public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Miroslav Rezanina <mrezanin@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/qemu] eln: * Tue May 26 2026 Miroslav Rezanina <mrezanin@redhat.com> - 10.1.0-19
Date: Tue, 30 Jun 2026 15:09:02 GMT [thread overview]
Message-ID: <178283214261.1.8279960059052225584.rpms-qemu-cc2f0f0661a8@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/qemu
Branch : eln
Commit : cc2f0f0661a8d01f6c107202f580c744fdd22c44
Author : Miroslav Rezanina <mrezanin@redhat.com>
Date : 2026-06-30T17:07:57+02:00
Stats : +17913/-1 in 117 file(s)
URL : https://src.fedoraproject.org/rpms/qemu/c/cc2f0f0661a8d01f6c107202f580c744fdd22c44?branch=eln
Log:
* Tue May 26 2026 Miroslav Rezanina <mrezanin@redhat.com> - 10.1.0-19
- kvm-vmstate-Introduce-VMSTATE_VARRAY_INT32_ALLOC.patch [RHEL-174858]
- kvm-target-arm-Move-compare_u64-to-helper.c.patch [RHEL-174858]
- kvm-target-arm-Convert-init_cpreg_list-to-g_hash_table_f.patch [RHEL-174858]
- kvm-target-arm-machine-Use-VMSTATE_VARRAY_INT32_ALLOC-fo.patch [RHEL-174858]
- kvm-target-arm-kvm-Export-kvm_print_register_name.patch [RHEL-174858]
- kvm-target-arm-kvm-Tweak-print_register_name-for-arm64-s.patch [RHEL-174858]
- kvm-target-arm-machine-Trace-cpreg-names-which-do-not-ma.patch [RHEL-174858]
- kvm-target-arm-machine-Trace-all-register-mismatches.patch [RHEL-174858]
- kvm-target-arm-machine-Fix-detection-of-unknown-incoming.patch [RHEL-174858]
- kvm-target-arm-cpu-Introduce-the-infrastructure-for-cpre.patch [RHEL-174858]
- kvm-target-arm-machine-Handle-ToleranceNotOnBothEnds-mig.patch [RHEL-174858]
- kvm-target-arm-machine-Handle-ToleranceOnlySrcTestValue-.patch [RHEL-174858]
- kvm-target-arm-cpu64-Mitigate-migration-failures-due-to-.patch [RHEL-174858]
- kvm-target-arm-cpu64-Define-cpreg-migration-tolerance-fo.patch [RHEL-174858]
- kvm-target-arm-helper-Define-cpreg-migration-tolerance-f.patch [RHEL-174858]
- kvm-Revert-target-arm-Reinstate-bogus-AArch32-DBGDTRTX-r.patch [RHEL-174858]
- kvm-hw-pci-host-gpex-acpi-Fix-_DSM-function-0-support-re.patch [RHEL-138494]
- kvm-vfio-scsi-ui-Error-check-qio_channel_socket_connect_.patch [RHEL-138494]
- kvm-vfio-igd-Enable-quirks-when-IGD-is-not-the-primary-d.patch [RHEL-138494]
- kvm-vfio-Remove-vfio-amd-xgbe-device.patch [RHEL-138494]
- kvm-vfio-Remove-vfio-calxeda-xgmac-device.patch [RHEL-138494]
- kvm-hw-arm-virt-Include-system-system.h.patch [RHEL-138494]
- kvm-vfio-Remove-vfio-platform.patch [RHEL-138494]
- kvm-vfio-Move-vfio-region.h-under-hw-vfio.patch [RHEL-138494]
- kvm-vfio-container-set-error-on-cpr-failure.patch [RHEL-138494]
- kvm-vfio-Report-an-error-when-the-dma_max_mappings-limit.patch [RHEL-138494]
- kvm-hw-vfio-user-add-x-pci-class-code.patch [RHEL-138494]
- kvm-vfio-Introduce-helper-vfio_pci_from_vfio_device.patch [RHEL-138494]
- kvm-vfio-vfio-container-base.h-update-VFIOContainerBase-.patch [RHEL-138494]
- kvm-vfio-vfio-container.h-update-VFIOContainer-declarati.patch [RHEL-138494]
- kvm-hw-vfio-cpr-legacy.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
- kvm-hw-vfio-container.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
- kvm-vfio-spapr.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
- kvm-vfio-vfio-container.h-rename-VFIOContainer-bcontaine.patch [RHEL-138494]
- kvm-vfio-user-container.h-update-VFIOUserContainer-decla.patch [RHEL-138494]
- kvm-vfio-container.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
- kvm-vfio-user-container.h-rename-VFIOUserContainer-bcont.patch [RHEL-138494]
- kvm-vfio-user-pci.c-update-VFIOUserPCIDevice-declaration.patch [RHEL-138494]
- kvm-vfio-user-pci.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
- kvm-vfio-user-pci.c-rename-VFIOUserPCIDevice-device-fiel.patch [RHEL-138494]
- kvm-vfio-pci.h-update-VFIOPCIDevice-declaration.patch [RHEL-138494]
- kvm-vfio-pci.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
- kvm-vfio-pci-quirks.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
- kvm-vfio-cpr.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
- kvm-vfio-igd.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
- kvm-vfio-user-pci.c-use-QOM-casts-where-appropriate2.patch [RHEL-138494]
- kvm-vfio-pci.h-rename-VFIOPCIDevice-pdev-field-to-parent.patch [RHEL-138494]
- kvm-treewide-handle-result-of-qio_channel_set_blocking.patch [RHEL-138494]
- kvm-vfio-pci-Do-not-unparent-in-instance_finalize.patch [RHEL-138494]
- kvm-vfio-Do-not-unparent-in-instance_finalize.patch [RHEL-138494]
- kvm-include-hw-vfio-vfio-container.h-rename-VFIOContaine.patch [RHEL-138494]
- kvm-include-hw-vfio-vfio-container-base.h-rename-VFIOCon.patch [RHEL-138494]
- kvm-include-hw-vfio-vfio-container.h-rename-file-to-vfio.patch [RHEL-138494]
- kvm-include-hw-vfio-vfio-container-base.h-rename-file-to.patch [RHEL-138494]
- kvm-hw-vfio-container.c-rename-file-to-container-legacy..patch [RHEL-138494]
- kvm-hw-vfio-container-base.c-rename-file-to-container.c.patch [RHEL-138494]
- kvm-vfio-iommufd.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
- kvm-vfio-cpr-iommufd.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
- kvm-vfio-vfio-iommufd.h-rename-VFIOContainer-bcontainer-.patch [RHEL-138494]
- kvm-vfio-spapr.c-use-QOM-casts-where-appropriate2.patch [RHEL-138494]
- kvm-vfio-spapr.c-rename-VFIOContainer-bcontainer-field-t.patch [RHEL-138494]
- kvm-vfio-pci.c-rename-vfio_instance_init-to-vfio_pci_ini.patch [RHEL-138494]
- kvm-vfio-pci.c-rename-vfio_instance_finalize-to-vfio_pci.patch [RHEL-138494]
- kvm-vfio-pci.c-rename-vfio_pci_dev_class_init-to-vfio_pc.patch [RHEL-138494]
- kvm-vfio-pci.c-rename-vfio_pci_dev_info-to-vfio_pci_info.patch [RHEL-138494]
- kvm-s390x-s390-pci-vfio.c-use-QOM-casts-where-appropriat.patch [RHEL-138494]
- kvm-hw-vfio-types.h-rename-TYPE_VFIO_PCI_BASE-to-TYPE_VF.patch [RHEL-138494]
- kvm-vfio-pci.c-rename-vfio_pci_base_dev_class_init-to-vf.patch [RHEL-138494]
- kvm-vfio-pci.c-rename-vfio_pci_base_dev_info-to-vfio_pci.patch [RHEL-138494]
- kvm-vfio-pci.c-rename-vfio_pci_dev_properties-to-vfio_pc.patch [RHEL-138494]
- kvm-vfio-pci.c-rename-vfio_pci_dev_nohotplug_properties-.patch [RHEL-138494]
- kvm-vfio-pci.c-rename-vfio_pci_nohotplug_dev_class_init-.patch [RHEL-138494]
- kvm-vfio-pci.c-rename-vfio_pci_nohotplug_dev_info-to-vfi.patch [RHEL-138494]
- kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_class_init-.patch [RHEL-138494]
- kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_properties-.patch [RHEL-138494]
- kvm-vfio-user-pci.c-rename-vfio_user_instance_init-to-vf.patch [RHEL-138494]
- kvm-vfio-user-pci.c-rename-vfio_user_instance_finalize-t.patch [RHEL-138494]
- kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_info-to-vfi.patch [RHEL-138494]
- kvm-include-hw-vfio-vfio-device.h-fix-include-header-gua.patch [RHEL-138494]
- kvm-vfio-Remove-workaround-for-kernel-DMA-unmap-overflow.patch [RHEL-138494]
- kvm-system-iommufd-Use-uint64_t-type-for-IOVA-mapping-si.patch [RHEL-138494]
- kvm-hw-vfio-Reorder-vfio_container_query_dirty_bitmap-tr.patch [RHEL-138494]
- kvm-hw-vfio-Avoid-ram_addr_t-in-vfio_container_query_dir.patch [RHEL-138494]
- kvm-hw-vfio-Use-uint64_t-for-IOVA-mapping-size-in-vfio_c.patch [RHEL-138494]
- kvm-migration-push-Error-errp-into-vmstate_subsection_lo.patch [RHEL-138494]
- kvm-migration-push-Error-errp-into-vmstate_load_state.patch [RHEL-138494]
- kvm-migration-Remove-error-variant-of-vmstate_save_state.patch [RHEL-138494]
- kvm-migration-multi-mode-notifier.patch [RHEL-138494]
- kvm-migration-add-cpr_walk_fd.patch [RHEL-138494]
- kvm-oslib-qemu_clear_cloexec.patch [RHEL-138494]
- kvm-migration-cpr-exec-command-parameter.patch [RHEL-138494]
- kvm-migration-cpr-exec-save-and-load.patch [RHEL-138494]
- kvm-migration-cpr-exec-mode.patch [RHEL-138494]
- kvm-migration-cpr-exec-docs.patch [RHEL-138494]
- kvm-vfio-cpr-exec-mode.patch [RHEL-138494]
- kvm-hw-vfio-listener-Include-missing-exec-target_page.h-.patch [RHEL-138494]
- kvm-hw-Remove-unnecessary-system-ram_addr.h-header.patch [RHEL-138494]
- kvm-vfio-container-Remap-only-populated-parts-in-a-secti.patch [RHEL-138494]
- kvm-vfio-cpr-legacy-drop-an-erroneous-assert.patch [RHEL-138494]
- kvm-vfio-iommufd-Set-cpr.ioas_id-on-source-side-for-CPR-.patch [RHEL-138494]
- kvm-vfio-iommufd-Restore-vbasedev-s-reference-to-hwpt-af.patch [RHEL-138494]
- kvm-vfio-container-Support-unmap-all-in-one-ioctl.patch [RHEL-138494]
- kvm-vfio-iommufd-Support-unmap-all-in-one-ioctl.patch [RHEL-138494]
- kvm-vfio-listener-Add-an-assertion-for-unmap_all.patch [RHEL-138494]
- kvm-vfio-Clean-up-includes.patch [RHEL-138494]
- kvm-migration-set-correct-list-pointer-when-removing-not.patch [RHEL-138494]
- kvm-vfio-user-simplify-vfio_user_process.patch [RHEL-138494]
- kvm-vfio-user-clarify-partial-message-handling.patch [RHEL-138494]
- kvm-vfio-user-refactor-out-header-handling.patch [RHEL-138494]
- kvm-vfio-user-simplify-vfio_user_recv_one.patch [RHEL-138494]
- kvm-vfio-user-recycle-msg-on-failure.patch [RHEL-138494]
- kvm-include-hw-hyperv-Remove-unused-struct-mshv_vp_regis.patch [RHEL-138494]
- kvm-linux-headers-Update-to-Linux-v6.18-rc3.patch [RHEL-138494]
- kvm-linux-headers-Update-to-Linux-v6.19-rc1.patch [RHEL-138494]
- kvm-hw-vfio-Add-helper-to-retrieve-device-feature.patch [RHEL-138494]
- kvm-hw-vfio-region-Create-dmabuf-for-PCI-BAR-per-region.patch [RHEL-138494]
- Resolves: RHEL-174858
([rhel10] Backport qemu cross-kernel migration mitigation series)
- Resolves: RHEL-138494
(NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3)
---
diff --git a/kvm-Revert-target-arm-Reinstate-bogus-AArch32-DBGDTRTX-r.patch b/kvm-Revert-target-arm-Reinstate-bogus-AArch32-DBGDTRTX-r.patch
new file mode 100644
index 0000000..5aa59f1
--- /dev/null
+++ b/kvm-Revert-target-arm-Reinstate-bogus-AArch32-DBGDTRTX-r.patch
@@ -0,0 +1,80 @@
+From 9526072fb84b844d3de49d2727ca9650f4fa4d4c Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Mon, 20 Apr 2026 16:03:57 +0200
+Subject: [PATCH 016/116] Revert "target/arm: Reinstate bogus AArch32 DBGDTRTX
+ register for migration compat"
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [16/16] 60be5ef3f6fe516b480e578cd610618d180a9655 (eauger1/centos-qemu-kvm)
+
+This reverts commit 4f2b82f60431 ("target/arm: Reinstate bogus AArch32
+DBGDTRTX register for migration compat). We don't need that commit
+anymore as the AArch32 DBGDTRTX register is declared to
+be safe to ignore in the incoming migration stream.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Sebastian Ott <sebott@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20260420140552.104369-8-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 202126dcb9d6261c38e629799265defeb3260d25)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/debug_helper.c | 29 -----------------------------
+ 1 file changed, 29 deletions(-)
+
+diff --git a/target/arm/debug_helper.c b/target/arm/debug_helper.c
+index 579516e154..aee06d4d42 100644
+--- a/target/arm/debug_helper.c
++++ b/target/arm/debug_helper.c
+@@ -940,13 +940,6 @@ static void dbgclaimclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
+ env->cp15.dbgclaim &= ~(value & 0xFF);
+ }
+
+-static CPAccessResult access_bogus(CPUARMState *env, const ARMCPRegInfo *ri,
+- bool isread)
+-{
+- /* Always UNDEF, as if this cpreg didn't exist */
+- return CP_ACCESS_UNDEFINED;
+-}
+-
+ static const ARMCPRegInfo debug_cp_reginfo[] = {
+ /*
+ * DBGDRAR, DBGDSAR: always RAZ since we don't implement memory mapped
+@@ -1009,28 +1002,6 @@ static const ARMCPRegInfo debug_cp_reginfo[] = {
+ .opc0 = 2, .opc1 = 3, .crn = 0, .crm = 4, .opc2 = 0,
+ .access = PL0_RW, .accessfn = access_tdcc,
+ .type = ARM_CP_CONST, .resetvalue = 0 },
+- /*
+- * This is not a real AArch32 register. We used to incorrectly expose
+- * this due to a QEMU bug; to avoid breaking migration compatibility we
+- * need to continue to provide it so that we don't fail the inbound
+- * migration when it tells us about a sysreg that we don't have.
+- * We set an always-fails .accessfn, which means that the guest doesn't
+- * actually see this register (it will always UNDEF, identically to if
+- * there were no cpreg definition for it other than that we won't print
+- * a LOG_UNIMP message about it), and we set the ARM_CP_NO_GDB flag so the
+- * gdbstub won't see it either.
+- * (We can't just set .access = 0, because add_cpreg_to_hashtable()
+- * helpfully ignores cpregs which aren't accessible to the highest
+- * implemented EL.)
+- *
+- * TODO: implement a system for being able to describe "this register
+- * can be ignored if it appears in the inbound stream"; then we can
+- * remove this temporary hack.
+- */
+- { .name = "BOGUS_DBGDTR_EL0", .state = ARM_CP_STATE_AA32,
+- .cp = 14, .opc1 = 3, .crn = 0, .crm = 5, .opc2 = 0,
+- .access = PL0_RW, .accessfn = access_bogus,
+- .type = ARM_CP_CONST | ARM_CP_NO_GDB, .resetvalue = 0 },
+ /*
+ * OSECCR_EL1 provides a mechanism for an operating system
+ * to access the contents of EDECCR. EDECCR is not implemented though,
+--
+2.52.0
+
diff --git a/kvm-hw-Remove-unnecessary-system-ram_addr.h-header.patch b/kvm-hw-Remove-unnecessary-system-ram_addr.h-header.patch
new file mode 100644
index 0000000..f2da34c
--- /dev/null
+++ b/kvm-hw-Remove-unnecessary-system-ram_addr.h-header.patch
@@ -0,0 +1,138 @@
+From eb8e987dcd0daf3dfabb014e71c7f4d840f569ca Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Tue, 30 Sep 2025 09:20:38 +0200
+Subject: [PATCH 097/116] hw: Remove unnecessary 'system/ram_addr.h' header
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [81/100] bd76df276be7e688948ada5f196d3086f80d227e (rovick1/qemu-kvm)
+
+None of these files require definition exposed by "system/ram_addr.h",
+remove its inclusion.
+
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Jagannathan Raman <jag.raman@oracle.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: Eric Farman <farman@linux.ibm.com>
+Reviewed-by: Thomas Huth <thuth@redhat.com>
+Acked-by: Michael S. Tsirkin <mst@redhat.com>
+Message-Id: <20251001175448.18933-7-philmd@linaro.org>
+(cherry picked from commit 97480ca692e94bb790190a43bb122bd0752b8f62)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/ppc/spapr.c | 1 -
+ hw/ppc/spapr_caps.c | 1 -
+ hw/ppc/spapr_pci.c | 1 -
+ hw/remote/memory.c | 1 -
+ hw/remote/proxy-memory-listener.c | 1 -
+ hw/s390x/s390-virtio-ccw.c | 1 -
+ hw/vfio/spapr.c | 1 -
+ hw/virtio/virtio-mem.c | 1 -
+ 8 files changed, 8 deletions(-)
+
+diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
+index 1855a3cd8d..5906a1325d 100644
+--- a/hw/ppc/spapr.c
++++ b/hw/ppc/spapr.c
+@@ -77,7 +77,6 @@
+ #include "hw/virtio/virtio-scsi.h"
+ #include "hw/virtio/vhost-scsi-common.h"
+
+-#include "system/ram_addr.h"
+ #include "system/confidential-guest-support.h"
+ #include "hw/usb.h"
+ #include "qemu/config-file.h"
+diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
+index f2f5722d8a..0f94c192fd 100644
+--- a/hw/ppc/spapr_caps.c
++++ b/hw/ppc/spapr_caps.c
+@@ -27,7 +27,6 @@
+ #include "qapi/error.h"
+ #include "qapi/visitor.h"
+ #include "system/hw_accel.h"
+-#include "system/ram_addr.h"
+ #include "target/ppc/cpu.h"
+ #include "target/ppc/mmu-hash64.h"
+ #include "cpu-models.h"
+diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
+index 1ac1185825..f9095552e8 100644
+--- a/hw/ppc/spapr_pci.c
++++ b/hw/ppc/spapr_pci.c
+@@ -34,7 +34,6 @@
+ #include "hw/pci/pci_host.h"
+ #include "hw/ppc/spapr.h"
+ #include "hw/pci-host/spapr.h"
+-#include "system/ram_addr.h"
+ #include <libfdt.h>
+ #include "trace.h"
+ #include "qemu/error-report.h"
+diff --git a/hw/remote/memory.c b/hw/remote/memory.c
+index 00193a552f..8195aa5fb8 100644
+--- a/hw/remote/memory.c
++++ b/hw/remote/memory.c
+@@ -11,7 +11,6 @@
+ #include "qemu/osdep.h"
+
+ #include "hw/remote/memory.h"
+-#include "system/ram_addr.h"
+ #include "qapi/error.h"
+
+ static void remote_sysmem_reset(void)
+diff --git a/hw/remote/proxy-memory-listener.c b/hw/remote/proxy-memory-listener.c
+index 30ac74961d..e1a52d24f0 100644
+--- a/hw/remote/proxy-memory-listener.c
++++ b/hw/remote/proxy-memory-listener.c
+@@ -12,7 +12,6 @@
+ #include "qemu/range.h"
+ #include "system/memory.h"
+ #include "exec/cpu-common.h"
+-#include "system/ram_addr.h"
+ #include "qapi/error.h"
+ #include "qemu/error-report.h"
+ #include "hw/remote/mpqemu-link.h"
+diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
+index 4937a0c3b8..c2ebc086b3 100644
+--- a/hw/s390x/s390-virtio-ccw.c
++++ b/hw/s390x/s390-virtio-ccw.c
+@@ -13,7 +13,6 @@
+
+ #include "qemu/osdep.h"
+ #include "qapi/error.h"
+-#include "system/ram_addr.h"
+ #include "system/confidential-guest-support.h"
+ #include "hw/boards.h"
+ #include "hw/s390x/sclp.h"
+diff --git a/hw/vfio/spapr.c b/hw/vfio/spapr.c
+index 8d9d68da4e..0f23681a3f 100644
+--- a/hw/vfio/spapr.c
++++ b/hw/vfio/spapr.c
+@@ -17,7 +17,6 @@
+
+ #include "hw/vfio/vfio-container-legacy.h"
+ #include "hw/hw.h"
+-#include "system/ram_addr.h"
+ #include "qemu/error-report.h"
+ #include "qapi/error.h"
+ #include "trace.h"
+diff --git a/hw/virtio/virtio-mem.c b/hw/virtio/virtio-mem.c
+index 1805597879..582f3f0e00 100644
+--- a/hw/virtio/virtio-mem.c
++++ b/hw/virtio/virtio-mem.c
+@@ -24,7 +24,6 @@
+ #include "hw/virtio/virtio-mem.h"
+ #include "qapi/error.h"
+ #include "qapi/visitor.h"
+-#include "system/ram_addr.h"
+ #include "migration/misc.h"
+ #include "hw/boards.h"
+ #include "hw/qdev-properties.h"
+--
+2.52.0
+
diff --git a/kvm-hw-arm-virt-Include-system-system.h.patch b/kvm-hw-arm-virt-Include-system-system.h.patch
new file mode 100644
index 0000000..ba7c518
--- /dev/null
+++ b/kvm-hw-arm-virt-Include-system-system.h.patch
@@ -0,0 +1,47 @@
+From 03d37e65c55a45d57410e3494681c79a43762adc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com>
+Date: Mon, 1 Sep 2025 08:46:24 +0200
+Subject: [PATCH 022/116] hw/arm/virt: Include 'system/system.h'
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [6/100] 17d12a26fb83432d261f644ff9583bdd4224fee3 (rovick1/qemu-kvm)
+
+hw/arm/virt.c should include 'system/system.h' for :
+
+ serial_hd()
+ qemu_add_machine_init_done_notifier()
+
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Link: https://lore.kernel.org/qemu-devel/20250731144019.1403591-1-clg@redhat.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+Message-ID: <20250901064631.530723-2-clg@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+(cherry picked from commit 319ca84949fc3134774342d50790592680c3b9b0)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/arm/virt.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index 2a399e468c..990d2c73c7 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -49,6 +49,7 @@
+ #include "system/kvm.h"
+ #include "system/hvf.h"
+ #include "system/qtest.h"
++#include "system/system.h"
+ #include "hw/loader.h"
+ #include "qapi/error.h"
+ #include "qemu/bitops.h"
+--
+2.52.0
+
diff --git a/kvm-hw-pci-host-gpex-acpi-Fix-_DSM-function-0-support-re.patch b/kvm-hw-pci-host-gpex-acpi-Fix-_DSM-function-0-support-re.patch
new file mode 100644
index 0000000..51a3a9e
--- /dev/null
+++ b/kvm-hw-pci-host-gpex-acpi-Fix-_DSM-function-0-support-re.patch
@@ -0,0 +1,67 @@
+From 5cbfc281e40af4411dbdac94fe704385c473b485 Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Wed, 22 Oct 2025 09:06:38 +0100
+Subject: [PATCH 017/116] hw/pci-host/gpex-acpi: Fix _DSM function 0 support
+ return value
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [1/100] 08174a592249c33057c131aa6ff2d49f346e3fe6 (rovick1/qemu-kvm)
+
+Currently, only function 0 is supported. According to the ACPI
+Specification, Revision 6.6, Section 9.1.1 “_DSM (Device Specific
+Method)”, bit 0 should be 0 to indicate that no other functions
+are supported beyond function 0.
+
+The resulting AML change looks like this:
+
+Method (_DSM, 4, NotSerialized) // _DSM: Device-Specific Method
+{
+ If ((Arg0 == ToUUID ("e5c937d0-3553-4d7a-9117-ea4d19c3434d")
+ {
+ If ((Arg2 == Zero))
+ {
+ Return (Buffer (One)
+ {
+- 0x01 // .
++ 0x00 // .
+ })
+ }
+ }
+}
+
+Fixes: 5b85eabe68f9 ("acpi: add acpi_dsdt_add_gpex")
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com>
+Tested-by: Zhangfei Gao <zhangfei.gao@linaro.org>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Message-Id: <20251022080639.243965-3-skolothumtho@nvidia.com>
+(cherry picked from commit 325aa2d86a20786c308b0874d15a60d1b924bd0e)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/pci-host/gpex-acpi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/pci-host/gpex-acpi.c b/hw/pci-host/gpex-acpi.c
+index 952a0ace19..4587baeb78 100644
+--- a/hw/pci-host/gpex-acpi.c
++++ b/hw/pci-host/gpex-acpi.c
+@@ -64,7 +64,7 @@ static Aml *build_pci_host_bridge_dsm_method(void)
+ UUID = aml_touuid("E5C937D0-3553-4D7A-9117-EA4D19C3434D");
+ ifctx = aml_if(aml_equal(aml_arg(0), UUID));
+ ifctx1 = aml_if(aml_equal(aml_arg(2), aml_int(0)));
+- uint8_t byte_list[1] = {1};
++ uint8_t byte_list[1] = {0};
+ buf = aml_buffer(1, byte_list);
+ aml_append(ifctx1, aml_return(buf));
+ aml_append(ifctx, ifctx1);
+--
+2.52.0
+
diff --git a/kvm-hw-vfio-Add-helper-to-retrieve-device-feature.patch b/kvm-hw-vfio-Add-helper-to-retrieve-device-feature.patch
new file mode 100644
index 0000000..4cec952
--- /dev/null
+++ b/kvm-hw-vfio-Add-helper-to-retrieve-device-feature.patch
@@ -0,0 +1,108 @@
+From 35f299ce5e5e3d665ab3d9ce323ed375d45e1a80 Mon Sep 17 00:00:00 2001
+From: Shameer Kolothum <skolothumtho@nvidia.com>
+Date: Wed, 21 Jan 2026 11:41:10 +0000
+Subject: [PATCH 115/116] hw/vfio: Add helper to retrieve device feature
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [99/100] a043c8344cededd1eb7eed7ac82cfd14aecebbe1 (rovick1/qemu-kvm)
+
+Add vfio_device_get_feature() as a common helper to retrieve
+VFIO device features.
+
+No functional change intended.
+
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com>
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Tested-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20260121114111.34045-3-skolothumtho@nvidia.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit de36da106dcfd42ee79779a25713e86500276382)
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+---
+ hw/vfio/container.c | 2 +-
+ hw/vfio/device.c | 9 +++++++++
+ hw/vfio/listener.c | 4 ++--
+ include/hw/vfio/vfio-device.h | 3 +++
+ 4 files changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/hw/vfio/container.c b/hw/vfio/container.c
+index cc0367ecc4..1b8569d36a 100644
+--- a/hw/vfio/container.c
++++ b/hw/vfio/container.c
+@@ -207,7 +207,7 @@ static int vfio_device_dma_logging_report(VFIODevice *vbasedev, hwaddr iova,
+ feature->flags = VFIO_DEVICE_FEATURE_GET |
+ VFIO_DEVICE_FEATURE_DMA_LOGGING_REPORT;
+
+- return vbasedev->io_ops->device_feature(vbasedev, feature);
++ return vfio_device_get_feature(vbasedev, feature);
+ }
+
+ static int vfio_container_iommu_query_dirty_bitmap(
+diff --git a/hw/vfio/device.c b/hw/vfio/device.c
+index 8b63e765ac..330f2598ff 100644
+--- a/hw/vfio/device.c
++++ b/hw/vfio/device.c
+@@ -515,6 +515,15 @@ void vfio_device_unprepare(VFIODevice *vbasedev)
+ vbasedev->bcontainer = NULL;
+ }
+
++int vfio_device_get_feature(VFIODevice *vbasedev,
++ struct vfio_device_feature *feature)
++{
++ if (!vbasedev->io_ops || !vbasedev->io_ops->device_feature) {
++ return -EINVAL;
++ }
++ return vbasedev->io_ops->device_feature(vbasedev, feature);
++}
++
+ /*
+ * Traditional ioctl() based io
+ */
+diff --git a/hw/vfio/listener.c b/hw/vfio/listener.c
+index 27174bf87c..afcf518f56 100644
+--- a/hw/vfio/listener.c
++++ b/hw/vfio/listener.c
+@@ -880,7 +880,7 @@ static void vfio_devices_dma_logging_stop(VFIOContainer *bcontainer)
+ continue;
+ }
+
+- ret = vbasedev->io_ops->device_feature(vbasedev, feature);
++ ret = vfio_device_get_feature(vbasedev, feature);
+
+ if (ret != 0) {
+ warn_report("%s: Failed to stop DMA logging, err %d (%s)",
+@@ -985,7 +985,7 @@ static bool vfio_devices_dma_logging_start(VFIOContainer *bcontainer,
+ continue;
+ }
+
+- ret = vbasedev->io_ops->device_feature(vbasedev, feature);
++ ret = vfio_device_get_feature(vbasedev, feature);
+ if (ret) {
+ error_setg_errno(errp, -ret, "%s: Failed to start DMA logging",
+ vbasedev->name);
+diff --git a/include/hw/vfio/vfio-device.h b/include/hw/vfio/vfio-device.h
+index dac305fc6f..fc28f580ba 100644
+--- a/include/hw/vfio/vfio-device.h
++++ b/include/hw/vfio/vfio-device.h
+@@ -258,6 +258,9 @@ void vfio_device_prepare(VFIODevice *vbasedev, VFIOContainer *bcontainer,
+
+ void vfio_device_unprepare(VFIODevice *vbasedev);
+
++int vfio_device_get_feature(VFIODevice *vbasedev,
++ struct vfio_device_feature *feature);
++
+ int vfio_device_get_region_info(VFIODevice *vbasedev, int index,
+ struct vfio_region_info **info);
+ int vfio_device_get_region_info_type(VFIODevice *vbasedev, uint32_t type,
+--
+2.52.0
+
diff --git a/kvm-hw-vfio-Avoid-ram_addr_t-in-vfio_container_query_dir.patch b/kvm-hw-vfio-Avoid-ram_addr_t-in-vfio_container_query_dir.patch
new file mode 100644
index 0000000..7f458f5
--- /dev/null
+++ b/kvm-hw-vfio-Avoid-ram_addr_t-in-vfio_container_query_dir.patch
@@ -0,0 +1,168 @@
+From e8cf6a0ce9dff5c6868d3fb9ee6fc20160c6c31a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Tue, 30 Sep 2025 14:35:27 +0200
+Subject: [PATCH 083/116] hw/vfio: Avoid ram_addr_t in
+ vfio_container_query_dirty_bitmap()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [67/100] 37966a76b51c15dbe4afed7f224e6347f2fd153f (rovick1/qemu-kvm)
+
+The 'ram_addr_t' type is described as:
+
+ a QEMU internal address space that maps guest RAM physical
+ addresses into an intermediate address space that can map
+ to host virtual address spaces.
+
+vfio_container_query_dirty_bitmap() doesn't expect such QEMU
+intermediate address, but a guest physical addresses. Use the
+appropriate 'hwaddr' type, rename as @translated_addr for
+clarity.
+
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250930123528.42878-4-philmd@linaro.org
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 0ca70d3bf722a94c53f254670e6a642e77aa077c)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/container.c | 11 ++++++-----
+ hw/vfio/listener.c | 18 +++++++++---------
+ hw/vfio/trace-events | 2 +-
+ include/hw/vfio/vfio-container.h | 3 ++-
+ 4 files changed, 18 insertions(+), 16 deletions(-)
+
+diff --git a/hw/vfio/container.c b/hw/vfio/container.c
+index 250b20f424..9d69439371 100644
+--- a/hw/vfio/container.c
++++ b/hw/vfio/container.c
+@@ -246,7 +246,7 @@ static int vfio_container_devices_query_dirty_bitmap(
+
+ int vfio_container_query_dirty_bitmap(const VFIOContainer *bcontainer,
+ uint64_t iova, uint64_t size,
+- ram_addr_t ram_addr, Error **errp)
++ hwaddr translated_addr, Error **errp)
+ {
+ bool all_device_dirty_tracking =
+ vfio_container_devices_dirty_tracking_is_supported(bcontainer);
+@@ -255,7 +255,7 @@ int vfio_container_query_dirty_bitmap(const VFIOContainer *bcontainer,
+ int ret;
+
+ if (!bcontainer->dirty_pages_supported && !all_device_dirty_tracking) {
+- cpu_physical_memory_set_dirty_range(ram_addr, size,
++ cpu_physical_memory_set_dirty_range(translated_addr, size,
+ tcg_enabled() ? DIRTY_CLIENTS_ALL :
+ DIRTY_CLIENTS_NOCODE);
+ return 0;
+@@ -280,11 +280,12 @@ int vfio_container_query_dirty_bitmap(const VFIOContainer *bcontainer,
+ goto out;
+ }
+
+- dirty_pages = cpu_physical_memory_set_dirty_lebitmap(vbmap.bitmap, ram_addr,
++ dirty_pages = cpu_physical_memory_set_dirty_lebitmap(vbmap.bitmap,
++ translated_addr,
+ vbmap.pages);
+
+- trace_vfio_container_query_dirty_bitmap(iova, size, vbmap.size, ram_addr,
+- dirty_pages);
++ trace_vfio_container_query_dirty_bitmap(iova, size, vbmap.size,
++ translated_addr, dirty_pages);
+ out:
+ g_free(vbmap.bitmap);
+
+diff --git a/hw/vfio/listener.c b/hw/vfio/listener.c
+index 3b6f17f0c3..a2c19a3cec 100644
+--- a/hw/vfio/listener.c
++++ b/hw/vfio/listener.c
+@@ -1059,7 +1059,7 @@ static void vfio_iommu_map_dirty_notify(IOMMUNotifier *n, IOMMUTLBEntry *iotlb)
+ VFIOGuestIOMMU *giommu = gdn->giommu;
+ VFIOContainer *bcontainer = giommu->bcontainer;
+ hwaddr iova = iotlb->iova + giommu->iommu_offset;
+- ram_addr_t translated_addr;
++ hwaddr translated_addr;
+ Error *local_err = NULL;
+ int ret = -EINVAL;
+ MemoryRegion *mr;
+@@ -1108,8 +1108,8 @@ static int vfio_ram_discard_query_dirty_bitmap(MemoryRegionSection *section,
+ {
+ const hwaddr size = int128_get64(section->size);
+ const hwaddr iova = section->offset_within_address_space;
+- const ram_addr_t ram_addr = memory_region_get_ram_addr(section->mr) +
+- section->offset_within_region;
++ const hwaddr translated_addr = memory_region_get_ram_addr(section->mr) +
++ section->offset_within_region;
+ VFIORamDiscardListener *vrdl = opaque;
+ Error *local_err = NULL;
+ int ret;
+@@ -1118,8 +1118,8 @@ static int vfio_ram_discard_query_dirty_bitmap(MemoryRegionSection *section,
+ * Sync the whole mapped region (spanning multiple individual mappings)
+ * in one go.
+ */
+- ret = vfio_container_query_dirty_bitmap(vrdl->bcontainer, iova, size, ram_addr,
+- &local_err);
++ ret = vfio_container_query_dirty_bitmap(vrdl->bcontainer, iova, size,
++ translated_addr, &local_err);
+ if (ret) {
+ error_report_err(local_err);
+ }
+@@ -1183,7 +1183,7 @@ static int vfio_sync_iommu_dirty_bitmap(VFIOContainer *bcontainer,
+ static int vfio_sync_dirty_bitmap(VFIOContainer *bcontainer,
+ MemoryRegionSection *section, Error **errp)
+ {
+- ram_addr_t ram_addr;
++ hwaddr translated_addr;
+
+ if (memory_region_is_iommu(section->mr)) {
+ return vfio_sync_iommu_dirty_bitmap(bcontainer, section);
+@@ -1198,12 +1198,12 @@ static int vfio_sync_dirty_bitmap(VFIOContainer *bcontainer,
+ return ret;
+ }
+
+- ram_addr = memory_region_get_ram_addr(section->mr) +
+- section->offset_within_region;
++ translated_addr = memory_region_get_ram_addr(section->mr) +
++ section->offset_within_region;
+
+ return vfio_container_query_dirty_bitmap(bcontainer,
+ REAL_HOST_PAGE_ALIGN(section->offset_within_address_space),
+- int128_get64(section->size), ram_addr, errp);
++ int128_get64(section->size), translated_addr, errp);
+ }
+
+ static void vfio_listener_log_sync(MemoryListener *listener,
+diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events
+index b1b470cc29..1e895448cd 100644
+--- a/hw/vfio/trace-events
++++ b/hw/vfio/trace-events
+@@ -105,7 +105,7 @@ vfio_device_dirty_tracking_start(int nr_ranges, uint64_t min32, uint64_t max32,
+ vfio_iommu_map_dirty_notify(uint64_t iova_start, uint64_t iova_end) "iommu dirty @ 0x%"PRIx64" - 0x%"PRIx64
+
+ # container.c
+-vfio_container_query_dirty_bitmap(uint64_t iova, uint64_t size, uint64_t bitmap_size, uint64_t start, uint64_t dirty_pages) "iova=0x%"PRIx64" size= 0x%"PRIx64" bitmap_size=0x%"PRIx64" start=0x%"PRIx64" dirty_pages=%"PRIu64
++vfio_container_query_dirty_bitmap(uint64_t iova, uint64_t size, uint64_t bitmap_size, uint64_t translated_addr, uint64_t dirty_pages) "iova=0x%"PRIx64" size= 0x%"PRIx64" bitmap_size=0x%"PRIx64" gpa=0x%"PRIx64" dirty_pages=%"PRIu64
+
+ # container-legacy.c
+ vfio_container_disconnect(int fd) "close container->fd=%d"
+diff --git a/include/hw/vfio/vfio-container.h b/include/hw/vfio/vfio-container.h
+index b8fb2b8b5d..093c360f0e 100644
+--- a/include/hw/vfio/vfio-container.h
++++ b/include/hw/vfio/vfio-container.h
+@@ -98,7 +98,8 @@ bool vfio_container_dirty_tracking_is_started(
+ bool vfio_container_devices_dirty_tracking_is_supported(
+ const VFIOContainer *bcontainer);
+ int vfio_container_query_dirty_bitmap(const VFIOContainer *bcontainer,
+- uint64_t iova, uint64_t size, ram_addr_t ram_addr, Error **errp);
++ uint64_t iova, uint64_t size,
++ hwaddr translated_addr, Error **errp);
+
+ GList *vfio_container_get_iova_ranges(const VFIOContainer *bcontainer);
+
+--
+2.52.0
+
diff --git a/kvm-hw-vfio-Reorder-vfio_container_query_dirty_bitmap-tr.patch b/kvm-hw-vfio-Reorder-vfio_container_query_dirty_bitmap-tr.patch
new file mode 100644
index 0000000..0dcc3ce
--- /dev/null
+++ b/kvm-hw-vfio-Reorder-vfio_container_query_dirty_bitmap-tr.patch
@@ -0,0 +1,51 @@
+From 0f58afac81fd3fcf07e130d359eb54b754d7b6e0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Tue, 30 Sep 2025 14:35:26 +0200
+Subject: [PATCH 082/116] hw/vfio: Reorder vfio_container_query_dirty_bitmap()
+ trace format
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [66/100] 4b0f19201e5684ab27d2fb46e55a65a965ce45da (rovick1/qemu-kvm)
+
+Update the trace-events comments after the changes from
+commit dcce51b1938 ("hw/vfio/container-base.c: rename file
+to container.c") and commit a3bcae62b6a ("hw/vfio/container.c:
+rename file to container-legacy.c").
+
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250930123528.42878-3-philmd@linaro.org
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 5764a715277afc4d6076fbf2bae1697dbd2fa182)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/trace-events | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events
+index 7496e1b64b..b1b470cc29 100644
+--- a/hw/vfio/trace-events
++++ b/hw/vfio/trace-events
+@@ -104,10 +104,10 @@ vfio_device_dirty_tracking_update(uint64_t start, uint64_t end, uint64_t min, ui
+ vfio_device_dirty_tracking_start(int nr_ranges, uint64_t min32, uint64_t max32, uint64_t min64, uint64_t max64, uint64_t minpci, uint64_t maxpci) "nr_ranges %d 32:[0x%"PRIx64" - 0x%"PRIx64"], 64:[0x%"PRIx64" - 0x%"PRIx64"], pci64:[0x%"PRIx64" - 0x%"PRIx64"]"
+ vfio_iommu_map_dirty_notify(uint64_t iova_start, uint64_t iova_end) "iommu dirty @ 0x%"PRIx64" - 0x%"PRIx64
+
+-# container-base.c
++# container.c
+ vfio_container_query_dirty_bitmap(uint64_t iova, uint64_t size, uint64_t bitmap_size, uint64_t start, uint64_t dirty_pages) "iova=0x%"PRIx64" size= 0x%"PRIx64" bitmap_size=0x%"PRIx64" start=0x%"PRIx64" dirty_pages=%"PRIu64
+
+-# container.c
++# container-legacy.c
+ vfio_container_disconnect(int fd) "close container->fd=%d"
+ vfio_group_put(int fd) "close group->fd=%d"
+ vfio_device_get(const char * name, unsigned int flags, unsigned int num_regions, unsigned int num_irqs) "Device %s flags: %u, regions: %u, irqs: %u"
+--
+2.52.0
+
diff --git a/kvm-hw-vfio-Use-uint64_t-for-IOVA-mapping-size-in-vfio_c.patch b/kvm-hw-vfio-Use-uint64_t-for-IOVA-mapping-size-in-vfio_c.patch
new file mode 100644
index 0000000..6372e0b
--- /dev/null
+++ b/kvm-hw-vfio-Use-uint64_t-for-IOVA-mapping-size-in-vfio_c.patch
@@ -0,0 +1,229 @@
+From 4b7e28827bbe71127a7847040b5b92140fd411ad Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Tue, 30 Sep 2025 14:35:28 +0200
+Subject: [PATCH 084/116] hw/vfio: Use uint64_t for IOVA mapping size in
+ vfio_container_dma_*map
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [68/100] f8b00f9ff83c4438173efed13b0b336459541877 (rovick1/qemu-kvm)
+
+The 'ram_addr_t' type is described as:
+
+ a QEMU internal address space that maps guest RAM physical
+ addresses into an intermediate address space that can map
+ to host virtual address spaces.
+
+This doesn't represent well an IOVA mapping size. Simply use
+the uint64_t type.
+
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250930123528.42878-5-philmd@linaro.org
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit f0b52aa08ab0868c18d881381a8fda4b59b37517)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/container.c | 4 ++--
+ hw/vfio/container-legacy.c | 8 ++++----
+ hw/vfio/container.c | 4 ++--
+ hw/vfio/cpr-legacy.c | 2 +-
+ hw/vfio/iommufd.c | 6 +++---
+ include/hw/vfio/vfio-container.h | 10 +++++-----
+ include/hw/vfio/vfio-cpr.h | 2 +-
+ 7 files changed, 18 insertions(+), 18 deletions(-)
+
+diff --git a/hw/vfio-user/container.c b/hw/vfio-user/container.c
+index 411eb7b28b..e45192fef6 100644
+--- a/hw/vfio-user/container.c
++++ b/hw/vfio-user/container.c
+@@ -39,7 +39,7 @@ static void vfio_user_listener_commit(VFIOContainer *bcontainer)
+ }
+
+ static int vfio_user_dma_unmap(const VFIOContainer *bcontainer,
+- hwaddr iova, ram_addr_t size,
++ hwaddr iova, uint64_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all)
+ {
+ VFIOUserContainer *container = VFIO_IOMMU_USER(bcontainer);
+@@ -81,7 +81,7 @@ static int vfio_user_dma_unmap(const VFIOContainer *bcontainer,
+ }
+
+ static int vfio_user_dma_map(const VFIOContainer *bcontainer, hwaddr iova,
+- ram_addr_t size, void *vaddr, bool readonly,
++ uint64_t size, void *vaddr, bool readonly,
+ MemoryRegion *mrp)
+ {
+ VFIOUserContainer *container = VFIO_IOMMU_USER(bcontainer);
+diff --git a/hw/vfio/container-legacy.c b/hw/vfio/container-legacy.c
+index 2d19d97e2d..1394dd6fe8 100644
+--- a/hw/vfio/container-legacy.c
++++ b/hw/vfio/container-legacy.c
+@@ -83,7 +83,7 @@ static int vfio_ram_block_discard_disable(VFIOLegacyContainer *container,
+ }
+
+ static int vfio_dma_unmap_bitmap(const VFIOLegacyContainer *container,
+- hwaddr iova, ram_addr_t size,
++ hwaddr iova, uint64_t size,
+ IOMMUTLBEntry *iotlb)
+ {
+ const VFIOContainer *bcontainer = VFIO_IOMMU(container);
+@@ -136,7 +136,7 @@ unmap_exit:
+ }
+
+ static int vfio_legacy_dma_unmap_one(const VFIOContainer *bcontainer,
+- hwaddr iova, ram_addr_t size,
++ hwaddr iova, uint64_t size,
+ IOMMUTLBEntry *iotlb)
+ {
+ const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+@@ -181,7 +181,7 @@ static int vfio_legacy_dma_unmap_one(const VFIOContainer *bcontainer,
+ * DMA - Mapping and unmapping for the "type1" IOMMU interface used on x86
+ */
+ static int vfio_legacy_dma_unmap(const VFIOContainer *bcontainer,
+- hwaddr iova, ram_addr_t size,
++ hwaddr iova, uint64_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all)
+ {
+ int ret;
+@@ -206,7 +206,7 @@ static int vfio_legacy_dma_unmap(const VFIOContainer *bcontainer,
+ }
+
+ static int vfio_legacy_dma_map(const VFIOContainer *bcontainer, hwaddr iova,
+- ram_addr_t size, void *vaddr, bool readonly,
++ uint64_t size, void *vaddr, bool readonly,
+ MemoryRegion *mr)
+ {
+ const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+diff --git a/hw/vfio/container.c b/hw/vfio/container.c
+index 9d69439371..41de343924 100644
+--- a/hw/vfio/container.c
++++ b/hw/vfio/container.c
+@@ -74,7 +74,7 @@ void vfio_address_space_insert(VFIOAddressSpace *space,
+ }
+
+ int vfio_container_dma_map(VFIOContainer *bcontainer,
+- hwaddr iova, ram_addr_t size,
++ hwaddr iova, uint64_t size,
+ void *vaddr, bool readonly, MemoryRegion *mr)
+ {
+ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+@@ -93,7 +93,7 @@ int vfio_container_dma_map(VFIOContainer *bcontainer,
+ }
+
+ int vfio_container_dma_unmap(VFIOContainer *bcontainer,
+- hwaddr iova, ram_addr_t size,
++ hwaddr iova, uint64_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all)
+ {
+ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c
+index bbf7a0d35f..3a1d126556 100644
+--- a/hw/vfio/cpr-legacy.c
++++ b/hw/vfio/cpr-legacy.c
+@@ -39,7 +39,7 @@ static bool vfio_dma_unmap_vaddr_all(VFIOLegacyContainer *container,
+ * The incoming state is cleared thereafter.
+ */
+ static int vfio_legacy_cpr_dma_map(const VFIOContainer *bcontainer,
+- hwaddr iova, ram_addr_t size, void *vaddr,
++ hwaddr iova, uint64_t size, void *vaddr,
+ bool readonly, MemoryRegion *mr)
+ {
+ const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
+index 76f0806ec0..10fc065d20 100644
+--- a/hw/vfio/iommufd.c
++++ b/hw/vfio/iommufd.c
+@@ -35,7 +35,7 @@
+ TYPE_HOST_IOMMU_DEVICE_IOMMUFD "-vfio"
+
+ static int iommufd_cdev_map(const VFIOContainer *bcontainer, hwaddr iova,
+- ram_addr_t size, void *vaddr, bool readonly,
++ uint64_t size, void *vaddr, bool readonly,
+ MemoryRegion *mr)
+ {
+ const VFIOIOMMUFDContainer *container = VFIO_IOMMU_IOMMUFD(bcontainer);
+@@ -46,7 +46,7 @@ static int iommufd_cdev_map(const VFIOContainer *bcontainer, hwaddr iova,
+ }
+
+ static int iommufd_cdev_map_file(const VFIOContainer *bcontainer,
+- hwaddr iova, ram_addr_t size,
++ hwaddr iova, uint64_t size,
+ int fd, unsigned long start, bool readonly)
+ {
+ const VFIOIOMMUFDContainer *container = VFIO_IOMMU_IOMMUFD(bcontainer);
+@@ -57,7 +57,7 @@ static int iommufd_cdev_map_file(const VFIOContainer *bcontainer,
+ }
+
+ static int iommufd_cdev_unmap(const VFIOContainer *bcontainer,
+- hwaddr iova, ram_addr_t size,
++ hwaddr iova, uint64_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all)
+ {
+ const VFIOIOMMUFDContainer *container = VFIO_IOMMU_IOMMUFD(bcontainer);
+diff --git a/include/hw/vfio/vfio-container.h b/include/hw/vfio/vfio-container.h
+index 093c360f0e..c4b58d664b 100644
+--- a/include/hw/vfio/vfio-container.h
++++ b/include/hw/vfio/vfio-container.h
+@@ -81,10 +81,10 @@ void vfio_address_space_insert(VFIOAddressSpace *space,
+ VFIOContainer *bcontainer);
+
+ int vfio_container_dma_map(VFIOContainer *bcontainer,
+- hwaddr iova, ram_addr_t size,
++ hwaddr iova, uint64_t size,
+ void *vaddr, bool readonly, MemoryRegion *mr);
+ int vfio_container_dma_unmap(VFIOContainer *bcontainer,
+- hwaddr iova, ram_addr_t size,
++ hwaddr iova, uint64_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all);
+ bool vfio_container_add_section_window(VFIOContainer *bcontainer,
+ MemoryRegionSection *section,
+@@ -167,7 +167,7 @@ struct VFIOIOMMUClass {
+ * Returns 0 to indicate success and -errno otherwise.
+ */
+ int (*dma_map)(const VFIOContainer *bcontainer,
+- hwaddr iova, ram_addr_t size,
++ hwaddr iova, uint64_t size,
+ void *vaddr, bool readonly, MemoryRegion *mr);
+ /**
+ * @dma_map_file
+@@ -182,7 +182,7 @@ struct VFIOIOMMUClass {
+ * @readonly: map read only if true
+ */
+ int (*dma_map_file)(const VFIOContainer *bcontainer,
+- hwaddr iova, ram_addr_t size,
++ hwaddr iova, uint64_t size,
+ int fd, unsigned long start, bool readonly);
+ /**
+ * @dma_unmap
+@@ -198,7 +198,7 @@ struct VFIOIOMMUClass {
+ * Returns 0 to indicate success and -errno otherwise.
+ */
+ int (*dma_unmap)(const VFIOContainer *bcontainer,
+- hwaddr iova, ram_addr_t size,
++ hwaddr iova, uint64_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all);
+
+
+diff --git a/include/hw/vfio/vfio-cpr.h b/include/hw/vfio/vfio-cpr.h
+index 26ee0c4fe1..81f4e24e22 100644
+--- a/include/hw/vfio/vfio-cpr.h
++++ b/include/hw/vfio/vfio-cpr.h
+@@ -21,7 +21,7 @@ struct VFIOIOMMUFDContainer;
+ struct IOMMUFDBackend;
+
+ typedef int (*dma_map_fn)(const struct VFIOContainer *bcontainer,
+- hwaddr iova, ram_addr_t size, void *vaddr,
++ hwaddr iova, uint64_t size, void *vaddr,
+ bool readonly, MemoryRegion *mr);
+
+ typedef struct VFIOContainerCPR {
+--
+2.52.0
+
diff --git a/kvm-hw-vfio-container-base.c-rename-file-to-container.c.patch b/kvm-hw-vfio-container-base.c-rename-file-to-container.c.patch
new file mode 100644
index 0000000..9d6c893
--- /dev/null
+++ b/kvm-hw-vfio-container-base.c-rename-file-to-container.c.patch
@@ -0,0 +1,50 @@
+From c02ac939008f965072aeeba93c540fcedbd85422 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:14 +0100
+Subject: [PATCH 056/116] hw/vfio/container-base.c: rename file to container.c
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [40/100] dfbd85fffb2e87d12dc0e426c5b7e054b02ab6a5 (rovick1/qemu-kvm)
+
+Rename the file to reflect the previous rename of VFIOContainerBase to
+VFIOContainer.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-7-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit dcce51b19385ea65ac6db295204716a9eb311fbf)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/{container-base.c => container.c} | 0
+ hw/vfio/meson.build | 2 +-
+ 2 files changed, 1 insertion(+), 1 deletion(-)
+ rename hw/vfio/{container-base.c => container.c} (100%)
+
+diff --git a/hw/vfio/container-base.c b/hw/vfio/container.c
+similarity index 100%
+rename from hw/vfio/container-base.c
+rename to hw/vfio/container.c
+diff --git a/hw/vfio/meson.build b/hw/vfio/meson.build
+index 62b7a7eaac..82f68698fb 100644
+--- a/hw/vfio/meson.build
++++ b/hw/vfio/meson.build
+@@ -3,7 +3,7 @@
+ vfio_ss = ss.source_set()
+ vfio_ss.add(files(
+ 'listener.c',
+- 'container-base.c',
++ 'container.c',
+ 'container-legacy.c',
+ 'helpers.c',
+ ))
+--
+2.52.0
+
diff --git a/kvm-hw-vfio-container.c-rename-file-to-container-legacy..patch b/kvm-hw-vfio-container.c-rename-file-to-container-legacy..patch
new file mode 100644
index 0000000..b77e643
--- /dev/null
+++ b/kvm-hw-vfio-container.c-rename-file-to-container-legacy..patch
@@ -0,0 +1,52 @@
+From 039f7c0cfeef7e5e7194d73659dad82bd1919443 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:13 +0100
+Subject: [PATCH 055/116] hw/vfio/container.c: rename file to
+ container-legacy.c
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [39/100] 6075f31c1e5d6bbb311f53e27578ba07da404e3e (rovick1/qemu-kvm)
+
+This file is mostly concerned with the VFIOLegacyContainer implementation so
+rename it to reflect the previous rename of VFIOContainer to
+VFIOLegacyContainer.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-6-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit a3bcae62b6a161dea4521f254f19c5a8551c28af)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/{container.c => container-legacy.c} | 0
+ hw/vfio/meson.build | 2 +-
+ 2 files changed, 1 insertion(+), 1 deletion(-)
+ rename hw/vfio/{container.c => container-legacy.c} (100%)
+
+diff --git a/hw/vfio/container.c b/hw/vfio/container-legacy.c
+similarity index 100%
+rename from hw/vfio/container.c
+rename to hw/vfio/container-legacy.c
+diff --git a/hw/vfio/meson.build b/hw/vfio/meson.build
+index d3ed3cb7ac..62b7a7eaac 100644
+--- a/hw/vfio/meson.build
++++ b/hw/vfio/meson.build
+@@ -4,7 +4,7 @@ vfio_ss = ss.source_set()
+ vfio_ss.add(files(
+ 'listener.c',
+ 'container-base.c',
+- 'container.c',
++ 'container-legacy.c',
+ 'helpers.c',
+ ))
+ vfio_ss.add(when: 'CONFIG_PSERIES', if_true: files('spapr.c'))
+--
+2.52.0
+
diff --git a/kvm-hw-vfio-container.c-use-QOM-casts-where-appropriate.patch b/kvm-hw-vfio-container.c-use-QOM-casts-where-appropriate.patch
new file mode 100644
index 0000000..be56647
--- /dev/null
+++ b/kvm-hw-vfio-container.c-use-QOM-casts-where-appropriate.patch
@@ -0,0 +1,157 @@
+From ba4501f8c8795401824e3c0dc52fe847d1518525 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:44 +0100
+Subject: [PATCH 032/116] hw/vfio/container.c: use QOM casts where appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [16/100] 3d3b2f56e36aae0e24b84ac733de5ac82c12ebf7 (rovick1/qemu-kvm)
+
+Use QOM casts to convert between VFIOContainer and VFIOContainerBase instead
+of accessing bcontainer directly.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-5-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 5947f69b63639b54f02db1727c559f8aae32d849)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/container.c | 31 +++++++++++++------------------
+ 1 file changed, 13 insertions(+), 18 deletions(-)
+
+diff --git a/hw/vfio/container.c b/hw/vfio/container.c
+index c1554c1fd1..860d1aebda 100644
+--- a/hw/vfio/container.c
++++ b/hw/vfio/container.c
+@@ -85,7 +85,7 @@ static int vfio_dma_unmap_bitmap(const VFIOContainer *container,
+ hwaddr iova, ram_addr_t size,
+ IOMMUTLBEntry *iotlb)
+ {
+- const VFIOContainerBase *bcontainer = &container->bcontainer;
++ const VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+ struct vfio_iommu_type1_dma_unmap *unmap;
+ struct vfio_bitmap *bitmap;
+ VFIOBitmap vbmap;
+@@ -138,8 +138,7 @@ static int vfio_legacy_dma_unmap_one(const VFIOContainerBase *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ IOMMUTLBEntry *iotlb)
+ {
+- const VFIOContainer *container = container_of(bcontainer, VFIOContainer,
+- bcontainer);
++ const VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ struct vfio_iommu_type1_dma_unmap unmap = {
+ .argsz = sizeof(unmap),
+ .flags = 0,
+@@ -227,8 +226,7 @@ static int vfio_legacy_dma_map(const VFIOContainerBase *bcontainer, hwaddr iova,
+ ram_addr_t size, void *vaddr, bool readonly,
+ MemoryRegion *mr)
+ {
+- const VFIOContainer *container = container_of(bcontainer, VFIOContainer,
+- bcontainer);
++ const VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ struct vfio_iommu_type1_dma_map map = {
+ .argsz = sizeof(map),
+ .flags = VFIO_DMA_MAP_FLAG_READ,
+@@ -260,8 +258,7 @@ static int
+ vfio_legacy_set_dirty_page_tracking(const VFIOContainerBase *bcontainer,
+ bool start, Error **errp)
+ {
+- const VFIOContainer *container = container_of(bcontainer, VFIOContainer,
+- bcontainer);
++ const VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ int ret;
+ struct vfio_iommu_type1_dirty_bitmap dirty = {
+ .argsz = sizeof(dirty),
+@@ -286,8 +283,7 @@ vfio_legacy_set_dirty_page_tracking(const VFIOContainerBase *bcontainer,
+ static int vfio_legacy_query_dirty_bitmap(const VFIOContainerBase *bcontainer,
+ VFIOBitmap *vbmap, hwaddr iova, hwaddr size, Error **errp)
+ {
+- const VFIOContainer *container = container_of(bcontainer, VFIOContainer,
+- bcontainer);
++ const VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ struct vfio_iommu_type1_dirty_bitmap *dbitmap;
+ struct vfio_iommu_type1_dirty_bitmap_get *range;
+ int ret;
+@@ -509,7 +505,7 @@ static void vfio_get_iommu_info_migration(VFIOContainer *container,
+ {
+ struct vfio_info_cap_header *hdr;
+ struct vfio_iommu_type1_info_cap_migration *cap_mig;
+- VFIOContainerBase *bcontainer = &container->bcontainer;
++ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+
+ hdr = vfio_get_iommu_info_cap(info, VFIO_IOMMU_TYPE1_INFO_CAP_MIGRATION);
+ if (!hdr) {
+@@ -532,8 +528,7 @@ static void vfio_get_iommu_info_migration(VFIOContainer *container,
+
+ static bool vfio_legacy_setup(VFIOContainerBase *bcontainer, Error **errp)
+ {
+- VFIOContainer *container = container_of(bcontainer, VFIOContainer,
+- bcontainer);
++ VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ g_autofree struct vfio_iommu_type1_info *info = NULL;
+ int ret;
+
+@@ -648,7 +643,7 @@ static bool vfio_container_connect(VFIOGroup *group, AddressSpace *as,
+
+ if (!cpr_is_incoming()) {
+ QLIST_FOREACH(bcontainer, &space->containers, next) {
+- container = container_of(bcontainer, VFIOContainer, bcontainer);
++ container = VFIO_IOMMU_LEGACY(bcontainer);
+ if (!ioctl(group->fd, VFIO_GROUP_SET_CONTAINER, &container->fd)) {
+ return vfio_container_group_add(container, group, errp);
+ }
+@@ -666,7 +661,7 @@ static bool vfio_container_connect(VFIOGroup *group, AddressSpace *as,
+ * create the container struct and group list.
+ */
+ QLIST_FOREACH(bcontainer, &space->containers, next) {
+- container = container_of(bcontainer, VFIOContainer, bcontainer);
++ container = VFIO_IOMMU_LEGACY(bcontainer);
+
+ if (vfio_cpr_container_match(container, group, fd)) {
+ return vfio_container_group_add(container, group, errp);
+@@ -686,7 +681,7 @@ static bool vfio_container_connect(VFIOGroup *group, AddressSpace *as,
+ goto fail;
+ }
+ new_container = true;
+- bcontainer = &container->bcontainer;
++ bcontainer = VFIO_IOMMU(container);
+
+ if (!vfio_legacy_cpr_register_container(container, errp)) {
+ goto fail;
+@@ -749,7 +744,7 @@ fail:
+ static void vfio_container_disconnect(VFIOGroup *group)
+ {
+ VFIOContainer *container = group->container;
+- VFIOContainerBase *bcontainer = &container->bcontainer;
++ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+
+ QLIST_REMOVE(group, container_next);
+@@ -795,7 +790,7 @@ static VFIOGroup *vfio_group_get(int groupid, AddressSpace *as, Error **errp)
+ QLIST_FOREACH(group, &vfio_group_list, next) {
+ if (group->groupid == groupid) {
+ /* Found it. Now is it already in the right context? */
+- if (group->container->bcontainer.space->as == as) {
++ if (VFIO_IOMMU(group->container)->space->as == as) {
+ return group;
+ } else {
+ error_setg(errp, "group %d used in multiple address spaces",
+@@ -909,7 +904,7 @@ static bool vfio_device_get(VFIOGroup *group, const char *name,
+ }
+ }
+
+- vfio_device_prepare(vbasedev, &group->container->bcontainer, info);
++ vfio_device_prepare(vbasedev, VFIO_IOMMU(group->container), info);
+
+ vbasedev->fd = fd;
+ vbasedev->group = group;
+--
+2.52.0
+
diff --git a/kvm-hw-vfio-cpr-legacy.c-use-QOM-casts-where-appropriate.patch b/kvm-hw-vfio-cpr-legacy.c-use-QOM-casts-where-appropriate.patch
new file mode 100644
index 0000000..830797c
--- /dev/null
+++ b/kvm-hw-vfio-cpr-legacy.c-use-QOM-casts-where-appropriate.patch
@@ -0,0 +1,92 @@
+From 2e971be1abd843adc6b2c44319fcbcfd449fbcdc Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:43 +0100
+Subject: [PATCH 031/116] hw/vfio/cpr-legacy.c: use QOM casts where appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [15/100] 370450fb93e7f95c8c47bfce6dbe3842e5278f17 (rovick1/qemu-kvm)
+
+Use QOM casts to convert between VFIOContainer and VFIOContainerBase instead
+of accessing bcontainer directly.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: Steve Sistare <steven.sistare@oracle.com>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-4-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 5255ba39b16539bd4b28a961d196812af1684c02)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/cpr-legacy.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c
+index 553b203e9b..8f437194fa 100644
+--- a/hw/vfio/cpr-legacy.c
++++ b/hw/vfio/cpr-legacy.c
+@@ -41,8 +41,8 @@ static int vfio_legacy_cpr_dma_map(const VFIOContainerBase *bcontainer,
+ hwaddr iova, ram_addr_t size, void *vaddr,
+ bool readonly, MemoryRegion *mr)
+ {
+- const VFIOContainer *container = container_of(bcontainer, VFIOContainer,
+- bcontainer);
++ const VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
++
+ struct vfio_iommu_type1_dma_map map = {
+ .argsz = sizeof(map),
+ .flags = VFIO_DMA_MAP_FLAG_VADDR,
+@@ -65,7 +65,7 @@ static void vfio_region_remap(MemoryListener *listener,
+ {
+ VFIOContainer *container = container_of(listener, VFIOContainer,
+ cpr.remap_listener);
+- vfio_container_region_add(&container->bcontainer, section, true);
++ vfio_container_region_add(VFIO_IOMMU(container), section, true);
+ }
+
+ static bool vfio_cpr_supported(VFIOContainer *container, Error **errp)
+@@ -98,7 +98,7 @@ static int vfio_container_pre_save(void *opaque)
+ static int vfio_container_post_load(void *opaque, int version_id)
+ {
+ VFIOContainer *container = opaque;
+- VFIOContainerBase *bcontainer = &container->bcontainer;
++ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+ dma_map_fn saved_dma_map = vioc->dma_map;
+ Error *local_err = NULL;
+@@ -135,7 +135,7 @@ static int vfio_cpr_fail_notifier(NotifierWithReturn *notifier,
+ {
+ VFIOContainer *container =
+ container_of(notifier, VFIOContainer, cpr.transfer_notifier);
+- VFIOContainerBase *bcontainer = &container->bcontainer;
++ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+
+ if (e->type != MIG_EVENT_PRECOPY_FAILED) {
+ return 0;
+@@ -167,7 +167,7 @@ static int vfio_cpr_fail_notifier(NotifierWithReturn *notifier,
+
+ bool vfio_legacy_cpr_register_container(VFIOContainer *container, Error **errp)
+ {
+- VFIOContainerBase *bcontainer = &container->bcontainer;
++ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+ Error **cpr_blocker = &container->cpr.blocker;
+
+ migration_add_notifier_mode(&bcontainer->cpr_reboot_notifier,
+@@ -191,7 +191,7 @@ bool vfio_legacy_cpr_register_container(VFIOContainer *container, Error **errp)
+
+ void vfio_legacy_cpr_unregister_container(VFIOContainer *container)
+ {
+- VFIOContainerBase *bcontainer = &container->bcontainer;
++ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+
+ migration_remove_notifier(&bcontainer->cpr_reboot_notifier);
+ migrate_del_blocker(&container->cpr.blocker);
+--
+2.52.0
+
diff --git a/kvm-hw-vfio-listener-Include-missing-exec-target_page.h-.patch b/kvm-hw-vfio-listener-Include-missing-exec-target_page.h-.patch
new file mode 100644
index 0000000..d6c13a3
--- /dev/null
+++ b/kvm-hw-vfio-listener-Include-missing-exec-target_page.h-.patch
@@ -0,0 +1,50 @@
+From 411f31528a9ae2a04914634b5bf412ccc40e49f7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Wed, 1 Oct 2025 09:56:41 +0200
+Subject: [PATCH 096/116] hw/vfio/listener: Include missing
+ 'exec/target_page.h' header
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [80/100] 3343efdd3a369dd5dcd7ae2102ff68fc55e88f22 (rovick1/qemu-kvm)
+
+The "exec/target_page.h" header is indirectly pulled from
+"system/ram_addr.h". Include it explicitly, in order to
+avoid unrelated issues when refactoring "system/ram_addr.h":
+
+ hw/vfio/listener.c: In function ‘vfio_ram_discard_register_listener’:
+ hw/vfio/listener.c:258:28: error: implicit declaration of function ‘qemu_target_page_size’; did you mean ‘qemu_ram_pagesize’?
+ 258 | int target_page_size = qemu_target_page_size();
+ | ^~~~~~~~~~~~~~~~~~~~~
+
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Message-Id: <20251001175448.18933-5-philmd@linaro.org>
+(cherry picked from commit edd1f91d38dfc341cac02529fcd315609e959763)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/listener.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/vfio/listener.c b/hw/vfio/listener.c
+index a2c19a3cec..b5cefc9395 100644
+--- a/hw/vfio/listener.c
++++ b/hw/vfio/listener.c
+@@ -25,6 +25,7 @@
+ #endif
+ #include <linux/vfio.h>
+
++#include "exec/target_page.h"
+ #include "hw/vfio/vfio-device.h"
+ #include "hw/vfio/pci.h"
+ #include "system/address-spaces.h"
+--
+2.52.0
+
diff --git a/kvm-hw-vfio-region-Create-dmabuf-for-PCI-BAR-per-region.patch b/kvm-hw-vfio-region-Create-dmabuf-for-PCI-BAR-per-region.patch
new file mode 100644
index 0000000..88bc266
--- /dev/null
+++ b/kvm-hw-vfio-region-Create-dmabuf-for-PCI-BAR-per-region.patch
@@ -0,0 +1,152 @@
+From b414b8f5cae43b89c7915ba10f0a3c970aacd1fd Mon Sep 17 00:00:00 2001
+From: Nicolin Chen <nicolinc@nvidia.com>
+Date: Wed, 21 Jan 2026 11:41:11 +0000
+Subject: [PATCH 116/116] hw/vfio/region: Create dmabuf for PCI BAR per region
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [100/100] 6be849602d64e38f7ccb3f3f89f33dae804ae494 (rovick1/qemu-kvm)
+
+Linux now provides a VFIO dmabuf exporter to expose PCI BAR memory for P2P
+use cases. Create a dmabuf for each mapped BAR region after the mmap is set
+up, and store the returned fd in the region’s RAMBlock. This allows QEMU to
+pass the fd to dma_map_file(), enabling iommufd to import the dmabuf and map
+the BAR correctly in the host IOMMU page table.
+
+If the kernel lacks support or dmabuf setup fails, QEMU skips the setup
+and continues with normal mmap handling.
+
+Tested-by: Nicolin Chen <nicolinc@nvidia.com>
+Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
+Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com>
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Tested-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20260121114111.34045-4-skolothumtho@nvidia.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 8cfaf22668c7a9ed79f8b8f0910a2f69b4cfaae6)
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+---
+ hw/vfio/region.c | 65 +++++++++++++++++++++++++++++++++++++++++++-
+ hw/vfio/trace-events | 1 +
+ 2 files changed, 65 insertions(+), 1 deletion(-)
+
+diff --git a/hw/vfio/region.c b/hw/vfio/region.c
+index b165ab0b93..1deaef12fd 100644
+--- a/hw/vfio/region.c
++++ b/hw/vfio/region.c
+@@ -29,6 +29,7 @@
+ #include "qemu/error-report.h"
+ #include "qemu/units.h"
+ #include "monitor/monitor.h"
++#include "system/ramblock.h"
+ #include "vfio-helpers.h"
+
+ /*
+@@ -238,13 +239,71 @@ static void vfio_subregion_unmap(VFIORegion *region, int index)
+ region->mmaps[index].mmap = NULL;
+ }
+
++static bool vfio_region_create_dma_buf(VFIORegion *region, Error **errp)
++{
++ g_autofree struct vfio_device_feature *feature = NULL;
++ VFIODevice *vbasedev = region->vbasedev;
++ struct vfio_device_feature_dma_buf *dma_buf;
++ size_t total_size;
++ int i, ret;
++
++ total_size = sizeof(*feature) + sizeof(*dma_buf) +
++ sizeof(struct vfio_region_dma_range) * region->nr_mmaps;
++ feature = g_malloc0(total_size);
++ *feature = (struct vfio_device_feature) {
++ .argsz = total_size,
++ .flags = VFIO_DEVICE_FEATURE_GET | VFIO_DEVICE_FEATURE_DMA_BUF,
++ };
++
++ dma_buf = (void *)feature->data;
++ *dma_buf = (struct vfio_device_feature_dma_buf) {
++ .region_index = region->nr,
++ .open_flags = O_RDWR,
++ .nr_ranges = region->nr_mmaps,
++ };
++
++ for (i = 0; i < region->nr_mmaps; i++) {
++ dma_buf->dma_ranges[i].offset = region->mmaps[i].offset;
++ dma_buf->dma_ranges[i].length = region->mmaps[i].size;
++ }
++
++ ret = vfio_device_get_feature(vbasedev, feature);
++ if (ret < 0) {
++ if (ret == -ENOTTY) {
++ warn_report_once("VFIO dma-buf not supported in kernel: "
++ "PCI BAR IOMMU mappings may fail");
++ return true;
++ }
++ /* P2P DMA or exposing device memory use cases are not supported. */
++ error_setg_errno(errp, -ret, "%s: failed to create dma-buf: "
++ "PCI BAR IOMMU mappings may fail",
++ memory_region_name(region->mem));
++ return false;
++ }
++
++ /* Assign the dmabuf fd to associated RAMBlock */
++ for (i = 0; i < region->nr_mmaps; i++) {
++ MemoryRegion *mr = ®ion->mmaps[i].mem;
++ RAMBlock *ram_block = mr->ram_block;
++
++ ram_block->fd = ret;
++ ram_block->fd_offset = region->mmaps[i].offset;
++ trace_vfio_region_dmabuf(region->vbasedev->name, ret, region->nr,
++ memory_region_name(region->mem),
++ region->mmaps[i].offset,
++ region->mmaps[i].size);
++ }
++ return true;
++}
++
+ int vfio_region_mmap(VFIORegion *region)
+ {
+ int i, ret, prot = 0;
++ Error *local_err = NULL;
+ char *name;
+ int fd;
+
+- if (!region->mem) {
++ if (!region->mem || !region->nr_mmaps) {
+ return 0;
+ }
+
+@@ -305,6 +364,10 @@ int vfio_region_mmap(VFIORegion *region)
+ region->mmaps[i].size - 1);
+ }
+
++ if (!vfio_region_create_dma_buf(region, &local_err)) {
++ error_report_err(local_err);
++ }
++
+ return 0;
+
+ no_mmap:
+diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events
+index 1e895448cd..592a0349d4 100644
+--- a/hw/vfio/trace-events
++++ b/hw/vfio/trace-events
+@@ -117,6 +117,7 @@ vfio_device_put(int fd) "close vdev->fd=%d"
+ vfio_region_write(const char *name, int index, uint64_t addr, uint64_t data, unsigned size) " (%s:region%d+0x%"PRIx64", 0x%"PRIx64 ", %d)"
+ vfio_region_read(char *name, int index, uint64_t addr, unsigned size, uint64_t data) " (%s:region%d+0x%"PRIx64", %d) = 0x%"PRIx64
+ vfio_region_setup(const char *dev, int index, const char *name, unsigned long flags, unsigned long offset, unsigned long size) "Device %s, region %d \"%s\", flags: 0x%lx, offset: 0x%lx, size: 0x%lx"
++vfio_region_dmabuf(const char *dev, int fd, int index, const char *name, unsigned long offset, unsigned long size) "Device %s, dmabuf fd %d region %d \"%s\", offset: 0x%lx, size: 0x%lx"
+ vfio_region_mmap_fault(const char *name, int index, unsigned long offset, unsigned long size, int fault) "Region %s mmaps[%d], [0x%lx - 0x%lx], fault: %d"
+ vfio_region_mmap(const char *name, unsigned long offset, unsigned long end) "Region %s [0x%lx - 0x%lx]"
+ vfio_region_exit(const char *name, int index) "Device %s, region %d"
+--
+2.52.0
+
diff --git a/kvm-hw-vfio-types.h-rename-TYPE_VFIO_PCI_BASE-to-TYPE_VF.patch b/kvm-hw-vfio-types.h-rename-TYPE_VFIO_PCI_BASE-to-TYPE_VF.patch
new file mode 100644
index 0000000..faeecc1
--- /dev/null
+++ b/kvm-hw-vfio-types.h-rename-TYPE_VFIO_PCI_BASE-to-TYPE_VF.patch
@@ -0,0 +1,337 @@
+From ea749e5fe5c3337af25560b5c36476c611a6420a Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:24 +0100
+Subject: [PATCH 067/116] hw/vfio/types.h: rename TYPE_VFIO_PCI_BASE to
+ TYPE_VFIO_PCI_DEVICE
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [51/100] 4690d24398c7169d39d8254012faaf8576bb10e9 (rovick1/qemu-kvm)
+
+This brings the QOM type name in line with the underlying VFIOPCIDevice structure.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-17-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit af2a8bfb3cd38cceb39a152ff33c7daa4c81c506)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/s390x/s390-pci-vfio.c | 14 +++++++-------
+ hw/vfio-user/pci.c | 13 +++++++------
+ hw/vfio/device.c | 2 +-
+ hw/vfio/pci.c | 28 ++++++++++++++--------------
+ hw/vfio/pci.h | 2 +-
+ hw/vfio/types.h | 4 ++--
+ 6 files changed, 32 insertions(+), 31 deletions(-)
+
+diff --git a/hw/s390x/s390-pci-vfio.c b/hw/s390x/s390-pci-vfio.c
+index 7760780aff..9e31029d7a 100644
+--- a/hw/s390x/s390-pci-vfio.c
++++ b/hw/s390x/s390-pci-vfio.c
+@@ -62,7 +62,7 @@ S390PCIDMACount *s390_pci_start_dma_count(S390pciState *s,
+ {
+ S390PCIDMACount *cnt;
+ uint32_t avail;
+- VFIOPCIDevice *vpdev = VFIO_PCI_BASE(pbdev->pdev);
++ VFIOPCIDevice *vpdev = VFIO_PCI_DEVICE(pbdev->pdev);
+ int id;
+
+ assert(vpdev);
+@@ -108,7 +108,7 @@ static void s390_pci_read_base(S390PCIBusDevice *pbdev,
+ {
+ struct vfio_info_cap_header *hdr;
+ struct vfio_device_info_cap_zpci_base *cap;
+- VFIOPCIDevice *vpci = VFIO_PCI_BASE(pbdev->pdev);
++ VFIOPCIDevice *vpci = VFIO_PCI_DEVICE(pbdev->pdev);
+ uint64_t vfio_size;
+
+ hdr = vfio_get_device_info_cap(info, VFIO_DEVICE_INFO_CAP_ZPCI_BASE);
+@@ -162,7 +162,7 @@ static bool get_host_fh(S390PCIBusDevice *pbdev, struct vfio_device_info *info,
+ {
+ struct vfio_info_cap_header *hdr;
+ struct vfio_device_info_cap_zpci_base *cap;
+- VFIOPCIDevice *vpci = VFIO_PCI_BASE(pbdev->pdev);
++ VFIOPCIDevice *vpci = VFIO_PCI_DEVICE(pbdev->pdev);
+
+ hdr = vfio_get_device_info_cap(info, VFIO_DEVICE_INFO_CAP_ZPCI_BASE);
+
+@@ -185,7 +185,7 @@ static void s390_pci_read_group(S390PCIBusDevice *pbdev,
+ struct vfio_device_info_cap_zpci_group *cap;
+ S390pciState *s = s390_get_phb();
+ ClpRspQueryPciGrp *resgrp;
+- VFIOPCIDevice *vpci = VFIO_PCI_BASE(pbdev->pdev);
++ VFIOPCIDevice *vpci = VFIO_PCI_DEVICE(pbdev->pdev);
+ uint8_t start_gid = pbdev->zpci_fn.pfgid;
+
+ hdr = vfio_get_device_info_cap(info, VFIO_DEVICE_INFO_CAP_ZPCI_GROUP);
+@@ -264,7 +264,7 @@ static void s390_pci_read_util(S390PCIBusDevice *pbdev,
+ {
+ struct vfio_info_cap_header *hdr;
+ struct vfio_device_info_cap_zpci_util *cap;
+- VFIOPCIDevice *vpci = VFIO_PCI_BASE(pbdev->pdev);
++ VFIOPCIDevice *vpci = VFIO_PCI_DEVICE(pbdev->pdev);
+
+ hdr = vfio_get_device_info_cap(info, VFIO_DEVICE_INFO_CAP_ZPCI_UTIL);
+
+@@ -291,7 +291,7 @@ static void s390_pci_read_pfip(S390PCIBusDevice *pbdev,
+ {
+ struct vfio_info_cap_header *hdr;
+ struct vfio_device_info_cap_zpci_pfip *cap;
+- VFIOPCIDevice *vpci = VFIO_PCI_BASE(pbdev->pdev);
++ VFIOPCIDevice *vpci = VFIO_PCI_DEVICE(pbdev->pdev);
+
+ hdr = vfio_get_device_info_cap(info, VFIO_DEVICE_INFO_CAP_ZPCI_PFIP);
+
+@@ -314,7 +314,7 @@ static void s390_pci_read_pfip(S390PCIBusDevice *pbdev,
+
+ static struct vfio_device_info *get_device_info(S390PCIBusDevice *pbdev)
+ {
+- VFIOPCIDevice *vfio_pci = VFIO_PCI_BASE(pbdev->pdev);
++ VFIOPCIDevice *vfio_pci = VFIO_PCI_DEVICE(pbdev->pdev);
+
+ return vfio_get_device_info(vfio_pci->vbasedev.fd);
+ }
+diff --git a/hw/vfio-user/pci.c b/hw/vfio-user/pci.c
+index e2c309784f..efceae69de 100644
+--- a/hw/vfio-user/pci.c
++++ b/hw/vfio-user/pci.c
+@@ -234,9 +234,10 @@ static void vfio_user_pci_realize(PCIDevice *pdev, Error **errp)
+ {
+ ERRP_GUARD();
+ VFIOUserPCIDevice *udev = VFIO_USER_PCI(pdev);
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(pdev);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(pdev);
+ VFIODevice *vbasedev = &vdev->vbasedev;
+ const char *sock_name;
++
+ AddressSpace *as;
+ SocketAddress addr;
+ VFIOUserProxy *proxy;
+@@ -346,7 +347,7 @@ error:
+ static void vfio_user_instance_init(Object *obj)
+ {
+ PCIDevice *pci_dev = PCI_DEVICE(obj);
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(obj);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(obj);
+ VFIODevice *vbasedev = &vdev->vbasedev;
+
+ device_add_bootindex_property(obj, &vdev->bootindex,
+@@ -371,7 +372,7 @@ static void vfio_user_instance_init(Object *obj)
+
+ static void vfio_user_instance_finalize(Object *obj)
+ {
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(obj);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(obj);
+ VFIODevice *vbasedev = &vdev->vbasedev;
+
+ if (vdev->msix != NULL) {
+@@ -387,7 +388,7 @@ static void vfio_user_instance_finalize(Object *obj)
+
+ static void vfio_user_pci_reset(DeviceState *dev)
+ {
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(dev);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(dev);
+ VFIODevice *vbasedev = &vdev->vbasedev;
+
+ vfio_pci_pre_reset(vdev);
+@@ -421,7 +422,7 @@ static void vfio_user_pci_set_socket(Object *obj, Visitor *v, const char *name,
+ VFIOUserPCIDevice *udev = VFIO_USER_PCI(obj);
+ bool success;
+
+- if (VFIO_PCI_BASE(udev)->vbasedev.proxy) {
++ if (VFIO_PCI_DEVICE(udev)->vbasedev.proxy) {
+ error_setg(errp, "Proxy is connected");
+ return;
+ }
+@@ -464,7 +465,7 @@ static void vfio_user_pci_dev_class_init(ObjectClass *klass, const void *data)
+
+ static const TypeInfo vfio_user_pci_dev_info = {
+ .name = TYPE_VFIO_USER_PCI,
+- .parent = TYPE_VFIO_PCI_BASE,
++ .parent = TYPE_VFIO_PCI_DEVICE,
+ .instance_size = sizeof(VFIOUserPCIDevice),
+ .class_init = vfio_user_pci_dev_class_init,
+ .instance_init = vfio_user_instance_init,
+diff --git a/hw/vfio/device.c b/hw/vfio/device.c
+index 931a949c08..8b63e765ac 100644
+--- a/hw/vfio/device.c
++++ b/hw/vfio/device.c
+@@ -434,7 +434,7 @@ bool vfio_device_hiod_create_and_realize(VFIODevice *vbasedev,
+ VFIODevice *vfio_get_vfio_device(Object *obj)
+ {
+ if (object_dynamic_cast(obj, TYPE_VFIO_PCI)) {
+- return &VFIO_PCI_BASE(obj)->vbasedev;
++ return &VFIO_PCI_DEVICE(obj)->vbasedev;
+ } else {
+ return NULL;
+ }
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index fd8d8f7e32..937283bcc6 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -308,7 +308,7 @@ static void vfio_intx_update(VFIOPCIDevice *vdev, PCIINTxRoute *route)
+
+ static void vfio_intx_routing_notifier(PCIDevice *pdev)
+ {
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(pdev);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(pdev);
+ PCIINTxRoute route;
+
+ if (vdev->interrupt != VFIO_INT_INTx) {
+@@ -663,7 +663,7 @@ void vfio_pci_vector_init(VFIOPCIDevice *vdev, int nr)
+ static int vfio_msix_vector_do_use(PCIDevice *pdev, unsigned int nr,
+ MSIMessage *msg, IOHandler *handler)
+ {
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(pdev);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(pdev);
+ VFIOMSIVector *vector;
+ int ret;
+ bool resizing = !!(vdev->nr_vectors < nr + 1);
+@@ -758,7 +758,7 @@ static int vfio_msix_vector_use(PCIDevice *pdev,
+
+ static void vfio_msix_vector_release(PCIDevice *pdev, unsigned int nr)
+ {
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(pdev);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(pdev);
+ VFIOMSIVector *vector = &vdev->msi_vectors[nr];
+
+ trace_vfio_msix_vector_release(vdev->vbasedev.name, nr);
+@@ -1349,7 +1349,7 @@ static const MemoryRegionOps vfio_vga_ops = {
+ */
+ static void vfio_sub_page_bar_update_mapping(PCIDevice *pdev, int bar)
+ {
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(pdev);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(pdev);
+ VFIORegion *region = &vdev->bars[bar].region;
+ MemoryRegion *mmap_mr, *region_mr, *base_mr;
+ PCIIORegion *r;
+@@ -1395,7 +1395,7 @@ static void vfio_sub_page_bar_update_mapping(PCIDevice *pdev, int bar)
+ */
+ uint32_t vfio_pci_read_config(PCIDevice *pdev, uint32_t addr, int len)
+ {
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(pdev);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(pdev);
+ VFIODevice *vbasedev = &vdev->vbasedev;
+ uint32_t emu_bits = 0, emu_val = 0, phys_val = 0, val;
+
+@@ -1429,7 +1429,7 @@ uint32_t vfio_pci_read_config(PCIDevice *pdev, uint32_t addr, int len)
+ void vfio_pci_write_config(PCIDevice *pdev,
+ uint32_t addr, uint32_t val, int len)
+ {
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(pdev);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(pdev);
+ VFIODevice *vbasedev = &vdev->vbasedev;
+ uint32_t val_le = cpu_to_le32(val);
+ int ret;
+@@ -3395,7 +3395,7 @@ bool vfio_pci_interrupt_setup(VFIOPCIDevice *vdev, Error **errp)
+ static void vfio_pci_realize(PCIDevice *pdev, Error **errp)
+ {
+ ERRP_GUARD();
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(pdev);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(pdev);
+ VFIODevice *vbasedev = &vdev->vbasedev;
+ int i;
+ char uuid[UUID_STR_LEN];
+@@ -3570,14 +3570,14 @@ error:
+
+ static void vfio_pci_finalize(Object *obj)
+ {
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(obj);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(obj);
+
+ vfio_pci_put_device(vdev);
+ }
+
+ static void vfio_exitfn(PCIDevice *pdev)
+ {
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(pdev);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(pdev);
+ VFIODevice *vbasedev = &vdev->vbasedev;
+
+ vfio_unregister_req_notifier(vdev);
+@@ -3601,7 +3601,7 @@ static void vfio_exitfn(PCIDevice *pdev)
+
+ static void vfio_pci_reset(DeviceState *dev)
+ {
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(dev);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(dev);
+
+ /* Do not reset the device during qemu_system_reset prior to cpr load */
+ if (cpr_is_incoming()) {
+@@ -3646,7 +3646,7 @@ post_reset:
+ static void vfio_pci_init(Object *obj)
+ {
+ PCIDevice *pci_dev = PCI_DEVICE(obj);
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(obj);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(obj);
+ VFIODevice *vbasedev = &vdev->vbasedev;
+
+ device_add_bootindex_property(obj, &vdev->bootindex,
+@@ -3687,7 +3687,7 @@ static void vfio_pci_base_dev_class_init(ObjectClass *klass, const void *data)
+ }
+
+ static const TypeInfo vfio_pci_base_dev_info = {
+- .name = TYPE_VFIO_PCI_BASE,
++ .name = TYPE_VFIO_PCI_DEVICE,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(VFIOPCIDevice),
+ .abstract = true,
+@@ -3780,7 +3780,7 @@ static const Property vfio_pci_dev_properties[] = {
+ #ifdef CONFIG_IOMMUFD
+ static void vfio_pci_set_fd(Object *obj, const char *str, Error **errp)
+ {
+- VFIOPCIDevice *vdev = VFIO_PCI_BASE(obj);
++ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(obj);
+ vfio_device_set_fd(&vdev->vbasedev, str, errp);
+ }
+ #endif
+@@ -3936,7 +3936,7 @@ static void vfio_pci_class_init(ObjectClass *klass, const void *data)
+
+ static const TypeInfo vfio_pci_info = {
+ .name = TYPE_VFIO_PCI,
+- .parent = TYPE_VFIO_PCI_BASE,
++ .parent = TYPE_VFIO_PCI_DEVICE,
+ .class_init = vfio_pci_class_init,
+ .instance_init = vfio_pci_init,
+ .instance_finalize = vfio_pci_finalize,
+diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
+index dd419f9147..975836945a 100644
+--- a/hw/vfio/pci.h
++++ b/hw/vfio/pci.h
+@@ -120,7 +120,7 @@ typedef struct VFIOMSIXInfo {
+ MemoryRegion *pba_region;
+ } VFIOMSIXInfo;
+
+-OBJECT_DECLARE_SIMPLE_TYPE(VFIOPCIDevice, VFIO_PCI_BASE)
++OBJECT_DECLARE_SIMPLE_TYPE(VFIOPCIDevice, VFIO_PCI_DEVICE)
+
+ struct VFIOPCIDevice {
+ PCIDevice parent_obj;
+diff --git a/hw/vfio/types.h b/hw/vfio/types.h
+index c19334ff25..5482d90808 100644
+--- a/hw/vfio/types.h
++++ b/hw/vfio/types.h
+@@ -9,11 +9,11 @@
+ #define HW_VFIO_VFIO_TYPES_H
+
+ /*
+- * TYPE_VFIO_PCI_BASE is an abstract type used to share code
++ * TYPE_VFIO_PCI_DEVICE is an abstract type used to share code
+ * between VFIO implementations that use a kernel driver
+ * with those that use user sockets.
+ */
+-#define TYPE_VFIO_PCI_BASE "vfio-pci-base"
++#define TYPE_VFIO_PCI_DEVICE "vfio-pci-device"
+
+ #define TYPE_VFIO_PCI "vfio-pci"
+ /* TYPE_VFIO_PCI shares struct VFIOPCIDevice. */
+--
+2.52.0
+
diff --git a/kvm-hw-vfio-user-add-x-pci-class-code.patch b/kvm-hw-vfio-user-add-x-pci-class-code.patch
new file mode 100644
index 0000000..ac3378a
--- /dev/null
+++ b/kvm-hw-vfio-user-add-x-pci-class-code.patch
@@ -0,0 +1,45 @@
+From f1d0896d9b0b7742ea5a9803c1eeb14b558b29bd Mon Sep 17 00:00:00 2001
+From: John Levon <john.levon@nutanix.com>
+Date: Wed, 27 Aug 2025 20:08:10 +0100
+Subject: [PATCH 027/116] hw/vfio-user: add x-pci-class-code
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [11/100] 2adb19c08b826a8db8665a47524fe813e8f91af1 (rovick1/qemu-kvm)
+
+This new option was not added to vfio_user_pci_dev_properties, which
+caused an incorrect class code for vfio-user devices.
+
+Fixes: a59d06305fff ("vfio/pci: Introduce x-pci-class-code option")
+Signed-off-by: John Levon <john.levon@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250827190810.1645340-1-john.levon@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 1b50621881241ac5bc75ae7f8aa4c278ada8a668)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/pci.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/hw/vfio-user/pci.c b/hw/vfio-user/pci.c
+index be71c77729..dfaa89498d 100644
+--- a/hw/vfio-user/pci.c
++++ b/hw/vfio-user/pci.c
+@@ -406,6 +406,8 @@ static const Property vfio_user_pci_dev_properties[] = {
+ sub_vendor_id, PCI_ANY_ID),
+ DEFINE_PROP_UINT32("x-pci-sub-device-id", VFIOPCIDevice,
+ sub_device_id, PCI_ANY_ID),
++ DEFINE_PROP_UINT32("x-pci-class-code", VFIOPCIDevice,
++ class_code, PCI_ANY_ID),
+ DEFINE_PROP_BOOL("x-send-queued", VFIOUserPCIDevice, send_queued, false),
+ DEFINE_PROP_UINT32("x-msg-timeout", VFIOUserPCIDevice, wait_time, 5000),
+ DEFINE_PROP_BOOL("x-no-posted-writes", VFIOUserPCIDevice, no_post, false),
+--
+2.52.0
+
diff --git a/kvm-include-hw-hyperv-Remove-unused-struct-mshv_vp_regis.patch b/kvm-include-hw-hyperv-Remove-unused-struct-mshv_vp_regis.patch
new file mode 100644
index 0000000..8697483
--- /dev/null
+++ b/kvm-include-hw-hyperv-Remove-unused-struct-mshv_vp_regis.patch
@@ -0,0 +1,54 @@
+From 065c3fd90a5ee90d1ccd02e71c5eb2b2ac714912 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com>
+Date: Thu, 8 Jan 2026 19:50:12 +0100
+Subject: [PATCH 112/116] include/hw/hyperv: Remove unused 'struct
+ mshv_vp_registers' definition
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [96/100] eb6aa396d9565bc13a0ace5a2b20a845a2444a91 (rovick1/qemu-kvm)
+
+The 'struct mshv_vp_registers' definition in hvgdk_mini.h is unused in
+QEMU and conflicts with the canonical definition in
+linux-headers/linux/mshv.h.
+
+Remove the duplicate definition to avoid build conflicts when the Linux
+headers are updated.
+
+Cc: Magnus Kulke <magnuskulke@linux.microsoft.com>
+Reviewed-by: Magnus Kulke <magnuskulke@linux.microsoft.com>
+Link: https://lore.kernel.org/qemu-devel/20260108185012.2568277-1-clg@redhat.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit ec7109999af691d84e8d2b518d7a4f30d8fa6d62)
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+---
+ include/hw/hyperv/hvgdk_mini.h | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/include/hw/hyperv/hvgdk_mini.h b/include/hw/hyperv/hvgdk_mini.h
+index d89315f545..cb52cc9de2 100644
+--- a/include/hw/hyperv/hvgdk_mini.h
++++ b/include/hw/hyperv/hvgdk_mini.h
+@@ -450,13 +450,6 @@ typedef struct hv_input_set_vp_registers {
+ struct hv_register_assoc elements[];
+ } hv_input_set_vp_registers;
+
+-#define MSHV_VP_MAX_REGISTERS 128
+-
+-struct mshv_vp_registers {
+- int count; /* at most MSHV_VP_MAX_REGISTERS */
+- struct hv_register_assoc *regs;
+-};
+-
+ union hv_interrupt_control {
+ uint64_t as_uint64;
+ struct {
+--
+2.52.0
+
diff --git a/kvm-include-hw-vfio-vfio-container-base.h-rename-VFIOCon.patch b/kvm-include-hw-vfio-vfio-container-base.h-rename-VFIOCon.patch
new file mode 100644
index 0000000..33cd5ff
--- /dev/null
+++ b/kvm-include-hw-vfio-vfio-container-base.h-rename-VFIOCon.patch
@@ -0,0 +1,1268 @@
+From 715642e841794c46267e4744844ba44eadb8f1fc Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:10 +0100
+Subject: [PATCH 052/116] include/hw/vfio/vfio-container-base.h: rename
+ VFIOContainerBase to VFIOContainer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [36/100] 9ba07faa3dbb2895de68213696b504c346967f70 (rovick1/qemu-kvm)
+
+Now that the VFIOContainer struct name is available, rename VFIOContainerBase
+to VFIOContainer to better indicate that it is the superclass of other
+VFIOFooContainer structs.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-3-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit e2e269d580947fe9b1b5735c8cb659277ac67996)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/ppc/spapr_pci_vfio.c | 2 +-
+ hw/vfio-user/container.c | 18 +++----
+ hw/vfio-user/container.h | 2 +-
+ hw/vfio/container-base.c | 41 ++++++++-------
+ hw/vfio/container.c | 22 ++++----
+ hw/vfio/cpr-iommufd.c | 4 +-
+ hw/vfio/cpr-legacy.c | 14 ++---
+ hw/vfio/device.c | 2 +-
+ hw/vfio/iommufd.c | 18 +++----
+ hw/vfio/listener.c | 74 +++++++++++++-------------
+ hw/vfio/spapr.c | 12 ++---
+ hw/vfio/vfio-iommufd.h | 2 +-
+ hw/vfio/vfio-listener.h | 4 +-
+ include/hw/vfio/vfio-container-base.h | 76 +++++++++++++--------------
+ include/hw/vfio/vfio-container.h | 2 +-
+ include/hw/vfio/vfio-cpr.h | 8 +--
+ include/hw/vfio/vfio-device.h | 4 +-
+ 17 files changed, 154 insertions(+), 151 deletions(-)
+
+diff --git a/hw/ppc/spapr_pci_vfio.c b/hw/ppc/spapr_pci_vfio.c
+index b658eb372c..48fa98c199 100644
+--- a/hw/ppc/spapr_pci_vfio.c
++++ b/hw/ppc/spapr_pci_vfio.c
+@@ -86,7 +86,7 @@ static int vfio_eeh_container_op(VFIOLegacyContainer *container, uint32_t op)
+ static VFIOLegacyContainer *vfio_eeh_as_container(AddressSpace *as)
+ {
+ VFIOAddressSpace *space = vfio_address_space_get(as);
+- VFIOContainerBase *bcontainer = NULL;
++ VFIOContainer *bcontainer = NULL;
+
+ if (QLIST_EMPTY(&space->containers)) {
+ /* No containers to act on */
+diff --git a/hw/vfio-user/container.c b/hw/vfio-user/container.c
+index 3cdbd44c1a..411eb7b28b 100644
+--- a/hw/vfio-user/container.c
++++ b/hw/vfio-user/container.c
+@@ -22,14 +22,14 @@
+ * will fire during memory update transactions. These depend on BQL being held,
+ * so do any resulting map/demap ops async while keeping BQL.
+ */
+-static void vfio_user_listener_begin(VFIOContainerBase *bcontainer)
++static void vfio_user_listener_begin(VFIOContainer *bcontainer)
+ {
+ VFIOUserContainer *container = VFIO_IOMMU_USER(bcontainer);
+
+ container->proxy->async_ops = true;
+ }
+
+-static void vfio_user_listener_commit(VFIOContainerBase *bcontainer)
++static void vfio_user_listener_commit(VFIOContainer *bcontainer)
+ {
+ VFIOUserContainer *container = VFIO_IOMMU_USER(bcontainer);
+
+@@ -38,7 +38,7 @@ static void vfio_user_listener_commit(VFIOContainerBase *bcontainer)
+ vfio_user_wait_reqs(container->proxy);
+ }
+
+-static int vfio_user_dma_unmap(const VFIOContainerBase *bcontainer,
++static int vfio_user_dma_unmap(const VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all)
+ {
+@@ -80,7 +80,7 @@ static int vfio_user_dma_unmap(const VFIOContainerBase *bcontainer,
+ return ret;
+ }
+
+-static int vfio_user_dma_map(const VFIOContainerBase *bcontainer, hwaddr iova,
++static int vfio_user_dma_map(const VFIOContainer *bcontainer, hwaddr iova,
+ ram_addr_t size, void *vaddr, bool readonly,
+ MemoryRegion *mrp)
+ {
+@@ -154,14 +154,14 @@ static int vfio_user_dma_map(const VFIOContainerBase *bcontainer, hwaddr iova,
+ }
+
+ static int
+-vfio_user_set_dirty_page_tracking(const VFIOContainerBase *bcontainer,
++vfio_user_set_dirty_page_tracking(const VFIOContainer *bcontainer,
+ bool start, Error **errp)
+ {
+ error_setg_errno(errp, ENOTSUP, "Not supported");
+ return -ENOTSUP;
+ }
+
+-static int vfio_user_query_dirty_bitmap(const VFIOContainerBase *bcontainer,
++static int vfio_user_query_dirty_bitmap(const VFIOContainer *bcontainer,
+ VFIOBitmap *vbmap, hwaddr iova,
+ hwaddr size, Error **errp)
+ {
+@@ -169,7 +169,7 @@ static int vfio_user_query_dirty_bitmap(const VFIOContainerBase *bcontainer,
+ return -ENOTSUP;
+ }
+
+-static bool vfio_user_setup(VFIOContainerBase *bcontainer, Error **errp)
++static bool vfio_user_setup(VFIOContainer *bcontainer, Error **errp)
+ {
+ VFIOUserContainer *container = VFIO_IOMMU_USER(bcontainer);
+
+@@ -202,7 +202,7 @@ static VFIOUserContainer *
+ vfio_user_container_connect(AddressSpace *as, VFIODevice *vbasedev,
+ Error **errp)
+ {
+- VFIOContainerBase *bcontainer;
++ VFIOContainer *bcontainer;
+ VFIOUserContainer *container;
+ VFIOAddressSpace *space;
+ VFIOIOMMUClass *vioc;
+@@ -260,7 +260,7 @@ put_space_exit:
+
+ static void vfio_user_container_disconnect(VFIOUserContainer *container)
+ {
+- VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
++ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+ VFIOAddressSpace *space = bcontainer->space;
+
+diff --git a/hw/vfio-user/container.h b/hw/vfio-user/container.h
+index 96aa6785d9..241863ef97 100644
+--- a/hw/vfio-user/container.h
++++ b/hw/vfio-user/container.h
+@@ -14,7 +14,7 @@
+
+ /* MMU container sub-class for vfio-user. */
+ struct VFIOUserContainer {
+- VFIOContainerBase parent_obj;
++ VFIOContainer parent_obj;
+
+ VFIOUserProxy *proxy;
+ };
+diff --git a/hw/vfio/container-base.c b/hw/vfio/container-base.c
+index 56304978e1..98c5198e50 100644
+--- a/hw/vfio/container-base.c
++++ b/hw/vfio/container-base.c
+@@ -67,13 +67,13 @@ void vfio_address_space_put(VFIOAddressSpace *space)
+ }
+
+ void vfio_address_space_insert(VFIOAddressSpace *space,
+- VFIOContainerBase *bcontainer)
++ VFIOContainer *bcontainer)
+ {
+ QLIST_INSERT_HEAD(&space->containers, bcontainer, next);
+ bcontainer->space = space;
+ }
+
+-int vfio_container_dma_map(VFIOContainerBase *bcontainer,
++int vfio_container_dma_map(VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ void *vaddr, bool readonly, MemoryRegion *mr)
+ {
+@@ -92,7 +92,7 @@ int vfio_container_dma_map(VFIOContainerBase *bcontainer,
+ return vioc->dma_map(bcontainer, iova, size, vaddr, readonly, mr);
+ }
+
+-int vfio_container_dma_unmap(VFIOContainerBase *bcontainer,
++int vfio_container_dma_unmap(VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all)
+ {
+@@ -102,7 +102,7 @@ int vfio_container_dma_unmap(VFIOContainerBase *bcontainer,
+ return vioc->dma_unmap(bcontainer, iova, size, iotlb, unmap_all);
+ }
+
+-bool vfio_container_add_section_window(VFIOContainerBase *bcontainer,
++bool vfio_container_add_section_window(VFIOContainer *bcontainer,
+ MemoryRegionSection *section,
+ Error **errp)
+ {
+@@ -115,7 +115,7 @@ bool vfio_container_add_section_window(VFIOContainerBase *bcontainer,
+ return vioc->add_window(bcontainer, section, errp);
+ }
+
+-void vfio_container_del_section_window(VFIOContainerBase *bcontainer,
++void vfio_container_del_section_window(VFIOContainer *bcontainer,
+ MemoryRegionSection *section)
+ {
+ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+@@ -127,7 +127,7 @@ void vfio_container_del_section_window(VFIOContainerBase *bcontainer,
+ return vioc->del_window(bcontainer, section);
+ }
+
+-int vfio_container_set_dirty_page_tracking(VFIOContainerBase *bcontainer,
++int vfio_container_set_dirty_page_tracking(VFIOContainer *bcontainer,
+ bool start, Error **errp)
+ {
+ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+@@ -151,7 +151,7 @@ int vfio_container_set_dirty_page_tracking(VFIOContainerBase *bcontainer,
+ }
+
+ static bool vfio_container_devices_dirty_tracking_is_started(
+- const VFIOContainerBase *bcontainer)
++ const VFIOContainer *bcontainer)
+ {
+ VFIODevice *vbasedev;
+
+@@ -165,14 +165,14 @@ static bool vfio_container_devices_dirty_tracking_is_started(
+ }
+
+ bool vfio_container_dirty_tracking_is_started(
+- const VFIOContainerBase *bcontainer)
++ const VFIOContainer *bcontainer)
+ {
+ return vfio_container_devices_dirty_tracking_is_started(bcontainer) ||
+ bcontainer->dirty_pages_started;
+ }
+
+ bool vfio_container_devices_dirty_tracking_is_supported(
+- const VFIOContainerBase *bcontainer)
++ const VFIOContainer *bcontainer)
+ {
+ VFIODevice *vbasedev;
+
+@@ -210,8 +210,9 @@ static int vfio_device_dma_logging_report(VFIODevice *vbasedev, hwaddr iova,
+ return vbasedev->io_ops->device_feature(vbasedev, feature);
+ }
+
+-static int vfio_container_iommu_query_dirty_bitmap(const VFIOContainerBase *bcontainer,
+- VFIOBitmap *vbmap, hwaddr iova, hwaddr size, Error **errp)
++static int vfio_container_iommu_query_dirty_bitmap(
++ const VFIOContainer *bcontainer, VFIOBitmap *vbmap, hwaddr iova,
++ hwaddr size, Error **errp)
+ {
+ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+
+@@ -220,8 +221,9 @@ static int vfio_container_iommu_query_dirty_bitmap(const VFIOContainerBase *bcon
+ errp);
+ }
+
+-static int vfio_container_devices_query_dirty_bitmap(const VFIOContainerBase *bcontainer,
+- VFIOBitmap *vbmap, hwaddr iova, hwaddr size, Error **errp)
++static int vfio_container_devices_query_dirty_bitmap(
++ const VFIOContainer *bcontainer, VFIOBitmap *vbmap, hwaddr iova,
++ hwaddr size, Error **errp)
+ {
+ VFIODevice *vbasedev;
+ int ret;
+@@ -242,8 +244,9 @@ static int vfio_container_devices_query_dirty_bitmap(const VFIOContainerBase *bc
+ return 0;
+ }
+
+-int vfio_container_query_dirty_bitmap(const VFIOContainerBase *bcontainer, uint64_t iova,
+- uint64_t size, ram_addr_t ram_addr, Error **errp)
++int vfio_container_query_dirty_bitmap(const VFIOContainer *bcontainer,
++ uint64_t iova, uint64_t size,
++ ram_addr_t ram_addr, Error **errp)
+ {
+ bool all_device_dirty_tracking =
+ vfio_container_devices_dirty_tracking_is_supported(bcontainer);
+@@ -297,7 +300,7 @@ static gpointer copy_iova_range(gconstpointer src, gpointer data)
+ return dest;
+ }
+
+-GList *vfio_container_get_iova_ranges(const VFIOContainerBase *bcontainer)
++GList *vfio_container_get_iova_ranges(const VFIOContainer *bcontainer)
+ {
+ assert(bcontainer);
+ return g_list_copy_deep(bcontainer->iova_ranges, copy_iova_range, NULL);
+@@ -305,7 +308,7 @@ GList *vfio_container_get_iova_ranges(const VFIOContainerBase *bcontainer)
+
+ static void vfio_container_instance_finalize(Object *obj)
+ {
+- VFIOContainerBase *bcontainer = VFIO_IOMMU(obj);
++ VFIOContainer *bcontainer = VFIO_IOMMU(obj);
+ VFIOGuestIOMMU *giommu, *tmp;
+
+ QLIST_SAFE_REMOVE(bcontainer, next);
+@@ -322,7 +325,7 @@ static void vfio_container_instance_finalize(Object *obj)
+
+ static void vfio_container_instance_init(Object *obj)
+ {
+- VFIOContainerBase *bcontainer = VFIO_IOMMU(obj);
++ VFIOContainer *bcontainer = VFIO_IOMMU(obj);
+
+ bcontainer->error = NULL;
+ bcontainer->dirty_pages_supported = false;
+@@ -338,7 +341,7 @@ static const TypeInfo types[] = {
+ .parent = TYPE_OBJECT,
+ .instance_init = vfio_container_instance_init,
+ .instance_finalize = vfio_container_instance_finalize,
+- .instance_size = sizeof(VFIOContainerBase),
++ .instance_size = sizeof(VFIOContainer),
+ .class_size = sizeof(VFIOIOMMUClass),
+ .abstract = true,
+ },
+diff --git a/hw/vfio/container.c b/hw/vfio/container.c
+index 76a09be941..84f5a5fdee 100644
+--- a/hw/vfio/container.c
++++ b/hw/vfio/container.c
+@@ -86,7 +86,7 @@ static int vfio_dma_unmap_bitmap(const VFIOLegacyContainer *container,
+ hwaddr iova, ram_addr_t size,
+ IOMMUTLBEntry *iotlb)
+ {
+- const VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
++ const VFIOContainer *bcontainer = VFIO_IOMMU(container);
+ struct vfio_iommu_type1_dma_unmap *unmap;
+ struct vfio_bitmap *bitmap;
+ VFIOBitmap vbmap;
+@@ -135,7 +135,7 @@ unmap_exit:
+ return ret;
+ }
+
+-static int vfio_legacy_dma_unmap_one(const VFIOContainerBase *bcontainer,
++static int vfio_legacy_dma_unmap_one(const VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ IOMMUTLBEntry *iotlb)
+ {
+@@ -198,7 +198,7 @@ static int vfio_legacy_dma_unmap_one(const VFIOContainerBase *bcontainer,
+ /*
+ * DMA - Mapping and unmapping for the "type1" IOMMU interface used on x86
+ */
+-static int vfio_legacy_dma_unmap(const VFIOContainerBase *bcontainer,
++static int vfio_legacy_dma_unmap(const VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all)
+ {
+@@ -223,7 +223,7 @@ static int vfio_legacy_dma_unmap(const VFIOContainerBase *bcontainer,
+ return ret;
+ }
+
+-static int vfio_legacy_dma_map(const VFIOContainerBase *bcontainer, hwaddr iova,
++static int vfio_legacy_dma_map(const VFIOContainer *bcontainer, hwaddr iova,
+ ram_addr_t size, void *vaddr, bool readonly,
+ MemoryRegion *mr)
+ {
+@@ -256,7 +256,7 @@ static int vfio_legacy_dma_map(const VFIOContainerBase *bcontainer, hwaddr iova,
+ }
+
+ static int
+-vfio_legacy_set_dirty_page_tracking(const VFIOContainerBase *bcontainer,
++vfio_legacy_set_dirty_page_tracking(const VFIOContainer *bcontainer,
+ bool start, Error **errp)
+ {
+ const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+@@ -281,7 +281,7 @@ vfio_legacy_set_dirty_page_tracking(const VFIOContainerBase *bcontainer,
+ return ret;
+ }
+
+-static int vfio_legacy_query_dirty_bitmap(const VFIOContainerBase *bcontainer,
++static int vfio_legacy_query_dirty_bitmap(const VFIOContainer *bcontainer,
+ VFIOBitmap *vbmap, hwaddr iova, hwaddr size, Error **errp)
+ {
+ const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+@@ -321,7 +321,7 @@ static int vfio_legacy_query_dirty_bitmap(const VFIOContainerBase *bcontainer,
+ }
+
+ static bool vfio_get_info_iova_range(struct vfio_iommu_type1_info *info,
+- VFIOContainerBase *bcontainer)
++ VFIOContainer *bcontainer)
+ {
+ struct vfio_info_cap_header *hdr;
+ struct vfio_iommu_type1_info_cap_iova_range *cap;
+@@ -506,7 +506,7 @@ static void vfio_get_iommu_info_migration(VFIOLegacyContainer *container,
+ {
+ struct vfio_info_cap_header *hdr;
+ struct vfio_iommu_type1_info_cap_migration *cap_mig;
+- VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
++ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+
+ hdr = vfio_get_iommu_info_cap(info, VFIO_IOMMU_TYPE1_INFO_CAP_MIGRATION);
+ if (!hdr) {
+@@ -527,7 +527,7 @@ static void vfio_get_iommu_info_migration(VFIOLegacyContainer *container,
+ }
+ }
+
+-static bool vfio_legacy_setup(VFIOContainerBase *bcontainer, Error **errp)
++static bool vfio_legacy_setup(VFIOContainer *bcontainer, Error **errp)
+ {
+ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ g_autofree struct vfio_iommu_type1_info *info = NULL;
+@@ -633,7 +633,7 @@ static bool vfio_container_connect(VFIOGroup *group, AddressSpace *as,
+ Error **errp)
+ {
+ VFIOLegacyContainer *container;
+- VFIOContainerBase *bcontainer;
++ VFIOContainer *bcontainer;
+ int ret, fd = -1;
+ VFIOAddressSpace *space;
+ VFIOIOMMUClass *vioc = NULL;
+@@ -746,7 +746,7 @@ fail:
+ static void vfio_container_disconnect(VFIOGroup *group)
+ {
+ VFIOLegacyContainer *container = group->container;
+- VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
++ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+
+ QLIST_REMOVE(group, container_next);
+diff --git a/hw/vfio/cpr-iommufd.c b/hw/vfio/cpr-iommufd.c
+index 148a06d552..6aaf6f77a2 100644
+--- a/hw/vfio/cpr-iommufd.c
++++ b/hw/vfio/cpr-iommufd.c
+@@ -176,7 +176,7 @@ void vfio_iommufd_cpr_unregister_iommufd(IOMMUFDBackend *be)
+ bool vfio_iommufd_cpr_register_container(VFIOIOMMUFDContainer *container,
+ Error **errp)
+ {
+- VFIOContainerBase *bcontainer = &container->bcontainer;
++ VFIOContainer *bcontainer = &container->bcontainer;
+
+ migration_add_notifier_mode(&bcontainer->cpr_reboot_notifier,
+ vfio_cpr_reboot_notifier,
+@@ -189,7 +189,7 @@ bool vfio_iommufd_cpr_register_container(VFIOIOMMUFDContainer *container,
+
+ void vfio_iommufd_cpr_unregister_container(VFIOIOMMUFDContainer *container)
+ {
+- VFIOContainerBase *bcontainer = &container->bcontainer;
++ VFIOContainer *bcontainer = &container->bcontainer;
+
+ migration_remove_notifier(&bcontainer->cpr_reboot_notifier);
+ }
+diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c
+index 12bf920a7d..bd3f6fc3d3 100644
+--- a/hw/vfio/cpr-legacy.c
++++ b/hw/vfio/cpr-legacy.c
+@@ -38,7 +38,7 @@ static bool vfio_dma_unmap_vaddr_all(VFIOLegacyContainer *container,
+ * Set the new @vaddr for any mappings registered during cpr load.
+ * The incoming state is cleared thereafter.
+ */
+-static int vfio_legacy_cpr_dma_map(const VFIOContainerBase *bcontainer,
++static int vfio_legacy_cpr_dma_map(const VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size, void *vaddr,
+ bool readonly, MemoryRegion *mr)
+ {
+@@ -100,7 +100,7 @@ static int vfio_container_pre_save(void *opaque)
+ static int vfio_container_post_load(void *opaque, int version_id)
+ {
+ VFIOLegacyContainer *container = opaque;
+- VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
++ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+ dma_map_fn saved_dma_map = vioc->dma_map;
+ Error *local_err = NULL;
+@@ -137,7 +137,7 @@ static int vfio_cpr_fail_notifier(NotifierWithReturn *notifier,
+ {
+ VFIOLegacyContainer *container =
+ container_of(notifier, VFIOLegacyContainer, cpr.transfer_notifier);
+- VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
++ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+
+ if (e->type != MIG_EVENT_PRECOPY_FAILED) {
+ return 0;
+@@ -170,7 +170,7 @@ static int vfio_cpr_fail_notifier(NotifierWithReturn *notifier,
+ bool vfio_legacy_cpr_register_container(VFIOLegacyContainer *container,
+ Error **errp)
+ {
+- VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
++ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+ Error **cpr_blocker = &container->cpr.blocker;
+
+ migration_add_notifier_mode(&bcontainer->cpr_reboot_notifier,
+@@ -194,7 +194,7 @@ bool vfio_legacy_cpr_register_container(VFIOLegacyContainer *container,
+
+ void vfio_legacy_cpr_unregister_container(VFIOLegacyContainer *container)
+ {
+- VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
++ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+
+ migration_remove_notifier(&bcontainer->cpr_reboot_notifier);
+ migrate_del_blocker(&container->cpr.blocker);
+@@ -210,7 +210,7 @@ void vfio_legacy_cpr_unregister_container(VFIOLegacyContainer *container)
+ * The giommu already exists. Find it and replay it, which calls
+ * vfio_legacy_cpr_dma_map further down the stack.
+ */
+-void vfio_cpr_giommu_remap(VFIOContainerBase *bcontainer,
++void vfio_cpr_giommu_remap(VFIOContainer *bcontainer,
+ MemoryRegionSection *section)
+ {
+ VFIOGuestIOMMU *giommu = NULL;
+@@ -235,7 +235,7 @@ void vfio_cpr_giommu_remap(VFIOContainerBase *bcontainer,
+ * The ram discard listener already exists. Call its populate function
+ * directly, which calls vfio_legacy_cpr_dma_map.
+ */
+-bool vfio_cpr_ram_discard_register_listener(VFIOContainerBase *bcontainer,
++bool vfio_cpr_ram_discard_register_listener(VFIOContainer *bcontainer,
+ MemoryRegionSection *section)
+ {
+ VFIORamDiscardListener *vrdl =
+diff --git a/hw/vfio/device.c b/hw/vfio/device.c
+index 412678a1f6..931a949c08 100644
+--- a/hw/vfio/device.c
++++ b/hw/vfio/device.c
+@@ -471,7 +471,7 @@ void vfio_device_detach(VFIODevice *vbasedev)
+ VFIO_IOMMU_GET_CLASS(vbasedev->bcontainer)->detach_device(vbasedev);
+ }
+
+-void vfio_device_prepare(VFIODevice *vbasedev, VFIOContainerBase *bcontainer,
++void vfio_device_prepare(VFIODevice *vbasedev, VFIOContainer *bcontainer,
+ struct vfio_device_info *info)
+ {
+ int i;
+diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
+index 65b94aaa00..2ebd87ec8f 100644
+--- a/hw/vfio/iommufd.c
++++ b/hw/vfio/iommufd.c
+@@ -34,7 +34,7 @@
+ #define TYPE_HOST_IOMMU_DEVICE_IOMMUFD_VFIO \
+ TYPE_HOST_IOMMU_DEVICE_IOMMUFD "-vfio"
+
+-static int iommufd_cdev_map(const VFIOContainerBase *bcontainer, hwaddr iova,
++static int iommufd_cdev_map(const VFIOContainer *bcontainer, hwaddr iova,
+ ram_addr_t size, void *vaddr, bool readonly,
+ MemoryRegion *mr)
+ {
+@@ -46,7 +46,7 @@ static int iommufd_cdev_map(const VFIOContainerBase *bcontainer, hwaddr iova,
+ iova, size, vaddr, readonly);
+ }
+
+-static int iommufd_cdev_map_file(const VFIOContainerBase *bcontainer,
++static int iommufd_cdev_map_file(const VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ int fd, unsigned long start, bool readonly)
+ {
+@@ -58,7 +58,7 @@ static int iommufd_cdev_map_file(const VFIOContainerBase *bcontainer,
+ iova, size, fd, start, readonly);
+ }
+
+-static int iommufd_cdev_unmap(const VFIOContainerBase *bcontainer,
++static int iommufd_cdev_unmap(const VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all)
+ {
+@@ -159,7 +159,7 @@ static bool iommufd_hwpt_dirty_tracking(VFIOIOASHwpt *hwpt)
+ return hwpt && hwpt->hwpt_flags & IOMMU_HWPT_ALLOC_DIRTY_TRACKING;
+ }
+
+-static int iommufd_set_dirty_page_tracking(const VFIOContainerBase *bcontainer,
++static int iommufd_set_dirty_page_tracking(const VFIOContainer *bcontainer,
+ bool start, Error **errp)
+ {
+ const VFIOIOMMUFDContainer *container =
+@@ -190,7 +190,7 @@ err:
+ return -EINVAL;
+ }
+
+-static int iommufd_query_dirty_bitmap(const VFIOContainerBase *bcontainer,
++static int iommufd_query_dirty_bitmap(const VFIOContainer *bcontainer,
+ VFIOBitmap *vbmap, hwaddr iova,
+ hwaddr size, Error **errp)
+ {
+@@ -464,7 +464,7 @@ static void iommufd_cdev_detach_container(VFIODevice *vbasedev,
+
+ static void iommufd_cdev_container_destroy(VFIOIOMMUFDContainer *container)
+ {
+- VFIOContainerBase *bcontainer = &container->bcontainer;
++ VFIOContainer *bcontainer = &container->bcontainer;
+
+ if (!QLIST_EMPTY(&bcontainer->device_list)) {
+ return;
+@@ -486,7 +486,7 @@ static int iommufd_cdev_ram_block_discard_disable(bool state)
+ static bool iommufd_cdev_get_info_iova_range(VFIOIOMMUFDContainer *container,
+ uint32_t ioas_id, Error **errp)
+ {
+- VFIOContainerBase *bcontainer = &container->bcontainer;
++ VFIOContainer *bcontainer = &container->bcontainer;
+ g_autofree struct iommu_ioas_iova_ranges *info = NULL;
+ struct iommu_iova_range *iova_ranges;
+ int sz, fd = container->be->fd;
+@@ -528,7 +528,7 @@ error:
+ static bool iommufd_cdev_attach(const char *name, VFIODevice *vbasedev,
+ AddressSpace *as, Error **errp)
+ {
+- VFIOContainerBase *bcontainer;
++ VFIOContainer *bcontainer;
+ VFIOIOMMUFDContainer *container;
+ VFIOAddressSpace *space;
+ struct vfio_device_info dev_info = { .argsz = sizeof(dev_info) };
+@@ -688,7 +688,7 @@ err_connect_bind:
+
+ static void iommufd_cdev_detach(VFIODevice *vbasedev)
+ {
+- VFIOContainerBase *bcontainer = vbasedev->bcontainer;
++ VFIOContainer *bcontainer = vbasedev->bcontainer;
+ VFIOAddressSpace *space = bcontainer->space;
+ VFIOIOMMUFDContainer *container = container_of(bcontainer,
+ VFIOIOMMUFDContainer,
+diff --git a/hw/vfio/listener.c b/hw/vfio/listener.c
+index e093833165..3b6f17f0c3 100644
+--- a/hw/vfio/listener.c
++++ b/hw/vfio/listener.c
+@@ -52,7 +52,7 @@
+ */
+
+
+-static bool vfio_log_sync_needed(const VFIOContainerBase *bcontainer)
++static bool vfio_log_sync_needed(const VFIOContainer *bcontainer)
+ {
+ VFIODevice *vbasedev;
+
+@@ -125,7 +125,7 @@ static MemoryRegion *vfio_translate_iotlb(IOMMUTLBEntry *iotlb, hwaddr *xlat_p,
+ static void vfio_iommu_map_notify(IOMMUNotifier *n, IOMMUTLBEntry *iotlb)
+ {
+ VFIOGuestIOMMU *giommu = container_of(n, VFIOGuestIOMMU, n);
+- VFIOContainerBase *bcontainer = giommu->bcontainer;
++ VFIOContainer *bcontainer = giommu->bcontainer;
+ hwaddr iova = iotlb->iova + giommu->iommu_offset;
+ MemoryRegion *mr;
+ hwaddr xlat;
+@@ -202,7 +202,7 @@ static void vfio_ram_discard_notify_discard(RamDiscardListener *rdl,
+ {
+ VFIORamDiscardListener *vrdl = container_of(rdl, VFIORamDiscardListener,
+ listener);
+- VFIOContainerBase *bcontainer = vrdl->bcontainer;
++ VFIOContainer *bcontainer = vrdl->bcontainer;
+ const hwaddr size = int128_get64(section->size);
+ const hwaddr iova = section->offset_within_address_space;
+ int ret;
+@@ -220,7 +220,7 @@ static int vfio_ram_discard_notify_populate(RamDiscardListener *rdl,
+ {
+ VFIORamDiscardListener *vrdl = container_of(rdl, VFIORamDiscardListener,
+ listener);
+- VFIOContainerBase *bcontainer = vrdl->bcontainer;
++ VFIOContainer *bcontainer = vrdl->bcontainer;
+ const hwaddr end = section->offset_within_region +
+ int128_get64(section->size);
+ hwaddr start, next, iova;
+@@ -250,7 +250,7 @@ static int vfio_ram_discard_notify_populate(RamDiscardListener *rdl,
+ return 0;
+ }
+
+-static bool vfio_ram_discard_register_listener(VFIOContainerBase *bcontainer,
++static bool vfio_ram_discard_register_listener(VFIOContainer *bcontainer,
+ MemoryRegionSection *section,
+ Error **errp)
+ {
+@@ -328,7 +328,7 @@ static bool vfio_ram_discard_register_listener(VFIOContainerBase *bcontainer,
+ return true;
+ }
+
+-static void vfio_ram_discard_unregister_listener(VFIOContainerBase *bcontainer,
++static void vfio_ram_discard_unregister_listener(VFIOContainer *bcontainer,
+ MemoryRegionSection *section)
+ {
+ RamDiscardManager *rdm = memory_region_get_ram_discard_manager(section->mr);
+@@ -396,7 +396,7 @@ static bool vfio_listener_valid_section(MemoryRegionSection *section,
+ return true;
+ }
+
+-static bool vfio_get_section_iova_range(VFIOContainerBase *bcontainer,
++static bool vfio_get_section_iova_range(VFIOContainer *bcontainer,
+ MemoryRegionSection *section,
+ hwaddr *out_iova, hwaddr *out_end,
+ Int128 *out_llend)
+@@ -423,9 +423,9 @@ static bool vfio_get_section_iova_range(VFIOContainerBase *bcontainer,
+
+ static void vfio_listener_begin(MemoryListener *listener)
+ {
+- VFIOContainerBase *bcontainer = container_of(listener, VFIOContainerBase,
+- listener);
+- void (*listener_begin)(VFIOContainerBase *bcontainer);
++ VFIOContainer *bcontainer = container_of(listener, VFIOContainer,
++ listener);
++ void (*listener_begin)(VFIOContainer *bcontainer);
+
+ listener_begin = VFIO_IOMMU_GET_CLASS(bcontainer)->listener_begin;
+
+@@ -436,9 +436,9 @@ static void vfio_listener_begin(MemoryListener *listener)
+
+ static void vfio_listener_commit(MemoryListener *listener)
+ {
+- VFIOContainerBase *bcontainer = container_of(listener, VFIOContainerBase,
+- listener);
+- void (*listener_commit)(VFIOContainerBase *bcontainer);
++ VFIOContainer *bcontainer = container_of(listener, VFIOContainer,
++ listener);
++ void (*listener_commit)(VFIOContainer *bcontainer);
+
+ listener_commit = VFIO_IOMMU_GET_CLASS(bcontainer)->listener_commit;
+
+@@ -460,7 +460,7 @@ static void vfio_device_error_append(VFIODevice *vbasedev, Error **errp)
+ }
+
+ VFIORamDiscardListener *vfio_find_ram_discard_listener(
+- VFIOContainerBase *bcontainer, MemoryRegionSection *section)
++ VFIOContainer *bcontainer, MemoryRegionSection *section)
+ {
+ VFIORamDiscardListener *vrdl = NULL;
+
+@@ -482,12 +482,12 @@ VFIORamDiscardListener *vfio_find_ram_discard_listener(
+ static void vfio_listener_region_add(MemoryListener *listener,
+ MemoryRegionSection *section)
+ {
+- VFIOContainerBase *bcontainer = container_of(listener, VFIOContainerBase,
+- listener);
++ VFIOContainer *bcontainer = container_of(listener, VFIOContainer,
++ listener);
+ vfio_container_region_add(bcontainer, section, false);
+ }
+
+-void vfio_container_region_add(VFIOContainerBase *bcontainer,
++void vfio_container_region_add(VFIOContainer *bcontainer,
+ MemoryRegionSection *section,
+ bool cpr_remap)
+ {
+@@ -656,8 +656,8 @@ fail:
+ static void vfio_listener_region_del(MemoryListener *listener,
+ MemoryRegionSection *section)
+ {
+- VFIOContainerBase *bcontainer = container_of(listener, VFIOContainerBase,
+- listener);
++ VFIOContainer *bcontainer = container_of(listener, VFIOContainer,
++ listener);
+ hwaddr iova, end;
+ Int128 llend, llsize;
+ int ret;
+@@ -744,13 +744,13 @@ typedef struct VFIODirtyRanges {
+ } VFIODirtyRanges;
+
+ typedef struct VFIODirtyRangesListener {
+- VFIOContainerBase *bcontainer;
++ VFIOContainer *bcontainer;
+ VFIODirtyRanges ranges;
+ MemoryListener listener;
+ } VFIODirtyRangesListener;
+
+ static bool vfio_section_is_vfio_pci(MemoryRegionSection *section,
+- VFIOContainerBase *bcontainer)
++ VFIOContainer *bcontainer)
+ {
+ VFIOPCIDevice *pcidev;
+ VFIODevice *vbasedev;
+@@ -835,7 +835,7 @@ static const MemoryListener vfio_dirty_tracking_listener = {
+ .region_add = vfio_dirty_tracking_update,
+ };
+
+-static void vfio_dirty_tracking_init(VFIOContainerBase *bcontainer,
++static void vfio_dirty_tracking_init(VFIOContainer *bcontainer,
+ VFIODirtyRanges *ranges)
+ {
+ VFIODirtyRangesListener dirty;
+@@ -860,7 +860,7 @@ static void vfio_dirty_tracking_init(VFIOContainerBase *bcontainer,
+ memory_listener_unregister(&dirty.listener);
+ }
+
+-static void vfio_devices_dma_logging_stop(VFIOContainerBase *bcontainer)
++static void vfio_devices_dma_logging_stop(VFIOContainer *bcontainer)
+ {
+ uint64_t buf[DIV_ROUND_UP(sizeof(struct vfio_device_feature),
+ sizeof(uint64_t))] = {};
+@@ -889,7 +889,7 @@ static void vfio_devices_dma_logging_stop(VFIOContainerBase *bcontainer)
+ }
+
+ static struct vfio_device_feature *
+-vfio_device_feature_dma_logging_start_create(VFIOContainerBase *bcontainer,
++vfio_device_feature_dma_logging_start_create(VFIOContainer *bcontainer,
+ VFIODirtyRanges *tracking)
+ {
+ struct vfio_device_feature *feature;
+@@ -962,7 +962,7 @@ static void vfio_device_feature_dma_logging_start_destroy(
+ g_free(feature);
+ }
+
+-static bool vfio_devices_dma_logging_start(VFIOContainerBase *bcontainer,
++static bool vfio_devices_dma_logging_start(VFIOContainer *bcontainer,
+ Error **errp)
+ {
+ struct vfio_device_feature *feature;
+@@ -1006,8 +1006,8 @@ static bool vfio_listener_log_global_start(MemoryListener *listener,
+ Error **errp)
+ {
+ ERRP_GUARD();
+- VFIOContainerBase *bcontainer = container_of(listener, VFIOContainerBase,
+- listener);
++ VFIOContainer *bcontainer = container_of(listener, VFIOContainer,
++ listener);
+ bool ret;
+
+ if (vfio_container_devices_dirty_tracking_is_supported(bcontainer)) {
+@@ -1024,8 +1024,8 @@ static bool vfio_listener_log_global_start(MemoryListener *listener,
+
+ static void vfio_listener_log_global_stop(MemoryListener *listener)
+ {
+- VFIOContainerBase *bcontainer = container_of(listener, VFIOContainerBase,
+- listener);
++ VFIOContainer *bcontainer = container_of(listener, VFIOContainer,
++ listener);
+ Error *local_err = NULL;
+ int ret = 0;
+
+@@ -1057,7 +1057,7 @@ static void vfio_iommu_map_dirty_notify(IOMMUNotifier *n, IOMMUTLBEntry *iotlb)
+ vfio_giommu_dirty_notifier *gdn = container_of(n,
+ vfio_giommu_dirty_notifier, n);
+ VFIOGuestIOMMU *giommu = gdn->giommu;
+- VFIOContainerBase *bcontainer = giommu->bcontainer;
++ VFIOContainer *bcontainer = giommu->bcontainer;
+ hwaddr iova = iotlb->iova + giommu->iommu_offset;
+ ram_addr_t translated_addr;
+ Error *local_err = NULL;
+@@ -1127,7 +1127,7 @@ static int vfio_ram_discard_query_dirty_bitmap(MemoryRegionSection *section,
+ }
+
+ static int
+-vfio_sync_ram_discard_listener_dirty_bitmap(VFIOContainerBase *bcontainer,
++vfio_sync_ram_discard_listener_dirty_bitmap(VFIOContainer *bcontainer,
+ MemoryRegionSection *section)
+ {
+ RamDiscardManager *rdm = memory_region_get_ram_discard_manager(section->mr);
+@@ -1143,7 +1143,7 @@ vfio_sync_ram_discard_listener_dirty_bitmap(VFIOContainerBase *bcontainer,
+ &vrdl);
+ }
+
+-static int vfio_sync_iommu_dirty_bitmap(VFIOContainerBase *bcontainer,
++static int vfio_sync_iommu_dirty_bitmap(VFIOContainer *bcontainer,
+ MemoryRegionSection *section)
+ {
+ VFIOGuestIOMMU *giommu;
+@@ -1180,7 +1180,7 @@ static int vfio_sync_iommu_dirty_bitmap(VFIOContainerBase *bcontainer,
+ return 0;
+ }
+
+-static int vfio_sync_dirty_bitmap(VFIOContainerBase *bcontainer,
++static int vfio_sync_dirty_bitmap(VFIOContainer *bcontainer,
+ MemoryRegionSection *section, Error **errp)
+ {
+ ram_addr_t ram_addr;
+@@ -1209,8 +1209,8 @@ static int vfio_sync_dirty_bitmap(VFIOContainerBase *bcontainer,
+ static void vfio_listener_log_sync(MemoryListener *listener,
+ MemoryRegionSection *section)
+ {
+- VFIOContainerBase *bcontainer = container_of(listener, VFIOContainerBase,
+- listener);
++ VFIOContainer *bcontainer = container_of(listener, VFIOContainer,
++ listener);
+ int ret;
+ Error *local_err = NULL;
+
+@@ -1241,7 +1241,7 @@ static const MemoryListener vfio_memory_listener = {
+ .log_sync = vfio_listener_log_sync,
+ };
+
+-bool vfio_listener_register(VFIOContainerBase *bcontainer, Error **errp)
++bool vfio_listener_register(VFIOContainer *bcontainer, Error **errp)
+ {
+ bcontainer->listener = vfio_memory_listener;
+ memory_listener_register(&bcontainer->listener, bcontainer->space->as);
+@@ -1255,7 +1255,7 @@ bool vfio_listener_register(VFIOContainerBase *bcontainer, Error **errp)
+ return true;
+ }
+
+-void vfio_listener_unregister(VFIOContainerBase *bcontainer)
++void vfio_listener_unregister(VFIOContainer *bcontainer)
+ {
+ memory_listener_unregister(&bcontainer->listener);
+ }
+diff --git a/hw/vfio/spapr.c b/hw/vfio/spapr.c
+index b8bade90d7..6d462aa13c 100644
+--- a/hw/vfio/spapr.c
++++ b/hw/vfio/spapr.c
+@@ -62,7 +62,7 @@ static void vfio_prereg_listener_region_add(MemoryListener *listener,
+ VFIOSpaprContainer *scontainer = container_of(listener, VFIOSpaprContainer,
+ prereg_listener);
+ VFIOLegacyContainer *container = &scontainer->container;
+- VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
++ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+ const hwaddr gpa = section->offset_within_address_space;
+ hwaddr end;
+ int ret;
+@@ -244,7 +244,7 @@ static bool vfio_spapr_create_window(VFIOLegacyContainer *container,
+ hwaddr *pgsize, Error **errp)
+ {
+ int ret = 0;
+- VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
++ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+ VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+ container);
+ IOMMUMemoryRegion *iommu_mr = IOMMU_MEMORY_REGION(section->mr);
+@@ -348,7 +348,7 @@ static bool vfio_spapr_create_window(VFIOLegacyContainer *container,
+ }
+
+ static bool
+-vfio_spapr_container_add_section_window(VFIOContainerBase *bcontainer,
++vfio_spapr_container_add_section_window(VFIOContainer *bcontainer,
+ MemoryRegionSection *section,
+ Error **errp)
+ {
+@@ -439,7 +439,7 @@ vfio_spapr_container_add_section_window(VFIOContainerBase *bcontainer,
+ }
+
+ static void
+-vfio_spapr_container_del_section_window(VFIOContainerBase *bcontainer,
++vfio_spapr_container_del_section_window(VFIOContainer *bcontainer,
+ MemoryRegionSection *section)
+ {
+ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+@@ -461,7 +461,7 @@ vfio_spapr_container_del_section_window(VFIOContainerBase *bcontainer,
+ }
+ }
+
+-static void vfio_spapr_container_release(VFIOContainerBase *bcontainer)
++static void vfio_spapr_container_release(VFIOContainer *bcontainer)
+ {
+ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+@@ -478,7 +478,7 @@ static void vfio_spapr_container_release(VFIOContainerBase *bcontainer)
+ }
+ }
+
+-static bool vfio_spapr_container_setup(VFIOContainerBase *bcontainer,
++static bool vfio_spapr_container_setup(VFIOContainer *bcontainer,
+ Error **errp)
+ {
+ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+diff --git a/hw/vfio/vfio-iommufd.h b/hw/vfio/vfio-iommufd.h
+index 07ea0f4304..6c049d9257 100644
+--- a/hw/vfio/vfio-iommufd.h
++++ b/hw/vfio/vfio-iommufd.h
+@@ -23,7 +23,7 @@ typedef struct VFIOIOASHwpt {
+ typedef struct IOMMUFDBackend IOMMUFDBackend;
+
+ typedef struct VFIOIOMMUFDContainer {
+- VFIOContainerBase bcontainer;
++ VFIOContainer bcontainer;
+ IOMMUFDBackend *be;
+ uint32_t ioas_id;
+ QLIST_HEAD(, VFIOIOASHwpt) hwpt_list;
+diff --git a/hw/vfio/vfio-listener.h b/hw/vfio/vfio-listener.h
+index eb69ddd374..a90674ca96 100644
+--- a/hw/vfio/vfio-listener.h
++++ b/hw/vfio/vfio-listener.h
+@@ -9,7 +9,7 @@
+ #ifndef HW_VFIO_VFIO_LISTENER_H
+ #define HW_VFIO_VFIO_LISTENER_H
+
+-bool vfio_listener_register(VFIOContainerBase *bcontainer, Error **errp);
+-void vfio_listener_unregister(VFIOContainerBase *bcontainer);
++bool vfio_listener_register(VFIOContainer *bcontainer, Error **errp);
++void vfio_listener_unregister(VFIOContainer *bcontainer);
+
+ #endif /* HW_VFIO_VFIO_LISTENER_H */
+diff --git a/include/hw/vfio/vfio-container-base.h b/include/hw/vfio/vfio-container-base.h
+index acbd48a18a..b580f4a02d 100644
+--- a/include/hw/vfio/vfio-container-base.h
++++ b/include/hw/vfio/vfio-container-base.h
+@@ -26,14 +26,14 @@ typedef struct {
+
+ typedef struct VFIOAddressSpace {
+ AddressSpace *as;
+- QLIST_HEAD(, VFIOContainerBase) containers;
++ QLIST_HEAD(, VFIOContainer) containers;
+ QLIST_ENTRY(VFIOAddressSpace) list;
+ } VFIOAddressSpace;
+
+ /*
+ * This is the base object for vfio container backends
+ */
+-struct VFIOContainerBase {
++struct VFIOContainer {
+ Object parent_obj;
+
+ VFIOAddressSpace *space;
+@@ -48,17 +48,17 @@ struct VFIOContainerBase {
+ bool dirty_pages_started; /* Protected by BQL */
+ QLIST_HEAD(, VFIOGuestIOMMU) giommu_list;
+ QLIST_HEAD(, VFIORamDiscardListener) vrdl_list;
+- QLIST_ENTRY(VFIOContainerBase) next;
++ QLIST_ENTRY(VFIOContainer) next;
+ QLIST_HEAD(, VFIODevice) device_list;
+ GList *iova_ranges;
+ NotifierWithReturn cpr_reboot_notifier;
+ };
+
+ #define TYPE_VFIO_IOMMU "vfio-iommu"
+-OBJECT_DECLARE_TYPE(VFIOContainerBase, VFIOIOMMUClass, VFIO_IOMMU)
++OBJECT_DECLARE_TYPE(VFIOContainer, VFIOIOMMUClass, VFIO_IOMMU)
+
+ typedef struct VFIOGuestIOMMU {
+- VFIOContainerBase *bcontainer;
++ VFIOContainer *bcontainer;
+ IOMMUMemoryRegion *iommu_mr;
+ hwaddr iommu_offset;
+ IOMMUNotifier n;
+@@ -66,7 +66,7 @@ typedef struct VFIOGuestIOMMU {
+ } VFIOGuestIOMMU;
+
+ typedef struct VFIORamDiscardListener {
+- VFIOContainerBase *bcontainer;
++ VFIOContainer *bcontainer;
+ MemoryRegion *mr;
+ hwaddr offset_within_address_space;
+ hwaddr size;
+@@ -78,32 +78,32 @@ typedef struct VFIORamDiscardListener {
+ VFIOAddressSpace *vfio_address_space_get(AddressSpace *as);
+ void vfio_address_space_put(VFIOAddressSpace *space);
+ void vfio_address_space_insert(VFIOAddressSpace *space,
+- VFIOContainerBase *bcontainer);
++ VFIOContainer *bcontainer);
+
+-int vfio_container_dma_map(VFIOContainerBase *bcontainer,
++int vfio_container_dma_map(VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ void *vaddr, bool readonly, MemoryRegion *mr);
+-int vfio_container_dma_unmap(VFIOContainerBase *bcontainer,
++int vfio_container_dma_unmap(VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all);
+-bool vfio_container_add_section_window(VFIOContainerBase *bcontainer,
++bool vfio_container_add_section_window(VFIOContainer *bcontainer,
+ MemoryRegionSection *section,
+ Error **errp);
+-void vfio_container_del_section_window(VFIOContainerBase *bcontainer,
++void vfio_container_del_section_window(VFIOContainer *bcontainer,
+ MemoryRegionSection *section);
+-int vfio_container_set_dirty_page_tracking(VFIOContainerBase *bcontainer,
++int vfio_container_set_dirty_page_tracking(VFIOContainer *bcontainer,
+ bool start, Error **errp);
+ bool vfio_container_dirty_tracking_is_started(
+- const VFIOContainerBase *bcontainer);
++ const VFIOContainer *bcontainer);
+ bool vfio_container_devices_dirty_tracking_is_supported(
+- const VFIOContainerBase *bcontainer);
+-int vfio_container_query_dirty_bitmap(const VFIOContainerBase *bcontainer,
++ const VFIOContainer *bcontainer);
++int vfio_container_query_dirty_bitmap(const VFIOContainer *bcontainer,
+ uint64_t iova, uint64_t size, ram_addr_t ram_addr, Error **errp);
+
+-GList *vfio_container_get_iova_ranges(const VFIOContainerBase *bcontainer);
++GList *vfio_container_get_iova_ranges(const VFIOContainer *bcontainer);
+
+ static inline uint64_t
+-vfio_container_get_page_size_mask(const VFIOContainerBase *bcontainer)
++vfio_container_get_page_size_mask(const VFIOContainer *bcontainer)
+ {
+ assert(bcontainer);
+ return bcontainer->pgsizes;
+@@ -123,12 +123,12 @@ struct VFIOIOMMUClass {
+ * Perform basic setup of the container, including configuring IOMMU
+ * capabilities, IOVA ranges, supported page sizes, etc.
+ *
+- * @bcontainer: #VFIOContainerBase
++ * @bcontainer: #VFIOContainer
+ * @errp: pointer to Error*, to store an error if it happens.
+ *
+ * Returns true to indicate success and false for error.
+ */
+- bool (*setup)(VFIOContainerBase *bcontainer, Error **errp);
++ bool (*setup)(VFIOContainer *bcontainer, Error **errp);
+
+ /**
+ * @listener_begin
+@@ -136,9 +136,9 @@ struct VFIOIOMMUClass {
+ * Called at the beginning of an address space update transaction.
+ * See #MemoryListener.
+ *
+- * @bcontainer: #VFIOContainerBase
++ * @bcontainer: #VFIOContainer
+ */
+- void (*listener_begin)(VFIOContainerBase *bcontainer);
++ void (*listener_begin)(VFIOContainer *bcontainer);
+
+ /**
+ * @listener_commit
+@@ -146,9 +146,9 @@ struct VFIOIOMMUClass {
+ * Called at the end of an address space update transaction,
+ * See #MemoryListener.
+ *
+- * @bcontainer: #VFIOContainerBase
++ * @bcontainer: #VFIOContainer
+ */
+- void (*listener_commit)(VFIOContainerBase *bcontainer);
++ void (*listener_commit)(VFIOContainer *bcontainer);
+
+ /**
+ * @dma_map
+@@ -156,7 +156,7 @@ struct VFIOIOMMUClass {
+ * Map an address range into the container. Note that the memory region is
+ * referenced within an RCU read lock region across this call.
+ *
+- * @bcontainer: #VFIOContainerBase to use
++ * @bcontainer: #VFIOContainer to use
+ * @iova: start address to map
+ * @size: size of the range to map
+ * @vaddr: process virtual address of mapping
+@@ -165,7 +165,7 @@ struct VFIOIOMMUClass {
+ *
+ * Returns 0 to indicate success and -errno otherwise.
+ */
+- int (*dma_map)(const VFIOContainerBase *bcontainer,
++ int (*dma_map)(const VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ void *vaddr, bool readonly, MemoryRegion *mr);
+ /**
+@@ -173,14 +173,14 @@ struct VFIOIOMMUClass {
+ *
+ * Map a file range for the container.
+ *
+- * @bcontainer: #VFIOContainerBase to use for map
++ * @bcontainer: #VFIOContainer to use for map
+ * @iova: start address to map
+ * @size: size of the range to map
+ * @fd: descriptor of the file to map
+ * @start: starting file offset of the range to map
+ * @readonly: map read only if true
+ */
+- int (*dma_map_file)(const VFIOContainerBase *bcontainer,
++ int (*dma_map_file)(const VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ int fd, unsigned long start, bool readonly);
+ /**
+@@ -188,7 +188,7 @@ struct VFIOIOMMUClass {
+ *
+ * Unmap an address range from the container.
+ *
+- * @bcontainer: #VFIOContainerBase to use for unmap
++ * @bcontainer: #VFIOContainer to use for unmap
+ * @iova: start address to unmap
+ * @size: size of the range to unmap
+ * @iotlb: The IOMMU TLB mapping entry (or NULL)
+@@ -196,7 +196,7 @@ struct VFIOIOMMUClass {
+ *
+ * Returns 0 to indicate success and -errno otherwise.
+ */
+- int (*dma_unmap)(const VFIOContainerBase *bcontainer,
++ int (*dma_unmap)(const VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all);
+
+@@ -234,21 +234,21 @@ struct VFIOIOMMUClass {
+ *
+ * Start or stop dirty pages tracking on VFIO container
+ *
+- * @bcontainer: #VFIOContainerBase on which to de/activate dirty
++ * @bcontainer: #VFIOContainer on which to de/activate dirty
+ * page tracking
+ * @start: indicates whether to start or stop dirty pages tracking
+ * @errp: pointer to Error*, to store an error if it happens.
+ *
+ * Returns zero to indicate success and negative for error.
+ */
+- int (*set_dirty_page_tracking)(const VFIOContainerBase *bcontainer,
++ int (*set_dirty_page_tracking)(const VFIOContainer *bcontainer,
+ bool start, Error **errp);
+ /**
+ * @query_dirty_bitmap
+ *
+ * Get bitmap of dirty pages from container
+ *
+- * @bcontainer: #VFIOContainerBase from which to get dirty pages
++ * @bcontainer: #VFIOContainer from which to get dirty pages
+ * @vbmap: #VFIOBitmap internal bitmap structure
+ * @iova: iova base address
+ * @size: size of iova range
+@@ -256,24 +256,24 @@ struct VFIOIOMMUClass {
+ *
+ * Returns zero to indicate success and negative for error.
+ */
+- int (*query_dirty_bitmap)(const VFIOContainerBase *bcontainer,
++ int (*query_dirty_bitmap)(const VFIOContainer *bcontainer,
+ VFIOBitmap *vbmap, hwaddr iova, hwaddr size, Error **errp);
+ /* PCI specific */
+ int (*pci_hot_reset)(VFIODevice *vbasedev, bool single);
+
+ /* SPAPR specific */
+- bool (*add_window)(VFIOContainerBase *bcontainer,
++ bool (*add_window)(VFIOContainer *bcontainer,
+ MemoryRegionSection *section,
+ Error **errp);
+- void (*del_window)(VFIOContainerBase *bcontainer,
++ void (*del_window)(VFIOContainer *bcontainer,
+ MemoryRegionSection *section);
+- void (*release)(VFIOContainerBase *bcontainer);
++ void (*release)(VFIOContainer *bcontainer);
+ };
+
+ VFIORamDiscardListener *vfio_find_ram_discard_listener(
+- VFIOContainerBase *bcontainer, MemoryRegionSection *section);
++ VFIOContainer *bcontainer, MemoryRegionSection *section);
+
+-void vfio_container_region_add(VFIOContainerBase *bcontainer,
++void vfio_container_region_add(VFIOContainer *bcontainer,
+ MemoryRegionSection *section, bool cpr_remap);
+
+ #endif /* HW_VFIO_VFIO_CONTAINER_BASE_H */
+diff --git a/include/hw/vfio/vfio-container.h b/include/hw/vfio/vfio-container.h
+index 712a691400..a84dfb0dee 100644
+--- a/include/hw/vfio/vfio-container.h
++++ b/include/hw/vfio/vfio-container.h
+@@ -26,7 +26,7 @@ typedef struct VFIOGroup {
+ } VFIOGroup;
+
+ struct VFIOLegacyContainer {
+- VFIOContainerBase parent_obj;
++ VFIOContainer parent_obj;
+
+ int fd; /* /dev/vfio/vfio, empowered by the attached groups */
+ unsigned iommu_type;
+diff --git a/include/hw/vfio/vfio-cpr.h b/include/hw/vfio/vfio-cpr.h
+index 04e9872587..26ee0c4fe1 100644
+--- a/include/hw/vfio/vfio-cpr.h
++++ b/include/hw/vfio/vfio-cpr.h
+@@ -13,14 +13,14 @@
+ #include "system/memory.h"
+
+ struct VFIOLegacyContainer;
+-struct VFIOContainerBase;
++struct VFIOContainer;
+ struct VFIOGroup;
+ struct VFIODevice;
+ struct VFIOPCIDevice;
+ struct VFIOIOMMUFDContainer;
+ struct IOMMUFDBackend;
+
+-typedef int (*dma_map_fn)(const struct VFIOContainerBase *bcontainer,
++typedef int (*dma_map_fn)(const struct VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size, void *vaddr,
+ bool readonly, MemoryRegion *mr);
+
+@@ -65,11 +65,11 @@ int vfio_cpr_group_get_device_fd(int d, const char *name);
+ bool vfio_cpr_container_match(struct VFIOLegacyContainer *container,
+ struct VFIOGroup *group, int fd);
+
+-void vfio_cpr_giommu_remap(struct VFIOContainerBase *bcontainer,
++void vfio_cpr_giommu_remap(struct VFIOContainer *bcontainer,
+ MemoryRegionSection *section);
+
+ bool vfio_cpr_ram_discard_register_listener(
+- struct VFIOContainerBase *bcontainer, MemoryRegionSection *section);
++ struct VFIOContainer *bcontainer, MemoryRegionSection *section);
+
+ void vfio_cpr_save_vector_fd(struct VFIOPCIDevice *vdev, const char *name,
+ int nr, int fd);
+diff --git a/include/hw/vfio/vfio-device.h b/include/hw/vfio/vfio-device.h
+index 2bc16a1a2e..d20186327f 100644
+--- a/include/hw/vfio/vfio-device.h
++++ b/include/hw/vfio/vfio-device.h
+@@ -54,7 +54,7 @@ typedef struct VFIODevice {
+ QLIST_ENTRY(VFIODevice) container_next;
+ QLIST_ENTRY(VFIODevice) global_next;
+ struct VFIOGroup *group;
+- VFIOContainerBase *bcontainer;
++ VFIOContainer *bcontainer;
+ char *sysfsdev;
+ char *name;
+ DeviceState *dev;
+@@ -253,7 +253,7 @@ struct VFIODeviceIOOps {
+ void *data, bool post);
+ };
+
+-void vfio_device_prepare(VFIODevice *vbasedev, VFIOContainerBase *bcontainer,
++void vfio_device_prepare(VFIODevice *vbasedev, VFIOContainer *bcontainer,
+ struct vfio_device_info *info);
+
+ void vfio_device_unprepare(VFIODevice *vbasedev);
+--
+2.52.0
+
diff --git a/kvm-include-hw-vfio-vfio-container-base.h-rename-file-to.patch b/kvm-include-hw-vfio-vfio-container-base.h-rename-file-to.patch
new file mode 100644
index 0000000..a0d6b93
--- /dev/null
+++ b/kvm-include-hw-vfio-vfio-container-base.h-rename-file-to.patch
@@ -0,0 +1,129 @@
+From b2f885bec7e4dc0b1618063a7c1220bc235c55eb Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:12 +0100
+Subject: [PATCH 054/116] include/hw/vfio/vfio-container-base.h: rename file to
+ vfio-container.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [38/100] 8f997c2726be98dd8083f32305a20aa992bbc46d (rovick1/qemu-kvm)
+
+With the rename of VFIOContainerBase to VFIOContainer, the vfio-container-base.h
+header file containing the struct definition is misleading. Rename it from
+vfio-container-base.h to vfio-container.h accordingly, fixing up the name
+of the include guard at the same time.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-5-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit ef70eb32b8a15abea6af8180ba03e771ae041169)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/container.h | 2 +-
+ hw/vfio/container-base.c | 2 +-
+ hw/vfio/vfio-iommufd.h | 2 +-
+ include/hw/vfio/vfio-container-legacy.h | 2 +-
+ include/hw/vfio/{vfio-container-base.h => vfio-container.h} | 6 +++---
+ include/hw/vfio/vfio-device.h | 2 +-
+ 6 files changed, 8 insertions(+), 8 deletions(-)
+ rename include/hw/vfio/{vfio-container-base.h => vfio-container.h} (98%)
+
+diff --git a/hw/vfio-user/container.h b/hw/vfio-user/container.h
+index 241863ef97..a2b42e3169 100644
+--- a/hw/vfio-user/container.h
++++ b/hw/vfio-user/container.h
+@@ -9,7 +9,7 @@
+
+ #include "qemu/osdep.h"
+
+-#include "hw/vfio/vfio-container-base.h"
++#include "hw/vfio/vfio-container.h"
+ #include "hw/vfio-user/proxy.h"
+
+ /* MMU container sub-class for vfio-user. */
+diff --git a/hw/vfio/container-base.c b/hw/vfio/container-base.c
+index 98c5198e50..250b20f424 100644
+--- a/hw/vfio/container-base.c
++++ b/hw/vfio/container-base.c
+@@ -18,7 +18,7 @@
+ #include "system/ram_addr.h"
+ #include "qapi/error.h"
+ #include "qemu/error-report.h"
+-#include "hw/vfio/vfio-container-base.h"
++#include "hw/vfio/vfio-container.h"
+ #include "hw/vfio/vfio-device.h" /* vfio_device_reset_handler */
+ #include "system/reset.h"
+ #include "vfio-helpers.h"
+diff --git a/hw/vfio/vfio-iommufd.h b/hw/vfio/vfio-iommufd.h
+index 6c049d9257..13f412aad7 100644
+--- a/hw/vfio/vfio-iommufd.h
++++ b/hw/vfio/vfio-iommufd.h
+@@ -9,7 +9,7 @@
+ #ifndef HW_VFIO_VFIO_IOMMUFD_H
+ #define HW_VFIO_VFIO_IOMMUFD_H
+
+-#include "hw/vfio/vfio-container-base.h"
++#include "hw/vfio/vfio-container.h"
+
+ typedef struct VFIODevice VFIODevice;
+
+diff --git a/include/hw/vfio/vfio-container-legacy.h b/include/hw/vfio/vfio-container-legacy.h
+index ab5130d26e..74a72df018 100644
+--- a/include/hw/vfio/vfio-container-legacy.h
++++ b/include/hw/vfio/vfio-container-legacy.h
+@@ -9,7 +9,7 @@
+ #ifndef HW_VFIO_CONTAINER_LEGACY_H
+ #define HW_VFIO_CONTAINER_LEGACY_H
+
+-#include "hw/vfio/vfio-container-base.h"
++#include "hw/vfio/vfio-container.h"
+ #include "hw/vfio/vfio-cpr.h"
+
+ typedef struct VFIOLegacyContainer VFIOLegacyContainer;
+diff --git a/include/hw/vfio/vfio-container-base.h b/include/hw/vfio/vfio-container.h
+similarity index 98%
+rename from include/hw/vfio/vfio-container-base.h
+rename to include/hw/vfio/vfio-container.h
+index b580f4a02d..b8fb2b8b5d 100644
+--- a/include/hw/vfio/vfio-container-base.h
++++ b/include/hw/vfio/vfio-container.h
+@@ -10,8 +10,8 @@
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+-#ifndef HW_VFIO_VFIO_CONTAINER_BASE_H
+-#define HW_VFIO_VFIO_CONTAINER_BASE_H
++#ifndef HW_VFIO_VFIO_CONTAINER_H
++#define HW_VFIO_VFIO_CONTAINER_H
+
+ #include "system/memory.h"
+
+@@ -276,4 +276,4 @@ VFIORamDiscardListener *vfio_find_ram_discard_listener(
+ void vfio_container_region_add(VFIOContainer *bcontainer,
+ MemoryRegionSection *section, bool cpr_remap);
+
+-#endif /* HW_VFIO_VFIO_CONTAINER_BASE_H */
++#endif /* HW_VFIO_VFIO_CONTAINER_H */
+diff --git a/include/hw/vfio/vfio-device.h b/include/hw/vfio/vfio-device.h
+index d20186327f..28047a6339 100644
+--- a/include/hw/vfio/vfio-device.h
++++ b/include/hw/vfio/vfio-device.h
+@@ -27,7 +27,7 @@
+ #include <linux/vfio.h>
+ #endif
+ #include "system/system.h"
+-#include "hw/vfio/vfio-container-base.h"
++#include "hw/vfio/vfio-container.h"
+ #include "hw/vfio/vfio-cpr.h"
+ #include "system/host_iommu_device.h"
+ #include "system/iommufd.h"
+--
+2.52.0
+
diff --git a/kvm-include-hw-vfio-vfio-container.h-rename-VFIOContaine.patch b/kvm-include-hw-vfio-vfio-container.h-rename-VFIOContaine.patch
new file mode 100644
index 0000000..2150d51
--- /dev/null
+++ b/kvm-include-hw-vfio-vfio-container.h-rename-VFIOContaine.patch
@@ -0,0 +1,513 @@
+From 3e5a48ee28a9ecc28f27e34e4bdea3f30cb07154 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:09 +0100
+Subject: [PATCH 051/116] include/hw/vfio/vfio-container.h: rename
+ VFIOContainer to VFIOLegacyContainer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [35/100] 76092b57b3839acd6627010e30b7d7ce90db524f (rovick1/qemu-kvm)
+
+Conflicts:
+ hw/vfio/container.c: contextual conflict: downstream we
+ have vfio_device_count
+
+The VFIOContainer struct represents the legacy VFIO container even though the
+name suggests it may be the common superclass of all VFIO containers. Rename it
+to VFIOLegacyContainer to make this clearer, which is also a better match for
+its VFIO_IOMMU_LEGACY QOM type name.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-2-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit da9211f28e280bc9809b116fc186727a01b0f267)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/ppc/spapr_pci_vfio.c | 10 ++++----
+ hw/vfio/container.c | 42 +++++++++++++++++---------------
+ hw/vfio/cpr-legacy.c | 27 +++++++++++---------
+ hw/vfio/spapr.c | 18 +++++++-------
+ include/hw/vfio/vfio-container.h | 8 +++---
+ include/hw/vfio/vfio-cpr.h | 9 ++++---
+ 6 files changed, 60 insertions(+), 54 deletions(-)
+
+diff --git a/hw/ppc/spapr_pci_vfio.c b/hw/ppc/spapr_pci_vfio.c
+index e318d0d912..b658eb372c 100644
+--- a/hw/ppc/spapr_pci_vfio.c
++++ b/hw/ppc/spapr_pci_vfio.c
+@@ -32,7 +32,7 @@
+ * Interfaces for IBM EEH (Enhanced Error Handling)
+ */
+ #ifdef CONFIG_VFIO_PCI
+-static bool vfio_eeh_container_ok(VFIOContainer *container)
++static bool vfio_eeh_container_ok(VFIOLegacyContainer *container)
+ {
+ /*
+ * As of 2016-03-04 (linux-4.5) the host kernel EEH/VFIO
+@@ -60,7 +60,7 @@ static bool vfio_eeh_container_ok(VFIOContainer *container)
+ return true;
+ }
+
+-static int vfio_eeh_container_op(VFIOContainer *container, uint32_t op)
++static int vfio_eeh_container_op(VFIOLegacyContainer *container, uint32_t op)
+ {
+ struct vfio_eeh_pe_op pe_op = {
+ .argsz = sizeof(pe_op),
+@@ -83,7 +83,7 @@ static int vfio_eeh_container_op(VFIOContainer *container, uint32_t op)
+ return ret;
+ }
+
+-static VFIOContainer *vfio_eeh_as_container(AddressSpace *as)
++static VFIOLegacyContainer *vfio_eeh_as_container(AddressSpace *as)
+ {
+ VFIOAddressSpace *space = vfio_address_space_get(as);
+ VFIOContainerBase *bcontainer = NULL;
+@@ -111,14 +111,14 @@ out:
+
+ static bool vfio_eeh_as_ok(AddressSpace *as)
+ {
+- VFIOContainer *container = vfio_eeh_as_container(as);
++ VFIOLegacyContainer *container = vfio_eeh_as_container(as);
+
+ return (container != NULL) && vfio_eeh_container_ok(container);
+ }
+
+ static int vfio_eeh_as_op(AddressSpace *as, uint32_t op)
+ {
+- VFIOContainer *container = vfio_eeh_as_container(as);
++ VFIOLegacyContainer *container = vfio_eeh_as_container(as);
+
+ if (!container) {
+ return -ENODEV;
+diff --git a/hw/vfio/container.c b/hw/vfio/container.c
+index 860d1aebda..76a09be941 100644
+--- a/hw/vfio/container.c
++++ b/hw/vfio/container.c
+@@ -58,7 +58,8 @@ int vfio_device_count(void)
+ return i;
+ }
+
+-static int vfio_ram_block_discard_disable(VFIOContainer *container, bool state)
++static int vfio_ram_block_discard_disable(VFIOLegacyContainer *container,
++ bool state)
+ {
+ switch (container->iommu_type) {
+ case VFIO_TYPE1v2_IOMMU:
+@@ -81,7 +82,7 @@ static int vfio_ram_block_discard_disable(VFIOContainer *container, bool state)
+ }
+ }
+
+-static int vfio_dma_unmap_bitmap(const VFIOContainer *container,
++static int vfio_dma_unmap_bitmap(const VFIOLegacyContainer *container,
+ hwaddr iova, ram_addr_t size,
+ IOMMUTLBEntry *iotlb)
+ {
+@@ -138,7 +139,7 @@ static int vfio_legacy_dma_unmap_one(const VFIOContainerBase *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ IOMMUTLBEntry *iotlb)
+ {
+- const VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
++ const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ struct vfio_iommu_type1_dma_unmap unmap = {
+ .argsz = sizeof(unmap),
+ .flags = 0,
+@@ -226,7 +227,7 @@ static int vfio_legacy_dma_map(const VFIOContainerBase *bcontainer, hwaddr iova,
+ ram_addr_t size, void *vaddr, bool readonly,
+ MemoryRegion *mr)
+ {
+- const VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
++ const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ struct vfio_iommu_type1_dma_map map = {
+ .argsz = sizeof(map),
+ .flags = VFIO_DMA_MAP_FLAG_READ,
+@@ -258,7 +259,7 @@ static int
+ vfio_legacy_set_dirty_page_tracking(const VFIOContainerBase *bcontainer,
+ bool start, Error **errp)
+ {
+- const VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
++ const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ int ret;
+ struct vfio_iommu_type1_dirty_bitmap dirty = {
+ .argsz = sizeof(dirty),
+@@ -283,7 +284,7 @@ vfio_legacy_set_dirty_page_tracking(const VFIOContainerBase *bcontainer,
+ static int vfio_legacy_query_dirty_bitmap(const VFIOContainerBase *bcontainer,
+ VFIOBitmap *vbmap, hwaddr iova, hwaddr size, Error **errp)
+ {
+- const VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
++ const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ struct vfio_iommu_type1_dirty_bitmap *dbitmap;
+ struct vfio_iommu_type1_dirty_bitmap_get *range;
+ int ret;
+@@ -427,12 +428,12 @@ static bool vfio_set_iommu(int container_fd, int group_fd,
+ return true;
+ }
+
+-static VFIOContainer *vfio_create_container(int fd, VFIOGroup *group,
++static VFIOLegacyContainer *vfio_create_container(int fd, VFIOGroup *group,
+ Error **errp)
+ {
+ int iommu_type;
+ const char *vioc_name;
+- VFIOContainer *container;
++ VFIOLegacyContainer *container;
+
+ iommu_type = vfio_get_iommu_type(fd, errp);
+ if (iommu_type < 0) {
+@@ -456,7 +457,7 @@ static VFIOContainer *vfio_create_container(int fd, VFIOGroup *group,
+ return container;
+ }
+
+-static int vfio_get_iommu_info(VFIOContainer *container,
++static int vfio_get_iommu_info(VFIOLegacyContainer *container,
+ struct vfio_iommu_type1_info **info)
+ {
+
+@@ -500,7 +501,7 @@ vfio_get_iommu_info_cap(struct vfio_iommu_type1_info *info, uint16_t id)
+ return NULL;
+ }
+
+-static void vfio_get_iommu_info_migration(VFIOContainer *container,
++static void vfio_get_iommu_info_migration(VFIOLegacyContainer *container,
+ struct vfio_iommu_type1_info *info)
+ {
+ struct vfio_info_cap_header *hdr;
+@@ -528,7 +529,7 @@ static void vfio_get_iommu_info_migration(VFIOContainer *container,
+
+ static bool vfio_legacy_setup(VFIOContainerBase *bcontainer, Error **errp)
+ {
+- VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
++ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ g_autofree struct vfio_iommu_type1_info *info = NULL;
+ int ret;
+
+@@ -554,8 +555,8 @@ static bool vfio_legacy_setup(VFIOContainerBase *bcontainer, Error **errp)
+ return true;
+ }
+
+-static bool vfio_container_attach_discard_disable(VFIOContainer *container,
+- VFIOGroup *group, Error **errp)
++static bool vfio_container_attach_discard_disable(
++ VFIOLegacyContainer *container, VFIOGroup *group, Error **errp)
+ {
+ int ret;
+
+@@ -601,8 +602,8 @@ static bool vfio_container_attach_discard_disable(VFIOContainer *container,
+ return !ret;
+ }
+
+-static bool vfio_container_group_add(VFIOContainer *container, VFIOGroup *group,
+- Error **errp)
++static bool vfio_container_group_add(VFIOLegacyContainer *container,
++ VFIOGroup *group, Error **errp)
+ {
+ if (!vfio_container_attach_discard_disable(container, group, errp)) {
+ return false;
+@@ -618,7 +619,8 @@ static bool vfio_container_group_add(VFIOContainer *container, VFIOGroup *group,
+ return true;
+ }
+
+-static void vfio_container_group_del(VFIOContainer *container, VFIOGroup *group)
++static void vfio_container_group_del(VFIOLegacyContainer *container,
++ VFIOGroup *group)
+ {
+ QLIST_REMOVE(group, container_next);
+ group->container = NULL;
+@@ -630,7 +632,7 @@ static void vfio_container_group_del(VFIOContainer *container, VFIOGroup *group)
+ static bool vfio_container_connect(VFIOGroup *group, AddressSpace *as,
+ Error **errp)
+ {
+- VFIOContainer *container;
++ VFIOLegacyContainer *container;
+ VFIOContainerBase *bcontainer;
+ int ret, fd = -1;
+ VFIOAddressSpace *space;
+@@ -743,7 +745,7 @@ fail:
+
+ static void vfio_container_disconnect(VFIOGroup *group)
+ {
+- VFIOContainer *container = group->container;
++ VFIOLegacyContainer *container = group->container;
+ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+
+@@ -1257,7 +1259,7 @@ hiod_legacy_vfio_get_page_size_mask(HostIOMMUDevice *hiod)
+
+ static void vfio_iommu_legacy_instance_init(Object *obj)
+ {
+- VFIOContainer *container = VFIO_IOMMU_LEGACY(obj);
++ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(obj);
+
+ QLIST_INIT(&container->group_list);
+ }
+@@ -1277,7 +1279,7 @@ static const TypeInfo types[] = {
+ .name = TYPE_VFIO_IOMMU_LEGACY,
+ .parent = TYPE_VFIO_IOMMU,
+ .instance_init = vfio_iommu_legacy_instance_init,
+- .instance_size = sizeof(VFIOContainer),
++ .instance_size = sizeof(VFIOLegacyContainer),
+ .class_init = vfio_iommu_legacy_class_init,
+ }, {
+ .name = TYPE_HOST_IOMMU_DEVICE_LEGACY_VFIO,
+diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c
+index 8f437194fa..12bf920a7d 100644
+--- a/hw/vfio/cpr-legacy.c
++++ b/hw/vfio/cpr-legacy.c
+@@ -17,7 +17,8 @@
+ #include "qapi/error.h"
+ #include "qemu/error-report.h"
+
+-static bool vfio_dma_unmap_vaddr_all(VFIOContainer *container, Error **errp)
++static bool vfio_dma_unmap_vaddr_all(VFIOLegacyContainer *container,
++ Error **errp)
+ {
+ struct vfio_iommu_type1_dma_unmap unmap = {
+ .argsz = sizeof(unmap),
+@@ -41,7 +42,7 @@ static int vfio_legacy_cpr_dma_map(const VFIOContainerBase *bcontainer,
+ hwaddr iova, ram_addr_t size, void *vaddr,
+ bool readonly, MemoryRegion *mr)
+ {
+- const VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
++ const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+
+ struct vfio_iommu_type1_dma_map map = {
+ .argsz = sizeof(map),
+@@ -63,12 +64,13 @@ static int vfio_legacy_cpr_dma_map(const VFIOContainerBase *bcontainer,
+ static void vfio_region_remap(MemoryListener *listener,
+ MemoryRegionSection *section)
+ {
+- VFIOContainer *container = container_of(listener, VFIOContainer,
+- cpr.remap_listener);
++ VFIOLegacyContainer *container = container_of(listener,
++ VFIOLegacyContainer,
++ cpr.remap_listener);
+ vfio_container_region_add(VFIO_IOMMU(container), section, true);
+ }
+
+-static bool vfio_cpr_supported(VFIOContainer *container, Error **errp)
++static bool vfio_cpr_supported(VFIOLegacyContainer *container, Error **errp)
+ {
+ if (!ioctl(container->fd, VFIO_CHECK_EXTENSION, VFIO_UPDATE_VADDR)) {
+ error_setg(errp, "VFIO container does not support VFIO_UPDATE_VADDR");
+@@ -85,7 +87,7 @@ static bool vfio_cpr_supported(VFIOContainer *container, Error **errp)
+
+ static int vfio_container_pre_save(void *opaque)
+ {
+- VFIOContainer *container = opaque;
++ VFIOLegacyContainer *container = opaque;
+ Error *local_err = NULL;
+
+ if (!vfio_dma_unmap_vaddr_all(container, &local_err)) {
+@@ -97,7 +99,7 @@ static int vfio_container_pre_save(void *opaque)
+
+ static int vfio_container_post_load(void *opaque, int version_id)
+ {
+- VFIOContainer *container = opaque;
++ VFIOLegacyContainer *container = opaque;
+ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+ dma_map_fn saved_dma_map = vioc->dma_map;
+@@ -133,8 +135,8 @@ static const VMStateDescription vfio_container_vmstate = {
+ static int vfio_cpr_fail_notifier(NotifierWithReturn *notifier,
+ MigrationEvent *e, Error **errp)
+ {
+- VFIOContainer *container =
+- container_of(notifier, VFIOContainer, cpr.transfer_notifier);
++ VFIOLegacyContainer *container =
++ container_of(notifier, VFIOLegacyContainer, cpr.transfer_notifier);
+ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+
+ if (e->type != MIG_EVENT_PRECOPY_FAILED) {
+@@ -165,7 +167,8 @@ static int vfio_cpr_fail_notifier(NotifierWithReturn *notifier,
+ return 0;
+ }
+
+-bool vfio_legacy_cpr_register_container(VFIOContainer *container, Error **errp)
++bool vfio_legacy_cpr_register_container(VFIOLegacyContainer *container,
++ Error **errp)
+ {
+ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+ Error **cpr_blocker = &container->cpr.blocker;
+@@ -189,7 +192,7 @@ bool vfio_legacy_cpr_register_container(VFIOContainer *container, Error **errp)
+ return true;
+ }
+
+-void vfio_legacy_cpr_unregister_container(VFIOContainer *container)
++void vfio_legacy_cpr_unregister_container(VFIOLegacyContainer *container)
+ {
+ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+
+@@ -263,7 +266,7 @@ static bool same_device(int fd1, int fd2)
+ return !fstat(fd1, &st1) && !fstat(fd2, &st2) && st1.st_dev == st2.st_dev;
+ }
+
+-bool vfio_cpr_container_match(VFIOContainer *container, VFIOGroup *group,
++bool vfio_cpr_container_match(VFIOLegacyContainer *container, VFIOGroup *group,
+ int fd)
+ {
+ if (container->fd == fd) {
+diff --git a/hw/vfio/spapr.c b/hw/vfio/spapr.c
+index c41e4588d6..b8bade90d7 100644
+--- a/hw/vfio/spapr.c
++++ b/hw/vfio/spapr.c
+@@ -31,7 +31,7 @@ typedef struct VFIOHostDMAWindow {
+ } VFIOHostDMAWindow;
+
+ typedef struct VFIOSpaprContainer {
+- VFIOContainer container;
++ VFIOLegacyContainer container;
+ MemoryListener prereg_listener;
+ QLIST_HEAD(, VFIOHostDMAWindow) hostwin_list;
+ unsigned int levels;
+@@ -61,7 +61,7 @@ static void vfio_prereg_listener_region_add(MemoryListener *listener,
+ {
+ VFIOSpaprContainer *scontainer = container_of(listener, VFIOSpaprContainer,
+ prereg_listener);
+- VFIOContainer *container = &scontainer->container;
++ VFIOLegacyContainer *container = &scontainer->container;
+ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+ const hwaddr gpa = section->offset_within_address_space;
+ hwaddr end;
+@@ -121,7 +121,7 @@ static void vfio_prereg_listener_region_del(MemoryListener *listener,
+ {
+ VFIOSpaprContainer *scontainer = container_of(listener, VFIOSpaprContainer,
+ prereg_listener);
+- VFIOContainer *container = &scontainer->container;
++ VFIOLegacyContainer *container = &scontainer->container;
+ const hwaddr gpa = section->offset_within_address_space;
+ hwaddr end;
+ int ret;
+@@ -218,7 +218,7 @@ static VFIOHostDMAWindow *vfio_find_hostwin(VFIOSpaprContainer *container,
+ return hostwin_found ? hostwin : NULL;
+ }
+
+-static int vfio_spapr_remove_window(VFIOContainer *container,
++static int vfio_spapr_remove_window(VFIOLegacyContainer *container,
+ hwaddr offset_within_address_space)
+ {
+ struct vfio_iommu_spapr_tce_remove remove = {
+@@ -239,7 +239,7 @@ static int vfio_spapr_remove_window(VFIOContainer *container,
+ return 0;
+ }
+
+-static bool vfio_spapr_create_window(VFIOContainer *container,
++static bool vfio_spapr_create_window(VFIOLegacyContainer *container,
+ MemoryRegionSection *section,
+ hwaddr *pgsize, Error **errp)
+ {
+@@ -352,7 +352,7 @@ vfio_spapr_container_add_section_window(VFIOContainerBase *bcontainer,
+ MemoryRegionSection *section,
+ Error **errp)
+ {
+- VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
++ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+ container);
+ VFIOHostDMAWindow *hostwin;
+@@ -442,7 +442,7 @@ static void
+ vfio_spapr_container_del_section_window(VFIOContainerBase *bcontainer,
+ MemoryRegionSection *section)
+ {
+- VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
++ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+ container);
+
+@@ -463,7 +463,7 @@ vfio_spapr_container_del_section_window(VFIOContainerBase *bcontainer,
+
+ static void vfio_spapr_container_release(VFIOContainerBase *bcontainer)
+ {
+- VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
++ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+ container);
+ VFIOHostDMAWindow *hostwin, *next;
+@@ -481,7 +481,7 @@ static void vfio_spapr_container_release(VFIOContainerBase *bcontainer)
+ static bool vfio_spapr_container_setup(VFIOContainerBase *bcontainer,
+ Error **errp)
+ {
+- VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
++ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+ container);
+ struct vfio_iommu_spapr_tce_info info;
+diff --git a/include/hw/vfio/vfio-container.h b/include/hw/vfio/vfio-container.h
+index 240f566993..712a691400 100644
+--- a/include/hw/vfio/vfio-container.h
++++ b/include/hw/vfio/vfio-container.h
+@@ -12,20 +12,20 @@
+ #include "hw/vfio/vfio-container-base.h"
+ #include "hw/vfio/vfio-cpr.h"
+
+-typedef struct VFIOContainer VFIOContainer;
++typedef struct VFIOLegacyContainer VFIOLegacyContainer;
+ typedef struct VFIODevice VFIODevice;
+
+ typedef struct VFIOGroup {
+ int fd;
+ int groupid;
+- VFIOContainer *container;
++ VFIOLegacyContainer *container;
+ QLIST_HEAD(, VFIODevice) device_list;
+ QLIST_ENTRY(VFIOGroup) next;
+ QLIST_ENTRY(VFIOGroup) container_next;
+ bool ram_block_discard_allowed;
+ } VFIOGroup;
+
+-struct VFIOContainer {
++struct VFIOLegacyContainer {
+ VFIOContainerBase parent_obj;
+
+ int fd; /* /dev/vfio/vfio, empowered by the attached groups */
+@@ -34,6 +34,6 @@ struct VFIOContainer {
+ VFIOContainerCPR cpr;
+ };
+
+-OBJECT_DECLARE_SIMPLE_TYPE(VFIOContainer, VFIO_IOMMU_LEGACY);
++OBJECT_DECLARE_SIMPLE_TYPE(VFIOLegacyContainer, VFIO_IOMMU_LEGACY);
+
+ #endif /* HW_VFIO_CONTAINER_H */
+diff --git a/include/hw/vfio/vfio-cpr.h b/include/hw/vfio/vfio-cpr.h
+index d37daffbc5..04e9872587 100644
+--- a/include/hw/vfio/vfio-cpr.h
++++ b/include/hw/vfio/vfio-cpr.h
+@@ -12,7 +12,7 @@
+ #include "migration/misc.h"
+ #include "system/memory.h"
+
+-struct VFIOContainer;
++struct VFIOLegacyContainer;
+ struct VFIOContainerBase;
+ struct VFIOGroup;
+ struct VFIODevice;
+@@ -42,9 +42,10 @@ typedef struct VFIOPCICPR {
+ NotifierWithReturn transfer_notifier;
+ } VFIOPCICPR;
+
+-bool vfio_legacy_cpr_register_container(struct VFIOContainer *container,
++bool vfio_legacy_cpr_register_container(struct VFIOLegacyContainer *container,
+ Error **errp);
+-void vfio_legacy_cpr_unregister_container(struct VFIOContainer *container);
++void vfio_legacy_cpr_unregister_container(
++ struct VFIOLegacyContainer *container);
+
+ int vfio_cpr_reboot_notifier(NotifierWithReturn *notifier, MigrationEvent *e,
+ Error **errp);
+@@ -61,7 +62,7 @@ void vfio_cpr_load_device(struct VFIODevice *vbasedev);
+
+ int vfio_cpr_group_get_device_fd(int d, const char *name);
+
+-bool vfio_cpr_container_match(struct VFIOContainer *container,
++bool vfio_cpr_container_match(struct VFIOLegacyContainer *container,
+ struct VFIOGroup *group, int fd);
+
+ void vfio_cpr_giommu_remap(struct VFIOContainerBase *bcontainer,
+--
+2.52.0
+
diff --git a/kvm-include-hw-vfio-vfio-container.h-rename-file-to-vfio.patch b/kvm-include-hw-vfio-vfio-container.h-rename-file-to-vfio.patch
new file mode 100644
index 0000000..5e4318f
--- /dev/null
+++ b/kvm-include-hw-vfio-vfio-container.h-rename-file-to-vfio.patch
@@ -0,0 +1,129 @@
+From f07bd6689ca57fe08bf730ee8265ce33c769023b Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:11 +0100
+Subject: [PATCH 053/116] include/hw/vfio/vfio-container.h: rename file to
+ vfio-container-legacy.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [37/100] 6f06ff3f512c9d55da838566fbc7b907be5acef6 (rovick1/qemu-kvm)
+
+With the rename of VFIOContainer to VFIOLegacyContainer, the vfio-container.h
+header file containing the struct definition is misleading. Rename it from
+vfio-container.h to vfio-container-legacy.h accordingly, fixing up the name
+of the include guard at the same time.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-4-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 07cbbfb108586a03059975aa0e093b833cb9bf56)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/ppc/spapr_pci_vfio.c | 2 +-
+ hw/s390x/s390-pci-vfio.c | 2 +-
+ hw/vfio/container.c | 2 +-
+ hw/vfio/cpr-legacy.c | 2 +-
+ hw/vfio/spapr.c | 2 +-
+ .../hw/vfio/{vfio-container.h => vfio-container-legacy.h} | 6 +++---
+ 6 files changed, 8 insertions(+), 8 deletions(-)
+ rename include/hw/vfio/{vfio-container.h => vfio-container-legacy.h} (88%)
+
+diff --git a/hw/ppc/spapr_pci_vfio.c b/hw/ppc/spapr_pci_vfio.c
+index 48fa98c199..18c5059262 100644
+--- a/hw/ppc/spapr_pci_vfio.c
++++ b/hw/ppc/spapr_pci_vfio.c
+@@ -24,7 +24,7 @@
+ #include "hw/pci-host/spapr.h"
+ #include "hw/pci/msix.h"
+ #include "hw/pci/pci_device.h"
+-#include "hw/vfio/vfio-container.h"
++#include "hw/vfio/vfio-container-legacy.h"
+ #include "qemu/error-report.h"
+ #include CONFIG_DEVICES /* CONFIG_VFIO_PCI */
+
+diff --git a/hw/s390x/s390-pci-vfio.c b/hw/s390x/s390-pci-vfio.c
+index aaf91319b4..c51bcea5fc 100644
+--- a/hw/s390x/s390-pci-vfio.c
++++ b/hw/s390x/s390-pci-vfio.c
+@@ -20,7 +20,7 @@
+ #include "hw/s390x/s390-pci-clp.h"
+ #include "hw/s390x/s390-pci-vfio.h"
+ #include "hw/vfio/pci.h"
+-#include "hw/vfio/vfio-container.h"
++#include "hw/vfio/vfio-container-legacy.h"
+ #include "hw/vfio/vfio-helpers.h"
+
+ /*
+diff --git a/hw/vfio/container.c b/hw/vfio/container.c
+index 84f5a5fdee..0101a72f53 100644
+--- a/hw/vfio/container.c
++++ b/hw/vfio/container.c
+@@ -34,7 +34,7 @@
+ #include "migration/cpr.h"
+ #include "migration/blocker.h"
+ #include "pci.h"
+-#include "hw/vfio/vfio-container.h"
++#include "hw/vfio/vfio-container-legacy.h"
+ #include "vfio-helpers.h"
+ #include "vfio-listener.h"
+
+diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c
+index bd3f6fc3d3..bbf7a0d35f 100644
+--- a/hw/vfio/cpr-legacy.c
++++ b/hw/vfio/cpr-legacy.c
+@@ -7,7 +7,7 @@
+ #include <sys/ioctl.h>
+ #include <linux/vfio.h>
+ #include "qemu/osdep.h"
+-#include "hw/vfio/vfio-container.h"
++#include "hw/vfio/vfio-container-legacy.h"
+ #include "hw/vfio/vfio-device.h"
+ #include "hw/vfio/vfio-listener.h"
+ #include "migration/blocker.h"
+diff --git a/hw/vfio/spapr.c b/hw/vfio/spapr.c
+index 6d462aa13c..acaa9c1419 100644
+--- a/hw/vfio/spapr.c
++++ b/hw/vfio/spapr.c
+@@ -15,7 +15,7 @@
+ #include "system/hostmem.h"
+ #include "system/address-spaces.h"
+
+-#include "hw/vfio/vfio-container.h"
++#include "hw/vfio/vfio-container-legacy.h"
+ #include "hw/hw.h"
+ #include "system/ram_addr.h"
+ #include "qemu/error-report.h"
+diff --git a/include/hw/vfio/vfio-container.h b/include/hw/vfio/vfio-container-legacy.h
+similarity index 88%
+rename from include/hw/vfio/vfio-container.h
+rename to include/hw/vfio/vfio-container-legacy.h
+index a84dfb0dee..ab5130d26e 100644
+--- a/include/hw/vfio/vfio-container.h
++++ b/include/hw/vfio/vfio-container-legacy.h
+@@ -6,8 +6,8 @@
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+-#ifndef HW_VFIO_CONTAINER_H
+-#define HW_VFIO_CONTAINER_H
++#ifndef HW_VFIO_CONTAINER_LEGACY_H
++#define HW_VFIO_CONTAINER_LEGACY_H
+
+ #include "hw/vfio/vfio-container-base.h"
+ #include "hw/vfio/vfio-cpr.h"
+@@ -36,4 +36,4 @@ struct VFIOLegacyContainer {
+
+ OBJECT_DECLARE_SIMPLE_TYPE(VFIOLegacyContainer, VFIO_IOMMU_LEGACY);
+
+-#endif /* HW_VFIO_CONTAINER_H */
++#endif /* HW_VFIO_CONTAINER_LEGACY_H */
+--
+2.52.0
+
diff --git a/kvm-include-hw-vfio-vfio-device.h-fix-include-header-gua.patch b/kvm-include-hw-vfio-vfio-device.h-fix-include-header-gua.patch
new file mode 100644
index 0000000..b3c470f
--- /dev/null
+++ b/kvm-include-hw-vfio-vfio-device.h-fix-include-header-gua.patch
@@ -0,0 +1,53 @@
+From 0ef36c50a10a90628980e19df4affe14deca26b9 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:36 +0100
+Subject: [PATCH 079/116] include/hw/vfio/vfio-device.h: fix include header
+ guard name
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [63/100] e6ec128a610db62fe58971f5b15f01924e74a3a1 (rovick1/qemu-kvm)
+
+The header guard was incorrectly called HW_VFIO_VFIO_COMMON_H instead of
+HW_VFIO_VFIO_DEVICE_H.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-29-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 7c773b4267ae10820ed5e3ec6b15219b39dbcebd)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ include/hw/vfio/vfio-device.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/include/hw/vfio/vfio-device.h b/include/hw/vfio/vfio-device.h
+index 28047a6339..dac305fc6f 100644
+--- a/include/hw/vfio/vfio-device.h
++++ b/include/hw/vfio/vfio-device.h
+@@ -18,8 +18,8 @@
+ * Copyright (C) 2008, IBM, Muli Ben-Yehuda (muli@il.ibm.com)
+ */
+
+-#ifndef HW_VFIO_VFIO_COMMON_H
+-#define HW_VFIO_VFIO_COMMON_H
++#ifndef HW_VFIO_VFIO_DEVICE_H
++#define HW_VFIO_VFIO_DEVICE_H
+
+ #include "system/memory.h"
+ #include "qemu/queue.h"
+@@ -289,4 +289,4 @@ void vfio_device_init(VFIODevice *vbasedev, int type, VFIODeviceOps *ops,
+ int vfio_device_get_aw_bits(VFIODevice *vdev);
+
+ void vfio_kvm_device_close(void);
+-#endif /* HW_VFIO_VFIO_COMMON_H */
++#endif /* HW_VFIO_VFIO_DEVICE_H */
+--
+2.52.0
+
diff --git a/kvm-linux-headers-Update-to-Linux-v6.18-rc3.patch b/kvm-linux-headers-Update-to-Linux-v6.18-rc3.patch
new file mode 100644
index 0000000..a9bb075
--- /dev/null
+++ b/kvm-linux-headers-Update-to-Linux-v6.18-rc3.patch
@@ -0,0 +1,518 @@
+From 4834172d31633fc2df58673656236db0b07129ae Mon Sep 17 00:00:00 2001
+From: Bibo Mao <maobibo@loongson.cn>
+Date: Mon, 27 Oct 2025 09:43:32 +0800
+Subject: [PATCH 113/116] linux-headers: Update to Linux v6.18-rc3
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [97/100] 8ff3487a78ecfae2cf9c6751a8437c044321def7 (rovick1/qemu-kvm)
+
+Update headers to retrieve the latest KVM caps for LoongArch. It is added
+to the tree by running `update-linux-headers.sh` on linux v6.18-rc3.
+
+Signed-off-by: Bibo Mao <maobibo@loongson.cn>
+Reviewed-by: Song Gao <gaosong@loongson.cn>
+(cherry picked from commit 2e0096a2b6a5a7e3cde1dd13704cc71af6b9bdd7)
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+---
+ include/standard-headers/linux/ethtool.h | 1 +
+ include/standard-headers/linux/fuse.h | 22 ++++++++++--
+ .../linux/input-event-codes.h | 1 +
+ include/standard-headers/linux/input.h | 22 +++++++++++-
+ include/standard-headers/linux/pci_regs.h | 10 ++++++
+ include/standard-headers/linux/virtio_ids.h | 1 +
+ linux-headers/asm-loongarch/kvm.h | 1 +
+ linux-headers/asm-riscv/kvm.h | 23 ++++++++++++-
+ linux-headers/asm-riscv/ptrace.h | 4 +--
+ linux-headers/asm-x86/kvm.h | 34 +++++++++++++++++++
+ linux-headers/asm-x86/unistd_64.h | 1 +
+ linux-headers/asm-x86/unistd_x32.h | 1 +
+ linux-headers/linux/kvm.h | 3 ++
+ linux-headers/linux/psp-sev.h | 10 +++++-
+ linux-headers/linux/stddef.h | 1 -
+ linux-headers/linux/vduse.h | 2 +-
+ linux-headers/linux/vhost.h | 4 +--
+ 17 files changed, 130 insertions(+), 11 deletions(-)
+
+diff --git a/include/standard-headers/linux/ethtool.h b/include/standard-headers/linux/ethtool.h
+index eb80314028..dc24512d28 100644
+--- a/include/standard-headers/linux/ethtool.h
++++ b/include/standard-headers/linux/ethtool.h
+@@ -2380,6 +2380,7 @@ enum {
+ #define RXH_L4_B_0_1 (1 << 6) /* src port in case of TCP/UDP/SCTP */
+ #define RXH_L4_B_2_3 (1 << 7) /* dst port in case of TCP/UDP/SCTP */
+ #define RXH_GTP_TEID (1 << 8) /* teid in case of GTP */
++#define RXH_IP6_FL (1 << 9) /* IPv6 flow label */
+ #define RXH_DISCARD (1 << 31)
+
+ #define RX_CLS_FLOW_DISC 0xffffffffffffffffULL
+diff --git a/include/standard-headers/linux/fuse.h b/include/standard-headers/linux/fuse.h
+index d8b2fd67e1..abf3a78858 100644
+--- a/include/standard-headers/linux/fuse.h
++++ b/include/standard-headers/linux/fuse.h
+@@ -235,6 +235,11 @@
+ *
+ * 7.44
+ * - add FUSE_NOTIFY_INC_EPOCH
++ *
++ * 7.45
++ * - add FUSE_COPY_FILE_RANGE_64
++ * - add struct fuse_copy_file_range_out
++ * - add FUSE_NOTIFY_PRUNE
+ */
+
+ #ifndef _LINUX_FUSE_H
+@@ -266,7 +271,7 @@
+ #define FUSE_KERNEL_VERSION 7
+
+ /** Minor version number of this interface */
+-#define FUSE_KERNEL_MINOR_VERSION 44
++#define FUSE_KERNEL_MINOR_VERSION 45
+
+ /** The node ID of the root inode */
+ #define FUSE_ROOT_ID 1
+@@ -653,6 +658,7 @@ enum fuse_opcode {
+ FUSE_SYNCFS = 50,
+ FUSE_TMPFILE = 51,
+ FUSE_STATX = 52,
++ FUSE_COPY_FILE_RANGE_64 = 53,
+
+ /* CUSE specific operations */
+ CUSE_INIT = 4096,
+@@ -671,7 +677,7 @@ enum fuse_notify_code {
+ FUSE_NOTIFY_DELETE = 6,
+ FUSE_NOTIFY_RESEND = 7,
+ FUSE_NOTIFY_INC_EPOCH = 8,
+- FUSE_NOTIFY_CODE_MAX,
++ FUSE_NOTIFY_PRUNE = 9,
+ };
+
+ /* The read buffer is required to be at least 8k, but may be much larger */
+@@ -1110,6 +1116,12 @@ struct fuse_notify_retrieve_in {
+ uint64_t dummy4;
+ };
+
++struct fuse_notify_prune_out {
++ uint32_t count;
++ uint32_t padding;
++ uint64_t spare;
++};
++
+ struct fuse_backing_map {
+ int32_t fd;
+ uint32_t flags;
+@@ -1122,6 +1134,7 @@ struct fuse_backing_map {
+ #define FUSE_DEV_IOC_BACKING_OPEN _IOW(FUSE_DEV_IOC_MAGIC, 1, \
+ struct fuse_backing_map)
+ #define FUSE_DEV_IOC_BACKING_CLOSE _IOW(FUSE_DEV_IOC_MAGIC, 2, uint32_t)
++#define FUSE_DEV_IOC_SYNC_INIT _IO(FUSE_DEV_IOC_MAGIC, 3)
+
+ struct fuse_lseek_in {
+ uint64_t fh;
+@@ -1144,6 +1157,11 @@ struct fuse_copy_file_range_in {
+ uint64_t flags;
+ };
+
++/* For FUSE_COPY_FILE_RANGE_64 */
++struct fuse_copy_file_range_out {
++ uint64_t bytes_copied;
++};
++
+ #define FUSE_SETUPMAPPING_FLAG_WRITE (1ull << 0)
+ #define FUSE_SETUPMAPPING_FLAG_READ (1ull << 1)
+ struct fuse_setupmapping_in {
+diff --git a/include/standard-headers/linux/input-event-codes.h b/include/standard-headers/linux/input-event-codes.h
+index 00dc9caac9..c914ccd723 100644
+--- a/include/standard-headers/linux/input-event-codes.h
++++ b/include/standard-headers/linux/input-event-codes.h
+@@ -27,6 +27,7 @@
+ #define INPUT_PROP_TOPBUTTONPAD 0x04 /* softbuttons at top of pad */
+ #define INPUT_PROP_POINTING_STICK 0x05 /* is a pointing stick */
+ #define INPUT_PROP_ACCELEROMETER 0x06 /* has accelerometer */
++#define INPUT_PROP_HAPTIC_TOUCHPAD 0x07 /* is a haptic touchpad */
+
+ #define INPUT_PROP_MAX 0x1f
+ #define INPUT_PROP_CNT (INPUT_PROP_MAX + 1)
+diff --git a/include/standard-headers/linux/input.h b/include/standard-headers/linux/input.h
+index d4512c20b5..9aff211dd5 100644
+--- a/include/standard-headers/linux/input.h
++++ b/include/standard-headers/linux/input.h
+@@ -426,6 +426,24 @@ struct ff_rumble_effect {
+ uint16_t weak_magnitude;
+ };
+
++/**
++ * struct ff_haptic_effect
++ * @hid_usage: hid_usage according to Haptics page (WAVEFORM_CLICK, etc.)
++ * @vendor_id: the waveform vendor ID if hid_usage is in the vendor-defined range
++ * @vendor_waveform_page: the vendor waveform page if hid_usage is in the vendor-defined range
++ * @intensity: strength of the effect as percentage
++ * @repeat_count: number of times to retrigger effect
++ * @retrigger_period: time before effect is retriggered (in ms)
++ */
++struct ff_haptic_effect {
++ uint16_t hid_usage;
++ uint16_t vendor_id;
++ uint8_t vendor_waveform_page;
++ uint16_t intensity;
++ uint16_t repeat_count;
++ uint16_t retrigger_period;
++};
++
+ /**
+ * struct ff_effect - defines force feedback effect
+ * @type: type of the effect (FF_CONSTANT, FF_PERIODIC, FF_RAMP, FF_SPRING,
+@@ -462,6 +480,7 @@ struct ff_effect {
+ struct ff_periodic_effect periodic;
+ struct ff_condition_effect condition[2]; /* One for each axis */
+ struct ff_rumble_effect rumble;
++ struct ff_haptic_effect haptic;
+ } u;
+ };
+
+@@ -469,6 +488,7 @@ struct ff_effect {
+ * Force feedback effect types
+ */
+
++#define FF_HAPTIC 0x4f
+ #define FF_RUMBLE 0x50
+ #define FF_PERIODIC 0x51
+ #define FF_CONSTANT 0x52
+@@ -478,7 +498,7 @@ struct ff_effect {
+ #define FF_INERTIA 0x56
+ #define FF_RAMP 0x57
+
+-#define FF_EFFECT_MIN FF_RUMBLE
++#define FF_EFFECT_MIN FF_HAPTIC
+ #define FF_EFFECT_MAX FF_RAMP
+
+ /*
+diff --git a/include/standard-headers/linux/pci_regs.h b/include/standard-headers/linux/pci_regs.h
+index f5b17745de..07e06aafec 100644
+--- a/include/standard-headers/linux/pci_regs.h
++++ b/include/standard-headers/linux/pci_regs.h
+@@ -207,6 +207,9 @@
+
+ /* Capability lists */
+
++#define PCI_CAP_ID_MASK 0x00ff /* Capability ID mask */
++#define PCI_CAP_LIST_NEXT_MASK 0xff00 /* Next Capability Pointer mask */
++
+ #define PCI_CAP_LIST_ID 0 /* Capability ID */
+ #define PCI_CAP_ID_PM 0x01 /* Power Management */
+ #define PCI_CAP_ID_AGP 0x02 /* Accelerated Graphics Port */
+@@ -776,6 +779,12 @@
+ #define PCI_ERR_UNC_MCBTLP 0x00800000 /* MC blocked TLP */
+ #define PCI_ERR_UNC_ATOMEG 0x01000000 /* Atomic egress blocked */
+ #define PCI_ERR_UNC_TLPPRE 0x02000000 /* TLP prefix blocked */
++#define PCI_ERR_UNC_POISON_BLK 0x04000000 /* Poisoned TLP Egress Blocked */
++#define PCI_ERR_UNC_DMWR_BLK 0x08000000 /* DMWr Request Egress Blocked */
++#define PCI_ERR_UNC_IDE_CHECK 0x10000000 /* IDE Check Failed */
++#define PCI_ERR_UNC_MISR_IDE 0x20000000 /* Misrouted IDE TLP */
++#define PCI_ERR_UNC_PCRC_CHECK 0x40000000 /* PCRC Check Failed */
++#define PCI_ERR_UNC_XLAT_BLK 0x80000000 /* TLP Translation Egress Blocked */
+ #define PCI_ERR_UNCOR_MASK 0x08 /* Uncorrectable Error Mask */
+ /* Same bits as above */
+ #define PCI_ERR_UNCOR_SEVER 0x0c /* Uncorrectable Error Severity */
+@@ -798,6 +807,7 @@
+ #define PCI_ERR_CAP_ECRC_CHKC 0x00000080 /* ECRC Check Capable */
+ #define PCI_ERR_CAP_ECRC_CHKE 0x00000100 /* ECRC Check Enable */
+ #define PCI_ERR_CAP_PREFIX_LOG_PRESENT 0x00000800 /* TLP Prefix Log Present */
++#define PCI_ERR_CAP_COMP_TIME_LOG 0x00001000 /* Completion Timeout Prefix/Header Log Capable */
+ #define PCI_ERR_CAP_TLP_LOG_FLIT 0x00040000 /* TLP was logged in Flit Mode */
+ #define PCI_ERR_CAP_TLP_LOG_SIZE 0x00f80000 /* Logged TLP Size (only in Flit mode) */
+ #define PCI_ERR_HEADER_LOG 0x1c /* Header Log Register (16 bytes) */
+diff --git a/include/standard-headers/linux/virtio_ids.h b/include/standard-headers/linux/virtio_ids.h
+index 7aa2eb7662..6c12db16fa 100644
+--- a/include/standard-headers/linux/virtio_ids.h
++++ b/include/standard-headers/linux/virtio_ids.h
+@@ -68,6 +68,7 @@
+ #define VIRTIO_ID_AUDIO_POLICY 39 /* virtio audio policy */
+ #define VIRTIO_ID_BT 40 /* virtio bluetooth */
+ #define VIRTIO_ID_GPIO 41 /* virtio gpio */
++#define VIRTIO_ID_SPI 45 /* virtio spi */
+
+ /*
+ * Virtio Transitional IDs
+diff --git a/linux-headers/asm-loongarch/kvm.h b/linux-headers/asm-loongarch/kvm.h
+index 5f354f5c68..57ba1a563b 100644
+--- a/linux-headers/asm-loongarch/kvm.h
++++ b/linux-headers/asm-loongarch/kvm.h
+@@ -103,6 +103,7 @@ struct kvm_fpu {
+ #define KVM_LOONGARCH_VM_FEAT_PMU 5
+ #define KVM_LOONGARCH_VM_FEAT_PV_IPI 6
+ #define KVM_LOONGARCH_VM_FEAT_PV_STEALTIME 7
++#define KVM_LOONGARCH_VM_FEAT_PTW 8
+
+ /* Device Control API on vcpu fd */
+ #define KVM_LOONGARCH_VCPU_CPUCFG 0
+diff --git a/linux-headers/asm-riscv/kvm.h b/linux-headers/asm-riscv/kvm.h
+index ef27d4289d..759a4852c0 100644
+--- a/linux-headers/asm-riscv/kvm.h
++++ b/linux-headers/asm-riscv/kvm.h
+@@ -9,7 +9,7 @@
+ #ifndef __LINUX_KVM_RISCV_H
+ #define __LINUX_KVM_RISCV_H
+
+-#ifndef __ASSEMBLY__
++#ifndef __ASSEMBLER__
+
+ #include <linux/types.h>
+ #include <asm/bitsperlong.h>
+@@ -56,6 +56,7 @@ struct kvm_riscv_config {
+ unsigned long mimpid;
+ unsigned long zicboz_block_size;
+ unsigned long satp_mode;
++ unsigned long zicbop_block_size;
+ };
+
+ /* CORE registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */
+@@ -185,6 +186,10 @@ enum KVM_RISCV_ISA_EXT_ID {
+ KVM_RISCV_ISA_EXT_ZICCRSE,
+ KVM_RISCV_ISA_EXT_ZAAMO,
+ KVM_RISCV_ISA_EXT_ZALRSC,
++ KVM_RISCV_ISA_EXT_ZICBOP,
++ KVM_RISCV_ISA_EXT_ZFBFMIN,
++ KVM_RISCV_ISA_EXT_ZVFBFMIN,
++ KVM_RISCV_ISA_EXT_ZVFBFWMA,
+ KVM_RISCV_ISA_EXT_MAX,
+ };
+
+@@ -205,6 +210,7 @@ enum KVM_RISCV_SBI_EXT_ID {
+ KVM_RISCV_SBI_EXT_DBCN,
+ KVM_RISCV_SBI_EXT_STA,
+ KVM_RISCV_SBI_EXT_SUSP,
++ KVM_RISCV_SBI_EXT_FWFT,
+ KVM_RISCV_SBI_EXT_MAX,
+ };
+
+@@ -214,6 +220,18 @@ struct kvm_riscv_sbi_sta {
+ unsigned long shmem_hi;
+ };
+
++struct kvm_riscv_sbi_fwft_feature {
++ unsigned long enable;
++ unsigned long flags;
++ unsigned long value;
++};
++
++/* SBI FWFT extension registers for KVM_GET_ONE_REG and KVM_SET_ONE_REG */
++struct kvm_riscv_sbi_fwft {
++ struct kvm_riscv_sbi_fwft_feature misaligned_deleg;
++ struct kvm_riscv_sbi_fwft_feature pointer_masking;
++};
++
+ /* Possible states for kvm_riscv_timer */
+ #define KVM_RISCV_TIMER_STATE_OFF 0
+ #define KVM_RISCV_TIMER_STATE_ON 1
+@@ -297,6 +315,9 @@ struct kvm_riscv_sbi_sta {
+ #define KVM_REG_RISCV_SBI_STA (0x0 << KVM_REG_RISCV_SUBTYPE_SHIFT)
+ #define KVM_REG_RISCV_SBI_STA_REG(name) \
+ (offsetof(struct kvm_riscv_sbi_sta, name) / sizeof(unsigned long))
++#define KVM_REG_RISCV_SBI_FWFT (0x1 << KVM_REG_RISCV_SUBTYPE_SHIFT)
++#define KVM_REG_RISCV_SBI_FWFT_REG(name) \
++ (offsetof(struct kvm_riscv_sbi_fwft, name) / sizeof(unsigned long))
+
+ /* Device Control API: RISC-V AIA */
+ #define KVM_DEV_RISCV_APLIC_ALIGN 0x1000
+diff --git a/linux-headers/asm-riscv/ptrace.h b/linux-headers/asm-riscv/ptrace.h
+index 1e3166caca..a3f8211ede 100644
+--- a/linux-headers/asm-riscv/ptrace.h
++++ b/linux-headers/asm-riscv/ptrace.h
+@@ -6,7 +6,7 @@
+ #ifndef _ASM_RISCV_PTRACE_H
+ #define _ASM_RISCV_PTRACE_H
+
+-#ifndef __ASSEMBLY__
++#ifndef __ASSEMBLER__
+
+ #include <linux/types.h>
+
+@@ -127,6 +127,6 @@ struct __riscv_v_regset_state {
+ */
+ #define RISCV_MAX_VLENB (8192)
+
+-#endif /* __ASSEMBLY__ */
++#endif /* __ASSEMBLER__ */
+
+ #endif /* _ASM_RISCV_PTRACE_H */
+diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h
+index f0c1a730d9..3bb38f6c3a 100644
+--- a/linux-headers/asm-x86/kvm.h
++++ b/linux-headers/asm-x86/kvm.h
+@@ -35,6 +35,11 @@
+ #define MC_VECTOR 18
+ #define XM_VECTOR 19
+ #define VE_VECTOR 20
++#define CP_VECTOR 21
++
++#define HV_VECTOR 28
++#define VC_VECTOR 29
++#define SX_VECTOR 30
+
+ /* Select x86 specific features in <linux/kvm.h> */
+ #define __KVM_HAVE_PIT
+@@ -409,6 +414,35 @@ struct kvm_xcrs {
+ __u64 padding[16];
+ };
+
++#define KVM_X86_REG_TYPE_MSR 2
++#define KVM_X86_REG_TYPE_KVM 3
++
++#define KVM_X86_KVM_REG_SIZE(reg) \
++({ \
++ reg == KVM_REG_GUEST_SSP ? KVM_REG_SIZE_U64 : 0; \
++})
++
++#define KVM_X86_REG_TYPE_SIZE(type, reg) \
++({ \
++ __u64 type_size = (__u64)type << 32; \
++ \
++ type_size |= type == KVM_X86_REG_TYPE_MSR ? KVM_REG_SIZE_U64 : \
++ type == KVM_X86_REG_TYPE_KVM ? KVM_X86_KVM_REG_SIZE(reg) : \
++ 0; \
++ type_size; \
++})
++
++#define KVM_X86_REG_ID(type, index) \
++ (KVM_REG_X86 | KVM_X86_REG_TYPE_SIZE(type, index) | index)
++
++#define KVM_X86_REG_MSR(index) \
++ KVM_X86_REG_ID(KVM_X86_REG_TYPE_MSR, index)
++#define KVM_X86_REG_KVM(index) \
++ KVM_X86_REG_ID(KVM_X86_REG_TYPE_KVM, index)
++
++/* KVM-defined registers starting from 0 */
++#define KVM_REG_GUEST_SSP 0
++
+ #define KVM_SYNC_X86_REGS (1UL << 0)
+ #define KVM_SYNC_X86_SREGS (1UL << 1)
+ #define KVM_SYNC_X86_EVENTS (1UL << 2)
+diff --git a/linux-headers/asm-x86/unistd_64.h b/linux-headers/asm-x86/unistd_64.h
+index 2f55bebb81..26c258d1a6 100644
+--- a/linux-headers/asm-x86/unistd_64.h
++++ b/linux-headers/asm-x86/unistd_64.h
+@@ -337,6 +337,7 @@
+ #define __NR_io_pgetevents 333
+ #define __NR_rseq 334
+ #define __NR_uretprobe 335
++#define __NR_uprobe 336
+ #define __NR_pidfd_send_signal 424
+ #define __NR_io_uring_setup 425
+ #define __NR_io_uring_enter 426
+diff --git a/linux-headers/asm-x86/unistd_x32.h b/linux-headers/asm-x86/unistd_x32.h
+index 8cc8673f15..65c2aed946 100644
+--- a/linux-headers/asm-x86/unistd_x32.h
++++ b/linux-headers/asm-x86/unistd_x32.h
+@@ -290,6 +290,7 @@
+ #define __NR_io_pgetevents (__X32_SYSCALL_BIT + 333)
+ #define __NR_rseq (__X32_SYSCALL_BIT + 334)
+ #define __NR_uretprobe (__X32_SYSCALL_BIT + 335)
++#define __NR_uprobe (__X32_SYSCALL_BIT + 336)
+ #define __NR_pidfd_send_signal (__X32_SYSCALL_BIT + 424)
+ #define __NR_io_uring_setup (__X32_SYSCALL_BIT + 425)
+ #define __NR_io_uring_enter (__X32_SYSCALL_BIT + 426)
+diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
+index be704965d8..4ea28ef7ca 100644
+--- a/linux-headers/linux/kvm.h
++++ b/linux-headers/linux/kvm.h
+@@ -954,6 +954,7 @@ struct kvm_enable_cap {
+ #define KVM_CAP_ARM_EL2_E2H0 241
+ #define KVM_CAP_RISCV_MP_STATE_RESET 242
+ #define KVM_CAP_ARM_CACHEABLE_PFNMAP_SUPPORTED 243
++#define KVM_CAP_GUEST_MEMFD_FLAGS 244
+
+ struct kvm_irq_routing_irqchip {
+ __u32 irqchip;
+@@ -1590,6 +1591,8 @@ struct kvm_memory_attributes {
+ #define KVM_MEMORY_ATTRIBUTE_PRIVATE (1ULL << 3)
+
+ #define KVM_CREATE_GUEST_MEMFD _IOWR(KVMIO, 0xd4, struct kvm_create_guest_memfd)
++#define GUEST_MEMFD_FLAG_MMAP (1ULL << 0)
++#define GUEST_MEMFD_FLAG_INIT_SHARED (1ULL << 1)
+
+ struct kvm_create_guest_memfd {
+ __u64 size;
+diff --git a/linux-headers/linux/psp-sev.h b/linux-headers/linux/psp-sev.h
+index 113c4ceb78..c525125ea8 100644
+--- a/linux-headers/linux/psp-sev.h
++++ b/linux-headers/linux/psp-sev.h
+@@ -185,6 +185,10 @@ struct sev_user_data_get_id2 {
+ * @mask_chip_id: whether chip id is present in attestation reports or not
+ * @mask_chip_key: whether attestation reports are signed or not
+ * @vlek_en: VLEK (Version Loaded Endorsement Key) hashstick is loaded
++ * @feature_info: whether SNP_FEATURE_INFO command is available
++ * @rapl_dis: whether RAPL is disabled
++ * @ciphertext_hiding_cap: whether platform has ciphertext hiding capability
++ * @ciphertext_hiding_en: whether ciphertext hiding is enabled
+ * @rsvd1: reserved
+ * @guest_count: the number of guest currently managed by the firmware
+ * @current_tcb_version: current TCB version
+@@ -200,7 +204,11 @@ struct sev_user_data_snp_status {
+ __u32 mask_chip_id:1; /* Out */
+ __u32 mask_chip_key:1; /* Out */
+ __u32 vlek_en:1; /* Out */
+- __u32 rsvd1:29;
++ __u32 feature_info:1; /* Out */
++ __u32 rapl_dis:1; /* Out */
++ __u32 ciphertext_hiding_cap:1; /* Out */
++ __u32 ciphertext_hiding_en:1; /* Out */
++ __u32 rsvd1:25;
+ __u32 guest_count; /* Out */
+ __u64 current_tcb_version; /* Out */
+ __u64 reported_tcb_version; /* Out */
+diff --git a/linux-headers/linux/stddef.h b/linux-headers/linux/stddef.h
+index e1fcfcf3b3..48ee4438e0 100644
+--- a/linux-headers/linux/stddef.h
++++ b/linux-headers/linux/stddef.h
+@@ -3,7 +3,6 @@
+ #define _LINUX_STDDEF_H
+
+
+-
+ #ifndef __always_inline
+ #define __always_inline __inline__
+ #endif
+diff --git a/linux-headers/linux/vduse.h b/linux-headers/linux/vduse.h
+index f46269af34..da6ac89af1 100644
+--- a/linux-headers/linux/vduse.h
++++ b/linux-headers/linux/vduse.h
+@@ -237,7 +237,7 @@ struct vduse_iova_umem {
+ * struct vduse_iova_info - information of one IOVA region
+ * @start: start of the IOVA region
+ * @last: last of the IOVA region
+- * @capability: capability of the IOVA regsion
++ * @capability: capability of the IOVA region
+ * @reserved: for future use, needs to be initialized to zero
+ *
+ * Structure used by VDUSE_IOTLB_GET_INFO ioctl to get information of
+diff --git a/linux-headers/linux/vhost.h b/linux-headers/linux/vhost.h
+index 283348b64a..c57674a6aa 100644
+--- a/linux-headers/linux/vhost.h
++++ b/linux-headers/linux/vhost.h
+@@ -260,7 +260,7 @@
+ * When fork_owner is set to VHOST_FORK_OWNER_KTHREAD:
+ * - Vhost will create vhost workers as kernel threads.
+ */
+-#define VHOST_SET_FORK_FROM_OWNER _IOW(VHOST_VIRTIO, 0x83, __u8)
++#define VHOST_SET_FORK_FROM_OWNER _IOW(VHOST_VIRTIO, 0x84, __u8)
+
+ /**
+ * VHOST_GET_FORK_OWNER - Get the current fork_owner flag for the vhost device.
+@@ -268,6 +268,6 @@
+ *
+ * @return: An 8-bit value indicating the current thread mode.
+ */
+-#define VHOST_GET_FORK_FROM_OWNER _IOR(VHOST_VIRTIO, 0x84, __u8)
++#define VHOST_GET_FORK_FROM_OWNER _IOR(VHOST_VIRTIO, 0x85, __u8)
+
+ #endif
+--
+2.52.0
+
diff --git a/kvm-linux-headers-Update-to-Linux-v6.19-rc1.patch b/kvm-linux-headers-Update-to-Linux-v6.19-rc1.patch
new file mode 100644
index 0000000..f1b7cd4
--- /dev/null
+++ b/kvm-linux-headers-Update-to-Linux-v6.19-rc1.patch
@@ -0,0 +1,984 @@
+From 5c7e99a166ac5d0c5ca5ef27dc2873f09d3bb00d Mon Sep 17 00:00:00 2001
+From: Shameer Kolothum <skolothumtho@nvidia.com>
+Date: Wed, 21 Jan 2026 11:41:09 +0000
+Subject: [PATCH 114/116] linux-headers: Update to Linux v6.19-rc1
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [98/100] 5fcb1379dac08fcfd8b686404b616a197911b4b4 (rovick1/qemu-kvm)
+
+Mainly for adding support for VFIO DMABUF. While at it, update all
+headers.
+
+The header update breaks virtio-net due to virtio_net_hdr_v1_hash
+changes. Include the virtio-net changes to avoid build and bisect
+failures.
+
+Cc: Michael S. Tsirkin <mst@redhat.com>
+Cc: Jason Wang <jasowang@redhat.com>
+Tested-by: Nicolin Chen <nicolinc@nvidia.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Signed-off-by: Shameer Kolothum <skolothumtho@nvidia.com>
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Tested-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20260121114111.34045-2-skolothumtho@nvidia.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 49f6b93d0752b91c233ae8097d00a986cb8482c3)
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+---
+ hw/net/virtio-net.c | 11 +-
+ include/standard-headers/drm/drm_fourcc.h | 25 ++--
+ include/standard-headers/linux/ethtool.h | 5 +
+ .../linux/input-event-codes.h | 14 ++-
+ include/standard-headers/linux/pci_regs.h | 89 ++++++++++++++
+ include/standard-headers/linux/virtio_net.h | 3 +-
+ include/standard-headers/linux/virtio_pci.h | 2 +-
+ linux-headers/asm-arm64/kvm.h | 2 +-
+ linux-headers/asm-arm64/unistd_64.h | 1 +
+ linux-headers/asm-generic/unistd.h | 4 +-
+ linux-headers/asm-loongarch/kvm.h | 1 +
+ linux-headers/asm-loongarch/unistd.h | 6 +
+ linux-headers/asm-loongarch/unistd_64.h | 1 +
+ linux-headers/asm-mips/unistd_n32.h | 1 +
+ linux-headers/asm-mips/unistd_n64.h | 1 +
+ linux-headers/asm-mips/unistd_o32.h | 1 +
+ linux-headers/asm-powerpc/unistd_32.h | 1 +
+ linux-headers/asm-powerpc/unistd_64.h | 1 +
+ linux-headers/asm-riscv/kvm.h | 3 +
+ linux-headers/asm-riscv/unistd_32.h | 1 +
+ linux-headers/asm-riscv/unistd_64.h | 1 +
+ linux-headers/asm-s390/bitsperlong.h | 4 -
+ linux-headers/asm-s390/unistd.h | 4 -
+ linux-headers/asm-s390/unistd_64.h | 9 +-
+ linux-headers/asm-x86/kvm.h | 1 +
+ linux-headers/asm-x86/unistd_32.h | 1 +
+ linux-headers/asm-x86/unistd_64.h | 1 +
+ linux-headers/asm-x86/unistd_x32.h | 1 +
+ linux-headers/linux/iommufd.h | 10 ++
+ linux-headers/linux/kvm.h | 11 ++
+ linux-headers/linux/mshv.h | 116 +++++++++++++++++-
+ linux-headers/linux/psp-sev.h | 66 ++++++----
+ linux-headers/linux/vfio.h | 28 +++++
+ 33 files changed, 370 insertions(+), 56 deletions(-)
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index f021663f92..16e748c2c5 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -1875,7 +1875,8 @@ static int virtio_net_process_rss(NetClientState *nc, const uint8_t *buf,
+ n->rss_data.runtime_hash_types);
+ if (net_hash_type > NetPktRssIpV6UdpEx) {
+ if (n->rss_data.populate_hash) {
+- hdr->hash_value = VIRTIO_NET_HASH_REPORT_NONE;
++ hdr->hash_value_lo = VIRTIO_NET_HASH_REPORT_NONE;
++ hdr->hash_value_hi = VIRTIO_NET_HASH_REPORT_NONE;
+ hdr->hash_report = 0;
+ }
+ return n->rss_data.redirect ? n->rss_data.default_queue : -1;
+@@ -1884,7 +1885,8 @@ static int virtio_net_process_rss(NetClientState *nc, const uint8_t *buf,
+ hash = net_rx_pkt_calc_rss_hash(pkt, net_hash_type, n->rss_data.key);
+
+ if (n->rss_data.populate_hash) {
+- hdr->hash_value = hash;
++ hdr->hash_value_lo = cpu_to_le16(hash & 0xffff);
++ hdr->hash_value_hi = cpu_to_le16((hash >> 16) & 0xffff);
+ hdr->hash_report = reports[net_hash_type];
+ }
+
+@@ -1986,10 +1988,11 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
+
+ receive_header(n, sg, elem->in_num, buf, size);
+ if (n->rss_data.populate_hash) {
+- offset = offsetof(typeof(extra_hdr), hash_value);
++ offset = offsetof(typeof(extra_hdr), hash_value_lo);
+ iov_from_buf(sg, elem->in_num, offset,
+ (char *)&extra_hdr + offset,
+- sizeof(extra_hdr.hash_value) +
++ sizeof(extra_hdr.hash_value_lo) +
++ sizeof(extra_hdr.hash_value_hi) +
+ sizeof(extra_hdr.hash_report));
+ }
+ offset = n->host_hdr_len;
+diff --git a/include/standard-headers/drm/drm_fourcc.h b/include/standard-headers/drm/drm_fourcc.h
+index cef077dfb3..b39e197cc7 100644
+--- a/include/standard-headers/drm/drm_fourcc.h
++++ b/include/standard-headers/drm/drm_fourcc.h
+@@ -978,14 +978,20 @@ extern "C" {
+ * 2 = Gob Height 8, Turing+ Page Kind mapping
+ * 3 = Reserved for future use.
+ *
+- * 22:22 s Sector layout. On Tegra GPUs prior to Xavier, there is a further
+- * bit remapping step that occurs at an even lower level than the
+- * page kind and block linear swizzles. This causes the layout of
+- * surfaces mapped in those SOC's GPUs to be incompatible with the
+- * equivalent mapping on other GPUs in the same system.
+- *
+- * 0 = Tegra K1 - Tegra Parker/TX2 Layout.
+- * 1 = Desktop GPU and Tegra Xavier+ Layout
++ * 22:22 s Sector layout. There is a further bit remapping step that occurs
++ * 26:27 at an even lower level than the page kind and block linear
++ * swizzles. This causes the bit arrangement of surfaces in memory
++ * to differ subtly, and prevents direct sharing of surfaces between
++ * GPUs with different layouts.
++ *
++ * 0 = Tegra K1 - Tegra Parker/TX2 Layout
++ * 1 = Pre-GB20x, GB20x 32+ bpp, GB10, Tegra Xavier-Orin Layout
++ * 2 = GB20x(Blackwell 2)+ 8 bpp surface layout
++ * 3 = GB20x(Blackwell 2)+ 16 bpp surface layout
++ * 4 = Reserved for future use.
++ * 5 = Reserved for future use.
++ * 6 = Reserved for future use.
++ * 7 = Reserved for future use.
+ *
+ * 25:23 c Lossless Framebuffer Compression type.
+ *
+@@ -1000,7 +1006,7 @@ extern "C" {
+ * 6 = Reserved for future use
+ * 7 = Reserved for future use
+ *
+- * 55:25 - Reserved for future use. Must be zero.
++ * 55:28 - Reserved for future use. Must be zero.
+ */
+ #define DRM_FORMAT_MOD_NVIDIA_BLOCK_LINEAR_2D(c, s, g, k, h) \
+ fourcc_mod_code(NVIDIA, (0x10 | \
+@@ -1008,6 +1014,7 @@ extern "C" {
+ (((k) & 0xff) << 12) | \
+ (((g) & 0x3) << 20) | \
+ (((s) & 0x1) << 22) | \
++ (((s) & 0x6) << 25) | \
+ (((c) & 0x7) << 23)))
+
+ /* To grandfather in prior block linear format modifiers to the above layout,
+diff --git a/include/standard-headers/linux/ethtool.h b/include/standard-headers/linux/ethtool.h
+index dc24512d28..d0f7a63f10 100644
+--- a/include/standard-headers/linux/ethtool.h
++++ b/include/standard-headers/linux/ethtool.h
+@@ -2077,6 +2077,10 @@ enum ethtool_link_mode_bit_indices {
+ ETHTOOL_LINK_MODE_800000baseDR4_2_Full_BIT = 118,
+ ETHTOOL_LINK_MODE_800000baseSR4_Full_BIT = 119,
+ ETHTOOL_LINK_MODE_800000baseVR4_Full_BIT = 120,
++ ETHTOOL_LINK_MODE_1600000baseCR8_Full_BIT = 121,
++ ETHTOOL_LINK_MODE_1600000baseKR8_Full_BIT = 122,
++ ETHTOOL_LINK_MODE_1600000baseDR8_Full_BIT = 123,
++ ETHTOOL_LINK_MODE_1600000baseDR8_2_Full_BIT = 124,
+
+ /* must be last entry */
+ __ETHTOOL_LINK_MODE_MASK_NBITS
+@@ -2190,6 +2194,7 @@ enum ethtool_link_mode_bit_indices {
+ #define SPEED_200000 200000
+ #define SPEED_400000 400000
+ #define SPEED_800000 800000
++#define SPEED_1600000 1600000
+
+ #define SPEED_UNKNOWN -1
+
+diff --git a/include/standard-headers/linux/input-event-codes.h b/include/standard-headers/linux/input-event-codes.h
+index c914ccd723..ede79c6ae4 100644
+--- a/include/standard-headers/linux/input-event-codes.h
++++ b/include/standard-headers/linux/input-event-codes.h
+@@ -27,7 +27,7 @@
+ #define INPUT_PROP_TOPBUTTONPAD 0x04 /* softbuttons at top of pad */
+ #define INPUT_PROP_POINTING_STICK 0x05 /* is a pointing stick */
+ #define INPUT_PROP_ACCELEROMETER 0x06 /* has accelerometer */
+-#define INPUT_PROP_HAPTIC_TOUCHPAD 0x07 /* is a haptic touchpad */
++#define INPUT_PROP_PRESSUREPAD 0x07 /* pressure triggers clicks */
+
+ #define INPUT_PROP_MAX 0x1f
+ #define INPUT_PROP_CNT (INPUT_PROP_MAX + 1)
+@@ -631,6 +631,18 @@
+ #define KEY_BRIGHTNESS_MIN 0x250 /* Set Brightness to Minimum */
+ #define KEY_BRIGHTNESS_MAX 0x251 /* Set Brightness to Maximum */
+
++/*
++ * Keycodes for hotkeys toggling the electronic privacy screen found on some
++ * laptops on/off. Note when the embedded-controller turns on/off the eprivacy
++ * screen itself then the state should be reported through drm connecter props:
++ * https://www.kernel.org/doc/html/latest/gpu/drm-kms.html#standard-connector-properties
++ * Except when implementing the drm connecter properties API is not possible
++ * because e.g. the firmware does not allow querying the presence and/or status
++ * of the eprivacy screen at boot.
++ */
++#define KEY_EPRIVACY_SCREEN_ON 0x252
++#define KEY_EPRIVACY_SCREEN_OFF 0x253
++
+ #define KEY_KBDINPUTASSIST_PREV 0x260
+ #define KEY_KBDINPUTASSIST_NEXT 0x261
+ #define KEY_KBDINPUTASSIST_PREVGROUP 0x262
+diff --git a/include/standard-headers/linux/pci_regs.h b/include/standard-headers/linux/pci_regs.h
+index 07e06aafec..3add74ae25 100644
+--- a/include/standard-headers/linux/pci_regs.h
++++ b/include/standard-headers/linux/pci_regs.h
+@@ -503,6 +503,7 @@
+ #define PCI_EXP_DEVCAP_PWR_VAL 0x03fc0000 /* Slot Power Limit Value */
+ #define PCI_EXP_DEVCAP_PWR_SCL 0x0c000000 /* Slot Power Limit Scale */
+ #define PCI_EXP_DEVCAP_FLR 0x10000000 /* Function Level Reset */
++#define PCI_EXP_DEVCAP_TEE 0x40000000 /* TEE I/O (TDISP) Support */
+ #define PCI_EXP_DEVCTL 0x08 /* Device Control */
+ #define PCI_EXP_DEVCTL_CERE 0x0001 /* Correctable Error Reporting En. */
+ #define PCI_EXP_DEVCTL_NFERE 0x0002 /* Non-Fatal Error Reporting Enable */
+@@ -754,6 +755,8 @@
+ #define PCI_EXT_CAP_ID_NPEM 0x29 /* Native PCIe Enclosure Management */
+ #define PCI_EXT_CAP_ID_PL_32GT 0x2A /* Physical Layer 32.0 GT/s */
+ #define PCI_EXT_CAP_ID_DOE 0x2E /* Data Object Exchange */
++#define PCI_EXT_CAP_ID_DEV3 0x2F /* Device 3 Capability/Control/Status */
++#define PCI_EXT_CAP_ID_IDE 0x30 /* Integrity and Data Encryption */
+ #define PCI_EXT_CAP_ID_PL_64GT 0x31 /* Physical Layer 64.0 GT/s */
+ #define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_PL_64GT
+
+@@ -1244,9 +1247,95 @@
+ /* Deprecated old name, replaced with PCI_DOE_DATA_OBJECT_DISC_RSP_3_TYPE */
+ #define PCI_DOE_DATA_OBJECT_DISC_RSP_3_PROTOCOL PCI_DOE_DATA_OBJECT_DISC_RSP_3_TYPE
+
++/* Device 3 Extended Capability */
++#define PCI_DEV3_CAP 0x04 /* Device 3 Capabilities Register */
++#define PCI_DEV3_CTL 0x08 /* Device 3 Control Register */
++#define PCI_DEV3_STA 0x0c /* Device 3 Status Register */
++#define PCI_DEV3_STA_SEGMENT 0x8 /* Segment Captured (end-to-end flit-mode detected) */
++
+ /* Compute Express Link (CXL r3.1, sec 8.1.5) */
+ #define PCI_DVSEC_CXL_PORT 3
+ #define PCI_DVSEC_CXL_PORT_CTL 0x0c
+ #define PCI_DVSEC_CXL_PORT_CTL_UNMASK_SBR 0x00000001
+
++/* Integrity and Data Encryption Extended Capability */
++#define PCI_IDE_CAP 0x04
++#define PCI_IDE_CAP_LINK 0x1 /* Link IDE Stream Supported */
++#define PCI_IDE_CAP_SELECTIVE 0x2 /* Selective IDE Streams Supported */
++#define PCI_IDE_CAP_FLOWTHROUGH 0x4 /* Flow-Through IDE Stream Supported */
++#define PCI_IDE_CAP_PARTIAL_HEADER_ENC 0x8 /* Partial Header Encryption Supported */
++#define PCI_IDE_CAP_AGGREGATION 0x10 /* Aggregation Supported */
++#define PCI_IDE_CAP_PCRC 0x20 /* PCRC Supported */
++#define PCI_IDE_CAP_IDE_KM 0x40 /* IDE_KM Protocol Supported */
++#define PCI_IDE_CAP_SEL_CFG 0x80 /* Selective IDE for Config Request Support */
++#define PCI_IDE_CAP_ALG __GENMASK(12, 8) /* Supported Algorithms */
++#define PCI_IDE_CAP_ALG_AES_GCM_256 0 /* AES-GCM 256 key size, 96b MAC */
++#define PCI_IDE_CAP_LINK_TC_NUM __GENMASK(15, 13) /* Link IDE TCs */
++#define PCI_IDE_CAP_SEL_NUM __GENMASK(23, 16) /* Supported Selective IDE Streams */
++#define PCI_IDE_CAP_TEE_LIMITED 0x1000000 /* TEE-Limited Stream Supported */
++#define PCI_IDE_CTL 0x08
++#define PCI_IDE_CTL_FLOWTHROUGH_IDE 0x4 /* Flow-Through IDE Stream Enabled */
++
++#define PCI_IDE_LINK_STREAM_0 0xc /* First Link Stream Register Block */
++#define PCI_IDE_LINK_BLOCK_SIZE 8
++/* Link IDE Stream block, up to PCI_IDE_CAP_LINK_TC_NUM */
++#define PCI_IDE_LINK_CTL_0 0x00 /* First Link Control Register Offset in block */
++#define PCI_IDE_LINK_CTL_EN 0x1 /* Link IDE Stream Enable */
++#define PCI_IDE_LINK_CTL_TX_AGGR_NPR __GENMASK(3, 2) /* Tx Aggregation Mode NPR */
++#define PCI_IDE_LINK_CTL_TX_AGGR_PR __GENMASK(5, 4) /* Tx Aggregation Mode PR */
++#define PCI_IDE_LINK_CTL_TX_AGGR_CPL __GENMASK(7, 6) /* Tx Aggregation Mode CPL */
++#define PCI_IDE_LINK_CTL_PCRC_EN 0x100 /* PCRC Enable */
++#define PCI_IDE_LINK_CTL_PART_ENC __GENMASK(13, 10) /* Partial Header Encryption Mode */
++#define PCI_IDE_LINK_CTL_ALG __GENMASK(18, 14) /* Selection from PCI_IDE_CAP_ALG */
++#define PCI_IDE_LINK_CTL_TC __GENMASK(21, 19) /* Traffic Class */
++#define PCI_IDE_LINK_CTL_ID __GENMASK(31, 24) /* Stream ID */
++#define PCI_IDE_LINK_STS_0 0x4 /* First Link Status Register Offset in block */
++#define PCI_IDE_LINK_STS_STATE __GENMASK(3, 0) /* Link IDE Stream State */
++#define PCI_IDE_LINK_STS_IDE_FAIL 0x80000000 /* IDE fail message received */
++
++/* Selective IDE Stream block, up to PCI_IDE_CAP_SELECTIVE_STREAMS_NUM */
++/* Selective IDE Stream Capability Register */
++#define PCI_IDE_SEL_CAP 0x00
++#define PCI_IDE_SEL_CAP_ASSOC_NUM __GENMASK(3, 0)
++/* Selective IDE Stream Control Register */
++#define PCI_IDE_SEL_CTL 0x04
++#define PCI_IDE_SEL_CTL_EN 0x1 /* Selective IDE Stream Enable */
++#define PCI_IDE_SEL_CTL_TX_AGGR_NPR __GENMASK(3, 2) /* Tx Aggregation Mode NPR */
++#define PCI_IDE_SEL_CTL_TX_AGGR_PR __GENMASK(5, 4) /* Tx Aggregation Mode PR */
++#define PCI_IDE_SEL_CTL_TX_AGGR_CPL __GENMASK(7, 6) /* Tx Aggregation Mode CPL */
++#define PCI_IDE_SEL_CTL_PCRC_EN 0x100 /* PCRC Enable */
++#define PCI_IDE_SEL_CTL_CFG_EN 0x200 /* Selective IDE for Configuration Requests */
++#define PCI_IDE_SEL_CTL_PART_ENC __GENMASK(13, 10) /* Partial Header Encryption Mode */
++#define PCI_IDE_SEL_CTL_ALG __GENMASK(18, 14) /* Selection from PCI_IDE_CAP_ALG */
++#define PCI_IDE_SEL_CTL_TC __GENMASK(21, 19) /* Traffic Class */
++#define PCI_IDE_SEL_CTL_DEFAULT 0x400000 /* Default Stream */
++#define PCI_IDE_SEL_CTL_TEE_LIMITED 0x800000 /* TEE-Limited Stream */
++#define PCI_IDE_SEL_CTL_ID __GENMASK(31, 24) /* Stream ID */
++#define PCI_IDE_SEL_CTL_ID_MAX 255
++/* Selective IDE Stream Status Register */
++#define PCI_IDE_SEL_STS 0x08
++#define PCI_IDE_SEL_STS_STATE __GENMASK(3, 0) /* Selective IDE Stream State */
++#define PCI_IDE_SEL_STS_STATE_INSECURE 0
++#define PCI_IDE_SEL_STS_STATE_SECURE 2
++#define PCI_IDE_SEL_STS_IDE_FAIL 0x80000000 /* IDE fail message received */
++/* IDE RID Association Register 1 */
++#define PCI_IDE_SEL_RID_1 0x0c
++#define PCI_IDE_SEL_RID_1_LIMIT __GENMASK(23, 8)
++/* IDE RID Association Register 2 */
++#define PCI_IDE_SEL_RID_2 0x10
++#define PCI_IDE_SEL_RID_2_VALID 0x1
++#define PCI_IDE_SEL_RID_2_BASE __GENMASK(23, 8)
++#define PCI_IDE_SEL_RID_2_SEG __GENMASK(31, 24)
++/* Selective IDE Address Association Register Block, up to PCI_IDE_SEL_CAP_ASSOC_NUM */
++#define PCI_IDE_SEL_ADDR_BLOCK_SIZE 12
++#define PCI_IDE_SEL_ADDR_1(x) (20 + (x) * PCI_IDE_SEL_ADDR_BLOCK_SIZE)
++#define PCI_IDE_SEL_ADDR_1_VALID 0x1
++#define PCI_IDE_SEL_ADDR_1_BASE_LOW __GENMASK(19, 8)
++#define PCI_IDE_SEL_ADDR_1_LIMIT_LOW __GENMASK(31, 20)
++/* IDE Address Association Register 2 is "Memory Limit Upper" */
++#define PCI_IDE_SEL_ADDR_2(x) (24 + (x) * PCI_IDE_SEL_ADDR_BLOCK_SIZE)
++/* IDE Address Association Register 3 is "Memory Base Upper" */
++#define PCI_IDE_SEL_ADDR_3(x) (28 + (x) * PCI_IDE_SEL_ADDR_BLOCK_SIZE)
++#define PCI_IDE_SEL_BLOCK_SIZE(nr_assoc) (20 + PCI_IDE_SEL_ADDR_BLOCK_SIZE * (nr_assoc))
++
+ #endif /* LINUX_PCI_REGS_H */
+diff --git a/include/standard-headers/linux/virtio_net.h b/include/standard-headers/linux/virtio_net.h
+index 93abaae0b9..17a0174d6c 100644
+--- a/include/standard-headers/linux/virtio_net.h
++++ b/include/standard-headers/linux/virtio_net.h
+@@ -193,7 +193,8 @@ struct virtio_net_hdr_v1 {
+
+ struct virtio_net_hdr_v1_hash {
+ struct virtio_net_hdr_v1 hdr;
+- uint32_t hash_value;
++ uint16_t hash_value_lo;
++ uint16_t hash_value_hi;
+ #define VIRTIO_NET_HASH_REPORT_NONE 0
+ #define VIRTIO_NET_HASH_REPORT_IPv4 1
+ #define VIRTIO_NET_HASH_REPORT_TCPv4 2
+diff --git a/include/standard-headers/linux/virtio_pci.h b/include/standard-headers/linux/virtio_pci.h
+index 09e964e6ee..4c82513df2 100644
+--- a/include/standard-headers/linux/virtio_pci.h
++++ b/include/standard-headers/linux/virtio_pci.h
+@@ -40,7 +40,7 @@
+ #define _LINUX_VIRTIO_PCI_H
+
+ #include "standard-headers/linux/types.h"
+-#include "standard-headers/linux/kernel.h"
++#include "standard-headers/linux/const.h"
+
+ #ifndef VIRTIO_PCI_NO_LEGACY
+
+diff --git a/linux-headers/asm-arm64/kvm.h b/linux-headers/asm-arm64/kvm.h
+index f4d9baafa1..46ffbddab5 100644
+--- a/linux-headers/asm-arm64/kvm.h
++++ b/linux-headers/asm-arm64/kvm.h
+@@ -31,7 +31,7 @@
+ #define KVM_SPSR_FIQ 4
+ #define KVM_NR_SPSR 5
+
+-#ifndef __ASSEMBLY__
++#ifndef __ASSEMBLER__
+ #include <linux/psci.h>
+ #include <linux/types.h>
+ #include <asm/ptrace.h>
+diff --git a/linux-headers/asm-arm64/unistd_64.h b/linux-headers/asm-arm64/unistd_64.h
+index 4ae25c2b91..1ef9c40813 100644
+--- a/linux-headers/asm-arm64/unistd_64.h
++++ b/linux-headers/asm-arm64/unistd_64.h
+@@ -326,6 +326,7 @@
+ #define __NR_open_tree_attr 467
+ #define __NR_file_getattr 468
+ #define __NR_file_setattr 469
++#define __NR_listns 470
+
+
+ #endif /* _ASM_UNISTD_64_H */
+diff --git a/linux-headers/asm-generic/unistd.h b/linux-headers/asm-generic/unistd.h
+index 04e0077fb4..942370b3f5 100644
+--- a/linux-headers/asm-generic/unistd.h
++++ b/linux-headers/asm-generic/unistd.h
+@@ -857,9 +857,11 @@ __SYSCALL(__NR_open_tree_attr, sys_open_tree_attr)
+ __SYSCALL(__NR_file_getattr, sys_file_getattr)
+ #define __NR_file_setattr 469
+ __SYSCALL(__NR_file_setattr, sys_file_setattr)
++#define __NR_listns 470
++__SYSCALL(__NR_listns, sys_listns)
+
+ #undef __NR_syscalls
+-#define __NR_syscalls 470
++#define __NR_syscalls 471
+
+ /*
+ * 32 bit systems traditionally used different
+diff --git a/linux-headers/asm-loongarch/kvm.h b/linux-headers/asm-loongarch/kvm.h
+index 57ba1a563b..de6c3f18e4 100644
+--- a/linux-headers/asm-loongarch/kvm.h
++++ b/linux-headers/asm-loongarch/kvm.h
+@@ -104,6 +104,7 @@ struct kvm_fpu {
+ #define KVM_LOONGARCH_VM_FEAT_PV_IPI 6
+ #define KVM_LOONGARCH_VM_FEAT_PV_STEALTIME 7
+ #define KVM_LOONGARCH_VM_FEAT_PTW 8
++#define KVM_LOONGARCH_VM_FEAT_MSGINT 9
+
+ /* Device Control API on vcpu fd */
+ #define KVM_LOONGARCH_VCPU_CPUCFG 0
+diff --git a/linux-headers/asm-loongarch/unistd.h b/linux-headers/asm-loongarch/unistd.h
+index 1f01980f9c..e19c7f2f9f 100644
+--- a/linux-headers/asm-loongarch/unistd.h
++++ b/linux-headers/asm-loongarch/unistd.h
+@@ -1,3 +1,9 @@
+ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+
++#include <asm/bitsperlong.h>
++
++#if __BITS_PER_LONG == 32
++#include <asm/unistd_32.h>
++#else
+ #include <asm/unistd_64.h>
++#endif
+diff --git a/linux-headers/asm-loongarch/unistd_64.h b/linux-headers/asm-loongarch/unistd_64.h
+index 5033fc8f2f..aa5daac4ef 100644
+--- a/linux-headers/asm-loongarch/unistd_64.h
++++ b/linux-headers/asm-loongarch/unistd_64.h
+@@ -322,6 +322,7 @@
+ #define __NR_open_tree_attr 467
+ #define __NR_file_getattr 468
+ #define __NR_file_setattr 469
++#define __NR_listns 470
+
+
+ #endif /* _ASM_UNISTD_64_H */
+diff --git a/linux-headers/asm-mips/unistd_n32.h b/linux-headers/asm-mips/unistd_n32.h
+index c99c10e5bf..a33d106dca 100644
+--- a/linux-headers/asm-mips/unistd_n32.h
++++ b/linux-headers/asm-mips/unistd_n32.h
+@@ -398,5 +398,6 @@
+ #define __NR_open_tree_attr (__NR_Linux + 467)
+ #define __NR_file_getattr (__NR_Linux + 468)
+ #define __NR_file_setattr (__NR_Linux + 469)
++#define __NR_listns (__NR_Linux + 470)
+
+ #endif /* _ASM_UNISTD_N32_H */
+diff --git a/linux-headers/asm-mips/unistd_n64.h b/linux-headers/asm-mips/unistd_n64.h
+index 0d975bb185..1bc251e450 100644
+--- a/linux-headers/asm-mips/unistd_n64.h
++++ b/linux-headers/asm-mips/unistd_n64.h
+@@ -374,5 +374,6 @@
+ #define __NR_open_tree_attr (__NR_Linux + 467)
+ #define __NR_file_getattr (__NR_Linux + 468)
+ #define __NR_file_setattr (__NR_Linux + 469)
++#define __NR_listns (__NR_Linux + 470)
+
+ #endif /* _ASM_UNISTD_N64_H */
+diff --git a/linux-headers/asm-mips/unistd_o32.h b/linux-headers/asm-mips/unistd_o32.h
+index 86ac0ac84b..c57175d496 100644
+--- a/linux-headers/asm-mips/unistd_o32.h
++++ b/linux-headers/asm-mips/unistd_o32.h
+@@ -444,5 +444,6 @@
+ #define __NR_open_tree_attr (__NR_Linux + 467)
+ #define __NR_file_getattr (__NR_Linux + 468)
+ #define __NR_file_setattr (__NR_Linux + 469)
++#define __NR_listns (__NR_Linux + 470)
+
+ #endif /* _ASM_UNISTD_O32_H */
+diff --git a/linux-headers/asm-powerpc/unistd_32.h b/linux-headers/asm-powerpc/unistd_32.h
+index d7a32c5e06..a3f4aa2fe2 100644
+--- a/linux-headers/asm-powerpc/unistd_32.h
++++ b/linux-headers/asm-powerpc/unistd_32.h
+@@ -451,6 +451,7 @@
+ #define __NR_open_tree_attr 467
+ #define __NR_file_getattr 468
+ #define __NR_file_setattr 469
++#define __NR_listns 470
+
+
+ #endif /* _ASM_UNISTD_32_H */
+diff --git a/linux-headers/asm-powerpc/unistd_64.h b/linux-headers/asm-powerpc/unistd_64.h
+index ff35c51fc6..d4444557f1 100644
+--- a/linux-headers/asm-powerpc/unistd_64.h
++++ b/linux-headers/asm-powerpc/unistd_64.h
+@@ -423,6 +423,7 @@
+ #define __NR_open_tree_attr 467
+ #define __NR_file_getattr 468
+ #define __NR_file_setattr 469
++#define __NR_listns 470
+
+
+ #endif /* _ASM_UNISTD_64_H */
+diff --git a/linux-headers/asm-riscv/kvm.h b/linux-headers/asm-riscv/kvm.h
+index 759a4852c0..54f3ad7ed2 100644
+--- a/linux-headers/asm-riscv/kvm.h
++++ b/linux-headers/asm-riscv/kvm.h
+@@ -23,6 +23,8 @@
+ #define KVM_INTERRUPT_SET -1U
+ #define KVM_INTERRUPT_UNSET -2U
+
++#define KVM_EXIT_FAIL_ENTRY_NO_VSFILE (1ULL << 0)
++
+ /* for KVM_GET_REGS and KVM_SET_REGS */
+ struct kvm_regs {
+ };
+@@ -211,6 +213,7 @@ enum KVM_RISCV_SBI_EXT_ID {
+ KVM_RISCV_SBI_EXT_STA,
+ KVM_RISCV_SBI_EXT_SUSP,
+ KVM_RISCV_SBI_EXT_FWFT,
++ KVM_RISCV_SBI_EXT_MPXY,
+ KVM_RISCV_SBI_EXT_MAX,
+ };
+
+diff --git a/linux-headers/asm-riscv/unistd_32.h b/linux-headers/asm-riscv/unistd_32.h
+index 6083373e88..9f33956246 100644
+--- a/linux-headers/asm-riscv/unistd_32.h
++++ b/linux-headers/asm-riscv/unistd_32.h
+@@ -317,6 +317,7 @@
+ #define __NR_open_tree_attr 467
+ #define __NR_file_getattr 468
+ #define __NR_file_setattr 469
++#define __NR_listns 470
+
+
+ #endif /* _ASM_UNISTD_32_H */
+diff --git a/linux-headers/asm-riscv/unistd_64.h b/linux-headers/asm-riscv/unistd_64.h
+index f0c7585c60..c2e7258916 100644
+--- a/linux-headers/asm-riscv/unistd_64.h
++++ b/linux-headers/asm-riscv/unistd_64.h
+@@ -327,6 +327,7 @@
+ #define __NR_open_tree_attr 467
+ #define __NR_file_getattr 468
+ #define __NR_file_setattr 469
++#define __NR_listns 470
+
+
+ #endif /* _ASM_UNISTD_64_H */
+diff --git a/linux-headers/asm-s390/bitsperlong.h b/linux-headers/asm-s390/bitsperlong.h
+index cceaf47b02..7af27a985f 100644
+--- a/linux-headers/asm-s390/bitsperlong.h
++++ b/linux-headers/asm-s390/bitsperlong.h
+@@ -2,11 +2,7 @@
+ #ifndef __ASM_S390_BITSPERLONG_H
+ #define __ASM_S390_BITSPERLONG_H
+
+-#ifndef __s390x__
+-#define __BITS_PER_LONG 32
+-#else
+ #define __BITS_PER_LONG 64
+-#endif
+
+ #include <asm-generic/bitsperlong.h>
+
+diff --git a/linux-headers/asm-s390/unistd.h b/linux-headers/asm-s390/unistd.h
+index 27b8b211c8..1484618877 100644
+--- a/linux-headers/asm-s390/unistd.h
++++ b/linux-headers/asm-s390/unistd.h
+@@ -8,10 +8,6 @@
+ #ifndef _ASM_S390_UNISTD_H_
+ #define _ASM_S390_UNISTD_H_
+
+-#ifdef __s390x__
+ #include <asm/unistd_64.h>
+-#else
+-#include <asm/unistd_32.h>
+-#endif
+
+ #endif /* _ASM_S390_UNISTD_H_ */
+diff --git a/linux-headers/asm-s390/unistd_64.h b/linux-headers/asm-s390/unistd_64.h
+index 0652ba6331..8d9e579ef5 100644
+--- a/linux-headers/asm-s390/unistd_64.h
++++ b/linux-headers/asm-s390/unistd_64.h
+@@ -1,6 +1,5 @@
+-/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+-#ifndef _ASM_S390_UNISTD_64_H
+-#define _ASM_S390_UNISTD_64_H
++#ifndef _ASM_UNISTD_64_H
++#define _ASM_UNISTD_64_H
+
+ #define __NR_exit 1
+ #define __NR_fork 2
+@@ -390,5 +389,7 @@
+ #define __NR_open_tree_attr 467
+ #define __NR_file_getattr 468
+ #define __NR_file_setattr 469
++#define __NR_listns 470
+
+-#endif /* _ASM_S390_UNISTD_64_H */
++
++#endif /* _ASM_UNISTD_64_H */
+diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h
+index 3bb38f6c3a..b804fd25a2 100644
+--- a/linux-headers/asm-x86/kvm.h
++++ b/linux-headers/asm-x86/kvm.h
+@@ -500,6 +500,7 @@ struct kvm_sync_regs {
+ /* vendor-specific groups and attributes for system fd */
+ #define KVM_X86_GRP_SEV 1
+ # define KVM_X86_SEV_VMSA_FEATURES 0
++# define KVM_X86_SNP_POLICY_BITS 1
+
+ struct kvm_vmx_nested_state_data {
+ __u8 vmcs12[KVM_STATE_NESTED_VMX_VMCS_SIZE];
+diff --git a/linux-headers/asm-x86/unistd_32.h b/linux-headers/asm-x86/unistd_32.h
+index 8f784a5634..34255aac64 100644
+--- a/linux-headers/asm-x86/unistd_32.h
++++ b/linux-headers/asm-x86/unistd_32.h
+@@ -460,6 +460,7 @@
+ #define __NR_open_tree_attr 467
+ #define __NR_file_getattr 468
+ #define __NR_file_setattr 469
++#define __NR_listns 470
+
+
+ #endif /* _ASM_UNISTD_32_H */
+diff --git a/linux-headers/asm-x86/unistd_64.h b/linux-headers/asm-x86/unistd_64.h
+index 26c258d1a6..07f242a5fa 100644
+--- a/linux-headers/asm-x86/unistd_64.h
++++ b/linux-headers/asm-x86/unistd_64.h
+@@ -384,6 +384,7 @@
+ #define __NR_open_tree_attr 467
+ #define __NR_file_getattr 468
+ #define __NR_file_setattr 469
++#define __NR_listns 470
+
+
+ #endif /* _ASM_UNISTD_64_H */
+diff --git a/linux-headers/asm-x86/unistd_x32.h b/linux-headers/asm-x86/unistd_x32.h
+index 65c2aed946..08fc9da2fa 100644
+--- a/linux-headers/asm-x86/unistd_x32.h
++++ b/linux-headers/asm-x86/unistd_x32.h
+@@ -337,6 +337,7 @@
+ #define __NR_open_tree_attr (__X32_SYSCALL_BIT + 467)
+ #define __NR_file_getattr (__X32_SYSCALL_BIT + 468)
+ #define __NR_file_setattr (__X32_SYSCALL_BIT + 469)
++#define __NR_listns (__X32_SYSCALL_BIT + 470)
+ #define __NR_rt_sigaction (__X32_SYSCALL_BIT + 512)
+ #define __NR_rt_sigreturn (__X32_SYSCALL_BIT + 513)
+ #define __NR_ioctl (__X32_SYSCALL_BIT + 514)
+diff --git a/linux-headers/linux/iommufd.h b/linux-headers/linux/iommufd.h
+index 2105a03955..384183a403 100644
+--- a/linux-headers/linux/iommufd.h
++++ b/linux-headers/linux/iommufd.h
+@@ -450,6 +450,16 @@ struct iommu_hwpt_vtd_s1 {
+ * nested domain will translate the same as the nesting parent. The S1 will
+ * install a Context Descriptor Table pointing at userspace memory translated
+ * by the nesting parent.
++ *
++ * It's suggested to allocate a vDEVICE object carrying vSID and then re-attach
++ * the nested domain, as soon as the vSID is available in the VMM level:
++ *
++ * - when Cfg=translate, a vDEVICE must be allocated prior to attaching to the
++ * allocated nested domain, as CD/ATS invalidations and vevents need a vSID.
++ * - when Cfg=bypass/abort, a vDEVICE is not enforced during the nested domain
++ * attachment, to support a GBPA case where VM sets CR0.SMMUEN=0. However, if
++ * VM sets CR0.SMMUEN=1 while missing a vDEVICE object, kernel would fail to
++ * report events to the VM. E.g. F_TRANSLATION when guest STE.Cfg=abort.
+ */
+ struct iommu_hwpt_arm_smmuv3 {
+ __aligned_le64 ste[2];
+diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
+index 4ea28ef7ca..a4ab42dcba 100644
+--- a/linux-headers/linux/kvm.h
++++ b/linux-headers/linux/kvm.h
+@@ -179,6 +179,7 @@ struct kvm_xen_exit {
+ #define KVM_EXIT_LOONGARCH_IOCSR 38
+ #define KVM_EXIT_MEMORY_FAULT 39
+ #define KVM_EXIT_TDX 40
++#define KVM_EXIT_ARM_SEA 41
+
+ /* For KVM_EXIT_INTERNAL_ERROR */
+ /* Emulate instruction failed. */
+@@ -465,6 +466,14 @@ struct kvm_run {
+ } setup_event_notify;
+ };
+ } tdx;
++ /* KVM_EXIT_ARM_SEA */
++ struct {
++#define KVM_EXIT_ARM_SEA_FLAG_GPA_VALID (1ULL << 0)
++ __u64 flags;
++ __u64 esr;
++ __u64 gva;
++ __u64 gpa;
++ } arm_sea;
+ /* Fix the size of the union. */
+ char padding[256];
+ };
+@@ -955,6 +964,8 @@ struct kvm_enable_cap {
+ #define KVM_CAP_RISCV_MP_STATE_RESET 242
+ #define KVM_CAP_ARM_CACHEABLE_PFNMAP_SUPPORTED 243
+ #define KVM_CAP_GUEST_MEMFD_FLAGS 244
++#define KVM_CAP_ARM_SEA_TO_USER 245
++#define KVM_CAP_S390_USER_OPEREXEC 246
+
+ struct kvm_irq_routing_irqchip {
+ __u32 irqchip;
+diff --git a/linux-headers/linux/mshv.h b/linux-headers/linux/mshv.h
+index 5bc83db6a3..acceeddc1c 100644
+--- a/linux-headers/linux/mshv.h
++++ b/linux-headers/linux/mshv.h
+@@ -26,6 +26,7 @@ enum {
+ MSHV_PT_BIT_LAPIC,
+ MSHV_PT_BIT_X2APIC,
+ MSHV_PT_BIT_GPA_SUPER_PAGES,
++ MSHV_PT_BIT_CPU_AND_XSAVE_FEATURES,
+ MSHV_PT_BIT_COUNT,
+ };
+
+@@ -41,6 +42,8 @@ enum {
+ * @pt_flags: Bitmask of 1 << MSHV_PT_BIT_*
+ * @pt_isolation: MSHV_PT_ISOLATION_*
+ *
++ * This is the initial/v1 version for backward compatibility.
++ *
+ * Returns a file descriptor to act as a handle to a guest partition.
+ * At this point the partition is not yet initialized in the hypervisor.
+ * Some operations must be done with the partition in this state, e.g. setting
+@@ -52,6 +55,37 @@ struct mshv_create_partition {
+ __u64 pt_isolation;
+ };
+
++#define MSHV_NUM_CPU_FEATURES_BANKS 2
++
++/**
++ * struct mshv_create_partition_v2
++ *
++ * This is extended version of the above initial MSHV_CREATE_PARTITION
++ * ioctl and allows for following additional parameters:
++ *
++ * @pt_num_cpu_fbanks: Must be set to MSHV_NUM_CPU_FEATURES_BANKS.
++ * @pt_cpu_fbanks: Disabled processor feature banks array.
++ * @pt_disabled_xsave: Disabled xsave feature bits.
++ *
++ * pt_cpu_fbanks and pt_disabled_xsave are passed through as-is to the create
++ * partition hypercall.
++ *
++ * Returns : same as above original mshv_create_partition
++ */
++struct mshv_create_partition_v2 {
++ __u64 pt_flags;
++ __u64 pt_isolation;
++ __u16 pt_num_cpu_fbanks;
++ __u8 pt_rsvd[6]; /* MBZ */
++ __u64 pt_cpu_fbanks[MSHV_NUM_CPU_FEATURES_BANKS];
++ __u64 pt_rsvd1[2]; /* MBZ */
++#if defined(__x86_64__)
++ __u64 pt_disabled_xsave;
++#else
++ __u64 pt_rsvd2; /* MBZ */
++#endif
++} __attribute__((packed));
++
+ /* /dev/mshv */
+ #define MSHV_CREATE_PARTITION _IOW(MSHV_IOCTL, 0x00, struct mshv_create_partition)
+
+@@ -89,7 +123,7 @@ enum {
+ * @rsvd: MBZ
+ *
+ * Map or unmap a region of userspace memory to Guest Physical Addresses (GPA).
+- * Mappings can't overlap in GPA space or userspace.
++ * Mappings can't overlap in GPA space.
+ * To unmap, these fields must match an existing mapping.
+ */
+ struct mshv_user_mem_region {
+@@ -288,4 +322,84 @@ struct mshv_get_set_vp_state {
+ * #define MSHV_ROOT_HVCALL _IOWR(MSHV_IOCTL, 0x07, struct mshv_root_hvcall)
+ */
+
++/* Structure definitions, macros and IOCTLs for mshv_vtl */
++
++#define MSHV_CAP_CORE_API_STABLE 0x0
++#define MSHV_CAP_REGISTER_PAGE 0x1
++#define MSHV_CAP_VTL_RETURN_ACTION 0x2
++#define MSHV_CAP_DR6_SHARED 0x3
++#define MSHV_MAX_RUN_MSG_SIZE 256
++
++struct mshv_vp_registers {
++ __u32 count; /* supports only 1 register at a time */
++ __u32 reserved; /* Reserved for alignment or future use */
++ __u64 regs_ptr; /* pointer to struct hv_register_assoc */
++};
++
++struct mshv_vtl_set_eventfd {
++ __s32 fd;
++ __u32 flag;
++};
++
++struct mshv_vtl_signal_event {
++ __u32 connection_id;
++ __u32 flag;
++};
++
++struct mshv_vtl_sint_post_msg {
++ __u64 message_type;
++ __u32 connection_id;
++ __u32 payload_size; /* Must not exceed HV_MESSAGE_PAYLOAD_BYTE_COUNT */
++ __u64 payload_ptr; /* pointer to message payload (bytes) */
++};
++
++struct mshv_vtl_ram_disposition {
++ __u64 start_pfn;
++ __u64 last_pfn;
++};
++
++struct mshv_vtl_set_poll_file {
++ __u32 cpu;
++ __u32 fd;
++};
++
++struct mshv_vtl_hvcall_setup {
++ __u64 bitmap_array_size; /* stores number of bytes */
++ __u64 allow_bitmap_ptr;
++};
++
++struct mshv_vtl_hvcall {
++ __u64 control; /* Hypercall control code */
++ __u64 input_size; /* Size of the input data */
++ __u64 input_ptr; /* Pointer to the input struct */
++ __u64 status; /* Status of the hypercall (output) */
++ __u64 output_size; /* Size of the output data */
++ __u64 output_ptr; /* Pointer to the output struct */
++};
++
++struct mshv_sint_mask {
++ __u8 mask;
++ __u8 reserved[7];
++};
++
++/* /dev/mshv device IOCTL */
++#define MSHV_CHECK_EXTENSION _IOW(MSHV_IOCTL, 0x00, __u32)
++
++/* vtl device */
++#define MSHV_CREATE_VTL _IOR(MSHV_IOCTL, 0x1D, char)
++#define MSHV_ADD_VTL0_MEMORY _IOW(MSHV_IOCTL, 0x21, struct mshv_vtl_ram_disposition)
++#define MSHV_SET_POLL_FILE _IOW(MSHV_IOCTL, 0x25, struct mshv_vtl_set_poll_file)
++#define MSHV_RETURN_TO_LOWER_VTL _IO(MSHV_IOCTL, 0x27)
++#define MSHV_GET_VP_REGISTERS _IOWR(MSHV_IOCTL, 0x05, struct mshv_vp_registers)
++#define MSHV_SET_VP_REGISTERS _IOW(MSHV_IOCTL, 0x06, struct mshv_vp_registers)
++
++/* VMBus device IOCTLs */
++#define MSHV_SINT_SIGNAL_EVENT _IOW(MSHV_IOCTL, 0x22, struct mshv_vtl_signal_event)
++#define MSHV_SINT_POST_MESSAGE _IOW(MSHV_IOCTL, 0x23, struct mshv_vtl_sint_post_msg)
++#define MSHV_SINT_SET_EVENTFD _IOW(MSHV_IOCTL, 0x24, struct mshv_vtl_set_eventfd)
++#define MSHV_SINT_PAUSE_MESSAGE_STREAM _IOW(MSHV_IOCTL, 0x25, struct mshv_sint_mask)
++
++/* hv_hvcall device */
++#define MSHV_HVCALL_SETUP _IOW(MSHV_IOCTL, 0x1E, struct mshv_vtl_hvcall_setup)
++#define MSHV_HVCALL _IOWR(MSHV_IOCTL, 0x1F, struct mshv_vtl_hvcall)
+ #endif
+diff --git a/linux-headers/linux/psp-sev.h b/linux-headers/linux/psp-sev.h
+index c525125ea8..9479928a4a 100644
+--- a/linux-headers/linux/psp-sev.h
++++ b/linux-headers/linux/psp-sev.h
+@@ -47,32 +47,32 @@ typedef enum {
+ * with possible values from the specification.
+ */
+ SEV_RET_NO_FW_CALL = -1,
+- SEV_RET_SUCCESS = 0,
+- SEV_RET_INVALID_PLATFORM_STATE,
+- SEV_RET_INVALID_GUEST_STATE,
+- SEV_RET_INAVLID_CONFIG,
++ SEV_RET_SUCCESS = 0,
++ SEV_RET_INVALID_PLATFORM_STATE = 0x0001,
++ SEV_RET_INVALID_GUEST_STATE = 0x0002,
++ SEV_RET_INAVLID_CONFIG = 0x0003,
+ SEV_RET_INVALID_CONFIG = SEV_RET_INAVLID_CONFIG,
+- SEV_RET_INVALID_LEN,
+- SEV_RET_ALREADY_OWNED,
+- SEV_RET_INVALID_CERTIFICATE,
+- SEV_RET_POLICY_FAILURE,
+- SEV_RET_INACTIVE,
+- SEV_RET_INVALID_ADDRESS,
+- SEV_RET_BAD_SIGNATURE,
+- SEV_RET_BAD_MEASUREMENT,
+- SEV_RET_ASID_OWNED,
+- SEV_RET_INVALID_ASID,
+- SEV_RET_WBINVD_REQUIRED,
+- SEV_RET_DFFLUSH_REQUIRED,
+- SEV_RET_INVALID_GUEST,
+- SEV_RET_INVALID_COMMAND,
+- SEV_RET_ACTIVE,
+- SEV_RET_HWSEV_RET_PLATFORM,
+- SEV_RET_HWSEV_RET_UNSAFE,
+- SEV_RET_UNSUPPORTED,
+- SEV_RET_INVALID_PARAM,
+- SEV_RET_RESOURCE_LIMIT,
+- SEV_RET_SECURE_DATA_INVALID,
++ SEV_RET_INVALID_LEN = 0x0004,
++ SEV_RET_ALREADY_OWNED = 0x0005,
++ SEV_RET_INVALID_CERTIFICATE = 0x0006,
++ SEV_RET_POLICY_FAILURE = 0x0007,
++ SEV_RET_INACTIVE = 0x0008,
++ SEV_RET_INVALID_ADDRESS = 0x0009,
++ SEV_RET_BAD_SIGNATURE = 0x000A,
++ SEV_RET_BAD_MEASUREMENT = 0x000B,
++ SEV_RET_ASID_OWNED = 0x000C,
++ SEV_RET_INVALID_ASID = 0x000D,
++ SEV_RET_WBINVD_REQUIRED = 0x000E,
++ SEV_RET_DFFLUSH_REQUIRED = 0x000F,
++ SEV_RET_INVALID_GUEST = 0x0010,
++ SEV_RET_INVALID_COMMAND = 0x0011,
++ SEV_RET_ACTIVE = 0x0012,
++ SEV_RET_HWSEV_RET_PLATFORM = 0x0013,
++ SEV_RET_HWSEV_RET_UNSAFE = 0x0014,
++ SEV_RET_UNSUPPORTED = 0x0015,
++ SEV_RET_INVALID_PARAM = 0x0016,
++ SEV_RET_RESOURCE_LIMIT = 0x0017,
++ SEV_RET_SECURE_DATA_INVALID = 0x0018,
+ SEV_RET_INVALID_PAGE_SIZE = 0x0019,
+ SEV_RET_INVALID_PAGE_STATE = 0x001A,
+ SEV_RET_INVALID_MDATA_ENTRY = 0x001B,
+@@ -87,6 +87,22 @@ typedef enum {
+ SEV_RET_RESTORE_REQUIRED = 0x0025,
+ SEV_RET_RMP_INITIALIZATION_FAILED = 0x0026,
+ SEV_RET_INVALID_KEY = 0x0027,
++ SEV_RET_SHUTDOWN_INCOMPLETE = 0x0028,
++ SEV_RET_INCORRECT_BUFFER_LENGTH = 0x0030,
++ SEV_RET_EXPAND_BUFFER_LENGTH_REQUEST = 0x0031,
++ SEV_RET_SPDM_REQUEST = 0x0032,
++ SEV_RET_SPDM_ERROR = 0x0033,
++ SEV_RET_SEV_STATUS_ERR_IN_DEV_CONN = 0x0035,
++ SEV_RET_SEV_STATUS_INVALID_DEV_CTX = 0x0036,
++ SEV_RET_SEV_STATUS_INVALID_TDI_CTX = 0x0037,
++ SEV_RET_SEV_STATUS_INVALID_TDI = 0x0038,
++ SEV_RET_SEV_STATUS_RECLAIM_REQUIRED = 0x0039,
++ SEV_RET_IN_USE = 0x003A,
++ SEV_RET_SEV_STATUS_INVALID_DEV_STATE = 0x003B,
++ SEV_RET_SEV_STATUS_INVALID_TDI_STATE = 0x003C,
++ SEV_RET_SEV_STATUS_DEV_CERT_CHANGED = 0x003D,
++ SEV_RET_SEV_STATUS_RESYNC_REQ = 0x003E,
++ SEV_RET_SEV_STATUS_RESPONSE_TOO_LARGE = 0x003F,
+ SEV_RET_MAX,
+ } sev_ret_code;
+
+diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h
+index 4d96d1fc12..720edfee7a 100644
+--- a/linux-headers/linux/vfio.h
++++ b/linux-headers/linux/vfio.h
+@@ -14,6 +14,7 @@
+
+ #include <linux/types.h>
+ #include <linux/ioctl.h>
++#include <linux/stddef.h>
+
+ #define VFIO_API_VERSION 0
+
+@@ -1478,6 +1479,33 @@ struct vfio_device_feature_bus_master {
+ };
+ #define VFIO_DEVICE_FEATURE_BUS_MASTER 10
+
++/**
++ * Upon VFIO_DEVICE_FEATURE_GET create a dma_buf fd for the
++ * regions selected.
++ *
++ * open_flags are the typical flags passed to open(2), eg O_RDWR, O_CLOEXEC,
++ * etc. offset/length specify a slice of the region to create the dmabuf from.
++ * nr_ranges is the total number of (P2P DMA) ranges that comprise the dmabuf.
++ *
++ * flags should be 0.
++ *
++ * Return: The fd number on success, -1 and errno is set on failure.
++ */
++#define VFIO_DEVICE_FEATURE_DMA_BUF 11
++
++struct vfio_region_dma_range {
++ __u64 offset;
++ __u64 length;
++};
++
++struct vfio_device_feature_dma_buf {
++ __u32 region_index;
++ __u32 open_flags;
++ __u32 flags;
++ __u32 nr_ranges;
++ struct vfio_region_dma_range dma_ranges[] __counted_by(nr_ranges);
++};
++
+ /* -------- API for Type1 VFIO IOMMU -------- */
+
+ /**
+--
+2.52.0
+
diff --git a/kvm-migration-Remove-error-variant-of-vmstate_save_state.patch b/kvm-migration-Remove-error-variant-of-vmstate_save_state.patch
new file mode 100644
index 0000000..1d2aeec
--- /dev/null
+++ b/kvm-migration-Remove-error-variant-of-vmstate_save_state.patch
@@ -0,0 +1,446 @@
+From 673399c8d3ee747c11071589bcbff5e30496e490 Mon Sep 17 00:00:00 2001
+From: Arun Menon <armenon@redhat.com>
+Date: Thu, 18 Sep 2025 20:53:41 +0530
+Subject: [PATCH 087/116] migration: Remove error variant of
+ vmstate_save_state() function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [71/100] ba229c51e673198fe4c2082b2f8b598ee80839ae (rovick1/qemu-kvm)
+
+This commit removes the redundant vmstate_save_state_with_err()
+function.
+
+Previously, commit 969298f9d7 introduced vmstate_save_state_with_err()
+to handle error propagation, while vmstate_save_state() existed for
+non-error scenarios.
+This is because there were code paths where vmstate_save_state_v()
+(called internally by vmstate_save_state) did not explicitly set
+errors on failure.
+
+This change unifies error handling by
+ - updating vmstate_save_state() to accept an Error **errp argument.
+ - vmstate_save_state_v() ensures errors are set directly within the errp
+ object, eliminating the need for two separate functions.
+
+All calls to vmstate_save_state_with_err() are replaced with
+vmstate_save_state(). This simplifies the API and improves code
+maintainability.
+
+vmstate_save_state() that only calls vmstate_save_state_v(),
+by inference, also has errors set in errp in case of failure.
+The errors are reported using error_report_err().
+If we want the function to exit on error, then &error_fatal is
+passed.
+
+Reviewed-by: Fabiano Rosas <farosas@suse.de>
+Signed-off-by: Arun Menon <armenon@redhat.com>
+Tested-by: Fabiano Rosas <farosas@suse.de>
+Reviewed-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
+Link: https://lore.kernel.org/r/20250918-propagate_tpm_error-v14-24-36f11a6fb9d3@redhat.com
+Signed-off-by: Peter Xu <peterx@redhat.com>
+(cherry picked from commit 6f9fc6f5012344292f7014e079e5225b8988383d)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/display/virtio-gpu.c | 3 ++-
+ hw/pci/pci.c | 2 +-
+ hw/s390x/virtio-ccw.c | 2 +-
+ hw/scsi/spapr_vscsi.c | 2 +-
+ hw/vfio/pci.c | 4 ++--
+ hw/virtio/virtio-mmio.c | 2 +-
+ hw/virtio/virtio-pci.c | 2 +-
+ hw/virtio/virtio.c | 6 ++++--
+ include/migration/vmstate.h | 2 --
+ migration/cpr.c | 3 +--
+ migration/savevm.c | 11 ++++++++---
+ migration/vmstate-types.c | 25 ++++++++++++++++++-------
+ migration/vmstate.c | 10 ++--------
+ tests/unit/test-vmstate.c | 20 +++++++++++++++++---
+ ui/vdagent.c | 3 ++-
+ 15 files changed, 61 insertions(+), 36 deletions(-)
+
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
+index 5dc31bc6bf..477ec700a1 100644
+--- a/hw/display/virtio-gpu.c
++++ b/hw/display/virtio-gpu.c
+@@ -1246,7 +1246,8 @@ static int virtio_gpu_save(QEMUFile *f, void *opaque, size_t size,
+ }
+ qemu_put_be32(f, 0); /* end of list */
+
+- return vmstate_save_state(f, &vmstate_virtio_gpu_scanouts, g, NULL);
++ return vmstate_save_state(f, &vmstate_virtio_gpu_scanouts, g, NULL,
++ &error_fatal);
+ }
+
+ static bool virtio_gpu_load_restore_mapping(VirtIOGPU *g,
+diff --git a/hw/pci/pci.c b/hw/pci/pci.c
+index 5b37b70815..d1c22999b9 100644
+--- a/hw/pci/pci.c
++++ b/hw/pci/pci.c
+@@ -926,7 +926,7 @@ void pci_device_save(PCIDevice *s, QEMUFile *f)
+ * This makes us compatible with old devices
+ * which never set or clear this bit. */
+ s->config[PCI_STATUS] &= ~PCI_STATUS_INTERRUPT;
+- vmstate_save_state(f, &vmstate_pci_device, s, NULL);
++ vmstate_save_state(f, &vmstate_pci_device, s, NULL, &error_fatal);
+ /* Restore the interrupt status bit. */
+ pci_update_irq_status(s);
+ }
+diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
+index 6a9641a03d..4cb1ced001 100644
+--- a/hw/s390x/virtio-ccw.c
++++ b/hw/s390x/virtio-ccw.c
+@@ -1130,7 +1130,7 @@ static int virtio_ccw_load_queue(DeviceState *d, int n, QEMUFile *f)
+ static void virtio_ccw_save_config(DeviceState *d, QEMUFile *f)
+ {
+ VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(d);
+- vmstate_save_state(f, &vmstate_virtio_ccw_dev, dev, NULL);
++ vmstate_save_state(f, &vmstate_virtio_ccw_dev, dev, NULL, &error_fatal);
+ }
+
+ static int virtio_ccw_load_config(DeviceState *d, QEMUFile *f)
+diff --git a/hw/scsi/spapr_vscsi.c b/hw/scsi/spapr_vscsi.c
+index da173f4867..f0a7dd2b88 100644
+--- a/hw/scsi/spapr_vscsi.c
++++ b/hw/scsi/spapr_vscsi.c
+@@ -630,7 +630,7 @@ static void vscsi_save_request(QEMUFile *f, SCSIRequest *sreq)
+ vscsi_req *req = sreq->hba_private;
+ assert(req->active);
+
+- vmstate_save_state(f, &vmstate_spapr_vscsi_req, req, NULL);
++ vmstate_save_state(f, &vmstate_spapr_vscsi_req, req, NULL, &error_fatal);
+
+ trace_spapr_vscsi_save_request(req->qtag, req->cur_desc_num,
+ req->cur_desc_offset);
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index f696e8116f..378b475b2c 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -2824,8 +2824,8 @@ static int vfio_pci_save_config(VFIODevice *vbasedev, QEMUFile *f, Error **errp)
+ {
+ VFIOPCIDevice *vdev = container_of(vbasedev, VFIOPCIDevice, vbasedev);
+
+- return vmstate_save_state_with_err(f, &vmstate_vfio_pci_config, vdev, NULL,
+- errp);
++ return vmstate_save_state(f, &vmstate_vfio_pci_config, vdev, NULL,
++ errp);
+ }
+
+ static int vfio_pci_load_config(VFIODevice *vbasedev, QEMUFile *f)
+diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c
+index 0a688909fc..fb58c36452 100644
+--- a/hw/virtio/virtio-mmio.c
++++ b/hw/virtio/virtio-mmio.c
+@@ -613,7 +613,7 @@ static void virtio_mmio_save_extra_state(DeviceState *opaque, QEMUFile *f)
+ {
+ VirtIOMMIOProxy *proxy = VIRTIO_MMIO(opaque);
+
+- vmstate_save_state(f, &vmstate_virtio_mmio, proxy, NULL);
++ vmstate_save_state(f, &vmstate_virtio_mmio, proxy, NULL, &error_fatal);
+ }
+
+ static int virtio_mmio_load_extra_state(DeviceState *opaque, QEMUFile *f)
+diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
+index ae875bd108..937e22f08a 100644
+--- a/hw/virtio/virtio-pci.c
++++ b/hw/virtio/virtio-pci.c
+@@ -188,7 +188,7 @@ static void virtio_pci_save_extra_state(DeviceState *d, QEMUFile *f)
+ {
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
+
+- vmstate_save_state(f, &vmstate_virtio_pci, proxy, NULL);
++ vmstate_save_state(f, &vmstate_virtio_pci, proxy, NULL, &error_fatal);
+ }
+
+ static int virtio_pci_load_extra_state(DeviceState *d, QEMUFile *f)
+diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
+index e6cbbc8624..a7063d5555 100644
+--- a/hw/virtio/virtio.c
++++ b/hw/virtio/virtio.c
+@@ -3017,6 +3017,7 @@ int virtio_save(VirtIODevice *vdev, QEMUFile *f)
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev);
+ uint32_t guest_features_lo = (vdev->guest_features & 0xffffffff);
+ int i;
++ Error *local_err = NULL;
+
+ if (k->save_config) {
+ k->save_config(qbus->parent, f);
+@@ -3060,14 +3061,15 @@ int virtio_save(VirtIODevice *vdev, QEMUFile *f)
+ }
+
+ if (vdc->vmsd) {
+- int ret = vmstate_save_state(f, vdc->vmsd, vdev, NULL);
++ int ret = vmstate_save_state(f, vdc->vmsd, vdev, NULL, &local_err);
+ if (ret) {
++ error_report_err(local_err);
+ return ret;
+ }
+ }
+
+ /* Subsections */
+- return vmstate_save_state(f, &vmstate_virtio, vdev, NULL);
++ return vmstate_save_state(f, &vmstate_virtio, vdev, NULL, &error_fatal);
+ }
+
+ /* A wrapper for use as a VMState .put function */
+diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
+index b9a41cc38a..47a1dc1810 100644
+--- a/include/migration/vmstate.h
++++ b/include/migration/vmstate.h
+@@ -1208,8 +1208,6 @@ extern const VMStateInfo vmstate_info_qlist;
+ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd,
+ void *opaque, int version_id, Error **errp);
+ int vmstate_save_state(QEMUFile *f, const VMStateDescription *vmsd,
+- void *opaque, JSONWriter *vmdesc);
+-int vmstate_save_state_with_err(QEMUFile *f, const VMStateDescription *vmsd,
+ void *opaque, JSONWriter *vmdesc, Error **errp);
+ int vmstate_save_state_v(QEMUFile *f, const VMStateDescription *vmsd,
+ void *opaque, JSONWriter *vmdesc,
+diff --git a/migration/cpr.c b/migration/cpr.c
+index 8abb6db76d..038f48f810 100644
+--- a/migration/cpr.c
++++ b/migration/cpr.c
+@@ -182,9 +182,8 @@ int cpr_state_save(MigrationChannel *channel, Error **errp)
+ qemu_put_be32(f, QEMU_CPR_FILE_MAGIC);
+ qemu_put_be32(f, QEMU_CPR_FILE_VERSION);
+
+- ret = vmstate_save_state(f, &vmstate_cpr_state, &cpr_state, 0);
++ ret = vmstate_save_state(f, &vmstate_cpr_state, &cpr_state, 0, errp);
+ if (ret) {
+- error_setg(errp, "vmstate_save_state error %d", ret);
+ qemu_fclose(f);
+ return ret;
+ }
+diff --git a/migration/savevm.c b/migration/savevm.c
+index f5a1ab9101..1eab91d3ad 100644
+--- a/migration/savevm.c
++++ b/migration/savevm.c
+@@ -1050,8 +1050,8 @@ static int vmstate_save(QEMUFile *f, SaveStateEntry *se, JSONWriter *vmdesc,
+ if (!se->vmsd) {
+ vmstate_save_old_style(f, se, vmdesc);
+ } else {
+- ret = vmstate_save_state_with_err(f, se->vmsd, se->opaque, vmdesc,
+- errp);
++ ret = vmstate_save_state(f, se->vmsd, se->opaque, vmdesc,
++ errp);
+ if (ret) {
+ return ret;
+ }
+@@ -1279,6 +1279,7 @@ void qemu_savevm_state_header(QEMUFile *f)
+ {
+ MigrationState *s = migrate_get_current();
+ JSONWriter *vmdesc = s->vmdesc;
++ Error *local_err = NULL;
+
+ trace_savevm_state_header();
+ qemu_put_be32(f, QEMU_VM_FILE_MAGIC);
+@@ -1297,7 +1298,11 @@ void qemu_savevm_state_header(QEMUFile *f)
+ json_writer_start_object(vmdesc, "configuration");
+ }
+
+- vmstate_save_state(f, &vmstate_configuration, &savevm_state, vmdesc);
++ vmstate_save_state(f, &vmstate_configuration, &savevm_state,
++ vmdesc, &local_err);
++ if (local_err) {
++ error_report_err(local_err);
++ }
+
+ if (vmdesc) {
+ json_writer_end_object(vmdesc);
+diff --git a/migration/vmstate-types.c b/migration/vmstate-types.c
+index c5cfd861e3..a1cd7a95fa 100644
+--- a/migration/vmstate-types.c
++++ b/migration/vmstate-types.c
+@@ -565,10 +565,14 @@ static int put_tmp(QEMUFile *f, void *pv, size_t size,
+ const VMStateDescription *vmsd = field->vmsd;
+ void *tmp = g_malloc(size);
+ int ret;
++ Error *local_err = NULL;
+
+ /* Writes the parent field which is at the start of the tmp */
+ *(void **)tmp = pv;
+- ret = vmstate_save_state(f, vmsd, tmp, vmdesc);
++ ret = vmstate_save_state(f, vmsd, tmp, vmdesc, &local_err);
++ if (ret) {
++ error_report_err(local_err);
++ }
+ g_free(tmp);
+
+ return ret;
+@@ -676,13 +680,15 @@ static int put_qtailq(QEMUFile *f, void *pv, size_t unused_size,
+ size_t entry_offset = field->start;
+ void *elm;
+ int ret;
++ Error *local_err = NULL;
+
+ trace_put_qtailq(vmsd->name, vmsd->version_id);
+
+ QTAILQ_RAW_FOREACH(elm, pv, entry_offset) {
+ qemu_put_byte(f, true);
+- ret = vmstate_save_state(f, vmsd, elm, vmdesc);
++ ret = vmstate_save_state(f, vmsd, elm, vmdesc, &local_err);
+ if (ret) {
++ error_report_err(local_err);
+ return ret;
+ }
+ }
+@@ -711,6 +717,7 @@ static gboolean put_gtree_elem(gpointer key, gpointer value, gpointer data)
+ struct put_gtree_data *capsule = (struct put_gtree_data *)data;
+ QEMUFile *f = capsule->f;
+ int ret;
++ Error *local_err = NULL;
+
+ qemu_put_byte(f, true);
+
+@@ -718,16 +725,20 @@ static gboolean put_gtree_elem(gpointer key, gpointer value, gpointer data)
+ if (!capsule->key_vmsd) {
+ qemu_put_be64(f, (uint64_t)(uintptr_t)(key)); /* direct key */
+ } else {
+- ret = vmstate_save_state(f, capsule->key_vmsd, key, capsule->vmdesc);
++ ret = vmstate_save_state(f, capsule->key_vmsd, key, capsule->vmdesc,
++ &local_err);
+ if (ret) {
++ error_report_err(local_err);
+ capsule->ret = ret;
+ return true;
+ }
+ }
+
+ /* put the data */
+- ret = vmstate_save_state(f, capsule->val_vmsd, value, capsule->vmdesc);
++ ret = vmstate_save_state(f, capsule->val_vmsd, value, capsule->vmdesc,
++ &local_err);
+ if (ret) {
++ error_report_err(local_err);
+ capsule->ret = ret;
+ return true;
+ }
+@@ -857,14 +868,14 @@ static int put_qlist(QEMUFile *f, void *pv, size_t unused_size,
+ size_t entry_offset = field->start;
+ void *elm;
+ int ret;
++ Error *local_err = NULL;
+
+ trace_put_qlist(field->name, vmsd->name, vmsd->version_id);
+ QLIST_RAW_FOREACH(elm, pv, entry_offset) {
+ qemu_put_byte(f, true);
+- ret = vmstate_save_state(f, vmsd, elm, vmdesc);
++ ret = vmstate_save_state(f, vmsd, elm, vmdesc, &local_err);
+ if (ret) {
+- error_report("%s: failed to save %s (%d)", field->name,
+- vmsd->name, ret);
++ error_report_err(local_err);
+ return ret;
+ }
+ }
+diff --git a/migration/vmstate.c b/migration/vmstate.c
+index 8d1e9eb62b..ad8e5b71ae 100644
+--- a/migration/vmstate.c
++++ b/migration/vmstate.c
+@@ -406,12 +406,6 @@ bool vmstate_section_needed(const VMStateDescription *vmsd, void *opaque)
+
+
+ int vmstate_save_state(QEMUFile *f, const VMStateDescription *vmsd,
+- void *opaque, JSONWriter *vmdesc_id)
+-{
+- return vmstate_save_state_v(f, vmsd, opaque, vmdesc_id, vmsd->version_id, NULL);
+-}
+-
+-int vmstate_save_state_with_err(QEMUFile *f, const VMStateDescription *vmsd,
+ void *opaque, JSONWriter *vmdesc_id, Error **errp)
+ {
+ return vmstate_save_state_v(f, vmsd, opaque, vmdesc_id, vmsd->version_id, errp);
+@@ -512,7 +506,7 @@ int vmstate_save_state_v(QEMUFile *f, const VMStateDescription *vmsd,
+
+ if (inner_field->flags & VMS_STRUCT) {
+ ret = vmstate_save_state(f, inner_field->vmsd,
+- curr_elem, vmdesc_loop);
++ curr_elem, vmdesc_loop, errp);
+ } else if (inner_field->flags & VMS_VSTRUCT) {
+ ret = vmstate_save_state_v(f, inner_field->vmsd,
+ curr_elem, vmdesc_loop,
+@@ -674,7 +668,7 @@ static int vmstate_subsection_save(QEMUFile *f, const VMStateDescription *vmsd,
+ qemu_put_byte(f, len);
+ qemu_put_buffer(f, (uint8_t *)vmsdsub->name, len);
+ qemu_put_be32(f, vmsdsub->version_id);
+- ret = vmstate_save_state_with_err(f, vmsdsub, opaque, vmdesc, errp);
++ ret = vmstate_save_state(f, vmsdsub, opaque, vmdesc, errp);
+ if (ret) {
+ return ret;
+ }
+diff --git a/tests/unit/test-vmstate.c b/tests/unit/test-vmstate.c
+index 4ff0ab632f..cadbab3c5e 100644
+--- a/tests/unit/test-vmstate.c
++++ b/tests/unit/test-vmstate.c
+@@ -67,9 +67,13 @@ static QEMUFile *open_test_file(bool write)
+ static void save_vmstate(const VMStateDescription *desc, void *obj)
+ {
+ QEMUFile *f = open_test_file(true);
++ Error *local_err = NULL;
+
+ /* Save file with vmstate */
+- int ret = vmstate_save_state(f, desc, obj, NULL);
++ int ret = vmstate_save_state(f, desc, obj, NULL, &local_err);
++ if (ret) {
++ error_report_err(local_err);
++ }
+ g_assert(!ret);
+ qemu_put_byte(f, QEMU_VM_EOF);
+ g_assert(!qemu_file_get_error(f));
+@@ -438,10 +442,15 @@ static const VMStateDescription vmstate_skipping = {
+
+ static void test_save_noskip(void)
+ {
++ Error *local_err = NULL;
+ QEMUFile *fsave = open_test_file(true);
+ TestStruct obj = { .a = 1, .b = 2, .c = 3, .d = 4, .e = 5, .f = 6,
+ .skip_c_e = false };
+- int ret = vmstate_save_state(fsave, &vmstate_skipping, &obj, NULL);
++ int ret = vmstate_save_state(fsave, &vmstate_skipping, &obj, NULL,
++ &local_err);
++ if (ret) {
++ error_report_err(local_err);
++ }
+ g_assert(!ret);
+ g_assert(!qemu_file_get_error(fsave));
+
+@@ -460,10 +469,15 @@ static void test_save_noskip(void)
+
+ static void test_save_skip(void)
+ {
++ Error *local_err = NULL;
+ QEMUFile *fsave = open_test_file(true);
+ TestStruct obj = { .a = 1, .b = 2, .c = 3, .d = 4, .e = 5, .f = 6,
+ .skip_c_e = true };
+- int ret = vmstate_save_state(fsave, &vmstate_skipping, &obj, NULL);
++ int ret = vmstate_save_state(fsave, &vmstate_skipping, &obj, NULL,
++ &local_err);
++ if (ret) {
++ error_report_err(local_err);
++ }
+ g_assert(!ret);
+ g_assert(!qemu_file_get_error(fsave));
+
+diff --git a/ui/vdagent.c b/ui/vdagent.c
+index bc3c77f013..ddb91e75c6 100644
+--- a/ui/vdagent.c
++++ b/ui/vdagent.c
+@@ -992,7 +992,8 @@ static int put_cbinfo(QEMUFile *f, void *pv, size_t size,
+ }
+ }
+
+- return vmstate_save_state(f, &vmstate_cbinfo_array, &cbinfo, vmdesc);
++ return vmstate_save_state(f, &vmstate_cbinfo_array, &cbinfo, vmdesc,
++ &error_fatal);
+ }
+
+ static int get_cbinfo(QEMUFile *f, void *pv, size_t size,
+--
+2.52.0
+
diff --git a/kvm-migration-add-cpr_walk_fd.patch b/kvm-migration-add-cpr_walk_fd.patch
new file mode 100644
index 0000000..e60ea6b
--- /dev/null
+++ b/kvm-migration-add-cpr_walk_fd.patch
@@ -0,0 +1,67 @@
+From df154d5011af1b33e245031b98a56f91969be66c Mon Sep 17 00:00:00 2001
+From: Steve Sistare <steven.sistare@oracle.com>
+Date: Wed, 1 Oct 2025 08:33:54 -0700
+Subject: [PATCH 089/116] migration: add cpr_walk_fd
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [73/100] 29b4bdb4daddc394a05956ba876d4ab6696d1e0b (rovick1/qemu-kvm)
+
+Add a helper to walk all CPR fd's and run a callback for each.
+
+Signed-off-by: Steve Sistare <steven.sistare@oracle.com>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Link: https://lore.kernel.org/r/1759332851-370353-3-git-send-email-steven.sistare@oracle.com
+Signed-off-by: Peter Xu <peterx@redhat.com>
+---
+ include/migration/cpr.h | 3 +++
+ migration/cpr.c | 13 +++++++++++++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/include/migration/cpr.h b/include/migration/cpr.h
+index 3fc19a74ef..2b074d7a65 100644
+--- a/include/migration/cpr.h
++++ b/include/migration/cpr.h
+@@ -34,6 +34,9 @@ void cpr_resave_fd(const char *name, int id, int fd);
+ int cpr_open_fd(const char *path, int flags, const char *name, int id,
+ Error **errp);
+
++typedef bool (*cpr_walk_fd_cb)(int fd);
++bool cpr_walk_fd(cpr_walk_fd_cb cb);
++
+ MigMode cpr_get_incoming_mode(void);
+ void cpr_set_incoming_mode(MigMode mode);
+ bool cpr_is_incoming(void);
+diff --git a/migration/cpr.c b/migration/cpr.c
+index 038f48f810..a995b349d9 100644
+--- a/migration/cpr.c
++++ b/migration/cpr.c
+@@ -121,6 +121,19 @@ int cpr_open_fd(const char *path, int flags, const char *name, int id,
+ return fd;
+ }
+
++bool cpr_walk_fd(cpr_walk_fd_cb cb)
++{
++ CprFd *elem;
++
++ QLIST_FOREACH(elem, &cpr_state.fds, next) {
++ g_assert(elem->fd >= 0);
++ if (!cb(elem->fd)) {
++ return false;
++ }
++ }
++ return true;
++}
++
+ /*************************************************************************/
+ static const VMStateDescription vmstate_cpr_state = {
+ .name = CPR_STATE,
+--
+2.52.0
+
diff --git a/kvm-migration-cpr-exec-command-parameter.patch b/kvm-migration-cpr-exec-command-parameter.patch
new file mode 100644
index 0000000..b3db725
--- /dev/null
+++ b/kvm-migration-cpr-exec-command-parameter.patch
@@ -0,0 +1,218 @@
+From b4ff0c555444a8ecd318d269ca662ff8cc6bf4d9 Mon Sep 17 00:00:00 2001
+From: Steve Sistare <steven.sistare@oracle.com>
+Date: Wed, 1 Oct 2025 08:33:56 -0700
+Subject: [PATCH 091/116] migration: cpr-exec-command parameter
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [75/100] f4b9811694a26506dbc5c31c8950f737ec70d3c5 (rovick1/qemu-kvm)
+
+Create the cpr-exec-command migration parameter, defined as a list of
+strings. It will be used for cpr-exec migration mode in a subsequent
+patch, and contains forward references to cpr-exec mode in the qapi
+doc.
+
+No functional change, except that cpr-exec-command is shown by the
+'info migrate' command.
+
+Signed-off-by: Steve Sistare <steven.sistare@oracle.com>
+Acked-by: Markus Armbruster <armbru@redhat.com>
+Link: https://lore.kernel.org/r/1759332851-370353-5-git-send-email-steven.sistare@oracle.com
+Signed-off-by: Peter Xu <peterx@redhat.com>
+---
+ hmp-commands.hx | 2 +-
+ migration/migration-hmp-cmds.c | 30 ++++++++++++++++++++++++++++++
+ migration/options.c | 14 ++++++++++++++
+ qapi/migration.json | 21 ++++++++++++++++++---
+ 4 files changed, 63 insertions(+), 4 deletions(-)
+
+diff --git a/hmp-commands.hx b/hmp-commands.hx
+index d0e4f35a30..3cace8f1f7 100644
+--- a/hmp-commands.hx
++++ b/hmp-commands.hx
+@@ -1009,7 +1009,7 @@ ERST
+
+ {
+ .name = "migrate_set_parameter",
+- .args_type = "parameter:s,value:s",
++ .args_type = "parameter:s,value:S",
+ .params = "parameter value",
+ .help = "Set the parameter for migration",
+ .cmd = hmp_migrate_set_parameter,
+diff --git a/migration/migration-hmp-cmds.c b/migration/migration-hmp-cmds.c
+index 0fc21f0647..54df615753 100644
+--- a/migration/migration-hmp-cmds.c
++++ b/migration/migration-hmp-cmds.c
+@@ -306,6 +306,18 @@ void hmp_info_migrate_capabilities(Monitor *mon, const QDict *qdict)
+ qapi_free_MigrationCapabilityStatusList(caps);
+ }
+
++static void monitor_print_cpr_exec_command(Monitor *mon, strList *args)
++{
++ monitor_printf(mon, "%s:",
++ MigrationParameter_str(MIGRATION_PARAMETER_CPR_EXEC_COMMAND));
++
++ while (args) {
++ monitor_printf(mon, " %s", args->value);
++ args = args->next;
++ }
++ monitor_printf(mon, "\n");
++}
++
+ void hmp_info_migrate_parameters(Monitor *mon, const QDict *qdict)
+ {
+ MigrationParameters *params;
+@@ -435,6 +447,9 @@ void hmp_info_migrate_parameters(Monitor *mon, const QDict *qdict)
+ MIGRATION_PARAMETER_DIRECT_IO),
+ params->direct_io ? "on" : "off");
+ }
++
++ assert(params->has_cpr_exec_command);
++ monitor_print_cpr_exec_command(mon, params->cpr_exec_command);
+ }
+
+ qapi_free_MigrationParameters(params);
+@@ -716,6 +731,21 @@ void hmp_migrate_set_parameter(Monitor *mon, const QDict *qdict)
+ p->has_direct_io = true;
+ visit_type_bool(v, param, &p->direct_io, &err);
+ break;
++ case MIGRATION_PARAMETER_CPR_EXEC_COMMAND: {
++ g_autofree char **strv = NULL;
++ g_autoptr(GError) gerr = NULL;
++ strList **tail = &p->cpr_exec_command;
++
++ if (!g_shell_parse_argv(valuestr, NULL, &strv, &gerr)) {
++ error_setg(&err, "%s", gerr->message);
++ break;
++ }
++ for (int i = 0; strv[i]; i++) {
++ QAPI_LIST_APPEND(tail, strv[i]);
++ }
++ p->has_cpr_exec_command = true;
++ break;
++ }
+ default:
+ g_assert_not_reached();
+ }
+diff --git a/migration/options.c b/migration/options.c
+index 4e923a2e07..5183112775 100644
+--- a/migration/options.c
++++ b/migration/options.c
+@@ -959,6 +959,9 @@ MigrationParameters *qmp_query_migrate_parameters(Error **errp)
+ params->zero_page_detection = s->parameters.zero_page_detection;
+ params->has_direct_io = true;
+ params->direct_io = s->parameters.direct_io;
++ params->has_cpr_exec_command = true;
++ params->cpr_exec_command = QAPI_CLONE(strList,
++ s->parameters.cpr_exec_command);
+
+ return params;
+ }
+@@ -993,6 +996,7 @@ void migrate_params_init(MigrationParameters *params)
+ params->has_mode = true;
+ params->has_zero_page_detection = true;
+ params->has_direct_io = true;
++ params->has_cpr_exec_command = true;
+ }
+
+ /*
+@@ -1297,6 +1301,10 @@ static void migrate_params_test_apply(MigrateSetParameters *params,
+ if (params->has_direct_io) {
+ dest->direct_io = params->direct_io;
+ }
++
++ if (params->has_cpr_exec_command) {
++ dest->cpr_exec_command = params->cpr_exec_command;
++ }
+ }
+
+ static void migrate_params_apply(MigrateSetParameters *params, Error **errp)
+@@ -1429,6 +1437,12 @@ static void migrate_params_apply(MigrateSetParameters *params, Error **errp)
+ if (params->has_direct_io) {
+ s->parameters.direct_io = params->direct_io;
+ }
++
++ if (params->has_cpr_exec_command) {
++ qapi_free_strList(s->parameters.cpr_exec_command);
++ s->parameters.cpr_exec_command =
++ QAPI_CLONE(strList, params->cpr_exec_command);
++ }
+ }
+
+ void qmp_migrate_set_parameters(MigrateSetParameters *params, Error **errp)
+diff --git a/qapi/migration.json b/qapi/migration.json
+index 2387c21e9c..2be8fa1d16 100644
+--- a/qapi/migration.json
++++ b/qapi/migration.json
+@@ -924,6 +924,10 @@
+ # only has effect if the @mapped-ram capability is enabled.
+ # (Since 9.1)
+ #
++# @cpr-exec-command: Command to start the new QEMU process when @mode
++# is @cpr-exec. The first list element is the program's filename,
++# the remainder its arguments. (Since 10.2)
++#
+ # Features:
+ #
+ # @unstable: Members @x-checkpoint-delay and
+@@ -950,7 +954,8 @@
+ 'vcpu-dirty-limit',
+ 'mode',
+ 'zero-page-detection',
+- 'direct-io'] }
++ 'direct-io',
++ 'cpr-exec-command'] }
+
+ ##
+ # @MigrateSetParameters:
+@@ -1105,6 +1110,10 @@
+ # only has effect if the @mapped-ram capability is enabled.
+ # (Since 9.1)
+ #
++# @cpr-exec-command: Command to start the new QEMU process when @mode
++# is @cpr-exec. The first list element is the program's filename,
++# the remainder its arguments. (Since 10.2)
++#
+ # Features:
+ #
+ # @unstable: Members @x-checkpoint-delay and
+@@ -1146,7 +1155,8 @@
+ '*vcpu-dirty-limit': 'uint64',
+ '*mode': 'MigMode',
+ '*zero-page-detection': 'ZeroPageDetection',
+- '*direct-io': 'bool' } }
++ '*direct-io': 'bool',
++ '*cpr-exec-command': [ 'str' ]} }
+
+ ##
+ # @migrate-set-parameters:
+@@ -1315,6 +1325,10 @@
+ # only has effect if the @mapped-ram capability is enabled.
+ # (Since 9.1)
+ #
++# @cpr-exec-command: Command to start the new QEMU process when @mode
++# is @cpr-exec. The first list element is the program's filename,
++# the remainder its arguments. (Since 10.2)
++#
+ # Features:
+ #
+ # @unstable: Members @x-checkpoint-delay and
+@@ -1353,7 +1367,8 @@
+ '*vcpu-dirty-limit': 'uint64',
+ '*mode': 'MigMode',
+ '*zero-page-detection': 'ZeroPageDetection',
+- '*direct-io': 'bool' } }
++ '*direct-io': 'bool',
++ '*cpr-exec-command': [ 'str' ]} }
+
+ ##
+ # @query-migrate-parameters:
+--
+2.52.0
+
diff --git a/kvm-migration-cpr-exec-docs.patch b/kvm-migration-cpr-exec-docs.patch
new file mode 100644
index 0000000..5204021
--- /dev/null
+++ b/kvm-migration-cpr-exec-docs.patch
@@ -0,0 +1,155 @@
+From b3c7dae14ab3fad5f9fea955b775084517553518 Mon Sep 17 00:00:00 2001
+From: Steve Sistare <steven.sistare@oracle.com>
+Date: Wed, 1 Oct 2025 08:33:59 -0700
+Subject: [PATCH 094/116] migration: cpr-exec docs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [78/100] e7264165aa8f378494974ca1898ec4bc3aa6e38f (rovick1/qemu-kvm)
+
+Update developer documentation for cpr-exec mode.
+
+Signed-off-by: Steve Sistare <steven.sistare@oracle.com>
+Reviewed-by: Fabiano Rosas <farosas@suse.de>
+Link: https://lore.kernel.org/r/1759332851-370353-8-git-send-email-steven.sistare@oracle.com
+Signed-off-by: Peter Xu <peterx@redhat.com>
+---
+ docs/devel/migration/CPR.rst | 112 ++++++++++++++++++++++++++++++++++-
+ 1 file changed, 111 insertions(+), 1 deletion(-)
+
+diff --git a/docs/devel/migration/CPR.rst b/docs/devel/migration/CPR.rst
+index 0a0fd4f6dc..b6178568a8 100644
+--- a/docs/devel/migration/CPR.rst
++++ b/docs/devel/migration/CPR.rst
+@@ -5,7 +5,7 @@ CPR is the umbrella name for a set of migration modes in which the
+ VM is migrated to a new QEMU instance on the same host. It is
+ intended for use when the goal is to update host software components
+ that run the VM, such as QEMU or even the host kernel. At this time,
+-the cpr-reboot and cpr-transfer modes are available.
++the cpr-reboot, cpr-transfer, and cpr-exec modes are available.
+
+ Because QEMU is restarted on the same host, with access to the same
+ local devices, CPR is allowed in certain cases where normal migration
+@@ -324,3 +324,113 @@ descriptors from old to new QEMU. In the future, descriptors for
+ vhost, and char devices could be transferred,
+ preserving those devices and their kernel state without interruption,
+ even if they do not explicitly support live migration.
++
++cpr-exec mode
++-------------
++
++In this mode, QEMU stops the VM, writes VM state to the migration
++URI, and directly exec's a new version of QEMU on the same host,
++replacing the original process while retaining its PID. Guest RAM is
++preserved in place, albeit with new virtual addresses. The user
++completes the migration by specifying the ``-incoming`` option, and
++by issuing the ``migrate-incoming`` command if necessary; see details
++below.
++
++This mode supports VFIO/IOMMUFD devices by preserving device
++descriptors and hence kernel state across the exec, even for devices
++that do not support live migration.
++
++Because the old and new QEMU instances are not active concurrently,
++the URI cannot be a type that streams data from one instance to the
++other.
++
++This mode does not require a channel of type ``cpr``. The information
++that is passed over that channel for cpr-transfer mode is instead
++serialized to a memfd, the number of the fd is saved in the
++QEMU_CPR_EXEC_STATE environment variable during the exec of new QEMU.
++and new QEMU mmaps the memfd.
++
++Usage
++^^^^^
++
++Arguments for the new QEMU process are taken from the
++@cpr-exec-command parameter. The first argument should be the
++path of a new QEMU binary, or a prefix command that exec's the
++new QEMU binary, and the arguments should include the ''-incoming''
++option.
++
++Memory backend objects must have the ``share=on`` attribute.
++The VM must be started with the ``-machine aux-ram-share=on`` option.
++
++Outgoing:
++ * Set the migration mode parameter to ``cpr-exec``.
++ * Set the ``cpr-exec-command`` parameter.
++ * Issue the ``migrate`` command. It is recommended that the URI be
++ a ``file`` type, but one can use other types such as ``exec``,
++ provided the command captures all the data from the outgoing side,
++ and provides all the data to the incoming side.
++
++Incoming:
++ * You do not need to explicitly start new QEMU. It is started as
++ a side effect of the migrate command above.
++ * If the VM was running when the outgoing ``migrate`` command was
++ issued, then QEMU automatically resumes VM execution.
++
++Example 1: incoming URI
++^^^^^^^^^^^^^^^^^^^^^^^
++
++In these examples, we simply restart the same version of QEMU, but in
++a real scenario one would set a new QEMU binary path in
++cpr-exec-command.
++
++::
++
++ # qemu-kvm -monitor stdio
++ -object memory-backend-memfd,id=ram0,size=4G
++ -machine memory-backend=ram0
++ -machine aux-ram-share=on
++ ...
++
++ QEMU 10.2.50 monitor - type 'help' for more information
++ (qemu) info status
++ VM status: running
++ (qemu) migrate_set_parameter mode cpr-exec
++ (qemu) migrate_set_parameter cpr-exec-command qemu-kvm ... -incoming file:vm.state
++ (qemu) migrate -d file:vm.state
++ (qemu) QEMU 10.2.50 monitor - type 'help' for more information
++ (qemu) info status
++ VM status: running
++
++Example 2: incoming defer
++^^^^^^^^^^^^^^^^^^^^^^^^^
++::
++
++ # qemu-kvm -monitor stdio
++ -object memory-backend-memfd,id=ram0,size=4G
++ -machine memory-backend=ram0
++ -machine aux-ram-share=on
++ ...
++
++ QEMU 10.2.50 monitor - type 'help' for more information
++ (qemu) info status
++ VM status: running
++ (qemu) migrate_set_parameter mode cpr-exec
++ (qemu) migrate_set_parameter cpr-exec-command qemu-kvm ... -incoming defer
++ (qemu) migrate -d file:vm.state
++ (qemu) QEMU 10.2.50 monitor - type 'help' for more information
++ (qemu) info status
++ status: paused (inmigrate)
++ (qemu) migrate_incoming file:vm.state
++ (qemu) info status
++ VM status: running
++
++Caveats
++^^^^^^^
++
++cpr-exec mode may not be used with postcopy, background-snapshot,
++or COLO.
++
++cpr-exec mode requires permission to use the exec system call, which
++is denied by certain sandbox options, such as spawn.
++
++The guest pause time increases for large guest RAM backed by small pages.
+--
+2.52.0
+
diff --git a/kvm-migration-cpr-exec-mode.patch b/kvm-migration-cpr-exec-mode.patch
new file mode 100644
index 0000000..2b48d61
--- /dev/null
+++ b/kvm-migration-cpr-exec-mode.patch
@@ -0,0 +1,419 @@
+From d233d9745e4519119159aecb4ff7050f20660041 Mon Sep 17 00:00:00 2001
+From: Steve Sistare <steven.sistare@oracle.com>
+Date: Wed, 1 Oct 2025 08:33:58 -0700
+Subject: [PATCH 093/116] migration: cpr-exec mode
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [77/100] bea8a1d3bf0582076d7b81bb4f83e19b9d257a75 (rovick1/qemu-kvm)
+
+Add the cpr-exec migration mode. Usage:
+ qemu-system-$arch -machine aux-ram-share=on ...
+ migrate_set_parameter mode cpr-exec
+ migrate_set_parameter cpr-exec-command \
+ <arg1> <arg2> ... -incoming <uri-1> \
+ migrate -d <uri-1>
+
+The migrate command stops the VM, saves state to uri-1,
+directly exec's a new version of QEMU on the same host,
+replacing the original process while retaining its PID, and
+loads state from uri-1. Guest RAM is preserved in place,
+albeit with new virtual addresses.
+
+The new QEMU process is started by exec'ing the command
+specified by the @cpr-exec-command parameter. The first word of
+the command is the binary, and the remaining words are its
+arguments. The command may be a direct invocation of new QEMU,
+or may be a non-QEMU command that exec's the new QEMU binary.
+
+This mode creates a second migration channel that is not visible
+to the user. At the start of migration, old QEMU saves CPR state
+to the second channel, and at the end of migration, it tells the
+main loop to call cpr_exec. New QEMU loads CPR state early, before
+objects are created.
+
+Because old QEMU terminates when new QEMU starts, one cannot
+stream data between the two, so uri-1 must be a type,
+such as a file, that accepts all data before old QEMU exits.
+Otherwise, old QEMU may quietly block writing to the channel.
+
+Memory-backend objects must have the share=on attribute, but
+memory-backend-epc is not supported. The VM must be started with
+the '-machine aux-ram-share=on' option, which allows anonymous
+memory to be transferred in place to the new process. The memfds
+are kept open across exec by clearing the close-on-exec flag, their
+values are saved in CPR state, and they are mmap'd in new QEMU.
+
+Signed-off-by: Steve Sistare <steven.sistare@oracle.com>
+Acked-by: Markus Armbruster <armbru@redhat.com>
+Link: https://lore.kernel.org/r/1759332851-370353-7-git-send-email-steven.sistare@oracle.com
+Signed-off-by: Peter Xu <peterx@redhat.com>
+---
+ include/migration/cpr.h | 2 +
+ migration/cpr-exec.c | 95 +++++++++++++++++++++++++++++++++++++++
+ migration/cpr.c | 23 +++++++++-
+ migration/migration.c | 10 ++++-
+ migration/ram.c | 1 +
+ migration/trace-events | 1 +
+ migration/vmstate-types.c | 8 ++++
+ qapi/migration.json | 25 ++++++++++-
+ system/vl.c | 4 +-
+ 9 files changed, 164 insertions(+), 5 deletions(-)
+
+diff --git a/include/migration/cpr.h b/include/migration/cpr.h
+index b84389ff04..a412d6663c 100644
+--- a/include/migration/cpr.h
++++ b/include/migration/cpr.h
+@@ -53,9 +53,11 @@ int cpr_get_fd_param(const char *name, const char *fdname, int index,
+ QEMUFile *cpr_transfer_output(MigrationChannel *channel, Error **errp);
+ QEMUFile *cpr_transfer_input(MigrationChannel *channel, Error **errp);
+
++void cpr_exec_init(void);
+ QEMUFile *cpr_exec_output(Error **errp);
+ QEMUFile *cpr_exec_input(Error **errp);
+ void cpr_exec_persist_state(QEMUFile *f);
+ bool cpr_exec_has_state(void);
+ void cpr_exec_unpersist_state(void);
++void cpr_exec_unpreserve_fds(void);
+ #endif
+diff --git a/migration/cpr-exec.c b/migration/cpr-exec.c
+index 81d84425e1..d57714bc5d 100644
+--- a/migration/cpr-exec.c
++++ b/migration/cpr-exec.c
+@@ -6,15 +6,21 @@
+
+ #include "qemu/osdep.h"
+ #include "qemu/cutils.h"
++#include "qemu/error-report.h"
+ #include "qemu/memfd.h"
+ #include "qapi/error.h"
++#include "qapi/type-helpers.h"
+ #include "io/channel-file.h"
+ #include "io/channel-socket.h"
++#include "block/block-global-state.h"
++#include "qemu/main-loop.h"
+ #include "migration/cpr.h"
+ #include "migration/qemu-file.h"
++#include "migration/migration.h"
+ #include "migration/misc.h"
+ #include "migration/vmstate.h"
+ #include "system/runstate.h"
++#include "trace.h"
+
+ #define CPR_EXEC_STATE_NAME "QEMU_CPR_EXEC_STATE"
+
+@@ -97,3 +103,92 @@ QEMUFile *cpr_exec_input(Error **errp)
+ lseek(mfd, 0, SEEK_SET);
+ return qemu_file_new_fd_input(mfd, CPR_EXEC_STATE_NAME);
+ }
++
++static bool preserve_fd(int fd)
++{
++ qemu_clear_cloexec(fd);
++ return true;
++}
++
++static bool unpreserve_fd(int fd)
++{
++ qemu_set_cloexec(fd);
++ return true;
++}
++
++static void cpr_exec_preserve_fds(void)
++{
++ cpr_walk_fd(preserve_fd);
++}
++
++void cpr_exec_unpreserve_fds(void)
++{
++ cpr_walk_fd(unpreserve_fd);
++}
++
++static void cpr_exec_cb(void *opaque)
++{
++ MigrationState *s = migrate_get_current();
++ char **argv = strv_from_str_list(s->parameters.cpr_exec_command);
++ Error *err = NULL;
++
++ /*
++ * Clear the close-on-exec flag for all preserved fd's. We cannot do so
++ * earlier because they should not persist across miscellaneous fork and
++ * exec calls that are performed during normal operation.
++ */
++ cpr_exec_preserve_fds();
++
++ trace_cpr_exec();
++ execvp(argv[0], argv);
++
++ /*
++ * exec should only fail if argv[0] is bogus, or has a permissions problem,
++ * or the system is very short on resources.
++ */
++ g_strfreev(argv);
++ cpr_exec_unpreserve_fds();
++
++ error_setg_errno(&err, errno, "execvp %s failed", argv[0]);
++ error_report_err(error_copy(err));
++ migrate_set_state(&s->state, s->state, MIGRATION_STATUS_FAILED);
++ migrate_set_error(s, err);
++
++ /* Note, we can go from state COMPLETED to FAILED */
++ migration_call_notifiers(s, MIG_EVENT_PRECOPY_FAILED, NULL);
++
++ err = NULL;
++ if (!migration_block_activate(&err)) {
++ /* error was already reported */
++ error_free(err);
++ return;
++ }
++
++ if (runstate_is_live(s->vm_old_state)) {
++ vm_start();
++ }
++}
++
++static int cpr_exec_notifier(NotifierWithReturn *notifier, MigrationEvent *e,
++ Error **errp)
++{
++ MigrationState *s = migrate_get_current();
++
++ if (e->type == MIG_EVENT_PRECOPY_DONE) {
++ QEMUBH *cpr_exec_bh = qemu_bh_new(cpr_exec_cb, NULL);
++ assert(s->state == MIGRATION_STATUS_COMPLETED);
++ qemu_bh_schedule(cpr_exec_bh);
++ qemu_notify_event();
++ } else if (e->type == MIG_EVENT_PRECOPY_FAILED) {
++ cpr_exec_unpersist_state();
++ }
++ return 0;
++}
++
++void cpr_exec_init(void)
++{
++ static NotifierWithReturn exec_notifier;
++
++ migration_add_notifier_mode(&exec_notifier, cpr_exec_notifier,
++ MIG_MODE_CPR_EXEC);
++}
+diff --git a/migration/cpr.c b/migration/cpr.c
+index a995b349d9..0b87c2343f 100644
+--- a/migration/cpr.c
++++ b/migration/cpr.c
+@@ -6,6 +6,7 @@
+ */
+
+ #include "qemu/osdep.h"
++#include "qemu/error-report.h"
+ #include "qapi/error.h"
+ #include "hw/vfio/vfio-device.h"
+ #include "migration/cpr.h"
+@@ -185,6 +186,8 @@ int cpr_state_save(MigrationChannel *channel, Error **errp)
+ if (mode == MIG_MODE_CPR_TRANSFER) {
+ g_assert(channel);
+ f = cpr_transfer_output(channel, errp);
++ } else if (mode == MIG_MODE_CPR_EXEC) {
++ f = cpr_exec_output(errp);
+ } else {
+ return 0;
+ }
+@@ -201,6 +204,10 @@ int cpr_state_save(MigrationChannel *channel, Error **errp)
+ return ret;
+ }
+
++ if (migrate_mode() == MIG_MODE_CPR_EXEC) {
++ cpr_exec_persist_state(f);
++ }
++
+ /*
+ * Close the socket only partially so we can later detect when the other
+ * end closes by getting a HUP event.
+@@ -219,7 +226,13 @@ int cpr_state_load(MigrationChannel *channel, Error **errp)
+ QEMUFile *f;
+ MigMode mode = 0;
+
+- if (channel) {
++ if (cpr_exec_has_state()) {
++ mode = MIG_MODE_CPR_EXEC;
++ f = cpr_exec_input(errp);
++ if (channel) {
++ warn_report("ignoring cpr channel for migration mode cpr-exec");
++ }
++ } else if (channel) {
+ mode = MIG_MODE_CPR_TRANSFER;
+ cpr_set_incoming_mode(mode);
+ f = cpr_transfer_input(channel, errp);
+@@ -231,6 +244,7 @@ int cpr_state_load(MigrationChannel *channel, Error **errp)
+ }
+
+ trace_cpr_state_load(MigMode_str(mode));
++ cpr_set_incoming_mode(mode);
+
+ v = qemu_get_be32(f);
+ if (v != QEMU_CPR_FILE_MAGIC) {
+@@ -251,6 +265,11 @@ int cpr_state_load(MigrationChannel *channel, Error **errp)
+ return ret;
+ }
+
++ if (migrate_mode() == MIG_MODE_CPR_EXEC) {
++ /* Set cloexec to prevent fd leaks from fork until the next cpr-exec */
++ cpr_exec_unpreserve_fds();
++ }
++
+ /*
+ * Let the caller decide when to close the socket (and generate a HUP event
+ * for the sending side).
+@@ -271,7 +290,7 @@ void cpr_state_close(void)
+ bool cpr_incoming_needed(void *opaque)
+ {
+ MigMode mode = migrate_mode();
+- return mode == MIG_MODE_CPR_TRANSFER;
++ return mode == MIG_MODE_CPR_TRANSFER || mode == MIG_MODE_CPR_EXEC;
+ }
+
+ /*
+diff --git a/migration/migration.c b/migration/migration.c
+index 08a98f74ef..2515bec48f 100644
+--- a/migration/migration.c
++++ b/migration/migration.c
+@@ -333,6 +333,7 @@ void migration_object_init(void)
+
+ ram_mig_init();
+ dirty_bitmap_mig_init();
++ cpr_exec_init();
+
+ /* Initialize cpu throttle timers */
+ cpu_throttle_init();
+@@ -1796,7 +1797,8 @@ bool migrate_mode_is_cpr(MigrationState *s)
+ {
+ MigMode mode = s->parameters.mode;
+ return mode == MIG_MODE_CPR_REBOOT ||
+- mode == MIG_MODE_CPR_TRANSFER;
++ mode == MIG_MODE_CPR_TRANSFER ||
++ mode == MIG_MODE_CPR_EXEC;
+ }
+
+ int migrate_init(MigrationState *s, Error **errp)
+@@ -2145,6 +2147,12 @@ static bool migrate_prepare(MigrationState *s, bool resume, Error **errp)
+ return false;
+ }
+
++ if (migrate_mode() == MIG_MODE_CPR_EXEC &&
++ !s->parameters.has_cpr_exec_command) {
++ error_setg(errp, "cpr-exec mode requires setting cpr-exec-command");
++ return false;
++ }
++
+ if (migration_is_blocked(errp)) {
+ return false;
+ }
+diff --git a/migration/ram.c b/migration/ram.c
+index 7208bc114f..6730a41ff5 100644
+--- a/migration/ram.c
++++ b/migration/ram.c
+@@ -228,6 +228,7 @@ bool migrate_ram_is_ignored(RAMBlock *block)
+ MigMode mode = migrate_mode();
+ return !qemu_ram_is_migratable(block) ||
+ mode == MIG_MODE_CPR_TRANSFER ||
++ mode == MIG_MODE_CPR_EXEC ||
+ (migrate_ignore_shared() && qemu_ram_is_shared(block)
+ && qemu_ram_is_named_file(block));
+ }
+diff --git a/migration/trace-events b/migration/trace-events
+index 706db97def..e8edd1fbba 100644
+--- a/migration/trace-events
++++ b/migration/trace-events
+@@ -354,6 +354,7 @@ cpr_state_save(const char *mode) "%s mode"
+ cpr_state_load(const char *mode) "%s mode"
+ cpr_transfer_input(const char *path) "%s"
+ cpr_transfer_output(const char *path) "%s"
++cpr_exec(void) ""
+
+ # block-dirty-bitmap.c
+ send_bitmap_header_enter(void) ""
+diff --git a/migration/vmstate-types.c b/migration/vmstate-types.c
+index a1cd7a95fa..4b01dc19c2 100644
+--- a/migration/vmstate-types.c
++++ b/migration/vmstate-types.c
+@@ -322,6 +322,10 @@ static int get_fd(QEMUFile *f, void *pv, size_t size,
+ const VMStateField *field)
+ {
+ int32_t *v = pv;
++ if (migrate_mode() == MIG_MODE_CPR_EXEC) {
++ qemu_get_sbe32s(f, v);
++ return 0;
++ }
+ *v = qemu_file_get_fd(f);
+ return 0;
+ }
+@@ -330,6 +334,10 @@ static int put_fd(QEMUFile *f, void *pv, size_t size,
+ const VMStateField *field, JSONWriter *vmdesc)
+ {
+ int32_t *v = pv;
++ if (migrate_mode() == MIG_MODE_CPR_EXEC) {
++ qemu_put_sbe32s(f, v);
++ return 0;
++ }
+ return qemu_file_put_fd(f, *v);
+ }
+
+diff --git a/qapi/migration.json b/qapi/migration.json
+index 2be8fa1d16..be0f3fcc12 100644
+--- a/qapi/migration.json
++++ b/qapi/migration.json
+@@ -694,9 +694,32 @@
+ # until you issue the `migrate-incoming` command.
+ #
+ # (since 10.0)
++#
++# @cpr-exec: The migrate command stops the VM, saves state to the
++# migration channel, directly exec's a new version of QEMU on the
++# same host, replacing the original process while retaining its
++# PID, and loads state from the channel. Guest RAM is preserved
++# in place. Devices and their pinned pages are also preserved for
++# VFIO and IOMMUFD.
++#
++# Old QEMU starts new QEMU by exec'ing the command specified by
++# the @cpr-exec-command parameter. The command may be a direct
++# invocation of new QEMU, or may be a wrapper that exec's the new
++# QEMU binary.
++#
++# Because old QEMU terminates when new QEMU starts, one cannot
++# stream data between the two, so the channel must be a type,
++# such as a file, that accepts all data before old QEMU exits.
++# Otherwise, old QEMU may quietly block writing to the channel.
++#
++# Memory-backend objects must have the share=on attribute, but
++# memory-backend-epc is not supported. The VM must be started
++# with the '-machine aux-ram-share=on' option.
++#
++# (since 10.2)
+ ##
+ { 'enum': 'MigMode',
+- 'data': [ 'normal', 'cpr-reboot', 'cpr-transfer' ] }
++ 'data': [ 'normal', 'cpr-reboot', 'cpr-transfer', 'cpr-exec' ] }
+
+ ##
+ # @ZeroPageDetection:
+diff --git a/system/vl.c b/system/vl.c
+index d3e6158753..7a32043625 100644
+--- a/system/vl.c
++++ b/system/vl.c
+@@ -3850,6 +3850,8 @@ void qemu_init(int argc, char **argv)
+ }
+ qemu_init_displays();
+ accel_setup_post(current_machine);
+- os_setup_post();
++ if (migrate_mode() != MIG_MODE_CPR_EXEC) {
++ os_setup_post();
++ }
+ resume_mux_open();
+ }
+--
+2.52.0
+
diff --git a/kvm-migration-cpr-exec-save-and-load.patch b/kvm-migration-cpr-exec-save-and-load.patch
new file mode 100644
index 0000000..c36e18e
--- /dev/null
+++ b/kvm-migration-cpr-exec-save-and-load.patch
@@ -0,0 +1,166 @@
+From 9eba869ae9f22f7c9470ca84b01bc775441ffa77 Mon Sep 17 00:00:00 2001
+From: Steve Sistare <steven.sistare@oracle.com>
+Date: Wed, 1 Oct 2025 08:33:57 -0700
+Subject: [PATCH 092/116] migration: cpr-exec save and load
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [76/100] dccfce1a851364d8a3fc15ccc537277fd2f3b55b (rovick1/qemu-kvm)
+
+To preserve CPR state across exec, create a QEMUFile based on a memfd, and
+keep the memfd open across exec. Save the value of the memfd in an
+environment variable so post-exec QEMU can find it.
+
+These new functions are called in a subsequent patch.
+
+Signed-off-by: Steve Sistare <steven.sistare@oracle.com>
+Link: https://lore.kernel.org/r/1759332851-370353-6-git-send-email-steven.sistare@oracle.com
+[peterx: fix build for Windows]
+Signed-off-by: Peter Xu <peterx@redhat.com>
+---
+ include/migration/cpr.h | 5 +++
+ migration/cpr-exec.c | 99 +++++++++++++++++++++++++++++++++++++++++
+ migration/meson.build | 1 +
+ 3 files changed, 105 insertions(+)
+ create mode 100644 migration/cpr-exec.c
+
+diff --git a/include/migration/cpr.h b/include/migration/cpr.h
+index 2b074d7a65..b84389ff04 100644
+--- a/include/migration/cpr.h
++++ b/include/migration/cpr.h
+@@ -53,4 +53,9 @@ int cpr_get_fd_param(const char *name, const char *fdname, int index,
+ QEMUFile *cpr_transfer_output(MigrationChannel *channel, Error **errp);
+ QEMUFile *cpr_transfer_input(MigrationChannel *channel, Error **errp);
+
++QEMUFile *cpr_exec_output(Error **errp);
++QEMUFile *cpr_exec_input(Error **errp);
++void cpr_exec_persist_state(QEMUFile *f);
++bool cpr_exec_has_state(void);
++void cpr_exec_unpersist_state(void);
+ #endif
+diff --git a/migration/cpr-exec.c b/migration/cpr-exec.c
+new file mode 100644
+index 0000000000..81d84425e1
+--- /dev/null
++++ b/migration/cpr-exec.c
+@@ -0,0 +1,99 @@
++/*
++ * Copyright (c) 2021-2025 Oracle and/or its affiliates.
++ *
++ * SPDX-License-Identifier: GPL-2.0-or-later
++ */
++
++#include "qemu/osdep.h"
++#include "qemu/cutils.h"
++#include "qemu/memfd.h"
++#include "qapi/error.h"
++#include "io/channel-file.h"
++#include "io/channel-socket.h"
++#include "migration/cpr.h"
++#include "migration/qemu-file.h"
++#include "migration/misc.h"
++#include "migration/vmstate.h"
++#include "system/runstate.h"
++
++#define CPR_EXEC_STATE_NAME "QEMU_CPR_EXEC_STATE"
++
++static QEMUFile *qemu_file_new_fd_input(int fd, const char *name)
++{
++ g_autoptr(QIOChannelFile) fioc = qio_channel_file_new_fd(fd);
++ QIOChannel *ioc = QIO_CHANNEL(fioc);
++ qio_channel_set_name(ioc, name);
++ return qemu_file_new_input(ioc);
++}
++
++static QEMUFile *qemu_file_new_fd_output(int fd, const char *name)
++{
++ g_autoptr(QIOChannelFile) fioc = qio_channel_file_new_fd(fd);
++ QIOChannel *ioc = QIO_CHANNEL(fioc);
++ qio_channel_set_name(ioc, name);
++ return qemu_file_new_output(ioc);
++}
++
++void cpr_exec_persist_state(QEMUFile *f)
++{
++ QIOChannelFile *fioc = QIO_CHANNEL_FILE(qemu_file_get_ioc(f));
++ int mfd = dup(fioc->fd);
++ char val[16];
++
++ /* Remember mfd in environment for post-exec load */
++ qemu_clear_cloexec(mfd);
++ snprintf(val, sizeof(val), "%d", mfd);
++ g_setenv(CPR_EXEC_STATE_NAME, val, 1);
++}
++
++static int cpr_exec_find_state(void)
++{
++ const char *val = g_getenv(CPR_EXEC_STATE_NAME);
++ int mfd;
++
++ assert(val);
++ g_unsetenv(CPR_EXEC_STATE_NAME);
++ assert(!qemu_strtoi(val, NULL, 10, &mfd));
++ return mfd;
++}
++
++bool cpr_exec_has_state(void)
++{
++ return g_getenv(CPR_EXEC_STATE_NAME) != NULL;
++}
++
++void cpr_exec_unpersist_state(void)
++{
++ int mfd;
++ const char *val = g_getenv(CPR_EXEC_STATE_NAME);
++
++ g_unsetenv(CPR_EXEC_STATE_NAME);
++ assert(val);
++ assert(!qemu_strtoi(val, NULL, 10, &mfd));
++ close(mfd);
++}
++
++QEMUFile *cpr_exec_output(Error **errp)
++{
++ int mfd;
++
++#ifdef CONFIG_LINUX
++ mfd = qemu_memfd_create(CPR_EXEC_STATE_NAME, 0, false, 0, 0, errp);
++#else
++ mfd = -1;
++#endif
++
++ if (mfd < 0) {
++ return NULL;
++ }
++
++ return qemu_file_new_fd_output(mfd, CPR_EXEC_STATE_NAME);
++}
++
++QEMUFile *cpr_exec_input(Error **errp)
++{
++ int mfd = cpr_exec_find_state();
++
++ lseek(mfd, 0, SEEK_SET);
++ return qemu_file_new_fd_input(mfd, CPR_EXEC_STATE_NAME);
++}
+diff --git a/migration/meson.build b/migration/meson.build
+index 276da3be5a..6087ccc733 100644
+--- a/migration/meson.build
++++ b/migration/meson.build
+@@ -16,6 +16,7 @@ system_ss.add(files(
+ 'channel-block.c',
+ 'cpr.c',
+ 'cpr-transfer.c',
++ 'cpr-exec.c',
+ 'cpu-throttle.c',
+ 'dirtyrate.c',
+ 'exec.c',
+--
+2.52.0
+
diff --git a/kvm-migration-multi-mode-notifier.patch b/kvm-migration-multi-mode-notifier.patch
new file mode 100644
index 0000000..a812546
--- /dev/null
+++ b/kvm-migration-multi-mode-notifier.patch
@@ -0,0 +1,157 @@
+From 277f2e9a68f401cf6d9cd95ba79d864f6573cb53 Mon Sep 17 00:00:00 2001
+From: Steve Sistare <steven.sistare@oracle.com>
+Date: Wed, 1 Oct 2025 08:33:53 -0700
+Subject: [PATCH 088/116] migration: multi-mode notifier
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [72/100] 79ea99ab507d32395539eaa44766091af09876aa (rovick1/qemu-kvm)
+
+Allow a notifier to be added for multiple migration modes.
+To allow a notifier to appear on multiple per-node lists, use
+a generic list type. We can no longer use NotifierWithReturnList,
+because it shoe horns the notifier onto a single list.
+
+Signed-off-by: Steve Sistare <steven.sistare@oracle.com>
+Reviewed-by: Fabiano Rosas <farosas@suse.de>
+Link: https://lore.kernel.org/r/1759332851-370353-2-git-send-email-steven.sistare@oracle.com
+Signed-off-by: Peter Xu <peterx@redhat.com>
+---
+ include/migration/misc.h | 12 ++++++++
+ migration/migration.c | 60 +++++++++++++++++++++++++++++++---------
+ 2 files changed, 59 insertions(+), 13 deletions(-)
+
+diff --git a/include/migration/misc.h b/include/migration/misc.h
+index a261f99d89..592b93021e 100644
+--- a/include/migration/misc.h
++++ b/include/migration/misc.h
+@@ -95,7 +95,19 @@ void migration_add_notifier(NotifierWithReturn *notify,
+ void migration_add_notifier_mode(NotifierWithReturn *notify,
+ MigrationNotifyFunc func, MigMode mode);
+
++/*
++ * Same as migration_add_notifier, but applies to all @mode in the argument
++ * list. The list is terminated by -1 or MIG_MODE_ALL. For the latter,
++ * the notifier is added for all modes.
++ */
++void migration_add_notifier_modes(NotifierWithReturn *notify,
++ MigrationNotifyFunc func, MigMode mode, ...);
++
++/*
++ * Remove a notifier from all modes.
++ */
+ void migration_remove_notifier(NotifierWithReturn *notify);
++
+ void migration_file_set_error(int ret, Error *err);
+
+ /* True if incoming migration entered POSTCOPY_INCOMING_DISCARD */
+diff --git a/migration/migration.c b/migration/migration.c
+index 10c216d25d..08a98f74ef 100644
+--- a/migration/migration.c
++++ b/migration/migration.c
+@@ -74,11 +74,7 @@
+
+ #define INMIGRATE_DEFAULT_EXIT_ON_ERROR true
+
+-static NotifierWithReturnList migration_state_notifiers[] = {
+- NOTIFIER_ELEM_INIT(migration_state_notifiers, MIG_MODE_NORMAL),
+- NOTIFIER_ELEM_INIT(migration_state_notifiers, MIG_MODE_CPR_REBOOT),
+- NOTIFIER_ELEM_INIT(migration_state_notifiers, MIG_MODE_CPR_TRANSFER),
+-};
++static GSList *migration_state_notifiers[MIG_MODE__MAX];
+
+ /* Messages sent on the return path from destination to source */
+ enum mig_rp_message_type {
+@@ -1665,23 +1661,51 @@ void migration_cancel(void)
+ }
+ }
+
++static int get_modes(MigMode mode, va_list ap);
++
++static void add_notifiers(NotifierWithReturn *notify, int modes)
++{
++ for (MigMode mode = 0; mode < MIG_MODE__MAX; mode++) {
++ if (modes & BIT(mode)) {
++ migration_state_notifiers[mode] =
++ g_slist_prepend(migration_state_notifiers[mode], notify);
++ }
++ }
++}
++
++void migration_add_notifier_modes(NotifierWithReturn *notify,
++ MigrationNotifyFunc func, MigMode mode, ...)
++{
++ int modes;
++ va_list ap;
++
++ va_start(ap, mode);
++ modes = get_modes(mode, ap);
++ va_end(ap);
++
++ notify->notify = (NotifierWithReturnFunc)func;
++ add_notifiers(notify, modes);
++}
++
+ void migration_add_notifier_mode(NotifierWithReturn *notify,
+ MigrationNotifyFunc func, MigMode mode)
+ {
+- notify->notify = (NotifierWithReturnFunc)func;
+- notifier_with_return_list_add(&migration_state_notifiers[mode], notify);
++ migration_add_notifier_modes(notify, func, mode, -1);
+ }
+
+ void migration_add_notifier(NotifierWithReturn *notify,
+ MigrationNotifyFunc func)
+ {
+- migration_add_notifier_mode(notify, func, MIG_MODE_NORMAL);
++ migration_add_notifier_modes(notify, func, MIG_MODE_NORMAL, -1);
+ }
+
+ void migration_remove_notifier(NotifierWithReturn *notify)
+ {
+ if (notify->notify) {
+- notifier_with_return_remove(notify);
++ for (MigMode mode = 0; mode < MIG_MODE__MAX; mode++) {
++ migration_blockers[mode] =
++ g_slist_remove(migration_state_notifiers[mode], notify);
++ }
+ notify->notify = NULL;
+ }
+ }
+@@ -1691,13 +1715,23 @@ int migration_call_notifiers(MigrationState *s, MigrationEventType type,
+ {
+ MigMode mode = s->parameters.mode;
+ MigrationEvent e;
++ NotifierWithReturn *notifier;
++ GSList *elem, *next;
+ int ret;
+
+ e.type = type;
+- ret = notifier_with_return_list_notify(&migration_state_notifiers[mode],
+- &e, errp);
+- assert(!ret || type == MIG_EVENT_PRECOPY_SETUP);
+- return ret;
++
++ for (elem = migration_state_notifiers[mode]; elem; elem = next) {
++ next = elem->next;
++ notifier = (NotifierWithReturn *)elem->data;
++ ret = notifier->notify(notifier, &e, errp);
++ if (ret) {
++ assert(type == MIG_EVENT_PRECOPY_SETUP);
++ return ret;
++ }
++ }
++
++ return 0;
+ }
+
+ bool migration_has_failed(MigrationState *s)
+--
+2.52.0
+
diff --git a/kvm-migration-push-Error-errp-into-vmstate_load_state.patch b/kvm-migration-push-Error-errp-into-vmstate_load_state.patch
new file mode 100644
index 0000000..e873214
--- /dev/null
+++ b/kvm-migration-push-Error-errp-into-vmstate_load_state.patch
@@ -0,0 +1,740 @@
+From 0f7971ace7c47bc892f7814e3acada9c3f6ef339 Mon Sep 17 00:00:00 2001
+From: Arun Menon <armenon@redhat.com>
+Date: Thu, 18 Sep 2025 20:53:19 +0530
+Subject: [PATCH 086/116] migration: push Error **errp into
+ vmstate_load_state()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [70/100] a8ab3ad230d8f1256d992420f902562e5d39b740 (rovick1/qemu-kvm)
+
+This is an incremental step in converting vmstate loading
+code to report error via Error objects instead of directly
+printing it to console/monitor.
+It is ensured that vmstate_load_state() must report an error
+in errp, in case of failure.
+
+The errors are temporarily reported using error_report_err().
+This is removed in the subsequent patches in this series,
+when we are actually able to propagate the error to the calling
+function using errp. Whereas, if we want the function to exit on
+error, then error_fatal is passed.
+
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Reviewed-by: Fabiano Rosas <farosas@suse.de>
+Signed-off-by: Arun Menon <armenon@redhat.com>
+Tested-by: Fabiano Rosas <farosas@suse.de>
+Reviewed-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
+Link: https://lore.kernel.org/r/20250918-propagate_tpm_error-v14-2-36f11a6fb9d3@redhat.com
+Signed-off-by: Peter Xu <peterx@redhat.com>
+(cherry picked from commit c632ffbd74a497e88bbb4e4d55a357055eae6f47)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/display/virtio-gpu.c | 2 +-
+ hw/pci/pci.c | 3 +-
+ hw/s390x/virtio-ccw.c | 2 +-
+ hw/scsi/spapr_vscsi.c | 4 ++-
+ hw/vfio/pci.c | 5 ++-
+ hw/virtio/virtio-mmio.c | 3 +-
+ hw/virtio/virtio-pci.c | 2 +-
+ hw/virtio/virtio.c | 7 +++--
+ include/migration/vmstate.h | 2 +-
+ migration/cpr.c | 3 +-
+ migration/savevm.c | 8 +++--
+ migration/vmstate-types.c | 28 ++++++++++-------
+ migration/vmstate.c | 61 +++++++++++++++++++++++------------
+ tests/unit/test-vmstate.c | 63 +++++++++++++++++++++++++++++++------
+ ui/vdagent.c | 5 ++-
+ 15 files changed, 143 insertions(+), 55 deletions(-)
+
+diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
+index 0a1a625b0e..5dc31bc6bf 100644
+--- a/hw/display/virtio-gpu.c
++++ b/hw/display/virtio-gpu.c
+@@ -1343,7 +1343,7 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size,
+ }
+
+ /* load & apply scanout state */
+- vmstate_load_state(f, &vmstate_virtio_gpu_scanouts, g, 1);
++ vmstate_load_state(f, &vmstate_virtio_gpu_scanouts, g, 1, &error_fatal);
+
+ return 0;
+ }
+diff --git a/hw/pci/pci.c b/hw/pci/pci.c
+index d2ebb066e1..5b37b70815 100644
+--- a/hw/pci/pci.c
++++ b/hw/pci/pci.c
+@@ -934,7 +934,8 @@ void pci_device_save(PCIDevice *s, QEMUFile *f)
+ int pci_device_load(PCIDevice *s, QEMUFile *f)
+ {
+ int ret;
+- ret = vmstate_load_state(f, &vmstate_pci_device, s, s->version_id);
++ ret = vmstate_load_state(f, &vmstate_pci_device, s, s->version_id,
++ &error_fatal);
+ /* Restore the interrupt status bit. */
+ pci_update_irq_status(s);
+ return ret;
+diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
+index d2f85b39f3..6a9641a03d 100644
+--- a/hw/s390x/virtio-ccw.c
++++ b/hw/s390x/virtio-ccw.c
+@@ -1136,7 +1136,7 @@ static void virtio_ccw_save_config(DeviceState *d, QEMUFile *f)
+ static int virtio_ccw_load_config(DeviceState *d, QEMUFile *f)
+ {
+ VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(d);
+- return vmstate_load_state(f, &vmstate_virtio_ccw_dev, dev, 1);
++ return vmstate_load_state(f, &vmstate_virtio_ccw_dev, dev, 1, &error_fatal);
+ }
+
+ static void virtio_ccw_pre_plugged(DeviceState *d, Error **errp)
+diff --git a/hw/scsi/spapr_vscsi.c b/hw/scsi/spapr_vscsi.c
+index 20f70fb272..da173f4867 100644
+--- a/hw/scsi/spapr_vscsi.c
++++ b/hw/scsi/spapr_vscsi.c
+@@ -642,15 +642,17 @@ static void *vscsi_load_request(QEMUFile *f, SCSIRequest *sreq)
+ VSCSIState *s = VIO_SPAPR_VSCSI_DEVICE(bus->qbus.parent);
+ vscsi_req *req;
+ int rc;
++ Error *local_err = NULL;
+
+ assert(sreq->tag < VSCSI_REQ_LIMIT);
+ req = &s->reqs[sreq->tag];
+ assert(!req->active);
+
+ memset(req, 0, sizeof(*req));
+- rc = vmstate_load_state(f, &vmstate_spapr_vscsi_req, req, 1);
++ rc = vmstate_load_state(f, &vmstate_spapr_vscsi_req, req, 1, &local_err);
+ if (rc) {
+ fprintf(stderr, "VSCSI: failed loading request tag#%u\n", sreq->tag);
++ error_report_err(local_err);
+ return NULL;
+ }
+ assert(req->active);
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index c34ed85d5e..f696e8116f 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -2834,13 +2834,16 @@ static int vfio_pci_load_config(VFIODevice *vbasedev, QEMUFile *f)
+ PCIDevice *pdev = PCI_DEVICE(vdev);
+ pcibus_t old_addr[PCI_NUM_REGIONS - 1];
+ int bar, ret;
++ Error *local_err = NULL;
+
+ for (bar = 0; bar < PCI_ROM_SLOT; bar++) {
+ old_addr[bar] = pdev->io_regions[bar].addr;
+ }
+
+- ret = vmstate_load_state(f, &vmstate_vfio_pci_config, vdev, 1);
++ ret = vmstate_load_state(f, &vmstate_vfio_pci_config, vdev, 1,
++ &local_err);
+ if (ret) {
++ error_report_err(local_err);
+ return ret;
+ }
+
+diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c
+index 532c67107b..0a688909fc 100644
+--- a/hw/virtio/virtio-mmio.c
++++ b/hw/virtio/virtio-mmio.c
+@@ -34,6 +34,7 @@
+ #include "qemu/error-report.h"
+ #include "qemu/log.h"
+ #include "trace.h"
++#include "qapi/error.h"
+
+ static bool virtio_mmio_ioeventfd_enabled(DeviceState *d)
+ {
+@@ -619,7 +620,7 @@ static int virtio_mmio_load_extra_state(DeviceState *opaque, QEMUFile *f)
+ {
+ VirtIOMMIOProxy *proxy = VIRTIO_MMIO(opaque);
+
+- return vmstate_load_state(f, &vmstate_virtio_mmio, proxy, 1);
++ return vmstate_load_state(f, &vmstate_virtio_mmio, proxy, 1, &error_fatal);
+ }
+
+ static bool virtio_mmio_has_extra_state(DeviceState *opaque)
+diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
+index d38d0a5e9a..ae875bd108 100644
+--- a/hw/virtio/virtio-pci.c
++++ b/hw/virtio/virtio-pci.c
+@@ -195,7 +195,7 @@ static int virtio_pci_load_extra_state(DeviceState *d, QEMUFile *f)
+ {
+ VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d);
+
+- return vmstate_load_state(f, &vmstate_virtio_pci, proxy, 1);
++ return vmstate_load_state(f, &vmstate_virtio_pci, proxy, 1, &error_fatal);
+ }
+
+ static void virtio_pci_save_queue(DeviceState *d, int n, QEMUFile *f)
+diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
+index 34f977a3c9..e6cbbc8624 100644
+--- a/hw/virtio/virtio.c
++++ b/hw/virtio/virtio.c
+@@ -3278,6 +3278,7 @@ virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
+ BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
+ VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev);
++ Error *local_err = NULL;
+
+ /*
+ * We poison the endianness to ensure it does not get used before
+@@ -3370,15 +3371,17 @@ virtio_load(VirtIODevice *vdev, QEMUFile *f, int version_id)
+ }
+
+ if (vdc->vmsd) {
+- ret = vmstate_load_state(f, vdc->vmsd, vdev, version_id);
++ ret = vmstate_load_state(f, vdc->vmsd, vdev, version_id, &local_err);
+ if (ret) {
++ error_report_err(local_err);
+ return ret;
+ }
+ }
+
+ /* Subsections */
+- ret = vmstate_load_state(f, &vmstate_virtio, vdev, 1);
++ ret = vmstate_load_state(f, &vmstate_virtio, vdev, 1, &local_err);
+ if (ret) {
++ error_report_err(local_err);
+ return ret;
+ }
+
+diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
+index ef2f0c5c93..b9a41cc38a 100644
+--- a/include/migration/vmstate.h
++++ b/include/migration/vmstate.h
+@@ -1206,7 +1206,7 @@ extern const VMStateInfo vmstate_info_qlist;
+ }
+
+ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd,
+- void *opaque, int version_id);
++ void *opaque, int version_id, Error **errp);
+ int vmstate_save_state(QEMUFile *f, const VMStateDescription *vmsd,
+ void *opaque, JSONWriter *vmdesc);
+ int vmstate_save_state_with_err(QEMUFile *f, const VMStateDescription *vmsd,
+diff --git a/migration/cpr.c b/migration/cpr.c
+index 42ad0b0d50..8abb6db76d 100644
+--- a/migration/cpr.c
++++ b/migration/cpr.c
+@@ -233,9 +233,8 @@ int cpr_state_load(MigrationChannel *channel, Error **errp)
+ return -ENOTSUP;
+ }
+
+- ret = vmstate_load_state(f, &vmstate_cpr_state, &cpr_state, 1);
++ ret = vmstate_load_state(f, &vmstate_cpr_state, &cpr_state, 1, errp);
+ if (ret) {
+- error_setg(errp, "vmstate_load_state error %d", ret);
+ qemu_fclose(f);
+ return ret;
+ }
+diff --git a/migration/savevm.c b/migration/savevm.c
+index fabbeb296a..f5a1ab9101 100644
+--- a/migration/savevm.c
++++ b/migration/savevm.c
+@@ -969,7 +969,8 @@ static int vmstate_load(QEMUFile *f, SaveStateEntry *se)
+ if (!se->vmsd) { /* Old style */
+ return se->ops->load_state(f, se->opaque, se->load_version_id);
+ }
+- return vmstate_load_state(f, se->vmsd, se->opaque, se->load_version_id);
++ return vmstate_load_state(f, se->vmsd, se->opaque, se->load_version_id,
++ &error_fatal);
+ }
+
+ static void vmstate_save_old_style(QEMUFile *f, SaveStateEntry *se,
+@@ -2817,6 +2818,7 @@ static int qemu_loadvm_state_header(QEMUFile *f)
+ {
+ unsigned int v;
+ int ret;
++ Error *local_err = NULL;
+
+ v = qemu_get_be32(f);
+ if (v != QEMU_VM_FILE_MAGIC) {
+@@ -2839,9 +2841,11 @@ static int qemu_loadvm_state_header(QEMUFile *f)
+ error_report("Configuration section missing");
+ return -EINVAL;
+ }
+- ret = vmstate_load_state(f, &vmstate_configuration, &savevm_state, 0);
++ ret = vmstate_load_state(f, &vmstate_configuration, &savevm_state, 0,
++ &local_err);
+
+ if (ret) {
++ error_report_err(local_err);
+ return ret;
+ }
+ }
+diff --git a/migration/vmstate-types.c b/migration/vmstate-types.c
+index 741a588b7e..c5cfd861e3 100644
+--- a/migration/vmstate-types.c
++++ b/migration/vmstate-types.c
+@@ -19,6 +19,7 @@
+ #include "qemu/error-report.h"
+ #include "qemu/queue.h"
+ #include "trace.h"
++#include "qapi/error.h"
+
+ /* bool */
+
+@@ -543,13 +544,17 @@ static int get_tmp(QEMUFile *f, void *pv, size_t size,
+ const VMStateField *field)
+ {
+ int ret;
++ Error *local_err = NULL;
+ const VMStateDescription *vmsd = field->vmsd;
+ int version_id = field->version_id;
+ void *tmp = g_malloc(size);
+
+ /* Writes the parent field which is at the start of the tmp */
+ *(void **)tmp = pv;
+- ret = vmstate_load_state(f, vmsd, tmp, version_id);
++ ret = vmstate_load_state(f, vmsd, tmp, version_id, &local_err);
++ if (ret < 0) {
++ error_report_err(local_err);
++ }
+ g_free(tmp);
+ return ret;
+ }
+@@ -626,6 +631,7 @@ static int get_qtailq(QEMUFile *f, void *pv, size_t unused_size,
+ const VMStateField *field)
+ {
+ int ret = 0;
++ Error *local_err = NULL;
+ const VMStateDescription *vmsd = field->vmsd;
+ /* size of a QTAILQ element */
+ size_t size = field->size;
+@@ -649,8 +655,9 @@ static int get_qtailq(QEMUFile *f, void *pv, size_t unused_size,
+
+ while (qemu_get_byte(f)) {
+ elm = g_malloc(size);
+- ret = vmstate_load_state(f, vmsd, elm, version_id);
++ ret = vmstate_load_state(f, vmsd, elm, version_id, &local_err);
+ if (ret) {
++ error_report_err(local_err);
+ return ret;
+ }
+ QTAILQ_RAW_INSERT_TAIL(pv, elm, entry_offset);
+@@ -772,6 +779,7 @@ static int get_gtree(QEMUFile *f, void *pv, size_t unused_size,
+ GTree *tree = *pval;
+ void *key, *val;
+ int ret = 0;
++ Error *local_err = NULL;
+
+ /* in case of direct key, the key vmsd can be {}, ie. check fields */
+ if (!direct_key && version_id > key_vmsd->version_id) {
+@@ -803,18 +811,16 @@ static int get_gtree(QEMUFile *f, void *pv, size_t unused_size,
+ key = (void *)(uintptr_t)qemu_get_be64(f);
+ } else {
+ key = g_malloc0(key_size);
+- ret = vmstate_load_state(f, key_vmsd, key, version_id);
++ ret = vmstate_load_state(f, key_vmsd, key, version_id, &local_err);
+ if (ret) {
+- error_report("%s : failed to load %s (%d)",
+- field->name, key_vmsd->name, ret);
++ error_report_err(local_err);
+ goto key_error;
+ }
+ }
+ val = g_malloc0(val_size);
+- ret = vmstate_load_state(f, val_vmsd, val, version_id);
++ ret = vmstate_load_state(f, val_vmsd, val, version_id, &local_err);
+ if (ret) {
+- error_report("%s : failed to load %s (%d)",
+- field->name, val_vmsd->name, ret);
++ error_report_err(local_err);
+ goto val_error;
+ }
+ g_tree_insert(tree, key, val);
+@@ -872,6 +878,7 @@ static int get_qlist(QEMUFile *f, void *pv, size_t unused_size,
+ const VMStateField *field)
+ {
+ int ret = 0;
++ Error *local_err = NULL;
+ const VMStateDescription *vmsd = field->vmsd;
+ /* size of a QLIST element */
+ size_t size = field->size;
+@@ -892,10 +899,9 @@ static int get_qlist(QEMUFile *f, void *pv, size_t unused_size,
+
+ while (qemu_get_byte(f)) {
+ elm = g_malloc(size);
+- ret = vmstate_load_state(f, vmsd, elm, version_id);
++ ret = vmstate_load_state(f, vmsd, elm, version_id, &local_err);
+ if (ret) {
+- error_report("%s: failed to load %s (%d)", field->name,
+- vmsd->name, ret);
++ error_report_err(local_err);
+ g_free(elm);
+ return ret;
+ }
+diff --git a/migration/vmstate.c b/migration/vmstate.c
+index 08f2b562e3..8d1e9eb62b 100644
+--- a/migration/vmstate.c
++++ b/migration/vmstate.c
+@@ -132,30 +132,33 @@ static void vmstate_handle_alloc(void *ptr, const VMStateField *field,
+ }
+
+ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd,
+- void *opaque, int version_id)
++ void *opaque, int version_id, Error **errp)
+ {
+ const VMStateField *field = vmsd->fields;
+ int ret = 0;
+- Error *local_err = NULL;
+
+ trace_vmstate_load_state(vmsd->name, version_id);
+ if (version_id > vmsd->version_id) {
+- error_report("%s: incoming version_id %d is too new "
+- "for local version_id %d",
+- vmsd->name, version_id, vmsd->version_id);
++ error_setg(errp, "%s: incoming version_id %d is too new "
++ "for local version_id %d",
++ vmsd->name, version_id, vmsd->version_id);
+ trace_vmstate_load_state_end(vmsd->name, "too new", -EINVAL);
+ return -EINVAL;
+ }
+ if (version_id < vmsd->minimum_version_id) {
+- error_report("%s: incoming version_id %d is too old "
+- "for local minimum version_id %d",
+- vmsd->name, version_id, vmsd->minimum_version_id);
++ error_setg(errp, "%s: incoming version_id %d is too old "
++ "for local minimum version_id %d",
++ vmsd->name, version_id, vmsd->minimum_version_id);
+ trace_vmstate_load_state_end(vmsd->name, "too old", -EINVAL);
+ return -EINVAL;
+ }
+ if (vmsd->pre_load) {
+ ret = vmsd->pre_load(opaque);
+ if (ret) {
++ error_setg(errp, "pre load hook failed for: '%s', "
++ "version_id: %d, minimum version_id: %d, ret: %d",
++ vmsd->name, vmsd->version_id, vmsd->minimum_version_id,
++ ret);
+ return ret;
+ }
+ }
+@@ -193,13 +196,21 @@ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd,
+
+ if (inner_field->flags & VMS_STRUCT) {
+ ret = vmstate_load_state(f, inner_field->vmsd, curr_elem,
+- inner_field->vmsd->version_id);
++ inner_field->vmsd->version_id,
++ errp);
+ } else if (inner_field->flags & VMS_VSTRUCT) {
+ ret = vmstate_load_state(f, inner_field->vmsd, curr_elem,
+- inner_field->struct_version_id);
++ inner_field->struct_version_id,
++ errp);
+ } else {
+ ret = inner_field->info->get(f, curr_elem, size,
+ inner_field);
++ if (ret < 0) {
++ error_setg(errp,
++ "Failed to load element of type %s for %s: "
++ "%d", inner_field->info->name,
++ inner_field->name, ret);
++ }
+ }
+
+ /* If we used a fake temp field.. free it now */
+@@ -209,31 +220,40 @@ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd,
+
+ if (ret >= 0) {
+ ret = qemu_file_get_error(f);
++ if (ret < 0) {
++ error_setg(errp,
++ "Failed to load %s state: stream error: %d",
++ vmsd->name, ret);
++ }
+ }
+ if (ret < 0) {
+ qemu_file_set_error(f, ret);
+- error_report("Failed to load %s:%s", vmsd->name,
+- field->name);
+ trace_vmstate_load_field_error(field->name, ret);
+ return ret;
+ }
+ }
+ } else if (field->flags & VMS_MUST_EXIST) {
+- error_report("Input validation failed: %s/%s",
+- vmsd->name, field->name);
++ error_setg(errp, "Input validation failed: %s/%s version_id: %d",
++ vmsd->name, field->name, vmsd->version_id);
+ return -1;
+ }
+ field++;
+ }
+ assert(field->flags == VMS_END);
+- ret = vmstate_subsection_load(f, vmsd, opaque, &local_err);
++ ret = vmstate_subsection_load(f, vmsd, opaque, errp);
+ if (ret != 0) {
+ qemu_file_set_error(f, ret);
+- error_report_err(local_err);
+ return ret;
+ }
+ if (vmsd->post_load) {
+ ret = vmsd->post_load(opaque, version_id);
++ if (ret < 0) {
++ error_setg(errp,
++ "post load hook failed for: %s, version_id: %d, "
++ "minimum_version: %d, ret: %d",
++ vmsd->name, vmsd->version_id, vmsd->minimum_version_id,
++ ret);
++ }
+ }
+ trace_vmstate_load_state_end(vmsd->name, "end", ret);
+ return ret;
+@@ -570,6 +590,7 @@ vmstate_get_subsection(const VMStateDescription * const *sub,
+ static int vmstate_subsection_load(QEMUFile *f, const VMStateDescription *vmsd,
+ void *opaque, Error **errp)
+ {
++ ERRP_GUARD();
+ trace_vmstate_subsection_load(vmsd->name);
+
+ while (qemu_peek_byte(f, 0) == QEMU_VM_SUBSECTION) {
+@@ -609,12 +630,12 @@ static int vmstate_subsection_load(QEMUFile *f, const VMStateDescription *vmsd,
+ qemu_file_skip(f, len); /* idstr */
+ version_id = qemu_get_be32(f);
+
+- ret = vmstate_load_state(f, sub_vmsd, opaque, version_id);
++ ret = vmstate_load_state(f, sub_vmsd, opaque, version_id, errp);
+ if (ret) {
+ trace_vmstate_subsection_load_bad(vmsd->name, idstr, "(child)");
+- error_setg(errp,
+- "Loading VM subsection '%s' in '%s' failed: %d",
+- idstr, vmsd->name, ret);
++ error_prepend(errp,
++ "Loading VM subsection '%s' in '%s' failed: %d: ",
++ idstr, vmsd->name, ret);
+ return ret;
+ }
+ }
+diff --git a/tests/unit/test-vmstate.c b/tests/unit/test-vmstate.c
+index 63f28f26f4..4ff0ab632f 100644
+--- a/tests/unit/test-vmstate.c
++++ b/tests/unit/test-vmstate.c
+@@ -30,6 +30,7 @@
+ #include "../migration/savevm.h"
+ #include "qemu/module.h"
+ #include "io/channel-file.h"
++#include "qapi/error.h"
+
+ static int temp_fd;
+
+@@ -108,14 +109,16 @@ static int load_vmstate_one(const VMStateDescription *desc, void *obj,
+ {
+ QEMUFile *f;
+ int ret;
++ Error *local_err = NULL;
+
+ f = open_test_file(true);
+ qemu_put_buffer(f, wire, size);
+ qemu_fclose(f);
+
+ f = open_test_file(false);
+- ret = vmstate_load_state(f, desc, obj, version);
++ ret = vmstate_load_state(f, desc, obj, version, &local_err);
+ if (ret) {
++ error_report_err(local_err);
+ g_assert(qemu_file_get_error(f));
+ } else{
+ g_assert(!qemu_file_get_error(f));
+@@ -355,6 +358,8 @@ static const VMStateDescription vmstate_versioned = {
+
+ static void test_load_v1(void)
+ {
++ Error *local_err = NULL;
++ int ret;
+ uint8_t buf[] = {
+ 0, 0, 0, 10, /* a */
+ 0, 0, 0, 30, /* c */
+@@ -365,7 +370,10 @@ static void test_load_v1(void)
+
+ QEMUFile *loading = open_test_file(false);
+ TestStruct obj = { .b = 200, .e = 500, .f = 600 };
+- vmstate_load_state(loading, &vmstate_versioned, &obj, 1);
++ ret = vmstate_load_state(loading, &vmstate_versioned, &obj, 1, &local_err);
++ if (ret < 0) {
++ error_report_err(local_err);
++ }
+ g_assert(!qemu_file_get_error(loading));
+ g_assert_cmpint(obj.a, ==, 10);
+ g_assert_cmpint(obj.b, ==, 200);
+@@ -378,6 +386,8 @@ static void test_load_v1(void)
+
+ static void test_load_v2(void)
+ {
++ Error *local_err = NULL;
++ int ret;
+ uint8_t buf[] = {
+ 0, 0, 0, 10, /* a */
+ 0, 0, 0, 20, /* b */
+@@ -391,7 +401,10 @@ static void test_load_v2(void)
+
+ QEMUFile *loading = open_test_file(false);
+ TestStruct obj;
+- vmstate_load_state(loading, &vmstate_versioned, &obj, 2);
++ ret = vmstate_load_state(loading, &vmstate_versioned, &obj, 2, &local_err);
++ if (ret < 0) {
++ error_report_err(local_err);
++ }
+ g_assert_cmpint(obj.a, ==, 10);
+ g_assert_cmpint(obj.b, ==, 20);
+ g_assert_cmpint(obj.c, ==, 30);
+@@ -467,6 +480,8 @@ static void test_save_skip(void)
+
+ static void test_load_noskip(void)
+ {
++ Error *local_err = NULL;
++ int ret;
+ uint8_t buf[] = {
+ 0, 0, 0, 10, /* a */
+ 0, 0, 0, 20, /* b */
+@@ -480,7 +495,10 @@ static void test_load_noskip(void)
+
+ QEMUFile *loading = open_test_file(false);
+ TestStruct obj = { .skip_c_e = false };
+- vmstate_load_state(loading, &vmstate_skipping, &obj, 2);
++ ret = vmstate_load_state(loading, &vmstate_skipping, &obj, 2, &local_err);
++ if (ret < 0) {
++ error_report_err(local_err);
++ }
+ g_assert(!qemu_file_get_error(loading));
+ g_assert_cmpint(obj.a, ==, 10);
+ g_assert_cmpint(obj.b, ==, 20);
+@@ -493,6 +511,8 @@ static void test_load_noskip(void)
+
+ static void test_load_skip(void)
+ {
++ Error *local_err = NULL;
++ int ret;
+ uint8_t buf[] = {
+ 0, 0, 0, 10, /* a */
+ 0, 0, 0, 20, /* b */
+@@ -504,7 +524,10 @@ static void test_load_skip(void)
+
+ QEMUFile *loading = open_test_file(false);
+ TestStruct obj = { .skip_c_e = true, .c = 300, .e = 500 };
+- vmstate_load_state(loading, &vmstate_skipping, &obj, 2);
++ ret = vmstate_load_state(loading, &vmstate_skipping, &obj, 2, &local_err);
++ if (ret < 0) {
++ error_report_err(local_err);
++ }
+ g_assert(!qemu_file_get_error(loading));
+ g_assert_cmpint(obj.a, ==, 10);
+ g_assert_cmpint(obj.b, ==, 20);
+@@ -744,6 +767,8 @@ static void test_save_q(void)
+
+ static void test_load_q(void)
+ {
++ int ret;
++ Error *local_err = NULL;
+ TestQtailq obj_q = {
+ .i16 = -512,
+ .i32 = 70000,
+@@ -773,7 +798,10 @@ static void test_load_q(void)
+ TestQtailq tgt;
+
+ QTAILQ_INIT(&tgt.q);
+- vmstate_load_state(fload, &vmstate_q, &tgt, 1);
++ ret = vmstate_load_state(fload, &vmstate_q, &tgt, 1, &local_err);
++ if (ret < 0) {
++ error_report_err(local_err);
++ }
+ char eof = qemu_get_byte(fload);
+ g_assert(!qemu_file_get_error(fload));
+ g_assert_cmpint(tgt.i16, ==, obj_q.i16);
+@@ -1115,6 +1143,8 @@ static void diff_iommu(TestGTreeIOMMU *iommu1, TestGTreeIOMMU *iommu2)
+
+ static void test_gtree_load_domain(void)
+ {
++ Error *local_err = NULL;
++ int ret;
+ TestGTreeDomain *dest_domain = g_new0(TestGTreeDomain, 1);
+ TestGTreeDomain *orig_domain = create_first_domain();
+ QEMUFile *fload, *fsave;
+@@ -1127,7 +1157,11 @@ static void test_gtree_load_domain(void)
+
+ fload = open_test_file(false);
+
+- vmstate_load_state(fload, &vmstate_domain, dest_domain, 1);
++ ret = vmstate_load_state(fload, &vmstate_domain, dest_domain, 1,
++ &local_err);
++ if (ret < 0) {
++ error_report_err(local_err);
++ }
+ eof = qemu_get_byte(fload);
+ g_assert(!qemu_file_get_error(fload));
+ g_assert_cmpint(orig_domain->id, ==, dest_domain->id);
+@@ -1230,6 +1264,8 @@ static void test_gtree_save_iommu(void)
+
+ static void test_gtree_load_iommu(void)
+ {
++ Error *local_err = NULL;
++ int ret;
+ TestGTreeIOMMU *dest_iommu = g_new0(TestGTreeIOMMU, 1);
+ TestGTreeIOMMU *orig_iommu = create_iommu();
+ QEMUFile *fsave, *fload;
+@@ -1241,7 +1277,10 @@ static void test_gtree_load_iommu(void)
+ qemu_fclose(fsave);
+
+ fload = open_test_file(false);
+- vmstate_load_state(fload, &vmstate_iommu, dest_iommu, 1);
++ ret = vmstate_load_state(fload, &vmstate_iommu, dest_iommu, 1, &local_err);
++ if (ret < 0) {
++ error_report_err(local_err);
++ }
+ eof = qemu_get_byte(fload);
+ g_assert(!qemu_file_get_error(fload));
+ g_assert_cmpint(orig_iommu->id, ==, dest_iommu->id);
+@@ -1363,6 +1402,8 @@ static void test_save_qlist(void)
+
+ static void test_load_qlist(void)
+ {
++ Error *local_err = NULL;
++ int ret;
+ QEMUFile *fsave, *fload;
+ TestQListContainer *orig_container = alloc_container();
+ TestQListContainer *dest_container = g_new0(TestQListContainer, 1);
+@@ -1376,7 +1417,11 @@ static void test_load_qlist(void)
+ qemu_fclose(fsave);
+
+ fload = open_test_file(false);
+- vmstate_load_state(fload, &vmstate_container, dest_container, 1);
++ ret = vmstate_load_state(fload, &vmstate_container, dest_container, 1,
++ &local_err);
++ if (ret < 0) {
++ error_report_err(local_err);
++ }
+ eof = qemu_get_byte(fload);
+ g_assert(!qemu_file_get_error(fload));
+ g_assert_cmpint(eof, ==, QEMU_VM_EOF);
+diff --git a/ui/vdagent.c b/ui/vdagent.c
+index c0746fe5b1..bc3c77f013 100644
+--- a/ui/vdagent.c
++++ b/ui/vdagent.c
+@@ -1001,6 +1001,7 @@ static int get_cbinfo(QEMUFile *f, void *pv, size_t size,
+ VDAgentChardev *vd = QEMU_VDAGENT_CHARDEV(pv);
+ struct CBInfoArray cbinfo = {};
+ int i, ret;
++ Error *local_err = NULL;
+
+ if (!have_clipboard(vd)) {
+ return 0;
+@@ -1008,8 +1009,10 @@ static int get_cbinfo(QEMUFile *f, void *pv, size_t size,
+
+ vdagent_clipboard_peer_register(vd);
+
+- ret = vmstate_load_state(f, &vmstate_cbinfo_array, &cbinfo, 0);
++ ret = vmstate_load_state(f, &vmstate_cbinfo_array, &cbinfo, 0,
++ &local_err);
+ if (ret) {
++ error_report_err(local_err);
+ return ret;
+ }
+
+--
+2.52.0
+
diff --git a/kvm-migration-push-Error-errp-into-vmstate_subsection_lo.patch b/kvm-migration-push-Error-errp-into-vmstate_subsection_lo.patch
new file mode 100644
index 0000000..dc85919
--- /dev/null
+++ b/kvm-migration-push-Error-errp-into-vmstate_subsection_lo.patch
@@ -0,0 +1,104 @@
+From e11e10cd73c27ae4cc1589846dd3b04f6e99c842 Mon Sep 17 00:00:00 2001
+From: Arun Menon <armenon@redhat.com>
+Date: Thu, 18 Sep 2025 20:53:18 +0530
+Subject: [PATCH 085/116] migration: push Error **errp into
+ vmstate_subsection_load()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [69/100] 59881451411ab7db67f43a53706e5bb6c861eef1 (rovick1/qemu-kvm)
+
+This is an incremental step in converting vmstate loading
+code to report error via Error objects instead of directly
+printing it to console/monitor.
+It is ensured that vmstate_subsection_load() must report an error
+in errp, in case of failure.
+
+The errors are temporarily reported using error_report_err().
+This is removed in the subsequent patches in this series,
+when we are actually able to propagate the error to the calling
+function using errp.
+
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Reviewed-by: Fabiano Rosas <farosas@suse.de>
+Signed-off-by: Arun Menon <armenon@redhat.com>
+Tested-by: Fabiano Rosas <farosas@suse.de>
+Reviewed-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
+Link: https://lore.kernel.org/r/20250918-propagate_tpm_error-v14-1-36f11a6fb9d3@redhat.com
+Signed-off-by: Peter Xu <peterx@redhat.com>
+(cherry picked from commit 73b42fc58d035cb2fcfe90083d6b33aeb4fa1b2a)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ migration/vmstate.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/migration/vmstate.c b/migration/vmstate.c
+index 5feaa3244d..08f2b562e3 100644
+--- a/migration/vmstate.c
++++ b/migration/vmstate.c
+@@ -25,7 +25,7 @@ static int vmstate_subsection_save(QEMUFile *f, const VMStateDescription *vmsd,
+ void *opaque, JSONWriter *vmdesc,
+ Error **errp);
+ static int vmstate_subsection_load(QEMUFile *f, const VMStateDescription *vmsd,
+- void *opaque);
++ void *opaque, Error **errp);
+
+ /* Whether this field should exist for either save or load the VM? */
+ static bool
+@@ -136,6 +136,7 @@ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd,
+ {
+ const VMStateField *field = vmsd->fields;
+ int ret = 0;
++ Error *local_err = NULL;
+
+ trace_vmstate_load_state(vmsd->name, version_id);
+ if (version_id > vmsd->version_id) {
+@@ -225,9 +226,10 @@ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd,
+ field++;
+ }
+ assert(field->flags == VMS_END);
+- ret = vmstate_subsection_load(f, vmsd, opaque);
++ ret = vmstate_subsection_load(f, vmsd, opaque, &local_err);
+ if (ret != 0) {
+ qemu_file_set_error(f, ret);
++ error_report_err(local_err);
+ return ret;
+ }
+ if (vmsd->post_load) {
+@@ -566,7 +568,7 @@ vmstate_get_subsection(const VMStateDescription * const *sub,
+ }
+
+ static int vmstate_subsection_load(QEMUFile *f, const VMStateDescription *vmsd,
+- void *opaque)
++ void *opaque, Error **errp)
+ {
+ trace_vmstate_subsection_load(vmsd->name);
+
+@@ -598,6 +600,8 @@ static int vmstate_subsection_load(QEMUFile *f, const VMStateDescription *vmsd,
+ sub_vmsd = vmstate_get_subsection(vmsd->subsections, idstr);
+ if (sub_vmsd == NULL) {
+ trace_vmstate_subsection_load_bad(vmsd->name, idstr, "(lookup)");
++ error_setg(errp, "VM subsection '%s' in '%s' does not exist",
++ idstr, vmsd->name);
+ return -ENOENT;
+ }
+ qemu_file_skip(f, 1); /* subsection */
+@@ -608,6 +612,9 @@ static int vmstate_subsection_load(QEMUFile *f, const VMStateDescription *vmsd,
+ ret = vmstate_load_state(f, sub_vmsd, opaque, version_id);
+ if (ret) {
+ trace_vmstate_subsection_load_bad(vmsd->name, idstr, "(child)");
++ error_setg(errp,
++ "Loading VM subsection '%s' in '%s' failed: %d",
++ idstr, vmsd->name, ret);
+ return ret;
+ }
+ }
+--
+2.52.0
+
diff --git a/kvm-migration-set-correct-list-pointer-when-removing-not.patch b/kvm-migration-set-correct-list-pointer-when-removing-not.patch
new file mode 100644
index 0000000..9423341
--- /dev/null
+++ b/kvm-migration-set-correct-list-pointer-when-removing-not.patch
@@ -0,0 +1,49 @@
+From 780adf4b83ffd4d5280eb7e6602b511195d3d529 Mon Sep 17 00:00:00 2001
+From: Matthew Rosato <mjrosato@linux.ibm.com>
+Date: Thu, 13 Nov 2025 16:35:45 -0500
+Subject: [PATCH 106/116] migration: set correct list pointer when removing
+ notifier
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [90/100] 0ab246e3e8922fa6b6eb66ae15b6a861c8b8055c (rovick1/qemu-kvm)
+
+In migration_remove_notifier(), g_slist_remove() will search for and
+potentially remove an entry from the specified list. The return value
+should be used to update the potentially-changed head pointer of the
+list that was just searched (migration_state_notifiers[mode]) instead
+of the migration blockers list.
+
+Fixes: dc79c7d5e1 ("migration: multi-mode notifier")
+Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/r/20251113213545.513453-1-mjrosato@linux.ibm.com
+Signed-off-by: Peter Xu <peterx@redhat.com>
+(cherry picked from commit 911bdd34ca1a3f9e62836e7bc581e7edc57319be)
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+---
+ migration/migration.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/migration/migration.c b/migration/migration.c
+index 2515bec48f..0233b25f86 100644
+--- a/migration/migration.c
++++ b/migration/migration.c
+@@ -1704,7 +1704,7 @@ void migration_remove_notifier(NotifierWithReturn *notify)
+ {
+ if (notify->notify) {
+ for (MigMode mode = 0; mode < MIG_MODE__MAX; mode++) {
+- migration_blockers[mode] =
++ migration_state_notifiers[mode] =
+ g_slist_remove(migration_state_notifiers[mode], notify);
+ }
+ notify->notify = NULL;
+--
+2.52.0
+
diff --git a/kvm-oslib-qemu_clear_cloexec.patch b/kvm-oslib-qemu_clear_cloexec.patch
new file mode 100644
index 0000000..860b2e4
--- /dev/null
+++ b/kvm-oslib-qemu_clear_cloexec.patch
@@ -0,0 +1,87 @@
+From 7104509c323a8b5587389dc9236a38df43f4be75 Mon Sep 17 00:00:00 2001
+From: Steve Sistare <steven.sistare@oracle.com>
+Date: Wed, 1 Oct 2025 08:33:55 -0700
+Subject: [PATCH 090/116] oslib: qemu_clear_cloexec
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [74/100] 9b31f6ab1c36c5d6c351d2fa5aa5b5b5799e0951 (rovick1/qemu-kvm)
+
+Define qemu_clear_cloexec, analogous to qemu_set_cloexec.
+
+Signed-off-by: Steve Sistare <steven.sistare@oracle.com>
+Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Reviewed-by: Fabiano Rosas <farosas@suse.de>
+Link: https://lore.kernel.org/r/1759332851-370353-4-git-send-email-steven.sistare@oracle.com
+Signed-off-by: Peter Xu <peterx@redhat.com>
+---
+ include/qemu/osdep.h | 9 +++++++++
+ util/oslib-posix.c | 9 +++++++++
+ util/oslib-win32.c | 4 ++++
+ 3 files changed, 22 insertions(+)
+
+diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
+index 96fe51bc39..30136ead7f 100644
+--- a/include/qemu/osdep.h
++++ b/include/qemu/osdep.h
+@@ -680,6 +680,15 @@ ssize_t qemu_write_full(int fd, const void *buf, size_t count)
+
+ void qemu_set_cloexec(int fd);
+
++/*
++ * Clear FD_CLOEXEC for a descriptor.
++ *
++ * The caller must guarantee that no other fork+exec's occur before the
++ * exec that is intended to inherit this descriptor, eg by suspending CPUs
++ * and blocking monitor commands.
++ */
++void qemu_clear_cloexec(int fd);
++
+ /* Return a dynamically allocated directory path that is appropriate for storing
+ * local state.
+ *
+diff --git a/util/oslib-posix.c b/util/oslib-posix.c
+index 4ff577e5de..4c04658fc8 100644
+--- a/util/oslib-posix.c
++++ b/util/oslib-posix.c
+@@ -307,6 +307,15 @@ int qemu_socketpair(int domain, int type, int protocol, int sv[2])
+ return ret;
+ }
+
++void qemu_clear_cloexec(int fd)
++{
++ int f;
++ f = fcntl(fd, F_GETFD);
++ assert(f != -1);
++ f = fcntl(fd, F_SETFD, f & ~FD_CLOEXEC);
++ assert(f != -1);
++}
++
+ char *
+ qemu_get_local_state_dir(void)
+ {
+diff --git a/util/oslib-win32.c b/util/oslib-win32.c
+index b7351634ec..843a901fd3 100644
+--- a/util/oslib-win32.c
++++ b/util/oslib-win32.c
+@@ -222,6 +222,10 @@ void qemu_set_cloexec(int fd)
+ {
+ }
+
++void qemu_clear_cloexec(int fd)
++{
++}
++
+ int qemu_get_thread_id(void)
+ {
+ return GetCurrentThreadId();
+--
+2.52.0
+
diff --git a/kvm-s390x-s390-pci-vfio.c-use-QOM-casts-where-appropriat.patch b/kvm-s390x-s390-pci-vfio.c-use-QOM-casts-where-appropriat.patch
new file mode 100644
index 0000000..54746ce
--- /dev/null
+++ b/kvm-s390x-s390-pci-vfio.c-use-QOM-casts-where-appropriat.patch
@@ -0,0 +1,99 @@
+From 28871cb5c6ef8c6f02786ebfef42f5080c8e7b9b Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:26:01 +0100
+Subject: [PATCH 066/116] s390x/s390-pci-vfio.c: use QOM casts where
+ appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [50/100] ac7a09a8ded0883e74316ac4b8c8bd4af1e3f35a (rovick1/qemu-kvm)
+
+Use QOM casts to cast to VFIOPCIDevice instead of using container_of().
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
+Reviewed-by: Eric Farman <farman@linux.ibm.com>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-22-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit e2827210d6a9c56c1b14b00b414dfa9eb7843711)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/s390x/s390-pci-vfio.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/hw/s390x/s390-pci-vfio.c b/hw/s390x/s390-pci-vfio.c
+index c51bcea5fc..7760780aff 100644
+--- a/hw/s390x/s390-pci-vfio.c
++++ b/hw/s390x/s390-pci-vfio.c
+@@ -62,7 +62,7 @@ S390PCIDMACount *s390_pci_start_dma_count(S390pciState *s,
+ {
+ S390PCIDMACount *cnt;
+ uint32_t avail;
+- VFIOPCIDevice *vpdev = container_of(pbdev->pdev, VFIOPCIDevice, pdev);
++ VFIOPCIDevice *vpdev = VFIO_PCI_BASE(pbdev->pdev);
+ int id;
+
+ assert(vpdev);
+@@ -108,7 +108,7 @@ static void s390_pci_read_base(S390PCIBusDevice *pbdev,
+ {
+ struct vfio_info_cap_header *hdr;
+ struct vfio_device_info_cap_zpci_base *cap;
+- VFIOPCIDevice *vpci = container_of(pbdev->pdev, VFIOPCIDevice, pdev);
++ VFIOPCIDevice *vpci = VFIO_PCI_BASE(pbdev->pdev);
+ uint64_t vfio_size;
+
+ hdr = vfio_get_device_info_cap(info, VFIO_DEVICE_INFO_CAP_ZPCI_BASE);
+@@ -162,7 +162,7 @@ static bool get_host_fh(S390PCIBusDevice *pbdev, struct vfio_device_info *info,
+ {
+ struct vfio_info_cap_header *hdr;
+ struct vfio_device_info_cap_zpci_base *cap;
+- VFIOPCIDevice *vpci = container_of(pbdev->pdev, VFIOPCIDevice, pdev);
++ VFIOPCIDevice *vpci = VFIO_PCI_BASE(pbdev->pdev);
+
+ hdr = vfio_get_device_info_cap(info, VFIO_DEVICE_INFO_CAP_ZPCI_BASE);
+
+@@ -185,7 +185,7 @@ static void s390_pci_read_group(S390PCIBusDevice *pbdev,
+ struct vfio_device_info_cap_zpci_group *cap;
+ S390pciState *s = s390_get_phb();
+ ClpRspQueryPciGrp *resgrp;
+- VFIOPCIDevice *vpci = container_of(pbdev->pdev, VFIOPCIDevice, pdev);
++ VFIOPCIDevice *vpci = VFIO_PCI_BASE(pbdev->pdev);
+ uint8_t start_gid = pbdev->zpci_fn.pfgid;
+
+ hdr = vfio_get_device_info_cap(info, VFIO_DEVICE_INFO_CAP_ZPCI_GROUP);
+@@ -264,7 +264,7 @@ static void s390_pci_read_util(S390PCIBusDevice *pbdev,
+ {
+ struct vfio_info_cap_header *hdr;
+ struct vfio_device_info_cap_zpci_util *cap;
+- VFIOPCIDevice *vpci = container_of(pbdev->pdev, VFIOPCIDevice, pdev);
++ VFIOPCIDevice *vpci = VFIO_PCI_BASE(pbdev->pdev);
+
+ hdr = vfio_get_device_info_cap(info, VFIO_DEVICE_INFO_CAP_ZPCI_UTIL);
+
+@@ -291,7 +291,7 @@ static void s390_pci_read_pfip(S390PCIBusDevice *pbdev,
+ {
+ struct vfio_info_cap_header *hdr;
+ struct vfio_device_info_cap_zpci_pfip *cap;
+- VFIOPCIDevice *vpci = container_of(pbdev->pdev, VFIOPCIDevice, pdev);
++ VFIOPCIDevice *vpci = VFIO_PCI_BASE(pbdev->pdev);
+
+ hdr = vfio_get_device_info_cap(info, VFIO_DEVICE_INFO_CAP_ZPCI_PFIP);
+
+@@ -314,7 +314,7 @@ static void s390_pci_read_pfip(S390PCIBusDevice *pbdev,
+
+ static struct vfio_device_info *get_device_info(S390PCIBusDevice *pbdev)
+ {
+- VFIOPCIDevice *vfio_pci = container_of(pbdev->pdev, VFIOPCIDevice, pdev);
++ VFIOPCIDevice *vfio_pci = VFIO_PCI_BASE(pbdev->pdev);
+
+ return vfio_get_device_info(vfio_pci->vbasedev.fd);
+ }
+--
+2.52.0
+
diff --git a/kvm-system-iommufd-Use-uint64_t-type-for-IOVA-mapping-si.patch b/kvm-system-iommufd-Use-uint64_t-type-for-IOVA-mapping-si.patch
new file mode 100644
index 0000000..d1e42e6
--- /dev/null
+++ b/kvm-system-iommufd-Use-uint64_t-type-for-IOVA-mapping-si.patch
@@ -0,0 +1,90 @@
+From 3f329c9354514ec0363a55f232deef28459f5ec4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Tue, 30 Sep 2025 14:35:25 +0200
+Subject: [PATCH 081/116] system/iommufd: Use uint64_t type for IOVA mapping
+ size
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [65/100] c875244fb3df398bd2c47f3597f5ca7c1ae9a0a5 (rovick1/qemu-kvm)
+
+The 'ram_addr_t' type is described as:
+
+ a QEMU internal address space that maps guest RAM physical
+ addresses into an intermediate address space that can map
+ to host virtual address spaces.
+
+This doesn't represent well an IOVA mapping size. Simply use
+the uint64_t type.
+
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250930123528.42878-2-philmd@linaro.org
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 70a7e33ddb7f2ca7caacf286222bd80fd330c454)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ backends/iommufd.c | 6 +++---
+ include/system/iommufd.h | 6 +++---
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/backends/iommufd.c b/backends/iommufd.c
+index 2a33c7ab0b..fdfb7c9d67 100644
+--- a/backends/iommufd.c
++++ b/backends/iommufd.c
+@@ -197,7 +197,7 @@ void iommufd_backend_free_id(IOMMUFDBackend *be, uint32_t id)
+ }
+
+ int iommufd_backend_map_dma(IOMMUFDBackend *be, uint32_t ioas_id, hwaddr iova,
+- ram_addr_t size, void *vaddr, bool readonly)
++ uint64_t size, void *vaddr, bool readonly)
+ {
+ int ret, fd = be->fd;
+ struct iommu_ioas_map map = {
+@@ -230,7 +230,7 @@ int iommufd_backend_map_dma(IOMMUFDBackend *be, uint32_t ioas_id, hwaddr iova,
+ }
+
+ int iommufd_backend_map_file_dma(IOMMUFDBackend *be, uint32_t ioas_id,
+- hwaddr iova, ram_addr_t size,
++ hwaddr iova, uint64_t size,
+ int mfd, unsigned long start, bool readonly)
+ {
+ int ret, fd = be->fd;
+@@ -268,7 +268,7 @@ int iommufd_backend_map_file_dma(IOMMUFDBackend *be, uint32_t ioas_id,
+ }
+
+ int iommufd_backend_unmap_dma(IOMMUFDBackend *be, uint32_t ioas_id,
+- hwaddr iova, ram_addr_t size)
++ hwaddr iova, uint64_t size)
+ {
+ int ret, fd = be->fd;
+ struct iommu_ioas_unmap unmap = {
+diff --git a/include/system/iommufd.h b/include/system/iommufd.h
+index c9c72ffc45..a659f36a20 100644
+--- a/include/system/iommufd.h
++++ b/include/system/iommufd.h
+@@ -45,12 +45,12 @@ bool iommufd_backend_alloc_ioas(IOMMUFDBackend *be, uint32_t *ioas_id,
+ Error **errp);
+ void iommufd_backend_free_id(IOMMUFDBackend *be, uint32_t id);
+ int iommufd_backend_map_file_dma(IOMMUFDBackend *be, uint32_t ioas_id,
+- hwaddr iova, ram_addr_t size, int fd,
++ hwaddr iova, uint64_t size, int fd,
+ unsigned long start, bool readonly);
+ int iommufd_backend_map_dma(IOMMUFDBackend *be, uint32_t ioas_id, hwaddr iova,
+- ram_addr_t size, void *vaddr, bool readonly);
++ uint64_t size, void *vaddr, bool readonly);
+ int iommufd_backend_unmap_dma(IOMMUFDBackend *be, uint32_t ioas_id,
+- hwaddr iova, ram_addr_t size);
++ hwaddr iova, uint64_t size);
+ bool iommufd_backend_get_device_info(IOMMUFDBackend *be, uint32_t devid,
+ uint32_t *type, void *data, uint32_t len,
+ uint64_t *caps, Error **errp);
+--
+2.52.0
+
diff --git a/kvm-target-arm-Convert-init_cpreg_list-to-g_hash_table_f.patch b/kvm-target-arm-Convert-init_cpreg_list-to-g_hash_table_f.patch
new file mode 100644
index 0000000..67f3de6
--- /dev/null
+++ b/kvm-target-arm-Convert-init_cpreg_list-to-g_hash_table_f.patch
@@ -0,0 +1,138 @@
+From 886d2d31fbfb8263e73cd4e96d79cd1c059d6b8c Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Mon, 11 May 2026 12:06:39 -0400
+Subject: [PATCH 003/116] target/arm: Convert init_cpreg_list to
+ g_hash_table_foreach
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [3/16] 704e757f243d944ee544496d50b7ead4a1e2e681 (eauger1/centos-qemu-kvm)
+
+Adjust count_cpreg and add_cpreg_to_list to be used with
+g_hash_table_foreach instead of g_list_foreach. In this way we have
+the ARMCPRegInfo pointer directly rather than having to look it up
+from the key.
+
+Delay the sorting of the cpreg_indexes until after add_cpreg_to_list.
+This allows us to sort the data that we actually care about,
+the kvm id, as computed within add_cpreg_to_list, instead of
+having to repeatedly compute the kvm id within cpreg_key_compare.
+
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit dee3c0c2cf9848cd849744474cdac108ce68a1ef)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/helper.c | 54 ++++++++++++++++++---------------------------
+ 1 file changed, 21 insertions(+), 33 deletions(-)
+
+diff --git a/target/arm/helper.c b/target/arm/helper.c
+index d230f9e766..1cff4c5a68 100644
+--- a/target/arm/helper.c
++++ b/target/arm/helper.c
+@@ -209,11 +209,11 @@ bool write_list_to_cpustate(ARMCPU *cpu)
+ return ok;
+ }
+
+-static void add_cpreg_to_list(gpointer key, gpointer opaque)
++static void add_cpreg_to_list(gpointer key, gpointer value, gpointer opaque)
+ {
+ ARMCPU *cpu = opaque;
+ uint32_t regidx = (uintptr_t)key;
+- const ARMCPRegInfo *ri = get_arm_cp_reginfo(cpu->cp_regs, regidx);
++ const ARMCPRegInfo *ri = value;
+
+ if (!(ri->type & (ARM_CP_NO_RAW | ARM_CP_ALIAS))) {
+ cpu->cpreg_indexes[cpu->cpreg_array_len] = cpreg_to_kvm_id(regidx);
+@@ -222,61 +222,49 @@ static void add_cpreg_to_list(gpointer key, gpointer opaque)
+ }
+ }
+
+-static void count_cpreg(gpointer key, gpointer opaque)
++static void count_cpreg(gpointer key, gpointer value, gpointer opaque)
+ {
+ ARMCPU *cpu = opaque;
+- const ARMCPRegInfo *ri;
+-
+- ri = g_hash_table_lookup(cpu->cp_regs, key);
++ const ARMCPRegInfo *ri = value;
+
+ if (!(ri->type & (ARM_CP_NO_RAW | ARM_CP_ALIAS))) {
+ cpu->cpreg_array_len++;
+ }
+ }
+
+-static gint cpreg_key_compare(gconstpointer a, gconstpointer b, gpointer d)
+-{
+- uint64_t aidx = cpreg_to_kvm_id((uintptr_t)a);
+- uint64_t bidx = cpreg_to_kvm_id((uintptr_t)b);
+-
+- if (aidx > bidx) {
+- return 1;
+- }
+- if (aidx < bidx) {
+- return -1;
+- }
+- return 0;
+-}
+-
+ void init_cpreg_list(ARMCPU *cpu)
+ {
+ /*
+ * Initialise the cpreg_tuples[] array based on the cp_regs hash.
+ * Note that we require cpreg_tuples[] to be sorted by key ID.
+ */
+- GList *keys;
+ int arraylen;
+
+- keys = g_hash_table_get_keys(cpu->cp_regs);
+- keys = g_list_sort_with_data(keys, cpreg_key_compare, NULL);
+-
+ cpu->cpreg_array_len = 0;
+-
+- g_list_foreach(keys, count_cpreg, cpu);
++ g_hash_table_foreach(cpu->cp_regs, count_cpreg, cpu);
+
+ arraylen = cpu->cpreg_array_len;
+- cpu->cpreg_indexes = g_new(uint64_t, arraylen);
+- cpu->cpreg_values = g_new(uint64_t, arraylen);
+- cpu->cpreg_vmstate_indexes = g_new(uint64_t, arraylen);
+- cpu->cpreg_vmstate_values = g_new(uint64_t, arraylen);
+- cpu->cpreg_vmstate_array_len = cpu->cpreg_array_len;
++ if (arraylen) {
++ cpu->cpreg_indexes = g_new(uint64_t, arraylen);
++ cpu->cpreg_values = g_new(uint64_t, arraylen);
++ cpu->cpreg_vmstate_indexes = g_new(uint64_t, arraylen);
++ cpu->cpreg_vmstate_values = g_new(uint64_t, arraylen);
++ } else {
++ cpu->cpreg_indexes = NULL;
++ cpu->cpreg_values = NULL;
++ cpu->cpreg_vmstate_indexes = NULL;
++ cpu->cpreg_vmstate_values = NULL;
++ }
++ cpu->cpreg_vmstate_array_len = arraylen;
+ cpu->cpreg_array_len = 0;
+
+- g_list_foreach(keys, add_cpreg_to_list, cpu);
++ g_hash_table_foreach(cpu->cp_regs, add_cpreg_to_list, cpu);
+
+ assert(cpu->cpreg_array_len == arraylen);
+
+- g_list_free(keys);
++ if (arraylen) {
++ qsort(cpu->cpreg_indexes, arraylen, sizeof(uint64_t), compare_u64);
++ }
+ }
+
+ bool arm_pan_enabled(CPUARMState *env)
+--
+2.52.0
+
diff --git a/kvm-target-arm-Move-compare_u64-to-helper.c.patch b/kvm-target-arm-Move-compare_u64-to-helper.c.patch
new file mode 100644
index 0000000..9d7fb64
--- /dev/null
+++ b/kvm-target-arm-Move-compare_u64-to-helper.c.patch
@@ -0,0 +1,90 @@
+From 705cbaf080e8fba8bdf6a5031d4e437c9d7b9bfe Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Mon, 11 May 2026 12:06:24 -0400
+Subject: [PATCH 002/116] target/arm: Move compare_u64 to helper.c
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [2/16] 497fedf076c0f7945bbe584efc060d7238c50837 (eauger1/centos-qemu-kvm)
+
+We will use this function beyond kvm.c.
+
+Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
+Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 5a8af95cb31122d2fcd2e6d3427b8e8427cd8bdc)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/helper.c | 11 +++++++++++
+ target/arm/internals.h | 3 +++
+ target/arm/kvm.c | 11 -----------
+ 3 files changed, 14 insertions(+), 11 deletions(-)
+
+diff --git a/target/arm/helper.c b/target/arm/helper.c
+index 0c1299ff84..d230f9e766 100644
+--- a/target/arm/helper.c
++++ b/target/arm/helper.c
+@@ -40,6 +40,17 @@
+
+ static void switch_mode(CPUARMState *env, int mode);
+
++int compare_u64(const void *a, const void *b)
++{
++ if (*(uint64_t *)a > *(uint64_t *)b) {
++ return 1;
++ }
++ if (*(uint64_t *)a < *(uint64_t *)b) {
++ return -1;
++ }
++ return 0;
++}
++
+ uint64_t raw_read(CPUARMState *env, const ARMCPRegInfo *ri)
+ {
+ assert(ri->fieldoffset);
+diff --git a/target/arm/internals.h b/target/arm/internals.h
+index 1b3d0244fd..08e2acdb99 100644
+--- a/target/arm/internals.h
++++ b/target/arm/internals.h
+@@ -1981,4 +1981,7 @@ void vfp_clear_float_status_exc_flags(CPUARMState *env);
+ void vfp_set_fpcr_to_host(CPUARMState *env, uint32_t val, uint32_t mask);
+ bool arm_pan_enabled(CPUARMState *env);
+
++/* Compare uint64_t for qsort and bsearch. */
++int compare_u64(const void *a, const void *b);
++
+ #endif
+diff --git a/target/arm/kvm.c b/target/arm/kvm.c
+index c1ec6654ca..5a75ff5927 100644
+--- a/target/arm/kvm.c
++++ b/target/arm/kvm.c
+@@ -718,17 +718,6 @@ void kvm_arm_register_device(MemoryRegion *mr, uint64_t devid, uint64_t group,
+ memory_region_ref(kd->mr);
+ }
+
+-static int compare_u64(const void *a, const void *b)
+-{
+- if (*(uint64_t *)a > *(uint64_t *)b) {
+- return 1;
+- }
+- if (*(uint64_t *)a < *(uint64_t *)b) {
+- return -1;
+- }
+- return 0;
+-}
+-
+ /*
+ * cpreg_values are sorted in ascending order by KVM register ID
+ * (see kvm_arm_init_cpreg_list). This allows us to cheaply find
+--
+2.52.0
+
diff --git a/kvm-target-arm-cpu-Introduce-the-infrastructure-for-cpre.patch b/kvm-target-arm-cpu-Introduce-the-infrastructure-for-cpre.patch
new file mode 100644
index 0000000..abe6bd7
--- /dev/null
+++ b/kvm-target-arm-cpu-Introduce-the-infrastructure-for-cpre.patch
@@ -0,0 +1,244 @@
+From 514f36e4f3411c5dc96c7f742f543d166eede410 Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Mon, 20 Apr 2026 16:03:51 +0200
+Subject: [PATCH 010/116] target/arm/cpu: Introduce the infrastructure for
+ cpreg migration tolerances
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [10/16] 71bbf8b6df2c02de6349343040f7edb827161f4c (eauger1/centos-qemu-kvm)
+
+Conflicts: contextual conflict in target/arm/internals.h as we don't
+have #define MECID_WIDTH 16 introduced by commit
+700f08d5829f ("target/arm: Implement FEAT_MEC registers")
+
+We introduce a datatype for a tolerance with respect to a given
+cpreg migration issue. The tolerance applies to a given cpreg kvm index,
+and can be of different types:
+a) mismatch in cpreg indexes
+- ToleranceNotOnBothEnds (cpreg index is allowed to be only present
+ on one end)
+- ToleranceOnlySrcTestValue (cpreg index is allowed to be only
+ present in source if its value @mask field matches @value)
+b) mismatch in cpreg values
+- ToleranceDiffInMask (value differences are allowed only within a mask)
+- ToleranceFieldLT (incoming field value must be less than a given value)
+- ToleranceFieldGT (incoming field value must be greater than a given value)
+
+A QLIST of such tolerances can be populated using a new helper:
+arm_register_cpreg_mig_tolerance() and arm_cpu_match_cpreg_mig_tolerance()
+allows to check whether a tolerance exists for a given kvm index and its
+criterion is matched.
+
+callers for those helpers will be introduced in subsequent patches.
+
+Only registration of migration tolerances related to cpreg index
+mismatch is currently allowed.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Message-id: 20260420140552.104369-2-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit bb36be6fd799c4fdb2ac893cfab7f307c12527f2)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/cpu.c | 82 ++++++++++++++++++++++++++++++++++++++++++
+ target/arm/cpu.h | 1 +
+ target/arm/internals.h | 53 +++++++++++++++++++++++++++
+ 3 files changed, 136 insertions(+)
+
+diff --git a/target/arm/cpu.c b/target/arm/cpu.c
+index e2b2337399..9f7938d8fa 100644
+--- a/target/arm/cpu.c
++++ b/target/arm/cpu.c
+@@ -172,6 +172,82 @@ void arm_register_el_change_hook(ARMCPU *cpu, ARMELChangeHookFn *hook,
+ QLIST_INSERT_HEAD(&cpu->el_change_hooks, entry, node);
+ }
+
++static ARMCPRegMigTolerance *find_mig_tolerance(ARMCPU *cpu, uint64_t kvmidx)
++{
++ ARMCPRegMigTolerance *t;
++ QLIST_FOREACH(t, &cpu->cpreg_mig_tolerances, node) {
++ if (t->kvmidx == kvmidx) {
++ return t;
++ }
++ }
++ return NULL;
++}
++
++void arm_register_cpreg_mig_tolerance(ARMCPU *cpu, uint64_t kvmidx,
++ uint64_t mask, uint64_t value,
++ ARMCPRegMigToleranceType type)
++{
++ ARMCPRegMigTolerance *entry;
++
++ /* make sure the kvmidx has not tolerance already registered */
++ assert(!find_mig_tolerance(cpu, kvmidx));
++
++ assert(type == ToleranceNotOnBothEnds ||
++ type == ToleranceOnlySrcTestValue);
++
++ entry = g_new0(ARMCPRegMigTolerance, 1);
++
++ entry->kvmidx = kvmidx;
++ entry->mask = mask;
++ entry->value = value;
++ entry->type = type;
++
++ QLIST_INSERT_HEAD(&cpu->cpreg_mig_tolerances, entry, node);
++}
++
++bool arm_cpu_match_cpreg_mig_tolerance(ARMCPU *cpu, uint64_t kvmidx,
++ uint64_t vmstate_value, uint64_t local_value,
++ ARMCPRegMigToleranceType type)
++{
++ ARMCPRegMigTolerance *t = find_mig_tolerance(cpu, kvmidx);
++ uint64_t diff, diff_outside_mask, field;
++
++ if (!t || t->type != type) {
++ return false;
++ }
++
++ if (type == ToleranceNotOnBothEnds) {
++ return true;
++ }
++
++ if (type == ToleranceOnlySrcTestValue &&
++ ((vmstate_value & t->mask) == t->value)) {
++ return true;
++ }
++
++ /* Need to check the mask */
++ diff = vmstate_value ^ local_value;
++ diff_outside_mask = diff & ~t->mask;
++
++ if (diff_outside_mask) {
++ /* there are differences outside of the mask */
++ return false;
++ }
++ if (type == ToleranceDiffInMask) {
++ /* differences only in the field, tolerance matched */
++ return true;
++ }
++ /* need to compare field value against authorized ones */
++ field = vmstate_value & t->mask;
++ if (type == ToleranceFieldLT && (field < t->value)) {
++ return true;
++ }
++ if (type == ToleranceFieldGT && (field > t->value)) {
++ return true;
++ }
++ return false;
++}
++
+ static void cp_reg_reset(gpointer key, gpointer value, gpointer opaque)
+ {
+ /* Reset a single ARMCPRegInfo register */
+@@ -1455,6 +1531,7 @@ static void arm_cpu_initfn(Object *obj)
+
+ QLIST_INIT(&cpu->pre_el_change_hooks);
+ QLIST_INIT(&cpu->el_change_hooks);
++ QLIST_INIT(&cpu->cpreg_mig_tolerances);
+
+ #ifdef CONFIG_USER_ONLY
+ # ifdef TARGET_AARCH64
+@@ -1895,6 +1972,7 @@ static void arm_cpu_finalizefn(Object *obj)
+ {
+ ARMCPU *cpu = ARM_CPU(obj);
+ ARMELChangeHook *hook, *next;
++ ARMCPRegMigTolerance *t, *n;
+
+ g_hash_table_destroy(cpu->cp_regs);
+
+@@ -1906,6 +1984,10 @@ static void arm_cpu_finalizefn(Object *obj)
+ QLIST_REMOVE(hook, node);
+ g_free(hook);
+ }
++ QLIST_FOREACH_SAFE(t, &cpu->cpreg_mig_tolerances, node, n) {
++ QLIST_REMOVE(t, node);
++ g_free(t);
++ }
+ #ifndef CONFIG_USER_ONLY
+ if (cpu->pmu_timer) {
+ timer_free(cpu->pmu_timer);
+diff --git a/target/arm/cpu.h b/target/arm/cpu.h
+index dc0da8b0ae..e5dbc5a3f9 100644
+--- a/target/arm/cpu.h
++++ b/target/arm/cpu.h
+@@ -1126,6 +1126,7 @@ struct ArchCPU {
+
+ QLIST_HEAD(, ARMELChangeHook) pre_el_change_hooks;
+ QLIST_HEAD(, ARMELChangeHook) el_change_hooks;
++ QLIST_HEAD(, ARMCPRegMigTolerance) cpreg_mig_tolerances;
+
+ int32_t node_id; /* NUMA node this CPU belongs to */
+
+diff --git a/target/arm/internals.h b/target/arm/internals.h
+index 08e2acdb99..b8444aa8ab 100644
+--- a/target/arm/internals.h
++++ b/target/arm/internals.h
+@@ -1984,4 +1984,57 @@ bool arm_pan_enabled(CPUARMState *env);
+ /* Compare uint64_t for qsort and bsearch. */
+ int compare_u64(const void *a, const void *b);
+
++typedef enum {
++ ToleranceNotOnBothEnds,
++ ToleranceOnlySrcTestValue,
++ ToleranceDiffInMask,
++ ToleranceFieldLT,
++ ToleranceFieldGT,
++} ARMCPRegMigToleranceType;
++
++typedef struct ARMCPRegMigTolerance {
++ uint64_t kvmidx;
++ uint64_t mask;
++ uint64_t value;
++ ARMCPRegMigToleranceType type;
++ QLIST_ENTRY(ARMCPRegMigTolerance) node;
++} ARMCPRegMigTolerance;
++
++/**
++ * arm_register_cpreg_mig_tolerance:
++ * Register a migration tolerance wrt one given cpreg identified by its
++ * @kvmidx. Calling this function twice for the same @kvmidx is a
++ * programming error and will cause an assertion failure.
++ *
++ * @cpu: vcpu to apply the migration tolerance on
++ * @kvmidx: kvm index of the cpreg the tolerance applies to
++ * @mask: bitmask where a difference is tolerated
++ * (relevant with ToleranceDiffInMask)
++ * @value: value the bitmask field is compared with
++ * (relevant with ToleranceFieldLT and ToleranceFieldGT)
++ * @type: type of the migration tolerance:
++ * - ToleranceNotOnBothEnds (cpreg index is allowed to be only present
++ * on one end)
++ * - ToleranceOnlySrcTestValue (cpreg index is allowed to be only
++ * present in source if its value @mask field matches @value)
++ * - ToleranceDiffInMask (mismatch in cpreg values are only tolerated
++ * if differences are within @mask)
++ * - ToleranceFieldLT (mismatch in cpreg values are only tolerated
++ * if incoming @bitmask field value is less than @value)
++ * - ToleranceFieldGT (mismatch in cpreg values are only tolerated
++ * if incoming @bitmask field value is greater than @value)
++ */
++void arm_register_cpreg_mig_tolerance(ARMCPU *cpu, uint64_t kvmidx,
++ uint64_t mask, uint64_t value,
++ ARMCPRegMigToleranceType type);
++
++/**
++ * arm_cpu_match_cpreg_mig_tolerance:
++ * Check whether a tolerance of type @type exists for a given @kvmidx
++ * and the tolerance criterion is satisfied
++ */
++bool arm_cpu_match_cpreg_mig_tolerance(ARMCPU *cpu, uint64_t kvmidx,
++ uint64_t vmstate_value, uint64_t local_value,
++ ARMCPRegMigToleranceType type);
++
+ #endif
+--
+2.52.0
+
diff --git a/kvm-target-arm-cpu64-Define-cpreg-migration-tolerance-fo.patch b/kvm-target-arm-cpu64-Define-cpreg-migration-tolerance-fo.patch
new file mode 100644
index 0000000..fe69b27
--- /dev/null
+++ b/kvm-target-arm-cpu64-Define-cpreg-migration-tolerance-fo.patch
@@ -0,0 +1,58 @@
+From 6d01750d568320adda3e79e30f881bd02890890a Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Mon, 20 Apr 2026 16:03:55 +0200
+Subject: [PATCH 014/116] target/arm/cpu64: Define cpreg migration tolerance
+ for KVM_REG_ARM_VENDOR_HYP_BMAP_2
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [14/16] 2289633dd2eadbde2e57a19da4259fa7c7c00013 (eauger1/centos-qemu-kvm)
+
+KVM_REG_ARM_VENDOR_HYP_BMAP_2 pseudo FW register is exposed
+from v6.15 onwards. Backward migration from a >= v6.15 to an older
+kernel would fail without cpreg migration tolerance definition
+for this register. If the register is present on source but not
+on destination, its value must be checked to make sure it matches
+the reset value, ie. 0, meaning no service is exposed to the guest,
+hence the choice of a ToleranceOnlySrcTestValue migration
+tolerance.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20260420140552.104369-6-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 6dd8be31f8fbbeba65a80b1e96c7331886c6f6d5)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/cpu64.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
+index 820d2542fa..98d9f34550 100644
+--- a/target/arm/cpu64.c
++++ b/target/arm/cpu64.c
+@@ -786,6 +786,17 @@ static void kvm_arm_set_cpreg_mig_tolerances(ARMCPU *cpu)
+ 0, 0, ToleranceNotOnBothEnds);
+ arm_register_cpreg_mig_tolerance(cpu, ARM64_SYS_REG(3, 0, 10, 2, 3),
+ 0, 0, ToleranceNotOnBothEnds);
++
++ /*
++ * KVM_REG_ARM_VENDOR_HYP_BMAP_2 pseudo FW register is exposed
++ * from v6.15 onwards. Backward migration from a >= v6.15 to an older
++ * kernel would fail without cpreg migration tolerance definition.
++ * If the register is present on source but not on destination, make
++ * sure it has its reset value, ie. 0, meaning no service is exposed
++ * to the guest.
++ */
++ arm_register_cpreg_mig_tolerance(cpu, KVM_REG_ARM_FW_FEAT_BMAP_REG(3),
++ UINT64_MAX, 0, ToleranceOnlySrcTestValue);
+ }
+ #endif
+
+--
+2.52.0
+
diff --git a/kvm-target-arm-cpu64-Mitigate-migration-failures-due-to-.patch b/kvm-target-arm-cpu64-Mitigate-migration-failures-due-to-.patch
new file mode 100644
index 0000000..033bb78
--- /dev/null
+++ b/kvm-target-arm-cpu64-Mitigate-migration-failures-due-to-.patch
@@ -0,0 +1,91 @@
+From 18c38804ca688494c3969f125dff09013608e673 Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Mon, 20 Apr 2026 16:03:54 +0200
+Subject: [PATCH 013/116] target/arm/cpu64: Mitigate migration failures due to
+ spurious TCR_EL1, PIRE0_EL1 and PIR_EL1
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [13/16] 90857210d7a915351c637756650071ff44f8d378 (eauger1/centos-qemu-kvm)
+
+Conflicts: contextual conflict in target/arm/cpu64.c as cpu local
+variable is declared in the #if defined(CONFIG_KVM) and not at the top
+
+Before linux v6.13 those registers were erroneously unconditionally
+exposed and this was fixed by commits:
+- 0fcb4eea5345 ("KVM: arm64: Hide TCR2_EL1 from userspace when
+ disabled for guests")
+- a68cddbe47ef ("KVM: arm64: Hide S1PIE registers from userspace
+ when disabled for guests")
+in v6.13.
+
+This means if we migrate from an old kernel host to a >= 6.13 kernel
+host, migration currently fails.
+
+Declare cpreg migration tolerance for those registers.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Sebastian Ott <sebott@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20260420140552.104369-5-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 113ed8e53c08a46af2d3307ece846caf5a719f99)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/cpu64.c | 29 +++++++++++++++++++++++++++++
+ 1 file changed, 29 insertions(+)
+
+diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
+index 051d5d653b..820d2542fa 100644
+--- a/target/arm/cpu64.c
++++ b/target/arm/cpu64.c
+@@ -762,10 +762,39 @@ static void aarch64_a53_initfn(Object *obj)
+ }
+ #endif
+
++#if defined(CONFIG_KVM)
++static void kvm_arm_set_cpreg_mig_tolerances(ARMCPU *cpu)
++{
++ /*
++ * Registers that may be in the incoming stream and not exposed
++ * on the destination
++ */
++
++ /*
++ * TCR_EL1 was erroneously unconditionnally exposed before linux v6.13.
++ * See commit 0fcb4eea5345 ("KVM: arm64: Hide TCR2_EL1 from userspace
++ * when disabled for guests")
++ */
++ arm_register_cpreg_mig_tolerance(cpu, ARM64_SYS_REG(3, 0, 2, 0, 3),
++ 0, 0, ToleranceNotOnBothEnds);
++ /*
++ * PIRE0_EL1 and PIR_EL1 were erroneously unconditionnally exposed
++ * before linux v6.13. See commit a68cddbe47ef ("KVM: arm64: Hide
++ * S1PIE registers from userspace when disabled for guests")
++ */
++ arm_register_cpreg_mig_tolerance(cpu, ARM64_SYS_REG(3, 0, 10, 2, 2),
++ 0, 0, ToleranceNotOnBothEnds);
++ arm_register_cpreg_mig_tolerance(cpu, ARM64_SYS_REG(3, 0, 10, 2, 3),
++ 0, 0, ToleranceNotOnBothEnds);
++}
++#endif
++
+ static void aarch64_host_initfn(Object *obj)
+ {
+ #if defined(CONFIG_KVM)
+ ARMCPU *cpu = ARM_CPU(obj);
++
++ kvm_arm_set_cpreg_mig_tolerances(cpu);
+ kvm_arm_set_cpu_features_from_host(cpu);
+ if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {
+ aarch64_add_sve_properties(obj);
+--
+2.52.0
+
diff --git a/kvm-target-arm-helper-Define-cpreg-migration-tolerance-f.patch b/kvm-target-arm-helper-Define-cpreg-migration-tolerance-f.patch
new file mode 100644
index 0000000..b5a0d42
--- /dev/null
+++ b/kvm-target-arm-helper-Define-cpreg-migration-tolerance-f.patch
@@ -0,0 +1,75 @@
+From 5c1ee6b3f760a68ec2545c157e72221e7452901c Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Mon, 20 Apr 2026 16:03:56 +0200
+Subject: [PATCH 015/116] target/arm/helper: Define cpreg migration tolerance
+ for DGBDTR_EL0
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [15/16] 4c159a6da8530899c605c9aa81c99a06be2f0819 (eauger1/centos-qemu-kvm)
+
+We want to remove AArch32 DBGDTRTX which was erroneously exposed.
+This was attempted by 655659a74a36b ("target/arm: Correct encoding
+of Debug Communications Channel registers") but it was discovered
+that the removal of this debug register broke forward migration on
+TCG. Now we have the cpreg migration tolerance infrastructure, we
+can declare one for the DBGDTRTX. This allow to revert the reinstate
+patch.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Sebastian Ott <sebott@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20260420140552.104369-7-eric.auger@redhat.com
+[PMM: revised comment, included note about when we can drop
+ the workaround]
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 234b3eaddd4ff08b8b62d563742e37f7bb6486bd)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/helper.c | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/target/arm/helper.c b/target/arm/helper.c
+index 5e643ed6b2..0deb2bd760 100644
+--- a/target/arm/helper.c
++++ b/target/arm/helper.c
+@@ -6129,9 +6129,32 @@ void register_cp_regs_for_features(ARMCPU *cpu)
+ .fgt = FGT_CLIDR_EL1,
+ .resetvalue = GET_IDREG(isar, CLIDR)
+ };
++ uint64_t dbgtr_el0_kvmidx =
++ cpreg_to_kvm_id(ENCODE_CP_REG(14, 0, 1, 0, 5, 3, 0));
++
+ define_one_arm_cp_reg(cpu, &clidr);
+ define_arm_cp_regs(cpu, v7_cp_reginfo);
+ define_debug_regs(cpu);
++ /*
++ * We used to incorrectly expose a non-existent AArch32 "DBGDTRTX"
++ * register with this encoding. This has been fixed by commit
++ * 655659a74a36 ("target/arm: Correct encoding of Debug
++ * Communications Channel registers") by the introduction of correct
++ * separate cpreg definitions for AA64 and AA32 versions. However,
++ * the old cpreg definition couldn't be removed without breaking
++ * migration, so commit 4f2b82f604 reinstated the bogus encoding
++ * for migration data only.
++ *
++ * Now that we have migration tolerance infrastructure, we can use
++ * this to allow forward migration from the buggy QEMU versions,
++ * accepting and ignoring the bogus register if it is in the
++ * source data. QEMU 11.0 was the last version that sent the
++ * bogus encoding, so this workaround can be removed at the point
++ * where we no longer care about migration from that version
++ * (i.e. when we remove the "virt-11.0" machine type).
++ */
++ arm_register_cpreg_mig_tolerance(cpu, dbgtr_el0_kvmidx,
++ 0, 0, ToleranceNotOnBothEnds);
+ } else {
+ define_arm_cp_regs(cpu, not_v7_cp_reginfo);
+ }
+--
+2.52.0
+
diff --git a/kvm-target-arm-kvm-Export-kvm_print_register_name.patch b/kvm-target-arm-kvm-Export-kvm_print_register_name.patch
new file mode 100644
index 0000000..3609a41
--- /dev/null
+++ b/kvm-target-arm-kvm-Export-kvm_print_register_name.patch
@@ -0,0 +1,80 @@
+From 9b51393c6b6e5759755d78f1cf1e97c174af3d1a Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Fri, 6 Mar 2026 09:01:12 +0000
+Subject: [PATCH 005/116] target/arm/kvm: Export kvm_print_register_name()
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [5/16] 66bc6985b3162adca02cac4efbbb86f5e973ed7f (eauger1/centos-qemu-kvm)
+
+Conflicts: contextual conflicts in target/arm/kvm-stub.c
+and target/arm/kvm_arm.h since we don't have arm_gic_cap_kvm_probe()
+downstream
+
+We want to use kvm_print_register_name() in machine.c so
+let's export the helper and implement a stub when kvm
+is not enabled.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20260304101625.1962633-4-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 5ae081fb493510f62280afc005aa36f702192539)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/kvm-stub.c | 5 +++++
+ target/arm/kvm.c | 2 +-
+ target/arm/kvm_arm.h | 9 +++++++++
+ 3 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/target/arm/kvm-stub.c b/target/arm/kvm-stub.c
+index c93462c5b9..58b37e0dfe 100644
+--- a/target/arm/kvm-stub.c
++++ b/target/arm/kvm-stub.c
+@@ -124,3 +124,8 @@ bool kvm_arm_cpu_post_load(ARMCPU *cpu)
+ {
+ g_assert_not_reached();
+ }
++
++char *kvm_print_register_name(uint64_t regidx)
++{
++ g_assert_not_reached();
++}
+diff --git a/target/arm/kvm.c b/target/arm/kvm.c
+index 5dacb304bd..283d634ca1 100644
+--- a/target/arm/kvm.c
++++ b/target/arm/kvm.c
+@@ -911,7 +911,7 @@ static gchar *kvm_print_sve_register_name(uint64_t regidx)
+ }
+ }
+
+-static gchar *kvm_print_register_name(uint64_t regidx)
++char *kvm_print_register_name(uint64_t regidx)
+ {
+ switch ((regidx & KVM_REG_ARM_COPROC_MASK)) {
+ case KVM_REG_ARM_CORE:
+diff --git a/target/arm/kvm_arm.h b/target/arm/kvm_arm.h
+index 6a9b6374a6..c4e7dc28ef 100644
+--- a/target/arm/kvm_arm.h
++++ b/target/arm/kvm_arm.h
+@@ -263,4 +263,13 @@ void kvm_arm_enable_mte(Object *cpuobj, Error **errp);
+
+ void arm_cpu_kvm_set_irq(void *arm_cpu, int irq, int level);
+
++/*
++ * kvm_print_register_name:
++ * @regidx: register KVM index
++ *
++ * Returns a human-readable string representing this register
++ * The caller must free the string with g_free().
++ */
++char *kvm_print_register_name(uint64_t regidx);
++
+ #endif
+--
+2.52.0
+
diff --git a/kvm-target-arm-kvm-Tweak-print_register_name-for-arm64-s.patch b/kvm-target-arm-kvm-Tweak-print_register_name-for-arm64-s.patch
new file mode 100644
index 0000000..eeafbce
--- /dev/null
+++ b/kvm-target-arm-kvm-Tweak-print_register_name-for-arm64-s.patch
@@ -0,0 +1,44 @@
+From efcd88369bb1402aaf8b1084666ab6182717740f Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Fri, 6 Mar 2026 09:01:12 +0000
+Subject: [PATCH 006/116] target/arm/kvm: Tweak print_register_name() for arm64
+ system register
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [6/16] e434272a6ecab513d6bc8c4811cd8e1463cdbfad (eauger1/centos-qemu-kvm)
+
+As opposed to other register types, arm64 system register decoding
+is not introduced by any 'register' mention which can lead to
+unfriendly user-facing traces. Let's add "system register"
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20260304101625.1962633-5-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 3e0a3a8e91efabef01dad8ea1cd1f13dcc46b14d)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/kvm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/target/arm/kvm.c b/target/arm/kvm.c
+index 283d634ca1..ccf0fc501a 100644
+--- a/target/arm/kvm.c
++++ b/target/arm/kvm.c
+@@ -919,7 +919,7 @@ char *kvm_print_register_name(uint64_t regidx)
+ case KVM_REG_ARM_DEMUX:
+ return g_strdup_printf("demuxed reg %"PRIx64, regidx);
+ case KVM_REG_ARM64_SYSREG:
+- return g_strdup_printf("op0:%d op1:%d crn:%d crm:%d op2:%d",
++ return g_strdup_printf("system register op0:%d op1:%d crn:%d crm:%d op2:%d",
+ CP_REG_ARM64_SYSREG_OP(regidx, OP0),
+ CP_REG_ARM64_SYSREG_OP(regidx, OP1),
+ CP_REG_ARM64_SYSREG_OP(regidx, CRN),
+--
+2.52.0
+
diff --git a/kvm-target-arm-machine-Fix-detection-of-unknown-incoming.patch b/kvm-target-arm-machine-Fix-detection-of-unknown-incoming.patch
new file mode 100644
index 0000000..1906758
--- /dev/null
+++ b/kvm-target-arm-machine-Fix-detection-of-unknown-incoming.patch
@@ -0,0 +1,126 @@
+From 9667267d44ad88f8306c2dc3e0d23c1028cf5823 Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Fri, 6 Mar 2026 09:01:12 +0000
+Subject: [PATCH 009/116] target/arm/machine: Fix detection of unknown incoming
+ cpregs
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [9/16] 6450081257ce770c0825a69e794036bc181b5a6c (eauger1/centos-qemu-kvm)
+
+Currently the check of cpreg index matches fail to detect
+a situation where the length of both arrays is same but
+- destination has an extra register not found in the incoming stream (idx1)
+- source has an extra register not found in the destination (idx2)
+ where idx1 < = idx2
+Normally this should fail but it does not.
+
+Fix the logic to scan all indexes.
+
+Fixes: 721fae12536 ("target-arm: Convert TCG to using (index,value) list for cp migration")
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20260304101625.1962633-8-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit dbfed8d80837ff7d36e763163f38549169ee64cc)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/machine.c | 61 +++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 49 insertions(+), 12 deletions(-)
+
+diff --git a/target/arm/machine.c b/target/arm/machine.c
+index 70157e000b..e0447083ee 100644
+--- a/target/arm/machine.c
++++ b/target/arm/machine.c
+@@ -967,6 +967,35 @@ static gchar *print_register_name(uint64_t kvm_regidx)
+ }
+ }
+
++/*
++ * Handle the situation where @kvmidx is on destination but not
++ * in the incoming stream. This never fails the migration.
++ */
++static void handle_cpreg_missing_in_incoming_stream(ARMCPU *cpu, uint64_t kvmidx)
++{
++ g_autofree gchar *name = print_register_name(kvmidx);
++
++ warn_report("%s: %s "
++ "expected by the destination but not in the incoming stream: "
++ "skip it", __func__, name);
++}
++
++/*
++ * Handle the situation where @kvmidx is in the incoming stream
++ * but not on destination. This currently fails the migration but
++ * we plan to accomodate some exceptions, hence the boolean returned value.
++ */
++static bool handle_cpreg_only_in_incoming_stream(ARMCPU *cpu, uint64_t kvmidx)
++{
++ g_autofree gchar *name = print_register_name(kvmidx);
++ bool fail = true;
++
++ error_report("%s: %s in the incoming stream but unknown on the "
++ "destination: fail migration", __func__, name);
++
++ return fail;
++}
++
+ static int cpu_post_load(void *opaque, int version_id)
+ {
+ ARMCPU *cpu = opaque;
+@@ -1006,21 +1035,12 @@ static int cpu_post_load(void *opaque, int version_id)
+ for (i = 0, v = 0; i < cpu->cpreg_array_len
+ && v < cpu->cpreg_vmstate_array_len;) {
+ if (cpu->cpreg_vmstate_indexes[v] > cpu->cpreg_indexes[i]) {
+- g_autofree gchar *name = print_register_name(cpu->cpreg_indexes[i]);
+-
+- warn_report("%s: %s "
+- "expected by the destination but not in the incoming stream: "
+- "skip it", __func__, name);
+- i++;
++ handle_cpreg_missing_in_incoming_stream(cpu, cpu->cpreg_indexes[i++]);
+ continue;
+ }
+ if (cpu->cpreg_vmstate_indexes[v] < cpu->cpreg_indexes[i]) {
+- g_autofree gchar *name = print_register_name(cpu->cpreg_vmstate_indexes[v]);
+-
+- error_report("%s: %s in the incoming stream but unknown on the destination: "
+- "fail migration", __func__, name);
+- v++;
+- fail = true;
++ fail = handle_cpreg_only_in_incoming_stream(cpu,
++ cpu->cpreg_vmstate_indexes[v++]);
+ continue;
+ }
+ /* matching register, copy the value over */
+@@ -1028,6 +1048,23 @@ static int cpu_post_load(void *opaque, int version_id)
+ i++;
+ v++;
+ }
++
++ /*
++ * if we have reached the end of the incoming array but there are
++ * still regs in cpreg, continue parsing the regs which are missing
++ * in the input stream
++ */
++ for ( ; i < cpu->cpreg_array_len; i++) {
++ handle_cpreg_missing_in_incoming_stream(cpu, cpu->cpreg_indexes[i]);
++ }
++ /*
++ * if we have reached the end of the cpreg array but there are
++ * still regs in the input stream, continue parsing the vmstate array
++ */
++ for ( ; v < cpu->cpreg_vmstate_array_len; v++) {
++ fail = handle_cpreg_only_in_incoming_stream(cpu,
++ cpu->cpreg_vmstate_indexes[v]);
++ }
+ if (fail) {
+ return -1;
+ }
+--
+2.52.0
+
diff --git a/kvm-target-arm-machine-Handle-ToleranceNotOnBothEnds-mig.patch b/kvm-target-arm-machine-Handle-ToleranceNotOnBothEnds-mig.patch
new file mode 100644
index 0000000..46bfc45
--- /dev/null
+++ b/kvm-target-arm-machine-Handle-ToleranceNotOnBothEnds-mig.patch
@@ -0,0 +1,87 @@
+From 9628d4afe762f07f9a1030795acf014fea744052 Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Mon, 20 Apr 2026 16:03:52 +0200
+Subject: [PATCH 011/116] target/arm/machine: Handle ToleranceNotOnBothEnds
+ migration tolerances
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [11/16] 26354a54c0d479bd06bdbb1e8d6ec47d7a4688e8 (eauger1/centos-qemu-kvm)
+
+If there is a mismatch between the cpreg indexes found on both ends,
+check whether a tolerance was registered for the given kvmidx. If any,
+silence warning/errors.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20260420140552.104369-3-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 5e65e7aa4a1b57b1dbfcecec629c9e3fb55e94b1)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/machine.c | 21 +++++++++++++++------
+ target/arm/trace-events | 2 ++
+ 2 files changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/target/arm/machine.c b/target/arm/machine.c
+index e0447083ee..0d749fc8fb 100644
+--- a/target/arm/machine.c
++++ b/target/arm/machine.c
+@@ -975,25 +975,34 @@ static void handle_cpreg_missing_in_incoming_stream(ARMCPU *cpu, uint64_t kvmidx
+ {
+ g_autofree gchar *name = print_register_name(kvmidx);
+
++ if (arm_cpu_match_cpreg_mig_tolerance(cpu, kvmidx,
++ 0, 0, ToleranceNotOnBothEnds)) {
++ trace_tolerate_cpreg_missing_in_incoming_stream(name);
++ return;
++ }
+ warn_report("%s: %s "
+ "expected by the destination but not in the incoming stream: "
+ "skip it", __func__, name);
+ }
+
+ /*
+- * Handle the situation where @kvmidx is in the incoming stream
+- * but not on destination. This currently fails the migration but
+- * we plan to accomodate some exceptions, hence the boolean returned value.
++ * Handle the situation where @kvmidx is in the incoming
++ * stream but not on destination. This fails the migration if
++ * no cpreg mig tolerance is matched for this @kvmidx
++ * Return true if the migration should eventually fail
+ */
+ static bool handle_cpreg_only_in_incoming_stream(ARMCPU *cpu, uint64_t kvmidx)
+ {
+ g_autofree gchar *name = print_register_name(kvmidx);
+- bool fail = true;
+
++ if (arm_cpu_match_cpreg_mig_tolerance(cpu, kvmidx,
++ 0, 0, ToleranceNotOnBothEnds)) {
++ trace_tolerate_cpreg_only_in_incoming_stream(name);
++ return false;
++ }
+ error_report("%s: %s in the incoming stream but unknown on the "
+ "destination: fail migration", __func__, name);
+-
+- return fail;
++ return true;
+ }
+
+ static int cpu_post_load(void *opaque, int version_id)
+diff --git a/target/arm/trace-events b/target/arm/trace-events
+index 4e2502af9f..062a011881 100644
+--- a/target/arm/trace-events
++++ b/target/arm/trace-events
+@@ -16,3 +16,5 @@ kvm_arm_fixup_msi_route(uint64_t iova, uint64_t gpa) "MSI iova = 0x%"PRIx64" is
+
+ # machine.c
+ cpu_post_load(uint32_t cpreg_vmstate_array_len, uint32_t cpreg_array_len) "cpreg_vmstate_array_len=%d cpreg_array_len=%d"
++tolerate_cpreg_missing_in_incoming_stream(char *name) "%s is missing in incoming stream but this is explicitly tolerated"
++tolerate_cpreg_only_in_incoming_stream(char *name) "%s is in incoming stream but not on destination but this is explicitly tolerated"
+--
+2.52.0
+
diff --git a/kvm-target-arm-machine-Handle-ToleranceOnlySrcTestValue-.patch b/kvm-target-arm-machine-Handle-ToleranceOnlySrcTestValue-.patch
new file mode 100644
index 0000000..734fb81
--- /dev/null
+++ b/kvm-target-arm-machine-Handle-ToleranceOnlySrcTestValue-.patch
@@ -0,0 +1,74 @@
+From ed217dda22c77ad780159755f48faf26a74531a6 Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Mon, 20 Apr 2026 16:03:53 +0200
+Subject: [PATCH 012/116] target/arm/machine: Handle ToleranceOnlySrcTestValue
+ migration tolerance
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [12/16] df44347fd53723ee81c4167e82bb85a15b94ac23 (eauger1/centos-qemu-kvm)
+
+Pass the value of the incoming register to
+handle_cpreg_only_in_incoming_stream and check whether there is
+a matching ToleranceOnlySrcTestValue tolerance.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Message-id: 20260420140552.104369-4-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit 9d2e717da4f4822ddb89c1ae78a0afd328a1f554)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/machine.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/target/arm/machine.c b/target/arm/machine.c
+index 0d749fc8fb..b75097f371 100644
+--- a/target/arm/machine.c
++++ b/target/arm/machine.c
+@@ -991,12 +991,15 @@ static void handle_cpreg_missing_in_incoming_stream(ARMCPU *cpu, uint64_t kvmidx
+ * no cpreg mig tolerance is matched for this @kvmidx
+ * Return true if the migration should eventually fail
+ */
+-static bool handle_cpreg_only_in_incoming_stream(ARMCPU *cpu, uint64_t kvmidx)
++static bool
++handle_cpreg_only_in_incoming_stream(ARMCPU *cpu, uint64_t kvmidx, uint64_t value)
+ {
+ g_autofree gchar *name = print_register_name(kvmidx);
+
+ if (arm_cpu_match_cpreg_mig_tolerance(cpu, kvmidx,
+- 0, 0, ToleranceNotOnBothEnds)) {
++ 0, 0, ToleranceNotOnBothEnds) ||
++ arm_cpu_match_cpreg_mig_tolerance(cpu, kvmidx,
++ value, 0, ToleranceOnlySrcTestValue)) {
+ trace_tolerate_cpreg_only_in_incoming_stream(name);
+ return false;
+ }
+@@ -1049,7 +1052,9 @@ static int cpu_post_load(void *opaque, int version_id)
+ }
+ if (cpu->cpreg_vmstate_indexes[v] < cpu->cpreg_indexes[i]) {
+ fail = handle_cpreg_only_in_incoming_stream(cpu,
+- cpu->cpreg_vmstate_indexes[v++]);
++ cpu->cpreg_vmstate_indexes[v],
++ cpu->cpreg_vmstate_values[v]);
++ v++;
+ continue;
+ }
+ /* matching register, copy the value over */
+@@ -1072,7 +1077,8 @@ static int cpu_post_load(void *opaque, int version_id)
+ */
+ for ( ; v < cpu->cpreg_vmstate_array_len; v++) {
+ fail = handle_cpreg_only_in_incoming_stream(cpu,
+- cpu->cpreg_vmstate_indexes[v]);
++ cpu->cpreg_vmstate_indexes[v],
++ cpu->cpreg_vmstate_values[v]);
+ }
+ if (fail) {
+ return -1;
+--
+2.52.0
+
diff --git a/kvm-target-arm-machine-Trace-all-register-mismatches.patch b/kvm-target-arm-machine-Trace-all-register-mismatches.patch
new file mode 100644
index 0000000..604e947
--- /dev/null
+++ b/kvm-target-arm-machine-Trace-all-register-mismatches.patch
@@ -0,0 +1,78 @@
+From 2ee6e5ea5ab6b435343f0585ba3dfa1cac313884 Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Fri, 6 Mar 2026 09:01:12 +0000
+Subject: [PATCH 008/116] target/arm/machine: Trace all register mismatches
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [8/16] 270563b74465e4bf42901a2f0332a61621b22123 (eauger1/centos-qemu-kvm)
+
+At the moment, cpu_post_load() exits with error on the first
+catch of unexpected register in the incoming stream. Let the code
+go further and trace all the issues before exiting.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20260304101625.1962633-7-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit e25c63c3b368118dc109e49393554f85f1203d1e)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/machine.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/target/arm/machine.c b/target/arm/machine.c
+index 36c9d9946e..70157e000b 100644
+--- a/target/arm/machine.c
++++ b/target/arm/machine.c
+@@ -971,6 +971,7 @@ static int cpu_post_load(void *opaque, int version_id)
+ {
+ ARMCPU *cpu = opaque;
+ CPUARMState *env = &cpu->env;
++ bool fail = false;
+ int i, v;
+
+ trace_cpu_post_load(cpu->cpreg_vmstate_array_len,
+@@ -1003,13 +1004,14 @@ static int cpu_post_load(void *opaque, int version_id)
+ */
+
+ for (i = 0, v = 0; i < cpu->cpreg_array_len
+- && v < cpu->cpreg_vmstate_array_len; i++) {
++ && v < cpu->cpreg_vmstate_array_len;) {
+ if (cpu->cpreg_vmstate_indexes[v] > cpu->cpreg_indexes[i]) {
+ g_autofree gchar *name = print_register_name(cpu->cpreg_indexes[i]);
+
+ warn_report("%s: %s "
+ "expected by the destination but not in the incoming stream: "
+ "skip it", __func__, name);
++ i++;
+ continue;
+ }
+ if (cpu->cpreg_vmstate_indexes[v] < cpu->cpreg_indexes[i]) {
+@@ -1017,12 +1019,18 @@ static int cpu_post_load(void *opaque, int version_id)
+
+ error_report("%s: %s in the incoming stream but unknown on the destination: "
+ "fail migration", __func__, name);
+- return -1;
++ v++;
++ fail = true;
++ continue;
+ }
+ /* matching register, copy the value over */
+ cpu->cpreg_values[i] = cpu->cpreg_vmstate_values[v];
++ i++;
+ v++;
+ }
++ if (fail) {
++ return -1;
++ }
+
+ if (kvm_enabled()) {
+ if (!kvm_arm_cpu_post_load(cpu)) {
+--
+2.52.0
+
diff --git a/kvm-target-arm-machine-Trace-cpreg-names-which-do-not-ma.patch b/kvm-target-arm-machine-Trace-cpreg-names-which-do-not-ma.patch
new file mode 100644
index 0000000..278ac52
--- /dev/null
+++ b/kvm-target-arm-machine-Trace-cpreg-names-which-do-not-ma.patch
@@ -0,0 +1,93 @@
+From 810318abdcf9574cd300350642a671cc1ba91556 Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Fri, 6 Mar 2026 09:01:12 +0000
+Subject: [PATCH 007/116] target/arm/machine: Trace cpreg names which do not
+ match on migration
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [7/16] 4fd2c91158511a672da05643c961fe55f964fe31 (eauger1/centos-qemu-kvm)
+
+Whenever there is a mismatch between cpreg indexes in the incoming
+stream and cpregs exposed by the destination output the name of
+the register. We use a print_register_name() wrapper helper. At the
+moment we are only able to do a nice decoding of the index for
+KVM regs.
+
+Without this patch, the error would be:
+qemu-system-aarch64: load of migration failed: Operation not permitted:
+error while loading state for instance 0x0 of device 'cpu': post load
+hook failed for: cpu, version_id: 22, minimum_version: 22, ret: -1
+which is not helpful for the end user to understand the actual
+issue.
+
+This patch adds the actual information about the probme:
+qemu-system-aarch64: cpu_post_load: system register
+op0:3 op1:0 crn:2 crm:0 op2:3 in the incoming stream but
+unknown on the destination, fail migration
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20260304101625.1962633-6-eric.auger@redhat.com
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit eac1e610f48923084cb07b3f1eaa05f5fedccd85)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/machine.c | 21 +++++++++++++++++++--
+ 1 file changed, 19 insertions(+), 2 deletions(-)
+
+diff --git a/target/arm/machine.c b/target/arm/machine.c
+index 5caf2885c2..36c9d9946e 100644
+--- a/target/arm/machine.c
++++ b/target/arm/machine.c
+@@ -1,5 +1,6 @@
+ #include "qemu/osdep.h"
+ #include "cpu.h"
++#include "cpregs.h"
+ #include "trace.h"
+ #include "qemu/error-report.h"
+ #include "system/kvm.h"
+@@ -957,6 +958,15 @@ static int cpu_pre_load(void *opaque)
+ return 0;
+ }
+
++static gchar *print_register_name(uint64_t kvm_regidx)
++{
++ if (kvm_enabled()) {
++ return kvm_print_register_name(kvm_regidx);
++ } else {
++ return g_strdup_printf("system register 0x%x", kvm_to_cpreg_id(kvm_regidx));
++ }
++}
++
+ static int cpu_post_load(void *opaque, int version_id)
+ {
+ ARMCPU *cpu = opaque;
+@@ -995,11 +1005,18 @@ static int cpu_post_load(void *opaque, int version_id)
+ for (i = 0, v = 0; i < cpu->cpreg_array_len
+ && v < cpu->cpreg_vmstate_array_len; i++) {
+ if (cpu->cpreg_vmstate_indexes[v] > cpu->cpreg_indexes[i]) {
+- /* register in our list but not incoming : skip it */
++ g_autofree gchar *name = print_register_name(cpu->cpreg_indexes[i]);
++
++ warn_report("%s: %s "
++ "expected by the destination but not in the incoming stream: "
++ "skip it", __func__, name);
+ continue;
+ }
+ if (cpu->cpreg_vmstate_indexes[v] < cpu->cpreg_indexes[i]) {
+- /* register in their list but not ours: fail migration */
++ g_autofree gchar *name = print_register_name(cpu->cpreg_vmstate_indexes[v]);
++
++ error_report("%s: %s in the incoming stream but unknown on the destination: "
++ "fail migration", __func__, name);
+ return -1;
+ }
+ /* matching register, copy the value over */
+--
+2.52.0
+
diff --git a/kvm-target-arm-machine-Use-VMSTATE_VARRAY_INT32_ALLOC-fo.patch b/kvm-target-arm-machine-Use-VMSTATE_VARRAY_INT32_ALLOC-fo.patch
new file mode 100644
index 0000000..5a66c3b
--- /dev/null
+++ b/kvm-target-arm-machine-Use-VMSTATE_VARRAY_INT32_ALLOC-fo.patch
@@ -0,0 +1,194 @@
+From 904bafbebc32c02ddc1906afd194f2c42c812759 Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Fri, 6 Mar 2026 09:01:12 +0000
+Subject: [PATCH 004/116] target/arm/machine: Use VMSTATE_VARRAY_INT32_ALLOC
+ for cpreg arrays
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [4/16] 833ad7f2be8a02eb811c8562d809e4cc2eedc2a6 (eauger1/centos-qemu-kvm)
+
+Conflicts:
+- contextual conflict in target/arm/trace-events as we don't have
+ cpu.c, arm-powerctl.c, tcg/psci.c and hvf/hvf.c trace events
+- target/arm/whpx/whpx-all.c does not exist downstream
+
+This removes the need for explicitly allocating cpreg_vmstate arrays.
+On post save we simply point to cpreg arrays and set the length
+accordingly.
+
+Remove VMSTATE_VARRAY_INT32 for cpreg_vmstate_array_len as now
+the array is dynamically allocated.
+
+Also add a trace point on post_load to trace potential mismatch
+between the number of incoming cpregs versus current ones.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Message-id: 20260304101625.1962633-3-eric.auger@redhat.com
+Suggested-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit ab2ddc7b662d34c242ddfcfbe35996417b047ce2)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ target/arm/helper.c | 5 -----
+ target/arm/kvm.c | 5 -----
+ target/arm/machine.c | 45 +++++++++++++++++++++++++++++------------
+ target/arm/trace-events | 3 +++
+ 4 files changed, 35 insertions(+), 23 deletions(-)
+
+diff --git a/target/arm/helper.c b/target/arm/helper.c
+index 1cff4c5a68..5e643ed6b2 100644
+--- a/target/arm/helper.c
++++ b/target/arm/helper.c
+@@ -247,15 +247,10 @@ void init_cpreg_list(ARMCPU *cpu)
+ if (arraylen) {
+ cpu->cpreg_indexes = g_new(uint64_t, arraylen);
+ cpu->cpreg_values = g_new(uint64_t, arraylen);
+- cpu->cpreg_vmstate_indexes = g_new(uint64_t, arraylen);
+- cpu->cpreg_vmstate_values = g_new(uint64_t, arraylen);
+ } else {
+ cpu->cpreg_indexes = NULL;
+ cpu->cpreg_values = NULL;
+- cpu->cpreg_vmstate_indexes = NULL;
+- cpu->cpreg_vmstate_values = NULL;
+ }
+- cpu->cpreg_vmstate_array_len = arraylen;
+ cpu->cpreg_array_len = 0;
+
+ g_hash_table_foreach(cpu->cp_regs, add_cpreg_to_list, cpu);
+diff --git a/target/arm/kvm.c b/target/arm/kvm.c
+index 5a75ff5927..5dacb304bd 100644
+--- a/target/arm/kvm.c
++++ b/target/arm/kvm.c
+@@ -805,12 +805,7 @@ static int kvm_arm_init_cpreg_list(ARMCPU *cpu)
+
+ cpu->cpreg_indexes = g_renew(uint64_t, cpu->cpreg_indexes, arraylen);
+ cpu->cpreg_values = g_renew(uint64_t, cpu->cpreg_values, arraylen);
+- cpu->cpreg_vmstate_indexes = g_renew(uint64_t, cpu->cpreg_vmstate_indexes,
+- arraylen);
+- cpu->cpreg_vmstate_values = g_renew(uint64_t, cpu->cpreg_vmstate_values,
+- arraylen);
+ cpu->cpreg_array_len = arraylen;
+- cpu->cpreg_vmstate_array_len = arraylen;
+
+ for (i = 0, arraylen = 0; i < rlp->n; i++) {
+ uint64_t regidx = rlp->reg[i];
+diff --git a/target/arm/machine.c b/target/arm/machine.c
+index 6986915bee..5caf2885c2 100644
+--- a/target/arm/machine.c
++++ b/target/arm/machine.c
+@@ -1,5 +1,6 @@
+ #include "qemu/osdep.h"
+ #include "cpu.h"
++#include "trace.h"
+ #include "qemu/error-report.h"
+ #include "system/kvm.h"
+ #include "system/tcg.h"
+@@ -894,11 +895,14 @@ static int cpu_pre_save(void *opaque)
+ }
+ }
+
++ /*
++ * On outbound migration, send the data in our cpreg_{values,indexes}
++ * arrays. The migration code will not allocate anything, but just
++ * reads the data pointed to by the VMSTATE_VARRAY_INT32_ALLOC() fields.
++ */
++ cpu->cpreg_vmstate_indexes = cpu->cpreg_indexes;
++ cpu->cpreg_vmstate_values = cpu->cpreg_values;
+ cpu->cpreg_vmstate_array_len = cpu->cpreg_array_len;
+- memcpy(cpu->cpreg_vmstate_indexes, cpu->cpreg_indexes,
+- cpu->cpreg_array_len * sizeof(uint64_t));
+- memcpy(cpu->cpreg_vmstate_values, cpu->cpreg_values,
+- cpu->cpreg_array_len * sizeof(uint64_t));
+
+ return 0;
+ }
+@@ -911,6 +915,9 @@ static int cpu_post_save(void *opaque)
+ pmu_op_finish(&cpu->env);
+ }
+
++ cpu->cpreg_vmstate_indexes = NULL;
++ cpu->cpreg_vmstate_values = NULL;
++
+ return 0;
+ }
+
+@@ -944,6 +951,9 @@ static int cpu_pre_load(void *opaque)
+ pmu_op_start(env);
+ }
+
++ g_assert(!cpu->cpreg_vmstate_indexes);
++ g_assert(!cpu->cpreg_vmstate_values);
++
+ return 0;
+ }
+
+@@ -953,6 +963,9 @@ static int cpu_post_load(void *opaque, int version_id)
+ CPUARMState *env = &cpu->env;
+ int i, v;
+
++ trace_cpu_post_load(cpu->cpreg_vmstate_array_len,
++ cpu->cpreg_array_len);
++
+ /*
+ * Handle migration compatibility from old QEMU which didn't
+ * send the irq-line-state subsection. A QEMU without it did not
+@@ -1004,6 +1017,11 @@ static int cpu_post_load(void *opaque, int version_id)
+ }
+ }
+
++ g_free(cpu->cpreg_vmstate_indexes);
++ g_free(cpu->cpreg_vmstate_values);
++ cpu->cpreg_vmstate_indexes = NULL;
++ cpu->cpreg_vmstate_values = NULL;
++
+ /*
+ * Misaligned thumb pc is architecturally impossible. Fail the
+ * incoming migration. For TCG it would trigger the assert in
+@@ -1071,16 +1089,17 @@ const VMStateDescription vmstate_arm_cpu = {
+ VMSTATE_UINT32_ARRAY(env.fiq_regs, ARMCPU, 5),
+ VMSTATE_UINT64_ARRAY(env.elr_el, ARMCPU, 4),
+ VMSTATE_UINT64_ARRAY(env.sp_el, ARMCPU, 4),
+- /* The length-check must come before the arrays to avoid
+- * incoming data possibly overflowing the array.
++ /*
++ * The length must come before the arrays so we can
++ * allocate the arrays before their data arrives
+ */
+- VMSTATE_INT32_POSITIVE_LE(cpreg_vmstate_array_len, ARMCPU),
+- VMSTATE_VARRAY_INT32(cpreg_vmstate_indexes, ARMCPU,
+- cpreg_vmstate_array_len,
+- 0, vmstate_info_uint64, uint64_t),
+- VMSTATE_VARRAY_INT32(cpreg_vmstate_values, ARMCPU,
+- cpreg_vmstate_array_len,
+- 0, vmstate_info_uint64, uint64_t),
++ VMSTATE_INT32(cpreg_vmstate_array_len, ARMCPU),
++ VMSTATE_VARRAY_INT32_ALLOC(cpreg_vmstate_indexes, ARMCPU,
++ cpreg_vmstate_array_len,
++ 0, vmstate_info_uint64, uint64_t),
++ VMSTATE_VARRAY_INT32_ALLOC(cpreg_vmstate_values, ARMCPU,
++ cpreg_vmstate_array_len,
++ 0, vmstate_info_uint64, uint64_t),
+ VMSTATE_UINT64(env.exclusive_addr, ARMCPU),
+ VMSTATE_UINT64(env.exclusive_val, ARMCPU),
+ VMSTATE_UINT64(env.exclusive_high, ARMCPU),
+diff --git a/target/arm/trace-events b/target/arm/trace-events
+index 4438dce7be..4e2502af9f 100644
+--- a/target/arm/trace-events
++++ b/target/arm/trace-events
+@@ -13,3 +13,6 @@ arm_gt_update_irq(int timer, int irqstate) "gt_update_irq: timer %d irqstate %d"
+
+ # kvm.c
+ kvm_arm_fixup_msi_route(uint64_t iova, uint64_t gpa) "MSI iova = 0x%"PRIx64" is translated into 0x%"PRIx64
++
++# machine.c
++cpu_post_load(uint32_t cpreg_vmstate_array_len, uint32_t cpreg_array_len) "cpreg_vmstate_array_len=%d cpreg_array_len=%d"
+--
+2.52.0
+
diff --git a/kvm-treewide-handle-result-of-qio_channel_set_blocking.patch b/kvm-treewide-handle-result-of-qio_channel_set_blocking.patch
new file mode 100644
index 0000000..b2b05d5
--- /dev/null
+++ b/kvm-treewide-handle-result-of-qio_channel_set_blocking.patch
@@ -0,0 +1,401 @@
+From 89171faf9a80ac41fa9a8625782503cb6570e06a Mon Sep 17 00:00:00 2001
+From: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
+Date: Tue, 16 Sep 2025 16:13:53 +0300
+Subject: [PATCH 048/116] treewide: handle result of qio_channel_set_blocking()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [32/100] 0d816a7a5efb940a01f4bba3e2a3a91f12af3cd4 (rovick1/qemu-kvm)
+
+Currently, we just always pass NULL as errp argument. That doesn't
+look good.
+
+Some realizations of interface may actually report errors.
+Channel-socket realization actually either ignore or crash on
+errors, but we are going to straighten it out to always reporting
+an errp in further commits.
+
+So, convert all callers to either handle the error (where environment
+allows) or explicitly use &error_abort.
+
+Take also a chance to change the return value to more convenient
+bool (keeping also in mind, that underlying realizations may
+return -1 on failure, not -errno).
+
+Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
+[DB: fix return type mismatch in TLS/websocket channel
+ impls for qio_channel_set_blocking]
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 1ed8903916394fca2347c700da974ca3856274b2)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ block/nbd.c | 4 +++-
+ chardev/char-socket.c | 20 ++++++++++++++++----
+ hw/remote/proxy.c | 6 +++++-
+ hw/remote/remote-obj.c | 6 +++++-
+ hw/vfio-user/proxy.c | 11 ++++++++---
+ include/io/channel.h | 6 +++---
+ io/channel-tls.c | 2 +-
+ io/channel-websock.c | 3 +--
+ io/channel.c | 4 ++--
+ nbd/server.c | 4 +++-
+ scsi/qemu-pr-helper.c | 9 ++++++---
+ tests/unit/io-channel-helpers.c | 5 +++--
+ tests/unit/test-io-channel-tls.c | 4 ++--
+ tools/i386/qemu-vmsr-helper.c | 6 ++++--
+ ui/vnc.c | 2 +-
+ util/vhost-user-server.c | 7 ++++++-
+ 16 files changed, 69 insertions(+), 30 deletions(-)
+
+diff --git a/block/nbd.c b/block/nbd.c
+index d5a2b21c6d..5d231d5c4e 100644
+--- a/block/nbd.c
++++ b/block/nbd.c
+@@ -351,7 +351,9 @@ int coroutine_fn nbd_co_do_establish_connection(BlockDriverState *bs,
+ return ret;
+ }
+
+- qio_channel_set_blocking(s->ioc, false, NULL);
++ if (!qio_channel_set_blocking(s->ioc, false, errp)) {
++ return -EINVAL;
++ }
+ qio_channel_set_follow_coroutine_ctx(s->ioc, true);
+
+ /* successfully connected */
+diff --git a/chardev/char-socket.c b/chardev/char-socket.c
+index 1e8313915b..f155269890 100644
+--- a/chardev/char-socket.c
++++ b/chardev/char-socket.c
+@@ -539,16 +539,24 @@ static int tcp_chr_sync_read(Chardev *chr, const uint8_t *buf, int len)
+ SocketChardev *s = SOCKET_CHARDEV(chr);
+ int size;
+ int saved_errno;
++ Error *local_err = NULL;
+
+ if (s->state != TCP_CHARDEV_STATE_CONNECTED) {
+ return 0;
+ }
+
+- qio_channel_set_blocking(s->ioc, true, NULL);
++ if (!qio_channel_set_blocking(s->ioc, true, &local_err)) {
++ error_report_err(local_err);
++ return -1;
++ }
+ size = tcp_chr_recv(chr, (void *) buf, len);
+ saved_errno = errno;
+ if (s->state != TCP_CHARDEV_STATE_DISCONNECTED) {
+- qio_channel_set_blocking(s->ioc, false, NULL);
++ if (!qio_channel_set_blocking(s->ioc, false, &local_err)) {
++ error_report_err(local_err);
++ /* failed to recover non-blocking state */
++ tcp_chr_disconnect(chr);
++ }
+ }
+ if (size == 0) {
+ /* connection closed */
+@@ -893,18 +901,22 @@ static void tcp_chr_set_client_ioc_name(Chardev *chr,
+ static int tcp_chr_new_client(Chardev *chr, QIOChannelSocket *sioc)
+ {
+ SocketChardev *s = SOCKET_CHARDEV(chr);
++ Error *local_err = NULL;
+
+ if (s->state != TCP_CHARDEV_STATE_CONNECTING) {
+ return -1;
+ }
+
++ if (!qio_channel_set_blocking(QIO_CHANNEL(sioc), false, &local_err)) {
++ error_report_err(local_err);
++ return -1;
++ }
++
+ s->ioc = QIO_CHANNEL(sioc);
+ object_ref(OBJECT(sioc));
+ s->sioc = sioc;
+ object_ref(OBJECT(sioc));
+
+- qio_channel_set_blocking(s->ioc, false, NULL);
+-
+ if (s->do_nodelay) {
+ qio_channel_set_delay(s->ioc, false);
+ }
+diff --git a/hw/remote/proxy.c b/hw/remote/proxy.c
+index b0165aa2a1..18e0f7a064 100644
+--- a/hw/remote/proxy.c
++++ b/hw/remote/proxy.c
+@@ -112,8 +112,12 @@ static void pci_proxy_dev_realize(PCIDevice *device, Error **errp)
+ return;
+ }
+
++ if (!qio_channel_set_blocking(dev->ioc, true, errp)) {
++ object_unref(dev->ioc);
++ return;
++ }
++
+ qemu_mutex_init(&dev->io_mutex);
+- qio_channel_set_blocking(dev->ioc, true, NULL);
+
+ pci_conf[PCI_LATENCY_TIMER] = 0xff;
+ pci_conf[PCI_INTERRUPT_PIN] = 0x01;
+diff --git a/hw/remote/remote-obj.c b/hw/remote/remote-obj.c
+index 85882902d7..3402068ab9 100644
+--- a/hw/remote/remote-obj.c
++++ b/hw/remote/remote-obj.c
+@@ -107,7 +107,11 @@ static void remote_object_machine_done(Notifier *notifier, void *data)
+ error_report_err(err);
+ return;
+ }
+- qio_channel_set_blocking(ioc, false, NULL);
++ if (!qio_channel_set_blocking(ioc, false, &err)) {
++ error_report_err(err);
++ object_unref(OBJECT(ioc));
++ return;
++ }
+
+ o->dev = dev;
+
+diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c
+index 2c03d49f97..bbd7ec243d 100644
+--- a/hw/vfio-user/proxy.c
++++ b/hw/vfio-user/proxy.c
+@@ -886,10 +886,11 @@ VFIOUserProxy *vfio_user_connect_dev(SocketAddress *addr, Error **errp)
+ sioc = qio_channel_socket_new();
+ ioc = QIO_CHANNEL(sioc);
+ if (qio_channel_socket_connect_sync(sioc, addr, errp) < 0) {
+- object_unref(OBJECT(ioc));
+- return NULL;
++ goto fail;
++ }
++ if (!qio_channel_set_blocking(ioc, false, errp)) {
++ goto fail;
+ }
+- qio_channel_set_blocking(ioc, false, NULL);
+
+ proxy = g_malloc0(sizeof(VFIOUserProxy));
+ proxy->sockname = g_strdup_printf("unix:%s", sockname);
+@@ -923,6 +924,10 @@ VFIOUserProxy *vfio_user_connect_dev(SocketAddress *addr, Error **errp)
+ QLIST_INSERT_HEAD(&vfio_user_sockets, proxy, next);
+
+ return proxy;
++
++fail:
++ object_unref(OBJECT(ioc));
++ return NULL;
+ }
+
+ void vfio_user_set_handler(VFIODevice *vbasedev,
+diff --git a/include/io/channel.h b/include/io/channel.h
+index 234e5db70d..6770d2ce35 100644
+--- a/include/io/channel.h
++++ b/include/io/channel.h
+@@ -513,9 +513,9 @@ int coroutine_mixed_fn qio_channel_write_all(QIOChannel *ioc,
+ * return QIO_CHANNEL_ERR_BLOCK if they would otherwise
+ * block on I/O
+ */
+-int qio_channel_set_blocking(QIOChannel *ioc,
+- bool enabled,
+- Error **errp);
++bool qio_channel_set_blocking(QIOChannel *ioc,
++ bool enabled,
++ Error **errp);
+
+ /**
+ * qio_channel_set_follow_coroutine_ctx:
+diff --git a/io/channel-tls.c b/io/channel-tls.c
+index a8248a9216..7135896f79 100644
+--- a/io/channel-tls.c
++++ b/io/channel-tls.c
+@@ -425,7 +425,7 @@ static int qio_channel_tls_set_blocking(QIOChannel *ioc,
+ {
+ QIOChannelTLS *tioc = QIO_CHANNEL_TLS(ioc);
+
+- return qio_channel_set_blocking(tioc->master, enabled, errp);
++ return qio_channel_set_blocking(tioc->master, enabled, errp) ? 0 : -1;
+ }
+
+ static void qio_channel_tls_set_delay(QIOChannel *ioc,
+diff --git a/io/channel-websock.c b/io/channel-websock.c
+index ec5e09f9ab..cb4dafdebb 100644
+--- a/io/channel-websock.c
++++ b/io/channel-websock.c
+@@ -1191,8 +1191,7 @@ static int qio_channel_websock_set_blocking(QIOChannel *ioc,
+ {
+ QIOChannelWebsock *wioc = QIO_CHANNEL_WEBSOCK(ioc);
+
+- qio_channel_set_blocking(wioc->master, enabled, errp);
+- return 0;
++ return qio_channel_set_blocking(wioc->master, enabled, errp) ? 0 : -1;
+ }
+
+ static void qio_channel_websock_set_delay(QIOChannel *ioc,
+diff --git a/io/channel.c b/io/channel.c
+index ebd9322765..852e684938 100644
+--- a/io/channel.c
++++ b/io/channel.c
+@@ -359,12 +359,12 @@ int coroutine_mixed_fn qio_channel_write_all(QIOChannel *ioc,
+ }
+
+
+-int qio_channel_set_blocking(QIOChannel *ioc,
++bool qio_channel_set_blocking(QIOChannel *ioc,
+ bool enabled,
+ Error **errp)
+ {
+ QIOChannelClass *klass = QIO_CHANNEL_GET_CLASS(ioc);
+- return klass->io_set_blocking(ioc, enabled, errp);
++ return klass->io_set_blocking(ioc, enabled, errp) == 0;
+ }
+
+
+diff --git a/nbd/server.c b/nbd/server.c
+index d242be9811..acec0487a8 100644
+--- a/nbd/server.c
++++ b/nbd/server.c
+@@ -1411,7 +1411,9 @@ static coroutine_fn int nbd_negotiate(NBDClient *client, Error **errp)
+ ....options sent, ending in NBD_OPT_EXPORT_NAME or NBD_OPT_GO....
+ */
+
+- qio_channel_set_blocking(client->ioc, false, NULL);
++ if (!qio_channel_set_blocking(client->ioc, false, errp)) {
++ return -EINVAL;
++ }
+ qio_channel_set_follow_coroutine_ctx(client->ioc, true);
+
+ trace_nbd_negotiate_begin();
+diff --git a/scsi/qemu-pr-helper.c b/scsi/qemu-pr-helper.c
+index b69dd982d6..074b4db472 100644
+--- a/scsi/qemu-pr-helper.c
++++ b/scsi/qemu-pr-helper.c
+@@ -733,8 +733,11 @@ static void coroutine_fn prh_co_entry(void *opaque)
+ uint32_t flags;
+ int r;
+
+- qio_channel_set_blocking(QIO_CHANNEL(client->ioc),
+- false, NULL);
++ if (!qio_channel_set_blocking(QIO_CHANNEL(client->ioc),
++ false, &local_err)) {
++ goto out;
++ }
++
+ qio_channel_set_follow_coroutine_ctx(QIO_CHANNEL(client->ioc), true);
+
+ /* A very simple negotiation for future extensibility. No features
+@@ -786,6 +789,7 @@ static void coroutine_fn prh_co_entry(void *opaque)
+ }
+ }
+
++out:
+ if (local_err) {
+ if (verbose == 0) {
+ error_free(local_err);
+@@ -794,7 +798,6 @@ static void coroutine_fn prh_co_entry(void *opaque)
+ }
+ }
+
+-out:
+ object_unref(OBJECT(client->ioc));
+ g_free(client);
+ }
+diff --git a/tests/unit/io-channel-helpers.c b/tests/unit/io-channel-helpers.c
+index c0799c21c2..22b42d14cd 100644
+--- a/tests/unit/io-channel-helpers.c
++++ b/tests/unit/io-channel-helpers.c
+@@ -20,6 +20,7 @@
+
+ #include "qemu/osdep.h"
+ #include "io-channel-helpers.h"
++#include "qapi/error.h"
+ #include "qemu/iov.h"
+
+ struct QIOChannelTest {
+@@ -109,8 +110,8 @@ void qio_channel_test_run_threads(QIOChannelTest *test,
+ test->src = src;
+ test->dst = dst;
+
+- qio_channel_set_blocking(test->dst, blocking, NULL);
+- qio_channel_set_blocking(test->src, blocking, NULL);
++ qio_channel_set_blocking(test->dst, blocking, &error_abort);
++ qio_channel_set_blocking(test->src, blocking, &error_abort);
+
+ reader = g_thread_new("reader",
+ test_io_thread_reader,
+diff --git a/tests/unit/test-io-channel-tls.c b/tests/unit/test-io-channel-tls.c
+index e036ac5df4..6f282ad45d 100644
+--- a/tests/unit/test-io-channel-tls.c
++++ b/tests/unit/test-io-channel-tls.c
+@@ -184,8 +184,8 @@ static void test_io_channel_tls(const void *opaque)
+ * thread, so we need these non-blocking to avoid deadlock
+ * of ourselves
+ */
+- qio_channel_set_blocking(QIO_CHANNEL(clientChanSock), false, NULL);
+- qio_channel_set_blocking(QIO_CHANNEL(serverChanSock), false, NULL);
++ qio_channel_set_blocking(QIO_CHANNEL(clientChanSock), false, &error_abort);
++ qio_channel_set_blocking(QIO_CHANNEL(serverChanSock), false, &error_abort);
+
+ /* Now the real part of the test, setup the sessions */
+ clientChanTLS = qio_channel_tls_new_client(
+diff --git a/tools/i386/qemu-vmsr-helper.c b/tools/i386/qemu-vmsr-helper.c
+index 5f19a48cbd..6c0f4fe870 100644
+--- a/tools/i386/qemu-vmsr-helper.c
++++ b/tools/i386/qemu-vmsr-helper.c
+@@ -213,8 +213,10 @@ static void coroutine_fn vh_co_entry(void *opaque)
+ uint64_t vmsr;
+ int r;
+
+- qio_channel_set_blocking(QIO_CHANNEL(client->ioc),
+- false, NULL);
++ if (!qio_channel_set_blocking(QIO_CHANNEL(client->ioc),
++ false, &local_err)) {
++ goto out;
++ }
+
+ qio_channel_set_follow_coroutine_ctx(QIO_CHANNEL(client->ioc), true);
+
+diff --git a/ui/vnc.c b/ui/vnc.c
+index 68ca4a68e7..8ca77b2971 100644
+--- a/ui/vnc.c
++++ b/ui/vnc.c
+@@ -3337,7 +3337,7 @@ static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
+
+ VNC_DEBUG("New client on socket %p\n", vs->sioc);
+ update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
+- qio_channel_set_blocking(vs->ioc, false, NULL);
++ qio_channel_set_blocking(vs->ioc, false, &error_abort);
+ if (vs->ioc_tag) {
+ g_source_remove(vs->ioc_tag);
+ }
+diff --git a/util/vhost-user-server.c b/util/vhost-user-server.c
+index b19229074a..d805a92394 100644
+--- a/util/vhost-user-server.c
++++ b/util/vhost-user-server.c
+@@ -336,6 +336,7 @@ static void vu_accept(QIONetListener *listener, QIOChannelSocket *sioc,
+ gpointer opaque)
+ {
+ VuServer *server = opaque;
++ Error *local_err = NULL;
+
+ if (server->sioc) {
+ warn_report("Only one vhost-user client is allowed to "
+@@ -368,7 +369,11 @@ static void vu_accept(QIONetListener *listener, QIOChannelSocket *sioc,
+ object_ref(OBJECT(server->ioc));
+
+ /* TODO vu_message_write() spins if non-blocking! */
+- qio_channel_set_blocking(server->ioc, false, NULL);
++ if (!qio_channel_set_blocking(server->ioc, false, &local_err)) {
++ error_report_err(local_err);
++ vu_deinit(&server->vu_dev);
++ return;
++ }
+
+ qio_channel_set_follow_coroutine_ctx(server->ioc, true);
+
+--
+2.52.0
+
diff --git a/kvm-vfio-Clean-up-includes.patch b/kvm-vfio-Clean-up-includes.patch
new file mode 100644
index 0000000..161f61a
--- /dev/null
+++ b/kvm-vfio-Clean-up-includes.patch
@@ -0,0 +1,155 @@
+From eafa7ec2363234dec4a325405c3f05b7f3e30c72 Mon Sep 17 00:00:00 2001
+From: Peter Maydell <peter.maydell@linaro.org>
+Date: Tue, 4 Nov 2025 16:09:42 +0000
+Subject: [PATCH 105/116] vfio: Clean up includes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [89/100] 66f086acae0b63d2e4a589529bb52d2a33ba7fe3 (rovick1/qemu-kvm)
+
+This commit was created with scripts/clean-includes:
+ ./scripts/clean-includes --git vfio hw/vfio hw/vfio-user
+
+All .c should include qemu/osdep.h first. The script performs three
+related cleanups:
+
+* Ensure .c files include qemu/osdep.h first.
+* Including it in a .h is redundant, since the .c already includes
+ it. Drop such inclusions.
+* Likewise, including headers qemu/osdep.h includes is redundant.
+ Drop these, too.
+
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Message-id: 20251104160943.751997-9-peter.maydell@linaro.org
+(cherry picked from commit b1f4f4695c96bb8e20a00e82d1868b5b018002bc)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/container.c | 2 +-
+ hw/vfio-user/container.h | 1 -
+ hw/vfio-user/device.h | 1 -
+ hw/vfio-user/pci.c | 2 +-
+ hw/vfio/ap.c | 1 -
+ hw/vfio/container.c | 2 +-
+ hw/vfio/cpr-legacy.c | 2 +-
+ hw/vfio/pci-quirks.h | 1 -
+ 8 files changed, 4 insertions(+), 8 deletions(-)
+
+diff --git a/hw/vfio-user/container.c b/hw/vfio-user/container.c
+index e45192fef6..dab7a23224 100644
+--- a/hw/vfio-user/container.c
++++ b/hw/vfio-user/container.c
+@@ -6,9 +6,9 @@
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
++#include "qemu/osdep.h"
+ #include <sys/ioctl.h>
+ #include <linux/vfio.h>
+-#include "qemu/osdep.h"
+
+ #include "hw/vfio-user/container.h"
+ #include "hw/vfio-user/device.h"
+diff --git a/hw/vfio-user/container.h b/hw/vfio-user/container.h
+index a2b42e3169..c952e09063 100644
+--- a/hw/vfio-user/container.h
++++ b/hw/vfio-user/container.h
+@@ -7,7 +7,6 @@
+ #ifndef HW_VFIO_USER_CONTAINER_H
+ #define HW_VFIO_USER_CONTAINER_H
+
+-#include "qemu/osdep.h"
+
+ #include "hw/vfio/vfio-container.h"
+ #include "hw/vfio-user/proxy.h"
+diff --git a/hw/vfio-user/device.h b/hw/vfio-user/device.h
+index d183a3950e..49c05848f1 100644
+--- a/hw/vfio-user/device.h
++++ b/hw/vfio-user/device.h
+@@ -9,7 +9,6 @@
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+-#include "qemu/osdep.h"
+ #include "linux/vfio.h"
+
+ #include "hw/vfio-user/proxy.h"
+diff --git a/hw/vfio-user/pci.c b/hw/vfio-user/pci.c
+index b53ed3b456..353d07e781 100644
+--- a/hw/vfio-user/pci.c
++++ b/hw/vfio-user/pci.c
+@@ -6,8 +6,8 @@
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+-#include <sys/ioctl.h>
+ #include "qemu/osdep.h"
++#include <sys/ioctl.h>
+ #include "qapi-visit-sockets.h"
+ #include "qemu/error-report.h"
+
+diff --git a/hw/vfio/ap.c b/hw/vfio/ap.c
+index 7719f24579..3368ac8915 100644
+--- a/hw/vfio/ap.c
++++ b/hw/vfio/ap.c
+@@ -10,7 +10,6 @@
+ * directory.
+ */
+
+-#include <stdbool.h>
+ #include "qemu/osdep.h"
+ #include CONFIG_DEVICES /* CONFIG_IOMMUFD */
+ #include <linux/vfio.h>
+diff --git a/hw/vfio/container.c b/hw/vfio/container.c
+index 41de343924..cc0367ecc4 100644
+--- a/hw/vfio/container.c
++++ b/hw/vfio/container.c
+@@ -10,10 +10,10 @@
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
++#include "qemu/osdep.h"
+ #include <sys/ioctl.h>
+ #include <linux/vfio.h>
+
+-#include "qemu/osdep.h"
+ #include "system/tcg.h"
+ #include "system/ram_addr.h"
+ #include "qapi/error.h"
+diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c
+index 7184c93991..273b597880 100644
+--- a/hw/vfio/cpr-legacy.c
++++ b/hw/vfio/cpr-legacy.c
+@@ -4,9 +4,9 @@
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
++#include "qemu/osdep.h"
+ #include <sys/ioctl.h>
+ #include <linux/vfio.h>
+-#include "qemu/osdep.h"
+ #include "hw/vfio/vfio-container-legacy.h"
+ #include "hw/vfio/vfio-device.h"
+ #include "hw/vfio/vfio-listener.h"
+diff --git a/hw/vfio/pci-quirks.h b/hw/vfio/pci-quirks.h
+index d1532e379b..a6282e063a 100644
+--- a/hw/vfio/pci-quirks.h
++++ b/hw/vfio/pci-quirks.h
+@@ -12,7 +12,6 @@
+ #ifndef HW_VFIO_VFIO_PCI_QUIRKS_H
+ #define HW_VFIO_VFIO_PCI_QUIRKS_H
+
+-#include "qemu/osdep.h"
+ #include "exec/memop.h"
+
+ /*
+--
+2.52.0
+
diff --git a/kvm-vfio-Do-not-unparent-in-instance_finalize.patch b/kvm-vfio-Do-not-unparent-in-instance_finalize.patch
new file mode 100644
index 0000000..d401778
--- /dev/null
+++ b/kvm-vfio-Do-not-unparent-in-instance_finalize.patch
@@ -0,0 +1,90 @@
+From 0d033fb85e813db89680dea1383427ac46e38fe9 Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
+Date: Wed, 24 Sep 2025 13:37:25 +0900
+Subject: [PATCH 050/116] vfio: Do not unparent in instance_finalize()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [34/100] 7c40971f01b26c9c77dfd2ada8856fec16529ebf (rovick1/qemu-kvm)
+
+Children are automatically unparented so manually unparenting is
+unnecessary.
+
+Worse, automatic unparenting happens before the instance_finalize()
+callback of the parent gets called, so object_unparent() calls in
+the callback will refer to objects that are already unparented, which
+is semantically incorrect.
+
+Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Link: https://lore.kernel.org/r/20250924-use-v4-6-07c6c598f53d@rsg.ci.i.u-tokyo.ac.jp
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit 9b80f8a8e758b427501e6bcbcb114ae45ff68387)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci-quirks.c | 9 +--------
+ hw/vfio/region.c | 3 ---
+ 2 files changed, 1 insertion(+), 11 deletions(-)
+
+diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
+index c97606dbf1..b5da6afbf5 100644
+--- a/hw/vfio/pci-quirks.c
++++ b/hw/vfio/pci-quirks.c
+@@ -1159,15 +1159,12 @@ void vfio_vga_quirk_exit(VFIOPCIDevice *vdev)
+
+ void vfio_vga_quirk_finalize(VFIOPCIDevice *vdev)
+ {
+- int i, j;
++ int i;
+
+ for (i = 0; i < ARRAY_SIZE(vdev->vga->region); i++) {
+ while (!QLIST_EMPTY(&vdev->vga->region[i].quirks)) {
+ VFIOQuirk *quirk = QLIST_FIRST(&vdev->vga->region[i].quirks);
+ QLIST_REMOVE(quirk, next);
+- for (j = 0; j < quirk->nr_mem; j++) {
+- object_unparent(OBJECT(&quirk->mem[j]));
+- }
+ g_free(quirk->mem);
+ g_free(quirk->data);
+ g_free(quirk);
+@@ -1207,14 +1204,10 @@ void vfio_bar_quirk_exit(VFIOPCIDevice *vdev, int nr)
+ void vfio_bar_quirk_finalize(VFIOPCIDevice *vdev, int nr)
+ {
+ VFIOBAR *bar = &vdev->bars[nr];
+- int i;
+
+ while (!QLIST_EMPTY(&bar->quirks)) {
+ VFIOQuirk *quirk = QLIST_FIRST(&bar->quirks);
+ QLIST_REMOVE(quirk, next);
+- for (i = 0; i < quirk->nr_mem; i++) {
+- object_unparent(OBJECT(&quirk->mem[i]));
+- }
+ g_free(quirk->mem);
+ g_free(quirk->data);
+ g_free(quirk);
+diff --git a/hw/vfio/region.c b/hw/vfio/region.c
+index d04c57db63..b165ab0b93 100644
+--- a/hw/vfio/region.c
++++ b/hw/vfio/region.c
+@@ -365,12 +365,9 @@ void vfio_region_finalize(VFIORegion *region)
+ for (i = 0; i < region->nr_mmaps; i++) {
+ if (region->mmaps[i].mmap) {
+ munmap(region->mmaps[i].mmap, region->mmaps[i].size);
+- object_unparent(OBJECT(®ion->mmaps[i].mem));
+ }
+ }
+
+- object_unparent(OBJECT(region->mem));
+-
+ g_free(region->mem);
+ g_free(region->mmaps);
+
+--
+2.52.0
+
diff --git a/kvm-vfio-Introduce-helper-vfio_pci_from_vfio_device.patch b/kvm-vfio-Introduce-helper-vfio_pci_from_vfio_device.patch
new file mode 100644
index 0000000..082b6d7
--- /dev/null
+++ b/kvm-vfio-Introduce-helper-vfio_pci_from_vfio_device.patch
@@ -0,0 +1,153 @@
+From 7bb99b469a3438c358c0027703e4b01935e7dfab Mon Sep 17 00:00:00 2001
+From: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Date: Fri, 22 Aug 2025 02:40:42 -0400
+Subject: [PATCH 028/116] vfio: Introduce helper vfio_pci_from_vfio_device()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [12/100] 16eb1e58aa0767917fd2a31368388495f721b2b9 (rovick1/qemu-kvm)
+
+Introduce helper vfio_pci_from_vfio_device() to transform from VFIODevice
+to VFIOPCIDevice, also to hide low level VFIO_DEVICE_TYPE_PCI type check.
+
+Suggested-by: Cédric Le Goater <clg@redhat.com>
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250822064101.123526-5-zhenzhong.duan@intel.com
+[ clg: Added documentation ]
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit bb1a6f1f43374a1850c314c4d0e945667d013d07)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/container.c | 4 ++--
+ hw/vfio/device.c | 2 +-
+ hw/vfio/iommufd.c | 4 ++--
+ hw/vfio/listener.c | 4 ++--
+ hw/vfio/pci.c | 9 +++++++++
+ hw/vfio/pci.h | 12 ++++++++++++
+ 6 files changed, 28 insertions(+), 7 deletions(-)
+
+diff --git a/hw/vfio/container.c b/hw/vfio/container.c
+index b912b9396b..c1554c1fd1 100644
+--- a/hw/vfio/container.c
++++ b/hw/vfio/container.c
+@@ -1101,7 +1101,7 @@ static int vfio_legacy_pci_hot_reset(VFIODevice *vbasedev, bool single)
+ /* Prep dependent devices for reset and clear our marker. */
+ QLIST_FOREACH(vbasedev_iter, &group->device_list, next) {
+ if (!vbasedev_iter->dev->realized ||
+- vbasedev_iter->type != VFIO_DEVICE_TYPE_PCI) {
++ !vfio_pci_from_vfio_device(vbasedev_iter)) {
+ continue;
+ }
+ tmp = container_of(vbasedev_iter, VFIOPCIDevice, vbasedev);
+@@ -1186,7 +1186,7 @@ out:
+
+ QLIST_FOREACH(vbasedev_iter, &group->device_list, next) {
+ if (!vbasedev_iter->dev->realized ||
+- vbasedev_iter->type != VFIO_DEVICE_TYPE_PCI) {
++ !vfio_pci_from_vfio_device(vbasedev_iter)) {
+ continue;
+ }
+ tmp = container_of(vbasedev_iter, VFIOPCIDevice, vbasedev);
+diff --git a/hw/vfio/device.c b/hw/vfio/device.c
+index 7ebf41c95e..412678a1f6 100644
+--- a/hw/vfio/device.c
++++ b/hw/vfio/device.c
+@@ -129,7 +129,7 @@ static inline const char *action_to_str(int action)
+
+ static const char *index_to_str(VFIODevice *vbasedev, int index)
+ {
+- if (vbasedev->type != VFIO_DEVICE_TYPE_PCI) {
++ if (!vfio_pci_from_vfio_device(vbasedev)) {
+ return NULL;
+ }
+
+diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
+index dbcd861b27..65b94aaa00 100644
+--- a/hw/vfio/iommufd.c
++++ b/hw/vfio/iommufd.c
+@@ -738,8 +738,8 @@ iommufd_cdev_dep_get_realized_vpdev(struct vfio_pci_dependent_device *dep_dev,
+ }
+
+ vbasedev_tmp = iommufd_cdev_pci_find_by_devid(dep_dev->devid);
+- if (!vbasedev_tmp || !vbasedev_tmp->dev->realized ||
+- vbasedev_tmp->type != VFIO_DEVICE_TYPE_PCI) {
++ if (!vfio_pci_from_vfio_device(vbasedev_tmp) ||
++ !vbasedev_tmp->dev->realized) {
+ return NULL;
+ }
+
+diff --git a/hw/vfio/listener.c b/hw/vfio/listener.c
+index c244be5e21..e093833165 100644
+--- a/hw/vfio/listener.c
++++ b/hw/vfio/listener.c
+@@ -453,7 +453,7 @@ static void vfio_device_error_append(VFIODevice *vbasedev, Error **errp)
+ * MMIO region mapping failures are not fatal but in this case PCI
+ * peer-to-peer transactions are broken.
+ */
+- if (vbasedev && vbasedev->type == VFIO_DEVICE_TYPE_PCI) {
++ if (vfio_pci_from_vfio_device(vbasedev)) {
+ error_append_hint(errp, "%s: PCI peer-to-peer transactions "
+ "on BARs are not supported.\n", vbasedev->name);
+ }
+@@ -759,7 +759,7 @@ static bool vfio_section_is_vfio_pci(MemoryRegionSection *section,
+ owner = memory_region_owner(section->mr);
+
+ QLIST_FOREACH(vbasedev, &bcontainer->device_list, container_next) {
+- if (vbasedev->type != VFIO_DEVICE_TYPE_PCI) {
++ if (!vfio_pci_from_vfio_device(vbasedev)) {
+ continue;
+ }
+ pcidev = container_of(vbasedev, VFIOPCIDevice, vbasedev);
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index 7c057ee2f9..58ab1116d8 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -2836,6 +2836,15 @@ static int vfio_pci_load_config(VFIODevice *vbasedev, QEMUFile *f)
+ return ret;
+ }
+
++/* Transform from VFIODevice to VFIOPCIDevice. Return NULL if fails. */
++VFIOPCIDevice *vfio_pci_from_vfio_device(VFIODevice *vbasedev)
++{
++ if (vbasedev && vbasedev->type == VFIO_DEVICE_TYPE_PCI) {
++ return container_of(vbasedev, VFIOPCIDevice, vbasedev);
++ }
++ return NULL;
++}
++
+ void vfio_sub_page_bar_update_mappings(VFIOPCIDevice *vdev)
+ {
+ PCIDevice *pdev = &vdev->pdev;
+diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
+index 056f5e12cf..e3ab3fe1f7 100644
+--- a/hw/vfio/pci.h
++++ b/hw/vfio/pci.h
+@@ -227,6 +227,18 @@ void vfio_pci_write_config(PCIDevice *pdev,
+ uint64_t vfio_vga_read(void *opaque, hwaddr addr, unsigned size);
+ void vfio_vga_write(void *opaque, hwaddr addr, uint64_t data, unsigned size);
+
++/**
++ * vfio_pci_from_vfio_device: Transform from VFIODevice to
++ * VFIOPCIDevice
++ *
++ * This function checks if the given @vbasedev is a VFIO PCI device.
++ * If it is, it returns the containing VFIOPCIDevice.
++ *
++ * @vbasedev: The VFIODevice to transform
++ *
++ * Return: The VFIOPCIDevice on success, NULL on failure.
++ */
++VFIOPCIDevice *vfio_pci_from_vfio_device(VFIODevice *vbasedev);
+ void vfio_sub_page_bar_update_mappings(VFIOPCIDevice *vdev);
+ bool vfio_opt_rom_in_denylist(VFIOPCIDevice *vdev);
+ bool vfio_config_quirk_setup(VFIOPCIDevice *vdev, Error **errp);
+--
+2.52.0
+
diff --git a/kvm-vfio-Move-vfio-region.h-under-hw-vfio.patch b/kvm-vfio-Move-vfio-region.h-under-hw-vfio.patch
new file mode 100644
index 0000000..1b76b5e
--- /dev/null
+++ b/kvm-vfio-Move-vfio-region.h-under-hw-vfio.patch
@@ -0,0 +1,36 @@
+From 9a4b3f0996a325625a05d0cea8f1f8077b2b94bf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com>
+Date: Mon, 1 Sep 2025 08:46:31 +0200
+Subject: [PATCH 024/116] vfio: Move vfio-region.h under hw/vfio/
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [8/100] f7d96a2b1d562aa26f3e13acdcc757b4f8c2e66e (rovick1/qemu-kvm)
+
+Since the removal of vfio-platform, header file vfio-region.h no
+longer needs to be a public VFIO interface. Move it under hw/vfio.
+
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250901064631.530723-9-clg@redhat.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit e7a47f717718441b546090fe3fa91e2705ca125b)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ {include/hw => hw}/vfio/vfio-region.h | 0
+ 1 file changed, 0 insertions(+), 0 deletions(-)
+ rename {include/hw => hw}/vfio/vfio-region.h (100%)
+
+diff --git a/include/hw/vfio/vfio-region.h b/hw/vfio/vfio-region.h
+similarity index 100%
+rename from include/hw/vfio/vfio-region.h
+rename to hw/vfio/vfio-region.h
+--
+2.52.0
+
diff --git a/kvm-vfio-Remove-vfio-amd-xgbe-device.patch b/kvm-vfio-Remove-vfio-amd-xgbe-device.patch
new file mode 100644
index 0000000..c1d9f13
--- /dev/null
+++ b/kvm-vfio-Remove-vfio-amd-xgbe-device.patch
@@ -0,0 +1,623 @@
+From 6b84e6bbd52027202cf01b0ed15cc71fb524f530 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com>
+Date: Mon, 1 Sep 2025 08:46:28 +0200
+Subject: [PATCH 020/116] vfio: Remove 'vfio-amd-xgbe' device
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [4/100] d0b2ea5bf9e57ff19692d57c19f301d47d653240 (rovick1/qemu-kvm)
+
+Conflicts:
+ hw/arm/virt.c: due to the downstream-only handling of RAMFB
+ hw/core/sysbus-fdt.c: downstream 60e7ac0c41c2 ("vfio: rename
+field to "num_initial_regions") touches sysbus-fdt.c. Anyway that code
+is removed
+
+The VFIO_AMD_XGBE device type has been deprecated in the QEMU 10.0
+timeframe. The AMD "Seattle" device is not supported anymore. Remove it.
+
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250901064631.530723-6-clg@redhat.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit aeb1a50d4a7f464a8ff0a66e0beec2a5e1ef6342)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ docs/about/deprecated.rst | 6 -
+ docs/about/removed-features.rst | 9 +
+ docs/devel/kconfig.rst | 1 -
+ hw/arm/Kconfig | 1 -
+ hw/arm/virt.c | 2 -
+ hw/core/sysbus-fdt.c | 315 --------------------------------
+ hw/vfio/Kconfig | 5 -
+ hw/vfio/amd-xgbe.c | 61 -------
+ hw/vfio/meson.build | 1 -
+ include/hw/vfio/vfio-amd-xgbe.h | 46 -----
+ 10 files changed, 9 insertions(+), 438 deletions(-)
+ delete mode 100644 hw/vfio/amd-xgbe.c
+ delete mode 100644 include/hw/vfio/vfio-amd-xgbe.h
+
+diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
+index d50645a071..631871ffc8 100644
+--- a/docs/about/deprecated.rst
++++ b/docs/about/deprecated.rst
+@@ -526,12 +526,6 @@ The vfio-calxeda-xgmac device allows to assign a host Calxeda Highbank
+ string) to a guest. Calxeda HW has been ewasted now and there is no point
+ keeping that device.
+
+-``-device vfio-amd-xgbe`` (since 10.0)
+-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+-The vfio-amd-xgbe device allows to assign a host AMD 10GbE controller
+-to a guest ("amd,xgbe-seattle-v1a" compatibility string). AMD "Seattle"
+-is not supported anymore and there is no point keeping that device.
+-
+ ``-device vfio-platform`` (since 10.0)
+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ The vfio-platform device allows to assign a host platform device
+diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
+index d7c2113fc3..759c067412 100644
+--- a/docs/about/removed-features.rst
++++ b/docs/about/removed-features.rst
+@@ -1262,6 +1262,15 @@ The corresponding upstream server project is no longer maintained.
+ Users are recommended to switch to an alternative distributed block
+ device driver such as RBD.
+
++VFIO devices
++------------
++
++``-device vfio-amd-xgbe`` (since 10.2)
++''''''''''''''''''''''''''''''''''''''
++The vfio-amd-xgbe device allows to assign a host AMD 10GbE controller
++to a guest ("amd,xgbe-seattle-v1a" compatibility string). AMD "Seattle"
++is not supported anymore and there is no point keeping that device.
++
+ Tools
+ -----
+
+diff --git a/docs/devel/kconfig.rst b/docs/devel/kconfig.rst
+index 493b76c4fb..9fdf501529 100644
+--- a/docs/devel/kconfig.rst
++++ b/docs/devel/kconfig.rst
+@@ -59,7 +59,6 @@ stanza like the following::
+ config ARM_VIRT
+ bool
+ imply PCI_DEVICES
+- imply VFIO_AMD_XGBE
+ imply VFIO_XGMAC
+ select A15MPCORE
+ select ACPI
+diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
+index 2aa4b5d778..64b2ec87b5 100644
+--- a/hw/arm/Kconfig
++++ b/hw/arm/Kconfig
+@@ -5,7 +5,6 @@ config ARM_VIRT
+ depends on TCG || KVM || HVF
+ imply PCI_DEVICES
+ imply TEST_DEVICES
+- imply VFIO_AMD_XGBE
+ imply VFIO_PLATFORM
+ imply VFIO_XGMAC
+ imply TPM_TIS_SYSBUS
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index 752dc08720..c0292a3899 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -39,7 +39,6 @@
+ #include "hw/arm/virt.h"
+ #include "hw/block/flash.h"
+ #include "hw/vfio/vfio-calxeda-xgmac.h"
+-#include "hw/vfio/vfio-amd-xgbe.h"
+ #include "hw/display/ramfb.h"
+ #include "net/net.h"
+ #include "system/device_tree.h"
+@@ -3324,7 +3323,6 @@ static void virt_machine_class_init(ObjectClass *oc, const void *data)
+ mc->max_cpus = 384;
+ #if 0 /* Disabled for Red Hat Enterprise Linux */
+ machine_class_allow_dynamic_sysbus_dev(mc, TYPE_VFIO_CALXEDA_XGMAC);
+- machine_class_allow_dynamic_sysbus_dev(mc, TYPE_VFIO_AMD_XGBE);
+ machine_class_allow_dynamic_sysbus_dev(mc, TYPE_VFIO_PLATFORM);
+ #endif
+ machine_class_allow_dynamic_sysbus_dev(mc, TYPE_RAMFB_DEVICE);
+diff --git a/hw/core/sysbus-fdt.c b/hw/core/sysbus-fdt.c
+index 673e083d31..0caffe4845 100644
+--- a/hw/core/sysbus-fdt.c
++++ b/hw/core/sysbus-fdt.c
+@@ -35,7 +35,6 @@
+ #include "hw/platform-bus.h"
+ #include "hw/vfio/vfio-platform.h"
+ #include "hw/vfio/vfio-calxeda-xgmac.h"
+-#include "hw/vfio/vfio-amd-xgbe.h"
+ #include "hw/vfio/vfio-region.h"
+ #include "hw/display/ramfb.h"
+ #include "hw/uefi/var-service-api.h"
+@@ -69,142 +68,6 @@ typedef struct HostProperty {
+
+ #ifdef CONFIG_LINUX
+
+-/**
+- * copy_properties_from_host
+- *
+- * copies properties listed in an array from host device tree to
+- * guest device tree. If a non optional property is not found, the
+- * function asserts. An optional property is ignored if not found
+- * in the host device tree.
+- * @props: array of HostProperty to copy
+- * @nb_props: number of properties in the array
+- * @host_dt: host device tree blob
+- * @guest_dt: guest device tree blob
+- * @node_path: host dt node path where the property is supposed to be
+- found
+- * @nodename: guest node name the properties should be added to
+- */
+-static void copy_properties_from_host(HostProperty *props, int nb_props,
+- void *host_fdt, void *guest_fdt,
+- char *node_path, char *nodename)
+-{
+- int i, prop_len;
+- const void *r;
+- Error *err = NULL;
+-
+- for (i = 0; i < nb_props; i++) {
+- r = qemu_fdt_getprop(host_fdt, node_path,
+- props[i].name,
+- &prop_len,
+- &err);
+- if (r) {
+- qemu_fdt_setprop(guest_fdt, nodename,
+- props[i].name, r, prop_len);
+- } else {
+- if (props[i].optional && prop_len == -FDT_ERR_NOTFOUND) {
+- /* optional property does not exist */
+- error_free(err);
+- } else {
+- error_report_err(err);
+- }
+- if (!props[i].optional) {
+- /* mandatory property not found: bail out */
+- exit(1);
+- }
+- err = NULL;
+- }
+- }
+-}
+-
+-/* clock properties whose values are copied/pasted from host */
+-static HostProperty clock_copied_properties[] = {
+- {"compatible", false},
+- {"#clock-cells", false},
+- {"clock-frequency", true},
+- {"clock-output-names", true},
+-};
+-
+-/**
+- * fdt_build_clock_node
+- *
+- * Build a guest clock node, used as a dependency from a passthrough'ed
+- * device. Most information are retrieved from the host clock node.
+- * Also check the host clock is a fixed one.
+- *
+- * @host_fdt: host device tree blob from which info are retrieved
+- * @guest_fdt: guest device tree blob where the clock node is added
+- * @host_phandle: phandle of the clock in host device tree
+- * @guest_phandle: phandle to assign to the guest node
+- */
+-static void fdt_build_clock_node(void *host_fdt, void *guest_fdt,
+- uint32_t host_phandle,
+- uint32_t guest_phandle)
+-{
+- char *node_path = NULL;
+- char *nodename;
+- const void *r;
+- int ret, node_offset, prop_len, path_len = 16;
+-
+- node_offset = fdt_node_offset_by_phandle(host_fdt, host_phandle);
+- if (node_offset <= 0) {
+- error_report("not able to locate clock handle %d in host device tree",
+- host_phandle);
+- exit(1);
+- }
+- node_path = g_malloc(path_len);
+- while ((ret = fdt_get_path(host_fdt, node_offset, node_path, path_len))
+- == -FDT_ERR_NOSPACE) {
+- path_len += 16;
+- node_path = g_realloc(node_path, path_len);
+- }
+- if (ret < 0) {
+- error_report("not able to retrieve node path for clock handle %d",
+- host_phandle);
+- exit(1);
+- }
+-
+- r = qemu_fdt_getprop(host_fdt, node_path, "compatible", &prop_len,
+- &error_fatal);
+- if (strcmp(r, "fixed-clock")) {
+- error_report("clock handle %d is not a fixed clock", host_phandle);
+- exit(1);
+- }
+-
+- nodename = strrchr(node_path, '/');
+- qemu_fdt_add_subnode(guest_fdt, nodename);
+-
+- copy_properties_from_host(clock_copied_properties,
+- ARRAY_SIZE(clock_copied_properties),
+- host_fdt, guest_fdt,
+- node_path, nodename);
+-
+- qemu_fdt_setprop_cell(guest_fdt, nodename, "phandle", guest_phandle);
+-
+- g_free(node_path);
+-}
+-
+-/**
+- * sysfs_to_dt_name: convert the name found in sysfs into the node name
+- * for instance e0900000.xgmac is converted into xgmac@e0900000
+- * @sysfs_name: directory name in sysfs
+- *
+- * returns the device tree name upon success or NULL in case the sysfs name
+- * does not match the expected format
+- */
+-static char *sysfs_to_dt_name(const char *sysfs_name)
+-{
+- gchar **substrings = g_strsplit(sysfs_name, ".", 2);
+- char *dt_name = NULL;
+-
+- if (!substrings || !substrings[0] || !substrings[1]) {
+- goto out;
+- }
+- dt_name = g_strdup_printf("%s@%s", substrings[1], substrings[0]);
+-out:
+- g_strfreev(substrings);
+- return dt_name;
+-}
+-
+ /* Device Specific Code */
+
+ /**
+@@ -263,182 +126,6 @@ static int add_calxeda_midway_xgmac_fdt_node(SysBusDevice *sbdev, void *opaque)
+ return 0;
+ }
+
+-/* AMD xgbe properties whose values are copied/pasted from host */
+-static HostProperty amd_xgbe_copied_properties[] = {
+- {"compatible", false},
+- {"dma-coherent", true},
+- {"amd,per-channel-interrupt", true},
+- {"phy-mode", false},
+- {"mac-address", true},
+- {"amd,speed-set", false},
+- {"amd,serdes-blwc", true},
+- {"amd,serdes-cdr-rate", true},
+- {"amd,serdes-pq-skew", true},
+- {"amd,serdes-tx-amp", true},
+- {"amd,serdes-dfe-tap-config", true},
+- {"amd,serdes-dfe-tap-enable", true},
+- {"clock-names", false},
+-};
+-
+-/**
+- * add_amd_xgbe_fdt_node
+- *
+- * Generates the combined xgbe/phy node following kernel >=4.2
+- * binding documentation:
+- * Documentation/devicetree/bindings/net/amd-xgbe.txt:
+- * Also 2 clock nodes are created (dma and ptp)
+- *
+- * Asserts in case of error
+- */
+-static int add_amd_xgbe_fdt_node(SysBusDevice *sbdev, void *opaque)
+-{
+- PlatformBusFDTData *data = opaque;
+- PlatformBusDevice *pbus = data->pbus;
+- VFIOPlatformDevice *vdev = VFIO_PLATFORM_DEVICE(sbdev);
+- VFIODevice *vbasedev = &vdev->vbasedev;
+- VFIOINTp *intp;
+- const char *parent_node = data->pbus_node_name;
+- char **node_path, *nodename, *dt_name;
+- void *guest_fdt = data->fdt, *host_fdt;
+- const void *r;
+- int i, prop_len;
+- uint32_t *irq_attr, *reg_attr;
+- const uint32_t *host_clock_phandles;
+- uint64_t mmio_base, irq_number;
+- uint32_t guest_clock_phandles[2];
+-
+- host_fdt = load_device_tree_from_sysfs();
+-
+- dt_name = sysfs_to_dt_name(vbasedev->name);
+- if (!dt_name) {
+- error_report("%s incorrect sysfs device name %s",
+- __func__, vbasedev->name);
+- exit(1);
+- }
+- node_path = qemu_fdt_node_path(host_fdt, dt_name, vdev->compat,
+- &error_fatal);
+- if (!node_path || !node_path[0]) {
+- error_report("%s unable to retrieve node path for %s/%s",
+- __func__, dt_name, vdev->compat);
+- exit(1);
+- }
+-
+- if (node_path[1]) {
+- error_report("%s more than one node matching %s/%s!",
+- __func__, dt_name, vdev->compat);
+- exit(1);
+- }
+-
+- g_free(dt_name);
+-
+- if (vbasedev->num_initial_regions != 5) {
+- error_report("%s Does the host dt node combine XGBE/PHY?", __func__);
+- exit(1);
+- }
+-
+- /* generate nodes for DMA_CLK and PTP_CLK */
+- r = qemu_fdt_getprop(host_fdt, node_path[0], "clocks",
+- &prop_len, &error_fatal);
+- if (prop_len != 8) {
+- error_report("%s clocks property should contain 2 handles", __func__);
+- exit(1);
+- }
+- host_clock_phandles = r;
+- guest_clock_phandles[0] = qemu_fdt_alloc_phandle(guest_fdt);
+- guest_clock_phandles[1] = qemu_fdt_alloc_phandle(guest_fdt);
+-
+- /**
+- * clock handles fetched from host dt are in be32 layout whereas
+- * rest of the code uses cpu layout. Also guest clock handles are
+- * in cpu layout.
+- */
+- fdt_build_clock_node(host_fdt, guest_fdt,
+- be32_to_cpu(host_clock_phandles[0]),
+- guest_clock_phandles[0]);
+-
+- fdt_build_clock_node(host_fdt, guest_fdt,
+- be32_to_cpu(host_clock_phandles[1]),
+- guest_clock_phandles[1]);
+-
+- /* combined XGBE/PHY node */
+- mmio_base = platform_bus_get_mmio_addr(pbus, sbdev, 0);
+- nodename = g_strdup_printf("%s/%s@%" PRIx64, parent_node,
+- vbasedev->name, mmio_base);
+- qemu_fdt_add_subnode(guest_fdt, nodename);
+-
+- copy_properties_from_host(amd_xgbe_copied_properties,
+- ARRAY_SIZE(amd_xgbe_copied_properties),
+- host_fdt, guest_fdt,
+- node_path[0], nodename);
+-
+- qemu_fdt_setprop_cells(guest_fdt, nodename, "clocks",
+- guest_clock_phandles[0],
+- guest_clock_phandles[1]);
+-
+- reg_attr = g_new(uint32_t, vbasedev->num_initial_regions * 2);
+- for (i = 0; i < vbasedev->num_initial_regions; i++) {
+- mmio_base = platform_bus_get_mmio_addr(pbus, sbdev, i);
+- reg_attr[2 * i] = cpu_to_be32(mmio_base);
+- reg_attr[2 * i + 1] = cpu_to_be32(
+- memory_region_size(vdev->regions[i]->mem));
+- }
+- qemu_fdt_setprop(guest_fdt, nodename, "reg", reg_attr,
+- vbasedev->num_initial_regions * 2 * sizeof(uint32_t));
+-
+- irq_attr = g_new(uint32_t, vbasedev->num_irqs * 3);
+- for (i = 0; i < vbasedev->num_irqs; i++) {
+- irq_number = platform_bus_get_irqn(pbus, sbdev , i)
+- + data->irq_start;
+- irq_attr[3 * i] = cpu_to_be32(GIC_FDT_IRQ_TYPE_SPI);
+- irq_attr[3 * i + 1] = cpu_to_be32(irq_number);
+- /*
+- * General device interrupt and PCS auto-negotiation interrupts are
+- * level-sensitive while the 4 per-channel interrupts are edge
+- * sensitive
+- */
+- QLIST_FOREACH(intp, &vdev->intp_list, next) {
+- if (intp->pin == i) {
+- break;
+- }
+- }
+- if (intp->flags & VFIO_IRQ_INFO_AUTOMASKED) {
+- irq_attr[3 * i + 2] = cpu_to_be32(GIC_FDT_IRQ_FLAGS_LEVEL_HI);
+- } else {
+- irq_attr[3 * i + 2] = cpu_to_be32(GIC_FDT_IRQ_FLAGS_EDGE_LO_HI);
+- }
+- }
+- qemu_fdt_setprop(guest_fdt, nodename, "interrupts",
+- irq_attr, vbasedev->num_irqs * 3 * sizeof(uint32_t));
+-
+- g_free(host_fdt);
+- g_strfreev(node_path);
+- g_free(irq_attr);
+- g_free(reg_attr);
+- g_free(nodename);
+- return 0;
+-}
+-
+-/* DT compatible matching */
+-static bool vfio_platform_match(SysBusDevice *sbdev,
+- const BindingEntry *entry)
+-{
+- VFIOPlatformDevice *vdev = VFIO_PLATFORM_DEVICE(sbdev);
+- const char *compat;
+- unsigned int n;
+-
+- for (n = vdev->num_compat, compat = vdev->compat; n > 0;
+- n--, compat += strlen(compat) + 1) {
+- if (!strcmp(entry->compat, compat)) {
+- return true;
+- }
+- }
+-
+- return false;
+-}
+-
+-#define VFIO_PLATFORM_BINDING(compat, add_fn) \
+- {TYPE_VFIO_PLATFORM, (compat), (add_fn), vfio_platform_match}
+-
+ #endif /* CONFIG_LINUX */
+
+ #ifdef CONFIG_TPM
+@@ -513,8 +200,6 @@ static bool type_match(SysBusDevice *sbdev, const BindingEntry *entry)
+ static const BindingEntry bindings[] = {
+ #ifdef CONFIG_LINUX
+ TYPE_BINDING(TYPE_VFIO_CALXEDA_XGMAC, add_calxeda_midway_xgmac_fdt_node),
+- TYPE_BINDING(TYPE_VFIO_AMD_XGBE, add_amd_xgbe_fdt_node),
+- VFIO_PLATFORM_BINDING("amd,xgbe-seattle-v1a", add_amd_xgbe_fdt_node),
+ #endif
+ #ifdef CONFIG_TPM
+ TYPE_BINDING(TYPE_TPM_TIS_SYSBUS, add_tpm_tis_fdt_node),
+diff --git a/hw/vfio/Kconfig b/hw/vfio/Kconfig
+index 91d9023b79..bc984f1986 100644
+--- a/hw/vfio/Kconfig
++++ b/hw/vfio/Kconfig
+@@ -28,11 +28,6 @@ config VFIO_XGMAC
+ default y
+ depends on VFIO_PLATFORM
+
+-config VFIO_AMD_XGBE
+- bool
+- default y
+- depends on VFIO_PLATFORM
+-
+ config VFIO_AP
+ bool
+ default y
+diff --git a/hw/vfio/amd-xgbe.c b/hw/vfio/amd-xgbe.c
+deleted file mode 100644
+index 58f590e385..0000000000
+--- a/hw/vfio/amd-xgbe.c
++++ /dev/null
+@@ -1,61 +0,0 @@
+-/*
+- * AMD XGBE VFIO device
+- *
+- * Copyright Linaro Limited, 2015
+- *
+- * Authors:
+- * Eric Auger <eric.auger@linaro.org>
+- *
+- * This work is licensed under the terms of the GNU GPL, version 2. See
+- * the COPYING file in the top-level directory.
+- *
+- */
+-
+-#include "qemu/osdep.h"
+-#include "hw/vfio/vfio-amd-xgbe.h"
+-#include "migration/vmstate.h"
+-#include "qemu/module.h"
+-#include "qemu/error-report.h"
+-
+-static void amd_xgbe_realize(DeviceState *dev, Error **errp)
+-{
+- VFIOPlatformDevice *vdev = VFIO_PLATFORM_DEVICE(dev);
+- VFIOAmdXgbeDeviceClass *k = VFIO_AMD_XGBE_DEVICE_GET_CLASS(dev);
+-
+- warn_report("-device vfio-amd-xgbe is deprecated");
+- vdev->compat = g_strdup("amd,xgbe-seattle-v1a");
+- vdev->num_compat = 1;
+-
+- k->parent_realize(dev, errp);
+-}
+-
+-static const VMStateDescription vfio_platform_amd_xgbe_vmstate = {
+- .name = "vfio-amd-xgbe",
+- .unmigratable = 1,
+-};
+-
+-static void vfio_amd_xgbe_class_init(ObjectClass *klass, const void *data)
+-{
+- DeviceClass *dc = DEVICE_CLASS(klass);
+- VFIOAmdXgbeDeviceClass *vcxc =
+- VFIO_AMD_XGBE_DEVICE_CLASS(klass);
+- device_class_set_parent_realize(dc, amd_xgbe_realize,
+- &vcxc->parent_realize);
+- dc->desc = "VFIO AMD XGBE";
+- dc->vmsd = &vfio_platform_amd_xgbe_vmstate;
+-}
+-
+-static const TypeInfo vfio_amd_xgbe_dev_info = {
+- .name = TYPE_VFIO_AMD_XGBE,
+- .parent = TYPE_VFIO_PLATFORM,
+- .instance_size = sizeof(VFIOAmdXgbeDevice),
+- .class_init = vfio_amd_xgbe_class_init,
+- .class_size = sizeof(VFIOAmdXgbeDeviceClass),
+-};
+-
+-static void register_amd_xgbe_dev_type(void)
+-{
+- type_register_static(&vfio_amd_xgbe_dev_info);
+-}
+-
+-type_init(register_amd_xgbe_dev_type)
+diff --git a/hw/vfio/meson.build b/hw/vfio/meson.build
+index bfaf6be805..0edcaf5155 100644
+--- a/hw/vfio/meson.build
++++ b/hw/vfio/meson.build
+@@ -20,7 +20,6 @@ vfio_ss.add(when: 'CONFIG_VFIO_IGD', if_true: files('igd.c'))
+ specific_ss.add_all(when: 'CONFIG_VFIO', if_true: vfio_ss)
+
+ system_ss.add(when: 'CONFIG_VFIO_XGMAC', if_true: files('calxeda-xgmac.c'))
+-system_ss.add(when: 'CONFIG_VFIO_AMD_XGBE', if_true: files('amd-xgbe.c'))
+ system_ss.add(when: 'CONFIG_VFIO', if_true: files(
+ 'cpr.c',
+ 'cpr-legacy.c',
+diff --git a/include/hw/vfio/vfio-amd-xgbe.h b/include/hw/vfio/vfio-amd-xgbe.h
+deleted file mode 100644
+index a894546c02..0000000000
+--- a/include/hw/vfio/vfio-amd-xgbe.h
++++ /dev/null
+@@ -1,46 +0,0 @@
+-/*
+- * VFIO AMD XGBE device
+- *
+- * Copyright Linaro Limited, 2015
+- *
+- * Authors:
+- * Eric Auger <eric.auger@linaro.org>
+- *
+- * This work is licensed under the terms of the GNU GPL, version 2. See
+- * the COPYING file in the top-level directory.
+- *
+- */
+-
+-#ifndef HW_VFIO_VFIO_AMD_XGBE_H
+-#define HW_VFIO_VFIO_AMD_XGBE_H
+-
+-#include "hw/vfio/vfio-platform.h"
+-#include "qom/object.h"
+-
+-#define TYPE_VFIO_AMD_XGBE "vfio-amd-xgbe"
+-
+-/**
+- * This device exposes:
+- * - 5 MMIO regions: MAC, PCS, SerDes Rx/Tx regs,
+- SerDes Integration Registers 1/2 & 2/2
+- * - 2 level sensitive IRQs and optional DMA channel IRQs
+- */
+-struct VFIOAmdXgbeDevice {
+- VFIOPlatformDevice vdev;
+-};
+-
+-typedef struct VFIOAmdXgbeDevice VFIOAmdXgbeDevice;
+-
+-struct VFIOAmdXgbeDeviceClass {
+- /*< private >*/
+- VFIOPlatformDeviceClass parent_class;
+- /*< public >*/
+- DeviceRealize parent_realize;
+-};
+-
+-typedef struct VFIOAmdXgbeDeviceClass VFIOAmdXgbeDeviceClass;
+-
+-DECLARE_OBJ_CHECKERS(VFIOAmdXgbeDevice, VFIOAmdXgbeDeviceClass,
+- VFIO_AMD_XGBE_DEVICE, TYPE_VFIO_AMD_XGBE)
+-
+-#endif
+--
+2.52.0
+
diff --git a/kvm-vfio-Remove-vfio-calxeda-xgmac-device.patch b/kvm-vfio-Remove-vfio-calxeda-xgmac-device.patch
new file mode 100644
index 0000000..b841ecb
--- /dev/null
+++ b/kvm-vfio-Remove-vfio-calxeda-xgmac-device.patch
@@ -0,0 +1,366 @@
+From c752372d16d3b2d95921c75263f7e119f6bf7c09 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com>
+Date: Mon, 1 Sep 2025 08:46:29 +0200
+Subject: [PATCH 021/116] vfio: Remove 'vfio-calxeda-xgmac' device
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [5/100] 22237c22b8adb8293ae79327fabe6359bedc010d (rovick1/qemu-kvm)
+
+Conflicts:
+ hw/arm/virt.c: due to the downstream-only code in #if 0
+ hw/core/sysbus-fdt.c: downstream 60e7ac0c41c2 ("vfio: rename
+ field to "num_initial_regions") touches sysbus-fdt.c. Anyway that code
+ is removed
+
+The VFIO_XGMAC device type has been deprecated in the QEMU 10.0
+timeframe. Remove it.
+
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250901064631.530723-7-clg@redhat.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 8ebc416ac17a71aec267df1ca5cb5301cc6c4906)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ docs/about/deprecated.rst | 7 ---
+ docs/about/removed-features.rst | 7 +++
+ docs/devel/kconfig.rst | 1 -
+ hw/arm/Kconfig | 1 -
+ hw/arm/virt.c | 3 +-
+ hw/core/sysbus-fdt.c | 68 ----------------------------
+ hw/vfio/Kconfig | 5 --
+ hw/vfio/calxeda-xgmac.c | 61 -------------------------
+ hw/vfio/meson.build | 1 -
+ include/hw/vfio/vfio-calxeda-xgmac.h | 43 ------------------
+ 10 files changed, 8 insertions(+), 189 deletions(-)
+ delete mode 100644 hw/vfio/calxeda-xgmac.c
+ delete mode 100644 include/hw/vfio/vfio-calxeda-xgmac.h
+
+diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
+index 631871ffc8..0df97eb2b7 100644
+--- a/docs/about/deprecated.rst
++++ b/docs/about/deprecated.rst
+@@ -519,13 +519,6 @@ which is not enough for all types of use cases, use ``reconnect-ms`` instead.
+ VFIO device options
+ '''''''''''''''''''
+
+-``-device vfio-calxeda-xgmac`` (since 10.0)
+-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+-The vfio-calxeda-xgmac device allows to assign a host Calxeda Highbank
+-10Gb XGMAC Ethernet controller device ("calxeda,hb-xgmac" compatibility
+-string) to a guest. Calxeda HW has been ewasted now and there is no point
+-keeping that device.
+-
+ ``-device vfio-platform`` (since 10.0)
+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ The vfio-platform device allows to assign a host platform device
+diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
+index 759c067412..47e632b4ac 100644
+--- a/docs/about/removed-features.rst
++++ b/docs/about/removed-features.rst
+@@ -1265,6 +1265,13 @@ device driver such as RBD.
+ VFIO devices
+ ------------
+
++``-device vfio-calxeda-xgmac`` (since 10.2)
++'''''''''''''''''''''''''''''''''''''''''''
++The vfio-calxeda-xgmac device allows to assign a host Calxeda Highbank
++10Gb XGMAC Ethernet controller device ("calxeda,hb-xgmac" compatibility
++string) to a guest. Calxeda HW has been ewasted now and there is no point
++keeping that device.
++
+ ``-device vfio-amd-xgbe`` (since 10.2)
+ ''''''''''''''''''''''''''''''''''''''
+ The vfio-amd-xgbe device allows to assign a host AMD 10GbE controller
+diff --git a/docs/devel/kconfig.rst b/docs/devel/kconfig.rst
+index 9fdf501529..1d4a114a02 100644
+--- a/docs/devel/kconfig.rst
++++ b/docs/devel/kconfig.rst
+@@ -59,7 +59,6 @@ stanza like the following::
+ config ARM_VIRT
+ bool
+ imply PCI_DEVICES
+- imply VFIO_XGMAC
+ select A15MPCORE
+ select ACPI
+ select ARM_SMMUV3
+diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
+index 64b2ec87b5..3fca48349a 100644
+--- a/hw/arm/Kconfig
++++ b/hw/arm/Kconfig
+@@ -6,7 +6,6 @@ config ARM_VIRT
+ imply PCI_DEVICES
+ imply TEST_DEVICES
+ imply VFIO_PLATFORM
+- imply VFIO_XGMAC
+ imply TPM_TIS_SYSBUS
+ imply TPM_TIS_I2C
+ imply NVDIMM
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index c0292a3899..2a399e468c 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -38,7 +38,7 @@
+ #include "hw/arm/primecell.h"
+ #include "hw/arm/virt.h"
+ #include "hw/block/flash.h"
+-#include "hw/vfio/vfio-calxeda-xgmac.h"
++#include "hw/vfio/vfio-platform.h"
+ #include "hw/display/ramfb.h"
+ #include "net/net.h"
+ #include "system/device_tree.h"
+@@ -3322,7 +3322,6 @@ static void virt_machine_class_init(ObjectClass *oc, const void *data)
+ /* Maximum supported VCPU count for all virt-rhel* machines */
+ mc->max_cpus = 384;
+ #if 0 /* Disabled for Red Hat Enterprise Linux */
+- machine_class_allow_dynamic_sysbus_dev(mc, TYPE_VFIO_CALXEDA_XGMAC);
+ machine_class_allow_dynamic_sysbus_dev(mc, TYPE_VFIO_PLATFORM);
+ #endif
+ machine_class_allow_dynamic_sysbus_dev(mc, TYPE_RAMFB_DEVICE);
+diff --git a/hw/core/sysbus-fdt.c b/hw/core/sysbus-fdt.c
+index 0caffe4845..59f1d17de1 100644
+--- a/hw/core/sysbus-fdt.c
++++ b/hw/core/sysbus-fdt.c
+@@ -33,9 +33,6 @@
+ #include "system/tpm.h"
+ #include "hw/arm/smmuv3.h"
+ #include "hw/platform-bus.h"
+-#include "hw/vfio/vfio-platform.h"
+-#include "hw/vfio/vfio-calxeda-xgmac.h"
+-#include "hw/vfio/vfio-region.h"
+ #include "hw/display/ramfb.h"
+ #include "hw/uefi/var-service-api.h"
+ #include "hw/arm/fdt.h"
+@@ -66,68 +63,6 @@ typedef struct HostProperty {
+ bool optional;
+ } HostProperty;
+
+-#ifdef CONFIG_LINUX
+-
+-/* Device Specific Code */
+-
+-/**
+- * add_calxeda_midway_xgmac_fdt_node
+- *
+- * Generates a simple node with following properties:
+- * compatible string, regs, interrupts, dma-coherent
+- */
+-static int add_calxeda_midway_xgmac_fdt_node(SysBusDevice *sbdev, void *opaque)
+-{
+- PlatformBusFDTData *data = opaque;
+- PlatformBusDevice *pbus = data->pbus;
+- void *fdt = data->fdt;
+- const char *parent_node = data->pbus_node_name;
+- int compat_str_len, i;
+- char *nodename;
+- uint32_t *irq_attr, *reg_attr;
+- uint64_t mmio_base, irq_number;
+- VFIOPlatformDevice *vdev = VFIO_PLATFORM_DEVICE(sbdev);
+- VFIODevice *vbasedev = &vdev->vbasedev;
+-
+- mmio_base = platform_bus_get_mmio_addr(pbus, sbdev, 0);
+- nodename = g_strdup_printf("%s/%s@%" PRIx64, parent_node,
+- vbasedev->name, mmio_base);
+- qemu_fdt_add_subnode(fdt, nodename);
+-
+- compat_str_len = strlen(vdev->compat) + 1;
+- qemu_fdt_setprop(fdt, nodename, "compatible",
+- vdev->compat, compat_str_len);
+-
+- qemu_fdt_setprop(fdt, nodename, "dma-coherent", "", 0);
+-
+- reg_attr = g_new(uint32_t, vbasedev->num_initial_regions * 2);
+- for (i = 0; i < vbasedev->num_initial_regions; i++) {
+- mmio_base = platform_bus_get_mmio_addr(pbus, sbdev, i);
+- reg_attr[2 * i] = cpu_to_be32(mmio_base);
+- reg_attr[2 * i + 1] = cpu_to_be32(
+- memory_region_size(vdev->regions[i]->mem));
+- }
+- qemu_fdt_setprop(fdt, nodename, "reg", reg_attr,
+- vbasedev->num_initial_regions * 2 * sizeof(uint32_t));
+-
+- irq_attr = g_new(uint32_t, vbasedev->num_irqs * 3);
+- for (i = 0; i < vbasedev->num_irqs; i++) {
+- irq_number = platform_bus_get_irqn(pbus, sbdev , i)
+- + data->irq_start;
+- irq_attr[3 * i] = cpu_to_be32(GIC_FDT_IRQ_TYPE_SPI);
+- irq_attr[3 * i + 1] = cpu_to_be32(irq_number);
+- irq_attr[3 * i + 2] = cpu_to_be32(GIC_FDT_IRQ_FLAGS_LEVEL_HI);
+- }
+- qemu_fdt_setprop(fdt, nodename, "interrupts",
+- irq_attr, vbasedev->num_irqs * 3 * sizeof(uint32_t));
+- g_free(irq_attr);
+- g_free(reg_attr);
+- g_free(nodename);
+- return 0;
+-}
+-
+-#endif /* CONFIG_LINUX */
+-
+ #ifdef CONFIG_TPM
+ /*
+ * add_tpm_tis_fdt_node: Create a DT node for TPM TIS
+@@ -198,9 +133,6 @@ static bool type_match(SysBusDevice *sbdev, const BindingEntry *entry)
+
+ /* list of supported dynamic sysbus bindings */
+ static const BindingEntry bindings[] = {
+-#ifdef CONFIG_LINUX
+- TYPE_BINDING(TYPE_VFIO_CALXEDA_XGMAC, add_calxeda_midway_xgmac_fdt_node),
+-#endif
+ #ifdef CONFIG_TPM
+ TYPE_BINDING(TYPE_TPM_TIS_SYSBUS, add_tpm_tis_fdt_node),
+ #endif
+diff --git a/hw/vfio/Kconfig b/hw/vfio/Kconfig
+index bc984f1986..9a1dbe2926 100644
+--- a/hw/vfio/Kconfig
++++ b/hw/vfio/Kconfig
+@@ -23,11 +23,6 @@ config VFIO_PLATFORM
+ select VFIO
+ depends on LINUX && PLATFORM_BUS
+
+-config VFIO_XGMAC
+- bool
+- default y
+- depends on VFIO_PLATFORM
+-
+ config VFIO_AP
+ bool
+ default y
+diff --git a/hw/vfio/calxeda-xgmac.c b/hw/vfio/calxeda-xgmac.c
+deleted file mode 100644
+index 03f2ff5763..0000000000
+--- a/hw/vfio/calxeda-xgmac.c
++++ /dev/null
+@@ -1,61 +0,0 @@
+-/*
+- * calxeda xgmac VFIO device
+- *
+- * Copyright Linaro Limited, 2014
+- *
+- * Authors:
+- * Eric Auger <eric.auger@linaro.org>
+- *
+- * This work is licensed under the terms of the GNU GPL, version 2. See
+- * the COPYING file in the top-level directory.
+- *
+- */
+-
+-#include "qemu/osdep.h"
+-#include "hw/vfio/vfio-calxeda-xgmac.h"
+-#include "migration/vmstate.h"
+-#include "qemu/module.h"
+-#include "qemu/error-report.h"
+-
+-static void calxeda_xgmac_realize(DeviceState *dev, Error **errp)
+-{
+- VFIOPlatformDevice *vdev = VFIO_PLATFORM_DEVICE(dev);
+- VFIOCalxedaXgmacDeviceClass *k = VFIO_CALXEDA_XGMAC_DEVICE_GET_CLASS(dev);
+-
+- warn_report("-device vfio-calxeda-xgmac is deprecated");
+- vdev->compat = g_strdup("calxeda,hb-xgmac");
+- vdev->num_compat = 1;
+-
+- k->parent_realize(dev, errp);
+-}
+-
+-static const VMStateDescription vfio_platform_calxeda_xgmac_vmstate = {
+- .name = "vfio-calxeda-xgmac",
+- .unmigratable = 1,
+-};
+-
+-static void vfio_calxeda_xgmac_class_init(ObjectClass *klass, const void *data)
+-{
+- DeviceClass *dc = DEVICE_CLASS(klass);
+- VFIOCalxedaXgmacDeviceClass *vcxc =
+- VFIO_CALXEDA_XGMAC_DEVICE_CLASS(klass);
+- device_class_set_parent_realize(dc, calxeda_xgmac_realize,
+- &vcxc->parent_realize);
+- dc->desc = "VFIO Calxeda XGMAC";
+- dc->vmsd = &vfio_platform_calxeda_xgmac_vmstate;
+-}
+-
+-static const TypeInfo vfio_calxeda_xgmac_dev_info = {
+- .name = TYPE_VFIO_CALXEDA_XGMAC,
+- .parent = TYPE_VFIO_PLATFORM,
+- .instance_size = sizeof(VFIOCalxedaXgmacDevice),
+- .class_init = vfio_calxeda_xgmac_class_init,
+- .class_size = sizeof(VFIOCalxedaXgmacDeviceClass),
+-};
+-
+-static void register_calxeda_xgmac_dev_type(void)
+-{
+- type_register_static(&vfio_calxeda_xgmac_dev_info);
+-}
+-
+-type_init(register_calxeda_xgmac_dev_type)
+diff --git a/hw/vfio/meson.build b/hw/vfio/meson.build
+index 0edcaf5155..06473a0789 100644
+--- a/hw/vfio/meson.build
++++ b/hw/vfio/meson.build
+@@ -19,7 +19,6 @@ vfio_ss.add(when: 'CONFIG_VFIO_IGD', if_true: files('igd.c'))
+
+ specific_ss.add_all(when: 'CONFIG_VFIO', if_true: vfio_ss)
+
+-system_ss.add(when: 'CONFIG_VFIO_XGMAC', if_true: files('calxeda-xgmac.c'))
+ system_ss.add(when: 'CONFIG_VFIO', if_true: files(
+ 'cpr.c',
+ 'cpr-legacy.c',
+diff --git a/include/hw/vfio/vfio-calxeda-xgmac.h b/include/hw/vfio/vfio-calxeda-xgmac.h
+deleted file mode 100644
+index 8482f151dd..0000000000
+--- a/include/hw/vfio/vfio-calxeda-xgmac.h
++++ /dev/null
+@@ -1,43 +0,0 @@
+-/*
+- * VFIO calxeda xgmac device
+- *
+- * Copyright Linaro Limited, 2014
+- *
+- * Authors:
+- * Eric Auger <eric.auger@linaro.org>
+- *
+- * This work is licensed under the terms of the GNU GPL, version 2. See
+- * the COPYING file in the top-level directory.
+- *
+- */
+-
+-#ifndef HW_VFIO_VFIO_CALXEDA_XGMAC_H
+-#define HW_VFIO_VFIO_CALXEDA_XGMAC_H
+-
+-#include "hw/vfio/vfio-platform.h"
+-#include "qom/object.h"
+-
+-#define TYPE_VFIO_CALXEDA_XGMAC "vfio-calxeda-xgmac"
+-
+-/**
+- * This device exposes:
+- * - a single MMIO region corresponding to its register space
+- * - 3 IRQS (main and 2 power related IRQs)
+- */
+-struct VFIOCalxedaXgmacDevice {
+- VFIOPlatformDevice vdev;
+-};
+-typedef struct VFIOCalxedaXgmacDevice VFIOCalxedaXgmacDevice;
+-
+-struct VFIOCalxedaXgmacDeviceClass {
+- /*< private >*/
+- VFIOPlatformDeviceClass parent_class;
+- /*< public >*/
+- DeviceRealize parent_realize;
+-};
+-typedef struct VFIOCalxedaXgmacDeviceClass VFIOCalxedaXgmacDeviceClass;
+-
+-DECLARE_OBJ_CHECKERS(VFIOCalxedaXgmacDevice, VFIOCalxedaXgmacDeviceClass,
+- VFIO_CALXEDA_XGMAC_DEVICE, TYPE_VFIO_CALXEDA_XGMAC)
+-
+-#endif
+--
+2.52.0
+
diff --git a/kvm-vfio-Remove-vfio-platform.patch b/kvm-vfio-Remove-vfio-platform.patch
new file mode 100644
index 0000000..1bffc6f
--- /dev/null
+++ b/kvm-vfio-Remove-vfio-platform.patch
@@ -0,0 +1,999 @@
+From e5a4eb3213d2368f93b3cdd5c4363c6e5900fa4e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com>
+Date: Mon, 1 Sep 2025 08:46:30 +0200
+Subject: [PATCH 023/116] vfio: Remove 'vfio-platform'
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [7/100] 8e09d3b9c245e811a0be39cfba01ef1f9a185826 (rovick1/qemu-kvm)
+
+Conflicts:
+ hw/arm/virt.c: contextual diff due to downstream-only sections
+ hw/vfio/platform.c: contextual diff due to downstream
+ 60e7ac0c41c2 ("vfio: rename field to "num_initial_regions"")
+ anyway the file is removed
+
+The VFIO_PLATFORM device type has been deprecated in the QEMU 10.0
+timeframe. All dependent devices have been removed. Now remove the
+core vfio platform framework.
+
+Rename VFIO_DEVICE_TYPE_PLATFORM enum to VFIO_DEVICE_TYPE_UNUSED to
+maintain the same index for the CCW and AP VFIO device types.
+
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250901064631.530723-8-clg@redhat.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 762c85543948bf1f7838d663995648635d3f4b92)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ docs/about/deprecated.rst | 12 -
+ docs/about/removed-features.rst | 9 +
+ hw/arm/Kconfig | 1 -
+ hw/arm/virt.c | 4 -
+ hw/vfio/Kconfig | 6 -
+ hw/vfio/meson.build | 1 -
+ hw/vfio/platform.c | 716 --------------------------------
+ hw/vfio/trace-events | 11 -
+ include/hw/vfio/vfio-device.h | 2 +-
+ include/hw/vfio/vfio-platform.h | 78 ----
+ 10 files changed, 10 insertions(+), 830 deletions(-)
+ delete mode 100644 hw/vfio/platform.c
+ delete mode 100644 include/hw/vfio/vfio-platform.h
+
+diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst
+index 0df97eb2b7..fc422acc3e 100644
+--- a/docs/about/deprecated.rst
++++ b/docs/about/deprecated.rst
+@@ -516,18 +516,6 @@ Stream ``reconnect`` (since 9.2)
+ The ``reconnect`` option only allows specifying second granularity timeouts,
+ which is not enough for all types of use cases, use ``reconnect-ms`` instead.
+
+-VFIO device options
+-'''''''''''''''''''
+-
+-``-device vfio-platform`` (since 10.0)
+-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+-The vfio-platform device allows to assign a host platform device
+-to a guest in a generic manner. Integrating a new device into
+-the vfio-platform infrastructure requires some adaptation at
+-both kernel and qemu level. No such attempt has been done for years
+-and the conclusion is that vfio-platform has not got any traction.
+-PCIe passthrough shall be the mainline solution.
+-
+ CPU device properties
+ '''''''''''''''''''''
+
+diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst
+index 47e632b4ac..177128812d 100644
+--- a/docs/about/removed-features.rst
++++ b/docs/about/removed-features.rst
+@@ -1278,6 +1278,15 @@ The vfio-amd-xgbe device allows to assign a host AMD 10GbE controller
+ to a guest ("amd,xgbe-seattle-v1a" compatibility string). AMD "Seattle"
+ is not supported anymore and there is no point keeping that device.
+
++``-device vfio-platform`` (since 10.2)
++''''''''''''''''''''''''''''''''''''''
++The vfio-platform device allows to assign a host platform device
++to a guest in a generic manner. Integrating a new device into
++the vfio-platform infrastructure requires some adaptation at
++both kernel and qemu level. No such attempt has been done for years
++and the conclusion is that vfio-platform has not got any traction.
++PCIe passthrough shall be the mainline solution.
++
+ Tools
+ -----
+
+diff --git a/hw/arm/Kconfig b/hw/arm/Kconfig
+index 3fca48349a..3baa6c6c74 100644
+--- a/hw/arm/Kconfig
++++ b/hw/arm/Kconfig
+@@ -5,7 +5,6 @@ config ARM_VIRT
+ depends on TCG || KVM || HVF
+ imply PCI_DEVICES
+ imply TEST_DEVICES
+- imply VFIO_PLATFORM
+ imply TPM_TIS_SYSBUS
+ imply TPM_TIS_I2C
+ imply NVDIMM
+diff --git a/hw/arm/virt.c b/hw/arm/virt.c
+index 990d2c73c7..5bb6ba7de7 100644
+--- a/hw/arm/virt.c
++++ b/hw/arm/virt.c
+@@ -38,7 +38,6 @@
+ #include "hw/arm/primecell.h"
+ #include "hw/arm/virt.h"
+ #include "hw/block/flash.h"
+-#include "hw/vfio/vfio-platform.h"
+ #include "hw/display/ramfb.h"
+ #include "net/net.h"
+ #include "system/device_tree.h"
+@@ -3322,9 +3321,6 @@ static void virt_machine_class_init(ObjectClass *oc, const void *data)
+ mc->init = machvirt_init;
+ /* Maximum supported VCPU count for all virt-rhel* machines */
+ mc->max_cpus = 384;
+-#if 0 /* Disabled for Red Hat Enterprise Linux */
+- machine_class_allow_dynamic_sysbus_dev(mc, TYPE_VFIO_PLATFORM);
+-#endif
+ machine_class_allow_dynamic_sysbus_dev(mc, TYPE_RAMFB_DEVICE);
+ machine_class_allow_dynamic_sysbus_dev(mc, TYPE_UEFI_VARS_SYSBUS);
+ machine_class_allow_dynamic_sysbus_dev(mc, TYPE_ARM_SMMUV3);
+diff --git a/hw/vfio/Kconfig b/hw/vfio/Kconfig
+index 9a1dbe2926..27de24e4db 100644
+--- a/hw/vfio/Kconfig
++++ b/hw/vfio/Kconfig
+@@ -17,12 +17,6 @@ config VFIO_CCW
+ select VFIO
+ depends on LINUX && S390_CCW_VIRTIO
+
+-config VFIO_PLATFORM
+- bool
+- default y
+- select VFIO
+- depends on LINUX && PLATFORM_BUS
+-
+ config VFIO_AP
+ bool
+ default y
+diff --git a/hw/vfio/meson.build b/hw/vfio/meson.build
+index 06473a0789..d3ed3cb7ac 100644
+--- a/hw/vfio/meson.build
++++ b/hw/vfio/meson.build
+@@ -13,7 +13,6 @@ vfio_ss.add(when: 'CONFIG_VFIO_PCI', if_true: files(
+ 'pci.c',
+ ))
+ vfio_ss.add(when: 'CONFIG_VFIO_CCW', if_true: files('ccw.c'))
+-vfio_ss.add(when: 'CONFIG_VFIO_PLATFORM', if_true: files('platform.c'))
+ vfio_ss.add(when: 'CONFIG_VFIO_AP', if_true: files('ap.c'))
+ vfio_ss.add(when: 'CONFIG_VFIO_IGD', if_true: files('igd.c'))
+
+diff --git a/hw/vfio/platform.c b/hw/vfio/platform.c
+deleted file mode 100644
+index c9349ba7b7..0000000000
+--- a/hw/vfio/platform.c
++++ /dev/null
+@@ -1,716 +0,0 @@
+-/*
+- * vfio based device assignment support - platform devices
+- *
+- * Copyright Linaro Limited, 2014
+- *
+- * Authors:
+- * Kim Phillips <kim.phillips@linaro.org>
+- * Eric Auger <eric.auger@linaro.org>
+- *
+- * This work is licensed under the terms of the GNU GPL, version 2. See
+- * the COPYING file in the top-level directory.
+- *
+- * Based on vfio based PCI device assignment support:
+- * Copyright Red Hat, Inc. 2012
+- */
+-
+-#include "qemu/osdep.h"
+-#include CONFIG_DEVICES /* CONFIG_IOMMUFD */
+-#include "qapi/error.h"
+-#include <sys/ioctl.h>
+-#include <linux/vfio.h>
+-
+-#include "hw/vfio/vfio-platform.h"
+-#include "system/iommufd.h"
+-#include "migration/vmstate.h"
+-#include "qemu/error-report.h"
+-#include "qemu/lockable.h"
+-#include "qemu/main-loop.h"
+-#include "qemu/module.h"
+-#include "qemu/range.h"
+-#include "system/memory.h"
+-#include "system/address-spaces.h"
+-#include "qemu/queue.h"
+-#include "hw/sysbus.h"
+-#include "trace.h"
+-#include "hw/irq.h"
+-#include "hw/platform-bus.h"
+-#include "hw/qdev-properties.h"
+-#include "system/kvm.h"
+-#include "hw/vfio/vfio-region.h"
+-
+-/*
+- * Functions used whatever the injection method
+- */
+-
+-static inline bool vfio_irq_is_automasked(VFIOINTp *intp)
+-{
+- return intp->flags & VFIO_IRQ_INFO_AUTOMASKED;
+-}
+-
+-/**
+- * vfio_init_intp - allocate, initialize the IRQ struct pointer
+- * and add it into the list of IRQs
+- * @vbasedev: the VFIO device handle
+- * @info: irq info struct retrieved from VFIO driver
+- * @errp: error object
+- */
+-static VFIOINTp *vfio_init_intp(VFIODevice *vbasedev,
+- struct vfio_irq_info info, Error **errp)
+-{
+- int ret;
+- VFIOPlatformDevice *vdev =
+- container_of(vbasedev, VFIOPlatformDevice, vbasedev);
+- SysBusDevice *sbdev = SYS_BUS_DEVICE(vdev);
+- VFIOINTp *intp;
+-
+- intp = g_malloc0(sizeof(*intp));
+- intp->vdev = vdev;
+- intp->pin = info.index;
+- intp->flags = info.flags;
+- intp->state = VFIO_IRQ_INACTIVE;
+- intp->kvm_accel = false;
+-
+- sysbus_init_irq(sbdev, &intp->qemuirq);
+-
+- /* Get an eventfd for trigger */
+- intp->interrupt = g_new0(EventNotifier, 1);
+- ret = event_notifier_init(intp->interrupt, 0);
+- if (ret) {
+- g_free(intp->interrupt);
+- g_free(intp);
+- error_setg_errno(errp, -ret,
+- "failed to initialize trigger eventfd notifier");
+- return NULL;
+- }
+- if (vfio_irq_is_automasked(intp)) {
+- /* Get an eventfd for resample/unmask */
+- intp->unmask = g_new0(EventNotifier, 1);
+- ret = event_notifier_init(intp->unmask, 0);
+- if (ret) {
+- g_free(intp->interrupt);
+- g_free(intp->unmask);
+- g_free(intp);
+- error_setg_errno(errp, -ret,
+- "failed to initialize resample eventfd notifier");
+- return NULL;
+- }
+- }
+-
+- QLIST_INSERT_HEAD(&vdev->intp_list, intp, next);
+- return intp;
+-}
+-
+-/**
+- * vfio_set_trigger_eventfd - set VFIO eventfd handling
+- *
+- * @intp: IRQ struct handle
+- * @handler: handler to be called on eventfd signaling
+- *
+- * Setup VFIO signaling and attach an optional user-side handler
+- * to the eventfd
+- */
+-static int vfio_set_trigger_eventfd(VFIOINTp *intp,
+- eventfd_user_side_handler_t handler)
+-{
+- VFIODevice *vbasedev = &intp->vdev->vbasedev;
+- int32_t fd = event_notifier_get_fd(intp->interrupt);
+- Error *err = NULL;
+-
+- qemu_set_fd_handler(fd, (IOHandler *)handler, NULL, intp);
+-
+- if (!vfio_device_irq_set_signaling(vbasedev, intp->pin, 0,
+- VFIO_IRQ_SET_ACTION_TRIGGER, fd, &err)) {
+- error_reportf_err(err, VFIO_MSG_PREFIX, vbasedev->name);
+- qemu_set_fd_handler(fd, NULL, NULL, NULL);
+- return -EINVAL;
+- }
+-
+- return 0;
+-}
+-
+-/*
+- * Functions only used when eventfds are handled on user-side
+- * ie. without irqfd
+- */
+-
+-/**
+- * vfio_mmap_set_enabled - enable/disable the fast path mode
+- * @vdev: the VFIO platform device
+- * @enabled: the target mmap state
+- *
+- * enabled = true ~ fast path = MMIO region is mmaped (no KVM TRAP);
+- * enabled = false ~ slow path = MMIO region is trapped and region callbacks
+- * are called; slow path enables to trap the device IRQ status register reset
+-*/
+-
+-static void vfio_mmap_set_enabled(VFIOPlatformDevice *vdev, bool enabled)
+-{
+- int i;
+-
+- for (i = 0; i < vdev->vbasedev.num_initial_regions; i++) {
+- vfio_region_mmaps_set_enabled(vdev->regions[i], enabled);
+- }
+-}
+-
+-/**
+- * vfio_intp_mmap_enable - timer function, restores the fast path
+- * if there is no more active IRQ
+- * @opaque: actually points to the VFIO platform device
+- *
+- * Called on mmap timer timeout, this function checks whether the
+- * IRQ is still active and if not, restores the fast path.
+- * by construction a single eventfd is handled at a time.
+- * if the IRQ is still active, the timer is re-programmed.
+- */
+-static void vfio_intp_mmap_enable(void *opaque)
+-{
+- VFIOINTp *tmp;
+- VFIOPlatformDevice *vdev = (VFIOPlatformDevice *)opaque;
+-
+- QEMU_LOCK_GUARD(&vdev->intp_mutex);
+- QLIST_FOREACH(tmp, &vdev->intp_list, next) {
+- if (tmp->state == VFIO_IRQ_ACTIVE) {
+- trace_vfio_platform_intp_mmap_enable(tmp->pin);
+- /* re-program the timer to check active status later */
+- timer_mod(vdev->mmap_timer,
+- qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
+- vdev->mmap_timeout);
+- return;
+- }
+- }
+- vfio_mmap_set_enabled(vdev, true);
+-}
+-
+-/**
+- * vfio_intp_inject_pending_lockheld - Injects a pending IRQ
+- * @opaque: opaque pointer, in practice the VFIOINTp handle
+- *
+- * The function is called on a previous IRQ completion, from
+- * vfio_platform_eoi, while the intp_mutex is locked.
+- * Also in such situation, the slow path already is set and
+- * the mmap timer was already programmed.
+- */
+-static void vfio_intp_inject_pending_lockheld(VFIOINTp *intp)
+-{
+- trace_vfio_platform_intp_inject_pending_lockheld(intp->pin,
+- event_notifier_get_fd(intp->interrupt));
+-
+- intp->state = VFIO_IRQ_ACTIVE;
+-
+- /* trigger the virtual IRQ */
+- qemu_set_irq(intp->qemuirq, 1);
+-}
+-
+-/**
+- * vfio_intp_interrupt - The user-side eventfd handler
+- * @opaque: opaque pointer which in practice is the VFIOINTp handle
+- *
+- * the function is entered in event handler context:
+- * the vIRQ is injected into the guest if there is no other active
+- * or pending IRQ.
+- */
+-static void vfio_intp_interrupt(VFIOINTp *intp)
+-{
+- int ret;
+- VFIOINTp *tmp;
+- VFIOPlatformDevice *vdev = intp->vdev;
+- bool delay_handling = false;
+-
+- QEMU_LOCK_GUARD(&vdev->intp_mutex);
+- if (intp->state == VFIO_IRQ_INACTIVE) {
+- QLIST_FOREACH(tmp, &vdev->intp_list, next) {
+- if (tmp->state == VFIO_IRQ_ACTIVE ||
+- tmp->state == VFIO_IRQ_PENDING) {
+- delay_handling = true;
+- break;
+- }
+- }
+- }
+- if (delay_handling) {
+- /*
+- * the new IRQ gets a pending status and is pushed in
+- * the pending queue
+- */
+- intp->state = VFIO_IRQ_PENDING;
+- trace_vfio_intp_interrupt_set_pending(intp->pin);
+- QSIMPLEQ_INSERT_TAIL(&vdev->pending_intp_queue,
+- intp, pqnext);
+- event_notifier_test_and_clear(intp->interrupt);
+- return;
+- }
+-
+- trace_vfio_platform_intp_interrupt(intp->pin,
+- event_notifier_get_fd(intp->interrupt));
+-
+- ret = event_notifier_test_and_clear(intp->interrupt);
+- if (!ret) {
+- error_report("Error when clearing fd=%d (ret = %d)",
+- event_notifier_get_fd(intp->interrupt), ret);
+- }
+-
+- intp->state = VFIO_IRQ_ACTIVE;
+-
+- /* sets slow path */
+- vfio_mmap_set_enabled(vdev, false);
+-
+- /* trigger the virtual IRQ */
+- qemu_set_irq(intp->qemuirq, 1);
+-
+- /*
+- * Schedule the mmap timer which will restore fastpath when no IRQ
+- * is active anymore
+- */
+- if (vdev->mmap_timeout) {
+- timer_mod(vdev->mmap_timer,
+- qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) +
+- vdev->mmap_timeout);
+- }
+-}
+-
+-/**
+- * vfio_platform_eoi - IRQ completion routine
+- * @vbasedev: the VFIO device handle
+- *
+- * De-asserts the active virtual IRQ and unmasks the physical IRQ
+- * (effective for level sensitive IRQ auto-masked by the VFIO driver).
+- * Then it handles next pending IRQ if any.
+- * eoi function is called on the first access to any MMIO region
+- * after an IRQ was triggered, trapped since slow path was set.
+- * It is assumed this access corresponds to the IRQ status
+- * register reset. With such a mechanism, a single IRQ can be
+- * handled at a time since there is no way to know which IRQ
+- * was completed by the guest (we would need additional details
+- * about the IRQ status register mask).
+- */
+-static void vfio_platform_eoi(VFIODevice *vbasedev)
+-{
+- VFIOINTp *intp;
+- VFIOPlatformDevice *vdev =
+- container_of(vbasedev, VFIOPlatformDevice, vbasedev);
+-
+- QEMU_LOCK_GUARD(&vdev->intp_mutex);
+- QLIST_FOREACH(intp, &vdev->intp_list, next) {
+- if (intp->state == VFIO_IRQ_ACTIVE) {
+- trace_vfio_platform_eoi(intp->pin,
+- event_notifier_get_fd(intp->interrupt));
+- intp->state = VFIO_IRQ_INACTIVE;
+-
+- /* deassert the virtual IRQ */
+- qemu_set_irq(intp->qemuirq, 0);
+-
+- if (vfio_irq_is_automasked(intp)) {
+- /* unmasks the physical level-sensitive IRQ */
+- vfio_device_irq_unmask(vbasedev, intp->pin);
+- }
+-
+- /* a single IRQ can be active at a time */
+- break;
+- }
+- }
+- /* in case there are pending IRQs, handle the first one */
+- if (!QSIMPLEQ_EMPTY(&vdev->pending_intp_queue)) {
+- intp = QSIMPLEQ_FIRST(&vdev->pending_intp_queue);
+- vfio_intp_inject_pending_lockheld(intp);
+- QSIMPLEQ_REMOVE_HEAD(&vdev->pending_intp_queue, pqnext);
+- }
+-}
+-
+-/**
+- * vfio_start_eventfd_injection - starts the virtual IRQ injection using
+- * user-side handled eventfds
+- * @sbdev: the sysbus device handle
+- * @irq: the qemu irq handle
+- */
+-
+-static void vfio_start_eventfd_injection(SysBusDevice *sbdev, qemu_irq irq)
+-{
+- VFIOPlatformDevice *vdev = VFIO_PLATFORM_DEVICE(sbdev);
+- VFIOINTp *intp;
+-
+- QLIST_FOREACH(intp, &vdev->intp_list, next) {
+- if (intp->qemuirq == irq) {
+- break;
+- }
+- }
+- assert(intp);
+-
+- if (vfio_set_trigger_eventfd(intp, vfio_intp_interrupt)) {
+- abort();
+- }
+-}
+-
+-/*
+- * Functions used for irqfd
+- */
+-
+-/**
+- * vfio_set_resample_eventfd - sets the resamplefd for an IRQ
+- * @intp: the IRQ struct handle
+- * programs the VFIO driver to unmask this IRQ when the
+- * intp->unmask eventfd is triggered
+- */
+-static int vfio_set_resample_eventfd(VFIOINTp *intp)
+-{
+- int32_t fd = event_notifier_get_fd(intp->unmask);
+- VFIODevice *vbasedev = &intp->vdev->vbasedev;
+- Error *err = NULL;
+-
+- qemu_set_fd_handler(fd, NULL, NULL, NULL);
+- if (!vfio_device_irq_set_signaling(vbasedev, intp->pin, 0,
+- VFIO_IRQ_SET_ACTION_UNMASK, fd, &err)) {
+- error_reportf_err(err, VFIO_MSG_PREFIX, vbasedev->name);
+- return -EINVAL;
+- }
+- return 0;
+-}
+-
+-/**
+- * vfio_start_irqfd_injection - starts the virtual IRQ injection using
+- * irqfd
+- *
+- * @sbdev: the sysbus device handle
+- * @irq: the qemu irq handle
+- *
+- * In case the irqfd setup fails, we fallback to userspace handled eventfd
+- */
+-static void vfio_start_irqfd_injection(SysBusDevice *sbdev, qemu_irq irq)
+-{
+- VFIOPlatformDevice *vdev = VFIO_PLATFORM_DEVICE(sbdev);
+- VFIOINTp *intp;
+-
+- if (!kvm_irqfds_enabled() || !kvm_resamplefds_enabled() ||
+- !vdev->irqfd_allowed) {
+- goto fail_irqfd;
+- }
+-
+- QLIST_FOREACH(intp, &vdev->intp_list, next) {
+- if (intp->qemuirq == irq) {
+- break;
+- }
+- }
+- assert(intp);
+-
+- if (kvm_irqchip_add_irqfd_notifier(kvm_state, intp->interrupt,
+- intp->unmask, irq) < 0) {
+- goto fail_irqfd;
+- }
+-
+- if (vfio_set_trigger_eventfd(intp, NULL) < 0) {
+- goto fail_vfio;
+- }
+- if (vfio_irq_is_automasked(intp)) {
+- if (vfio_set_resample_eventfd(intp) < 0) {
+- goto fail_vfio;
+- }
+- trace_vfio_platform_start_level_irqfd_injection(intp->pin,
+- event_notifier_get_fd(intp->interrupt),
+- event_notifier_get_fd(intp->unmask));
+- } else {
+- trace_vfio_platform_start_edge_irqfd_injection(intp->pin,
+- event_notifier_get_fd(intp->interrupt));
+- }
+-
+- intp->kvm_accel = true;
+-
+- return;
+-fail_vfio:
+- kvm_irqchip_remove_irqfd_notifier(kvm_state, intp->interrupt, irq);
+- abort();
+-fail_irqfd:
+- vfio_start_eventfd_injection(sbdev, irq);
+-}
+-
+-/* VFIO skeleton */
+-
+-static void vfio_platform_compute_needs_reset(VFIODevice *vbasedev)
+-{
+- vbasedev->needs_reset = true;
+-}
+-
+-/* not implemented yet */
+-static int vfio_platform_hot_reset_multi(VFIODevice *vbasedev)
+-{
+- return -1;
+-}
+-
+-/**
+- * vfio_populate_device - Allocate and populate MMIO region
+- * and IRQ structs according to driver returned information
+- * @vbasedev: the VFIO device handle
+- * @errp: error object
+- *
+- */
+-static bool vfio_populate_device(VFIODevice *vbasedev, Error **errp)
+-{
+- VFIOINTp *intp, *tmp;
+- int i, ret = -1;
+- VFIOPlatformDevice *vdev =
+- container_of(vbasedev, VFIOPlatformDevice, vbasedev);
+-
+- if (!(vbasedev->flags & VFIO_DEVICE_FLAGS_PLATFORM)) {
+- error_setg(errp, "this isn't a platform device");
+- return false;
+- }
+-
+- vdev->regions = g_new0(VFIORegion *, vbasedev->num_initial_regions);
+-
+- for (i = 0; i < vbasedev->num_initial_regions; i++) {
+- char *name = g_strdup_printf("VFIO %s region %d\n", vbasedev->name, i);
+-
+- vdev->regions[i] = g_new0(VFIORegion, 1);
+- ret = vfio_region_setup(OBJECT(vdev), vbasedev,
+- vdev->regions[i], i, name);
+- g_free(name);
+- if (ret) {
+- error_setg_errno(errp, -ret, "failed to get region %d info", i);
+- goto reg_error;
+- }
+- }
+-
+- vdev->mmap_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL,
+- vfio_intp_mmap_enable, vdev);
+-
+- QSIMPLEQ_INIT(&vdev->pending_intp_queue);
+-
+- for (i = 0; i < vbasedev->num_irqs; i++) {
+- struct vfio_irq_info irq;
+-
+- ret = vfio_device_get_irq_info(vbasedev, i, &irq);
+-
+- if (ret) {
+- error_setg_errno(errp, -ret, "failed to get device irq info");
+- goto irq_err;
+- } else {
+- trace_vfio_platform_populate_interrupts(irq.index,
+- irq.count,
+- irq.flags);
+- intp = vfio_init_intp(vbasedev, irq, errp);
+- if (!intp) {
+- goto irq_err;
+- }
+- }
+- }
+- return true;
+-irq_err:
+- timer_del(vdev->mmap_timer);
+- QLIST_FOREACH_SAFE(intp, &vdev->intp_list, next, tmp) {
+- QLIST_REMOVE(intp, next);
+- g_free(intp);
+- }
+-reg_error:
+- for (i = 0; i < vbasedev->num_initial_regions; i++) {
+- if (vdev->regions[i]) {
+- vfio_region_finalize(vdev->regions[i]);
+- }
+- g_free(vdev->regions[i]);
+- }
+- g_free(vdev->regions);
+- return false;
+-}
+-
+-/* specialized functions for VFIO Platform devices */
+-static VFIODeviceOps vfio_platform_ops = {
+- .vfio_compute_needs_reset = vfio_platform_compute_needs_reset,
+- .vfio_hot_reset_multi = vfio_platform_hot_reset_multi,
+- .vfio_eoi = vfio_platform_eoi,
+-};
+-
+-/**
+- * vfio_base_device_init - perform preliminary VFIO setup
+- * @vbasedev: the VFIO device handle
+- * @errp: error object
+- *
+- * Implement the VFIO command sequence that allows to discover
+- * assigned device resources: group extraction, device
+- * fd retrieval, resource query.
+- * Precondition: the device name must be initialized
+- */
+-static bool vfio_base_device_init(VFIODevice *vbasedev, Error **errp)
+-{
+- /* @fd takes precedence over @sysfsdev which takes precedence over @host */
+- if (vbasedev->fd < 0 && vbasedev->sysfsdev) {
+- vfio_device_free_name(vbasedev);
+- vbasedev->name = g_path_get_basename(vbasedev->sysfsdev);
+- } else if (vbasedev->fd < 0) {
+- if (!vbasedev->name || strchr(vbasedev->name, '/')) {
+- error_setg(errp, "wrong host device name");
+- return false;
+- }
+-
+- vbasedev->sysfsdev = g_strdup_printf("/sys/bus/platform/devices/%s",
+- vbasedev->name);
+- }
+-
+- if (!vfio_device_get_name(vbasedev, errp)) {
+- return false;
+- }
+-
+- if (!vfio_device_attach(vbasedev->name, vbasedev,
+- &address_space_memory, errp)) {
+- return false;
+- }
+-
+- if (vfio_populate_device(vbasedev, errp)) {
+- return true;
+- }
+-
+- vfio_device_detach(vbasedev);
+- return false;
+-}
+-
+-/**
+- * vfio_platform_realize - the device realize function
+- * @dev: device state pointer
+- * @errp: error
+- *
+- * initialize the device, its memory regions and IRQ structures
+- * IRQ are started separately
+- */
+-static void vfio_platform_realize(DeviceState *dev, Error **errp)
+-{
+- ERRP_GUARD();
+- VFIOPlatformDevice *vdev = VFIO_PLATFORM_DEVICE(dev);
+- SysBusDevice *sbdev = SYS_BUS_DEVICE(dev);
+- VFIODevice *vbasedev = &vdev->vbasedev;
+- int i;
+-
+- warn_report("-device vfio-platform is deprecated");
+- qemu_mutex_init(&vdev->intp_mutex);
+-
+- trace_vfio_platform_realize(vbasedev->sysfsdev ?
+- vbasedev->sysfsdev : vbasedev->name,
+- vdev->compat);
+-
+- if (!vfio_base_device_init(vbasedev, errp)) {
+- goto init_err;
+- }
+-
+- if (!vdev->compat) {
+- GError *gerr = NULL;
+- gchar *contents;
+- gsize length;
+- char *path;
+-
+- path = g_strdup_printf("%s/of_node/compatible", vbasedev->sysfsdev);
+- if (!g_file_get_contents(path, &contents, &length, &gerr)) {
+- error_setg(errp, "%s", gerr->message);
+- g_error_free(gerr);
+- g_free(path);
+- return;
+- }
+- g_free(path);
+- vdev->compat = contents;
+- for (vdev->num_compat = 0; length; vdev->num_compat++) {
+- size_t skip = strlen(contents) + 1;
+- contents += skip;
+- length -= skip;
+- }
+- }
+-
+- for (i = 0; i < vbasedev->num_initial_regions; i++) {
+- if (vfio_region_mmap(vdev->regions[i])) {
+- warn_report("%s mmap unsupported, performance may be slow",
+- memory_region_name(vdev->regions[i]->mem));
+- }
+- sysbus_init_mmio(sbdev, vdev->regions[i]->mem);
+- }
+- return;
+-
+-init_err:
+- if (vdev->vbasedev.name) {
+- error_prepend(errp, VFIO_MSG_PREFIX, vdev->vbasedev.name);
+- } else {
+- error_prepend(errp, "vfio error: ");
+- }
+-}
+-
+-static const VMStateDescription vfio_platform_vmstate = {
+- .name = "vfio-platform",
+- .unmigratable = 1,
+-};
+-
+-static const Property vfio_platform_dev_properties[] = {
+- DEFINE_PROP_STRING("host", VFIOPlatformDevice, vbasedev.name),
+- DEFINE_PROP_STRING("sysfsdev", VFIOPlatformDevice, vbasedev.sysfsdev),
+- DEFINE_PROP_BOOL("x-no-mmap", VFIOPlatformDevice, vbasedev.no_mmap, false),
+- DEFINE_PROP_UINT32("mmap-timeout-ms", VFIOPlatformDevice,
+- mmap_timeout, 1100),
+- DEFINE_PROP_BOOL("x-irqfd", VFIOPlatformDevice, irqfd_allowed, true),
+-#ifdef CONFIG_IOMMUFD
+- DEFINE_PROP_LINK("iommufd", VFIOPlatformDevice, vbasedev.iommufd,
+- TYPE_IOMMUFD_BACKEND, IOMMUFDBackend *),
+-#endif
+-};
+-
+-static void vfio_platform_instance_init(Object *obj)
+-{
+- VFIOPlatformDevice *vdev = VFIO_PLATFORM_DEVICE(obj);
+- VFIODevice *vbasedev = &vdev->vbasedev;
+-
+- vfio_device_init(vbasedev, VFIO_DEVICE_TYPE_PLATFORM, &vfio_platform_ops,
+- DEVICE(vdev), false);
+-}
+-
+-#ifdef CONFIG_IOMMUFD
+-static void vfio_platform_set_fd(Object *obj, const char *str, Error **errp)
+-{
+- vfio_device_set_fd(&VFIO_PLATFORM_DEVICE(obj)->vbasedev, str, errp);
+-}
+-#endif
+-
+-static void vfio_platform_class_init(ObjectClass *klass, const void *data)
+-{
+- DeviceClass *dc = DEVICE_CLASS(klass);
+- SysBusDeviceClass *sbc = SYS_BUS_DEVICE_CLASS(klass);
+-
+- dc->realize = vfio_platform_realize;
+- device_class_set_props(dc, vfio_platform_dev_properties);
+-#ifdef CONFIG_IOMMUFD
+- object_class_property_add_str(klass, "fd", NULL, vfio_platform_set_fd);
+-#endif
+- dc->vmsd = &vfio_platform_vmstate;
+- dc->desc = "VFIO-based platform device assignment";
+- sbc->connect_irq_notifier = vfio_start_irqfd_injection;
+- set_bit(DEVICE_CATEGORY_MISC, dc->categories);
+-
+- object_class_property_set_description(klass, /* 2.4 */
+- "host",
+- "Host device name of assigned device");
+- object_class_property_set_description(klass, /* 2.4 and 2.5 */
+- "x-no-mmap",
+- "Disable MMAP for device. Allows to trace MMIO "
+- "accesses (DEBUG)");
+- object_class_property_set_description(klass, /* 2.4 */
+- "mmap-timeout-ms",
+- "When EOI is not provided by KVM/QEMU, wait time "
+- "(milliseconds) to re-enable device direct access "
+- "after level interrupt (DEBUG)");
+- object_class_property_set_description(klass, /* 2.4 */
+- "x-irqfd",
+- "Allow disabling irqfd support (DEBUG)");
+- object_class_property_set_description(klass, /* 2.6 */
+- "sysfsdev",
+- "Host sysfs path of assigned device");
+-#ifdef CONFIG_IOMMUFD
+- object_class_property_set_description(klass, /* 9.0 */
+- "iommufd",
+- "Set host IOMMUFD backend device");
+-#endif
+-}
+-
+-static const TypeInfo vfio_platform_dev_info = {
+- .name = TYPE_VFIO_PLATFORM,
+- .parent = TYPE_DYNAMIC_SYS_BUS_DEVICE,
+- .instance_size = sizeof(VFIOPlatformDevice),
+- .instance_init = vfio_platform_instance_init,
+- .class_init = vfio_platform_class_init,
+- .class_size = sizeof(VFIOPlatformDeviceClass),
+-};
+-
+-static void register_vfio_platform_dev_type(void)
+-{
+- type_register_static(&vfio_platform_dev_info);
+-}
+-
+-type_init(register_vfio_platform_dev_type)
+diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events
+index fc6ed230d0..e3d571f8c8 100644
+--- a/hw/vfio/trace-events
++++ b/hw/vfio/trace-events
+@@ -127,17 +127,6 @@ vfio_region_unmap(const char *name, unsigned long offset, unsigned long end) "Re
+ vfio_region_sparse_mmap_header(const char *name, int index, int nr_areas) "Device %s region %d: %d sparse mmap entries"
+ vfio_region_sparse_mmap_entry(int i, unsigned long start, unsigned long end) "sparse entry %d [0x%lx - 0x%lx]"
+
+-# platform.c
+-vfio_platform_realize(char *name, char *compat) "vfio device %s, compat = %s"
+-vfio_platform_eoi(int pin, int fd) "EOI IRQ pin %d (fd=%d)"
+-vfio_platform_intp_mmap_enable(int pin) "IRQ #%d still active, stay in slow path"
+-vfio_platform_intp_interrupt(int pin, int fd) "Inject IRQ #%d (fd = %d)"
+-vfio_platform_intp_inject_pending_lockheld(int pin, int fd) "Inject pending IRQ #%d (fd = %d)"
+-vfio_platform_populate_interrupts(int pin, int count, int flags) "- IRQ index %d: count %d, flags=0x%x"
+-vfio_intp_interrupt_set_pending(int index) "irq %d is set PENDING"
+-vfio_platform_start_level_irqfd_injection(int index, int fd, int resamplefd) "IRQ index=%d, fd = %d, resamplefd = %d"
+-vfio_platform_start_edge_irqfd_injection(int index, int fd) "IRQ index=%d, fd = %d"
+-
+ # spapr.c
+ vfio_prereg_listener_region_add_skip(uint64_t start, uint64_t end) "0x%"PRIx64" - 0x%"PRIx64
+ vfio_prereg_listener_region_del_skip(uint64_t start, uint64_t end) "0x%"PRIx64" - 0x%"PRIx64
+diff --git a/include/hw/vfio/vfio-device.h b/include/hw/vfio/vfio-device.h
+index df81d319b2..2bc16a1a2e 100644
+--- a/include/hw/vfio/vfio-device.h
++++ b/include/hw/vfio/vfio-device.h
+@@ -36,7 +36,7 @@
+
+ enum {
+ VFIO_DEVICE_TYPE_PCI = 0,
+- VFIO_DEVICE_TYPE_PLATFORM = 1,
++ VFIO_DEVICE_TYPE_UNUSED = 1,
+ VFIO_DEVICE_TYPE_CCW = 2,
+ VFIO_DEVICE_TYPE_AP = 3,
+ };
+diff --git a/include/hw/vfio/vfio-platform.h b/include/hw/vfio/vfio-platform.h
+deleted file mode 100644
+index 256d8500b7..0000000000
+--- a/include/hw/vfio/vfio-platform.h
++++ /dev/null
+@@ -1,78 +0,0 @@
+-/*
+- * vfio based device assignment support - platform devices
+- *
+- * Copyright Linaro Limited, 2014
+- *
+- * Authors:
+- * Kim Phillips <kim.phillips@linaro.org>
+- *
+- * This work is licensed under the terms of the GNU GPL, version 2. See
+- * the COPYING file in the top-level directory.
+- *
+- * Based on vfio based PCI device assignment support:
+- * Copyright Red Hat, Inc. 2012
+- */
+-
+-#ifndef HW_VFIO_VFIO_PLATFORM_H
+-#define HW_VFIO_VFIO_PLATFORM_H
+-
+-#include "hw/sysbus.h"
+-#include "hw/vfio/vfio-device.h"
+-#include "qemu/event_notifier.h"
+-#include "qemu/queue.h"
+-#include "qom/object.h"
+-
+-#define TYPE_VFIO_PLATFORM "vfio-platform"
+-
+-enum {
+- VFIO_IRQ_INACTIVE = 0,
+- VFIO_IRQ_PENDING = 1,
+- VFIO_IRQ_ACTIVE = 2,
+- /* VFIO_IRQ_ACTIVE_AND_PENDING cannot happen with VFIO */
+-};
+-
+-typedef struct VFIOINTp {
+- QLIST_ENTRY(VFIOINTp) next; /* entry for IRQ list */
+- QSIMPLEQ_ENTRY(VFIOINTp) pqnext; /* entry for pending IRQ queue */
+- EventNotifier *interrupt; /* eventfd triggered on interrupt */
+- EventNotifier *unmask; /* eventfd for unmask on QEMU bypass */
+- qemu_irq qemuirq;
+- struct VFIOPlatformDevice *vdev; /* back pointer to device */
+- int state; /* inactive, pending, active */
+- uint8_t pin; /* index */
+- uint32_t flags; /* IRQ info flags */
+- bool kvm_accel; /* set when QEMU bypass through KVM enabled */
+-} VFIOINTp;
+-
+-/* function type for user side eventfd handler */
+-typedef void (*eventfd_user_side_handler_t)(VFIOINTp *intp);
+-
+-typedef struct VFIORegion VFIORegion;
+-
+-struct VFIOPlatformDevice {
+- SysBusDevice sbdev;
+- VFIODevice vbasedev; /* not a QOM object */
+- VFIORegion **regions;
+- QLIST_HEAD(, VFIOINTp) intp_list; /* list of IRQs */
+- /* queue of pending IRQs */
+- QSIMPLEQ_HEAD(, VFIOINTp) pending_intp_queue;
+- char *compat; /* DT compatible values, separated by NUL */
+- unsigned int num_compat; /* number of compatible values */
+- uint32_t mmap_timeout; /* delay to re-enable mmaps after interrupt */
+- QEMUTimer *mmap_timer; /* allows fast-path resume after IRQ hit */
+- QemuMutex intp_mutex; /* protect the intp_list IRQ state */
+- bool irqfd_allowed; /* debug option to force irqfd on/off */
+-};
+-typedef struct VFIOPlatformDevice VFIOPlatformDevice;
+-
+-struct VFIOPlatformDeviceClass {
+- /*< private >*/
+- SysBusDeviceClass parent_class;
+- /*< public >*/
+-};
+-typedef struct VFIOPlatformDeviceClass VFIOPlatformDeviceClass;
+-
+-DECLARE_OBJ_CHECKERS(VFIOPlatformDevice, VFIOPlatformDeviceClass,
+- VFIO_PLATFORM_DEVICE, TYPE_VFIO_PLATFORM)
+-
+-#endif /* HW_VFIO_VFIO_PLATFORM_H */
+--
+2.52.0
+
diff --git a/kvm-vfio-Remove-workaround-for-kernel-DMA-unmap-overflow.patch b/kvm-vfio-Remove-workaround-for-kernel-DMA-unmap-overflow.patch
new file mode 100644
index 0000000..282cf13
--- /dev/null
+++ b/kvm-vfio-Remove-workaround-for-kernel-DMA-unmap-overflow.patch
@@ -0,0 +1,92 @@
+From bf050d499dff24314563fb35faaa4f445a923fb8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com>
+Date: Fri, 26 Sep 2025 10:54:23 +0200
+Subject: [PATCH 080/116] vfio: Remove workaround for kernel DMA unmap overflow
+ bug
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [64/100] c9310e612ea2b3e10620f507e64649fb1f46cdaf (rovick1/qemu-kvm)
+
+A kernel bug was introduced in Linux v4.15 via commit 71a7d3d78e3c
+("vfio/type1: Check for address space wrap-around on unmap"), which
+added a test for address space wrap-around in the vfio DMA unmap path.
+Unfortunately, due to an integer overflow, the kernel would
+incorrectly detect an unmap of the last page in the 64-bit address
+space as a wrap-around, causing the unmap to fail with -EINVAL.
+
+A QEMU workaround was introduced in commit 567d7d3e6be5 ("vfio/common:
+Work around kernel overflow bug in DMA unmap") to retry the unmap,
+excluding the final page of the range.
+
+The kernel bug was then fixed in Linux v5.0 via commit 58fec830fc19
+("vfio/type1: Fix dma_unmap wrap-around check"). Since the oldest
+supported LTS kernel is now v5.4, kernels affected by this bug are
+considered deprecated, and the workaround is no longer necessary.
+
+This change reverts 567d7d3e6be5, removing the workaround.
+
+Link: https://bugzilla.redhat.com/show_bug.cgi?id=1662291
+Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
+Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Link: https://lore.kernel.org/qemu-devel/20250926085423.375547-1-clg@redhat.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 1d9a832b58be63e53ef0d2342c271a34ecb349db)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/container-legacy.c | 20 +-------------------
+ hw/vfio/trace-events | 1 -
+ 2 files changed, 1 insertion(+), 20 deletions(-)
+
+diff --git a/hw/vfio/container-legacy.c b/hw/vfio/container-legacy.c
+index 0101a72f53..2d19d97e2d 100644
+--- a/hw/vfio/container-legacy.c
++++ b/hw/vfio/container-legacy.c
+@@ -161,25 +161,7 @@ static int vfio_legacy_dma_unmap_one(const VFIOContainer *bcontainer,
+ need_dirty_sync = true;
+ }
+
+- while (ioctl(container->fd, VFIO_IOMMU_UNMAP_DMA, &unmap)) {
+- /*
+- * The type1 backend has an off-by-one bug in the kernel (71a7d3d78e3c
+- * v4.15) where an overflow in its wrap-around check prevents us from
+- * unmapping the last page of the address space. Test for the error
+- * condition and re-try the unmap excluding the last page. The
+- * expectation is that we've never mapped the last page anyway and this
+- * unmap request comes via vIOMMU support which also makes it unlikely
+- * that this page is used. This bug was introduced well after type1 v2
+- * support was introduced, so we shouldn't need to test for v1. A fix
+- * is queued for kernel v5.0 so this workaround can be removed once
+- * affected kernels are sufficiently deprecated.
+- */
+- if (errno == EINVAL && unmap.size && !(unmap.iova + unmap.size) &&
+- container->iommu_type == VFIO_TYPE1v2_IOMMU) {
+- trace_vfio_legacy_dma_unmap_overflow_workaround();
+- unmap.size -= 1ULL << ctz64(bcontainer->pgsizes);
+- continue;
+- }
++ if (ioctl(container->fd, VFIO_IOMMU_UNMAP_DMA, &unmap)) {
+ return -errno;
+ }
+
+diff --git a/hw/vfio/trace-events b/hw/vfio/trace-events
+index e3d571f8c8..7496e1b64b 100644
+--- a/hw/vfio/trace-events
++++ b/hw/vfio/trace-events
+@@ -112,7 +112,6 @@ vfio_container_disconnect(int fd) "close container->fd=%d"
+ vfio_group_put(int fd) "close group->fd=%d"
+ vfio_device_get(const char * name, unsigned int flags, unsigned int num_regions, unsigned int num_irqs) "Device %s flags: %u, regions: %u, irqs: %u"
+ vfio_device_put(int fd) "close vdev->fd=%d"
+-vfio_legacy_dma_unmap_overflow_workaround(void) ""
+
+ # region.c
+ vfio_region_write(const char *name, int index, uint64_t addr, uint64_t data, unsigned size) " (%s:region%d+0x%"PRIx64", 0x%"PRIx64 ", %d)"
+--
+2.52.0
+
diff --git a/kvm-vfio-Report-an-error-when-the-dma_max_mappings-limit.patch b/kvm-vfio-Report-an-error-when-the-dma_max_mappings-limit.patch
new file mode 100644
index 0000000..737830d
--- /dev/null
+++ b/kvm-vfio-Report-an-error-when-the-dma_max_mappings-limit.patch
@@ -0,0 +1,92 @@
+From 5aa93e83bde673ad1140870300a365a9f23a2006 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= <clg@redhat.com>
+Date: Thu, 14 Aug 2025 17:34:19 +0200
+Subject: [PATCH 026/116] vfio: Report an error when the 'dma_max_mappings'
+ limit is reached
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [10/100] 980ecbe9d119e3de2914fb7c19274bc527fa11d5 (rovick1/qemu-kvm)
+
+The VFIO IOMMU Type1 kernel driver enforces a default IOMMU mapping
+limit of 65535, which is configurable via the 'dma_max_mappings'
+module parameter. When this limit is reached, QEMU issues a warning
+and fails the mapping operation, but allows the VM to continue
+running, potentially causing issues later. This scenario occurs with
+SEV-SNP guests, which must update all IOMMU mappings during
+initialization.
+
+To address this, update vfio_ram_discard_register_listener() to accept
+an 'Error **' parameter and propagate the error to the caller. This
+change will halt the VM immediately, at init time, with the same error
+message.
+
+Additionally, the same behavior will be enforced at runtime. While
+this might be considered too brutal, the rarity of this case and the
+planned removal of the dma_max_mappings module parameter make it a
+reasonable approach.
+
+Cc: Alex Williamson <alex.williamson@redhat.com>
+Reviewed-by: Yi Liu <yi.l.liu@intel.com>
+Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250814153419.1643897-1-clg@redhat.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit ceb59c1cc61dee57c8806571e7c723e555914547)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/listener.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/hw/vfio/listener.c b/hw/vfio/listener.c
+index 5ebafaa07e..c244be5e21 100644
+--- a/hw/vfio/listener.c
++++ b/hw/vfio/listener.c
+@@ -250,8 +250,9 @@ static int vfio_ram_discard_notify_populate(RamDiscardListener *rdl,
+ return 0;
+ }
+
+-static void vfio_ram_discard_register_listener(VFIOContainerBase *bcontainer,
+- MemoryRegionSection *section)
++static bool vfio_ram_discard_register_listener(VFIOContainerBase *bcontainer,
++ MemoryRegionSection *section,
++ Error **errp)
+ {
+ RamDiscardManager *rdm = memory_region_get_ram_discard_manager(section->mr);
+ int target_page_size = qemu_target_page_size();
+@@ -316,13 +317,15 @@ static void vfio_ram_discard_register_listener(VFIOContainerBase *bcontainer,
+
+ if (vrdl_mappings + max_memslots - vrdl_count >
+ bcontainer->dma_max_mappings) {
+- warn_report("%s: possibly running out of DMA mappings. E.g., try"
++ error_setg(errp, "%s: possibly running out of DMA mappings. E.g., try"
+ " increasing the 'block-size' of virtio-mem devies."
+ " Maximum possible DMA mappings: %d, Maximum possible"
+ " memslots: %d", __func__, bcontainer->dma_max_mappings,
+ max_memslots);
++ return false;
+ }
+ }
++ return true;
+ }
+
+ static void vfio_ram_discard_unregister_listener(VFIOContainerBase *bcontainer,
+@@ -571,7 +574,9 @@ void vfio_container_region_add(VFIOContainerBase *bcontainer,
+ */
+ if (memory_region_has_ram_discard_manager(section->mr)) {
+ if (!cpr_remap) {
+- vfio_ram_discard_register_listener(bcontainer, section);
++ if (!vfio_ram_discard_register_listener(bcontainer, section, &err)) {
++ goto fail;
++ }
+ } else if (!vfio_cpr_ram_discard_register_listener(bcontainer,
+ section)) {
+ error_setg(&err,
+--
+2.52.0
+
diff --git a/kvm-vfio-container-Remap-only-populated-parts-in-a-secti.patch b/kvm-vfio-container-Remap-only-populated-parts-in-a-secti.patch
new file mode 100644
index 0000000..1a3f66b
--- /dev/null
+++ b/kvm-vfio-container-Remap-only-populated-parts-in-a-secti.patch
@@ -0,0 +1,108 @@
+From 71afe9279971bf2738ca60316d66a6eac271b190 Mon Sep 17 00:00:00 2001
+From: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Date: Sun, 28 Sep 2025 04:54:27 -0400
+Subject: [PATCH 098/116] vfio/container: Remap only populated parts in a
+ section
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [82/100] a6a483d335d66c5d550a5e4eb12569915def6a11 (rovick1/qemu-kvm)
+
+If there are multiple containers and unmap-all fails for some of them, we
+need to remap vaddr for the other containers for which unmap-all succeeded.
+When ram discard is enabled, we should only remap populated parts in a
+section instead of the whole section.
+
+Fixes: eba1f657cbb1 ("vfio/container: recover from unmap-all-vaddr failure")
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Reviewed-by: Steven Sistare <steven.sistare@oracle.com>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250928085432.40107-2-zhenzhong.duan@intel.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 5a78db7f8099274550bdacdc1fc24943567ac615)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/cpr-legacy.c | 20 +++++++++++++++-----
+ hw/vfio/listener.c | 4 ++--
+ include/hw/vfio/vfio-cpr.h | 2 +-
+ 3 files changed, 18 insertions(+), 8 deletions(-)
+
+diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c
+index 80af7469d0..b4581e8f85 100644
+--- a/hw/vfio/cpr-legacy.c
++++ b/hw/vfio/cpr-legacy.c
+@@ -228,22 +228,32 @@ void vfio_cpr_giommu_remap(VFIOContainer *bcontainer,
+ memory_region_iommu_replay(giommu->iommu_mr, &giommu->n);
+ }
+
++static int vfio_cpr_rdm_remap(MemoryRegionSection *section, void *opaque)
++{
++ RamDiscardListener *rdl = opaque;
++
++ return rdl->notify_populate(rdl, section);
++}
++
+ /*
+ * In old QEMU, VFIO_DMA_UNMAP_FLAG_VADDR may fail on some mapping after
+ * succeeding for others, so the latter have lost their vaddr. Call this
+- * to restore vaddr for a section with a RamDiscardManager.
++ * to restore vaddr for populated parts in a section with a RamDiscardManager.
+ *
+- * The ram discard listener already exists. Call its populate function
++ * The ram discard listener already exists. Call its replay_populated function
+ * directly, which calls vfio_legacy_cpr_dma_map.
+ */
+-bool vfio_cpr_ram_discard_register_listener(VFIOContainer *bcontainer,
+- MemoryRegionSection *section)
++bool vfio_cpr_ram_discard_replay_populated(VFIOContainer *bcontainer,
++ MemoryRegionSection *section)
+ {
++ RamDiscardManager *rdm = memory_region_get_ram_discard_manager(section->mr);
+ VFIORamDiscardListener *vrdl =
+ vfio_find_ram_discard_listener(bcontainer, section);
+
+ g_assert(vrdl);
+- return vrdl->listener.notify_populate(&vrdl->listener, section) == 0;
++ return ram_discard_manager_replay_populated(rdm, section,
++ vfio_cpr_rdm_remap,
++ &vrdl->listener) == 0;
+ }
+
+ int vfio_cpr_group_get_device_fd(int d, const char *name)
+diff --git a/hw/vfio/listener.c b/hw/vfio/listener.c
+index b5cefc9395..df42bc58e7 100644
+--- a/hw/vfio/listener.c
++++ b/hw/vfio/listener.c
+@@ -578,8 +578,8 @@ void vfio_container_region_add(VFIOContainer *bcontainer,
+ if (!vfio_ram_discard_register_listener(bcontainer, section, &err)) {
+ goto fail;
+ }
+- } else if (!vfio_cpr_ram_discard_register_listener(bcontainer,
+- section)) {
++ } else if (!vfio_cpr_ram_discard_replay_populated(bcontainer,
++ section)) {
+ error_setg(&err,
+ "vfio_cpr_ram_discard_register_listener for %s failed",
+ memory_region_name(section->mr));
+diff --git a/include/hw/vfio/vfio-cpr.h b/include/hw/vfio/vfio-cpr.h
+index 81f4e24e22..4606da500a 100644
+--- a/include/hw/vfio/vfio-cpr.h
++++ b/include/hw/vfio/vfio-cpr.h
+@@ -68,7 +68,7 @@ bool vfio_cpr_container_match(struct VFIOLegacyContainer *container,
+ void vfio_cpr_giommu_remap(struct VFIOContainer *bcontainer,
+ MemoryRegionSection *section);
+
+-bool vfio_cpr_ram_discard_register_listener(
++bool vfio_cpr_ram_discard_replay_populated(
+ struct VFIOContainer *bcontainer, MemoryRegionSection *section);
+
+ void vfio_cpr_save_vector_fd(struct VFIOPCIDevice *vdev, const char *name,
+--
+2.52.0
+
diff --git a/kvm-vfio-container-Support-unmap-all-in-one-ioctl.patch b/kvm-vfio-container-Support-unmap-all-in-one-ioctl.patch
new file mode 100644
index 0000000..f37dc07
--- /dev/null
+++ b/kvm-vfio-container-Support-unmap-all-in-one-ioctl.patch
@@ -0,0 +1,124 @@
+From 8099d6501f399b1c55f23dd482389304349c9664 Mon Sep 17 00:00:00 2001
+From: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Date: Thu, 9 Oct 2025 00:01:32 -0400
+Subject: [PATCH 102/116] vfio/container: Support unmap all in one ioctl()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [86/100] 0c5f202cb07001ea023816c1c4bbf09e460b83b0 (rovick1/qemu-kvm)
+
+VFIO type1 kernel uAPI supports unmapping whole address space in one call
+since commit c19650995374 ("vfio/type1: implement unmap all"). Use the
+unmap_all variant whenever it's supported in kernel.
+
+Opportunistically pass VFIOLegacyContainer pointer in low level function
+vfio_legacy_dma_unmap_one().
+
+Co-developed-by: John Levon <levon@movementarian.org>
+Signed-off-by: John Levon <levon@movementarian.org>
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20251009040134.334251-2-zhenzhong.duan@intel.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 962bcf0911e7f3601da0f07ba7da9824cb6a5ba5)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/container-legacy.c | 38 ++++++++++++++-----------
+ include/hw/vfio/vfio-container-legacy.h | 1 +
+ 2 files changed, 23 insertions(+), 16 deletions(-)
+
+diff --git a/hw/vfio/container-legacy.c b/hw/vfio/container-legacy.c
+index fad0226f7d..e639760381 100644
+--- a/hw/vfio/container-legacy.c
++++ b/hw/vfio/container-legacy.c
+@@ -135,14 +135,14 @@ unmap_exit:
+ return ret;
+ }
+
+-static int vfio_legacy_dma_unmap_one(const VFIOContainer *bcontainer,
++static int vfio_legacy_dma_unmap_one(const VFIOLegacyContainer *container,
+ hwaddr iova, uint64_t size,
+- IOMMUTLBEntry *iotlb)
++ uint32_t flags, IOMMUTLBEntry *iotlb)
+ {
+- const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
++ const VFIOContainer *bcontainer = VFIO_IOMMU(container);
+ struct vfio_iommu_type1_dma_unmap unmap = {
+ .argsz = sizeof(unmap),
+- .flags = 0,
++ .flags = flags,
+ .iova = iova,
+ .size = size,
+ };
+@@ -184,25 +184,28 @@ static int vfio_legacy_dma_unmap(const VFIOContainer *bcontainer,
+ hwaddr iova, uint64_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all)
+ {
++ const VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
++ uint32_t flags = 0;
+ int ret;
+
+ if (unmap_all) {
+- /* The unmap ioctl doesn't accept a full 64-bit span. */
+- Int128 llsize = int128_rshift(int128_2_64(), 1);
+-
+- ret = vfio_legacy_dma_unmap_one(bcontainer, 0, int128_get64(llsize),
+- iotlb);
++ if (container->unmap_all_supported) {
++ flags = VFIO_DMA_UNMAP_FLAG_ALL;
++ } else {
++ /* The unmap ioctl doesn't accept a full 64-bit span. */
++ Int128 llsize = int128_rshift(int128_2_64(), 1);
++ size = int128_get64(llsize);
++
++ ret = vfio_legacy_dma_unmap_one(container, 0, size, flags, iotlb);
++ if (ret) {
++ return ret;
++ }
+
+- if (ret == 0) {
+- ret = vfio_legacy_dma_unmap_one(bcontainer, int128_get64(llsize),
+- int128_get64(llsize), iotlb);
++ iova = size;
+ }
+-
+- } else {
+- ret = vfio_legacy_dma_unmap_one(bcontainer, iova, size, iotlb);
+ }
+
+- return ret;
++ return vfio_legacy_dma_unmap_one(container, iova, size, flags, iotlb);
+ }
+
+ static int vfio_legacy_dma_map(const VFIOContainer *bcontainer, hwaddr iova,
+@@ -533,6 +536,9 @@ static bool vfio_legacy_setup(VFIOContainer *bcontainer, Error **errp)
+
+ vfio_get_info_iova_range(info, bcontainer);
+
++ ret = ioctl(container->fd, VFIO_CHECK_EXTENSION, VFIO_UNMAP_ALL);
++ container->unmap_all_supported = !!ret;
++
+ vfio_get_iommu_info_migration(container, info);
+ return true;
+ }
+diff --git a/include/hw/vfio/vfio-container-legacy.h b/include/hw/vfio/vfio-container-legacy.h
+index 74a72df018..ffd594e80d 100644
+--- a/include/hw/vfio/vfio-container-legacy.h
++++ b/include/hw/vfio/vfio-container-legacy.h
+@@ -30,6 +30,7 @@ struct VFIOLegacyContainer {
+
+ int fd; /* /dev/vfio/vfio, empowered by the attached groups */
+ unsigned iommu_type;
++ bool unmap_all_supported;
+ QLIST_HEAD(, VFIOGroup) group_list;
+ VFIOContainerCPR cpr;
+ };
+--
+2.52.0
+
diff --git a/kvm-vfio-container-set-error-on-cpr-failure.patch b/kvm-vfio-container-set-error-on-cpr-failure.patch
new file mode 100644
index 0000000..0624ba4
--- /dev/null
+++ b/kvm-vfio-container-set-error-on-cpr-failure.patch
@@ -0,0 +1,47 @@
+From c39b56b7304e8518c5a374fb9b55b292ddc17530 Mon Sep 17 00:00:00 2001
+From: Steve Sistare <steven.sistare@oracle.com>
+Date: Wed, 13 Aug 2025 07:17:47 -0700
+Subject: [PATCH 025/116] vfio/container: set error on cpr failure
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [9/100] 9822cac629f3132a25b3618094196c72cfd0f28a (rovick1/qemu-kvm)
+
+Set an error message if vfio_cpr_ram_discard_register_listener fails so
+the fail label gets a valid error object.
+
+Reported-by: Cédric Le Goater <clg@redhat.com>
+Fixes: eba1f657cbb1 ("vfio/container: recover from unmap-all-vaddr failure")
+Signed-off-by: Steve Sistare <steven.sistare@oracle.com>
+Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Link: https://lore.kernel.org/qemu-devel/1755094667-281419-1-git-send-email-steven.sistare@oracle.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 36cd81dc139f899127d868ba9baaf3079c336efc)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/listener.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/hw/vfio/listener.c b/hw/vfio/listener.c
+index f498e23a93..5ebafaa07e 100644
+--- a/hw/vfio/listener.c
++++ b/hw/vfio/listener.c
+@@ -574,6 +574,9 @@ void vfio_container_region_add(VFIOContainerBase *bcontainer,
+ vfio_ram_discard_register_listener(bcontainer, section);
+ } else if (!vfio_cpr_ram_discard_register_listener(bcontainer,
+ section)) {
++ error_setg(&err,
++ "vfio_cpr_ram_discard_register_listener for %s failed",
++ memory_region_name(section->mr));
+ goto fail;
+ }
+ return;
+--
+2.52.0
+
diff --git a/kvm-vfio-container.c-use-QOM-casts-where-appropriate.patch b/kvm-vfio-container.c-use-QOM-casts-where-appropriate.patch
new file mode 100644
index 0000000..bff7a12
--- /dev/null
+++ b/kvm-vfio-container.c-use-QOM-casts-where-appropriate.patch
@@ -0,0 +1,124 @@
+From 0b7454223958c35ebd9c0d10c3293efc0e828de4 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:49 +0100
+Subject: [PATCH 036/116] vfio/container.c: use QOM casts where appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [20/100] da87b1375fe631dadbdad3febea57c88ab31bc47 (rovick1/qemu-kvm)
+
+Use QOM casts to convert between VFIOUserContainer and VFIOContainerBase instead
+of accessing bcontainer directly.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: John Levon <john.levon@nutanix.com>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-10-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 06229592fa7e6173b979158e9759f0d40a183861)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/container.c | 26 +++++++++++---------------
+ 1 file changed, 11 insertions(+), 15 deletions(-)
+
+diff --git a/hw/vfio-user/container.c b/hw/vfio-user/container.c
+index d589dd90f5..3cdbd44c1a 100644
+--- a/hw/vfio-user/container.c
++++ b/hw/vfio-user/container.c
+@@ -24,16 +24,14 @@
+ */
+ static void vfio_user_listener_begin(VFIOContainerBase *bcontainer)
+ {
+- VFIOUserContainer *container = container_of(bcontainer, VFIOUserContainer,
+- bcontainer);
++ VFIOUserContainer *container = VFIO_IOMMU_USER(bcontainer);
+
+ container->proxy->async_ops = true;
+ }
+
+ static void vfio_user_listener_commit(VFIOContainerBase *bcontainer)
+ {
+- VFIOUserContainer *container = container_of(bcontainer, VFIOUserContainer,
+- bcontainer);
++ VFIOUserContainer *container = VFIO_IOMMU_USER(bcontainer);
+
+ /* wait here for any async requests sent during the transaction */
+ container->proxy->async_ops = false;
+@@ -44,8 +42,8 @@ static int vfio_user_dma_unmap(const VFIOContainerBase *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all)
+ {
+- VFIOUserContainer *container = container_of(bcontainer, VFIOUserContainer,
+- bcontainer);
++ VFIOUserContainer *container = VFIO_IOMMU_USER(bcontainer);
++
+ Error *local_err = NULL;
+ int ret = 0;
+
+@@ -86,8 +84,8 @@ static int vfio_user_dma_map(const VFIOContainerBase *bcontainer, hwaddr iova,
+ ram_addr_t size, void *vaddr, bool readonly,
+ MemoryRegion *mrp)
+ {
+- VFIOUserContainer *container = container_of(bcontainer, VFIOUserContainer,
+- bcontainer);
++ VFIOUserContainer *container = VFIO_IOMMU_USER(bcontainer);
++
+ int fd = memory_region_get_fd(mrp);
+ Error *local_err = NULL;
+ int ret = 0;
+@@ -173,8 +171,7 @@ static int vfio_user_query_dirty_bitmap(const VFIOContainerBase *bcontainer,
+
+ static bool vfio_user_setup(VFIOContainerBase *bcontainer, Error **errp)
+ {
+- VFIOUserContainer *container = container_of(bcontainer, VFIOUserContainer,
+- bcontainer);
++ VFIOUserContainer *container = VFIO_IOMMU_USER(bcontainer);
+
+ assert(container->proxy->dma_pgsizes != 0);
+ bcontainer->pgsizes = container->proxy->dma_pgsizes;
+@@ -218,7 +215,7 @@ vfio_user_container_connect(AddressSpace *as, VFIODevice *vbasedev,
+ goto put_space_exit;
+ }
+
+- bcontainer = &container->bcontainer;
++ bcontainer = VFIO_IOMMU(container);
+
+ ret = ram_block_uncoordinated_discard_disable(true);
+ if (ret) {
+@@ -263,7 +260,7 @@ put_space_exit:
+
+ static void vfio_user_container_disconnect(VFIOUserContainer *container)
+ {
+- VFIOContainerBase *bcontainer = &container->bcontainer;
++ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+ VFIOIOMMUClass *vioc = VFIO_IOMMU_GET_CLASS(bcontainer);
+ VFIOAddressSpace *space = bcontainer->space;
+
+@@ -291,7 +288,7 @@ static bool vfio_user_device_get(VFIOUserContainer *container,
+
+ vbasedev->fd = -1;
+
+- vfio_device_prepare(vbasedev, &container->bcontainer, &info);
++ vfio_device_prepare(vbasedev, VFIO_IOMMU(container), &info);
+
+ return true;
+ }
+@@ -315,8 +312,7 @@ static bool vfio_user_device_attach(const char *name, VFIODevice *vbasedev,
+
+ static void vfio_user_device_detach(VFIODevice *vbasedev)
+ {
+- VFIOUserContainer *container = container_of(vbasedev->bcontainer,
+- VFIOUserContainer, bcontainer);
++ VFIOUserContainer *container = VFIO_IOMMU_USER(vbasedev->bcontainer);
+
+ vfio_device_unprepare(vbasedev);
+
+--
+2.52.0
+
diff --git a/kvm-vfio-cpr-exec-mode.patch b/kvm-vfio-cpr-exec-mode.patch
new file mode 100644
index 0000000..db9661e
--- /dev/null
+++ b/kvm-vfio-cpr-exec-mode.patch
@@ -0,0 +1,116 @@
+From fa80def8f8d7ce4a1d60bcd16937dbf3a2e1c9d3 Mon Sep 17 00:00:00 2001
+From: Steve Sistare <steven.sistare@oracle.com>
+Date: Mon, 30 Sep 2024 09:31:52 -0700
+Subject: [PATCH 095/116] vfio: cpr-exec mode
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [79/100] bee9f7a3984192ca2bd2111f21fb94e9d2b97e59 (rovick1/qemu-kvm)
+
+All blockers and notifiers for cpr-transfer mode also apply to cpr-exec.
+
+Signed-off-by: Steve Sistare <steven.sistare@oracle.com>
+Acked-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/r/30750362-d4a1-4392-8dd6-016624d01be1@oracle.com
+Signed-off-by: Peter Xu <peterx@redhat.com>
+---
+ hw/vfio/container-legacy.c | 3 ++-
+ hw/vfio/cpr-iommufd.c | 3 ++-
+ hw/vfio/cpr-legacy.c | 9 +++++----
+ hw/vfio/cpr.c | 13 +++++++------
+ 4 files changed, 16 insertions(+), 12 deletions(-)
+
+diff --git a/hw/vfio/container-legacy.c b/hw/vfio/container-legacy.c
+index 1394dd6fe8..fad0226f7d 100644
+--- a/hw/vfio/container-legacy.c
++++ b/hw/vfio/container-legacy.c
+@@ -986,7 +986,8 @@ static bool vfio_legacy_attach_device(const char *name, VFIODevice *vbasedev,
+ error_setg(&vbasedev->cpr.mdev_blocker,
+ "CPR does not support vfio mdev %s", vbasedev->name);
+ if (migrate_add_blocker_modes(&vbasedev->cpr.mdev_blocker, errp,
+- MIG_MODE_CPR_TRANSFER, -1) < 0) {
++ MIG_MODE_CPR_TRANSFER, MIG_MODE_CPR_EXEC,
++ -1) < 0) {
+ goto hiod_unref_exit;
+ }
+ }
+diff --git a/hw/vfio/cpr-iommufd.c b/hw/vfio/cpr-iommufd.c
+index 1d70c87996..8a4d65de5e 100644
+--- a/hw/vfio/cpr-iommufd.c
++++ b/hw/vfio/cpr-iommufd.c
+@@ -159,7 +159,8 @@ bool vfio_iommufd_cpr_register_iommufd(IOMMUFDBackend *be, Error **errp)
+
+ if (!vfio_cpr_supported(be, cpr_blocker)) {
+ return migrate_add_blocker_modes(cpr_blocker, errp,
+- MIG_MODE_CPR_TRANSFER, -1) == 0;
++ MIG_MODE_CPR_TRANSFER,
++ MIG_MODE_CPR_EXEC, -1) == 0;
+ }
+
+ vmstate_register(NULL, -1, &iommufd_cpr_vmstate, be);
+diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c
+index 3a1d126556..80af7469d0 100644
+--- a/hw/vfio/cpr-legacy.c
++++ b/hw/vfio/cpr-legacy.c
+@@ -179,16 +179,17 @@ bool vfio_legacy_cpr_register_container(VFIOLegacyContainer *container,
+
+ if (!vfio_cpr_supported(container, cpr_blocker)) {
+ return migrate_add_blocker_modes(cpr_blocker, errp,
+- MIG_MODE_CPR_TRANSFER, -1) == 0;
++ MIG_MODE_CPR_TRANSFER,
++ MIG_MODE_CPR_EXEC, -1) == 0;
+ }
+
+ vfio_cpr_add_kvm_notifier();
+
+ vmstate_register(NULL, -1, &vfio_container_vmstate, container);
+
+- migration_add_notifier_mode(&container->cpr.transfer_notifier,
+- vfio_cpr_fail_notifier,
+- MIG_MODE_CPR_TRANSFER);
++ migration_add_notifier_modes(&container->cpr.transfer_notifier,
++ vfio_cpr_fail_notifier,
++ MIG_MODE_CPR_TRANSFER, MIG_MODE_CPR_EXEC, -1);
+ return true;
+ }
+
+diff --git a/hw/vfio/cpr.c b/hw/vfio/cpr.c
+index 2c71fc1e8e..db462aabcb 100644
+--- a/hw/vfio/cpr.c
++++ b/hw/vfio/cpr.c
+@@ -195,9 +195,10 @@ static int vfio_cpr_kvm_close_notifier(NotifierWithReturn *notifier,
+ void vfio_cpr_add_kvm_notifier(void)
+ {
+ if (!kvm_close_notifier.notify) {
+- migration_add_notifier_mode(&kvm_close_notifier,
+- vfio_cpr_kvm_close_notifier,
+- MIG_MODE_CPR_TRANSFER);
++ migration_add_notifier_modes(&kvm_close_notifier,
++ vfio_cpr_kvm_close_notifier,
++ MIG_MODE_CPR_TRANSFER, MIG_MODE_CPR_EXEC,
++ -1);
+ }
+ }
+
+@@ -282,9 +283,9 @@ static int vfio_cpr_pci_notifier(NotifierWithReturn *notifier,
+
+ void vfio_cpr_pci_register_device(VFIOPCIDevice *vdev)
+ {
+- migration_add_notifier_mode(&vdev->cpr.transfer_notifier,
+- vfio_cpr_pci_notifier,
+- MIG_MODE_CPR_TRANSFER);
++ migration_add_notifier_modes(&vdev->cpr.transfer_notifier,
++ vfio_cpr_pci_notifier,
++ MIG_MODE_CPR_TRANSFER, MIG_MODE_CPR_EXEC, -1);
+ }
+
+ void vfio_cpr_pci_unregister_device(VFIOPCIDevice *vdev)
+--
+2.52.0
+
diff --git a/kvm-vfio-cpr-iommufd.c-use-QOM-casts-where-appropriate.patch b/kvm-vfio-cpr-iommufd.c-use-QOM-casts-where-appropriate.patch
new file mode 100644
index 0000000..2d2ca67
--- /dev/null
+++ b/kvm-vfio-cpr-iommufd.c-use-QOM-casts-where-appropriate.patch
@@ -0,0 +1,53 @@
+From 67a729c7cf2b097aa492c0a049a526411a40c0a1 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:16 +0100
+Subject: [PATCH 058/116] vfio/cpr-iommufd.c: use QOM casts where appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [42/100] 1746dde982eb2cfd00107f598efe53dcf6eb7c94 (rovick1/qemu-kvm)
+
+Use QOM casts to convert between VFIOIOMMUFDContainer and VFIOContainer instead
+of accessing bcontainer directly.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-9-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 91bdb2f32902c83490cbafe524c82005a64e1f68)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/cpr-iommufd.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio/cpr-iommufd.c b/hw/vfio/cpr-iommufd.c
+index 6aaf6f77a2..1d70c87996 100644
+--- a/hw/vfio/cpr-iommufd.c
++++ b/hw/vfio/cpr-iommufd.c
+@@ -176,7 +176,7 @@ void vfio_iommufd_cpr_unregister_iommufd(IOMMUFDBackend *be)
+ bool vfio_iommufd_cpr_register_container(VFIOIOMMUFDContainer *container,
+ Error **errp)
+ {
+- VFIOContainer *bcontainer = &container->bcontainer;
++ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+
+ migration_add_notifier_mode(&bcontainer->cpr_reboot_notifier,
+ vfio_cpr_reboot_notifier,
+@@ -189,7 +189,7 @@ bool vfio_iommufd_cpr_register_container(VFIOIOMMUFDContainer *container,
+
+ void vfio_iommufd_cpr_unregister_container(VFIOIOMMUFDContainer *container)
+ {
+- VFIOContainer *bcontainer = &container->bcontainer;
++ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+
+ migration_remove_notifier(&bcontainer->cpr_reboot_notifier);
+ }
+--
+2.52.0
+
diff --git a/kvm-vfio-cpr-legacy-drop-an-erroneous-assert.patch b/kvm-vfio-cpr-legacy-drop-an-erroneous-assert.patch
new file mode 100644
index 0000000..c6f2d30
--- /dev/null
+++ b/kvm-vfio-cpr-legacy-drop-an-erroneous-assert.patch
@@ -0,0 +1,46 @@
+From b466b2c82dcaec4df06d4d2992191bb4d01e5327 Mon Sep 17 00:00:00 2001
+From: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Date: Sun, 28 Sep 2025 04:54:28 -0400
+Subject: [PATCH 099/116] vfio/cpr-legacy: drop an erroneous assert
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [83/100] 665ecb595eb462e58612b0a03ede41eaf33d259c (rovick1/qemu-kvm)
+
+vfio_legacy_cpr_dma_map() is not only used in post_load on destination
+but also error recovery path on source side. Assert it for destination
+is wrong.
+
+Fixes: 7e9f21411302 ("vfio/container: restore DMA vaddr")
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Reviewed-by: Steve Sistare <steven.sistare@oracle.com>
+Link: https://lore.kernel.org/qemu-devel/20250928085432.40107-3-zhenzhong.duan@intel.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 94230948960e56cb47e835266c7cd8df46da03a4)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/cpr-legacy.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/hw/vfio/cpr-legacy.c b/hw/vfio/cpr-legacy.c
+index b4581e8f85..7184c93991 100644
+--- a/hw/vfio/cpr-legacy.c
++++ b/hw/vfio/cpr-legacy.c
+@@ -52,8 +52,6 @@ static int vfio_legacy_cpr_dma_map(const VFIOContainer *bcontainer,
+ .size = size,
+ };
+
+- g_assert(cpr_is_incoming());
+-
+ if (ioctl(container->fd, VFIO_IOMMU_MAP_DMA, &map)) {
+ return -errno;
+ }
+--
+2.52.0
+
diff --git a/kvm-vfio-cpr.c-use-QOM-casts-where-appropriate.patch b/kvm-vfio-cpr.c-use-QOM-casts-where-appropriate.patch
new file mode 100644
index 0000000..e827352
--- /dev/null
+++ b/kvm-vfio-cpr.c-use-QOM-casts-where-appropriate.patch
@@ -0,0 +1,72 @@
+From 1748fcfa8e350d1e28c01ccd31c403d79858bf93 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:58 +0100
+Subject: [PATCH 044/116] vfio/cpr.c: use QOM casts where appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [28/100] b5ac8c4ae6f9c35ddb091a1037e687668df40984 (rovick1/qemu-kvm)
+
+Use QOM casts to convert between VFIOPCIDevice and PCIDevice instead of
+accessing pdev directly.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Steve Sistare <steven.sistare@oracle.com>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-19-mark.caveayland@nutanix.com
+[ clg: Updated vfio_cpr_set_msi_virq() ]
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 54a3eb315023f59db0426d85604f4527bf7b1aaa)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/cpr.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/hw/vfio/cpr.c b/hw/vfio/cpr.c
+index a831243e02..f911988add 100644
+--- a/hw/vfio/cpr.c
++++ b/hw/vfio/cpr.c
+@@ -56,7 +56,7 @@ static void vfio_cpr_claim_vectors(VFIOPCIDevice *vdev, int nr_vectors,
+ {
+ int i, fd;
+ bool pending = false;
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+
+ vdev->nr_vectors = nr_vectors;
+ vdev->msi_vectors = g_new0(VFIOMSIVector, nr_vectors);
+@@ -99,7 +99,7 @@ static void vfio_cpr_claim_vectors(VFIOPCIDevice *vdev, int nr_vectors,
+ static int vfio_cpr_pci_pre_load(void *opaque)
+ {
+ VFIOPCIDevice *vdev = opaque;
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ int size = MIN(pci_config_size(pdev), vdev->config_size);
+ int i;
+
+@@ -113,7 +113,7 @@ static int vfio_cpr_pci_pre_load(void *opaque)
+ static int vfio_cpr_pci_post_load(void *opaque, int version_id)
+ {
+ VFIOPCIDevice *vdev = opaque;
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ int nr_vectors;
+
+ vfio_sub_page_bar_update_mappings(vdev);
+@@ -214,7 +214,7 @@ static int set_irqfd_notifier_gsi(KVMState *s, EventNotifier *n,
+ static int vfio_cpr_set_msi_virq(VFIOPCIDevice *vdev, Error **errp, bool enable)
+ {
+ const char *op = (enable ? "enable" : "disable");
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ int i, nr_vectors, ret = 0;
+
+ if (msix_enabled(pdev)) {
+--
+2.52.0
+
diff --git a/kvm-vfio-igd-Enable-quirks-when-IGD-is-not-the-primary-d.patch b/kvm-vfio-igd-Enable-quirks-when-IGD-is-not-the-primary-d.patch
new file mode 100644
index 0000000..74ceddf
--- /dev/null
+++ b/kvm-vfio-igd-Enable-quirks-when-IGD-is-not-the-primary-d.patch
@@ -0,0 +1,90 @@
+From 012e86bf90f92c1e2dc25f43806dadaea2ef36e2 Mon Sep 17 00:00:00 2001
+From: Tomita Moeko <tomitamoeko@gmail.com>
+Date: Thu, 14 Aug 2025 00:05:10 +0800
+Subject: [PATCH 019/116] vfio/igd: Enable quirks when IGD is not the primary
+ display
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [3/100] fe9e2f561c2782a0713a06e219d738ca98d62729 (rovick1/qemu-kvm)
+
+Since linux 6.15, commit 41112160ca87 ("vfio/pci: match IGD devices in
+display controller class"), IGD related regions are also exposed when
+IGD is not primary display (device class is Display controller).
+
+Allow IGD quirks to be enabled in this configuration so that guests can
+have display output on IGD when it is not the primary display.
+
+Signed-off-by: Tomita Moeko <tomitamoeko@gmail.com>
+Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250813160510.23553-1-tomitamoeko@gmail.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 432ca3dfa3d57a7bf1e427576fcfca4ab0079a50)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/igd.c | 7 ++++---
+ hw/vfio/pci.h | 5 +++++
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/hw/vfio/igd.c b/hw/vfio/igd.c
+index ee0767b0b8..f116c40ccd 100644
+--- a/hw/vfio/igd.c
++++ b/hw/vfio/igd.c
+@@ -460,7 +460,7 @@ void vfio_probe_igd_bar0_quirk(VFIOPCIDevice *vdev, int nr)
+ int gen;
+
+ if (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) ||
+- !vfio_is_vga(vdev) || nr != 0) {
++ !vfio_is_base_display(vdev) || nr != 0) {
+ return;
+ }
+
+@@ -518,7 +518,7 @@ static bool vfio_pci_igd_config_quirk(VFIOPCIDevice *vdev, Error **errp)
+ Error *err = NULL;
+
+ if (!vfio_pci_is(vdev, PCI_VENDOR_ID_INTEL, PCI_ANY_ID) ||
+- !vfio_is_vga(vdev)) {
++ !vfio_is_base_display(vdev)) {
+ return true;
+ }
+
+@@ -534,12 +534,13 @@ static bool vfio_pci_igd_config_quirk(VFIOPCIDevice *vdev, Error **errp)
+ /*
+ * For backward compatibility, enable legacy mode when
+ * - Device geneation is 6 to 9 (including both)
+- * - IGD claims VGA cycles on host
++ * - IGD exposes itself as VGA controller and claims VGA cycles on host
+ * - Machine type is i440fx (pc_piix)
+ * - IGD device is at guest BDF 00:02.0
+ * - Not manually disabled by x-igd-legacy-mode=off
+ */
+ if ((vdev->igd_legacy_mode != ON_OFF_AUTO_OFF) &&
++ vfio_is_vga(vdev) &&
+ (gen >= 6 && gen <= 9) &&
+ !(gmch & IGD_GMCH_VGA_DISABLE) &&
+ !strcmp(MACHINE_GET_CLASS(qdev_get_machine())->family, "pc_piix") &&
+diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
+index 81555d8774..056f5e12cf 100644
+--- a/hw/vfio/pci.h
++++ b/hw/vfio/pci.h
+@@ -204,6 +204,11 @@ static inline bool vfio_is_vga(VFIOPCIDevice *vdev)
+ return (vdev->class_code >> 8) == PCI_CLASS_DISPLAY_VGA;
+ }
+
++static inline bool vfio_is_base_display(VFIOPCIDevice *vdev)
++{
++ return (vdev->class_code >> 16) == PCI_BASE_CLASS_DISPLAY;
++}
++
+ /* MSI/MSI-X/INTx */
+ void vfio_pci_vector_init(VFIOPCIDevice *vdev, int nr);
+ void vfio_pci_add_kvm_msi_virq(VFIOPCIDevice *vdev, VFIOMSIVector *vector,
+--
+2.52.0
+
diff --git a/kvm-vfio-igd.c-use-QOM-casts-where-appropriate.patch b/kvm-vfio-igd.c-use-QOM-casts-where-appropriate.patch
new file mode 100644
index 0000000..6a3d554
--- /dev/null
+++ b/kvm-vfio-igd.c-use-QOM-casts-where-appropriate.patch
@@ -0,0 +1,174 @@
+From b3f25aaf0931d1fdf746e22887af9d0305f0e04b Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:59 +0100
+Subject: [PATCH 045/116] vfio/igd.c: use QOM casts where appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [29/100] f6dc005b45e6581e8c2bbfa4db39e5d00e7bd98c (rovick1/qemu-kvm)
+
+Use QOM casts to convert between VFIOPCIDevice and PCIDevice instead of
+accessing pdev directly.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Tomita Moeko <tomitamoeko@gmail.com>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-20-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 8d3776dd6d8740fb7c91c7c1c25b60fc7edfd19c)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/igd.c | 38 +++++++++++++++++++++-----------------
+ 1 file changed, 21 insertions(+), 17 deletions(-)
+
+diff --git a/hw/vfio/igd.c b/hw/vfio/igd.c
+index f116c40ccd..4bfa2e0fcd 100644
+--- a/hw/vfio/igd.c
++++ b/hw/vfio/igd.c
+@@ -200,7 +200,7 @@ static bool vfio_pci_igd_opregion_detect(VFIOPCIDevice *vdev,
+ }
+
+ /* Hotplugging is not supported for opregion access */
+- if (vdev->pdev.qdev.hotplugged) {
++ if (DEVICE(vdev)->hotplugged) {
+ warn_report("IGD device detected, but OpRegion is not supported "
+ "on hotplugged device.");
+ return false;
+@@ -260,11 +260,12 @@ static int vfio_pci_igd_copy(VFIOPCIDevice *vdev, PCIDevice *pdev,
+ static int vfio_pci_igd_host_init(VFIOPCIDevice *vdev,
+ struct vfio_region_info *info)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ PCIBus *bus;
+ PCIDevice *host_bridge;
+ int ret;
+
+- bus = pci_device_root_bus(&vdev->pdev);
++ bus = pci_device_root_bus(pdev);
+ host_bridge = pci_find_device(bus, 0, PCI_DEVFN(0, 0));
+
+ if (!host_bridge) {
+@@ -327,13 +328,14 @@ type_init(vfio_pci_igd_register_types)
+ static int vfio_pci_igd_lpc_init(VFIOPCIDevice *vdev,
+ struct vfio_region_info *info)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ PCIDevice *lpc_bridge;
+ int ret;
+
+- lpc_bridge = pci_find_device(pci_device_root_bus(&vdev->pdev),
++ lpc_bridge = pci_find_device(pci_device_root_bus(pdev),
+ 0, PCI_DEVFN(0x1f, 0));
+ if (!lpc_bridge) {
+- lpc_bridge = pci_create_simple(pci_device_root_bus(&vdev->pdev),
++ lpc_bridge = pci_create_simple(pci_device_root_bus(pdev),
+ PCI_DEVFN(0x1f, 0), "vfio-pci-igd-lpc-bridge");
+ }
+
+@@ -350,13 +352,14 @@ static bool vfio_pci_igd_setup_lpc_bridge(VFIOPCIDevice *vdev, Error **errp)
+ {
+ struct vfio_region_info *host = NULL;
+ struct vfio_region_info *lpc = NULL;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ PCIDevice *lpc_bridge;
+ int ret;
+
+ /*
+ * Copying IDs or creating new devices are not supported on hotplug
+ */
+- if (vdev->pdev.qdev.hotplugged) {
++ if (DEVICE(vdev)->hotplugged) {
+ error_setg(errp, "IGD LPC is not supported on hotplugged device");
+ return false;
+ }
+@@ -366,7 +369,7 @@ static bool vfio_pci_igd_setup_lpc_bridge(VFIOPCIDevice *vdev, Error **errp)
+ * can stuff host values into, so if there's already one there and it's not
+ * one we can hack on, this quirk is no-go. Sorry Q35.
+ */
+- lpc_bridge = pci_find_device(pci_device_root_bus(&vdev->pdev),
++ lpc_bridge = pci_find_device(pci_device_root_bus(pdev),
+ 0, PCI_DEVFN(0x1f, 0));
+ if (lpc_bridge && !object_dynamic_cast(OBJECT(lpc_bridge),
+ "vfio-pci-igd-lpc-bridge")) {
+@@ -510,6 +513,7 @@ void vfio_probe_igd_bar0_quirk(VFIOPCIDevice *vdev, int nr)
+ static bool vfio_pci_igd_config_quirk(VFIOPCIDevice *vdev, Error **errp)
+ {
+ struct vfio_region_info *opregion = NULL;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ int ret, gen;
+ uint64_t gms_size = 0;
+ uint64_t *bdsm_size;
+@@ -529,7 +533,7 @@ static bool vfio_pci_igd_config_quirk(VFIOPCIDevice *vdev, Error **errp)
+ info_report("OpRegion detected on Intel display %x.", vdev->device_id);
+
+ gen = igd_gen(vdev);
+- gmch = vfio_pci_read_config(&vdev->pdev, IGD_GMCH, 4);
++ gmch = vfio_pci_read_config(pdev, IGD_GMCH, 4);
+
+ /*
+ * For backward compatibility, enable legacy mode when
+@@ -544,7 +548,7 @@ static bool vfio_pci_igd_config_quirk(VFIOPCIDevice *vdev, Error **errp)
+ (gen >= 6 && gen <= 9) &&
+ !(gmch & IGD_GMCH_VGA_DISABLE) &&
+ !strcmp(MACHINE_GET_CLASS(qdev_get_machine())->family, "pc_piix") &&
+- (&vdev->pdev == pci_find_device(pci_device_root_bus(&vdev->pdev),
++ (pdev == pci_find_device(pci_device_root_bus(pdev),
+ 0, PCI_DEVFN(0x2, 0)))) {
+ /*
+ * IGD legacy mode requires:
+@@ -566,7 +570,7 @@ static bool vfio_pci_igd_config_quirk(VFIOPCIDevice *vdev, Error **errp)
+ */
+ ret = vfio_device_get_region_info(&vdev->vbasedev,
+ VFIO_PCI_ROM_REGION_INDEX, &rom);
+- if ((ret || !rom->size) && !vdev->pdev.romfile) {
++ if ((ret || !rom->size) && !pdev->romfile) {
+ error_setg(&err, "Device has no ROM");
+ goto error;
+ }
+@@ -611,8 +615,8 @@ static bool vfio_pci_igd_config_quirk(VFIOPCIDevice *vdev, Error **errp)
+ * ASLS (OpRegion address) is read-only, emulated
+ * It contains HPA, guest firmware need to reprogram it with GPA.
+ */
+- pci_set_long(vdev->pdev.config + IGD_ASLS, 0);
+- pci_set_long(vdev->pdev.wmask + IGD_ASLS, ~0);
++ pci_set_long(pdev->config + IGD_ASLS, 0);
++ pci_set_long(pdev->wmask + IGD_ASLS, ~0);
+ pci_set_long(vdev->emulated_config_bits + IGD_ASLS, ~0);
+
+ /*
+@@ -626,8 +630,8 @@ static bool vfio_pci_igd_config_quirk(VFIOPCIDevice *vdev, Error **errp)
+ }
+
+ /* GMCH is read-only, emulated */
+- pci_set_long(vdev->pdev.config + IGD_GMCH, gmch);
+- pci_set_long(vdev->pdev.wmask + IGD_GMCH, 0);
++ pci_set_long(pdev->config + IGD_GMCH, gmch);
++ pci_set_long(pdev->wmask + IGD_GMCH, 0);
+ pci_set_long(vdev->emulated_config_bits + IGD_GMCH, ~0);
+ }
+
+@@ -636,12 +640,12 @@ static bool vfio_pci_igd_config_quirk(VFIOPCIDevice *vdev, Error **errp)
+
+ /* BDSM is read-write, emulated. BIOS needs to be able to write it */
+ if (gen < 11) {
+- pci_set_long(vdev->pdev.config + IGD_BDSM, 0);
+- pci_set_long(vdev->pdev.wmask + IGD_BDSM, ~0);
++ pci_set_long(pdev->config + IGD_BDSM, 0);
++ pci_set_long(pdev->wmask + IGD_BDSM, ~0);
+ pci_set_long(vdev->emulated_config_bits + IGD_BDSM, ~0);
+ } else {
+- pci_set_quad(vdev->pdev.config + IGD_BDSM_GEN11, 0);
+- pci_set_quad(vdev->pdev.wmask + IGD_BDSM_GEN11, ~0);
++ pci_set_quad(pdev->config + IGD_BDSM_GEN11, 0);
++ pci_set_quad(pdev->wmask + IGD_BDSM_GEN11, ~0);
+ pci_set_quad(vdev->emulated_config_bits + IGD_BDSM_GEN11, ~0);
+ }
+ }
+--
+2.52.0
+
diff --git a/kvm-vfio-iommufd-Restore-vbasedev-s-reference-to-hwpt-af.patch b/kvm-vfio-iommufd-Restore-vbasedev-s-reference-to-hwpt-af.patch
new file mode 100644
index 0000000..e22ee35
--- /dev/null
+++ b/kvm-vfio-iommufd-Restore-vbasedev-s-reference-to-hwpt-af.patch
@@ -0,0 +1,52 @@
+From 2e59058caf20c55428f60d01958cdcb3e24e214c Mon Sep 17 00:00:00 2001
+From: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Date: Sun, 28 Sep 2025 04:54:30 -0400
+Subject: [PATCH 101/116] vfio/iommufd: Restore vbasedev's reference to hwpt
+ after CPR transfer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [85/100] bee86cff29b04fee93669e35482a362d70198d82 (rovick1/qemu-kvm)
+
+After CPR transfer, if there are more than one VFIO devices, device is
+not added to hwpt->device_list and its reference to hwpt isn't restored
+on destination. We still need to call iommufd_cdev_attach_container() to
+restore it after a matching container is found, or else SIGSEV triggers.
+
+Fixes: 4296ee07455e ("vfio/iommufd: reconstruct device")
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Reviewed-by: Steve Sistare <steven.sistare@oracle.com>
+Link: https://lore.kernel.org/qemu-devel/20250928085432.40107-5-zhenzhong.duan@intel.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 8bf49fff0dfbb065ad65daa48d2e1a63ad2fd552)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/iommufd.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
+index 3b0288f416..ce10371818 100644
+--- a/hw/vfio/iommufd.c
++++ b/hw/vfio/iommufd.c
+@@ -560,10 +560,9 @@ static bool iommufd_cdev_attach(const char *name, VFIODevice *vbasedev,
+ continue;
+ }
+
+- if (!cpr_is_incoming()) {
++ if (!cpr_is_incoming() ||
++ (vbasedev->cpr.ioas_id == container->ioas_id)) {
+ res = iommufd_cdev_attach_container(vbasedev, container, &err);
+- } else if (vbasedev->cpr.ioas_id == container->ioas_id) {
+- res = true;
+ } else {
+ continue;
+ }
+--
+2.52.0
+
diff --git a/kvm-vfio-iommufd-Set-cpr.ioas_id-on-source-side-for-CPR-.patch b/kvm-vfio-iommufd-Set-cpr.ioas_id-on-source-side-for-CPR-.patch
new file mode 100644
index 0000000..58f39d3
--- /dev/null
+++ b/kvm-vfio-iommufd-Set-cpr.ioas_id-on-source-side-for-CPR-.patch
@@ -0,0 +1,56 @@
+From 663f00467aa4f1a081005dc0460b3d170aaa9693 Mon Sep 17 00:00:00 2001
+From: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Date: Sun, 28 Sep 2025 04:54:29 -0400
+Subject: [PATCH 100/116] vfio/iommufd: Set cpr.ioas_id on source side for CPR
+ transfer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [84/100] c3e02d9b858065fe04b730f23b4f95363148371f (rovick1/qemu-kvm)
+
+On source side, if there are more than one VFIO devices and they
+attach to same container, only the first device sets cpr.ioas_id,
+the others are bypassed. We should set it for each device, or
+else only first device works.
+
+Fixes: 4296ee07455e ("vfio/iommufd: reconstruct device")
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Reviewed-by: Steve Sistare <steven.sistare@oracle.com>
+Link: https://lore.kernel.org/qemu-devel/20250928085432.40107-4-zhenzhong.duan@intel.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit d59db04aed750ba4fc56f79cae99814334ec8285)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/iommufd.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
+index 10fc065d20..3b0288f416 100644
+--- a/hw/vfio/iommufd.c
++++ b/hw/vfio/iommufd.c
+@@ -602,7 +602,6 @@ skip_ioas_alloc:
+ container->be = vbasedev->iommufd;
+ container->ioas_id = ioas_id;
+ QLIST_INIT(&container->hwpt_list);
+- vbasedev->cpr.ioas_id = ioas_id;
+
+ bcontainer = VFIO_IOMMU(container);
+ vfio_address_space_insert(space, bcontainer);
+@@ -636,6 +635,8 @@ skip_ioas_alloc:
+ bcontainer->initialized = true;
+
+ found_container:
++ vbasedev->cpr.ioas_id = container->ioas_id;
++
+ ret = ioctl(devfd, VFIO_DEVICE_GET_INFO, &dev_info);
+ if (ret) {
+ error_setg_errno(errp, errno, "error getting device info");
+--
+2.52.0
+
diff --git a/kvm-vfio-iommufd-Support-unmap-all-in-one-ioctl.patch b/kvm-vfio-iommufd-Support-unmap-all-in-one-ioctl.patch
new file mode 100644
index 0000000..4d107d2
--- /dev/null
+++ b/kvm-vfio-iommufd-Support-unmap-all-in-one-ioctl.patch
@@ -0,0 +1,59 @@
+From cf9a245a831df3b807926c544b593675363a956f Mon Sep 17 00:00:00 2001
+From: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Date: Thu, 9 Oct 2025 00:01:33 -0400
+Subject: [PATCH 103/116] vfio/iommufd: Support unmap all in one ioctl()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [87/100] aa45e281f3de07944c441b6096b73c54f3e45b97 (rovick1/qemu-kvm)
+
+IOMMUFD kernel uAPI supports unmapping whole address space in one call with
+[iova, size] set to [0, UINT64_MAX], this can simplify iommufd_cdev_unmap()
+a bit. See iommufd_ioas_unmap() in kernel for details.
+
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20251009040134.334251-3-zhenzhong.duan@intel.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit b30823e5619ed5658d33e43abe1308195edb3e8b)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/iommufd.c | 15 +--------------
+ 1 file changed, 1 insertion(+), 14 deletions(-)
+
+diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
+index ce10371818..bb5775aa71 100644
+--- a/hw/vfio/iommufd.c
++++ b/hw/vfio/iommufd.c
+@@ -62,21 +62,8 @@ static int iommufd_cdev_unmap(const VFIOContainer *bcontainer,
+ {
+ const VFIOIOMMUFDContainer *container = VFIO_IOMMU_IOMMUFD(bcontainer);
+
+- /* unmap in halves */
+ if (unmap_all) {
+- Int128 llsize = int128_rshift(int128_2_64(), 1);
+- int ret;
+-
+- ret = iommufd_backend_unmap_dma(container->be, container->ioas_id,
+- 0, int128_get64(llsize));
+-
+- if (ret == 0) {
+- ret = iommufd_backend_unmap_dma(container->be, container->ioas_id,
+- int128_get64(llsize),
+- int128_get64(llsize));
+- }
+-
+- return ret;
++ size = UINT64_MAX;
+ }
+
+ /* TODO: Handle dma_unmap_bitmap with iotlb args (migration) */
+--
+2.52.0
+
diff --git a/kvm-vfio-iommufd.c-use-QOM-casts-where-appropriate.patch b/kvm-vfio-iommufd.c-use-QOM-casts-where-appropriate.patch
new file mode 100644
index 0000000..f64afa6
--- /dev/null
+++ b/kvm-vfio-iommufd.c-use-QOM-casts-where-appropriate.patch
@@ -0,0 +1,154 @@
+From e98b1125a4bfaf936715b633c886ff90c19fdf8e Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:15 +0100
+Subject: [PATCH 057/116] vfio/iommufd.c: use QOM casts where appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [41/100] 3c8cf0152b35812f417df304657aa7b7bb3492fd (rovick1/qemu-kvm)
+
+Use QOM casts to convert between VFIOIOMMUFDContainer and VFIOContainer instead
+of accessing bcontainer directly.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-8-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit cc5b394291f428a04ff7a622573c02560b183797)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/iommufd.c | 34 ++++++++++++++--------------------
+ 1 file changed, 14 insertions(+), 20 deletions(-)
+
+diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
+index 2ebd87ec8f..76f0806ec0 100644
+--- a/hw/vfio/iommufd.c
++++ b/hw/vfio/iommufd.c
+@@ -38,8 +38,7 @@ static int iommufd_cdev_map(const VFIOContainer *bcontainer, hwaddr iova,
+ ram_addr_t size, void *vaddr, bool readonly,
+ MemoryRegion *mr)
+ {
+- const VFIOIOMMUFDContainer *container =
+- container_of(bcontainer, VFIOIOMMUFDContainer, bcontainer);
++ const VFIOIOMMUFDContainer *container = VFIO_IOMMU_IOMMUFD(bcontainer);
+
+ return iommufd_backend_map_dma(container->be,
+ container->ioas_id,
+@@ -50,8 +49,7 @@ static int iommufd_cdev_map_file(const VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ int fd, unsigned long start, bool readonly)
+ {
+- const VFIOIOMMUFDContainer *container =
+- container_of(bcontainer, VFIOIOMMUFDContainer, bcontainer);
++ const VFIOIOMMUFDContainer *container = VFIO_IOMMU_IOMMUFD(bcontainer);
+
+ return iommufd_backend_map_file_dma(container->be,
+ container->ioas_id,
+@@ -62,8 +60,7 @@ static int iommufd_cdev_unmap(const VFIOContainer *bcontainer,
+ hwaddr iova, ram_addr_t size,
+ IOMMUTLBEntry *iotlb, bool unmap_all)
+ {
+- const VFIOIOMMUFDContainer *container =
+- container_of(bcontainer, VFIOIOMMUFDContainer, bcontainer);
++ const VFIOIOMMUFDContainer *container = VFIO_IOMMU_IOMMUFD(bcontainer);
+
+ /* unmap in halves */
+ if (unmap_all) {
+@@ -162,8 +159,7 @@ static bool iommufd_hwpt_dirty_tracking(VFIOIOASHwpt *hwpt)
+ static int iommufd_set_dirty_page_tracking(const VFIOContainer *bcontainer,
+ bool start, Error **errp)
+ {
+- const VFIOIOMMUFDContainer *container =
+- container_of(bcontainer, VFIOIOMMUFDContainer, bcontainer);
++ const VFIOIOMMUFDContainer *container = VFIO_IOMMU_IOMMUFD(bcontainer);
+ VFIOIOASHwpt *hwpt;
+
+ QLIST_FOREACH(hwpt, &container->hwpt_list, next) {
+@@ -194,9 +190,7 @@ static int iommufd_query_dirty_bitmap(const VFIOContainer *bcontainer,
+ VFIOBitmap *vbmap, hwaddr iova,
+ hwaddr size, Error **errp)
+ {
+- VFIOIOMMUFDContainer *container = container_of(bcontainer,
+- VFIOIOMMUFDContainer,
+- bcontainer);
++ VFIOIOMMUFDContainer *container = VFIO_IOMMU_IOMMUFD(bcontainer);
+ unsigned long page_size = qemu_real_host_page_size();
+ VFIOIOASHwpt *hwpt;
+
+@@ -324,6 +318,7 @@ static bool iommufd_cdev_autodomains_get(VFIODevice *vbasedev,
+ {
+ ERRP_GUARD();
+ IOMMUFDBackend *iommufd = vbasedev->iommufd;
++ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+ uint32_t type, flags = 0;
+ uint64_t hw_caps;
+ VFIOIOASHwpt *hwpt;
+@@ -408,9 +403,9 @@ skip_alloc:
+ vbasedev->iommu_dirty_tracking = iommufd_hwpt_dirty_tracking(hwpt);
+ QLIST_INSERT_HEAD(&hwpt->device_list, vbasedev, hwpt_next);
+ QLIST_INSERT_HEAD(&container->hwpt_list, hwpt, next);
+- container->bcontainer.dirty_pages_supported |=
++ bcontainer->dirty_pages_supported |=
+ vbasedev->iommu_dirty_tracking;
+- if (container->bcontainer.dirty_pages_supported &&
++ if (bcontainer->dirty_pages_supported &&
+ !vbasedev->iommu_dirty_tracking) {
+ warn_report("IOMMU instance for device %s doesn't support dirty tracking",
+ vbasedev->name);
+@@ -464,7 +459,7 @@ static void iommufd_cdev_detach_container(VFIODevice *vbasedev,
+
+ static void iommufd_cdev_container_destroy(VFIOIOMMUFDContainer *container)
+ {
+- VFIOContainer *bcontainer = &container->bcontainer;
++ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+
+ if (!QLIST_EMPTY(&bcontainer->device_list)) {
+ return;
+@@ -486,7 +481,7 @@ static int iommufd_cdev_ram_block_discard_disable(bool state)
+ static bool iommufd_cdev_get_info_iova_range(VFIOIOMMUFDContainer *container,
+ uint32_t ioas_id, Error **errp)
+ {
+- VFIOContainer *bcontainer = &container->bcontainer;
++ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+ g_autofree struct iommu_ioas_iova_ranges *info = NULL;
+ struct iommu_iova_range *iova_ranges;
+ int sz, fd = container->be->fd;
+@@ -559,7 +554,7 @@ static bool iommufd_cdev_attach(const char *name, VFIODevice *vbasedev,
+
+ /* try to attach to an existing container in this space */
+ QLIST_FOREACH(bcontainer, &space->containers, next) {
+- container = container_of(bcontainer, VFIOIOMMUFDContainer, bcontainer);
++ container = VFIO_IOMMU_IOMMUFD(bcontainer);
+ if (VFIO_IOMMU_GET_CLASS(bcontainer) != iommufd_vioc ||
+ vbasedev->iommufd != container->be) {
+ continue;
+@@ -609,7 +604,7 @@ skip_ioas_alloc:
+ QLIST_INIT(&container->hwpt_list);
+ vbasedev->cpr.ioas_id = ioas_id;
+
+- bcontainer = &container->bcontainer;
++ bcontainer = VFIO_IOMMU(container);
+ vfio_address_space_insert(space, bcontainer);
+
+ if (!iommufd_cdev_attach_container(vbasedev, container, errp)) {
+@@ -690,9 +685,8 @@ static void iommufd_cdev_detach(VFIODevice *vbasedev)
+ {
+ VFIOContainer *bcontainer = vbasedev->bcontainer;
+ VFIOAddressSpace *space = bcontainer->space;
+- VFIOIOMMUFDContainer *container = container_of(bcontainer,
+- VFIOIOMMUFDContainer,
+- bcontainer);
++ VFIOIOMMUFDContainer *container = VFIO_IOMMU_IOMMUFD(bcontainer);
++
+ vfio_device_unprepare(vbasedev);
+
+ if (!vbasedev->ram_block_discard_allowed) {
+--
+2.52.0
+
diff --git a/kvm-vfio-listener-Add-an-assertion-for-unmap_all.patch b/kvm-vfio-listener-Add-an-assertion-for-unmap_all.patch
new file mode 100644
index 0000000..8148675
--- /dev/null
+++ b/kvm-vfio-listener-Add-an-assertion-for-unmap_all.patch
@@ -0,0 +1,45 @@
+From d02f661a6864f285860c96012cb91483aedc6ddd Mon Sep 17 00:00:00 2001
+From: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Date: Thu, 9 Oct 2025 00:01:34 -0400
+Subject: [PATCH 104/116] vfio/listener: Add an assertion for unmap_all
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [88/100] 4ad8a0942a3c5bca0dfb7419bf0d6286a76b4216 (rovick1/qemu-kvm)
+
+Currently the maximum of iommu address space is 64bit. So when a maximum
+iommu memory section is deleted, it's in scope [0, 2^64). Add a
+assertion for that.
+
+Suggested-by: Cédric Le Goater <clg@redhat.com>
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20251009040134.334251-4-zhenzhong.duan@intel.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 271fec6f18492630df2e1b4599ba2de6eb1d0668)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/listener.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/vfio/listener.c b/hw/vfio/listener.c
+index df42bc58e7..27174bf87c 100644
+--- a/hw/vfio/listener.c
++++ b/hw/vfio/listener.c
+@@ -716,6 +716,7 @@ static void vfio_listener_region_del(MemoryListener *listener,
+ bool unmap_all = false;
+
+ if (int128_eq(llsize, int128_2_64())) {
++ assert(!iova);
+ unmap_all = true;
+ llsize = int128_zero();
+ }
+--
+2.52.0
+
diff --git a/kvm-vfio-pci-Do-not-unparent-in-instance_finalize.patch b/kvm-vfio-pci-Do-not-unparent-in-instance_finalize.patch
new file mode 100644
index 0000000..9cd9ee3
--- /dev/null
+++ b/kvm-vfio-pci-Do-not-unparent-in-instance_finalize.patch
@@ -0,0 +1,58 @@
+From ae6cdc32fc4262e3b0aed7d41ec26238888c4b63 Mon Sep 17 00:00:00 2001
+From: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
+Date: Wed, 24 Sep 2025 13:37:21 +0900
+Subject: [PATCH 049/116] vfio/pci: Do not unparent in instance_finalize()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [33/100] a481bd02b386af864a7f3005b05198bb76812a8f (rovick1/qemu-kvm)
+
+Children are automatically unparented so manually unparenting is
+unnecessary.
+
+Worse, automatic unparenting happens before the insntance_finalize()
+callback of the parent gets called, so object_unparent() calls in
+the callback will refer to objects that are already unparented, which
+is semantically incorrect.
+
+Signed-off-by: Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+Link: https://lore.kernel.org/r/20250924-use-v4-2-07c6c598f53d@rsg.ci.i.u-tokyo.ac.jp
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit e3ed862cabce6d8a12300b941243cb44e9cd40d1)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index d9cdd90ea5..38ea58020d 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -2028,7 +2028,6 @@ static void vfio_bars_finalize(VFIOPCIDevice *vdev)
+ vfio_region_finalize(&bar->region);
+ if (bar->mr) {
+ assert(bar->size);
+- object_unparent(OBJECT(bar->mr));
+ g_free(bar->mr);
+ bar->mr = NULL;
+ }
+@@ -2036,9 +2035,6 @@ static void vfio_bars_finalize(VFIOPCIDevice *vdev)
+
+ if (vdev->vga) {
+ vfio_vga_quirk_finalize(vdev);
+- for (i = 0; i < ARRAY_SIZE(vdev->vga->region); i++) {
+- object_unparent(OBJECT(&vdev->vga->region[i].mem));
+- }
+ g_free(vdev->vga);
+ }
+ }
+--
+2.52.0
+
diff --git a/kvm-vfio-pci-quirks.c-use-QOM-casts-where-appropriate.patch b/kvm-vfio-pci-quirks.c-use-QOM-casts-where-appropriate.patch
new file mode 100644
index 0000000..dc12ca2
--- /dev/null
+++ b/kvm-vfio-pci-quirks.c-use-QOM-casts-where-appropriate.patch
@@ -0,0 +1,237 @@
+From 32a31d04b92fbb5b66bf5b9b15dc74cec5785dbc Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:57 +0100
+Subject: [PATCH 043/116] vfio/pci-quirks.c: use QOM casts where appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [27/100] c2d0e48ad7378c49be7d0d298cae6cc11298831b (rovick1/qemu-kvm)
+
+Use QOM casts to convert between VFIOPCIDevice and PCIDevice instead of
+accessing pdev directly.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-18-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 31bfd70ef02045692d04bf53461399d3b81c0ea3)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci-quirks.c | 48 ++++++++++++++++++++++++++------------------
+ 1 file changed, 29 insertions(+), 19 deletions(-)
+
+diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
+index 3f002252ac..c97606dbf1 100644
+--- a/hw/vfio/pci-quirks.c
++++ b/hw/vfio/pci-quirks.c
+@@ -113,6 +113,7 @@ static uint64_t vfio_generic_window_quirk_data_read(void *opaque,
+ {
+ VFIOConfigWindowQuirk *window = opaque;
+ VFIOPCIDevice *vdev = window->vdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ uint64_t data;
+
+ /* Always read data reg, discard if window enabled */
+@@ -120,7 +121,7 @@ static uint64_t vfio_generic_window_quirk_data_read(void *opaque,
+ addr + window->data_offset, size);
+
+ if (window->window_enabled) {
+- data = vfio_pci_read_config(&vdev->pdev, window->address_val, size);
++ data = vfio_pci_read_config(pdev, window->address_val, size);
+ trace_vfio_quirk_generic_window_data_read(vdev->vbasedev.name,
+ memory_region_name(window->data_mem), data);
+ }
+@@ -133,9 +134,10 @@ static void vfio_generic_window_quirk_data_write(void *opaque, hwaddr addr,
+ {
+ VFIOConfigWindowQuirk *window = opaque;
+ VFIOPCIDevice *vdev = window->vdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+
+ if (window->window_enabled) {
+- vfio_pci_write_config(&vdev->pdev, window->address_val, data, size);
++ vfio_pci_write_config(pdev, window->address_val, data, size);
+ trace_vfio_quirk_generic_window_data_write(vdev->vbasedev.name,
+ memory_region_name(window->data_mem), data);
+ return;
+@@ -156,6 +158,7 @@ static uint64_t vfio_generic_quirk_mirror_read(void *opaque,
+ {
+ VFIOConfigMirrorQuirk *mirror = opaque;
+ VFIOPCIDevice *vdev = mirror->vdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ uint64_t data;
+
+ /* Read and discard in case the hardware cares */
+@@ -163,7 +166,7 @@ static uint64_t vfio_generic_quirk_mirror_read(void *opaque,
+ addr + mirror->offset, size);
+
+ addr += mirror->config_offset;
+- data = vfio_pci_read_config(&vdev->pdev, addr, size);
++ data = vfio_pci_read_config(pdev, addr, size);
+ trace_vfio_quirk_generic_mirror_read(vdev->vbasedev.name,
+ memory_region_name(mirror->mem),
+ addr, data);
+@@ -175,9 +178,10 @@ static void vfio_generic_quirk_mirror_write(void *opaque, hwaddr addr,
+ {
+ VFIOConfigMirrorQuirk *mirror = opaque;
+ VFIOPCIDevice *vdev = mirror->vdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+
+ addr += mirror->config_offset;
+- vfio_pci_write_config(&vdev->pdev, addr, data, size);
++ vfio_pci_write_config(pdev, addr, data, size);
+ trace_vfio_quirk_generic_mirror_write(vdev->vbasedev.name,
+ memory_region_name(mirror->mem),
+ addr, data);
+@@ -211,7 +215,8 @@ static uint64_t vfio_ati_3c3_quirk_read(void *opaque,
+ hwaddr addr, unsigned size)
+ {
+ VFIOPCIDevice *vdev = opaque;
+- uint64_t data = vfio_pci_read_config(&vdev->pdev,
++ PCIDevice *pdev = PCI_DEVICE(vdev);
++ uint64_t data = vfio_pci_read_config(pdev,
+ PCI_BASE_ADDRESS_4 + 1, size);
+
+ trace_vfio_quirk_ati_3c3_read(vdev->vbasedev.name, data);
+@@ -563,6 +568,7 @@ static uint64_t vfio_nvidia_3d0_quirk_read(void *opaque,
+ {
+ VFIONvidia3d0Quirk *quirk = opaque;
+ VFIOPCIDevice *vdev = quirk->vdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ VFIONvidia3d0State old_state = quirk->state;
+ uint64_t data = vfio_vga_read(&vdev->vga->region[QEMU_PCI_VGA_IO_HI],
+ addr + 0x10, size);
+@@ -573,7 +579,7 @@ static uint64_t vfio_nvidia_3d0_quirk_read(void *opaque,
+ (quirk->offset & ~(PCI_CONFIG_SPACE_SIZE - 1)) == 0x1800) {
+ uint8_t offset = quirk->offset & (PCI_CONFIG_SPACE_SIZE - 1);
+
+- data = vfio_pci_read_config(&vdev->pdev, offset, size);
++ data = vfio_pci_read_config(pdev, offset, size);
+ trace_vfio_quirk_nvidia_3d0_read(vdev->vbasedev.name,
+ offset, size, data);
+ }
+@@ -586,6 +592,7 @@ static void vfio_nvidia_3d0_quirk_write(void *opaque, hwaddr addr,
+ {
+ VFIONvidia3d0Quirk *quirk = opaque;
+ VFIOPCIDevice *vdev = quirk->vdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ VFIONvidia3d0State old_state = quirk->state;
+
+ quirk->state = NONE;
+@@ -599,7 +606,7 @@ static void vfio_nvidia_3d0_quirk_write(void *opaque, hwaddr addr,
+ if ((quirk->offset & ~(PCI_CONFIG_SPACE_SIZE - 1)) == 0x1800) {
+ uint8_t offset = quirk->offset & (PCI_CONFIG_SPACE_SIZE - 1);
+
+- vfio_pci_write_config(&vdev->pdev, offset, data, size);
++ vfio_pci_write_config(pdev, offset, data, size);
+ trace_vfio_quirk_nvidia_3d0_write(vdev->vbasedev.name,
+ offset, data, size);
+ return;
+@@ -815,7 +822,7 @@ static void vfio_nvidia_quirk_mirror_write(void *opaque, hwaddr addr,
+ {
+ VFIOConfigMirrorQuirk *mirror = opaque;
+ VFIOPCIDevice *vdev = mirror->vdev;
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ LastDataSet *last = (LastDataSet *)&mirror->data;
+
+ vfio_generic_quirk_mirror_write(opaque, addr, data, size);
+@@ -1005,6 +1012,7 @@ static void vfio_rtl8168_quirk_address_write(void *opaque, hwaddr addr,
+ {
+ VFIOrtl8168Quirk *rtl = opaque;
+ VFIOPCIDevice *vdev = rtl->vdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+
+ rtl->enabled = false;
+
+@@ -1013,7 +1021,7 @@ static void vfio_rtl8168_quirk_address_write(void *opaque, hwaddr addr,
+ rtl->addr = (uint32_t)data;
+
+ if (data & 0x80000000U) { /* Do write */
+- if (vdev->pdev.cap_present & QEMU_PCI_CAP_MSIX) {
++ if (pdev->cap_present & QEMU_PCI_CAP_MSIX) {
+ hwaddr offset = data & 0xfff;
+ uint64_t val = rtl->data;
+
+@@ -1021,7 +1029,7 @@ static void vfio_rtl8168_quirk_address_write(void *opaque, hwaddr addr,
+ (uint16_t)offset, val);
+
+ /* Write to the proper guest MSI-X table instead */
+- memory_region_dispatch_write(&vdev->pdev.msix_table_mmio,
++ memory_region_dispatch_write(&pdev->msix_table_mmio,
+ offset, val,
+ size_memop(size) | MO_LE,
+ MEMTXATTRS_UNSPECIFIED);
+@@ -1049,11 +1057,12 @@ static uint64_t vfio_rtl8168_quirk_data_read(void *opaque,
+ {
+ VFIOrtl8168Quirk *rtl = opaque;
+ VFIOPCIDevice *vdev = rtl->vdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ uint64_t data = vfio_region_read(&vdev->bars[2].region, addr + 0x70, size);
+
+- if (rtl->enabled && (vdev->pdev.cap_present & QEMU_PCI_CAP_MSIX)) {
++ if (rtl->enabled && (pdev->cap_present & QEMU_PCI_CAP_MSIX)) {
+ hwaddr offset = rtl->addr & 0xfff;
+- memory_region_dispatch_read(&vdev->pdev.msix_table_mmio, offset,
++ memory_region_dispatch_read(&pdev->msix_table_mmio, offset,
+ &data, size_memop(size) | MO_LE,
+ MEMTXATTRS_UNSPECIFIED);
+ trace_vfio_quirk_rtl8168_msix_read(vdev->vbasedev.name, offset, data);
+@@ -1297,7 +1306,7 @@ static void vfio_radeon_set_gfx_only_reset(VFIOPCIDevice *vdev)
+
+ static int vfio_radeon_reset(VFIOPCIDevice *vdev)
+ {
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ int i, ret = 0;
+ uint32_t data;
+
+@@ -1454,7 +1463,7 @@ static bool is_valid_std_cap_offset(uint8_t pos)
+ static bool vfio_add_nv_gpudirect_cap(VFIOPCIDevice *vdev, Error **errp)
+ {
+ ERRP_GUARD();
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ int ret, pos;
+ bool c8_conflict = false, d4_conflict = false;
+ uint8_t tmp;
+@@ -1547,6 +1556,7 @@ static bool vfio_add_nv_gpudirect_cap(VFIOPCIDevice *vdev, Error **errp)
+ static bool vfio_add_vmd_shadow_cap(VFIOPCIDevice *vdev, Error **errp)
+ {
+ ERRP_GUARD();
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ uint8_t membar_phys[16];
+ int ret, pos = 0xE8;
+
+@@ -1565,7 +1575,7 @@ static bool vfio_add_vmd_shadow_cap(VFIOPCIDevice *vdev, Error **errp)
+ return false;
+ }
+
+- ret = pci_add_capability(&vdev->pdev, PCI_CAP_ID_VNDR, pos,
++ ret = pci_add_capability(pdev, PCI_CAP_ID_VNDR, pos,
+ VMD_SHADOW_CAP_LEN, errp);
+ if (ret < 0) {
+ error_prepend(errp, "Failed to add VMD MEMBAR Shadow cap: ");
+@@ -1574,10 +1584,10 @@ static bool vfio_add_vmd_shadow_cap(VFIOPCIDevice *vdev, Error **errp)
+
+ memset(vdev->emulated_config_bits + pos, 0xFF, VMD_SHADOW_CAP_LEN);
+ pos += PCI_CAP_FLAGS;
+- pci_set_byte(vdev->pdev.config + pos++, VMD_SHADOW_CAP_LEN);
+- pci_set_byte(vdev->pdev.config + pos++, VMD_SHADOW_CAP_VER);
+- pci_set_long(vdev->pdev.config + pos, 0x53484457); /* SHDW */
+- memcpy(vdev->pdev.config + pos + 4, membar_phys, 16);
++ pci_set_byte(pdev->config + pos++, VMD_SHADOW_CAP_LEN);
++ pci_set_byte(pdev->config + pos++, VMD_SHADOW_CAP_VER);
++ pci_set_long(pdev->config + pos, 0x53484457); /* SHDW */
++ memcpy(pdev->config + pos + 4, membar_phys, 16);
+
+ return true;
+ }
+--
+2.52.0
+
diff --git a/kvm-vfio-pci.c-rename-vfio_instance_finalize-to-vfio_pci.patch b/kvm-vfio-pci.c-rename-vfio_instance_finalize-to-vfio_pci.patch
new file mode 100644
index 0000000..a5339d3
--- /dev/null
+++ b/kvm-vfio-pci.c-rename-vfio_instance_finalize-to-vfio_pci.patch
@@ -0,0 +1,54 @@
+From 76b658cd5329cd8aa367b7fc2b0ba6cd2a518eb4 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:21 +0100
+Subject: [PATCH 063/116] vfio/pci.c: rename vfio_instance_finalize() to
+ vfio_pci_finalize()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [47/100] 1d6a68586209f0528d266bfa4a258fe1d10d07f5 (rovick1/qemu-kvm)
+
+This is the more typical naming convention for QOM finalize() functions, in
+particular it changes the prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-14-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit e6fd80873a24883dc204d09f11c16e30c8cd1c37)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index 4002af0c54..d30f60c21a 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -3568,7 +3568,7 @@ error:
+ error_prepend(errp, VFIO_MSG_PREFIX, vbasedev->name);
+ }
+
+-static void vfio_instance_finalize(Object *obj)
++static void vfio_pci_finalize(Object *obj)
+ {
+ VFIOPCIDevice *vdev = VFIO_PCI_BASE(obj);
+
+@@ -3939,7 +3939,7 @@ static const TypeInfo vfio_pci_dev_info = {
+ .parent = TYPE_VFIO_PCI_BASE,
+ .class_init = vfio_pci_dev_class_init,
+ .instance_init = vfio_pci_init,
+- .instance_finalize = vfio_instance_finalize,
++ .instance_finalize = vfio_pci_finalize,
+ };
+
+ static const Property vfio_pci_dev_nohotplug_properties[] = {
+--
+2.52.0
+
diff --git a/kvm-vfio-pci.c-rename-vfio_instance_init-to-vfio_pci_ini.patch b/kvm-vfio-pci.c-rename-vfio_instance_init-to-vfio_pci_ini.patch
new file mode 100644
index 0000000..edcab10
--- /dev/null
+++ b/kvm-vfio-pci.c-rename-vfio_instance_init-to-vfio_pci_ini.patch
@@ -0,0 +1,54 @@
+From 2a903ed34fe1fc93a0e36b7c6dec27267257d1e4 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:20 +0100
+Subject: [PATCH 062/116] vfio/pci.c: rename vfio_instance_init() to
+ vfio_pci_init()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [46/100] 56772d0a87348b63c29291d72abf90e32f3a1201 (rovick1/qemu-kvm)
+
+This is the more typical naming convention for QOM init() functions, in
+particular it changes the prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-13-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit d5db50dd819142748e10e488a2288052ec0235fd)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index 38ea58020d..4002af0c54 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -3643,7 +3643,7 @@ post_reset:
+ vfio_pci_post_reset(vdev);
+ }
+
+-static void vfio_instance_init(Object *obj)
++static void vfio_pci_init(Object *obj)
+ {
+ PCIDevice *pci_dev = PCI_DEVICE(obj);
+ VFIOPCIDevice *vdev = VFIO_PCI_BASE(obj);
+@@ -3938,7 +3938,7 @@ static const TypeInfo vfio_pci_dev_info = {
+ .name = TYPE_VFIO_PCI,
+ .parent = TYPE_VFIO_PCI_BASE,
+ .class_init = vfio_pci_dev_class_init,
+- .instance_init = vfio_instance_init,
++ .instance_init = vfio_pci_init,
+ .instance_finalize = vfio_instance_finalize,
+ };
+
+--
+2.52.0
+
diff --git a/kvm-vfio-pci.c-rename-vfio_pci_base_dev_class_init-to-vf.patch b/kvm-vfio-pci.c-rename-vfio_pci_base_dev_class_init-to-vf.patch
new file mode 100644
index 0000000..bd4484a
--- /dev/null
+++ b/kvm-vfio-pci.c-rename-vfio_pci_base_dev_class_init-to-vf.patch
@@ -0,0 +1,53 @@
+From 7bc2dc6aeea3fc68757d816eba5b99f4735792c0 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:25 +0100
+Subject: [PATCH 068/116] vfio/pci.c: rename vfio_pci_base_dev_class_init() to
+ vfio_pci_device_class_init()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [52/100] df1c185ff24360560eadae0ca7f414de6c073d34 (rovick1/qemu-kvm)
+
+This changes the function prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-18-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 153273f2796a664b08120799f326c6319f640011)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index 937283bcc6..5380cf0c53 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -3674,7 +3674,7 @@ static void vfio_pci_init(Object *obj)
+ pci_dev->cap_present |= QEMU_PCI_SKIP_RESET_ON_CPR;
+ }
+
+-static void vfio_pci_base_dev_class_init(ObjectClass *klass, const void *data)
++static void vfio_pci_device_class_init(ObjectClass *klass, const void *data)
+ {
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *pdc = PCI_DEVICE_CLASS(klass);
+@@ -3691,7 +3691,7 @@ static const TypeInfo vfio_pci_base_dev_info = {
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(VFIOPCIDevice),
+ .abstract = true,
+- .class_init = vfio_pci_base_dev_class_init,
++ .class_init = vfio_pci_device_class_init,
+ .interfaces = (const InterfaceInfo[]) {
+ { INTERFACE_PCIE_DEVICE },
+ { INTERFACE_CONVENTIONAL_PCI_DEVICE },
+--
+2.52.0
+
diff --git a/kvm-vfio-pci.c-rename-vfio_pci_base_dev_info-to-vfio_pci.patch b/kvm-vfio-pci.c-rename-vfio_pci_base_dev_info-to-vfio_pci.patch
new file mode 100644
index 0000000..2225a33
--- /dev/null
+++ b/kvm-vfio-pci.c-rename-vfio_pci_base_dev_info-to-vfio_pci.patch
@@ -0,0 +1,53 @@
+From 40a277966e442e55e2ebfb21764709d35ba27519 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:26 +0100
+Subject: [PATCH 069/116] vfio/pci.c: rename vfio_pci_base_dev_info to
+ vfio_pci_device_info
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [53/100] 229bbd7ea6501e1defd957bd9cc9c2ad59ab7cb0 (rovick1/qemu-kvm)
+
+This changes the prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-19-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 596b158ffd727465fbeb9fff9a22b7ea7a341bc3)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index 5380cf0c53..9e96f7d306 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -3686,7 +3686,7 @@ static void vfio_pci_device_class_init(ObjectClass *klass, const void *data)
+ pdc->config_write = vfio_pci_write_config;
+ }
+
+-static const TypeInfo vfio_pci_base_dev_info = {
++static const TypeInfo vfio_pci_device_info = {
+ .name = TYPE_VFIO_PCI_DEVICE,
+ .parent = TYPE_PCI_DEVICE,
+ .instance_size = sizeof(VFIOPCIDevice),
+@@ -3991,7 +3991,7 @@ static void register_vfio_pci_dev_type(void)
+ vfio_pci_migration_multifd_transfer_prop = qdev_prop_on_off_auto;
+ vfio_pci_migration_multifd_transfer_prop.realized_set_allowed = true;
+
+- type_register_static(&vfio_pci_base_dev_info);
++ type_register_static(&vfio_pci_device_info);
+ type_register_static(&vfio_pci_info);
+ type_register_static(&vfio_pci_nohotplug_dev_info);
+ }
+--
+2.52.0
+
diff --git a/kvm-vfio-pci.c-rename-vfio_pci_dev_class_init-to-vfio_pc.patch b/kvm-vfio-pci.c-rename-vfio_pci_dev_class_init-to-vfio_pc.patch
new file mode 100644
index 0000000..238a072
--- /dev/null
+++ b/kvm-vfio-pci.c-rename-vfio_pci_dev_class_init-to-vfio_pc.patch
@@ -0,0 +1,53 @@
+From c0751ea51b4b91ae48f86e5a33715b7c458e0a68 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:22 +0100
+Subject: [PATCH 064/116] vfio/pci.c: rename vfio_pci_dev_class_init() to
+ vfio_pci_class_init()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [48/100] dc121b3bf306f7f933a2858eb264bfb89b07bf36 (rovick1/qemu-kvm)
+
+This changes the function prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-15-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 784fa15f02fc0adbf8897f5c3012652174cc7274)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index d30f60c21a..96a0d8b290 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -3785,7 +3785,7 @@ static void vfio_pci_set_fd(Object *obj, const char *str, Error **errp)
+ }
+ #endif
+
+-static void vfio_pci_dev_class_init(ObjectClass *klass, const void *data)
++static void vfio_pci_class_init(ObjectClass *klass, const void *data)
+ {
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *pdc = PCI_DEVICE_CLASS(klass);
+@@ -3937,7 +3937,7 @@ static void vfio_pci_dev_class_init(ObjectClass *klass, const void *data)
+ static const TypeInfo vfio_pci_dev_info = {
+ .name = TYPE_VFIO_PCI,
+ .parent = TYPE_VFIO_PCI_BASE,
+- .class_init = vfio_pci_dev_class_init,
++ .class_init = vfio_pci_class_init,
+ .instance_init = vfio_pci_init,
+ .instance_finalize = vfio_pci_finalize,
+ };
+--
+2.52.0
+
diff --git a/kvm-vfio-pci.c-rename-vfio_pci_dev_info-to-vfio_pci_info.patch b/kvm-vfio-pci.c-rename-vfio_pci_dev_info-to-vfio_pci_info.patch
new file mode 100644
index 0000000..98c63b4
--- /dev/null
+++ b/kvm-vfio-pci.c-rename-vfio_pci_dev_info-to-vfio_pci_info.patch
@@ -0,0 +1,52 @@
+From 89a252c44c9acc995d34d1c77c7f652bc4994a06 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:23 +0100
+Subject: [PATCH 065/116] vfio/pci.c: rename vfio_pci_dev_info to vfio_pci_info
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [49/100] e7837d38dc5250bfd3130e2088729b4e9850d307 (rovick1/qemu-kvm)
+
+This changes the prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-16-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 25c8376b37948d7608b1a13f43e985fc801295e5)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index 96a0d8b290..fd8d8f7e32 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -3934,7 +3934,7 @@ static void vfio_pci_class_init(ObjectClass *klass, const void *data)
+ "multifd channels");
+ }
+
+-static const TypeInfo vfio_pci_dev_info = {
++static const TypeInfo vfio_pci_info = {
+ .name = TYPE_VFIO_PCI,
+ .parent = TYPE_VFIO_PCI_BASE,
+ .class_init = vfio_pci_class_init,
+@@ -3992,7 +3992,7 @@ static void register_vfio_pci_dev_type(void)
+ vfio_pci_migration_multifd_transfer_prop.realized_set_allowed = true;
+
+ type_register_static(&vfio_pci_base_dev_info);
+- type_register_static(&vfio_pci_dev_info);
++ type_register_static(&vfio_pci_info);
+ type_register_static(&vfio_pci_nohotplug_dev_info);
+ }
+
+--
+2.52.0
+
diff --git a/kvm-vfio-pci.c-rename-vfio_pci_dev_nohotplug_properties-.patch b/kvm-vfio-pci.c-rename-vfio_pci_dev_nohotplug_properties-.patch
new file mode 100644
index 0000000..c23164b
--- /dev/null
+++ b/kvm-vfio-pci.c-rename-vfio_pci_dev_nohotplug_properties-.patch
@@ -0,0 +1,53 @@
+From 45ff92e2f3f4684ca5c910e0e94f3f883f40988e Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:28 +0100
+Subject: [PATCH 071/116] vfio/pci.c: rename
+ vfio_pci_dev_nohotplug_properties[] to vfio_pci_nohotplug_properties[]
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [55/100] f5a45ca34a156360ccd20eea400b80fd27f1d9f1 (rovick1/qemu-kvm)
+
+This changes the prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-21-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 05530ba2462f37fd55d72bdab31a7a5c29ab7519)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index ae84907aca..339324987c 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -3942,7 +3942,7 @@ static const TypeInfo vfio_pci_info = {
+ .instance_finalize = vfio_pci_finalize,
+ };
+
+-static const Property vfio_pci_dev_nohotplug_properties[] = {
++static const Property vfio_pci_nohotplug_properties[] = {
+ DEFINE_PROP_BOOL("ramfb", VFIOPCIDevice, enable_ramfb, false),
+ DEFINE_PROP_BOOL("use-legacy-x86-rom", VFIOPCIDevice,
+ use_legacy_x86_rom, false),
+@@ -3955,7 +3955,7 @@ static void vfio_pci_nohotplug_dev_class_init(ObjectClass *klass,
+ {
+ DeviceClass *dc = DEVICE_CLASS(klass);
+
+- device_class_set_props(dc, vfio_pci_dev_nohotplug_properties);
++ device_class_set_props(dc, vfio_pci_nohotplug_properties);
+ dc->hotpluggable = false;
+
+ object_class_property_set_description(klass, /* 3.1 */
+--
+2.52.0
+
diff --git a/kvm-vfio-pci.c-rename-vfio_pci_dev_properties-to-vfio_pc.patch b/kvm-vfio-pci.c-rename-vfio_pci_dev_properties-to-vfio_pc.patch
new file mode 100644
index 0000000..c0ae814
--- /dev/null
+++ b/kvm-vfio-pci.c-rename-vfio_pci_dev_properties-to-vfio_pc.patch
@@ -0,0 +1,53 @@
+From 0ceb3f374c9b6f18aacb2bbb79a69cc7559bd3d2 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:27 +0100
+Subject: [PATCH 070/116] vfio/pci.c: rename vfio_pci_dev_properties[] to
+ vfio_pci_properties[]
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [54/100] f8c9842e23be50ca7077ea3645676d96cf865c60 (rovick1/qemu-kvm)
+
+This changes the prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-20-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 7c53e1f43ee365ee5061dd30d60c21a55eefbfce)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index 9e96f7d306..ae84907aca 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -3701,7 +3701,7 @@ static const TypeInfo vfio_pci_device_info = {
+
+ static PropertyInfo vfio_pci_migration_multifd_transfer_prop;
+
+-static const Property vfio_pci_dev_properties[] = {
++static const Property vfio_pci_properties[] = {
+ DEFINE_PROP_PCI_HOST_DEVADDR("host", VFIOPCIDevice, host),
+ DEFINE_PROP_UUID_NODEFAULT("vf-token", VFIOPCIDevice, vf_token),
+ DEFINE_PROP_STRING("sysfsdev", VFIOPCIDevice, vbasedev.sysfsdev),
+@@ -3791,7 +3791,7 @@ static void vfio_pci_class_init(ObjectClass *klass, const void *data)
+ PCIDeviceClass *pdc = PCI_DEVICE_CLASS(klass);
+
+ device_class_set_legacy_reset(dc, vfio_pci_reset);
+- device_class_set_props(dc, vfio_pci_dev_properties);
++ device_class_set_props(dc, vfio_pci_properties);
+ #ifdef CONFIG_IOMMUFD
+ object_class_property_add_str(klass, "fd", NULL, vfio_pci_set_fd);
+ #endif
+--
+2.52.0
+
diff --git a/kvm-vfio-pci.c-rename-vfio_pci_nohotplug_dev_class_init-.patch b/kvm-vfio-pci.c-rename-vfio_pci_nohotplug_dev_class_init-.patch
new file mode 100644
index 0000000..48dad8a
--- /dev/null
+++ b/kvm-vfio-pci.c-rename-vfio_pci_nohotplug_dev_class_init-.patch
@@ -0,0 +1,53 @@
+From 7a71a92eb375cc03dfa5f7a6822465d917f38aeb Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:29 +0100
+Subject: [PATCH 072/116] vfio/pci.c: rename
+ vfio_pci_nohotplug_dev_class_init() to vfio_pci_nohotplug_class_init()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [56/100] 3da726c4974320a800d8c27b80480f15ab45e734 (rovick1/qemu-kvm)
+
+This changes the function prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-22-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit cc44b39c274b35f1510725f60dd95af59d0bd3fb)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index 339324987c..2b453fffcd 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -3950,7 +3950,7 @@ static const Property vfio_pci_nohotplug_properties[] = {
+ ON_OFF_AUTO_AUTO),
+ };
+
+-static void vfio_pci_nohotplug_dev_class_init(ObjectClass *klass,
++static void vfio_pci_nohotplug_class_init(ObjectClass *klass,
+ const void *data)
+ {
+ DeviceClass *dc = DEVICE_CLASS(klass);
+@@ -3975,7 +3975,7 @@ static const TypeInfo vfio_pci_nohotplug_dev_info = {
+ .name = TYPE_VFIO_PCI_NOHOTPLUG,
+ .parent = TYPE_VFIO_PCI,
+ .instance_size = sizeof(VFIOPCIDevice),
+- .class_init = vfio_pci_nohotplug_dev_class_init,
++ .class_init = vfio_pci_nohotplug_class_init,
+ };
+
+ static void register_vfio_pci_dev_type(void)
+--
+2.52.0
+
diff --git a/kvm-vfio-pci.c-rename-vfio_pci_nohotplug_dev_info-to-vfi.patch b/kvm-vfio-pci.c-rename-vfio_pci_nohotplug_dev_info-to-vfi.patch
new file mode 100644
index 0000000..bd6beb8
--- /dev/null
+++ b/kvm-vfio-pci.c-rename-vfio_pci_nohotplug_dev_info-to-vfi.patch
@@ -0,0 +1,53 @@
+From 5a616f38e879907a109b239e24ec670cbb89e3bb Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:30 +0100
+Subject: [PATCH 073/116] vfio/pci.c: rename vfio_pci_nohotplug_dev_info to
+ vfio_pci_nohotplug_info
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [57/100] a86275cbf9578d7c1b888495f60c5b292338a801 (rovick1/qemu-kvm)
+
+This changes the prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-23-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 5bdf0db823869a210434b5048d20dce5e686b7aa)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index 2b453fffcd..c34ed85d5e 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -3971,7 +3971,7 @@ static void vfio_pci_nohotplug_class_init(ObjectClass *klass,
+ "Controls loading of a legacy VGA BIOS ROM");
+ }
+
+-static const TypeInfo vfio_pci_nohotplug_dev_info = {
++static const TypeInfo vfio_pci_nohotplug_info = {
+ .name = TYPE_VFIO_PCI_NOHOTPLUG,
+ .parent = TYPE_VFIO_PCI,
+ .instance_size = sizeof(VFIOPCIDevice),
+@@ -3993,7 +3993,7 @@ static void register_vfio_pci_dev_type(void)
+
+ type_register_static(&vfio_pci_device_info);
+ type_register_static(&vfio_pci_info);
+- type_register_static(&vfio_pci_nohotplug_dev_info);
++ type_register_static(&vfio_pci_nohotplug_info);
+ }
+
+ type_init(register_vfio_pci_dev_type)
+--
+2.52.0
+
diff --git a/kvm-vfio-pci.c-use-QOM-casts-where-appropriate.patch b/kvm-vfio-pci.c-use-QOM-casts-where-appropriate.patch
new file mode 100644
index 0000000..d8a9093
--- /dev/null
+++ b/kvm-vfio-pci.c-use-QOM-casts-where-appropriate.patch
@@ -0,0 +1,826 @@
+From 3bdae047cf5f3c0a0223d05ab17a81f0c70207aa Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:56 +0100
+Subject: [PATCH 042/116] vfio/pci.c: use QOM casts where appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [26/100] b8431428007b0f056600d0ab79970fb302acf6a7 (rovick1/qemu-kvm)
+
+Use QOM casts to convert between VFIOPCIDevice and PCIDevice instead of
+accessing pdev directly.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-17-mark.caveayland@nutanix.com
+[ clg: Updated vfio_sub_page_bar_update_mappings() ]
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 77f143cc418121fb30ad9e26dd90334dcf5851fc)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci.c | 204 ++++++++++++++++++++++++++++++--------------------
+ 1 file changed, 121 insertions(+), 83 deletions(-)
+
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index 58ab1116d8..8525a8640e 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -120,6 +120,7 @@ static void vfio_intx_mmap_enable(void *opaque)
+ static void vfio_intx_interrupt(void *opaque)
+ {
+ VFIOPCIDevice *vdev = opaque;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+
+ if (!event_notifier_test_and_clear(&vdev->intx.interrupt)) {
+ return;
+@@ -128,7 +129,7 @@ static void vfio_intx_interrupt(void *opaque)
+ trace_vfio_intx_interrupt(vdev->vbasedev.name, 'A' + vdev->intx.pin);
+
+ vdev->intx.pending = true;
+- pci_irq_assert(&vdev->pdev);
++ pci_irq_assert(pdev);
+ vfio_mmap_set_enabled(vdev, false);
+ if (vdev->intx.mmap_timeout) {
+ timer_mod(vdev->intx.mmap_timer,
+@@ -139,6 +140,7 @@ static void vfio_intx_interrupt(void *opaque)
+ void vfio_pci_intx_eoi(VFIODevice *vbasedev)
+ {
+ VFIOPCIDevice *vdev = container_of(vbasedev, VFIOPCIDevice, vbasedev);
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+
+ if (!vdev->intx.pending) {
+ return;
+@@ -147,13 +149,14 @@ void vfio_pci_intx_eoi(VFIODevice *vbasedev)
+ trace_vfio_pci_intx_eoi(vbasedev->name);
+
+ vdev->intx.pending = false;
+- pci_irq_deassert(&vdev->pdev);
++ pci_irq_deassert(pdev);
+ vfio_device_irq_unmask(vbasedev, VFIO_PCI_INTX_IRQ_INDEX);
+ }
+
+ static bool vfio_intx_enable_kvm(VFIOPCIDevice *vdev, Error **errp)
+ {
+ #ifdef CONFIG_KVM
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ int irq_fd = event_notifier_get_fd(&vdev->intx.interrupt);
+
+ if (vdev->no_kvm_intx || !kvm_irqfds_enabled() ||
+@@ -166,7 +169,7 @@ static bool vfio_intx_enable_kvm(VFIOPCIDevice *vdev, Error **errp)
+ qemu_set_fd_handler(irq_fd, NULL, NULL, vdev);
+ vfio_device_irq_mask(&vdev->vbasedev, VFIO_PCI_INTX_IRQ_INDEX);
+ vdev->intx.pending = false;
+- pci_irq_deassert(&vdev->pdev);
++ pci_irq_deassert(pdev);
+
+ /* Get an eventfd for resample/unmask */
+ if (!vfio_notifier_init(vdev, &vdev->intx.unmask, "intx-unmask", 0, errp)) {
+@@ -244,6 +247,8 @@ static bool vfio_cpr_intx_enable_kvm(VFIOPCIDevice *vdev, Error **errp)
+ static void vfio_intx_disable_kvm(VFIOPCIDevice *vdev)
+ {
+ #ifdef CONFIG_KVM
++ PCIDevice *pdev = PCI_DEVICE(vdev);
++
+ if (!vdev->intx.kvm_accel) {
+ return;
+ }
+@@ -254,7 +259,7 @@ static void vfio_intx_disable_kvm(VFIOPCIDevice *vdev)
+ */
+ vfio_device_irq_mask(&vdev->vbasedev, VFIO_PCI_INTX_IRQ_INDEX);
+ vdev->intx.pending = false;
+- pci_irq_deassert(&vdev->pdev);
++ pci_irq_deassert(pdev);
+
+ /* Tell KVM to stop listening for an INTx irqfd */
+ if (kvm_irqchip_remove_irqfd_notifier_gsi(kvm_state, &vdev->intx.interrupt,
+@@ -310,7 +315,7 @@ static void vfio_intx_routing_notifier(PCIDevice *pdev)
+ return;
+ }
+
+- route = pci_device_route_intx_to_irq(&vdev->pdev, vdev->intx.pin);
++ route = pci_device_route_intx_to_irq(pdev, vdev->intx.pin);
+
+ if (pci_intx_route_changed(&vdev->intx.route, &route)) {
+ vfio_intx_update(vdev, &route);
+@@ -327,7 +332,8 @@ static void vfio_irqchip_change(Notifier *notify, void *data)
+
+ static bool vfio_intx_enable(VFIOPCIDevice *vdev, Error **errp)
+ {
+- uint8_t pin = vfio_pci_read_config(&vdev->pdev, PCI_INTERRUPT_PIN, 1);
++ PCIDevice *pdev = PCI_DEVICE(vdev);
++ uint8_t pin = vfio_pci_read_config(pdev, PCI_INTERRUPT_PIN, 1);
+ Error *err = NULL;
+ int32_t fd;
+
+@@ -345,7 +351,7 @@ static bool vfio_intx_enable(VFIOPCIDevice *vdev, Error **errp)
+ }
+
+ vdev->intx.pin = pin - 1; /* Pin A (1) -> irq[0] */
+- pci_config_set_interrupt_pin(vdev->pdev.config, pin);
++ pci_config_set_interrupt_pin(pdev->config, pin);
+
+ #ifdef CONFIG_KVM
+ /*
+@@ -353,7 +359,7 @@ static bool vfio_intx_enable(VFIOPCIDevice *vdev, Error **errp)
+ * where we won't actually use the result anyway.
+ */
+ if (kvm_irqfds_enabled() && kvm_resamplefds_enabled()) {
+- vdev->intx.route = pci_device_route_intx_to_irq(&vdev->pdev,
++ vdev->intx.route = pci_device_route_intx_to_irq(pdev,
+ vdev->intx.pin);
+ }
+ #endif
+@@ -393,13 +399,14 @@ skip_signaling:
+
+ static void vfio_intx_disable(VFIOPCIDevice *vdev)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ int fd;
+
+ timer_del(vdev->intx.mmap_timer);
+ vfio_intx_disable_kvm(vdev);
+ vfio_device_irq_disable(&vdev->vbasedev, VFIO_PCI_INTX_IRQ_INDEX);
+ vdev->intx.pending = false;
+- pci_irq_deassert(&vdev->pdev);
++ pci_irq_deassert(pdev);
+ vfio_mmap_set_enabled(vdev, true);
+
+ fd = event_notifier_get_fd(&vdev->intx.interrupt);
+@@ -431,6 +438,7 @@ static void vfio_msi_interrupt(void *opaque)
+ {
+ VFIOMSIVector *vector = opaque;
+ VFIOPCIDevice *vdev = vector->vdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ MSIMessage (*get_msg)(PCIDevice *dev, unsigned vector);
+ void (*notify)(PCIDevice *dev, unsigned vector);
+ MSIMessage msg;
+@@ -445,9 +453,9 @@ static void vfio_msi_interrupt(void *opaque)
+ notify = msix_notify;
+
+ /* A masked vector firing needs to use the PBA, enable it */
+- if (msix_is_masked(&vdev->pdev, nr)) {
++ if (msix_is_masked(pdev, nr)) {
+ set_bit(nr, vdev->msix->pending);
+- memory_region_set_enabled(&vdev->pdev.msix_pba_mmio, true);
++ memory_region_set_enabled(&pdev->msix_pba_mmio, true);
+ trace_vfio_msix_pba_enable(vdev->vbasedev.name);
+ }
+ } else if (vdev->interrupt == VFIO_INT_MSI) {
+@@ -457,9 +465,9 @@ static void vfio_msi_interrupt(void *opaque)
+ abort();
+ }
+
+- msg = get_msg(&vdev->pdev, nr);
++ msg = get_msg(pdev, nr);
+ trace_vfio_msi_interrupt(vdev->vbasedev.name, nr, msg.address, msg.data);
+- notify(&vdev->pdev, nr);
++ notify(pdev, nr);
+ }
+
+ void vfio_pci_msi_set_handler(VFIOPCIDevice *vdev, int nr, bool enable)
+@@ -498,6 +506,7 @@ static int vfio_enable_msix_no_vec(VFIOPCIDevice *vdev)
+
+ static int vfio_enable_vectors(VFIOPCIDevice *vdev, bool msix)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ struct vfio_irq_set *irq_set;
+ int ret = 0, i, argsz;
+ int32_t *fds;
+@@ -540,7 +549,7 @@ static int vfio_enable_vectors(VFIOPCIDevice *vdev, bool msix)
+ */
+ if (vdev->msi_vectors[i].use) {
+ if (vdev->msi_vectors[i].virq < 0 ||
+- (msix && msix_is_masked(&vdev->pdev, i))) {
++ (msix && msix_is_masked(pdev, i))) {
+ fd = event_notifier_get_fd(&vdev->msi_vectors[i].interrupt);
+ } else {
+ fd = event_notifier_get_fd(&vdev->msi_vectors[i].kvm_interrupt);
+@@ -560,12 +569,14 @@ static int vfio_enable_vectors(VFIOPCIDevice *vdev, bool msix)
+ void vfio_pci_add_kvm_msi_virq(VFIOPCIDevice *vdev, VFIOMSIVector *vector,
+ int vector_n, bool msix)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
++
+ if ((msix && vdev->no_kvm_msix) || (!msix && vdev->no_kvm_msi)) {
+ return;
+ }
+
+ vector->virq = kvm_irqchip_add_msi_route(&vfio_route_change,
+- vector_n, &vdev->pdev);
++ vector_n, pdev);
+ }
+
+ static void vfio_connect_kvm_msi_virq(VFIOMSIVector *vector, int nr)
+@@ -634,7 +645,7 @@ static void set_irq_signalling(VFIODevice *vbasedev, VFIOMSIVector *vector,
+ void vfio_pci_vector_init(VFIOPCIDevice *vdev, int nr)
+ {
+ VFIOMSIVector *vector = &vdev->msi_vectors[nr];
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ Error *local_err = NULL;
+
+ vector->vdev = vdev;
+@@ -723,7 +734,7 @@ static int vfio_msix_vector_do_use(PCIDevice *pdev, unsigned int nr,
+ clear_bit(nr, vdev->msix->pending);
+ if (find_first_bit(vdev->msix->pending,
+ vdev->nr_vectors) == vdev->nr_vectors) {
+- memory_region_set_enabled(&vdev->pdev.msix_pba_mmio, false);
++ memory_region_set_enabled(&pdev->msix_pba_mmio, false);
+ trace_vfio_msix_pba_disable(vdev->vbasedev.name);
+ }
+
+@@ -774,7 +785,9 @@ static void vfio_msix_vector_release(PCIDevice *pdev, unsigned int nr)
+
+ void vfio_pci_msix_set_notifiers(VFIOPCIDevice *vdev)
+ {
+- msix_set_vector_notifiers(&vdev->pdev, vfio_msix_vector_use,
++ PCIDevice *pdev = PCI_DEVICE(vdev);
++
++ msix_set_vector_notifiers(pdev, vfio_msix_vector_use,
+ vfio_msix_vector_release, NULL);
+ }
+
+@@ -801,6 +814,7 @@ void vfio_pci_commit_kvm_msi_virq_batch(VFIOPCIDevice *vdev)
+
+ static void vfio_msix_enable(VFIOPCIDevice *vdev)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ int ret;
+
+ vfio_disable_interrupts(vdev);
+@@ -817,7 +831,7 @@ static void vfio_msix_enable(VFIOPCIDevice *vdev)
+ */
+ vfio_pci_prepare_kvm_msi_virq_batch(vdev);
+
+- if (msix_set_vector_notifiers(&vdev->pdev, vfio_msix_vector_use,
++ if (msix_set_vector_notifiers(pdev, vfio_msix_vector_use,
+ vfio_msix_vector_release, NULL)) {
+ error_report("vfio: msix_set_vector_notifiers failed");
+ }
+@@ -855,11 +869,12 @@ static void vfio_msix_enable(VFIOPCIDevice *vdev)
+
+ static void vfio_msi_enable(VFIOPCIDevice *vdev)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ int ret, i;
+
+ vfio_disable_interrupts(vdev);
+
+- vdev->nr_vectors = msi_nr_vectors_allocated(&vdev->pdev);
++ vdev->nr_vectors = msi_nr_vectors_allocated(pdev);
+ retry:
+ /*
+ * Setting vector notifiers needs to enable route for each vector.
+@@ -952,10 +967,11 @@ static void vfio_msi_disable_common(VFIOPCIDevice *vdev)
+
+ static void vfio_msix_disable(VFIOPCIDevice *vdev)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ Error *err = NULL;
+ int i;
+
+- msix_unset_vector_notifiers(&vdev->pdev);
++ msix_unset_vector_notifiers(pdev);
+
+ /*
+ * MSI-X will only release vectors if MSI-X is still enabled on the
+@@ -963,8 +979,8 @@ static void vfio_msix_disable(VFIOPCIDevice *vdev)
+ */
+ for (i = 0; i < vdev->nr_vectors; i++) {
+ if (vdev->msi_vectors[i].use) {
+- vfio_msix_vector_release(&vdev->pdev, i);
+- msix_vector_unuse(&vdev->pdev, i);
++ vfio_msix_vector_release(pdev, i);
++ msix_vector_unuse(pdev, i);
+ }
+ }
+
+@@ -1001,6 +1017,7 @@ static void vfio_msi_disable(VFIOPCIDevice *vdev)
+
+ static void vfio_update_msi(VFIOPCIDevice *vdev)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ int i;
+
+ for (i = 0; i < vdev->nr_vectors; i++) {
+@@ -1011,8 +1028,8 @@ static void vfio_update_msi(VFIOPCIDevice *vdev)
+ continue;
+ }
+
+- msg = msi_get_message(&vdev->pdev, i);
+- vfio_update_kvm_msi_virq(vector, msg, &vdev->pdev);
++ msg = msi_get_message(pdev, i);
++ vfio_update_kvm_msi_virq(vector, msg, pdev);
+ }
+ }
+
+@@ -1174,13 +1191,14 @@ static const MemoryRegionOps vfio_rom_ops = {
+
+ static void vfio_pci_size_rom(VFIOPCIDevice *vdev)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ VFIODevice *vbasedev = &vdev->vbasedev;
+ uint32_t orig, size = cpu_to_le32((uint32_t)PCI_ROM_ADDRESS_MASK);
+ char *name;
+
+- if (vdev->pdev.romfile || !vdev->pdev.rom_bar) {
++ if (pdev->romfile || !pdev->rom_bar) {
+ /* Since pci handles romfile, just print a message and return */
+- if (vfio_opt_rom_in_denylist(vdev) && vdev->pdev.romfile) {
++ if (vfio_opt_rom_in_denylist(vdev) && pdev->romfile) {
+ warn_report("Device at %s is known to cause system instability"
+ " issues during option rom execution",
+ vdev->vbasedev.name);
+@@ -1209,7 +1227,7 @@ static void vfio_pci_size_rom(VFIOPCIDevice *vdev)
+ }
+
+ if (vfio_opt_rom_in_denylist(vdev)) {
+- if (vdev->pdev.rom_bar > 0) {
++ if (pdev->rom_bar > 0) {
+ warn_report("Device at %s is known to cause system instability"
+ " issues during option rom execution",
+ vdev->vbasedev.name);
+@@ -1228,12 +1246,12 @@ static void vfio_pci_size_rom(VFIOPCIDevice *vdev)
+
+ name = g_strdup_printf("vfio[%s].rom", vdev->vbasedev.name);
+
+- memory_region_init_io(&vdev->pdev.rom, OBJECT(vdev),
++ memory_region_init_io(&pdev->rom, OBJECT(vdev),
+ &vfio_rom_ops, vdev, name, size);
+ g_free(name);
+
+- pci_register_bar(&vdev->pdev, PCI_ROM_SLOT,
+- PCI_BASE_ADDRESS_SPACE_MEMORY, &vdev->pdev.rom);
++ pci_register_bar(pdev, PCI_ROM_SLOT,
++ PCI_BASE_ADDRESS_SPACE_MEMORY, &pdev->rom);
+
+ vdev->rom_read_failed = false;
+ }
+@@ -1506,6 +1524,7 @@ static void vfio_disable_interrupts(VFIOPCIDevice *vdev)
+
+ static bool vfio_msi_setup(VFIOPCIDevice *vdev, int pos, Error **errp)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ uint16_t ctrl;
+ bool msi_64bit, msi_maskbit;
+ int ret, entries;
+@@ -1526,7 +1545,7 @@ static bool vfio_msi_setup(VFIOPCIDevice *vdev, int pos, Error **errp)
+
+ trace_vfio_msi_setup(vdev->vbasedev.name, pos);
+
+- ret = msi_init(&vdev->pdev, pos, entries, msi_64bit, msi_maskbit, &err);
++ ret = msi_init(pdev, pos, entries, msi_64bit, msi_maskbit, &err);
+ if (ret < 0) {
+ if (ret == -ENOTSUP) {
+ return true;
+@@ -1719,6 +1738,7 @@ static bool vfio_pci_relocate_msix(VFIOPCIDevice *vdev, Error **errp)
+ */
+ static bool vfio_msix_early_setup(VFIOPCIDevice *vdev, Error **errp)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ uint8_t pos;
+ uint16_t ctrl;
+ uint32_t table, pba;
+@@ -1726,7 +1746,7 @@ static bool vfio_msix_early_setup(VFIOPCIDevice *vdev, Error **errp)
+ VFIOMSIXInfo *msix;
+ int ret;
+
+- pos = pci_find_capability(&vdev->pdev, PCI_CAP_ID_MSIX);
++ pos = pci_find_capability(pdev, PCI_CAP_ID_MSIX);
+ if (!pos) {
+ return true;
+ }
+@@ -1818,12 +1838,13 @@ static bool vfio_msix_early_setup(VFIOPCIDevice *vdev, Error **errp)
+
+ static bool vfio_msix_setup(VFIOPCIDevice *vdev, int pos, Error **errp)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ int ret;
+ Error *err = NULL;
+
+ vdev->msix->pending = g_new0(unsigned long,
+ BITS_TO_LONGS(vdev->msix->entries));
+- ret = msix_init(&vdev->pdev, vdev->msix->entries,
++ ret = msix_init(pdev, vdev->msix->entries,
+ vdev->bars[vdev->msix->table_bar].mr,
+ vdev->msix->table_bar, vdev->msix->table_offset,
+ vdev->bars[vdev->msix->pba_bar].mr,
+@@ -1855,7 +1876,7 @@ static bool vfio_msix_setup(VFIOPCIDevice *vdev, int pos, Error **errp)
+ * vector-use notifier is called, which occurs on unmask, we test whether
+ * PBA emulation is needed and again disable if not.
+ */
+- memory_region_set_enabled(&vdev->pdev.msix_pba_mmio, false);
++ memory_region_set_enabled(&pdev->msix_pba_mmio, false);
+
+ /*
+ * The emulated machine may provide a paravirt interface for MSIX setup
+@@ -1867,7 +1888,7 @@ static bool vfio_msix_setup(VFIOPCIDevice *vdev, int pos, Error **errp)
+ */
+ if (object_property_get_bool(OBJECT(qdev_get_machine()),
+ "vfio-no-msix-emulation", NULL)) {
+- memory_region_set_enabled(&vdev->pdev.msix_table_mmio, false);
++ memory_region_set_enabled(&pdev->msix_table_mmio, false);
+ }
+
+ return true;
+@@ -1875,10 +1896,12 @@ static bool vfio_msix_setup(VFIOPCIDevice *vdev, int pos, Error **errp)
+
+ void vfio_pci_teardown_msi(VFIOPCIDevice *vdev)
+ {
+- msi_uninit(&vdev->pdev);
++ PCIDevice *pdev = PCI_DEVICE(vdev);
++
++ msi_uninit(pdev);
+
+ if (vdev->msix) {
+- msix_uninit(&vdev->pdev,
++ msix_uninit(pdev,
+ vdev->bars[vdev->msix->table_bar].mr,
+ vdev->bars[vdev->msix->pba_bar].mr);
+ g_free(vdev->msix->pending);
+@@ -1939,6 +1962,7 @@ static void vfio_bars_prepare(VFIOPCIDevice *vdev)
+
+ static void vfio_bar_register(VFIOPCIDevice *vdev, int nr)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ VFIOBAR *bar = &vdev->bars[nr];
+ char *name;
+
+@@ -1960,7 +1984,7 @@ static void vfio_bar_register(VFIOPCIDevice *vdev, int nr)
+ }
+ }
+
+- pci_register_bar(&vdev->pdev, nr, bar->type, bar->mr);
++ pci_register_bar(pdev, nr, bar->type, bar->mr);
+ }
+
+ static void vfio_bars_register(VFIOPCIDevice *vdev)
+@@ -1974,6 +1998,7 @@ static void vfio_bars_register(VFIOPCIDevice *vdev)
+
+ void vfio_pci_bars_exit(VFIOPCIDevice *vdev)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ int i;
+
+ for (i = 0; i < PCI_ROM_SLOT; i++) {
+@@ -1987,7 +2012,7 @@ void vfio_pci_bars_exit(VFIOPCIDevice *vdev)
+ }
+
+ if (vdev->vga) {
+- pci_unregister_vga(&vdev->pdev);
++ pci_unregister_vga(pdev);
+ vfio_vga_quirk_exit(vdev);
+ }
+ }
+@@ -2059,8 +2084,10 @@ static void vfio_set_word_bits(uint8_t *buf, uint16_t val, uint16_t mask)
+ static void vfio_add_emulated_word(VFIOPCIDevice *vdev, int pos,
+ uint16_t val, uint16_t mask)
+ {
+- vfio_set_word_bits(vdev->pdev.config + pos, val, mask);
+- vfio_set_word_bits(vdev->pdev.wmask + pos, ~mask, mask);
++ PCIDevice *pdev = PCI_DEVICE(vdev);
++
++ vfio_set_word_bits(pdev->config + pos, val, mask);
++ vfio_set_word_bits(pdev->wmask + pos, ~mask, mask);
+ vfio_set_word_bits(vdev->emulated_config_bits + pos, mask, mask);
+ }
+
+@@ -2072,8 +2099,10 @@ static void vfio_set_long_bits(uint8_t *buf, uint32_t val, uint32_t mask)
+ static void vfio_add_emulated_long(VFIOPCIDevice *vdev, int pos,
+ uint32_t val, uint32_t mask)
+ {
+- vfio_set_long_bits(vdev->pdev.config + pos, val, mask);
+- vfio_set_long_bits(vdev->pdev.wmask + pos, ~mask, mask);
++ PCIDevice *pdev = PCI_DEVICE(vdev);
++
++ vfio_set_long_bits(pdev->config + pos, val, mask);
++ vfio_set_long_bits(pdev->wmask + pos, ~mask, mask);
+ vfio_set_long_bits(vdev->emulated_config_bits + pos, mask, mask);
+ }
+
+@@ -2081,7 +2110,8 @@ static void vfio_pci_enable_rp_atomics(VFIOPCIDevice *vdev)
+ {
+ struct vfio_device_info_cap_pci_atomic_comp *cap;
+ g_autofree struct vfio_device_info *info = NULL;
+- PCIBus *bus = pci_get_bus(&vdev->pdev);
++ PCIDevice *pdev = PCI_DEVICE(vdev);
++ PCIBus *bus = pci_get_bus(pdev);
+ PCIDevice *parent = bus->parent_dev;
+ struct vfio_info_cap_header *hdr;
+ uint32_t mask = 0;
+@@ -2097,8 +2127,8 @@ static void vfio_pci_enable_rp_atomics(VFIOPCIDevice *vdev)
+ if (pci_bus_is_root(bus) || !parent || !parent->exp.exp_cap ||
+ pcie_cap_get_type(parent) != PCI_EXP_TYPE_ROOT_PORT ||
+ pcie_cap_get_version(parent) != PCI_EXP_FLAGS_VER2 ||
+- vdev->pdev.devfn ||
+- vdev->pdev.cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
++ pdev->devfn ||
++ pdev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
+ return;
+ }
+
+@@ -2142,8 +2172,10 @@ static void vfio_pci_enable_rp_atomics(VFIOPCIDevice *vdev)
+
+ static void vfio_pci_disable_rp_atomics(VFIOPCIDevice *vdev)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
++
+ if (vdev->clear_parent_atomics_on_exit) {
+- PCIDevice *parent = pci_get_bus(&vdev->pdev)->parent_dev;
++ PCIDevice *parent = pci_get_bus(pdev)->parent_dev;
+ uint8_t *pos = parent->config + parent->exp.exp_cap + PCI_EXP_DEVCAP2;
+
+ pci_long_test_and_clear_mask(pos, PCI_EXP_DEVCAP2_ATOMIC_COMP32 |
+@@ -2155,10 +2187,11 @@ static void vfio_pci_disable_rp_atomics(VFIOPCIDevice *vdev)
+ static bool vfio_setup_pcie_cap(VFIOPCIDevice *vdev, int pos, uint8_t size,
+ Error **errp)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ uint16_t flags;
+ uint8_t type;
+
+- flags = pci_get_word(vdev->pdev.config + pos + PCI_CAP_FLAGS);
++ flags = pci_get_word(pdev->config + pos + PCI_CAP_FLAGS);
+ type = (flags & PCI_EXP_FLAGS_TYPE) >> 4;
+
+ if (type != PCI_EXP_TYPE_ENDPOINT &&
+@@ -2170,8 +2203,8 @@ static bool vfio_setup_pcie_cap(VFIOPCIDevice *vdev, int pos, uint8_t size,
+ return false;
+ }
+
+- if (!pci_bus_is_express(pci_get_bus(&vdev->pdev))) {
+- PCIBus *bus = pci_get_bus(&vdev->pdev);
++ if (!pci_bus_is_express(pci_get_bus(pdev))) {
++ PCIBus *bus = pci_get_bus(pdev);
+ PCIDevice *bridge;
+
+ /*
+@@ -2203,7 +2236,7 @@ static bool vfio_setup_pcie_cap(VFIOPCIDevice *vdev, int pos, uint8_t size,
+ return true;
+ }
+
+- } else if (pci_bus_is_root(pci_get_bus(&vdev->pdev))) {
++ } else if (pci_bus_is_root(pci_get_bus(pdev))) {
+ /*
+ * On a Root Complex bus Endpoints become Root Complex Integrated
+ * Endpoints, which changes the type and clears the LNK & LNK2 fields.
+@@ -2271,20 +2304,20 @@ static bool vfio_setup_pcie_cap(VFIOPCIDevice *vdev, int pos, uint8_t size,
+ 1, PCI_EXP_FLAGS_VERS);
+ }
+
+- pos = pci_add_capability(&vdev->pdev, PCI_CAP_ID_EXP, pos, size,
+- errp);
++ pos = pci_add_capability(pdev, PCI_CAP_ID_EXP, pos, size, errp);
+ if (pos < 0) {
+ return false;
+ }
+
+- vdev->pdev.exp.exp_cap = pos;
++ pdev->exp.exp_cap = pos;
+
+ return true;
+ }
+
+ static void vfio_check_pcie_flr(VFIOPCIDevice *vdev, uint8_t pos)
+ {
+- uint32_t cap = pci_get_long(vdev->pdev.config + pos + PCI_EXP_DEVCAP);
++ PCIDevice *pdev = PCI_DEVICE(vdev);
++ uint32_t cap = pci_get_long(pdev->config + pos + PCI_EXP_DEVCAP);
+
+ if (cap & PCI_EXP_DEVCAP_FLR) {
+ trace_vfio_check_pcie_flr(vdev->vbasedev.name);
+@@ -2294,7 +2327,8 @@ static void vfio_check_pcie_flr(VFIOPCIDevice *vdev, uint8_t pos)
+
+ static void vfio_check_pm_reset(VFIOPCIDevice *vdev, uint8_t pos)
+ {
+- uint16_t csr = pci_get_word(vdev->pdev.config + pos + PCI_PM_CTRL);
++ PCIDevice *pdev = PCI_DEVICE(vdev);
++ uint16_t csr = pci_get_word(pdev->config + pos + PCI_PM_CTRL);
+
+ if (!(csr & PCI_PM_CTRL_NO_SOFT_RESET)) {
+ trace_vfio_check_pm_reset(vdev->vbasedev.name);
+@@ -2304,7 +2338,8 @@ static void vfio_check_pm_reset(VFIOPCIDevice *vdev, uint8_t pos)
+
+ static void vfio_check_af_flr(VFIOPCIDevice *vdev, uint8_t pos)
+ {
+- uint8_t cap = pci_get_byte(vdev->pdev.config + pos + PCI_AF_CAP);
++ PCIDevice *pdev = PCI_DEVICE(vdev);
++ uint8_t cap = pci_get_byte(pdev->config + pos + PCI_AF_CAP);
+
+ if ((cap & PCI_AF_CAP_TP) && (cap & PCI_AF_CAP_FLR)) {
+ trace_vfio_check_af_flr(vdev->vbasedev.name);
+@@ -2315,7 +2350,7 @@ static void vfio_check_af_flr(VFIOPCIDevice *vdev, uint8_t pos)
+ static bool vfio_add_vendor_specific_cap(VFIOPCIDevice *vdev, int pos,
+ uint8_t size, Error **errp)
+ {
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+
+ pos = pci_add_capability(pdev, PCI_CAP_ID_VNDR, pos, size, errp);
+ if (pos < 0) {
+@@ -2337,7 +2372,7 @@ static bool vfio_add_vendor_specific_cap(VFIOPCIDevice *vdev, int pos,
+ static bool vfio_add_std_cap(VFIOPCIDevice *vdev, uint8_t pos, Error **errp)
+ {
+ ERRP_GUARD();
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ uint8_t cap_id, next, size;
+ bool ret;
+
+@@ -2423,17 +2458,18 @@ static bool vfio_add_std_cap(VFIOPCIDevice *vdev, uint8_t pos, Error **errp)
+
+ static int vfio_setup_rebar_ecap(VFIOPCIDevice *vdev, uint16_t pos)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ uint32_t ctrl;
+ int i, nbar;
+
+- ctrl = pci_get_long(vdev->pdev.config + pos + PCI_REBAR_CTRL);
++ ctrl = pci_get_long(pdev->config + pos + PCI_REBAR_CTRL);
+ nbar = (ctrl & PCI_REBAR_CTRL_NBAR_MASK) >> PCI_REBAR_CTRL_NBAR_SHIFT;
+
+ for (i = 0; i < nbar; i++) {
+ uint32_t cap;
+ int size;
+
+- ctrl = pci_get_long(vdev->pdev.config + pos + PCI_REBAR_CTRL + (i * 8));
++ ctrl = pci_get_long(pdev->config + pos + PCI_REBAR_CTRL + (i * 8));
+ size = (ctrl & PCI_REBAR_CTRL_BAR_SIZE) >> PCI_REBAR_CTRL_BAR_SHIFT;
+
+ /* The cap register reports sizes 1MB to 128TB, with 4 reserved bits */
+@@ -2471,7 +2507,7 @@ static int vfio_setup_rebar_ecap(VFIOPCIDevice *vdev, uint16_t pos)
+
+ static void vfio_add_ext_cap(VFIOPCIDevice *vdev)
+ {
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ uint32_t header;
+ uint16_t cap_id, next, size;
+ uint8_t cap_ver;
+@@ -2565,7 +2601,7 @@ static void vfio_add_ext_cap(VFIOPCIDevice *vdev)
+
+ bool vfio_pci_add_capabilities(VFIOPCIDevice *vdev, Error **errp)
+ {
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+
+ if (!(pdev->config[PCI_STATUS] & PCI_STATUS_CAP_LIST) ||
+ !pdev->config[PCI_CAPABILITY_LIST]) {
+@@ -2582,7 +2618,7 @@ bool vfio_pci_add_capabilities(VFIOPCIDevice *vdev, Error **errp)
+
+ void vfio_pci_pre_reset(VFIOPCIDevice *vdev)
+ {
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ uint16_t cmd;
+
+ vfio_disable_interrupts(vdev);
+@@ -2799,7 +2835,7 @@ static int vfio_pci_save_config(VFIODevice *vbasedev, QEMUFile *f, Error **errp)
+ static int vfio_pci_load_config(VFIODevice *vbasedev, QEMUFile *f)
+ {
+ VFIOPCIDevice *vdev = container_of(vbasedev, VFIOPCIDevice, vbasedev);
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ pcibus_t old_addr[PCI_NUM_REGIONS - 1];
+ int bar, ret;
+
+@@ -2847,7 +2883,7 @@ VFIOPCIDevice *vfio_pci_from_vfio_device(VFIODevice *vbasedev)
+
+ void vfio_sub_page_bar_update_mappings(VFIOPCIDevice *vdev)
+ {
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ int page_size = qemu_real_host_page_size();
+ int bar;
+
+@@ -2931,6 +2967,7 @@ bool vfio_populate_vga(VFIOPCIDevice *vdev, Error **errp)
+
+ bool vfio_pci_populate_device(VFIOPCIDevice *vdev, Error **errp)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ VFIODevice *vbasedev = &vdev->vbasedev;
+ struct vfio_region_info *reg_info = NULL;
+ struct vfio_irq_info irq_info;
+@@ -2982,7 +3019,7 @@ bool vfio_pci_populate_device(VFIOPCIDevice *vdev, Error **errp)
+
+ vdev->config_size = reg_info->size;
+ if (vdev->config_size == PCI_CONFIG_SPACE_SIZE) {
+- vdev->pdev.cap_present &= ~QEMU_PCI_CAP_EXPRESS;
++ pdev->cap_present &= ~QEMU_PCI_CAP_EXPRESS;
+ }
+ vdev->config_offset = reg_info->offset;
+
+@@ -3186,25 +3223,26 @@ static void vfio_unregister_req_notifier(VFIOPCIDevice *vdev)
+
+ void vfio_pci_config_register_vga(VFIOPCIDevice *vdev)
+ {
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ assert(vdev->vga != NULL);
+
+- pci_register_vga(&vdev->pdev, &vdev->vga->region[QEMU_PCI_VGA_MEM].mem,
++ pci_register_vga(pdev, &vdev->vga->region[QEMU_PCI_VGA_MEM].mem,
+ &vdev->vga->region[QEMU_PCI_VGA_IO_LO].mem,
+ &vdev->vga->region[QEMU_PCI_VGA_IO_HI].mem);
+ }
+
+ bool vfio_pci_config_setup(VFIOPCIDevice *vdev, Error **errp)
+ {
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ VFIODevice *vbasedev = &vdev->vbasedev;
+ uint32_t config_space_size;
+ int ret;
+
+- config_space_size = MIN(pci_config_size(&vdev->pdev), vdev->config_size);
++ config_space_size = MIN(pci_config_size(pdev), vdev->config_size);
+
+ /* Get a copy of config space */
+ ret = vfio_pci_config_space_read(vdev, 0, config_space_size,
+- vdev->pdev.config);
++ pdev->config);
+ if (ret < (int)config_space_size) {
+ ret = ret < 0 ? -ret : EFAULT;
+ error_setg_errno(errp, ret, "failed to read device config space");
+@@ -3289,10 +3327,10 @@ bool vfio_pci_config_setup(VFIOPCIDevice *vdev, Error **errp)
+ PCI_HEADER_TYPE_MULTI_FUNCTION;
+
+ /* Restore or clear multifunction, this is always controlled by QEMU */
+- if (vdev->pdev.cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
+- vdev->pdev.config[PCI_HEADER_TYPE] |= PCI_HEADER_TYPE_MULTI_FUNCTION;
++ if (pdev->cap_present & QEMU_PCI_CAP_MULTIFUNCTION) {
++ pdev->config[PCI_HEADER_TYPE] |= PCI_HEADER_TYPE_MULTI_FUNCTION;
+ } else {
+- vdev->pdev.config[PCI_HEADER_TYPE] &= ~PCI_HEADER_TYPE_MULTI_FUNCTION;
++ pdev->config[PCI_HEADER_TYPE] &= ~PCI_HEADER_TYPE_MULTI_FUNCTION;
+ }
+
+ /*
+@@ -3300,8 +3338,8 @@ bool vfio_pci_config_setup(VFIOPCIDevice *vdev, Error **errp)
+ * BAR, such as might be the case with the option ROM, we can get
+ * confusing, unwritable, residual addresses from the host here.
+ */
+- memset(&vdev->pdev.config[PCI_BASE_ADDRESS_0], 0, 24);
+- memset(&vdev->pdev.config[PCI_ROM_ADDRESS], 0, 4);
++ memset(&pdev->config[PCI_BASE_ADDRESS_0], 0, 24);
++ memset(&pdev->config[PCI_ROM_ADDRESS], 0, 4);
+
+ vfio_pci_size_rom(vdev);
+
+@@ -3322,7 +3360,7 @@ bool vfio_pci_config_setup(VFIOPCIDevice *vdev, Error **errp)
+
+ bool vfio_pci_interrupt_setup(VFIOPCIDevice *vdev, Error **errp)
+ {
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+
+ /* QEMU emulates all of MSI & MSIX */
+ if (pdev->cap_present & QEMU_PCI_CAP_MSIX) {
+@@ -3335,10 +3373,10 @@ bool vfio_pci_interrupt_setup(VFIOPCIDevice *vdev, Error **errp)
+ vdev->msi_cap_size);
+ }
+
+- if (vfio_pci_read_config(&vdev->pdev, PCI_INTERRUPT_PIN, 1)) {
++ if (vfio_pci_read_config(pdev, PCI_INTERRUPT_PIN, 1)) {
+ vdev->intx.mmap_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL,
+ vfio_intx_mmap_enable, vdev);
+- pci_device_set_intx_routing_notifier(&vdev->pdev,
++ pci_device_set_intx_routing_notifier(pdev,
+ vfio_intx_routing_notifier);
+ vdev->irqchip_change_notifier.notify = vfio_irqchip_change;
+ kvm_irqchip_add_change_notifier(&vdev->irqchip_change_notifier);
+@@ -3350,7 +3388,7 @@ bool vfio_pci_interrupt_setup(VFIOPCIDevice *vdev, Error **errp)
+ */
+ if (!cpr_is_incoming() && !vfio_intx_enable(vdev, errp)) {
+ timer_free(vdev->intx.mmap_timer);
+- pci_device_set_intx_routing_notifier(&vdev->pdev, NULL);
++ pci_device_set_intx_routing_notifier(pdev, NULL);
+ kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier);
+ return false;
+ }
+@@ -3516,7 +3554,7 @@ out_deregister:
+ if (vdev->interrupt == VFIO_INT_INTx) {
+ vfio_intx_disable(vdev);
+ }
+- pci_device_set_intx_routing_notifier(&vdev->pdev, NULL);
++ pci_device_set_intx_routing_notifier(pdev, NULL);
+ if (vdev->irqchip_change_notifier.notify) {
+ kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier);
+ }
+@@ -3548,7 +3586,7 @@ static void vfio_exitfn(PCIDevice *pdev)
+
+ vfio_unregister_req_notifier(vdev);
+ vfio_unregister_err_notifier(vdev);
+- pci_device_set_intx_routing_notifier(&vdev->pdev, NULL);
++ pci_device_set_intx_routing_notifier(pdev, NULL);
+ if (vdev->irqchip_change_notifier.notify) {
+ kvm_irqchip_remove_change_notifier(&vdev->irqchip_change_notifier);
+ }
+--
+2.52.0
+
diff --git a/kvm-vfio-pci.h-rename-VFIOPCIDevice-pdev-field-to-parent.patch b/kvm-vfio-pci.h-rename-VFIOPCIDevice-pdev-field-to-parent.patch
new file mode 100644
index 0000000..53a37af
--- /dev/null
+++ b/kvm-vfio-pci.h-rename-VFIOPCIDevice-pdev-field-to-parent.patch
@@ -0,0 +1,79 @@
+From 140c54e956b284cbb96874e7f003f71d0e727984 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:26:02 +0100
+Subject: [PATCH 047/116] vfio/pci.h: rename VFIOPCIDevice pdev field to
+ parent_obj
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [31/100] d8dc488ce4e8c2cdec8db0f0e90715513194b2b2 (rovick1/qemu-kvm)
+
+Now that nothing accesses the pdev field directly, rename pdev to
+parent_obj as per our current coding guidelines.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: Steve Sistare <steven.sistare@oracle.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-23-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit bb986792a968ee51cda72cd4cc05822198495375)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/cpr.c | 4 ++--
+ hw/vfio/pci.c | 4 ++--
+ hw/vfio/pci.h | 2 +-
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/hw/vfio/cpr.c b/hw/vfio/cpr.c
+index f911988add..2c71fc1e8e 100644
+--- a/hw/vfio/cpr.c
++++ b/hw/vfio/cpr.c
+@@ -173,8 +173,8 @@ const VMStateDescription vfio_cpr_pci_vmstate = {
+ .post_load = vfio_cpr_pci_post_load,
+ .needed = cpr_incoming_needed,
+ .fields = (VMStateField[]) {
+- VMSTATE_PCI_DEVICE(pdev, VFIOPCIDevice),
+- VMSTATE_MSIX_TEST(pdev, VFIOPCIDevice, pci_msix_present),
++ VMSTATE_PCI_DEVICE(parent_obj, VFIOPCIDevice),
++ VMSTATE_MSIX_TEST(parent_obj, VFIOPCIDevice, pci_msix_present),
+ VMSTATE_VFIO_INTX(intx, VFIOPCIDevice),
+ VMSTATE_END_OF_LIST()
+ }
+diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
+index 8525a8640e..d9cdd90ea5 100644
+--- a/hw/vfio/pci.c
++++ b/hw/vfio/pci.c
+@@ -2814,8 +2814,8 @@ static const VMStateDescription vmstate_vfio_pci_config = {
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (const VMStateField[]) {
+- VMSTATE_PCI_DEVICE(pdev, VFIOPCIDevice),
+- VMSTATE_MSIX_TEST(pdev, VFIOPCIDevice, vfio_msix_present),
++ VMSTATE_PCI_DEVICE(parent_obj, VFIOPCIDevice),
++ VMSTATE_MSIX_TEST(parent_obj, VFIOPCIDevice, vfio_msix_present),
+ VMSTATE_END_OF_LIST()
+ },
+ .subsections = (const VMStateDescription * const []) {
+diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
+index 08bab970cb..dd419f9147 100644
+--- a/hw/vfio/pci.h
++++ b/hw/vfio/pci.h
+@@ -123,7 +123,7 @@ typedef struct VFIOMSIXInfo {
+ OBJECT_DECLARE_SIMPLE_TYPE(VFIOPCIDevice, VFIO_PCI_BASE)
+
+ struct VFIOPCIDevice {
+- PCIDevice pdev;
++ PCIDevice parent_obj;
+
+ VFIODevice vbasedev;
+ VFIOINTx intx;
+--
+2.52.0
+
diff --git a/kvm-vfio-pci.h-update-VFIOPCIDevice-declaration.patch b/kvm-vfio-pci.h-update-VFIOPCIDevice-declaration.patch
new file mode 100644
index 0000000..56eeb7b
--- /dev/null
+++ b/kvm-vfio-pci.h-update-VFIOPCIDevice-declaration.patch
@@ -0,0 +1,44 @@
+From 49c47201b804596abd07a01540873cf8818d0049 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:54 +0100
+Subject: [PATCH 041/116] vfio/pci.h: update VFIOPCIDevice declaration
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [25/100] d8ed3b3ddb415b5d777bbd928ba2014c4f1ad8d6 (rovick1/qemu-kvm)
+
+Update the VFIOPCIDevice declaration so that it is closer to our coding
+guidelines: add a blank line after the parent object.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-15-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 750e424fd04311aaeeb85536744c4cd3e460404d)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/pci.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
+index e3ab3fe1f7..08bab970cb 100644
+--- a/hw/vfio/pci.h
++++ b/hw/vfio/pci.h
+@@ -124,6 +124,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(VFIOPCIDevice, VFIO_PCI_BASE)
+
+ struct VFIOPCIDevice {
+ PCIDevice pdev;
++
+ VFIODevice vbasedev;
+ VFIOINTx intx;
+ unsigned int config_size;
+--
+2.52.0
+
diff --git a/kvm-vfio-scsi-ui-Error-check-qio_channel_socket_connect_.patch b/kvm-vfio-scsi-ui-Error-check-qio_channel_socket_connect_.patch
new file mode 100644
index 0000000..4a69178
--- /dev/null
+++ b/kvm-vfio-scsi-ui-Error-check-qio_channel_socket_connect_.patch
@@ -0,0 +1,100 @@
+From 481a0c91e004873fd5d28bc82bbe11ebba2901f9 Mon Sep 17 00:00:00 2001
+From: Markus Armbruster <armbru@redhat.com>
+Date: Wed, 23 Jul 2025 15:32:57 +0200
+Subject: [PATCH 018/116] vfio scsi ui: Error-check
+ qio_channel_socket_connect_sync() the same way
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [2/100] f61dd6e10ef6ff7b143fd59a1550b62237ba0ac6 (rovick1/qemu-kvm)
+
+qio_channel_socket_connect_sync() returns 0 on success, and -1 on
+failure, with errp set. Some callers check the return value, and some
+check whether errp was set.
+
+For consistency, always check the return value, and always check it's
+negative.
+
+Signed-off-by: Markus Armbruster <armbru@redhat.com>
+Message-ID: <20250723133257.1497640-3-armbru@redhat.com>
+Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
+(cherry picked from commit ec14a3de622ae30a8afa78b6f564bc743b753ee1)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/proxy.c | 2 +-
+ scsi/pr-manager-helper.c | 9 ++-------
+ ui/input-barrier.c | 5 +----
+ 3 files changed, 4 insertions(+), 12 deletions(-)
+
+diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c
+index 2275d3fe39..2c03d49f97 100644
+--- a/hw/vfio-user/proxy.c
++++ b/hw/vfio-user/proxy.c
+@@ -885,7 +885,7 @@ VFIOUserProxy *vfio_user_connect_dev(SocketAddress *addr, Error **errp)
+
+ sioc = qio_channel_socket_new();
+ ioc = QIO_CHANNEL(sioc);
+- if (qio_channel_socket_connect_sync(sioc, addr, errp)) {
++ if (qio_channel_socket_connect_sync(sioc, addr, errp) < 0) {
+ object_unref(OBJECT(ioc));
+ return NULL;
+ }
+diff --git a/scsi/pr-manager-helper.c b/scsi/pr-manager-helper.c
+index 6b86f01b01..aea751fb04 100644
+--- a/scsi/pr-manager-helper.c
++++ b/scsi/pr-manager-helper.c
+@@ -105,20 +105,15 @@ static int pr_manager_helper_initialize(PRManagerHelper *pr_mgr,
+ .u.q_unix.path = path
+ };
+ QIOChannelSocket *sioc = qio_channel_socket_new();
+- Error *local_err = NULL;
+-
+ uint32_t flags;
+ int r;
+
+ assert(!pr_mgr->ioc);
+ qio_channel_set_name(QIO_CHANNEL(sioc), "pr-manager-helper");
+- qio_channel_socket_connect_sync(sioc,
+- &saddr,
+- &local_err);
++ r = qio_channel_socket_connect_sync(sioc, &saddr, errp);
+ g_free(path);
+- if (local_err) {
++ if (r < 0) {
+ object_unref(OBJECT(sioc));
+- error_propagate(errp, local_err);
+ return -ENOTCONN;
+ }
+
+diff --git a/ui/input-barrier.c b/ui/input-barrier.c
+index 9793258aac..0a2198ca50 100644
+--- a/ui/input-barrier.c
++++ b/ui/input-barrier.c
+@@ -490,7 +490,6 @@ static gboolean input_barrier_event(QIOChannel *ioc G_GNUC_UNUSED,
+ static void input_barrier_complete(UserCreatable *uc, Error **errp)
+ {
+ InputBarrier *ib = INPUT_BARRIER(uc);
+- Error *local_err = NULL;
+
+ if (!ib->name) {
+ error_setg(errp, QERR_MISSING_PARAMETER, "name");
+@@ -506,9 +505,7 @@ static void input_barrier_complete(UserCreatable *uc, Error **errp)
+ ib->sioc = qio_channel_socket_new();
+ qio_channel_set_name(QIO_CHANNEL(ib->sioc), "barrier-client");
+
+- qio_channel_socket_connect_sync(ib->sioc, &ib->saddr, &local_err);
+- if (local_err) {
+- error_propagate(errp, local_err);
++ if (qio_channel_socket_connect_sync(ib->sioc, &ib->saddr, errp) < 0) {
+ return;
+ }
+
+--
+2.52.0
+
diff --git a/kvm-vfio-spapr.c-rename-VFIOContainer-bcontainer-field-t.patch b/kvm-vfio-spapr.c-rename-VFIOContainer-bcontainer-field-t.patch
new file mode 100644
index 0000000..33b3996
--- /dev/null
+++ b/kvm-vfio-spapr.c-rename-VFIOContainer-bcontainer-field-t.patch
@@ -0,0 +1,53 @@
+From 6cf408cdf62e1d862f610bb8ad928ad221d6e98d Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:19 +0100
+Subject: [PATCH 061/116] vfio/spapr.c: rename VFIOContainer bcontainer field
+ to parent_obj
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [45/100] 38ba4a34a229a04036883dbe4020000d645e65c4 (rovick1/qemu-kvm)
+
+Now that nothing accesses the bcontainer field directly, rename bcontainer to
+parent_obj as per our current coding guidelines.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-12-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 1bd06d0385eb72bb54aa14af34e8361ec3ae8cee)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/spapr.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/hw/vfio/spapr.c b/hw/vfio/spapr.c
+index c883ba6da9..8d9d68da4e 100644
+--- a/hw/vfio/spapr.c
++++ b/hw/vfio/spapr.c
+@@ -30,12 +30,13 @@ typedef struct VFIOHostDMAWindow {
+ QLIST_ENTRY(VFIOHostDMAWindow) hostwin_next;
+ } VFIOHostDMAWindow;
+
+-typedef struct VFIOSpaprContainer {
+- VFIOLegacyContainer container;
++struct VFIOSpaprContainer {
++ VFIOLegacyContainer parent_obj;
++
+ MemoryListener prereg_listener;
+ QLIST_HEAD(, VFIOHostDMAWindow) hostwin_list;
+ unsigned int levels;
+-} VFIOSpaprContainer;
++};
+
+ OBJECT_DECLARE_SIMPLE_TYPE(VFIOSpaprContainer, VFIO_IOMMU_SPAPR);
+
+--
+2.52.0
+
diff --git a/kvm-vfio-spapr.c-use-QOM-casts-where-appropriate.patch b/kvm-vfio-spapr.c-use-QOM-casts-where-appropriate.patch
new file mode 100644
index 0000000..2eefba2
--- /dev/null
+++ b/kvm-vfio-spapr.c-use-QOM-casts-where-appropriate.patch
@@ -0,0 +1,94 @@
+From a67df724e2c459dd67e0d1e7594da331019a809a Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:46 +0100
+Subject: [PATCH 033/116] vfio/spapr.c: use QOM casts where appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [17/100] 08eb7c65e80d66e9f35c87ef4f460bed25d2a056 (rovick1/qemu-kvm)
+
+Use QOM casts to convert between VFIOContainer and VFIOContainerBase instead
+of accessing bcontainer directly.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-7-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 1ea79b4b9a1477dca3ff53358fc9ebdd73d55938)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/spapr.c | 16 ++++++----------
+ 1 file changed, 6 insertions(+), 10 deletions(-)
+
+diff --git a/hw/vfio/spapr.c b/hw/vfio/spapr.c
+index 564b70ef97..c41e4588d6 100644
+--- a/hw/vfio/spapr.c
++++ b/hw/vfio/spapr.c
+@@ -62,7 +62,7 @@ static void vfio_prereg_listener_region_add(MemoryListener *listener,
+ VFIOSpaprContainer *scontainer = container_of(listener, VFIOSpaprContainer,
+ prereg_listener);
+ VFIOContainer *container = &scontainer->container;
+- VFIOContainerBase *bcontainer = &container->bcontainer;
++ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+ const hwaddr gpa = section->offset_within_address_space;
+ hwaddr end;
+ int ret;
+@@ -244,7 +244,7 @@ static bool vfio_spapr_create_window(VFIOContainer *container,
+ hwaddr *pgsize, Error **errp)
+ {
+ int ret = 0;
+- VFIOContainerBase *bcontainer = &container->bcontainer;
++ VFIOContainerBase *bcontainer = VFIO_IOMMU(container);
+ VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+ container);
+ IOMMUMemoryRegion *iommu_mr = IOMMU_MEMORY_REGION(section->mr);
+@@ -352,8 +352,7 @@ vfio_spapr_container_add_section_window(VFIOContainerBase *bcontainer,
+ MemoryRegionSection *section,
+ Error **errp)
+ {
+- VFIOContainer *container = container_of(bcontainer, VFIOContainer,
+- bcontainer);
++ VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+ container);
+ VFIOHostDMAWindow *hostwin;
+@@ -443,8 +442,7 @@ static void
+ vfio_spapr_container_del_section_window(VFIOContainerBase *bcontainer,
+ MemoryRegionSection *section)
+ {
+- VFIOContainer *container = container_of(bcontainer, VFIOContainer,
+- bcontainer);
++ VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+ container);
+
+@@ -465,8 +463,7 @@ vfio_spapr_container_del_section_window(VFIOContainerBase *bcontainer,
+
+ static void vfio_spapr_container_release(VFIOContainerBase *bcontainer)
+ {
+- VFIOContainer *container = container_of(bcontainer, VFIOContainer,
+- bcontainer);
++ VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+ container);
+ VFIOHostDMAWindow *hostwin, *next;
+@@ -484,8 +481,7 @@ static void vfio_spapr_container_release(VFIOContainerBase *bcontainer)
+ static bool vfio_spapr_container_setup(VFIOContainerBase *bcontainer,
+ Error **errp)
+ {
+- VFIOContainer *container = container_of(bcontainer, VFIOContainer,
+- bcontainer);
++ VFIOContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+ VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+ container);
+ struct vfio_iommu_spapr_tce_info info;
+--
+2.52.0
+
diff --git a/kvm-vfio-spapr.c-use-QOM-casts-where-appropriate2.patch b/kvm-vfio-spapr.c-use-QOM-casts-where-appropriate2.patch
new file mode 100644
index 0000000..2b58481
--- /dev/null
+++ b/kvm-vfio-spapr.c-use-QOM-casts-where-appropriate2.patch
@@ -0,0 +1,103 @@
+From 24472cbc79057934597e994d0a96b04b31b7a7f2 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:18 +0100
+Subject: [PATCH 060/116] vfio/spapr.c: use QOM casts where appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [44/100] 86a61536de3668baab89ee1f4d89f3c23973f5e9 (rovick1/qemu-kvm)
+
+Use QOM casts to convert between VFIOSpaprContainer and VFIOLegacyContainer
+instead of accessing bcontainer directly.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-11-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 6c671235636cfb5e825040b4621ff06c77925731)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/spapr.c | 19 +++++++------------
+ 1 file changed, 7 insertions(+), 12 deletions(-)
+
+diff --git a/hw/vfio/spapr.c b/hw/vfio/spapr.c
+index acaa9c1419..c883ba6da9 100644
+--- a/hw/vfio/spapr.c
++++ b/hw/vfio/spapr.c
+@@ -61,7 +61,7 @@ static void vfio_prereg_listener_region_add(MemoryListener *listener,
+ {
+ VFIOSpaprContainer *scontainer = container_of(listener, VFIOSpaprContainer,
+ prereg_listener);
+- VFIOLegacyContainer *container = &scontainer->container;
++ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(scontainer);
+ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+ const hwaddr gpa = section->offset_within_address_space;
+ hwaddr end;
+@@ -121,7 +121,7 @@ static void vfio_prereg_listener_region_del(MemoryListener *listener,
+ {
+ VFIOSpaprContainer *scontainer = container_of(listener, VFIOSpaprContainer,
+ prereg_listener);
+- VFIOLegacyContainer *container = &scontainer->container;
++ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(scontainer);
+ const hwaddr gpa = section->offset_within_address_space;
+ hwaddr end;
+ int ret;
+@@ -245,8 +245,7 @@ static bool vfio_spapr_create_window(VFIOLegacyContainer *container,
+ {
+ int ret = 0;
+ VFIOContainer *bcontainer = VFIO_IOMMU(container);
+- VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+- container);
++ VFIOSpaprContainer *scontainer = VFIO_IOMMU_SPAPR(bcontainer);
+ IOMMUMemoryRegion *iommu_mr = IOMMU_MEMORY_REGION(section->mr);
+ uint64_t pagesize = memory_region_iommu_get_min_page_size(iommu_mr), pgmask;
+ unsigned entries, bits_total, bits_per_level, max_levels, ddw_levels;
+@@ -353,8 +352,7 @@ vfio_spapr_container_add_section_window(VFIOContainer *bcontainer,
+ Error **errp)
+ {
+ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+- VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+- container);
++ VFIOSpaprContainer *scontainer = VFIO_IOMMU_SPAPR(container);
+ VFIOHostDMAWindow *hostwin;
+ hwaddr pgsize = 0;
+ int ret;
+@@ -443,8 +441,7 @@ vfio_spapr_container_del_section_window(VFIOContainer *bcontainer,
+ MemoryRegionSection *section)
+ {
+ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+- VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+- container);
++ VFIOSpaprContainer *scontainer = VFIO_IOMMU_SPAPR(container);
+
+ if (container->iommu_type != VFIO_SPAPR_TCE_v2_IOMMU) {
+ return;
+@@ -464,8 +461,7 @@ vfio_spapr_container_del_section_window(VFIOContainer *bcontainer,
+ static void vfio_spapr_container_release(VFIOContainer *bcontainer)
+ {
+ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+- VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+- container);
++ VFIOSpaprContainer *scontainer = VFIO_IOMMU_SPAPR(container);
+ VFIOHostDMAWindow *hostwin, *next;
+
+ if (container->iommu_type == VFIO_SPAPR_TCE_v2_IOMMU) {
+@@ -482,8 +478,7 @@ static bool vfio_spapr_container_setup(VFIOContainer *bcontainer,
+ Error **errp)
+ {
+ VFIOLegacyContainer *container = VFIO_IOMMU_LEGACY(bcontainer);
+- VFIOSpaprContainer *scontainer = container_of(container, VFIOSpaprContainer,
+- container);
++ VFIOSpaprContainer *scontainer = VFIO_IOMMU_SPAPR(container);
+ struct vfio_iommu_spapr_tce_info info;
+ bool v2 = container->iommu_type == VFIO_SPAPR_TCE_v2_IOMMU;
+ int ret, fd = container->fd;
+--
+2.52.0
+
diff --git a/kvm-vfio-user-clarify-partial-message-handling.patch b/kvm-vfio-user-clarify-partial-message-handling.patch
new file mode 100644
index 0000000..1c4a7bb
--- /dev/null
+++ b/kvm-vfio-user-clarify-partial-message-handling.patch
@@ -0,0 +1,47 @@
+From 937cc3882a0c76eb65608f9c79f7f023e3a8bd26 Mon Sep 17 00:00:00 2001
+From: John Levon <john.levon@nutanix.com>
+Date: Wed, 3 Dec 2025 15:33:12 +0530
+Subject: [PATCH 108/116] vfio-user: clarify partial message handling
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [92/100] 7f20179aa72ae9188fc47b2f2230d58104b7b127 (rovick1/qemu-kvm)
+
+Improve a comment for this.
+
+Signed-off-by: John Levon <john.levon@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Link: https://lore.kernel.org/qemu-devel/20251203100316.3604456-3-john.levon@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 356c7b175258f29429fb91a7641f775080ab6b49)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/proxy.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c
+index 75845d7c89..82c76c6665 100644
+--- a/hw/vfio-user/proxy.c
++++ b/hw/vfio-user/proxy.c
+@@ -362,7 +362,10 @@ static int vfio_user_recv_one(VFIOUserProxy *proxy, Error **errp)
+ while (msgleft > 0) {
+ ret = qio_channel_read(proxy->ioc, data, msgleft, errp);
+
+- /* prepare to complete read on next iternation */
++ /*
++ * We'll complete this read on the next go around; keep track of the
++ * partial message until then.
++ */
+ if (ret == QIO_CHANNEL_ERR_BLOCK) {
+ proxy->part_recv = msg;
+ proxy->recv_left = msgleft;
+--
+2.52.0
+
diff --git a/kvm-vfio-user-container.h-rename-VFIOUserContainer-bcont.patch b/kvm-vfio-user-container.h-rename-VFIOUserContainer-bcont.patch
new file mode 100644
index 0000000..493267c
--- /dev/null
+++ b/kvm-vfio-user-container.h-rename-VFIOUserContainer-bcont.patch
@@ -0,0 +1,47 @@
+From 96f7b013ab842f7cc919480cb4b11f13c617c7ad Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:50 +0100
+Subject: [PATCH 037/116] vfio-user/container.h: rename VFIOUserContainer
+ bcontainer field to parent_obj
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [21/100] fe360b607b35d661f9d5045df8654b02f087f022 (rovick1/qemu-kvm)
+
+Now that nothing accesses the bcontainer field directly, rename bcontainer to
+parent_obj as per our current coding guidelines.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: John Levon <john.levon@nutanix.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-11-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 81b53891ca52288540e6e4f34bb924284feebc58)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/container.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/vfio-user/container.h b/hw/vfio-user/container.h
+index d5d2275af7..96aa6785d9 100644
+--- a/hw/vfio-user/container.h
++++ b/hw/vfio-user/container.h
+@@ -14,7 +14,7 @@
+
+ /* MMU container sub-class for vfio-user. */
+ struct VFIOUserContainer {
+- VFIOContainerBase bcontainer;
++ VFIOContainerBase parent_obj;
+
+ VFIOUserProxy *proxy;
+ };
+--
+2.52.0
+
diff --git a/kvm-vfio-user-container.h-update-VFIOUserContainer-decla.patch b/kvm-vfio-user-container.h-update-VFIOUserContainer-decla.patch
new file mode 100644
index 0000000..8e64a2b
--- /dev/null
+++ b/kvm-vfio-user-container.h-update-VFIOUserContainer-decla.patch
@@ -0,0 +1,53 @@
+From 01b0fa2ad3eb81243bb2032be91f3933ad47991d Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:48 +0100
+Subject: [PATCH 035/116] vfio-user/container.h: update VFIOUserContainer
+ declaration
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [19/100] cd1782d0e5a391a92cced59496565bc077b84ea1 (rovick1/qemu-kvm)
+
+Update the VFIOUserContainer declaration so that it is closer to our coding
+guidelines: remove the explicit typedef (this is already handled by the
+OBJECT_DECLARE_TYPE() macro) and add a blank line after the parent object.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: John Levon <john.levon@nutanix.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-9-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 52a1cc3dc00f09779aeb9aa9c6fcdc0284a40d4c)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/container.h | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio-user/container.h b/hw/vfio-user/container.h
+index 2bb1fa1343..d5d2275af7 100644
+--- a/hw/vfio-user/container.h
++++ b/hw/vfio-user/container.h
+@@ -13,10 +13,11 @@
+ #include "hw/vfio-user/proxy.h"
+
+ /* MMU container sub-class for vfio-user. */
+-typedef struct VFIOUserContainer {
++struct VFIOUserContainer {
+ VFIOContainerBase bcontainer;
++
+ VFIOUserProxy *proxy;
+-} VFIOUserContainer;
++};
+
+ OBJECT_DECLARE_SIMPLE_TYPE(VFIOUserContainer, VFIO_IOMMU_USER);
+
+--
+2.52.0
+
diff --git a/kvm-vfio-user-pci.c-rename-VFIOUserPCIDevice-device-fiel.patch b/kvm-vfio-user-pci.c-rename-VFIOUserPCIDevice-device-fiel.patch
new file mode 100644
index 0000000..65bc117
--- /dev/null
+++ b/kvm-vfio-user-pci.c-rename-VFIOUserPCIDevice-device-fiel.patch
@@ -0,0 +1,47 @@
+From b8105a116255cf1237c709b4c16dc9d4b98fa39b Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:53 +0100
+Subject: [PATCH 040/116] vfio-user/pci.c: rename VFIOUserPCIDevice device
+ field to parent_obj
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [24/100] a44be813509b770809e2e897c238d18496ae4c3d (rovick1/qemu-kvm)
+
+Now that nothing accesses the device field directly, rename device to
+parent_obj as per our current coding guidelines.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: John Levon <john.levon@nutanix.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-14-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 5fc421b8cd4813fa8ca9131905f12c4eedf55051)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/pci.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/vfio-user/pci.c b/hw/vfio-user/pci.c
+index 7b6a6514f6..c3947a8f2e 100644
+--- a/hw/vfio-user/pci.c
++++ b/hw/vfio-user/pci.c
+@@ -20,7 +20,7 @@
+ OBJECT_DECLARE_SIMPLE_TYPE(VFIOUserPCIDevice, VFIO_USER_PCI)
+
+ struct VFIOUserPCIDevice {
+- VFIOPCIDevice device;
++ VFIOPCIDevice parent_obj;
+
+ SocketAddress *socket;
+ bool send_queued; /* all sends are queued */
+--
+2.52.0
+
diff --git a/kvm-vfio-user-pci.c-rename-vfio_user_instance_finalize-t.patch b/kvm-vfio-user-pci.c-rename-vfio_user_instance_finalize-t.patch
new file mode 100644
index 0000000..0077fb2
--- /dev/null
+++ b/kvm-vfio-user-pci.c-rename-vfio_user_instance_finalize-t.patch
@@ -0,0 +1,54 @@
+From 82c288346ae45ef2efed23c0278fc317b7bc7b8f Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:34 +0100
+Subject: [PATCH 077/116] vfio-user/pci.c: rename vfio_user_instance_finalize()
+ to vfio_user_pci_finalize()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [61/100] 546ea3a8974ba1052bf2e0966c9711b855eed000 (rovick1/qemu-kvm)
+
+This is the more typical naming convention for QOM finalize() functions, in
+particular it changes the prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-27-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit d5447437aef2d326728e0ad1590a5fa50c0b33a3)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/pci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio-user/pci.c b/hw/vfio-user/pci.c
+index 52561900fd..d4f5c7b9d7 100644
+--- a/hw/vfio-user/pci.c
++++ b/hw/vfio-user/pci.c
+@@ -370,7 +370,7 @@ static void vfio_user_pci_init(Object *obj)
+ pci_dev->cap_present |= QEMU_PCI_CAP_EXPRESS;
+ }
+
+-static void vfio_user_instance_finalize(Object *obj)
++static void vfio_user_pci_finalize(Object *obj)
+ {
+ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(obj);
+ VFIODevice *vbasedev = &vdev->vbasedev;
+@@ -469,7 +469,7 @@ static const TypeInfo vfio_user_pci_dev_info = {
+ .instance_size = sizeof(VFIOUserPCIDevice),
+ .class_init = vfio_user_pci_class_init,
+ .instance_init = vfio_user_pci_init,
+- .instance_finalize = vfio_user_instance_finalize,
++ .instance_finalize = vfio_user_pci_finalize,
+ };
+
+ static void register_vfio_user_dev_type(void)
+--
+2.52.0
+
diff --git a/kvm-vfio-user-pci.c-rename-vfio_user_instance_init-to-vf.patch b/kvm-vfio-user-pci.c-rename-vfio_user_instance_init-to-vf.patch
new file mode 100644
index 0000000..4f479ca
--- /dev/null
+++ b/kvm-vfio-user-pci.c-rename-vfio_user_instance_init-to-vf.patch
@@ -0,0 +1,54 @@
+From 1719925d5205bc16e5b24b7c700394725b859b25 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:33 +0100
+Subject: [PATCH 076/116] vfio-user/pci.c: rename vfio_user_instance_init() to
+ vfio_user_pci_init()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [60/100] bbe07d177f7818de2d5acc76e523893873e4cd33 (rovick1/qemu-kvm)
+
+This is the more typical naming convention for QOM init() functions, in
+particular it changes the prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-26-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit de837b5cbd489410aab1eda00b4b50e45a85d5d6)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/pci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio-user/pci.c b/hw/vfio-user/pci.c
+index 30f485fdbb..52561900fd 100644
+--- a/hw/vfio-user/pci.c
++++ b/hw/vfio-user/pci.c
+@@ -344,7 +344,7 @@ error:
+ vfio_pci_put_device(vdev);
+ }
+
+-static void vfio_user_instance_init(Object *obj)
++static void vfio_user_pci_init(Object *obj)
+ {
+ PCIDevice *pci_dev = PCI_DEVICE(obj);
+ VFIOPCIDevice *vdev = VFIO_PCI_DEVICE(obj);
+@@ -468,7 +468,7 @@ static const TypeInfo vfio_user_pci_dev_info = {
+ .parent = TYPE_VFIO_PCI_DEVICE,
+ .instance_size = sizeof(VFIOUserPCIDevice),
+ .class_init = vfio_user_pci_class_init,
+- .instance_init = vfio_user_instance_init,
++ .instance_init = vfio_user_pci_init,
+ .instance_finalize = vfio_user_instance_finalize,
+ };
+
+--
+2.52.0
+
diff --git a/kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_class_init-.patch b/kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_class_init-.patch
new file mode 100644
index 0000000..3da250a
--- /dev/null
+++ b/kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_class_init-.patch
@@ -0,0 +1,53 @@
+From e50e324443d038ef125185ec9b306891e274eec4 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:31 +0100
+Subject: [PATCH 074/116] vfio-user/pci.c: rename
+ vfio_user_pci_dev_class_init() to vfio_user_pci_class_init()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [58/100] 2921e31af8529dc03b463ac3e2b34959b5794b65 (rovick1/qemu-kvm)
+
+This changes the function prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-24-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit c833f7a5c66e1264bfaaa389467c5af8d9c49082)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/pci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio-user/pci.c b/hw/vfio-user/pci.c
+index efceae69de..e2c5b5744c 100644
+--- a/hw/vfio-user/pci.c
++++ b/hw/vfio-user/pci.c
+@@ -446,7 +446,7 @@ static void vfio_user_pci_set_socket(Object *obj, Visitor *v, const char *name,
+ }
+ }
+
+-static void vfio_user_pci_dev_class_init(ObjectClass *klass, const void *data)
++static void vfio_user_pci_class_init(ObjectClass *klass, const void *data)
+ {
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ PCIDeviceClass *pdc = PCI_DEVICE_CLASS(klass);
+@@ -467,7 +467,7 @@ static const TypeInfo vfio_user_pci_dev_info = {
+ .name = TYPE_VFIO_USER_PCI,
+ .parent = TYPE_VFIO_PCI_DEVICE,
+ .instance_size = sizeof(VFIOUserPCIDevice),
+- .class_init = vfio_user_pci_dev_class_init,
++ .class_init = vfio_user_pci_class_init,
+ .instance_init = vfio_user_instance_init,
+ .instance_finalize = vfio_user_instance_finalize,
+ };
+--
+2.52.0
+
diff --git a/kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_info-to-vfi.patch b/kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_info-to-vfi.patch
new file mode 100644
index 0000000..bb0bef3
--- /dev/null
+++ b/kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_info-to-vfi.patch
@@ -0,0 +1,54 @@
+From 34756ef0d3a3da9068878146fd00e83a1c55a08c Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:35 +0100
+Subject: [PATCH 078/116] vfio-user/pci.c: rename vfio_user_pci_dev_info to
+ vfio_user_pci_info
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [62/100] 83106e7cacf0e4b91cbee8e17ecdb1a7976e6abf (rovick1/qemu-kvm)
+
+This changes the prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-28-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit d0776b8c60fcc5833fba1d2ce8e0780c429108bc)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/pci.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/hw/vfio-user/pci.c b/hw/vfio-user/pci.c
+index d4f5c7b9d7..b53ed3b456 100644
+--- a/hw/vfio-user/pci.c
++++ b/hw/vfio-user/pci.c
+@@ -463,7 +463,7 @@ static void vfio_user_pci_class_init(ObjectClass *klass, const void *data)
+ pdc->realize = vfio_user_pci_realize;
+ }
+
+-static const TypeInfo vfio_user_pci_dev_info = {
++static const TypeInfo vfio_user_pci_info = {
+ .name = TYPE_VFIO_USER_PCI,
+ .parent = TYPE_VFIO_PCI_DEVICE,
+ .instance_size = sizeof(VFIOUserPCIDevice),
+@@ -474,7 +474,7 @@ static const TypeInfo vfio_user_pci_dev_info = {
+
+ static void register_vfio_user_dev_type(void)
+ {
+- type_register_static(&vfio_user_pci_dev_info);
++ type_register_static(&vfio_user_pci_info);
+ }
+
+- type_init(register_vfio_user_dev_type)
++type_init(register_vfio_user_dev_type)
+--
+2.52.0
+
diff --git a/kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_properties-.patch b/kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_properties-.patch
new file mode 100644
index 0000000..b5d7135
--- /dev/null
+++ b/kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_properties-.patch
@@ -0,0 +1,53 @@
+From e6ebe1bacee5d50b07aed2837eb1844180ad32be Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:32 +0100
+Subject: [PATCH 075/116] vfio-user/pci.c: rename
+ vfio_user_pci_dev_properties[] to vfio_user_pci_properties[]
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [59/100] 20d11845e15a6584e72e871dc56232c1eb942f13 (rovick1/qemu-kvm)
+
+This changes the prefix to match the name of the QOM type.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-25-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 78f4b77607b41909c294f15ae4e51d87e36aab4f)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/pci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/hw/vfio-user/pci.c b/hw/vfio-user/pci.c
+index e2c5b5744c..30f485fdbb 100644
+--- a/hw/vfio-user/pci.c
++++ b/hw/vfio-user/pci.c
+@@ -400,7 +400,7 @@ static void vfio_user_pci_reset(DeviceState *dev)
+ vfio_pci_post_reset(vdev);
+ }
+
+-static const Property vfio_user_pci_dev_properties[] = {
++static const Property vfio_user_pci_properties[] = {
+ DEFINE_PROP_UINT32("x-pci-vendor-id", VFIOPCIDevice,
+ vendor_id, PCI_ANY_ID),
+ DEFINE_PROP_UINT32("x-pci-device-id", VFIOPCIDevice,
+@@ -452,7 +452,7 @@ static void vfio_user_pci_class_init(ObjectClass *klass, const void *data)
+ PCIDeviceClass *pdc = PCI_DEVICE_CLASS(klass);
+
+ device_class_set_legacy_reset(dc, vfio_user_pci_reset);
+- device_class_set_props(dc, vfio_user_pci_dev_properties);
++ device_class_set_props(dc, vfio_user_pci_properties);
+
+ object_class_property_add(klass, "socket", "SocketAddress", NULL,
+ vfio_user_pci_set_socket, NULL, NULL);
+--
+2.52.0
+
diff --git a/kvm-vfio-user-pci.c-update-VFIOUserPCIDevice-declaration.patch b/kvm-vfio-user-pci.c-update-VFIOUserPCIDevice-declaration.patch
new file mode 100644
index 0000000..07bcb5a
--- /dev/null
+++ b/kvm-vfio-user-pci.c-update-VFIOUserPCIDevice-declaration.patch
@@ -0,0 +1,45 @@
+From d98931cdfa112251a5cf4e9bfb6ea8cd12388d43 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:51 +0100
+Subject: [PATCH 038/116] vfio-user/pci.c: update VFIOUserPCIDevice declaration
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [22/100] 48c413bd4db7518a99030ec40b2de81f2bf596ba (rovick1/qemu-kvm)
+
+Update the VFIOUserPCIDevice declaration so that it is closer to our coding
+guidelines: add a blank line after the parent object.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: John Levon <john.levon@nutanix.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-12-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit b458e9e9e4c171622f19df18f5363c7ef4e8697f)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/pci.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/hw/vfio-user/pci.c b/hw/vfio-user/pci.c
+index dfaa89498d..29cb592e9c 100644
+--- a/hw/vfio-user/pci.c
++++ b/hw/vfio-user/pci.c
+@@ -21,6 +21,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(VFIOUserPCIDevice, VFIO_USER_PCI)
+
+ struct VFIOUserPCIDevice {
+ VFIOPCIDevice device;
++
+ SocketAddress *socket;
+ bool send_queued; /* all sends are queued */
+ uint32_t wait_time; /* timeout for message replies */
+--
+2.52.0
+
diff --git a/kvm-vfio-user-pci.c-use-QOM-casts-where-appropriate.patch b/kvm-vfio-user-pci.c-use-QOM-casts-where-appropriate.patch
new file mode 100644
index 0000000..ce51cda
--- /dev/null
+++ b/kvm-vfio-user-pci.c-use-QOM-casts-where-appropriate.patch
@@ -0,0 +1,56 @@
+From 05eecb8868a208bbb9c000e8c2a06b060a1c1250 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:52 +0100
+Subject: [PATCH 039/116] vfio-user/pci.c: use QOM casts where appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [23/100] e793696cd1ee5cbcf1b084f46e8e713f8f813dd5 (rovick1/qemu-kvm)
+
+Use QOM casts to convert between VFIOUserPCIDevice and VFIOPCIDevice instead
+of accessing device directly.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: John Levon <john.levon@nutanix.com>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-13-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 5d1219e358a559680fdc34b112e2b04806f5ff62)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/pci.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/hw/vfio-user/pci.c b/hw/vfio-user/pci.c
+index 29cb592e9c..7b6a6514f6 100644
+--- a/hw/vfio-user/pci.c
++++ b/hw/vfio-user/pci.c
+@@ -214,8 +214,9 @@ static void vfio_user_compute_needs_reset(VFIODevice *vbasedev)
+
+ static Object *vfio_user_pci_get_object(VFIODevice *vbasedev)
+ {
+- VFIOUserPCIDevice *vdev = container_of(vbasedev, VFIOUserPCIDevice,
+- device.vbasedev);
++ VFIOUserPCIDevice *vdev = VFIO_USER_PCI(container_of(vbasedev,
++ VFIOPCIDevice,
++ vbasedev));
+
+ return OBJECT(vdev);
+ }
+@@ -420,7 +421,7 @@ static void vfio_user_pci_set_socket(Object *obj, Visitor *v, const char *name,
+ VFIOUserPCIDevice *udev = VFIO_USER_PCI(obj);
+ bool success;
+
+- if (udev->device.vbasedev.proxy) {
++ if (VFIO_PCI_BASE(udev)->vbasedev.proxy) {
+ error_setg(errp, "Proxy is connected");
+ return;
+ }
+--
+2.52.0
+
diff --git a/kvm-vfio-user-pci.c-use-QOM-casts-where-appropriate2.patch b/kvm-vfio-user-pci.c-use-QOM-casts-where-appropriate2.patch
new file mode 100644
index 0000000..998029e
--- /dev/null
+++ b/kvm-vfio-user-pci.c-use-QOM-casts-where-appropriate2.patch
@@ -0,0 +1,62 @@
+From 2e7700817255deeae14c49b448ff5289f59b269c Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:26:00 +0100
+Subject: [PATCH 046/116] vfio-user/pci.c: use QOM casts where appropriate
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [30/100] 3fe414403346f5e653673bac6b19a0375b2283c3 (rovick1/qemu-kvm)
+
+Use QOM casts to convert between VFIOPCIDevice and PCIDevice instead of
+accessing pdev directly.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: John Levon <john.levon@nutanix.com>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-21-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit a49ef7a467c3ced0be048b02189092031e325d01)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/pci.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/hw/vfio-user/pci.c b/hw/vfio-user/pci.c
+index c3947a8f2e..e2c309784f 100644
+--- a/hw/vfio-user/pci.c
++++ b/hw/vfio-user/pci.c
+@@ -65,7 +65,7 @@ static void vfio_user_msix_setup(VFIOPCIDevice *vdev)
+ vdev->msix->pba_region = pba_reg;
+
+ vfio_reg = vdev->bars[vdev->msix->pba_bar].mr;
+- msix_reg = &vdev->pdev.msix_pba_mmio;
++ msix_reg = &PCI_DEVICE(vdev)->msix_pba_mmio;
+ memory_region_init_io(pba_reg, OBJECT(vdev), &vfio_user_pba_ops, vdev,
+ "VFIO MSIX PBA", int128_get64(msix_reg->size));
+ memory_region_add_subregion_overlap(vfio_reg, vdev->msix->pba_offset,
+@@ -86,7 +86,7 @@ static void vfio_user_msix_teardown(VFIOPCIDevice *vdev)
+
+ static void vfio_user_dma_read(VFIOPCIDevice *vdev, VFIOUserDMARW *msg)
+ {
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ VFIOUserProxy *proxy = vdev->vbasedev.proxy;
+ VFIOUserDMARW *res;
+ MemTxResult r;
+@@ -134,7 +134,7 @@ static void vfio_user_dma_read(VFIOPCIDevice *vdev, VFIOUserDMARW *msg)
+
+ static void vfio_user_dma_write(VFIOPCIDevice *vdev, VFIOUserDMARW *msg)
+ {
+- PCIDevice *pdev = &vdev->pdev;
++ PCIDevice *pdev = PCI_DEVICE(vdev);
+ VFIOUserProxy *proxy = vdev->vbasedev.proxy;
+ MemTxResult r;
+
+--
+2.52.0
+
diff --git a/kvm-vfio-user-recycle-msg-on-failure.patch b/kvm-vfio-user-recycle-msg-on-failure.patch
new file mode 100644
index 0000000..7738d55
--- /dev/null
+++ b/kvm-vfio-user-recycle-msg-on-failure.patch
@@ -0,0 +1,64 @@
+From e199275276173ff9bba201c762b40dd9649dd843 Mon Sep 17 00:00:00 2001
+From: John Levon <john.levon@nutanix.com>
+Date: Wed, 3 Dec 2025 15:33:15 +0530
+Subject: [PATCH 111/116] vfio-user: recycle msg on failure
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [95/100] e51ea3292bfecfcca427eb6d71399af7c36a0868 (rovick1/qemu-kvm)
+
+If we fail to read an incoming request, recycle the message.
+
+Resolves: Coverity CID 1611807
+Resolves: Coverity CID 1611808
+Signed-off-by: John Levon <john.levon@nutanix.com>
+Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Link: https://lore.kernel.org/qemu-devel/20251203100316.3604456-6-john.levon@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 23c586abf2e12843894189c4742c8ea55c594cd5)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/proxy.c | 21 ++++++++++++++++-----
+ 1 file changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c
+index f2601eada5..314dfd23d8 100644
+--- a/hw/vfio-user/proxy.c
++++ b/hw/vfio-user/proxy.c
+@@ -412,11 +412,22 @@ err:
+ for (i = 0; i < numfds; i++) {
+ close(fdp[i]);
+ }
+- if (isreply && msg != NULL) {
+- /* force an error to keep sending thread from hanging */
+- vfio_user_set_error(msg->hdr, EINVAL);
+- msg->complete = true;
+- qemu_cond_signal(&msg->cv);
++ if (msg != NULL) {
++ if (msg->type == VFIO_MSG_REQ) {
++ /*
++ * Clean up the request message on failure. Change type back to
++ * NOWAIT to free.
++ */
++ msg->type = VFIO_MSG_NOWAIT;
++ vfio_user_recycle(proxy, msg);
++ } else {
++ /*
++ * Report an error back to the sender. Sender will recycle msg.
++ */
++ vfio_user_set_error(msg->hdr, EINVAL);
++ msg->complete = true;
++ qemu_cond_signal(&msg->cv);
++ }
+ }
+ return -1;
+ }
+--
+2.52.0
+
diff --git a/kvm-vfio-user-refactor-out-header-handling.patch b/kvm-vfio-user-refactor-out-header-handling.patch
new file mode 100644
index 0000000..ed60f26
--- /dev/null
+++ b/kvm-vfio-user-refactor-out-header-handling.patch
@@ -0,0 +1,159 @@
+From 8769878dc551acd83b5dc68fd9cd22c6761bda7d Mon Sep 17 00:00:00 2001
+From: John Levon <john.levon@nutanix.com>
+Date: Wed, 3 Dec 2025 15:33:13 +0530
+Subject: [PATCH 109/116] vfio-user: refactor out header handling
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [93/100] a413ba0919ab7d1da9b2cb670782167da6f9a14b (rovick1/qemu-kvm)
+
+Simplify vfio_user_recv_one() by moving the header handling out to a
+helper function.
+
+Signed-off-by: John Levon <john.levon@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20251203100316.3604456-4-john.levon@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 7b884e2a27793e0ff5817ad04ecce85d0a90149d)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/proxy.c | 101 +++++++++++++++++++++++++------------------
+ 1 file changed, 60 insertions(+), 41 deletions(-)
+
+diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c
+index 82c76c6665..e0f9202535 100644
+--- a/hw/vfio-user/proxy.c
++++ b/hw/vfio-user/proxy.c
+@@ -218,6 +218,61 @@ static int vfio_user_complete(VFIOUserProxy *proxy, Error **errp)
+ return 1;
+ }
+
++static int vfio_user_recv_hdr(VFIOUserProxy *proxy, Error **errp,
++ VFIOUserHdr *hdr, int **fdp, size_t *numfdp,
++ bool *isreply)
++{
++ struct iovec iov = {
++ .iov_base = hdr,
++ .iov_len = sizeof(*hdr),
++ };
++ int ret;
++
++ /*
++ * Read header
++ */
++ ret = qio_channel_readv_full(proxy->ioc, &iov, 1, fdp, numfdp, 0,
++ errp);
++ if (ret == QIO_CHANNEL_ERR_BLOCK) {
++ return ret;
++ }
++
++ if (ret < 0) {
++ error_setg_errno(errp, errno, "failed to read header");
++ return -1;
++ } else if (ret == 0) {
++ error_setg(errp, "failed to read header: EOF");
++ return -1;
++ } else if (ret < sizeof(*hdr)) {
++ error_setg(errp, "short read of header");
++ return -1;
++ }
++
++ /*
++ * Validate header
++ */
++ if (hdr->size < sizeof(*hdr)) {
++ error_setg(errp, "bad header size");
++ return -1;
++ }
++
++ switch (hdr->flags & VFIO_USER_TYPE) {
++ case VFIO_USER_REQUEST:
++ *isreply = false;
++ break;
++ case VFIO_USER_REPLY:
++ *isreply = true;
++ break;
++ default:
++ error_setg(errp, "unknown message type");
++ return -1;
++ }
++
++ trace_vfio_user_recv_hdr(proxy->sockname, hdr->id, hdr->command, hdr->size,
++ hdr->flags);
++ return 0;
++}
++
+ /*
+ * Receive and process one incoming message.
+ *
+@@ -230,10 +285,6 @@ static int vfio_user_recv_one(VFIOUserProxy *proxy, Error **errp)
+ g_autofree int *fdp = NULL;
+ VFIOUserFDs *reqfds;
+ VFIOUserHdr hdr;
+- struct iovec iov = {
+- .iov_base = &hdr,
+- .iov_len = sizeof(hdr),
+- };
+ bool isreply = false;
+ int i, ret;
+ size_t msgleft, numfds = 0;
+@@ -257,45 +308,13 @@ static int vfio_user_recv_one(VFIOUserProxy *proxy, Error **errp)
+ /* else fall into reading another msg */
+ }
+
+- /*
+- * Read header
+- */
+- ret = qio_channel_readv_full(proxy->ioc, &iov, 1, &fdp, &numfds, 0,
+- errp);
+- if (ret == QIO_CHANNEL_ERR_BLOCK) {
+- return ret;
+- }
+-
+- /* read error or other side closed connection */
+- if (ret <= 0) {
+- goto fatal;
+- }
+-
+- if (ret < sizeof(hdr)) {
+- error_setg(errp, "short read of header");
+- goto fatal;
+- }
+-
+- /*
+- * Validate header
+- */
+- if (hdr.size < sizeof(VFIOUserHdr)) {
+- error_setg(errp, "bad header size");
+- goto fatal;
+- }
+- switch (hdr.flags & VFIO_USER_TYPE) {
+- case VFIO_USER_REQUEST:
+- isreply = false;
+- break;
+- case VFIO_USER_REPLY:
+- isreply = true;
+- break;
+- default:
+- error_setg(errp, "unknown message type");
++ ret = vfio_user_recv_hdr(proxy, errp, &hdr, &fdp, &numfds, &isreply);
++ if (ret < 0) {
++ if (ret == QIO_CHANNEL_ERR_BLOCK) {
++ return ret;
++ }
+ goto fatal;
+ }
+- trace_vfio_user_recv_hdr(proxy->sockname, hdr.id, hdr.command, hdr.size,
+- hdr.flags);
+
+ /*
+ * For replies, find the matching pending request.
+--
+2.52.0
+
diff --git a/kvm-vfio-user-simplify-vfio_user_process.patch b/kvm-vfio-user-simplify-vfio_user_process.patch
new file mode 100644
index 0000000..de9fb8b
--- /dev/null
+++ b/kvm-vfio-user-simplify-vfio_user_process.patch
@@ -0,0 +1,82 @@
+From 7743a6caf368f97cbd1afd0bcd3a48e0cab718e9 Mon Sep 17 00:00:00 2001
+From: John Levon <john.levon@nutanix.com>
+Date: Wed, 3 Dec 2025 15:33:11 +0530
+Subject: [PATCH 107/116] vfio-user: simplify vfio_user_process()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [91/100] 0ed846d289b58aae4610e3848cce58447e23cebb (rovick1/qemu-kvm)
+
+It can figure out if it's a reply by itself, rather than passing that
+information in.
+
+Signed-off-by: John Levon <john.levon@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Link: https://lore.kernel.org/qemu-devel/20251203100316.3604456-2-john.levon@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit a8731f691df2bd9efd041d836ece27e3173555f2)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/proxy.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c
+index bbd7ec243d..75845d7c89 100644
+--- a/hw/vfio-user/proxy.c
++++ b/hw/vfio-user/proxy.c
+@@ -147,8 +147,7 @@ VFIOUserFDs *vfio_user_getfds(int numfds)
+ /*
+ * Process a received message.
+ */
+-static void vfio_user_process(VFIOUserProxy *proxy, VFIOUserMsg *msg,
+- bool isreply)
++static void vfio_user_process(VFIOUserProxy *proxy, VFIOUserMsg *msg)
+ {
+
+ /*
+@@ -157,7 +156,7 @@ static void vfio_user_process(VFIOUserProxy *proxy, VFIOUserMsg *msg,
+ *
+ * Requests get queued for the BH.
+ */
+- if (isreply) {
++ if ((msg->hdr->flags & VFIO_USER_TYPE) == VFIO_USER_REPLY) {
+ msg->complete = true;
+ if (msg->type == VFIO_MSG_WAIT) {
+ qemu_cond_signal(&msg->cv);
+@@ -187,7 +186,6 @@ static int vfio_user_complete(VFIOUserProxy *proxy, Error **errp)
+ {
+ VFIOUserMsg *msg = proxy->part_recv;
+ size_t msgleft = proxy->recv_left;
+- bool isreply;
+ char *data;
+ int ret;
+
+@@ -214,8 +212,7 @@ static int vfio_user_complete(VFIOUserProxy *proxy, Error **errp)
+ */
+ proxy->part_recv = NULL;
+ proxy->recv_left = 0;
+- isreply = (msg->hdr->flags & VFIO_USER_TYPE) == VFIO_USER_REPLY;
+- vfio_user_process(proxy, msg, isreply);
++ vfio_user_process(proxy, msg);
+
+ /* return positive value */
+ return 1;
+@@ -381,7 +378,7 @@ static int vfio_user_recv_one(VFIOUserProxy *proxy, Error **errp)
+ data += ret;
+ }
+
+- vfio_user_process(proxy, msg, isreply);
++ vfio_user_process(proxy, msg);
+ return 0;
+
+ /*
+--
+2.52.0
+
diff --git a/kvm-vfio-user-simplify-vfio_user_recv_one.patch b/kvm-vfio-user-simplify-vfio_user_recv_one.patch
new file mode 100644
index 0000000..86c837c
--- /dev/null
+++ b/kvm-vfio-user-simplify-vfio_user_recv_one.patch
@@ -0,0 +1,143 @@
+From 6c3aa471fd1589312012625089ec0ac63b74c879 Mon Sep 17 00:00:00 2001
+From: John Levon <john.levon@nutanix.com>
+Date: Wed, 3 Dec 2025 15:33:14 +0530
+Subject: [PATCH 110/116] vfio-user: simplify vfio_user_recv_one()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [94/100] 708ef469d0590eb7719766bcfe97b4873a61a3e0 (rovick1/qemu-kvm)
+
+This function was unnecessarily difficult to understand due to the
+separate handling of request and reply messages. Use common code for
+both where we can.
+
+Signed-off-by: John Levon <john.levon@nutanix.com>
+Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Link: https://lore.kernel.org/qemu-devel/20251203100316.3604456-5-john.levon@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 0df8baec95b76c93093efde37d1644508c3c7d2c)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio-user/proxy.c | 68 +++++++++++++++++++-------------------------
+ 1 file changed, 30 insertions(+), 38 deletions(-)
+
+diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c
+index e0f9202535..f2601eada5 100644
+--- a/hw/vfio-user/proxy.c
++++ b/hw/vfio-user/proxy.c
+@@ -281,15 +281,14 @@ static int vfio_user_recv_hdr(VFIOUserProxy *proxy, Error **errp,
+ */
+ static int vfio_user_recv_one(VFIOUserProxy *proxy, Error **errp)
+ {
+- VFIOUserMsg *msg = NULL;
+ g_autofree int *fdp = NULL;
+- VFIOUserFDs *reqfds;
+- VFIOUserHdr hdr;
++ VFIOUserMsg *msg = NULL;
+ bool isreply = false;
+- int i, ret;
+- size_t msgleft, numfds = 0;
++ size_t msgleft = 0;
++ size_t numfds = 0;
+ char *data = NULL;
+- char *buf = NULL;
++ VFIOUserHdr hdr;
++ int i, ret;
+
+ /*
+ * Complete any partial reads
+@@ -317,8 +316,8 @@ static int vfio_user_recv_one(VFIOUserProxy *proxy, Error **errp)
+ }
+
+ /*
+- * For replies, find the matching pending request.
+- * For requests, reap incoming FDs.
++ * Find the matching request if this is a reply, or initialize a new
++ * server->client request.
+ */
+ if (isreply) {
+ QTAILQ_FOREACH(msg, &proxy->pending, next) {
+@@ -332,51 +331,44 @@ static int vfio_user_recv_one(VFIOUserProxy *proxy, Error **errp)
+ }
+ QTAILQ_REMOVE(&proxy->pending, msg, next);
+
+- /*
+- * Process any received FDs
+- */
+- if (numfds != 0) {
+- if (msg->fds == NULL || msg->fds->recv_fds < numfds) {
+- error_setg(errp, "unexpected FDs");
+- goto err;
+- }
+- msg->fds->recv_fds = numfds;
+- memcpy(msg->fds->fds, fdp, numfds * sizeof(int));
+- }
+- } else {
+- if (numfds != 0) {
+- reqfds = vfio_user_getfds(numfds);
+- memcpy(reqfds->fds, fdp, numfds * sizeof(int));
+- } else {
+- reqfds = NULL;
+- }
+- }
+-
+- /*
+- * Put the whole message into a single buffer.
+- */
+- if (isreply) {
+ if (hdr.size > msg->rsize) {
+ error_setg(errp, "reply larger than recv buffer");
+ goto err;
+ }
+- *msg->hdr = hdr;
+- data = (char *)msg->hdr + sizeof(hdr);
+ } else {
++ void *buf;
++
+ if (hdr.size > proxy->max_xfer_size + sizeof(VFIOUserDMARW)) {
+ error_setg(errp, "vfio_user_recv request larger than max");
+ goto err;
+ }
++
+ buf = g_malloc0(hdr.size);
+- memcpy(buf, &hdr, sizeof(hdr));
+- data = buf + sizeof(hdr);
+- msg = vfio_user_getmsg(proxy, (VFIOUserHdr *)buf, reqfds);
++ msg = vfio_user_getmsg(proxy, buf, NULL);
+ msg->type = VFIO_MSG_REQ;
+ }
+
++ *msg->hdr = hdr;
++ data = (char *)msg->hdr + sizeof(hdr);
++
++ if (numfds != 0) {
++ if (msg->type == VFIO_MSG_REQ) {
++ msg->fds = vfio_user_getfds(numfds);
++ } else {
++ if (msg->fds == NULL || msg->fds->recv_fds < numfds) {
++ error_setg(errp, "unexpected FDs in reply");
++ goto err;
++ }
++ msg->fds->recv_fds = numfds;
++ }
++
++ memcpy(msg->fds->fds, fdp, numfds * sizeof(int));
++ }
++
+ /*
+- * Read rest of message.
++ * Read rest of message into the data buffer.
+ */
++
+ msgleft = hdr.size - sizeof(hdr);
+ while (msgleft > 0) {
+ ret = qio_channel_read(proxy->ioc, data, msgleft, errp);
+--
+2.52.0
+
diff --git a/kvm-vfio-vfio-container-base.h-update-VFIOContainerBase-.patch b/kvm-vfio-vfio-container-base.h-update-VFIOContainerBase-.patch
new file mode 100644
index 0000000..65aaa86
--- /dev/null
+++ b/kvm-vfio-vfio-container-base.h-update-VFIOContainerBase-.patch
@@ -0,0 +1,78 @@
+From 9ef77c527a5069c6f74141e59a7e0041ff600574 Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:41 +0100
+Subject: [PATCH 029/116] vfio/vfio-container-base.h: update VFIOContainerBase
+ declaration
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [13/100] 9e35dfbfb328dfc7be6d7d44699f7b3b77b3568a (rovick1/qemu-kvm)
+
+Update the VFIOContainerBase declaration to match our current coding
+guidelines: remove the explicit typedef (this is already handled by the
+OBJECT_DECLARE_TYPE() macro), add a blank line after the parent object,
+rename parent to parent_obj, and move the macro declaration next to the
+VFIOContainerBase struct declaration.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-2-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 42875d256d204e69b608f2bd265f85fae32dd4bd)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ include/hw/vfio/vfio-container-base.h | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/include/hw/vfio/vfio-container-base.h b/include/hw/vfio/vfio-container-base.h
+index bded6e993f..acbd48a18a 100644
+--- a/include/hw/vfio/vfio-container-base.h
++++ b/include/hw/vfio/vfio-container-base.h
+@@ -33,8 +33,9 @@ typedef struct VFIOAddressSpace {
+ /*
+ * This is the base object for vfio container backends
+ */
+-typedef struct VFIOContainerBase {
+- Object parent;
++struct VFIOContainerBase {
++ Object parent_obj;
++
+ VFIOAddressSpace *space;
+ MemoryListener listener;
+ Error *error;
+@@ -51,7 +52,10 @@ typedef struct VFIOContainerBase {
+ QLIST_HEAD(, VFIODevice) device_list;
+ GList *iova_ranges;
+ NotifierWithReturn cpr_reboot_notifier;
+-} VFIOContainerBase;
++};
++
++#define TYPE_VFIO_IOMMU "vfio-iommu"
++OBJECT_DECLARE_TYPE(VFIOContainerBase, VFIOIOMMUClass, VFIO_IOMMU)
+
+ typedef struct VFIOGuestIOMMU {
+ VFIOContainerBase *bcontainer;
+@@ -105,14 +109,11 @@ vfio_container_get_page_size_mask(const VFIOContainerBase *bcontainer)
+ return bcontainer->pgsizes;
+ }
+
+-#define TYPE_VFIO_IOMMU "vfio-iommu"
+ #define TYPE_VFIO_IOMMU_LEGACY TYPE_VFIO_IOMMU "-legacy"
+ #define TYPE_VFIO_IOMMU_SPAPR TYPE_VFIO_IOMMU "-spapr"
+ #define TYPE_VFIO_IOMMU_IOMMUFD TYPE_VFIO_IOMMU "-iommufd"
+ #define TYPE_VFIO_IOMMU_USER TYPE_VFIO_IOMMU "-user"
+
+-OBJECT_DECLARE_TYPE(VFIOContainerBase, VFIOIOMMUClass, VFIO_IOMMU)
+-
+ struct VFIOIOMMUClass {
+ ObjectClass parent_class;
+
+--
+2.52.0
+
diff --git a/kvm-vfio-vfio-container.h-rename-VFIOContainer-bcontaine.patch b/kvm-vfio-vfio-container.h-rename-VFIOContainer-bcontaine.patch
new file mode 100644
index 0000000..9a07746
--- /dev/null
+++ b/kvm-vfio-vfio-container.h-rename-VFIOContainer-bcontaine.patch
@@ -0,0 +1,46 @@
+From 849dde57c6e53aea022ee543a862ed4508556dbd Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:47 +0100
+Subject: [PATCH 034/116] vfio/vfio-container.h: rename VFIOContainer
+ bcontainer field to parent_obj
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [18/100] 855ee391410e84df410bf0d60b908b57732e98a9 (rovick1/qemu-kvm)
+
+Now that nothing accesses the bcontainer field directly, rename bcontainer to
+parent_obj as per our current coding guidelines.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-8-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 507a118e9f8cc328c55adc531336e075fa8ee2d7)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ include/hw/vfio/vfio-container.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/hw/vfio/vfio-container.h b/include/hw/vfio/vfio-container.h
+index 50c91788d5..240f566993 100644
+--- a/include/hw/vfio/vfio-container.h
++++ b/include/hw/vfio/vfio-container.h
+@@ -26,7 +26,7 @@ typedef struct VFIOGroup {
+ } VFIOGroup;
+
+ struct VFIOContainer {
+- VFIOContainerBase bcontainer;
++ VFIOContainerBase parent_obj;
+
+ int fd; /* /dev/vfio/vfio, empowered by the attached groups */
+ unsigned iommu_type;
+--
+2.52.0
+
diff --git a/kvm-vfio-vfio-container.h-update-VFIOContainer-declarati.patch b/kvm-vfio-vfio-container.h-update-VFIOContainer-declarati.patch
new file mode 100644
index 0000000..bb2a610
--- /dev/null
+++ b/kvm-vfio-vfio-container.h-update-VFIOContainer-declarati.patch
@@ -0,0 +1,55 @@
+From 686d603502ea7af8420f9fee603cca00103159dc Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Tue, 15 Jul 2025 10:25:42 +0100
+Subject: [PATCH 030/116] vfio/vfio-container.h: update VFIOContainer
+ declaration
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [14/100] 436abec7a08de2d3558242abbd20adc0330f6200 (rovick1/qemu-kvm)
+
+Update the VFIOContainer declaration so that it is closer to our coding
+guidelines: emove the explicit typedef (this is already handled by the
+OBJECT_DECLARE_TYPE() macro) and add a blank line after the parent object.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Link: https://lore.kernel.org/qemu-devel/20250715093110.107317-3-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit 98c12de5aeb1cb464a9cde13cd7a53dd6520d3aa)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ include/hw/vfio/vfio-container.h | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/include/hw/vfio/vfio-container.h b/include/hw/vfio/vfio-container.h
+index 21e5807e48..50c91788d5 100644
+--- a/include/hw/vfio/vfio-container.h
++++ b/include/hw/vfio/vfio-container.h
+@@ -25,13 +25,14 @@ typedef struct VFIOGroup {
+ bool ram_block_discard_allowed;
+ } VFIOGroup;
+
+-typedef struct VFIOContainer {
++struct VFIOContainer {
+ VFIOContainerBase bcontainer;
++
+ int fd; /* /dev/vfio/vfio, empowered by the attached groups */
+ unsigned iommu_type;
+ QLIST_HEAD(, VFIOGroup) group_list;
+ VFIOContainerCPR cpr;
+-} VFIOContainer;
++};
+
+ OBJECT_DECLARE_SIMPLE_TYPE(VFIOContainer, VFIO_IOMMU_LEGACY);
+
+--
+2.52.0
+
diff --git a/kvm-vfio-vfio-iommufd.h-rename-VFIOContainer-bcontainer-.patch b/kvm-vfio-vfio-iommufd.h-rename-VFIOContainer-bcontainer-.patch
new file mode 100644
index 0000000..12d3c98
--- /dev/null
+++ b/kvm-vfio-vfio-iommufd.h-rename-VFIOContainer-bcontainer-.patch
@@ -0,0 +1,53 @@
+From b77a509616b7947e546491196ac97ca6cc34aede Mon Sep 17 00:00:00 2001
+From: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Date: Thu, 25 Sep 2025 12:31:17 +0100
+Subject: [PATCH 059/116] vfio/vfio-iommufd.h: rename VFIOContainer bcontainer
+ field to parent_obj
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Rodolfo Vick <None>
+RH-MergeRequest: 486: Add DMABUF support
+RH-Jira: RHEL-138494
+RH-Acked-by: Cédric Le Goater <clg@redhat.com>
+RH-Acked-by: Eric Auger <eric.auger@redhat.com>
+RH-Commit: [43/100] 2676c22c782a92aa2ff910f437f6a1d830e01f7d (rovick1/qemu-kvm)
+
+Now that nothing accesses the bcontainer field directly, rename bcontainer to
+parent_obj as per our current coding guidelines.
+
+Signed-off-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
+Reviewed-by: Cédric Le Goater <clg@redhat.com>
+Link: https://lore.kernel.org/qemu-devel/20250925113159.1760317-10-mark.caveayland@nutanix.com
+Signed-off-by: Cédric Le Goater <clg@redhat.com>
+(cherry picked from commit a7f185cbeca75555a7fa7272afbd3a06bc4f7f66)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ hw/vfio/vfio-iommufd.h | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/hw/vfio/vfio-iommufd.h b/hw/vfio/vfio-iommufd.h
+index 13f412aad7..6b28e1ff7b 100644
+--- a/hw/vfio/vfio-iommufd.h
++++ b/hw/vfio/vfio-iommufd.h
+@@ -22,12 +22,13 @@ typedef struct VFIOIOASHwpt {
+
+ typedef struct IOMMUFDBackend IOMMUFDBackend;
+
+-typedef struct VFIOIOMMUFDContainer {
+- VFIOContainer bcontainer;
++struct VFIOIOMMUFDContainer {
++ VFIOContainer parent_obj;
++
+ IOMMUFDBackend *be;
+ uint32_t ioas_id;
+ QLIST_HEAD(, VFIOIOASHwpt) hwpt_list;
+-} VFIOIOMMUFDContainer;
++};
+
+ OBJECT_DECLARE_SIMPLE_TYPE(VFIOIOMMUFDContainer, VFIO_IOMMU_IOMMUFD);
+
+--
+2.52.0
+
diff --git a/kvm-vmstate-Introduce-VMSTATE_VARRAY_INT32_ALLOC.patch b/kvm-vmstate-Introduce-VMSTATE_VARRAY_INT32_ALLOC.patch
new file mode 100644
index 0000000..2a520f4
--- /dev/null
+++ b/kvm-vmstate-Introduce-VMSTATE_VARRAY_INT32_ALLOC.patch
@@ -0,0 +1,61 @@
+From 0539b459c8a134559b05dbfc3fc1244f64e89e62 Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Fri, 6 Mar 2026 09:01:12 +0000
+Subject: [PATCH 001/116] vmstate: Introduce VMSTATE_VARRAY_INT32_ALLOC
+
+RH-Author: Eric Auger <eric.auger@redhat.com>
+RH-MergeRequest: 488: [rhel-10] Backport cross-kernel migration failure mitigation series
+RH-Jira: RHEL-174858
+RH-Acked-by: Mohammadfaiz Bawa <None>
+RH-Acked-by: Sebastian Ott <sebott@redhat.com>
+RH-Acked-by: Gavin Shan <gshan@redhat.com>
+RH-Commit: [1/16] 54c0c7a95e98c7d6eb73119763121c3ba30e8c58 (eauger1/centos-qemu-kvm)
+
+Already existing VMSTATE_VARRAY_INT32 requires an array to be
+pre-allocated, however there are cases when the size is not known in
+advance and there is no real need to enforce it.
+
+Introduce VMSTATE_VARRAY_INT32_ALLOC as we currently have for UINT32
+and UINT16.
+
+The first user of this variant will be the target/arm/machine.c cpreg
+indexes/values arrays.
+
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Message-id: 20260304101625.1962633-2-eric.auger@redhat.com
+Suggested-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Peter Xu <peterx@redhat.com>
+Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+(cherry picked from commit f555338df754b37e042d5b88610c34b1d1845383)
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+---
+ include/migration/vmstate.h | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
+index 1ff7bd9ac4..ef2f0c5c93 100644
+--- a/include/migration/vmstate.h
++++ b/include/migration/vmstate.h
+@@ -432,6 +432,16 @@ extern const VMStateInfo vmstate_info_qlist;
+ .offset = vmstate_offset_pointer(_state, _field, _type), \
+ }
+
++#define VMSTATE_VARRAY_INT32_ALLOC(_field, _state, _field_num, _version, _info, _type) {\
++ .name = (stringify(_field)), \
++ .version_id = (_version), \
++ .num_offset = vmstate_offset_value(_state, _field_num, int32_t), \
++ .info = &(_info), \
++ .size = sizeof(_type), \
++ .flags = VMS_VARRAY_INT32 | VMS_POINTER | VMS_ALLOC, \
++ .offset = vmstate_offset_pointer(_state, _field, _type), \
++}
++
+ #define VMSTATE_VARRAY_UINT32_ALLOC(_field, _state, _field_num, _version, _info, _type) {\
+ .name = (stringify(_field)), \
+ .version_id = (_version), \
+--
+2.52.0
+
diff --git a/qemu.spec b/qemu.spec
index 2759b87..0e5e3c6 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -143,7 +143,7 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version} \
Summary: QEMU is a machine emulator and virtualizer
Name: qemu-kvm
Version: 10.1.0
-Release: 18%{?rcrel}%{?dist}%{?cc_suffix}
+Release: 19%{?rcrel}%{?dist}%{?cc_suffix}
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
# Epoch 15 used for RHEL 8
# Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5)
@@ -447,6 +447,238 @@ Patch143: kvm-docs-specs-tpm-document-PPI-support-on-ARM64-virt.patch
Patch144: kvm-hw-acpi-tpm-parameterize-PPI-base-address-in-tpm_bui.patch
# For RHEL-112608 - [ARM64] Windows 11 VM should install without TPM Bypass
Patch145: kvm-hw-tpm-add-PPI-support-to-tpm-tis-device-for-ARM64-v.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch146: kvm-vmstate-Introduce-VMSTATE_VARRAY_INT32_ALLOC.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch147: kvm-target-arm-Move-compare_u64-to-helper.c.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch148: kvm-target-arm-Convert-init_cpreg_list-to-g_hash_table_f.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch149: kvm-target-arm-machine-Use-VMSTATE_VARRAY_INT32_ALLOC-fo.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch150: kvm-target-arm-kvm-Export-kvm_print_register_name.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch151: kvm-target-arm-kvm-Tweak-print_register_name-for-arm64-s.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch152: kvm-target-arm-machine-Trace-cpreg-names-which-do-not-ma.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch153: kvm-target-arm-machine-Trace-all-register-mismatches.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch154: kvm-target-arm-machine-Fix-detection-of-unknown-incoming.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch155: kvm-target-arm-cpu-Introduce-the-infrastructure-for-cpre.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch156: kvm-target-arm-machine-Handle-ToleranceNotOnBothEnds-mig.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch157: kvm-target-arm-machine-Handle-ToleranceOnlySrcTestValue-.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch158: kvm-target-arm-cpu64-Mitigate-migration-failures-due-to-.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch159: kvm-target-arm-cpu64-Define-cpreg-migration-tolerance-fo.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch160: kvm-target-arm-helper-Define-cpreg-migration-tolerance-f.patch
+# For RHEL-174858 - [rhel10] Backport qemu cross-kernel migration mitigation series
+Patch161: kvm-Revert-target-arm-Reinstate-bogus-AArch32-DBGDTRTX-r.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch162: kvm-hw-pci-host-gpex-acpi-Fix-_DSM-function-0-support-re.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch163: kvm-vfio-scsi-ui-Error-check-qio_channel_socket_connect_.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch164: kvm-vfio-igd-Enable-quirks-when-IGD-is-not-the-primary-d.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch165: kvm-vfio-Remove-vfio-amd-xgbe-device.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch166: kvm-vfio-Remove-vfio-calxeda-xgmac-device.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch167: kvm-hw-arm-virt-Include-system-system.h.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch168: kvm-vfio-Remove-vfio-platform.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch169: kvm-vfio-Move-vfio-region.h-under-hw-vfio.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch170: kvm-vfio-container-set-error-on-cpr-failure.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch171: kvm-vfio-Report-an-error-when-the-dma_max_mappings-limit.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch172: kvm-hw-vfio-user-add-x-pci-class-code.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch173: kvm-vfio-Introduce-helper-vfio_pci_from_vfio_device.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch174: kvm-vfio-vfio-container-base.h-update-VFIOContainerBase-.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch175: kvm-vfio-vfio-container.h-update-VFIOContainer-declarati.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch176: kvm-hw-vfio-cpr-legacy.c-use-QOM-casts-where-appropriate.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch177: kvm-hw-vfio-container.c-use-QOM-casts-where-appropriate.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch178: kvm-vfio-spapr.c-use-QOM-casts-where-appropriate.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch179: kvm-vfio-vfio-container.h-rename-VFIOContainer-bcontaine.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch180: kvm-vfio-user-container.h-update-VFIOUserContainer-decla.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch181: kvm-vfio-container.c-use-QOM-casts-where-appropriate.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch182: kvm-vfio-user-container.h-rename-VFIOUserContainer-bcont.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch183: kvm-vfio-user-pci.c-update-VFIOUserPCIDevice-declaration.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch184: kvm-vfio-user-pci.c-use-QOM-casts-where-appropriate.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch185: kvm-vfio-user-pci.c-rename-VFIOUserPCIDevice-device-fiel.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch186: kvm-vfio-pci.h-update-VFIOPCIDevice-declaration.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch187: kvm-vfio-pci.c-use-QOM-casts-where-appropriate.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch188: kvm-vfio-pci-quirks.c-use-QOM-casts-where-appropriate.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch189: kvm-vfio-cpr.c-use-QOM-casts-where-appropriate.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch190: kvm-vfio-igd.c-use-QOM-casts-where-appropriate.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch191: kvm-vfio-user-pci.c-use-QOM-casts-where-appropriate2.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch192: kvm-vfio-pci.h-rename-VFIOPCIDevice-pdev-field-to-parent.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch193: kvm-treewide-handle-result-of-qio_channel_set_blocking.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch194: kvm-vfio-pci-Do-not-unparent-in-instance_finalize.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch195: kvm-vfio-Do-not-unparent-in-instance_finalize.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch196: kvm-include-hw-vfio-vfio-container.h-rename-VFIOContaine.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch197: kvm-include-hw-vfio-vfio-container-base.h-rename-VFIOCon.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch198: kvm-include-hw-vfio-vfio-container.h-rename-file-to-vfio.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch199: kvm-include-hw-vfio-vfio-container-base.h-rename-file-to.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch200: kvm-hw-vfio-container.c-rename-file-to-container-legacy..patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch201: kvm-hw-vfio-container-base.c-rename-file-to-container.c.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch202: kvm-vfio-iommufd.c-use-QOM-casts-where-appropriate.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch203: kvm-vfio-cpr-iommufd.c-use-QOM-casts-where-appropriate.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch204: kvm-vfio-vfio-iommufd.h-rename-VFIOContainer-bcontainer-.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch205: kvm-vfio-spapr.c-use-QOM-casts-where-appropriate2.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch206: kvm-vfio-spapr.c-rename-VFIOContainer-bcontainer-field-t.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch207: kvm-vfio-pci.c-rename-vfio_instance_init-to-vfio_pci_ini.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch208: kvm-vfio-pci.c-rename-vfio_instance_finalize-to-vfio_pci.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch209: kvm-vfio-pci.c-rename-vfio_pci_dev_class_init-to-vfio_pc.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch210: kvm-vfio-pci.c-rename-vfio_pci_dev_info-to-vfio_pci_info.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch211: kvm-s390x-s390-pci-vfio.c-use-QOM-casts-where-appropriat.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch212: kvm-hw-vfio-types.h-rename-TYPE_VFIO_PCI_BASE-to-TYPE_VF.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch213: kvm-vfio-pci.c-rename-vfio_pci_base_dev_class_init-to-vf.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch214: kvm-vfio-pci.c-rename-vfio_pci_base_dev_info-to-vfio_pci.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch215: kvm-vfio-pci.c-rename-vfio_pci_dev_properties-to-vfio_pc.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch216: kvm-vfio-pci.c-rename-vfio_pci_dev_nohotplug_properties-.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch217: kvm-vfio-pci.c-rename-vfio_pci_nohotplug_dev_class_init-.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch218: kvm-vfio-pci.c-rename-vfio_pci_nohotplug_dev_info-to-vfi.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch219: kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_class_init-.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch220: kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_properties-.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch221: kvm-vfio-user-pci.c-rename-vfio_user_instance_init-to-vf.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch222: kvm-vfio-user-pci.c-rename-vfio_user_instance_finalize-t.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch223: kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_info-to-vfi.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch224: kvm-include-hw-vfio-vfio-device.h-fix-include-header-gua.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch225: kvm-vfio-Remove-workaround-for-kernel-DMA-unmap-overflow.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch226: kvm-system-iommufd-Use-uint64_t-type-for-IOVA-mapping-si.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch227: kvm-hw-vfio-Reorder-vfio_container_query_dirty_bitmap-tr.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch228: kvm-hw-vfio-Avoid-ram_addr_t-in-vfio_container_query_dir.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch229: kvm-hw-vfio-Use-uint64_t-for-IOVA-mapping-size-in-vfio_c.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch230: kvm-migration-push-Error-errp-into-vmstate_subsection_lo.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch231: kvm-migration-push-Error-errp-into-vmstate_load_state.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch232: kvm-migration-Remove-error-variant-of-vmstate_save_state.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch233: kvm-migration-multi-mode-notifier.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch234: kvm-migration-add-cpr_walk_fd.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch235: kvm-oslib-qemu_clear_cloexec.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch236: kvm-migration-cpr-exec-command-parameter.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch237: kvm-migration-cpr-exec-save-and-load.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch238: kvm-migration-cpr-exec-mode.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch239: kvm-migration-cpr-exec-docs.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch240: kvm-vfio-cpr-exec-mode.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch241: kvm-hw-vfio-listener-Include-missing-exec-target_page.h-.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch242: kvm-hw-Remove-unnecessary-system-ram_addr.h-header.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch243: kvm-vfio-container-Remap-only-populated-parts-in-a-secti.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch244: kvm-vfio-cpr-legacy-drop-an-erroneous-assert.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch245: kvm-vfio-iommufd-Set-cpr.ioas_id-on-source-side-for-CPR-.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch246: kvm-vfio-iommufd-Restore-vbasedev-s-reference-to-hwpt-af.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch247: kvm-vfio-container-Support-unmap-all-in-one-ioctl.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch248: kvm-vfio-iommufd-Support-unmap-all-in-one-ioctl.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch249: kvm-vfio-listener-Add-an-assertion-for-unmap_all.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch250: kvm-vfio-Clean-up-includes.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch251: kvm-migration-set-correct-list-pointer-when-removing-not.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch252: kvm-vfio-user-simplify-vfio_user_process.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch253: kvm-vfio-user-clarify-partial-message-handling.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch254: kvm-vfio-user-refactor-out-header-handling.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch255: kvm-vfio-user-simplify-vfio_user_recv_one.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch256: kvm-vfio-user-recycle-msg-on-failure.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch257: kvm-include-hw-hyperv-Remove-unused-struct-mshv_vp_regis.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch258: kvm-linux-headers-Update-to-Linux-v6.18-rc3.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch259: kvm-linux-headers-Update-to-Linux-v6.19-rc1.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch260: kvm-hw-vfio-Add-helper-to-retrieve-device-feature.patch
+# For RHEL-138494 - NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3
+Patch261: kvm-hw-vfio-region-Create-dmabuf-for-PCI-BAR-per-region.patch
%if %{have_clang}
BuildRequires: clang
@@ -1526,6 +1758,128 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%endif
%changelog
+* Tue May 26 2026 Miroslav Rezanina <mrezanin@redhat.com> - 10.1.0-19
+- kvm-vmstate-Introduce-VMSTATE_VARRAY_INT32_ALLOC.patch [RHEL-174858]
+- kvm-target-arm-Move-compare_u64-to-helper.c.patch [RHEL-174858]
+- kvm-target-arm-Convert-init_cpreg_list-to-g_hash_table_f.patch [RHEL-174858]
+- kvm-target-arm-machine-Use-VMSTATE_VARRAY_INT32_ALLOC-fo.patch [RHEL-174858]
+- kvm-target-arm-kvm-Export-kvm_print_register_name.patch [RHEL-174858]
+- kvm-target-arm-kvm-Tweak-print_register_name-for-arm64-s.patch [RHEL-174858]
+- kvm-target-arm-machine-Trace-cpreg-names-which-do-not-ma.patch [RHEL-174858]
+- kvm-target-arm-machine-Trace-all-register-mismatches.patch [RHEL-174858]
+- kvm-target-arm-machine-Fix-detection-of-unknown-incoming.patch [RHEL-174858]
+- kvm-target-arm-cpu-Introduce-the-infrastructure-for-cpre.patch [RHEL-174858]
+- kvm-target-arm-machine-Handle-ToleranceNotOnBothEnds-mig.patch [RHEL-174858]
+- kvm-target-arm-machine-Handle-ToleranceOnlySrcTestValue-.patch [RHEL-174858]
+- kvm-target-arm-cpu64-Mitigate-migration-failures-due-to-.patch [RHEL-174858]
+- kvm-target-arm-cpu64-Define-cpreg-migration-tolerance-fo.patch [RHEL-174858]
+- kvm-target-arm-helper-Define-cpreg-migration-tolerance-f.patch [RHEL-174858]
+- kvm-Revert-target-arm-Reinstate-bogus-AArch32-DBGDTRTX-r.patch [RHEL-174858]
+- kvm-hw-pci-host-gpex-acpi-Fix-_DSM-function-0-support-re.patch [RHEL-138494]
+- kvm-vfio-scsi-ui-Error-check-qio_channel_socket_connect_.patch [RHEL-138494]
+- kvm-vfio-igd-Enable-quirks-when-IGD-is-not-the-primary-d.patch [RHEL-138494]
+- kvm-vfio-Remove-vfio-amd-xgbe-device.patch [RHEL-138494]
+- kvm-vfio-Remove-vfio-calxeda-xgmac-device.patch [RHEL-138494]
+- kvm-hw-arm-virt-Include-system-system.h.patch [RHEL-138494]
+- kvm-vfio-Remove-vfio-platform.patch [RHEL-138494]
+- kvm-vfio-Move-vfio-region.h-under-hw-vfio.patch [RHEL-138494]
+- kvm-vfio-container-set-error-on-cpr-failure.patch [RHEL-138494]
+- kvm-vfio-Report-an-error-when-the-dma_max_mappings-limit.patch [RHEL-138494]
+- kvm-hw-vfio-user-add-x-pci-class-code.patch [RHEL-138494]
+- kvm-vfio-Introduce-helper-vfio_pci_from_vfio_device.patch [RHEL-138494]
+- kvm-vfio-vfio-container-base.h-update-VFIOContainerBase-.patch [RHEL-138494]
+- kvm-vfio-vfio-container.h-update-VFIOContainer-declarati.patch [RHEL-138494]
+- kvm-hw-vfio-cpr-legacy.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
+- kvm-hw-vfio-container.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
+- kvm-vfio-spapr.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
+- kvm-vfio-vfio-container.h-rename-VFIOContainer-bcontaine.patch [RHEL-138494]
+- kvm-vfio-user-container.h-update-VFIOUserContainer-decla.patch [RHEL-138494]
+- kvm-vfio-container.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
+- kvm-vfio-user-container.h-rename-VFIOUserContainer-bcont.patch [RHEL-138494]
+- kvm-vfio-user-pci.c-update-VFIOUserPCIDevice-declaration.patch [RHEL-138494]
+- kvm-vfio-user-pci.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
+- kvm-vfio-user-pci.c-rename-VFIOUserPCIDevice-device-fiel.patch [RHEL-138494]
+- kvm-vfio-pci.h-update-VFIOPCIDevice-declaration.patch [RHEL-138494]
+- kvm-vfio-pci.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
+- kvm-vfio-pci-quirks.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
+- kvm-vfio-cpr.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
+- kvm-vfio-igd.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
+- kvm-vfio-user-pci.c-use-QOM-casts-where-appropriate2.patch [RHEL-138494]
+- kvm-vfio-pci.h-rename-VFIOPCIDevice-pdev-field-to-parent.patch [RHEL-138494]
+- kvm-treewide-handle-result-of-qio_channel_set_blocking.patch [RHEL-138494]
+- kvm-vfio-pci-Do-not-unparent-in-instance_finalize.patch [RHEL-138494]
+- kvm-vfio-Do-not-unparent-in-instance_finalize.patch [RHEL-138494]
+- kvm-include-hw-vfio-vfio-container.h-rename-VFIOContaine.patch [RHEL-138494]
+- kvm-include-hw-vfio-vfio-container-base.h-rename-VFIOCon.patch [RHEL-138494]
+- kvm-include-hw-vfio-vfio-container.h-rename-file-to-vfio.patch [RHEL-138494]
+- kvm-include-hw-vfio-vfio-container-base.h-rename-file-to.patch [RHEL-138494]
+- kvm-hw-vfio-container.c-rename-file-to-container-legacy..patch [RHEL-138494]
+- kvm-hw-vfio-container-base.c-rename-file-to-container.c.patch [RHEL-138494]
+- kvm-vfio-iommufd.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
+- kvm-vfio-cpr-iommufd.c-use-QOM-casts-where-appropriate.patch [RHEL-138494]
+- kvm-vfio-vfio-iommufd.h-rename-VFIOContainer-bcontainer-.patch [RHEL-138494]
+- kvm-vfio-spapr.c-use-QOM-casts-where-appropriate2.patch [RHEL-138494]
+- kvm-vfio-spapr.c-rename-VFIOContainer-bcontainer-field-t.patch [RHEL-138494]
+- kvm-vfio-pci.c-rename-vfio_instance_init-to-vfio_pci_ini.patch [RHEL-138494]
+- kvm-vfio-pci.c-rename-vfio_instance_finalize-to-vfio_pci.patch [RHEL-138494]
+- kvm-vfio-pci.c-rename-vfio_pci_dev_class_init-to-vfio_pc.patch [RHEL-138494]
+- kvm-vfio-pci.c-rename-vfio_pci_dev_info-to-vfio_pci_info.patch [RHEL-138494]
+- kvm-s390x-s390-pci-vfio.c-use-QOM-casts-where-appropriat.patch [RHEL-138494]
+- kvm-hw-vfio-types.h-rename-TYPE_VFIO_PCI_BASE-to-TYPE_VF.patch [RHEL-138494]
+- kvm-vfio-pci.c-rename-vfio_pci_base_dev_class_init-to-vf.patch [RHEL-138494]
+- kvm-vfio-pci.c-rename-vfio_pci_base_dev_info-to-vfio_pci.patch [RHEL-138494]
+- kvm-vfio-pci.c-rename-vfio_pci_dev_properties-to-vfio_pc.patch [RHEL-138494]
+- kvm-vfio-pci.c-rename-vfio_pci_dev_nohotplug_properties-.patch [RHEL-138494]
+- kvm-vfio-pci.c-rename-vfio_pci_nohotplug_dev_class_init-.patch [RHEL-138494]
+- kvm-vfio-pci.c-rename-vfio_pci_nohotplug_dev_info-to-vfi.patch [RHEL-138494]
+- kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_class_init-.patch [RHEL-138494]
+- kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_properties-.patch [RHEL-138494]
+- kvm-vfio-user-pci.c-rename-vfio_user_instance_init-to-vf.patch [RHEL-138494]
+- kvm-vfio-user-pci.c-rename-vfio_user_instance_finalize-t.patch [RHEL-138494]
+- kvm-vfio-user-pci.c-rename-vfio_user_pci_dev_info-to-vfi.patch [RHEL-138494]
+- kvm-include-hw-vfio-vfio-device.h-fix-include-header-gua.patch [RHEL-138494]
+- kvm-vfio-Remove-workaround-for-kernel-DMA-unmap-overflow.patch [RHEL-138494]
+- kvm-system-iommufd-Use-uint64_t-type-for-IOVA-mapping-si.patch [RHEL-138494]
+- kvm-hw-vfio-Reorder-vfio_container_query_dirty_bitmap-tr.patch [RHEL-138494]
+- kvm-hw-vfio-Avoid-ram_addr_t-in-vfio_container_query_dir.patch [RHEL-138494]
+- kvm-hw-vfio-Use-uint64_t-for-IOVA-mapping-size-in-vfio_c.patch [RHEL-138494]
+- kvm-migration-push-Error-errp-into-vmstate_subsection_lo.patch [RHEL-138494]
+- kvm-migration-push-Error-errp-into-vmstate_load_state.patch [RHEL-138494]
+- kvm-migration-Remove-error-variant-of-vmstate_save_state.patch [RHEL-138494]
+- kvm-migration-multi-mode-notifier.patch [RHEL-138494]
+- kvm-migration-add-cpr_walk_fd.patch [RHEL-138494]
+- kvm-oslib-qemu_clear_cloexec.patch [RHEL-138494]
+- kvm-migration-cpr-exec-command-parameter.patch [RHEL-138494]
+- kvm-migration-cpr-exec-save-and-load.patch [RHEL-138494]
+- kvm-migration-cpr-exec-mode.patch [RHEL-138494]
+- kvm-migration-cpr-exec-docs.patch [RHEL-138494]
+- kvm-vfio-cpr-exec-mode.patch [RHEL-138494]
+- kvm-hw-vfio-listener-Include-missing-exec-target_page.h-.patch [RHEL-138494]
+- kvm-hw-Remove-unnecessary-system-ram_addr.h-header.patch [RHEL-138494]
+- kvm-vfio-container-Remap-only-populated-parts-in-a-secti.patch [RHEL-138494]
+- kvm-vfio-cpr-legacy-drop-an-erroneous-assert.patch [RHEL-138494]
+- kvm-vfio-iommufd-Set-cpr.ioas_id-on-source-side-for-CPR-.patch [RHEL-138494]
+- kvm-vfio-iommufd-Restore-vbasedev-s-reference-to-hwpt-af.patch [RHEL-138494]
+- kvm-vfio-container-Support-unmap-all-in-one-ioctl.patch [RHEL-138494]
+- kvm-vfio-iommufd-Support-unmap-all-in-one-ioctl.patch [RHEL-138494]
+- kvm-vfio-listener-Add-an-assertion-for-unmap_all.patch [RHEL-138494]
+- kvm-vfio-Clean-up-includes.patch [RHEL-138494]
+- kvm-migration-set-correct-list-pointer-when-removing-not.patch [RHEL-138494]
+- kvm-vfio-user-simplify-vfio_user_process.patch [RHEL-138494]
+- kvm-vfio-user-clarify-partial-message-handling.patch [RHEL-138494]
+- kvm-vfio-user-refactor-out-header-handling.patch [RHEL-138494]
+- kvm-vfio-user-simplify-vfio_user_recv_one.patch [RHEL-138494]
+- kvm-vfio-user-recycle-msg-on-failure.patch [RHEL-138494]
+- kvm-include-hw-hyperv-Remove-unused-struct-mshv_vp_regis.patch [RHEL-138494]
+- kvm-linux-headers-Update-to-Linux-v6.18-rc3.patch [RHEL-138494]
+- kvm-linux-headers-Update-to-Linux-v6.19-rc1.patch [RHEL-138494]
+- kvm-hw-vfio-Add-helper-to-retrieve-device-feature.patch [RHEL-138494]
+- kvm-hw-vfio-region-Create-dmabuf-for-PCI-BAR-per-region.patch [RHEL-138494]
+- Resolves: RHEL-174858
+ ([rhel10] Backport qemu cross-kernel migration mitigation series)
+- Resolves: RHEL-138494
+ (NVIDIA:Grace-Hopper:Backport vfio: Add DMABUF support for PCI BAR regions - RHEL 10.3)
+
* Mon May 11 2026 Miroslav Rezanina <mrezanin@redhat.com> - 10.1.0-18
- kvm-scsi-Don-t-consider-LOGICAL-UNIT-NOT-SUPPORTED-guest.patch [RHEL-158212]
- kvm-hw-tpm-Factor-tpm_ppi_enabled-out.patch [RHEL-112608]
reply other threads:[~2026-06-30 15:09 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178283214261.1.8279960059052225584.rpms-qemu-cc2f0f0661a8@fedoraproject.org \
--to=mrezanin@redhat.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox