +                         "format": "qcow2", "mode": "existing",
 +                         "sync": "incremental", "target": "d1-incr-1.qcow2" } },
 +           ]
 +         }
 +       }
 +
 +-  QMP example response, highlighting one success and one failure:
 +
 +   -  Acknowledgement that the Transaction was accepted and jobs were
 +      launched:
 +
 +      .. code:: json
 +
 +          { "return": {} }
 +
 +   -  Later, QEMU sends notice that the first job was completed:
 +
 +      .. code:: json
 +
 +          { "timestamp": { "seconds": 1447192343, "microseconds": 615698 },
 +            "data": { "device": "drive0", "type": "backup",
 +                       "speed": 0, "len": 67108864, "offset": 67108864 },
 +            "event": "BLOCK_JOB_COMPLETED"
 +          }
 +
 +   -  Later yet, QEMU sends notice that the second job has failed:
 +
 +      .. code:: json
 +
 +          { "timestamp": { "seconds": 1447192399, "microseconds": 683015 },
 +            "data": { "device": "drive1", "action": "report",
 +                      "operation": "read" },
 +            "event": "BLOCK_JOB_ERROR" }
 +
 +      .. code:: json
 +
 +          { "timestamp": { "seconds": 1447192399, "microseconds":
 +          685853 }, "data": { "speed": 0, "offset": 0, "len": 67108864,
 +          "error": "Input/output error", "device": "drive1", "type":
 +          "backup" }, "event": "BLOCK_JOB_COMPLETED" }
 +
 +-  In the above example, ``d0-incr-1.qcow2`` is valid and must be kept,
 +   but ``d1-incr-1.qcow2`` is invalid and should be deleted. If a VM-wide
 +   incremental backup of all drives at a point-in-time is to be made,
 +   new backups for both drives will need to be made, taking into account
 +   that a new incremental backup for drive0 needs to be based on top of
 +   ``d0-incr-1.qcow2``.
 +
 +Grouped Completion Mode
 +~~~~~~~~~~~~~~~~~~~~~~~
 +
 +-  While jobs launched by transactions normally complete or fail on
 +   their own, it is possible to instruct them to complete or fail
 +   together as a group.
 +
 +-  QMP transactions take an optional properties structure that can
 +   affect the semantics of the transaction.
 +
 +-  The "completion-mode" transaction property can be either "individual"
 +   which is the default, legacy behavior described above, or "grouped,"
 +   a new behavior detailed below.
 +
 +-  Delayed Completion: In grouped completion mode, no jobs will report
 +   success until all jobs are ready to report success.
 +
 +-  Grouped failure: If any job fails in grouped completion mode, all
 +   remaining jobs will be cancelled. Any incremental backups will
 +   restore their dirty bitmap objects as if no backup command was ever
 +   issued.
 +
 +   -  Regardless of if QEMU reports a particular incremental backup job
 +      as CANCELLED or as an ERROR, the in-memory bitmap will be
 +      restored.
 +
 +Example
 +^^^^^^^
 +
 +-  Here's the same example scenario from above with the new property:
 +
 +   .. code:: json
 +
 +       { "execute": "transaction",
 +         "arguments": {
 +           "actions": [
 +             { "type": "drive-backup",
 +               "data": { "device": "drive0", "bitmap": "bitmap0",
 +                         "format": "qcow2", "mode": "existing",
 +                         "sync": "incremental", "target": "d0-incr-1.qcow2" } },
 +             { "type": "drive-backup",
 +               "data": { "device": "drive1", "bitmap": "bitmap1",
 +                         "format": "qcow2", "mode": "existing",
 +                         "sync": "incremental", "target": "d1-incr-1.qcow2" } },
 +           ],
 +           "properties": {
 +             "completion-mode": "grouped"
 +           }
 +         }
 +       }
 +
 +-  QMP example response, highlighting a failure for ``drive2``:
 +
 +   -  Acknowledgement that the Transaction was accepted and jobs were
 +      launched:
 +
 +      .. code:: json
 +
 +          { "return": {} }
 +
 +   -  Later, QEMU sends notice that the second job has errored out, but
 +      that the first job was also cancelled:
 +
 +      .. code:: json
 +
 +          { "timestamp": { "seconds": 1447193702, "microseconds": 632377 },
 +            "data": { "device": "drive1", "action": "report",
 +                      "operation": "read" },
 +            "event": "BLOCK_JOB_ERROR" }
 +
 +      .. code:: json
 +
 +          { "timestamp": { "seconds": 1447193702, "microseconds": 640074 },
 +            "data": { "speed": 0, "offset": 0, "len": 67108864,
 +                      "error": "Input/output error",
 +                      "device": "drive1", "type": "backup" },
 +            "event": "BLOCK_JOB_COMPLETED" }
 +
 +      .. code:: json
 +
 +          { "timestamp": { "seconds": 1447193702, "microseconds": 640163 },
 +            "data": { "device": "drive0", "type": "backup", "speed": 0,
 +                      "len": 67108864, "offset": 16777216 },
 +            "event": "BLOCK_JOB_CANCELLED" }
 +
 +.. raw:: html
 +
 +   <!--
 +   The FreeBSD Documentation License
 +
 +   Redistribution and use in source (Markdown) and 'compiled' forms (SGML, HTML,
 +   PDF, PostScript, RTF and so forth) with or without modification, are permitted
 +   provided that the following conditions are met:
 +
 +   Redistributions of source code (Markdown) must retain the above copyright
 +   notice, this list of conditions and the following disclaimer of this file
 +   unmodified.
 +
 +   Redistributions in compiled form (transformed to other DTDs, converted to PDF,
 +   PostScript, RTF and other formats) must reproduce the above copyright notice,
 +   this list of conditions and the following disclaimer in the documentation and/or
 +   other materials provided with the distribution.
 +
 +   THIS DOCUMENTATION IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 +   AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 +   IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR  PURPOSE ARE
 +   DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS  BE LIABLE
 +   FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 +   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 +   SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 +   CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 +   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 +   THIS DOCUMENTATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 +   -->
 --
-.9.4
+.29.2

-New patch
+[PULL v3 20/27] multi-process: add proxy communication functions
+From: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
+Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-id: d54edb4176361eed86b903e8f27058363b6c83b3.1611938319.git.jag.raman@oracle.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ include/hw/remote/mpqemu-link.h |  4 ++++
+ hw/remote/mpqemu-link.c         | 34 +++++++++++++++++++++++++++++++++
+files changed, 38 insertions(+)
+diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/hw/remote/mpqemu-link.h
++++ b/include/hw/remote/mpqemu-link.h
+@@ -XXX,XX +XXX,XX @@
+ #include "qemu/thread.h"
+ #include "io/channel.h"
+ #include "exec/hwaddr.h"
++#include "io/channel-socket.h"
++#include "hw/remote/proxy.h"
+ #define REMOTE_MAX_FDS 8
+@@ -XXX,XX +XXX,XX @@ typedef struct {
+ bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp);
+ bool mpqemu_msg_recv(MPQemuMsg *msg, QIOChannel *ioc, Error **errp);
++uint64_t mpqemu_msg_send_and_await_reply(MPQemuMsg *msg, PCIProxyDev *pdev,
++                                         Error **errp);
+ bool mpqemu_msg_valid(MPQemuMsg *msg);
+ #endif
+diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/remote/mpqemu-link.c
++++ b/hw/remote/mpqemu-link.c
+@@ -XXX,XX +XXX,XX @@ fail:
+     return ret;
+ }
++/*
++ * Send msg and wait for a reply with command code RET_MSG.
++ * Returns the message received of size u64 or UINT64_MAX
++ * on error.
++ * Called from VCPU thread in non-coroutine context.
++ * Used by the Proxy object to communicate to remote processes.
++ */
++uint64_t mpqemu_msg_send_and_await_reply(MPQemuMsg *msg, PCIProxyDev *pdev,
++                                         Error **errp)
++{
++    ERRP_GUARD();
++    MPQemuMsg msg_reply = {0};
++    uint64_t ret = UINT64_MAX;
++
++    assert(!qemu_in_coroutine());
++
++    QEMU_LOCK_GUARD(&pdev->io_mutex);
++    if (!mpqemu_msg_send(msg, pdev->ioc, errp)) {
++        return ret;
++    }
++
++    if (!mpqemu_msg_recv(&msg_reply, pdev->ioc, errp)) {
++        return ret;
++    }
++
++    if (!mpqemu_msg_valid(&msg_reply)) {
++        error_setg(errp, "ERROR: Invalid reply received for command %d",
++                         msg->cmd);
++        return ret;
++    }
++
++    return msg_reply.data.u64;
++}
++
+ bool mpqemu_msg_valid(MPQemuMsg *msg)
+ {
+     if (msg->cmd >= MPQEMU_CMD_MAX && msg->cmd < 0) {
+--
+.29.2

-New patch
+[PULL v3 21/27] multi-process: Forward PCI config space acceses to the remote process
+From: Elena Ufimtseva <elena.ufimtseva@oracle.com>
 The Proxy Object sends the PCI config space accesses as messages
 to the remote process over the communication channel
 Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
 Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
 Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
 Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
 Message-id: d3c94f4618813234655356c60e6f0d0362ff42d6.1611938319.git.jag.raman@oracle.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
  include/hw/remote/mpqemu-link.h | 10 ++++++
  hw/remote/message.c             | 60 +++++++++++++++++++++++++++++++++
  hw/remote/mpqemu-link.c         |  8 ++++-
  hw/remote/proxy.c               | 55 ++++++++++++++++++++++++++++++
 files changed, 132 insertions(+), 1 deletion(-)
 diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/hw/remote/mpqemu-link.h
 +++ b/include/hw/remote/mpqemu-link.h
@@ -XXX,XX +XXX,XX @@
   */
  typedef enum {
      MPQEMU_CMD_SYNC_SYSMEM,
 +    MPQEMU_CMD_RET,
 +    MPQEMU_CMD_PCI_CFGWRITE,
 +    MPQEMU_CMD_PCI_CFGREAD,
      MPQEMU_CMD_MAX,
  } MPQemuCmd;
@@ -XXX,XX +XXX,XX @@ typedef struct {
      off_t offsets[REMOTE_MAX_FDS];
  } SyncSysmemMsg;
 +typedef struct {
 +    uint32_t addr;
 +    uint32_t val;
 +    int len;
 +} PciConfDataMsg;
 +
  /**
   * MPQemuMsg:
   * @cmd: The remote command
@@ -XXX,XX +XXX,XX @@ typedef struct {
      union {
          uint64_t u64;
 +        PciConfDataMsg pci_conf_data;
          SyncSysmemMsg sync_sysmem;
      } data;
 diff --git a/hw/remote/message.c b/hw/remote/message.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/remote/message.c
 +++ b/hw/remote/message.c
@@ -XXX,XX +XXX,XX @@
  #include "hw/remote/mpqemu-link.h"
  #include "qapi/error.h"
  #include "sysemu/runstate.h"
 +#include "hw/pci/pci.h"
 +
 +static void process_config_write(QIOChannel *ioc, PCIDevice *dev,
 +                                 MPQemuMsg *msg, Error **errp);
 +static void process_config_read(QIOChannel *ioc, PCIDevice *dev,
 +                                MPQemuMsg *msg, Error **errp);
  void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
  {
@@ -XXX,XX +XXX,XX @@ void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
          }
          switch (msg.cmd) {
 +        case MPQEMU_CMD_PCI_CFGWRITE:
 +            process_config_write(com->ioc, pci_dev, &msg, &local_err);
 +            break;
 +        case MPQEMU_CMD_PCI_CFGREAD:
 +            process_config_read(com->ioc, pci_dev, &msg, &local_err);
 +            break;
          default:
              error_setg(&local_err,
                         "Unknown command (%d) received for device %s"
@@ -XXX,XX +XXX,XX @@ void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
          qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
      }
  }
 +
 +static void process_config_write(QIOChannel *ioc, PCIDevice *dev,
 +                                 MPQemuMsg *msg, Error **errp)
 +{
 +    ERRP_GUARD();
 +    PciConfDataMsg *conf = (PciConfDataMsg *)&msg->data.pci_conf_data;
 +    MPQemuMsg ret = { 0 };
 +
 +    if ((conf->addr + sizeof(conf->val)) > pci_config_size(dev)) {
 +        error_setg(errp, "Bad address for PCI config write, pid "FMT_pid".",
 +                   getpid());
 +        ret.data.u64 = UINT64_MAX;
 +    } else {
 +        pci_default_write_config(dev, conf->addr, conf->val, conf->len);
 +    }
 +
 +    ret.cmd = MPQEMU_CMD_RET;
 +    ret.size = sizeof(ret.data.u64);
 +
 +    if (!mpqemu_msg_send(&ret, ioc, NULL)) {
 +        error_prepend(errp, "Error returning code to proxy, pid "FMT_pid": ",
 +                      getpid());
 +    }
 +}
 +
 +static void process_config_read(QIOChannel *ioc, PCIDevice *dev,
 +                                MPQemuMsg *msg, Error **errp)
 +{
 +    ERRP_GUARD();
 +    PciConfDataMsg *conf = (PciConfDataMsg *)&msg->data.pci_conf_data;
 +    MPQemuMsg ret = { 0 };
 +
 +    if ((conf->addr + sizeof(conf->val)) > pci_config_size(dev)) {
 +        error_setg(errp, "Bad address for PCI config read, pid "FMT_pid".",
 +                   getpid());
 +        ret.data.u64 = UINT64_MAX;
 +    } else {
 +        ret.data.u64 = pci_default_read_config(dev, conf->addr, conf->len);
 +    }
 +
 +    ret.cmd = MPQEMU_CMD_RET;
 +    ret.size = sizeof(ret.data.u64);
 +
 +    if (!mpqemu_msg_send(&ret, ioc, NULL)) {
 +        error_prepend(errp, "Error returning code to proxy, pid "FMT_pid": ",
 +                      getpid());
 +    }
 +}
 diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/remote/mpqemu-link.c
 +++ b/hw/remote/mpqemu-link.c
@@ -XXX,XX +XXX,XX @@ uint64_t mpqemu_msg_send_and_await_reply(MPQemuMsg *msg, PCIProxyDev *pdev,
          return ret;
      }
 -    if (!mpqemu_msg_valid(&msg_reply)) {
 +    if (!mpqemu_msg_valid(&msg_reply) || msg_reply.cmd != MPQEMU_CMD_RET) {
          error_setg(errp, "ERROR: Invalid reply received for command %d",
                           msg->cmd);
          return ret;
@@ -XXX,XX +XXX,XX @@ bool mpqemu_msg_valid(MPQemuMsg *msg)
              return false;
          }
          break;
 +    case MPQEMU_CMD_PCI_CFGWRITE:
 +    case MPQEMU_CMD_PCI_CFGREAD:
 +        if (msg->size != sizeof(PciConfDataMsg)) {
 +            return false;
 +        }
 +        break;
      default:
          break;
      }
 diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/remote/proxy.c
 +++ b/hw/remote/proxy.c
@@ -XXX,XX +XXX,XX @@
  #include "monitor/monitor.h"
  #include "migration/blocker.h"
  #include "qemu/sockets.h"
 +#include "hw/remote/mpqemu-link.h"
 +#include "qemu/error-report.h"
  static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
  {
@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_exit(PCIDevice *pdev)
      error_free(dev->migration_blocker);
  }
 +static void config_op_send(PCIProxyDev *pdev, uint32_t addr, uint32_t *val,
 +                           int len, unsigned int op)
 +{
 +    MPQemuMsg msg = { 0 };
 +    uint64_t ret = -EINVAL;
 +    Error *local_err = NULL;
 +
 +    msg.cmd = op;
 +    msg.data.pci_conf_data.addr = addr;
 +    msg.data.pci_conf_data.val = (op == MPQEMU_CMD_PCI_CFGWRITE) ? *val : 0;
 +    msg.data.pci_conf_data.len = len;
 +    msg.size = sizeof(PciConfDataMsg);
 +
 +    ret = mpqemu_msg_send_and_await_reply(&msg, pdev, &local_err);
 +    if (local_err) {
 +        error_report_err(local_err);
 +    }
 +
 +    if (ret == UINT64_MAX) {
 +        error_report("Failed to perform PCI config %s operation",
 +                     (op == MPQEMU_CMD_PCI_CFGREAD) ? "READ" : "WRITE");
 +    }
 +
 +    if (op == MPQEMU_CMD_PCI_CFGREAD) {
 +        *val = (uint32_t)ret;
 +    }
 +}
 +
 +static uint32_t pci_proxy_read_config(PCIDevice *d, uint32_t addr, int len)
 +{
 +    uint32_t val;
 +
 +    config_op_send(PCI_PROXY_DEV(d), addr, &val, len, MPQEMU_CMD_PCI_CFGREAD);
 +
 +    return val;
 +}
 +
 +static void pci_proxy_write_config(PCIDevice *d, uint32_t addr, uint32_t val,
 +                                   int len)
 +{
 +    /*
 +     * Some of the functions access the copy of remote device's PCI config
 +     * space which is cached in the proxy device. Therefore, maintain
 +     * it updated.
 +     */
 +    pci_default_write_config(d, addr, val, len);
 +
 +    config_op_send(PCI_PROXY_DEV(d), addr, &val, len, MPQEMU_CMD_PCI_CFGWRITE);
 +}
 +
  static Property proxy_properties[] = {
      DEFINE_PROP_STRING("fd", PCIProxyDev, fd),
      DEFINE_PROP_END_OF_LIST(),
@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_class_init(ObjectClass *klass, void *data)
      k->realize = pci_proxy_dev_realize;
      k->exit = pci_proxy_dev_exit;
 +    k->config_read = pci_proxy_read_config;
 +    k->config_write = pci_proxy_write_config;
 +
      device_class_set_props(dc, proxy_properties);
  }
 --
 .29.2

-New patch
+[PULL v3 22/27] multi-process: PCI BAR read/write handling for proxy & remote endpoints
+From: Jagannathan Raman <jag.raman@oracle.com>
 Proxy device object implements handler for PCI BAR writes and reads.
 The handler uses BAR_WRITE/BAR_READ message to communicate to the
 remote process with the BAR address and value to be written/read.
 The remote process implements handler for BAR_WRITE/BAR_READ
 message.
 Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
 Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
 Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
 Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
 Message-id: a8b76714a9688be5552c4c92d089bc9e8a4707ff.1611938319.git.jag.raman@oracle.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
  include/hw/remote/mpqemu-link.h | 10 ++++
  include/hw/remote/proxy.h       |  9 ++++
  hw/remote/message.c             | 83 +++++++++++++++++++++++++++++++++
  hw/remote/mpqemu-link.c         |  6 +++
  hw/remote/proxy.c               | 60 ++++++++++++++++++++++++
 files changed, 168 insertions(+)
 diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/hw/remote/mpqemu-link.h
 +++ b/include/hw/remote/mpqemu-link.h
@@ -XXX,XX +XXX,XX @@ typedef enum {
      MPQEMU_CMD_RET,
      MPQEMU_CMD_PCI_CFGWRITE,
      MPQEMU_CMD_PCI_CFGREAD,
 +    MPQEMU_CMD_BAR_WRITE,
 +    MPQEMU_CMD_BAR_READ,
      MPQEMU_CMD_MAX,
  } MPQemuCmd;
@@ -XXX,XX +XXX,XX @@ typedef struct {
      int len;
  } PciConfDataMsg;
 +typedef struct {
 +    hwaddr addr;
 +    uint64_t val;
 +    unsigned size;
 +    bool memory;
 +} BarAccessMsg;
 +
  /**
   * MPQemuMsg:
   * @cmd: The remote command
@@ -XXX,XX +XXX,XX @@ typedef struct {
          uint64_t u64;
          PciConfDataMsg pci_conf_data;
          SyncSysmemMsg sync_sysmem;
 +        BarAccessMsg bar_access;
      } data;
      int fds[REMOTE_MAX_FDS];
 diff --git a/include/hw/remote/proxy.h b/include/hw/remote/proxy.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/hw/remote/proxy.h
 +++ b/include/hw/remote/proxy.h
@@ -XXX,XX +XXX,XX @@
  #define TYPE_PCI_PROXY_DEV "x-pci-proxy-dev"
  OBJECT_DECLARE_SIMPLE_TYPE(PCIProxyDev, PCI_PROXY_DEV)
 +typedef struct ProxyMemoryRegion {
 +    PCIProxyDev *dev;
 +    MemoryRegion mr;
 +    bool memory;
 +    bool present;
 +    uint8_t type;
 +} ProxyMemoryRegion;
 +
  struct PCIProxyDev {
      PCIDevice parent_dev;
      char *fd;
@@ -XXX,XX +XXX,XX @@ struct PCIProxyDev {
      QemuMutex io_mutex;
      QIOChannel *ioc;
      Error *migration_blocker;
 +    ProxyMemoryRegion region[PCI_NUM_REGIONS];
  };
  #endif /* PROXY_H */
 diff --git a/hw/remote/message.c b/hw/remote/message.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/remote/message.c
 +++ b/hw/remote/message.c
@@ -XXX,XX +XXX,XX @@
  #include "qapi/error.h"
  #include "sysemu/runstate.h"
  #include "hw/pci/pci.h"
 +#include "exec/memattrs.h"
  static void process_config_write(QIOChannel *ioc, PCIDevice *dev,
                                   MPQemuMsg *msg, Error **errp);
  static void process_config_read(QIOChannel *ioc, PCIDevice *dev,
                                  MPQemuMsg *msg, Error **errp);
 +static void process_bar_write(QIOChannel *ioc, MPQemuMsg *msg, Error **errp);
 +static void process_bar_read(QIOChannel *ioc, MPQemuMsg *msg, Error **errp);
  void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
  {
@@ -XXX,XX +XXX,XX @@ void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
          case MPQEMU_CMD_PCI_CFGREAD:
              process_config_read(com->ioc, pci_dev, &msg, &local_err);
              break;
 +        case MPQEMU_CMD_BAR_WRITE:
 +            process_bar_write(com->ioc, &msg, &local_err);
 +            break;
 +        case MPQEMU_CMD_BAR_READ:
 +            process_bar_read(com->ioc, &msg, &local_err);
 +            break;
          default:
              error_setg(&local_err,
                         "Unknown command (%d) received for device %s"
@@ -XXX,XX +XXX,XX @@ static void process_config_read(QIOChannel *ioc, PCIDevice *dev,
                        getpid());
      }
  }
 +
 +static void process_bar_write(QIOChannel *ioc, MPQemuMsg *msg, Error **errp)
 +{
 +    ERRP_GUARD();
 +    BarAccessMsg *bar_access = &msg->data.bar_access;
 +    AddressSpace *as =
 +        bar_access->memory ? &address_space_memory : &address_space_io;
 +    MPQemuMsg ret = { 0 };
 +    MemTxResult res;
 +    uint64_t val;
 +
 +    if (!is_power_of_2(bar_access->size) ||
 +       (bar_access->size > sizeof(uint64_t))) {
 +        ret.data.u64 = UINT64_MAX;
 +        goto fail;
 +    }
 +
 +    val = cpu_to_le64(bar_access->val);
 +
 +    res = address_space_rw(as, bar_access->addr, MEMTXATTRS_UNSPECIFIED,
 +                           (void *)&val, bar_access->size, true);
 +
 +    if (res != MEMTX_OK) {
 +        error_setg(errp, "Bad address %"PRIx64" for mem write, pid "FMT_pid".",
 +                   bar_access->addr, getpid());
 +        ret.data.u64 = -1;
 +    }
 +
 +fail:
 +    ret.cmd = MPQEMU_CMD_RET;
 +    ret.size = sizeof(ret.data.u64);
 +
 +    if (!mpqemu_msg_send(&ret, ioc, NULL)) {
 +        error_prepend(errp, "Error returning code to proxy, pid "FMT_pid": ",
 +                      getpid());
 +    }
 +}
 +
 +static void process_bar_read(QIOChannel *ioc, MPQemuMsg *msg, Error **errp)
 +{
 +    ERRP_GUARD();
 +    BarAccessMsg *bar_access = &msg->data.bar_access;
 +    MPQemuMsg ret = { 0 };
 +    AddressSpace *as;
 +    MemTxResult res;
 +    uint64_t val = 0;
 +
 +    as = bar_access->memory ? &address_space_memory : &address_space_io;
 +
 +    if (!is_power_of_2(bar_access->size) ||
 +       (bar_access->size > sizeof(uint64_t))) {
 +        val = UINT64_MAX;
 +        goto fail;
 +    }
 +
 +    res = address_space_rw(as, bar_access->addr, MEMTXATTRS_UNSPECIFIED,
 +                           (void *)&val, bar_access->size, false);
 +
 +    if (res != MEMTX_OK) {
 +        error_setg(errp, "Bad address %"PRIx64" for mem read, pid "FMT_pid".",
 +                   bar_access->addr, getpid());
 +        val = UINT64_MAX;
 +    }
 +
 +fail:
 +    ret.cmd = MPQEMU_CMD_RET;
 +    ret.data.u64 = le64_to_cpu(val);
 +    ret.size = sizeof(ret.data.u64);
 +
 +    if (!mpqemu_msg_send(&ret, ioc, NULL)) {
 +        error_prepend(errp, "Error returning code to proxy, pid "FMT_pid": ",
 +                      getpid());
 +    }
 +}
 diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/remote/mpqemu-link.c
 +++ b/hw/remote/mpqemu-link.c
@@ -XXX,XX +XXX,XX @@ bool mpqemu_msg_valid(MPQemuMsg *msg)
              return false;
          }
          break;
 +    case MPQEMU_CMD_BAR_WRITE:
 +    case MPQEMU_CMD_BAR_READ:
 +        if ((msg->size != sizeof(BarAccessMsg)) || (msg->num_fds != 0)) {
 +            return false;
 +        }
 +        break;
      default:
          break;
      }
 diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/remote/proxy.c
 +++ b/hw/remote/proxy.c
@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_register_types(void)
  }
  type_init(pci_proxy_dev_register_types)
 +
 +static void send_bar_access_msg(PCIProxyDev *pdev, MemoryRegion *mr,
 +                                bool write, hwaddr addr, uint64_t *val,
 +                                unsigned size, bool memory)
 +{
 +    MPQemuMsg msg = { 0 };
 +    long ret = -EINVAL;
 +    Error *local_err = NULL;
 +
 +    msg.size = sizeof(BarAccessMsg);
 +    msg.data.bar_access.addr = mr->addr + addr;
 +    msg.data.bar_access.size = size;
 +    msg.data.bar_access.memory = memory;
 +
 +    if (write) {
 +        msg.cmd = MPQEMU_CMD_BAR_WRITE;
 +        msg.data.bar_access.val = *val;
 +    } else {
 +        msg.cmd = MPQEMU_CMD_BAR_READ;
 +    }
 +
 +    ret = mpqemu_msg_send_and_await_reply(&msg, pdev, &local_err);
 +    if (local_err) {
 +        error_report_err(local_err);
 +    }
 +
 +    if (!write) {
 +        *val = ret;
 +    }
 +}
 +
 +static void proxy_bar_write(void *opaque, hwaddr addr, uint64_t val,
 +                            unsigned size)
 +{
 +    ProxyMemoryRegion *pmr = opaque;
 +
 +    send_bar_access_msg(pmr->dev, &pmr->mr, true, addr, &val, size,
 +                        pmr->memory);
 +}
 +
 +static uint64_t proxy_bar_read(void *opaque, hwaddr addr, unsigned size)
 +{
 +    ProxyMemoryRegion *pmr = opaque;
 +    uint64_t val;
 +
 +    send_bar_access_msg(pmr->dev, &pmr->mr, false, addr, &val, size,
 +                        pmr->memory);
 +
 +    return val;
 +}
 +
 +const MemoryRegionOps proxy_mr_ops = {
 +    .read = proxy_bar_read,
 +    .write = proxy_bar_write,
 +    .endianness = DEVICE_NATIVE_ENDIAN,
 +    .impl = {
 +        .min_access_size = 1,
 +        .max_access_size = 8,
 +    },
 +};
 --
 .29.2

-New patch
+[PULL v3 23/27] multi-process: Synchronize remote memory
+From: Jagannathan Raman <jag.raman@oracle.com>
+Add ProxyMemoryListener object which is used to keep the view of the RAM
+in sync between QEMU and remote process.
+A MemoryListener is registered for system-memory AddressSpace. The
+listener sends SYNC_SYSMEM message to the remote process when memory
+listener commits the changes to memory, the remote process receives
+the message and processes it in the handler for SYNC_SYSMEM message.
+Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
+Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
+Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-id: 04fe4e6a9ca90d4f11ab6f59be7652f5b086a071.1611938319.git.jag.raman@oracle.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ MAINTAINERS                               |   2 +
+ include/hw/remote/proxy-memory-listener.h |  28 +++
+ include/hw/remote/proxy.h                 |   2 +
+ hw/remote/message.c                       |   4 +
+ hw/remote/proxy-memory-listener.c         | 227 ++++++++++++++++++++++
+ hw/remote/proxy.c                         |   6 +
+ hw/remote/meson.build                     |   1 +
+files changed, 270 insertions(+)
+ create mode 100644 include/hw/remote/proxy-memory-listener.h
+ create mode 100644 hw/remote/proxy-memory-listener.c
+diff --git a/MAINTAINERS b/MAINTAINERS
+index XXXXXXX..XXXXXXX 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -XXX,XX +XXX,XX @@ F: include/hw/remote/memory.h
+ F: hw/remote/memory.c
+ F: hw/remote/proxy.c
+ F: include/hw/remote/proxy.h
++F: hw/remote/proxy-memory-listener.c
++F: include/hw/remote/proxy-memory-listener.h
+ Build and test automation
+ -------------------------
+diff --git a/include/hw/remote/proxy-memory-listener.h b/include/hw/remote/proxy-memory-listener.h
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/include/hw/remote/proxy-memory-listener.h
+@@ -XXX,XX +XXX,XX @@
++/*
++ * Copyright © 2018, 2021 Oracle and/or its affiliates.
++ *
++ * This work is licensed under the terms of the GNU GPL, version 2 or later.
++ * See the COPYING file in the top-level directory.
++ *
++ */
++
++#ifndef PROXY_MEMORY_LISTENER_H
++#define PROXY_MEMORY_LISTENER_H
++
++#include "exec/memory.h"
++#include "io/channel.h"
++
++typedef struct ProxyMemoryListener {
++    MemoryListener listener;
++
++    int n_mr_sections;
++    MemoryRegionSection *mr_sections;
++
++    QIOChannel *ioc;
++} ProxyMemoryListener;
++
++void proxy_memory_listener_configure(ProxyMemoryListener *proxy_listener,
++                                     QIOChannel *ioc);
++void proxy_memory_listener_deconfigure(ProxyMemoryListener *proxy_listener);
++
++#endif
+diff --git a/include/hw/remote/proxy.h b/include/hw/remote/proxy.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/hw/remote/proxy.h
++++ b/include/hw/remote/proxy.h
+@@ -XXX,XX +XXX,XX @@
+ #include "hw/pci/pci.h"
+ #include "io/channel.h"
++#include "hw/remote/proxy-memory-listener.h"
+ #define TYPE_PCI_PROXY_DEV "x-pci-proxy-dev"
+ OBJECT_DECLARE_SIMPLE_TYPE(PCIProxyDev, PCI_PROXY_DEV)
+@@ -XXX,XX +XXX,XX @@ struct PCIProxyDev {
+     QemuMutex io_mutex;
+     QIOChannel *ioc;
+     Error *migration_blocker;
++    ProxyMemoryListener proxy_listener;
+     ProxyMemoryRegion region[PCI_NUM_REGIONS];
+ };
+diff --git a/hw/remote/message.c b/hw/remote/message.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/remote/message.c
++++ b/hw/remote/message.c
+@@ -XXX,XX +XXX,XX @@
+ #include "sysemu/runstate.h"
+ #include "hw/pci/pci.h"
+ #include "exec/memattrs.h"
++#include "hw/remote/memory.h"
+ static void process_config_write(QIOChannel *ioc, PCIDevice *dev,
+                                  MPQemuMsg *msg, Error **errp);
+@@ -XXX,XX +XXX,XX @@ void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
+         case MPQEMU_CMD_BAR_READ:
+             process_bar_read(com->ioc, &msg, &local_err);
+             break;
++        case MPQEMU_CMD_SYNC_SYSMEM:
++            remote_sysmem_reconfig(&msg, &local_err);
++            break;
+         default:
+             error_setg(&local_err,
+                        "Unknown command (%d) received for device %s"
+diff --git a/hw/remote/proxy-memory-listener.c b/hw/remote/proxy-memory-listener.c
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/hw/remote/proxy-memory-listener.c
+@@ -XXX,XX +XXX,XX @@
++/*
++ * Copyright © 2018, 2021 Oracle and/or its affiliates.
++ *
++ * This work is licensed under the terms of the GNU GPL, version 2 or later.
++ * See the COPYING file in the top-level directory.
++ *
++ */
++
++#include "qemu/osdep.h"
++#include "qemu-common.h"
++
++#include "qemu/compiler.h"
++#include "qemu/int128.h"
++#include "qemu/range.h"
++#include "exec/memory.h"
++#include "exec/cpu-common.h"
++#include "cpu.h"
++#include "exec/ram_addr.h"
++#include "exec/address-spaces.h"
++#include "qapi/error.h"
++#include "hw/remote/mpqemu-link.h"
++#include "hw/remote/proxy-memory-listener.h"
++
++/*
++ * TODO: get_fd_from_hostaddr(), proxy_mrs_can_merge() and
++ * proxy_memory_listener_commit() defined below perform tasks similar to the
++ * functions defined in vhost-user.c. These functions are good candidates
++ * for refactoring.
++ *
++ */
++
++static void proxy_memory_listener_reset(MemoryListener *listener)
++{
++    ProxyMemoryListener *proxy_listener = container_of(listener,
++                                                       ProxyMemoryListener,
++                                                       listener);
++    int mrs;
++
++    for (mrs = 0; mrs < proxy_listener->n_mr_sections; mrs++) {
++        memory_region_unref(proxy_listener->mr_sections[mrs].mr);
++    }
++
++    g_free(proxy_listener->mr_sections);
++    proxy_listener->mr_sections = NULL;
++    proxy_listener->n_mr_sections = 0;
++}
++
++static int get_fd_from_hostaddr(uint64_t host, ram_addr_t *offset)
++{
++    MemoryRegion *mr;
++    ram_addr_t off;
++
++    /**
++     * Assumes that the host address is a valid address as it's
++     * coming from the MemoryListener system. In the case host
++     * address is not valid, the following call would return
++     * the default subregion of "system_memory" region, and
++     * not NULL. So it's not possible to check for NULL here.
++     */
++    mr = memory_region_from_host((void *)(uintptr_t)host, &off);
++
++    if (offset) {
++        *offset = off;
++    }
++
++    return memory_region_get_fd(mr);
++}
++
++static bool proxy_mrs_can_merge(uint64_t host, uint64_t prev_host, size_t size)
++{
++    if (((prev_host + size) != host)) {
++        return false;
++    }
++
++    if (get_fd_from_hostaddr(host, NULL) !=
++            get_fd_from_hostaddr(prev_host, NULL)) {
++        return false;
++    }
++
++    return true;
++}
++
++static bool try_merge(ProxyMemoryListener *proxy_listener,
++                      MemoryRegionSection *section)
++{
++    uint64_t mrs_size, mrs_gpa, mrs_page;
++    MemoryRegionSection *prev_sec;
++    bool merged = false;
++    uintptr_t mrs_host;
++    RAMBlock *mrs_rb;
++
++    if (!proxy_listener->n_mr_sections) {
++        return false;
++    }
++
++    mrs_rb = section->mr->ram_block;
++    mrs_page = (uint64_t)qemu_ram_pagesize(mrs_rb);
++    mrs_size = int128_get64(section->size);
++    mrs_gpa = section->offset_within_address_space;
++    mrs_host = (uintptr_t)memory_region_get_ram_ptr(section->mr) +
++               section->offset_within_region;
++
++    if (get_fd_from_hostaddr(mrs_host, NULL) < 0) {
++        return true;
++    }
++
++    mrs_host = mrs_host & ~(mrs_page - 1);
++    mrs_gpa = mrs_gpa & ~(mrs_page - 1);
++    mrs_size = ROUND_UP(mrs_size, mrs_page);
++
++    prev_sec = proxy_listener->mr_sections +
++               (proxy_listener->n_mr_sections - 1);
++    uint64_t prev_gpa_start = prev_sec->offset_within_address_space;
++    uint64_t prev_size = int128_get64(prev_sec->size);
++    uint64_t prev_gpa_end   = range_get_last(prev_gpa_start, prev_size);
++    uint64_t prev_host_start =
++        (uintptr_t)memory_region_get_ram_ptr(prev_sec->mr) +
++        prev_sec->offset_within_region;
++    uint64_t prev_host_end = range_get_last(prev_host_start, prev_size);
++
++    if (mrs_gpa <= (prev_gpa_end + 1)) {
++        g_assert(mrs_gpa > prev_gpa_start);
++
++        if ((section->mr == prev_sec->mr) &&
++            proxy_mrs_can_merge(mrs_host, prev_host_start,
++                                (mrs_gpa - prev_gpa_start))) {
++            uint64_t max_end = MAX(prev_host_end, mrs_host + mrs_size);
++            merged = true;
++            prev_sec->offset_within_address_space =
++                MIN(prev_gpa_start, mrs_gpa);
++            prev_sec->offset_within_region =
++                MIN(prev_host_start, mrs_host) -
++                (uintptr_t)memory_region_get_ram_ptr(prev_sec->mr);
++            prev_sec->size = int128_make64(max_end - MIN(prev_host_start,
++                                                         mrs_host));
++        }
++    }
++
++    return merged;
++}
++
++static void proxy_memory_listener_region_addnop(MemoryListener *listener,
++                                                MemoryRegionSection *section)
++{
++    ProxyMemoryListener *proxy_listener = container_of(listener,
++                                                       ProxyMemoryListener,
++                                                       listener);
++
++    if (!memory_region_is_ram(section->mr) ||
++            memory_region_is_rom(section->mr)) {
++        return;
++    }
++
++    if (try_merge(proxy_listener, section)) {
++        return;
++    }
++
++    ++proxy_listener->n_mr_sections;
++    proxy_listener->mr_sections = g_renew(MemoryRegionSection,
++                                          proxy_listener->mr_sections,
++                                          proxy_listener->n_mr_sections);
++    proxy_listener->mr_sections[proxy_listener->n_mr_sections - 1] = *section;
++    proxy_listener->mr_sections[proxy_listener->n_mr_sections - 1].fv = NULL;
++    memory_region_ref(section->mr);
++}
++
++static void proxy_memory_listener_commit(MemoryListener *listener)
++{
++    ProxyMemoryListener *proxy_listener = container_of(listener,
++                                                       ProxyMemoryListener,
++                                                       listener);
++    MPQemuMsg msg;
++    MemoryRegionSection *section;
++    ram_addr_t offset;
++    uintptr_t host_addr;
++    int region;
++    Error *local_err = NULL;
++
++    memset(&msg, 0, sizeof(MPQemuMsg));
++
++    msg.cmd = MPQEMU_CMD_SYNC_SYSMEM;
++    msg.num_fds = proxy_listener->n_mr_sections;
++    msg.size = sizeof(SyncSysmemMsg);
++    if (msg.num_fds > REMOTE_MAX_FDS) {
++        error_report("Number of fds is more than %d", REMOTE_MAX_FDS);
++        return;
++    }
++
++    for (region = 0; region < proxy_listener->n_mr_sections; region++) {
++        section = &proxy_listener->mr_sections[region];
++        msg.data.sync_sysmem.gpas[region] =
++            section->offset_within_address_space;
++        msg.data.sync_sysmem.sizes[region] = int128_get64(section->size);
++        host_addr = (uintptr_t)memory_region_get_ram_ptr(section->mr) +
++                    section->offset_within_region;
++        msg.fds[region] = get_fd_from_hostaddr(host_addr, &offset);
++        msg.data.sync_sysmem.offsets[region] = offset;
++    }
++    if (!mpqemu_msg_send(&msg, proxy_listener->ioc, &local_err)) {
++        error_report_err(local_err);
++    }
++}
++
++void proxy_memory_listener_deconfigure(ProxyMemoryListener *proxy_listener)
++{
++    memory_listener_unregister(&proxy_listener->listener);
++
++    proxy_memory_listener_reset(&proxy_listener->listener);
++}
++
++void proxy_memory_listener_configure(ProxyMemoryListener *proxy_listener,
++                                     QIOChannel *ioc)
++{
++    proxy_listener->n_mr_sections = 0;
++    proxy_listener->mr_sections = NULL;
++
++    proxy_listener->ioc = ioc;
++
++    proxy_listener->listener.begin = proxy_memory_listener_reset;
++    proxy_listener->listener.commit = proxy_memory_listener_commit;
++    proxy_listener->listener.region_add = proxy_memory_listener_region_addnop;
++    proxy_listener->listener.region_nop = proxy_memory_listener_region_addnop;
++    proxy_listener->listener.priority = 10;
++
++    memory_listener_register(&proxy_listener->listener,
++                             &address_space_memory);
++}
+diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/remote/proxy.c
++++ b/hw/remote/proxy.c
+@@ -XXX,XX +XXX,XX @@
+ #include "qemu/sockets.h"
+ #include "hw/remote/mpqemu-link.h"
+ #include "qemu/error-report.h"
++#include "hw/remote/proxy-memory-listener.h"
++#include "qom/object.h"
+ static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
+ {
+@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
+     qemu_mutex_init(&dev->io_mutex);
+     qio_channel_set_blocking(dev->ioc, true, NULL);
++
++    proxy_memory_listener_configure(&dev->proxy_listener, dev->ioc);
+ }
+ static void pci_proxy_dev_exit(PCIDevice *pdev)
+@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_exit(PCIDevice *pdev)
+     migrate_del_blocker(dev->migration_blocker);
+     error_free(dev->migration_blocker);
++
++    proxy_memory_listener_deconfigure(&dev->proxy_listener);
+ }
+ static void config_op_send(PCIProxyDev *pdev, uint32_t addr, uint32_t *val,
+diff --git a/hw/remote/meson.build b/hw/remote/meson.build
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/remote/meson.build
++++ b/hw/remote/meson.build
+@@ -XXX,XX +XXX,XX @@ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('remote-obj.c'))
+ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('proxy.c'))
+ specific_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('memory.c'))
++specific_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('proxy-memory-listener.c'))
+ softmmu_ss.add_all(when: 'CONFIG_MULTIPROCESS', if_true: remote_ss)
+--
+.29.2

-New patch
+[PULL v3 24/27] multi-process: create IOHUB object to handle irq
+From: Jagannathan Raman <jag.raman@oracle.com>
+IOHUB object is added to manage PCI IRQs. It uses KVM_IRQFD
+ioctl to create irqfd to injecting PCI interrupts to the guest.
+IOHUB object forwards the irqfd to the remote process. Remote process
+uses this fd to directly send interrupts to the guest, bypassing QEMU.
+Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
+Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
+Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-id: 51d5c3d54e28a68b002e3875c59599c9f5a424a1.1611938319.git.jag.raman@oracle.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ MAINTAINERS                     |   2 +
+ include/hw/pci/pci_ids.h        |   3 +
+ include/hw/remote/iohub.h       |  42 +++++++++++
+ include/hw/remote/machine.h     |   2 +
+ include/hw/remote/mpqemu-link.h |   1 +
+ include/hw/remote/proxy.h       |   4 ++
+ hw/remote/iohub.c               | 119 ++++++++++++++++++++++++++++++++
+ hw/remote/machine.c             |  10 +++
+ hw/remote/message.c             |   4 ++
+ hw/remote/mpqemu-link.c         |   5 ++
+ hw/remote/proxy.c               |  56 +++++++++++++++
+ hw/remote/meson.build           |   1 +
+files changed, 249 insertions(+)
+ create mode 100644 include/hw/remote/iohub.h
+ create mode 100644 hw/remote/iohub.c
+diff --git a/MAINTAINERS b/MAINTAINERS
+index XXXXXXX..XXXXXXX 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -XXX,XX +XXX,XX @@ F: hw/remote/proxy.c
+ F: include/hw/remote/proxy.h
+ F: hw/remote/proxy-memory-listener.c
+ F: include/hw/remote/proxy-memory-listener.h
++F: hw/remote/iohub.c
++F: include/hw/remote/iohub.h
+ Build and test automation
+ -------------------------
+diff --git a/include/hw/pci/pci_ids.h b/include/hw/pci/pci_ids.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/hw/pci/pci_ids.h
++++ b/include/hw/pci/pci_ids.h
+@@ -XXX,XX +XXX,XX @@
+ #define PCI_DEVICE_ID_SUN_SIMBA          0x5000
+ #define PCI_DEVICE_ID_SUN_SABRE          0xa000
++#define PCI_VENDOR_ID_ORACLE             0x108e
++#define PCI_DEVICE_ID_REMOTE_IOHUB       0xb000
++
+ #define PCI_VENDOR_ID_CMD                0x1095
+ #define PCI_DEVICE_ID_CMD_646            0x0646
+diff --git a/include/hw/remote/iohub.h b/include/hw/remote/iohub.h
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/include/hw/remote/iohub.h
+@@ -XXX,XX +XXX,XX @@
++/*
++ * IO Hub for remote device
++ *
++ * Copyright © 2018, 2021 Oracle and/or its affiliates.
++ *
++ * This work is licensed under the terms of the GNU GPL, version 2 or later.
++ * See the COPYING file in the top-level directory.
++ *
++ */
++
++#ifndef REMOTE_IOHUB_H
++#define REMOTE_IOHUB_H
++
++#include "hw/pci/pci.h"
++#include "qemu/event_notifier.h"
++#include "qemu/thread-posix.h"
++#include "hw/remote/mpqemu-link.h"
++
++#define REMOTE_IOHUB_NB_PIRQS    PCI_DEVFN_MAX
++
++typedef struct ResampleToken {
++    void *iohub;
++    int pirq;
++} ResampleToken;
++
++typedef struct RemoteIOHubState {
++    PCIDevice d;
++    EventNotifier irqfds[REMOTE_IOHUB_NB_PIRQS];
++    EventNotifier resamplefds[REMOTE_IOHUB_NB_PIRQS];
++    unsigned int irq_level[REMOTE_IOHUB_NB_PIRQS];
++    ResampleToken token[REMOTE_IOHUB_NB_PIRQS];
++    QemuMutex irq_level_lock[REMOTE_IOHUB_NB_PIRQS];
++} RemoteIOHubState;
++
++int remote_iohub_map_irq(PCIDevice *pci_dev, int intx);
++void remote_iohub_set_irq(void *opaque, int pirq, int level);
++void process_set_irqfd_msg(PCIDevice *pci_dev, MPQemuMsg *msg);
++
++void remote_iohub_init(RemoteIOHubState *iohub);
++void remote_iohub_finalize(RemoteIOHubState *iohub);
++
++#endif
+diff --git a/include/hw/remote/machine.h b/include/hw/remote/machine.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/hw/remote/machine.h
++++ b/include/hw/remote/machine.h
+@@ -XXX,XX +XXX,XX @@
+ #include "hw/boards.h"
+ #include "hw/pci-host/remote.h"
+ #include "io/channel.h"
++#include "hw/remote/iohub.h"
+ struct RemoteMachineState {
+     MachineState parent_obj;
+     RemotePCIHost *host;
++    RemoteIOHubState iohub;
+ };
+ /* Used to pass to co-routine device and ioc. */
+diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/hw/remote/mpqemu-link.h
++++ b/include/hw/remote/mpqemu-link.h
+@@ -XXX,XX +XXX,XX @@ typedef enum {
+     MPQEMU_CMD_PCI_CFGREAD,
+     MPQEMU_CMD_BAR_WRITE,
+     MPQEMU_CMD_BAR_READ,
++    MPQEMU_CMD_SET_IRQFD,
+     MPQEMU_CMD_MAX,
+ } MPQemuCmd;
+diff --git a/include/hw/remote/proxy.h b/include/hw/remote/proxy.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/hw/remote/proxy.h
++++ b/include/hw/remote/proxy.h
+@@ -XXX,XX +XXX,XX @@
+ #include "hw/pci/pci.h"
+ #include "io/channel.h"
+ #include "hw/remote/proxy-memory-listener.h"
++#include "qemu/event_notifier.h"
+ #define TYPE_PCI_PROXY_DEV "x-pci-proxy-dev"
+ OBJECT_DECLARE_SIMPLE_TYPE(PCIProxyDev, PCI_PROXY_DEV)
+@@ -XXX,XX +XXX,XX @@ struct PCIProxyDev {
+     QIOChannel *ioc;
+     Error *migration_blocker;
+     ProxyMemoryListener proxy_listener;
++    int virq;
++    EventNotifier intr;
++    EventNotifier resample;
+     ProxyMemoryRegion region[PCI_NUM_REGIONS];
+ };
+diff --git a/hw/remote/iohub.c b/hw/remote/iohub.c
+new file mode 100644
+index XXXXXXX..XXXXXXX
+--- /dev/null
++++ b/hw/remote/iohub.c
+@@ -XXX,XX +XXX,XX @@
++/*
++ * Remote IO Hub
++ *
++ * Copyright © 2018, 2021 Oracle and/or its affiliates.
++ *
++ * This work is licensed under the terms of the GNU GPL, version 2 or later.
++ * See the COPYING file in the top-level directory.
++ *
++ */
++
++#include "qemu/osdep.h"
++#include "qemu-common.h"
++
++#include "hw/pci/pci.h"
++#include "hw/pci/pci_ids.h"
++#include "hw/pci/pci_bus.h"
++#include "qemu/thread.h"
++#include "hw/boards.h"
++#include "hw/remote/machine.h"
++#include "hw/remote/iohub.h"
++#include "qemu/main-loop.h"
++
++void remote_iohub_init(RemoteIOHubState *iohub)
++{
++    int pirq;
++
++    memset(&iohub->irqfds, 0, sizeof(iohub->irqfds));
++    memset(&iohub->resamplefds, 0, sizeof(iohub->resamplefds));
++
++    for (pirq = 0; pirq < REMOTE_IOHUB_NB_PIRQS; pirq++) {
++        qemu_mutex_init(&iohub->irq_level_lock[pirq]);
++        iohub->irq_level[pirq] = 0;
++        event_notifier_init_fd(&iohub->irqfds[pirq], -1);
++        event_notifier_init_fd(&iohub->resamplefds[pirq], -1);
++    }
++}
++
++void remote_iohub_finalize(RemoteIOHubState *iohub)
++{
++    int pirq;
++
++    for (pirq = 0; pirq < REMOTE_IOHUB_NB_PIRQS; pirq++) {
++        qemu_set_fd_handler(event_notifier_get_fd(&iohub->resamplefds[pirq]),
++                            NULL, NULL, NULL);
++        event_notifier_cleanup(&iohub->irqfds[pirq]);
++        event_notifier_cleanup(&iohub->resamplefds[pirq]);
++        qemu_mutex_destroy(&iohub->irq_level_lock[pirq]);
++    }
++}
++
++int remote_iohub_map_irq(PCIDevice *pci_dev, int intx)
++{
++    return pci_dev->devfn;
++}
++
++void remote_iohub_set_irq(void *opaque, int pirq, int level)
++{
++    RemoteIOHubState *iohub = opaque;
++
++    assert(pirq >= 0);
++    assert(pirq < PCI_DEVFN_MAX);
++
++    QEMU_LOCK_GUARD(&iohub->irq_level_lock[pirq]);
++
++    if (level) {
++        if (++iohub->irq_level[pirq] == 1) {
++            event_notifier_set(&iohub->irqfds[pirq]);
++        }
++    } else if (iohub->irq_level[pirq] > 0) {
++        iohub->irq_level[pirq]--;
++    }
++}
++
++static void intr_resample_handler(void *opaque)
++{
++    ResampleToken *token = opaque;
++    RemoteIOHubState *iohub = token->iohub;
++    int pirq, s;
++
++    pirq = token->pirq;
++
++    s = event_notifier_test_and_clear(&iohub->resamplefds[pirq]);
++
++    assert(s >= 0);
++
++    QEMU_LOCK_GUARD(&iohub->irq_level_lock[pirq]);
++
++    if (iohub->irq_level[pirq]) {
++        event_notifier_set(&iohub->irqfds[pirq]);
++    }
++}
++
++void process_set_irqfd_msg(PCIDevice *pci_dev, MPQemuMsg *msg)
++{
++    RemoteMachineState *machine = REMOTE_MACHINE(current_machine);
++    RemoteIOHubState *iohub = &machine->iohub;
++    int pirq, intx;
++
++    intx = pci_get_byte(pci_dev->config + PCI_INTERRUPT_PIN) - 1;
++
++    pirq = remote_iohub_map_irq(pci_dev, intx);
++
++    if (event_notifier_get_fd(&iohub->irqfds[pirq]) != -1) {
++        qemu_set_fd_handler(event_notifier_get_fd(&iohub->resamplefds[pirq]),
++                            NULL, NULL, NULL);
++        event_notifier_cleanup(&iohub->irqfds[pirq]);
++        event_notifier_cleanup(&iohub->resamplefds[pirq]);
++        memset(&iohub->token[pirq], 0, sizeof(ResampleToken));
++    }
++
++    event_notifier_init_fd(&iohub->irqfds[pirq], msg->fds[0]);
++    event_notifier_init_fd(&iohub->resamplefds[pirq], msg->fds[1]);
++
++    iohub->token[pirq].iohub = iohub;
++    iohub->token[pirq].pirq = pirq;
++
++    qemu_set_fd_handler(msg->fds[1], intr_resample_handler, NULL,
++                        &iohub->token[pirq]);
++}
+diff --git a/hw/remote/machine.c b/hw/remote/machine.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/remote/machine.c
++++ b/hw/remote/machine.c
+@@ -XXX,XX +XXX,XX @@
+ #include "exec/address-spaces.h"
+ #include "exec/memory.h"
+ #include "qapi/error.h"
++#include "hw/pci/pci_host.h"
++#include "hw/remote/iohub.h"
+ static void remote_machine_init(MachineState *machine)
+ {
+     MemoryRegion *system_memory, *system_io, *pci_memory;
+     RemoteMachineState *s = REMOTE_MACHINE(machine);
+     RemotePCIHost *rem_host;
++    PCIHostState *pci_host;
+     system_memory = get_system_memory();
+     system_io = get_system_io();
+@@ -XXX,XX +XXX,XX @@ static void remote_machine_init(MachineState *machine)
+     memory_region_add_subregion_overlap(system_memory, 0x0, pci_memory, -1);
+     qdev_realize(DEVICE(rem_host), sysbus_get_default(), &error_fatal);
++
++    pci_host = PCI_HOST_BRIDGE(rem_host);
++
++    remote_iohub_init(&s->iohub);
++
++    pci_bus_irqs(pci_host->bus, remote_iohub_set_irq, remote_iohub_map_irq,
++                 &s->iohub, REMOTE_IOHUB_NB_PIRQS);
+ }
+ static void remote_machine_class_init(ObjectClass *oc, void *data)
+diff --git a/hw/remote/message.c b/hw/remote/message.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/remote/message.c
++++ b/hw/remote/message.c
+@@ -XXX,XX +XXX,XX @@
+ #include "hw/pci/pci.h"
+ #include "exec/memattrs.h"
+ #include "hw/remote/memory.h"
++#include "hw/remote/iohub.h"
+ static void process_config_write(QIOChannel *ioc, PCIDevice *dev,
+                                  MPQemuMsg *msg, Error **errp);
+@@ -XXX,XX +XXX,XX @@ void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
+         case MPQEMU_CMD_SYNC_SYSMEM:
+             remote_sysmem_reconfig(&msg, &local_err);
+             break;
++        case MPQEMU_CMD_SET_IRQFD:
++            process_set_irqfd_msg(pci_dev, &msg);
++            break;
+         default:
+             error_setg(&local_err,
+                        "Unknown command (%d) received for device %s"
+diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/remote/mpqemu-link.c
++++ b/hw/remote/mpqemu-link.c
+@@ -XXX,XX +XXX,XX @@ bool mpqemu_msg_valid(MPQemuMsg *msg)
+             return false;
+         }
+         break;
++    case MPQEMU_CMD_SET_IRQFD:
++        if (msg->size || (msg->num_fds != 2)) {
++            return false;
++        }
++        break;
+     default:
+         break;
+     }
+diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/remote/proxy.c
++++ b/hw/remote/proxy.c
+@@ -XXX,XX +XXX,XX @@
+ #include "qemu/error-report.h"
+ #include "hw/remote/proxy-memory-listener.h"
+ #include "qom/object.h"
++#include "qemu/event_notifier.h"
++#include "sysemu/kvm.h"
++#include "util/event_notifier-posix.c"
++
++static void proxy_intx_update(PCIDevice *pci_dev)
++{
++    PCIProxyDev *dev = PCI_PROXY_DEV(pci_dev);
++    PCIINTxRoute route;
++    int pin = pci_get_byte(pci_dev->config + PCI_INTERRUPT_PIN) - 1;
++
++    if (dev->virq != -1) {
++        kvm_irqchip_remove_irqfd_notifier_gsi(kvm_state, &dev->intr, dev->virq);
++        dev->virq = -1;
++    }
++
++    route = pci_device_route_intx_to_irq(pci_dev, pin);
++
++    dev->virq = route.irq;
++
++    if (dev->virq != -1) {
++        kvm_irqchip_add_irqfd_notifier_gsi(kvm_state, &dev->intr,
++                                           &dev->resample, dev->virq);
++    }
++}
++
++static void setup_irqfd(PCIProxyDev *dev)
++{
++    PCIDevice *pci_dev = PCI_DEVICE(dev);
++    MPQemuMsg msg;
++    Error *local_err = NULL;
++
++    event_notifier_init(&dev->intr, 0);
++    event_notifier_init(&dev->resample, 0);
++
++    memset(&msg, 0, sizeof(MPQemuMsg));
++    msg.cmd = MPQEMU_CMD_SET_IRQFD;
++    msg.num_fds = 2;
++    msg.fds[0] = event_notifier_get_fd(&dev->intr);
++    msg.fds[1] = event_notifier_get_fd(&dev->resample);
++    msg.size = 0;
++
++    if (!mpqemu_msg_send(&msg, dev->ioc, &local_err)) {
++        error_report_err(local_err);
++    }
++
++    dev->virq = -1;
++
++    proxy_intx_update(pci_dev);
++
++    pci_device_set_intx_routing_notifier(pci_dev, proxy_intx_update);
++}
+ static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
+ {
+@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
+     qio_channel_set_blocking(dev->ioc, true, NULL);
+     proxy_memory_listener_configure(&dev->proxy_listener, dev->ioc);
++
++    setup_irqfd(dev);
+ }
+ static void pci_proxy_dev_exit(PCIDevice *pdev)
+@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_exit(PCIDevice *pdev)
+     error_free(dev->migration_blocker);
+     proxy_memory_listener_deconfigure(&dev->proxy_listener);
++
++    event_notifier_cleanup(&dev->intr);
++    event_notifier_cleanup(&dev->resample);
+ }
+ static void config_op_send(PCIProxyDev *pdev, uint32_t addr, uint32_t *val,
+diff --git a/hw/remote/meson.build b/hw/remote/meson.build
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/remote/meson.build
++++ b/hw/remote/meson.build
+@@ -XXX,XX +XXX,XX @@ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('mpqemu-link.c'))
+ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('message.c'))
+ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('remote-obj.c'))
+ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('proxy.c'))
++remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('iohub.c'))
+ specific_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('memory.c'))
+ specific_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('proxy-memory-listener.c'))
+--
+.29.2

-New patch
+[PULL v3 25/27] multi-process: Retrieve PCI info from remote process
+From: Jagannathan Raman <jag.raman@oracle.com>
+Retrieve PCI configuration info about the remote device and
+configure the Proxy PCI object based on the returned information
+Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
+Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-id: 85ee367bbb993aa23699b44cfedd83b4ea6d5221.1611938319.git.jag.raman@oracle.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ hw/remote/proxy.c | 84 +++++++++++++++++++++++++++++++++++++++++++++++
+file changed, 84 insertions(+)
+diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/remote/proxy.c
++++ b/hw/remote/proxy.c
+@@ -XXX,XX +XXX,XX @@
+ #include "sysemu/kvm.h"
+ #include "util/event_notifier-posix.c"
++static void probe_pci_info(PCIDevice *dev, Error **errp);
++
+ static void proxy_intx_update(PCIDevice *pci_dev)
+ {
+     PCIProxyDev *dev = PCI_PROXY_DEV(pci_dev);
+@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
+ {
+     ERRP_GUARD();
+     PCIProxyDev *dev = PCI_PROXY_DEV(device);
++    uint8_t *pci_conf = device->config;
+     int fd;
+     if (!dev->fd) {
+@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
+     qemu_mutex_init(&dev->io_mutex);
+     qio_channel_set_blocking(dev->ioc, true, NULL);
++    pci_conf[PCI_LATENCY_TIMER] = 0xff;
++    pci_conf[PCI_INTERRUPT_PIN] = 0x01;
++
+     proxy_memory_listener_configure(&dev->proxy_listener, dev->ioc);
+     setup_irqfd(dev);
++
++    probe_pci_info(PCI_DEVICE(dev), errp);
+ }
+ static void pci_proxy_dev_exit(PCIDevice *pdev)
+@@ -XXX,XX +XXX,XX @@ const MemoryRegionOps proxy_mr_ops = {
+         .max_access_size = 8,
+     },
+ };
++
++static void probe_pci_info(PCIDevice *dev, Error **errp)
++{
++    PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
++    uint32_t orig_val, new_val, base_class, val;
++    PCIProxyDev *pdev = PCI_PROXY_DEV(dev);
++    DeviceClass *dc = DEVICE_CLASS(pc);
++    uint8_t type;
++    int i, size;
++
++    config_op_send(pdev, PCI_VENDOR_ID, &val, 2, MPQEMU_CMD_PCI_CFGREAD);
++    pc->vendor_id = (uint16_t)val;
++
++    config_op_send(pdev, PCI_DEVICE_ID, &val, 2, MPQEMU_CMD_PCI_CFGREAD);
++    pc->device_id = (uint16_t)val;
++
++    config_op_send(pdev, PCI_CLASS_DEVICE, &val, 2, MPQEMU_CMD_PCI_CFGREAD);
++    pc->class_id = (uint16_t)val;
++
++    config_op_send(pdev, PCI_SUBSYSTEM_ID, &val, 2, MPQEMU_CMD_PCI_CFGREAD);
++    pc->subsystem_id = (uint16_t)val;
++
++    base_class = pc->class_id >> 4;
++    switch (base_class) {
++    case PCI_BASE_CLASS_BRIDGE:
++        set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
++        break;
++    case PCI_BASE_CLASS_STORAGE:
++        set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
++        break;
++    case PCI_BASE_CLASS_NETWORK:
++        set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
++        break;
++    case PCI_BASE_CLASS_INPUT:
++        set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
++        break;
++    case PCI_BASE_CLASS_DISPLAY:
++        set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
++        break;
++    case PCI_BASE_CLASS_PROCESSOR:
++        set_bit(DEVICE_CATEGORY_CPU, dc->categories);
++        break;
++    default:
++        set_bit(DEVICE_CATEGORY_MISC, dc->categories);
++        break;
++    }
++
++    for (i = 0; i < PCI_NUM_REGIONS; i++) {
++        config_op_send(pdev, PCI_BASE_ADDRESS_0 + (4 * i), &orig_val, 4,
++                       MPQEMU_CMD_PCI_CFGREAD);
++        new_val = 0xffffffff;
++        config_op_send(pdev, PCI_BASE_ADDRESS_0 + (4 * i), &new_val, 4,
++                       MPQEMU_CMD_PCI_CFGWRITE);
++        config_op_send(pdev, PCI_BASE_ADDRESS_0 + (4 * i), &new_val, 4,
++                       MPQEMU_CMD_PCI_CFGREAD);
++        size = (~(new_val & 0xFFFFFFF0)) + 1;
++        config_op_send(pdev, PCI_BASE_ADDRESS_0 + (4 * i), &orig_val, 4,
++                       MPQEMU_CMD_PCI_CFGWRITE);
++        type = (new_val & 0x1) ?
++                   PCI_BASE_ADDRESS_SPACE_IO : PCI_BASE_ADDRESS_SPACE_MEMORY;
++
++        if (size) {
++            g_autofree char *name;
++            pdev->region[i].dev = pdev;
++            pdev->region[i].present = true;
++            if (type == PCI_BASE_ADDRESS_SPACE_MEMORY) {
++                pdev->region[i].memory = true;
++            }
++            name = g_strdup_printf("bar-region-%d", i);
++            memory_region_init_io(&pdev->region[i].mr, OBJECT(pdev),
++                                  &proxy_mr_ops, &pdev->region[i],
++                                  name, size);
++            pci_register_bar(dev, i, type, &pdev->region[i].mr);
++        }
++    }
++}
+--
+.29.2

-New patch
+[PULL v3 26/27] multi-process: perform device reset in the remote process
+From: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Perform device reset in the remote process when QEMU performs
+device reset. This is required to reset the internal state
+(like registers, etc...) of emulated devices
+Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
+Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
+Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-id: 7cb220a51f565dc0817bd76e2f540e89c2d2b850.1611938319.git.jag.raman@oracle.com
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ include/hw/remote/mpqemu-link.h |  1 +
+ hw/remote/message.c             | 22 ++++++++++++++++++++++
+ hw/remote/proxy.c               | 19 +++++++++++++++++++
+files changed, 42 insertions(+)
+diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
+index XXXXXXX..XXXXXXX 100644
+--- a/include/hw/remote/mpqemu-link.h
++++ b/include/hw/remote/mpqemu-link.h
+@@ -XXX,XX +XXX,XX @@ typedef enum {
+     MPQEMU_CMD_BAR_WRITE,
+     MPQEMU_CMD_BAR_READ,
+     MPQEMU_CMD_SET_IRQFD,
++    MPQEMU_CMD_DEVICE_RESET,
+     MPQEMU_CMD_MAX,
+ } MPQemuCmd;
+diff --git a/hw/remote/message.c b/hw/remote/message.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/remote/message.c
++++ b/hw/remote/message.c
+@@ -XXX,XX +XXX,XX @@
+ #include "exec/memattrs.h"
+ #include "hw/remote/memory.h"
+ #include "hw/remote/iohub.h"
++#include "sysemu/reset.h"
+ static void process_config_write(QIOChannel *ioc, PCIDevice *dev,
+                                  MPQemuMsg *msg, Error **errp);
+@@ -XXX,XX +XXX,XX @@ static void process_config_read(QIOChannel *ioc, PCIDevice *dev,
+                                 MPQemuMsg *msg, Error **errp);
+ static void process_bar_write(QIOChannel *ioc, MPQemuMsg *msg, Error **errp);
+ static void process_bar_read(QIOChannel *ioc, MPQemuMsg *msg, Error **errp);
++static void process_device_reset_msg(QIOChannel *ioc, PCIDevice *dev,
++                                     Error **errp);
+ void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
+ {
+@@ -XXX,XX +XXX,XX @@ void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
+         case MPQEMU_CMD_SET_IRQFD:
+             process_set_irqfd_msg(pci_dev, &msg);
+             break;
++        case MPQEMU_CMD_DEVICE_RESET:
++            process_device_reset_msg(com->ioc, pci_dev, &local_err);
++            break;
+         default:
+             error_setg(&local_err,
+                        "Unknown command (%d) received for device %s"
+@@ -XXX,XX +XXX,XX @@ fail:
+                       getpid());
+     }
+ }
++
++static void process_device_reset_msg(QIOChannel *ioc, PCIDevice *dev,
++                                     Error **errp)
++{
++    DeviceClass *dc = DEVICE_GET_CLASS(dev);
++    DeviceState *s = DEVICE(dev);
++    MPQemuMsg ret = { 0 };
++
++    if (dc->reset) {
++        dc->reset(s);
++    }
++
++    ret.cmd = MPQEMU_CMD_RET;
++
++    mpqemu_msg_send(&ret, ioc, errp);
++}
+diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
+index XXXXXXX..XXXXXXX 100644
+--- a/hw/remote/proxy.c
++++ b/hw/remote/proxy.c
+@@ -XXX,XX +XXX,XX @@
+ #include "util/event_notifier-posix.c"
+ static void probe_pci_info(PCIDevice *dev, Error **errp);
++static void proxy_device_reset(DeviceState *dev);
+ static void proxy_intx_update(PCIDevice *pci_dev)
+ {
+@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_class_init(ObjectClass *klass, void *data)
+     k->config_read = pci_proxy_read_config;
+     k->config_write = pci_proxy_write_config;
++    dc->reset = proxy_device_reset;
++
+     device_class_set_props(dc, proxy_properties);
+ }
+@@ -XXX,XX +XXX,XX @@ static void probe_pci_info(PCIDevice *dev, Error **errp)
+         }
+     }
+ }
++
++static void proxy_device_reset(DeviceState *dev)
++{
++    PCIProxyDev *pdev = PCI_PROXY_DEV(dev);
++    MPQemuMsg msg = { 0 };
++    Error *local_err = NULL;
++
++    msg.cmd = MPQEMU_CMD_DEVICE_RESET;
++    msg.size = 0;
++
++    mpqemu_msg_send_and_await_reply(&msg, pdev, &local_err);
++    if (local_err) {
++        error_report_err(local_err);
++    }
++
++}
+--
+.29.2

-New patch
+[PULL v3 27/27] docs: fix Parallels Image "dirty bitmap" section
+From: "Denis V. Lunev" <den@openvz.org>
+Original specification says that l1 table size if 64 * l1_size, which
+is obviously wrong. The size of the l1 entry is 64 _bits_, not bytes.
+Thus 64 is to be replaces with 8 as specification says about bytes.
+There is also minor tweak, field name is renamed from l1 to l1_table,
+which matches with the later text.
+Signed-off-by: Denis V. Lunev <den@openvz.org>
+Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+Message-id: 20210128171313.2210947-1-den@openvz.org
+CC: Stefan Hajnoczi <stefanha@redhat.com>
+CC: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
+[Replace the original commit message "docs: fix mistake in dirty bitmap
+feature description" as suggested by Eric Blake.
+--Stefan]
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+---
+ docs/interop/parallels.txt | 2 +-
+file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/docs/interop/parallels.txt b/docs/interop/parallels.txt
+index XXXXXXX..XXXXXXX 100644
+--- a/docs/interop/parallels.txt
++++ b/docs/interop/parallels.txt
+@@ -XXX,XX +XXX,XX @@ of its data area are:
+- 31:    l1_size
+               The number of entries in the L1 table of the bitmap.
+-  variable:   l1 (64 * l1_size bytes)
++  variable:   l1_table (8 * l1_size bytes)
+               L1 offset table (in bytes)
+ A dirty bitmap is stored using a one-level structure for the mapping to host
+--
+.29.2

The following changes since commit ca4e667dbf431d4a2a5a619cde79d30dd2ac3eb2:

Merge remote-tracking branch 'remotes/kraxel/tags/usb-20170717-pull-request' into staging (2017-07-17 17:54:17 +0100)

are available in the git repository at:

git://github.com/codyprime/qemu-kvm-jtc.git tags/block-pull-request

for you to fetch changes up to 8508eee740c78d1465e25dad7c3e06137485dfbc:

live-block-ops.txt: Rename, rewrite, and improve it (2017-07-18 00:11:01 -0400)

----------------------------------------------------------------
Block patches (documentation)
----------------------------------------------------------------

Kashyap Chamarthy (2):
  bitmaps.md: Convert to rST; move it into 'interop' dir
  live-block-ops.txt: Rename, rewrite, and improve it

docs/devel/bitmaps.md                  |  505 ---------------
 docs/interop/bitmaps.rst               |  555 ++++++++++++++++
 docs/interop/live-block-operations.rst | 1088 ++++++++++++++++++++++++++++++++
 docs/live-block-ops.txt                |   72 ---
 4 files changed, 1643 insertions(+), 577 deletions(-)
 delete mode 100644 docs/devel/bitmaps.md
 create mode 100644 docs/interop/bitmaps.rst
 create mode 100644 docs/interop/live-block-operations.rst
 delete mode 100644 docs/live-block-ops.txt

-- 
2.9.4

From: Kashyap Chamarthy <kchamart@redhat.com>

This is part of the on-going effort to convert QEMU upstream
documentation syntax to reStructuredText (rST).

The conversion to rST was done using:

$ pandoc -f markdown -t rst bitmaps.md -o bitmaps.rst

Then, make a couple of small syntactical adjustments.  While at it,
reword a statement to avoid ambiguity.  Addressing the feedback from
this thread:

https://lists.nongnu.org/archive/html/qemu-devel/2017-06/msg05428.html

Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20170717105205.32639-2-kchamart@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
 docs/devel/bitmaps.md    | 505 ------------------------------------------
 docs/interop/bitmaps.rst | 555 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 555 insertions(+), 505 deletions(-)
 delete mode 100644 docs/devel/bitmaps.md
 create mode 100644 docs/interop/bitmaps.rst

diff --git a/docs/devel/bitmaps.md b/docs/devel/bitmaps.md
deleted file mode 100644
index XXXXXXX..XXXXXXX
--- a/docs/devel/bitmaps.md
+++ /dev/null
@@ -XXX,XX +XXX,XX @@
-
-
-# Dirty Bitmaps and Incremental Backup
-
-* Dirty Bitmaps are objects that track which data needs to be backed up for the
-  next incremental backup.
-
-* Dirty bitmaps can be created at any time and attached to any node
-  (not just complete drives.)
-
-## Dirty Bitmap Names
-
-* A dirty bitmap's name is unique to the node, but bitmaps attached to different
-  nodes can share the same name.
-
-* Dirty bitmaps created for internal use by QEMU may be anonymous and have no
-  name, but any user-created bitmaps may not be. There can be any number of
-  anonymous bitmaps per node.
-
-* The name of a user-created bitmap must not be empty ("").
-
-## Bitmap Modes
-
-* A Bitmap can be "frozen," which means that it is currently in-use by a backup
-  operation and cannot be deleted, renamed, written to, reset,
-  etc.
-
-* The normal operating mode for a bitmap is "active."
-
-## Basic QMP Usage
-
-### Supported Commands ###
-
-* block-dirty-bitmap-add
-* block-dirty-bitmap-remove
-* block-dirty-bitmap-clear
-
-### Creation
-
-* To create a new bitmap, enabled, on the drive with id=drive0:
-
-```json
-{ "execute": "block-dirty-bitmap-add",
-  "arguments": {
-    "node": "drive0",
-    "name": "bitmap0"
-  }
-}
-```
-
-* This bitmap will have a default granularity that matches the cluster size of
-  its associated drive, if available, clamped to between [4KiB, 64KiB].
-  The current default for qcow2 is 64KiB.
-
-* To create a new bitmap that tracks changes in 32KiB segments:
-
-```json
-{ "execute": "block-dirty-bitmap-add",
-  "arguments": {
-    "node": "drive0",
-    "name": "bitmap0",
-    "granularity": 32768
-  }
-}
-```
-
-### Deletion
-
-* Bitmaps that are frozen cannot be deleted.
-
-* Deleting the bitmap does not impact any other bitmaps attached to the same
-  node, nor does it affect any backups already created from this node.
-
-* Because bitmaps are only unique to the node to which they are attached,
-  you must specify the node/drive name here, too.
-
-```json
-{ "execute": "block-dirty-bitmap-remove",
-  "arguments": {
-    "node": "drive0",
-    "name": "bitmap0"
-  }
-}
-```
-
-### Resetting
-
-* Resetting a bitmap will clear all information it holds.
-
-* An incremental backup created from an empty bitmap will copy no data,
-  as if nothing has changed.
-
-```json
-{ "execute": "block-dirty-bitmap-clear",
-  "arguments": {
-    "node": "drive0",
-    "name": "bitmap0"
-  }
-}
-```
-
-## Transactions
-
-### Justification
-
-Bitmaps can be safely modified when the VM is paused or halted by using
-the basic QMP commands. For instance, you might perform the following actions:
-
-1. Boot the VM in a paused state.
-2. Create a full drive backup of drive0.
-3. Create a new bitmap attached to drive0.
-4. Resume execution of the VM.
-5. Incremental backups are ready to be created.
-
-At this point, the bitmap and drive backup would be correctly in sync,
-and incremental backups made from this point forward would be correctly aligned
-to the full drive backup.
-
-This is not particularly useful if we decide we want to start incremental
-backups after the VM has been running for a while, for which we will need to
-perform actions such as the following:
-
-1. Boot the VM and begin execution.
-2. Using a single transaction, perform the following operations:
-    * Create bitmap0.
-    * Create a full drive backup of drive0.
-3. Incremental backups are now ready to be created.
-
-### Supported Bitmap Transactions
-
-* block-dirty-bitmap-add
-* block-dirty-bitmap-clear
-
-The usages are identical to their respective QMP commands, but see below
-for examples.
-
-### Example: New Incremental Backup
-
-As outlined in the justification, perhaps we want to create a new incremental
-backup chain attached to a drive.
-
-```json
-{ "execute": "transaction",
-  "arguments": {
-    "actions": [
-      {"type": "block-dirty-bitmap-add",
-       "data": {"node": "drive0", "name": "bitmap0"} },
-      {"type": "drive-backup",
-       "data": {"device": "drive0", "target": "/path/to/full_backup.img",
-                "sync": "full", "format": "qcow2"} }
-    ]
-  }
-}
-```
-
-### Example: New Incremental Backup Anchor Point
-
-Maybe we just want to create a new full backup with an existing bitmap and
-want to reset the bitmap to track the new chain.
-
-```json
-{ "execute": "transaction",
-  "arguments": {
-    "actions": [
-      {"type": "block-dirty-bitmap-clear",
-       "data": {"node": "drive0", "name": "bitmap0"} },
-      {"type": "drive-backup",
-       "data": {"device": "drive0", "target": "/path/to/new_full_backup.img",
-                "sync": "full", "format": "qcow2"} }
-    ]
-  }
-}
-```
-
-## Incremental Backups
-
-The star of the show.
-
-**Nota Bene!** Only incremental backups of entire drives are supported for now.
-So despite the fact that you can attach a bitmap to any arbitrary node, they are
-only currently useful when attached to the root node. This is because
-drive-backup only supports drives/devices instead of arbitrary nodes.
-
-### Example: First Incremental Backup
-
-1. Create a full backup and sync it to the dirty bitmap, as in the transactional
-examples above; or with the VM offline, manually create a full copy and then
-create a new bitmap before the VM begins execution.
-
-    * Let's assume the full backup is named 'full_backup.img'.
-    * Let's assume the bitmap you created is 'bitmap0' attached to 'drive0'.
-
-2. Create a destination image for the incremental backup that utilizes the
-full backup as a backing image.
-
-    * Let's assume it is named 'incremental.0.img'.
-
-    ```sh
-    # qemu-img create -f qcow2 incremental.0.img -b full_backup.img -F qcow2
-    ```
-
-3. Issue the incremental backup command:
-
-    ```json
-    { "execute": "drive-backup",
-      "arguments": {
-        "device": "drive0",
-        "bitmap": "bitmap0",
-        "target": "incremental.0.img",
-        "format": "qcow2",
-        "sync": "incremental",
-        "mode": "existing"
-      }
-    }
-    ```
-
-### Example: Second Incremental Backup
-
-1. Create a new destination image for the incremental backup that points to the
-   previous one, e.g.: 'incremental.1.img'
-
-    ```sh
-    # qemu-img create -f qcow2 incremental.1.img -b incremental.0.img -F qcow2
-    ```
-
-2. Issue a new incremental backup command. The only difference here is that we
-   have changed the target image below.
-
-    ```json
-    { "execute": "drive-backup",
-      "arguments": {
-        "device": "drive0",
-        "bitmap": "bitmap0",
-        "target": "incremental.1.img",
-        "format": "qcow2",
-        "sync": "incremental",
-        "mode": "existing"
-      }
-    }
-    ```
-
-## Errors
-
-* In the event of an error that occurs after a backup job is successfully
-  launched, either by a direct QMP command or a QMP transaction, the user
-  will receive a BLOCK_JOB_COMPLETE event with a failure message, accompanied
-  by a BLOCK_JOB_ERROR event.
-
-* In the case of an event being cancelled, the user will receive a
-  BLOCK_JOB_CANCELLED event instead of a pair of COMPLETE and ERROR events.
-
-* In either case, the incremental backup data contained within the bitmap is
-  safely rolled back, and the data within the bitmap is not lost. The image
-  file created for the failed attempt can be safely deleted.
-
-* Once the underlying problem is fixed (e.g. more storage space is freed up),
-  you can simply retry the incremental backup command with the same bitmap.
-
-### Example
-
-1. Create a target image:
-
-    ```sh
-    # qemu-img create -f qcow2 incremental.0.img -b full_backup.img -F qcow2
-    ```
-
-2. Attempt to create an incremental backup via QMP:
-
-    ```json
-    { "execute": "drive-backup",
-      "arguments": {
-        "device": "drive0",
-        "bitmap": "bitmap0",
-        "target": "incremental.0.img",
-        "format": "qcow2",
-        "sync": "incremental",
-        "mode": "existing"
-      }
-    }
-    ```
-
-3. Receive an event notifying us of failure:
-
-    ```json
-    { "timestamp": { "seconds": 1424709442, "microseconds": 844524 },
-      "data": { "speed": 0, "offset": 0, "len": 67108864,
-                "error": "No space left on device",
-                "device": "drive1", "type": "backup" },
-      "event": "BLOCK_JOB_COMPLETED" }
-    ```
-
-4. Delete the failed incremental, and re-create the image.
-
-    ```sh
-    # rm incremental.0.img
-    # qemu-img create -f qcow2 incremental.0.img -b full_backup.img -F qcow2
-    ```
-
-5. Retry the command after fixing the underlying problem,
-   such as freeing up space on the backup volume:
-
-    ```json
-    { "execute": "drive-backup",
-      "arguments": {
-        "device": "drive0",
-        "bitmap": "bitmap0",
-        "target": "incremental.0.img",
-        "format": "qcow2",
-        "sync": "incremental",
-        "mode": "existing"
-      }
-    }
-    ```
-
-6. Receive confirmation that the job completed successfully:
-
-    ```json
-    { "timestamp": { "seconds": 1424709668, "microseconds": 526525 },
-      "data": { "device": "drive1", "type": "backup",
-                "speed": 0, "len": 67108864, "offset": 67108864},
-      "event": "BLOCK_JOB_COMPLETED" }
-    ```
-
-### Partial Transactional Failures
-
-* Sometimes, a transaction will succeed in launching and return success,
-  but then later the backup jobs themselves may fail. It is possible that
-  a management application may have to deal with a partial backup failure
-  after a successful transaction.
-
-* If multiple backup jobs are specified in a single transaction, when one of
-  them fails, it will not interact with the other backup jobs in any way.
-
-* The job(s) that succeeded will clear the dirty bitmap associated with the
-  operation, but the job(s) that failed will not. It is not "safe" to delete
-  any incremental backups that were created successfully in this scenario,
-  even though others failed.
-
-#### Example
-
-* QMP example highlighting two backup jobs:
-
-    ```json
-    { "execute": "transaction",
-      "arguments": {
-        "actions": [
-          { "type": "drive-backup",
-            "data": { "device": "drive0", "bitmap": "bitmap0",
-                      "format": "qcow2", "mode": "existing",
-                      "sync": "incremental", "target": "d0-incr-1.qcow2" } },
-          { "type": "drive-backup",
-            "data": { "device": "drive1", "bitmap": "bitmap1",
-                      "format": "qcow2", "mode": "existing",
-                      "sync": "incremental", "target": "d1-incr-1.qcow2" } },
-        ]
-      }
-    }
-    ```
-
-* QMP example response, highlighting one success and one failure:
-    * Acknowledgement that the Transaction was accepted and jobs were launched:
-        ```json
-        { "return": {} }
-        ```
-
-    * Later, QEMU sends notice that the first job was completed:
-        ```json
-        { "timestamp": { "seconds": 1447192343, "microseconds": 615698 },
-          "data": { "device": "drive0", "type": "backup",
-                     "speed": 0, "len": 67108864, "offset": 67108864 },
-          "event": "BLOCK_JOB_COMPLETED"
-        }
-        ```
-
-    * Later yet, QEMU sends notice that the second job has failed:
-        ```json
-        { "timestamp": { "seconds": 1447192399, "microseconds": 683015 },
-          "data": { "device": "drive1", "action": "report",
-                    "operation": "read" },
-          "event": "BLOCK_JOB_ERROR" }
-        ```
-
-        ```json
-        { "timestamp": { "seconds": 1447192399, "microseconds": 685853 },
-          "data": { "speed": 0, "offset": 0, "len": 67108864,
-                    "error": "Input/output error",
-                    "device": "drive1", "type": "backup" },
-          "event": "BLOCK_JOB_COMPLETED" }
-
-* In the above example, "d0-incr-1.qcow2" is valid and must be kept,
-  but "d1-incr-1.qcow2" is invalid and should be deleted. If a VM-wide
-  incremental backup of all drives at a point-in-time is to be made,
-  new backups for both drives will need to be made, taking into account
-  that a new incremental backup for drive0 needs to be based on top of
-  "d0-incr-1.qcow2."
-
-### Grouped Completion Mode
-
-* While jobs launched by transactions normally complete or fail on their own,
-  it is possible to instruct them to complete or fail together as a group.
-
-* QMP transactions take an optional properties structure that can affect
-  the semantics of the transaction.
-
-* The "completion-mode" transaction property can be either "individual"
-  which is the default, legacy behavior described above, or "grouped,"
-  a new behavior detailed below.
-
-* Delayed Completion: In grouped completion mode, no jobs will report
-  success until all jobs are ready to report success.
-
-* Grouped failure: If any job fails in grouped completion mode, all remaining
-  jobs will be cancelled. Any incremental backups will restore their dirty
-  bitmap objects as if no backup command was ever issued.
-
-    * Regardless of if QEMU reports a particular incremental backup job as
-      CANCELLED or as an ERROR, the in-memory bitmap will be restored.
-
-#### Example
-
-* Here's the same example scenario from above with the new property:
-
-    ```json
-    { "execute": "transaction",
-      "arguments": {
-        "actions": [
-          { "type": "drive-backup",
-            "data": { "device": "drive0", "bitmap": "bitmap0",
-                      "format": "qcow2", "mode": "existing",
-                      "sync": "incremental", "target": "d0-incr-1.qcow2" } },
-          { "type": "drive-backup",
-            "data": { "device": "drive1", "bitmap": "bitmap1",
-                      "format": "qcow2", "mode": "existing",
-                      "sync": "incremental", "target": "d1-incr-1.qcow2" } },
-        ],
-        "properties": {
-          "completion-mode": "grouped"
-        }
-      }
-    }
-    ```
-
-* QMP example response, highlighting a failure for drive2:
-    * Acknowledgement that the Transaction was accepted and jobs were launched:
-        ```json
-        { "return": {} }
-        ```
-
-    * Later, QEMU sends notice that the second job has errored out,
-      but that the first job was also cancelled:
-        ```json
-        { "timestamp": { "seconds": 1447193702, "microseconds": 632377 },
-          "data": { "device": "drive1", "action": "report",
-                    "operation": "read" },
-          "event": "BLOCK_JOB_ERROR" }
-        ```
-
-        ```json
-        { "timestamp": { "seconds": 1447193702, "microseconds": 640074 },
-          "data": { "speed": 0, "offset": 0, "len": 67108864,
-                    "error": "Input/output error",
-                    "device": "drive1", "type": "backup" },
-          "event": "BLOCK_JOB_COMPLETED" }
-        ```
-
-        ```json
-        { "timestamp": { "seconds": 1447193702, "microseconds": 640163 },
-          "data": { "device": "drive0", "type": "backup", "speed": 0,
-                    "len": 67108864, "offset": 16777216 },
-          "event": "BLOCK_JOB_CANCELLED" }
-        ```
-
-
diff --git a/docs/interop/bitmaps.rst b/docs/interop/bitmaps.rst
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/docs/interop/bitmaps.rst
@@ -XXX,XX +XXX,XX @@
+..
+   Copyright 2015 John Snow <jsnow@redhat.com> and Red Hat, Inc.
+   All rights reserved.
+
+   This file is licensed via The FreeBSD Documentation License, the full
+   text of which is included at the end of this document.
+
+====================================
+Dirty Bitmaps and Incremental Backup
+====================================
+
+-  Dirty Bitmaps are objects that track which data needs to be backed up
+   for the next incremental backup.
+
+-  Dirty bitmaps can be created at any time and attached to any node
+   (not just complete drives).
+
+.. contents::
+
+Dirty Bitmap Names
+------------------
+
+-  A dirty bitmap's name is unique to the node, but bitmaps attached to
+   different nodes can share the same name.
+
+-  Dirty bitmaps created for internal use by QEMU may be anonymous and
+   have no name, but any user-created bitmaps must have a name. There
+   can be any number of anonymous bitmaps per node.
+
+-  The name of a user-created bitmap must not be empty ("").
+
+Bitmap Modes
+------------
+
+-  A bitmap can be "frozen," which means that it is currently in-use by
+   a backup operation and cannot be deleted, renamed, written to, reset,
+   etc.
+
+-  The normal operating mode for a bitmap is "active."
+
+Basic QMP Usage
+---------------
+
+Supported Commands
+~~~~~~~~~~~~~~~~~~
+
+- ``block-dirty-bitmap-add``
+- ``block-dirty-bitmap-remove``
+- ``block-dirty-bitmap-clear``
+
+Creation
+~~~~~~~~
+
+-  To create a new bitmap, enabled, on the drive with id=drive0:
+
+.. code:: json
+
+    { "execute": "block-dirty-bitmap-add",
+      "arguments": {
+        "node": "drive0",
+        "name": "bitmap0"
+      }
+    }
+
+-  This bitmap will have a default granularity that matches the cluster
+   size of its associated drive, if available, clamped to between [4KiB,
+   64KiB]. The current default for qcow2 is 64KiB.
+
+-  To create a new bitmap that tracks changes in 32KiB segments:
+
+.. code:: json
+
+    { "execute": "block-dirty-bitmap-add",
+      "arguments": {
+        "node": "drive0",
+        "name": "bitmap0",
+        "granularity": 32768
+      }
+    }
+
+Deletion
+~~~~~~~~
+
+-  Bitmaps that are frozen cannot be deleted.
+
+-  Deleting the bitmap does not impact any other bitmaps attached to the
+   same node, nor does it affect any backups already created from this
+   node.
+
+-  Because bitmaps are only unique to the node to which they are
+   attached, you must specify the node/drive name here, too.
+
+.. code:: json
+
+    { "execute": "block-dirty-bitmap-remove",
+      "arguments": {
+        "node": "drive0",
+        "name": "bitmap0"
+      }
+    }
+
+Resetting
+~~~~~~~~~
+
+-  Resetting a bitmap will clear all information it holds.
+
+-  An incremental backup created from an empty bitmap will copy no data,
+   as if nothing has changed.
+
+.. code:: json
+
+    { "execute": "block-dirty-bitmap-clear",
+      "arguments": {
+        "node": "drive0",
+        "name": "bitmap0"
+      }
+    }
+
+Transactions
+------------
+
+Justification
+~~~~~~~~~~~~~
+
+Bitmaps can be safely modified when the VM is paused or halted by using
+the basic QMP commands. For instance, you might perform the following
+actions:
+
+1. Boot the VM in a paused state.
+2. Create a full drive backup of drive0.
+3. Create a new bitmap attached to drive0.
+4. Resume execution of the VM.
+5. Incremental backups are ready to be created.
+
+At this point, the bitmap and drive backup would be correctly in sync,
+and incremental backups made from this point forward would be correctly
+aligned to the full drive backup.
+
+This is not particularly useful if we decide we want to start
+incremental backups after the VM has been running for a while, for which
+we will need to perform actions such as the following:
+
+1. Boot the VM and begin execution.
+2. Using a single transaction, perform the following operations:
+
+   -  Create ``bitmap0``.
+   -  Create a full drive backup of ``drive0``.
+
+3. Incremental backups are now ready to be created.
+
+Supported Bitmap Transactions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  ``block-dirty-bitmap-add``
+-  ``block-dirty-bitmap-clear``
+
+The usages are identical to their respective QMP commands, but see below
+for examples.
+
+Example: New Incremental Backup
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+As outlined in the justification, perhaps we want to create a new
+incremental backup chain attached to a drive.
+
+.. code:: json
+
+    { "execute": "transaction",
+      "arguments": {
+        "actions": [
+          {"type": "block-dirty-bitmap-add",
+           "data": {"node": "drive0", "name": "bitmap0"} },
+          {"type": "drive-backup",
+           "data": {"device": "drive0", "target": "/path/to/full_backup.img",
+                    "sync": "full", "format": "qcow2"} }
+        ]
+      }
+    }
+
+Example: New Incremental Backup Anchor Point
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Maybe we just want to create a new full backup with an existing bitmap
+and want to reset the bitmap to track the new chain.
+
+.. code:: json
+
+    { "execute": "transaction",
+      "arguments": {
+        "actions": [
+          {"type": "block-dirty-bitmap-clear",
+           "data": {"node": "drive0", "name": "bitmap0"} },
+          {"type": "drive-backup",
+           "data": {"device": "drive0", "target": "/path/to/new_full_backup.img",
+                    "sync": "full", "format": "qcow2"} }
+        ]
+      }
+    }
+
+Incremental Backups
+-------------------
+
+The star of the show.
+
+**Nota Bene!** Only incremental backups of entire drives are supported
+for now. So despite the fact that you can attach a bitmap to any
+arbitrary node, they are only currently useful when attached to the root
+node. This is because drive-backup only supports drives/devices instead
+of arbitrary nodes.
+
+Example: First Incremental Backup
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+1. Create a full backup and sync it to the dirty bitmap, as in the
+   transactional examples above; or with the VM offline, manually create
+   a full copy and then create a new bitmap before the VM begins
+   execution.
+
+   -  Let's assume the full backup is named ``full_backup.img``.
+   -  Let's assume the bitmap you created is ``bitmap0`` attached to
+      ``drive0``.
+
+2. Create a destination image for the incremental backup that utilizes
+   the full backup as a backing image.
+
+   -  Let's assume the new incremental image is named
+      ``incremental.0.img``.
+
+   .. code:: bash
+
+       $ qemu-img create -f qcow2 incremental.0.img -b full_backup.img -F qcow2
+
+3. Issue the incremental backup command:
+
+   .. code:: json
+
+       { "execute": "drive-backup",
+         "arguments": {
+           "device": "drive0",
+           "bitmap": "bitmap0",
+           "target": "incremental.0.img",
+           "format": "qcow2",
+           "sync": "incremental",
+           "mode": "existing"
+         }
+       }
+
+Example: Second Incremental Backup
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+1. Create a new destination image for the incremental backup that points
+   to the previous one, e.g.: ``incremental.1.img``
+
+   .. code:: bash
+
+       $ qemu-img create -f qcow2 incremental.1.img -b incremental.0.img -F qcow2
+
+2. Issue a new incremental backup command. The only difference here is
+   that we have changed the target image below.
+
+   .. code:: json
+
+       { "execute": "drive-backup",
+         "arguments": {
+           "device": "drive0",
+           "bitmap": "bitmap0",
+           "target": "incremental.1.img",
+           "format": "qcow2",
+           "sync": "incremental",
+           "mode": "existing"
+         }
+       }
+
+Errors
+------
+
+-  In the event of an error that occurs after a backup job is
+   successfully launched, either by a direct QMP command or a QMP
+   transaction, the user will receive a ``BLOCK_JOB_COMPLETE`` event with
+   a failure message, accompanied by a ``BLOCK_JOB_ERROR`` event.
+
+-  In the case of an event being cancelled, the user will receive a
+   ``BLOCK_JOB_CANCELLED`` event instead of a pair of COMPLETE and ERROR
+   events.
+
+-  In either case, the incremental backup data contained within the
+   bitmap is safely rolled back, and the data within the bitmap is not
+   lost. The image file created for the failed attempt can be safely
+   deleted.
+
+-  Once the underlying problem is fixed (e.g. more storage space is
+   freed up), you can simply retry the incremental backup command with
+   the same bitmap.
+
+Example
+~~~~~~~
+
+1. Create a target image:
+
+   .. code:: bash
+
+       $ qemu-img create -f qcow2 incremental.0.img -b full_backup.img -F qcow2
+
+2. Attempt to create an incremental backup via QMP:
+
+   .. code:: json
+
+       { "execute": "drive-backup",
+         "arguments": {
+           "device": "drive0",
+           "bitmap": "bitmap0",
+           "target": "incremental.0.img",
+           "format": "qcow2",
+           "sync": "incremental",
+           "mode": "existing"
+         }
+       }
+
+3. Receive an event notifying us of failure:
+
+   .. code:: json
+
+       { "timestamp": { "seconds": 1424709442, "microseconds": 844524 },
+         "data": { "speed": 0, "offset": 0, "len": 67108864,
+                   "error": "No space left on device",
+                   "device": "drive1", "type": "backup" },
+         "event": "BLOCK_JOB_COMPLETED" }
+
+4. Delete the failed incremental, and re-create the image.
+
+   .. code:: bash
+
+       $ rm incremental.0.img
+       $ qemu-img create -f qcow2 incremental.0.img -b full_backup.img -F qcow2
+
+5. Retry the command after fixing the underlying problem, such as
+   freeing up space on the backup volume:
+
+   .. code:: json
+
+       { "execute": "drive-backup",
+         "arguments": {
+           "device": "drive0",
+           "bitmap": "bitmap0",
+           "target": "incremental.0.img",
+           "format": "qcow2",
+           "sync": "incremental",
+           "mode": "existing"
+         }
+       }
+
+6. Receive confirmation that the job completed successfully:
+
+   .. code:: json
+
+       { "timestamp": { "seconds": 1424709668, "microseconds": 526525 },
+         "data": { "device": "drive1", "type": "backup",
+                   "speed": 0, "len": 67108864, "offset": 67108864},
+         "event": "BLOCK_JOB_COMPLETED" }
+
+Partial Transactional Failures
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+-  Sometimes, a transaction will succeed in launching and return
+   success, but then later the backup jobs themselves may fail. It is
+   possible that a management application may have to deal with a
+   partial backup failure after a successful transaction.
+
+-  If multiple backup jobs are specified in a single transaction, when
+   one of them fails, it will not interact with the other backup jobs in
+   any way.
+
+-  The job(s) that succeeded will clear the dirty bitmap associated with
+   the operation, but the job(s) that failed will not. It is not "safe"
+   to delete any incremental backups that were created successfully in
+   this scenario, even though others failed.
+
+Example
+^^^^^^^
+
+-  QMP example highlighting two backup jobs:
+
+   .. code:: json
+
+       { "execute": "transaction",
+         "arguments": {
+           "actions": [
+             { "type": "drive-backup",
+               "data": { "device": "drive0", "bitmap": "bitmap0",
+                         "format": "qcow2", "mode": "existing",
+                         "sync": "incremental", "target": "d0-incr-1.qcow2" } },
+             { "type": "drive-backup",
+               "data": { "device": "drive1", "bitmap": "bitmap1",
+                         "format": "qcow2", "mode": "existing",
+                         "sync": "incremental", "target": "d1-incr-1.qcow2" } },
+           ]
+         }
+       }
+
+-  QMP example response, highlighting one success and one failure:
+
+   -  Acknowledgement that the Transaction was accepted and jobs were
+      launched:
+
+      .. code:: json
+
+          { "return": {} }
+
+   -  Later, QEMU sends notice that the first job was completed:
+
+      .. code:: json
+
+          { "timestamp": { "seconds": 1447192343, "microseconds": 615698 },
+            "data": { "device": "drive0", "type": "backup",
+                       "speed": 0, "len": 67108864, "offset": 67108864 },
+            "event": "BLOCK_JOB_COMPLETED"
+          }
+
+   -  Later yet, QEMU sends notice that the second job has failed:
+
+      .. code:: json
+
+          { "timestamp": { "seconds": 1447192399, "microseconds": 683015 },
+            "data": { "device": "drive1", "action": "report",
+                      "operation": "read" },
+            "event": "BLOCK_JOB_ERROR" }
+
+      .. code:: json
+
+          { "timestamp": { "seconds": 1447192399, "microseconds":
+          685853 }, "data": { "speed": 0, "offset": 0, "len": 67108864,
+          "error": "Input/output error", "device": "drive1", "type":
+          "backup" }, "event": "BLOCK_JOB_COMPLETED" }
+
+-  In the above example, ``d0-incr-1.qcow2`` is valid and must be kept,
+   but ``d1-incr-1.qcow2`` is invalid and should be deleted. If a VM-wide
+   incremental backup of all drives at a point-in-time is to be made,
+   new backups for both drives will need to be made, taking into account
+   that a new incremental backup for drive0 needs to be based on top of
+   ``d0-incr-1.qcow2``.
+
+Grouped Completion Mode
+~~~~~~~~~~~~~~~~~~~~~~~
+
+-  While jobs launched by transactions normally complete or fail on
+   their own, it is possible to instruct them to complete or fail
+   together as a group.
+
+-  QMP transactions take an optional properties structure that can
+   affect the semantics of the transaction.
+
+-  The "completion-mode" transaction property can be either "individual"
+   which is the default, legacy behavior described above, or "grouped,"
+   a new behavior detailed below.
+
+-  Delayed Completion: In grouped completion mode, no jobs will report
+   success until all jobs are ready to report success.
+
+-  Grouped failure: If any job fails in grouped completion mode, all
+   remaining jobs will be cancelled. Any incremental backups will
+   restore their dirty bitmap objects as if no backup command was ever
+   issued.
+
+   -  Regardless of if QEMU reports a particular incremental backup job
+      as CANCELLED or as an ERROR, the in-memory bitmap will be
+      restored.
+
+Example
+^^^^^^^
+
+-  Here's the same example scenario from above with the new property:
+
+   .. code:: json
+
+       { "execute": "transaction",
+         "arguments": {
+           "actions": [
+             { "type": "drive-backup",
+               "data": { "device": "drive0", "bitmap": "bitmap0",
+                         "format": "qcow2", "mode": "existing",
+                         "sync": "incremental", "target": "d0-incr-1.qcow2" } },
+             { "type": "drive-backup",
+               "data": { "device": "drive1", "bitmap": "bitmap1",
+                         "format": "qcow2", "mode": "existing",
+                         "sync": "incremental", "target": "d1-incr-1.qcow2" } },
+           ],
+           "properties": {
+             "completion-mode": "grouped"
+           }
+         }
+       }
+
+-  QMP example response, highlighting a failure for ``drive2``:
+
+   -  Acknowledgement that the Transaction was accepted and jobs were
+      launched:
+
+      .. code:: json
+
+          { "return": {} }
+
+   -  Later, QEMU sends notice that the second job has errored out, but
+      that the first job was also cancelled:
+
+      .. code:: json
+
+          { "timestamp": { "seconds": 1447193702, "microseconds": 632377 },
+            "data": { "device": "drive1", "action": "report",
+                      "operation": "read" },
+            "event": "BLOCK_JOB_ERROR" }
+
+      .. code:: json
+
+          { "timestamp": { "seconds": 1447193702, "microseconds": 640074 },
+            "data": { "speed": 0, "offset": 0, "len": 67108864,
+                      "error": "Input/output error",
+                      "device": "drive1", "type": "backup" },
+            "event": "BLOCK_JOB_COMPLETED" }
+
+      .. code:: json
+
+          { "timestamp": { "seconds": 1447193702, "microseconds": 640163 },
+            "data": { "device": "drive0", "type": "backup", "speed": 0,
+                      "len": 67108864, "offset": 16777216 },
+            "event": "BLOCK_JOB_CANCELLED" }
+
+.. raw:: html
+
+   
-- 
2.9.4

From: Kashyap Chamarthy <kchamart@redhat.com>

This patch documents (including their QMP invocations) all the four
major kinds of live block operations:

- `block-stream`
  - `block-commit`
  - `drive-mirror` (& `blockdev-mirror`)
  - `drive-backup` (& `blockdev-backup`)

Things considered while writing this document:

- Use reStructuredText as markup language (with the goal of generating
    the HTML output using the Sphinx Documentation Generator).  It is
    gentler on the eye, and can be trivially converted to different
    formats.  (Another reason: upstream QEMU is considering to switch to
    Sphinx, which uses reStructuredText as its markup language.)

- Raw QMP JSON output vs. 'qmp-shell'.  I debated with myself whether
    to only show raw QMP JSON output (as that is the canonical
    representation), or use 'qmp-shell', which takes key-value pairs.  I
    settled on the approach of: for the first occurrence of a command,
    use raw JSON; for subsequent occurrences, use 'qmp-shell', with an
    occasional exception.

- Usage of `-blockdev` command-line.

- Usage of 'node-name' vs. file path to refer to disks.  While we have
    `blockdev-{mirror, backup}` as 'node-name'-alternatives for
    `drive-{mirror, backup}`, the `block-commit` command still operates
    on file names for parameters 'base' and 'top'.  So I added a caveat
    at the beginning to that effect.

Refer this related thread that I started (where I learnt
    `block-stream` was recently reworked to accept 'node-name' for 'top'
    and 'base' parameters):
    https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg06466.html
    "[RFC] Making 'block-stream', and 'block-commit' accept node-name"

All commands showed in this document were tested while documenting.

Thanks: Eric Blake for the section: "A note on points-in-time vs file
names".  This useful bit was originally articulated by Eric in his
KVMForum 2015 presentation, so I included that specific bit in this
document.

Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 20170717105205.32639-3-kchamart@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
---
 docs/interop/live-block-operations.rst | 1088 ++++++++++++++++++++++++++++++++
 docs/live-block-ops.txt                |   72 ---
 2 files changed, 1088 insertions(+), 72 deletions(-)
 create mode 100644 docs/interop/live-block-operations.rst
 delete mode 100644 docs/live-block-ops.txt

diff --git a/docs/interop/live-block-operations.rst b/docs/interop/live-block-operations.rst
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/docs/interop/live-block-operations.rst
@@ -XXX,XX +XXX,XX @@
+..
+    Copyright (C) 2017 Red Hat Inc.
+
+    This work is licensed under the terms of the GNU GPL, version 2 or
+    later.  See the COPYING file in the top-level directory.
+
+============================
+Live Block Device Operations
+============================
+
+QEMU Block Layer currently (as of QEMU 2.9) supports four major kinds of
+live block device jobs -- stream, commit, mirror, and backup.  These can
+be used to manipulate disk image chains to accomplish certain tasks,
+namely: live copy data from backing files into overlays; shorten long
+disk image chains by merging data from overlays into backing files; live
+synchronize data from a disk image chain (including current active disk)
+to another target image; and point-in-time (and incremental) backups of
+a block device.  Below is a description of the said block (QMP)
+primitives, and some (non-exhaustive list of) examples to illustrate
+their use.
+
+.. note::
+    The file ``qapi/block-core.json`` in the QEMU source tree has the
+    canonical QEMU API (QAPI) schema documentation for the QMP
+    primitives discussed here.
+
+.. todo (kashyapc):: Remove the ".. contents::" directive when Sphinx is
+                     integrated.
+
+.. contents::
+
+Disk image backing chain notation
+---------------------------------
+
+A simple disk image chain.  (This can be created live using QMP
+``blockdev-snapshot-sync``, or offline via ``qemu-img``)::
+
+                   (Live QEMU)
+                        |
+                        .
+                        V
+
+            [A] <----- [B]
+
+    (backing file)    (overlay)
+
+The arrow can be read as: Image [A] is the backing file of disk image
+[B].  And live QEMU is currently writing to image [B], consequently, it
+is also referred to as the "active layer".
+
+There are two kinds of terminology that are common when referring to
+files in a disk image backing chain:
+
+(1) Directional: 'base' and 'top'.  Given the simple disk image chain
+    above, image [A] can be referred to as 'base', and image [B] as
+    'top'.  (This terminology can be seen in in QAPI schema file,
+    block-core.json.)
+
+(2) Relational: 'backing file' and 'overlay'.  Again, taking the same
+    simple disk image chain from the above, disk image [A] is referred
+    to as the backing file, and image [B] as overlay.
+
+   Throughout this document, we will use the relational terminology.
+
+.. important::
+    The overlay files can generally be any format that supports a
+    backing file, although QCOW2 is the preferred format and the one
+    used in this document.
+
+
+Brief overview of live block QMP primitives
+-------------------------------------------
+
+The following are the four different kinds of live block operations that
+QEMU block layer supports.
+
+(1) ``block-stream``: Live copy of data from backing files into overlay
+    files.
+
+    .. note:: Once the 'stream' operation has finished, three things to
+              note:
+
+                (a) QEMU rewrites the backing chain to remove
+                    reference to the now-streamed and redundant backing
+                    file;
+
+                (b) the streamed file *itself* won't be removed by QEMU,
+                    and must be explicitly discarded by the user;
+
+                (c) the streamed file remains valid -- i.e. further
+                    overlays can be created based on it.  Refer the
+                    ``block-stream`` section further below for more
+                    details.
+
+(2) ``block-commit``: Live merge of data from overlay files into backing
+    files (with the optional goal of removing the overlay file from the
+    chain).  Since QEMU 2.0, this includes "active ``block-commit``"
+    (i.e. merge the current active layer into the base image).
+
+    .. note:: Once the 'commit' operation has finished, there are three
+              things to note here as well:
+
+                (a) QEMU rewrites the backing chain to remove reference
+                    to now-redundant overlay images that have been
+                    committed into a backing file;
+
+                (b) the committed file *itself* won't be removed by QEMU
+                    -- it ought to be manually removed;
+
+                (c) however, unlike in the case of ``block-stream``, the
+                    intermediate images will be rendered invalid -- i.e.
+                    no more further overlays can be created based on
+                    them.  Refer the ``block-commit`` section further
+                    below for more details.
+
+(3) ``drive-mirror`` (and ``blockdev-mirror``): Synchronize a running
+    disk to another image.
+
+(4) ``drive-backup`` (and ``blockdev-backup``): Point-in-time (live) copy
+    of a block device to a destination.
+
+
+.. _`Interacting with a QEMU instance`:
+
+Interacting with a QEMU instance
+--------------------------------
+
+To show some example invocations of command-line, we will use the
+following invocation of QEMU, with a QMP server running over UNIX
+socket::
+
+    $ ./x86_64-softmmu/qemu-system-x86_64 -display none -nodefconfig \
+        -M q35 -nodefaults -m 512 \
+        -blockdev node-name=node-A,driver=qcow2,file.driver=file,file.node-name=file,file.filename=./a.qcow2 \
+        -device virtio-blk,drive=node-A,id=virtio0 \
+        -monitor stdio -qmp unix:/tmp/qmp-sock,server,nowait
+
+The ``-blockdev`` command-line option, used above, is available from
+QEMU 2.9 onwards.  In the above invocation, notice the ``node-name``
+parameter that is used to refer to the disk image a.qcow2 ('node-A') --
+this is a cleaner way to refer to a disk image (as opposed to referring
+to it by spelling out file paths).  So, we will continue to designate a
+``node-name`` to each further disk image created (either via
+``blockdev-snapshot-sync``, or ``blockdev-add``) as part of the disk
+image chain, and continue to refer to the disks using their
+``node-name`` (where possible, because ``block-commit`` does not yet, as
+of QEMU 2.9, accept ``node-name`` parameter) when performing various
+block operations.
+
+To interact with the QEMU instance launched above, we will use the
+``qmp-shell`` utility (located at: ``qemu/scripts/qmp``, as part of the
+QEMU source directory), which takes key-value pairs for QMP commands.
+Invoke it as below (which will also print out the complete raw JSON
+syntax for reference -- examples in the following sections)::
+
+    $ ./qmp-shell -v -p /tmp/qmp-sock
+    (QEMU)
+
+.. note::
+    In the event we have to repeat a certain QMP command, we will: for
+    the first occurrence of it, show the ``qmp-shell`` invocation, *and*
+    the corresponding raw JSON QMP syntax; but for subsequent
+    invocations, present just the ``qmp-shell`` syntax, and omit the
+    equivalent JSON output.
+
+
+Example disk image chain
+------------------------
+
+We will use the below disk image chain (and occasionally spelling it
+out where appropriate) when discussing various primitives::
+
+    [A] <-- [B] <-- [C] <-- [D]
+
+Where [A] is the original base image; [B] and [C] are intermediate
+overlay images; image [D] is the active layer -- i.e. live QEMU is
+writing to it.  (The rule of thumb is: live QEMU will always be pointing
+to the rightmost image in a disk image chain.)
+
+The above image chain can be created by invoking
+``blockdev-snapshot-sync`` commands as following (which shows the
+creation of overlay image [B]) using the ``qmp-shell`` (our invocation
+also prints the raw JSON invocation of it)::
+
+    (QEMU) blockdev-snapshot-sync node-name=node-A snapshot-file=b.qcow2 snapshot-node-name=node-B format=qcow2
+    {
+        "execute": "blockdev-snapshot-sync",
+        "arguments": {
+            "node-name": "node-A",
+            "snapshot-file": "b.qcow2",
+            "format": "qcow2",
+            "snapshot-node-name": "node-B"
+        }
+    }
+
+Here, "node-A" is the name QEMU internally uses to refer to the base
+image [A] -- it is the backing file, based on which the overlay image,
+[B], is created.
+
+To create the rest of the overlay images, [C], and [D] (omitting the raw
+JSON output for brevity)::
+
+    (QEMU) blockdev-snapshot-sync node-name=node-B snapshot-file=c.qcow2 snapshot-node-name=node-C format=qcow2
+    (QEMU) blockdev-snapshot-sync node-name=node-C snapshot-file=d.qcow2 snapshot-node-name=node-D format=qcow2
+
+
+A note on points-in-time vs file names
+--------------------------------------
+
+In our disk image chain::
+
+    [A] <-- [B] <-- [C] <-- [D]
+
+We have *three* points in time and an active layer:
+
+- Point 1: Guest state when [B] was created is contained in file [A]
+- Point 2: Guest state when [C] was created is contained in [A] + [B]
+- Point 3: Guest state when [D] was created is contained in
+  [A] + [B] + [C]
+- Active layer: Current guest state is contained in [A] + [B] + [C] +
+  [D]
+
+Therefore, be aware with naming choices:
+
+- Naming a file after the time it is created is misleading -- the
+  guest data for that point in time is *not* contained in that file
+  (as explained earlier)
+- Rather, think of files as a *delta* from the backing file
+
+
+Live block streaming --- ``block-stream``
+-----------------------------------------
+
+The ``block-stream`` command allows you to do live copy data from backing
+files into overlay images.
+
+Given our original example disk image chain from earlier::
+
+    [A] <-- [B] <-- [C] <-- [D]
+
+The disk image chain can be shortened in one of the following different
+ways (not an exhaustive list).
+
+.. _`Case-1`:
+
+(1) Merge everything into the active layer: I.e. copy all contents from
+    the base image, [A], and overlay images, [B] and [C], into [D],
+    *while* the guest is running.  The resulting chain will be a
+    standalone image, [D] -- with contents from [A], [B] and [C] merged
+    into it (where live QEMU writes go to)::
+
+        [D]
+
+.. _`Case-2`:
+
+(2) Taking the same example disk image chain mentioned earlier, merge
+    only images [B] and [C] into [D], the active layer.  The result will
+    be contents of images [B] and [C] will be copied into [D], and the
+    backing file pointer of image [D] will be adjusted to point to image
+    [A].  The resulting chain will be::
+
+        [A] <-- [D]
+
+.. _`Case-3`:
+
+(3) Intermediate streaming (available since QEMU 2.8): Starting afresh
+    with the original example disk image chain, with a total of four
+    images, it is possible to copy contents from image [B] into image
+    [C].  Once the copy is finished, image [B] can now be (optionally)
+    discarded; and the backing file pointer of image [C] will be
+    adjusted to point to [A].  I.e. after performing "intermediate
+    streaming" of [B] into [C], the resulting image chain will be (where
+    live QEMU is writing to [D])::
+
+        [A] <-- [C] <-- [D]
+
+
+QMP invocation for ``block-stream``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+For `Case-1`_, to merge contents of all the backing files into the
+active layer, where 'node-D' is the current active image (by default
+``block-stream`` will flatten the entire chain); ``qmp-shell`` (and its
+corresponding JSON output)::
+
+    (QEMU) block-stream device=node-D job-id=job0
+    {
+        "execute": "block-stream",
+        "arguments": {
+            "device": "node-D",
+            "job-id": "job0"
+        }
+    }
+
+For `Case-2`_, merge contents of the images [B] and [C] into [D], where
+image [D] ends up referring to image [A] as its backing file::
+
+    (QEMU) block-stream device=node-D base-node=node-A job-id=job0
+
+And for `Case-3`_, of "intermediate" streaming", merge contents of
+images [B] into [C], where [C] ends up referring to [A] as its backing
+image::
+
+    (QEMU) block-stream device=node-C base-node=node-A job-id=job0
+
+Progress of a ``block-stream`` operation can be monitored via the QMP
+command::
+
+    (QEMU) query-block-jobs
+    {
+        "execute": "query-block-jobs",
+        "arguments": {}
+    }
+
+
+Once the ``block-stream`` operation has completed, QEMU will emit an
+event, ``BLOCK_JOB_COMPLETED``.  The intermediate overlays remain valid,
+and can now be (optionally) discarded, or retained to create further
+overlays based on them.  Finally, the ``block-stream`` jobs can be
+restarted at anytime.
+
+
+Live block commit --- ``block-commit``
+--------------------------------------
+
+The ``block-commit`` command lets you merge live data from overlay
+images into backing file(s).  Since QEMU 2.0, this includes "live active
+commit" (i.e. it is possible to merge the "active layer", the right-most
+image in a disk image chain where live QEMU will be writing to, into the
+base image).  This is analogous to ``block-stream``, but in the opposite
+direction.
+
+Again, starting afresh with our example disk image chain, where live
+QEMU is writing to the right-most image in the chain, [D]::
+
+    [A] <-- [B] <-- [C] <-- [D]
+
+The disk image chain can be shortened in one of the following ways:
+
+.. _`block-commit_Case-1`:
+
+(1) Commit content from only image [B] into image [A].  The resulting
+    chain is the following, where image [C] is adjusted to point at [A]
+    as its new backing file::
+
+        [A] <-- [C] <-- [D]
+
+(2) Commit content from images [B] and [C] into image [A].  The
+    resulting chain, where image [D] is adjusted to point to image [A]
+    as its new backing file::
+
+        [A] <-- [D]
+
+.. _`block-commit_Case-3`:
+
+(3) Commit content from images [B], [C], and the active layer [D] into
+    image [A].  The resulting chain (in this case, a consolidated single
+    image)::
+
+        [A]
+
+(4) Commit content from image only image [C] into image [B].  The
+    resulting chain::
+
+	[A] <-- [B] <-- [D]
+
+(5) Commit content from image [C] and the active layer [D] into image
+    [B].  The resulting chain::
+
+	[A] <-- [B]
+
+
+QMP invocation for ``block-commit``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+For :ref:`Case-1 <block-commit_Case-1>`, to merge contents only from
+image [B] into image [A], the invocation is as follows::
+
+    (QEMU) block-commit device=node-D base=a.qcow2 top=b.qcow2 job-id=job0
+    {
+        "execute": "block-commit",
+        "arguments": {
+            "device": "node-D",
+            "job-id": "job0",
+            "top": "b.qcow2",
+            "base": "a.qcow2"
+        }
+    }
+
+Once the above ``block-commit`` operation has completed, a
+``BLOCK_JOB_COMPLETED`` event will be issued, and no further action is
+required.  As the end result, the backing file of image [C] is adjusted
+to point to image [A], and the original 4-image chain will end up being
+transformed to::
+
+    [A] <-- [C] <-- [D]
+
+.. note::
+    The intermediate image [B] is invalid (as in: no more further
+    overlays based on it can be created).
+
+    Reasoning: An intermediate image after a 'stream' operation still
+    represents that old point-in-time, and may be valid in that context.
+    However, an intermediate image after a 'commit' operation no longer
+    represents any point-in-time, and is invalid in any context.
+
+
+However, :ref:`Case-3 <block-commit_Case-3>` (also called: "active
+``block-commit``") is a *two-phase* operation: In the first phase, the
+content from the active overlay, along with the intermediate overlays,
+is copied into the backing file (also called the base image).  In the
+second phase, adjust the said backing file as the current active image
+-- possible via issuing the command ``block-job-complete``.  Optionally,
+the ``block-commit`` operation can be cancelled by issuing the command
+``block-job-cancel``, but be careful when doing this.
+
+Once the ``block-commit`` operation has completed, the event
+``BLOCK_JOB_READY`` will be emitted, signalling that the synchronization
+has finished.  Now the job can be gracefully completed by issuing the
+command ``block-job-complete`` -- until such a command is issued, the
+'commit' operation remains active.
+
+The following is the flow for :ref:`Case-3 <block-commit_Case-3>` to
+convert a disk image chain such as this::
+
+    [A] <-- [B] <-- [C] <-- [D]
+
+Into::
+
+    [A]
+
+Where content from all the subsequent overlays, [B], and [C], including
+the active layer, [D], is committed back to [A] -- which is where live
+QEMU is performing all its current writes).
+
+Start the "active ``block-commit``" operation::
+
+    (QEMU) block-commit device=node-D base=a.qcow2 top=d.qcow2 job-id=job0
+    {
+        "execute": "block-commit",
+        "arguments": {
+            "device": "node-D",
+            "job-id": "job0",
+            "top": "d.qcow2",
+            "base": "a.qcow2"
+        }
+    }
+
+
+Once the synchronization has completed, the event ``BLOCK_JOB_READY`` will
+be emitted.
+
+Then, optionally query for the status of the active block operations.
+We can see the 'commit' job is now ready to be completed, as indicated
+by the line *"ready": true*::
+
+    (QEMU) query-block-jobs
+    {
+        "execute": "query-block-jobs",
+        "arguments": {}
+    }
+    {
+        "return": [
+            {
+                "busy": false,
+                "type": "commit",
+                "len": 1376256,
+                "paused": false,
+                "ready": true,
+                "io-status": "ok",
+                "offset": 1376256,
+                "device": "job0",
+                "speed": 0
+            }
+        ]
+    }
+
+Gracefully complete the 'commit' block device job::
+
+    (QEMU) block-job-complete device=job0
+    {
+        "execute": "block-job-complete",
+        "arguments": {
+            "device": "job0"
+        }
+    }
+    {
+        "return": {}
+    }
+
+Finally, once the above job is completed, an event
+``BLOCK_JOB_COMPLETED`` will be emitted.
+
+.. note::
+    The invocation for rest of the cases (2, 4, and 5), discussed in the
+    previous section, is omitted for brevity.
+
+
+Live disk synchronization --- ``drive-mirror`` and ``blockdev-mirror``
+----------------------------------------------------------------------
+
+Synchronize a running disk image chain (all or part of it) to a target
+image.
+
+Again, given our familiar disk image chain::
+
+    [A] <-- [B] <-- [C] <-- [D]
+
+The ``drive-mirror`` (and its newer equivalent ``blockdev-mirror``) allows
+you to copy data from the entire chain into a single target image (which
+can be located on a different host).
+
+Once a 'mirror' job has started, there are two possible actions while a
+``drive-mirror`` job is active:
+
+(1) Issuing the command ``block-job-cancel`` after it emits the event
+    ``BLOCK_JOB_CANCELLED``: will (after completing synchronization of
+    the content from the disk image chain to the target image, [E])
+    create a point-in-time (which is at the time of *triggering* the
+    cancel command) copy, contained in image [E], of the the entire disk
+    image chain (or only the top-most image, depending on the ``sync``
+    mode).
+
+(2) Issuing the command ``block-job-complete`` after it emits the event
+    ``BLOCK_JOB_COMPLETED``: will, after completing synchronization of
+    the content, adjust the guest device (i.e. live QEMU) to point to
+    the target image, and, causing all the new writes from this point on
+    to happen there.  One use case for this is live storage migration.
+
+About synchronization modes: The synchronization mode determines
+*which* part of the disk image chain will be copied to the target.
+Currently, there are four different kinds:
+
+(1) ``full`` -- Synchronize the content of entire disk image chain to
+    the target
+
+(2) ``top`` -- Synchronize only the contents of the top-most disk image
+    in the chain to the target
+
+(3) ``none`` -- Synchronize only the new writes from this point on.
+
+    .. note:: In the case of ``drive-backup`` (or ``blockdev-backup``),
+              the behavior of ``none`` synchronization mode is different.
+              Normally, a ``backup`` job consists of two parts: Anything
+              that is overwritten by the guest is first copied out to
+              the backup, and in the background the whole image is
+              copied from start to end. With ``sync=none``, it's only
+              the first part.
+
+(4) ``incremental`` -- Synchronize content that is described by the
+    dirty bitmap
+
+.. note::
+    Refer to the :doc:`bitmaps` document in the QEMU source
+    tree to learn about the detailed workings of the ``incremental``
+    synchronization mode.
+
+
+QMP invocation for ``drive-mirror``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To copy the contents of the entire disk image chain, from [A] all the
+way to [D], to a new target (``drive-mirror`` will create the destination
+file, if it doesn't already exist), call it [E]::
+
+    (QEMU) drive-mirror device=node-D target=e.qcow2 sync=full job-id=job0
+    {
+        "execute": "drive-mirror",
+        "arguments": {
+            "device": "node-D",
+            "job-id": "job0",
+            "target": "e.qcow2",
+            "sync": "full"
+        }
+    }
+
+The ``"sync": "full"``, from the above, means: copy the *entire* chain
+to the destination.
+
+Following the above, querying for active block jobs will show that a
+'mirror' job is "ready" to be completed (and QEMU will also emit an
+event, ``BLOCK_JOB_READY``)::
+
+    (QEMU) query-block-jobs
+    {
+        "execute": "query-block-jobs",
+        "arguments": {}
+    }
+    {
+        "return": [
+            {
+                "busy": false,
+                "type": "mirror",
+                "len": 21757952,
+                "paused": false,
+                "ready": true,
+                "io-status": "ok",
+                "offset": 21757952,
+                "device": "job0",
+                "speed": 0
+            }
+        ]
+    }
+
+And, as noted in the previous section, there are two possible actions
+at this point:
+
+(a) Create a point-in-time snapshot by ending the synchronization.  The
+    point-in-time is at the time of *ending* the sync.  (The result of
+    the following being: the target image, [E], will be populated with
+    content from the entire chain, [A] to [D])::
+
+        (QEMU) block-job-cancel device=job0
+        {
+            "execute": "block-job-cancel",
+            "arguments": {
+                "device": "job0"
+            }
+        }
+
+(b) Or, complete the operation and pivot the live QEMU to the target
+    copy::
+
+        (QEMU) block-job-complete device=job0
+
+In either of the above cases, if you once again run the
+`query-block-jobs` command, there should not be any active block
+operation.
+
+Comparing 'commit' and 'mirror': In both then cases, the overlay images
+can be discarded.  However, with 'commit', the *existing* base image
+will be modified (by updating it with contents from overlays); while in
+the case of 'mirror', a *new* target image is populated with the data
+from the disk image chain.
+
+
+QMP invocation for live storage migration with ``drive-mirror`` + NBD
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Live storage migration (without shared storage setup) is one of the most
+common use-cases that takes advantage of the ``drive-mirror`` primitive
+and QEMU's built-in Network Block Device (NBD) server.  Here's a quick
+walk-through of this setup.
+
+Given the disk image chain::
+
+    [A] <-- [B] <-- [C] <-- [D]
+
+Instead of copying content from the entire chain, synchronize *only* the
+contents of the *top*-most disk image (i.e. the active layer), [D], to a
+target, say, [TargetDisk].
+
+.. important::
+    The destination host must already have the contents of the backing
+    chain, involving images [A], [B], and [C], visible via other means
+    -- whether by ``cp``, ``rsync``, or by some storage array-specific
+    command.)
+
+Sometimes, this is also referred to as "shallow copy" -- because only
+the "active layer", and not the rest of the image chain, is copied to
+the destination.
+
+.. note::
+    In this example, for the sake of simplicity, we'll be using the same
+    ``localhost`` as both source and destination.
+
+As noted earlier, on the destination host the contents of the backing
+chain -- from images [A] to [C] -- are already expected to exist in some
+form (e.g. in a file called, ``Contents-of-A-B-C.qcow2``).  Now, on the
+destination host, let's create a target overlay image (with the image
+``Contents-of-A-B-C.qcow2`` as its backing file), to which the contents
+of image [D] (from the source QEMU) will be mirrored to::
+
+    $ qemu-img create -f qcow2 -b ./Contents-of-A-B-C.qcow2 \
+        -F qcow2 ./target-disk.qcow2
+
+And start the destination QEMU (we already have the source QEMU running
+-- discussed in the section: `Interacting with a QEMU instance`_)
+instance, with the following invocation.  (As noted earlier, for
+simplicity's sake, the destination QEMU is started on the same host, but
+it could be located elsewhere)::
+
+    $ ./x86_64-softmmu/qemu-system-x86_64 -display none -nodefconfig \
+        -M q35 -nodefaults -m 512 \
+        -blockdev node-name=node-TargetDisk,driver=qcow2,file.driver=file,file.node-name=file,file.filename=./target-disk.qcow2 \
+        -device virtio-blk,drive=node-TargetDisk,id=virtio0 \
+        -S -monitor stdio -qmp unix:./qmp-sock2,server,nowait \
+        -incoming tcp:localhost:6666
+
+Given the disk image chain on source QEMU::
+
+    [A] <-- [B] <-- [C] <-- [D]
+
+On the destination host, it is expected that the contents of the chain
+``[A] <-- [B] <-- [C]`` are *already* present, and therefore copy *only*
+the content of image [D].
+
+(1) [On *destination* QEMU] As part of the first step, start the
+    built-in NBD server on a given host (local host, represented by
+    ``::``)and port::
+
+        (QEMU) nbd-server-start addr={"type":"inet","data":{"host":"::","port":"49153"}}
+        {
+            "execute": "nbd-server-start",
+            "arguments": {
+                "addr": {
+                    "data": {
+                        "host": "::",
+                        "port": "49153"
+                    },
+                    "type": "inet"
+                }
+            }
+        }
+
+(2) [On *destination* QEMU] And export the destination disk image using
+    QEMU's built-in NBD server::
+
+        (QEMU) nbd-server-add device=node-TargetDisk writable=true
+        {
+            "execute": "nbd-server-add",
+            "arguments": {
+                "device": "node-TargetDisk"
+            }
+        }
+
+(3) [On *source* QEMU] Then, invoke ``drive-mirror`` (NB: since we're
+    running ``drive-mirror`` with ``mode=existing`` (meaning:
+    synchronize to a pre-created file, therefore 'existing', file on the
+    target host), with the synchronization mode as 'top' (``"sync:
+    "top"``)::
+
+        (QEMU) drive-mirror device=node-D target=nbd:localhost:49153:exportname=node-TargetDisk sync=top mode=existing job-id=job0
+        {
+            "execute": "drive-mirror",
+            "arguments": {
+                "device": "node-D",
+                "mode": "existing",
+                "job-id": "job0",
+                "target": "nbd:localhost:49153:exportname=node-TargetDisk",
+                "sync": "top"
+            }
+        }
+
+(4) [On *source* QEMU] Once ``drive-mirror`` copies the entire data, and the
+    event ``BLOCK_JOB_READY`` is emitted, issue ``block-job-cancel`` to
+    gracefully end the synchronization, from source QEMU::
+
+        (QEMU) block-job-cancel device=job0
+        {
+            "execute": "block-job-cancel",
+            "arguments": {
+                "device": "job0"
+            }
+        }
+
+(5) [On *destination* QEMU] Then, stop the NBD server::
+
+        (QEMU) nbd-server-stop
+        {
+            "execute": "nbd-server-stop",
+            "arguments": {}
+        }
+
+(6) [On *destination* QEMU] Finally, resume the guest vCPUs by issuing the
+    QMP command `cont`::
+
+        (QEMU) cont
+        {
+            "execute": "cont",
+            "arguments": {}
+        }
+
+.. note::
+    Higher-level libraries (e.g. libvirt) automate the entire above
+    process (although note that libvirt does not allow same-host
+    migrations to localhost for other reasons).
+
+
+Notes on ``blockdev-mirror``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The ``blockdev-mirror`` command is equivalent in core functionality to
+``drive-mirror``, except that it operates at node-level in a BDS graph.
+
+Also: for ``blockdev-mirror``, the 'target' image needs to be explicitly
+created (using ``qemu-img``) and attach it to live QEMU via
+``blockdev-add``, which assigns a name to the to-be created target node.
+
+E.g. the sequence of actions to create a point-in-time backup of an
+entire disk image chain, to a target, using ``blockdev-mirror`` would be:
+
+(0) Create the QCOW2 overlays, to arrive at a backing chain of desired
+    depth
+
+(1) Create the target image (using ``qemu-img``), say, ``e.qcow2``
+
+(2) Attach the above created file (``e.qcow2``), run-time, using
+    ``blockdev-add`` to QEMU
+
+(3) Perform ``blockdev-mirror`` (use ``"sync": "full"`` to copy the
+    entire chain to the target).  And notice the event
+    ``BLOCK_JOB_READY``
+
+(4) Optionally, query for active block jobs, there should be a 'mirror'
+    job ready to be completed
+
+(5) Gracefully complete the 'mirror' block device job, and notice the
+    the event ``BLOCK_JOB_COMPLETED``
+
+(6) Shutdown the guest by issuing the QMP ``quit`` command so that
+    caches are flushed
+
+(7) Then, finally, compare the contents of the disk image chain, and
+    the target copy with ``qemu-img compare``.  You should notice:
+    "Images are identical"
+
+
+QMP invocation for ``blockdev-mirror``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Given the disk image chain::
+
+    [A] <-- [B] <-- [C] <-- [D]
+
+To copy the contents of the entire disk image chain, from [A] all the
+way to [D], to a new target, call it [E].  The following is the flow.
+
+Create the overlay images, [B], [C], and [D]::
+
+    (QEMU) blockdev-snapshot-sync node-name=node-A snapshot-file=b.qcow2 snapshot-node-name=node-B format=qcow2
+    (QEMU) blockdev-snapshot-sync node-name=node-B snapshot-file=c.qcow2 snapshot-node-name=node-C format=qcow2
+    (QEMU) blockdev-snapshot-sync node-name=node-C snapshot-file=d.qcow2 snapshot-node-name=node-D format=qcow2
+
+Create the target image, [E]::
+
+    $ qemu-img create -f qcow2 e.qcow2 39M
+
+Add the above created target image to QEMU, via ``blockdev-add``::
+
+    (QEMU) blockdev-add driver=qcow2 node-name=node-E file={"driver":"file","filename":"e.qcow2"}
+    {
+        "execute": "blockdev-add",
+        "arguments": {
+            "node-name": "node-E",
+            "driver": "qcow2",
+            "file": {
+                "driver": "file",
+                "filename": "e.qcow2"
+            }
+        }
+    }
+
+Perform ``blockdev-mirror``, and notice the event ``BLOCK_JOB_READY``::
+
+    (QEMU) blockdev-mirror device=node-B target=node-E sync=full job-id=job0
+    {
+        "execute": "blockdev-mirror",
+        "arguments": {
+            "device": "node-D",
+            "job-id": "job0",
+            "target": "node-E",
+            "sync": "full"
+        }
+    }
+
+Query for active block jobs, there should be a 'mirror' job ready::
+
+    (QEMU) query-block-jobs
+    {
+        "execute": "query-block-jobs",
+        "arguments": {}
+    }
+    {
+        "return": [
+            {
+                "busy": false,
+                "type": "mirror",
+                "len": 21561344,
+                "paused": false,
+                "ready": true,
+                "io-status": "ok",
+                "offset": 21561344,
+                "device": "job0",
+                "speed": 0
+            }
+        ]
+    }
+
+Gracefully complete the block device job operation, and notice the
+event ``BLOCK_JOB_COMPLETED``::
+
+    (QEMU) block-job-complete device=job0
+    {
+        "execute": "block-job-complete",
+        "arguments": {
+            "device": "job0"
+        }
+    }
+    {
+        "return": {}
+    }
+
+Shutdown the guest, by issuing the ``quit`` QMP command::
+
+    (QEMU) quit
+    {
+        "execute": "quit",
+        "arguments": {}
+    }
+
+
+Live disk backup --- ``drive-backup`` and ``blockdev-backup``
+-------------------------------------------------------------
+
+The ``drive-backup`` (and its newer equivalent ``blockdev-backup``) allows
+you to create a point-in-time snapshot.
+
+In this case, the point-in-time is when you *start* the ``drive-backup``
+(or its newer equivalent ``blockdev-backup``) command.
+
+
+QMP invocation for ``drive-backup``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Yet again, starting afresh with our example disk image chain::
+
+    [A] <-- [B] <-- [C] <-- [D]
+
+To create a target image [E], with content populated from image [A] to
+[D], from the above chain, the following is the syntax.  (If the target
+image does not exist, ``drive-backup`` will create it)::
+
+    (QEMU) drive-backup device=node-D sync=full target=e.qcow2 job-id=job0
+    {
+        "execute": "drive-backup",
+        "arguments": {
+            "device": "node-D",
+            "job-id": "job0",
+            "sync": "full",
+            "target": "e.qcow2"
+        }
+    }
+
+Once the above ``drive-backup`` has completed, a ``BLOCK_JOB_COMPLETED`` event
+will be issued, indicating the live block device job operation has
+completed, and no further action is required.
+
+
+Notes on ``blockdev-backup``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The ``blockdev-backup`` command is equivalent in functionality to
+``drive-backup``, except that it operates at node-level in a Block Driver
+State (BDS) graph.
+
+E.g. the sequence of actions to create a point-in-time backup
+of an entire disk image chain, to a target, using ``blockdev-backup``
+would be:
+
+(0) Create the QCOW2 overlays, to arrive at a backing chain of desired
+    depth
+
+(1) Create the target image (using ``qemu-img``), say, ``e.qcow2``
+
+(2) Attach the above created file (``e.qcow2``), run-time, using
+    ``blockdev-add`` to QEMU
+
+(3) Perform ``blockdev-backup`` (use ``"sync": "full"`` to copy the
+    entire chain to the target).  And notice the event
+    ``BLOCK_JOB_COMPLETED``
+
+(4) Shutdown the guest, by issuing the QMP ``quit`` command, so that
+    caches are flushed
+
+(5) Then, finally, compare the contents of the disk image chain, and
+    the target copy with ``qemu-img compare``.  You should notice:
+    "Images are identical"
+
+The following section shows an example QMP invocation for
+``blockdev-backup``.
+
+QMP invocation for ``blockdev-backup``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Given a disk image chain of depth 1 where image [B] is the active
+overlay (live QEMU is writing to it)::
+
+    [A] <-- [B]
+
+The following is the procedure to copy the content from the entire chain
+to a target image (say, [E]), which has the full content from [A] and
+[B].
+
+Create the overlay [B]::
+
+    (QEMU) blockdev-snapshot-sync node-name=node-A snapshot-file=b.qcow2 snapshot-node-name=node-B format=qcow2
+    {
+        "execute": "blockdev-snapshot-sync",
+        "arguments": {
+            "node-name": "node-A",
+            "snapshot-file": "b.qcow2",
+            "format": "qcow2",
+            "snapshot-node-name": "node-B"
+        }
+    }
+
+
+Create a target image that will contain the copy::
+
+    $ qemu-img create -f qcow2 e.qcow2 39M
+
+Then add it to QEMU via ``blockdev-add``::
+
+    (QEMU) blockdev-add driver=qcow2 node-name=node-E file={"driver":"file","filename":"e.qcow2"}
+    {
+        "execute": "blockdev-add",
+        "arguments": {
+            "node-name": "node-E",
+            "driver": "qcow2",
+            "file": {
+                "driver": "file",
+                "filename": "e.qcow2"
+            }
+        }
+    }
+
+Then invoke ``blockdev-backup`` to copy the contents from the entire
+image chain, consisting of images [A] and [B] to the target image
+'e.qcow2'::
+
+    (QEMU) blockdev-backup device=node-B target=node-E sync=full job-id=job0
+    {
+        "execute": "blockdev-backup",
+        "arguments": {
+            "device": "node-B",
+            "job-id": "job0",
+            "target": "node-E",
+            "sync": "full"
+        }
+    }
+
+Once the above 'backup' operation has completed, the event,
+``BLOCK_JOB_COMPLETED`` will be emitted, signalling successful
+completion.
+
+Next, query for any active block device jobs (there should be none)::
+
+    (QEMU) query-block-jobs
+    {
+        "execute": "query-block-jobs",
+        "arguments": {}
+    }
+
+Shutdown the guest::
+
+    (QEMU) quit
+    {
+            "execute": "quit",
+                "arguments": {}
+    }
+            "return": {}
+    }
+
+.. note::
+    The above step is really important; if forgotten, an error, "Failed
+    to get shared "write" lock on e.qcow2", will be thrown when you do
+    ``qemu-img compare`` to verify the integrity of the disk image
+    with the backup content.
+
+
+The end result will be the image 'e.qcow2' containing a
+point-in-time backup of the disk image chain -- i.e. contents from
+images [A] and [B] at the time the ``blockdev-backup`` command was
+initiated.
+
+One way to confirm the backup disk image contains the identical content
+with the disk image chain is to compare the backup and the contents of
+the chain, you should see "Images are identical".  (NB: this is assuming
+QEMU was launched with ``-S`` option, which will not start the CPUs at
+guest boot up)::
+
+    $ qemu-img compare b.qcow2 e.qcow2
+    Warning: Image size mismatch!
+    Images are identical.
+
+NOTE: The "Warning: Image size mismatch!" is expected, as we created the
+target image (e.qcow2) with 39M size.
diff --git a/docs/live-block-ops.txt b/docs/live-block-ops.txt
deleted file mode 100644
index XXXXXXX..XXXXXXX
--- a/docs/live-block-ops.txt
+++ /dev/null
@@ -XXX,XX +XXX,XX @@
-LIVE BLOCK OPERATIONS
-=====================
-
-High level description of live block operations. Note these are not
-supported for use with the raw format at the moment.
-
-Note also that this document is incomplete and it currently only
-covers the 'stream' operation. Other operations supported by QEMU such
-as 'commit', 'mirror' and 'backup' are not described here yet. Please
-refer to the qapi/block-core.json file for an overview of those.
-
-Snapshot live merge
-===================
-
-Given a snapshot chain, described in this document in the following
-format:
-
-[A] <- [B] <- [C] <- [D] <- [E]
-
-Where the rightmost object ([E] in the example) described is the current
-image which the guest OS has write access to. To the left of it is its base
-image, and so on accordingly until the leftmost image, which has no
-base.
-
-The snapshot live merge operation transforms such a chain into a
-smaller one with fewer elements, such as this transformation relative
-to the first example:
-
-[A] <- [E]
-
-Data is copied in the right direction with destination being the
-rightmost image, but any other intermediate image can be specified
-instead. In this example data is copied from [C] into [D], so [D] can
-be backed by [B]:
-
-[A] <- [B] <- [D] <- [E]
-
-The operation is implemented in QEMU through image streaming facilities.
-
-The basic idea is to execute 'block_stream virtio0' while the guest is
-running. Progress can be monitored using 'info block-jobs'. When the
-streaming operation completes it raises a QMP event. 'block_stream'
-copies data from the backing file(s) into the active image. When finished,
-it adjusts the backing file pointer.
-
-The 'base' parameter specifies an image which data need not be
-streamed from. This image will be used as the backing file for the
-destination image when the operation is finished.
-
-In the first example above, the command would be:
-
-(qemu) block_stream virtio0 file-A.img
-
-In order to specify a destination image different from the active
-(rightmost) one we can use its node name instead.
-
-In the second example above, the command would be:
-
-(qemu) block_stream node-D file-B.img
-
-Live block copy
-===============
-
-To copy an in use image to another destination in the filesystem, one
-should create a live snapshot in the desired destination, then stream
-into that image. Example:
-
-(qemu) snapshot_blkdev ide0-hd0 /new-path/disk.img qcow2
-
-(qemu) block_stream ide0-hd0
-
-
-- 
2.9.4

The following changes since commit e2c5093c993ef646e4e28f7aa78429853bcc06ac:

iotests: 30: drop from auto group (and effectively from make check) (2021-02-05 15:16:13 +0000)

are available in the Git repository at:

https://gitlab.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to b07011f375bda3319cf72eee7cb18d310078387b:

docs: fix Parallels Image "dirty bitmap" section (2021-02-05 16:36:36 +0000)

----------------------------------------------------------------
Pull request

v3:
 * Replace {0} array initialization with {} to make clang happy [Peter]

----------------------------------------------------------------

Denis V. Lunev (1):
  docs: fix Parallels Image "dirty bitmap" section

Elena Ufimtseva (8):
  multi-process: add configure and usage information
  io: add qio_channel_writev_full_all helper
  io: add qio_channel_readv_full_all_eof & qio_channel_readv_full_all
    helpers
  multi-process: define MPQemuMsg format and transmission functions
  multi-process: introduce proxy object
  multi-process: add proxy communication functions
  multi-process: Forward PCI config space acceses to the remote process
  multi-process: perform device reset in the remote process

Jagannathan Raman (11):
  memory: alloc RAM from file at offset
  multi-process: Add config option for multi-process QEMU
  multi-process: setup PCI host bridge for remote device
  multi-process: setup a machine object for remote device process
  multi-process: Initialize message handler in remote device
  multi-process: Associate fd of a PCIDevice with its object
  multi-process: setup memory manager for remote device
  multi-process: PCI BAR read/write handling for proxy & remote
    endpoints
  multi-process: Synchronize remote memory
  multi-process: create IOHUB object to handle irq
  multi-process: Retrieve PCI info from remote process

John G Johnson (1):
  multi-process: add the concept description to
    docs/devel/qemu-multiprocess

Stefan Hajnoczi (6):
  .github: point Repo Lockdown bot to GitLab repo
  gitmodules: use GitLab repos instead of qemu.org
  gitlab-ci: remove redundant GitLab repo URL command
  docs: update README to use GitLab repo URLs
  pc-bios: update mirror URLs to GitLab
  get_maintainer: update repo URL to GitLab

MAINTAINERS                               |  24 +
 README.rst                                |   4 +-
 docs/devel/index.rst                      |   1 +
 docs/devel/multi-process.rst              | 966 ++++++++++++++++++++++
 docs/system/index.rst                     |   1 +
 docs/system/multi-process.rst             |  64 ++
 docs/interop/parallels.txt                |   2 +-
 configure                                 |  10 +
 meson.build                               |   5 +-
 hw/remote/trace.h                         |   1 +
 include/exec/memory.h                     |   2 +
 include/exec/ram_addr.h                   |   4 +-
 include/hw/pci-host/remote.h              |  30 +
 include/hw/pci/pci_ids.h                  |   3 +
 include/hw/remote/iohub.h                 |  42 +
 include/hw/remote/machine.h               |  38 +
 include/hw/remote/memory.h                |  19 +
 include/hw/remote/mpqemu-link.h           |  99 +++
 include/hw/remote/proxy-memory-listener.h |  28 +
 include/hw/remote/proxy.h                 |  48 ++
 include/io/channel.h                      |  78 ++
 include/qemu/mmap-alloc.h                 |   4 +-
 include/sysemu/iothread.h                 |   6 +
 backends/hostmem-memfd.c                  |   2 +-
 hw/misc/ivshmem.c                         |   3 +-
 hw/pci-host/remote.c                      |  75 ++
 hw/remote/iohub.c                         | 119 +++
 hw/remote/machine.c                       |  80 ++
 hw/remote/memory.c                        |  65 ++
 hw/remote/message.c                       | 230 ++++++
 hw/remote/mpqemu-link.c                   | 267 ++++++
 hw/remote/proxy-memory-listener.c         | 227 +++++
 hw/remote/proxy.c                         | 379 +++++++++
 hw/remote/remote-obj.c                    | 203 +++++
 io/channel.c                              | 116 ++-
 iothread.c                                |   6 +
 softmmu/memory.c                          |   3 +-
 softmmu/physmem.c                         |  12 +-
 util/mmap-alloc.c                         |   8 +-
 util/oslib-posix.c                        |   2 +-
 .github/lockdown.yml                      |   8 +-
 .gitlab-ci.yml                            |   1 -
 .gitmodules                               |  44 +-
 Kconfig.host                              |   4 +
 hw/Kconfig                                |   1 +
 hw/meson.build                            |   1 +
 hw/pci-host/Kconfig                       |   3 +
 hw/pci-host/meson.build                   |   1 +
 hw/remote/Kconfig                         |   4 +
 hw/remote/meson.build                     |  13 +
 hw/remote/trace-events                    |   4 +
 pc-bios/README                            |   4 +-
 scripts/get_maintainer.pl                 |   2 +-
 53 files changed, 3296 insertions(+), 70 deletions(-)
 create mode 100644 docs/devel/multi-process.rst
 create mode 100644 docs/system/multi-process.rst
 create mode 100644 hw/remote/trace.h
 create mode 100644 include/hw/pci-host/remote.h
 create mode 100644 include/hw/remote/iohub.h
 create mode 100644 include/hw/remote/machine.h
 create mode 100644 include/hw/remote/memory.h
 create mode 100644 include/hw/remote/mpqemu-link.h
 create mode 100644 include/hw/remote/proxy-memory-listener.h
 create mode 100644 include/hw/remote/proxy.h
 create mode 100644 hw/pci-host/remote.c
 create mode 100644 hw/remote/iohub.c
 create mode 100644 hw/remote/machine.c
 create mode 100644 hw/remote/memory.c
 create mode 100644 hw/remote/message.c
 create mode 100644 hw/remote/mpqemu-link.c
 create mode 100644 hw/remote/proxy-memory-listener.c
 create mode 100644 hw/remote/proxy.c
 create mode 100644 hw/remote/remote-obj.c
 create mode 100644 hw/remote/Kconfig
 create mode 100644 hw/remote/meson.build
 create mode 100644 hw/remote/trace-events

-- 
2.29.2

Use the GitLab repo URL as the main repo location in order to reduce
load on qemu.org.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 20210111115017.156802-2-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 .github/lockdown.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/lockdown.yml b/.github/lockdown.yml
index XXXXXXX..XXXXXXX 100644
--- a/.github/lockdown.yml
+++ b/.github/lockdown.yml
@@ -XXX,XX +XXX,XX @@ issues:
   comment: |
     Thank you for your interest in the QEMU project.
 
-    This repository is a read-only mirror of the project's master
-    repostories hosted on https://git.qemu.org/git/qemu.git.
+    This repository is a read-only mirror of the project's repostories hosted
+    at https://gitlab.com/qemu-project/qemu.git.
     The project does not process issues filed on GitHub.
 
     The project issues are tracked on Launchpad:
@@ -XXX,XX +XXX,XX @@ pulls:
   comment: |
     Thank you for your interest in the QEMU project.
 
-    This repository is a read-only mirror of the project's master
-    repostories hosted on https://git.qemu.org/git/qemu.git.
+    This repository is a read-only mirror of the project's repostories hosted
+    on https://gitlab.com/qemu-project/qemu.git.
     The project does not process merge requests filed on GitHub.
 
     QEMU welcomes contributions of code (either fixing bugs or adding new
-- 
2.29.2

qemu.org is running out of bandwidth and the QEMU project is moving
towards a gating CI on GitLab. Use the GitLab repos instead of qemu.org
(they will become mirrors).

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210111115017.156802-3-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 .gitmodules | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/.gitmodules b/.gitmodules
index XXXXXXX..XXXXXXX 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -XXX,XX +XXX,XX @@
 [submodule "roms/seabios"]
 	path = roms/seabios
-	url = https://git.qemu.org/git/seabios.git/
+	url = https://gitlab.com/qemu-project/seabios.git/
 [submodule "roms/SLOF"]
 	path = roms/SLOF
-	url = https://git.qemu.org/git/SLOF.git
+	url = https://gitlab.com/qemu-project/SLOF.git
 [submodule "roms/ipxe"]
 	path = roms/ipxe
-	url = https://git.qemu.org/git/ipxe.git
+	url = https://gitlab.com/qemu-project/ipxe.git
 [submodule "roms/openbios"]
 	path = roms/openbios
-	url = https://git.qemu.org/git/openbios.git
+	url = https://gitlab.com/qemu-project/openbios.git
 [submodule "roms/qemu-palcode"]
 	path = roms/qemu-palcode
-	url = https://git.qemu.org/git/qemu-palcode.git
+	url = https://gitlab.com/qemu-project/qemu-palcode.git
 [submodule "roms/sgabios"]
 	path = roms/sgabios
-	url = https://git.qemu.org/git/sgabios.git
+	url = https://gitlab.com/qemu-project/sgabios.git
 [submodule "dtc"]
 	path = dtc
-	url = https://git.qemu.org/git/dtc.git
+	url = https://gitlab.com/qemu-project/dtc.git
 [submodule "roms/u-boot"]
 	path = roms/u-boot
-	url = https://git.qemu.org/git/u-boot.git
+	url = https://gitlab.com/qemu-project/u-boot.git
 [submodule "roms/skiboot"]
 	path = roms/skiboot
-	url = https://git.qemu.org/git/skiboot.git
+	url = https://gitlab.com/qemu-project/skiboot.git
 [submodule "roms/QemuMacDrivers"]
 	path = roms/QemuMacDrivers
-	url = https://git.qemu.org/git/QemuMacDrivers.git
+	url = https://gitlab.com/qemu-project/QemuMacDrivers.git
 [submodule "ui/keycodemapdb"]
 	path = ui/keycodemapdb
-	url = https://git.qemu.org/git/keycodemapdb.git
+	url = https://gitlab.com/qemu-project/keycodemapdb.git
 [submodule "capstone"]
 	path = capstone
-	url = https://git.qemu.org/git/capstone.git
+	url = https://gitlab.com/qemu-project/capstone.git
 [submodule "roms/seabios-hppa"]
 	path = roms/seabios-hppa
-	url = https://git.qemu.org/git/seabios-hppa.git
+	url = https://gitlab.com/qemu-project/seabios-hppa.git
 [submodule "roms/u-boot-sam460ex"]
 	path = roms/u-boot-sam460ex
-	url = https://git.qemu.org/git/u-boot-sam460ex.git
+	url = https://gitlab.com/qemu-project/u-boot-sam460ex.git
 [submodule "tests/fp/berkeley-testfloat-3"]
 	path = tests/fp/berkeley-testfloat-3
-	url = https://git.qemu.org/git/berkeley-testfloat-3.git
+	url = https://gitlab.com/qemu-project/berkeley-testfloat-3.git
 [submodule "tests/fp/berkeley-softfloat-3"]
 	path = tests/fp/berkeley-softfloat-3
-	url = https://git.qemu.org/git/berkeley-softfloat-3.git
+	url = https://gitlab.com/qemu-project/berkeley-softfloat-3.git
 [submodule "roms/edk2"]
 	path = roms/edk2
-	url = https://git.qemu.org/git/edk2.git
+	url = https://gitlab.com/qemu-project/edk2.git
 [submodule "slirp"]
 	path = slirp
-	url = https://git.qemu.org/git/libslirp.git
+	url = https://gitlab.com/qemu-project/libslirp.git
 [submodule "roms/opensbi"]
 	path = roms/opensbi
-	url = 	https://git.qemu.org/git/opensbi.git
+	url = 	https://gitlab.com/qemu-project/opensbi.git
 [submodule "roms/qboot"]
 	path = roms/qboot
-	url = https://git.qemu.org/git/qboot.git
+	url = https://gitlab.com/qemu-project/qboot.git
 [submodule "meson"]
 	path = meson
-	url = https://git.qemu.org/git/meson.git
+	url = https://gitlab.com/qemu-project/meson.git
 [submodule "roms/vbootrom"]
 	path = roms/vbootrom
-	url = https://git.qemu.org/git/vbootrom.git
+	url = https://gitlab.com/qemu-project/vbootrom.git
-- 
2.29.2

qemu.org is running out of bandwidth and the QEMU project is moving
towards a gating CI on GitLab. Use the GitLab repos instead of qemu.org
(they will become mirrors).

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210111115017.156802-5-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 README.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.rst b/README.rst
index XXXXXXX..XXXXXXX 100644
--- a/README.rst
+++ b/README.rst
@@ -XXX,XX +XXX,XX @@ The QEMU source code is maintained under the GIT version control system.
 
 .. code-block:: shell
 
-   git clone https://git.qemu.org/git/qemu.git
+   git clone https://gitlab.com/qemu-project/qemu.git
 
 When submitting patches, one common approach is to use 'git
 format-patch' and/or 'git send-email' to format & send the mail to the
@@ -XXX,XX +XXX,XX @@ The QEMU website is also maintained under source control.
 
 .. code-block:: shell
 
-  git clone https://git.qemu.org/git/qemu-web.git
+  git clone https://gitlab.com/qemu-project/qemu-web.git
 
 * `<https://www.qemu.org/2017/02/04/the-new-qemu-website-is-up/>`_
 
-- 
2.29.2

qemu.org is running out of bandwidth and the QEMU project is moving
towards a gating CI on GitLab. Use the GitLab repos instead of qemu.org
(they will become mirrors).

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210111115017.156802-6-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 pc-bios/README | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pc-bios/README b/pc-bios/README
index XXXXXXX..XXXXXXX 100644
--- a/pc-bios/README
+++ b/pc-bios/README
@@ -XXX,XX +XXX,XX @@
   legacy x86 software to communicate with an attached serial console as
   if a video card were attached.  The master sources reside in a subversion
   repository at http://sgabios.googlecode.com/svn/trunk.  A git mirror is
-  available at https://git.qemu.org/git/sgabios.git.
+  available at https://gitlab.com/qemu-project/sgabios.git.
 
 - The PXE roms come from the iPXE project. Built with BANNER_TIME 0.
   Sources available at http://ipxe.org.  Vendor:Device ID -> ROM mapping:
@@ -XXX,XX +XXX,XX @@
 
 - The u-boot binary for e500 comes from the upstream denx u-boot project where
   it was compiled using the qemu-ppce500 target.
-  A git mirror is available at: https://git.qemu.org/git/u-boot.git
+  A git mirror is available at: https://gitlab.com/qemu-project/u-boot.git
   The hash used to compile the current version is: 2072e72
 
 - Skiboot (https://github.com/open-power/skiboot/) is an OPAL
-- 
2.29.2

qemu.org is running out of bandwidth and the QEMU project is moving
towards a gating CI on GitLab. Use the GitLab repos instead of qemu.org
(they will become mirrors).

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210111115017.156802-7-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 scripts/get_maintainer.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/get_maintainer.pl b/scripts/get_maintainer.pl
index XXXXXXX..XXXXXXX 100755
--- a/scripts/get_maintainer.pl
+++ b/scripts/get_maintainer.pl
@@ -XXX,XX +XXX,XX @@ sub vcs_exists {
 	warn("$P: No supported VCS found.  Add --nogit to options?\n");
 	warn("Using a git repository produces better results.\n");
 	warn("Try latest git repository using:\n");
-	warn("git clone https://git.qemu.org/git/qemu.git\n");
+	warn("git clone https://gitlab.com/qemu-project/qemu.git\n");
 	$printed_novcs = 1;
     }
     return 0;
-- 
2.29.2

From: John G Johnson <john.g.johnson@oracle.com>

Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 02a68adef99f5df6a380bf8fd7b90948777e411c.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 MAINTAINERS                  |   7 +
 docs/devel/index.rst         |   1 +
 docs/devel/multi-process.rst | 966 +++++++++++++++++++++++++++++++++++
 3 files changed, 974 insertions(+)
 create mode 100644 docs/devel/multi-process.rst

diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ S: Maintained
 F: hw/semihosting/
 F: include/hw/semihosting/
 
+Multi-process QEMU
+M: Elena Ufimtseva <elena.ufimtseva@oracle.com>
+M: Jagannathan Raman <jag.raman@oracle.com>
+M: John G Johnson <john.g.johnson@oracle.com>
+S: Maintained
+F: docs/devel/multi-process.rst
+
 Build and test automation
 -------------------------
 Build and test automation
diff --git a/docs/devel/index.rst b/docs/devel/index.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/devel/index.rst
+++ b/docs/devel/index.rst
@@ -XXX,XX +XXX,XX @@ Contents:
    clocks
    qom
    block-coroutine-wrapper
+   multi-process
diff --git a/docs/devel/multi-process.rst b/docs/devel/multi-process.rst
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/docs/devel/multi-process.rst
@@ -XXX,XX +XXX,XX @@
+This is the design document for multi-process QEMU. It does not
+necessarily reflect the status of the current implementation, which
+may lack features or be considerably different from what is described
+in this document. This document is still useful as a description of
+the goals and general direction of this feature.
+
+Please refer to the following wiki for latest details:
+https://wiki.qemu.org/Features/MultiProcessQEMU
+
+Multi-process QEMU
+===================
+
+QEMU is often used as the hypervisor for virtual machines running in the
+Oracle cloud. Since one of the advantages of cloud computing is the
+ability to run many VMs from different tenants in the same cloud
+infrastructure, a guest that compromised its hypervisor could
+potentially use the hypervisor's access privileges to access data it is
+not authorized for.
+
+QEMU can be susceptible to security attacks because it is a large,
+monolithic program that provides many features to the VMs it services.
+Many of these features can be configured out of QEMU, but even a reduced
+configuration QEMU has a large amount of code a guest can potentially
+attack. Separating QEMU reduces the attack surface by aiding to
+limit each component in the system to only access the resources that
+it needs to perform its job.
+
+QEMU services
+-------------
+
+QEMU can be broadly described as providing three main services. One is a
+VM control point, where VMs can be created, migrated, re-configured, and
+destroyed. A second is to emulate the CPU instructions within the VM,
+often accelerated by HW virtualization features such as Intel's VT
+extensions. Finally, it provides IO services to the VM by emulating HW
+IO devices, such as disk and network devices.
+
+A multi-process QEMU
+~~~~~~~~~~~~~~~~~~~~
+
+A multi-process QEMU involves separating QEMU services into separate
+host processes. Each of these processes can be given only the privileges
+it needs to provide its service, e.g., a disk service could be given
+access only to the disk images it provides, and not be allowed to
+access other files, or any network devices. An attacker who compromised
+this service would not be able to use this exploit to access files or
+devices beyond what the disk service was given access to.
+
+A QEMU control process would remain, but in multi-process mode, will
+have no direct interfaces to the VM. During VM execution, it would still
+provide the user interface to hot-plug devices or live migrate the VM.
+
+A first step in creating a multi-process QEMU is to separate IO services
+from the main QEMU program, which would continue to provide CPU
+emulation. i.e., the control process would also be the CPU emulation
+process. In a later phase, CPU emulation could be separated from the
+control process.
+
+Separating IO services
+----------------------
+
+Separating IO services into individual host processes is a good place to
+begin for a couple of reasons. One is the sheer number of IO devices QEMU
+can emulate provides a large surface of interfaces which could potentially
+be exploited, and, indeed, have been a source of exploits in the past.
+Another is the modular nature of QEMU device emulation code provides
+interface points where the QEMU functions that perform device emulation
+can be separated from the QEMU functions that manage the emulation of
+guest CPU instructions. The devices emulated in the separate process are
+referred to as remote devices.
+
+QEMU device emulation
+~~~~~~~~~~~~~~~~~~~~~
+
+QEMU uses an object oriented SW architecture for device emulation code.
+Configured objects are all compiled into the QEMU binary, then objects
+are instantiated by name when used by the guest VM. For example, the
+code to emulate a device named "foo" is always present in QEMU, but its
+instantiation code is only run when the device is included in the target
+VM. (e.g., via the QEMU command line as *-device foo*)
+
+The object model is hierarchical, so device emulation code names its
+parent object (such as "pci-device" for a PCI device) and QEMU will
+instantiate a parent object before calling the device's instantiation
+code.
+
+Current separation models
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In order to separate the device emulation code from the CPU emulation
+code, the device object code must run in a different process. There are
+a couple of existing QEMU features that can run emulation code
+separately from the main QEMU process. These are examined below.
+
+vhost user model
+^^^^^^^^^^^^^^^^
+
+Virtio guest device drivers can be connected to vhost user applications
+in order to perform their IO operations. This model uses special virtio
+device drivers in the guest and vhost user device objects in QEMU, but
+once the QEMU vhost user code has configured the vhost user application,
+mission-mode IO is performed by the application. The vhost user
+application is a daemon process that can be contacted via a known UNIX
+domain socket.
+
+vhost socket
+''''''''''''
+
+As mentioned above, one of the tasks of the vhost device object within
+QEMU is to contact the vhost application and send it configuration
+information about this device instance. As part of the configuration
+process, the application can also be sent other file descriptors over
+the socket, which then can be used by the vhost user application in
+various ways, some of which are described below.
+
+vhost MMIO store acceleration
+'''''''''''''''''''''''''''''
+
+VMs are often run using HW virtualization features via the KVM kernel
+driver. This driver allows QEMU to accelerate the emulation of guest CPU
+instructions by running the guest in a virtual HW mode. When the guest
+executes instructions that cannot be executed by virtual HW mode,
+execution returns to the KVM driver so it can inform QEMU to emulate the
+instructions in SW.
+
+One of the events that can cause a return to QEMU is when a guest device
+driver accesses an IO location. QEMU then dispatches the memory
+operation to the corresponding QEMU device object. In the case of a
+vhost user device, the memory operation would need to be sent over a
+socket to the vhost application. This path is accelerated by the QEMU
+virtio code by setting up an eventfd file descriptor that the vhost
+application can directly receive MMIO store notifications from the KVM
+driver, instead of needing them to be sent to the QEMU process first.
+
+vhost interrupt acceleration
+''''''''''''''''''''''''''''
+
+Another optimization used by the vhost application is the ability to
+directly inject interrupts into the VM via the KVM driver, again,
+bypassing the need to send the interrupt back to the QEMU process first.
+The QEMU virtio setup code configures the KVM driver with an eventfd
+that triggers the device interrupt in the guest when the eventfd is
+written. This irqfd file descriptor is then passed to the vhost user
+application program.
+
+vhost access to guest memory
+''''''''''''''''''''''''''''
+
+The vhost application is also allowed to directly access guest memory,
+instead of needing to send the data as messages to QEMU. This is also
+done with file descriptors sent to the vhost user application by QEMU.
+These descriptors can be passed to ``mmap()`` by the vhost application
+to map the guest address space into the vhost application.
+
+IOMMUs introduce another level of complexity, since the address given to
+the guest virtio device to DMA to or from is not a guest physical
+address. This case is handled by having vhost code within QEMU register
+as a listener for IOMMU mapping changes. The vhost application maintains
+a cache of IOMMMU translations: sending translation requests back to
+QEMU on cache misses, and in turn receiving flush requests from QEMU
+when mappings are purged.
+
+applicability to device separation
+''''''''''''''''''''''''''''''''''
+
+Much of the vhost model can be re-used by separated device emulation. In
+particular, the ideas of using a socket between QEMU and the device
+emulation application, using a file descriptor to inject interrupts into
+the VM via KVM, and allowing the application to ``mmap()`` the guest
+should be re used.
+
+There are, however, some notable differences between how a vhost
+application works and the needs of separated device emulation. The most
+basic is that vhost uses custom virtio device drivers which always
+trigger IO with MMIO stores. A separated device emulation model must
+work with existing IO device models and guest device drivers. MMIO loads
+break vhost store acceleration since they are synchronous - guest
+progress cannot continue until the load has been emulated. By contrast,
+stores are asynchronous, the guest can continue after the store event
+has been sent to the vhost application.
+
+Another difference is that in the vhost user model, a single daemon can
+support multiple QEMU instances. This is contrary to the security regime
+desired, in which the emulation application should only be allowed to
+access the files or devices the VM it's running on behalf of can access.
+#### qemu-io model
+
+Qemu-io is a test harness used to test changes to the QEMU block backend
+object code. (e.g., the code that implements disk images for disk driver
+emulation) Qemu-io is not a device emulation application per se, but it
+does compile the QEMU block objects into a separate binary from the main
+QEMU one. This could be useful for disk device emulation, since its
+emulation applications will need to include the QEMU block objects.
+
+New separation model based on proxy objects
+-------------------------------------------
+
+A different model based on proxy objects in the QEMU program
+communicating with remote emulation programs could provide separation
+while minimizing the changes needed to the device emulation code. The
+rest of this section is a discussion of how a proxy object model would
+work.
+
+Remote emulation processes
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The remote emulation process will run the QEMU object hierarchy without
+modification. The device emulation objects will be also be based on the
+QEMU code, because for anything but the simplest device, it would not be
+a tractable to re-implement both the object model and the many device
+backends that QEMU has.
+
+The processes will communicate with the QEMU process over UNIX domain
+sockets. The processes can be executed either as standalone processes,
+or be executed by QEMU. In both cases, the host backends the emulation
+processes will provide are specified on its command line, as they would
+be for QEMU. For example:
+
+::
+
+    disk-proc -blockdev driver=file,node-name=file0,filename=disk-file0  \
+    -blockdev driver=qcow2,node-name=drive0,file=file0
+
+would indicate process *disk-proc* uses a qcow2 emulated disk named
+*file0* as its backend.
+
+Emulation processes may emulate more than one guest controller. A common
+configuration might be to put all controllers of the same device class
+(e.g., disk, network, etc.) in a single process, so that all backends of
+the same type can be managed by a single QMP monitor.
+
+communication with QEMU
+^^^^^^^^^^^^^^^^^^^^^^^
+
+The first argument to the remote emulation process will be a Unix domain
+socket that connects with the Proxy object. This is a required argument.
+
+::
+
+    disk-proc <socket number> <backend list>
+
+remote process QMP monitor
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Remote emulation processes can be monitored via QMP, similar to QEMU
+itself. The QMP monitor socket is specified the same as for a QEMU
+process:
+
+::
+
+    disk-proc -qmp unix:/tmp/disk-mon,server
+
+can be monitored over the UNIX socket path */tmp/disk-mon*.
+
+QEMU command line
+~~~~~~~~~~~~~~~~~
+
+Each remote device emulated in a remote process on the host is
+represented as a *-device* of type *pci-proxy-dev*. A socket
+sub-option to this option specifies the Unix socket that connects
+to the remote process. An *id* sub-option is required, and it should
+be the same id as used in the remote process.
+
+::
+
+    qemu-system-x86_64 ... -device pci-proxy-dev,id=lsi0,socket=3
+
+can be used to add a device emulated in a remote process
+
+
+QEMU management of remote processes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+QEMU is not aware of the type of type of the remote PCI device. It is
+a pass through device as far as QEMU is concerned.
+
+communication with emulation process
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+primary channel
+'''''''''''''''
+
+The primary channel (referred to as com in the code) is used to bootstrap
+the remote process. It is also used to pass on device-agnostic commands
+like reset.
+
+per-device channels
+'''''''''''''''''''
+
+Each remote device communicates with QEMU using a dedicated communication
+channel. The proxy object sets up this channel using the primary
+channel during its initialization.
+
+QEMU device proxy objects
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+QEMU has an object model based on sub-classes inherited from the
+"object" super-class. The sub-classes that are of interest here are the
+"device" and "bus" sub-classes whose child sub-classes make up the
+device tree of a QEMU emulated system.
+
+The proxy object model will use device proxy objects to replace the
+device emulation code within the QEMU process. These objects will live
+in the same place in the object and bus hierarchies as the objects they
+replace. i.e., the proxy object for an LSI SCSI controller will be a
+sub-class of the "pci-device" class, and will have the same PCI bus
+parent and the same SCSI bus child objects as the LSI controller object
+it replaces.
+
+It is worth noting that the same proxy object is used to mediate with
+all types of remote PCI devices.
+
+object initialization
+^^^^^^^^^^^^^^^^^^^^^
+
+The Proxy device objects are initialized in the exact same manner in
+which any other QEMU device would be initialized.
+
+In addition, the Proxy objects perform the following two tasks:
+- Parses the "socket" sub option and connects to the remote process
+using this channel
+- Uses the "id" sub-option to connect to the emulated device on the
+separate process
+
+class\_init
+'''''''''''
+
+The ``class_init()`` method of a proxy object will, in general behave
+similarly to the object it replaces, including setting any static
+properties and methods needed by the proxy.
+
+instance\_init / realize
+''''''''''''''''''''''''
+
+The ``instance_init()`` and ``realize()`` functions would only need to
+perform tasks related to being a proxy, such are registering its own
+MMIO handlers, or creating a child bus that other proxy devices can be
+attached to later.
+
+Other tasks will be device-specific. For example, PCI device objects
+will initialize the PCI config space in order to make a valid PCI device
+tree within the QEMU process.
+
+address space registration
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Most devices are driven by guest device driver accesses to IO addresses
+or ports. The QEMU device emulation code uses QEMU's memory region
+function calls (such as ``memory_region_init_io()``) to add callback
+functions that QEMU will invoke when the guest accesses the device's
+areas of the IO address space. When a guest driver does access the
+device, the VM will exit HW virtualization mode and return to QEMU,
+which will then lookup and execute the corresponding callback function.
+
+A proxy object would need to mirror the memory region calls the actual
+device emulator would perform in its initialization code, but with its
+own callbacks. When invoked by QEMU as a result of a guest IO operation,
+they will forward the operation to the device emulation process.
+
+PCI config space
+^^^^^^^^^^^^^^^^
+
+PCI devices also have a configuration space that can be accessed by the
+guest driver. Guest accesses to this space is not handled by the device
+emulation object, but by its PCI parent object. Much of this space is
+read-only, but certain registers (especially BAR and MSI-related ones)
+need to be propagated to the emulation process.
+
+PCI parent proxy
+''''''''''''''''
+
+One way to propagate guest PCI config accesses is to create a
+"pci-device-proxy" class that can serve as the parent of a PCI device
+proxy object. This class's parent would be "pci-device" and it would
+override the PCI parent's ``config_read()`` and ``config_write()``
+methods with ones that forward these operations to the emulation
+program.
+
+interrupt receipt
+^^^^^^^^^^^^^^^^^
+
+A proxy for a device that generates interrupts will need to create a
+socket to receive interrupt indications from the emulation process. An
+incoming interrupt indication would then be sent up to its bus parent to
+be injected into the guest. For example, a PCI device object may use
+``pci_set_irq()``.
+
+live migration
+^^^^^^^^^^^^^^
+
+The proxy will register to save and restore any *vmstate* it needs over
+a live migration event. The device proxy does not need to manage the
+remote device's *vmstate*; that will be handled by the remote process
+proxy (see below).
+
+QEMU remote device operation
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Generic device operations, such as DMA, will be performed by the remote
+process proxy by sending messages to the remote process.
+
+DMA operations
+^^^^^^^^^^^^^^
+
+DMA operations would be handled much like vhost applications do. One of
+the initial messages sent to the emulation process is a guest memory
+table. Each entry in this table consists of a file descriptor and size
+that the emulation process can ``mmap()`` to directly access guest
+memory, similar to ``vhost_user_set_mem_table()``. Note guest memory
+must be backed by file descriptors, such as when QEMU is given the
+*-mem-path* command line option.
+
+IOMMU operations
+^^^^^^^^^^^^^^^^
+
+When the emulated system includes an IOMMU, the remote process proxy in
+QEMU will need to create a socket for IOMMU requests from the emulation
+process. It will handle those requests with an
+``address_space_get_iotlb_entry()`` call. In order to handle IOMMU
+unmaps, the remote process proxy will also register as a listener on the
+device's DMA address space. When an IOMMU memory region is created
+within the DMA address space, an IOMMU notifier for unmaps will be added
+to the memory region that will forward unmaps to the emulation process
+over the IOMMU socket.
+
+device hot-plug via QMP
+^^^^^^^^^^^^^^^^^^^^^^^
+
+An QMP "device\_add" command can add a device emulated by a remote
+process. It will also have "rid" option to the command, just as the
+*-device* command line option does. The remote process may either be one
+started at QEMU startup, or be one added by the "add-process" QMP
+command described above. In either case, the remote process proxy will
+forward the new device's JSON description to the corresponding emulation
+process.
+
+live migration
+^^^^^^^^^^^^^^
+
+The remote process proxy will also register for live migration
+notifications with ``vmstate_register()``. When called to save state,
+the proxy will send the remote process a secondary socket file
+descriptor to save the remote process's device *vmstate* over. The
+incoming byte stream length and data will be saved as the proxy's
+*vmstate*. When the proxy is resumed on its new host, this *vmstate*
+will be extracted, and a secondary socket file descriptor will be sent
+to the new remote process through which it receives the *vmstate* in
+order to restore the devices there.
+
+device emulation in remote process
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The parts of QEMU that the emulation program will need include the
+object model; the memory emulation objects; the device emulation objects
+of the targeted device, and any dependent devices; and, the device's
+backends. It will also need code to setup the machine environment,
+handle requests from the QEMU process, and route machine-level requests
+(such as interrupts or IOMMU mappings) back to the QEMU process.
+
+initialization
+^^^^^^^^^^^^^^
+
+The process initialization sequence will follow the same sequence
+followed by QEMU. It will first initialize the backend objects, then
+device emulation objects. The JSON descriptions sent by the QEMU process
+will drive which objects need to be created.
+
+-  address spaces
+
+Before the device objects are created, the initial address spaces and
+memory regions must be configured with ``memory_map_init()``. This
+creates a RAM memory region object (*system\_memory*) and an IO memory
+region object (*system\_io*).
+
+-  RAM
+
+RAM memory region creation will follow how ``pc_memory_init()`` creates
+them, but must use ``memory_region_init_ram_from_fd()`` instead of
+``memory_region_allocate_system_memory()``. The file descriptors needed
+will be supplied by the guest memory table from above. Those RAM regions
+would then be added to the *system\_memory* memory region with
+``memory_region_add_subregion()``.
+
+-  PCI
+
+IO initialization will be driven by the JSON descriptions sent from the
+QEMU process. For a PCI device, a PCI bus will need to be created with
+``pci_root_bus_new()``, and a PCI memory region will need to be created
+and added to the *system\_memory* memory region with
+``memory_region_add_subregion_overlap()``. The overlap version is
+required for architectures where PCI memory overlaps with RAM memory.
+
+MMIO handling
+^^^^^^^^^^^^^
+
+The device emulation objects will use ``memory_region_init_io()`` to
+install their MMIO handlers, and ``pci_register_bar()`` to associate
+those handlers with a PCI BAR, as they do within QEMU currently.
+
+In order to use ``address_space_rw()`` in the emulation process to
+handle MMIO requests from QEMU, the PCI physical addresses must be the
+same in the QEMU process and the device emulation process. In order to
+accomplish that, guest BAR programming must also be forwarded from QEMU
+to the emulation process.
+
+interrupt injection
+^^^^^^^^^^^^^^^^^^^
+
+When device emulation wants to inject an interrupt into the VM, the
+request climbs the device's bus object hierarchy until the point where a
+bus object knows how to signal the interrupt to the guest. The details
+depend on the type of interrupt being raised.
+
+-  PCI pin interrupts
+
+On x86 systems, there is an emulated IOAPIC object attached to the root
+PCI bus object, and the root PCI object forwards interrupt requests to
+it. The IOAPIC object, in turn, calls the KVM driver to inject the
+corresponding interrupt into the VM. The simplest way to handle this in
+an emulation process would be to setup the root PCI bus driver (via
+``pci_bus_irqs()``) to send a interrupt request back to the QEMU
+process, and have the device proxy object reflect it up the PCI tree
+there.
+
+-  PCI MSI/X interrupts
+
+PCI MSI/X interrupts are implemented in HW as DMA writes to a
+CPU-specific PCI address. In QEMU on x86, a KVM APIC object receives
+these DMA writes, then calls into the KVM driver to inject the interrupt
+into the VM. A simple emulation process implementation would be to send
+the MSI DMA address from QEMU as a message at initialization, then
+install an address space handler at that address which forwards the MSI
+message back to QEMU.
+
+DMA operations
+^^^^^^^^^^^^^^
+
+When a emulation object wants to DMA into or out of guest memory, it
+first must use dma\_memory\_map() to convert the DMA address to a local
+virtual address. The emulation process memory region objects setup above
+will be used to translate the DMA address to a local virtual address the
+device emulation code can access.
+
+IOMMU
+^^^^^
+
+When an IOMMU is in use in QEMU, DMA translation uses IOMMU memory
+regions to translate the DMA address to a guest physical address before
+that physical address can be translated to a local virtual address. The
+emulation process will need similar functionality.
+
+-  IOTLB cache
+
+The emulation process will maintain a cache of recent IOMMU translations
+(the IOTLB). When the translate() callback of an IOMMU memory region is
+invoked, the IOTLB cache will be searched for an entry that will map the
+DMA address to a guest PA. On a cache miss, a message will be sent back
+to QEMU requesting the corresponding translation entry, which be both be
+used to return a guest address and be added to the cache.
+
+-  IOTLB purge
+
+The IOMMU emulation will also need to act on unmap requests from QEMU.
+These happen when the guest IOMMU driver purges an entry from the
+guest's translation table.
+
+live migration
+^^^^^^^^^^^^^^
+
+When a remote process receives a live migration indication from QEMU, it
+will set up a channel using the received file descriptor with
+``qio_channel_socket_new_fd()``. This channel will be used to create a
+*QEMUfile* that can be passed to ``qemu_save_device_state()`` to send
+the process's device state back to QEMU. This method will be reversed on
+restore - the channel will be passed to ``qemu_loadvm_state()`` to
+restore the device state.
+
+Accelerating device emulation
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The messages that are required to be sent between QEMU and the emulation
+process can add considerable latency to IO operations. The optimizations
+described below attempt to ameliorate this effect by allowing the
+emulation process to communicate directly with the kernel KVM driver.
+The KVM file descriptors created would be passed to the emulation process
+via initialization messages, much like the guest memory table is done.
+#### MMIO acceleration
+
+Vhost user applications can receive guest virtio driver stores directly
+from KVM. The issue with the eventfd mechanism used by vhost user is
+that it does not pass any data with the event indication, so it cannot
+handle guest loads or guest stores that carry store data. This concept
+could, however, be expanded to cover more cases.
+
+The expanded idea would require a new type of KVM device:
+*KVM\_DEV\_TYPE\_USER*. This device has two file descriptors: a master
+descriptor that QEMU can use for configuration, and a slave descriptor
+that the emulation process can use to receive MMIO notifications. QEMU
+would create both descriptors using the KVM driver, and pass the slave
+descriptor to the emulation process via an initialization message.
+
+data structures
+^^^^^^^^^^^^^^^
+
+-  guest physical range
+
+The guest physical range structure describes the address range that a
+device will respond to. It includes the base and length of the range, as
+well as which bus the range resides on (e.g., on an x86machine, it can
+specify whether the range refers to memory or IO addresses).
+
+A device can have multiple physical address ranges it responds to (e.g.,
+a PCI device can have multiple BARs), so the structure will also include
+an enumerated identifier to specify which of the device's ranges is
+being referred to.
+
++--------+----------------------------+
+| Name   | Description                |
++========+============================+
+| addr   | range base address         |
++--------+----------------------------+
+| len    | range length               |
++--------+----------------------------+
+| bus    | addr type (memory or IO)   |
++--------+----------------------------+
+| id     | range ID (e.g., PCI BAR)   |
++--------+----------------------------+
+
+-  MMIO request structure
+
+This structure describes an MMIO operation. It includes which guest
+physical range the MMIO was within, the offset within that range, the
+MMIO type (e.g., load or store), and its length and data. It also
+includes a sequence number that can be used to reply to the MMIO, and
+the CPU that issued the MMIO.
+
++----------+------------------------+
+| Name     | Description            |
++==========+========================+
+| rid      | range MMIO is within   |
++----------+------------------------+
+| offset   | offset withing *rid*   |
++----------+------------------------+
+| type     | e.g., load or store    |
++----------+------------------------+
+| len      | MMIO length            |
++----------+------------------------+
+| data     | store data             |
++----------+------------------------+
+| seq      | sequence ID            |
++----------+------------------------+
+
+-  MMIO request queues
+
+MMIO request queues are FIFO arrays of MMIO request structures. There
+are two queues: pending queue is for MMIOs that haven't been read by the
+emulation program, and the sent queue is for MMIOs that haven't been
+acknowledged. The main use of the second queue is to validate MMIO
+replies from the emulation program.
+
+-  scoreboard
+
+Each CPU in the VM is emulated in QEMU by a separate thread, so multiple
+MMIOs may be waiting to be consumed by an emulation program and multiple
+threads may be waiting for MMIO replies. The scoreboard would contain a
+wait queue and sequence number for the per-CPU threads, allowing them to
+be individually woken when the MMIO reply is received from the emulation
+program. It also tracks the number of posted MMIO stores to the device
+that haven't been replied to, in order to satisfy the PCI constraint
+that a load to a device will not complete until all previous stores to
+that device have been completed.
+
+-  device shadow memory
+
+Some MMIO loads do not have device side-effects. These MMIOs can be
+completed without sending a MMIO request to the emulation program if the
+emulation program shares a shadow image of the device's memory image
+with the KVM driver.
+
+The emulation program will ask the KVM driver to allocate memory for the
+shadow image, and will then use ``mmap()`` to directly access it. The
+emulation program can control KVM access to the shadow image by sending
+KVM an access map telling it which areas of the image have no
+side-effects (and can be completed immediately), and which require a
+MMIO request to the emulation program. The access map can also inform
+the KVM drive which size accesses are allowed to the image.
+
+master descriptor
+^^^^^^^^^^^^^^^^^
+
+The master descriptor is used by QEMU to configure the new KVM device.
+The descriptor would be returned by the KVM driver when QEMU issues a
+*KVM\_CREATE\_DEVICE* ``ioctl()`` with a *KVM\_DEV\_TYPE\_USER* type.
+
+KVM\_DEV\_TYPE\_USER device ops
+
+
+The *KVM\_DEV\_TYPE\_USER* operations vector will be registered by a
+``kvm_register_device_ops()`` call when the KVM system in initialized by
+``kvm_init()``. These device ops are called by the KVM driver when QEMU
+executes certain ``ioctl()`` operations on its KVM file descriptor. They
+include:
+
+-  create
+
+This routine is called when QEMU issues a *KVM\_CREATE\_DEVICE*
+``ioctl()`` on its per-VM file descriptor. It will allocate and
+initialize a KVM user device specific data structure, and assign the
+*kvm\_device* private field to it.
+
+-  ioctl
+
+This routine is invoked when QEMU issues an ``ioctl()`` on the master
+descriptor. The ``ioctl()`` commands supported are defined by the KVM
+device type. *KVM\_DEV\_TYPE\_USER* ones will need several commands:
+
+*KVM\_DEV\_USER\_SLAVE\_FD* creates the slave file descriptor that will
+be passed to the device emulation program. Only one slave can be created
+by each master descriptor. The file operations performed by this
+descriptor are described below.
+
+The *KVM\_DEV\_USER\_PA\_RANGE* command configures a guest physical
+address range that the slave descriptor will receive MMIO notifications
+for. The range is specified by a guest physical range structure
+argument. For buses that assign addresses to devices dynamically, this
+command can be executed while the guest is running, such as the case
+when a guest changes a device's PCI BAR registers.
+
+*KVM\_DEV\_USER\_PA\_RANGE* will use ``kvm_io_bus_register_dev()`` to
+register *kvm\_io\_device\_ops* callbacks to be invoked when the guest
+performs a MMIO operation within the range. When a range is changed,
+``kvm_io_bus_unregister_dev()`` is used to remove the previous
+instantiation.
+
+*KVM\_DEV\_USER\_TIMEOUT* will configure a timeout value that specifies
+how long KVM will wait for the emulation process to respond to a MMIO
+indication.
+
+-  destroy
+
+This routine is called when the VM instance is destroyed. It will need
+to destroy the slave descriptor; and free any memory allocated by the
+driver, as well as the *kvm\_device* structure itself.
+
+slave descriptor
+^^^^^^^^^^^^^^^^
+
+The slave descriptor will have its own file operations vector, which
+responds to system calls on the descriptor performed by the device
+emulation program.
+
+-  read
+
+A read returns any pending MMIO requests from the KVM driver as MMIO
+request structures. Multiple structures can be returned if there are
+multiple MMIO operations pending. The MMIO requests are moved from the
+pending queue to the sent queue, and if there are threads waiting for
+space in the pending to add new MMIO operations, they will be woken
+here.
+
+-  write
+
+A write also consists of a set of MMIO requests. They are compared to
+the MMIO requests in the sent queue. Matches are removed from the sent
+queue, and any threads waiting for the reply are woken. If a store is
+removed, then the number of posted stores in the per-CPU scoreboard is
+decremented. When the number is zero, and a non side-effect load was
+waiting for posted stores to complete, the load is continued.
+
+-  ioctl
+
+There are several ioctl()s that can be performed on the slave
+descriptor.
+
+A *KVM\_DEV\_USER\_SHADOW\_SIZE* ``ioctl()`` causes the KVM driver to
+allocate memory for the shadow image. This memory can later be
+``mmap()``\ ed by the emulation process to share the emulation's view of
+device memory with the KVM driver.
+
+A *KVM\_DEV\_USER\_SHADOW\_CTRL* ``ioctl()`` controls access to the
+shadow image. It will send the KVM driver a shadow control map, which
+specifies which areas of the image can complete guest loads without
+sending the load request to the emulation program. It will also specify
+the size of load operations that are allowed.
+
+-  poll
+
+An emulation program will use the ``poll()`` call with a *POLLIN* flag
+to determine if there are MMIO requests waiting to be read. It will
+return if the pending MMIO request queue is not empty.
+
+-  mmap
+
+This call allows the emulation program to directly access the shadow
+image allocated by the KVM driver. As device emulation updates device
+memory, changes with no side-effects will be reflected in the shadow,
+and the KVM driver can satisfy guest loads from the shadow image without
+needing to wait for the emulation program.
+
+kvm\_io\_device ops
+^^^^^^^^^^^^^^^^^^^
+
+Each KVM per-CPU thread can handle MMIO operation on behalf of the guest
+VM. KVM will use the MMIO's guest physical address to search for a
+matching *kvm\_io\_device* to see if the MMIO can be handled by the KVM
+driver instead of exiting back to QEMU. If a match is found, the
+corresponding callback will be invoked.
+
+-  read
+
+This callback is invoked when the guest performs a load to the device.
+Loads with side-effects must be handled synchronously, with the KVM
+driver putting the QEMU thread to sleep waiting for the emulation
+process reply before re-starting the guest. Loads that do not have
+side-effects may be optimized by satisfying them from the shadow image,
+if there are no outstanding stores to the device by this CPU. PCI memory
+ordering demands that a load cannot complete before all older stores to
+the same device have been completed.
+
+-  write
+
+Stores can be handled asynchronously unless the pending MMIO request
+queue is full. In this case, the QEMU thread must sleep waiting for
+space in the queue. Stores will increment the number of posted stores in
+the per-CPU scoreboard, in order to implement the PCI ordering
+constraint above.
+
+interrupt acceleration
+^^^^^^^^^^^^^^^^^^^^^^
+
+This performance optimization would work much like a vhost user
+application does, where the QEMU process sets up *eventfds* that cause
+the device's corresponding interrupt to be triggered by the KVM driver.
+These irq file descriptors are sent to the emulation process at
+initialization, and are used when the emulation code raises a device
+interrupt.
+
+intx acceleration
+'''''''''''''''''
+
+Traditional PCI pin interrupts are level based, so, in addition to an
+irq file descriptor, a re-sampling file descriptor needs to be sent to
+the emulation program. This second file descriptor allows multiple
+devices sharing an irq to be notified when the interrupt has been
+acknowledged by the guest, so they can re-trigger the interrupt if their
+device has not de-asserted its interrupt.
+
+intx irq descriptor
+
+
+The irq descriptors are created by the proxy object
+``using event_notifier_init()`` to create the irq and re-sampling
+*eventds*, and ``kvm_vm_ioctl(KVM_IRQFD)`` to bind them to an interrupt.
+The interrupt route can be found with
+``pci_device_route_intx_to_irq()``.
+
+intx routing changes
+
+
+Intx routing can be changed when the guest programs the APIC the device
+pin is connected to. The proxy object in QEMU will use
+``pci_device_set_intx_routing_notifier()`` to be informed of any guest
+changes to the route. This handler will broadly follow the VFIO
+interrupt logic to change the route: de-assigning the existing irq
+descriptor from its route, then assigning it the new route. (see
+``vfio_intx_update()``)
+
+MSI/X acceleration
+''''''''''''''''''
+
+MSI/X interrupts are sent as DMA transactions to the host. The interrupt
+data contains a vector that is programmed by the guest, A device may have
+multiple MSI interrupts associated with it, so multiple irq descriptors
+may need to be sent to the emulation program.
+
+MSI/X irq descriptor
+
+
+This case will also follow the VFIO example. For each MSI/X interrupt,
+an *eventfd* is created, a virtual interrupt is allocated by
+``kvm_irqchip_add_msi_route()``, and the virtual interrupt is bound to
+the eventfd with ``kvm_irqchip_add_irqfd_notifier()``.
+
+MSI/X config space changes
+
+
+The guest may dynamically update several MSI-related tables in the
+device's PCI config space. These include per-MSI interrupt enables and
+vector data. Additionally, MSIX tables exist in device memory space, not
+config space. Much like the BAR case above, the proxy object must look
+at guest config space programming to keep the MSI interrupt state
+consistent between QEMU and the emulation program.
+
+--------------
+
+Disaggregated CPU emulation
+---------------------------
+
+After IO services have been disaggregated, a second phase would be to
+separate a process to handle CPU instruction emulation from the main
+QEMU control function. There are no object separation points for this
+code, so the first task would be to create one.
+
+Host access controls
+--------------------
+
+Separating QEMU relies on the host OS's access restriction mechanisms to
+enforce that the differing processes can only access the objects they
+are entitled to. There are a couple types of mechanisms usually provided
+by general purpose OSs.
+
+Discretionary access control
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Discretionary access control allows each user to control who can access
+their files. In Linux, this type of control is usually too coarse for
+QEMU separation, since it only provides three separate access controls:
+one for the same user ID, the second for users IDs with the same group
+ID, and the third for all other user IDs. Each device instance would
+need a separate user ID to provide access control, which is likely to be
+unwieldy for dynamically created VMs.
+
+Mandatory access control
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+Mandatory access control allows the OS to add an additional set of
+controls on top of discretionary access for the OS to control. It also
+adds other attributes to processes and files such as types, roles, and
+categories, and can establish rules for how processes and files can
+interact.
+
+Type enforcement
+^^^^^^^^^^^^^^^^
+
+Type enforcement assigns a *type* attribute to processes and files, and
+allows rules to be written on what operations a process with a given
+type can perform on a file with a given type. QEMU separation could take
+advantage of type enforcement by running the emulation processes with
+different types, both from the main QEMU process, and from the emulation
+processes of different classes of devices.
+
+For example, guest disk images and disk emulation processes could have
+types separate from the main QEMU process and non-disk emulation
+processes, and the type rules could prevent processes other than disk
+emulation ones from accessing guest disk images. Similarly, network
+emulation processes can have a type separate from the main QEMU process
+and non-network emulation process, and only that type can access the
+host tun/tap device used to provide guest networking.
+
+Category enforcement
+^^^^^^^^^^^^^^^^^^^^
+
+Category enforcement assigns a set of numbers within a given range to
+the process or file. The process is granted access to the file if the
+process's set is a superset of the file's set. This enforcement can be
+used to separate multiple instances of devices in the same class.
+
+For example, if there are multiple disk devices provides to a guest,
+each device emulation process could be provisioned with a separate
+category. The different device emulation processes would not be able to
+access each other's backing disk images.
+
+Alternatively, categories could be used in lieu of the type enforcement
+scheme described above. In this scenario, different categories would be
+used to prevent device emulation processes in different classes from
+accessing resources assigned to other classes.
-- 
2.29.2

From: Elena Ufimtseva <elena.ufimtseva@oracle.com>

Adds documentation explaining the command-line arguments needed
to use multi-process.

[Move orphan docs/multi-process.rst document into docs/system/ and add
it to index.rst to prevent Sphinx "document isn't included in any
toctree" error.
--Stefan]

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 MAINTAINERS                   |  1 +
 docs/system/index.rst         |  1 +
 docs/system/multi-process.rst | 64 +++++++++++++++++++++++++++++++++++
 3 files changed, 66 insertions(+)
 create mode 100644 docs/system/multi-process.rst

diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ M: Jagannathan Raman <jag.raman@oracle.com>
 M: John G Johnson <john.g.johnson@oracle.com>
 S: Maintained
 F: docs/devel/multi-process.rst
+F: docs/system/multi-process.rst
 
 Build and test automation
 -------------------------
diff --git a/docs/system/index.rst b/docs/system/index.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/system/index.rst
+++ b/docs/system/index.rst
@@ -XXX,XX +XXX,XX @@ Contents:
    pr-manager
    targets
    security
+   multi-process
    deprecated
    removed-features
    build-platforms
diff --git a/docs/system/multi-process.rst b/docs/system/multi-process.rst
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/docs/system/multi-process.rst
@@ -XXX,XX +XXX,XX @@
+Multi-process QEMU
+==================
+
+This document describes how to configure and use multi-process qemu.
+For the design document refer to docs/devel/qemu-multiprocess.
+
+1) Configuration
+----------------
+
+multi-process is enabled by default for targets that enable KVM
+
+
+2) Usage
+--------
+
+Multi-process QEMU requires an orchestrator to launch.
+
+Following is a description of command-line used to launch mpqemu.
+
+* Orchestrator:
+
+  - The Orchestrator creates a unix socketpair
+
+  - It launches the remote process and passes one of the
+    sockets to it via command-line.
+
+  - It then launches QEMU and specifies the other socket as an option
+    to the Proxy device object
+
+* Remote Process:
+
+  - QEMU can enter remote process mode by using the "remote" machine
+    option.
+
+  - The orchestrator creates a "remote-object" with details about
+    the device and the file descriptor for the device
+
+  - The remaining options are no different from how one launches QEMU with
+    devices.
+
+  - Example command-line for the remote process is as follows:
+
+      /usr/bin/qemu-system-x86_64                                        \
+      -machine x-remote                                                  \
+      -device lsi53c895a,id=lsi0                                         \
+      -drive id=drive_image2,file=/build/ol7-nvme-test-1.qcow2           \
+      -device scsi-hd,id=drive2,drive=drive_image2,bus=lsi0.0,scsi-id=0  \
+      -object x-remote-object,id=robj1,devid=lsi1,fd=4,
+
+* QEMU:
+
+  - Since parts of the RAM are shared between QEMU & remote process, a
+    memory-backend-memfd is required to facilitate this, as follows:
+
+    -object memory-backend-memfd,id=mem,size=2G
+
+  - A "x-pci-proxy-dev" device is created for each of the PCI devices emulated
+    in the remote process. A "socket" sub-option specifies the other end of
+    unix channel created by orchestrator. The "id" sub-option must be specified
+    and should be the same as the "id" specified for the remote PCI device
+
+  - Example commandline for QEMU is as follows:
+
+      -device x-pci-proxy-dev,id=lsi0,socket=3
-- 
2.29.2

From: Jagannathan Raman <jag.raman@oracle.com>

Allow RAM MemoryRegion to be created from an offset in a file, instead
of allocating at offset of 0 by default. This is needed to synchronize
RAM between QEMU & remote process.

Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 609996697ad8617e3b01df38accc5c208c24d74e.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/exec/memory.h     |  2 ++
 include/exec/ram_addr.h   |  4 ++--
 include/qemu/mmap-alloc.h |  4 +++-
 backends/hostmem-memfd.c  |  2 +-
 hw/misc/ivshmem.c         |  3 ++-
 softmmu/memory.c          |  3 ++-
 softmmu/physmem.c         | 12 +++++++-----
 util/mmap-alloc.c         |  8 +++++---
 util/oslib-posix.c        |  2 +-
 9 files changed, 25 insertions(+), 15 deletions(-)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -XXX,XX +XXX,XX @@ void memory_region_init_ram_from_file(MemoryRegion *mr,
  * @size: size of the region.
  * @share: %true if memory must be mmaped with the MAP_SHARED flag
  * @fd: the fd to mmap.
+ * @offset: offset within the file referenced by fd
  * @errp: pointer to Error*, to store an error if it happens.
  *
  * Note that this function does not do anything to cause the data in the
@@ -XXX,XX +XXX,XX @@ void memory_region_init_ram_from_fd(MemoryRegion *mr,
                                     uint64_t size,
                                     bool share,
                                     int fd,
+                                    ram_addr_t offset,
                                     Error **errp);
 #endif
 
diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/ram_addr.h
+++ b/include/exec/ram_addr.h
@@ -XXX,XX +XXX,XX @@ RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
                                    uint32_t ram_flags, const char *mem_path,
                                    bool readonly, Error **errp);
 RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
-                                 uint32_t ram_flags, int fd, bool readonly,
-                                 Error **errp);
+                                 uint32_t ram_flags, int fd, off_t offset,
+                                 bool readonly, Error **errp);
 
 RAMBlock *qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
                                   MemoryRegion *mr, Error **errp);
diff --git a/include/qemu/mmap-alloc.h b/include/qemu/mmap-alloc.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/mmap-alloc.h
+++ b/include/qemu/mmap-alloc.h
@@ -XXX,XX +XXX,XX @@ size_t qemu_mempath_getpagesize(const char *mem_path);
  *  @readonly: true for a read-only mapping, false for read/write.
  *  @shared: map has RAM_SHARED flag.
  *  @is_pmem: map has RAM_PMEM flag.
+ *  @map_offset: map starts at offset of map_offset from the start of fd
  *
  * Return:
  *  On success, return a pointer to the mapped area.
@@ -XXX,XX +XXX,XX @@ void *qemu_ram_mmap(int fd,
                     size_t align,
                     bool readonly,
                     bool shared,
-                    bool is_pmem);
+                    bool is_pmem,
+                    off_t map_offset);
 
 void qemu_ram_munmap(int fd, void *ptr, size_t size);
 
diff --git a/backends/hostmem-memfd.c b/backends/hostmem-memfd.c
index XXXXXXX..XXXXXXX 100644
--- a/backends/hostmem-memfd.c
+++ b/backends/hostmem-memfd.c
@@ -XXX,XX +XXX,XX @@ memfd_backend_memory_alloc(HostMemoryBackend *backend, Error **errp)
     name = host_memory_backend_get_name(backend);
     memory_region_init_ram_from_fd(&backend->mr, OBJECT(backend),
                                    name, backend->size,
-                                   backend->share, fd, errp);
+                                   backend->share, fd, 0, errp);
     g_free(name);
 }
 
diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -XXX,XX +XXX,XX @@ static void process_msg_shmem(IVShmemState *s, int fd, Error **errp)
 
     /* mmap the region and map into the BAR2 */
     memory_region_init_ram_from_fd(&s->server_bar2, OBJECT(s),
-                                   "ivshmem.bar2", size, true, fd, &local_err);
+                                   "ivshmem.bar2", size, true, fd, 0,
+                                   &local_err);
     if (local_err) {
         error_propagate(errp, local_err);
         return;
diff --git a/softmmu/memory.c b/softmmu/memory.c
index XXXXXXX..XXXXXXX 100644
--- a/softmmu/memory.c
+++ b/softmmu/memory.c
@@ -XXX,XX +XXX,XX @@ void memory_region_init_ram_from_fd(MemoryRegion *mr,
                                     uint64_t size,
                                     bool share,
                                     int fd,
+                                    ram_addr_t offset,
                                     Error **errp)
 {
     Error *err = NULL;
@@ -XXX,XX +XXX,XX @@ void memory_region_init_ram_from_fd(MemoryRegion *mr,
     mr->destructor = memory_region_destructor_ram;
     mr->ram_block = qemu_ram_alloc_from_fd(size, mr,
                                            share ? RAM_SHARED : 0,
-                                           fd, false, &err);
+                                           fd, offset, false, &err);
     if (err) {
         mr->size = int128_zero();
         object_unparent(OBJECT(mr));
diff --git a/softmmu/physmem.c b/softmmu/physmem.c
index XXXXXXX..XXXXXXX 100644
--- a/softmmu/physmem.c
+++ b/softmmu/physmem.c
@@ -XXX,XX +XXX,XX @@ static void *file_ram_alloc(RAMBlock *block,
                             int fd,
                             bool readonly,
                             bool truncate,
+                            off_t offset,
                             Error **errp)
 {
     void *area;
@@ -XXX,XX +XXX,XX @@ static void *file_ram_alloc(RAMBlock *block,
     }
 
     area = qemu_ram_mmap(fd, memory, block->mr->align, readonly,
-                         block->flags & RAM_SHARED, block->flags & RAM_PMEM);
+                         block->flags & RAM_SHARED, block->flags & RAM_PMEM,
+                         offset);
     if (area == MAP_FAILED) {
         error_setg_errno(errp, errno,
                          "unable to map backing store for guest RAM");
@@ -XXX,XX +XXX,XX @@ static void ram_block_add(RAMBlock *new_block, Error **errp, bool shared)
 
 #ifdef CONFIG_POSIX
 RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
-                                 uint32_t ram_flags, int fd, bool readonly,
-                                 Error **errp)
+                                 uint32_t ram_flags, int fd, off_t offset,
+                                 bool readonly, Error **errp)
 {
     RAMBlock *new_block;
     Error *local_err = NULL;
@@ -XXX,XX +XXX,XX @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
     new_block->max_length = size;
     new_block->flags = ram_flags;
     new_block->host = file_ram_alloc(new_block, size, fd, readonly,
-                                     !file_size, errp);
+                                     !file_size, offset, errp);
     if (!new_block->host) {
         g_free(new_block);
         return NULL;
@@ -XXX,XX +XXX,XX @@ RAMBlock *qemu_ram_alloc_from_file(ram_addr_t size, MemoryRegion *mr,
         return NULL;
     }
 
-    block = qemu_ram_alloc_from_fd(size, mr, ram_flags, fd, readonly, errp);
+    block = qemu_ram_alloc_from_fd(size, mr, ram_flags, fd, 0, readonly, errp);
     if (!block) {
         if (created) {
             unlink(mem_path);
diff --git a/util/mmap-alloc.c b/util/mmap-alloc.c
index XXXXXXX..XXXXXXX 100644
--- a/util/mmap-alloc.c
+++ b/util/mmap-alloc.c
@@ -XXX,XX +XXX,XX @@ void *qemu_ram_mmap(int fd,
                     size_t align,
                     bool readonly,
                     bool shared,
-                    bool is_pmem)
+                    bool is_pmem,
+                    off_t map_offset)
 {
     int prot;
     int flags;
@@ -XXX,XX +XXX,XX @@ void *qemu_ram_mmap(int fd,
 
     prot = PROT_READ | (readonly ? 0 : PROT_WRITE);
 
-    ptr = mmap(guardptr + offset, size, prot, flags | map_sync_flags, fd, 0);
+    ptr = mmap(guardptr + offset, size, prot,
+               flags | map_sync_flags, fd, map_offset);
 
     if (ptr == MAP_FAILED && map_sync_flags) {
         if (errno == ENOTSUP) {
@@ -XXX,XX +XXX,XX @@ void *qemu_ram_mmap(int fd,
          * if map failed with MAP_SHARED_VALIDATE | MAP_SYNC,
          * we will remove these flags to handle compatibility.
          */
-        ptr = mmap(guardptr + offset, size, prot, flags, fd, 0);
+        ptr = mmap(guardptr + offset, size, prot, flags, fd, map_offset);
     }
 
     if (ptr == MAP_FAILED) {
diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index XXXXXXX..XXXXXXX 100644
--- a/util/oslib-posix.c
+++ b/util/oslib-posix.c
@@ -XXX,XX +XXX,XX @@ void *qemu_memalign(size_t alignment, size_t size)
 void *qemu_anon_ram_alloc(size_t size, uint64_t *alignment, bool shared)
 {
     size_t align = QEMU_VMALLOC_ALIGN;
-    void *ptr = qemu_ram_mmap(-1, size, align, false, shared, false);
+    void *ptr = qemu_ram_mmap(-1, size, align, false, shared, false, 0);
 
     if (ptr == MAP_FAILED) {
         return NULL;
-- 
2.29.2

From: Jagannathan Raman <jag.raman@oracle.com>

Add configuration options to enable or disable multiprocess QEMU code

diff --git a/configure b/configure
index XXXXXXX..XXXXXXX 100755
--- a/configure
+++ b/configure
@@ -XXX,XX +XXX,XX @@ skip_meson=no
 gettext="auto"
 fuse="auto"
 fuse_lseek="auto"
+multiprocess="no"
 
 malloc_trim="auto"
 
@@ -XXX,XX +XXX,XX @@ Linux)
   linux="yes"
   linux_user="yes"
   vhost_user=${default_feature:-yes}
+  multiprocess=${default_feature:-yes}
 ;;
 esac
 
@@ -XXX,XX +XXX,XX @@ for opt do
   ;;
   --disable-fuse-lseek) fuse_lseek="disabled"
   ;;
+  --enable-multiprocess) multiprocess="yes"
+  ;;
+  --disable-multiprocess) multiprocess="no"
+  ;;
   *)
       echo "ERROR: unknown option $opt"
       echo "Try '$0 --help' for more information"
@@ -XXX,XX +XXX,XX @@ disabled with --disable-FEATURE, default is enabled if available
   libdaxctl       libdaxctl support
   fuse            FUSE block device export
   fuse-lseek      SEEK_HOLE/SEEK_DATA support for FUSE exports
+  multiprocess    Multiprocess QEMU support
 
 NOTE: The object files are built at the place where configure is launched
 EOF
@@ -XXX,XX +XXX,XX @@ fi
 if test "$have_mlockall" = "yes" ; then
   echo "HAVE_MLOCKALL=y" >> $config_host_mak
 fi
+if test "$multiprocess" = "yes" ; then
+  echo "CONFIG_MULTIPROCESS_ALLOWED=y" >> $config_host_mak
+fi
 if test "$fuzzing" = "yes" ; then
   # If LIB_FUZZING_ENGINE is set, assume we are running on OSS-Fuzz, and the
   # needed CFLAGS have already been provided
diff --git a/meson.build b/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/meson.build
+++ b/meson.build
@@ -XXX,XX +XXX,XX @@ host_kconfig = \
   ('CONFIG_VHOST_KERNEL' in config_host ? ['CONFIG_VHOST_KERNEL=y'] : []) + \
   (have_virtfs ? ['CONFIG_VIRTFS=y'] : []) + \
   ('CONFIG_LINUX' in config_host ? ['CONFIG_LINUX=y'] : []) + \
-  ('CONFIG_PVRDMA' in config_host ? ['CONFIG_PVRDMA=y'] : [])
+  ('CONFIG_PVRDMA' in config_host ? ['CONFIG_PVRDMA=y'] : []) + \
+  ('CONFIG_MULTIPROCESS_ALLOWED' in config_host ? ['CONFIG_MULTIPROCESS_ALLOWED=y'] : [])
 
 ignored = [ 'TARGET_XML_FILES', 'TARGET_ABI_DIR', 'TARGET_ARCH' ]
 
@@ -XXX,XX +XXX,XX @@ summary_info += {'libpmem support':   config_host.has_key('CONFIG_LIBPMEM')}
 summary_info += {'libdaxctl support': config_host.has_key('CONFIG_LIBDAXCTL')}
 summary_info += {'libudev':           libudev.found()}
 summary_info += {'FUSE lseek':        fuse_lseek.found()}
+summary_info += {'Multiprocess QEMU': config_host.has_key('CONFIG_MULTIPROCESS_ALLOWED')}
 summary(summary_info, bool_yn: true, section: 'Dependencies')
 
 if not supported_cpus.contains(cpu)
diff --git a/Kconfig.host b/Kconfig.host
index XXXXXXX..XXXXXXX 100644
--- a/Kconfig.host
+++ b/Kconfig.host
@@ -XXX,XX +XXX,XX @@ config VIRTFS
 
 config PVRDMA
     bool
+
+config MULTIPROCESS_ALLOWED
+    bool
+    imply MULTIPROCESS
diff --git a/hw/Kconfig b/hw/Kconfig
index XXXXXXX..XXXXXXX 100644
--- a/hw/Kconfig
+++ b/hw/Kconfig
@@ -XXX,XX +XXX,XX @@ source pci-host/Kconfig
 source pcmcia/Kconfig
 source pci/Kconfig
 source rdma/Kconfig
+source remote/Kconfig
 source rtc/Kconfig
 source scsi/Kconfig
 source sd/Kconfig
diff --git a/hw/remote/Kconfig b/hw/remote/Kconfig
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/hw/remote/Kconfig
@@ -XXX,XX +XXX,XX @@
+config MULTIPROCESS
+    bool
+    depends on PCI && KVM
-- 
2.29.2

From: Jagannathan Raman <jag.raman@oracle.com>

PCI host bridge is setup for the remote device process. It is
implemented using remote-pcihost object. It is an extension of the PCI
host bridge setup by QEMU.
Remote-pcihost configures a PCI bus which could be used by the remote
PCI device to latch on to.

Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 0871ba857abb2eafacde07e7fe66a3f12415bfb2.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 MAINTAINERS                  |  2 +
 include/hw/pci-host/remote.h | 29 ++++++++++++++
 hw/pci-host/remote.c         | 75 ++++++++++++++++++++++++++++++++++++
 hw/pci-host/Kconfig          |  3 ++
 hw/pci-host/meson.build      |  1 +
 hw/remote/Kconfig            |  1 +
 6 files changed, 111 insertions(+)
 create mode 100644 include/hw/pci-host/remote.h
 create mode 100644 hw/pci-host/remote.c

diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ M: John G Johnson <john.g.johnson@oracle.com>
 S: Maintained
 F: docs/devel/multi-process.rst
 F: docs/system/multi-process.rst
+F: hw/pci-host/remote.c
+F: include/hw/pci-host/remote.h
 
 Build and test automation
 -------------------------
diff --git a/include/hw/pci-host/remote.h b/include/hw/pci-host/remote.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/include/hw/pci-host/remote.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * PCI Host for remote device
+ *
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef REMOTE_PCIHOST_H
+#define REMOTE_PCIHOST_H
+
+#include "exec/memory.h"
+#include "hw/pci/pcie_host.h"
+
+#define TYPE_REMOTE_PCIHOST "remote-pcihost"
+OBJECT_DECLARE_SIMPLE_TYPE(RemotePCIHost, REMOTE_PCIHOST)
+
+struct RemotePCIHost {
+    /*< private >*/
+    PCIExpressHost parent_obj;
+    /*< public >*/
+
+    MemoryRegion *mr_pci_mem;
+    MemoryRegion *mr_sys_io;
+};
+
+#endif
diff --git a/hw/pci-host/remote.c b/hw/pci-host/remote.c
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/hw/pci-host/remote.c
@@ -XXX,XX +XXX,XX @@
+/*
+ * Remote PCI host device
+ *
+ * Unlike PCI host devices that model physical hardware, the purpose
+ * of this PCI host is to host multi-process QEMU devices.
+ *
+ * Multi-process QEMU extends the PCI host of a QEMU machine into a
+ * remote process. Any PCI device attached to the remote process is
+ * visible in the QEMU guest. This allows existing QEMU device models
+ * to be reused in the remote process.
+ *
+ * This PCI host is purely a container for PCI devices. It's fake in the
+ * sense that the guest never sees this PCI host and has no way of
+ * accessing it. Its job is just to provide the environment that QEMU
+ * PCI device models need when running in a remote process.
+ *
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_host.h"
+#include "hw/pci/pcie_host.h"
+#include "hw/qdev-properties.h"
+#include "hw/pci-host/remote.h"
+#include "exec/memory.h"
+
+static const char *remote_pcihost_root_bus_path(PCIHostState *host_bridge,
+                                                PCIBus *rootbus)
+{
+    return "0000:00";
+}
+
+static void remote_pcihost_realize(DeviceState *dev, Error **errp)
+{
+    PCIHostState *pci = PCI_HOST_BRIDGE(dev);
+    RemotePCIHost *s = REMOTE_PCIHOST(dev);
+
+    pci->bus = pci_root_bus_new(DEVICE(s), "remote-pci",
+                                s->mr_pci_mem, s->mr_sys_io,
+                                0, TYPE_PCIE_BUS);
+}
+
+static void remote_pcihost_class_init(ObjectClass *klass, void *data)
+{
+    DeviceClass *dc = DEVICE_CLASS(klass);
+    PCIHostBridgeClass *hc = PCI_HOST_BRIDGE_CLASS(klass);
+
+    hc->root_bus_path = remote_pcihost_root_bus_path;
+    dc->realize = remote_pcihost_realize;
+
+    dc->user_creatable = false;
+    set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+    dc->fw_name = "pci";
+}
+
+static const TypeInfo remote_pcihost_info = {
+    .name = TYPE_REMOTE_PCIHOST,
+    .parent = TYPE_PCIE_HOST_BRIDGE,
+    .instance_size = sizeof(RemotePCIHost),
+    .class_init = remote_pcihost_class_init,
+};
+
+static void remote_pcihost_register(void)
+{
+    type_register_static(&remote_pcihost_info);
+}
+
+type_init(remote_pcihost_register)
diff --git a/hw/pci-host/Kconfig b/hw/pci-host/Kconfig
index XXXXXXX..XXXXXXX 100644
--- a/hw/pci-host/Kconfig
+++ b/hw/pci-host/Kconfig
@@ -XXX,XX +XXX,XX @@ config PCI_POWERNV
     select PCI_EXPRESS
     select MSI_NONBROKEN
     select PCIE_PORT
+
+config REMOTE_PCIHOST
+    bool
diff --git a/hw/pci-host/meson.build b/hw/pci-host/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/hw/pci-host/meson.build
+++ b/hw/pci-host/meson.build
@@ -XXX,XX +XXX,XX @@ pci_ss.add(when: 'CONFIG_PCI_EXPRESS_XILINX', if_true: files('xilinx-pcie.c'))
 pci_ss.add(when: 'CONFIG_PCI_I440FX', if_true: files('i440fx.c'))
 pci_ss.add(when: 'CONFIG_PCI_SABRE', if_true: files('sabre.c'))
 pci_ss.add(when: 'CONFIG_XEN_IGD_PASSTHROUGH', if_true: files('xen_igd_pt.c'))
+pci_ss.add(when: 'CONFIG_REMOTE_PCIHOST', if_true: files('remote.c'))
 
 # PPC devices
 pci_ss.add(when: 'CONFIG_PREP_PCI', if_true: files('prep.c'))
diff --git a/hw/remote/Kconfig b/hw/remote/Kconfig
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/Kconfig
+++ b/hw/remote/Kconfig
@@ -XXX,XX +XXX,XX @@
 config MULTIPROCESS
     bool
     depends on PCI && KVM
+    select REMOTE_PCIHOST
-- 
2.29.2

From: Jagannathan Raman <jag.raman@oracle.com>

x-remote-machine object sets up various subsystems of the remote
device process. Instantiate PCI host bridge object and initialize RAM, IO &
PCI memory regions.

Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: c537f38d17f90453ca610c6b70cf3480274e0ba1.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 MAINTAINERS                  |  2 ++
 include/hw/pci-host/remote.h |  1 +
 include/hw/remote/machine.h  | 27 ++++++++++++++
 hw/remote/machine.c          | 70 ++++++++++++++++++++++++++++++++++++
 hw/meson.build               |  1 +
 hw/remote/meson.build        |  5 +++
 6 files changed, 106 insertions(+)
 create mode 100644 include/hw/remote/machine.h
 create mode 100644 hw/remote/machine.c
 create mode 100644 hw/remote/meson.build

diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ F: docs/devel/multi-process.rst
 F: docs/system/multi-process.rst
 F: hw/pci-host/remote.c
 F: include/hw/pci-host/remote.h
+F: hw/remote/machine.c
+F: include/hw/remote/machine.h
 
 Build and test automation
 -------------------------
diff --git a/include/hw/pci-host/remote.h b/include/hw/pci-host/remote.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/pci-host/remote.h
+++ b/include/hw/pci-host/remote.h
@@ -XXX,XX +XXX,XX @@ struct RemotePCIHost {
 
     MemoryRegion *mr_pci_mem;
     MemoryRegion *mr_sys_io;
+    MemoryRegion *mr_sys_mem;
 };
 
 #endif
diff --git a/include/hw/remote/machine.h b/include/hw/remote/machine.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/include/hw/remote/machine.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * Remote machine configuration
+ *
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef REMOTE_MACHINE_H
+#define REMOTE_MACHINE_H
+
+#include "qom/object.h"
+#include "hw/boards.h"
+#include "hw/pci-host/remote.h"
+
+struct RemoteMachineState {
+    MachineState parent_obj;
+
+    RemotePCIHost *host;
+};
+
+#define TYPE_REMOTE_MACHINE "x-remote-machine"
+OBJECT_DECLARE_SIMPLE_TYPE(RemoteMachineState, REMOTE_MACHINE)
+
+#endif
diff --git a/hw/remote/machine.c b/hw/remote/machine.c
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/hw/remote/machine.c
@@ -XXX,XX +XXX,XX @@
+/*
+ * Machine for remote device
+ *
+ *  This machine type is used by the remote device process in multi-process
+ *  QEMU. QEMU device models depend on parent busses, interrupt controllers,
+ *  memory regions, etc. The remote machine type offers this environment so
+ *  that QEMU device models can be used as remote devices.
+ *
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+
+#include "hw/remote/machine.h"
+#include "exec/address-spaces.h"
+#include "exec/memory.h"
+#include "qapi/error.h"
+
+static void remote_machine_init(MachineState *machine)
+{
+    MemoryRegion *system_memory, *system_io, *pci_memory;
+    RemoteMachineState *s = REMOTE_MACHINE(machine);
+    RemotePCIHost *rem_host;
+
+    system_memory = get_system_memory();
+    system_io = get_system_io();
+
+    pci_memory = g_new(MemoryRegion, 1);
+    memory_region_init(pci_memory, NULL, "pci", UINT64_MAX);
+
+    rem_host = REMOTE_PCIHOST(qdev_new(TYPE_REMOTE_PCIHOST));
+
+    rem_host->mr_pci_mem = pci_memory;
+    rem_host->mr_sys_mem = system_memory;
+    rem_host->mr_sys_io = system_io;
+
+    s->host = rem_host;
+
+    object_property_add_child(OBJECT(s), "remote-pcihost", OBJECT(rem_host));
+    memory_region_add_subregion_overlap(system_memory, 0x0, pci_memory, -1);
+
+    qdev_realize(DEVICE(rem_host), sysbus_get_default(), &error_fatal);
+}
+
+static void remote_machine_class_init(ObjectClass *oc, void *data)
+{
+    MachineClass *mc = MACHINE_CLASS(oc);
+
+    mc->init = remote_machine_init;
+    mc->desc = "Experimental remote machine";
+}
+
+static const TypeInfo remote_machine = {
+    .name = TYPE_REMOTE_MACHINE,
+    .parent = TYPE_MACHINE,
+    .instance_size = sizeof(RemoteMachineState),
+    .class_init = remote_machine_class_init,
+};
+
+static void remote_machine_register_types(void)
+{
+    type_register_static(&remote_machine);
+}
+
+type_init(remote_machine_register_types);
diff --git a/hw/meson.build b/hw/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/hw/meson.build
+++ b/hw/meson.build
@@ -XXX,XX +XXX,XX @@ subdir('moxie')
 subdir('nios2')
 subdir('openrisc')
 subdir('ppc')
+subdir('remote')
 subdir('riscv')
 subdir('rx')
 subdir('s390x')
diff --git a/hw/remote/meson.build b/hw/remote/meson.build
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/hw/remote/meson.build
@@ -XXX,XX +XXX,XX @@
+remote_ss = ss.source_set()
+
+remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('machine.c'))
+
+softmmu_ss.add_all(when: 'CONFIG_MULTIPROCESS', if_true: remote_ss)
-- 
2.29.2

From: Elena Ufimtseva <elena.ufimtseva@oracle.com>

Adds qio_channel_writev_full_all() to transmit both data and FDs.
Refactors existing code to use this helper.

Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 480fbf1fe4152495d60596c9b665124549b426a5.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/io/channel.h | 25 +++++++++++++++++++++++++
 io/channel.c         | 15 ++++++++++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)

From: Elena Ufimtseva <elena.ufimtseva@oracle.com>

Adds qio_channel_readv_full_all_eof() and qio_channel_readv_full_all()
to read both data and FDs. Refactors existing code to use these helpers.

Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: b059c4cc0fb741e794d644c144cc21372cad877d.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/io/channel.h |  53 +++++++++++++++++++++++
 io/channel.c         | 101 ++++++++++++++++++++++++++++++++++---------
 2 files changed, 134 insertions(+), 20 deletions(-)

diff --git a/include/io/channel.h b/include/io/channel.h
index XXXXXXX..XXXXXXX 100644
--- a/include/io/channel.h
+++ b/include/io/channel.h
@@ -XXX,XX +XXX,XX @@ void qio_channel_set_aio_fd_handler(QIOChannel *ioc,
                                     IOHandler *io_write,
                                     void *opaque);
 
+/**
+ * qio_channel_readv_full_all_eof:
+ * @ioc: the channel object
+ * @iov: the array of memory regions to read data to
+ * @niov: the length of the @iov array
+ * @fds: an array of file handles to read
+ * @nfds: number of file handles in @fds
+ * @errp: pointer to a NULL-initialized error object
+ *
+ *
+ * Performs same function as qio_channel_readv_all_eof.
+ * Additionally, attempts to read file descriptors shared
+ * over the channel. The function will wait for all
+ * requested data to be read, yielding from the current
+ * coroutine if required. data refers to both file
+ * descriptors and the iovs.
+ *
+ * Returns: 1 if all bytes were read, 0 if end-of-file
+ *          occurs without data, or -1 on error
+ */
+
+int qio_channel_readv_full_all_eof(QIOChannel *ioc,
+                                   const struct iovec *iov,
+                                   size_t niov,
+                                   int **fds, size_t *nfds,
+                                   Error **errp);
+
+/**
+ * qio_channel_readv_full_all:
+ * @ioc: the channel object
+ * @iov: the array of memory regions to read data to
+ * @niov: the length of the @iov array
+ * @fds: an array of file handles to read
+ * @nfds: number of file handles in @fds
+ * @errp: pointer to a NULL-initialized error object
+ *
+ *
+ * Performs same function as qio_channel_readv_all_eof.
+ * Additionally, attempts to read file descriptors shared
+ * over the channel. The function will wait for all
+ * requested data to be read, yielding from the current
+ * coroutine if required. data refers to both file
+ * descriptors and the iovs.
+ *
+ * Returns: 0 if all bytes were read, or -1 on error
+ */
+
+int qio_channel_readv_full_all(QIOChannel *ioc,
+                               const struct iovec *iov,
+                               size_t niov,
+                               int **fds, size_t *nfds,
+                               Error **errp);
+
 /**
  * qio_channel_writev_full_all:
  * @ioc: the channel object
diff --git a/io/channel.c b/io/channel.c
index XXXXXXX..XXXXXXX 100644
--- a/io/channel.c
+++ b/io/channel.c
@@ -XXX,XX +XXX,XX @@ int qio_channel_readv_all_eof(QIOChannel *ioc,
                               const struct iovec *iov,
                               size_t niov,
                               Error **errp)
+{
+    return qio_channel_readv_full_all_eof(ioc, iov, niov, NULL, NULL, errp);
+}
+
+int qio_channel_readv_all(QIOChannel *ioc,
+                          const struct iovec *iov,
+                          size_t niov,
+                          Error **errp)
+{
+    return qio_channel_readv_full_all(ioc, iov, niov, NULL, NULL, errp);
+}
+
+int qio_channel_readv_full_all_eof(QIOChannel *ioc,
+                                   const struct iovec *iov,
+                                   size_t niov,
+                                   int **fds, size_t *nfds,
+                                   Error **errp)
 {
     int ret = -1;
     struct iovec *local_iov = g_new(struct iovec, niov);
     struct iovec *local_iov_head = local_iov;
     unsigned int nlocal_iov = niov;
+    int **local_fds = fds;
+    size_t *local_nfds = nfds;
     bool partial = false;
 
+    if (nfds) {
+        *nfds = 0;
+    }
+
+    if (fds) {
+        *fds = NULL;
+    }
+
     nlocal_iov = iov_copy(local_iov, nlocal_iov,
                           iov, niov,
                           0, iov_size(iov, niov));
 
-    while (nlocal_iov > 0) {
+    while ((nlocal_iov > 0) || local_fds) {
         ssize_t len;
-        len = qio_channel_readv(ioc, local_iov, nlocal_iov, errp);
+        len = qio_channel_readv_full(ioc, local_iov, nlocal_iov, local_fds,
+                                     local_nfds, errp);
         if (len == QIO_CHANNEL_ERR_BLOCK) {
             if (qemu_in_coroutine()) {
                 qio_channel_yield(ioc, G_IO_IN);
@@ -XXX,XX +XXX,XX @@ int qio_channel_readv_all_eof(QIOChannel *ioc,
                 qio_channel_wait(ioc, G_IO_IN);
             }
             continue;
-        } else if (len < 0) {
-            goto cleanup;
-        } else if (len == 0) {
-            if (partial) {
-                error_setg(errp,
-                           "Unexpected end-of-file before all bytes were read");
-            } else {
+        }
+
+        if (len == 0) {
+            if (local_nfds && *local_nfds) {
+                /*
+                 * Got some FDs, but no data yet. This isn't an EOF
+                 * scenario (yet), so carry on to try to read data
+                 * on next loop iteration
+                 */
+                goto next_iter;
+            } else if (!partial) {
+                /* No fds and no data - EOF before any data read */
                 ret = 0;
+                goto cleanup;
+            } else {
+                len = -1;
+                error_setg(errp,
+                           "Unexpected end-of-file before all data were read");
+                /* Fallthrough into len < 0 handling */
+            }
+        }
+
+        if (len < 0) {
+            /* Close any FDs we previously received */
+            if (nfds && fds) {
+                size_t i;
+                for (i = 0; i < (*nfds); i++) {
+                    close((*fds)[i]);
+                }
+                g_free(*fds);
+                *fds = NULL;
+                *nfds = 0;
             }
             goto cleanup;
         }
 
+        if (nlocal_iov) {
+            iov_discard_front(&local_iov, &nlocal_iov, len);
+        }
+
+next_iter:
         partial = true;
-        iov_discard_front(&local_iov, &nlocal_iov, len);
+        local_fds = NULL;
+        local_nfds = NULL;
     }
 
     ret = 1;
@@ -XXX,XX +XXX,XX @@ int qio_channel_readv_all_eof(QIOChannel *ioc,
     return ret;
 }
 
-int qio_channel_readv_all(QIOChannel *ioc,
-                          const struct iovec *iov,
-                          size_t niov,
-                          Error **errp)
+int qio_channel_readv_full_all(QIOChannel *ioc,
+                               const struct iovec *iov,
+                               size_t niov,
+                               int **fds, size_t *nfds,
+                               Error **errp)
 {
-    int ret = qio_channel_readv_all_eof(ioc, iov, niov, errp);
+    int ret = qio_channel_readv_full_all_eof(ioc, iov, niov, fds, nfds, errp);
 
     if (ret == 0) {
-        ret = -1;
-        error_setg(errp,
-                   "Unexpected end-of-file before all bytes were read");
-    } else if (ret == 1) {
-        ret = 0;
+        error_prepend(errp,
+                      "Unexpected end-of-file before all data were read.");
+        return -1;
     }
+    if (ret == 1) {
+        return 0;
+    }
+
     return ret;
 }
 
-- 
2.29.2

From: Elena Ufimtseva <elena.ufimtseva@oracle.com>

Defines MPQemuMsg, which is the message that is sent to the remote
process. This message is sent over QIOChannel and is used to
command the remote process to perform various tasks.
Define transmission functions used by proxy and by remote.

[Replace struct iovec send[2] = {0} with {} to make clang happy as
suggested by Peter Maydell <peter.maydell@linaro.org>.
--Stefan]

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 MAINTAINERS                     |   2 +
 meson.build                     |   1 +
 hw/remote/trace.h               |   1 +
 include/hw/remote/mpqemu-link.h |  63 ++++++++++
 include/sysemu/iothread.h       |   6 +
 hw/remote/mpqemu-link.c         | 205 ++++++++++++++++++++++++++++++++
 iothread.c                      |   6 +
 hw/remote/meson.build           |   1 +
 hw/remote/trace-events          |   4 +
 9 files changed, 289 insertions(+)
 create mode 100644 hw/remote/trace.h
 create mode 100644 include/hw/remote/mpqemu-link.h
 create mode 100644 hw/remote/mpqemu-link.c
 create mode 100644 hw/remote/trace-events

diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ F: hw/pci-host/remote.c
 F: include/hw/pci-host/remote.h
 F: hw/remote/machine.c
 F: include/hw/remote/machine.h
+F: hw/remote/mpqemu-link.c
+F: include/hw/remote/mpqemu-link.h
 
 Build and test automation
 -------------------------
diff --git a/meson.build b/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/meson.build
+++ b/meson.build
@@ -XXX,XX +XXX,XX @@ if have_system
     'net',
     'softmmu',
     'ui',
+    'hw/remote',
   ]
 endif
 trace_events_subdirs += [
diff --git a/hw/remote/trace.h b/hw/remote/trace.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/hw/remote/trace.h
@@ -0,0 +1 @@
+#include "trace/trace-hw_remote.h"
diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/include/hw/remote/mpqemu-link.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * Communication channel between QEMU and remote device process
+ *
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef MPQEMU_LINK_H
+#define MPQEMU_LINK_H
+
+#include "qom/object.h"
+#include "qemu/thread.h"
+#include "io/channel.h"
+
+#define REMOTE_MAX_FDS 8
+
+#define MPQEMU_MSG_HDR_SIZE offsetof(MPQemuMsg, data.u64)
+
+/**
+ * MPQemuCmd:
+ *
+ * MPQemuCmd enum type to specify the command to be executed on the remote
+ * device.
+ *
+ * This uses a private protocol between QEMU and the remote process. vfio-user
+ * protocol would supersede this in the future.
+ *
+ */
+typedef enum {
+    MPQEMU_CMD_MAX,
+} MPQemuCmd;
+
+/**
+ * MPQemuMsg:
+ * @cmd: The remote command
+ * @size: Size of the data to be shared
+ * @data: Structured data
+ * @fds: File descriptors to be shared with remote device
+ *
+ * MPQemuMsg Format of the message sent to the remote device from QEMU.
+ *
+ */
+typedef struct {
+    int cmd;
+    size_t size;
+
+    union {
+        uint64_t u64;
+    } data;
+
+    int fds[REMOTE_MAX_FDS];
+    int num_fds;
+} MPQemuMsg;
+
+bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp);
+bool mpqemu_msg_recv(MPQemuMsg *msg, QIOChannel *ioc, Error **errp);
+
+bool mpqemu_msg_valid(MPQemuMsg *msg);
+
+#endif
diff --git a/include/sysemu/iothread.h b/include/sysemu/iothread.h
index XXXXXXX..XXXXXXX 100644
--- a/include/sysemu/iothread.h
+++ b/include/sysemu/iothread.h
@@ -XXX,XX +XXX,XX @@ IOThread *iothread_create(const char *id, Error **errp);
 void iothread_stop(IOThread *iothread);
 void iothread_destroy(IOThread *iothread);
 
+/*
+ * Returns true if executing withing IOThread context,
+ * false otherwise.
+ */
+bool qemu_in_iothread(void);
+
 #endif /* IOTHREAD_H */
diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/hw/remote/mpqemu-link.c
@@ -XXX,XX +XXX,XX @@
+/*
+ * Communication channel between QEMU and remote device process
+ *
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+
+#include "qemu/module.h"
+#include "hw/remote/mpqemu-link.h"
+#include "qapi/error.h"
+#include "qemu/iov.h"
+#include "qemu/error-report.h"
+#include "qemu/main-loop.h"
+#include "io/channel.h"
+#include "sysemu/iothread.h"
+#include "trace.h"
+
+/*
+ * Send message over the ioc QIOChannel.
+ * This function is safe to call from:
+ * - main loop in co-routine context. Will block the main loop if not in
+ *   co-routine context;
+ * - vCPU thread with no co-routine context and if the channel is not part
+ *   of the main loop handling;
+ * - IOThread within co-routine context, outside of co-routine context
+ *   will block IOThread;
+ * Returns true if no errors were encountered, false otherwise.
+ */
+bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
+{
+    ERRP_GUARD();
+    bool iolock = qemu_mutex_iothread_locked();
+    bool iothread = qemu_in_iothread();
+    struct iovec send[2] = {};
+    int *fds = NULL;
+    size_t nfds = 0;
+    bool ret = false;
+
+    send[0].iov_base = msg;
+    send[0].iov_len = MPQEMU_MSG_HDR_SIZE;
+
+    send[1].iov_base = (void *)&msg->data;
+    send[1].iov_len = msg->size;
+
+    if (msg->num_fds) {
+        nfds = msg->num_fds;
+        fds = msg->fds;
+    }
+
+    /*
+     * Dont use in IOThread out of co-routine context as
+     * it will block IOThread.
+     */
+    assert(qemu_in_coroutine() || !iothread);
+
+    /*
+     * Skip unlocking/locking iothread lock when the IOThread is running
+     * in co-routine context. Co-routine context is asserted above
+     * for IOThread case.
+     * Also skip lock handling while in a co-routine in the main context.
+     */
+    if (iolock && !iothread && !qemu_in_coroutine()) {
+        qemu_mutex_unlock_iothread();
+    }
+
+    if (!qio_channel_writev_full_all(ioc, send, G_N_ELEMENTS(send),
+                                    fds, nfds, errp)) {
+        ret = true;
+    } else {
+        trace_mpqemu_send_io_error(msg->cmd, msg->size, nfds);
+    }
+
+    if (iolock && !iothread && !qemu_in_coroutine()) {
+        /* See above comment why skip locking here. */
+        qemu_mutex_lock_iothread();
+    }
+
+    return ret;
+}
+
+/*
+ * Read message from the ioc QIOChannel.
+ * This function is safe to call from:
+ * - From main loop in co-routine context. Will block the main loop if not in
+ *   co-routine context;
+ * - From vCPU thread with no co-routine context and if the channel is not part
+ *   of the main loop handling;
+ * - From IOThread within co-routine context, outside of co-routine context
+ *   will block IOThread;
+ */
+static ssize_t mpqemu_read(QIOChannel *ioc, void *buf, size_t len, int **fds,
+                           size_t *nfds, Error **errp)
+{
+    ERRP_GUARD();
+    struct iovec iov = { .iov_base = buf, .iov_len = len };
+    bool iolock = qemu_mutex_iothread_locked();
+    bool iothread = qemu_in_iothread();
+    int ret = -1;
+
+    /*
+     * Dont use in IOThread out of co-routine context as
+     * it will block IOThread.
+     */
+    assert(qemu_in_coroutine() || !iothread);
+
+    if (iolock && !iothread && !qemu_in_coroutine()) {
+        qemu_mutex_unlock_iothread();
+    }
+
+    ret = qio_channel_readv_full_all_eof(ioc, &iov, 1, fds, nfds, errp);
+
+    if (iolock && !iothread && !qemu_in_coroutine()) {
+        qemu_mutex_lock_iothread();
+    }
+
+    return (ret <= 0) ? ret : iov.iov_len;
+}
+
+bool mpqemu_msg_recv(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
+{
+    ERRP_GUARD();
+    g_autofree int *fds = NULL;
+    size_t nfds = 0;
+    ssize_t len;
+    bool ret = false;
+
+    len = mpqemu_read(ioc, msg, MPQEMU_MSG_HDR_SIZE, &fds, &nfds, errp);
+    if (len <= 0) {
+        goto fail;
+    } else if (len != MPQEMU_MSG_HDR_SIZE) {
+        error_setg(errp, "Message header corrupted");
+        goto fail;
+    }
+
+    if (msg->size > sizeof(msg->data)) {
+        error_setg(errp, "Invalid size for message");
+        goto fail;
+    }
+
+    if (!msg->size) {
+        goto copy_fds;
+    }
+
+    len = mpqemu_read(ioc, &msg->data, msg->size, NULL, NULL, errp);
+    if (len <= 0) {
+        goto fail;
+    }
+    if (len != msg->size) {
+        error_setg(errp, "Unable to read full message");
+        goto fail;
+    }
+
+copy_fds:
+    msg->num_fds = nfds;
+    if (nfds > G_N_ELEMENTS(msg->fds)) {
+        error_setg(errp,
+                   "Overflow error: received %zu fds, more than max of %d fds",
+                   nfds, REMOTE_MAX_FDS);
+        goto fail;
+    }
+    if (nfds) {
+        memcpy(msg->fds, fds, nfds * sizeof(int));
+    }
+
+    ret = true;
+
+fail:
+    if (*errp) {
+        trace_mpqemu_recv_io_error(msg->cmd, msg->size, nfds);
+    }
+    while (*errp && nfds) {
+        close(fds[nfds - 1]);
+        nfds--;
+    }
+
+    return ret;
+}
+
+bool mpqemu_msg_valid(MPQemuMsg *msg)
+{
+    if (msg->cmd >= MPQEMU_CMD_MAX && msg->cmd < 0) {
+        return false;
+    }
+
+    /* Verify FDs. */
+    if (msg->num_fds >= REMOTE_MAX_FDS) {
+        return false;
+    }
+
+    if (msg->num_fds > 0) {
+        for (int i = 0; i < msg->num_fds; i++) {
+            if (fcntl(msg->fds[i], F_GETFL) == -1) {
+                return false;
+            }
+        }
+    }
+
+    return true;
+}
diff --git a/iothread.c b/iothread.c
index XXXXXXX..XXXXXXX 100644
--- a/iothread.c
+++ b/iothread.c
@@ -XXX,XX +XXX,XX @@ IOThread *iothread_by_id(const char *id)
 {
     return IOTHREAD(object_resolve_path_type(id, TYPE_IOTHREAD, NULL));
 }
+
+bool qemu_in_iothread(void)
+{
+    return qemu_get_current_aio_context() == qemu_get_aio_context() ?
+                    false : true;
+}
diff --git a/hw/remote/meson.build b/hw/remote/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/meson.build
+++ b/hw/remote/meson.build
@@ -XXX,XX +XXX,XX @@
 remote_ss = ss.source_set()
 
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('machine.c'))
+remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('mpqemu-link.c'))
 
 softmmu_ss.add_all(when: 'CONFIG_MULTIPROCESS', if_true: remote_ss)
diff --git a/hw/remote/trace-events b/hw/remote/trace-events
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/hw/remote/trace-events
@@ -XXX,XX +XXX,XX @@
+# multi-process trace events
+
+mpqemu_send_io_error(int cmd, int size, int nfds) "send command %d size %d, %d file descriptors to remote process"
+mpqemu_recv_io_error(int cmd, int size, int nfds) "failed to receive %d size %d, %d file descriptors to remote process"
-- 
2.29.2

From: Jagannathan Raman <jag.raman@oracle.com>

Initializes the message handler function in the remote process. It is
called whenever there's an event pending on QIOChannel that registers
this function.

Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 99d38d8b93753a6409ac2340e858858cda59ab1b.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 MAINTAINERS                 |  1 +
 include/hw/remote/machine.h |  9 ++++++
 hw/remote/message.c         | 57 +++++++++++++++++++++++++++++++++++++
 hw/remote/meson.build       |  1 +
 4 files changed, 68 insertions(+)
 create mode 100644 hw/remote/message.c

diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ F: hw/remote/machine.c
 F: include/hw/remote/machine.h
 F: hw/remote/mpqemu-link.c
 F: include/hw/remote/mpqemu-link.h
+F: hw/remote/message.c
 
 Build and test automation
 -------------------------
diff --git a/include/hw/remote/machine.h b/include/hw/remote/machine.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/remote/machine.h
+++ b/include/hw/remote/machine.h
@@ -XXX,XX +XXX,XX @@
 #include "qom/object.h"
 #include "hw/boards.h"
 #include "hw/pci-host/remote.h"
+#include "io/channel.h"
 
 struct RemoteMachineState {
     MachineState parent_obj;
@@ -XXX,XX +XXX,XX @@ struct RemoteMachineState {
     RemotePCIHost *host;
 };
 
+/* Used to pass to co-routine device and ioc. */
+typedef struct RemoteCommDev {
+    PCIDevice *dev;
+    QIOChannel *ioc;
+} RemoteCommDev;
+
 #define TYPE_REMOTE_MACHINE "x-remote-machine"
 OBJECT_DECLARE_SIMPLE_TYPE(RemoteMachineState, REMOTE_MACHINE)
 
+void coroutine_fn mpqemu_remote_msg_loop_co(void *data);
+
 #endif
diff --git a/hw/remote/message.c b/hw/remote/message.c
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/hw/remote/message.c
@@ -XXX,XX +XXX,XX @@
+/*
+ * Copyright © 2020, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL-v2, version 2 or later.
+ *
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+
+#include "hw/remote/machine.h"
+#include "io/channel.h"
+#include "hw/remote/mpqemu-link.h"
+#include "qapi/error.h"
+#include "sysemu/runstate.h"
+
+void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
+{
+    g_autofree RemoteCommDev *com = (RemoteCommDev *)data;
+    PCIDevice *pci_dev = NULL;
+    Error *local_err = NULL;
+
+    assert(com->ioc);
+
+    pci_dev = com->dev;
+    for (; !local_err;) {
+        MPQemuMsg msg = {0};
+
+        if (!mpqemu_msg_recv(&msg, com->ioc, &local_err)) {
+            break;
+        }
+
+        if (!mpqemu_msg_valid(&msg)) {
+            error_setg(&local_err, "Received invalid message from proxy"
+                                   "in remote process pid="FMT_pid"",
+                                   getpid());
+            break;
+        }
+
+        switch (msg.cmd) {
+        default:
+            error_setg(&local_err,
+                       "Unknown command (%d) received for device %s"
+                       " (pid="FMT_pid")",
+                       msg.cmd, DEVICE(pci_dev)->id, getpid());
+        }
+    }
+
+    if (local_err) {
+        error_report_err(local_err);
+        qemu_system_shutdown_request(SHUTDOWN_CAUSE_HOST_ERROR);
+    } else {
+        qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
+    }
+}
diff --git a/hw/remote/meson.build b/hw/remote/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/meson.build
+++ b/hw/remote/meson.build
@@ -XXX,XX +XXX,XX @@ remote_ss = ss.source_set()
 
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('machine.c'))
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('mpqemu-link.c'))
+remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('message.c'))
 
 softmmu_ss.add_all(when: 'CONFIG_MULTIPROCESS', if_true: remote_ss)
-- 
2.29.2

From: Jagannathan Raman <jag.raman@oracle.com>

Associate the file descriptor for a PCIDevice in remote process with
DeviceState object.

Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: f405a2ed5d7518b87bea7c59cfdf334d67e5ee51.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 MAINTAINERS            |   1 +
 hw/remote/remote-obj.c | 203 +++++++++++++++++++++++++++++++++++++++++
 hw/remote/meson.build  |   1 +
 3 files changed, 205 insertions(+)
 create mode 100644 hw/remote/remote-obj.c

diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ F: include/hw/remote/machine.h
 F: hw/remote/mpqemu-link.c
 F: include/hw/remote/mpqemu-link.h
 F: hw/remote/message.c
+F: hw/remote/remote-obj.c
 
 Build and test automation
 -------------------------
diff --git a/hw/remote/remote-obj.c b/hw/remote/remote-obj.c
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/hw/remote/remote-obj.c
@@ -XXX,XX +XXX,XX @@
+/*
+ * Copyright © 2020, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL-v2, version 2 or later.
+ *
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+
+#include "qemu/error-report.h"
+#include "qemu/notify.h"
+#include "qom/object_interfaces.h"
+#include "hw/qdev-core.h"
+#include "io/channel.h"
+#include "hw/qdev-core.h"
+#include "hw/remote/machine.h"
+#include "io/channel-util.h"
+#include "qapi/error.h"
+#include "sysemu/sysemu.h"
+#include "hw/pci/pci.h"
+#include "qemu/sockets.h"
+#include "monitor/monitor.h"
+
+#define TYPE_REMOTE_OBJECT "x-remote-object"
+OBJECT_DECLARE_TYPE(RemoteObject, RemoteObjectClass, REMOTE_OBJECT)
+
+struct RemoteObjectClass {
+    ObjectClass parent_class;
+
+    unsigned int nr_devs;
+    unsigned int max_devs;
+};
+
+struct RemoteObject {
+    /* private */
+    Object parent;
+
+    Notifier machine_done;
+
+    int32_t fd;
+    char *devid;
+
+    QIOChannel *ioc;
+
+    DeviceState *dev;
+    DeviceListener listener;
+};
+
+static void remote_object_set_fd(Object *obj, const char *str, Error **errp)
+{
+    RemoteObject *o = REMOTE_OBJECT(obj);
+    int fd = -1;
+
+    fd = monitor_fd_param(monitor_cur(), str, errp);
+    if (fd == -1) {
+        error_prepend(errp, "Could not parse remote object fd %s:", str);
+        return;
+    }
+
+    if (!fd_is_socket(fd)) {
+        error_setg(errp, "File descriptor '%s' is not a socket", str);
+        close(fd);
+        return;
+    }
+
+    o->fd = fd;
+}
+
+static void remote_object_set_devid(Object *obj, const char *str, Error **errp)
+{
+    RemoteObject *o = REMOTE_OBJECT(obj);
+
+    g_free(o->devid);
+
+    o->devid = g_strdup(str);
+}
+
+static void remote_object_unrealize_listener(DeviceListener *listener,
+                                             DeviceState *dev)
+{
+    RemoteObject *o = container_of(listener, RemoteObject, listener);
+
+    if (o->dev == dev) {
+        object_unref(OBJECT(o));
+    }
+}
+
+static void remote_object_machine_done(Notifier *notifier, void *data)
+{
+    RemoteObject *o = container_of(notifier, RemoteObject, machine_done);
+    DeviceState *dev = NULL;
+    QIOChannel *ioc = NULL;
+    Coroutine *co = NULL;
+    RemoteCommDev *comdev = NULL;
+    Error *err = NULL;
+
+    dev = qdev_find_recursive(sysbus_get_default(), o->devid);
+    if (!dev || !object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
+        error_report("%s is not a PCI device", o->devid);
+        return;
+    }
+
+    ioc = qio_channel_new_fd(o->fd, &err);
+    if (!ioc) {
+        error_report_err(err);
+        return;
+    }
+    qio_channel_set_blocking(ioc, false, NULL);
+
+    o->dev = dev;
+
+    o->listener.unrealize = remote_object_unrealize_listener;
+    device_listener_register(&o->listener);
+
+    /* co-routine should free this. */
+    comdev = g_new0(RemoteCommDev, 1);
+    *comdev = (RemoteCommDev) {
+        .ioc = ioc,
+        .dev = PCI_DEVICE(dev),
+    };
+
+    co = qemu_coroutine_create(mpqemu_remote_msg_loop_co, comdev);
+    qemu_coroutine_enter(co);
+}
+
+static void remote_object_init(Object *obj)
+{
+    RemoteObjectClass *k = REMOTE_OBJECT_GET_CLASS(obj);
+    RemoteObject *o = REMOTE_OBJECT(obj);
+
+    if (k->nr_devs >= k->max_devs) {
+        error_report("Reached maximum number of devices: %u", k->max_devs);
+        return;
+    }
+
+    o->ioc = NULL;
+    o->fd = -1;
+    o->devid = NULL;
+
+    k->nr_devs++;
+
+    o->machine_done.notify = remote_object_machine_done;
+    qemu_add_machine_init_done_notifier(&o->machine_done);
+}
+
+static void remote_object_finalize(Object *obj)
+{
+    RemoteObjectClass *k = REMOTE_OBJECT_GET_CLASS(obj);
+    RemoteObject *o = REMOTE_OBJECT(obj);
+
+    device_listener_unregister(&o->listener);
+
+    if (o->ioc) {
+        qio_channel_shutdown(o->ioc, QIO_CHANNEL_SHUTDOWN_BOTH, NULL);
+        qio_channel_close(o->ioc, NULL);
+    }
+
+    object_unref(OBJECT(o->ioc));
+
+    k->nr_devs--;
+    g_free(o->devid);
+}
+
+static void remote_object_class_init(ObjectClass *klass, void *data)
+{
+    RemoteObjectClass *k = REMOTE_OBJECT_CLASS(klass);
+
+    /*
+     * Limit number of supported devices to 1. This is done to avoid devices
+     * from one VM accessing the RAM of another VM. This is done until we
+     * start using separate address spaces for individual devices.
+     */
+    k->max_devs = 1;
+    k->nr_devs = 0;
+
+    object_class_property_add_str(klass, "fd", NULL, remote_object_set_fd);
+    object_class_property_add_str(klass, "devid", NULL,
+                                  remote_object_set_devid);
+}
+
+static const TypeInfo remote_object_info = {
+    .name = TYPE_REMOTE_OBJECT,
+    .parent = TYPE_OBJECT,
+    .instance_size = sizeof(RemoteObject),
+    .instance_init = remote_object_init,
+    .instance_finalize = remote_object_finalize,
+    .class_size = sizeof(RemoteObjectClass),
+    .class_init = remote_object_class_init,
+    .interfaces = (InterfaceInfo[]) {
+        { TYPE_USER_CREATABLE },
+        { }
+    }
+};
+
+static void register_types(void)
+{
+    type_register_static(&remote_object_info);
+}
+
+type_init(register_types);
diff --git a/hw/remote/meson.build b/hw/remote/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/meson.build
+++ b/hw/remote/meson.build
@@ -XXX,XX +XXX,XX @@ remote_ss = ss.source_set()
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('machine.c'))
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('mpqemu-link.c'))
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('message.c'))
+remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('remote-obj.c'))
 
 softmmu_ss.add_all(when: 'CONFIG_MULTIPROCESS', if_true: remote_ss)
-- 
2.29.2

From: Jagannathan Raman <jag.raman@oracle.com>

SyncSysMemMsg message format is defined. It is used to send
file descriptors of the RAM regions to remote device.
RAM on the remote device is configured with a set of file descriptors.
Old RAM regions are deleted and new regions, each with an fd, is
added to the RAM.

Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 7d2d1831d812e85f681e7a8ab99e032cf4704689.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 MAINTAINERS                     |  2 +
 include/hw/remote/memory.h      | 19 ++++++++++
 include/hw/remote/mpqemu-link.h | 10 +++++
 hw/remote/memory.c              | 65 +++++++++++++++++++++++++++++++++
 hw/remote/mpqemu-link.c         | 11 ++++++
 hw/remote/meson.build           |  2 +
 6 files changed, 109 insertions(+)
 create mode 100644 include/hw/remote/memory.h
 create mode 100644 hw/remote/memory.c

diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ F: hw/remote/mpqemu-link.c
 F: include/hw/remote/mpqemu-link.h
 F: hw/remote/message.c
 F: hw/remote/remote-obj.c
+F: include/hw/remote/memory.h
+F: hw/remote/memory.c
 
 Build and test automation
 -------------------------
diff --git a/include/hw/remote/memory.h b/include/hw/remote/memory.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/include/hw/remote/memory.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * Memory manager for remote device
+ *
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef REMOTE_MEMORY_H
+#define REMOTE_MEMORY_H
+
+#include "exec/hwaddr.h"
+#include "hw/remote/mpqemu-link.h"
+
+void remote_sysmem_reconfig(MPQemuMsg *msg, Error **errp);
+
+#endif
diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/remote/mpqemu-link.h
+++ b/include/hw/remote/mpqemu-link.h
@@ -XXX,XX +XXX,XX @@
 #include "qom/object.h"
 #include "qemu/thread.h"
 #include "io/channel.h"
+#include "exec/hwaddr.h"
 
 #define REMOTE_MAX_FDS 8
 
@@ -XXX,XX +XXX,XX @@
  *
  */
 typedef enum {
+    MPQEMU_CMD_SYNC_SYSMEM,
     MPQEMU_CMD_MAX,
 } MPQemuCmd;
 
+typedef struct {
+    hwaddr gpas[REMOTE_MAX_FDS];
+    uint64_t sizes[REMOTE_MAX_FDS];
+    off_t offsets[REMOTE_MAX_FDS];
+} SyncSysmemMsg;
+
 /**
  * MPQemuMsg:
  * @cmd: The remote command
@@ -XXX,XX +XXX,XX @@ typedef enum {
  * MPQemuMsg Format of the message sent to the remote device from QEMU.
  *
  */
+
 typedef struct {
     int cmd;
     size_t size;
 
     union {
         uint64_t u64;
+        SyncSysmemMsg sync_sysmem;
     } data;
 
     int fds[REMOTE_MAX_FDS];
diff --git a/hw/remote/memory.c b/hw/remote/memory.c
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/hw/remote/memory.c
@@ -XXX,XX +XXX,XX @@
+/*
+ * Memory manager for remote device
+ *
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+
+#include "hw/remote/memory.h"
+#include "exec/address-spaces.h"
+#include "exec/ram_addr.h"
+#include "qapi/error.h"
+
+static void remote_sysmem_reset(void)
+{
+    MemoryRegion *sysmem, *subregion, *next;
+
+    sysmem = get_system_memory();
+
+    QTAILQ_FOREACH_SAFE(subregion, &sysmem->subregions, subregions_link, next) {
+        if (subregion->ram) {
+            memory_region_del_subregion(sysmem, subregion);
+            object_unparent(OBJECT(subregion));
+        }
+    }
+}
+
+void remote_sysmem_reconfig(MPQemuMsg *msg, Error **errp)
+{
+    ERRP_GUARD();
+    SyncSysmemMsg *sysmem_info = &msg->data.sync_sysmem;
+    MemoryRegion *sysmem, *subregion;
+    static unsigned int suffix;
+    int region;
+
+    sysmem = get_system_memory();
+
+    remote_sysmem_reset();
+
+    for (region = 0; region < msg->num_fds; region++) {
+        g_autofree char *name;
+        subregion = g_new(MemoryRegion, 1);
+        name = g_strdup_printf("remote-mem-%u", suffix++);
+        memory_region_init_ram_from_fd(subregion, NULL,
+                                       name, sysmem_info->sizes[region],
+                                       true, msg->fds[region],
+                                       sysmem_info->offsets[region],
+                                       errp);
+
+        if (*errp) {
+            g_free(subregion);
+            remote_sysmem_reset();
+            return;
+        }
+
+        memory_region_add_subregion(sysmem, sysmem_info->gpas[region],
+                                    subregion);
+
+    }
+}
diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/mpqemu-link.c
+++ b/hw/remote/mpqemu-link.c
@@ -XXX,XX +XXX,XX @@ bool mpqemu_msg_valid(MPQemuMsg *msg)
         }
     }
 
+     /* Verify message specific fields. */
+    switch (msg->cmd) {
+    case MPQEMU_CMD_SYNC_SYSMEM:
+        if (msg->num_fds == 0 || msg->size != sizeof(SyncSysmemMsg)) {
+            return false;
+        }
+        break;
+    default:
+        break;
+    }
+
     return true;
 }
diff --git a/hw/remote/meson.build b/hw/remote/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/meson.build
+++ b/hw/remote/meson.build
@@ -XXX,XX +XXX,XX @@ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('mpqemu-link.c'))
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('message.c'))
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('remote-obj.c'))
 
+specific_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('memory.c'))
+
 softmmu_ss.add_all(when: 'CONFIG_MULTIPROCESS', if_true: remote_ss)
-- 
2.29.2

From: Elena Ufimtseva <elena.ufimtseva@oracle.com>

Defines a PCI Device proxy object as a child of TYPE_PCI_DEVICE.

Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: b5186ebfedf8e557044d09a768846c59230ad3a7.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 MAINTAINERS               |  2 +
 include/hw/remote/proxy.h | 33 +++++++++++++
 hw/remote/proxy.c         | 99 +++++++++++++++++++++++++++++++++++++++
 hw/remote/meson.build     |  1 +
 4 files changed, 135 insertions(+)
 create mode 100644 include/hw/remote/proxy.h
 create mode 100644 hw/remote/proxy.c

diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ F: hw/remote/message.c
 F: hw/remote/remote-obj.c
 F: include/hw/remote/memory.h
 F: hw/remote/memory.c
+F: hw/remote/proxy.c
+F: include/hw/remote/proxy.h
 
 Build and test automation
 -------------------------
diff --git a/include/hw/remote/proxy.h b/include/hw/remote/proxy.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/include/hw/remote/proxy.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef PROXY_H
+#define PROXY_H
+
+#include "hw/pci/pci.h"
+#include "io/channel.h"
+
+#define TYPE_PCI_PROXY_DEV "x-pci-proxy-dev"
+OBJECT_DECLARE_SIMPLE_TYPE(PCIProxyDev, PCI_PROXY_DEV)
+
+struct PCIProxyDev {
+    PCIDevice parent_dev;
+    char *fd;
+
+    /*
+     * Mutex used to protect the QIOChannel fd from
+     * the concurrent access by the VCPUs since proxy
+     * blocks while awaiting for the replies from the
+     * process remote.
+     */
+    QemuMutex io_mutex;
+    QIOChannel *ioc;
+    Error *migration_blocker;
+};
+
+#endif /* PROXY_H */
diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/hw/remote/proxy.c
@@ -XXX,XX +XXX,XX @@
+/*
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+
+#include "hw/remote/proxy.h"
+#include "hw/pci/pci.h"
+#include "qapi/error.h"
+#include "io/channel-util.h"
+#include "hw/qdev-properties.h"
+#include "monitor/monitor.h"
+#include "migration/blocker.h"
+#include "qemu/sockets.h"
+
+static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
+{
+    ERRP_GUARD();
+    PCIProxyDev *dev = PCI_PROXY_DEV(device);
+    int fd;
+
+    if (!dev->fd) {
+        error_setg(errp, "fd parameter not specified for %s",
+                   DEVICE(device)->id);
+        return;
+    }
+
+    fd = monitor_fd_param(monitor_cur(), dev->fd, errp);
+    if (fd == -1) {
+        error_prepend(errp, "proxy: unable to parse fd %s: ", dev->fd);
+        return;
+    }
+
+    if (!fd_is_socket(fd)) {
+        error_setg(errp, "proxy: fd %d is not a socket", fd);
+        close(fd);
+        return;
+    }
+
+    dev->ioc = qio_channel_new_fd(fd, errp);
+
+    error_setg(&dev->migration_blocker, "%s does not support migration",
+               TYPE_PCI_PROXY_DEV);
+    migrate_add_blocker(dev->migration_blocker, errp);
+
+    qemu_mutex_init(&dev->io_mutex);
+    qio_channel_set_blocking(dev->ioc, true, NULL);
+}
+
+static void pci_proxy_dev_exit(PCIDevice *pdev)
+{
+    PCIProxyDev *dev = PCI_PROXY_DEV(pdev);
+
+    if (dev->ioc) {
+        qio_channel_close(dev->ioc, NULL);
+    }
+
+    migrate_del_blocker(dev->migration_blocker);
+
+    error_free(dev->migration_blocker);
+}
+
+static Property proxy_properties[] = {
+    DEFINE_PROP_STRING("fd", PCIProxyDev, fd),
+    DEFINE_PROP_END_OF_LIST(),
+};
+
+static void pci_proxy_dev_class_init(ObjectClass *klass, void *data)
+{
+    DeviceClass *dc = DEVICE_CLASS(klass);
+    PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+
+    k->realize = pci_proxy_dev_realize;
+    k->exit = pci_proxy_dev_exit;
+    device_class_set_props(dc, proxy_properties);
+}
+
+static const TypeInfo pci_proxy_dev_type_info = {
+    .name          = TYPE_PCI_PROXY_DEV,
+    .parent        = TYPE_PCI_DEVICE,
+    .instance_size = sizeof(PCIProxyDev),
+    .class_init    = pci_proxy_dev_class_init,
+    .interfaces = (InterfaceInfo[]) {
+        { INTERFACE_CONVENTIONAL_PCI_DEVICE },
+        { },
+    },
+};
+
+static void pci_proxy_dev_register_types(void)
+{
+    type_register_static(&pci_proxy_dev_type_info);
+}
+
+type_init(pci_proxy_dev_register_types)
diff --git a/hw/remote/meson.build b/hw/remote/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/meson.build
+++ b/hw/remote/meson.build
@@ -XXX,XX +XXX,XX @@ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('machine.c'))
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('mpqemu-link.c'))
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('message.c'))
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('remote-obj.c'))
+remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('proxy.c'))
 
 specific_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('memory.c'))
 
-- 
2.29.2

From: Elena Ufimtseva <elena.ufimtseva@oracle.com>

Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: d54edb4176361eed86b903e8f27058363b6c83b3.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/hw/remote/mpqemu-link.h |  4 ++++
 hw/remote/mpqemu-link.c         | 34 +++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/remote/mpqemu-link.h
+++ b/include/hw/remote/mpqemu-link.h
@@ -XXX,XX +XXX,XX @@
 #include "qemu/thread.h"
 #include "io/channel.h"
 #include "exec/hwaddr.h"
+#include "io/channel-socket.h"
+#include "hw/remote/proxy.h"
 
 #define REMOTE_MAX_FDS 8
 
@@ -XXX,XX +XXX,XX @@ typedef struct {
 bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp);
 bool mpqemu_msg_recv(MPQemuMsg *msg, QIOChannel *ioc, Error **errp);
 
+uint64_t mpqemu_msg_send_and_await_reply(MPQemuMsg *msg, PCIProxyDev *pdev,
+                                         Error **errp);
 bool mpqemu_msg_valid(MPQemuMsg *msg);
 
 #endif
diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/mpqemu-link.c
+++ b/hw/remote/mpqemu-link.c
@@ -XXX,XX +XXX,XX @@ fail:
     return ret;
 }
 
+/*
+ * Send msg and wait for a reply with command code RET_MSG.
+ * Returns the message received of size u64 or UINT64_MAX
+ * on error.
+ * Called from VCPU thread in non-coroutine context.
+ * Used by the Proxy object to communicate to remote processes.
+ */
+uint64_t mpqemu_msg_send_and_await_reply(MPQemuMsg *msg, PCIProxyDev *pdev,
+                                         Error **errp)
+{
+    ERRP_GUARD();
+    MPQemuMsg msg_reply = {0};
+    uint64_t ret = UINT64_MAX;
+
+    assert(!qemu_in_coroutine());
+
+    QEMU_LOCK_GUARD(&pdev->io_mutex);
+    if (!mpqemu_msg_send(msg, pdev->ioc, errp)) {
+        return ret;
+    }
+
+    if (!mpqemu_msg_recv(&msg_reply, pdev->ioc, errp)) {
+        return ret;
+    }
+
+    if (!mpqemu_msg_valid(&msg_reply)) {
+        error_setg(errp, "ERROR: Invalid reply received for command %d",
+                         msg->cmd);
+        return ret;
+    }
+
+    return msg_reply.data.u64;
+}
+
 bool mpqemu_msg_valid(MPQemuMsg *msg)
 {
     if (msg->cmd >= MPQEMU_CMD_MAX && msg->cmd < 0) {
-- 
2.29.2

From: Elena Ufimtseva <elena.ufimtseva@oracle.com>

The Proxy Object sends the PCI config space accesses as messages
to the remote process over the communication channel

Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: d3c94f4618813234655356c60e6f0d0362ff42d6.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/hw/remote/mpqemu-link.h | 10 ++++++
 hw/remote/message.c             | 60 +++++++++++++++++++++++++++++++++
 hw/remote/mpqemu-link.c         |  8 ++++-
 hw/remote/proxy.c               | 55 ++++++++++++++++++++++++++++++
 4 files changed, 132 insertions(+), 1 deletion(-)

diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/remote/mpqemu-link.h
+++ b/include/hw/remote/mpqemu-link.h
@@ -XXX,XX +XXX,XX @@
  */
 typedef enum {
     MPQEMU_CMD_SYNC_SYSMEM,
+    MPQEMU_CMD_RET,
+    MPQEMU_CMD_PCI_CFGWRITE,
+    MPQEMU_CMD_PCI_CFGREAD,
     MPQEMU_CMD_MAX,
 } MPQemuCmd;
 
@@ -XXX,XX +XXX,XX @@ typedef struct {
     off_t offsets[REMOTE_MAX_FDS];
 } SyncSysmemMsg;
 
+typedef struct {
+    uint32_t addr;
+    uint32_t val;
+    int len;
+} PciConfDataMsg;
+
 /**
  * MPQemuMsg:
  * @cmd: The remote command
@@ -XXX,XX +XXX,XX @@ typedef struct {
 
     union {
         uint64_t u64;
+        PciConfDataMsg pci_conf_data;
         SyncSysmemMsg sync_sysmem;
     } data;
 
diff --git a/hw/remote/message.c b/hw/remote/message.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/message.c
+++ b/hw/remote/message.c
@@ -XXX,XX +XXX,XX @@
 #include "hw/remote/mpqemu-link.h"
 #include "qapi/error.h"
 #include "sysemu/runstate.h"
+#include "hw/pci/pci.h"
+
+static void process_config_write(QIOChannel *ioc, PCIDevice *dev,
+                                 MPQemuMsg *msg, Error **errp);
+static void process_config_read(QIOChannel *ioc, PCIDevice *dev,
+                                MPQemuMsg *msg, Error **errp);
 
 void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
 {
@@ -XXX,XX +XXX,XX @@ void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
         }
 
         switch (msg.cmd) {
+        case MPQEMU_CMD_PCI_CFGWRITE:
+            process_config_write(com->ioc, pci_dev, &msg, &local_err);
+            break;
+        case MPQEMU_CMD_PCI_CFGREAD:
+            process_config_read(com->ioc, pci_dev, &msg, &local_err);
+            break;
         default:
             error_setg(&local_err,
                        "Unknown command (%d) received for device %s"
@@ -XXX,XX +XXX,XX @@ void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
         qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
     }
 }
+
+static void process_config_write(QIOChannel *ioc, PCIDevice *dev,
+                                 MPQemuMsg *msg, Error **errp)
+{
+    ERRP_GUARD();
+    PciConfDataMsg *conf = (PciConfDataMsg *)&msg->data.pci_conf_data;
+    MPQemuMsg ret = { 0 };
+
+    if ((conf->addr + sizeof(conf->val)) > pci_config_size(dev)) {
+        error_setg(errp, "Bad address for PCI config write, pid "FMT_pid".",
+                   getpid());
+        ret.data.u64 = UINT64_MAX;
+    } else {
+        pci_default_write_config(dev, conf->addr, conf->val, conf->len);
+    }
+
+    ret.cmd = MPQEMU_CMD_RET;
+    ret.size = sizeof(ret.data.u64);
+
+    if (!mpqemu_msg_send(&ret, ioc, NULL)) {
+        error_prepend(errp, "Error returning code to proxy, pid "FMT_pid": ",
+                      getpid());
+    }
+}
+
+static void process_config_read(QIOChannel *ioc, PCIDevice *dev,
+                                MPQemuMsg *msg, Error **errp)
+{
+    ERRP_GUARD();
+    PciConfDataMsg *conf = (PciConfDataMsg *)&msg->data.pci_conf_data;
+    MPQemuMsg ret = { 0 };
+
+    if ((conf->addr + sizeof(conf->val)) > pci_config_size(dev)) {
+        error_setg(errp, "Bad address for PCI config read, pid "FMT_pid".",
+                   getpid());
+        ret.data.u64 = UINT64_MAX;
+    } else {
+        ret.data.u64 = pci_default_read_config(dev, conf->addr, conf->len);
+    }
+
+    ret.cmd = MPQEMU_CMD_RET;
+    ret.size = sizeof(ret.data.u64);
+
+    if (!mpqemu_msg_send(&ret, ioc, NULL)) {
+        error_prepend(errp, "Error returning code to proxy, pid "FMT_pid": ",
+                      getpid());
+    }
+}
diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/mpqemu-link.c
+++ b/hw/remote/mpqemu-link.c
@@ -XXX,XX +XXX,XX @@ uint64_t mpqemu_msg_send_and_await_reply(MPQemuMsg *msg, PCIProxyDev *pdev,
         return ret;
     }
 
-    if (!mpqemu_msg_valid(&msg_reply)) {
+    if (!mpqemu_msg_valid(&msg_reply) || msg_reply.cmd != MPQEMU_CMD_RET) {
         error_setg(errp, "ERROR: Invalid reply received for command %d",
                          msg->cmd);
         return ret;
@@ -XXX,XX +XXX,XX @@ bool mpqemu_msg_valid(MPQemuMsg *msg)
             return false;
         }
         break;
+    case MPQEMU_CMD_PCI_CFGWRITE:
+    case MPQEMU_CMD_PCI_CFGREAD:
+        if (msg->size != sizeof(PciConfDataMsg)) {
+            return false;
+        }
+        break;
     default:
         break;
     }
diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/proxy.c
+++ b/hw/remote/proxy.c
@@ -XXX,XX +XXX,XX @@
 #include "monitor/monitor.h"
 #include "migration/blocker.h"
 #include "qemu/sockets.h"
+#include "hw/remote/mpqemu-link.h"
+#include "qemu/error-report.h"
 
 static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
 {
@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_exit(PCIDevice *pdev)
     error_free(dev->migration_blocker);
 }
 
+static void config_op_send(PCIProxyDev *pdev, uint32_t addr, uint32_t *val,
+                           int len, unsigned int op)
+{
+    MPQemuMsg msg = { 0 };
+    uint64_t ret = -EINVAL;
+    Error *local_err = NULL;
+
+    msg.cmd = op;
+    msg.data.pci_conf_data.addr = addr;
+    msg.data.pci_conf_data.val = (op == MPQEMU_CMD_PCI_CFGWRITE) ? *val : 0;
+    msg.data.pci_conf_data.len = len;
+    msg.size = sizeof(PciConfDataMsg);
+
+    ret = mpqemu_msg_send_and_await_reply(&msg, pdev, &local_err);
+    if (local_err) {
+        error_report_err(local_err);
+    }
+
+    if (ret == UINT64_MAX) {
+        error_report("Failed to perform PCI config %s operation",
+                     (op == MPQEMU_CMD_PCI_CFGREAD) ? "READ" : "WRITE");
+    }
+
+    if (op == MPQEMU_CMD_PCI_CFGREAD) {
+        *val = (uint32_t)ret;
+    }
+}
+
+static uint32_t pci_proxy_read_config(PCIDevice *d, uint32_t addr, int len)
+{
+    uint32_t val;
+
+    config_op_send(PCI_PROXY_DEV(d), addr, &val, len, MPQEMU_CMD_PCI_CFGREAD);
+
+    return val;
+}
+
+static void pci_proxy_write_config(PCIDevice *d, uint32_t addr, uint32_t val,
+                                   int len)
+{
+    /*
+     * Some of the functions access the copy of remote device's PCI config
+     * space which is cached in the proxy device. Therefore, maintain
+     * it updated.
+     */
+    pci_default_write_config(d, addr, val, len);
+
+    config_op_send(PCI_PROXY_DEV(d), addr, &val, len, MPQEMU_CMD_PCI_CFGWRITE);
+}
+
 static Property proxy_properties[] = {
     DEFINE_PROP_STRING("fd", PCIProxyDev, fd),
     DEFINE_PROP_END_OF_LIST(),
@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_class_init(ObjectClass *klass, void *data)
 
     k->realize = pci_proxy_dev_realize;
     k->exit = pci_proxy_dev_exit;
+    k->config_read = pci_proxy_read_config;
+    k->config_write = pci_proxy_write_config;
+
     device_class_set_props(dc, proxy_properties);
 }
 
-- 
2.29.2

From: Jagannathan Raman <jag.raman@oracle.com>

Proxy device object implements handler for PCI BAR writes and reads.
The handler uses BAR_WRITE/BAR_READ message to communicate to the
remote process with the BAR address and value to be written/read.
The remote process implements handler for BAR_WRITE/BAR_READ
message.

Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: a8b76714a9688be5552c4c92d089bc9e8a4707ff.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/hw/remote/mpqemu-link.h | 10 ++++
 include/hw/remote/proxy.h       |  9 ++++
 hw/remote/message.c             | 83 +++++++++++++++++++++++++++++++++
 hw/remote/mpqemu-link.c         |  6 +++
 hw/remote/proxy.c               | 60 ++++++++++++++++++++++++
 5 files changed, 168 insertions(+)

diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/remote/mpqemu-link.h
+++ b/include/hw/remote/mpqemu-link.h
@@ -XXX,XX +XXX,XX @@ typedef enum {
     MPQEMU_CMD_RET,
     MPQEMU_CMD_PCI_CFGWRITE,
     MPQEMU_CMD_PCI_CFGREAD,
+    MPQEMU_CMD_BAR_WRITE,
+    MPQEMU_CMD_BAR_READ,
     MPQEMU_CMD_MAX,
 } MPQemuCmd;
 
@@ -XXX,XX +XXX,XX @@ typedef struct {
     int len;
 } PciConfDataMsg;
 
+typedef struct {
+    hwaddr addr;
+    uint64_t val;
+    unsigned size;
+    bool memory;
+} BarAccessMsg;
+
 /**
  * MPQemuMsg:
  * @cmd: The remote command
@@ -XXX,XX +XXX,XX @@ typedef struct {
         uint64_t u64;
         PciConfDataMsg pci_conf_data;
         SyncSysmemMsg sync_sysmem;
+        BarAccessMsg bar_access;
     } data;
 
     int fds[REMOTE_MAX_FDS];
diff --git a/include/hw/remote/proxy.h b/include/hw/remote/proxy.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/remote/proxy.h
+++ b/include/hw/remote/proxy.h
@@ -XXX,XX +XXX,XX @@
 #define TYPE_PCI_PROXY_DEV "x-pci-proxy-dev"
 OBJECT_DECLARE_SIMPLE_TYPE(PCIProxyDev, PCI_PROXY_DEV)
 
+typedef struct ProxyMemoryRegion {
+    PCIProxyDev *dev;
+    MemoryRegion mr;
+    bool memory;
+    bool present;
+    uint8_t type;
+} ProxyMemoryRegion;
+
 struct PCIProxyDev {
     PCIDevice parent_dev;
     char *fd;
@@ -XXX,XX +XXX,XX @@ struct PCIProxyDev {
     QemuMutex io_mutex;
     QIOChannel *ioc;
     Error *migration_blocker;
+    ProxyMemoryRegion region[PCI_NUM_REGIONS];
 };
 
 #endif /* PROXY_H */
diff --git a/hw/remote/message.c b/hw/remote/message.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/message.c
+++ b/hw/remote/message.c
@@ -XXX,XX +XXX,XX @@
 #include "qapi/error.h"
 #include "sysemu/runstate.h"
 #include "hw/pci/pci.h"
+#include "exec/memattrs.h"
 
 static void process_config_write(QIOChannel *ioc, PCIDevice *dev,
                                  MPQemuMsg *msg, Error **errp);
 static void process_config_read(QIOChannel *ioc, PCIDevice *dev,
                                 MPQemuMsg *msg, Error **errp);
+static void process_bar_write(QIOChannel *ioc, MPQemuMsg *msg, Error **errp);
+static void process_bar_read(QIOChannel *ioc, MPQemuMsg *msg, Error **errp);
 
 void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
 {
@@ -XXX,XX +XXX,XX @@ void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
         case MPQEMU_CMD_PCI_CFGREAD:
             process_config_read(com->ioc, pci_dev, &msg, &local_err);
             break;
+        case MPQEMU_CMD_BAR_WRITE:
+            process_bar_write(com->ioc, &msg, &local_err);
+            break;
+        case MPQEMU_CMD_BAR_READ:
+            process_bar_read(com->ioc, &msg, &local_err);
+            break;
         default:
             error_setg(&local_err,
                        "Unknown command (%d) received for device %s"
@@ -XXX,XX +XXX,XX @@ static void process_config_read(QIOChannel *ioc, PCIDevice *dev,
                       getpid());
     }
 }
+
+static void process_bar_write(QIOChannel *ioc, MPQemuMsg *msg, Error **errp)
+{
+    ERRP_GUARD();
+    BarAccessMsg *bar_access = &msg->data.bar_access;
+    AddressSpace *as =
+        bar_access->memory ? &address_space_memory : &address_space_io;
+    MPQemuMsg ret = { 0 };
+    MemTxResult res;
+    uint64_t val;
+
+    if (!is_power_of_2(bar_access->size) ||
+       (bar_access->size > sizeof(uint64_t))) {
+        ret.data.u64 = UINT64_MAX;
+        goto fail;
+    }
+
+    val = cpu_to_le64(bar_access->val);
+
+    res = address_space_rw(as, bar_access->addr, MEMTXATTRS_UNSPECIFIED,
+                           (void *)&val, bar_access->size, true);
+
+    if (res != MEMTX_OK) {
+        error_setg(errp, "Bad address %"PRIx64" for mem write, pid "FMT_pid".",
+                   bar_access->addr, getpid());
+        ret.data.u64 = -1;
+    }
+
+fail:
+    ret.cmd = MPQEMU_CMD_RET;
+    ret.size = sizeof(ret.data.u64);
+
+    if (!mpqemu_msg_send(&ret, ioc, NULL)) {
+        error_prepend(errp, "Error returning code to proxy, pid "FMT_pid": ",
+                      getpid());
+    }
+}
+
+static void process_bar_read(QIOChannel *ioc, MPQemuMsg *msg, Error **errp)
+{
+    ERRP_GUARD();
+    BarAccessMsg *bar_access = &msg->data.bar_access;
+    MPQemuMsg ret = { 0 };
+    AddressSpace *as;
+    MemTxResult res;
+    uint64_t val = 0;
+
+    as = bar_access->memory ? &address_space_memory : &address_space_io;
+
+    if (!is_power_of_2(bar_access->size) ||
+       (bar_access->size > sizeof(uint64_t))) {
+        val = UINT64_MAX;
+        goto fail;
+    }
+
+    res = address_space_rw(as, bar_access->addr, MEMTXATTRS_UNSPECIFIED,
+                           (void *)&val, bar_access->size, false);
+
+    if (res != MEMTX_OK) {
+        error_setg(errp, "Bad address %"PRIx64" for mem read, pid "FMT_pid".",
+                   bar_access->addr, getpid());
+        val = UINT64_MAX;
+    }
+
+fail:
+    ret.cmd = MPQEMU_CMD_RET;
+    ret.data.u64 = le64_to_cpu(val);
+    ret.size = sizeof(ret.data.u64);
+
+    if (!mpqemu_msg_send(&ret, ioc, NULL)) {
+        error_prepend(errp, "Error returning code to proxy, pid "FMT_pid": ",
+                      getpid());
+    }
+}
diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/mpqemu-link.c
+++ b/hw/remote/mpqemu-link.c
@@ -XXX,XX +XXX,XX @@ bool mpqemu_msg_valid(MPQemuMsg *msg)
             return false;
         }
         break;
+    case MPQEMU_CMD_BAR_WRITE:
+    case MPQEMU_CMD_BAR_READ:
+        if ((msg->size != sizeof(BarAccessMsg)) || (msg->num_fds != 0)) {
+            return false;
+        }
+        break;
     default:
         break;
     }
diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/proxy.c
+++ b/hw/remote/proxy.c
@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_register_types(void)
 }
 
 type_init(pci_proxy_dev_register_types)
+
+static void send_bar_access_msg(PCIProxyDev *pdev, MemoryRegion *mr,
+                                bool write, hwaddr addr, uint64_t *val,
+                                unsigned size, bool memory)
+{
+    MPQemuMsg msg = { 0 };
+    long ret = -EINVAL;
+    Error *local_err = NULL;
+
+    msg.size = sizeof(BarAccessMsg);
+    msg.data.bar_access.addr = mr->addr + addr;
+    msg.data.bar_access.size = size;
+    msg.data.bar_access.memory = memory;
+
+    if (write) {
+        msg.cmd = MPQEMU_CMD_BAR_WRITE;
+        msg.data.bar_access.val = *val;
+    } else {
+        msg.cmd = MPQEMU_CMD_BAR_READ;
+    }
+
+    ret = mpqemu_msg_send_and_await_reply(&msg, pdev, &local_err);
+    if (local_err) {
+        error_report_err(local_err);
+    }
+
+    if (!write) {
+        *val = ret;
+    }
+}
+
+static void proxy_bar_write(void *opaque, hwaddr addr, uint64_t val,
+                            unsigned size)
+{
+    ProxyMemoryRegion *pmr = opaque;
+
+    send_bar_access_msg(pmr->dev, &pmr->mr, true, addr, &val, size,
+                        pmr->memory);
+}
+
+static uint64_t proxy_bar_read(void *opaque, hwaddr addr, unsigned size)
+{
+    ProxyMemoryRegion *pmr = opaque;
+    uint64_t val;
+
+    send_bar_access_msg(pmr->dev, &pmr->mr, false, addr, &val, size,
+                        pmr->memory);
+
+    return val;
+}
+
+const MemoryRegionOps proxy_mr_ops = {
+    .read = proxy_bar_read,
+    .write = proxy_bar_write,
+    .endianness = DEVICE_NATIVE_ENDIAN,
+    .impl = {
+        .min_access_size = 1,
+        .max_access_size = 8,
+    },
+};
-- 
2.29.2

From: Jagannathan Raman <jag.raman@oracle.com>

Add ProxyMemoryListener object which is used to keep the view of the RAM
in sync between QEMU and remote process.
A MemoryListener is registered for system-memory AddressSpace. The
listener sends SYNC_SYSMEM message to the remote process when memory
listener commits the changes to memory, the remote process receives
the message and processes it in the handler for SYNC_SYSMEM message.

Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 04fe4e6a9ca90d4f11ab6f59be7652f5b086a071.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 MAINTAINERS                               |   2 +
 include/hw/remote/proxy-memory-listener.h |  28 +++
 include/hw/remote/proxy.h                 |   2 +
 hw/remote/message.c                       |   4 +
 hw/remote/proxy-memory-listener.c         | 227 ++++++++++++++++++++++
 hw/remote/proxy.c                         |   6 +
 hw/remote/meson.build                     |   1 +
 7 files changed, 270 insertions(+)
 create mode 100644 include/hw/remote/proxy-memory-listener.h
 create mode 100644 hw/remote/proxy-memory-listener.c

diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ F: include/hw/remote/memory.h
 F: hw/remote/memory.c
 F: hw/remote/proxy.c
 F: include/hw/remote/proxy.h
+F: hw/remote/proxy-memory-listener.c
+F: include/hw/remote/proxy-memory-listener.h
 
 Build and test automation
 -------------------------
diff --git a/include/hw/remote/proxy-memory-listener.h b/include/hw/remote/proxy-memory-listener.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/include/hw/remote/proxy-memory-listener.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef PROXY_MEMORY_LISTENER_H
+#define PROXY_MEMORY_LISTENER_H
+
+#include "exec/memory.h"
+#include "io/channel.h"
+
+typedef struct ProxyMemoryListener {
+    MemoryListener listener;
+
+    int n_mr_sections;
+    MemoryRegionSection *mr_sections;
+
+    QIOChannel *ioc;
+} ProxyMemoryListener;
+
+void proxy_memory_listener_configure(ProxyMemoryListener *proxy_listener,
+                                     QIOChannel *ioc);
+void proxy_memory_listener_deconfigure(ProxyMemoryListener *proxy_listener);
+
+#endif
diff --git a/include/hw/remote/proxy.h b/include/hw/remote/proxy.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/remote/proxy.h
+++ b/include/hw/remote/proxy.h
@@ -XXX,XX +XXX,XX @@
 
 #include "hw/pci/pci.h"
 #include "io/channel.h"
+#include "hw/remote/proxy-memory-listener.h"
 
 #define TYPE_PCI_PROXY_DEV "x-pci-proxy-dev"
 OBJECT_DECLARE_SIMPLE_TYPE(PCIProxyDev, PCI_PROXY_DEV)
@@ -XXX,XX +XXX,XX @@ struct PCIProxyDev {
     QemuMutex io_mutex;
     QIOChannel *ioc;
     Error *migration_blocker;
+    ProxyMemoryListener proxy_listener;
     ProxyMemoryRegion region[PCI_NUM_REGIONS];
 };
 
diff --git a/hw/remote/message.c b/hw/remote/message.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/message.c
+++ b/hw/remote/message.c
@@ -XXX,XX +XXX,XX @@
 #include "sysemu/runstate.h"
 #include "hw/pci/pci.h"
 #include "exec/memattrs.h"
+#include "hw/remote/memory.h"
 
 static void process_config_write(QIOChannel *ioc, PCIDevice *dev,
                                  MPQemuMsg *msg, Error **errp);
@@ -XXX,XX +XXX,XX @@ void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
         case MPQEMU_CMD_BAR_READ:
             process_bar_read(com->ioc, &msg, &local_err);
             break;
+        case MPQEMU_CMD_SYNC_SYSMEM:
+            remote_sysmem_reconfig(&msg, &local_err);
+            break;
         default:
             error_setg(&local_err,
                        "Unknown command (%d) received for device %s"
diff --git a/hw/remote/proxy-memory-listener.c b/hw/remote/proxy-memory-listener.c
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/hw/remote/proxy-memory-listener.c
@@ -XXX,XX +XXX,XX @@
+/*
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+
+#include "qemu/compiler.h"
+#include "qemu/int128.h"
+#include "qemu/range.h"
+#include "exec/memory.h"
+#include "exec/cpu-common.h"
+#include "cpu.h"
+#include "exec/ram_addr.h"
+#include "exec/address-spaces.h"
+#include "qapi/error.h"
+#include "hw/remote/mpqemu-link.h"
+#include "hw/remote/proxy-memory-listener.h"
+
+/*
+ * TODO: get_fd_from_hostaddr(), proxy_mrs_can_merge() and
+ * proxy_memory_listener_commit() defined below perform tasks similar to the
+ * functions defined in vhost-user.c. These functions are good candidates
+ * for refactoring.
+ *
+ */
+
+static void proxy_memory_listener_reset(MemoryListener *listener)
+{
+    ProxyMemoryListener *proxy_listener = container_of(listener,
+                                                       ProxyMemoryListener,
+                                                       listener);
+    int mrs;
+
+    for (mrs = 0; mrs < proxy_listener->n_mr_sections; mrs++) {
+        memory_region_unref(proxy_listener->mr_sections[mrs].mr);
+    }
+
+    g_free(proxy_listener->mr_sections);
+    proxy_listener->mr_sections = NULL;
+    proxy_listener->n_mr_sections = 0;
+}
+
+static int get_fd_from_hostaddr(uint64_t host, ram_addr_t *offset)
+{
+    MemoryRegion *mr;
+    ram_addr_t off;
+
+    /**
+     * Assumes that the host address is a valid address as it's
+     * coming from the MemoryListener system. In the case host
+     * address is not valid, the following call would return
+     * the default subregion of "system_memory" region, and
+     * not NULL. So it's not possible to check for NULL here.
+     */
+    mr = memory_region_from_host((void *)(uintptr_t)host, &off);
+
+    if (offset) {
+        *offset = off;
+    }
+
+    return memory_region_get_fd(mr);
+}
+
+static bool proxy_mrs_can_merge(uint64_t host, uint64_t prev_host, size_t size)
+{
+    if (((prev_host + size) != host)) {
+        return false;
+    }
+
+    if (get_fd_from_hostaddr(host, NULL) !=
+            get_fd_from_hostaddr(prev_host, NULL)) {
+        return false;
+    }
+
+    return true;
+}
+
+static bool try_merge(ProxyMemoryListener *proxy_listener,
+                      MemoryRegionSection *section)
+{
+    uint64_t mrs_size, mrs_gpa, mrs_page;
+    MemoryRegionSection *prev_sec;
+    bool merged = false;
+    uintptr_t mrs_host;
+    RAMBlock *mrs_rb;
+
+    if (!proxy_listener->n_mr_sections) {
+        return false;
+    }
+
+    mrs_rb = section->mr->ram_block;
+    mrs_page = (uint64_t)qemu_ram_pagesize(mrs_rb);
+    mrs_size = int128_get64(section->size);
+    mrs_gpa = section->offset_within_address_space;
+    mrs_host = (uintptr_t)memory_region_get_ram_ptr(section->mr) +
+               section->offset_within_region;
+
+    if (get_fd_from_hostaddr(mrs_host, NULL) < 0) {
+        return true;
+    }
+
+    mrs_host = mrs_host & ~(mrs_page - 1);
+    mrs_gpa = mrs_gpa & ~(mrs_page - 1);
+    mrs_size = ROUND_UP(mrs_size, mrs_page);
+
+    prev_sec = proxy_listener->mr_sections +
+               (proxy_listener->n_mr_sections - 1);
+    uint64_t prev_gpa_start = prev_sec->offset_within_address_space;
+    uint64_t prev_size = int128_get64(prev_sec->size);
+    uint64_t prev_gpa_end   = range_get_last(prev_gpa_start, prev_size);
+    uint64_t prev_host_start =
+        (uintptr_t)memory_region_get_ram_ptr(prev_sec->mr) +
+        prev_sec->offset_within_region;
+    uint64_t prev_host_end = range_get_last(prev_host_start, prev_size);
+
+    if (mrs_gpa <= (prev_gpa_end + 1)) {
+        g_assert(mrs_gpa > prev_gpa_start);
+
+        if ((section->mr == prev_sec->mr) &&
+            proxy_mrs_can_merge(mrs_host, prev_host_start,
+                                (mrs_gpa - prev_gpa_start))) {
+            uint64_t max_end = MAX(prev_host_end, mrs_host + mrs_size);
+            merged = true;
+            prev_sec->offset_within_address_space =
+                MIN(prev_gpa_start, mrs_gpa);
+            prev_sec->offset_within_region =
+                MIN(prev_host_start, mrs_host) -
+                (uintptr_t)memory_region_get_ram_ptr(prev_sec->mr);
+            prev_sec->size = int128_make64(max_end - MIN(prev_host_start,
+                                                         mrs_host));
+        }
+    }
+
+    return merged;
+}
+
+static void proxy_memory_listener_region_addnop(MemoryListener *listener,
+                                                MemoryRegionSection *section)
+{
+    ProxyMemoryListener *proxy_listener = container_of(listener,
+                                                       ProxyMemoryListener,
+                                                       listener);
+
+    if (!memory_region_is_ram(section->mr) ||
+            memory_region_is_rom(section->mr)) {
+        return;
+    }
+
+    if (try_merge(proxy_listener, section)) {
+        return;
+    }
+
+    ++proxy_listener->n_mr_sections;
+    proxy_listener->mr_sections = g_renew(MemoryRegionSection,
+                                          proxy_listener->mr_sections,
+                                          proxy_listener->n_mr_sections);
+    proxy_listener->mr_sections[proxy_listener->n_mr_sections - 1] = *section;
+    proxy_listener->mr_sections[proxy_listener->n_mr_sections - 1].fv = NULL;
+    memory_region_ref(section->mr);
+}
+
+static void proxy_memory_listener_commit(MemoryListener *listener)
+{
+    ProxyMemoryListener *proxy_listener = container_of(listener,
+                                                       ProxyMemoryListener,
+                                                       listener);
+    MPQemuMsg msg;
+    MemoryRegionSection *section;
+    ram_addr_t offset;
+    uintptr_t host_addr;
+    int region;
+    Error *local_err = NULL;
+
+    memset(&msg, 0, sizeof(MPQemuMsg));
+
+    msg.cmd = MPQEMU_CMD_SYNC_SYSMEM;
+    msg.num_fds = proxy_listener->n_mr_sections;
+    msg.size = sizeof(SyncSysmemMsg);
+    if (msg.num_fds > REMOTE_MAX_FDS) {
+        error_report("Number of fds is more than %d", REMOTE_MAX_FDS);
+        return;
+    }
+
+    for (region = 0; region < proxy_listener->n_mr_sections; region++) {
+        section = &proxy_listener->mr_sections[region];
+        msg.data.sync_sysmem.gpas[region] =
+            section->offset_within_address_space;
+        msg.data.sync_sysmem.sizes[region] = int128_get64(section->size);
+        host_addr = (uintptr_t)memory_region_get_ram_ptr(section->mr) +
+                    section->offset_within_region;
+        msg.fds[region] = get_fd_from_hostaddr(host_addr, &offset);
+        msg.data.sync_sysmem.offsets[region] = offset;
+    }
+    if (!mpqemu_msg_send(&msg, proxy_listener->ioc, &local_err)) {
+        error_report_err(local_err);
+    }
+}
+
+void proxy_memory_listener_deconfigure(ProxyMemoryListener *proxy_listener)
+{
+    memory_listener_unregister(&proxy_listener->listener);
+
+    proxy_memory_listener_reset(&proxy_listener->listener);
+}
+
+void proxy_memory_listener_configure(ProxyMemoryListener *proxy_listener,
+                                     QIOChannel *ioc)
+{
+    proxy_listener->n_mr_sections = 0;
+    proxy_listener->mr_sections = NULL;
+
+    proxy_listener->ioc = ioc;
+
+    proxy_listener->listener.begin = proxy_memory_listener_reset;
+    proxy_listener->listener.commit = proxy_memory_listener_commit;
+    proxy_listener->listener.region_add = proxy_memory_listener_region_addnop;
+    proxy_listener->listener.region_nop = proxy_memory_listener_region_addnop;
+    proxy_listener->listener.priority = 10;
+
+    memory_listener_register(&proxy_listener->listener,
+                             &address_space_memory);
+}
diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/proxy.c
+++ b/hw/remote/proxy.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/sockets.h"
 #include "hw/remote/mpqemu-link.h"
 #include "qemu/error-report.h"
+#include "hw/remote/proxy-memory-listener.h"
+#include "qom/object.h"
 
 static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
 {
@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
 
     qemu_mutex_init(&dev->io_mutex);
     qio_channel_set_blocking(dev->ioc, true, NULL);
+
+    proxy_memory_listener_configure(&dev->proxy_listener, dev->ioc);
 }
 
 static void pci_proxy_dev_exit(PCIDevice *pdev)
@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_exit(PCIDevice *pdev)
     migrate_del_blocker(dev->migration_blocker);
 
     error_free(dev->migration_blocker);
+
+    proxy_memory_listener_deconfigure(&dev->proxy_listener);
 }
 
 static void config_op_send(PCIProxyDev *pdev, uint32_t addr, uint32_t *val,
diff --git a/hw/remote/meson.build b/hw/remote/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/meson.build
+++ b/hw/remote/meson.build
@@ -XXX,XX +XXX,XX @@ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('remote-obj.c'))
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('proxy.c'))
 
 specific_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('memory.c'))
+specific_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('proxy-memory-listener.c'))
 
 softmmu_ss.add_all(when: 'CONFIG_MULTIPROCESS', if_true: remote_ss)
-- 
2.29.2

From: Jagannathan Raman <jag.raman@oracle.com>

IOHUB object is added to manage PCI IRQs. It uses KVM_IRQFD
ioctl to create irqfd to injecting PCI interrupts to the guest.
IOHUB object forwards the irqfd to the remote process. Remote process
uses this fd to directly send interrupts to the guest, bypassing QEMU.

Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 51d5c3d54e28a68b002e3875c59599c9f5a424a1.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 MAINTAINERS                     |   2 +
 include/hw/pci/pci_ids.h        |   3 +
 include/hw/remote/iohub.h       |  42 +++++++++++
 include/hw/remote/machine.h     |   2 +
 include/hw/remote/mpqemu-link.h |   1 +
 include/hw/remote/proxy.h       |   4 ++
 hw/remote/iohub.c               | 119 ++++++++++++++++++++++++++++++++
 hw/remote/machine.c             |  10 +++
 hw/remote/message.c             |   4 ++
 hw/remote/mpqemu-link.c         |   5 ++
 hw/remote/proxy.c               |  56 +++++++++++++++
 hw/remote/meson.build           |   1 +
 12 files changed, 249 insertions(+)
 create mode 100644 include/hw/remote/iohub.h
 create mode 100644 hw/remote/iohub.c

diff --git a/MAINTAINERS b/MAINTAINERS
index XXXXXXX..XXXXXXX 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -XXX,XX +XXX,XX @@ F: hw/remote/proxy.c
 F: include/hw/remote/proxy.h
 F: hw/remote/proxy-memory-listener.c
 F: include/hw/remote/proxy-memory-listener.h
+F: hw/remote/iohub.c
+F: include/hw/remote/iohub.h
 
 Build and test automation
 -------------------------
diff --git a/include/hw/pci/pci_ids.h b/include/hw/pci/pci_ids.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/pci/pci_ids.h
+++ b/include/hw/pci/pci_ids.h
@@ -XXX,XX +XXX,XX @@
 #define PCI_DEVICE_ID_SUN_SIMBA          0x5000
 #define PCI_DEVICE_ID_SUN_SABRE          0xa000
 
+#define PCI_VENDOR_ID_ORACLE             0x108e
+#define PCI_DEVICE_ID_REMOTE_IOHUB       0xb000
+
 #define PCI_VENDOR_ID_CMD                0x1095
 #define PCI_DEVICE_ID_CMD_646            0x0646
 
diff --git a/include/hw/remote/iohub.h b/include/hw/remote/iohub.h
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/include/hw/remote/iohub.h
@@ -XXX,XX +XXX,XX @@
+/*
+ * IO Hub for remote device
+ *
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef REMOTE_IOHUB_H
+#define REMOTE_IOHUB_H
+
+#include "hw/pci/pci.h"
+#include "qemu/event_notifier.h"
+#include "qemu/thread-posix.h"
+#include "hw/remote/mpqemu-link.h"
+
+#define REMOTE_IOHUB_NB_PIRQS    PCI_DEVFN_MAX
+
+typedef struct ResampleToken {
+    void *iohub;
+    int pirq;
+} ResampleToken;
+
+typedef struct RemoteIOHubState {
+    PCIDevice d;
+    EventNotifier irqfds[REMOTE_IOHUB_NB_PIRQS];
+    EventNotifier resamplefds[REMOTE_IOHUB_NB_PIRQS];
+    unsigned int irq_level[REMOTE_IOHUB_NB_PIRQS];
+    ResampleToken token[REMOTE_IOHUB_NB_PIRQS];
+    QemuMutex irq_level_lock[REMOTE_IOHUB_NB_PIRQS];
+} RemoteIOHubState;
+
+int remote_iohub_map_irq(PCIDevice *pci_dev, int intx);
+void remote_iohub_set_irq(void *opaque, int pirq, int level);
+void process_set_irqfd_msg(PCIDevice *pci_dev, MPQemuMsg *msg);
+
+void remote_iohub_init(RemoteIOHubState *iohub);
+void remote_iohub_finalize(RemoteIOHubState *iohub);
+
+#endif
diff --git a/include/hw/remote/machine.h b/include/hw/remote/machine.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/remote/machine.h
+++ b/include/hw/remote/machine.h
@@ -XXX,XX +XXX,XX @@
 #include "hw/boards.h"
 #include "hw/pci-host/remote.h"
 #include "io/channel.h"
+#include "hw/remote/iohub.h"
 
 struct RemoteMachineState {
     MachineState parent_obj;
 
     RemotePCIHost *host;
+    RemoteIOHubState iohub;
 };
 
 /* Used to pass to co-routine device and ioc. */
diff --git a/include/hw/remote/mpqemu-link.h b/include/hw/remote/mpqemu-link.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/remote/mpqemu-link.h
+++ b/include/hw/remote/mpqemu-link.h
@@ -XXX,XX +XXX,XX @@ typedef enum {
     MPQEMU_CMD_PCI_CFGREAD,
     MPQEMU_CMD_BAR_WRITE,
     MPQEMU_CMD_BAR_READ,
+    MPQEMU_CMD_SET_IRQFD,
     MPQEMU_CMD_MAX,
 } MPQemuCmd;
 
diff --git a/include/hw/remote/proxy.h b/include/hw/remote/proxy.h
index XXXXXXX..XXXXXXX 100644
--- a/include/hw/remote/proxy.h
+++ b/include/hw/remote/proxy.h
@@ -XXX,XX +XXX,XX @@
 #include "hw/pci/pci.h"
 #include "io/channel.h"
 #include "hw/remote/proxy-memory-listener.h"
+#include "qemu/event_notifier.h"
 
 #define TYPE_PCI_PROXY_DEV "x-pci-proxy-dev"
 OBJECT_DECLARE_SIMPLE_TYPE(PCIProxyDev, PCI_PROXY_DEV)
@@ -XXX,XX +XXX,XX @@ struct PCIProxyDev {
     QIOChannel *ioc;
     Error *migration_blocker;
     ProxyMemoryListener proxy_listener;
+    int virq;
+    EventNotifier intr;
+    EventNotifier resample;
     ProxyMemoryRegion region[PCI_NUM_REGIONS];
 };
 
diff --git a/hw/remote/iohub.c b/hw/remote/iohub.c
new file mode 100644
index XXXXXXX..XXXXXXX
--- /dev/null
+++ b/hw/remote/iohub.c
@@ -XXX,XX +XXX,XX @@
+/*
+ * Remote IO Hub
+ *
+ * Copyright © 2018, 2021 Oracle and/or its affiliates.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+
+#include "hw/pci/pci.h"
+#include "hw/pci/pci_ids.h"
+#include "hw/pci/pci_bus.h"
+#include "qemu/thread.h"
+#include "hw/boards.h"
+#include "hw/remote/machine.h"
+#include "hw/remote/iohub.h"
+#include "qemu/main-loop.h"
+
+void remote_iohub_init(RemoteIOHubState *iohub)
+{
+    int pirq;
+
+    memset(&iohub->irqfds, 0, sizeof(iohub->irqfds));
+    memset(&iohub->resamplefds, 0, sizeof(iohub->resamplefds));
+
+    for (pirq = 0; pirq < REMOTE_IOHUB_NB_PIRQS; pirq++) {
+        qemu_mutex_init(&iohub->irq_level_lock[pirq]);
+        iohub->irq_level[pirq] = 0;
+        event_notifier_init_fd(&iohub->irqfds[pirq], -1);
+        event_notifier_init_fd(&iohub->resamplefds[pirq], -1);
+    }
+}
+
+void remote_iohub_finalize(RemoteIOHubState *iohub)
+{
+    int pirq;
+
+    for (pirq = 0; pirq < REMOTE_IOHUB_NB_PIRQS; pirq++) {
+        qemu_set_fd_handler(event_notifier_get_fd(&iohub->resamplefds[pirq]),
+                            NULL, NULL, NULL);
+        event_notifier_cleanup(&iohub->irqfds[pirq]);
+        event_notifier_cleanup(&iohub->resamplefds[pirq]);
+        qemu_mutex_destroy(&iohub->irq_level_lock[pirq]);
+    }
+}
+
+int remote_iohub_map_irq(PCIDevice *pci_dev, int intx)
+{
+    return pci_dev->devfn;
+}
+
+void remote_iohub_set_irq(void *opaque, int pirq, int level)
+{
+    RemoteIOHubState *iohub = opaque;
+
+    assert(pirq >= 0);
+    assert(pirq < PCI_DEVFN_MAX);
+
+    QEMU_LOCK_GUARD(&iohub->irq_level_lock[pirq]);
+
+    if (level) {
+        if (++iohub->irq_level[pirq] == 1) {
+            event_notifier_set(&iohub->irqfds[pirq]);
+        }
+    } else if (iohub->irq_level[pirq] > 0) {
+        iohub->irq_level[pirq]--;
+    }
+}
+
+static void intr_resample_handler(void *opaque)
+{
+    ResampleToken *token = opaque;
+    RemoteIOHubState *iohub = token->iohub;
+    int pirq, s;
+
+    pirq = token->pirq;
+
+    s = event_notifier_test_and_clear(&iohub->resamplefds[pirq]);
+
+    assert(s >= 0);
+
+    QEMU_LOCK_GUARD(&iohub->irq_level_lock[pirq]);
+
+    if (iohub->irq_level[pirq]) {
+        event_notifier_set(&iohub->irqfds[pirq]);
+    }
+}
+
+void process_set_irqfd_msg(PCIDevice *pci_dev, MPQemuMsg *msg)
+{
+    RemoteMachineState *machine = REMOTE_MACHINE(current_machine);
+    RemoteIOHubState *iohub = &machine->iohub;
+    int pirq, intx;
+
+    intx = pci_get_byte(pci_dev->config + PCI_INTERRUPT_PIN) - 1;
+
+    pirq = remote_iohub_map_irq(pci_dev, intx);
+
+    if (event_notifier_get_fd(&iohub->irqfds[pirq]) != -1) {
+        qemu_set_fd_handler(event_notifier_get_fd(&iohub->resamplefds[pirq]),
+                            NULL, NULL, NULL);
+        event_notifier_cleanup(&iohub->irqfds[pirq]);
+        event_notifier_cleanup(&iohub->resamplefds[pirq]);
+        memset(&iohub->token[pirq], 0, sizeof(ResampleToken));
+    }
+
+    event_notifier_init_fd(&iohub->irqfds[pirq], msg->fds[0]);
+    event_notifier_init_fd(&iohub->resamplefds[pirq], msg->fds[1]);
+
+    iohub->token[pirq].iohub = iohub;
+    iohub->token[pirq].pirq = pirq;
+
+    qemu_set_fd_handler(msg->fds[1], intr_resample_handler, NULL,
+                        &iohub->token[pirq]);
+}
diff --git a/hw/remote/machine.c b/hw/remote/machine.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/machine.c
+++ b/hw/remote/machine.c
@@ -XXX,XX +XXX,XX @@
 #include "exec/address-spaces.h"
 #include "exec/memory.h"
 #include "qapi/error.h"
+#include "hw/pci/pci_host.h"
+#include "hw/remote/iohub.h"
 
 static void remote_machine_init(MachineState *machine)
 {
     MemoryRegion *system_memory, *system_io, *pci_memory;
     RemoteMachineState *s = REMOTE_MACHINE(machine);
     RemotePCIHost *rem_host;
+    PCIHostState *pci_host;
 
     system_memory = get_system_memory();
     system_io = get_system_io();
@@ -XXX,XX +XXX,XX @@ static void remote_machine_init(MachineState *machine)
     memory_region_add_subregion_overlap(system_memory, 0x0, pci_memory, -1);
 
     qdev_realize(DEVICE(rem_host), sysbus_get_default(), &error_fatal);
+
+    pci_host = PCI_HOST_BRIDGE(rem_host);
+
+    remote_iohub_init(&s->iohub);
+
+    pci_bus_irqs(pci_host->bus, remote_iohub_set_irq, remote_iohub_map_irq,
+                 &s->iohub, REMOTE_IOHUB_NB_PIRQS);
 }
 
 static void remote_machine_class_init(ObjectClass *oc, void *data)
diff --git a/hw/remote/message.c b/hw/remote/message.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/message.c
+++ b/hw/remote/message.c
@@ -XXX,XX +XXX,XX @@
 #include "hw/pci/pci.h"
 #include "exec/memattrs.h"
 #include "hw/remote/memory.h"
+#include "hw/remote/iohub.h"
 
 static void process_config_write(QIOChannel *ioc, PCIDevice *dev,
                                  MPQemuMsg *msg, Error **errp);
@@ -XXX,XX +XXX,XX @@ void coroutine_fn mpqemu_remote_msg_loop_co(void *data)
         case MPQEMU_CMD_SYNC_SYSMEM:
             remote_sysmem_reconfig(&msg, &local_err);
             break;
+        case MPQEMU_CMD_SET_IRQFD:
+            process_set_irqfd_msg(pci_dev, &msg);
+            break;
         default:
             error_setg(&local_err,
                        "Unknown command (%d) received for device %s"
diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/mpqemu-link.c
+++ b/hw/remote/mpqemu-link.c
@@ -XXX,XX +XXX,XX @@ bool mpqemu_msg_valid(MPQemuMsg *msg)
             return false;
         }
         break;
+    case MPQEMU_CMD_SET_IRQFD:
+        if (msg->size || (msg->num_fds != 2)) {
+            return false;
+        }
+        break;
     default:
         break;
     }
diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/proxy.c
+++ b/hw/remote/proxy.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/error-report.h"
 #include "hw/remote/proxy-memory-listener.h"
 #include "qom/object.h"
+#include "qemu/event_notifier.h"
+#include "sysemu/kvm.h"
+#include "util/event_notifier-posix.c"
+
+static void proxy_intx_update(PCIDevice *pci_dev)
+{
+    PCIProxyDev *dev = PCI_PROXY_DEV(pci_dev);
+    PCIINTxRoute route;
+    int pin = pci_get_byte(pci_dev->config + PCI_INTERRUPT_PIN) - 1;
+
+    if (dev->virq != -1) {
+        kvm_irqchip_remove_irqfd_notifier_gsi(kvm_state, &dev->intr, dev->virq);
+        dev->virq = -1;
+    }
+
+    route = pci_device_route_intx_to_irq(pci_dev, pin);
+
+    dev->virq = route.irq;
+
+    if (dev->virq != -1) {
+        kvm_irqchip_add_irqfd_notifier_gsi(kvm_state, &dev->intr,
+                                           &dev->resample, dev->virq);
+    }
+}
+
+static void setup_irqfd(PCIProxyDev *dev)
+{
+    PCIDevice *pci_dev = PCI_DEVICE(dev);
+    MPQemuMsg msg;
+    Error *local_err = NULL;
+
+    event_notifier_init(&dev->intr, 0);
+    event_notifier_init(&dev->resample, 0);
+
+    memset(&msg, 0, sizeof(MPQemuMsg));
+    msg.cmd = MPQEMU_CMD_SET_IRQFD;
+    msg.num_fds = 2;
+    msg.fds[0] = event_notifier_get_fd(&dev->intr);
+    msg.fds[1] = event_notifier_get_fd(&dev->resample);
+    msg.size = 0;
+
+    if (!mpqemu_msg_send(&msg, dev->ioc, &local_err)) {
+        error_report_err(local_err);
+    }
+
+    dev->virq = -1;
+
+    proxy_intx_update(pci_dev);
+
+    pci_device_set_intx_routing_notifier(pci_dev, proxy_intx_update);
+}
 
 static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
 {
@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
     qio_channel_set_blocking(dev->ioc, true, NULL);
 
     proxy_memory_listener_configure(&dev->proxy_listener, dev->ioc);
+
+    setup_irqfd(dev);
 }
 
 static void pci_proxy_dev_exit(PCIDevice *pdev)
@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_exit(PCIDevice *pdev)
     error_free(dev->migration_blocker);
 
     proxy_memory_listener_deconfigure(&dev->proxy_listener);
+
+    event_notifier_cleanup(&dev->intr);
+    event_notifier_cleanup(&dev->resample);
 }
 
 static void config_op_send(PCIProxyDev *pdev, uint32_t addr, uint32_t *val,
diff --git a/hw/remote/meson.build b/hw/remote/meson.build
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/meson.build
+++ b/hw/remote/meson.build
@@ -XXX,XX +XXX,XX @@ remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('mpqemu-link.c'))
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('message.c'))
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('remote-obj.c'))
 remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('proxy.c'))
+remote_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('iohub.c'))
 
 specific_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('memory.c'))
 specific_ss.add(when: 'CONFIG_MULTIPROCESS', if_true: files('proxy-memory-listener.c'))
-- 
2.29.2

From: Jagannathan Raman <jag.raman@oracle.com>

Retrieve PCI configuration info about the remote device and
configure the Proxy PCI object based on the returned information

Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 85ee367bbb993aa23699b44cfedd83b4ea6d5221.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/remote/proxy.c | 84 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)

diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/proxy.c
+++ b/hw/remote/proxy.c
@@ -XXX,XX +XXX,XX @@
 #include "sysemu/kvm.h"
 #include "util/event_notifier-posix.c"
 
+static void probe_pci_info(PCIDevice *dev, Error **errp);
+
 static void proxy_intx_update(PCIDevice *pci_dev)
 {
     PCIProxyDev *dev = PCI_PROXY_DEV(pci_dev);
@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
 {
     ERRP_GUARD();
     PCIProxyDev *dev = PCI_PROXY_DEV(device);
+    uint8_t *pci_conf = device->config;
     int fd;
 
     if (!dev->fd) {
@@ -XXX,XX +XXX,XX @@ static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
     qemu_mutex_init(&dev->io_mutex);
     qio_channel_set_blocking(dev->ioc, true, NULL);
 
+    pci_conf[PCI_LATENCY_TIMER] = 0xff;
+    pci_conf[PCI_INTERRUPT_PIN] = 0x01;
+
     proxy_memory_listener_configure(&dev->proxy_listener, dev->ioc);
 
     setup_irqfd(dev);
+
+    probe_pci_info(PCI_DEVICE(dev), errp);
 }
 
 static void pci_proxy_dev_exit(PCIDevice *pdev)
@@ -XXX,XX +XXX,XX @@ const MemoryRegionOps proxy_mr_ops = {
         .max_access_size = 8,
     },
 };
+
+static void probe_pci_info(PCIDevice *dev, Error **errp)
+{
+    PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
+    uint32_t orig_val, new_val, base_class, val;
+    PCIProxyDev *pdev = PCI_PROXY_DEV(dev);
+    DeviceClass *dc = DEVICE_CLASS(pc);
+    uint8_t type;
+    int i, size;
+
+    config_op_send(pdev, PCI_VENDOR_ID, &val, 2, MPQEMU_CMD_PCI_CFGREAD);
+    pc->vendor_id = (uint16_t)val;
+
+    config_op_send(pdev, PCI_DEVICE_ID, &val, 2, MPQEMU_CMD_PCI_CFGREAD);
+    pc->device_id = (uint16_t)val;
+
+    config_op_send(pdev, PCI_CLASS_DEVICE, &val, 2, MPQEMU_CMD_PCI_CFGREAD);
+    pc->class_id = (uint16_t)val;
+
+    config_op_send(pdev, PCI_SUBSYSTEM_ID, &val, 2, MPQEMU_CMD_PCI_CFGREAD);
+    pc->subsystem_id = (uint16_t)val;
+
+    base_class = pc->class_id >> 4;
+    switch (base_class) {
+    case PCI_BASE_CLASS_BRIDGE:
+        set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
+        break;
+    case PCI_BASE_CLASS_STORAGE:
+        set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+        break;
+    case PCI_BASE_CLASS_NETWORK:
+        set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
+        break;
+    case PCI_BASE_CLASS_INPUT:
+        set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
+        break;
+    case PCI_BASE_CLASS_DISPLAY:
+        set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories);
+        break;
+    case PCI_BASE_CLASS_PROCESSOR:
+        set_bit(DEVICE_CATEGORY_CPU, dc->categories);
+        break;
+    default:
+        set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+        break;
+    }
+
+    for (i = 0; i < PCI_NUM_REGIONS; i++) {
+        config_op_send(pdev, PCI_BASE_ADDRESS_0 + (4 * i), &orig_val, 4,
+                       MPQEMU_CMD_PCI_CFGREAD);
+        new_val = 0xffffffff;
+        config_op_send(pdev, PCI_BASE_ADDRESS_0 + (4 * i), &new_val, 4,
+                       MPQEMU_CMD_PCI_CFGWRITE);
+        config_op_send(pdev, PCI_BASE_ADDRESS_0 + (4 * i), &new_val, 4,
+                       MPQEMU_CMD_PCI_CFGREAD);
+        size = (~(new_val & 0xFFFFFFF0)) + 1;
+        config_op_send(pdev, PCI_BASE_ADDRESS_0 + (4 * i), &orig_val, 4,
+                       MPQEMU_CMD_PCI_CFGWRITE);
+        type = (new_val & 0x1) ?
+                   PCI_BASE_ADDRESS_SPACE_IO : PCI_BASE_ADDRESS_SPACE_MEMORY;
+
+        if (size) {
+            g_autofree char *name;
+            pdev->region[i].dev = pdev;
+            pdev->region[i].present = true;
+            if (type == PCI_BASE_ADDRESS_SPACE_MEMORY) {
+                pdev->region[i].memory = true;
+            }
+            name = g_strdup_printf("bar-region-%d", i);
+            memory_region_init_io(&pdev->region[i].mr, OBJECT(pdev),
+                                  &proxy_mr_ops, &pdev->region[i],
+                                  name, size);
+            pci_register_bar(dev, i, type, &pdev->region[i].mr);
+        }
+    }
+}
-- 
2.29.2

From: Elena Ufimtseva <elena.ufimtseva@oracle.com>

Perform device reset in the remote process when QEMU performs
device reset. This is required to reset the internal state
(like registers, etc...) of emulated devices

Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 7cb220a51f565dc0817bd76e2f540e89c2d2b850.1611938319.git.jag.raman@oracle.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/hw/remote/mpqemu-link.h |  1 +
 hw/remote/message.c             | 22 ++++++++++++++++++++++
 hw/remote/proxy.c               | 19 +++++++++++++++++++
 3 files changed, 42 insertions(+)

From: "Denis V. Lunev" <den@openvz.org>

Original specification says that l1 table size if 64 * l1_size, which
is obviously wrong. The size of the l1 entry is 64 _bits_, not bytes.
Thus 64 is to be replaces with 8 as specification says about bytes.

There is also minor tweak, field name is renamed from l1 to l1_table,
which matches with the later text.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-id: 20210128171313.2210947-1-den@openvz.org
CC: Stefan Hajnoczi <stefanha@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>

[Replace the original commit message "docs: fix mistake in dirty bitmap
feature description" as suggested by Eric Blake.
--Stefan]

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 docs/interop/parallels.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/interop/parallels.txt b/docs/interop/parallels.txt
index XXXXXXX..XXXXXXX 100644
--- a/docs/interop/parallels.txt
+++ b/docs/interop/parallels.txt
@@ -XXX,XX +XXX,XX @@ of its data area are:
   28 - 31:    l1_size
               The number of entries in the L1 table of the bitmap.
 
-  variable:   l1 (64 * l1_size bytes)
+  variable:   l1_table (8 * l1_size bytes)
               L1 offset table (in bytes)
 
 A dirty bitmap is stored using a one-level structure for the mapping to host
-- 
2.29.2