QEMU 10.2 is faster under I/O load and "safer" thanks to new policy

Contents

Almost as a Christmas present, the development team has released Quick Emulator (QEMU), available for many platforms, in version 10.2. 188 developers have contributed over 2300 new features and improvements to the open-source project.

Not all security bugs are security bugs anymore

The very first note in the Changelog for QEMU 10.2, described as a "Clarification of QEMU's Security Policy," raises questions. First of all, in version 10.2 of the QEMU project, the security policy has been explicitly defined more clearly, especially regarding what the term "Security Bugs" means in the context of QEMU. From now on, errors will only be considered genuine security bugs if they occur in clearly defined "Virtualization Use Cases." These include scenarios with hardware accelerators under WHPX (Windows), KVM (Linux), HVF (macOS), or NVMM (NetBSD), and primarily only specific machine types explicitly listed in the "Security Requirements": aarch64 (virt), i386 and x86_64 (microvm, xenfv, xenpv, xenpvh, pc, q35), s390x (s390-ccw-virtio), loongarch64 (virt), ppc64 (pseries), and riscv32 and riscv64 (virt). This means that security-critical errors in all other emulation scenarios will no longer be fundamentally considered security issues in the QEMU context (or may not be).

This excludes many application areas from the security policy, for example, purely software-based "Full System Emulation" with the Tiny Code Generator (TCG), where guest CPU instructions are dynamically translated into host code. This affects all use cases where any guest architecture is run on any host. For instance, when an ARM guest is executed on an x86 host for cross-architecture development, firmware testing, embedded simulation, or debugging. "User-Mode Emulation" (qemu-user), which emulates only CPU and system calls but not a complete system, is also likely to fall outside the new security policy. This includes cross-builds and CI, and presumably also container builds with "multi-arch-Docker."

The classification becomes difficult when it comes to hybrid QEMU modes. This is the case when hardware acceleration is fundamentally used, but certain devices or functions are emulated via TCG (legacy devices). The security status then depends on the specific setup. As a QEMU user, you then have to figure out whether the scenario qualifies as a supported virtualization use case – or not. This is likely to be interesting.

Much new for ARM, RISC-V, and PowerPC, less for LoongArch, s390x, and x86

QEMU extends ARM emulation with numerous new CPU features, removes the outdated pxa CPU family, and improves debugging and device support (including SME/SME2 in gdbstub, multiple SMMUv3 devices, new/extended SoC components for aspeed and xlnx). Additionally, there is a new board model (amd-versal2-virt) and more accurate modeling of interrupt and PCIe hardware in existing ARM platforms.

RISC-V support in QEMU has been improved with fixes to ISA details and extensions, including CFI, VLEN rules, PMP granularity, and several instruction, timer, and IOMMU details. Furthermore, there are updates and bug fixes for machine and firmware integration (including OpenSBI v1.7, Device Tree corrections, better network and UART stability), as well as performance and memory improvements.

PowerPC support in QEMU has been enhanced with new CPU and machine support (PowerNV11, PPE42), firmware updates, and FADUMP for pSeries, while outdated platforms and "unusable e200 CPUs" have been removed, along with numerous bug fixes, cleanup efforts, and improvements to error handling and emulation.

For LoongArch emulation, QEMU 10.2 now also supports MSGINT (IRQ chip) and "HW Page Table Walk." Improvements in IRQ handling for the s390x architecture are intended to increase virtio-PCI performance. On x86, the HPET emulator (High Precision Event Timer) no longer uses the "Big QEMU Lock" (BQL) but is now implemented in a more granular and concurrent manner.

New for HPPA Nostalgics: Emulation of the HP 715/64 Workstation

With QEMU 10.2, another classic of computer history can be virtually revived: The HP 9000 715/64 (32-bit PA-RISC, 64 MHz CPU clock, 1 KB on-chip and 64 KB off-chip cache) was launched by Hewlett-Packard in the mid-90s as a workstation to compete with SGI Indy/Indigo2, Sun SPARCstation, DEC AlphaStation, and IBM RS/6000. The UNIX workstation, running under HP-UX or NeXTSTEP, was quite fast for its time – and correspondingly expensive at around $10,000 USD. For context: the SPEC92/int performance of a 715/64 was roughly equivalent to that of the simultaneously released Pentium/90 MHz. Also new is the emulation of the NCR 53c710 SCSI controller (used in the 715/64) and a corresponding updated SeaBIOS-hppa BIOS.

Modernization of the Cryptographic Subsystem

The crypto subsystem of QEMU has been modernized with version 10.2 by raising the minimum versions of important crypto libraries and implementing new features such as loading multiple X.509 certificate identities to support post-quantum cryptographic transitions. Furthermore, TLS security and certificate verification have been improved, outdated mechanisms like external Diffie-Hellman parameters have been marked as "deprecated," and several stability and security issues have been resolved. The Plan 9 file system 9pfs allows QEMU to mount host directories as shared folders directly within the guest. This function, which was previously largely limited to Linux hosts, is now also available on FreeBSD hosts.

More Speed under High I/O Load thanks to io_uring(7)

In QEMU 10.2, the developers have switched the main loop to io_uring(7), a modern interface for asynchronous I/O operations under Linux. This is intended to process I/O operations more efficiently, leading to noticeable performance improvements, especially under high I/O load. Anyone updating their workflow to QEMU 10.2 should definitely also take a look at the list of features that will be removed in the foreseeable future (deprecated).

Available Now

While most of the QEMU project is licensed under GPL2, parts like the Tiny Code Generator (TCG) are under the BSD or MIT license. As a free open-source project, QEMU 10.2 is available free of charge and can be downloaded immediately from the project page. All changes and potential incompatibilities of the QEMU 10.2 release are documented in the Changelog.

(ulw)