From: Markus Armbruster <armbru@redhat.com>
To: qemu-devel@nongnu.org, qemu-rust@nongnu.org,
Paolo Bonzini <pbonzini@redhat.com>,
Kevin Wolf <kwolf@redhat.com>, Hanna Czenczek <hreitz@redhat.com>,
Stefan Hajnoczi <stefanha@redhat.com>
Subject: Can we make QMP commands in Rust always be coroutine safe?
Date: Tue, 05 May 2026 10:44:21 +0200 [thread overview]
Message-ID: <87tssm5jq2.fsf@pond.sub.org> (raw)
QMP commands that perform potentially blocking I/O can profit from
running in a coroutine. Ideally, we'd run all commands in coroutine
context: most of them don't care, a few profit. However, some existing
commands may need fixing to run safely there. Since we don't know which
ones do, running in couroutine context is opt-in. From
docs/devel/qapi-code-gen.rst section "Commands":
Member 'coroutine' tells the QMP dispatcher whether the command handler
is safe to be run in a coroutine. It defaults to false. If it is true,
the command handler is called from coroutine context and may yield while
waiting for an external event (such as I/O completion) in order to avoid
blocking the guest and other background operations.
Coroutine safety can be hard to prove, similar to thread safety. Common
pitfalls are:
- The BQL isn't held across ``qemu_coroutine_yield()``, so
operations that used to assume that they execute atomically may have
to be more careful to protect against changes in the global state.
- Nested event loops (``AIO_WAIT_WHILE()`` etc.) are problematic in
coroutine context and can easily lead to deadlocks. They should be
replaced by yielding and reentering the coroutine when the condition
becomes false.
Since the command handler may assume coroutine context, any callers
other than the QMP dispatcher must also call it in coroutine context.
In particular, HMP commands calling such a QMP command handler must be
marked ``.coroutine = true`` in hmp-commands.hx.
It is an error to specify both ``'coroutine': true`` and ``'allow-oob': true``
for a command. We don't currently have a use case for both together and
without a use case, it's not entirely clear what the semantics should
be.
Can we make commands written in Rust always coroutine safe?
next reply other threads:[~2026-05-05 8:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-05 8:44 Markus Armbruster [this message]
2026-05-05 8:58 ` Can we make QMP commands in Rust always be coroutine safe? Manos Pitsidianakis
2026-05-05 10:51 ` Paolo Bonzini
2026-05-12 14:16 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tssm5jq2.fsf@pond.sub.org \
--to=armbru@redhat.com \
--cc=hreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-rust@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox