Patchwork [3/3] vnc: threaded VNC server

login
register
mail settings
Submitter Corentin Chary
Date May 29, 2010, 7:38 a.m.
Message ID <1275118686-15649-4-git-send-email-corentincj@iksaif.net>
Download mbox | patch
Permalink /patch/53978/
State New
Headers show

Comments

Corentin Chary - May 29, 2010, 7:38 a.m.
Implement a threaded VNC server using the producer-consumer model.
The main thread will push encoding jobs (a list a rectangles to update)
in a queue, and the VNC worker thread will consume that queue and send
framebuffer updates to the output buffer.

There is three levels of locking:
- jobs queue lock: for each operation on the queue (push, pop, isEmpty?)
- VncState global lock: mainly used for framebuffer updates to avoid
                        screen corruption if the framebuffer is updated
			while the worker threaded is doing something.
- VncState::output lock: used to make sure the output buffer is not corrupted
  		   	 if two threads try to write on it at the same time

While the VNC worker thread is working, the VncState global lock is hold
to avoid screen corruptions (this block vnc_refresh() for a short time) but the
output lock is not hold because the thread work on its own output buffer. When
the encoding job is done, the worker thread will hold the output lock and copy
its output buffer in vs->output.

The threaded VNC server can be enabled with ./configure --enable-vnc-thread.

If you don't want it, just use ./configure --disable-vnc-thread and a syncrhonous
queue of job will be used (which as exactly the same behavior as the old queue).
If you disable the VNC thread, all thread related code will not be built and there will
be no overhead.

Signed-off-by: Corentin Chary <corentincj@iksaif.net>
---
 Makefile        |    4 +
 Makefile.objs   |    7 +-
 configure       |   13 ++
 vnc-jobs-sync.c |   70 ++++++++++++
 vnc-jobs.c      |  328 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 vnc.c           |  161 +++++++++++++++++++++++----
 vnc.h           |   73 ++++++++++++
 7 files changed, 633 insertions(+), 23 deletions(-)
 create mode 100644 vnc-jobs-sync.c
 create mode 100644 vnc-jobs.c
Paolo Bonzini - June 3, 2010, 7:55 a.m.
On 05/29/2010 09:38 AM, Corentin Chary wrote:
> Implement a threaded VNC server using the producer-consumer model.
> The main thread will push encoding jobs (a list a rectangles to update)
> in a queue, and the VNC worker thread will consume that queue and send
> framebuffer updates to the output buffer.
>
> There is three levels of locking:
> - jobs queue lock: for each operation on the queue (push, pop, isEmpty?)
> - VncState global lock: mainly used for framebuffer updates to avoid
>                          screen corruption if the framebuffer is updated
> 			while the worker threaded is doing something.
> - VncState::output lock: used to make sure the output buffer is not corrupted
>    		   	 if two threads try to write on it at the same time
>
> While the VNC worker thread is working, the VncState global lock is hold
> to avoid screen corruptions (this block vnc_refresh() for a short time) but the
> output lock is not hold because the thread work on its own output buffer. When
> the encoding job is done, the worker thread will hold the output lock and copy
> its output buffer in vs->output.

This belong in a comment in the code, not in the commit message (or in 
both).

> +void vnc_job_push(VncJob *job)
> +{
> +    vnc_lock_queue(queue);
> +    if (QLIST_EMPTY(&job->rectangles)) {
> +        qemu_free(job);

No need to lock if you get into the "then" block.

> +    } else {
> +        QTAILQ_INSERT_TAIL(&queue->jobs, job, next);
> +        qemu_cond_broadcast(&queue->cond);
> +    }
> +    vnc_unlock_queue(queue);
> +}

...

> +static int vnc_worker_thread_loop(VncJobQueue *queue)
> +{
> +    VncJob *job;
> +    VncRectEntry *entry, *tmp;
> +    VncState vs;
> +    int n_rectangles;
> +    int saved_offset;
> +
> +    vnc_lock_queue(queue);
> +    if (QTAILQ_EMPTY(&queue->jobs)) {
> +        qemu_cond_wait(&queue->cond,&queue->mutex);
> +    }
> +
> +    /* If the queue is empty, it's an exit order */
> +    if (QTAILQ_EMPTY(&queue->jobs)) {
> +        vnc_unlock_queue(queue);
> +        return -1;
> +    }

This is not safe.  It might work with a single consumer, but something 
like this is better:

    vnc_lock_queue(queue);
    while (!queue->exit && QTAILQ_EMPTY(&queue->jobs)) {
         qemu_cond_wait(&queue->cond,&queue->mutex);
    }
    if (queue->exit) {
        vnc_unlock_queue(queue);
        return -1;
    }

(It occurred to me now that maybe you can reuse ->aborting.  Not sure 
though).

> +    qemu_mutex_unlock(&job->vs->output_mutex);
> +
> +    if (job->vs->csock != -1 && job->vs->abording != true) {
> +        vnc_flush(job->vs);
> +    }
> +

You're accessing the abort flag outside the mutex here.  Also, you are 
not using vnc_{,un}lock_output.

> +    job = QTAILQ_FIRST(&queue->jobs);
> +    vnc_unlock_queue(queue);

...

 > +static void vnc_abord_display_jobs(VncDisplay *vd)
 > +{
 > +    VncState *vs;
 > +
 > +    QTAILQ_FOREACH(vs, &vd->clients, next) {
 > +        vnc_lock_output(vs);
 > +        vs->abording = true;
 > +        vnc_unlock_output(vs);
 > +    }
 > +    QTAILQ_FOREACH(vs, &vd->clients, next) {
 > +        vnc_jobs_join(vs);
 > +    }
 > +    QTAILQ_FOREACH(vs, &vd->clients, next) {
 > +        vnc_lock_output(vs);
 > +        vs->abording = false;
 > +        vnc_unlock_output(vs);
 > +    }
 > +}

It's "abort" not "abord". :-)

...

>  static void vnc_disconnect_finish(VncState *vs)
>  {
> +    vnc_jobs_join(vs); /* Wait encoding jobs */
> +    vnc_lock(vs);

Possibly racy?  Maybe you have to set the aforementioned new flag 
queue->exit at the beginning of vnc_jobs_join, and refuse new jobs if it 
is set.

Also, if anything waits on the same vs in vnc_refresh while you own it 
in vnc_disconnect_finish, as soon as you unlock they'll have a dangling 
pointer.  (After you unlock the mutex the OS wakes the thread, but then 
pthread_mutex_lock has to check again that no one got the lock in the 
meanwhile; so QTAILQ_FOREACH_SAFE is not protecting you).  Probably it's 
better to use a single lock on vd->clients instead of one lock per VncState.

> +void vnc_client_write(void *opaque)
> +{
> +    VncState *vs = opaque;
> +
> +    vnc_lock_output(vs);
> +    if (vs->output.offset) {
> +        vnc_client_write_locked(opaque);
> +    } else {
> +        qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
> +    }

Why the if?  The "else" branch is already done by vnc_client_write_plain.

This may be a good time to port qemu-threads to Windows too.  IO thread 
has no hope to work under Windows at least without major hacks (because 
Windows has no asynchronous interrupts; the only way I can imagine to 
emulate them is a breakpoint) but threaded VNC should work.

Paolo
Corentin Chary - June 3, 2010, 8:26 a.m.
On Thu, Jun 3, 2010 at 9:55 AM, Paolo Bonzini <pbonzini@redhat.com> wrote:
> On 05/29/2010 09:38 AM, Corentin Chary wrote:
>>
>> Implement a threaded VNC server using the producer-consumer model.
>> The main thread will push encoding jobs (a list a rectangles to update)
>> in a queue, and the VNC worker thread will consume that queue and send
>> framebuffer updates to the output buffer.
>>
>> There is three levels of locking:
>> - jobs queue lock: for each operation on the queue (push, pop, isEmpty?)
>> - VncState global lock: mainly used for framebuffer updates to avoid
>>                         screen corruption if the framebuffer is updated
>>                        while the worker threaded is doing something.
>> - VncState::output lock: used to make sure the output buffer is not
>> corrupted
>>                         if two threads try to write on it at the same time
>>
>> While the VNC worker thread is working, the VncState global lock is hold
>> to avoid screen corruptions (this block vnc_refresh() for a short time)
>> but the
>> output lock is not hold because the thread work on its own output buffer.
>> When
>> the encoding job is done, the worker thread will hold the output lock and
>> copy
>> its output buffer in vs->output.
>
> This belong in a comment in the code, not in the commit message (or in
> both).

Right

>> +void vnc_job_push(VncJob *job)
>> +{
>> +    vnc_lock_queue(queue);
>> +    if (QLIST_EMPTY(&job->rectangles)) {
>> +        qemu_free(job);
>
> No need to lock if you get into the "then" block.

I locked it because the main thread can try to push a job while a
consumer is removing one, so I can't call QLIST_EMPTY() without
locking the queue.

>> +    } else {
>> +        QTAILQ_INSERT_TAIL(&queue->jobs, job, next);
>> +        qemu_cond_broadcast(&queue->cond);
>> +    }
>> +    vnc_unlock_queue(queue);
>> +}
>
> ...
>
>> +static int vnc_worker_thread_loop(VncJobQueue *queue)
>> +{
>> +    VncJob *job;
>> +    VncRectEntry *entry, *tmp;
>> +    VncState vs;
>> +    int n_rectangles;
>> +    int saved_offset;
>> +
>> +    vnc_lock_queue(queue);
>> +    if (QTAILQ_EMPTY(&queue->jobs)) {
>> +        qemu_cond_wait(&queue->cond,&queue->mutex);
>> +    }
>> +
>> +    /* If the queue is empty, it's an exit order */
>> +    if (QTAILQ_EMPTY(&queue->jobs)) {
>> +        vnc_unlock_queue(queue);
>> +        return -1;
>> +    }
>
> This is not safe.  It might work with a single consumer, but something like
> this is better:
>
>   vnc_lock_queue(queue);
>   while (!queue->exit && QTAILQ_EMPTY(&queue->jobs)) {
>        qemu_cond_wait(&queue->cond,&queue->mutex);
>   }
>   if (queue->exit) {
>       vnc_unlock_queue(queue);
>       return -1;
>   }

Right,

> (It occurred to me now that maybe you can reuse ->aborting.  Not sure
> though).
>
>> +    qemu_mutex_unlock(&job->vs->output_mutex);
>> +
>> +    if (job->vs->csock != -1 && job->vs->abording != true) {
>> +        vnc_flush(job->vs);
>> +    }
>> +
>
> You're accessing the abort flag outside the mutex here.  Also, you are not
> using vnc_{,un}lock_output.

I assumed that bool (int) where atomic .. but you're right I should lock that.

>> +    job = QTAILQ_FIRST(&queue->jobs);
>> +    vnc_unlock_queue(queue);
>
> ...
>
>> +static void vnc_abord_display_jobs(VncDisplay *vd)
>> +{
>> +    VncState *vs;
>> +
>> +    QTAILQ_FOREACH(vs, &vd->clients, next) {
>> +        vnc_lock_output(vs);
>> +        vs->abording = true;
>> +        vnc_unlock_output(vs);
>> +    }
>> +    QTAILQ_FOREACH(vs, &vd->clients, next) {
>> +        vnc_jobs_join(vs);
>> +    }
>> +    QTAILQ_FOREACH(vs, &vd->clients, next) {
>> +        vnc_lock_output(vs);
>> +        vs->abording = false;
>> +        vnc_unlock_output(vs);
>> +    }
>> +}
>
> It's "abort" not "abord". :-)

Ooops ...

> ...
>
>>  static void vnc_disconnect_finish(VncState *vs)
>>  {
>> +    vnc_jobs_join(vs); /* Wait encoding jobs */
>> +    vnc_lock(vs);
>
> Possibly racy?  Maybe you have to set the aforementioned new flag
> queue->exit at the beginning of vnc_jobs_join, and refuse new jobs if it is
> set.
>
> Also, if anything waits on the same vs in vnc_refresh while you own it in
> vnc_disconnect_finish, as soon as you unlock they'll have a dangling
> pointer.  (After you unlock the mutex the OS wakes the thread, but then
> pthread_mutex_lock has to check again that no one got the lock in the
> meanwhile; so QTAILQ_FOREACH_SAFE is not protecting you).  Probably it's
> better to use a single lock on vd->clients instead of one lock per VncState.

vnc_disconnect_finish can only be called by the main thread, I don't
see how this could be racy, any hint ?
I am missing something ?

>> +void vnc_client_write(void *opaque)
>> +{
>> +    VncState *vs = opaque;
>> +
>> +    vnc_lock_output(vs);
>> +    if (vs->output.offset) {
>> +        vnc_client_write_locked(opaque);
>> +    } else {
>> +        qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
>> +    }
>
> Why the if?  The "else" branch is already done by vnc_client_write_plain.

This is because the vnc_write fd handler can be set by the thread, and
this can end up calling vnc_client_write_plain
with vs->output.offset == 0 and disconnecting.

> This may be a good time to port qemu-threads to Windows too.  IO thread has
> no hope to work under Windows at least without major hacks (because Windows
> has no asynchronous interrupts; the only way I can imagine to emulate them
> is a breakpoint) but threaded VNC should work.

Right, but I won't do that since I don't have Windows :).

Patch

diff --git a/Makefile b/Makefile
index b264e38..d870900 100644
--- a/Makefile
+++ b/Makefile
@@ -126,6 +126,10 @@  vnc-encoding-hextile.o: vnc-encoding-hextile.c vnc.h
 
 vnc-encoding-tight.o: vnc-encoding-tight.c vnc.h vnc-encoding-tight.h
 
+vnc-jobs.o: vnc-jobs.c vnc.h
+
+vnc-jobs-sync.o: vnc-jobs-sync.c vnc.h
+
 curses.o: curses.c keymaps.h curses_keys.h
 
 bt-host.o: QEMU_CFLAGS += $(BLUEZ_CFLAGS)
diff --git a/Makefile.objs b/Makefile.objs
index 070ee09..6534214 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -108,8 +108,13 @@  common-obj-y += vnc-encoding-tight.o
 common-obj-y += iov.o
 common-obj-$(CONFIG_VNC_TLS) += vnc-tls.o vnc-auth-vencrypt.o
 common-obj-$(CONFIG_VNC_SASL) += vnc-auth-sasl.o
+ifdef CONFIG_VNC_THREAD
+common-obj-y += vnc-jobs.o
+else
+common-obj-y += vnc-jobs-sync.o
+endif
 common-obj-$(CONFIG_COCOA) += cocoa.o
-common-obj-$(CONFIG_IOTHREAD) += qemu-thread.o
+common-obj-$(CONFIG_THREAD) += qemu-thread.o
 common-obj-y += notify.o event_notifier.o
 common-obj-y += qemu-timer.o
 
diff --git a/configure b/configure
index 3cd2c5f..e886b67 100755
--- a/configure
+++ b/configure
@@ -263,6 +263,7 @@  uuid=""
 vde=""
 vnc_tls=""
 vnc_sasl=""
+vnc_thread=""
 xen=""
 linux_aio=""
 vhost_net=""
@@ -547,6 +548,10 @@  for opt do
   ;;
   --enable-vnc-sasl) vnc_sasl="yes"
   ;;
+  --disable-vnc-thread) vnc_thread="no"
+  ;;
+  --enable-vnc-thread) vnc_thread="yes"
+  ;;
   --disable-slirp) slirp="no"
   ;;
   --disable-uuid) uuid="no"
@@ -779,6 +784,8 @@  echo "  --disable-vnc-tls        disable TLS encryption for VNC server"
 echo "  --enable-vnc-tls         enable TLS encryption for VNC server"
 echo "  --disable-vnc-sasl       disable SASL encryption for VNC server"
 echo "  --enable-vnc-sasl        enable SASL encryption for VNC server"
+echo "  --disable-vnc-thread     disable threaded VNC server"
+echo "  --enable-vnc-thread      enable threaded VNC server"
 echo "  --disable-curses         disable curses output"
 echo "  --enable-curses          enable curses output"
 echo "  --disable-curl           disable curl connectivity"
@@ -2019,6 +2026,7 @@  echo "Block whitelist   $block_drv_whitelist"
 echo "Mixer emulation   $mixemu"
 echo "VNC TLS support   $vnc_tls"
 echo "VNC SASL support  $vnc_sasl"
+echo "VNC thread        $vnc_thread"
 if test -n "$sparc_cpu"; then
     echo "Target Sparc Arch $sparc_cpu"
 fi
@@ -2158,6 +2166,10 @@  if test "$vnc_sasl" = "yes" ; then
   echo "CONFIG_VNC_SASL=y" >> $config_host_mak
   echo "VNC_SASL_CFLAGS=$vnc_sasl_cflags" >> $config_host_mak
 fi
+if test "$vnc_thread" = "yes" ; then
+  echo "CONFIG_VNC_THREAD=y" >> $config_host_mak
+  echo "CONFIG_THREAD=y" >> $config_host_mak
+fi
 if test "$fnmatch" = "yes" ; then
   echo "CONFIG_FNMATCH=y" >> $config_host_mak
 fi
@@ -2234,6 +2246,7 @@  if test "$xen" = "yes" ; then
 fi
 if test "$io_thread" = "yes" ; then
   echo "CONFIG_IOTHREAD=y" >> $config_host_mak
+  echo "CONFIG_THREAD=y" >> $config_host_mak
 fi
 if test "$linux_aio" = "yes" ; then
   echo "CONFIG_LINUX_AIO=y" >> $config_host_mak
diff --git a/vnc-jobs-sync.c b/vnc-jobs-sync.c
new file mode 100644
index 0000000..bcc6d6d
--- /dev/null
+++ b/vnc-jobs-sync.c
@@ -0,0 +1,70 @@ 
+/*
+ * QEMU VNC display driver
+ *
+ * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
+ * Copyright (C) 2006 Fabrice Bellard
+ * Copyright (C) 2009 Red Hat, Inc
+ * Copyright (C) 2010 Corentin Chary <corentin.chary@gmail.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+
+#include "vnc.h"
+
+VncJob *vnc_job_new(VncState *vs)
+{
+    vs->job.vs = vs;
+    vs->job.rectangles = 0;
+
+    vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
+    vnc_write_u8(vs, 0);
+    vs->job.saved_offset = vs->output.offset;
+    vnc_write_u16(vs, 0);
+    return &vs->job;
+}
+
+void vnc_job_push(VncJob *job)
+{
+    VncState *vs = job->vs;
+
+    vs->output.buffer[job->saved_offset] = (job->rectangles >> 8) & 0xFF;
+    vs->output.buffer[job->saved_offset + 1] = job->rectangles & 0xFF;
+    vnc_flush(job->vs);
+}
+
+int vnc_job_add_rect(VncJob *job, int x, int y, int w, int h)
+{
+    int n;
+
+    n = vnc_send_framebuffer_update(job->vs, x, y, w, h);
+    if (n >= 0)
+        job->rectangles += n;
+    return n;
+}
+
+bool vnc_has_job(VncState *vs)
+{
+    return false;
+}
+
+bool vnc_worker_thread_running(void)
+{
+    return true;
+}
diff --git a/vnc-jobs.c b/vnc-jobs.c
new file mode 100644
index 0000000..cdf8c9b
--- /dev/null
+++ b/vnc-jobs.c
@@ -0,0 +1,328 @@ 
+/*
+ * QEMU VNC display driver
+ *
+ * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
+ * Copyright (C) 2006 Fabrice Bellard
+ * Copyright (C) 2009 Red Hat, Inc
+ * Copyright (C) 2010 Corentin Chary <corentin.chary@gmail.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+
+#include "vnc.h"
+
+struct VncJobQueue {
+    QemuCond cond;
+    QemuMutex mutex;
+    QemuThread thread;
+    Buffer buffer;
+    bool running;
+    QTAILQ_HEAD(, VncJob) jobs;
+};
+
+typedef struct VncJobQueue VncJobQueue;
+
+/*
+ * We use a single global queue, but most of the functions are
+ * already reetrant, so we can easilly add more than one encoding thread
+ */
+static VncJobQueue *queue;
+
+static void vnc_lock_queue(VncJobQueue *queue)
+{
+    qemu_mutex_lock(&queue->mutex);
+}
+
+static void vnc_unlock_queue(VncJobQueue *queue)
+{
+    qemu_mutex_unlock(&queue->mutex);
+}
+
+VncJob *vnc_job_new(VncState *vs)
+{
+    VncJob *job = qemu_mallocz(sizeof(VncJob));
+
+    job->vs = vs;
+    vnc_lock_queue(queue);
+    QLIST_INIT(&job->rectangles);
+    vnc_unlock_queue(queue);
+    return job;
+}
+
+int vnc_job_add_rect(VncJob *job, int x, int y, int w, int h)
+{
+    VncRectEntry *entry = qemu_mallocz(sizeof(VncRectEntry));
+
+    entry->rect.x = x;
+    entry->rect.y = y;
+    entry->rect.w = w;
+    entry->rect.h = h;
+
+    vnc_lock_queue(queue);
+    QLIST_INSERT_HEAD(&job->rectangles, entry, next);
+    vnc_unlock_queue(queue);
+    return 1;
+}
+
+void vnc_job_push(VncJob *job)
+{
+    vnc_lock_queue(queue);
+    if (QLIST_EMPTY(&job->rectangles)) {
+        qemu_free(job);
+    } else {
+        QTAILQ_INSERT_TAIL(&queue->jobs, job, next);
+        qemu_cond_broadcast(&queue->cond);
+    }
+    vnc_unlock_queue(queue);
+}
+
+static bool vnc_has_job_locked(VncState *vs)
+{
+    VncJob *job;
+
+    QTAILQ_FOREACH(job, &queue->jobs, next) {
+        if (job->vs == vs || !vs) {
+            return true;
+        }
+    }
+    return false;
+}
+
+bool vnc_has_job(VncState *vs)
+{
+    bool ret;
+
+    vnc_lock_queue(queue);
+    ret = vnc_has_job_locked(vs);
+    vnc_unlock_queue(queue);
+    return ret;
+}
+
+void vnc_jobs_clear(VncState *vs)
+{
+    VncJob *job, *tmp;
+
+    vnc_lock_queue(queue);
+    QTAILQ_FOREACH_SAFE(job, &queue->jobs, next, tmp) {
+        if (job->vs == vs || !vs)
+            QTAILQ_REMOVE(&queue->jobs, job, next);
+    }
+    vnc_unlock_queue(queue);
+}
+
+void vnc_jobs_join(VncState *vs)
+{
+    vnc_lock_queue(queue);
+    while (vnc_has_job_locked(vs)) {
+        qemu_cond_wait(&queue->cond, &queue->mutex);
+    }
+    vnc_unlock_queue(queue);
+}
+
+/*
+ * Copy data for local use
+ * FIXME: isolate what we use in a specific structure
+ * to avoid invalid usage in vnc-encoding-*.c and avoid copying
+ * because what we want is only want is only swapping VncState::output
+ * with the queue buffer
+ */
+static void vnc_async_encoding_start(VncState *orig, VncState *local)
+{
+    local->vnc_encoding = orig->vnc_encoding;
+    local->features = orig->features;
+    local->ds = orig->ds;
+    local->vd = orig->vd;
+    local->write_pixels = orig->write_pixels;
+    local->clientds = orig->clientds;
+    local->tight_quality = orig->tight_quality;
+    local->tight_compression = orig->tight_compression;
+    local->tight_pixel24 = 0;
+    local->tight = orig->tight;
+    local->tight_tmp = orig->tight_tmp;
+    local->tight_zlib = orig->tight_zlib;
+    memcpy(local->tight_levels, orig->tight_levels, sizeof(orig->tight_levels));
+    memcpy(local->tight_stream, orig->tight_stream, sizeof(orig->tight_stream));
+    local->send_hextile_tile = orig->send_hextile_tile;
+    local->zlib = orig->zlib;
+    local->zlib_tmp = orig->zlib_tmp;
+    local->zlib_stream = orig->zlib_stream;
+    local->zlib_level = orig->zlib_level;
+    local->output =  queue->buffer;
+    local->csock = -1; /* Don't do any network work on this thread */
+
+    buffer_reset(&local->output);
+}
+
+static void vnc_async_encoding_end(VncState *orig, VncState *local)
+{
+    orig->tight_quality = local->tight_quality;
+    orig->tight_compression = local->tight_compression;
+    orig->tight = local->tight;
+    orig->tight_tmp = local->tight_tmp;
+    orig->tight_zlib = local->tight_zlib;
+    memcpy(orig->tight_levels, local->tight_levels, sizeof(local->tight_levels));
+    memcpy(orig->tight_stream, local->tight_stream, sizeof(local->tight_stream));
+    orig->zlib = local->zlib;
+    orig->zlib_tmp = local->zlib_tmp;
+    orig->zlib_stream = local->zlib_stream;
+    orig->zlib_level = local->zlib_level;
+}
+
+static int vnc_worker_thread_loop(VncJobQueue *queue)
+{
+    VncJob *job;
+    VncRectEntry *entry, *tmp;
+    VncState vs;
+    int n_rectangles;
+    int saved_offset;
+
+    vnc_lock_queue(queue);
+    if (QTAILQ_EMPTY(&queue->jobs)) {
+        qemu_cond_wait(&queue->cond, &queue->mutex);
+    }
+
+    /* If the queue is empty, it's an exit order */
+    if (QTAILQ_EMPTY(&queue->jobs)) {
+        vnc_unlock_queue(queue);
+        return -1;
+    }
+
+    job = QTAILQ_FIRST(&queue->jobs);
+    vnc_unlock_queue(queue);
+
+    qemu_mutex_lock(&job->vs->output_mutex);
+    if (job->vs->csock == -1 || job->vs->abording == true) {
+        goto disconnected;
+    }
+    qemu_mutex_unlock(&job->vs->output_mutex);
+
+    /* Make a local copy of vs and switch output buffers */
+    vnc_async_encoding_start(job->vs, &vs);
+
+    /* Start sending rectangles */
+    n_rectangles = 0;
+    vnc_write_u8(&vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
+    vnc_write_u8(&vs, 0);
+    saved_offset = vs.output.offset;
+    vnc_write_u16(&vs, 0);
+
+    qemu_mutex_lock(&job->vs->mutex);
+    QLIST_FOREACH_SAFE(entry, &job->rectangles, next, tmp) {
+        int n;
+
+        if (job->vs->csock == -1) {
+            goto disconnected;
+        }
+
+        n = vnc_send_framebuffer_update(&vs, entry->rect.x, entry->rect.y,
+                                        entry->rect.w, entry->rect.h);
+
+        if (n >= 0)
+            n_rectangles += n;
+        qemu_free(entry);
+    }
+    qemu_mutex_unlock(&job->vs->mutex);
+
+    /* Put n_rectangles at the beginning of the message */
+    vs.output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
+    vs.output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
+
+    /* Switch back buffers */
+    qemu_mutex_lock(&job->vs->output_mutex);
+    if (job->vs->csock == -1) {
+        goto disconnected;
+    }
+
+    vnc_write(job->vs, vs.output.buffer, vs.output.offset);
+
+disconnected:
+    /* Copy persistent encoding data */
+    vnc_async_encoding_end(job->vs, &vs);
+    qemu_mutex_unlock(&job->vs->output_mutex);
+
+    if (job->vs->csock != -1 && job->vs->abording != true) {
+        vnc_flush(job->vs);
+    }
+
+    qemu_mutex_lock(&queue->mutex);
+    QTAILQ_REMOVE(&queue->jobs, job, next);
+    qemu_mutex_unlock(&queue->mutex);
+    qemu_cond_broadcast(&queue->cond);
+    qemu_free(job);
+    return 0;
+}
+
+static VncJobQueue *vnc_queue_init(void)
+{
+    VncJobQueue *queue = qemu_mallocz(sizeof(VncJobQueue));
+
+    qemu_cond_init(&queue->cond);
+    qemu_mutex_init(&queue->mutex);
+    QTAILQ_INIT(&queue->jobs);
+    return queue;
+}
+
+static void vnc_queue_clear(void *arg)
+{
+    VncJobQueue *q = arg;
+
+    qemu_cond_destroy(&queue->cond);
+    qemu_mutex_destroy(&queue->mutex);
+    buffer_free(&queue->buffer);
+    qemu_free(q);
+    queue = NULL; /* Unset global queue */
+}
+
+static void *vnc_worker_thread(void *arg)
+{
+    VncJobQueue *queue = arg;
+
+    qemu_thread_cleanup_push(vnc_queue_clear, queue);
+    while (!vnc_worker_thread_loop(queue)) ;
+    queue->running = false;
+    qemu_thread_cleanup_pop(1);
+    return NULL;
+}
+
+void vnc_start_worker_thread(void)
+{
+    VncJobQueue *q;
+
+    if (vnc_worker_thread_running())
+        return ;
+
+    q = vnc_queue_init();
+    qemu_thread_create(&q->thread, vnc_worker_thread, q);
+    queue = q; /* Set global queue */
+}
+
+bool vnc_worker_thread_running(void)
+{
+    return queue && queue->running; /* Check global queue */
+}
+
+void vnc_stop_worker_thread(void)
+{
+    if (!vnc_worker_thread_running())
+        return ;
+    /* Remove all jobs and wake up the thread */
+    vnc_jobs_clear(NULL);
+    qemu_cond_broadcast(&queue->cond);
+}
diff --git a/vnc.c b/vnc.c
index 9133548..2bab8da 100644
--- a/vnc.c
+++ b/vnc.c
@@ -45,6 +45,32 @@ 
     } \
 }
 
+#ifdef CONFIG_VNC_THREAD
+static void vnc_lock(VncState *vs)
+{
+    qemu_mutex_lock(&vs->mutex);
+}
+
+static void vnc_unlock(VncState *vs)
+{
+    qemu_mutex_unlock(&vs->mutex);
+}
+
+static void vnc_lock_output(VncState *vs)
+{
+    qemu_mutex_lock(&vs->output_mutex);
+}
+
+static void vnc_unlock_output(VncState *vs)
+{
+    qemu_mutex_unlock(&vs->output_mutex);
+}
+#else
+#define vnc_lock(vs) (void) (vs);
+#define vnc_unlock(vs) (void) (vs);
+#define vnc_lock_output(vs) (void) (vs);
+#define vnc_unlock_output(vs) (void) (vs);
+#endif
 
 static VncDisplay *vnc_display; /* needed for info vnc */
 static DisplayChangeListener *dcl;
@@ -390,6 +416,7 @@  static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
 */
 
 static int vnc_update_client(VncState *vs, int has_dirty);
+static int vnc_update_client_sync(VncState *vs, int has_dirty);
 static void vnc_disconnect_start(VncState *vs);
 static void vnc_disconnect_finish(VncState *vs);
 static void vnc_init_timer(VncDisplay *vd);
@@ -520,12 +547,37 @@  void buffer_append(Buffer *buffer, const void *data, size_t len)
     buffer->offset += len;
 }
 
+#ifdef CONFIG_VNC_THREAD
+static void vnc_abord_display_jobs(VncDisplay *vd)
+{
+    VncState *vs;
+
+    QTAILQ_FOREACH(vs, &vd->clients, next) {
+        vnc_lock_output(vs);
+        vs->abording = true;
+        vnc_unlock_output(vs);
+    }
+    QTAILQ_FOREACH(vs, &vd->clients, next) {
+        vnc_jobs_join(vs);
+    }
+    QTAILQ_FOREACH(vs, &vd->clients, next) {
+        vnc_lock_output(vs);
+        vs->abording = false;
+        vnc_unlock_output(vs);
+    }
+}
+#else
+#define vnc_abord_display_jobs(vd)
+#endif
+
 static void vnc_dpy_resize(DisplayState *ds)
 {
     int size_changed;
     VncDisplay *vd = ds->opaque;
     VncState *vs;
 
+    vnc_abord_display_jobs(vd);
+
     /* server surface */
     if (!vd->server)
         vd->server = qemu_mallocz(sizeof(*vd->server));
@@ -549,11 +601,13 @@  static void vnc_dpy_resize(DisplayState *ds)
         vnc_colordepth(vs);
         if (size_changed) {
             if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
+                vnc_lock_output(vs);
                 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
                 vnc_write_u8(vs, 0);
                 vnc_write_u16(vs, 1); /* number of rects */
                 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
                         VNC_ENCODING_DESKTOPRESIZE);
+                vnc_unlock_output(vs);
                 vnc_flush(vs);
             }
         }
@@ -660,7 +714,7 @@  int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
     return 1;
 }
 
-static int send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
+int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
 {
     int n = 0;
 
@@ -686,12 +740,14 @@  static int send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
 {
     /* send bitblit op to the vnc client */
+    vnc_lock_output(vs);
     vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
     vnc_write_u8(vs, 0);
     vnc_write_u16(vs, 1); /* number of rects */
     vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
     vnc_write_u16(vs, src_x);
     vnc_write_u16(vs, src_y);
+    vnc_unlock_output(vs);
     vnc_flush(vs);
 }
 
@@ -708,7 +764,7 @@  static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int
     QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
         if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
             vs->force_update = 1;
-            vnc_update_client(vs, 1);
+            vnc_update_client_sync(vs, 1);
             /* vs might be free()ed here */
         }
     }
@@ -784,14 +840,27 @@  static int find_and_clear_dirty_height(struct VncState *vs,
     return h;
 }
 
+#ifdef CONFIG_VNC_THREAD
+static int vnc_update_client_sync(VncState *vs, int has_dirty)
+{
+    int ret = vnc_update_client(vs, has_dirty);
+    vnc_jobs_join(vs);
+    return ret;
+}
+#else
+static int vnc_update_client_sync(VncState *vs, int has_dirty)
+{
+    return vnc_update_client(vs, has_dirty);
+}
+#endif
+
 static int vnc_update_client(VncState *vs, int has_dirty)
 {
     if (vs->need_update && vs->csock != -1) {
         VncDisplay *vd = vs->vd;
+        VncJob *job;
         int y;
-        int n_rectangles;
-        int saved_offset;
-        int n;
+        int n = 0;
 
         if (vs->output.offset && !vs->audio_cap && !vs->force_update)
             /* kernel send buffers are full -> drop frames to throttle */
@@ -806,11 +875,7 @@  static int vnc_update_client(VncState *vs, int has_dirty)
          * happening in parallel don't disturb us, the next pass will
          * send them to the client.
          */
-        n_rectangles = 0;
-        vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
-        vnc_write_u8(vs, 0);
-        saved_offset = vs->output.offset;
-        vnc_write_u16(vs, 0);
+        job = vnc_job_new(vs);
 
         for (y = 0; y < vd->server->height; y++) {
             int x;
@@ -824,25 +889,23 @@  static int vnc_update_client(VncState *vs, int has_dirty)
                 } else {
                     if (last_x != -1) {
                         int h = find_and_clear_dirty_height(vs, y, last_x, x);
-                        n = send_framebuffer_update(vs, last_x * 16, y,
-                                                    (x - last_x) * 16, h);
-                        n_rectangles += n;
+
+                        n += vnc_job_add_rect(job, last_x * 16, y,
+                                              (x - last_x) * 16, h);
                     }
                     last_x = -1;
                 }
             }
             if (last_x != -1) {
                 int h = find_and_clear_dirty_height(vs, y, last_x, x);
-                n = send_framebuffer_update(vs, last_x * 16, y,
-                                            (x - last_x) * 16, h);
-                n_rectangles += n;
+                n += vnc_job_add_rect(job, last_x * 16, y,
+                                      (x - last_x) * 16, h);
             }
         }
-        vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
-        vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
-        vnc_flush(vs);
+
+        vnc_job_push(job);
         vs->force_update = 0;
-        return n_rectangles;
+        return n;
     }
 
     if (vs->csock == -1)
@@ -858,16 +921,20 @@  static void audio_capture_notify(void *opaque, audcnotification_e cmd)
 
     switch (cmd) {
     case AUD_CNOTIFY_DISABLE:
+        vnc_lock_output(vs);
         vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
         vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
         vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
+        vnc_unlock_output(vs);
         vnc_flush(vs);
         break;
 
     case AUD_CNOTIFY_ENABLE:
+        vnc_lock_output(vs);
         vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
         vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
         vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
+        vnc_unlock_output(vs);
         vnc_flush(vs);
         break;
     }
@@ -881,11 +948,13 @@  static void audio_capture(void *opaque, void *buf, int size)
 {
     VncState *vs = opaque;
 
+    vnc_lock_output(vs);
     vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
     vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
     vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
     vnc_write_u32(vs, size);
     vnc_write(vs, buf, size);
+    vnc_unlock_output(vs);
     vnc_flush(vs);
 }
 
@@ -927,6 +996,9 @@  static void vnc_disconnect_start(VncState *vs)
 
 static void vnc_disconnect_finish(VncState *vs)
 {
+    vnc_jobs_join(vs); /* Wait encoding jobs */
+    vnc_lock(vs);
+    vnc_lock_output(vs);
     vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
 
     buffer_free(&vs->input);
@@ -955,6 +1027,13 @@  static void vnc_disconnect_finish(VncState *vs)
     vnc_remove_timer(vs->vd);
     if (vs->vd->lock_key_sync)
         qemu_remove_led_event_handler(vs->led);
+    vnc_unlock_output(vs);
+    vnc_unlock(vs);
+
+#ifdef CONFIG_VNC_THREAD
+    qemu_mutex_destroy(&vs->output_mutex);
+    qemu_mutex_destroy(&vs->mutex);
+#endif
     qemu_free(vs);
 }
 
@@ -1074,7 +1153,7 @@  static long vnc_client_write_plain(VncState *vs)
  * the client socket. Will delegate actual work according to whether
  * SASL SSF layers are enabled (thus requiring encryption calls)
  */
-void vnc_client_write(void *opaque)
+static void vnc_client_write_locked(void *opaque)
 {
     VncState *vs = opaque;
 
@@ -1088,6 +1167,19 @@  void vnc_client_write(void *opaque)
         vnc_client_write_plain(vs);
 }
 
+void vnc_client_write(void *opaque)
+{
+    VncState *vs = opaque;
+
+    vnc_lock_output(vs);
+    if (vs->output.offset) {
+        vnc_client_write_locked(opaque);
+    } else {
+        qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
+    }
+    vnc_unlock_output(vs);
+}
+
 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
 {
     vs->read_handler = func;
@@ -1198,6 +1290,7 @@  void vnc_write(VncState *vs, const void *data, size_t len)
 {
     buffer_reserve(&vs->output, len);
 
+
     if (vs->csock != -1 && buffer_empty(&vs->output)) {
         qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
     }
@@ -1239,8 +1332,10 @@  void vnc_write_u8(VncState *vs, uint8_t value)
 
 void vnc_flush(VncState *vs)
 {
+    vnc_lock_output(vs);
     if (vs->csock != -1 && vs->output.offset)
-        vnc_client_write(vs);
+        vnc_client_write_locked(vs);
+    vnc_unlock_output(vs);
 }
 
 uint8_t read_u8(uint8_t *data, size_t offset)
@@ -1275,12 +1370,14 @@  static void check_pointer_type_change(Notifier *notifier)
     int absolute = kbd_mouse_is_absolute();
 
     if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
+        vnc_lock_output(vs);
         vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
         vnc_write_u8(vs, 0);
         vnc_write_u16(vs, 1);
         vnc_framebuffer_update(vs, absolute, 0,
                                ds_get_width(vs->ds), ds_get_height(vs->ds),
                                VNC_ENCODING_POINTER_TYPE_CHANGE);
+        vnc_unlock_output(vs);
         vnc_flush(vs);
     }
     vs->absolute = absolute;
@@ -1584,21 +1681,25 @@  static void framebuffer_update_request(VncState *vs, int incremental,
 
 static void send_ext_key_event_ack(VncState *vs)
 {
+    vnc_lock_output(vs);
     vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
     vnc_write_u8(vs, 0);
     vnc_write_u16(vs, 1);
     vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
                            VNC_ENCODING_EXT_KEY_EVENT);
+    vnc_unlock_output(vs);
     vnc_flush(vs);
 }
 
 static void send_ext_audio_ack(VncState *vs)
 {
+    vnc_lock_output(vs);
     vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
     vnc_write_u8(vs, 0);
     vnc_write_u16(vs, 1);
     vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
                            VNC_ENCODING_AUDIO);
+    vnc_unlock_output(vs);
     vnc_flush(vs);
 }
 
@@ -1754,11 +1855,13 @@  static void vnc_colordepth(VncState *vs)
 {
     if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
         /* Sending a WMVi message to notify the client*/
+        vnc_lock_output(vs);
         vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
         vnc_write_u8(vs, 0);
         vnc_write_u16(vs, 1); /* number of rects */
         vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), 
                                ds_get_height(vs->ds), VNC_ENCODING_WMVi);
+        vnc_unlock_output(vs);
         pixel_format_message(vs);
         vnc_flush(vs);
     } else {
@@ -2185,7 +2288,13 @@  static void vnc_refresh(void *opaque)
 
     vga_hw_update();
 
+    QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
+        vnc_lock(vs);
+    }
     has_dirty = vnc_refresh_server_surface(vd);
+    QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
+        vnc_unlock(vs);
+    }
 
     QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
         rects += vnc_update_client(vs, has_dirty);
@@ -2249,6 +2358,11 @@  static void vnc_connect(VncDisplay *vd, int csock)
     vs->as.fmt = AUD_FMT_S16;
     vs->as.endianness = 0;
 
+#ifdef CONFIG_VNC_THREAD
+    qemu_mutex_init(&vs->mutex);
+    qemu_mutex_init(&vs->output_mutex);
+#endif
+
     QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
 
     vga_hw_update();
@@ -2306,6 +2420,8 @@  void vnc_display_init(DisplayState *ds)
     if (!vs->kbd_layout)
         exit(1);
 
+    vnc_start_worker_thread();
+
     dcl->dpy_copy = vnc_dpy_copy;
     dcl->dpy_update = vnc_dpy_update;
     dcl->dpy_resize = vnc_dpy_resize;
@@ -2334,6 +2450,7 @@  void vnc_display_close(DisplayState *ds)
     vs->subauth = VNC_AUTH_INVALID;
     vs->tls.x509verify = 0;
 #endif
+    vnc_stop_worker_thread();
 }
 
 int vnc_display_password(DisplayState *ds, const char *password)
diff --git a/vnc.h b/vnc.h
index df0443c..df10dd9 100644
--- a/vnc.h
+++ b/vnc.h
@@ -29,10 +29,12 @@ 
 
 #include "qemu-common.h"
 #include "qemu-queue.h"
+#include "qemu-thread.h"
 #include "console.h"
 #include "monitor.h"
 #include "audio/audio.h"
 #include <zlib.h>
+#include <stdbool.h>
 
 #include "keymaps.h"
 
@@ -58,6 +60,9 @@  typedef struct Buffer
 } Buffer;
 
 typedef struct VncState VncState;
+typedef struct VncJob VncJob;
+typedef struct VncRect VncRect;
+typedef struct VncRectEntry VncRectEntry;
 
 typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
 
@@ -116,6 +121,38 @@  struct VncDisplay
 #endif
 };
 
+
+#ifdef CONFIG_VNC_THREAD
+struct VncRect
+{
+    int x;
+    int y;
+    int w;
+    int h;
+};
+
+struct VncRectEntry
+{
+    struct VncRect rect;
+    QLIST_ENTRY(VncRectEntry) next;
+};
+
+struct VncJob
+{
+    VncState *vs;
+
+    QLIST_HEAD(, VncRectEntry) rectangles;
+    QTAILQ_ENTRY(VncJob) next;
+};
+#else
+struct VncJob
+{
+    VncState *vs;
+    int rectangles;
+    size_t saved_offset;
+};
+#endif
+
 struct VncState
 {
     int csock;
@@ -162,6 +199,12 @@  struct VncState
     QEMUPutLEDEntry *led;
 
     /* Encoding specific */
+    QemuMutex mutex;
+    QemuMutex output_mutex;
+    bool abording;
+#ifndef CONFIG_VNC_THREAD
+    VncJob job;
+#endif
 
     /* Tight */
     uint8_t tight_quality;
@@ -398,6 +441,8 @@  void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v);
 
 /* Encodings */
+int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h);
+
 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h);
 
 int vnc_hextile_send_framebuffer_update(VncState *vs, int x,
@@ -413,4 +458,32 @@  void vnc_zlib_clear(VncState *vs);
 int vnc_tight_send_framebuffer_update(VncState *vs, int x, int y, int w, int h);
 void vnc_tight_clear(VncState *vs);
 
+/* Jobs */
+#ifdef CONFIG_VNC_THREAD
+
+VncJob *vnc_job_new(VncState *vs);
+int vnc_job_add_rect(VncJob *job, int x, int y, int w, int h);
+void vnc_job_push(VncJob *job);
+bool vnc_has_job(VncState *vs);
+void vnc_jobs_clear(VncState *vs);
+void vnc_jobs_join(VncState *vs);
+void vnc_start_worker_thread(void);
+bool vnc_worker_thread_running(void);
+void vnc_stop_worker_thread(void);
+
+#else
+
+#define vnc_jobs_clear(vs) (void) (vs);
+#define vnc_jobs_join(vs) (void) (vs);
+#define vnc_start_worker_thread()
+#define vnc_stop_worker_thread()
+
+VncJob *vnc_job_new(VncState *vs);
+bool vnc_has_job(VncState *vs);
+int vnc_job_add_rect(VncJob *job, int x, int y, int w, int h);
+bool vnc_worker_thread_running(void);
+void vnc_job_push(VncJob *job);
+
+#endif /* CONFIG_VNC_THREAD */
+
 #endif /* __QEMU_VNC_H */