It was a weird journey. It started almost 6 years ago with this message to qemu-devel:

Date: Fri, 10 Jun 2011 18:36:37 -0300
Subject: semantics of “-cpu host” and “check”/”enforce”

…it continued on an interesting thread:

Date: Tue, 6 Mar 2012 15:27:53 -0300
Subject: Qemu, libvirt, and CPU models

…on another very long one:

Date: Fri, 9 Mar 2012 17:56:52 -0300
Subject: Re: [Qemu-devel] [libvirt] Modern CPU models cannot be used with libvirt

…and this one:

Date: Thu, 21 Feb 2013 11:58:18 -0300
Subject: libvirt<->QEMU interfaces for CPU models

I don’t even remember how many different interfaces were proposed to provide what libvirt needed.

We had a few moments where we hopped back and forth between “just let libvirt manage everything” to “let’s keep this managed by QEMU”.

We took a while to get the QEMU community to decide how machine-type compatibility was supposed to be handled, and what to do with the weird CPU model config file we had.

The conversion of CPUs to QOM was fun. I think it started in 2012 and was finished only in 2015. We thought QOM properties would solve all our problems, but then we found out that machine-types and global properties make the problem more complex. The existing interfaces would require making libvirt re-run QEMU multiple times to gather all the information it needed. While doing the QOM work, we spent some time fixing or working around issues with global properties, qdev “static” properties and QOM “dynamic” properties.

In 2014, my focus was moved to machine-types, in the hope that we could finally expose machine-type-specific information to libvirt without re-running QEMU. Useful code refactoring was done for that, but in the end we never added the really relevant information to the query-machines QMP command.

In the meantime, we had the fun TSX issues, and QEMU developers finally agreed to keep a few constraints on CPU model changes, that would make the problem a bit simpler.

In 2015 IBM people started sending patches related to CPU models in s390x. We finally had a multi-architecture effort to make CPU model probing work. The work started by extending query-cpu-definitions, but it was not enough. In June 2016 they proposed a query-cpu-model-expansion API. It was finally merged in September 2016.

I sent v1 of query-cpu-model-expansion for x86 in December 2016. After a few rounds of reviews, there was a proposal to use “-cpu max” to represent the “all features supported by this QEMU binary on this host”. v3 of the series was merged last week.

I still can’t believe it finally happened.

Special thanks to:

• Igor Mammedov, for all the x86 QOM/properties work and all the valuable feedback.
• David Hildenbrand and Michael Mueller, for moving forward the API design and the s390x implementation.
• Jiri Denemark, for the libvirt work, valuable discussions and design feedback, and for the patience during the process.
• Daniel P. Berrangé, for the valuable feedback and for helping making QEMU developers listen to libvirt developers.
• Andreas Färber, for the work as maintainer of QOM and the CPU core, for leading the QOM conversion effort, and all the valuable feedback.
• Markus Armbruster and Paolo Bonzini, for valuable feedback on design discussions.
• Many others that were involved in the effort.

• Slides: https://habkost.net/talks/fosdem-2017/
• Video: https://fosdem.org/2017/schedule/event/iaas_qemintapi/

The subject I tried to cover is large for a 40-minute talk, but I think I managed to scratch its surface and give useful examples.

Many thanks for the FOSDEM team of volunteers for the wonderful event.

QemuOpts was introduced in 2009. It is a simple abstraction that handles two tasks:

1. Parsing of config files and command-line options
2. Storage of configuration options

Data structures

The QemuOpts data model is pretty simple:

• QemuOptsList carries the list of all options belonging to a given config group. Each entity is represented by a QemuOpts struct.

• QemuOpts represents a set of key-value pairs. (Some of the code refers to that as a config group, but to avoid confusion with QemuOptsList, I will call them config sections).

• QemuOpt is a single key=value pair.

Some config groups have multiple QemuOpts structs (e.g. “drive”, “object”, “device”, that represent multiple drives, multiple objects, and multiple devices, respectively), while others always have only one QemuOpts struct (e.g. the “machine” config group).

For example, the following command-line options:

-drive id=disk1,file=disk.raw,format=raw,if=ide \
-drive id=disk2,file=disk.qcow2,format=qcow2,if=virtio \
-machine usb=on -machine accel=kvm

are represented internally as:

Data Types

QemuOpts supports a limited number of data types for option values:

• Strings
• Boolean options
• Numbers (integers)
• Sizes

Strings

Strings are just used as-is, after the command-line or config file is parsed.

Note: On the command-line, options are separated by commas, but commas inside option values can be escaped as ,,.

Boolean options

The QemuOpt parser accepts only “on” and “off” as values for this option.

Warning: note that this behavior is different from the QOM property parser. I plan to explore this in future posts.

Numbers (integers)

Numbers are supposed to be unsigned 64-bit integers. However, the code relies on the behavior of strtoull() and does not reject negative numbers. That means the parsed uint64_t value might be converted to a signed integer later. For example, the following command-line is not rejected by QEMU:

$ qemu-system-x86_64 -smp cpus=-18446744073709551615,cores=1,threads=1

I don’t know if there is existing code that requires negative numbers to be accepted by the QemuOpts parser. I assume it exists, so we couldn’t easily change the existing parsing rules without breaking existing code.

Sizes

Sizes are represented internally as integers, but the parser accept suffixes like K, M, G, T.

qemu-system-x86_64 -m size=2G

is equivalent to:

qemu-system-x86_64 -m size=2048M

Note: there are two different size-suffix parsers inside QEMU: one at util/cutils.c and another at util/qemu-option.c. Figuring out which one is going to be used is left as an exercise to the reader.

Working around the QemuOpts parsers

QEMU code sometimes uses tricks to avoid or work around the QemuOpts option value parsers:

Example 1: using the raw option value

It is possible to get the original raw option value as a string using qemu_opt_get(), even after it was already parsed. For example, the code that handles memory options in QEMU does that, to ensure a suffix-less number is interpreted as Mebibytes, not bytes:

    mem_str = qemu_opt_get(opts, "size");
    if (mem_str) {
        /* [...] */
        sz = qemu_opt_get_size(opts, "size", ram_size);
        /* Fix up legacy suffix-less format */
        if (g_ascii_isdigit(mem_str[strlen(mem_str) - 1])) {
            sz <<= 20;
            /* [...] */
        }
    }

Example 2: empty option name list

Some options do not use the QemuOpts value parsers at all, by not defining any option names in the QemuOptsList struct. In those cases, the option values are parsed and validated using different methods. Some examples:

static QemuOptsList qemu_machine_opts = {
    .name = "machine",
    .implied_opt_name = "type",
    .merge_lists = true,
    .head = QTAILQ_HEAD_INITIALIZER(qemu_machine_opts.head),
    .desc = {
        /*
         * no elements => accept any
         * sanity checking will happen later
         * when setting machine properties
         */
        { }
    },
};

static QemuOptsList qemu_acpi_opts = {
    .name = "acpi",
    .implied_opt_name = "data",
    .head = QTAILQ_HEAD_INITIALIZER(qemu_acpi_opts.head),
    .desc = { { 0 } } /* validated with OptsVisitor */
};

This is a common pattern when options are translated to other data representations: mostly QOM properties or QAPI structs. I plan to explore this in a future blog post.

The following config groups use this method and do their own parsing/validation of config options: acpi, device, drive, machine, net, netdev, numa, object, smbios, tpmdev

-writeconfig

The QemuOpts code is responsible for two tasks:

1. Parsing command-line options and config files
2. Storage of configuration options

This means sometimes config options are parsed by custom code and converted to QemuOpts data structures. Storage of config options inside QemuOpts allow the existing QEMU configuration to be written to a file using the -writeconfig command-line option.

The original commit introducing -writeconfig describes it this way:

In theory you should be able to do:

qemu < machine config cmd line switches here > -writeconfig vm.cfg
qemu -readconfig vm.cfg

In practice it will not work. Not all command line switches are converted to QemuOpts, so you’ll have to keep the not-yet converted ones on the second line. Also there might be bugs lurking which prevent even the converted ones from working correctly.

This has improved over the years, but the comment still applies today: most command-line options are converted to QemuOpts options, but not all of them.

Further reading

• Main QemuOptsList registration code
• QemuOpts code: qemu-option.c, qemu-config.c
• opts-visitor.c: used when converting QemuOpts to QOM properties or QAPI structures

I want to make more detailed blog posts about some of them, stating their goals (as I perceive them), where they are used, and what we can expect to see happening to them in the future. When I do that, I will update this post to include pointers to the more detailed content.

QemuOpts

Introduced in 2009. Compared to the newer abstractions below, it is quite simple. As described in the original commit: it “stores device parameters in a better way than unparsed strings”. It is still used by configuration and command-line parsing code.

Making QemuOpts work with the more modern abstractions (esp. QOM and QAPI) may be painful. Sometimes you can pretend it is not there, but you can’t run away from it if you are dealing with QEMU configuration or command-line parameters.

See also: the Introduction to QemuOpts blog post.

qdev

qdev was added to QEMU in 2009. qdev manages the QEMU device tree, based on a hierarchy of buses and devices. You can see the device tree managed by qdev using the info qtree monitor command in QEMU.

qdev allows device code to register implementations of device types. Machine code, on the other hand, would instantiate those devices and configure them by setting properties, and not accessing internal device data structures directly. Some devices can be plugged from the QEMU monitor or command-line, and their properties can be configured as arguments to the -device option or device_add command.

From the original code:

The theory here is that it should be possible to create a machine without knowledge of specific devices. Historically board init routines have passed a bunch of arguments to each device, requiring the board know exactly which device it is dealing with. This file provides an abstract API for device configuration and initialization. Devices will generally inherit from a particular bus (e.g. PCI or I2C) rather than this API directly.

Some may argue that qdev doesn’t exist anymore, and was replaced by QOM. Others (including myself) describe it as being built on top of QOM. Either way you describe it, the same features provided by the original qdev code are provided by the QOM-based code living in hw/core.

See also:

• KVM Forum 2010 talk by Markus Armbruster: “QEMU’s new device model qdev” (slides)
• KVM Forum 2011 talk by Markus Armbruster: “QEMU’s device model qdev: Where do we go from here?” (slides. video)
• KVM Forum 2013 talk by Andreas Färber: “Modern QEMU Devices” (slides, video)

QOM

QOM is short for QEMU Object Model and was introduced in 2011. It is heavily documented on its header file. It started as a generalization of qdev. Today the device tree and backend objects are managed through the QOM object tree.

From its documentation:

The QEMU Object Model provides a framework for registering user creatable types and instantiating objects from those types. QOM provides the following features:

• System for dynamically registering types
• Support for single-inheritance of types
• Multiple inheritance of stateless interfaces

QOM also has a property system for introspection and object/device configuration. qdev’s property system is built on top of QOM’s property system.

Some QOM types and their properties are meant to be used internally only (e.g. some devices that are not pluggable and only created by machine code; accelerator objects). Some types can be instantiated and configured directly from the QEMU monitor or command-line (using, e.g., -device, device_add, -object, object-add).

See also:

• KVM Forum 2014 talk by Paolo Bonzini: “QOM exegesis and apocalypse” (slides, video).

VMState

VMState was introduced in 2009. It was added to change the device state saving/loading (for savevm and migration) from error-prone ad-hoc coding to a table-based approach.

From the original commit:

This patch introduces VMState infrastructure, to convert the save/load functions of devices to a table approach. This new approach has the following advantages:

• it is type-safe
• you can’t have load/save functions out of sync
• will allows us to have new interesting commands, like dump , that shows all its internal state.
• Just now, the only added type is arrays, but we can add structures.
• Uses old load_state() function for loading old state.

See also:

• KVM Forum 2010 talk by Juan Quintela: “Migration: How to hop from machine to machine without losing state” (slides)
• KVM Forum 2011 talk by Juan Quintela: “Migration: one year later” (slides, video)
• KVM Forum 2012 talk by Michael Roth: “QIDL: An Embedded Language to Serialize Guest Data Structures for Live Migration” (slides)

QMP

QMP is the QEMU Machine Protocol. Introduced in 2009. From its documentation:

The QEMU Machine Protocol (QMP) allows applications to operate a QEMU instance.

QMP is JSON based and features the following:

• Lightweight, text-based, easy to parse data format
• Asynchronous messages support (i.e. events)
• Capabilities Negotiation

For detailed information on QMP’s usage, please, refer to the following files:

• qmp-spec.txt QEMU Machine Protocol current specification
• qmp-commands.txt QMP supported commands (auto-generated at build-time)
• qmp-events.txt List of available asynchronous events

See also: KVM Forum 2010 talk by Luiz Capitulino, A Quick Tour of the QEMU Monitor Protocol.

QObject

QObject was introduced in 2009. It was added during the work to add QMP. It provides a generic QObject data type, and available subtypes include integers, strings, lists, and dictionaries. It includes reference counting. It was also called QEMU Object Model when the code was introduced, but do not confuse it with QOM.

It started a as simple implementation, but was expanded later to support all the data types defined in the QAPI schema (see below).

QAPI

QAPI was introduced in 2011. The original documentation (which can be outdated) can be seen at http://wiki.qemu.org/Features/QAPI.

From the original patch series:

Goals of QAPI

1) Make all interfaces consumable in C such that we can use the interfaces in QEMU

2) Make all interfaces exposed through a library using code generation from static introspection

3) Make all interfaces well specified in a formal schema

From the documentation:

QAPI is a native C API within QEMU which provides management-level functionality to internal and external users. For external users/processes, this interface is made available by a JSON-based wire format for the QEMU Monitor Protocol (QMP) for controlling qemu, as well as the QEMU Guest Agent (QGA) for communicating with the guest. The remainder of this document uses “Client JSON Protocol” when referring to the wire contents of a QMP or QGA connection.

To map Client JSON Protocol interfaces to the native C QAPI implementations, a JSON-based schema is used to define types and function signatures, and a set of scripts is used to generate types, signatures, and marshaling/dispatch code. This document will describe how the schemas, scripts, and resulting code are used.

See also:

• KVM Forum 2011 talk by Anthony Liguori: “Code Generation for Fun and Profit” (slides, video)

Visitor API

QAPI includes an API to define and use visitors for the QAPI-defined data types. Visitors are the mechanism used to serialize QAPI data to/from the external world (e.g. through QMP, the command-line, or config files).

From its documentation:

The QAPI schema defines both a set of C data types, and a QMP wire format. QAPI objects can contain references to other QAPI objects, resulting in a directed acyclic graph. QAPI also generates visitor functions to walk these graphs. This file represents the interface for doing work at each node of a QAPI graph; it can also be used for a virtual walk, where there is no actual QAPI C struct.

There are four kinds of visitor classes: input visitors (QObject, string, and QemuOpts) parse an external representation and build the corresponding QAPI graph, output visitors (QObject and string) take a completed QAPI graph and generate an external representation, the dealloc visitor can take a QAPI graph (possibly partially constructed) and recursively free its resources, and the clone visitor performs a deep clone of one QAPI object to another. While the dealloc and QObject input/output visitors are general, the string, QemuOpts, and clone visitors have some implementation limitations; see the documentation for each visitor for more details on what it supports. Also, see visitor-impl.h for the callback contracts implemented by each visitor, and docs/qapi-code-gen.txt for more about the QAPI code generator.

The End

Although large, this list is incomplete. In the near future, I plan to write about QAPI, QOM, and QemuOpts, and how they work (and sometimes don’t work) together.

Most of the abstractions above are about data modeling, in one way or another. That’s not a coincidence: one of the things I want to write about are how some times those data abstractions have conflicting world views, and the issues resulting from that.

I plan to use it mostly to write posts about things I have been working on. Expect content about QEMU, KVM, libvirt, and other virtualization stuff.