ChangeLog/10.2

From QEMU

Release schedule: Planning/10.2.

System emulation

Clarification of QEMU's security policy

We have updated 'our security policy' to clarify that the "virtualization use case" which defines what we consider to be security bugs only applies if you are using particular machine types, which we now list explicitly.

Removed features and incompatible changes

  • The -old-param option has been removed
  • The Arm pxa CPU family has been removed

Consult the 'Removed features' page for details of suggested replacement functionality.

New deprecated options and features

Consult the "Deprecated Features" chapter of the QEMU System Emulation User's Guide for further details of the deprecations and their suggested replacements.

68k

Alpha

Arm

  • New CPU architectural features emulated:
    • FEAT_SCTLR2
    • FEAT_TCR2
    • FEAT_CSSC
    • FEAT_LSE128
    • FEAT_ATS1A
    • FEAT_RME_GPC2
    • FEAT_AIE
    • FEAT_MEC
    • FEAT_GCS
  • The deprecated pxa CPU family has now been removed
  • The gdbstub now exposes the SME and SME2 registers to debuggers
  • virt: You can now create multiple SMMUv3 devices on the command line, to give separate PCIe roots their own IOMMU
  • aspeed: AST2600 and AST2700 SoCs have a PCIe host controller
  • aspeed: AST2600 and AST1030 SoCs have an OTP memory device integrated with the Secure Boot Controller. A block device backend can be specified with the 'drive' property
  • new board model: amd-versal2-virt
  • xlnx-zynqmp: the GIC for the Cortex-R5 RPU cluster is now modelled

AVR

Hexagon

HPPA

  • Added emulation for a HP 715/64 workstation
  • Added emulation for a NCR 53c710 SCSI controller, as used in the HP LASI multi-I/O chip, and lots of fixes and enhancements for the LASI i82596 network driver. Both were developed during the Google Summer of Code 2025 program by Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
  • Updated SeaBIOS-hppa firmware to version 20, includes various fixes and support for 715/64.

LoongArch

  • Support MSGINT irqchip in TCG mode
  • Support HW Page Table Walk in TCG mode

Microblaze

MIPS

OpenRISC

PowerPC

  • Support for PowerNV11 and PPE42 CPU/Machines.
  • FADUMP Support for pSeries
  • Decodetree movement for some floating-point instructions
  • Firmware updates for SLOF, sam460ex u-boot
  • Pegasos II cleanup and Pegasos I emulation
  • Deprecation of pseries 3.0 up till 4.2, Power8E and Power8NVL
  • Removal of unusable e200 CPUs
  • Error reporting improvements for image loading failures
  • Coverity fixes for fadump, amigaone
  • Various (ppc) arch-wide bug fixes, improvements and cleanups.

Renesas RX

Renesas SH (sh4)

RISC-V

ISA and Extensions

  • Minor fixes of RISC-V CFI
  • Modify minimum VLEN rule
  • Make PMP granularity configurable

Machines

  • Add riscv64 to FirmwareArchitecture
  • Implement MonitorDef HMP API
  • Update OpenSBI to v1.7
  • Correct mmu-type property of sifive_u harts in device tree
  • Fix Ethernet interface support for microchip-icicle-kit

Fixes and Misc

  • Fix MSI table size limit
  • Fix SiFive UART character drop issue and minor refactors
  • Fix RISC-V timer migration issues
  • Align memory allocations to 2M on RISC-V
  • Fix vslide1[up|down].vx unexpected result when XLEN=32 and SEW=64
  • Fixup IOMMU PDT Nested Walk
  • Fix endianness swap on compressed instructions
  • Update status of IOMMU kernel support
  • Fix mask for smsiaddrcfgh

s390x

  • Enable irqfd to be used for virtio-pci on s390x if the kernel supports it to improve virtio-pci performance with KVM
  • Provide a QAPI event when SCLP control-program identification data gets updated by the guest
  • Fix problems with missing Clock Comparator interrupts in certain corner cases
  • Use address generation for register branch targets in TCG mode

SPARC

Tricore

x86

  • The HPET device does not take the big QEMU lock anymore.
  • The isapc machine can only use 3.5G memory and will warn when used with 64-bit CPUs. Also, when -cpu max is used with isapc it will pick a Pentium III CPU.
  • Support for a new accelerator, MSHV, which lets you create VMs from a Hyper-V guest without using nested virtualization.

KVM

TCG

Xtensa

Device emulation and assignment

ACPI / SMBIOS

Audio

Block devices

Graphics

Hyper-V

I2C

Input devices

IPMI

Multi-process QEMU

Network devices

NVDIMM

NVMe

PCI/PCIe

SCSI

SD card

  • Added Replay Protected Memory Block (RPMB) emulation to the eMMC device model

SMBIOS

TPM

UFS

USB

VFIO

  • Removal of the deprecated vfio-platform, vfio-calxeda-xgmac and vfio-amd-xgbe devices

virtio

vDPA

Xen

fw_cfg

9pfs

  • Support for FreeBSD hosts.

virtiofs

Semihosting

  • Only builds once now

Audio

Character devices

Crypto subsystem

  • The minimum GNUTLS is now 3.7.5
  • The minimum libgcrypt is now 1.9.4
  • THe mimimum nettle is now 3.7.3
  • QEMU now supports loading multiple x509 cert+key identities, to allow use of parallel certificates with different algorithms, needwed to facilitate the transition to post-quantum cryptography
  • QEMU has deprecated use of the externally provided Diffie-Hellman parameters in the dh-params.pem file. DH params will be automatically negotiated in accordance with RFC 7919
  • QEMU has fixed a potential use after free if TLS credential objects are deleted while a TLS handshake is taking place
  • QEMU sanity checking no longer rejects certificates without "key encipherment" key purpose set. This check was obsolete for elliptic curve and post-quantum cryptography algorithms.
  • QEMU sanity checking will only validate CA certs required by the chain of trust from the server / client leaf certs
  • QEMU sanity checking will permit intermediate CA certs to be bundled in the server / client leaf cert PEM file

Authorization subsystem

I/O subsystem

  • A crash in the cleanup for websocket handshakes was fixed (CVE-2025-11234, thanks Grant Millar | Cylo)
  • Socket error queue will be flushed if a zero-copy write fails with ENOBUFS

GUI

GDBStub

TCG Plugins

  • new uftrace plugin
  • new hooks for discontinuity events (irqs, host calls and exceptions)

Host support

Memory backends

Migration

  • Supported new cpr-exec migration mode
  • Supported mapped-ram on snapshot save/load
  • Fixed a false positive TLS warning when postcopy preempt migration is completing
  • Fixed source QEMU hang when a postcopy migration failed at switchover phase
  • Fixed a possible interrupt performance regression after migration when with VFIO-PCI devices
  • Fixed snapshot crash when migration capabilities were wrongly specified
  • Fixed COLO regression (since QEMU 10.0)

Monitor

QMP

HMP

  • `wavcapture`, `stopcapture` and `info capture` are deprecated

Network

Block device backends and tools

  • It is now possible to open both the server and client endpoints of an NBD connection from the same process. Previously, attempting to connect QEMU as an NBD client to a socket being served by the same process would deadlock.
  • The block limits detected for a block backend (such as required request alignment, maximum request size etc.) are now exposed in QMP as part of the data returned by the 'query-block' and 'query-named-block-nodes' commands. The same information is displayed in 'qemu-img info' if the new option '--limits' is given.
  • 'stats-intervals' can now be configured in '-device' for block devices. Previously, this was only available in '-drive' (and therefore inaccessible when using '-blockdev').
  • Image creation now restricts qcow2 data files and VMDK extent files to local file names. Protocol prefixes (such as nbd: or http:) are no longer parsed. This makes image creation consistent with opening images, where they have already been interpreted as local file names since QEMU 9.1 for security reasons. With the inconsistency between image creation and opening, it was possible to create image files that contained a protocol-based data file or extent reference and then could never be opened. (If necessary, it is still possible to run qcow2 images with a data file using a protocol; however, this information cannot be stored in the image file itself and the setup must be configured on the command line instead.)

Block jobs

Tracing

  • Trace backend generation has been optimized to reduce code size. This can reduce the QEMU system emulator binary size by as much as 1 MB.

Semihosting

Miscellaneous

  • On host systems that support io_uring, QEMU's main loop is now based on io_uring, which can improve performance in some cases and will enable new features and potentially further performance improvements in the future.
  • The '-run-with' argument gains a new 'exit-with-parent=on' parameter which, on Linux, FreeBSD and macOS platforms, will ensure QEMU is terminated when the parent process exists.
  • Fixed possible memory leak on CPU hot plug / unplug
  • Fixed TDX regression on using hugetlbfs
  • Fixed guest-memfd use case on shmem
  • Fixed possible poweroff hang on virtio devices with iommu_platform=on

User-mode emulation

various bugfixes and added features:

  • implement fchmodat2 syscall
  • support MADV_DONTDUMP and MADV_DODUMP
  • fix FIBMAP and FIGETBSZ ioctls
  • permit sendto() with NULL buf and 0 len
  • aarch64: Enable GCS in HWCAP
  • aarch64: Inject SIGSEGV for GCS faults
  • aarch64: Implement map_shadow_stack syscall
  • aarch64: Implement prctls for GCS
  • hexagon: Fix sigcontext
  • hppa: Send proper si_code on SIGFPE exception
  • microblaze: Fix little-endianness binary

TCG

LoongArch

Record/Replay

RISC-V

Guest agent

  • Fix truncated output handling in guest-exec status reporting
  • Fix 'retry_path' logic for Windows service (Windows only)
  • VSS: Write the hex value of the error in the log (Windows only)
  • installer: Remove QGA VSS if QGA installation failed (Windows only)
  • Support guest shutdown of BusyBox-based systems
  • Improve Windows filesystem space info retrieval logic

Documentation

  • VirtIO and device documentation re-organised
  • Section on build deps updated

Build Information

Rust usage

The minimum supported version of Rust is now 1.83.

  • On Debian bookworm, it is available in the rustc-web package except for the mips64el architecture; Rust support for mips64el requires Debian trixie or newer.
  • On Ubuntu 22.04 and 24.04, it is available in the rust-1.83 package; the RUSTC and RUSTDOC environment variables must point to /usr/bin/rustc-1.83 and /usr/bin/rustdoc-1.83 respectively.

Support for Rust is still considered experimental, and it is not recommended to be used for anything other than development, but the two devices introduced by --enable-rust (PL011 and HPET) have feature parity with the C version except for dtrace/systemtap support.

Dependencies

  • the qemu-minimal.yml list now drives debian-all-test-cross as a result is now defended in the CI
  • documentation updated to point to lcitool

Testing and CI

  • dropped the aarch32 CI runner in anticipation of dropping of 32 bit host support.
  • rationalised the interaction of build-environment.yml and the "refresh" generated yml
  • new ppc64le custom runner
  • debian-all-test-cross migrated to lcitool using the qemu-minimal.yml

Host support

Windows

Known issues

Retrieved from "https://wiki.qemu.org/index.php?title=ChangeLog/10.2&oldid=12440"