Series comparison

-[PULL 0/6] Block patches
+[PULL v3 0/5] Block patches
-The following changes since commit ffd454c67e38cc6df792733ebc5d967eee28ac0d:
+The following changes since commit 813bac3d8d70d85cb7835f7945eb9eed84c2d8d0:
-  Merge tag 'pull-vfio-20240107' of https://github.com/legoater/qemu into staging (2024-01-08 10:28:42 +0000)
+  Merge tag '2023q3-bsd-user-pull-request' of https://gitlab.com/bsdimp/qemu into staging (2023-08-29 08:58:00 -0400)
 are available in the Git repository at:
   https://gitlab.com/stefanha/qemu.git tags/block-pull-request
-for you to fetch changes up to 0b2675c473f68f13bc5ca1dd1c43ce421542e7b8:
+for you to fetch changes up to 87ec6f55af38e29be5b2b65a8acf84da73e06d06:
-  Rename "QEMU global mutex" to "BQL" in comments and docs (2024-01-08 10:45:43 -0500)
+  aio-posix: zero out io_uring sqe user_data (2023-08-30 07:39:59 -0400)
 ----------------------------------------------------------------
 Pull request
+v3:
+- Drop UFS emulation due to CI failures
+- Add "aio-posix: zero out io_uring sqe user_data"
 ----------------------------------------------------------------
-Philippe Mathieu-Daudé (1):
+Andrey Drobyshev (3):
-  iothread: Remove unused Error** argument in aio_context_set_aio_params
+  block: add subcluster_size field to BlockDriverInfo
   block/io: align requests to subcluster_size
   tests/qemu-iotests/197: add testcase for CoR with subclusters
-Stefan Hajnoczi (5):
+Fabiano Rosas (1):
-  system/cpus: rename qemu_mutex_lock_iothread() to bql_lock()
+  block-migration: Ensure we don't crash during migration cleanup
   qemu/main-loop: rename QEMU_IOTHREAD_LOCK_GUARD to BQL_LOCK_GUARD
   qemu/main-loop: rename qemu_cond_wait_iothread() to
     qemu_cond_wait_bql()
   Replace "iothread lock" with "BQL" in comments
   Rename "QEMU global mutex" to "BQL" in comments and docs
- docs/devel/multi-thread-tcg.rst      |   7 +-
+Stefan Hajnoczi (1):
- docs/devel/qapi-code-gen.rst         |   2 +-
+  aio-posix: zero out io_uring sqe user_data
- docs/devel/replay.rst                |   2 +-
- docs/devel/reset.rst                 |   2 +-
+ include/block/block-common.h |  5 ++++
- docs/devel/multiple-iothreads.txt    |  14 ++--
+ include/block/block-io.h     |  8 +++---
- hw/display/qxl.h                     |   2 +-
+ block.c                      |  7 +++++
- include/block/aio-wait.h             |   2 +-
+ block/io.c                   | 50 ++++++++++++++++++------------------
- include/block/aio.h                  |   3 +-
+ block/mirror.c               |  8 +++---
- include/block/blockjob.h             |   6 +-
+ block/qcow2.c                |  1 +
- include/exec/cpu-common.h            |   2 +-
+ migration/block.c            | 11 ++++++--
- include/exec/memory.h                |   4 +-
+ util/fdmon-io_uring.c        |  2 ++
- include/exec/ramblock.h              |   2 +-
+ tests/qemu-iotests/197       | 29 +++++++++++++++++++++
- include/io/task.h                    |   2 +-
+ tests/qemu-iotests/197.out   | 24 +++++++++++++++++
- include/migration/register.h         |   8 +-
+files changed, 110 insertions(+), 35 deletions(-)
  include/qemu/coroutine-core.h        |   2 +-
  include/qemu/coroutine.h             |   2 +-
  include/qemu/main-loop.h             |  68 ++++++++-------
  include/qemu/thread.h                |   2 +-
  target/arm/internals.h               |   4 +-
  accel/accel-blocker.c                |  10 +--
  accel/dummy-cpus.c                   |   8 +-
  accel/hvf/hvf-accel-ops.c            |   4 +-
  accel/kvm/kvm-accel-ops.c            |   4 +-
  accel/kvm/kvm-all.c                  |  22 ++---
  accel/tcg/cpu-exec.c                 |  26 +++---
  accel/tcg/cputlb.c                   |  20 ++---
  accel/tcg/tcg-accel-ops-icount.c     |   6 +-
  accel/tcg/tcg-accel-ops-mttcg.c      |  12 +--
  accel/tcg/tcg-accel-ops-rr.c         |  18 ++--
  accel/tcg/tcg-accel-ops.c            |   2 +-
  accel/tcg/translate-all.c            |   2 +-
  cpu-common.c                         |   4 +-
  dump/dump.c                          |   4 +-
  hw/block/dataplane/virtio-blk.c      |   8 +-
  hw/block/virtio-blk.c                |   2 +-
  hw/core/cpu-common.c                 |   6 +-
  hw/display/virtio-gpu.c              |   2 +-
  hw/i386/intel_iommu.c                |   6 +-
  hw/i386/kvm/xen_evtchn.c             |  30 +++----
  hw/i386/kvm/xen_gnttab.c             |   2 +-
  hw/i386/kvm/xen_overlay.c            |   2 +-
  hw/i386/kvm/xen_xenstore.c           |   2 +-
  hw/intc/arm_gicv3_cpuif.c            |   2 +-
  hw/intc/s390_flic.c                  |  18 ++--
  hw/mips/mips_int.c                   |   2 +-
  hw/misc/edu.c                        |   4 +-
  hw/misc/imx6_src.c                   |   2 +-
  hw/misc/imx7_src.c                   |   2 +-
  hw/net/xen_nic.c                     |   8 +-
  hw/ppc/pegasos2.c                    |   2 +-
  hw/ppc/ppc.c                         |   6 +-
  hw/ppc/spapr.c                       |   2 +-
  hw/ppc/spapr_events.c                |   2 +-
  hw/ppc/spapr_rng.c                   |   4 +-
  hw/ppc/spapr_softmmu.c               |   4 +-
  hw/remote/mpqemu-link.c              |  22 ++---
  hw/remote/vfio-user-obj.c            |   2 +-
  hw/s390x/s390-skeys.c                |   2 +-
  hw/scsi/virtio-scsi-dataplane.c      |   6 +-
  iothread.c                           |   3 +-
  migration/block-dirty-bitmap.c       |  14 ++--
  migration/block.c                    |  38 ++++-----
  migration/colo.c                     |  62 +++++++-------
  migration/dirtyrate.c                |  12 +--
  migration/migration.c                |  54 ++++++------
  migration/ram.c                      |  16 ++--
  net/tap.c                            |   2 +-
  replay/replay-internal.c             |   2 +-
  semihosting/console.c                |   8 +-
  stubs/iothread-lock.c                |   6 +-
  system/cpu-throttle.c                |   6 +-
  system/cpus.c                        |  55 +++++++------
  system/dirtylimit.c                  |   4 +-
  system/memory.c                      |   2 +-
  system/physmem.c                     |  14 ++--
  system/runstate.c                    |   2 +-
  system/watchpoint.c                  |   4 +-
  target/arm/arm-powerctl.c            |  14 ++--
  target/arm/helper.c                  |   6 +-
  target/arm/hvf/hvf.c                 |   8 +-
  target/arm/kvm.c                     |   8 +-
  target/arm/ptw.c                     |   6 +-
  target/arm/tcg/helper-a64.c          |   8 +-
  target/arm/tcg/m_helper.c            |   6 +-
  target/arm/tcg/op_helper.c           |  24 +++---
  target/arm/tcg/psci.c                |   2 +-
  target/hppa/int_helper.c             |   8 +-
  target/i386/hvf/hvf.c                |   6 +-
  target/i386/kvm/hyperv.c             |   4 +-
  target/i386/kvm/kvm.c                |  28 +++----
  target/i386/kvm/xen-emu.c            |  16 ++--
  target/i386/nvmm/nvmm-accel-ops.c    |   6 +-
  target/i386/nvmm/nvmm-all.c          |  20 ++---
  target/i386/tcg/sysemu/fpu_helper.c  |   6 +-
  target/i386/tcg/sysemu/misc_helper.c |   4 +-
  target/i386/whpx/whpx-accel-ops.c    |   6 +-
  target/i386/whpx/whpx-all.c          |  24 +++---
  target/loongarch/tcg/csr_helper.c    |   4 +-
  target/mips/kvm.c                    |   4 +-
  target/mips/tcg/sysemu/cp0_helper.c  |   4 +-
  target/openrisc/sys_helper.c         |  16 ++--
  target/ppc/excp_helper.c             |  14 ++--
  target/ppc/helper_regs.c             |   2 +-
  target/ppc/kvm.c                     |   4 +-
  target/ppc/misc_helper.c             |   8 +-
  target/ppc/timebase_helper.c         |   8 +-
  target/riscv/cpu_helper.c            |   4 +-
  target/s390x/kvm/kvm.c               |   4 +-
  target/s390x/tcg/misc_helper.c       | 118 +++++++++++++--------------
  target/sparc/int32_helper.c          |   2 +-
  target/sparc/int64_helper.c          |   6 +-
  target/sparc/win_helper.c            |  20 ++---
  target/xtensa/exc_helper.c           |   8 +-
  ui/spice-core.c                      |   6 +-
  util/aio-posix.c                     |   3 +-
  util/aio-win32.c                     |   3 +-
  util/async.c                         |   2 +-
  util/main-loop.c                     |  13 ++-
  util/qsp.c                           |   6 +-
  util/rcu.c                           |  16 ++--
  audio/coreaudio.m                    |   8 +-
  memory_ldst.c.inc                    |  18 ++--
  target/i386/hvf/README.md            |   2 +-
  ui/cocoa.m                           |  56 ++++++-------
 files changed, 646 insertions(+), 655 deletions(-)
 --
-.43.0
+.41.0

-[PULL 5/6] Replace "iothread lock" with "BQL" in comments
+[PULL v3 1/5] block-migration: Ensure we don't crash during migration cleanup
-The term "iothread lock" is obsolete. The APIs use Big QEMU Lock (BQL)
+From: Fabiano Rosas <farosas@suse.de>
 in their names. Update the code comments to use "BQL" instead of
 "iothread lock".
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+We can fail the blk_insert_bs() at init_blk_migration(), leaving the
-Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+BlkMigDevState without a dirty_bitmap and BlockDriverState. Account
-Reviewed-by: Paul Durrant <paul@xen.org>
+for the possibly missing elements when doing cleanup.
-Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
-Reviewed-by: Cédric Le Goater <clg@kaod.org>
+Fix the following crashes:
-Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
-Message-id: 20240102153529.486531-5-stefanha@redhat.com
+Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
 x0000555555ec83ef in bdrv_release_dirty_bitmap (bitmap=0x0) at ../block/dirty-bitmap.c:359
 BlockDriverState *bs = bitmap->bs;
  #0  0x0000555555ec83ef in bdrv_release_dirty_bitmap (bitmap=0x0) at ../block/dirty-bitmap.c:359
  #1  0x0000555555bba331 in unset_dirty_tracking () at ../migration/block.c:371
  #2  0x0000555555bbad98 in block_migration_cleanup_bmds () at ../migration/block.c:681
 Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
 x0000555555e971ff in bdrv_op_unblock (bs=0x0, op=BLOCK_OP_TYPE_BACKUP_SOURCE, reason=0x0) at ../block.c:7073
 QLIST_FOREACH_SAFE(blocker, &bs->op_blockers[op], list, next) {
  #0  0x0000555555e971ff in bdrv_op_unblock (bs=0x0, op=BLOCK_OP_TYPE_BACKUP_SOURCE, reason=0x0) at ../block.c:7073
  #1  0x0000555555e9734a in bdrv_op_unblock_all (bs=0x0, reason=0x0) at ../block.c:7095
  #2  0x0000555555bbae13 in block_migration_cleanup_bmds () at ../migration/block.c:690
 Signed-off-by: Fabiano Rosas <farosas@suse.de>
 Message-id: 20230731203338.27581-1-farosas@suse.de
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- docs/devel/reset.rst             |  2 +-
+ migration/block.c | 11 +++++++++--
- hw/display/qxl.h                 |  2 +-
+file changed, 9 insertions(+), 2 deletions(-)
  include/exec/cpu-common.h        |  2 +-
  include/exec/memory.h            |  4 ++--
  include/exec/ramblock.h          |  2 +-
  include/migration/register.h     |  8 ++++----
  target/arm/internals.h           |  4 ++--
  accel/tcg/cputlb.c               |  4 ++--
  accel/tcg/tcg-accel-ops-icount.c |  2 +-
  hw/remote/mpqemu-link.c          |  2 +-
  migration/block-dirty-bitmap.c   | 10 +++++-----
  migration/block.c                | 22 +++++++++++-----------
  migration/colo.c                 |  2 +-
  migration/migration.c            |  2 +-
  migration/ram.c                  |  4 ++--
  system/physmem.c                 |  6 +++---
  target/arm/helper.c              |  2 +-
  ui/spice-core.c                  |  2 +-
  util/rcu.c                       |  2 +-
  audio/coreaudio.m                |  4 ++--
  ui/cocoa.m                       |  6 +++---
 files changed, 47 insertions(+), 47 deletions(-)
-diff --git a/docs/devel/reset.rst b/docs/devel/reset.rst
-index XXXXXXX..XXXXXXX 100644
---- a/docs/devel/reset.rst
-+++ b/docs/devel/reset.rst
-@@ -XXX,XX +XXX,XX @@ Triggering reset
- This section documents the APIs which "users" of a resettable object should use
- to control it. All resettable control functions must be called while holding
--the iothread lock.
-+the BQL.
- You can apply a reset to an object using ``resettable_assert_reset()``. You need
- to call ``resettable_release_reset()`` to release the object from reset. To
-diff --git a/hw/display/qxl.h b/hw/display/qxl.h
-index XXXXXXX..XXXXXXX 100644
---- a/hw/display/qxl.h
-+++ b/hw/display/qxl.h
-@@ -XXX,XX +XXX,XX @@ OBJECT_DECLARE_SIMPLE_TYPE(PCIQXLDevice, PCI_QXL)
-  *
-  * Use with care; by the time this function returns, the returned pointer is
-  * not protected by RCU anymore.  If the caller is not within an RCU critical
-- * section and does not hold the iothread lock, it must have other means of
-+ * section and does not hold the BQL, it must have other means of
-  * protecting the pointer, such as a reference to the region that includes
-  * the incoming ram_addr_t.
-  *
-diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/cpu-common.h
-+++ b/include/exec/cpu-common.h
-@@ -XXX,XX +XXX,XX @@ RAMBlock *qemu_ram_block_by_name(const char *name);
-  *
-  * By the time this function returns, the returned pointer is not protected
-  * by RCU anymore.  If the caller is not within an RCU critical section and
-- * does not hold the iothread lock, it must have other means of protecting the
-+ * does not hold the BQL, it must have other means of protecting the
-  * pointer, such as a reference to the memory region that owns the RAMBlock.
-  */
- RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
-diff --git a/include/exec/memory.h b/include/exec/memory.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/memory.h
-+++ b/include/exec/memory.h
-@@ -XXX,XX +XXX,XX @@ int memory_region_get_fd(MemoryRegion *mr);
-  *
-  * Use with care; by the time this function returns, the returned pointer is
-  * not protected by RCU anymore.  If the caller is not within an RCU critical
-- * section and does not hold the iothread lock, it must have other means of
-+ * section and does not hold the BQL, it must have other means of
-  * protecting the pointer, such as a reference to the region that includes
-  * the incoming ram_addr_t.
-  *
-@@ -XXX,XX +XXX,XX @@ MemoryRegion *memory_region_from_host(void *ptr, ram_addr_t *offset);
-  *
-  * Use with care; by the time this function returns, the returned pointer is
-  * not protected by RCU anymore.  If the caller is not within an RCU critical
-- * section and does not hold the iothread lock, it must have other means of
-+ * section and does not hold the BQL, it must have other means of
-  * protecting the pointer, such as a reference to the region that includes
-  * the incoming ram_addr_t.
-  *
-diff --git a/include/exec/ramblock.h b/include/exec/ramblock.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/exec/ramblock.h
-+++ b/include/exec/ramblock.h
-@@ -XXX,XX +XXX,XX @@ struct RAMBlock {
-     ram_addr_t max_length;
-     void (*resized)(const char*, uint64_t length, void *host);
-     uint32_t flags;
--    /* Protected by iothread lock.  */
-+    /* Protected by the BQL.  */
-     char idstr[256];
-     /* RCU-enabled, writes protected by the ramlist lock */
-     QLIST_ENTRY(RAMBlock) next;
-diff --git a/include/migration/register.h b/include/migration/register.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/migration/register.h
-+++ b/include/migration/register.h
-@@ -XXX,XX +XXX,XX @@
- #include "hw/vmstate-if.h"
- typedef struct SaveVMHandlers {
--    /* This runs inside the iothread lock.  */
-+    /* This runs inside the BQL.  */
-     SaveStateHandler *save_state;
-     /*
-@@ -XXX,XX +XXX,XX @@ typedef struct SaveVMHandlers {
-     int (*save_live_complete_postcopy)(QEMUFile *f, void *opaque);
-     int (*save_live_complete_precopy)(QEMUFile *f, void *opaque);
--    /* This runs both outside and inside the iothread lock.  */
-+    /* This runs both outside and inside the BQL.  */
-     bool (*is_active)(void *opaque);
-     bool (*has_postcopy)(void *opaque);
-@@ -XXX,XX +XXX,XX @@ typedef struct SaveVMHandlers {
-      */
-     bool (*is_active_iterate)(void *opaque);
--    /* This runs outside the iothread lock in the migration case, and
-+    /* This runs outside the BQL in the migration case, and
-      * within the lock in the savevm case.  The callback had better only
-      * use data that is local to the migration thread or protected
-      * by other locks.
-      */
-     int (*save_live_iterate)(QEMUFile *f, void *opaque);
--    /* This runs outside the iothread lock!  */
-+    /* This runs outside the BQL!  */
-     /* Note for save_live_pending:
-      * must_precopy:
-      * - must be migrated in precopy or in stopped state
-diff --git a/target/arm/internals.h b/target/arm/internals.h
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/internals.h
-+++ b/target/arm/internals.h
-@@ -XXX,XX +XXX,XX @@ static inline const char *aarch32_mode_name(uint32_t psr)
-  *
-  * Update the CPU_INTERRUPT_VIRQ bit in cs->interrupt_request, following
-  * a change to either the input VIRQ line from the GIC or the HCR_EL2.VI bit.
-- * Must be called with the iothread lock held.
-+ * Must be called with the BQL held.
-  */
- void arm_cpu_update_virq(ARMCPU *cpu);
-@@ -XXX,XX +XXX,XX @@ void arm_cpu_update_virq(ARMCPU *cpu);
-  *
-  * Update the CPU_INTERRUPT_VFIQ bit in cs->interrupt_request, following
-  * a change to either the input VFIQ line from the GIC or the HCR_EL2.VF bit.
-- * Must be called with the iothread lock held.
-+ * Must be called with the BQL held.
-  */
- void arm_cpu_update_vfiq(ARMCPU *cpu);
-diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/cputlb.c
-+++ b/accel/tcg/cputlb.c
-@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUState *cpu, vaddr addr, MemOpIdx oi,
-  * @size: number of bytes
-  * @mmu_idx: virtual address context
-  * @ra: return address into tcg generated code, or 0
-- * Context: iothread lock held
-+ * Context: BQL held
-  *
-  * Load @size bytes from @addr, which is memory-mapped i/o.
-  * The bytes are concatenated in big-endian order with @ret_be.
-@@ -XXX,XX +XXX,XX @@ static Int128 do_ld16_mmu(CPUState *cpu, vaddr addr,
-  * @size: number of bytes
-  * @mmu_idx: virtual address context
-  * @ra: return address into tcg generated code, or 0
-- * Context: iothread lock held
-+ * Context: BQL held
-  *
-  * Store @size bytes at @addr, which is memory-mapped i/o.
-  * The bytes to store are extracted in little-endian order from @val_le;
-diff --git a/accel/tcg/tcg-accel-ops-icount.c b/accel/tcg/tcg-accel-ops-icount.c
-index XXXXXXX..XXXXXXX 100644
---- a/accel/tcg/tcg-accel-ops-icount.c
-+++ b/accel/tcg/tcg-accel-ops-icount.c
-@@ -XXX,XX +XXX,XX @@ void icount_prepare_for_run(CPUState *cpu, int64_t cpu_budget)
-     if (cpu->icount_budget == 0) {
-         /*
--         * We're called without the iothread lock, so must take it while
-+         * We're called without the BQL, so must take it while
-          * we're calling timer handlers.
-          */
-         bql_lock();
-diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/remote/mpqemu-link.c
-+++ b/hw/remote/mpqemu-link.c
-@@ -XXX,XX +XXX,XX @@ bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
-     assert(qemu_in_coroutine() || !iothread);
-     /*
--     * Skip unlocking/locking iothread lock when the IOThread is running
-+     * Skip unlocking/locking BQL when the IOThread is running
-      * in co-routine context. Co-routine context is asserted above
-      * for IOThread case.
-      * Also skip lock handling while in a co-routine in the main context.
-diff --git a/migration/block-dirty-bitmap.c b/migration/block-dirty-bitmap.c
-index XXXXXXX..XXXXXXX 100644
---- a/migration/block-dirty-bitmap.c
-+++ b/migration/block-dirty-bitmap.c
-@@ -XXX,XX +XXX,XX @@ static void send_bitmap_bits(QEMUFile *f, DBMSaveState *s,
-     g_free(buf);
- }
--/* Called with iothread lock taken.  */
-+/* Called with the BQL taken.  */
- static void dirty_bitmap_do_save_cleanup(DBMSaveState *s)
- {
-     SaveBitmapState *dbms;
-@@ -XXX,XX +XXX,XX @@ static void dirty_bitmap_do_save_cleanup(DBMSaveState *s)
-     }
- }
--/* Called with iothread lock taken. */
-+/* Called with the BQL taken. */
- static int add_bitmaps_to_list(DBMSaveState *s, BlockDriverState *bs,
-                                const char *bs_name, GHashTable *alias_map)
- {
-@@ -XXX,XX +XXX,XX @@ static int add_bitmaps_to_list(DBMSaveState *s, BlockDriverState *bs,
-     return 0;
- }
--/* Called with iothread lock taken. */
-+/* Called with the BQL taken. */
- static int init_dirty_bitmap_migration(DBMSaveState *s)
- {
-     BlockDriverState *bs;
-@@ -XXX,XX +XXX,XX @@ static int init_dirty_bitmap_migration(DBMSaveState *s)
-     BlockBackend *blk;
-     GHashTable *alias_map = NULL;
--    /* Runs in the migration thread, but holds the iothread lock */
-+    /* Runs in the migration thread, but holds the BQL */
-     GLOBAL_STATE_CODE();
-     GRAPH_RDLOCK_GUARD_MAINLOOP();
-@@ -XXX,XX +XXX,XX @@ static int dirty_bitmap_save_iterate(QEMUFile *f, void *opaque)
-     return s->bulk_completed;
- }
--/* Called with iothread lock taken.  */
-+/* Called with the BQL taken.  */
- static int dirty_bitmap_save_complete(QEMUFile *f, void *opaque)
- {
 diff --git a/migration/block.c b/migration/block.c
 index XXXXXXX..XXXXXXX 100644
 --- a/migration/block.c
 +++ b/migration/block.c
-@@ -XXX,XX +XXX,XX @@ typedef struct BlkMigState {
+@@ -XXX,XX +XXX,XX @@ static void unset_dirty_tracking(void)
-     int prev_progress;
+     BlkMigDevState *bmds;
-     int bulk_completed;
+     QSIMPLEQ_FOREACH(bmds, &block_mig_state.bmds_list, entry) {
--    /* Lock must be taken _inside_ the iothread lock.  */
+-        bdrv_release_dirty_bitmap(bmds->dirty_bitmap);
-+    /* Lock must be taken _inside_ the BQL.  */
++        if (bmds->dirty_bitmap) {
-     QemuMutex lock;
++            bdrv_release_dirty_bitmap(bmds->dirty_bitmap);
- } BlkMigState;
++        }
@@ -XXX,XX +XXX,XX @@ static void blk_mig_unlock(void)
      qemu_mutex_unlock(&block_mig_state.lock);
  }
 -/* Must run outside of the iothread lock during the bulk phase,
 +/* Must run outside of the BQL during the bulk phase,
   * or the VM will stall.
   */
@@ -XXX,XX +XXX,XX @@ static int mig_save_device_bulk(QEMUFile *f, BlkMigDevState *bmds)
      return (bmds->cur_sector >= total_sectors);
  }
 -/* Called with iothread lock taken.  */
 +/* Called with the BQL taken.  */
  static int set_dirty_tracking(void)
  {
@@ -XXX,XX +XXX,XX @@ fail:
      return ret;
  }
 -/* Called with iothread lock taken.  */
 +/* Called with the BQL taken.  */
  static void unset_dirty_tracking(void)
  {
@@ -XXX,XX +XXX,XX @@ static void blk_mig_reset_dirty_cursor(void)
      }
  }
--/* Called with iothread lock taken.  */
-+/* Called with the BQL taken.  */
- static int mig_save_device_dirty(QEMUFile *f, BlkMigDevState *bmds,
-                                  int is_async)
-@@ -XXX,XX +XXX,XX @@ error:
-     return ret;
- }
--/* Called with iothread lock taken.
-+/* Called with the BQL taken.
-  *
-  * return value:
-  * 0: too much data for max_downtime
-@@ -XXX,XX +XXX,XX @@ static int flush_blks(QEMUFile *f)
-     return ret;
- }
--/* Called with iothread lock taken.  */
-+/* Called with the BQL taken.  */
- static int64_t get_remaining_dirty(void)
- {
 @@ -XXX,XX +XXX,XX @@ static int64_t get_remaining_dirty(void)
--/* Called with iothread lock taken.  */
-+/* Called with the BQL taken.  */
  static void block_migration_cleanup_bmds(void)
  {
      BlkMigDevState *bmds;
-@@ -XXX,XX +XXX,XX @@ static void block_migration_cleanup_bmds(void)
++    BlockDriverState *bs;
-     }
+     AioContext *ctx;
- }
+     unset_dirty_tracking();
--/* Called with iothread lock taken.  */
-+/* Called with the BQL taken.  */
+     while ((bmds = QSIMPLEQ_FIRST(&block_mig_state.bmds_list)) != NULL) {
- static void block_migration_cleanup(void *opaque)
+         QSIMPLEQ_REMOVE_HEAD(&block_mig_state.bmds_list, entry);
- {
+-        bdrv_op_unblock_all(blk_bs(bmds->blk), bmds->blocker);
-     BlkMigBlock *blk;
++
-@@ -XXX,XX +XXX,XX @@ static int block_save_iterate(QEMUFile *f, void *opaque)
++        bs = blk_bs(bmds->blk);
-             }
++        if (bs) {
-             ret = 0;
++            bdrv_op_unblock_all(bs, bmds->blocker);
-         } else {
++        }
--            /* Always called with iothread lock taken for
+         error_free(bmds->blocker);
-+            /* Always called with the BQL taken for
-              * simplicity, block_save_complete also calls it.
+         /* Save ctx, because bmds->blk can disappear during blk_unref.  */
               */
              bql_lock();
@@ -XXX,XX +XXX,XX @@ static int block_save_iterate(QEMUFile *f, void *opaque)
      return (delta_bytes > 0);
  }
 -/* Called with iothread lock taken.  */
 +/* Called with the BQL taken.  */
  static int block_save_complete(QEMUFile *f, void *opaque)
  {
 diff --git a/migration/colo.c b/migration/colo.c
 index XXXXXXX..XXXXXXX 100644
 --- a/migration/colo.c
 +++ b/migration/colo.c
@@ -XXX,XX +XXX,XX @@ int coroutine_fn colo_incoming_co(void)
      qemu_thread_join(&th);
      bql_lock();
 -    /* We hold the global iothread lock, so it is safe here */
 +    /* We hold the global BQL, so it is safe here */
      colo_release_ram_cache();
      return 0;
 diff --git a/migration/migration.c b/migration/migration.c
 index XXXXXXX..XXXXXXX 100644
 --- a/migration/migration.c
 +++ b/migration/migration.c
@@ -XXX,XX +XXX,XX @@ fail:
  /**
   * migration_maybe_pause: Pause if required to by
 - * migrate_pause_before_switchover called with the iothread locked
 + * migrate_pause_before_switchover called with the BQL locked
   * Returns: 0 on success
   */
  static int migration_maybe_pause(MigrationState *s,
 diff --git a/migration/ram.c b/migration/ram.c
 index XXXXXXX..XXXXXXX 100644
 --- a/migration/ram.c
 +++ b/migration/ram.c
@@ -XXX,XX +XXX,XX @@ static void ram_save_cleanup(void *opaque)
      /* We don't use dirty log with background snapshots */
      if (!migrate_background_snapshot()) {
 -        /* caller have hold iothread lock or is in a bh, so there is
 +        /* caller have hold BQL or is in a bh, so there is
           * no writing race against the migration bitmap
           */
          if (global_dirty_tracking & GLOBAL_DIRTY_MIGRATION) {
@@ -XXX,XX +XXX,XX @@ out:
   *
   * Returns zero to indicate success or negative on error
   *
 - * Called with iothread lock
 + * Called with the BQL
   *
   * @f: QEMUFile where to send the data
   * @opaque: RAMState pointer
 diff --git a/system/physmem.c b/system/physmem.c
 index XXXXXXX..XXXXXXX 100644
 --- a/system/physmem.c
 +++ b/system/physmem.c
@@ -XXX,XX +XXX,XX @@ static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
      abort();
  found:
 -    /* It is safe to write mru_block outside the iothread lock.  This
 +    /* It is safe to write mru_block outside the BQL.  This
       * is what happens:
       *
       *     mru_block = xxx
@@ -XXX,XX +XXX,XX @@ int qemu_ram_get_fd(RAMBlock *rb)
      return rb->fd;
  }
 -/* Called with iothread lock held.  */
 +/* Called with the BQL held.  */
  void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
  {
      RAMBlock *block;
@@ -XXX,XX +XXX,XX @@ void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
      }
  }
 -/* Called with iothread lock held.  */
 +/* Called with the BQL held.  */
  void qemu_ram_unset_idstr(RAMBlock *block)
  {
      /* FIXME: arch_init.c assumes that this is not called throughout
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.c
 +++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void do_hcr_write(CPUARMState *env, uint64_t value, uint64_t valid_mask)
       * Updates to VI and VF require us to update the status of
       * virtual interrupts, which are the logical OR of these bits
       * and the state of the input lines from the GIC. (This requires
 -     * that we have the iothread lock, which is done by marking the
 +     * that we have the BQL, which is done by marking the
       * reginfo structs as ARM_CP_IO.)
       * Note that if a write to HCR pends a VIRQ or VFIQ it is never
       * possible for it to be taken immediately, because VIRQ and
 diff --git a/ui/spice-core.c b/ui/spice-core.c
 index XXXXXXX..XXXXXXX 100644
 --- a/ui/spice-core.c
 +++ b/ui/spice-core.c
@@ -XXX,XX +XXX,XX @@ static void channel_event(int event, SpiceChannelEventInfo *info)
       * not do that.  It isn't that easy to fix it in spice and even
       * when it is fixed we still should cover the already released
       * spice versions.  So detect that we've been called from another
 -     * thread and grab the iothread lock if so before calling qemu
 +     * thread and grab the BQL if so before calling qemu
       * functions.
       */
      bool need_lock = !qemu_thread_is_self(&me);
 diff --git a/util/rcu.c b/util/rcu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/rcu.c
 +++ b/util/rcu.c
@@ -XXX,XX +XXX,XX @@ static void rcu_init_complete(void)
      qemu_event_init(&rcu_call_ready_event, false);
 -    /* The caller is assumed to have iothread lock, so the call_rcu thread
 +    /* The caller is assumed to have BQL, so the call_rcu thread
       * must have been quiescent even after forking, just recreate it.
       */
      qemu_thread_create(&thread, "call_rcu", call_rcu_thread,
 diff --git a/audio/coreaudio.m b/audio/coreaudio.m
 index XXXXXXX..XXXXXXX 100644
 --- a/audio/coreaudio.m
 +++ b/audio/coreaudio.m
@@ -XXX,XX +XXX,XX @@ static ret_type glue(coreaudio_, name)args_decl             \
  #undef COREAUDIO_WRAPPER_FUNC
  /*
 - * callback to feed audiooutput buffer. called without iothread lock.
 + * callback to feed audiooutput buffer. called without BQL.
   * allowed to lock "buf_mutex", but disallowed to have any other locks.
   */
  static OSStatus audioDeviceIOProc(
@@ -XXX,XX +XXX,XX @@ static void update_device_playback_state(coreaudioVoiceOut *core)
      }
  }
 -/* called without iothread lock. */
 +/* called without BQL. */
  static OSStatus handle_voice_change(
      AudioObjectID in_object_id,
      UInt32 in_number_addresses,
 diff --git a/ui/cocoa.m b/ui/cocoa.m
 index XXXXXXX..XXXXXXX 100644
 --- a/ui/cocoa.m
 +++ b/ui/cocoa.m
@@ -XXX,XX +XXX,XX @@ static void cocoa_switch(DisplayChangeListener *dcl,
  static QemuClipboardInfo *cbinfo;
  static QemuEvent cbevent;
 -// Utility functions to run specified code block with iothread lock held
 +// Utility functions to run specified code block with the BQL held
  typedef void (^CodeBlock)(void);
  typedef bool (^BoolCodeBlock)(void);
@@ -XXX,XX +XXX,XX @@ - (void) setContentDimensions
  - (void) updateUIInfoLocked
  {
 -    /* Must be called with the iothread lock, i.e. via updateUIInfo */
 +    /* Must be called with the BQL, i.e. via updateUIInfo */
      NSSize frameSize;
      QemuUIInfo info;
@@ -XXX,XX +XXX,XX @@ static void cocoa_display_init(DisplayState *ds, DisplayOptions *opts)
       * Create the menu entries which depend on QEMU state (for consoles
       * and removable devices). These make calls back into QEMU functions,
       * which is OK because at this point we know that the second thread
 -     * holds the iothread lock and is synchronously waiting for us to
 +     * holds the BQL and is synchronously waiting for us to
       * finish.
       */
      add_console_menu_entries();
 --
-.43.0
+.41.0

-[PULL 2/6] system/cpus: rename qemu_mutex_lock_iothread() to bql_lock()
+[PULL v3 2/5] block: add subcluster_size field to BlockDriverInfo
-The Big QEMU Lock (BQL) has many names and they are confusing. The
+From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
 actual QemuMutex variable is called qemu_global_mutex but it's commonly
 referred to as the BQL in discussions and some code comments. The
 locking APIs, however, are called qemu_mutex_lock_iothread() and
 qemu_mutex_unlock_iothread().
-The "iothread" name is historic and comes from when the main thread was
+This is going to be used in the subsequent commit as requests alignment
-split into into KVM vcpu threads and the "iothread" (now called the main
+(in particular, during copy-on-read).  This value only makes sense for
-loop thread). I have contributed to the confusion myself by introducing
+the formats which support subclusters (currently QCOW2 only).  If this
-a separate --object iothread, a separate concept unrelated to the BQL.
+field isn't set by driver's own bdrv_get_info() implementation, we
 simply set it equal to the cluster size thus treating each cluster as
 having a single subcluster.
-The "iothread" name is no longer appropriate for the BQL. Rename the
+Reviewed-by: Eric Blake <eblake@redhat.com>
-locking APIs to:
+Reviewed-by: Denis V. Lunev <den@openvz.org>
-- void bql_lock(void)
+Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
-- void bql_unlock(void)
+Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
-- bool bql_locked(void)
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 Message-ID: <20230711172553.234055-2-andrey.drobyshev@virtuozzo.com>
 ---
  include/block/block-common.h | 5 +++++
  block.c                      | 7 +++++++
  block/qcow2.c                | 1 +
 files changed, 13 insertions(+)
-There are more APIs with "iothread" in their names. Subsequent patches
+diff --git a/include/block/block-common.h b/include/block/block-common.h
 will rename them. There are also comments and documentation that will be
 updated in later patches.
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 Reviewed-by: Paul Durrant <paul@xen.org>
 Acked-by: Fabiano Rosas <farosas@suse.de>
 Acked-by: David Woodhouse <dwmw@amazon.co.uk>
 Reviewed-by: Cédric Le Goater <clg@kaod.org>
 Acked-by: Peter Xu <peterx@redhat.com>
 Acked-by: Eric Farman <farman@linux.ibm.com>
 Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
 Acked-by: Hyman Huang <yong.huang@smartx.com>
 Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
 Message-id: 20240102153529.486531-2-stefanha@redhat.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
  include/block/aio-wait.h             |   2 +-
  include/qemu/main-loop.h             |  39 +++++----
  include/qemu/thread.h                |   2 +-
  accel/accel-blocker.c                |  10 +--
  accel/dummy-cpus.c                   |   8 +-
  accel/hvf/hvf-accel-ops.c            |   4 +-
  accel/kvm/kvm-accel-ops.c            |   4 +-
  accel/kvm/kvm-all.c                  |  22 ++---
  accel/tcg/cpu-exec.c                 |  26 +++---
  accel/tcg/cputlb.c                   |  16 ++--
  accel/tcg/tcg-accel-ops-icount.c     |   4 +-
  accel/tcg/tcg-accel-ops-mttcg.c      |  12 +--
  accel/tcg/tcg-accel-ops-rr.c         |  14 ++--
  accel/tcg/tcg-accel-ops.c            |   2 +-
  accel/tcg/translate-all.c            |   2 +-
  cpu-common.c                         |   4 +-
  dump/dump.c                          |   4 +-
  hw/core/cpu-common.c                 |   6 +-
  hw/i386/intel_iommu.c                |   6 +-
  hw/i386/kvm/xen_evtchn.c             |  16 ++--
  hw/i386/kvm/xen_overlay.c            |   2 +-
  hw/i386/kvm/xen_xenstore.c           |   2 +-
  hw/intc/arm_gicv3_cpuif.c            |   2 +-
  hw/intc/s390_flic.c                  |  18 ++--
  hw/misc/edu.c                        |   4 +-
  hw/misc/imx6_src.c                   |   2 +-
  hw/misc/imx7_src.c                   |   2 +-
  hw/net/xen_nic.c                     |   8 +-
  hw/ppc/pegasos2.c                    |   2 +-
  hw/ppc/ppc.c                         |   4 +-
  hw/ppc/spapr.c                       |   2 +-
  hw/ppc/spapr_rng.c                   |   4 +-
  hw/ppc/spapr_softmmu.c               |   4 +-
  hw/remote/mpqemu-link.c              |  20 ++---
  hw/remote/vfio-user-obj.c            |   2 +-
  hw/s390x/s390-skeys.c                |   2 +-
  migration/block-dirty-bitmap.c       |   4 +-
  migration/block.c                    |  16 ++--
  migration/colo.c                     |  60 +++++++-------
  migration/dirtyrate.c                |  12 +--
  migration/migration.c                |  52 ++++++------
  migration/ram.c                      |  12 +--
  replay/replay-internal.c             |   2 +-
  semihosting/console.c                |   8 +-
  stubs/iothread-lock.c                |   6 +-
  system/cpu-throttle.c                |   4 +-
  system/cpus.c                        |  51 ++++++------
  system/dirtylimit.c                  |   4 +-
  system/memory.c                      |   2 +-
  system/physmem.c                     |   8 +-
  system/runstate.c                    |   2 +-
  system/watchpoint.c                  |   4 +-
  target/arm/arm-powerctl.c            |  14 ++--
  target/arm/helper.c                  |   4 +-
  target/arm/hvf/hvf.c                 |   8 +-
  target/arm/kvm.c                     |   8 +-
  target/arm/ptw.c                     |   6 +-
  target/arm/tcg/helper-a64.c          |   8 +-
  target/arm/tcg/m_helper.c            |   6 +-
  target/arm/tcg/op_helper.c           |  24 +++---
  target/arm/tcg/psci.c                |   2 +-
  target/hppa/int_helper.c             |   8 +-
  target/i386/hvf/hvf.c                |   6 +-
  target/i386/kvm/hyperv.c             |   4 +-
  target/i386/kvm/kvm.c                |  28 +++----
  target/i386/kvm/xen-emu.c            |  14 ++--
  target/i386/nvmm/nvmm-accel-ops.c    |   4 +-
  target/i386/nvmm/nvmm-all.c          |  20 ++---
  target/i386/tcg/sysemu/fpu_helper.c  |   6 +-
  target/i386/tcg/sysemu/misc_helper.c |   4 +-
  target/i386/whpx/whpx-accel-ops.c    |   4 +-
  target/i386/whpx/whpx-all.c          |  24 +++---
  target/loongarch/tcg/csr_helper.c    |   4 +-
  target/mips/kvm.c                    |   4 +-
  target/mips/tcg/sysemu/cp0_helper.c  |   4 +-
  target/openrisc/sys_helper.c         |  16 ++--
  target/ppc/excp_helper.c             |  12 +--
  target/ppc/kvm.c                     |   4 +-
  target/ppc/misc_helper.c             |   8 +-
  target/ppc/timebase_helper.c         |   8 +-
  target/s390x/kvm/kvm.c               |   4 +-
  target/s390x/tcg/misc_helper.c       | 118 +++++++++++++--------------
  target/sparc/int32_helper.c          |   2 +-
  target/sparc/int64_helper.c          |   6 +-
  target/sparc/win_helper.c            |  20 ++---
  target/xtensa/exc_helper.c           |   8 +-
  ui/spice-core.c                      |   4 +-
  util/async.c                         |   2 +-
  util/main-loop.c                     |   8 +-
  util/qsp.c                           |   6 +-
  util/rcu.c                           |  14 ++--
  audio/coreaudio.m                    |   4 +-
  memory_ldst.c.inc                    |  18 ++--
  target/i386/hvf/README.md            |   2 +-
  ui/cocoa.m                           |  50 ++++++------
 files changed, 529 insertions(+), 529 deletions(-)
 diff --git a/include/block/aio-wait.h b/include/block/aio-wait.h
 index XXXXXXX..XXXXXXX 100644
---- a/include/block/aio-wait.h
+--- a/include/block/block-common.h
-+++ b/include/block/aio-wait.h
++++ b/include/block/block-common.h
-@@ -XXX,XX +XXX,XX @@ static inline bool in_aio_context_home_thread(AioContext *ctx)
+@@ -XXX,XX +XXX,XX @@ typedef struct BlockZoneWps {
  typedef struct BlockDriverInfo {
      /* in bytes, 0 if irrelevant */
      int cluster_size;
 +    /*
 +     * A fraction of cluster_size, if supported (currently QCOW2 only); if
 +     * disabled or unsupported, set equal to cluster_size.
 +     */
 +    int subcluster_size;
      /* offset at which the VM state can be saved (0 if not possible) */
      int64_t vm_state_offset;
      bool is_dirty;
 diff --git a/block.c b/block.c
 index XXXXXXX..XXXXXXX 100644
 --- a/block.c
 +++ b/block.c
@@ -XXX,XX +XXX,XX @@ int coroutine_fn bdrv_co_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
      }
+     memset(bdi, 0, sizeof(*bdi));
-     if (ctx == qemu_get_aio_context()) {
+     ret = drv->bdrv_co_get_info(bs, bdi);
--        return qemu_mutex_iothread_locked();
++    if (bdi->subcluster_size == 0) {
-+        return bql_locked();
++        /*
-     } else {
++         * If the driver left this unset, subclusters are not supported.
-         return false;
++         * Then it is safe to treat each cluster as having only one subcluster.
-     }
++         */
-diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
++        bdi->subcluster_size = bdi->cluster_size;
-index XXXXXXX..XXXXXXX 100644
++    }
 --- a/include/qemu/main-loop.h
 +++ b/include/qemu/main-loop.h
@@ -XXX,XX +XXX,XX @@ GSource *iohandler_get_g_source(void);
  AioContext *iohandler_get_aio_context(void);
  /**
 - * qemu_mutex_iothread_locked: Return lock status of the main loop mutex.
 + * bql_locked: Return lock status of the Big QEMU Lock (BQL)
   *
 - * The main loop mutex is the coarsest lock in QEMU, and as such it
 + * The Big QEMU Lock (BQL) is the coarsest lock in QEMU, and as such it
   * must always be taken outside other locks.  This function helps
   * functions take different paths depending on whether the current
 - * thread is running within the main loop mutex.
 + * thread is running within the BQL.
   *
   * This function should never be used in the block layer, because
   * unit tests, block layer tools and qemu-storage-daemon do not
   * have a BQL.
   * Please instead refer to qemu_in_main_thread().
   */
 -bool qemu_mutex_iothread_locked(void);
 +bool bql_locked(void);
  /**
   * qemu_in_main_thread: return whether it's possible to safely access
@@ -XXX,XX +XXX,XX @@ bool qemu_in_main_thread(void);
      } while (0)
  /**
 - * qemu_mutex_lock_iothread: Lock the main loop mutex.
 + * bql_lock: Lock the Big QEMU Lock (BQL).
   *
 - * This function locks the main loop mutex.  The mutex is taken by
 + * This function locks the Big QEMU Lock (BQL).  The lock is taken by
   * main() in vl.c and always taken except while waiting on
 - * external events (such as with select).  The mutex should be taken
 + * external events (such as with select).  The lock should be taken
   * by threads other than the main loop thread when calling
   * qemu_bh_new(), qemu_set_fd_handler() and basically all other
   * functions documented in this file.
   *
 - * NOTE: tools currently are single-threaded and qemu_mutex_lock_iothread
 + * NOTE: tools currently are single-threaded and bql_lock
   * is a no-op there.
   */
 -#define qemu_mutex_lock_iothread()                      \
 -    qemu_mutex_lock_iothread_impl(__FILE__, __LINE__)
 -void qemu_mutex_lock_iothread_impl(const char *file, int line);
 +#define bql_lock() bql_lock_impl(__FILE__, __LINE__)
 +void bql_lock_impl(const char *file, int line);
  /**
 - * qemu_mutex_unlock_iothread: Unlock the main loop mutex.
 + * bql_unlock: Unlock the Big QEMU Lock (BQL).
   *
 - * This function unlocks the main loop mutex.  The mutex is taken by
 + * This function unlocks the Big QEMU Lock.  The lock is taken by
   * main() in vl.c and always taken except while waiting on
 - * external events (such as with select).  The mutex should be unlocked
 + * external events (such as with select).  The lock should be unlocked
   * as soon as possible by threads other than the main loop thread,
   * because it prevents the main loop from processing callbacks,
   * including timers and bottom halves.
   *
 - * NOTE: tools currently are single-threaded and qemu_mutex_unlock_iothread
 + * NOTE: tools currently are single-threaded and bql_unlock
   * is a no-op there.
   */
 -void qemu_mutex_unlock_iothread(void);
 +void bql_unlock(void);
  /**
   * QEMU_IOTHREAD_LOCK_GUARD
   *
 - * Wrap a block of code in a conditional qemu_mutex_{lock,unlock}_iothread.
 + * Wrap a block of code in a conditional bql_{lock,unlock}.
   */
  typedef struct IOThreadLockAuto IOThreadLockAuto;
  static inline IOThreadLockAuto *qemu_iothread_auto_lock(const char *file,
                                                          int line)
  {
 -    if (qemu_mutex_iothread_locked()) {
 +    if (bql_locked()) {
          return NULL;
      }
 -    qemu_mutex_lock_iothread_impl(file, line);
 +    bql_lock_impl(file, line);
      /* Anything non-NULL causes the cleanup function to be called */
      return (IOThreadLockAuto *)(uintptr_t)1;
  }
  static inline void qemu_iothread_auto_unlock(IOThreadLockAuto *l)
  {
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  G_DEFINE_AUTOPTR_CLEANUP_FUNC(IOThreadLockAuto, qemu_iothread_auto_unlock)
 diff --git a/include/qemu/thread.h b/include/qemu/thread.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/qemu/thread.h
 +++ b/include/qemu/thread.h
@@ -XXX,XX +XXX,XX @@ typedef void (*QemuCondWaitFunc)(QemuCond *c, QemuMutex *m, const char *f,
  typedef bool (*QemuCondTimedWaitFunc)(QemuCond *c, QemuMutex *m, int ms,
                                        const char *f, int l);
 -extern QemuMutexLockFunc qemu_bql_mutex_lock_func;
 +extern QemuMutexLockFunc bql_mutex_lock_func;
  extern QemuMutexLockFunc qemu_mutex_lock_func;
  extern QemuMutexTrylockFunc qemu_mutex_trylock_func;
  extern QemuRecMutexLockFunc qemu_rec_mutex_lock_func;
 diff --git a/accel/accel-blocker.c b/accel/accel-blocker.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/accel-blocker.c
 +++ b/accel/accel-blocker.c
@@ -XXX,XX +XXX,XX @@ void accel_blocker_init(void)
  void accel_ioctl_begin(void)
  {
 -    if (likely(qemu_mutex_iothread_locked())) {
 +    if (likely(bql_locked())) {
          return;
      }
@@ -XXX,XX +XXX,XX @@ void accel_ioctl_begin(void)
  void accel_ioctl_end(void)
  {
 -    if (likely(qemu_mutex_iothread_locked())) {
 +    if (likely(bql_locked())) {
          return;
      }
@@ -XXX,XX +XXX,XX @@ void accel_ioctl_end(void)
  void accel_cpu_ioctl_begin(CPUState *cpu)
  {
 -    if (unlikely(qemu_mutex_iothread_locked())) {
 +    if (unlikely(bql_locked())) {
          return;
      }
@@ -XXX,XX +XXX,XX @@ void accel_cpu_ioctl_begin(CPUState *cpu)
  void accel_cpu_ioctl_end(CPUState *cpu)
  {
 -    if (unlikely(qemu_mutex_iothread_locked())) {
 +    if (unlikely(bql_locked())) {
          return;
      }
@@ -XXX,XX +XXX,XX @@ void accel_ioctl_inhibit_begin(void)
       * We allow to inhibit only when holding the BQL, so we can identify
       * when an inhibitor wants to issue an ioctl easily.
       */
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      /* Block further invocations of the ioctls outside the BQL.  */
      CPU_FOREACH(cpu) {
 diff --git a/accel/dummy-cpus.c b/accel/dummy-cpus.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/dummy-cpus.c
 +++ b/accel/dummy-cpus.c
@@ -XXX,XX +XXX,XX @@ static void *dummy_cpu_thread_fn(void *arg)
      rcu_register_thread();
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      qemu_thread_get_self(cpu->thread);
      cpu->thread_id = qemu_get_thread_id();
      cpu->neg.can_do_io = true;
@@ -XXX,XX +XXX,XX @@ static void *dummy_cpu_thread_fn(void *arg)
      qemu_guest_random_seed_thread_part2(cpu->random_seed);
      do {
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
  #ifndef _WIN32
          do {
              int sig;
@@ -XXX,XX +XXX,XX @@ static void *dummy_cpu_thread_fn(void *arg)
  #else
          qemu_sem_wait(&cpu->sem);
  #endif
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          qemu_wait_io_event(cpu);
      } while (!cpu->unplug);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      rcu_unregister_thread();
      return NULL;
  }
 diff --git a/accel/hvf/hvf-accel-ops.c b/accel/hvf/hvf-accel-ops.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/hvf/hvf-accel-ops.c
 +++ b/accel/hvf/hvf-accel-ops.c
@@ -XXX,XX +XXX,XX @@ static void *hvf_cpu_thread_fn(void *arg)
      rcu_register_thread();
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      qemu_thread_get_self(cpu->thread);
      cpu->thread_id = qemu_get_thread_id();
@@ -XXX,XX +XXX,XX @@ static void *hvf_cpu_thread_fn(void *arg)
      hvf_vcpu_destroy(cpu);
      cpu_thread_signal_destroyed(cpu);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      rcu_unregister_thread();
      return NULL;
  }
 diff --git a/accel/kvm/kvm-accel-ops.c b/accel/kvm/kvm-accel-ops.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/kvm/kvm-accel-ops.c
 +++ b/accel/kvm/kvm-accel-ops.c
@@ -XXX,XX +XXX,XX @@ static void *kvm_vcpu_thread_fn(void *arg)
      rcu_register_thread();
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      qemu_thread_get_self(cpu->thread);
      cpu->thread_id = qemu_get_thread_id();
      cpu->neg.can_do_io = true;
@@ -XXX,XX +XXX,XX @@ static void *kvm_vcpu_thread_fn(void *arg)
      kvm_destroy_vcpu(cpu);
      cpu_thread_signal_destroyed(cpu);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      rcu_unregister_thread();
      return NULL;
  }
 diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/kvm/kvm-all.c
 +++ b/accel/kvm/kvm-all.c
@@ -XXX,XX +XXX,XX @@ static void kvm_dirty_ring_flush(void)
       * should always be with BQL held, serialization is guaranteed.
       * However, let's be sure of it.
       */
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      /*
       * First make sure to flush the hardware buffers by kicking all
       * vcpus out in a synchronous way.
@@ -XXX,XX +XXX,XX @@ static void *kvm_dirty_ring_reaper_thread(void *data)
          trace_kvm_dirty_ring_reaper("wakeup");
          r->reaper_state = KVM_DIRTY_RING_REAPER_REAPING;
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          kvm_dirty_ring_reap(s, NULL);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          r->reaper_iteration++;
      }
@@ -XXX,XX +XXX,XX @@ int kvm_cpu_exec(CPUState *cpu)
          return EXCP_HLT;
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      cpu_exec_start(cpu);
      do {
@@ -XXX,XX +XXX,XX @@ int kvm_cpu_exec(CPUState *cpu)
  #ifdef KVM_HAVE_MCE_INJECTION
          if (unlikely(have_sigbus_pending)) {
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
              kvm_arch_on_sigbus_vcpu(cpu, pending_sigbus_code,
                                      pending_sigbus_addr);
              have_sigbus_pending = false;
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
          }
  #endif
@@ -XXX,XX +XXX,XX @@ int kvm_cpu_exec(CPUState *cpu)
               * still full.  Got kicked by KVM_RESET_DIRTY_RINGS.
               */
              trace_kvm_dirty_ring_full(cpu->cpu_index);
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
              /*
               * We throttle vCPU by making it sleep once it exit from kernel
               * due to dirty ring full. In the dirtylimit scenario, reaping
@@ -XXX,XX +XXX,XX @@ int kvm_cpu_exec(CPUState *cpu)
              } else {
                  kvm_dirty_ring_reap(kvm_state, NULL);
              }
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              dirtylimit_vcpu_execute(cpu);
              ret = 0;
              break;
@@ -XXX,XX +XXX,XX @@ int kvm_cpu_exec(CPUState *cpu)
                  break;
              case KVM_SYSTEM_EVENT_CRASH:
                  kvm_cpu_synchronize_state(cpu);
 -                qemu_mutex_lock_iothread();
 +                bql_lock();
                  qemu_system_guest_panicked(cpu_get_crash_info(cpu));
 -                qemu_mutex_unlock_iothread();
 +                bql_unlock();
                  ret = 0;
                  break;
              default:
@@ -XXX,XX +XXX,XX @@ int kvm_cpu_exec(CPUState *cpu)
      } while (ret == 0);
      cpu_exec_end(cpu);
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      if (ret < 0) {
          cpu_dump_state(cpu, stderr, CPU_DUMP_CODE);
 diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cpu-exec.c
 +++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ static void cpu_exec_longjmp_cleanup(CPUState *cpu)
          tcg_ctx->gen_tb = NULL;
      }
  #endif
 -    if (qemu_mutex_iothread_locked()) {
 -        qemu_mutex_unlock_iothread();
 +    if (bql_locked()) {
 +        bql_unlock();
      }
      assert_no_pages_locked();
  }
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_halt(CPUState *cpu)
  #if defined(TARGET_I386)
          if (cpu->interrupt_request & CPU_INTERRUPT_POLL) {
              X86CPU *x86_cpu = X86_CPU(cpu);
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
              apic_poll_irq(x86_cpu->apic_state);
              cpu_reset_interrupt(cpu, CPU_INTERRUPT_POLL);
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
          }
  #endif /* TARGET_I386 */
          if (!cpu_has_work(cpu)) {
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_exception(CPUState *cpu, int *ret)
  #else
          if (replay_exception()) {
              CPUClass *cc = CPU_GET_CLASS(cpu);
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
              cc->tcg_ops->do_interrupt(cpu);
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              cpu->exception_index = -1;
              if (unlikely(cpu->singlestep_enabled)) {
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
      if (unlikely(qatomic_read(&cpu->interrupt_request))) {
          int interrupt_request;
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          interrupt_request = cpu->interrupt_request;
          if (unlikely(cpu->singlestep_enabled & SSTEP_NOIRQ)) {
              /* Mask out external interrupts for this step. */
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
          if (interrupt_request & CPU_INTERRUPT_DEBUG) {
              cpu->interrupt_request &= ~CPU_INTERRUPT_DEBUG;
              cpu->exception_index = EXCP_DEBUG;
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              return true;
          }
  #if !defined(CONFIG_USER_ONLY)
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
              cpu->interrupt_request &= ~CPU_INTERRUPT_HALT;
              cpu->halted = 1;
              cpu->exception_index = EXCP_HLT;
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              return true;
          }
  #if defined(TARGET_I386)
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
              cpu_svm_check_intercept_param(env, SVM_EXIT_INIT, 0, 0);
              do_cpu_init(x86_cpu);
              cpu->exception_index = EXCP_HALTED;
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              return true;
          }
  #else
          else if (interrupt_request & CPU_INTERRUPT_RESET) {
              replay_interrupt();
              cpu_reset(cpu);
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              return true;
          }
  #endif /* !TARGET_I386 */
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
                   */
                  if (unlikely(cpu->singlestep_enabled)) {
                      cpu->exception_index = EXCP_DEBUG;
 -                    qemu_mutex_unlock_iothread();
 +                    bql_unlock();
                      return true;
                  }
                  cpu->exception_index = -1;
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
          }
          /* If we exit via cpu_loop_exit/longjmp it is reset in cpu_exec */
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
      /* Finally, check if we need to exit to the main loop.  */
 diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/cputlb.c
 +++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static uint64_t do_ld_mmio_beN(CPUState *cpu, CPUTLBEntryFull *full,
      section = io_prepare(&mr_offset, cpu, full->xlat_section, attrs, addr, ra);
      mr = section->mr;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      ret = int_ld_mmio_beN(cpu, full, ret_be, addr, size, mmu_idx,
                            type, ra, mr, mr_offset);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      return ret;
  }
@@ -XXX,XX +XXX,XX @@ static Int128 do_ld16_mmio_beN(CPUState *cpu, CPUTLBEntryFull *full,
      section = io_prepare(&mr_offset, cpu, full->xlat_section, attrs, addr, ra);
      mr = section->mr;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      a = int_ld_mmio_beN(cpu, full, ret_be, addr, size - 8, mmu_idx,
                          MMU_DATA_LOAD, ra, mr, mr_offset);
      b = int_ld_mmio_beN(cpu, full, ret_be, addr + size - 8, 8, mmu_idx,
                          MMU_DATA_LOAD, ra, mr, mr_offset + size - 8);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      return int128_make128(b, a);
  }
@@ -XXX,XX +XXX,XX @@ static uint64_t do_st_mmio_leN(CPUState *cpu, CPUTLBEntryFull *full,
      section = io_prepare(&mr_offset, cpu, full->xlat_section, attrs, addr, ra);
      mr = section->mr;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      ret = int_st_mmio_leN(cpu, full, val_le, addr, size, mmu_idx,
                            ra, mr, mr_offset);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      return ret;
  }
@@ -XXX,XX +XXX,XX @@ static uint64_t do_st16_mmio_leN(CPUState *cpu, CPUTLBEntryFull *full,
      section = io_prepare(&mr_offset, cpu, full->xlat_section, attrs, addr, ra);
      mr = section->mr;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      int_st_mmio_leN(cpu, full, int128_getlo(val_le), addr, 8,
                      mmu_idx, ra, mr, mr_offset);
      ret = int_st_mmio_leN(cpu, full, int128_gethi(val_le), addr + 8,
                            size - 8, mmu_idx, ra, mr, mr_offset + 8);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      return ret;
  }
 diff --git a/accel/tcg/tcg-accel-ops-icount.c b/accel/tcg/tcg-accel-ops-icount.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/tcg-accel-ops-icount.c
 +++ b/accel/tcg/tcg-accel-ops-icount.c
@@ -XXX,XX +XXX,XX @@ void icount_prepare_for_run(CPUState *cpu, int64_t cpu_budget)
           * We're called without the iothread lock, so must take it while
           * we're calling timer handlers.
           */
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          icount_notify_aio_contexts();
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
  }
 diff --git a/accel/tcg/tcg-accel-ops-mttcg.c b/accel/tcg/tcg-accel-ops-mttcg.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/tcg-accel-ops-mttcg.c
 +++ b/accel/tcg/tcg-accel-ops-mttcg.c
@@ -XXX,XX +XXX,XX @@ static void *mttcg_cpu_thread_fn(void *arg)
      rcu_add_force_rcu_notifier(&force_rcu.notifier);
      tcg_register_thread();
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      qemu_thread_get_self(cpu->thread);
      cpu->thread_id = qemu_get_thread_id();
@@ -XXX,XX +XXX,XX @@ static void *mttcg_cpu_thread_fn(void *arg)
      do {
          if (cpu_can_run(cpu)) {
              int r;
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              r = tcg_cpus_exec(cpu);
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
              switch (r) {
              case EXCP_DEBUG:
                  cpu_handle_guest_debug(cpu);
@@ -XXX,XX +XXX,XX @@ static void *mttcg_cpu_thread_fn(void *arg)
                   */
                  break;
              case EXCP_ATOMIC:
 -                qemu_mutex_unlock_iothread();
 +                bql_unlock();
                  cpu_exec_step_atomic(cpu);
 -                qemu_mutex_lock_iothread();
 +                bql_lock();
              default:
                  /* Ignore everything else? */
                  break;
@@ -XXX,XX +XXX,XX @@ static void *mttcg_cpu_thread_fn(void *arg)
      } while (!cpu->unplug || cpu_can_run(cpu));
      tcg_cpus_destroy(cpu);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      rcu_remove_force_rcu_notifier(&force_rcu.notifier);
      rcu_unregister_thread();
      return NULL;
 diff --git a/accel/tcg/tcg-accel-ops-rr.c b/accel/tcg/tcg-accel-ops-rr.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/tcg-accel-ops-rr.c
 +++ b/accel/tcg/tcg-accel-ops-rr.c
@@ -XXX,XX +XXX,XX @@ static void *rr_cpu_thread_fn(void *arg)
      rcu_add_force_rcu_notifier(&force_rcu);
      tcg_register_thread();
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      qemu_thread_get_self(cpu->thread);
      cpu->thread_id = qemu_get_thread_id();
@@ -XXX,XX +XXX,XX @@ static void *rr_cpu_thread_fn(void *arg)
          /* Only used for icount_enabled() */
          int64_t cpu_budget = 0;
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          replay_mutex_lock();
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          if (icount_enabled()) {
              int cpu_count = rr_cpu_count();
@@ -XXX,XX +XXX,XX @@ static void *rr_cpu_thread_fn(void *arg)
              if (cpu_can_run(cpu)) {
                  int r;
 -                qemu_mutex_unlock_iothread();
 +                bql_unlock();
                  if (icount_enabled()) {
                      icount_prepare_for_run(cpu, cpu_budget);
                  }
@@ -XXX,XX +XXX,XX @@ static void *rr_cpu_thread_fn(void *arg)
                  if (icount_enabled()) {
                      icount_process_data(cpu);
                  }
 -                qemu_mutex_lock_iothread();
 +                bql_lock();
                  if (r == EXCP_DEBUG) {
                      cpu_handle_guest_debug(cpu);
                      break;
                  } else if (r == EXCP_ATOMIC) {
 -                    qemu_mutex_unlock_iothread();
 +                    bql_unlock();
                      cpu_exec_step_atomic(cpu);
 -                    qemu_mutex_lock_iothread();
 +                    bql_lock();
                      break;
                  }
              } else if (cpu->stop) {
 diff --git a/accel/tcg/tcg-accel-ops.c b/accel/tcg/tcg-accel-ops.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/tcg-accel-ops.c
 +++ b/accel/tcg/tcg-accel-ops.c
@@ -XXX,XX +XXX,XX @@ static void tcg_cpu_reset_hold(CPUState *cpu)
  /* mask must never be zero, except for A20 change call */
  void tcg_handle_interrupt(CPUState *cpu, int mask)
  {
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      cpu->interrupt_request |= mask;
 diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/translate-all.c
 +++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
  void cpu_interrupt(CPUState *cpu, int mask)
  {
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      cpu->interrupt_request |= mask;
      qatomic_set(&cpu->neg.icount_decr.u16.high, -1);
  }
 diff --git a/cpu-common.c b/cpu-common.c
 index XXXXXXX..XXXXXXX 100644
 --- a/cpu-common.c
 +++ b/cpu-common.c
@@ -XXX,XX +XXX,XX @@ void process_queued_cpu_work(CPUState *cpu)
               * BQL, so it goes to sleep; start_exclusive() is sleeping too, so
               * neither CPU can proceed.
               */
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              start_exclusive();
              wi->func(cpu, wi->data);
              end_exclusive();
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
          } else {
              wi->func(cpu, wi->data);
          }
 diff --git a/dump/dump.c b/dump/dump.c
 index XXXXXXX..XXXXXXX 100644
 --- a/dump/dump.c
 +++ b/dump/dump.c
@@ -XXX,XX +XXX,XX @@ static int dump_cleanup(DumpState *s)
      s->guest_note = NULL;
      if (s->resume) {
          if (s->detached) {
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
          }
          vm_start();
          if (s->detached) {
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
          }
      }
      migrate_del_blocker(&dump_migration_blocker);
 diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/core/cpu-common.c
 +++ b/hw/core/cpu-common.c
@@ -XXX,XX +XXX,XX @@ CPUState *cpu_create(const char *typename)
   * BQL here if we need to.  cpu_interrupt assumes it is held.*/
  void cpu_reset_interrupt(CPUState *cpu, int mask)
  {
 -    bool need_lock = !qemu_mutex_iothread_locked();
 +    bool need_lock = !bql_locked();
      if (need_lock) {
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
      }
      cpu->interrupt_request &= ~mask;
      if (need_lock) {
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
  }
 diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/i386/intel_iommu.c
 +++ b/hw/i386/intel_iommu.c
@@ -XXX,XX +XXX,XX @@ static bool vtd_switch_address_space(VTDAddressSpace *as)
  {
      bool use_iommu, pt;
      /* Whether we need to take the BQL on our own */
 -    bool take_bql = !qemu_mutex_iothread_locked();
 +    bool take_bql = !bql_locked();
      assert(as);
@@ -XXX,XX +XXX,XX @@ static bool vtd_switch_address_space(VTDAddressSpace *as)
       * it. We'd better make sure we have had it already, or, take it.
       */
      if (take_bql) {
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
      }
      /* Turn off first then on the other */
@@ -XXX,XX +XXX,XX @@ static bool vtd_switch_address_space(VTDAddressSpace *as)
      }
      if (take_bql) {
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
      return use_iommu;
 diff --git a/hw/i386/kvm/xen_evtchn.c b/hw/i386/kvm/xen_evtchn.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/i386/kvm/xen_evtchn.c
 +++ b/hw/i386/kvm/xen_evtchn.c
@@ -XXX,XX +XXX,XX @@ void xen_evtchn_set_callback_level(int level)
       * effect immediately. That just leaves interdomain loopback as the case
       * which uses the BH.
       */
 -    if (!qemu_mutex_iothread_locked()) {
 +    if (!bql_locked()) {
          qemu_bh_schedule(s->gsi_bh);
          return;
      }
@@ -XXX,XX +XXX,XX @@ int xen_evtchn_set_callback_param(uint64_t param)
       * We need the BQL because set_callback_pci_intx() may call into PCI code,
       * and because we may need to manipulate the old and new GSI levels.
       */
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      qemu_mutex_lock(&s->port_lock);
      switch (type) {
@@ -XXX,XX +XXX,XX @@ static int close_port(XenEvtchnState *s, evtchn_port_t port,
      XenEvtchnPort *p = &s->port_table[port];
      /* Because it *might* be a PIRQ port */
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      switch (p->type) {
      case EVTCHNSTAT_closed:
@@ -XXX,XX +XXX,XX @@ int xen_evtchn_soft_reset(void)
          return -ENOTSUP;
      }
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      qemu_mutex_lock(&s->port_lock);
@@ -XXX,XX +XXX,XX @@ bool xen_evtchn_set_gsi(int gsi, int level)
      XenEvtchnState *s = xen_evtchn_singleton;
      int pirq;
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      if (!s || gsi < 0 || gsi >= IOAPIC_NUM_PINS) {
          return false;
@@ -XXX,XX +XXX,XX @@ void xen_evtchn_snoop_msi(PCIDevice *dev, bool is_msix, unsigned int vector,
          return;
      }
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      pirq = msi_pirq_target(addr, data);
@@ -XXX,XX +XXX,XX @@ int xen_evtchn_translate_pirq_msi(struct kvm_irq_routing_entry *route,
          return 1; /* Not a PIRQ */
      }
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      pirq = msi_pirq_target(address, data);
      if (!pirq || pirq >= s->nr_pirqs) {
@@ -XXX,XX +XXX,XX @@ bool xen_evtchn_deliver_pirq_msi(uint64_t address, uint32_t data)
          return false;
      }
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      pirq = msi_pirq_target(address, data);
      if (!pirq || pirq >= s->nr_pirqs) {
 diff --git a/hw/i386/kvm/xen_overlay.c b/hw/i386/kvm/xen_overlay.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/i386/kvm/xen_overlay.c
 +++ b/hw/i386/kvm/xen_overlay.c
@@ -XXX,XX +XXX,XX @@ int xen_overlay_map_shinfo_page(uint64_t gpa)
          return -ENOENT;
      }
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      if (s->shinfo_gpa) {
          /* If removing shinfo page, turn the kernel magic off first */
 diff --git a/hw/i386/kvm/xen_xenstore.c b/hw/i386/kvm/xen_xenstore.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/i386/kvm/xen_xenstore.c
 +++ b/hw/i386/kvm/xen_xenstore.c
@@ -XXX,XX +XXX,XX @@ static void fire_watch_cb(void *opaque, const char *path, const char *token)
  {
      XenXenstoreState *s = opaque;
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      /*
       * If there's a response pending, we obviously can't scribble over
 diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/intc/arm_gicv3_cpuif.c
 +++ b/hw/intc/arm_gicv3_cpuif.c
@@ -XXX,XX +XXX,XX @@ void gicv3_cpuif_update(GICv3CPUState *cs)
      ARMCPU *cpu = ARM_CPU(cs->cpu);
      CPUARMState *env = &cpu->env;
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      trace_gicv3_cpuif_update(gicv3_redist_affid(cs), cs->hppi.irq,
                               cs->hppi.grp, cs->hppi.prio);
 diff --git a/hw/intc/s390_flic.c b/hw/intc/s390_flic.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/intc/s390_flic.c
 +++ b/hw/intc/s390_flic.c
@@ -XXX,XX +XXX,XX @@ static int qemu_s390_clear_io_flic(S390FLICState *fs, uint16_t subchannel_id,
      QEMUS390FlicIO *cur, *next;
      uint8_t isc;
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      if (!(flic->pending & FLIC_PENDING_IO)) {
          return 0;
      }
@@ -XXX,XX +XXX,XX @@ uint32_t qemu_s390_flic_dequeue_service(QEMUS390FLICState *flic)
  {
      uint32_t tmp;
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      g_assert(flic->pending & FLIC_PENDING_SERVICE);
      tmp = flic->service_param;
      flic->service_param = 0;
@@ -XXX,XX +XXX,XX @@ QEMUS390FlicIO *qemu_s390_flic_dequeue_io(QEMUS390FLICState *flic, uint64_t cr6)
      QEMUS390FlicIO *io;
      uint8_t isc;
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      if (!(flic->pending & CR6_TO_PENDING_IO(cr6))) {
          return NULL;
      }
@@ -XXX,XX +XXX,XX @@ QEMUS390FlicIO *qemu_s390_flic_dequeue_io(QEMUS390FLICState *flic, uint64_t cr6)
  void qemu_s390_flic_dequeue_crw_mchk(QEMUS390FLICState *flic)
  {
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      g_assert(flic->pending & FLIC_PENDING_MCHK_CR);
      flic->pending &= ~FLIC_PENDING_MCHK_CR;
  }
@@ -XXX,XX +XXX,XX @@ static void qemu_s390_inject_service(S390FLICState *fs, uint32_t parm)
  {
      QEMUS390FLICState *flic = s390_get_qemu_flic(fs);
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      /* multiplexing is good enough for sclp - kvm does it internally as well */
      flic->service_param |= parm;
      flic->pending |= FLIC_PENDING_SERVICE;
@@ -XXX,XX +XXX,XX @@ static void qemu_s390_inject_io(S390FLICState *fs, uint16_t subchannel_id,
      QEMUS390FLICState *flic = s390_get_qemu_flic(fs);
      QEMUS390FlicIO *io;
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      io = g_new0(QEMUS390FlicIO, 1);
      io->id = subchannel_id;
      io->nr = subchannel_nr;
@@ -XXX,XX +XXX,XX @@ static void qemu_s390_inject_crw_mchk(S390FLICState *fs)
  {
      QEMUS390FLICState *flic = s390_get_qemu_flic(fs);
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      flic->pending |= FLIC_PENDING_MCHK_CR;
      qemu_s390_flic_notify(FLIC_PENDING_MCHK_CR);
@@ -XXX,XX +XXX,XX @@ bool qemu_s390_flic_has_crw_mchk(QEMUS390FLICState *flic)
  bool qemu_s390_flic_has_any(QEMUS390FLICState *flic)
  {
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      return !!flic->pending;
  }
@@ -XXX,XX +XXX,XX @@ static void qemu_s390_flic_reset(DeviceState *dev)
      QEMUS390FlicIO *cur, *next;
      int isc;
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      flic->simm = 0;
      flic->nimm = 0;
      flic->pending = 0;
 diff --git a/hw/misc/edu.c b/hw/misc/edu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/misc/edu.c
 +++ b/hw/misc/edu.c
@@ -XXX,XX +XXX,XX @@ static void *edu_fact_thread(void *opaque)
          smp_mb__after_rmw();
          if (qatomic_read(&edu->status) & EDU_STATUS_IRQFACT) {
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
              edu_raise_irq(edu, FACT_IRQ);
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
          }
      }
 diff --git a/hw/misc/imx6_src.c b/hw/misc/imx6_src.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/misc/imx6_src.c
 +++ b/hw/misc/imx6_src.c
@@ -XXX,XX +XXX,XX @@ static void imx6_clear_reset_bit(CPUState *cpu, run_on_cpu_data data)
      struct SRCSCRResetInfo *ri = data.host_ptr;
      IMX6SRCState *s = ri->s;
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      s->regs[SRC_SCR] = deposit32(s->regs[SRC_SCR], ri->reset_bit, 1, 0);
      DPRINTF("reg[%s] <= 0x%" PRIx32 "\n",
 diff --git a/hw/misc/imx7_src.c b/hw/misc/imx7_src.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/misc/imx7_src.c
 +++ b/hw/misc/imx7_src.c
@@ -XXX,XX +XXX,XX @@ static void imx7_clear_reset_bit(CPUState *cpu, run_on_cpu_data data)
      struct SRCSCRResetInfo *ri = data.host_ptr;
      IMX7SRCState *s = ri->s;
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      s->regs[SRC_A7RCR0] = deposit32(s->regs[SRC_A7RCR0], ri->reset_bit, 1, 0);
 diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/net/xen_nic.c
 +++ b/hw/net/xen_nic.c
@@ -XXX,XX +XXX,XX @@ static bool net_tx_packets(struct XenNetDev *netdev)
      void *page;
      void *tmpbuf = NULL;
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      for (;;) {
          rc = netdev->tx_ring.req_cons;
@@ -XXX,XX +XXX,XX @@ static ssize_t net_rx_packet(NetClientState *nc, const uint8_t *buf, size_t size
      RING_IDX rc, rp;
      void *page;
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      if (xen_device_backend_get_state(&netdev->xendev) != XenbusStateConnected) {
          return -1;
@@ -XXX,XX +XXX,XX @@ static bool xen_netdev_connect(XenDevice *xendev, Error **errp)
      XenNetDev *netdev = XEN_NET_DEVICE(xendev);
      unsigned int port, rx_copy;
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      if (xen_device_frontend_scanf(xendev, "tx-ring-ref", "%u",
                                    &netdev->tx_ring_ref) != 1) {
@@ -XXX,XX +XXX,XX @@ static void xen_netdev_disconnect(XenDevice *xendev, Error **errp)
      trace_xen_netdev_disconnect(netdev->dev);
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      netdev->tx_ring.sring = NULL;
      netdev->rx_ring.sring = NULL;
 diff --git a/hw/ppc/pegasos2.c b/hw/ppc/pegasos2.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/ppc/pegasos2.c
 +++ b/hw/ppc/pegasos2.c
@@ -XXX,XX +XXX,XX @@ static void pegasos2_hypercall(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu)
      CPUPPCState *env = &cpu->env;
      /* The TCG path should also be holding the BQL at this point */
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      if (FIELD_EX64(env->msr, MSR, PR)) {
          qemu_log_mask(LOG_GUEST_ERROR, "Hypercall made with MSR[PR]=1\n");
 diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/ppc/ppc.c
 +++ b/hw/ppc/ppc.c
@@ -XXX,XX +XXX,XX @@ void store_40x_dbcr0(CPUPPCState *env, uint32_t val)
  {
      PowerPCCPU *cpu = env_archcpu(env);
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      switch ((val >> 28) & 0x3) {
      case 0x0:
@@ -XXX,XX +XXX,XX @@ void store_40x_dbcr0(CPUPPCState *env, uint32_t val)
          break;
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  /* PowerPC 40x internal IRQ controller */
 diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/ppc/spapr.c
 +++ b/hw/ppc/spapr.c
@@ -XXX,XX +XXX,XX @@ static void emulate_spapr_hypercall(PPCVirtualHypervisor *vhyp,
      CPUPPCState *env = &cpu->env;
      /* The TCG path should also be holding the BQL at this point */
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      g_assert(!vhyp_cpu_in_nested(cpu));
 diff --git a/hw/ppc/spapr_rng.c b/hw/ppc/spapr_rng.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/ppc/spapr_rng.c
 +++ b/hw/ppc/spapr_rng.c
@@ -XXX,XX +XXX,XX @@ static target_ulong h_random(PowerPCCPU *cpu, SpaprMachineState *spapr,
      while (hrdata.received < 8) {
          rng_backend_request_entropy(rngstate->backend, 8 - hrdata.received,
                                      random_recv, &hrdata);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          qemu_sem_wait(&hrdata.sem);
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
      }
      qemu_sem_destroy(&hrdata.sem);
 diff --git a/hw/ppc/spapr_softmmu.c b/hw/ppc/spapr_softmmu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/ppc/spapr_softmmu.c
 +++ b/hw/ppc/spapr_softmmu.c
@@ -XXX,XX +XXX,XX @@ static void *hpt_prepare_thread(void *opaque)
          pending->ret = H_NO_MEM;
      }
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      if (SPAPR_MACHINE(qdev_get_machine())->pending_hpt == pending) {
          /* Ready to go */
@@ -XXX,XX +XXX,XX @@ static void *hpt_prepare_thread(void *opaque)
          free_pending_hpt(pending);
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      return NULL;
  }
 diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/remote/mpqemu-link.c
 +++ b/hw/remote/mpqemu-link.c
@@ -XXX,XX +XXX,XX @@
   */
  bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
  {
 -    bool iolock = qemu_mutex_iothread_locked();
 +    bool drop_bql = bql_locked();
      bool iothread = qemu_in_iothread();
      struct iovec send[2] = {};
      int *fds = NULL;
@@ -XXX,XX +XXX,XX @@ bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
       * for IOThread case.
       * Also skip lock handling while in a co-routine in the main context.
       */
 -    if (iolock && !iothread && !qemu_in_coroutine()) {
 -        qemu_mutex_unlock_iothread();
 +    if (drop_bql && !iothread && !qemu_in_coroutine()) {
 +        bql_unlock();
      }
      if (!qio_channel_writev_full_all(ioc, send, G_N_ELEMENTS(send),
@@ -XXX,XX +XXX,XX @@ bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
          trace_mpqemu_send_io_error(msg->cmd, msg->size, nfds);
      }
 -    if (iolock && !iothread && !qemu_in_coroutine()) {
 +    if (drop_bql && !iothread && !qemu_in_coroutine()) {
          /* See above comment why skip locking here. */
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
      }
      return ret;
@@ -XXX,XX +XXX,XX @@ static ssize_t mpqemu_read(QIOChannel *ioc, void *buf, size_t len, int **fds,
                             size_t *nfds, Error **errp)
  {
      struct iovec iov = { .iov_base = buf, .iov_len = len };
 -    bool iolock = qemu_mutex_iothread_locked();
 +    bool drop_bql = bql_locked();
      bool iothread = qemu_in_iothread();
      int ret = -1;
@@ -XXX,XX +XXX,XX @@ static ssize_t mpqemu_read(QIOChannel *ioc, void *buf, size_t len, int **fds,
       */
      assert(qemu_in_coroutine() || !iothread);
 -    if (iolock && !iothread && !qemu_in_coroutine()) {
 -        qemu_mutex_unlock_iothread();
 +    if (drop_bql && !iothread && !qemu_in_coroutine()) {
 +        bql_unlock();
      }
      ret = qio_channel_readv_full_all_eof(ioc, &iov, 1, fds, nfds, errp);
 -    if (iolock && !iothread && !qemu_in_coroutine()) {
 -        qemu_mutex_lock_iothread();
 +    if (drop_bql && !iothread && !qemu_in_coroutine()) {
 +        bql_lock();
      }
      return (ret <= 0) ? ret : iov.iov_len;
 diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/remote/vfio-user-obj.c
 +++ b/hw/remote/vfio-user-obj.c
@@ -XXX,XX +XXX,XX @@ static int vfu_object_mr_rw(MemoryRegion *mr, uint8_t *buf, hwaddr offset,
          }
          if (release_lock) {
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              release_lock = false;
          }
 diff --git a/hw/s390x/s390-skeys.c b/hw/s390x/s390-skeys.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/s390x/s390-skeys.c
 +++ b/hw/s390x/s390-skeys.c
@@ -XXX,XX +XXX,XX @@ void qmp_dump_skeys(const char *filename, Error **errp)
          goto out;
      }
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      guest_phys_blocks_init(&guest_phys_blocks);
      guest_phys_blocks_append(&guest_phys_blocks);
 diff --git a/migration/block-dirty-bitmap.c b/migration/block-dirty-bitmap.c
 index XXXXXXX..XXXXXXX 100644
 --- a/migration/block-dirty-bitmap.c
 +++ b/migration/block-dirty-bitmap.c
@@ -XXX,XX +XXX,XX @@ static void dirty_bitmap_state_pending(void *opaque,
      SaveBitmapState *dbms;
      uint64_t pending = 0;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      QSIMPLEQ_FOREACH(dbms, &s->dbms_list, entry) {
          uint64_t gran = bdrv_dirty_bitmap_granularity(dbms->bitmap);
@@ -XXX,XX +XXX,XX @@ static void dirty_bitmap_state_pending(void *opaque,
          pending += DIV_ROUND_UP(sectors * BDRV_SECTOR_SIZE, gran);
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      trace_dirty_bitmap_state_pending(pending);
 diff --git a/migration/block.c b/migration/block.c
 index XXXXXXX..XXXXXXX 100644
 --- a/migration/block.c
 +++ b/migration/block.c
@@ -XXX,XX +XXX,XX @@ static int mig_save_device_bulk(QEMUFile *f, BlkMigDevState *bmds)
      int64_t count;
      if (bmds->shared_base) {
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          /* Skip unallocated sectors; intentionally treats failure or
           * partial sector as an allocated sector */
          while (cur_sector < total_sectors &&
@@ -XXX,XX +XXX,XX @@ static int mig_save_device_bulk(QEMUFile *f, BlkMigDevState *bmds)
              }
              cur_sector += count >> BDRV_SECTOR_BITS;
          }
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
      if (cur_sector >= total_sectors) {
@@ -XXX,XX +XXX,XX @@ static int mig_save_device_bulk(QEMUFile *f, BlkMigDevState *bmds)
       * I/O runs in the main loop AioContext (see
       * qemu_get_current_aio_context()).
       */
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      bdrv_reset_dirty_bitmap(bmds->dirty_bitmap, cur_sector * BDRV_SECTOR_SIZE,
                              nr_sectors * BDRV_SECTOR_SIZE);
      blk->aiocb = blk_aio_preadv(bb, cur_sector * BDRV_SECTOR_SIZE, &blk->qiov,
 , blk_mig_read_cb, blk);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      bmds->cur_sector = cur_sector + nr_sectors;
      return (bmds->cur_sector >= total_sectors);
@@ -XXX,XX +XXX,XX @@ static int block_save_iterate(QEMUFile *f, void *opaque)
              /* Always called with iothread lock taken for
               * simplicity, block_save_complete also calls it.
               */
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
              ret = blk_mig_save_dirty_block(f, 1);
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
          }
          if (ret < 0) {
              return ret;
@@ -XXX,XX +XXX,XX @@ static void block_state_pending(void *opaque, uint64_t *must_precopy,
      /* Estimate pending number of bytes to send */
      uint64_t pending;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      pending = get_remaining_dirty();
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      blk_mig_lock();
      pending += block_mig_state.submitted * BLK_MIG_BLOCK_SIZE +
 diff --git a/migration/colo.c b/migration/colo.c
 index XXXXXXX..XXXXXXX 100644
 --- a/migration/colo.c
 +++ b/migration/colo.c
@@ -XXX,XX +XXX,XX @@ static int colo_do_checkpoint_transaction(MigrationState *s,
      qio_channel_io_seek(QIO_CHANNEL(bioc), 0, 0, NULL);
      bioc->usage = 0;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      if (failover_get_state() != FAILOVER_STATUS_NONE) {
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          goto out;
      }
      vm_stop_force_state(RUN_STATE_COLO);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      trace_colo_vm_state_change("run", "stop");
      /*
       * Failover request bh could be called after vm_stop_force_state(),
@@ -XXX,XX +XXX,XX @@ static int colo_do_checkpoint_transaction(MigrationState *s,
      if (failover_get_state() != FAILOVER_STATUS_NONE) {
          goto out;
      }
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      replication_do_checkpoint_all(&local_err);
      if (local_err) {
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          goto out;
      }
      colo_send_message(s->to_dst_file, COLO_MESSAGE_VMSTATE_SEND, &local_err);
      if (local_err) {
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          goto out;
      }
      /* Note: device state is saved into buffer */
      ret = qemu_save_device_state(fb);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      if (ret < 0) {
          goto out;
      }
@@ -XXX,XX +XXX,XX @@ static int colo_do_checkpoint_transaction(MigrationState *s,
      ret = 0;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      vm_start();
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      trace_colo_vm_state_change("stop", "run");
  out:
@@ -XXX,XX +XXX,XX @@ static void colo_process_checkpoint(MigrationState *s)
      fb = qemu_file_new_output(QIO_CHANNEL(bioc));
      object_unref(OBJECT(bioc));
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      replication_start_all(REPLICATION_MODE_PRIMARY, &local_err);
      if (local_err) {
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          goto out;
      }
      vm_start();
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      trace_colo_vm_state_change("stop", "run");
      timer_mod(s->colo_delay_timer, qemu_clock_get_ms(QEMU_CLOCK_HOST) +
@@ -XXX,XX +XXX,XX @@ out:
  void migrate_start_colo_process(MigrationState *s)
  {
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      qemu_event_init(&s->colo_checkpoint_event, false);
      s->colo_delay_timer =  timer_new_ms(QEMU_CLOCK_HOST,
                                  colo_checkpoint_notify, s);
      qemu_sem_init(&s->colo_exit_sem, 0);
      colo_process_checkpoint(s);
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
  }
  static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
@@ -XXX,XX +XXX,XX @@ static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
      Error *local_err = NULL;
      int ret;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      vm_stop_force_state(RUN_STATE_COLO);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      trace_colo_vm_state_change("run", "stop");
      /* FIXME: This is unnecessary for periodic checkpoint mode */
@@ -XXX,XX +XXX,XX @@ static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
          return;
      }
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      cpu_synchronize_all_states();
      ret = qemu_loadvm_state_main(mis->from_src_file, mis);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      if (ret < 0) {
          error_setg(errp, "Load VM's live state (ram) error");
@@ -XXX,XX +XXX,XX @@ static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
          return;
      }
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      vmstate_loading = true;
      colo_flush_ram_cache();
      ret = qemu_load_device_state(fb);
      if (ret < 0) {
          error_setg(errp, "COLO: load device state failed");
          vmstate_loading = false;
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          return;
      }
@@ -XXX,XX +XXX,XX @@ static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
      if (local_err) {
          error_propagate(errp, local_err);
          vmstate_loading = false;
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          return;
      }
@@ -XXX,XX +XXX,XX @@ static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
      if (local_err) {
          error_propagate(errp, local_err);
          vmstate_loading = false;
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          return;
      }
      /* Notify all filters of all NIC to do checkpoint */
@@ -XXX,XX +XXX,XX @@ static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
      if (local_err) {
          error_propagate(errp, local_err);
          vmstate_loading = false;
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          return;
      }
      vmstate_loading = false;
      vm_start();
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      trace_colo_vm_state_change("stop", "run");
      if (failover_get_state() == FAILOVER_STATUS_RELAUNCH) {
@@ -XXX,XX +XXX,XX @@ static void *colo_process_incoming_thread(void *opaque)
      fb = qemu_file_new_input(QIO_CHANNEL(bioc));
      object_unref(OBJECT(bioc));
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      replication_start_all(REPLICATION_MODE_SECONDARY, &local_err);
      if (local_err) {
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          goto out;
      }
      vm_start();
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      trace_colo_vm_state_change("stop", "run");
      colo_send_message(mis->to_src_file, COLO_MESSAGE_CHECKPOINT_READY,
@@ -XXX,XX +XXX,XX @@ int coroutine_fn colo_incoming_co(void)
      Error *local_err = NULL;
      QemuThread th;
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      if (!migration_incoming_colo_enabled()) {
          return 0;
@@ -XXX,XX +XXX,XX @@ int coroutine_fn colo_incoming_co(void)
      qemu_coroutine_yield();
      mis->colo_incoming_co = NULL;
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      /* Wait checkpoint incoming thread exit before free resource */
      qemu_thread_join(&th);
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      /* We hold the global iothread lock, so it is safe here */
      colo_release_ram_cache();
 diff --git a/migration/dirtyrate.c b/migration/dirtyrate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/migration/dirtyrate.c
 +++ b/migration/dirtyrate.c
@@ -XXX,XX +XXX,XX @@ static int64_t do_calculate_dirtyrate(DirtyPageRecord dirty_pages,
  void global_dirty_log_change(unsigned int flag, bool start)
  {
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      if (start) {
          memory_global_dirty_log_start(flag);
      } else {
          memory_global_dirty_log_stop(flag);
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  /*
@@ -XXX,XX +XXX,XX @@ void global_dirty_log_change(unsigned int flag, bool start)
   */
  static void global_dirty_log_sync(unsigned int flag, bool one_shot)
  {
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      memory_global_dirty_log_sync(false);
      if (one_shot) {
          memory_global_dirty_log_stop(flag);
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  static DirtyPageRecord *vcpu_dirty_stat_alloc(VcpuStat *stat)
@@ -XXX,XX +XXX,XX @@ static void calculate_dirtyrate_dirty_bitmap(struct DirtyRateConfig config)
      int64_t start_time;
      DirtyPageRecord dirty_pages;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      memory_global_dirty_log_start(GLOBAL_DIRTY_DIRTY_RATE);
      /*
@@ -XXX,XX +XXX,XX @@ static void calculate_dirtyrate_dirty_bitmap(struct DirtyRateConfig config)
       * KVM_DIRTY_LOG_MANUAL_PROTECT_ENABLE cap is enabled.
       */
      dirtyrate_manual_reset_protect();
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      record_dirtypages_bitmap(&dirty_pages, true);
 diff --git a/migration/migration.c b/migration/migration.c
 index XXXXXXX..XXXXXXX 100644
 --- a/migration/migration.c
 +++ b/migration/migration.c
@@ -XXX,XX +XXX,XX @@ static void migrate_fd_cleanup(MigrationState *s)
          QEMUFile *tmp;
          trace_migrate_fd_cleanup();
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          if (s->migration_thread_running) {
              qemu_thread_join(&s->thread);
              s->migration_thread_running = false;
          }
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          multifd_save_cleanup();
          qemu_mutex_lock(&s->qemu_file_lock);
@@ -XXX,XX +XXX,XX @@ static int postcopy_start(MigrationState *ms, Error **errp)
      }
      trace_postcopy_start();
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      trace_postcopy_start_set_run();
      migration_downtime_start(ms);
@@ -XXX,XX +XXX,XX @@ static int postcopy_start(MigrationState *ms, Error **errp)
      migration_downtime_end(ms);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      if (migrate_postcopy_ram()) {
          /*
@@ -XXX,XX +XXX,XX @@ fail:
              error_report_err(local_err);
          }
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      return -1;
  }
@@ -XXX,XX +XXX,XX @@ static int migration_maybe_pause(MigrationState *s,
       * wait for the 'pause_sem' semaphore.
       */
      if (s->state != MIGRATION_STATUS_CANCELLING) {
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          migrate_set_state(&s->state, *current_active_state,
                            MIGRATION_STATUS_PRE_SWITCHOVER);
          qemu_sem_wait(&s->pause_sem);
          migrate_set_state(&s->state, MIGRATION_STATUS_PRE_SWITCHOVER,
                            new_state);
          *current_active_state = new_state;
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
      }
      return s->state == new_state ? 0 : -EINVAL;
@@ -XXX,XX +XXX,XX @@ static int migration_completion_precopy(MigrationState *s,
  {
      int ret;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      migration_downtime_start(s);
      s->vm_old_state = runstate_get();
@@ -XXX,XX +XXX,XX @@ static int migration_completion_precopy(MigrationState *s,
      ret = qemu_savevm_state_complete_precopy(s->to_dst_file, false,
                                               s->block_inactive);
  out_unlock:
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      return ret;
  }
@@ -XXX,XX +XXX,XX @@ static void migration_completion_postcopy(MigrationState *s)
  {
      trace_migration_completion_postcopy_end();
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      qemu_savevm_state_complete_postcopy(s->to_dst_file);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      /*
       * Shutdown the postcopy fast path thread.  This is only needed when dest
@@ -XXX,XX +XXX,XX @@ static void migration_completion_failed(MigrationState *s,
           */
          Error *local_err = NULL;
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          bdrv_activate_all(&local_err);
          if (local_err) {
              error_report_err(local_err);
          } else {
              s->block_inactive = false;
          }
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
      migrate_set_state(&s->state, current_active_state,
@@ -XXX,XX +XXX,XX @@ static void migration_iteration_finish(MigrationState *s)
      /* If we enabled cpu throttling for auto-converge, turn it off. */
      cpu_throttle_stop();
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      switch (s->state) {
      case MIGRATION_STATUS_COMPLETED:
          migration_calculate_complete(s);
@@ -XXX,XX +XXX,XX @@ static void migration_iteration_finish(MigrationState *s)
          break;
      }
      migrate_fd_cleanup_schedule(s);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  static void bg_migration_iteration_finish(MigrationState *s)
@@ -XXX,XX +XXX,XX @@ static void bg_migration_iteration_finish(MigrationState *s)
       */
      ram_write_tracking_stop();
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      switch (s->state) {
      case MIGRATION_STATUS_COMPLETED:
          migration_calculate_complete(s);
@@ -XXX,XX +XXX,XX @@ static void bg_migration_iteration_finish(MigrationState *s)
      }
      migrate_fd_cleanup_schedule(s);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  /*
@@ -XXX,XX +XXX,XX @@ static void *migration_thread(void *opaque)
      object_ref(OBJECT(s));
      update_iteration_initial_status(s);
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      qemu_savevm_state_header(s->to_dst_file);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      /*
       * If we opened the return path, we need to make sure dst has it
@@ -XXX,XX +XXX,XX @@ static void *migration_thread(void *opaque)
          qemu_savevm_send_colo_enable(s->to_dst_file);
      }
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      qemu_savevm_state_setup(s->to_dst_file);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      qemu_savevm_wait_unplug(s, MIGRATION_STATUS_SETUP,
                                 MIGRATION_STATUS_ACTIVE);
@@ -XXX,XX +XXX,XX @@ static void *bg_migration_thread(void *opaque)
      ram_write_tracking_prepare();
  #endif
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      qemu_savevm_state_header(s->to_dst_file);
      qemu_savevm_state_setup(s->to_dst_file);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      qemu_savevm_wait_unplug(s, MIGRATION_STATUS_SETUP,
                                 MIGRATION_STATUS_ACTIVE);
@@ -XXX,XX +XXX,XX @@ static void *bg_migration_thread(void *opaque)
      trace_migration_thread_setup_complete();
      migration_downtime_start(s);
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      s->vm_old_state = runstate_get();
@@ -XXX,XX +XXX,XX @@ static void *bg_migration_thread(void *opaque)
      s->vm_start_bh = qemu_bh_new(bg_migration_vm_start_bh, s);
      qemu_bh_schedule(s->vm_start_bh);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      while (migration_is_active(s)) {
          MigIterateState iter_state = bg_migration_iteration_run(s);
@@ -XXX,XX +XXX,XX @@ fail:
      if (early_fail) {
          migrate_set_state(&s->state, MIGRATION_STATUS_ACTIVE,
                  MIGRATION_STATUS_FAILED);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
      bg_migration_iteration_finish(s);
 diff --git a/migration/ram.c b/migration/ram.c
 index XXXXXXX..XXXXXXX 100644
 --- a/migration/ram.c
 +++ b/migration/ram.c
@@ -XXX,XX +XXX,XX @@ static int ram_save_setup(QEMUFile *f, void *opaque)
      migration_ops = g_malloc0(sizeof(MigrationOps));
      migration_ops->ram_save_target_page = ram_save_target_page_legacy;
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      ret = multifd_send_sync_main(f);
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      if (ret < 0) {
          return ret;
      }
-@@ -XXX,XX +XXX,XX @@ static void ram_state_pending_exact(void *opaque, uint64_t *must_precopy,
+diff --git a/block/qcow2.c b/block/qcow2.c
-     uint64_t remaining_size = rs->migration_dirty_pages * TARGET_PAGE_SIZE;
+index XXXXXXX..XXXXXXX 100644
+--- a/block/qcow2.c
-     if (!migration_in_postcopy() && remaining_size < s->threshold_size) {
++++ b/block/qcow2.c
--        qemu_mutex_lock_iothread();
+@@ -XXX,XX +XXX,XX @@ qcow2_co_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
 +        bql_lock();
          WITH_RCU_READ_LOCK_GUARD() {
              migration_bitmap_sync_precopy(rs, false);
          }
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          remaining_size = rs->migration_dirty_pages * TARGET_PAGE_SIZE;
      }
@@ -XXX,XX +XXX,XX @@ void colo_incoming_start_dirty_log(void)
  {
-     RAMBlock *block = NULL;
+     BDRVQcow2State *s = bs->opaque;
-     /* For memory_global_dirty_log_start below. */
+     bdi->cluster_size = s->cluster_size;
--    qemu_mutex_lock_iothread();
++    bdi->subcluster_size = s->subcluster_size;
-+    bql_lock();
+     bdi->vm_state_offset = qcow2_vm_state_offset(s);
-     qemu_mutex_lock_ramlist();
+     bdi->is_dirty = s->incompatible_features & QCOW2_INCOMPAT_DIRTY;
      memory_global_dirty_log_sync(false);
@@ -XXX,XX +XXX,XX @@ void colo_incoming_start_dirty_log(void)
      }
      ram_state->migration_dirty_pages = 0;
      qemu_mutex_unlock_ramlist();
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  /* It is need to hold the global lock to call this helper */
 diff --git a/replay/replay-internal.c b/replay/replay-internal.c
 index XXXXXXX..XXXXXXX 100644
 --- a/replay/replay-internal.c
 +++ b/replay/replay-internal.c
@@ -XXX,XX +XXX,XX @@ void replay_mutex_lock(void)
  {
      if (replay_mode != REPLAY_MODE_NONE) {
          unsigned long id;
 -        g_assert(!qemu_mutex_iothread_locked());
 +        g_assert(!bql_locked());
          g_assert(!replay_mutex_locked());
          qemu_mutex_lock(&lock);
          id = mutex_tail++;
 diff --git a/semihosting/console.c b/semihosting/console.c
 index XXXXXXX..XXXXXXX 100644
 --- a/semihosting/console.c
 +++ b/semihosting/console.c
@@ -XXX,XX +XXX,XX @@ static SemihostingConsole console;
  static int console_can_read(void *opaque)
  {
      SemihostingConsole *c = opaque;
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      return (int)fifo8_num_free(&c->fifo);
  }
@@ -XXX,XX +XXX,XX @@ static void console_wake_up(gpointer data, gpointer user_data)
  static void console_read(void *opaque, const uint8_t *buf, int size)
  {
      SemihostingConsole *c = opaque;
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      while (size-- && !fifo8_is_full(&c->fifo)) {
          fifo8_push(&c->fifo, *buf++);
      }
@@ -XXX,XX +XXX,XX @@ bool qemu_semihosting_console_ready(void)
  {
      SemihostingConsole *c = &console;
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      return !fifo8_is_empty(&c->fifo);
  }
@@ -XXX,XX +XXX,XX @@ void qemu_semihosting_console_block_until_ready(CPUState *cs)
  {
      SemihostingConsole *c = &console;
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      /* Block if the fifo is completely empty. */
      if (fifo8_is_empty(&c->fifo)) {
 diff --git a/stubs/iothread-lock.c b/stubs/iothread-lock.c
 index XXXXXXX..XXXXXXX 100644
 --- a/stubs/iothread-lock.c
 +++ b/stubs/iothread-lock.c
@@ -XXX,XX +XXX,XX @@
  #include "qemu/osdep.h"
  #include "qemu/main-loop.h"
 -bool qemu_mutex_iothread_locked(void)
 +bool bql_locked(void)
  {
      return false;
  }
 -void qemu_mutex_lock_iothread_impl(const char *file, int line)
 +void bql_lock_impl(const char *file, int line)
  {
  }
 -void qemu_mutex_unlock_iothread(void)
 +void bql_unlock(void)
  {
  }
 diff --git a/system/cpu-throttle.c b/system/cpu-throttle.c
 index XXXXXXX..XXXXXXX 100644
 --- a/system/cpu-throttle.c
 +++ b/system/cpu-throttle.c
@@ -XXX,XX +XXX,XX @@ static void cpu_throttle_thread(CPUState *cpu, run_on_cpu_data opaque)
              qemu_cond_timedwait_iothread(cpu->halt_cond,
                                           sleeptime_ns / SCALE_MS);
          } else {
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              g_usleep(sleeptime_ns / SCALE_US);
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
          }
          sleeptime_ns = endtime_ns - qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
      }
 diff --git a/system/cpus.c b/system/cpus.c
 index XXXXXXX..XXXXXXX 100644
 --- a/system/cpus.c
 +++ b/system/cpus.c
@@ -XXX,XX +XXX,XX @@
  #endif /* CONFIG_LINUX */
 -static QemuMutex qemu_global_mutex;
 +/* The Big QEMU Lock (BQL) */
 +static QemuMutex bql;
  /*
   * The chosen accelerator is supposed to register this.
@@ -XXX,XX +XXX,XX @@ void qemu_init_cpu_loop(void)
      qemu_init_sigbus();
      qemu_cond_init(&qemu_cpu_cond);
      qemu_cond_init(&qemu_pause_cond);
 -    qemu_mutex_init(&qemu_global_mutex);
 +    qemu_mutex_init(&bql);
      qemu_thread_get_self(&io_thread);
  }
  void run_on_cpu(CPUState *cpu, run_on_cpu_func func, run_on_cpu_data data)
  {
 -    do_run_on_cpu(cpu, func, data, &qemu_global_mutex);
 +    do_run_on_cpu(cpu, func, data, &bql);
  }
  static void qemu_cpu_stop(CPUState *cpu, bool exit)
@@ -XXX,XX +XXX,XX @@ void qemu_wait_io_event(CPUState *cpu)
              slept = true;
              qemu_plugin_vcpu_idle_cb(cpu);
          }
 -        qemu_cond_wait(cpu->halt_cond, &qemu_global_mutex);
 +        qemu_cond_wait(cpu->halt_cond, &bql);
      }
      if (slept) {
          qemu_plugin_vcpu_resume_cb(cpu);
@@ -XXX,XX +XXX,XX @@ bool qemu_in_vcpu_thread(void)
      return current_cpu && qemu_cpu_is_self(current_cpu);
  }
 -QEMU_DEFINE_STATIC_CO_TLS(bool, iothread_locked)
 +QEMU_DEFINE_STATIC_CO_TLS(bool, bql_locked)
 -bool qemu_mutex_iothread_locked(void)
 +bool bql_locked(void)
  {
 -    return get_iothread_locked();
 +    return get_bql_locked();
  }
  bool qemu_in_main_thread(void)
  {
 -    return qemu_mutex_iothread_locked();
 +    return bql_locked();
  }
  /*
   * The BQL is taken from so many places that it is worth profiling the
   * callers directly, instead of funneling them all through a single function.
   */
 -void qemu_mutex_lock_iothread_impl(const char *file, int line)
 +void bql_lock_impl(const char *file, int line)
  {
 -    QemuMutexLockFunc bql_lock = qatomic_read(&qemu_bql_mutex_lock_func);
 +    QemuMutexLockFunc bql_lock_fn = qatomic_read(&bql_mutex_lock_func);
 -    g_assert(!qemu_mutex_iothread_locked());
 -    bql_lock(&qemu_global_mutex, file, line);
 -    set_iothread_locked(true);
 +    g_assert(!bql_locked());
 +    bql_lock_fn(&bql, file, line);
 +    set_bql_locked(true);
  }
 -void qemu_mutex_unlock_iothread(void)
 +void bql_unlock(void)
  {
 -    g_assert(qemu_mutex_iothread_locked());
 -    set_iothread_locked(false);
 -    qemu_mutex_unlock(&qemu_global_mutex);
 +    g_assert(bql_locked());
 +    set_bql_locked(false);
 +    qemu_mutex_unlock(&bql);
  }
  void qemu_cond_wait_iothread(QemuCond *cond)
  {
 -    qemu_cond_wait(cond, &qemu_global_mutex);
 +    qemu_cond_wait(cond, &bql);
  }
  void qemu_cond_timedwait_iothread(QemuCond *cond, int ms)
  {
 -    qemu_cond_timedwait(cond, &qemu_global_mutex, ms);
 +    qemu_cond_timedwait(cond, &bql, ms);
  }
  /* signal CPU creation */
@@ -XXX,XX +XXX,XX @@ void pause_all_vcpus(void)
      replay_mutex_unlock();
      while (!all_vcpus_paused()) {
 -        qemu_cond_wait(&qemu_pause_cond, &qemu_global_mutex);
 +        qemu_cond_wait(&qemu_pause_cond, &bql);
          CPU_FOREACH(cpu) {
              qemu_cpu_kick(cpu);
          }
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      replay_mutex_lock();
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
  }
  void cpu_resume(CPUState *cpu)
@@ -XXX,XX +XXX,XX @@ void cpu_remove_sync(CPUState *cpu)
      cpu->stop = true;
      cpu->unplug = true;
      qemu_cpu_kick(cpu);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      qemu_thread_join(cpu->thread);
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
  }
  void cpus_register_accel(const AccelOpsClass *ops)
@@ -XXX,XX +XXX,XX @@ void qemu_init_vcpu(CPUState *cpu)
      cpus_accel->create_vcpu_thread(cpu);
      while (!cpu->created) {
 -        qemu_cond_wait(&qemu_cpu_cond, &qemu_global_mutex);
 +        qemu_cond_wait(&qemu_cpu_cond, &bql);
      }
  }
 diff --git a/system/dirtylimit.c b/system/dirtylimit.c
 index XXXXXXX..XXXXXXX 100644
 --- a/system/dirtylimit.c
 +++ b/system/dirtylimit.c
@@ -XXX,XX +XXX,XX @@ void vcpu_dirty_rate_stat_stop(void)
  {
      qatomic_set(&vcpu_dirty_rate_stat->running, 0);
      dirtylimit_state_unlock();
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      qemu_thread_join(&vcpu_dirty_rate_stat->thread);
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      dirtylimit_state_lock();
  }
 diff --git a/system/memory.c b/system/memory.c
 index XXXXXXX..XXXXXXX 100644
 --- a/system/memory.c
 +++ b/system/memory.c
@@ -XXX,XX +XXX,XX @@ void memory_region_transaction_commit(void)
      AddressSpace *as;
      assert(memory_region_transaction_depth);
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      --memory_region_transaction_depth;
      if (!memory_region_transaction_depth) {
 diff --git a/system/physmem.c b/system/physmem.c
 index XXXXXXX..XXXXXXX 100644
 --- a/system/physmem.c
 +++ b/system/physmem.c
@@ -XXX,XX +XXX,XX @@ bool prepare_mmio_access(MemoryRegion *mr)
  {
      bool release_lock = false;
 -    if (!qemu_mutex_iothread_locked()) {
 -        qemu_mutex_lock_iothread();
 +    if (!bql_locked()) {
 +        bql_lock();
          release_lock = true;
      }
      if (mr->flush_coalesced_mmio) {
@@ -XXX,XX +XXX,XX @@ static MemTxResult flatview_write_continue(FlatView *fv, hwaddr addr,
          }
          if (release_lock) {
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              release_lock = false;
          }
@@ -XXX,XX +XXX,XX @@ MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr,
          }
          if (release_lock) {
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              release_lock = false;
          }
 diff --git a/system/runstate.c b/system/runstate.c
 index XXXXXXX..XXXXXXX 100644
 --- a/system/runstate.c
 +++ b/system/runstate.c
@@ -XXX,XX +XXX,XX @@ void qemu_init_subsystems(void)
      qemu_init_cpu_list();
      qemu_init_cpu_loop();
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      atexit(qemu_run_exit_notifiers);
 diff --git a/system/watchpoint.c b/system/watchpoint.c
 index XXXXXXX..XXXXXXX 100644
 --- a/system/watchpoint.c
 +++ b/system/watchpoint.c
@@ -XXX,XX +XXX,XX @@ void cpu_check_watchpoint(CPUState *cpu, vaddr addr, vaddr len,
           * Now raise the debug interrupt so that it will
           * trigger after the current instruction.
           */
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          return;
      }
 diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/arm-powerctl.c
 +++ b/target/arm/arm-powerctl.c
@@ -XXX,XX +XXX,XX @@ static void arm_set_cpu_on_async_work(CPUState *target_cpu_state,
      g_free(info);
      /* Finally set the power status */
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      target_cpu->power_state = PSCI_ON;
  }
@@ -XXX,XX +XXX,XX @@ int arm_set_cpu_on(uint64_t cpuid, uint64_t entry, uint64_t context_id,
      ARMCPU *target_cpu;
      struct CpuOnInfo *info;
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      DPRINTF("cpu %" PRId64 " (EL %d, %s) @ 0x%" PRIx64 " with R0 = 0x%" PRIx64
              "\n", cpuid, target_el, target_aa64 ? "aarch64" : "aarch32", entry,
@@ -XXX,XX +XXX,XX @@ static void arm_set_cpu_on_and_reset_async_work(CPUState *target_cpu_state,
      target_cpu_state->halted = 0;
      /* Finally set the power status */
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      target_cpu->power_state = PSCI_ON;
  }
@@ -XXX,XX +XXX,XX @@ int arm_set_cpu_on_and_reset(uint64_t cpuid)
      CPUState *target_cpu_state;
      ARMCPU *target_cpu;
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      /* Retrieve the cpu we are powering up */
      target_cpu_state = arm_get_cpu_by_id(cpuid);
@@ -XXX,XX +XXX,XX @@ static void arm_set_cpu_off_async_work(CPUState *target_cpu_state,
  {
      ARMCPU *target_cpu = ARM_CPU(target_cpu_state);
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      target_cpu->power_state = PSCI_OFF;
      target_cpu_state->halted = 1;
      target_cpu_state->exception_index = EXCP_HLT;
@@ -XXX,XX +XXX,XX @@ int arm_set_cpu_off(uint64_t cpuid)
      CPUState *target_cpu_state;
      ARMCPU *target_cpu;
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      DPRINTF("cpu %" PRId64 "\n", cpuid);
@@ -XXX,XX +XXX,XX @@ int arm_reset_cpu(uint64_t cpuid)
      CPUState *target_cpu_state;
      ARMCPU *target_cpu;
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      DPRINTF("cpu %" PRId64 "\n", cpuid);
 diff --git a/target/arm/helper.c b/target/arm/helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/helper.c
 +++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void do_hcr_write(CPUARMState *env, uint64_t value, uint64_t valid_mask)
       * VFIQ are masked unless running at EL0 or EL1, and HCR
       * can only be written at EL2.
       */
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      arm_cpu_update_virq(cpu);
      arm_cpu_update_vfiq(cpu);
      arm_cpu_update_vserr(cpu);
@@ -XXX,XX +XXX,XX @@ void arm_cpu_do_interrupt(CPUState *cs)
       * BQL needs to be held for any modification of
       * cs->interrupt_request.
       */
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      arm_call_pre_el_change_hook(cpu);
 diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/hvf/hvf.c
 +++ b/target/arm/hvf/hvf.c
@@ -XXX,XX +XXX,XX @@ static void hvf_wait_for_ipi(CPUState *cpu, struct timespec *ts)
       * sleeping.
       */
      qatomic_set_mb(&cpu->thread_kicked, false);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      pselect(0, 0, 0, 0, ts, &cpu->accel->unblock_ipi_mask);
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
  }
  static void hvf_wfi(CPUState *cpu)
@@ -XXX,XX +XXX,XX @@ int hvf_vcpu_exec(CPUState *cpu)
      flush_cpu_state(cpu);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      assert_hvf_ok(hv_vcpu_run(cpu->accel->fd));
      /* handle VMEXIT */
@@ -XXX,XX +XXX,XX @@ int hvf_vcpu_exec(CPUState *cpu)
      uint32_t ec = syn_get_ec(syndrome);
      ret = 0;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      switch (exit_reason) {
      case HV_EXIT_REASON_EXCEPTION:
          /* This is the main one, handle below. */
 diff --git a/target/arm/kvm.c b/target/arm/kvm.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/kvm.c
 +++ b/target/arm/kvm.c
@@ -XXX,XX +XXX,XX @@ MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
      if (run->s.regs.device_irq_level != cpu->device_irq_level) {
          switched_level = cpu->device_irq_level ^ run->s.regs.device_irq_level;
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          if (switched_level & KVM_ARM_DEV_EL1_VTIMER) {
              qemu_set_irq(cpu->gt_timer_outputs[GTIMER_VIRT],
@@ -XXX,XX +XXX,XX @@ MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
          /* We also mark unknown levels as processed to not waste cycles */
          cpu->device_irq_level = run->s.regs.device_irq_level;
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
      return MEMTXATTRS_UNSPECIFIED;
@@ -XXX,XX +XXX,XX @@ static bool kvm_arm_handle_debug(ARMCPU *cpu,
      env->exception.syndrome = debug_exit->hsr;
      env->exception.vaddress = debug_exit->far;
      env->exception.target_el = 1;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      arm_cpu_do_interrupt(cs);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      return false;
  }
 diff --git a/target/arm/ptw.c b/target/arm/ptw.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/ptw.c
 +++ b/target/arm/ptw.c
@@ -XXX,XX +XXX,XX @@ static uint64_t arm_casq_ptw(CPUARMState *env, uint64_t old_val,
  #if !TCG_OVERSIZED_GUEST
  # error "Unexpected configuration"
  #endif
 -    bool locked = qemu_mutex_iothread_locked();
 +    bool locked = bql_locked();
      if (!locked) {
 -       qemu_mutex_lock_iothread();
 +        bql_lock();
      }
      if (ptw->out_be) {
          cur_val = ldq_be_p(host);
@@ -XXX,XX +XXX,XX @@ static uint64_t arm_casq_ptw(CPUARMState *env, uint64_t old_val,
          }
      }
      if (!locked) {
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
  #endif
 diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/tcg/helper-a64.c
 +++ b/target/arm/tcg/helper-a64.c
@@ -XXX,XX +XXX,XX @@ void HELPER(exception_return)(CPUARMState *env, uint64_t new_pc)
          goto illegal_return;
      }
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      arm_call_pre_el_change_hook(env_archcpu(env));
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      if (!return_to_aa64) {
          env->aarch64 = false;
@@ -XXX,XX +XXX,XX @@ void HELPER(exception_return)(CPUARMState *env, uint64_t new_pc)
       */
      aarch64_sve_change_el(env, cur_el, new_el, return_to_aa64);
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      arm_call_el_change_hook(env_archcpu(env));
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      return;
 diff --git a/target/arm/tcg/m_helper.c b/target/arm/tcg/m_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/tcg/m_helper.c
 +++ b/target/arm/tcg/m_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_preserve_fp_state)(CPUARMState *env)
      bool ts = is_secure && (env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_TS_MASK);
      bool take_exception;
 -    /* Take the iothread lock as we are going to touch the NVIC */
 -    qemu_mutex_lock_iothread();
 +    /* Take the BQL as we are going to touch the NVIC */
 +    bql_lock();
      /* Check the background context had access to the FPU */
      if (!v7m_cpacr_pass(env, is_secure, is_priv)) {
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_preserve_fp_state)(CPUARMState *env)
      take_exception = !stacked_ok &&
          armv7m_nvic_can_take_pending_exception(env->nvic);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      if (take_exception) {
          raise_exception_ra(env, EXCP_LAZYFP, 0, 1, GETPC());
 diff --git a/target/arm/tcg/op_helper.c b/target/arm/tcg/op_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/tcg/op_helper.c
 +++ b/target/arm/tcg/op_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(cpsr_write_eret)(CPUARMState *env, uint32_t val)
  {
      uint32_t mask;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      arm_call_pre_el_change_hook(env_archcpu(env));
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      mask = aarch32_cpsr_valid_mask(env->features, &env_archcpu(env)->isar);
      cpsr_write(env, val, mask, CPSRWriteExceptionReturn);
@@ -XXX,XX +XXX,XX @@ void HELPER(cpsr_write_eret)(CPUARMState *env, uint32_t val)
      env->regs[15] &= (env->thumb ? ~1 : ~3);
      arm_rebuild_hflags(env);
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      arm_call_el_change_hook(env_archcpu(env));
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  /* Access to user mode registers from privileged modes.  */
@@ -XXX,XX +XXX,XX @@ void HELPER(set_cp_reg)(CPUARMState *env, const void *rip, uint32_t value)
      const ARMCPRegInfo *ri = rip;
      if (ri->type & ARM_CP_IO) {
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          ri->writefn(env, ri, value);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      } else {
          ri->writefn(env, ri, value);
      }
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(get_cp_reg)(CPUARMState *env, const void *rip)
      uint32_t res;
      if (ri->type & ARM_CP_IO) {
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          res = ri->readfn(env, ri);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      } else {
          res = ri->readfn(env, ri);
      }
@@ -XXX,XX +XXX,XX @@ void HELPER(set_cp_reg64)(CPUARMState *env, const void *rip, uint64_t value)
      const ARMCPRegInfo *ri = rip;
      if (ri->type & ARM_CP_IO) {
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          ri->writefn(env, ri, value);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      } else {
          ri->writefn(env, ri, value);
      }
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(get_cp_reg64)(CPUARMState *env, const void *rip)
      uint64_t res;
      if (ri->type & ARM_CP_IO) {
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          res = ri->readfn(env, ri);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      } else {
          res = ri->readfn(env, ri);
      }
 diff --git a/target/arm/tcg/psci.c b/target/arm/tcg/psci.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/arm/tcg/psci.c
 +++ b/target/arm/tcg/psci.c
@@ -XXX,XX +XXX,XX @@ void arm_handle_psci_call(ARMCPU *cpu)
              }
              target_cpu = ARM_CPU(target_cpu_state);
 -            g_assert(qemu_mutex_iothread_locked());
 +            g_assert(bql_locked());
              ret = target_cpu->power_state;
              break;
          default:
 diff --git a/target/hppa/int_helper.c b/target/hppa/int_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/hppa/int_helper.c
 +++ b/target/hppa/int_helper.c
@@ -XXX,XX +XXX,XX @@ void hppa_cpu_alarm_timer(void *opaque)
  void HELPER(write_eirr)(CPUHPPAState *env, target_ulong val)
  {
      env->cr[CR_EIRR] &= ~val;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      eval_interrupt(env_archcpu(env));
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  void HELPER(write_eiem)(CPUHPPAState *env, target_ulong val)
  {
      env->cr[CR_EIEM] = val;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      eval_interrupt(env_archcpu(env));
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  void hppa_cpu_do_interrupt(CPUState *cs)
 diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/hvf/hvf.c
 +++ b/target/i386/hvf/hvf.c
@@ -XXX,XX +XXX,XX @@ int hvf_vcpu_exec(CPUState *cpu)
          }
          vmx_update_tpr(cpu);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          if (!cpu_is_bsp(X86_CPU(cpu)) && cpu->halted) {
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
              return EXCP_HLT;
          }
@@ -XXX,XX +XXX,XX @@ int hvf_vcpu_exec(CPUState *cpu)
          rip = rreg(cpu->accel->fd, HV_X86_RIP);
          env->eflags = rreg(cpu->accel->fd, HV_X86_RFLAGS);
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          update_apic_tpr(cpu);
          current_cpu = cpu;
 diff --git a/target/i386/kvm/hyperv.c b/target/i386/kvm/hyperv.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/kvm/hyperv.c
 +++ b/target/i386/kvm/hyperv.c
@@ -XXX,XX +XXX,XX @@ void hyperv_x86_synic_update(X86CPU *cpu)
  static void async_synic_update(CPUState *cs, run_on_cpu_data data)
  {
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      hyperv_x86_synic_update(X86_CPU(cs));
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  int kvm_hv_handle_exit(X86CPU *cpu, struct kvm_hyperv_exit *exit)
 diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/kvm/kvm.c
 +++ b/target/i386/kvm/kvm.c
@@ -XXX,XX +XXX,XX @@ void kvm_arch_pre_run(CPUState *cpu, struct kvm_run *run)
      /* Inject NMI */
      if (cpu->interrupt_request & (CPU_INTERRUPT_NMI | CPU_INTERRUPT_SMI)) {
          if (cpu->interrupt_request & CPU_INTERRUPT_NMI) {
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
              cpu->interrupt_request &= ~CPU_INTERRUPT_NMI;
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              DPRINTF("injected NMI\n");
              ret = kvm_vcpu_ioctl(cpu, KVM_NMI);
              if (ret < 0) {
@@ -XXX,XX +XXX,XX @@ void kvm_arch_pre_run(CPUState *cpu, struct kvm_run *run)
              }
          }
          if (cpu->interrupt_request & CPU_INTERRUPT_SMI) {
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
              cpu->interrupt_request &= ~CPU_INTERRUPT_SMI;
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              DPRINTF("injected SMI\n");
              ret = kvm_vcpu_ioctl(cpu, KVM_SMI);
              if (ret < 0) {
@@ -XXX,XX +XXX,XX @@ void kvm_arch_pre_run(CPUState *cpu, struct kvm_run *run)
      }
      if (!kvm_pic_in_kernel()) {
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
      }
      /* Force the VCPU out of its inner loop to process any INIT requests
@@ -XXX,XX +XXX,XX @@ void kvm_arch_pre_run(CPUState *cpu, struct kvm_run *run)
          DPRINTF("setting tpr\n");
          run->cr8 = cpu_get_apic_tpr(x86_cpu->apic_state);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
  }
@@ -XXX,XX +XXX,XX @@ MemTxAttrs kvm_arch_post_run(CPUState *cpu, struct kvm_run *run)
      /* We need to protect the apic state against concurrent accesses from
       * different threads in case the userspace irqchip is used. */
      if (!kvm_irqchip_in_kernel()) {
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
      }
      cpu_set_apic_tpr(x86_cpu->apic_state, run->cr8);
      cpu_set_apic_base(x86_cpu->apic_state, run->apic_base);
      if (!kvm_irqchip_in_kernel()) {
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
      return cpu_get_mem_attrs(env);
  }
@@ -XXX,XX +XXX,XX @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
      switch (run->exit_reason) {
      case KVM_EXIT_HLT:
          DPRINTF("handle_hlt\n");
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          ret = kvm_handle_halt(cpu);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          break;
      case KVM_EXIT_SET_TPR:
          ret = 0;
          break;
      case KVM_EXIT_TPR_ACCESS:
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          ret = kvm_handle_tpr_access(cpu);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          break;
      case KVM_EXIT_FAIL_ENTRY:
          code = run->fail_entry.hardware_entry_failure_reason;
@@ -XXX,XX +XXX,XX @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
          break;
      case KVM_EXIT_DEBUG:
          DPRINTF("kvm_exit_debug\n");
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          ret = kvm_handle_debug(cpu, &run->debug.arch);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          break;
      case KVM_EXIT_HYPERV:
          ret = kvm_hv_handle_exit(cpu, &run->hyperv);
 diff --git a/target/i386/kvm/xen-emu.c b/target/i386/kvm/xen-emu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/kvm/xen-emu.c
 +++ b/target/i386/kvm/xen-emu.c
@@ -XXX,XX +XXX,XX @@ void kvm_xen_maybe_deassert_callback(CPUState *cs)
      /* If the evtchn_upcall_pending flag is cleared, turn the GSI off. */
      if (!vi->evtchn_upcall_pending) {
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          /*
           * Check again now we have the lock, because it may have been
           * asserted in the interim. And we don't want to take the lock
@@ -XXX,XX +XXX,XX @@ void kvm_xen_maybe_deassert_callback(CPUState *cs)
              X86_CPU(cs)->env.xen_callback_asserted = false;
              xen_evtchn_set_callback_level(0);
          }
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
  }
@@ -XXX,XX +XXX,XX @@ static bool handle_set_param(struct kvm_xen_exit *exit, X86CPU *cpu,
      switch (hp.index) {
      case HVM_PARAM_CALLBACK_IRQ:
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          err = xen_evtchn_set_callback_param(hp.value);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          xen_set_long_mode(exit->u.hcall.longmode);
          break;
      default:
@@ -XXX,XX +XXX,XX @@ int kvm_xen_soft_reset(void)
      CPUState *cpu;
      int err;
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      trace_kvm_xen_soft_reset();
@@ -XXX,XX +XXX,XX @@ static int schedop_shutdown(CPUState *cs, uint64_t arg)
          break;
      case SHUTDOWN_soft_reset:
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          ret = kvm_xen_soft_reset();
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          break;
      default:
 diff --git a/target/i386/nvmm/nvmm-accel-ops.c b/target/i386/nvmm/nvmm-accel-ops.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/nvmm/nvmm-accel-ops.c
 +++ b/target/i386/nvmm/nvmm-accel-ops.c
@@ -XXX,XX +XXX,XX @@ static void *qemu_nvmm_cpu_thread_fn(void *arg)
      rcu_register_thread();
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      qemu_thread_get_self(cpu->thread);
      cpu->thread_id = qemu_get_thread_id();
      current_cpu = cpu;
@@ -XXX,XX +XXX,XX @@ static void *qemu_nvmm_cpu_thread_fn(void *arg)
      nvmm_destroy_vcpu(cpu);
      cpu_thread_signal_destroyed(cpu);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      rcu_unregister_thread();
      return NULL;
  }
 diff --git a/target/i386/nvmm/nvmm-all.c b/target/i386/nvmm/nvmm-all.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/nvmm/nvmm-all.c
 +++ b/target/i386/nvmm/nvmm-all.c
@@ -XXX,XX +XXX,XX @@ nvmm_vcpu_pre_run(CPUState *cpu)
      uint8_t tpr;
      int ret;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      tpr = cpu_get_apic_tpr(x86_cpu->apic_state);
      if (tpr != qcpu->tpr) {
@@ -XXX,XX +XXX,XX @@ nvmm_vcpu_pre_run(CPUState *cpu)
          }
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  /*
@@ -XXX,XX +XXX,XX @@ nvmm_vcpu_post_run(CPUState *cpu, struct nvmm_vcpu_exit *exit)
      tpr = exit->exitstate.cr8;
      if (qcpu->tpr != tpr) {
          qcpu->tpr = tpr;
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          cpu_set_apic_tpr(x86_cpu->apic_state, qcpu->tpr);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
  }
@@ -XXX,XX +XXX,XX @@ nvmm_handle_halted(struct nvmm_machine *mach, CPUState *cpu,
      CPUX86State *env = cpu_env(cpu);
      int ret = 0;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      if (!((cpu->interrupt_request & CPU_INTERRUPT_HARD) &&
            (env->eflags & IF_MASK)) &&
@@ -XXX,XX +XXX,XX @@ nvmm_handle_halted(struct nvmm_machine *mach, CPUState *cpu,
          ret = 1;
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      return ret;
  }
@@ -XXX,XX +XXX,XX @@ nvmm_vcpu_loop(CPUState *cpu)
          return 0;
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      cpu_exec_start(cpu);
      /*
@@ -XXX,XX +XXX,XX @@ nvmm_vcpu_loop(CPUState *cpu)
              error_report("NVMM: Unexpected VM exit code 0x%lx [hw=0x%lx]",
                  exit->reason, exit->u.inv.hwcode);
              nvmm_get_registers(cpu);
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
              qemu_system_guest_panicked(cpu_get_crash_info(cpu));
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              ret = -1;
              break;
          }
      } while (ret == 0);
      cpu_exec_end(cpu);
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      qatomic_set(&cpu->exit_request, false);
 diff --git a/target/i386/tcg/sysemu/fpu_helper.c b/target/i386/tcg/sysemu/fpu_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/tcg/sysemu/fpu_helper.c
 +++ b/target/i386/tcg/sysemu/fpu_helper.c
@@ -XXX,XX +XXX,XX @@ void x86_register_ferr_irq(qemu_irq irq)
  void fpu_check_raise_ferr_irq(CPUX86State *env)
  {
      if (ferr_irq && !(env->hflags2 & HF2_IGNNE_MASK)) {
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          qemu_irq_raise(ferr_irq);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          return;
      }
  }
@@ -XXX,XX +XXX,XX @@ void cpu_set_ignne(void)
  {
      CPUX86State *env = &X86_CPU(first_cpu)->env;
 -    assert(qemu_mutex_iothread_locked());
 +    assert(bql_locked());
      env->hflags2 |= HF2_IGNNE_MASK;
      /*
 diff --git a/target/i386/tcg/sysemu/misc_helper.c b/target/i386/tcg/sysemu/misc_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/tcg/sysemu/misc_helper.c
 +++ b/target/i386/tcg/sysemu/misc_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_write_crN(CPUX86State *env, int reg, target_ulong t0)
          break;
      case 8:
          if (!(env->hflags2 & HF2_VINTR_MASK)) {
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
              cpu_set_apic_tpr(env_archcpu(env)->apic_state, t0);
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
          }
          env->int_ctl = (env->int_ctl & ~V_TPR_MASK) | (t0 & V_TPR_MASK);
 diff --git a/target/i386/whpx/whpx-accel-ops.c b/target/i386/whpx/whpx-accel-ops.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/whpx/whpx-accel-ops.c
 +++ b/target/i386/whpx/whpx-accel-ops.c
@@ -XXX,XX +XXX,XX @@ static void *whpx_cpu_thread_fn(void *arg)
      rcu_register_thread();
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      qemu_thread_get_self(cpu->thread);
      cpu->thread_id = qemu_get_thread_id();
      current_cpu = cpu;
@@ -XXX,XX +XXX,XX @@ static void *whpx_cpu_thread_fn(void *arg)
      whpx_destroy_vcpu(cpu);
      cpu_thread_signal_destroyed(cpu);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      rcu_unregister_thread();
      return NULL;
  }
 diff --git a/target/i386/whpx/whpx-all.c b/target/i386/whpx/whpx-all.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/whpx/whpx-all.c
 +++ b/target/i386/whpx/whpx-all.c
@@ -XXX,XX +XXX,XX @@ static int whpx_first_vcpu_starting(CPUState *cpu)
      struct whpx_state *whpx = &whpx_global;
      HRESULT hr;
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      if (!QTAILQ_EMPTY(&cpu->breakpoints) ||
              (whpx->breakpoints.breakpoints &&
@@ -XXX,XX +XXX,XX @@ static int whpx_handle_halt(CPUState *cpu)
      CPUX86State *env = cpu_env(cpu);
      int ret = 0;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      if (!((cpu->interrupt_request & CPU_INTERRUPT_HARD) &&
            (env->eflags & IF_MASK)) &&
          !(cpu->interrupt_request & CPU_INTERRUPT_NMI)) {
@@ -XXX,XX +XXX,XX @@ static int whpx_handle_halt(CPUState *cpu)
          cpu->halted = true;
          ret = 1;
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      return ret;
  }
@@ -XXX,XX +XXX,XX @@ static void whpx_vcpu_pre_run(CPUState *cpu)
      memset(&new_int, 0, sizeof(new_int));
      memset(reg_values, 0, sizeof(reg_values));
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      /* Inject NMI */
      if (!vcpu->interruption_pending &&
@@ -XXX,XX +XXX,XX @@ static void whpx_vcpu_pre_run(CPUState *cpu)
          reg_count += 1;
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      vcpu->ready_for_pic_interrupt = false;
      if (reg_count) {
@@ -XXX,XX +XXX,XX @@ static void whpx_vcpu_post_run(CPUState *cpu)
      uint64_t tpr = vcpu->exit_ctx.VpContext.Cr8;
      if (vcpu->tpr != tpr) {
          vcpu->tpr = tpr;
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          cpu_set_apic_tpr(x86_cpu->apic_state, whpx_cr8_to_apic_tpr(vcpu->tpr));
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
      vcpu->interruption_pending =
@@ -XXX,XX +XXX,XX @@ static int whpx_vcpu_run(CPUState *cpu)
      WhpxStepMode exclusive_step_mode = WHPX_STEP_NONE;
      int ret;
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      if (whpx->running_cpus++ == 0) {
          /* Insert breakpoints into memory, update exception exit bitmap. */
@@ -XXX,XX +XXX,XX @@ static int whpx_vcpu_run(CPUState *cpu)
          }
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      if (exclusive_step_mode != WHPX_STEP_NONE) {
          start_exclusive();
@@ -XXX,XX +XXX,XX @@ static int whpx_vcpu_run(CPUState *cpu)
              error_report("WHPX: Unexpected VP exit code %d",
                           vcpu->exit_ctx.ExitReason);
              whpx_get_registers(cpu);
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
              qemu_system_guest_panicked(cpu_get_crash_info(cpu));
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              break;
          }
@@ -XXX,XX +XXX,XX @@ static int whpx_vcpu_run(CPUState *cpu)
          cpu_exec_end(cpu);
      }
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      current_cpu = cpu;
      if (--whpx->running_cpus == 0) {
 diff --git a/target/loongarch/tcg/csr_helper.c b/target/loongarch/tcg/csr_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/loongarch/tcg/csr_helper.c
 +++ b/target/loongarch/tcg/csr_helper.c
@@ -XXX,XX +XXX,XX @@ target_ulong helper_csrwr_ticlr(CPULoongArchState *env, target_ulong val)
      int64_t old_v = 0;
      if (val & 0x1) {
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          loongarch_cpu_set_irq(cpu, IRQ_TIMER, 0);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
      }
      return old_v;
  }
 diff --git a/target/mips/kvm.c b/target/mips/kvm.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/mips/kvm.c
 +++ b/target/mips/kvm.c
@@ -XXX,XX +XXX,XX @@ void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
      int r;
      struct kvm_mips_interrupt intr;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      if ((cs->interrupt_request & CPU_INTERRUPT_HARD) &&
              cpu_mips_io_interrupts_pending(cpu)) {
@@ -XXX,XX +XXX,XX @@ void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
          }
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
 diff --git a/target/mips/tcg/sysemu/cp0_helper.c b/target/mips/tcg/sysemu/cp0_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/mips/tcg/sysemu/cp0_helper.c
 +++ b/target/mips/tcg/sysemu/cp0_helper.c
@@ -XXX,XX +XXX,XX @@ static inline void mips_vpe_wake(MIPSCPU *c)
       * because there might be other conditions that state that c should
       * be sleeping.
       */
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      cpu_interrupt(CPU(c), CPU_INTERRUPT_WAKE);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  static inline void mips_vpe_sleep(MIPSCPU *cpu)
 diff --git a/target/openrisc/sys_helper.c b/target/openrisc/sys_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/openrisc/sys_helper.c
 +++ b/target/openrisc/sys_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(mtspr)(CPUOpenRISCState *env, target_ulong spr, target_ulong rb)
          break;
      case TO_SPR(9, 0):  /* PICMR */
          env->picmr = rb;
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          if (env->picsr & env->picmr) {
              cpu_interrupt(cs, CPU_INTERRUPT_HARD);
          } else {
              cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
          }
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          break;
      case TO_SPR(9, 2):  /* PICSR */
          env->picsr &= ~rb;
          break;
      case TO_SPR(10, 0): /* TTMR */
          {
 -            qemu_mutex_lock_iothread();
 +            bql_lock();
              if ((env->ttmr & TTMR_M) ^ (rb & TTMR_M)) {
                  switch (rb & TTMR_M) {
                  case TIMER_NONE:
@@ -XXX,XX +XXX,XX @@ void HELPER(mtspr)(CPUOpenRISCState *env, target_ulong spr, target_ulong rb)
                  cs->interrupt_request &= ~CPU_INTERRUPT_TIMER;
              }
              cpu_openrisc_timer_update(cpu);
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
          }
          break;
      case TO_SPR(10, 1): /* TTCR */
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          cpu_openrisc_count_set(cpu, rb);
          cpu_openrisc_timer_update(cpu);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          break;
      }
  #endif
@@ -XXX,XX +XXX,XX @@ target_ulong HELPER(mfspr)(CPUOpenRISCState *env, target_ulong rd,
          return env->ttmr;
      case TO_SPR(10, 1): /* TTCR */
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          cpu_openrisc_count_update(cpu);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          return cpu_openrisc_count_get(cpu);
      }
  #endif
 diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/ppc/excp_helper.c
 +++ b/target/ppc/excp_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_msgsnd(target_ulong rb)
          return;
      }
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      CPU_FOREACH(cs) {
          PowerPCCPU *cpu = POWERPC_CPU(cs);
          CPUPPCState *cenv = &cpu->env;
@@ -XXX,XX +XXX,XX @@ void helper_msgsnd(target_ulong rb)
              ppc_set_irq(cpu, irq, 1);
          }
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  /* Server Processor Control */
@@ -XXX,XX +XXX,XX @@ static void book3s_msgsnd_common(int pir, int irq)
  {
      CPUState *cs;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      CPU_FOREACH(cs) {
          PowerPCCPU *cpu = POWERPC_CPU(cs);
          CPUPPCState *cenv = &cpu->env;
@@ -XXX,XX +XXX,XX @@ static void book3s_msgsnd_common(int pir, int irq)
              ppc_set_irq(cpu, irq, 1);
          }
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  void helper_book3s_msgsnd(target_ulong rb)
@@ -XXX,XX +XXX,XX @@ void helper_book3s_msgsndp(CPUPPCState *env, target_ulong rb)
      }
      /* Does iothread need to be locked for walking CPU list? */
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      THREAD_SIBLING_FOREACH(cs, ccs) {
          PowerPCCPU *ccpu = POWERPC_CPU(ccs);
          uint32_t thread_id = ppc_cpu_tir(ccpu);
          if (ttir == thread_id) {
              ppc_set_irq(ccpu, PPC_INTERRUPT_DOORBELL, 1);
 -            qemu_mutex_unlock_iothread();
 +            bql_unlock();
              return;
          }
      }
 diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/ppc/kvm.c
 +++ b/target/ppc/kvm.c
@@ -XXX,XX +XXX,XX @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
      CPUPPCState *env = &cpu->env;
      int ret;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      switch (run->exit_reason) {
      case KVM_EXIT_DCR:
@@ -XXX,XX +XXX,XX @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
          break;
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      return ret;
  }
 diff --git a/target/ppc/misc_helper.c b/target/ppc/misc_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/ppc/misc_helper.c
 +++ b/target/ppc/misc_helper.c
@@ -XXX,XX +XXX,XX @@ target_ulong helper_load_dpdes(CPUPPCState *env)
          return dpdes;
      }
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      THREAD_SIBLING_FOREACH(cs, ccs) {
          PowerPCCPU *ccpu = POWERPC_CPU(ccs);
          CPUPPCState *cenv = &ccpu->env;
@@ -XXX,XX +XXX,XX @@ target_ulong helper_load_dpdes(CPUPPCState *env)
              dpdes |= (0x1 << thread_id);
          }
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      return dpdes;
  }
@@ -XXX,XX +XXX,XX @@ void helper_store_dpdes(CPUPPCState *env, target_ulong val)
      }
      /* Does iothread need to be locked for walking CPU list? */
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      THREAD_SIBLING_FOREACH(cs, ccs) {
          PowerPCCPU *ccpu = POWERPC_CPU(ccs);
          uint32_t thread_id = ppc_cpu_tir(ccpu);
          ppc_set_irq(cpu, PPC_INTERRUPT_DOORBELL, val & (0x1 << thread_id));
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  #endif /* defined(TARGET_PPC64) */
 diff --git a/target/ppc/timebase_helper.c b/target/ppc/timebase_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/ppc/timebase_helper.c
 +++ b/target/ppc/timebase_helper.c
@@ -XXX,XX +XXX,XX @@ target_ulong helper_load_dcr(CPUPPCState *env, target_ulong dcrn)
      } else {
          int ret;
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          ret = ppc_dcr_read(env->dcr_env, (uint32_t)dcrn, &val);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          if (unlikely(ret != 0)) {
              qemu_log_mask(LOG_GUEST_ERROR, "DCR read error %d %03x\n",
                            (uint32_t)dcrn, (uint32_t)dcrn);
@@ -XXX,XX +XXX,XX @@ void helper_store_dcr(CPUPPCState *env, target_ulong dcrn, target_ulong val)
                                 POWERPC_EXCP_INVAL_INVAL, GETPC());
      } else {
          int ret;
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          ret = ppc_dcr_write(env->dcr_env, (uint32_t)dcrn, (uint32_t)val);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          if (unlikely(ret != 0)) {
              qemu_log_mask(LOG_GUEST_ERROR, "DCR write error %d %03x\n",
                            (uint32_t)dcrn, (uint32_t)dcrn);
 diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/s390x/kvm/kvm.c
 +++ b/target/s390x/kvm/kvm.c
@@ -XXX,XX +XXX,XX @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
      S390CPU *cpu = S390_CPU(cs);
      int ret = 0;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      kvm_cpu_synchronize_state(cs);
@@ -XXX,XX +XXX,XX @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
              fprintf(stderr, "Unknown KVM exit: %d\n", run->exit_reason);
              break;
      }
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      if (ret == 0) {
          ret = EXCP_INTERRUPT;
 diff --git a/target/s390x/tcg/misc_helper.c b/target/s390x/tcg/misc_helper.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/s390x/tcg/misc_helper.c
 +++ b/target/s390x/tcg/misc_helper.c
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(stck)(CPUS390XState *env)
  /* SCLP service call */
  uint32_t HELPER(servc)(CPUS390XState *env, uint64_t r1, uint64_t r2)
  {
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      int r = sclp_service_call(env_archcpu(env), r1, r2);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      if (r < 0) {
          tcg_s390_program_interrupt(env, -r, GETPC());
      }
@@ -XXX,XX +XXX,XX @@ void HELPER(diag)(CPUS390XState *env, uint32_t r1, uint32_t r3, uint32_t num)
      switch (num) {
      case 0x500:
          /* KVM hypercall */
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          r = s390_virtio_hypercall(env);
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          break;
      case 0x44:
          /* yield */
@@ -XXX,XX +XXX,XX @@ void HELPER(diag)(CPUS390XState *env, uint32_t r1, uint32_t r3, uint32_t num)
          break;
      case 0x308:
          /* ipl */
 -        qemu_mutex_lock_iothread();
 +        bql_lock();
          handle_diag_308(env, r1, r3, GETPC());
 -        qemu_mutex_unlock_iothread();
 +        bql_unlock();
          r = 0;
          break;
      case 0x288:
@@ -XXX,XX +XXX,XX @@ static void update_ckc_timer(CPUS390XState *env)
      /* stop the timer and remove pending CKC IRQs */
      timer_del(env->tod_timer);
 -    g_assert(qemu_mutex_iothread_locked());
 +    g_assert(bql_locked());
      env->pending_int &= ~INTERRUPT_EXT_CLOCK_COMPARATOR;
      /* the tod has to exceed the ckc, this can never happen if ckc is all 1's */
@@ -XXX,XX +XXX,XX @@ void HELPER(sckc)(CPUS390XState *env, uint64_t ckc)
  {
      env->ckc = ckc;
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      update_ckc_timer(env);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
  }
  void tcg_s390_tod_updated(CPUState *cs, run_on_cpu_data opaque)
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(sck)(CPUS390XState *env, uint64_t tod_low)
          .low = tod_low,
      };
 -    qemu_mutex_lock_iothread();
 +    bql_lock();
      tdc->set(td, &tod, &error_abort);
 -    qemu_mutex_unlock_iothread();
 +    bql_unlock();
      return 0;
- }
-@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(sigp)(CPUS390XState *env, uint64_t order_code, uint32_t r1,
-     int cc;
-     /* TODO: needed to inject interrupts  - push further down */
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     cc = handle_sigp(env, order_code & SIGP_ORDER_MASK, r1, r3);
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
-     return cc;
- }
-@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(sigp)(CPUS390XState *env, uint64_t order_code, uint32_t r1,
- void HELPER(xsch)(CPUS390XState *env, uint64_t r1)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     ioinst_handle_xsch(cpu, r1, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(csch)(CPUS390XState *env, uint64_t r1)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     ioinst_handle_csch(cpu, r1, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(hsch)(CPUS390XState *env, uint64_t r1)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     ioinst_handle_hsch(cpu, r1, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(msch)(CPUS390XState *env, uint64_t r1, uint64_t inst)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     ioinst_handle_msch(cpu, r1, inst >> 16, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(rchp)(CPUS390XState *env, uint64_t r1)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     ioinst_handle_rchp(cpu, r1, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(rsch)(CPUS390XState *env, uint64_t r1)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     ioinst_handle_rsch(cpu, r1, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(sal)(CPUS390XState *env, uint64_t r1)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     ioinst_handle_sal(cpu, r1, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(schm)(CPUS390XState *env, uint64_t r1, uint64_t r2, uint64_t inst)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     ioinst_handle_schm(cpu, r1, r2, inst >> 16, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(ssch)(CPUS390XState *env, uint64_t r1, uint64_t inst)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     ioinst_handle_ssch(cpu, r1, inst >> 16, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(stcrw)(CPUS390XState *env, uint64_t inst)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     ioinst_handle_stcrw(cpu, inst >> 16, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(stsch)(CPUS390XState *env, uint64_t r1, uint64_t inst)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     ioinst_handle_stsch(cpu, r1, inst >> 16, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- uint32_t HELPER(tpi)(CPUS390XState *env, uint64_t addr)
-@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(tpi)(CPUS390XState *env, uint64_t addr)
-         tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra);
-     }
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     io = qemu_s390_flic_dequeue_io(flic, env->cregs[6]);
-     if (!io) {
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-         return 0;
-     }
-@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(tpi)(CPUS390XState *env, uint64_t addr)
-         if (s390_cpu_virt_mem_write(cpu, addr, 0, &intc, sizeof(intc))) {
-             /* writing failed, reinject and properly clean up */
-             s390_io_interrupt(io->id, io->nr, io->parm, io->word);
--            qemu_mutex_unlock_iothread();
-+            bql_unlock();
-             g_free(io);
-             s390_cpu_virt_mem_handle_exc(cpu, ra);
-             return 0;
-@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(tpi)(CPUS390XState *env, uint64_t addr)
-     }
-     g_free(io);
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
-     return 1;
- }
- void HELPER(tsch)(CPUS390XState *env, uint64_t r1, uint64_t inst)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     ioinst_handle_tsch(cpu, r1, inst >> 16, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(chsc)(CPUS390XState *env, uint64_t inst)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     ioinst_handle_chsc(cpu, inst >> 16, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- #endif
-@@ -XXX,XX +XXX,XX @@ void HELPER(clp)(CPUS390XState *env, uint32_t r2)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     clp_service_call(cpu, r2, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(pcilg)(CPUS390XState *env, uint32_t r1, uint32_t r2)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     pcilg_service_call(cpu, r1, r2, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(pcistg)(CPUS390XState *env, uint32_t r1, uint32_t r2)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     pcistg_service_call(cpu, r1, r2, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(stpcifc)(CPUS390XState *env, uint32_t r1, uint64_t fiba,
-@@ -XXX,XX +XXX,XX @@ void HELPER(stpcifc)(CPUS390XState *env, uint32_t r1, uint64_t fiba,
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     stpcifc_service_call(cpu, r1, fiba, ar, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(sic)(CPUS390XState *env, uint64_t r1, uint64_t r3)
-@@ -XXX,XX +XXX,XX @@ void HELPER(sic)(CPUS390XState *env, uint64_t r1, uint64_t r3)
-     S390CPU *cpu = env_archcpu(env);
-     int r;
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     r = css_do_sic(cpu, (r3 >> 27) & 0x7, r1 & 0xffff);
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
-     /* css_do_sic() may actually return a PGM_xxx value to inject */
-     if (r) {
-         tcg_s390_program_interrupt(env, -r, GETPC());
-@@ -XXX,XX +XXX,XX @@ void HELPER(rpcit)(CPUS390XState *env, uint32_t r1, uint32_t r2)
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     rpcit_service_call(cpu, r1, r2, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(pcistb)(CPUS390XState *env, uint32_t r1, uint32_t r3,
-@@ -XXX,XX +XXX,XX @@ void HELPER(pcistb)(CPUS390XState *env, uint32_t r1, uint32_t r3,
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     pcistb_service_call(cpu, r1, r3, gaddr, ar, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(mpcifc)(CPUS390XState *env, uint32_t r1, uint64_t fiba,
-@@ -XXX,XX +XXX,XX @@ void HELPER(mpcifc)(CPUS390XState *env, uint32_t r1, uint64_t fiba,
- {
-     S390CPU *cpu = env_archcpu(env);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     mpcifc_service_call(cpu, r1, fiba, ar, GETPC());
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- #endif
-diff --git a/target/sparc/int32_helper.c b/target/sparc/int32_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sparc/int32_helper.c
-+++ b/target/sparc/int32_helper.c
-@@ -XXX,XX +XXX,XX @@ void cpu_check_irqs(CPUSPARCState *env)
-     CPUState *cs;
-     /* We should be holding the BQL before we mess with IRQs */
--    g_assert(qemu_mutex_iothread_locked());
-+    g_assert(bql_locked());
-     if (env->pil_in && (env->interrupt_index == 0 ||
-                         (env->interrupt_index & ~15) == TT_EXTINT)) {
-diff --git a/target/sparc/int64_helper.c b/target/sparc/int64_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sparc/int64_helper.c
-+++ b/target/sparc/int64_helper.c
-@@ -XXX,XX +XXX,XX @@ void cpu_check_irqs(CPUSPARCState *env)
-                   (env->softint & ~(SOFTINT_TIMER | SOFTINT_STIMER));
-     /* We should be holding the BQL before we mess with IRQs */
--    g_assert(qemu_mutex_iothread_locked());
-+    g_assert(bql_locked());
-     /* TT_IVEC has a higher priority (16) than TT_EXTINT (31..17) */
-     if (env->ivec_status & 0x20) {
-@@ -XXX,XX +XXX,XX @@ static bool do_modify_softint(CPUSPARCState *env, uint32_t value)
-         env->softint = value;
- #if !defined(CONFIG_USER_ONLY)
-         if (cpu_interrupts_enabled(env)) {
--            qemu_mutex_lock_iothread();
-+            bql_lock();
-             cpu_check_irqs(env);
--            qemu_mutex_unlock_iothread();
-+            bql_unlock();
-         }
- #endif
-         return true;
-diff --git a/target/sparc/win_helper.c b/target/sparc/win_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/sparc/win_helper.c
-+++ b/target/sparc/win_helper.c
-@@ -XXX,XX +XXX,XX @@ void helper_wrpsr(CPUSPARCState *env, target_ulong new_psr)
-         cpu_raise_exception_ra(env, TT_ILL_INSN, GETPC());
-     } else {
-         /* cpu_put_psr may trigger interrupts, hence BQL */
--        qemu_mutex_lock_iothread();
-+        bql_lock();
-         cpu_put_psr(env, new_psr);
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
- }
-@@ -XXX,XX +XXX,XX @@ void helper_wrpstate(CPUSPARCState *env, target_ulong new_state)
- #if !defined(CONFIG_USER_ONLY)
-     if (cpu_interrupts_enabled(env)) {
--        qemu_mutex_lock_iothread();
-+        bql_lock();
-         cpu_check_irqs(env);
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
- #endif
- }
-@@ -XXX,XX +XXX,XX @@ void helper_wrpil(CPUSPARCState *env, target_ulong new_pil)
-     env->psrpil = new_pil;
-     if (cpu_interrupts_enabled(env)) {
--        qemu_mutex_lock_iothread();
-+        bql_lock();
-         cpu_check_irqs(env);
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
- #endif
- }
-@@ -XXX,XX +XXX,XX @@ void helper_done(CPUSPARCState *env)
- #if !defined(CONFIG_USER_ONLY)
-     if (cpu_interrupts_enabled(env)) {
--        qemu_mutex_lock_iothread();
-+        bql_lock();
-         cpu_check_irqs(env);
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
- #endif
- }
-@@ -XXX,XX +XXX,XX @@ void helper_retry(CPUSPARCState *env)
- #if !defined(CONFIG_USER_ONLY)
-     if (cpu_interrupts_enabled(env)) {
--        qemu_mutex_lock_iothread();
-+        bql_lock();
-         cpu_check_irqs(env);
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
- #endif
- }
-diff --git a/target/xtensa/exc_helper.c b/target/xtensa/exc_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/xtensa/exc_helper.c
-+++ b/target/xtensa/exc_helper.c
-@@ -XXX,XX +XXX,XX @@ void HELPER(waiti)(CPUXtensaState *env, uint32_t pc, uint32_t intlevel)
-     env->sregs[PS] = (env->sregs[PS] & ~PS_INTLEVEL) |
-         (intlevel << PS_INTLEVEL_SHIFT);
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     check_interrupts(env);
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
-     if (env->pending_irq_level) {
-         cpu_loop_exit(cpu);
-@@ -XXX,XX +XXX,XX @@ void HELPER(waiti)(CPUXtensaState *env, uint32_t pc, uint32_t intlevel)
- void HELPER(check_interrupts)(CPUXtensaState *env)
- {
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     check_interrupts(env);
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
- }
- void HELPER(intset)(CPUXtensaState *env, uint32_t v)
-diff --git a/ui/spice-core.c b/ui/spice-core.c
-index XXXXXXX..XXXXXXX 100644
---- a/ui/spice-core.c
-+++ b/ui/spice-core.c
-@@ -XXX,XX +XXX,XX @@ static void channel_event(int event, SpiceChannelEventInfo *info)
-      */
-     bool need_lock = !qemu_thread_is_self(&me);
-     if (need_lock) {
--        qemu_mutex_lock_iothread();
-+        bql_lock();
-     }
-     if (info->flags & SPICE_CHANNEL_EVENT_FLAG_ADDR_EXT) {
-@@ -XXX,XX +XXX,XX @@ static void channel_event(int event, SpiceChannelEventInfo *info)
-     }
-     if (need_lock) {
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
-     qapi_free_SpiceServerInfo(server);
-diff --git a/util/async.c b/util/async.c
-index XXXXXXX..XXXXXXX 100644
---- a/util/async.c
-+++ b/util/async.c
-@@ -XXX,XX +XXX,XX @@ AioContext *qemu_get_current_aio_context(void)
-     if (ctx) {
-         return ctx;
-     }
--    if (qemu_mutex_iothread_locked()) {
-+    if (bql_locked()) {
-         /* Possibly in a vCPU thread.  */
-         return qemu_get_aio_context();
-     }
-diff --git a/util/main-loop.c b/util/main-loop.c
-index XXXXXXX..XXXXXXX 100644
---- a/util/main-loop.c
-+++ b/util/main-loop.c
-@@ -XXX,XX +XXX,XX @@ static int os_host_main_loop_wait(int64_t timeout)
-     glib_pollfds_fill(&timeout);
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
-     replay_mutex_unlock();
-     ret = qemu_poll_ns((GPollFD *)gpollfds->data, gpollfds->len, timeout);
-     replay_mutex_lock();
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     glib_pollfds_poll();
-@@ -XXX,XX +XXX,XX @@ static int os_host_main_loop_wait(int64_t timeout)
-     poll_timeout_ns = qemu_soonest_timeout(poll_timeout_ns, timeout);
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
-     replay_mutex_unlock();
-@@ -XXX,XX +XXX,XX @@ static int os_host_main_loop_wait(int64_t timeout)
-     replay_mutex_lock();
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     if (g_poll_ret > 0) {
-         for (i = 0; i < w->num; i++) {
-             w->revents[i] = poll_fds[n_poll_fds + i].revents;
-diff --git a/util/qsp.c b/util/qsp.c
-index XXXXXXX..XXXXXXX 100644
---- a/util/qsp.c
-+++ b/util/qsp.c
-@@ -XXX,XX +XXX,XX @@ static const char * const qsp_typenames[] = {
-     [QSP_CONDVAR]   = "condvar",
- };
--QemuMutexLockFunc qemu_bql_mutex_lock_func = qemu_mutex_lock_impl;
-+QemuMutexLockFunc bql_mutex_lock_func = qemu_mutex_lock_impl;
- QemuMutexLockFunc qemu_mutex_lock_func = qemu_mutex_lock_impl;
- QemuMutexTrylockFunc qemu_mutex_trylock_func = qemu_mutex_trylock_impl;
- QemuRecMutexLockFunc qemu_rec_mutex_lock_func = qemu_rec_mutex_lock_impl;
-@@ -XXX,XX +XXX,XX @@ void qsp_enable(void)
- {
-     qatomic_set(&qemu_mutex_lock_func, qsp_mutex_lock);
-     qatomic_set(&qemu_mutex_trylock_func, qsp_mutex_trylock);
--    qatomic_set(&qemu_bql_mutex_lock_func, qsp_bql_mutex_lock);
-+    qatomic_set(&bql_mutex_lock_func, qsp_bql_mutex_lock);
-     qatomic_set(&qemu_rec_mutex_lock_func, qsp_rec_mutex_lock);
-     qatomic_set(&qemu_rec_mutex_trylock_func, qsp_rec_mutex_trylock);
-     qatomic_set(&qemu_cond_wait_func, qsp_cond_wait);
-@@ -XXX,XX +XXX,XX @@ void qsp_disable(void)
- {
-     qatomic_set(&qemu_mutex_lock_func, qemu_mutex_lock_impl);
-     qatomic_set(&qemu_mutex_trylock_func, qemu_mutex_trylock_impl);
--    qatomic_set(&qemu_bql_mutex_lock_func, qemu_mutex_lock_impl);
-+    qatomic_set(&bql_mutex_lock_func, qemu_mutex_lock_impl);
-     qatomic_set(&qemu_rec_mutex_lock_func, qemu_rec_mutex_lock_impl);
-     qatomic_set(&qemu_rec_mutex_trylock_func, qemu_rec_mutex_trylock_impl);
-     qatomic_set(&qemu_cond_wait_func, qemu_cond_wait_impl);
-diff --git a/util/rcu.c b/util/rcu.c
-index XXXXXXX..XXXXXXX 100644
---- a/util/rcu.c
-+++ b/util/rcu.c
-@@ -XXX,XX +XXX,XX @@ static void *call_rcu_thread(void *opaque)
-         qatomic_sub(&rcu_call_count, n);
-         synchronize_rcu();
--        qemu_mutex_lock_iothread();
-+        bql_lock();
-         while (n > 0) {
-             node = try_dequeue();
-             while (!node) {
--                qemu_mutex_unlock_iothread();
-+                bql_unlock();
-                 qemu_event_reset(&rcu_call_ready_event);
-                 node = try_dequeue();
-                 if (!node) {
-                     qemu_event_wait(&rcu_call_ready_event);
-                     node = try_dequeue();
-                 }
--                qemu_mutex_lock_iothread();
-+                bql_lock();
-             }
-             n--;
-             node->func(node);
-         }
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
-     abort();
- }
-@@ -XXX,XX +XXX,XX @@ static void drain_rcu_callback(struct rcu_head *node)
- void drain_call_rcu(void)
- {
-     struct rcu_drain rcu_drain;
--    bool locked = qemu_mutex_iothread_locked();
-+    bool locked = bql_locked();
-     memset(&rcu_drain, 0, sizeof(struct rcu_drain));
-     qemu_event_init(&rcu_drain.drain_complete_event, false);
-     if (locked) {
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
-@@ -XXX,XX +XXX,XX @@ void drain_call_rcu(void)
-     qatomic_dec(&in_drain_call_rcu);
-     if (locked) {
--        qemu_mutex_lock_iothread();
-+        bql_lock();
-     }
- }
-diff --git a/audio/coreaudio.m b/audio/coreaudio.m
-index XXXXXXX..XXXXXXX 100644
---- a/audio/coreaudio.m
-+++ b/audio/coreaudio.m
-@@ -XXX,XX +XXX,XX @@ static OSStatus handle_voice_change(
- {
-     coreaudioVoiceOut *core = in_client_data;
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     if (core->outputDeviceID) {
-         fini_out_device(core);
-@@ -XXX,XX +XXX,XX @@ static OSStatus handle_voice_change(
-         update_device_playback_state(core);
-     }
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
-     return 0;
- }
-diff --git a/memory_ldst.c.inc b/memory_ldst.c.inc
-index XXXXXXX..XXXXXXX 100644
---- a/memory_ldst.c.inc
-+++ b/memory_ldst.c.inc
-@@ -XXX,XX +XXX,XX @@ static inline uint32_t glue(address_space_ldl_internal, SUFFIX)(ARG1_DECL,
-         *result = r;
-     }
-     if (release_lock) {
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
-     RCU_READ_UNLOCK();
-     return val;
-@@ -XXX,XX +XXX,XX @@ static inline uint64_t glue(address_space_ldq_internal, SUFFIX)(ARG1_DECL,
-         *result = r;
-     }
-     if (release_lock) {
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
-     RCU_READ_UNLOCK();
-     return val;
-@@ -XXX,XX +XXX,XX @@ uint8_t glue(address_space_ldub, SUFFIX)(ARG1_DECL,
-         *result = r;
-     }
-     if (release_lock) {
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
-     RCU_READ_UNLOCK();
-     return val;
-@@ -XXX,XX +XXX,XX @@ static inline uint16_t glue(address_space_lduw_internal, SUFFIX)(ARG1_DECL,
-         *result = r;
-     }
-     if (release_lock) {
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
-     RCU_READ_UNLOCK();
-     return val;
-@@ -XXX,XX +XXX,XX @@ void glue(address_space_stl_notdirty, SUFFIX)(ARG1_DECL,
-         *result = r;
-     }
-     if (release_lock) {
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
-     RCU_READ_UNLOCK();
- }
-@@ -XXX,XX +XXX,XX @@ static inline void glue(address_space_stl_internal, SUFFIX)(ARG1_DECL,
-         *result = r;
-     }
-     if (release_lock) {
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
-     RCU_READ_UNLOCK();
- }
-@@ -XXX,XX +XXX,XX @@ void glue(address_space_stb, SUFFIX)(ARG1_DECL,
-         *result = r;
-     }
-     if (release_lock) {
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
-     RCU_READ_UNLOCK();
- }
-@@ -XXX,XX +XXX,XX @@ static inline void glue(address_space_stw_internal, SUFFIX)(ARG1_DECL,
-         *result = r;
-     }
-     if (release_lock) {
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
-     RCU_READ_UNLOCK();
- }
-@@ -XXX,XX +XXX,XX @@ static void glue(address_space_stq_internal, SUFFIX)(ARG1_DECL,
-         *result = r;
-     }
-     if (release_lock) {
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
-     RCU_READ_UNLOCK();
- }
-diff --git a/target/i386/hvf/README.md b/target/i386/hvf/README.md
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/hvf/README.md
-+++ b/target/i386/hvf/README.md
-@@ -XXX,XX +XXX,XX @@ These sources (and ../hvf-all.c) are adapted from Veertu Inc's vdhh (Veertu Desk
-. Adapt to our current QEMU's `CPUState` structure and `address_space_rw` API; many struct members have been moved around (emulated x86 state, xsave_buf) due to historical differences + QEMU needing to handle more emulation targets.
-. Removal of `apic_page` and hyperv-related functionality.
--3. More relaxed use of `qemu_mutex_lock_iothread`.
-+3. More relaxed use of `bql_lock`.
-diff --git a/ui/cocoa.m b/ui/cocoa.m
-index XXXXXXX..XXXXXXX 100644
---- a/ui/cocoa.m
-+++ b/ui/cocoa.m
-@@ -XXX,XX +XXX,XX @@ static void cocoa_switch(DisplayChangeListener *dcl,
- typedef void (^CodeBlock)(void);
- typedef bool (^BoolCodeBlock)(void);
--static void with_iothread_lock(CodeBlock block)
-+static void with_bql(CodeBlock block)
- {
--    bool locked = qemu_mutex_iothread_locked();
-+    bool locked = bql_locked();
-     if (!locked) {
--        qemu_mutex_lock_iothread();
-+        bql_lock();
-     }
-     block();
-     if (!locked) {
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
- }
--static bool bool_with_iothread_lock(BoolCodeBlock block)
-+static bool bool_with_bql(BoolCodeBlock block)
- {
--    bool locked = qemu_mutex_iothread_locked();
-+    bool locked = bql_locked();
-     bool val;
-     if (!locked) {
--        qemu_mutex_lock_iothread();
-+        bql_lock();
-     }
-     val = block();
-     if (!locked) {
--        qemu_mutex_unlock_iothread();
-+        bql_unlock();
-     }
-     return val;
- }
-@@ -XXX,XX +XXX,XX @@ - (void) updateUIInfo
-         return;
-     }
--    with_iothread_lock(^{
-+    with_bql(^{
-         [self updateUIInfoLocked];
-     });
- }
-@@ -XXX,XX +XXX,XX @@ - (void) handleMonitorInput:(NSEvent *)event
- - (bool) handleEvent:(NSEvent *)event
- {
--    return bool_with_iothread_lock(^{
-+    return bool_with_bql(^{
-         return [self handleEventLocked:event];
-     });
- }
-@@ -XXX,XX +XXX,XX @@ - (QEMUScreen) gscreen {return screen;}
-  */
- - (void) raiseAllKeys
- {
--    with_iothread_lock(^{
-+    with_bql(^{
-         qkbd_state_lift_all_keys(kbd);
-     });
- }
-@@ -XXX,XX +XXX,XX @@ - (void)applicationWillTerminate:(NSNotification *)aNotification
- {
-     COCOA_DEBUG("QemuCocoaAppController: applicationWillTerminate\n");
--    with_iothread_lock(^{
-+    with_bql(^{
-         shutdown_action = SHUTDOWN_ACTION_POWEROFF;
-         qemu_system_shutdown_request(SHUTDOWN_CAUSE_HOST_UI);
-     });
-@@ -XXX,XX +XXX,XX @@ - (void)displayConsole:(id)sender
- /* Pause the guest */
- - (void)pauseQEMU:(id)sender
- {
--    with_iothread_lock(^{
-+    with_bql(^{
-         qmp_stop(NULL);
-     });
-     [sender setEnabled: NO];
-@@ -XXX,XX +XXX,XX @@ - (void)pauseQEMU:(id)sender
- /* Resume running the guest operating system */
- - (void)resumeQEMU:(id) sender
- {
--    with_iothread_lock(^{
-+    with_bql(^{
-         qmp_cont(NULL);
-     });
-     [sender setEnabled: NO];
-@@ -XXX,XX +XXX,XX @@ - (void)removePause
- /* Restarts QEMU */
- - (void)restartQEMU:(id)sender
- {
--    with_iothread_lock(^{
-+    with_bql(^{
-         qmp_system_reset(NULL);
-     });
- }
-@@ -XXX,XX +XXX,XX @@ - (void)restartQEMU:(id)sender
- /* Powers down QEMU */
- - (void)powerDownQEMU:(id)sender
- {
--    with_iothread_lock(^{
-+    with_bql(^{
-         qmp_system_powerdown(NULL);
-     });
- }
-@@ -XXX,XX +XXX,XX @@ - (void)ejectDeviceMedia:(id)sender
-     }
-     __block Error *err = NULL;
--    with_iothread_lock(^{
-+    with_bql(^{
-         qmp_eject([drive cStringUsingEncoding: NSASCIIStringEncoding],
-                   NULL, false, false, &err);
-     });
-@@ -XXX,XX +XXX,XX @@ - (void)changeDeviceMedia:(id)sender
-         }
-         __block Error *err = NULL;
--        with_iothread_lock(^{
-+        with_bql(^{
-             qmp_blockdev_change_medium([drive cStringUsingEncoding:
-                                                   NSASCIIStringEncoding],
-                                        NULL,
-@@ -XXX,XX +XXX,XX @@ - (void)adjustSpeed:(id)sender
-     // get the throttle percentage
-     throttle_pct = [sender tag];
--    with_iothread_lock(^{
-+    with_bql(^{
-         cpu_throttle_set(throttle_pct);
-     });
-     COCOA_DEBUG("cpu throttling at %d%c\n", cpu_throttle_get_percentage(), '%');
-@@ -XXX,XX +XXX,XX @@ - (void)pasteboard:(NSPasteboard *)sender provideDataForType:(NSPasteboardType)t
-         return;
-     }
--    with_iothread_lock(^{
-+    with_bql(^{
-         QemuClipboardInfo *info = qemu_clipboard_info_ref(cbinfo);
-         qemu_event_reset(&cbevent);
-         qemu_clipboard_request(info, QEMU_CLIPBOARD_TYPE_TEXT);
-@@ -XXX,XX +XXX,XX @@ - (void)pasteboard:(NSPasteboard *)sender provideDataForType:(NSPasteboardType)t
-         while (info == cbinfo &&
-                info->types[QEMU_CLIPBOARD_TYPE_TEXT].available &&
-                info->types[QEMU_CLIPBOARD_TYPE_TEXT].data == NULL) {
--            qemu_mutex_unlock_iothread();
-+            bql_unlock();
-             qemu_event_wait(&cbevent);
--            qemu_mutex_lock_iothread();
-+            bql_lock();
-         }
-         if (info == cbinfo) {
-@@ -XXX,XX +XXX,XX @@ static void cocoa_clipboard_request(QemuClipboardInfo *info,
-     int status;
-     COCOA_DEBUG("Second thread: calling qemu_default_main()\n");
--    qemu_mutex_lock_iothread();
-+    bql_lock();
-     status = qemu_default_main();
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
-     COCOA_DEBUG("Second thread: qemu_default_main() returned, exiting\n");
-     [cbowner release];
-     exit(status);
-@@ -XXX,XX +XXX,XX @@ static int cocoa_main(void)
-     COCOA_DEBUG("Entered %s()\n", __func__);
--    qemu_mutex_unlock_iothread();
-+    bql_unlock();
-     qemu_thread_create(&thread, "qemu_main", call_qemu_main,
-                        NULL, QEMU_THREAD_DETACHED);
 --
-.43.0
+.41.0

-[PULL 1/6] iothread: Remove unused Error** argument in aio_context_set_aio_params
+[PULL v3 3/5] block/io: align requests to subcluster_size
-From: Philippe Mathieu-Daudé <philmd@linaro.org>
+From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
-aio_context_set_aio_params() doesn't use its undocumented
+When target image is using subclusters, and we align the request during
-Error** argument. Remove it to simplify.
+copy-on-read, it makes sense to align to subcluster_size rather than
+cluster_size.  Otherwise we end up with unnecessary allocations.
-Note this removes a use of "unchecked Error**" in
-iothread_set_aio_context_params().
+This commit renames bdrv_round_to_clusters() to bdrv_round_to_subclusters()
+and utilizes subcluster_size field of BlockDriverInfo to make necessary
-Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+alignments.  It affects copy-on-read as well as mirror job (which is
-Reviewed-by: Markus Armbruster <armbru@redhat.com>
+using bdrv_round_to_clusters()).
 This change also fixes the following bug with failing assert (covered by
 the test in the subsequent commit):
 qemu-img create -f qcow2 base.qcow2 64K
 qemu-img create -f qcow2 -o extended_l2=on,backing_file=base.qcow2,backing_fmt=qcow2 img.qcow2 64K
 qemu-io -c "write -P 0xaa 0 2K" img.qcow2
 qemu-io -C -c "read -P 0x00 2K 62K" img.qcow2
 qemu-io: ../block/io.c:1236: bdrv_co_do_copy_on_readv: Assertion `skip_bytes < pnum' failed.
 Reviewed-by: Eric Blake <eblake@redhat.com>
 Reviewed-by: Denis V. Lunev <den@openvz.org>
 Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
 Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Message-ID: <20231120171806.19361-1-philmd@linaro.org>
+Message-ID: <20230711172553.234055-3-andrey.drobyshev@virtuozzo.com>
 ---
- include/block/aio.h | 3 +--
+ include/block/block-io.h |  8 +++----
- iothread.c          | 3 +--
+ block/io.c               | 50 ++++++++++++++++++++--------------------
- util/aio-posix.c    | 3 +--
+ block/mirror.c           |  8 +++----
- util/aio-win32.c    | 3 +--
+files changed, 33 insertions(+), 33 deletions(-)
- util/main-loop.c    | 5 +----
-files changed, 5 insertions(+), 12 deletions(-)
+diff --git a/include/block/block-io.h b/include/block/block-io.h
 diff --git a/include/block/aio.h b/include/block/aio.h
 index XXXXXXX..XXXXXXX 100644
---- a/include/block/aio.h
+--- a/include/block/block-io.h
-+++ b/include/block/aio.h
++++ b/include/block/block-io.h
-@@ -XXX,XX +XXX,XX @@ void aio_context_set_poll_params(AioContext *ctx, int64_t max_ns,
+@@ -XXX,XX +XXX,XX @@ bdrv_get_info(BlockDriverState *bs, BlockDriverInfo *bdi);
-  * @max_batch: maximum number of requests in a batch, 0 means that the
+ ImageInfoSpecific *bdrv_get_specific_info(BlockDriverState *bs,
-  *             engine will use its default
+                                           Error **errp);
  BlockStatsSpecific *bdrv_get_specific_stats(BlockDriverState *bs);
 -void bdrv_round_to_clusters(BlockDriverState *bs,
 -                            int64_t offset, int64_t bytes,
 -                            int64_t *cluster_offset,
 -                            int64_t *cluster_bytes);
 +void bdrv_round_to_subclusters(BlockDriverState *bs,
 +                               int64_t offset, int64_t bytes,
 +                               int64_t *cluster_offset,
 +                               int64_t *cluster_bytes);
  void bdrv_get_backing_filename(BlockDriverState *bs,
                                 char *filename, int filename_size);
 diff --git a/block/io.c b/block/io.c
 index XXXXXXX..XXXXXXX 100644
 --- a/block/io.c
 +++ b/block/io.c
@@ -XXX,XX +XXX,XX @@ BdrvTrackedRequest *coroutine_fn bdrv_co_get_self_request(BlockDriverState *bs)
  }
  /**
 - * Round a region to cluster boundaries
 + * Round a region to subcluster (if supported) or cluster boundaries
   */
--void aio_context_set_aio_params(AioContext *ctx, int64_t max_batch,
+ void coroutine_fn GRAPH_RDLOCK
--                                Error **errp);
+-bdrv_round_to_clusters(BlockDriverState *bs, int64_t offset, int64_t bytes,
-+void aio_context_set_aio_params(AioContext *ctx, int64_t max_batch);
+-                       int64_t *cluster_offset, int64_t *cluster_bytes)
++bdrv_round_to_subclusters(BlockDriverState *bs, int64_t offset, int64_t bytes,
- /**
++                          int64_t *align_offset, int64_t *align_bytes)
   * aio_context_set_thread_pool_params:
 diff --git a/iothread.c b/iothread.c
 index XXXXXXX..XXXXXXX 100644
 --- a/iothread.c
 +++ b/iothread.c
@@ -XXX,XX +XXX,XX @@ static void iothread_set_aio_context_params(EventLoopBase *base, Error **errp)
      }
      aio_context_set_aio_params(iothread->ctx,
 -                               iothread->parent_obj.aio_max_batch,
 -                               errp);
 +                               iothread->parent_obj.aio_max_batch);
      aio_context_set_thread_pool_params(iothread->ctx, base->thread_pool_min,
                                         base->thread_pool_max, errp);
 diff --git a/util/aio-posix.c b/util/aio-posix.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/aio-posix.c
 +++ b/util/aio-posix.c
@@ -XXX,XX +XXX,XX @@ void aio_context_set_poll_params(AioContext *ctx, int64_t max_ns,
      aio_notify(ctx);
  }
 -void aio_context_set_aio_params(AioContext *ctx, int64_t max_batch,
 -                                Error **errp)
 +void aio_context_set_aio_params(AioContext *ctx, int64_t max_batch)
  {
-     /*
+     BlockDriverInfo bdi;
-      * No thread synchronization here, it doesn't matter if an incorrect value
+     IO_CODE();
-diff --git a/util/aio-win32.c b/util/aio-win32.c
+-    if (bdrv_co_get_info(bs, &bdi) < 0 || bdi.cluster_size == 0) {
-index XXXXXXX..XXXXXXX 100644
+-        *cluster_offset = offset;
---- a/util/aio-win32.c
+-        *cluster_bytes = bytes;
-+++ b/util/aio-win32.c
++    if (bdrv_co_get_info(bs, &bdi) < 0 || bdi.subcluster_size == 0) {
-@@ -XXX,XX +XXX,XX @@ void aio_context_set_poll_params(AioContext *ctx, int64_t max_ns,
++        *align_offset = offset;
 +        *align_bytes = bytes;
      } else {
 -        int64_t c = bdi.cluster_size;
 -        *cluster_offset = QEMU_ALIGN_DOWN(offset, c);
 -        *cluster_bytes = QEMU_ALIGN_UP(offset - *cluster_offset + bytes, c);
 +        int64_t c = bdi.subcluster_size;
 +        *align_offset = QEMU_ALIGN_DOWN(offset, c);
 +        *align_bytes = QEMU_ALIGN_UP(offset - *align_offset + bytes, c);
      }
  }
--void aio_context_set_aio_params(AioContext *ctx, int64_t max_batch,
+@@ -XXX,XX +XXX,XX @@ bdrv_co_do_copy_on_readv(BdrvChild *child, int64_t offset, int64_t bytes,
--                                Error **errp)
+     void *bounce_buffer = NULL;
-+void aio_context_set_aio_params(AioContext *ctx, int64_t max_batch)
- {
+     BlockDriver *drv = bs->drv;
- }
+-    int64_t cluster_offset;
-diff --git a/util/main-loop.c b/util/main-loop.c
+-    int64_t cluster_bytes;
 +    int64_t align_offset;
 +    int64_t align_bytes;
      int64_t skip_bytes;
      int ret;
      int max_transfer = MIN_NON_ZERO(bs->bl.max_transfer,
@@ -XXX,XX +XXX,XX @@ bdrv_co_do_copy_on_readv(BdrvChild *child, int64_t offset, int64_t bytes,
       * BDRV_REQUEST_MAX_BYTES (even when the original read did not), which
       * is one reason we loop rather than doing it all at once.
       */
 -    bdrv_round_to_clusters(bs, offset, bytes, &cluster_offset, &cluster_bytes);
 -    skip_bytes = offset - cluster_offset;
 +    bdrv_round_to_subclusters(bs, offset, bytes, &align_offset, &align_bytes);
 +    skip_bytes = offset - align_offset;
      trace_bdrv_co_do_copy_on_readv(bs, offset, bytes,
 -                                   cluster_offset, cluster_bytes);
 +                                   align_offset, align_bytes);
 -    while (cluster_bytes) {
 +    while (align_bytes) {
          int64_t pnum;
          if (skip_write) {
              ret = 1; /* "already allocated", so nothing will be copied */
 -            pnum = MIN(cluster_bytes, max_transfer);
 +            pnum = MIN(align_bytes, max_transfer);
          } else {
 -            ret = bdrv_is_allocated(bs, cluster_offset,
 -                                    MIN(cluster_bytes, max_transfer), &pnum);
 +            ret = bdrv_is_allocated(bs, align_offset,
 +                                    MIN(align_bytes, max_transfer), &pnum);
              if (ret < 0) {
                  /*
                   * Safe to treat errors in querying allocation as if
                   * unallocated; we'll probably fail again soon on the
                   * read, but at least that will set a decent errno.
                   */
 -                pnum = MIN(cluster_bytes, max_transfer);
 +                pnum = MIN(align_bytes, max_transfer);
              }
              /* Stop at EOF if the image ends in the middle of the cluster */
@@ -XXX,XX +XXX,XX @@ bdrv_co_do_copy_on_readv(BdrvChild *child, int64_t offset, int64_t bytes,
              /* Must copy-on-read; use the bounce buffer */
              pnum = MIN(pnum, MAX_BOUNCE_BUFFER);
              if (!bounce_buffer) {
 -                int64_t max_we_need = MAX(pnum, cluster_bytes - pnum);
 +                int64_t max_we_need = MAX(pnum, align_bytes - pnum);
                  int64_t max_allowed = MIN(max_transfer, MAX_BOUNCE_BUFFER);
                  int64_t bounce_buffer_len = MIN(max_we_need, max_allowed);
@@ -XXX,XX +XXX,XX @@ bdrv_co_do_copy_on_readv(BdrvChild *child, int64_t offset, int64_t bytes,
              }
              qemu_iovec_init_buf(&local_qiov, bounce_buffer, pnum);
 -            ret = bdrv_driver_preadv(bs, cluster_offset, pnum,
 +            ret = bdrv_driver_preadv(bs, align_offset, pnum,
                                       &local_qiov, 0, 0);
              if (ret < 0) {
                  goto err;
@@ -XXX,XX +XXX,XX @@ bdrv_co_do_copy_on_readv(BdrvChild *child, int64_t offset, int64_t bytes,
                  /* FIXME: Should we (perhaps conditionally) be setting
                   * BDRV_REQ_MAY_UNMAP, if it will allow for a sparser copy
                   * that still correctly reads as zero? */
 -                ret = bdrv_co_do_pwrite_zeroes(bs, cluster_offset, pnum,
 +                ret = bdrv_co_do_pwrite_zeroes(bs, align_offset, pnum,
                                                 BDRV_REQ_WRITE_UNCHANGED);
              } else {
                  /* This does not change the data on the disk, it is not
                   * necessary to flush even in cache=writethrough mode.
                   */
 -                ret = bdrv_driver_pwritev(bs, cluster_offset, pnum,
 +                ret = bdrv_driver_pwritev(bs, align_offset, pnum,
                                            &local_qiov, 0,
                                            BDRV_REQ_WRITE_UNCHANGED);
              }
@@ -XXX,XX +XXX,XX @@ bdrv_co_do_copy_on_readv(BdrvChild *child, int64_t offset, int64_t bytes,
              }
          }
 -        cluster_offset += pnum;
 -        cluster_bytes -= pnum;
 +        align_offset += pnum;
 +        align_bytes -= pnum;
          progress += pnum - skip_bytes;
          skip_bytes = 0;
      }
 diff --git a/block/mirror.c b/block/mirror.c
 index XXXXXXX..XXXXXXX 100644
---- a/util/main-loop.c
+--- a/block/mirror.c
-+++ b/util/main-loop.c
++++ b/block/mirror.c
-@@ -XXX,XX +XXX,XX @@ static void main_loop_update_params(EventLoopBase *base, Error **errp)
+@@ -XXX,XX +XXX,XX @@ static int coroutine_fn mirror_cow_align(MirrorBlockJob *s, int64_t *offset,
-         return;
+     need_cow |= !test_bit((*offset + *bytes - 1) / s->granularity,
                            s->cow_bitmap);
      if (need_cow) {
 -        bdrv_round_to_clusters(blk_bs(s->target), *offset, *bytes,
 -                               &align_offset, &align_bytes);
 +        bdrv_round_to_subclusters(blk_bs(s->target), *offset, *bytes,
 +                                  &align_offset, &align_bytes);
      }
--    aio_context_set_aio_params(qemu_aio_context, base->aio_max_batch, errp);
+     if (align_bytes > max_bytes) {
--    if (*errp) {
+@@ -XXX,XX +XXX,XX @@ static void coroutine_fn mirror_iteration(MirrorBlockJob *s)
--        return;
+             int64_t target_offset;
--    }
+             int64_t target_bytes;
-+    aio_context_set_aio_params(qemu_aio_context, base->aio_max_batch);
+             WITH_GRAPH_RDLOCK_GUARD() {
+-                bdrv_round_to_clusters(blk_bs(s->target), offset, io_bytes,
-     aio_context_set_thread_pool_params(qemu_aio_context, base->thread_pool_min,
+-                                       &target_offset, &target_bytes);
-                                        base->thread_pool_max, errp);
++                bdrv_round_to_subclusters(blk_bs(s->target), offset, io_bytes,
 +                                          &target_offset, &target_bytes);
              }
              if (target_offset == offset &&
                  target_bytes == io_bytes) {
 --
-.43.0
+.41.0

-[PULL 3/6] qemu/main-loop: rename QEMU_IOTHREAD_LOCK_GUARD to BQL_LOCK_GUARD
+Deleted patch
-The name "iothread" is overloaded. Use the term Big QEMU Lock (BQL)
-instead, it is already widely used and unambiguous.
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Paul Durrant <paul@xen.org>
-Acked-by: David Woodhouse <dwmw@amazon.co.uk>
-Reviewed-by: Cédric Le Goater <clg@kaod.org>
-Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
-Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
-Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
-Message-id: 20240102153529.486531-3-stefanha@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- include/qemu/main-loop.h  | 19 +++++++++----------
- hw/i386/kvm/xen_evtchn.c  | 14 +++++++-------
- hw/i386/kvm/xen_gnttab.c  |  2 +-
- hw/mips/mips_int.c        |  2 +-
- hw/ppc/ppc.c              |  2 +-
- target/i386/kvm/xen-emu.c |  2 +-
- target/ppc/excp_helper.c  |  2 +-
- target/ppc/helper_regs.c  |  2 +-
- target/riscv/cpu_helper.c |  4 ++--
-files changed, 24 insertions(+), 25 deletions(-)
-diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/qemu/main-loop.h
-+++ b/include/qemu/main-loop.h
-@@ -XXX,XX +XXX,XX @@ void bql_lock_impl(const char *file, int line);
- void bql_unlock(void);
- /**
-- * QEMU_IOTHREAD_LOCK_GUARD
-+ * BQL_LOCK_GUARD
-  *
-  * Wrap a block of code in a conditional bql_{lock,unlock}.
-  */
--typedef struct IOThreadLockAuto IOThreadLockAuto;
-+typedef struct BQLLockAuto BQLLockAuto;
--static inline IOThreadLockAuto *qemu_iothread_auto_lock(const char *file,
--                                                        int line)
-+static inline BQLLockAuto *bql_auto_lock(const char *file, int line)
- {
-     if (bql_locked()) {
-         return NULL;
-     }
-     bql_lock_impl(file, line);
-     /* Anything non-NULL causes the cleanup function to be called */
--    return (IOThreadLockAuto *)(uintptr_t)1;
-+    return (BQLLockAuto *)(uintptr_t)1;
- }
--static inline void qemu_iothread_auto_unlock(IOThreadLockAuto *l)
-+static inline void bql_auto_unlock(BQLLockAuto *l)
- {
-     bql_unlock();
- }
--G_DEFINE_AUTOPTR_CLEANUP_FUNC(IOThreadLockAuto, qemu_iothread_auto_unlock)
-+G_DEFINE_AUTOPTR_CLEANUP_FUNC(BQLLockAuto, bql_auto_unlock)
--#define QEMU_IOTHREAD_LOCK_GUARD() \
--    g_autoptr(IOThreadLockAuto) _iothread_lock_auto __attribute__((unused)) \
--        = qemu_iothread_auto_lock(__FILE__, __LINE__)
-+#define BQL_LOCK_GUARD() \
-+    g_autoptr(BQLLockAuto) _bql_lock_auto __attribute__((unused)) \
-+        = bql_auto_lock(__FILE__, __LINE__)
- /*
-  * qemu_cond_wait_iothread: Wait on condition for the main loop mutex
-diff --git a/hw/i386/kvm/xen_evtchn.c b/hw/i386/kvm/xen_evtchn.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i386/kvm/xen_evtchn.c
-+++ b/hw/i386/kvm/xen_evtchn.c
-@@ -XXX,XX +XXX,XX @@ int xen_evtchn_reset_op(struct evtchn_reset *reset)
-         return -ESRCH;
-     }
--    QEMU_IOTHREAD_LOCK_GUARD();
-+    BQL_LOCK_GUARD();
-     return xen_evtchn_soft_reset();
- }
-@@ -XXX,XX +XXX,XX @@ int xen_evtchn_close_op(struct evtchn_close *close)
-         return -EINVAL;
-     }
--    QEMU_IOTHREAD_LOCK_GUARD();
-+    BQL_LOCK_GUARD();
-     qemu_mutex_lock(&s->port_lock);
-     ret = close_port(s, close->port, &flush_kvm_routes);
-@@ -XXX,XX +XXX,XX @@ int xen_evtchn_bind_pirq_op(struct evtchn_bind_pirq *pirq)
-         return -EINVAL;
-     }
--    QEMU_IOTHREAD_LOCK_GUARD();
-+    BQL_LOCK_GUARD();
-     if (s->pirq[pirq->pirq].port) {
-         return -EBUSY;
-@@ -XXX,XX +XXX,XX @@ int xen_physdev_map_pirq(struct physdev_map_pirq *map)
-         return -ENOTSUP;
-     }
--    QEMU_IOTHREAD_LOCK_GUARD();
-+    BQL_LOCK_GUARD();
-     QEMU_LOCK_GUARD(&s->port_lock);
-     if (map->domid != DOMID_SELF && map->domid != xen_domid) {
-@@ -XXX,XX +XXX,XX @@ int xen_physdev_unmap_pirq(struct physdev_unmap_pirq *unmap)
-         return -EINVAL;
-     }
--    QEMU_IOTHREAD_LOCK_GUARD();
-+    BQL_LOCK_GUARD();
-     qemu_mutex_lock(&s->port_lock);
-     if (!pirq_inuse(s, pirq)) {
-@@ -XXX,XX +XXX,XX @@ int xen_physdev_eoi_pirq(struct physdev_eoi *eoi)
-         return -ENOTSUP;
-     }
--    QEMU_IOTHREAD_LOCK_GUARD();
-+    BQL_LOCK_GUARD();
-     QEMU_LOCK_GUARD(&s->port_lock);
-     if (!pirq_inuse(s, pirq)) {
-@@ -XXX,XX +XXX,XX @@ int xen_physdev_query_pirq(struct physdev_irq_status_query *query)
-         return -ENOTSUP;
-     }
--    QEMU_IOTHREAD_LOCK_GUARD();
-+    BQL_LOCK_GUARD();
-     QEMU_LOCK_GUARD(&s->port_lock);
-     if (!pirq_inuse(s, pirq)) {
-diff --git a/hw/i386/kvm/xen_gnttab.c b/hw/i386/kvm/xen_gnttab.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/i386/kvm/xen_gnttab.c
-+++ b/hw/i386/kvm/xen_gnttab.c
-@@ -XXX,XX +XXX,XX @@ int xen_gnttab_map_page(uint64_t idx, uint64_t gfn)
-         return -EINVAL;
-     }
--    QEMU_IOTHREAD_LOCK_GUARD();
-+    BQL_LOCK_GUARD();
-     QEMU_LOCK_GUARD(&s->gnt_lock);
-     xen_overlay_do_map_page(&s->gnt_aliases[idx], gpa);
-diff --git a/hw/mips/mips_int.c b/hw/mips/mips_int.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/mips/mips_int.c
-+++ b/hw/mips/mips_int.c
-@@ -XXX,XX +XXX,XX @@ static void cpu_mips_irq_request(void *opaque, int irq, int level)
-         return;
-     }
--    QEMU_IOTHREAD_LOCK_GUARD();
-+    BQL_LOCK_GUARD();
-     if (level) {
-         env->CP0_Cause |= 1 << (irq + CP0Ca_IP);
-diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
-index XXXXXXX..XXXXXXX 100644
---- a/hw/ppc/ppc.c
-+++ b/hw/ppc/ppc.c
-@@ -XXX,XX +XXX,XX @@ void ppc_set_irq(PowerPCCPU *cpu, int irq, int level)
-     unsigned int old_pending;
-     /* We may already have the BQL if coming from the reset path */
--    QEMU_IOTHREAD_LOCK_GUARD();
-+    BQL_LOCK_GUARD();
-     old_pending = env->pending_interrupts;
-diff --git a/target/i386/kvm/xen-emu.c b/target/i386/kvm/xen-emu.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/i386/kvm/xen-emu.c
-+++ b/target/i386/kvm/xen-emu.c
-@@ -XXX,XX +XXX,XX @@ static int xen_set_shared_info(uint64_t gfn)
-     uint64_t gpa = gfn << TARGET_PAGE_BITS;
-     int i, err;
--    QEMU_IOTHREAD_LOCK_GUARD();
-+    BQL_LOCK_GUARD();
-     /*
-      * The xen_overlay device tells KVM about it too, since it had to
-diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/excp_helper.c
-+++ b/target/ppc/excp_helper.c
-@@ -XXX,XX +XXX,XX @@ static int ppc_next_unmasked_interrupt(CPUPPCState *env)
- void ppc_maybe_interrupt(CPUPPCState *env)
- {
-     CPUState *cs = env_cpu(env);
--    QEMU_IOTHREAD_LOCK_GUARD();
-+    BQL_LOCK_GUARD();
-     if (ppc_next_unmasked_interrupt(env)) {
-         cpu_interrupt(cs, CPU_INTERRUPT_HARD);
-diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/ppc/helper_regs.c
-+++ b/target/ppc/helper_regs.c
-@@ -XXX,XX +XXX,XX @@ void cpu_interrupt_exittb(CPUState *cs)
-      * unless running with TCG.
-      */
-     if (tcg_enabled()) {
--        QEMU_IOTHREAD_LOCK_GUARD();
-+        BQL_LOCK_GUARD();
-         cpu_interrupt(cs, CPU_INTERRUPT_EXITTB);
-     }
- }
-diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/riscv/cpu_helper.c
-+++ b/target/riscv/cpu_helper.c
-@@ -XXX,XX +XXX,XX @@ void riscv_cpu_interrupt(CPURISCVState *env)
-     uint64_t gein, vsgein = 0, vstip = 0, irqf = 0;
-     CPUState *cs = env_cpu(env);
--    QEMU_IOTHREAD_LOCK_GUARD();
-+    BQL_LOCK_GUARD();
-     if (env->virt_enabled) {
-         gein = get_field(env->hstatus, HSTATUS_VGEIN);
-@@ -XXX,XX +XXX,XX @@ uint64_t riscv_cpu_update_mip(CPURISCVState *env, uint64_t mask, uint64_t value)
-     /* No need to update mip for VSTIP */
-     mask = ((mask == MIP_VSTIP) && env->vstime_irq) ? 0 : mask;
--    QEMU_IOTHREAD_LOCK_GUARD();
-+    BQL_LOCK_GUARD();
-     env->mip = (env->mip & ~mask) | (value & mask);
---
-.43.0

-[PULL 6/6] Rename "QEMU global mutex" to "BQL" in comments and docs
+[PULL v3 4/5] tests/qemu-iotests/197: add testcase for CoR with subclusters
-The term "QEMU global mutex" is identical to the more widely used Big
+From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
 QEMU Lock ("BQL"). Update the code comments and documentation to use
 "BQL" instead of "QEMU global mutex".
+Add testcase which checks that allocations during copy-on-read are
+performed on the subcluster basis when subclusters are enabled in target
+image.
+This testcase also triggers the following assert with previous commit
+not being applied, so we check that as well:
+qemu-io: ../block/io.c:1236: bdrv_co_do_copy_on_readv: Assertion `skip_bytes < pnum' failed.
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Reviewed-by: Denis V. Lunev <den@openvz.org>
+Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
+Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Acked-by: Markus Armbruster <armbru@redhat.com>
+Message-ID: <20230711172553.234055-4-andrey.drobyshev@virtuozzo.com>
 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 Reviewed-by: Paul Durrant <paul@xen.org>
 Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
 Reviewed-by: Cédric Le Goater <clg@kaod.org>
 Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
 Message-id: 20240102153529.486531-6-stefanha@redhat.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- docs/devel/multi-thread-tcg.rst   |  7 +++----
+ tests/qemu-iotests/197     | 29 +++++++++++++++++++++++++++++
- docs/devel/qapi-code-gen.rst      |  2 +-
+ tests/qemu-iotests/197.out | 24 ++++++++++++++++++++++++
- docs/devel/replay.rst             |  2 +-
+files changed, 53 insertions(+)
  docs/devel/multiple-iothreads.txt | 14 +++++++-------
  include/block/blockjob.h          |  6 +++---
  include/io/task.h                 |  2 +-
  include/qemu/coroutine-core.h     |  2 +-
  include/qemu/coroutine.h          |  2 +-
  hw/block/dataplane/virtio-blk.c   |  8 ++++----
  hw/block/virtio-blk.c             |  2 +-
  hw/scsi/virtio-scsi-dataplane.c   |  6 +++---
  net/tap.c                         |  2 +-
 files changed, 27 insertions(+), 28 deletions(-)
-diff --git a/docs/devel/multi-thread-tcg.rst b/docs/devel/multi-thread-tcg.rst
+diff --git a/tests/qemu-iotests/197 b/tests/qemu-iotests/197
 index XXXXXXX..XXXXXXX 100755
 --- a/tests/qemu-iotests/197
 +++ b/tests/qemu-iotests/197
@@ -XXX,XX +XXX,XX @@ $QEMU_IO -f qcow2 -C -c 'read 0 1024' "$TEST_WRAP" | _filter_qemu_io
  $QEMU_IO -f qcow2 -c map "$TEST_WRAP"
  _check_test_img
 +echo
 +echo '=== Copy-on-read with subclusters ==='
 +echo
 +
 +# Create base and top images 64K (1 cluster) each.  Make subclusters enabled
 +# for the top image
 +_make_test_img 64K
 +IMGPROTO=file IMGFMT=qcow2 TEST_IMG_FILE="$TEST_WRAP" \
 +    _make_test_img --no-opts -o extended_l2=true -F "$IMGFMT" -b "$TEST_IMG" \
 +    64K | _filter_img_create
 +
 +$QEMU_IO -c "write -P 0xaa 0 64k" "$TEST_IMG" | _filter_qemu_io
 +
 +# Allocate individual subclusters in the top image, and not the whole cluster
 +$QEMU_IO -c "write -P 0xbb 28K 2K" -c "write -P 0xcc 34K 2K" "$TEST_WRAP" \
 +    | _filter_qemu_io
 +
 +# Only 2 subclusters should be allocated in the top image at this point
 +$QEMU_IMG map "$TEST_WRAP" | _filter_qemu_img_map
 +
 +# Actual copy-on-read operation
 +$QEMU_IO -C -c "read -P 0xaa 30K 4K" "$TEST_WRAP" | _filter_qemu_io
 +
 +# And here we should have 4 subclusters allocated right in the middle of the
 +# top image. Make sure the whole cluster remains unallocated
 +$QEMU_IMG map "$TEST_WRAP" | _filter_qemu_img_map
 +
 +_check_test_img
 +
  # success, all done
  echo '*** done'
  status=0
 diff --git a/tests/qemu-iotests/197.out b/tests/qemu-iotests/197.out
 index XXXXXXX..XXXXXXX 100644
---- a/docs/devel/multi-thread-tcg.rst
+--- a/tests/qemu-iotests/197.out
-+++ b/docs/devel/multi-thread-tcg.rst
++++ b/tests/qemu-iotests/197.out
-@@ -XXX,XX +XXX,XX @@ instruction. This could be a future optimisation.
+@@ -XXX,XX +XXX,XX @@ read 1024/1024 bytes at offset 0
- Emulated hardware state
+KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
- -----------------------
+KiB (0x400) bytes     allocated at offset 0 bytes (0x0)
+ No errors were found on the image.
--Currently thanks to KVM work any access to IO memory is automatically
++
--protected by the global iothread mutex, also known as the BQL (Big
++=== Copy-on-read with subclusters ===
--QEMU Lock). Any IO region that doesn't use global mutex is expected to
++
--do its own locking.
++Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=65536
-+Currently thanks to KVM work any access to IO memory is automatically protected
++Formatting 'TEST_DIR/t.wrap.IMGFMT', fmt=IMGFMT size=65536 backing_file=TEST_DIR/t.IMGFMT backing_fmt=IMGFMT
-+by the BQL (Big QEMU Lock). Any IO region that doesn't use the BQL is expected
++wrote 65536/65536 bytes at offset 0
-+to do its own locking.
++64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
++wrote 2048/2048 bytes at offset 28672
- However IO memory isn't the only way emulated hardware state can be
++2 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
- modified. Some architectures have model specific registers that
++wrote 2048/2048 bytes at offset 34816
-diff --git a/docs/devel/qapi-code-gen.rst b/docs/devel/qapi-code-gen.rst
++2 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-index XXXXXXX..XXXXXXX 100644
++Offset          Length          File
---- a/docs/devel/qapi-code-gen.rst
++0               0x7000          TEST_DIR/t.IMGFMT
-+++ b/docs/devel/qapi-code-gen.rst
++0x7000          0x800           TEST_DIR/t.wrap.IMGFMT
-@@ -XXX,XX +XXX,XX @@ blocking the guest and other background operations.
++0x7800          0x1000          TEST_DIR/t.IMGFMT
- Coroutine safety can be hard to prove, similar to thread safety.  Common
++0x8800          0x800           TEST_DIR/t.wrap.IMGFMT
- pitfalls are:
++0x9000          0x7000          TEST_DIR/t.IMGFMT
++read 4096/4096 bytes at offset 30720
--- The global mutex isn't held across ``qemu_coroutine_yield()``, so
++4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-+- The BQL isn't held across ``qemu_coroutine_yield()``, so
++Offset          Length          File
-   operations that used to assume that they execute atomically may have
++0               0x7000          TEST_DIR/t.IMGFMT
-   to be more careful to protect against changes in the global state.
++0x7000          0x2000          TEST_DIR/t.wrap.IMGFMT
++0x9000          0x7000          TEST_DIR/t.IMGFMT
-diff --git a/docs/devel/replay.rst b/docs/devel/replay.rst
++No errors were found on the image.
-index XXXXXXX..XXXXXXX 100644
+ *** done
 --- a/docs/devel/replay.rst
 +++ b/docs/devel/replay.rst
@@ -XXX,XX +XXX,XX @@ modes.
  Reading and writing requests are created by CPU thread of QEMU. Later these
  requests proceed to block layer which creates "bottom halves". Bottom
  halves consist of callback and its parameters. They are processed when
 -main loop locks the global mutex. These locks are not synchronized with
 +main loop locks the BQL. These locks are not synchronized with
  replaying process because main loop also processes the events that do not
  affect the virtual machine state (like user interaction with monitor).
 diff --git a/docs/devel/multiple-iothreads.txt b/docs/devel/multiple-iothreads.txt
 index XXXXXXX..XXXXXXX 100644
 --- a/docs/devel/multiple-iothreads.txt
 +++ b/docs/devel/multiple-iothreads.txt
@@ -XXX,XX +XXX,XX @@ the COPYING file in the top-level directory.
  This document explains the IOThread feature and how to write code that runs
 -outside the QEMU global mutex.
 +outside the BQL.
  The main loop and IOThreads
  ---------------------------
@@ -XXX,XX +XXX,XX @@ scalability bottleneck on hosts with many CPUs.  Work can be spread across
  several IOThreads instead of just one main loop.  When set up correctly this
  can improve I/O latency and reduce jitter seen by the guest.
 -The main loop is also deeply associated with the QEMU global mutex, which is a
 -scalability bottleneck in itself.  vCPU threads and the main loop use the QEMU
 -global mutex to serialize execution of QEMU code.  This mutex is necessary
 -because a lot of QEMU's code historically was not thread-safe.
 +The main loop is also deeply associated with the BQL, which is a
 +scalability bottleneck in itself.  vCPU threads and the main loop use the BQL
 +to serialize execution of QEMU code.  This mutex is necessary because a lot of
 +QEMU's code historically was not thread-safe.
  The fact that all I/O processing is done in a single main loop and that the
 -QEMU global mutex is contended by all vCPU threads and the main loop explain
 +BQL is contended by all vCPU threads and the main loop explain
  why it is desirable to place work into IOThreads.
  The experimental virtio-blk data-plane implementation has been benchmarked and
@@ -XXX,XX +XXX,XX @@ There are several old APIs that use the main loop AioContext:
  Since they implicitly work on the main loop they cannot be used in code that
  runs in an IOThread.  They might cause a crash or deadlock if called from an
 -IOThread since the QEMU global mutex is not held.
 +IOThread since the BQL is not held.
  Instead, use the AioContext functions directly (see include/block/aio.h):
   * aio_set_fd_handler() - monitor a file descriptor
 diff --git a/include/block/blockjob.h b/include/block/blockjob.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/block/blockjob.h
 +++ b/include/block/blockjob.h
@@ -XXX,XX +XXX,XX @@ typedef struct BlockJob {
      /**
       * Speed that was set with @block_job_set_speed.
 -     * Always modified and read under QEMU global mutex (GLOBAL_STATE_CODE).
 +     * Always modified and read under the BQL (GLOBAL_STATE_CODE).
       */
      int64_t speed;
@@ -XXX,XX +XXX,XX @@ typedef struct BlockJob {
      /**
       * Block other operations when block job is running.
 -     * Always modified and read under QEMU global mutex (GLOBAL_STATE_CODE).
 +     * Always modified and read under the BQL (GLOBAL_STATE_CODE).
       */
      Error *blocker;
@@ -XXX,XX +XXX,XX @@ typedef struct BlockJob {
      /**
       * BlockDriverStates that are involved in this block job.
 -     * Always modified and read under QEMU global mutex (GLOBAL_STATE_CODE).
 +     * Always modified and read under the BQL (GLOBAL_STATE_CODE).
       */
      GSList *nodes;
  } BlockJob;
 diff --git a/include/io/task.h b/include/io/task.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/io/task.h
 +++ b/include/io/task.h
@@ -XXX,XX +XXX,XX @@ typedef void (*QIOTaskWorker)(QIOTask *task,
   * lookups) to be easily run non-blocking. Reporting the
   * results in the main thread context means that the caller
   * typically does not need to be concerned about thread
 - * safety wrt the QEMU global mutex.
 + * safety wrt the BQL.
   *
   * For example, the socket_listen() method will block the caller
   * while DNS lookups take place if given a name, instead of IP
 diff --git a/include/qemu/coroutine-core.h b/include/qemu/coroutine-core.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/qemu/coroutine-core.h
 +++ b/include/qemu/coroutine-core.h
@@ -XXX,XX +XXX,XX @@
   * rather than callbacks, for operations that need to give up control while
   * waiting for events to complete.
   *
 - * These functions are re-entrant and may be used outside the global mutex.
 + * These functions are re-entrant and may be used outside the BQL.
   *
   * Functions that execute in coroutine context cannot be called
   * directly from normal functions.  Use @coroutine_fn to mark such
 diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h
 index XXXXXXX..XXXXXXX 100644
 --- a/include/qemu/coroutine.h
 +++ b/include/qemu/coroutine.h
@@ -XXX,XX +XXX,XX @@
   * rather than callbacks, for operations that need to give up control while
   * waiting for events to complete.
   *
 - * These functions are re-entrant and may be used outside the global mutex.
 + * These functions are re-entrant and may be used outside the BQL.
   *
   * Functions that execute in coroutine context cannot be called
   * directly from normal functions.  Use @coroutine_fn to mark such
 diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/block/dataplane/virtio-blk.c
 +++ b/hw/block/dataplane/virtio-blk.c
@@ -XXX,XX +XXX,XX @@ apply_vq_mapping(IOThreadVirtQueueMappingList *iothread_vq_mapping_list,
      }
  }
 -/* Context: QEMU global mutex held */
 +/* Context: BQL held */
  bool virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *conf,
                                    VirtIOBlockDataPlane **dataplane,
                                    Error **errp)
@@ -XXX,XX +XXX,XX @@ bool virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *conf,
      return true;
  }
 -/* Context: QEMU global mutex held */
 +/* Context: BQL held */
  void virtio_blk_data_plane_destroy(VirtIOBlockDataPlane *s)
  {
      VirtIOBlock *vblk;
@@ -XXX,XX +XXX,XX @@ void virtio_blk_data_plane_destroy(VirtIOBlockDataPlane *s)
      g_free(s);
  }
 -/* Context: QEMU global mutex held */
 +/* Context: BQL held */
  int virtio_blk_data_plane_start(VirtIODevice *vdev)
  {
      VirtIOBlock *vblk = VIRTIO_BLK(vdev);
@@ -XXX,XX +XXX,XX @@ static void virtio_blk_data_plane_stop_vq_bh(void *opaque)
      virtio_queue_host_notifier_read(host_notifier);
  }
 -/* Context: QEMU global mutex held */
 +/* Context: BQL held */
  void virtio_blk_data_plane_stop(VirtIODevice *vdev)
  {
      VirtIOBlock *vblk = VIRTIO_BLK(vdev);
 diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/block/virtio-blk.c
 +++ b/hw/block/virtio-blk.c
@@ -XXX,XX +XXX,XX @@ static void virtio_blk_resize(void *opaque)
      VirtIODevice *vdev = VIRTIO_DEVICE(opaque);
      /*
 -     * virtio_notify_config() needs to acquire the global mutex,
 +     * virtio_notify_config() needs to acquire the BQL,
       * so it can't be called from an iothread. Instead, schedule
       * it to be run in the main context BH.
       */
 diff --git a/hw/scsi/virtio-scsi-dataplane.c b/hw/scsi/virtio-scsi-dataplane.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/scsi/virtio-scsi-dataplane.c
 +++ b/hw/scsi/virtio-scsi-dataplane.c
@@ -XXX,XX +XXX,XX @@
  #include "scsi/constants.h"
  #include "hw/virtio/virtio-bus.h"
 -/* Context: QEMU global mutex held */
 +/* Context: BQL held */
  void virtio_scsi_dataplane_setup(VirtIOSCSI *s, Error **errp)
  {
      VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s);
@@ -XXX,XX +XXX,XX @@ static void virtio_scsi_dataplane_stop_bh(void *opaque)
      }
  }
 -/* Context: QEMU global mutex held */
 +/* Context: BQL held */
  int virtio_scsi_dataplane_start(VirtIODevice *vdev)
  {
      int i;
@@ -XXX,XX +XXX,XX @@ fail_guest_notifiers:
      return -ENOSYS;
  }
 -/* Context: QEMU global mutex held */
 +/* Context: BQL held */
  void virtio_scsi_dataplane_stop(VirtIODevice *vdev)
  {
      BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
 diff --git a/net/tap.c b/net/tap.c
 index XXXXXXX..XXXXXXX 100644
 --- a/net/tap.c
 +++ b/net/tap.c
@@ -XXX,XX +XXX,XX @@ static void tap_send(void *opaque)
          /*
           * When the host keeps receiving more packets while tap_send() is
 -         * running we can hog the QEMU global mutex.  Limit the number of
 +         * running we can hog the BQL.  Limit the number of
           * packets that are processed per tap_send() callback to prevent
           * stalling the guest.
           */
 --
-.43.0
+.41.0

-[PULL 4/6] qemu/main-loop: rename qemu_cond_wait_iothread() to qemu_cond_wait_bql()
+[PULL v3 5/5] aio-posix: zero out io_uring sqe user_data
-The name "iothread" is overloaded. Use the term Big QEMU Lock (BQL)
+liburing does not clear sqe->user_data. We must do it ourselves to avoid
-instead, it is already widely used and unambiguous.
+undefined behavior in process_cqe() when user_data is used.
 Note that fdmon-io_uring is currently disabled, so this is a latent bug
 that does not affect users. Let's merge this fix now to make it easier
 to enable fdmon-io_uring in the future (and I'm working on that).
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Cédric Le Goater <clg@kaod.org>
+Message-ID: <20230426212639.82310-1-stefanha@redhat.com>
 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
 Reviewed-by: Paul Durrant <paul@xen.org>
 Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
 Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
 Message-id: 20240102153529.486531-4-stefanha@redhat.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- include/qemu/main-loop.h          | 10 +++++-----
+ util/fdmon-io_uring.c | 2 ++
- accel/tcg/tcg-accel-ops-rr.c      |  4 ++--
+file changed, 2 insertions(+)
  hw/display/virtio-gpu.c           |  2 +-
  hw/ppc/spapr_events.c             |  2 +-
  system/cpu-throttle.c             |  2 +-
  system/cpus.c                     |  4 ++--
  target/i386/nvmm/nvmm-accel-ops.c |  2 +-
  target/i386/whpx/whpx-accel-ops.c |  2 +-
 files changed, 14 insertions(+), 14 deletions(-)
-diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
+diff --git a/util/fdmon-io_uring.c b/util/fdmon-io_uring.c
 index XXXXXXX..XXXXXXX 100644
---- a/include/qemu/main-loop.h
+--- a/util/fdmon-io_uring.c
-+++ b/include/qemu/main-loop.h
++++ b/util/fdmon-io_uring.c
-@@ -XXX,XX +XXX,XX @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(BQLLockAuto, bql_auto_unlock)
+@@ -XXX,XX +XXX,XX @@ static void add_poll_remove_sqe(AioContext *ctx, AioHandler *node)
-         = bql_auto_lock(__FILE__, __LINE__)
+ #else
+     io_uring_prep_poll_remove(sqe, node);
- /*
+ #endif
-- * qemu_cond_wait_iothread: Wait on condition for the main loop mutex
++    io_uring_sqe_set_data(sqe, NULL);
 + * qemu_cond_wait_bql: Wait on condition for the Big QEMU Lock (BQL)
   *
 - * This function atomically releases the main loop mutex and causes
 + * This function atomically releases the Big QEMU Lock (BQL) and causes
   * the calling thread to block on the condition.
   */
 -void qemu_cond_wait_iothread(QemuCond *cond);
 +void qemu_cond_wait_bql(QemuCond *cond);
  /*
 - * qemu_cond_timedwait_iothread: like the previous, but with timeout
 + * qemu_cond_timedwait_bql: like the previous, but with timeout
   */
 -void qemu_cond_timedwait_iothread(QemuCond *cond, int ms);
 +void qemu_cond_timedwait_bql(QemuCond *cond, int ms);
  /* internal interfaces */
 diff --git a/accel/tcg/tcg-accel-ops-rr.c b/accel/tcg/tcg-accel-ops-rr.c
 index XXXXXXX..XXXXXXX 100644
 --- a/accel/tcg/tcg-accel-ops-rr.c
 +++ b/accel/tcg/tcg-accel-ops-rr.c
@@ -XXX,XX +XXX,XX @@ static void rr_wait_io_event(void)
      while (all_cpu_threads_idle()) {
          rr_stop_kick_timer();
 -        qemu_cond_wait_iothread(first_cpu->halt_cond);
 +        qemu_cond_wait_bql(first_cpu->halt_cond);
      }
      rr_start_kick_timer();
@@ -XXX,XX +XXX,XX @@ static void *rr_cpu_thread_fn(void *arg)
      /* wait for initial kick-off after machine start */
      while (first_cpu->stopped) {
 -        qemu_cond_wait_iothread(first_cpu->halt_cond);
 +        qemu_cond_wait_bql(first_cpu->halt_cond);
          /* process any pending work */
          CPU_FOREACH(cpu) {
 diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/display/virtio-gpu.c
 +++ b/hw/display/virtio-gpu.c
@@ -XXX,XX +XXX,XX @@ void virtio_gpu_reset(VirtIODevice *vdev)
          g->reset_finished = false;
          qemu_bh_schedule(g->reset_bh);
          while (!g->reset_finished) {
 -            qemu_cond_wait_iothread(&g->reset_cond);
 +            qemu_cond_wait_bql(&g->reset_cond);
          }
      } else {
          virtio_gpu_reset_bh(g);
 diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/ppc/spapr_events.c
 +++ b/hw/ppc/spapr_events.c
@@ -XXX,XX +XXX,XX @@ void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
              }
              return;
          }
 -        qemu_cond_wait_iothread(&spapr->fwnmi_machine_check_interlock_cond);
 +        qemu_cond_wait_bql(&spapr->fwnmi_machine_check_interlock_cond);
          if (spapr->fwnmi_machine_check_addr == -1) {
              /*
               * If the machine was reset while waiting for the interlock,
 diff --git a/system/cpu-throttle.c b/system/cpu-throttle.c
 index XXXXXXX..XXXXXXX 100644
 --- a/system/cpu-throttle.c
 +++ b/system/cpu-throttle.c
@@ -XXX,XX +XXX,XX @@ static void cpu_throttle_thread(CPUState *cpu, run_on_cpu_data opaque)
      endtime_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME) + sleeptime_ns;
      while (sleeptime_ns > 0 && !cpu->stop) {
          if (sleeptime_ns > SCALE_MS) {
 -            qemu_cond_timedwait_iothread(cpu->halt_cond,
 +            qemu_cond_timedwait_bql(cpu->halt_cond,
                                           sleeptime_ns / SCALE_MS);
          } else {
              bql_unlock();
 diff --git a/system/cpus.c b/system/cpus.c
 index XXXXXXX..XXXXXXX 100644
 --- a/system/cpus.c
 +++ b/system/cpus.c
@@ -XXX,XX +XXX,XX @@ void bql_unlock(void)
      qemu_mutex_unlock(&bql);
  }
--void qemu_cond_wait_iothread(QemuCond *cond)
+ /* Add a timeout that self-cancels when another cqe becomes ready */
-+void qemu_cond_wait_bql(QemuCond *cond)
+@@ -XXX,XX +XXX,XX @@ static void add_timeout_sqe(AioContext *ctx, int64_t ns)
- {
-     qemu_cond_wait(cond, &bql);
+     sqe = get_sqe(ctx);
      io_uring_prep_timeout(sqe, &ts, 1, 0);
 +    io_uring_sqe_set_data(sqe, NULL);
  }
--void qemu_cond_timedwait_iothread(QemuCond *cond, int ms)
+ /* Add sqes from ctx->submit_list for submission */
 +void qemu_cond_timedwait_bql(QemuCond *cond, int ms)
  {
      qemu_cond_timedwait(cond, &bql, ms);
  }
 diff --git a/target/i386/nvmm/nvmm-accel-ops.c b/target/i386/nvmm/nvmm-accel-ops.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/nvmm/nvmm-accel-ops.c
 +++ b/target/i386/nvmm/nvmm-accel-ops.c
@@ -XXX,XX +XXX,XX @@ static void *qemu_nvmm_cpu_thread_fn(void *arg)
              }
          }
          while (cpu_thread_is_idle(cpu)) {
 -            qemu_cond_wait_iothread(cpu->halt_cond);
 +            qemu_cond_wait_bql(cpu->halt_cond);
          }
          qemu_wait_io_event_common(cpu);
      } while (!cpu->unplug || cpu_can_run(cpu));
 diff --git a/target/i386/whpx/whpx-accel-ops.c b/target/i386/whpx/whpx-accel-ops.c
 index XXXXXXX..XXXXXXX 100644
 --- a/target/i386/whpx/whpx-accel-ops.c
 +++ b/target/i386/whpx/whpx-accel-ops.c
@@ -XXX,XX +XXX,XX @@ static void *whpx_cpu_thread_fn(void *arg)
              }
          }
          while (cpu_thread_is_idle(cpu)) {
 -            qemu_cond_wait_iothread(cpu->halt_cond);
 +            qemu_cond_wait_bql(cpu->halt_cond);
          }
          qemu_wait_io_event_common(cpu);
      } while (!cpu->unplug || cpu_can_run(cpu));
 --
-.43.0
+.41.0

The following changes since commit ffd454c67e38cc6df792733ebc5d967eee28ac0d:

Merge tag 'pull-vfio-20240107' of https://github.com/legoater/qemu into staging (2024-01-08 10:28:42 +0000)

are available in the Git repository at:

https://gitlab.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to 0b2675c473f68f13bc5ca1dd1c43ce421542e7b8:

Rename "QEMU global mutex" to "BQL" in comments and docs (2024-01-08 10:45:43 -0500)

----------------------------------------------------------------
Pull request

----------------------------------------------------------------

Philippe Mathieu-Daudé (1):
  iothread: Remove unused Error** argument in aio_context_set_aio_params

Stefan Hajnoczi (5):
  system/cpus: rename qemu_mutex_lock_iothread() to bql_lock()
  qemu/main-loop: rename QEMU_IOTHREAD_LOCK_GUARD to BQL_LOCK_GUARD
  qemu/main-loop: rename qemu_cond_wait_iothread() to
    qemu_cond_wait_bql()
  Replace "iothread lock" with "BQL" in comments
  Rename "QEMU global mutex" to "BQL" in comments and docs

-- 
2.43.0

From: Philippe Mathieu-Daudé <philmd@linaro.org>

aio_context_set_aio_params() doesn't use its undocumented
Error** argument. Remove it to simplify.

Note this removes a use of "unchecked Error**" in
iothread_set_aio_context_params().

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20231120171806.19361-1-philmd@linaro.org>
---
 include/block/aio.h | 3 +--
 iothread.c          | 3 +--
 util/aio-posix.c    | 3 +--
 util/aio-win32.c    | 3 +--
 util/main-loop.c    | 5 +----
 5 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/include/block/aio.h b/include/block/aio.h
index XXXXXXX..XXXXXXX 100644
--- a/include/block/aio.h
+++ b/include/block/aio.h
@@ -XXX,XX +XXX,XX @@ void aio_context_set_poll_params(AioContext *ctx, int64_t max_ns,
  * @max_batch: maximum number of requests in a batch, 0 means that the
  *             engine will use its default
  */
-void aio_context_set_aio_params(AioContext *ctx, int64_t max_batch,
-                                Error **errp);
+void aio_context_set_aio_params(AioContext *ctx, int64_t max_batch);
 
 /**
  * aio_context_set_thread_pool_params:
diff --git a/iothread.c b/iothread.c
index XXXXXXX..XXXXXXX 100644
--- a/iothread.c
+++ b/iothread.c
@@ -XXX,XX +XXX,XX @@ static void iothread_set_aio_context_params(EventLoopBase *base, Error **errp)
     }
 
     aio_context_set_aio_params(iothread->ctx,
-                               iothread->parent_obj.aio_max_batch,
-                               errp);
+                               iothread->parent_obj.aio_max_batch);
 
     aio_context_set_thread_pool_params(iothread->ctx, base->thread_pool_min,
                                        base->thread_pool_max, errp);
diff --git a/util/aio-posix.c b/util/aio-posix.c
index XXXXXXX..XXXXXXX 100644
--- a/util/aio-posix.c
+++ b/util/aio-posix.c
@@ -XXX,XX +XXX,XX @@ void aio_context_set_poll_params(AioContext *ctx, int64_t max_ns,
     aio_notify(ctx);
 }
 
-void aio_context_set_aio_params(AioContext *ctx, int64_t max_batch,
-                                Error **errp)
+void aio_context_set_aio_params(AioContext *ctx, int64_t max_batch)
 {
     /*
      * No thread synchronization here, it doesn't matter if an incorrect value
diff --git a/util/aio-win32.c b/util/aio-win32.c
index XXXXXXX..XXXXXXX 100644
--- a/util/aio-win32.c
+++ b/util/aio-win32.c
@@ -XXX,XX +XXX,XX @@ void aio_context_set_poll_params(AioContext *ctx, int64_t max_ns,
     }
 }
 
-void aio_context_set_aio_params(AioContext *ctx, int64_t max_batch,
-                                Error **errp)
+void aio_context_set_aio_params(AioContext *ctx, int64_t max_batch)
 {
 }
diff --git a/util/main-loop.c b/util/main-loop.c
index XXXXXXX..XXXXXXX 100644
--- a/util/main-loop.c
+++ b/util/main-loop.c
@@ -XXX,XX +XXX,XX @@ static void main_loop_update_params(EventLoopBase *base, Error **errp)
         return;
     }
 
-    aio_context_set_aio_params(qemu_aio_context, base->aio_max_batch, errp);
-    if (*errp) {
-        return;
-    }
+    aio_context_set_aio_params(qemu_aio_context, base->aio_max_batch);
 
     aio_context_set_thread_pool_params(qemu_aio_context, base->thread_pool_min,
                                        base->thread_pool_max, errp);
-- 
2.43.0

The Big QEMU Lock (BQL) has many names and they are confusing. The
actual QemuMutex variable is called qemu_global_mutex but it's commonly
referred to as the BQL in discussions and some code comments. The
locking APIs, however, are called qemu_mutex_lock_iothread() and
qemu_mutex_unlock_iothread().

The "iothread" name is historic and comes from when the main thread was
split into into KVM vcpu threads and the "iothread" (now called the main
loop thread). I have contributed to the confusion myself by introducing
a separate --object iothread, a separate concept unrelated to the BQL.

The "iothread" name is no longer appropriate for the BQL. Rename the
locking APIs to:
- void bql_lock(void)
- void bql_unlock(void)
- bool bql_locked(void)

There are more APIs with "iothread" in their names. Subsequent patches
will rename them. There are also comments and documentation that will be
updated in later patches.

diff --git a/include/block/aio-wait.h b/include/block/aio-wait.h
index XXXXXXX..XXXXXXX 100644
--- a/include/block/aio-wait.h
+++ b/include/block/aio-wait.h
@@ -XXX,XX +XXX,XX @@ static inline bool in_aio_context_home_thread(AioContext *ctx)
     }
 
     if (ctx == qemu_get_aio_context()) {
-        return qemu_mutex_iothread_locked();
+        return bql_locked();
     } else {
         return false;
     }
diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/main-loop.h
+++ b/include/qemu/main-loop.h
@@ -XXX,XX +XXX,XX @@ GSource *iohandler_get_g_source(void);
 AioContext *iohandler_get_aio_context(void);
 
 /**
- * qemu_mutex_iothread_locked: Return lock status of the main loop mutex.
+ * bql_locked: Return lock status of the Big QEMU Lock (BQL)
  *
- * The main loop mutex is the coarsest lock in QEMU, and as such it
+ * The Big QEMU Lock (BQL) is the coarsest lock in QEMU, and as such it
  * must always be taken outside other locks.  This function helps
  * functions take different paths depending on whether the current
- * thread is running within the main loop mutex.
+ * thread is running within the BQL.
  *
  * This function should never be used in the block layer, because
  * unit tests, block layer tools and qemu-storage-daemon do not
  * have a BQL.
  * Please instead refer to qemu_in_main_thread().
  */
-bool qemu_mutex_iothread_locked(void);
+bool bql_locked(void);
 
 /**
  * qemu_in_main_thread: return whether it's possible to safely access
@@ -XXX,XX +XXX,XX @@ bool qemu_in_main_thread(void);
     } while (0)
 
 /**
- * qemu_mutex_lock_iothread: Lock the main loop mutex.
+ * bql_lock: Lock the Big QEMU Lock (BQL).
  *
- * This function locks the main loop mutex.  The mutex is taken by
+ * This function locks the Big QEMU Lock (BQL).  The lock is taken by
  * main() in vl.c and always taken except while waiting on
- * external events (such as with select).  The mutex should be taken
+ * external events (such as with select).  The lock should be taken
  * by threads other than the main loop thread when calling
  * qemu_bh_new(), qemu_set_fd_handler() and basically all other
  * functions documented in this file.
  *
- * NOTE: tools currently are single-threaded and qemu_mutex_lock_iothread
+ * NOTE: tools currently are single-threaded and bql_lock
  * is a no-op there.
  */
-#define qemu_mutex_lock_iothread()                      \
-    qemu_mutex_lock_iothread_impl(__FILE__, __LINE__)
-void qemu_mutex_lock_iothread_impl(const char *file, int line);
+#define bql_lock() bql_lock_impl(__FILE__, __LINE__)
+void bql_lock_impl(const char *file, int line);
 
 /**
- * qemu_mutex_unlock_iothread: Unlock the main loop mutex.
+ * bql_unlock: Unlock the Big QEMU Lock (BQL).
  *
- * This function unlocks the main loop mutex.  The mutex is taken by
+ * This function unlocks the Big QEMU Lock.  The lock is taken by
  * main() in vl.c and always taken except while waiting on
- * external events (such as with select).  The mutex should be unlocked
+ * external events (such as with select).  The lock should be unlocked
  * as soon as possible by threads other than the main loop thread,
  * because it prevents the main loop from processing callbacks,
  * including timers and bottom halves.
  *
- * NOTE: tools currently are single-threaded and qemu_mutex_unlock_iothread
+ * NOTE: tools currently are single-threaded and bql_unlock
  * is a no-op there.
  */
-void qemu_mutex_unlock_iothread(void);
+void bql_unlock(void);
 
 /**
  * QEMU_IOTHREAD_LOCK_GUARD
  *
- * Wrap a block of code in a conditional qemu_mutex_{lock,unlock}_iothread.
+ * Wrap a block of code in a conditional bql_{lock,unlock}.
  */
 typedef struct IOThreadLockAuto IOThreadLockAuto;
 
 static inline IOThreadLockAuto *qemu_iothread_auto_lock(const char *file,
                                                         int line)
 {
-    if (qemu_mutex_iothread_locked()) {
+    if (bql_locked()) {
         return NULL;
     }
-    qemu_mutex_lock_iothread_impl(file, line);
+    bql_lock_impl(file, line);
     /* Anything non-NULL causes the cleanup function to be called */
     return (IOThreadLockAuto *)(uintptr_t)1;
 }
 
 static inline void qemu_iothread_auto_unlock(IOThreadLockAuto *l)
 {
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 G_DEFINE_AUTOPTR_CLEANUP_FUNC(IOThreadLockAuto, qemu_iothread_auto_unlock)
diff --git a/include/qemu/thread.h b/include/qemu/thread.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/thread.h
+++ b/include/qemu/thread.h
@@ -XXX,XX +XXX,XX @@ typedef void (*QemuCondWaitFunc)(QemuCond *c, QemuMutex *m, const char *f,
 typedef bool (*QemuCondTimedWaitFunc)(QemuCond *c, QemuMutex *m, int ms,
                                       const char *f, int l);
 
-extern QemuMutexLockFunc qemu_bql_mutex_lock_func;
+extern QemuMutexLockFunc bql_mutex_lock_func;
 extern QemuMutexLockFunc qemu_mutex_lock_func;
 extern QemuMutexTrylockFunc qemu_mutex_trylock_func;
 extern QemuRecMutexLockFunc qemu_rec_mutex_lock_func;
diff --git a/accel/accel-blocker.c b/accel/accel-blocker.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/accel-blocker.c
+++ b/accel/accel-blocker.c
@@ -XXX,XX +XXX,XX @@ void accel_blocker_init(void)
 
 void accel_ioctl_begin(void)
 {
-    if (likely(qemu_mutex_iothread_locked())) {
+    if (likely(bql_locked())) {
         return;
     }
 
@@ -XXX,XX +XXX,XX @@ void accel_ioctl_begin(void)
 
 void accel_ioctl_end(void)
 {
-    if (likely(qemu_mutex_iothread_locked())) {
+    if (likely(bql_locked())) {
         return;
     }
 
@@ -XXX,XX +XXX,XX @@ void accel_ioctl_end(void)
 
 void accel_cpu_ioctl_begin(CPUState *cpu)
 {
-    if (unlikely(qemu_mutex_iothread_locked())) {
+    if (unlikely(bql_locked())) {
         return;
     }
 
@@ -XXX,XX +XXX,XX @@ void accel_cpu_ioctl_begin(CPUState *cpu)
 
 void accel_cpu_ioctl_end(CPUState *cpu)
 {
-    if (unlikely(qemu_mutex_iothread_locked())) {
+    if (unlikely(bql_locked())) {
         return;
     }
 
@@ -XXX,XX +XXX,XX @@ void accel_ioctl_inhibit_begin(void)
      * We allow to inhibit only when holding the BQL, so we can identify
      * when an inhibitor wants to issue an ioctl easily.
      */
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
 
     /* Block further invocations of the ioctls outside the BQL.  */
     CPU_FOREACH(cpu) {
diff --git a/accel/dummy-cpus.c b/accel/dummy-cpus.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/dummy-cpus.c
+++ b/accel/dummy-cpus.c
@@ -XXX,XX +XXX,XX @@ static void *dummy_cpu_thread_fn(void *arg)
 
     rcu_register_thread();
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     qemu_thread_get_self(cpu->thread);
     cpu->thread_id = qemu_get_thread_id();
     cpu->neg.can_do_io = true;
@@ -XXX,XX +XXX,XX @@ static void *dummy_cpu_thread_fn(void *arg)
     qemu_guest_random_seed_thread_part2(cpu->random_seed);
 
     do {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
 #ifndef _WIN32
         do {
             int sig;
@@ -XXX,XX +XXX,XX @@ static void *dummy_cpu_thread_fn(void *arg)
 #else
         qemu_sem_wait(&cpu->sem);
 #endif
-        qemu_mutex_lock_iothread();
+        bql_lock();
         qemu_wait_io_event(cpu);
     } while (!cpu->unplug);
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     rcu_unregister_thread();
     return NULL;
 }
diff --git a/accel/hvf/hvf-accel-ops.c b/accel/hvf/hvf-accel-ops.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/hvf/hvf-accel-ops.c
+++ b/accel/hvf/hvf-accel-ops.c
@@ -XXX,XX +XXX,XX @@ static void *hvf_cpu_thread_fn(void *arg)
 
     rcu_register_thread();
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     qemu_thread_get_self(cpu->thread);
 
     cpu->thread_id = qemu_get_thread_id();
@@ -XXX,XX +XXX,XX @@ static void *hvf_cpu_thread_fn(void *arg)
 
     hvf_vcpu_destroy(cpu);
     cpu_thread_signal_destroyed(cpu);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     rcu_unregister_thread();
     return NULL;
 }
diff --git a/accel/kvm/kvm-accel-ops.c b/accel/kvm/kvm-accel-ops.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/kvm/kvm-accel-ops.c
+++ b/accel/kvm/kvm-accel-ops.c
@@ -XXX,XX +XXX,XX @@ static void *kvm_vcpu_thread_fn(void *arg)
 
     rcu_register_thread();
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     qemu_thread_get_self(cpu->thread);
     cpu->thread_id = qemu_get_thread_id();
     cpu->neg.can_do_io = true;
@@ -XXX,XX +XXX,XX @@ static void *kvm_vcpu_thread_fn(void *arg)
 
     kvm_destroy_vcpu(cpu);
     cpu_thread_signal_destroyed(cpu);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     rcu_unregister_thread();
     return NULL;
 }
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -XXX,XX +XXX,XX @@ static void kvm_dirty_ring_flush(void)
      * should always be with BQL held, serialization is guaranteed.
      * However, let's be sure of it.
      */
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
     /*
      * First make sure to flush the hardware buffers by kicking all
      * vcpus out in a synchronous way.
@@ -XXX,XX +XXX,XX @@ static void *kvm_dirty_ring_reaper_thread(void *data)
         trace_kvm_dirty_ring_reaper("wakeup");
         r->reaper_state = KVM_DIRTY_RING_REAPER_REAPING;
 
-        qemu_mutex_lock_iothread();
+        bql_lock();
         kvm_dirty_ring_reap(s, NULL);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
 
         r->reaper_iteration++;
     }
@@ -XXX,XX +XXX,XX @@ int kvm_cpu_exec(CPUState *cpu)
         return EXCP_HLT;
     }
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     cpu_exec_start(cpu);
 
     do {
@@ -XXX,XX +XXX,XX @@ int kvm_cpu_exec(CPUState *cpu)
 
 #ifdef KVM_HAVE_MCE_INJECTION
         if (unlikely(have_sigbus_pending)) {
-            qemu_mutex_lock_iothread();
+            bql_lock();
             kvm_arch_on_sigbus_vcpu(cpu, pending_sigbus_code,
                                     pending_sigbus_addr);
             have_sigbus_pending = false;
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
         }
 #endif
 
@@ -XXX,XX +XXX,XX @@ int kvm_cpu_exec(CPUState *cpu)
              * still full.  Got kicked by KVM_RESET_DIRTY_RINGS.
              */
             trace_kvm_dirty_ring_full(cpu->cpu_index);
-            qemu_mutex_lock_iothread();
+            bql_lock();
             /*
              * We throttle vCPU by making it sleep once it exit from kernel
              * due to dirty ring full. In the dirtylimit scenario, reaping
@@ -XXX,XX +XXX,XX @@ int kvm_cpu_exec(CPUState *cpu)
             } else {
                 kvm_dirty_ring_reap(kvm_state, NULL);
             }
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             dirtylimit_vcpu_execute(cpu);
             ret = 0;
             break;
@@ -XXX,XX +XXX,XX @@ int kvm_cpu_exec(CPUState *cpu)
                 break;
             case KVM_SYSTEM_EVENT_CRASH:
                 kvm_cpu_synchronize_state(cpu);
-                qemu_mutex_lock_iothread();
+                bql_lock();
                 qemu_system_guest_panicked(cpu_get_crash_info(cpu));
-                qemu_mutex_unlock_iothread();
+                bql_unlock();
                 ret = 0;
                 break;
             default:
@@ -XXX,XX +XXX,XX @@ int kvm_cpu_exec(CPUState *cpu)
     } while (ret == 0);
 
     cpu_exec_end(cpu);
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     if (ret < 0) {
         cpu_dump_state(cpu, stderr, CPU_DUMP_CODE);
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -XXX,XX +XXX,XX @@ static void cpu_exec_longjmp_cleanup(CPUState *cpu)
         tcg_ctx->gen_tb = NULL;
     }
 #endif
-    if (qemu_mutex_iothread_locked()) {
-        qemu_mutex_unlock_iothread();
+    if (bql_locked()) {
+        bql_unlock();
     }
     assert_no_pages_locked();
 }
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_halt(CPUState *cpu)
 #if defined(TARGET_I386)
         if (cpu->interrupt_request & CPU_INTERRUPT_POLL) {
             X86CPU *x86_cpu = X86_CPU(cpu);
-            qemu_mutex_lock_iothread();
+            bql_lock();
             apic_poll_irq(x86_cpu->apic_state);
             cpu_reset_interrupt(cpu, CPU_INTERRUPT_POLL);
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
         }
 #endif /* TARGET_I386 */
         if (!cpu_has_work(cpu)) {
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_exception(CPUState *cpu, int *ret)
 #else
         if (replay_exception()) {
             CPUClass *cc = CPU_GET_CLASS(cpu);
-            qemu_mutex_lock_iothread();
+            bql_lock();
             cc->tcg_ops->do_interrupt(cpu);
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             cpu->exception_index = -1;
 
             if (unlikely(cpu->singlestep_enabled)) {
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
 
     if (unlikely(qatomic_read(&cpu->interrupt_request))) {
         int interrupt_request;
-        qemu_mutex_lock_iothread();
+        bql_lock();
         interrupt_request = cpu->interrupt_request;
         if (unlikely(cpu->singlestep_enabled & SSTEP_NOIRQ)) {
             /* Mask out external interrupts for this step. */
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
         if (interrupt_request & CPU_INTERRUPT_DEBUG) {
             cpu->interrupt_request &= ~CPU_INTERRUPT_DEBUG;
             cpu->exception_index = EXCP_DEBUG;
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             return true;
         }
 #if !defined(CONFIG_USER_ONLY)
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
             cpu->interrupt_request &= ~CPU_INTERRUPT_HALT;
             cpu->halted = 1;
             cpu->exception_index = EXCP_HLT;
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             return true;
         }
 #if defined(TARGET_I386)
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
             cpu_svm_check_intercept_param(env, SVM_EXIT_INIT, 0, 0);
             do_cpu_init(x86_cpu);
             cpu->exception_index = EXCP_HALTED;
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             return true;
         }
 #else
         else if (interrupt_request & CPU_INTERRUPT_RESET) {
             replay_interrupt();
             cpu_reset(cpu);
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             return true;
         }
 #endif /* !TARGET_I386 */
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
                  */
                 if (unlikely(cpu->singlestep_enabled)) {
                     cpu->exception_index = EXCP_DEBUG;
-                    qemu_mutex_unlock_iothread();
+                    bql_unlock();
                     return true;
                 }
                 cpu->exception_index = -1;
@@ -XXX,XX +XXX,XX @@ static inline bool cpu_handle_interrupt(CPUState *cpu,
         }
 
         /* If we exit via cpu_loop_exit/longjmp it is reset in cpu_exec */
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 
     /* Finally, check if we need to exit to the main loop.  */
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static uint64_t do_ld_mmio_beN(CPUState *cpu, CPUTLBEntryFull *full,
     section = io_prepare(&mr_offset, cpu, full->xlat_section, attrs, addr, ra);
     mr = section->mr;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ret = int_ld_mmio_beN(cpu, full, ret_be, addr, size, mmu_idx,
                           type, ra, mr, mr_offset);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     return ret;
 }
@@ -XXX,XX +XXX,XX @@ static Int128 do_ld16_mmio_beN(CPUState *cpu, CPUTLBEntryFull *full,
     section = io_prepare(&mr_offset, cpu, full->xlat_section, attrs, addr, ra);
     mr = section->mr;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     a = int_ld_mmio_beN(cpu, full, ret_be, addr, size - 8, mmu_idx,
                         MMU_DATA_LOAD, ra, mr, mr_offset);
     b = int_ld_mmio_beN(cpu, full, ret_be, addr + size - 8, 8, mmu_idx,
                         MMU_DATA_LOAD, ra, mr, mr_offset + size - 8);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     return int128_make128(b, a);
 }
@@ -XXX,XX +XXX,XX @@ static uint64_t do_st_mmio_leN(CPUState *cpu, CPUTLBEntryFull *full,
     section = io_prepare(&mr_offset, cpu, full->xlat_section, attrs, addr, ra);
     mr = section->mr;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ret = int_st_mmio_leN(cpu, full, val_le, addr, size, mmu_idx,
                           ra, mr, mr_offset);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     return ret;
 }
@@ -XXX,XX +XXX,XX @@ static uint64_t do_st16_mmio_leN(CPUState *cpu, CPUTLBEntryFull *full,
     section = io_prepare(&mr_offset, cpu, full->xlat_section, attrs, addr, ra);
     mr = section->mr;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     int_st_mmio_leN(cpu, full, int128_getlo(val_le), addr, 8,
                     mmu_idx, ra, mr, mr_offset);
     ret = int_st_mmio_leN(cpu, full, int128_gethi(val_le), addr + 8,
                           size - 8, mmu_idx, ra, mr, mr_offset + 8);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     return ret;
 }
diff --git a/accel/tcg/tcg-accel-ops-icount.c b/accel/tcg/tcg-accel-ops-icount.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tcg-accel-ops-icount.c
+++ b/accel/tcg/tcg-accel-ops-icount.c
@@ -XXX,XX +XXX,XX @@ void icount_prepare_for_run(CPUState *cpu, int64_t cpu_budget)
          * We're called without the iothread lock, so must take it while
          * we're calling timer handlers.
          */
-        qemu_mutex_lock_iothread();
+        bql_lock();
         icount_notify_aio_contexts();
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 }
 
diff --git a/accel/tcg/tcg-accel-ops-mttcg.c b/accel/tcg/tcg-accel-ops-mttcg.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tcg-accel-ops-mttcg.c
+++ b/accel/tcg/tcg-accel-ops-mttcg.c
@@ -XXX,XX +XXX,XX @@ static void *mttcg_cpu_thread_fn(void *arg)
     rcu_add_force_rcu_notifier(&force_rcu.notifier);
     tcg_register_thread();
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     qemu_thread_get_self(cpu->thread);
 
     cpu->thread_id = qemu_get_thread_id();
@@ -XXX,XX +XXX,XX @@ static void *mttcg_cpu_thread_fn(void *arg)
     do {
         if (cpu_can_run(cpu)) {
             int r;
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             r = tcg_cpus_exec(cpu);
-            qemu_mutex_lock_iothread();
+            bql_lock();
             switch (r) {
             case EXCP_DEBUG:
                 cpu_handle_guest_debug(cpu);
@@ -XXX,XX +XXX,XX @@ static void *mttcg_cpu_thread_fn(void *arg)
                  */
                 break;
             case EXCP_ATOMIC:
-                qemu_mutex_unlock_iothread();
+                bql_unlock();
                 cpu_exec_step_atomic(cpu);
-                qemu_mutex_lock_iothread();
+                bql_lock();
             default:
                 /* Ignore everything else? */
                 break;
@@ -XXX,XX +XXX,XX @@ static void *mttcg_cpu_thread_fn(void *arg)
     } while (!cpu->unplug || cpu_can_run(cpu));
 
     tcg_cpus_destroy(cpu);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     rcu_remove_force_rcu_notifier(&force_rcu.notifier);
     rcu_unregister_thread();
     return NULL;
diff --git a/accel/tcg/tcg-accel-ops-rr.c b/accel/tcg/tcg-accel-ops-rr.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tcg-accel-ops-rr.c
+++ b/accel/tcg/tcg-accel-ops-rr.c
@@ -XXX,XX +XXX,XX @@ static void *rr_cpu_thread_fn(void *arg)
     rcu_add_force_rcu_notifier(&force_rcu);
     tcg_register_thread();
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     qemu_thread_get_self(cpu->thread);
 
     cpu->thread_id = qemu_get_thread_id();
@@ -XXX,XX +XXX,XX @@ static void *rr_cpu_thread_fn(void *arg)
         /* Only used for icount_enabled() */
         int64_t cpu_budget = 0;
 
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         replay_mutex_lock();
-        qemu_mutex_lock_iothread();
+        bql_lock();
 
         if (icount_enabled()) {
             int cpu_count = rr_cpu_count();
@@ -XXX,XX +XXX,XX @@ static void *rr_cpu_thread_fn(void *arg)
             if (cpu_can_run(cpu)) {
                 int r;
 
-                qemu_mutex_unlock_iothread();
+                bql_unlock();
                 if (icount_enabled()) {
                     icount_prepare_for_run(cpu, cpu_budget);
                 }
@@ -XXX,XX +XXX,XX @@ static void *rr_cpu_thread_fn(void *arg)
                 if (icount_enabled()) {
                     icount_process_data(cpu);
                 }
-                qemu_mutex_lock_iothread();
+                bql_lock();
 
                 if (r == EXCP_DEBUG) {
                     cpu_handle_guest_debug(cpu);
                     break;
                 } else if (r == EXCP_ATOMIC) {
-                    qemu_mutex_unlock_iothread();
+                    bql_unlock();
                     cpu_exec_step_atomic(cpu);
-                    qemu_mutex_lock_iothread();
+                    bql_lock();
                     break;
                 }
             } else if (cpu->stop) {
diff --git a/accel/tcg/tcg-accel-ops.c b/accel/tcg/tcg-accel-ops.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tcg-accel-ops.c
+++ b/accel/tcg/tcg-accel-ops.c
@@ -XXX,XX +XXX,XX @@ static void tcg_cpu_reset_hold(CPUState *cpu)
 /* mask must never be zero, except for A20 change call */
 void tcg_handle_interrupt(CPUState *cpu, int mask)
 {
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
 
     cpu->interrupt_request |= mask;
 
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -XXX,XX +XXX,XX @@ void cpu_io_recompile(CPUState *cpu, uintptr_t retaddr)
 
 void cpu_interrupt(CPUState *cpu, int mask)
 {
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     cpu->interrupt_request |= mask;
     qatomic_set(&cpu->neg.icount_decr.u16.high, -1);
 }
diff --git a/cpu-common.c b/cpu-common.c
index XXXXXXX..XXXXXXX 100644
--- a/cpu-common.c
+++ b/cpu-common.c
@@ -XXX,XX +XXX,XX @@ void process_queued_cpu_work(CPUState *cpu)
              * BQL, so it goes to sleep; start_exclusive() is sleeping too, so
              * neither CPU can proceed.
              */
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             start_exclusive();
             wi->func(cpu, wi->data);
             end_exclusive();
-            qemu_mutex_lock_iothread();
+            bql_lock();
         } else {
             wi->func(cpu, wi->data);
         }
diff --git a/dump/dump.c b/dump/dump.c
index XXXXXXX..XXXXXXX 100644
--- a/dump/dump.c
+++ b/dump/dump.c
@@ -XXX,XX +XXX,XX @@ static int dump_cleanup(DumpState *s)
     s->guest_note = NULL;
     if (s->resume) {
         if (s->detached) {
-            qemu_mutex_lock_iothread();
+            bql_lock();
         }
         vm_start();
         if (s->detached) {
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
         }
     }
     migrate_del_blocker(&dump_migration_blocker);
diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -XXX,XX +XXX,XX @@ CPUState *cpu_create(const char *typename)
  * BQL here if we need to.  cpu_interrupt assumes it is held.*/
 void cpu_reset_interrupt(CPUState *cpu, int mask)
 {
-    bool need_lock = !qemu_mutex_iothread_locked();
+    bool need_lock = !bql_locked();
 
     if (need_lock) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
     }
     cpu->interrupt_request &= ~mask;
     if (need_lock) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 }
 
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -XXX,XX +XXX,XX @@ static bool vtd_switch_address_space(VTDAddressSpace *as)
 {
     bool use_iommu, pt;
     /* Whether we need to take the BQL on our own */
-    bool take_bql = !qemu_mutex_iothread_locked();
+    bool take_bql = !bql_locked();
 
     assert(as);
 
@@ -XXX,XX +XXX,XX @@ static bool vtd_switch_address_space(VTDAddressSpace *as)
      * it. We'd better make sure we have had it already, or, take it.
      */
     if (take_bql) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
     }
 
     /* Turn off first then on the other */
@@ -XXX,XX +XXX,XX @@ static bool vtd_switch_address_space(VTDAddressSpace *as)
     }
 
     if (take_bql) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 
     return use_iommu;
diff --git a/hw/i386/kvm/xen_evtchn.c b/hw/i386/kvm/xen_evtchn.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i386/kvm/xen_evtchn.c
+++ b/hw/i386/kvm/xen_evtchn.c
@@ -XXX,XX +XXX,XX @@ void xen_evtchn_set_callback_level(int level)
      * effect immediately. That just leaves interdomain loopback as the case
      * which uses the BH.
      */
-    if (!qemu_mutex_iothread_locked()) {
+    if (!bql_locked()) {
         qemu_bh_schedule(s->gsi_bh);
         return;
     }
@@ -XXX,XX +XXX,XX @@ int xen_evtchn_set_callback_param(uint64_t param)
      * We need the BQL because set_callback_pci_intx() may call into PCI code,
      * and because we may need to manipulate the old and new GSI levels.
      */
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
     qemu_mutex_lock(&s->port_lock);
 
     switch (type) {
@@ -XXX,XX +XXX,XX @@ static int close_port(XenEvtchnState *s, evtchn_port_t port,
     XenEvtchnPort *p = &s->port_table[port];
 
     /* Because it *might* be a PIRQ port */
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     switch (p->type) {
     case EVTCHNSTAT_closed:
@@ -XXX,XX +XXX,XX @@ int xen_evtchn_soft_reset(void)
         return -ENOTSUP;
     }
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     qemu_mutex_lock(&s->port_lock);
 
@@ -XXX,XX +XXX,XX @@ bool xen_evtchn_set_gsi(int gsi, int level)
     XenEvtchnState *s = xen_evtchn_singleton;
     int pirq;
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     if (!s || gsi < 0 || gsi >= IOAPIC_NUM_PINS) {
         return false;
@@ -XXX,XX +XXX,XX @@ void xen_evtchn_snoop_msi(PCIDevice *dev, bool is_msix, unsigned int vector,
         return;
     }
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     pirq = msi_pirq_target(addr, data);
 
@@ -XXX,XX +XXX,XX @@ int xen_evtchn_translate_pirq_msi(struct kvm_irq_routing_entry *route,
         return 1; /* Not a PIRQ */
     }
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     pirq = msi_pirq_target(address, data);
     if (!pirq || pirq >= s->nr_pirqs) {
@@ -XXX,XX +XXX,XX @@ bool xen_evtchn_deliver_pirq_msi(uint64_t address, uint32_t data)
         return false;
     }
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     pirq = msi_pirq_target(address, data);
     if (!pirq || pirq >= s->nr_pirqs) {
diff --git a/hw/i386/kvm/xen_overlay.c b/hw/i386/kvm/xen_overlay.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i386/kvm/xen_overlay.c
+++ b/hw/i386/kvm/xen_overlay.c
@@ -XXX,XX +XXX,XX @@ int xen_overlay_map_shinfo_page(uint64_t gpa)
         return -ENOENT;
     }
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     if (s->shinfo_gpa) {
         /* If removing shinfo page, turn the kernel magic off first */
diff --git a/hw/i386/kvm/xen_xenstore.c b/hw/i386/kvm/xen_xenstore.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i386/kvm/xen_xenstore.c
+++ b/hw/i386/kvm/xen_xenstore.c
@@ -XXX,XX +XXX,XX @@ static void fire_watch_cb(void *opaque, const char *path, const char *token)
 {
     XenXenstoreState *s = opaque;
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     /*
      * If there's a response pending, we obviously can't scribble over
diff --git a/hw/intc/arm_gicv3_cpuif.c b/hw/intc/arm_gicv3_cpuif.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/arm_gicv3_cpuif.c
+++ b/hw/intc/arm_gicv3_cpuif.c
@@ -XXX,XX +XXX,XX @@ void gicv3_cpuif_update(GICv3CPUState *cs)
     ARMCPU *cpu = ARM_CPU(cs->cpu);
     CPUARMState *env = &cpu->env;
 
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
 
     trace_gicv3_cpuif_update(gicv3_redist_affid(cs), cs->hppi.irq,
                              cs->hppi.grp, cs->hppi.prio);
diff --git a/hw/intc/s390_flic.c b/hw/intc/s390_flic.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/intc/s390_flic.c
+++ b/hw/intc/s390_flic.c
@@ -XXX,XX +XXX,XX @@ static int qemu_s390_clear_io_flic(S390FLICState *fs, uint16_t subchannel_id,
     QEMUS390FlicIO *cur, *next;
     uint8_t isc;
 
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     if (!(flic->pending & FLIC_PENDING_IO)) {
         return 0;
     }
@@ -XXX,XX +XXX,XX @@ uint32_t qemu_s390_flic_dequeue_service(QEMUS390FLICState *flic)
 {
     uint32_t tmp;
 
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     g_assert(flic->pending & FLIC_PENDING_SERVICE);
     tmp = flic->service_param;
     flic->service_param = 0;
@@ -XXX,XX +XXX,XX @@ QEMUS390FlicIO *qemu_s390_flic_dequeue_io(QEMUS390FLICState *flic, uint64_t cr6)
     QEMUS390FlicIO *io;
     uint8_t isc;
 
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     if (!(flic->pending & CR6_TO_PENDING_IO(cr6))) {
         return NULL;
     }
@@ -XXX,XX +XXX,XX @@ QEMUS390FlicIO *qemu_s390_flic_dequeue_io(QEMUS390FLICState *flic, uint64_t cr6)
 
 void qemu_s390_flic_dequeue_crw_mchk(QEMUS390FLICState *flic)
 {
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     g_assert(flic->pending & FLIC_PENDING_MCHK_CR);
     flic->pending &= ~FLIC_PENDING_MCHK_CR;
 }
@@ -XXX,XX +XXX,XX @@ static void qemu_s390_inject_service(S390FLICState *fs, uint32_t parm)
 {
     QEMUS390FLICState *flic = s390_get_qemu_flic(fs);
 
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     /* multiplexing is good enough for sclp - kvm does it internally as well */
     flic->service_param |= parm;
     flic->pending |= FLIC_PENDING_SERVICE;
@@ -XXX,XX +XXX,XX @@ static void qemu_s390_inject_io(S390FLICState *fs, uint16_t subchannel_id,
     QEMUS390FLICState *flic = s390_get_qemu_flic(fs);
     QEMUS390FlicIO *io;
 
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     io = g_new0(QEMUS390FlicIO, 1);
     io->id = subchannel_id;
     io->nr = subchannel_nr;
@@ -XXX,XX +XXX,XX @@ static void qemu_s390_inject_crw_mchk(S390FLICState *fs)
 {
     QEMUS390FLICState *flic = s390_get_qemu_flic(fs);
 
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     flic->pending |= FLIC_PENDING_MCHK_CR;
 
     qemu_s390_flic_notify(FLIC_PENDING_MCHK_CR);
@@ -XXX,XX +XXX,XX @@ bool qemu_s390_flic_has_crw_mchk(QEMUS390FLICState *flic)
 
 bool qemu_s390_flic_has_any(QEMUS390FLICState *flic)
 {
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     return !!flic->pending;
 }
 
@@ -XXX,XX +XXX,XX @@ static void qemu_s390_flic_reset(DeviceState *dev)
     QEMUS390FlicIO *cur, *next;
     int isc;
 
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     flic->simm = 0;
     flic->nimm = 0;
     flic->pending = 0;
diff --git a/hw/misc/edu.c b/hw/misc/edu.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/misc/edu.c
+++ b/hw/misc/edu.c
@@ -XXX,XX +XXX,XX @@ static void *edu_fact_thread(void *opaque)
         smp_mb__after_rmw();
 
         if (qatomic_read(&edu->status) & EDU_STATUS_IRQFACT) {
-            qemu_mutex_lock_iothread();
+            bql_lock();
             edu_raise_irq(edu, FACT_IRQ);
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
         }
     }
 
diff --git a/hw/misc/imx6_src.c b/hw/misc/imx6_src.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/misc/imx6_src.c
+++ b/hw/misc/imx6_src.c
@@ -XXX,XX +XXX,XX @@ static void imx6_clear_reset_bit(CPUState *cpu, run_on_cpu_data data)
     struct SRCSCRResetInfo *ri = data.host_ptr;
     IMX6SRCState *s = ri->s;
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     s->regs[SRC_SCR] = deposit32(s->regs[SRC_SCR], ri->reset_bit, 1, 0);
     DPRINTF("reg[%s] <= 0x%" PRIx32 "\n",
diff --git a/hw/misc/imx7_src.c b/hw/misc/imx7_src.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/misc/imx7_src.c
+++ b/hw/misc/imx7_src.c
@@ -XXX,XX +XXX,XX @@ static void imx7_clear_reset_bit(CPUState *cpu, run_on_cpu_data data)
     struct SRCSCRResetInfo *ri = data.host_ptr;
     IMX7SRCState *s = ri->s;
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     s->regs[SRC_A7RCR0] = deposit32(s->regs[SRC_A7RCR0], ri->reset_bit, 1, 0);
 
diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/net/xen_nic.c
+++ b/hw/net/xen_nic.c
@@ -XXX,XX +XXX,XX @@ static bool net_tx_packets(struct XenNetDev *netdev)
     void *page;
     void *tmpbuf = NULL;
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     for (;;) {
         rc = netdev->tx_ring.req_cons;
@@ -XXX,XX +XXX,XX @@ static ssize_t net_rx_packet(NetClientState *nc, const uint8_t *buf, size_t size
     RING_IDX rc, rp;
     void *page;
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     if (xen_device_backend_get_state(&netdev->xendev) != XenbusStateConnected) {
         return -1;
@@ -XXX,XX +XXX,XX @@ static bool xen_netdev_connect(XenDevice *xendev, Error **errp)
     XenNetDev *netdev = XEN_NET_DEVICE(xendev);
     unsigned int port, rx_copy;
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     if (xen_device_frontend_scanf(xendev, "tx-ring-ref", "%u",
                                   &netdev->tx_ring_ref) != 1) {
@@ -XXX,XX +XXX,XX @@ static void xen_netdev_disconnect(XenDevice *xendev, Error **errp)
 
     trace_xen_netdev_disconnect(netdev->dev);
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     netdev->tx_ring.sring = NULL;
     netdev->rx_ring.sring = NULL;
diff --git a/hw/ppc/pegasos2.c b/hw/ppc/pegasos2.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/ppc/pegasos2.c
+++ b/hw/ppc/pegasos2.c
@@ -XXX,XX +XXX,XX @@ static void pegasos2_hypercall(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu)
     CPUPPCState *env = &cpu->env;
 
     /* The TCG path should also be holding the BQL at this point */
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
 
     if (FIELD_EX64(env->msr, MSR, PR)) {
         qemu_log_mask(LOG_GUEST_ERROR, "Hypercall made with MSR[PR]=1\n");
diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/ppc/ppc.c
+++ b/hw/ppc/ppc.c
@@ -XXX,XX +XXX,XX @@ void store_40x_dbcr0(CPUPPCState *env, uint32_t val)
 {
     PowerPCCPU *cpu = env_archcpu(env);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     switch ((val >> 28) & 0x3) {
     case 0x0:
@@ -XXX,XX +XXX,XX @@ void store_40x_dbcr0(CPUPPCState *env, uint32_t val)
         break;
     }
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 /* PowerPC 40x internal IRQ controller */
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -XXX,XX +XXX,XX @@ static void emulate_spapr_hypercall(PPCVirtualHypervisor *vhyp,
     CPUPPCState *env = &cpu->env;
 
     /* The TCG path should also be holding the BQL at this point */
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
 
     g_assert(!vhyp_cpu_in_nested(cpu));
 
diff --git a/hw/ppc/spapr_rng.c b/hw/ppc/spapr_rng.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/ppc/spapr_rng.c
+++ b/hw/ppc/spapr_rng.c
@@ -XXX,XX +XXX,XX @@ static target_ulong h_random(PowerPCCPU *cpu, SpaprMachineState *spapr,
     while (hrdata.received < 8) {
         rng_backend_request_entropy(rngstate->backend, 8 - hrdata.received,
                                     random_recv, &hrdata);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         qemu_sem_wait(&hrdata.sem);
-        qemu_mutex_lock_iothread();
+        bql_lock();
     }
 
     qemu_sem_destroy(&hrdata.sem);
diff --git a/hw/ppc/spapr_softmmu.c b/hw/ppc/spapr_softmmu.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/ppc/spapr_softmmu.c
+++ b/hw/ppc/spapr_softmmu.c
@@ -XXX,XX +XXX,XX @@ static void *hpt_prepare_thread(void *opaque)
         pending->ret = H_NO_MEM;
     }
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     if (SPAPR_MACHINE(qdev_get_machine())->pending_hpt == pending) {
         /* Ready to go */
@@ -XXX,XX +XXX,XX @@ static void *hpt_prepare_thread(void *opaque)
         free_pending_hpt(pending);
     }
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     return NULL;
 }
 
diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/mpqemu-link.c
+++ b/hw/remote/mpqemu-link.c
@@ -XXX,XX +XXX,XX @@
  */
 bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
 {
-    bool iolock = qemu_mutex_iothread_locked();
+    bool drop_bql = bql_locked();
     bool iothread = qemu_in_iothread();
     struct iovec send[2] = {};
     int *fds = NULL;
@@ -XXX,XX +XXX,XX @@ bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
      * for IOThread case.
      * Also skip lock handling while in a co-routine in the main context.
      */
-    if (iolock && !iothread && !qemu_in_coroutine()) {
-        qemu_mutex_unlock_iothread();
+    if (drop_bql && !iothread && !qemu_in_coroutine()) {
+        bql_unlock();
     }
 
     if (!qio_channel_writev_full_all(ioc, send, G_N_ELEMENTS(send),
@@ -XXX,XX +XXX,XX @@ bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
         trace_mpqemu_send_io_error(msg->cmd, msg->size, nfds);
     }
 
-    if (iolock && !iothread && !qemu_in_coroutine()) {
+    if (drop_bql && !iothread && !qemu_in_coroutine()) {
         /* See above comment why skip locking here. */
-        qemu_mutex_lock_iothread();
+        bql_lock();
     }
 
     return ret;
@@ -XXX,XX +XXX,XX @@ static ssize_t mpqemu_read(QIOChannel *ioc, void *buf, size_t len, int **fds,
                            size_t *nfds, Error **errp)
 {
     struct iovec iov = { .iov_base = buf, .iov_len = len };
-    bool iolock = qemu_mutex_iothread_locked();
+    bool drop_bql = bql_locked();
     bool iothread = qemu_in_iothread();
     int ret = -1;
 
@@ -XXX,XX +XXX,XX @@ static ssize_t mpqemu_read(QIOChannel *ioc, void *buf, size_t len, int **fds,
      */
     assert(qemu_in_coroutine() || !iothread);
 
-    if (iolock && !iothread && !qemu_in_coroutine()) {
-        qemu_mutex_unlock_iothread();
+    if (drop_bql && !iothread && !qemu_in_coroutine()) {
+        bql_unlock();
     }
 
     ret = qio_channel_readv_full_all_eof(ioc, &iov, 1, fds, nfds, errp);
 
-    if (iolock && !iothread && !qemu_in_coroutine()) {
-        qemu_mutex_lock_iothread();
+    if (drop_bql && !iothread && !qemu_in_coroutine()) {
+        bql_lock();
     }
 
     return (ret <= 0) ? ret : iov.iov_len;
diff --git a/hw/remote/vfio-user-obj.c b/hw/remote/vfio-user-obj.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/vfio-user-obj.c
+++ b/hw/remote/vfio-user-obj.c
@@ -XXX,XX +XXX,XX @@ static int vfu_object_mr_rw(MemoryRegion *mr, uint8_t *buf, hwaddr offset,
         }
 
         if (release_lock) {
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             release_lock = false;
         }
 
diff --git a/hw/s390x/s390-skeys.c b/hw/s390x/s390-skeys.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/s390x/s390-skeys.c
+++ b/hw/s390x/s390-skeys.c
@@ -XXX,XX +XXX,XX @@ void qmp_dump_skeys(const char *filename, Error **errp)
         goto out;
     }
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
     guest_phys_blocks_init(&guest_phys_blocks);
     guest_phys_blocks_append(&guest_phys_blocks);
 
diff --git a/migration/block-dirty-bitmap.c b/migration/block-dirty-bitmap.c
index XXXXXXX..XXXXXXX 100644
--- a/migration/block-dirty-bitmap.c
+++ b/migration/block-dirty-bitmap.c
@@ -XXX,XX +XXX,XX @@ static void dirty_bitmap_state_pending(void *opaque,
     SaveBitmapState *dbms;
     uint64_t pending = 0;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     QSIMPLEQ_FOREACH(dbms, &s->dbms_list, entry) {
         uint64_t gran = bdrv_dirty_bitmap_granularity(dbms->bitmap);
@@ -XXX,XX +XXX,XX @@ static void dirty_bitmap_state_pending(void *opaque,
         pending += DIV_ROUND_UP(sectors * BDRV_SECTOR_SIZE, gran);
     }
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     trace_dirty_bitmap_state_pending(pending);
 
diff --git a/migration/block.c b/migration/block.c
index XXXXXXX..XXXXXXX 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -XXX,XX +XXX,XX @@ static int mig_save_device_bulk(QEMUFile *f, BlkMigDevState *bmds)
     int64_t count;
 
     if (bmds->shared_base) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
         /* Skip unallocated sectors; intentionally treats failure or
          * partial sector as an allocated sector */
         while (cur_sector < total_sectors &&
@@ -XXX,XX +XXX,XX @@ static int mig_save_device_bulk(QEMUFile *f, BlkMigDevState *bmds)
             }
             cur_sector += count >> BDRV_SECTOR_BITS;
         }
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 
     if (cur_sector >= total_sectors) {
@@ -XXX,XX +XXX,XX @@ static int mig_save_device_bulk(QEMUFile *f, BlkMigDevState *bmds)
      * I/O runs in the main loop AioContext (see
      * qemu_get_current_aio_context()).
      */
-    qemu_mutex_lock_iothread();
+    bql_lock();
     bdrv_reset_dirty_bitmap(bmds->dirty_bitmap, cur_sector * BDRV_SECTOR_SIZE,
                             nr_sectors * BDRV_SECTOR_SIZE);
     blk->aiocb = blk_aio_preadv(bb, cur_sector * BDRV_SECTOR_SIZE, &blk->qiov,
                                 0, blk_mig_read_cb, blk);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     bmds->cur_sector = cur_sector + nr_sectors;
     return (bmds->cur_sector >= total_sectors);
@@ -XXX,XX +XXX,XX @@ static int block_save_iterate(QEMUFile *f, void *opaque)
             /* Always called with iothread lock taken for
              * simplicity, block_save_complete also calls it.
              */
-            qemu_mutex_lock_iothread();
+            bql_lock();
             ret = blk_mig_save_dirty_block(f, 1);
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
         }
         if (ret < 0) {
             return ret;
@@ -XXX,XX +XXX,XX @@ static void block_state_pending(void *opaque, uint64_t *must_precopy,
     /* Estimate pending number of bytes to send */
     uint64_t pending;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     pending = get_remaining_dirty();
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     blk_mig_lock();
     pending += block_mig_state.submitted * BLK_MIG_BLOCK_SIZE +
diff --git a/migration/colo.c b/migration/colo.c
index XXXXXXX..XXXXXXX 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -XXX,XX +XXX,XX @@ static int colo_do_checkpoint_transaction(MigrationState *s,
     qio_channel_io_seek(QIO_CHANNEL(bioc), 0, 0, NULL);
     bioc->usage = 0;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     if (failover_get_state() != FAILOVER_STATUS_NONE) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         goto out;
     }
     vm_stop_force_state(RUN_STATE_COLO);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     trace_colo_vm_state_change("run", "stop");
     /*
      * Failover request bh could be called after vm_stop_force_state(),
@@ -XXX,XX +XXX,XX @@ static int colo_do_checkpoint_transaction(MigrationState *s,
     if (failover_get_state() != FAILOVER_STATUS_NONE) {
         goto out;
     }
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     replication_do_checkpoint_all(&local_err);
     if (local_err) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         goto out;
     }
 
     colo_send_message(s->to_dst_file, COLO_MESSAGE_VMSTATE_SEND, &local_err);
     if (local_err) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         goto out;
     }
     /* Note: device state is saved into buffer */
     ret = qemu_save_device_state(fb);
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     if (ret < 0) {
         goto out;
     }
@@ -XXX,XX +XXX,XX @@ static int colo_do_checkpoint_transaction(MigrationState *s,
 
     ret = 0;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     vm_start();
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     trace_colo_vm_state_change("stop", "run");
 
 out:
@@ -XXX,XX +XXX,XX @@ static void colo_process_checkpoint(MigrationState *s)
     fb = qemu_file_new_output(QIO_CHANNEL(bioc));
     object_unref(OBJECT(bioc));
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     replication_start_all(REPLICATION_MODE_PRIMARY, &local_err);
     if (local_err) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         goto out;
     }
 
     vm_start();
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     trace_colo_vm_state_change("stop", "run");
 
     timer_mod(s->colo_delay_timer, qemu_clock_get_ms(QEMU_CLOCK_HOST) +
@@ -XXX,XX +XXX,XX @@ out:
 
 void migrate_start_colo_process(MigrationState *s)
 {
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     qemu_event_init(&s->colo_checkpoint_event, false);
     s->colo_delay_timer =  timer_new_ms(QEMU_CLOCK_HOST,
                                 colo_checkpoint_notify, s);
 
     qemu_sem_init(&s->colo_exit_sem, 0);
     colo_process_checkpoint(s);
-    qemu_mutex_lock_iothread();
+    bql_lock();
 }
 
 static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
@@ -XXX,XX +XXX,XX @@ static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
     Error *local_err = NULL;
     int ret;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     vm_stop_force_state(RUN_STATE_COLO);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     trace_colo_vm_state_change("run", "stop");
 
     /* FIXME: This is unnecessary for periodic checkpoint mode */
@@ -XXX,XX +XXX,XX @@ static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
         return;
     }
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     cpu_synchronize_all_states();
     ret = qemu_loadvm_state_main(mis->from_src_file, mis);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     if (ret < 0) {
         error_setg(errp, "Load VM's live state (ram) error");
@@ -XXX,XX +XXX,XX @@ static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
         return;
     }
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     vmstate_loading = true;
     colo_flush_ram_cache();
     ret = qemu_load_device_state(fb);
     if (ret < 0) {
         error_setg(errp, "COLO: load device state failed");
         vmstate_loading = false;
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         return;
     }
 
@@ -XXX,XX +XXX,XX @@ static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
     if (local_err) {
         error_propagate(errp, local_err);
         vmstate_loading = false;
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         return;
     }
 
@@ -XXX,XX +XXX,XX @@ static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
     if (local_err) {
         error_propagate(errp, local_err);
         vmstate_loading = false;
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         return;
     }
     /* Notify all filters of all NIC to do checkpoint */
@@ -XXX,XX +XXX,XX @@ static void colo_incoming_process_checkpoint(MigrationIncomingState *mis,
     if (local_err) {
         error_propagate(errp, local_err);
         vmstate_loading = false;
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         return;
     }
 
     vmstate_loading = false;
     vm_start();
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     trace_colo_vm_state_change("stop", "run");
 
     if (failover_get_state() == FAILOVER_STATUS_RELAUNCH) {
@@ -XXX,XX +XXX,XX @@ static void *colo_process_incoming_thread(void *opaque)
     fb = qemu_file_new_input(QIO_CHANNEL(bioc));
     object_unref(OBJECT(bioc));
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     replication_start_all(REPLICATION_MODE_SECONDARY, &local_err);
     if (local_err) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         goto out;
     }
     vm_start();
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     trace_colo_vm_state_change("stop", "run");
 
     colo_send_message(mis->to_src_file, COLO_MESSAGE_CHECKPOINT_READY,
@@ -XXX,XX +XXX,XX @@ int coroutine_fn colo_incoming_co(void)
     Error *local_err = NULL;
     QemuThread th;
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     if (!migration_incoming_colo_enabled()) {
         return 0;
@@ -XXX,XX +XXX,XX @@ int coroutine_fn colo_incoming_co(void)
     qemu_coroutine_yield();
     mis->colo_incoming_co = NULL;
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     /* Wait checkpoint incoming thread exit before free resource */
     qemu_thread_join(&th);
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     /* We hold the global iothread lock, so it is safe here */
     colo_release_ram_cache();
diff --git a/migration/dirtyrate.c b/migration/dirtyrate.c
index XXXXXXX..XXXXXXX 100644
--- a/migration/dirtyrate.c
+++ b/migration/dirtyrate.c
@@ -XXX,XX +XXX,XX @@ static int64_t do_calculate_dirtyrate(DirtyPageRecord dirty_pages,
 
 void global_dirty_log_change(unsigned int flag, bool start)
 {
-    qemu_mutex_lock_iothread();
+    bql_lock();
     if (start) {
         memory_global_dirty_log_start(flag);
     } else {
         memory_global_dirty_log_stop(flag);
     }
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 /*
@@ -XXX,XX +XXX,XX @@ void global_dirty_log_change(unsigned int flag, bool start)
  */
 static void global_dirty_log_sync(unsigned int flag, bool one_shot)
 {
-    qemu_mutex_lock_iothread();
+    bql_lock();
     memory_global_dirty_log_sync(false);
     if (one_shot) {
         memory_global_dirty_log_stop(flag);
     }
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 static DirtyPageRecord *vcpu_dirty_stat_alloc(VcpuStat *stat)
@@ -XXX,XX +XXX,XX @@ static void calculate_dirtyrate_dirty_bitmap(struct DirtyRateConfig config)
     int64_t start_time;
     DirtyPageRecord dirty_pages;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     memory_global_dirty_log_start(GLOBAL_DIRTY_DIRTY_RATE);
 
     /*
@@ -XXX,XX +XXX,XX @@ static void calculate_dirtyrate_dirty_bitmap(struct DirtyRateConfig config)
      * KVM_DIRTY_LOG_MANUAL_PROTECT_ENABLE cap is enabled.
      */
     dirtyrate_manual_reset_protect();
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     record_dirtypages_bitmap(&dirty_pages, true);
 
diff --git a/migration/migration.c b/migration/migration.c
index XXXXXXX..XXXXXXX 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -XXX,XX +XXX,XX @@ static void migrate_fd_cleanup(MigrationState *s)
         QEMUFile *tmp;
 
         trace_migrate_fd_cleanup();
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         if (s->migration_thread_running) {
             qemu_thread_join(&s->thread);
             s->migration_thread_running = false;
         }
-        qemu_mutex_lock_iothread();
+        bql_lock();
 
         multifd_save_cleanup();
         qemu_mutex_lock(&s->qemu_file_lock);
@@ -XXX,XX +XXX,XX @@ static int postcopy_start(MigrationState *ms, Error **errp)
     }
 
     trace_postcopy_start();
-    qemu_mutex_lock_iothread();
+    bql_lock();
     trace_postcopy_start_set_run();
 
     migration_downtime_start(ms);
@@ -XXX,XX +XXX,XX @@ static int postcopy_start(MigrationState *ms, Error **errp)
 
     migration_downtime_end(ms);
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     if (migrate_postcopy_ram()) {
         /*
@@ -XXX,XX +XXX,XX @@ fail:
             error_report_err(local_err);
         }
     }
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     return -1;
 }
 
@@ -XXX,XX +XXX,XX @@ static int migration_maybe_pause(MigrationState *s,
      * wait for the 'pause_sem' semaphore.
      */
     if (s->state != MIGRATION_STATUS_CANCELLING) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         migrate_set_state(&s->state, *current_active_state,
                           MIGRATION_STATUS_PRE_SWITCHOVER);
         qemu_sem_wait(&s->pause_sem);
         migrate_set_state(&s->state, MIGRATION_STATUS_PRE_SWITCHOVER,
                           new_state);
         *current_active_state = new_state;
-        qemu_mutex_lock_iothread();
+        bql_lock();
     }
 
     return s->state == new_state ? 0 : -EINVAL;
@@ -XXX,XX +XXX,XX @@ static int migration_completion_precopy(MigrationState *s,
 {
     int ret;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     migration_downtime_start(s);
 
     s->vm_old_state = runstate_get();
@@ -XXX,XX +XXX,XX @@ static int migration_completion_precopy(MigrationState *s,
     ret = qemu_savevm_state_complete_precopy(s->to_dst_file, false,
                                              s->block_inactive);
 out_unlock:
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     return ret;
 }
 
@@ -XXX,XX +XXX,XX @@ static void migration_completion_postcopy(MigrationState *s)
 {
     trace_migration_completion_postcopy_end();
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     qemu_savevm_state_complete_postcopy(s->to_dst_file);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     /*
      * Shutdown the postcopy fast path thread.  This is only needed when dest
@@ -XXX,XX +XXX,XX @@ static void migration_completion_failed(MigrationState *s,
          */
         Error *local_err = NULL;
 
-        qemu_mutex_lock_iothread();
+        bql_lock();
         bdrv_activate_all(&local_err);
         if (local_err) {
             error_report_err(local_err);
         } else {
             s->block_inactive = false;
         }
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 
     migrate_set_state(&s->state, current_active_state,
@@ -XXX,XX +XXX,XX @@ static void migration_iteration_finish(MigrationState *s)
     /* If we enabled cpu throttling for auto-converge, turn it off. */
     cpu_throttle_stop();
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     switch (s->state) {
     case MIGRATION_STATUS_COMPLETED:
         migration_calculate_complete(s);
@@ -XXX,XX +XXX,XX @@ static void migration_iteration_finish(MigrationState *s)
         break;
     }
     migrate_fd_cleanup_schedule(s);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 static void bg_migration_iteration_finish(MigrationState *s)
@@ -XXX,XX +XXX,XX @@ static void bg_migration_iteration_finish(MigrationState *s)
      */
     ram_write_tracking_stop();
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     switch (s->state) {
     case MIGRATION_STATUS_COMPLETED:
         migration_calculate_complete(s);
@@ -XXX,XX +XXX,XX @@ static void bg_migration_iteration_finish(MigrationState *s)
     }
 
     migrate_fd_cleanup_schedule(s);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 /*
@@ -XXX,XX +XXX,XX @@ static void *migration_thread(void *opaque)
     object_ref(OBJECT(s));
     update_iteration_initial_status(s);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     qemu_savevm_state_header(s->to_dst_file);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     /*
      * If we opened the return path, we need to make sure dst has it
@@ -XXX,XX +XXX,XX @@ static void *migration_thread(void *opaque)
         qemu_savevm_send_colo_enable(s->to_dst_file);
     }
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     qemu_savevm_state_setup(s->to_dst_file);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     qemu_savevm_wait_unplug(s, MIGRATION_STATUS_SETUP,
                                MIGRATION_STATUS_ACTIVE);
@@ -XXX,XX +XXX,XX @@ static void *bg_migration_thread(void *opaque)
     ram_write_tracking_prepare();
 #endif
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     qemu_savevm_state_header(s->to_dst_file);
     qemu_savevm_state_setup(s->to_dst_file);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     qemu_savevm_wait_unplug(s, MIGRATION_STATUS_SETUP,
                                MIGRATION_STATUS_ACTIVE);
@@ -XXX,XX +XXX,XX @@ static void *bg_migration_thread(void *opaque)
     trace_migration_thread_setup_complete();
     migration_downtime_start(s);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     s->vm_old_state = runstate_get();
 
@@ -XXX,XX +XXX,XX @@ static void *bg_migration_thread(void *opaque)
     s->vm_start_bh = qemu_bh_new(bg_migration_vm_start_bh, s);
     qemu_bh_schedule(s->vm_start_bh);
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     while (migration_is_active(s)) {
         MigIterateState iter_state = bg_migration_iteration_run(s);
@@ -XXX,XX +XXX,XX @@ fail:
     if (early_fail) {
         migrate_set_state(&s->state, MIGRATION_STATUS_ACTIVE,
                 MIGRATION_STATUS_FAILED);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 
     bg_migration_iteration_finish(s);
diff --git a/migration/ram.c b/migration/ram.c
index XXXXXXX..XXXXXXX 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -XXX,XX +XXX,XX @@ static int ram_save_setup(QEMUFile *f, void *opaque)
     migration_ops = g_malloc0(sizeof(MigrationOps));
     migration_ops->ram_save_target_page = ram_save_target_page_legacy;
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     ret = multifd_send_sync_main(f);
-    qemu_mutex_lock_iothread();
+    bql_lock();
     if (ret < 0) {
         return ret;
     }
@@ -XXX,XX +XXX,XX @@ static void ram_state_pending_exact(void *opaque, uint64_t *must_precopy,
     uint64_t remaining_size = rs->migration_dirty_pages * TARGET_PAGE_SIZE;
 
     if (!migration_in_postcopy() && remaining_size < s->threshold_size) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
         WITH_RCU_READ_LOCK_GUARD() {
             migration_bitmap_sync_precopy(rs, false);
         }
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         remaining_size = rs->migration_dirty_pages * TARGET_PAGE_SIZE;
     }
 
@@ -XXX,XX +XXX,XX @@ void colo_incoming_start_dirty_log(void)
 {
     RAMBlock *block = NULL;
     /* For memory_global_dirty_log_start below. */
-    qemu_mutex_lock_iothread();
+    bql_lock();
     qemu_mutex_lock_ramlist();
 
     memory_global_dirty_log_sync(false);
@@ -XXX,XX +XXX,XX @@ void colo_incoming_start_dirty_log(void)
     }
     ram_state->migration_dirty_pages = 0;
     qemu_mutex_unlock_ramlist();
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 /* It is need to hold the global lock to call this helper */
diff --git a/replay/replay-internal.c b/replay/replay-internal.c
index XXXXXXX..XXXXXXX 100644
--- a/replay/replay-internal.c
+++ b/replay/replay-internal.c
@@ -XXX,XX +XXX,XX @@ void replay_mutex_lock(void)
 {
     if (replay_mode != REPLAY_MODE_NONE) {
         unsigned long id;
-        g_assert(!qemu_mutex_iothread_locked());
+        g_assert(!bql_locked());
         g_assert(!replay_mutex_locked());
         qemu_mutex_lock(&lock);
         id = mutex_tail++;
diff --git a/semihosting/console.c b/semihosting/console.c
index XXXXXXX..XXXXXXX 100644
--- a/semihosting/console.c
+++ b/semihosting/console.c
@@ -XXX,XX +XXX,XX @@ static SemihostingConsole console;
 static int console_can_read(void *opaque)
 {
     SemihostingConsole *c = opaque;
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     return (int)fifo8_num_free(&c->fifo);
 }
 
@@ -XXX,XX +XXX,XX @@ static void console_wake_up(gpointer data, gpointer user_data)
 static void console_read(void *opaque, const uint8_t *buf, int size)
 {
     SemihostingConsole *c = opaque;
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     while (size-- && !fifo8_is_full(&c->fifo)) {
         fifo8_push(&c->fifo, *buf++);
     }
@@ -XXX,XX +XXX,XX @@ bool qemu_semihosting_console_ready(void)
 {
     SemihostingConsole *c = &console;
 
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     return !fifo8_is_empty(&c->fifo);
 }
 
@@ -XXX,XX +XXX,XX @@ void qemu_semihosting_console_block_until_ready(CPUState *cs)
 {
     SemihostingConsole *c = &console;
 
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
 
     /* Block if the fifo is completely empty. */
     if (fifo8_is_empty(&c->fifo)) {
diff --git a/stubs/iothread-lock.c b/stubs/iothread-lock.c
index XXXXXXX..XXXXXXX 100644
--- a/stubs/iothread-lock.c
+++ b/stubs/iothread-lock.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/osdep.h"
 #include "qemu/main-loop.h"
 
-bool qemu_mutex_iothread_locked(void)
+bool bql_locked(void)
 {
     return false;
 }
 
-void qemu_mutex_lock_iothread_impl(const char *file, int line)
+void bql_lock_impl(const char *file, int line)
 {
 }
 
-void qemu_mutex_unlock_iothread(void)
+void bql_unlock(void)
 {
 }
diff --git a/system/cpu-throttle.c b/system/cpu-throttle.c
index XXXXXXX..XXXXXXX 100644
--- a/system/cpu-throttle.c
+++ b/system/cpu-throttle.c
@@ -XXX,XX +XXX,XX @@ static void cpu_throttle_thread(CPUState *cpu, run_on_cpu_data opaque)
             qemu_cond_timedwait_iothread(cpu->halt_cond,
                                          sleeptime_ns / SCALE_MS);
         } else {
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             g_usleep(sleeptime_ns / SCALE_US);
-            qemu_mutex_lock_iothread();
+            bql_lock();
         }
         sleeptime_ns = endtime_ns - qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
     }
diff --git a/system/cpus.c b/system/cpus.c
index XXXXXXX..XXXXXXX 100644
--- a/system/cpus.c
+++ b/system/cpus.c
@@ -XXX,XX +XXX,XX @@
 
 #endif /* CONFIG_LINUX */
 
-static QemuMutex qemu_global_mutex;
+/* The Big QEMU Lock (BQL) */
+static QemuMutex bql;
 
 /*
  * The chosen accelerator is supposed to register this.
@@ -XXX,XX +XXX,XX @@ void qemu_init_cpu_loop(void)
     qemu_init_sigbus();
     qemu_cond_init(&qemu_cpu_cond);
     qemu_cond_init(&qemu_pause_cond);
-    qemu_mutex_init(&qemu_global_mutex);
+    qemu_mutex_init(&bql);
 
     qemu_thread_get_self(&io_thread);
 }
 
 void run_on_cpu(CPUState *cpu, run_on_cpu_func func, run_on_cpu_data data)
 {
-    do_run_on_cpu(cpu, func, data, &qemu_global_mutex);
+    do_run_on_cpu(cpu, func, data, &bql);
 }
 
 static void qemu_cpu_stop(CPUState *cpu, bool exit)
@@ -XXX,XX +XXX,XX @@ void qemu_wait_io_event(CPUState *cpu)
             slept = true;
             qemu_plugin_vcpu_idle_cb(cpu);
         }
-        qemu_cond_wait(cpu->halt_cond, &qemu_global_mutex);
+        qemu_cond_wait(cpu->halt_cond, &bql);
     }
     if (slept) {
         qemu_plugin_vcpu_resume_cb(cpu);
@@ -XXX,XX +XXX,XX @@ bool qemu_in_vcpu_thread(void)
     return current_cpu && qemu_cpu_is_self(current_cpu);
 }
 
-QEMU_DEFINE_STATIC_CO_TLS(bool, iothread_locked)
+QEMU_DEFINE_STATIC_CO_TLS(bool, bql_locked)
 
-bool qemu_mutex_iothread_locked(void)
+bool bql_locked(void)
 {
-    return get_iothread_locked();
+    return get_bql_locked();
 }
 
 bool qemu_in_main_thread(void)
 {
-    return qemu_mutex_iothread_locked();
+    return bql_locked();
 }
 
 /*
  * The BQL is taken from so many places that it is worth profiling the
  * callers directly, instead of funneling them all through a single function.
  */
-void qemu_mutex_lock_iothread_impl(const char *file, int line)
+void bql_lock_impl(const char *file, int line)
 {
-    QemuMutexLockFunc bql_lock = qatomic_read(&qemu_bql_mutex_lock_func);
+    QemuMutexLockFunc bql_lock_fn = qatomic_read(&bql_mutex_lock_func);
 
-    g_assert(!qemu_mutex_iothread_locked());
-    bql_lock(&qemu_global_mutex, file, line);
-    set_iothread_locked(true);
+    g_assert(!bql_locked());
+    bql_lock_fn(&bql, file, line);
+    set_bql_locked(true);
 }
 
-void qemu_mutex_unlock_iothread(void)
+void bql_unlock(void)
 {
-    g_assert(qemu_mutex_iothread_locked());
-    set_iothread_locked(false);
-    qemu_mutex_unlock(&qemu_global_mutex);
+    g_assert(bql_locked());
+    set_bql_locked(false);
+    qemu_mutex_unlock(&bql);
 }
 
 void qemu_cond_wait_iothread(QemuCond *cond)
 {
-    qemu_cond_wait(cond, &qemu_global_mutex);
+    qemu_cond_wait(cond, &bql);
 }
 
 void qemu_cond_timedwait_iothread(QemuCond *cond, int ms)
 {
-    qemu_cond_timedwait(cond, &qemu_global_mutex, ms);
+    qemu_cond_timedwait(cond, &bql, ms);
 }
 
 /* signal CPU creation */
@@ -XXX,XX +XXX,XX @@ void pause_all_vcpus(void)
     replay_mutex_unlock();
 
     while (!all_vcpus_paused()) {
-        qemu_cond_wait(&qemu_pause_cond, &qemu_global_mutex);
+        qemu_cond_wait(&qemu_pause_cond, &bql);
         CPU_FOREACH(cpu) {
             qemu_cpu_kick(cpu);
         }
     }
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     replay_mutex_lock();
-    qemu_mutex_lock_iothread();
+    bql_lock();
 }
 
 void cpu_resume(CPUState *cpu)
@@ -XXX,XX +XXX,XX @@ void cpu_remove_sync(CPUState *cpu)
     cpu->stop = true;
     cpu->unplug = true;
     qemu_cpu_kick(cpu);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     qemu_thread_join(cpu->thread);
-    qemu_mutex_lock_iothread();
+    bql_lock();
 }
 
 void cpus_register_accel(const AccelOpsClass *ops)
@@ -XXX,XX +XXX,XX @@ void qemu_init_vcpu(CPUState *cpu)
     cpus_accel->create_vcpu_thread(cpu);
 
     while (!cpu->created) {
-        qemu_cond_wait(&qemu_cpu_cond, &qemu_global_mutex);
+        qemu_cond_wait(&qemu_cpu_cond, &bql);
     }
 }
 
diff --git a/system/dirtylimit.c b/system/dirtylimit.c
index XXXXXXX..XXXXXXX 100644
--- a/system/dirtylimit.c
+++ b/system/dirtylimit.c
@@ -XXX,XX +XXX,XX @@ void vcpu_dirty_rate_stat_stop(void)
 {
     qatomic_set(&vcpu_dirty_rate_stat->running, 0);
     dirtylimit_state_unlock();
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     qemu_thread_join(&vcpu_dirty_rate_stat->thread);
-    qemu_mutex_lock_iothread();
+    bql_lock();
     dirtylimit_state_lock();
 }
 
diff --git a/system/memory.c b/system/memory.c
index XXXXXXX..XXXXXXX 100644
--- a/system/memory.c
+++ b/system/memory.c
@@ -XXX,XX +XXX,XX @@ void memory_region_transaction_commit(void)
     AddressSpace *as;
 
     assert(memory_region_transaction_depth);
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     --memory_region_transaction_depth;
     if (!memory_region_transaction_depth) {
diff --git a/system/physmem.c b/system/physmem.c
index XXXXXXX..XXXXXXX 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -XXX,XX +XXX,XX @@ bool prepare_mmio_access(MemoryRegion *mr)
 {
     bool release_lock = false;
 
-    if (!qemu_mutex_iothread_locked()) {
-        qemu_mutex_lock_iothread();
+    if (!bql_locked()) {
+        bql_lock();
         release_lock = true;
     }
     if (mr->flush_coalesced_mmio) {
@@ -XXX,XX +XXX,XX @@ static MemTxResult flatview_write_continue(FlatView *fv, hwaddr addr,
         }
 
         if (release_lock) {
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             release_lock = false;
         }
 
@@ -XXX,XX +XXX,XX @@ MemTxResult flatview_read_continue(FlatView *fv, hwaddr addr,
         }
 
         if (release_lock) {
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             release_lock = false;
         }
 
diff --git a/system/runstate.c b/system/runstate.c
index XXXXXXX..XXXXXXX 100644
--- a/system/runstate.c
+++ b/system/runstate.c
@@ -XXX,XX +XXX,XX @@ void qemu_init_subsystems(void)
 
     qemu_init_cpu_list();
     qemu_init_cpu_loop();
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     atexit(qemu_run_exit_notifiers);
 
diff --git a/system/watchpoint.c b/system/watchpoint.c
index XXXXXXX..XXXXXXX 100644
--- a/system/watchpoint.c
+++ b/system/watchpoint.c
@@ -XXX,XX +XXX,XX @@ void cpu_check_watchpoint(CPUState *cpu, vaddr addr, vaddr len,
          * Now raise the debug interrupt so that it will
          * trigger after the current instruction.
          */
-        qemu_mutex_lock_iothread();
+        bql_lock();
         cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         return;
     }
 
diff --git a/target/arm/arm-powerctl.c b/target/arm/arm-powerctl.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/arm-powerctl.c
+++ b/target/arm/arm-powerctl.c
@@ -XXX,XX +XXX,XX @@ static void arm_set_cpu_on_async_work(CPUState *target_cpu_state,
     g_free(info);
 
     /* Finally set the power status */
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
     target_cpu->power_state = PSCI_ON;
 }
 
@@ -XXX,XX +XXX,XX @@ int arm_set_cpu_on(uint64_t cpuid, uint64_t entry, uint64_t context_id,
     ARMCPU *target_cpu;
     struct CpuOnInfo *info;
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     DPRINTF("cpu %" PRId64 " (EL %d, %s) @ 0x%" PRIx64 " with R0 = 0x%" PRIx64
             "\n", cpuid, target_el, target_aa64 ? "aarch64" : "aarch32", entry,
@@ -XXX,XX +XXX,XX @@ static void arm_set_cpu_on_and_reset_async_work(CPUState *target_cpu_state,
     target_cpu_state->halted = 0;
 
     /* Finally set the power status */
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
     target_cpu->power_state = PSCI_ON;
 }
 
@@ -XXX,XX +XXX,XX @@ int arm_set_cpu_on_and_reset(uint64_t cpuid)
     CPUState *target_cpu_state;
     ARMCPU *target_cpu;
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     /* Retrieve the cpu we are powering up */
     target_cpu_state = arm_get_cpu_by_id(cpuid);
@@ -XXX,XX +XXX,XX @@ static void arm_set_cpu_off_async_work(CPUState *target_cpu_state,
 {
     ARMCPU *target_cpu = ARM_CPU(target_cpu_state);
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
     target_cpu->power_state = PSCI_OFF;
     target_cpu_state->halted = 1;
     target_cpu_state->exception_index = EXCP_HLT;
@@ -XXX,XX +XXX,XX @@ int arm_set_cpu_off(uint64_t cpuid)
     CPUState *target_cpu_state;
     ARMCPU *target_cpu;
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     DPRINTF("cpu %" PRId64 "\n", cpuid);
 
@@ -XXX,XX +XXX,XX @@ int arm_reset_cpu(uint64_t cpuid)
     CPUState *target_cpu_state;
     ARMCPU *target_cpu;
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     DPRINTF("cpu %" PRId64 "\n", cpuid);
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void do_hcr_write(CPUARMState *env, uint64_t value, uint64_t valid_mask)
      * VFIQ are masked unless running at EL0 or EL1, and HCR
      * can only be written at EL2.
      */
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     arm_cpu_update_virq(cpu);
     arm_cpu_update_vfiq(cpu);
     arm_cpu_update_vserr(cpu);
@@ -XXX,XX +XXX,XX @@ void arm_cpu_do_interrupt(CPUState *cs)
      * BQL needs to be held for any modification of
      * cs->interrupt_request.
      */
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
 
     arm_call_pre_el_change_hook(cpu);
 
diff --git a/target/arm/hvf/hvf.c b/target/arm/hvf/hvf.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/hvf/hvf.c
+++ b/target/arm/hvf/hvf.c
@@ -XXX,XX +XXX,XX @@ static void hvf_wait_for_ipi(CPUState *cpu, struct timespec *ts)
      * sleeping.
      */
     qatomic_set_mb(&cpu->thread_kicked, false);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     pselect(0, 0, 0, 0, ts, &cpu->accel->unblock_ipi_mask);
-    qemu_mutex_lock_iothread();
+    bql_lock();
 }
 
 static void hvf_wfi(CPUState *cpu)
@@ -XXX,XX +XXX,XX @@ int hvf_vcpu_exec(CPUState *cpu)
 
     flush_cpu_state(cpu);
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     assert_hvf_ok(hv_vcpu_run(cpu->accel->fd));
 
     /* handle VMEXIT */
@@ -XXX,XX +XXX,XX @@ int hvf_vcpu_exec(CPUState *cpu)
     uint32_t ec = syn_get_ec(syndrome);
 
     ret = 0;
-    qemu_mutex_lock_iothread();
+    bql_lock();
     switch (exit_reason) {
     case HV_EXIT_REASON_EXCEPTION:
         /* This is the main one, handle below. */
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -XXX,XX +XXX,XX @@ MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
     if (run->s.regs.device_irq_level != cpu->device_irq_level) {
         switched_level = cpu->device_irq_level ^ run->s.regs.device_irq_level;
 
-        qemu_mutex_lock_iothread();
+        bql_lock();
 
         if (switched_level & KVM_ARM_DEV_EL1_VTIMER) {
             qemu_set_irq(cpu->gt_timer_outputs[GTIMER_VIRT],
@@ -XXX,XX +XXX,XX @@ MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
 
         /* We also mark unknown levels as processed to not waste cycles */
         cpu->device_irq_level = run->s.regs.device_irq_level;
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 
     return MEMTXATTRS_UNSPECIFIED;
@@ -XXX,XX +XXX,XX @@ static bool kvm_arm_handle_debug(ARMCPU *cpu,
     env->exception.syndrome = debug_exit->hsr;
     env->exception.vaddress = debug_exit->far;
     env->exception.target_el = 1;
-    qemu_mutex_lock_iothread();
+    bql_lock();
     arm_cpu_do_interrupt(cs);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     return false;
 }
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/ptw.c
+++ b/target/arm/ptw.c
@@ -XXX,XX +XXX,XX @@ static uint64_t arm_casq_ptw(CPUARMState *env, uint64_t old_val,
 #if !TCG_OVERSIZED_GUEST
 # error "Unexpected configuration"
 #endif
-    bool locked = qemu_mutex_iothread_locked();
+    bool locked = bql_locked();
     if (!locked) {
-       qemu_mutex_lock_iothread();
+        bql_lock();
     }
     if (ptw->out_be) {
         cur_val = ldq_be_p(host);
@@ -XXX,XX +XXX,XX @@ static uint64_t arm_casq_ptw(CPUARMState *env, uint64_t old_val,
         }
     }
     if (!locked) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 #endif
 
diff --git a/target/arm/tcg/helper-a64.c b/target/arm/tcg/helper-a64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/tcg/helper-a64.c
+++ b/target/arm/tcg/helper-a64.c
@@ -XXX,XX +XXX,XX @@ void HELPER(exception_return)(CPUARMState *env, uint64_t new_pc)
         goto illegal_return;
     }
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     arm_call_pre_el_change_hook(env_archcpu(env));
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     if (!return_to_aa64) {
         env->aarch64 = false;
@@ -XXX,XX +XXX,XX @@ void HELPER(exception_return)(CPUARMState *env, uint64_t new_pc)
      */
     aarch64_sve_change_el(env, cur_el, new_el, return_to_aa64);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     arm_call_el_change_hook(env_archcpu(env));
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     return;
 
diff --git a/target/arm/tcg/m_helper.c b/target/arm/tcg/m_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/tcg/m_helper.c
+++ b/target/arm/tcg/m_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_preserve_fp_state)(CPUARMState *env)
     bool ts = is_secure && (env->v7m.fpccr[M_REG_S] & R_V7M_FPCCR_TS_MASK);
     bool take_exception;
 
-    /* Take the iothread lock as we are going to touch the NVIC */
-    qemu_mutex_lock_iothread();
+    /* Take the BQL as we are going to touch the NVIC */
+    bql_lock();
 
     /* Check the background context had access to the FPU */
     if (!v7m_cpacr_pass(env, is_secure, is_priv)) {
@@ -XXX,XX +XXX,XX @@ void HELPER(v7m_preserve_fp_state)(CPUARMState *env)
     take_exception = !stacked_ok &&
         armv7m_nvic_can_take_pending_exception(env->nvic);
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     if (take_exception) {
         raise_exception_ra(env, EXCP_LAZYFP, 0, 1, GETPC());
diff --git a/target/arm/tcg/op_helper.c b/target/arm/tcg/op_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/tcg/op_helper.c
+++ b/target/arm/tcg/op_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(cpsr_write_eret)(CPUARMState *env, uint32_t val)
 {
     uint32_t mask;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     arm_call_pre_el_change_hook(env_archcpu(env));
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     mask = aarch32_cpsr_valid_mask(env->features, &env_archcpu(env)->isar);
     cpsr_write(env, val, mask, CPSRWriteExceptionReturn);
@@ -XXX,XX +XXX,XX @@ void HELPER(cpsr_write_eret)(CPUARMState *env, uint32_t val)
     env->regs[15] &= (env->thumb ? ~1 : ~3);
     arm_rebuild_hflags(env);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     arm_call_el_change_hook(env_archcpu(env));
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 /* Access to user mode registers from privileged modes.  */
@@ -XXX,XX +XXX,XX @@ void HELPER(set_cp_reg)(CPUARMState *env, const void *rip, uint32_t value)
     const ARMCPRegInfo *ri = rip;
 
     if (ri->type & ARM_CP_IO) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
         ri->writefn(env, ri, value);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     } else {
         ri->writefn(env, ri, value);
     }
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(get_cp_reg)(CPUARMState *env, const void *rip)
     uint32_t res;
 
     if (ri->type & ARM_CP_IO) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
         res = ri->readfn(env, ri);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     } else {
         res = ri->readfn(env, ri);
     }
@@ -XXX,XX +XXX,XX @@ void HELPER(set_cp_reg64)(CPUARMState *env, const void *rip, uint64_t value)
     const ARMCPRegInfo *ri = rip;
 
     if (ri->type & ARM_CP_IO) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
         ri->writefn(env, ri, value);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     } else {
         ri->writefn(env, ri, value);
     }
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(get_cp_reg64)(CPUARMState *env, const void *rip)
     uint64_t res;
 
     if (ri->type & ARM_CP_IO) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
         res = ri->readfn(env, ri);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     } else {
         res = ri->readfn(env, ri);
     }
diff --git a/target/arm/tcg/psci.c b/target/arm/tcg/psci.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/tcg/psci.c
+++ b/target/arm/tcg/psci.c
@@ -XXX,XX +XXX,XX @@ void arm_handle_psci_call(ARMCPU *cpu)
             }
             target_cpu = ARM_CPU(target_cpu_state);
 
-            g_assert(qemu_mutex_iothread_locked());
+            g_assert(bql_locked());
             ret = target_cpu->power_state;
             break;
         default:
diff --git a/target/hppa/int_helper.c b/target/hppa/int_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/hppa/int_helper.c
+++ b/target/hppa/int_helper.c
@@ -XXX,XX +XXX,XX @@ void hppa_cpu_alarm_timer(void *opaque)
 void HELPER(write_eirr)(CPUHPPAState *env, target_ulong val)
 {
     env->cr[CR_EIRR] &= ~val;
-    qemu_mutex_lock_iothread();
+    bql_lock();
     eval_interrupt(env_archcpu(env));
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(write_eiem)(CPUHPPAState *env, target_ulong val)
 {
     env->cr[CR_EIEM] = val;
-    qemu_mutex_lock_iothread();
+    bql_lock();
     eval_interrupt(env_archcpu(env));
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void hppa_cpu_do_interrupt(CPUState *cs)
diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -XXX,XX +XXX,XX @@ int hvf_vcpu_exec(CPUState *cpu)
         }
         vmx_update_tpr(cpu);
 
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         if (!cpu_is_bsp(X86_CPU(cpu)) && cpu->halted) {
-            qemu_mutex_lock_iothread();
+            bql_lock();
             return EXCP_HLT;
         }
 
@@ -XXX,XX +XXX,XX @@ int hvf_vcpu_exec(CPUState *cpu)
         rip = rreg(cpu->accel->fd, HV_X86_RIP);
         env->eflags = rreg(cpu->accel->fd, HV_X86_RFLAGS);
 
-        qemu_mutex_lock_iothread();
+        bql_lock();
 
         update_apic_tpr(cpu);
         current_cpu = cpu;
diff --git a/target/i386/kvm/hyperv.c b/target/i386/kvm/hyperv.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/kvm/hyperv.c
+++ b/target/i386/kvm/hyperv.c
@@ -XXX,XX +XXX,XX @@ void hyperv_x86_synic_update(X86CPU *cpu)
 
 static void async_synic_update(CPUState *cs, run_on_cpu_data data)
 {
-    qemu_mutex_lock_iothread();
+    bql_lock();
     hyperv_x86_synic_update(X86_CPU(cs));
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 int kvm_hv_handle_exit(X86CPU *cpu, struct kvm_hyperv_exit *exit)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -XXX,XX +XXX,XX @@ void kvm_arch_pre_run(CPUState *cpu, struct kvm_run *run)
     /* Inject NMI */
     if (cpu->interrupt_request & (CPU_INTERRUPT_NMI | CPU_INTERRUPT_SMI)) {
         if (cpu->interrupt_request & CPU_INTERRUPT_NMI) {
-            qemu_mutex_lock_iothread();
+            bql_lock();
             cpu->interrupt_request &= ~CPU_INTERRUPT_NMI;
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             DPRINTF("injected NMI\n");
             ret = kvm_vcpu_ioctl(cpu, KVM_NMI);
             if (ret < 0) {
@@ -XXX,XX +XXX,XX @@ void kvm_arch_pre_run(CPUState *cpu, struct kvm_run *run)
             }
         }
         if (cpu->interrupt_request & CPU_INTERRUPT_SMI) {
-            qemu_mutex_lock_iothread();
+            bql_lock();
             cpu->interrupt_request &= ~CPU_INTERRUPT_SMI;
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             DPRINTF("injected SMI\n");
             ret = kvm_vcpu_ioctl(cpu, KVM_SMI);
             if (ret < 0) {
@@ -XXX,XX +XXX,XX @@ void kvm_arch_pre_run(CPUState *cpu, struct kvm_run *run)
     }
 
     if (!kvm_pic_in_kernel()) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
     }
 
     /* Force the VCPU out of its inner loop to process any INIT requests
@@ -XXX,XX +XXX,XX @@ void kvm_arch_pre_run(CPUState *cpu, struct kvm_run *run)
         DPRINTF("setting tpr\n");
         run->cr8 = cpu_get_apic_tpr(x86_cpu->apic_state);
 
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 }
 
@@ -XXX,XX +XXX,XX @@ MemTxAttrs kvm_arch_post_run(CPUState *cpu, struct kvm_run *run)
     /* We need to protect the apic state against concurrent accesses from
      * different threads in case the userspace irqchip is used. */
     if (!kvm_irqchip_in_kernel()) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
     }
     cpu_set_apic_tpr(x86_cpu->apic_state, run->cr8);
     cpu_set_apic_base(x86_cpu->apic_state, run->apic_base);
     if (!kvm_irqchip_in_kernel()) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
     return cpu_get_mem_attrs(env);
 }
@@ -XXX,XX +XXX,XX @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
     switch (run->exit_reason) {
     case KVM_EXIT_HLT:
         DPRINTF("handle_hlt\n");
-        qemu_mutex_lock_iothread();
+        bql_lock();
         ret = kvm_handle_halt(cpu);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         break;
     case KVM_EXIT_SET_TPR:
         ret = 0;
         break;
     case KVM_EXIT_TPR_ACCESS:
-        qemu_mutex_lock_iothread();
+        bql_lock();
         ret = kvm_handle_tpr_access(cpu);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         break;
     case KVM_EXIT_FAIL_ENTRY:
         code = run->fail_entry.hardware_entry_failure_reason;
@@ -XXX,XX +XXX,XX @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
         break;
     case KVM_EXIT_DEBUG:
         DPRINTF("kvm_exit_debug\n");
-        qemu_mutex_lock_iothread();
+        bql_lock();
         ret = kvm_handle_debug(cpu, &run->debug.arch);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         break;
     case KVM_EXIT_HYPERV:
         ret = kvm_hv_handle_exit(cpu, &run->hyperv);
diff --git a/target/i386/kvm/xen-emu.c b/target/i386/kvm/xen-emu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/kvm/xen-emu.c
+++ b/target/i386/kvm/xen-emu.c
@@ -XXX,XX +XXX,XX @@ void kvm_xen_maybe_deassert_callback(CPUState *cs)
 
     /* If the evtchn_upcall_pending flag is cleared, turn the GSI off. */
     if (!vi->evtchn_upcall_pending) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
         /*
          * Check again now we have the lock, because it may have been
          * asserted in the interim. And we don't want to take the lock
@@ -XXX,XX +XXX,XX @@ void kvm_xen_maybe_deassert_callback(CPUState *cs)
             X86_CPU(cs)->env.xen_callback_asserted = false;
             xen_evtchn_set_callback_level(0);
         }
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 }
 
@@ -XXX,XX +XXX,XX @@ static bool handle_set_param(struct kvm_xen_exit *exit, X86CPU *cpu,
 
     switch (hp.index) {
     case HVM_PARAM_CALLBACK_IRQ:
-        qemu_mutex_lock_iothread();
+        bql_lock();
         err = xen_evtchn_set_callback_param(hp.value);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         xen_set_long_mode(exit->u.hcall.longmode);
         break;
     default:
@@ -XXX,XX +XXX,XX @@ int kvm_xen_soft_reset(void)
     CPUState *cpu;
     int err;
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     trace_kvm_xen_soft_reset();
 
@@ -XXX,XX +XXX,XX @@ static int schedop_shutdown(CPUState *cs, uint64_t arg)
         break;
 
     case SHUTDOWN_soft_reset:
-        qemu_mutex_lock_iothread();
+        bql_lock();
         ret = kvm_xen_soft_reset();
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         break;
 
     default:
diff --git a/target/i386/nvmm/nvmm-accel-ops.c b/target/i386/nvmm/nvmm-accel-ops.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/nvmm/nvmm-accel-ops.c
+++ b/target/i386/nvmm/nvmm-accel-ops.c
@@ -XXX,XX +XXX,XX @@ static void *qemu_nvmm_cpu_thread_fn(void *arg)
 
     rcu_register_thread();
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     qemu_thread_get_self(cpu->thread);
     cpu->thread_id = qemu_get_thread_id();
     current_cpu = cpu;
@@ -XXX,XX +XXX,XX @@ static void *qemu_nvmm_cpu_thread_fn(void *arg)
 
     nvmm_destroy_vcpu(cpu);
     cpu_thread_signal_destroyed(cpu);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     rcu_unregister_thread();
     return NULL;
 }
diff --git a/target/i386/nvmm/nvmm-all.c b/target/i386/nvmm/nvmm-all.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/nvmm/nvmm-all.c
+++ b/target/i386/nvmm/nvmm-all.c
@@ -XXX,XX +XXX,XX @@ nvmm_vcpu_pre_run(CPUState *cpu)
     uint8_t tpr;
     int ret;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     tpr = cpu_get_apic_tpr(x86_cpu->apic_state);
     if (tpr != qcpu->tpr) {
@@ -XXX,XX +XXX,XX @@ nvmm_vcpu_pre_run(CPUState *cpu)
         }
     }
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 /*
@@ -XXX,XX +XXX,XX @@ nvmm_vcpu_post_run(CPUState *cpu, struct nvmm_vcpu_exit *exit)
     tpr = exit->exitstate.cr8;
     if (qcpu->tpr != tpr) {
         qcpu->tpr = tpr;
-        qemu_mutex_lock_iothread();
+        bql_lock();
         cpu_set_apic_tpr(x86_cpu->apic_state, qcpu->tpr);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 }
 
@@ -XXX,XX +XXX,XX @@ nvmm_handle_halted(struct nvmm_machine *mach, CPUState *cpu,
     CPUX86State *env = cpu_env(cpu);
     int ret = 0;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     if (!((cpu->interrupt_request & CPU_INTERRUPT_HARD) &&
           (env->eflags & IF_MASK)) &&
@@ -XXX,XX +XXX,XX @@ nvmm_handle_halted(struct nvmm_machine *mach, CPUState *cpu,
         ret = 1;
     }
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     return ret;
 }
@@ -XXX,XX +XXX,XX @@ nvmm_vcpu_loop(CPUState *cpu)
         return 0;
     }
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     cpu_exec_start(cpu);
 
     /*
@@ -XXX,XX +XXX,XX @@ nvmm_vcpu_loop(CPUState *cpu)
             error_report("NVMM: Unexpected VM exit code 0x%lx [hw=0x%lx]",
                 exit->reason, exit->u.inv.hwcode);
             nvmm_get_registers(cpu);
-            qemu_mutex_lock_iothread();
+            bql_lock();
             qemu_system_guest_panicked(cpu_get_crash_info(cpu));
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             ret = -1;
             break;
         }
     } while (ret == 0);
 
     cpu_exec_end(cpu);
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     qatomic_set(&cpu->exit_request, false);
 
diff --git a/target/i386/tcg/sysemu/fpu_helper.c b/target/i386/tcg/sysemu/fpu_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/sysemu/fpu_helper.c
+++ b/target/i386/tcg/sysemu/fpu_helper.c
@@ -XXX,XX +XXX,XX @@ void x86_register_ferr_irq(qemu_irq irq)
 void fpu_check_raise_ferr_irq(CPUX86State *env)
 {
     if (ferr_irq && !(env->hflags2 & HF2_IGNNE_MASK)) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
         qemu_irq_raise(ferr_irq);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         return;
     }
 }
@@ -XXX,XX +XXX,XX @@ void cpu_set_ignne(void)
 {
     CPUX86State *env = &X86_CPU(first_cpu)->env;
 
-    assert(qemu_mutex_iothread_locked());
+    assert(bql_locked());
 
     env->hflags2 |= HF2_IGNNE_MASK;
     /*
diff --git a/target/i386/tcg/sysemu/misc_helper.c b/target/i386/tcg/sysemu/misc_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/tcg/sysemu/misc_helper.c
+++ b/target/i386/tcg/sysemu/misc_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_write_crN(CPUX86State *env, int reg, target_ulong t0)
         break;
     case 8:
         if (!(env->hflags2 & HF2_VINTR_MASK)) {
-            qemu_mutex_lock_iothread();
+            bql_lock();
             cpu_set_apic_tpr(env_archcpu(env)->apic_state, t0);
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
         }
         env->int_ctl = (env->int_ctl & ~V_TPR_MASK) | (t0 & V_TPR_MASK);
 
diff --git a/target/i386/whpx/whpx-accel-ops.c b/target/i386/whpx/whpx-accel-ops.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/whpx/whpx-accel-ops.c
+++ b/target/i386/whpx/whpx-accel-ops.c
@@ -XXX,XX +XXX,XX @@ static void *whpx_cpu_thread_fn(void *arg)
 
     rcu_register_thread();
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     qemu_thread_get_self(cpu->thread);
     cpu->thread_id = qemu_get_thread_id();
     current_cpu = cpu;
@@ -XXX,XX +XXX,XX @@ static void *whpx_cpu_thread_fn(void *arg)
 
     whpx_destroy_vcpu(cpu);
     cpu_thread_signal_destroyed(cpu);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     rcu_unregister_thread();
     return NULL;
 }
diff --git a/target/i386/whpx/whpx-all.c b/target/i386/whpx/whpx-all.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/whpx/whpx-all.c
+++ b/target/i386/whpx/whpx-all.c
@@ -XXX,XX +XXX,XX @@ static int whpx_first_vcpu_starting(CPUState *cpu)
     struct whpx_state *whpx = &whpx_global;
     HRESULT hr;
 
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
 
     if (!QTAILQ_EMPTY(&cpu->breakpoints) ||
             (whpx->breakpoints.breakpoints &&
@@ -XXX,XX +XXX,XX @@ static int whpx_handle_halt(CPUState *cpu)
     CPUX86State *env = cpu_env(cpu);
     int ret = 0;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     if (!((cpu->interrupt_request & CPU_INTERRUPT_HARD) &&
           (env->eflags & IF_MASK)) &&
         !(cpu->interrupt_request & CPU_INTERRUPT_NMI)) {
@@ -XXX,XX +XXX,XX @@ static int whpx_handle_halt(CPUState *cpu)
         cpu->halted = true;
         ret = 1;
     }
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     return ret;
 }
@@ -XXX,XX +XXX,XX @@ static void whpx_vcpu_pre_run(CPUState *cpu)
     memset(&new_int, 0, sizeof(new_int));
     memset(reg_values, 0, sizeof(reg_values));
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     /* Inject NMI */
     if (!vcpu->interruption_pending &&
@@ -XXX,XX +XXX,XX @@ static void whpx_vcpu_pre_run(CPUState *cpu)
         reg_count += 1;
     }
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     vcpu->ready_for_pic_interrupt = false;
 
     if (reg_count) {
@@ -XXX,XX +XXX,XX @@ static void whpx_vcpu_post_run(CPUState *cpu)
     uint64_t tpr = vcpu->exit_ctx.VpContext.Cr8;
     if (vcpu->tpr != tpr) {
         vcpu->tpr = tpr;
-        qemu_mutex_lock_iothread();
+        bql_lock();
         cpu_set_apic_tpr(x86_cpu->apic_state, whpx_cr8_to_apic_tpr(vcpu->tpr));
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 
     vcpu->interruption_pending =
@@ -XXX,XX +XXX,XX @@ static int whpx_vcpu_run(CPUState *cpu)
     WhpxStepMode exclusive_step_mode = WHPX_STEP_NONE;
     int ret;
 
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
 
     if (whpx->running_cpus++ == 0) {
         /* Insert breakpoints into memory, update exception exit bitmap. */
@@ -XXX,XX +XXX,XX @@ static int whpx_vcpu_run(CPUState *cpu)
         }
     }
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     if (exclusive_step_mode != WHPX_STEP_NONE) {
         start_exclusive();
@@ -XXX,XX +XXX,XX @@ static int whpx_vcpu_run(CPUState *cpu)
             error_report("WHPX: Unexpected VP exit code %d",
                          vcpu->exit_ctx.ExitReason);
             whpx_get_registers(cpu);
-            qemu_mutex_lock_iothread();
+            bql_lock();
             qemu_system_guest_panicked(cpu_get_crash_info(cpu));
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             break;
         }
 
@@ -XXX,XX +XXX,XX @@ static int whpx_vcpu_run(CPUState *cpu)
         cpu_exec_end(cpu);
     }
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     current_cpu = cpu;
 
     if (--whpx->running_cpus == 0) {
diff --git a/target/loongarch/tcg/csr_helper.c b/target/loongarch/tcg/csr_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/loongarch/tcg/csr_helper.c
+++ b/target/loongarch/tcg/csr_helper.c
@@ -XXX,XX +XXX,XX @@ target_ulong helper_csrwr_ticlr(CPULoongArchState *env, target_ulong val)
     int64_t old_v = 0;
 
     if (val & 0x1) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
         loongarch_cpu_set_irq(cpu, IRQ_TIMER, 0);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
     return old_v;
 }
diff --git a/target/mips/kvm.c b/target/mips/kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/target/mips/kvm.c
+++ b/target/mips/kvm.c
@@ -XXX,XX +XXX,XX @@ void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
     int r;
     struct kvm_mips_interrupt intr;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     if ((cs->interrupt_request & CPU_INTERRUPT_HARD) &&
             cpu_mips_io_interrupts_pending(cpu)) {
@@ -XXX,XX +XXX,XX @@ void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
         }
     }
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 MemTxAttrs kvm_arch_post_run(CPUState *cs, struct kvm_run *run)
diff --git a/target/mips/tcg/sysemu/cp0_helper.c b/target/mips/tcg/sysemu/cp0_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/mips/tcg/sysemu/cp0_helper.c
+++ b/target/mips/tcg/sysemu/cp0_helper.c
@@ -XXX,XX +XXX,XX @@ static inline void mips_vpe_wake(MIPSCPU *c)
      * because there might be other conditions that state that c should
      * be sleeping.
      */
-    qemu_mutex_lock_iothread();
+    bql_lock();
     cpu_interrupt(CPU(c), CPU_INTERRUPT_WAKE);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 static inline void mips_vpe_sleep(MIPSCPU *cpu)
diff --git a/target/openrisc/sys_helper.c b/target/openrisc/sys_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/openrisc/sys_helper.c
+++ b/target/openrisc/sys_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(mtspr)(CPUOpenRISCState *env, target_ulong spr, target_ulong rb)
         break;
     case TO_SPR(9, 0):  /* PICMR */
         env->picmr = rb;
-        qemu_mutex_lock_iothread();
+        bql_lock();
         if (env->picsr & env->picmr) {
             cpu_interrupt(cs, CPU_INTERRUPT_HARD);
         } else {
             cpu_reset_interrupt(cs, CPU_INTERRUPT_HARD);
         }
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         break;
     case TO_SPR(9, 2):  /* PICSR */
         env->picsr &= ~rb;
         break;
     case TO_SPR(10, 0): /* TTMR */
         {
-            qemu_mutex_lock_iothread();
+            bql_lock();
             if ((env->ttmr & TTMR_M) ^ (rb & TTMR_M)) {
                 switch (rb & TTMR_M) {
                 case TIMER_NONE:
@@ -XXX,XX +XXX,XX @@ void HELPER(mtspr)(CPUOpenRISCState *env, target_ulong spr, target_ulong rb)
                 cs->interrupt_request &= ~CPU_INTERRUPT_TIMER;
             }
             cpu_openrisc_timer_update(cpu);
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
         }
         break;
 
     case TO_SPR(10, 1): /* TTCR */
-        qemu_mutex_lock_iothread();
+        bql_lock();
         cpu_openrisc_count_set(cpu, rb);
         cpu_openrisc_timer_update(cpu);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         break;
     }
 #endif
@@ -XXX,XX +XXX,XX @@ target_ulong HELPER(mfspr)(CPUOpenRISCState *env, target_ulong rd,
         return env->ttmr;
 
     case TO_SPR(10, 1): /* TTCR */
-        qemu_mutex_lock_iothread();
+        bql_lock();
         cpu_openrisc_count_update(cpu);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         return cpu_openrisc_count_get(cpu);
     }
 #endif
diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_msgsnd(target_ulong rb)
         return;
     }
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     CPU_FOREACH(cs) {
         PowerPCCPU *cpu = POWERPC_CPU(cs);
         CPUPPCState *cenv = &cpu->env;
@@ -XXX,XX +XXX,XX @@ void helper_msgsnd(target_ulong rb)
             ppc_set_irq(cpu, irq, 1);
         }
     }
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 /* Server Processor Control */
@@ -XXX,XX +XXX,XX @@ static void book3s_msgsnd_common(int pir, int irq)
 {
     CPUState *cs;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     CPU_FOREACH(cs) {
         PowerPCCPU *cpu = POWERPC_CPU(cs);
         CPUPPCState *cenv = &cpu->env;
@@ -XXX,XX +XXX,XX @@ static void book3s_msgsnd_common(int pir, int irq)
             ppc_set_irq(cpu, irq, 1);
         }
     }
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void helper_book3s_msgsnd(target_ulong rb)
@@ -XXX,XX +XXX,XX @@ void helper_book3s_msgsndp(CPUPPCState *env, target_ulong rb)
     }
 
     /* Does iothread need to be locked for walking CPU list? */
-    qemu_mutex_lock_iothread();
+    bql_lock();
     THREAD_SIBLING_FOREACH(cs, ccs) {
         PowerPCCPU *ccpu = POWERPC_CPU(ccs);
         uint32_t thread_id = ppc_cpu_tir(ccpu);
 
         if (ttir == thread_id) {
             ppc_set_irq(ccpu, PPC_INTERRUPT_DOORBELL, 1);
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             return;
         }
     }
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -XXX,XX +XXX,XX @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
     CPUPPCState *env = &cpu->env;
     int ret;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     switch (run->exit_reason) {
     case KVM_EXIT_DCR:
@@ -XXX,XX +XXX,XX @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
         break;
     }
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     return ret;
 }
 
diff --git a/target/ppc/misc_helper.c b/target/ppc/misc_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/misc_helper.c
+++ b/target/ppc/misc_helper.c
@@ -XXX,XX +XXX,XX @@ target_ulong helper_load_dpdes(CPUPPCState *env)
         return dpdes;
     }
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     THREAD_SIBLING_FOREACH(cs, ccs) {
         PowerPCCPU *ccpu = POWERPC_CPU(ccs);
         CPUPPCState *cenv = &ccpu->env;
@@ -XXX,XX +XXX,XX @@ target_ulong helper_load_dpdes(CPUPPCState *env)
             dpdes |= (0x1 << thread_id);
         }
     }
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     return dpdes;
 }
@@ -XXX,XX +XXX,XX @@ void helper_store_dpdes(CPUPPCState *env, target_ulong val)
     }
 
     /* Does iothread need to be locked for walking CPU list? */
-    qemu_mutex_lock_iothread();
+    bql_lock();
     THREAD_SIBLING_FOREACH(cs, ccs) {
         PowerPCCPU *ccpu = POWERPC_CPU(ccs);
         uint32_t thread_id = ppc_cpu_tir(ccpu);
 
         ppc_set_irq(cpu, PPC_INTERRUPT_DOORBELL, val & (0x1 << thread_id));
     }
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 #endif /* defined(TARGET_PPC64) */
 
diff --git a/target/ppc/timebase_helper.c b/target/ppc/timebase_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/timebase_helper.c
+++ b/target/ppc/timebase_helper.c
@@ -XXX,XX +XXX,XX @@ target_ulong helper_load_dcr(CPUPPCState *env, target_ulong dcrn)
     } else {
         int ret;
 
-        qemu_mutex_lock_iothread();
+        bql_lock();
         ret = ppc_dcr_read(env->dcr_env, (uint32_t)dcrn, &val);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         if (unlikely(ret != 0)) {
             qemu_log_mask(LOG_GUEST_ERROR, "DCR read error %d %03x\n",
                           (uint32_t)dcrn, (uint32_t)dcrn);
@@ -XXX,XX +XXX,XX @@ void helper_store_dcr(CPUPPCState *env, target_ulong dcrn, target_ulong val)
                                POWERPC_EXCP_INVAL_INVAL, GETPC());
     } else {
         int ret;
-        qemu_mutex_lock_iothread();
+        bql_lock();
         ret = ppc_dcr_write(env->dcr_env, (uint32_t)dcrn, (uint32_t)val);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         if (unlikely(ret != 0)) {
             qemu_log_mask(LOG_GUEST_ERROR, "DCR write error %d %03x\n",
                           (uint32_t)dcrn, (uint32_t)dcrn);
diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/kvm/kvm.c
+++ b/target/s390x/kvm/kvm.c
@@ -XXX,XX +XXX,XX @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
     S390CPU *cpu = S390_CPU(cs);
     int ret = 0;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     kvm_cpu_synchronize_state(cs);
 
@@ -XXX,XX +XXX,XX @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
             fprintf(stderr, "Unknown KVM exit: %d\n", run->exit_reason);
             break;
     }
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     if (ret == 0) {
         ret = EXCP_INTERRUPT;
diff --git a/target/s390x/tcg/misc_helper.c b/target/s390x/tcg/misc_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/s390x/tcg/misc_helper.c
+++ b/target/s390x/tcg/misc_helper.c
@@ -XXX,XX +XXX,XX @@ uint64_t HELPER(stck)(CPUS390XState *env)
 /* SCLP service call */
 uint32_t HELPER(servc)(CPUS390XState *env, uint64_t r1, uint64_t r2)
 {
-    qemu_mutex_lock_iothread();
+    bql_lock();
     int r = sclp_service_call(env_archcpu(env), r1, r2);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     if (r < 0) {
         tcg_s390_program_interrupt(env, -r, GETPC());
     }
@@ -XXX,XX +XXX,XX @@ void HELPER(diag)(CPUS390XState *env, uint32_t r1, uint32_t r3, uint32_t num)
     switch (num) {
     case 0x500:
         /* KVM hypercall */
-        qemu_mutex_lock_iothread();
+        bql_lock();
         r = s390_virtio_hypercall(env);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         break;
     case 0x44:
         /* yield */
@@ -XXX,XX +XXX,XX @@ void HELPER(diag)(CPUS390XState *env, uint32_t r1, uint32_t r3, uint32_t num)
         break;
     case 0x308:
         /* ipl */
-        qemu_mutex_lock_iothread();
+        bql_lock();
         handle_diag_308(env, r1, r3, GETPC());
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         r = 0;
         break;
     case 0x288:
@@ -XXX,XX +XXX,XX @@ static void update_ckc_timer(CPUS390XState *env)
 
     /* stop the timer and remove pending CKC IRQs */
     timer_del(env->tod_timer);
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
     env->pending_int &= ~INTERRUPT_EXT_CLOCK_COMPARATOR;
 
     /* the tod has to exceed the ckc, this can never happen if ckc is all 1's */
@@ -XXX,XX +XXX,XX @@ void HELPER(sckc)(CPUS390XState *env, uint64_t ckc)
 {
     env->ckc = ckc;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     update_ckc_timer(env);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void tcg_s390_tod_updated(CPUState *cs, run_on_cpu_data opaque)
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(sck)(CPUS390XState *env, uint64_t tod_low)
         .low = tod_low,
     };
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     tdc->set(td, &tod, &error_abort);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     return 0;
 }
 
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(sigp)(CPUS390XState *env, uint64_t order_code, uint32_t r1,
     int cc;
 
     /* TODO: needed to inject interrupts  - push further down */
-    qemu_mutex_lock_iothread();
+    bql_lock();
     cc = handle_sigp(env, order_code & SIGP_ORDER_MASK, r1, r3);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     return cc;
 }
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(sigp)(CPUS390XState *env, uint64_t order_code, uint32_t r1,
 void HELPER(xsch)(CPUS390XState *env, uint64_t r1)
 {
     S390CPU *cpu = env_archcpu(env);
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ioinst_handle_xsch(cpu, r1, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(csch)(CPUS390XState *env, uint64_t r1)
 {
     S390CPU *cpu = env_archcpu(env);
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ioinst_handle_csch(cpu, r1, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(hsch)(CPUS390XState *env, uint64_t r1)
 {
     S390CPU *cpu = env_archcpu(env);
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ioinst_handle_hsch(cpu, r1, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(msch)(CPUS390XState *env, uint64_t r1, uint64_t inst)
 {
     S390CPU *cpu = env_archcpu(env);
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ioinst_handle_msch(cpu, r1, inst >> 16, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(rchp)(CPUS390XState *env, uint64_t r1)
 {
     S390CPU *cpu = env_archcpu(env);
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ioinst_handle_rchp(cpu, r1, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(rsch)(CPUS390XState *env, uint64_t r1)
 {
     S390CPU *cpu = env_archcpu(env);
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ioinst_handle_rsch(cpu, r1, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(sal)(CPUS390XState *env, uint64_t r1)
 {
     S390CPU *cpu = env_archcpu(env);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ioinst_handle_sal(cpu, r1, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(schm)(CPUS390XState *env, uint64_t r1, uint64_t r2, uint64_t inst)
 {
     S390CPU *cpu = env_archcpu(env);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ioinst_handle_schm(cpu, r1, r2, inst >> 16, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(ssch)(CPUS390XState *env, uint64_t r1, uint64_t inst)
 {
     S390CPU *cpu = env_archcpu(env);
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ioinst_handle_ssch(cpu, r1, inst >> 16, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(stcrw)(CPUS390XState *env, uint64_t inst)
 {
     S390CPU *cpu = env_archcpu(env);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ioinst_handle_stcrw(cpu, inst >> 16, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(stsch)(CPUS390XState *env, uint64_t r1, uint64_t inst)
 {
     S390CPU *cpu = env_archcpu(env);
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ioinst_handle_stsch(cpu, r1, inst >> 16, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 uint32_t HELPER(tpi)(CPUS390XState *env, uint64_t addr)
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(tpi)(CPUS390XState *env, uint64_t addr)
         tcg_s390_program_interrupt(env, PGM_SPECIFICATION, ra);
     }
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     io = qemu_s390_flic_dequeue_io(flic, env->cregs[6]);
     if (!io) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
         return 0;
     }
 
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(tpi)(CPUS390XState *env, uint64_t addr)
         if (s390_cpu_virt_mem_write(cpu, addr, 0, &intc, sizeof(intc))) {
             /* writing failed, reinject and properly clean up */
             s390_io_interrupt(io->id, io->nr, io->parm, io->word);
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             g_free(io);
             s390_cpu_virt_mem_handle_exc(cpu, ra);
             return 0;
@@ -XXX,XX +XXX,XX @@ uint32_t HELPER(tpi)(CPUS390XState *env, uint64_t addr)
     }
 
     g_free(io);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     return 1;
 }
 
 void HELPER(tsch)(CPUS390XState *env, uint64_t r1, uint64_t inst)
 {
     S390CPU *cpu = env_archcpu(env);
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ioinst_handle_tsch(cpu, r1, inst >> 16, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(chsc)(CPUS390XState *env, uint64_t inst)
 {
     S390CPU *cpu = env_archcpu(env);
-    qemu_mutex_lock_iothread();
+    bql_lock();
     ioinst_handle_chsc(cpu, inst >> 16, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 #endif
 
@@ -XXX,XX +XXX,XX @@ void HELPER(clp)(CPUS390XState *env, uint32_t r2)
 {
     S390CPU *cpu = env_archcpu(env);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     clp_service_call(cpu, r2, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(pcilg)(CPUS390XState *env, uint32_t r1, uint32_t r2)
 {
     S390CPU *cpu = env_archcpu(env);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     pcilg_service_call(cpu, r1, r2, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(pcistg)(CPUS390XState *env, uint32_t r1, uint32_t r2)
 {
     S390CPU *cpu = env_archcpu(env);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     pcistg_service_call(cpu, r1, r2, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(stpcifc)(CPUS390XState *env, uint32_t r1, uint64_t fiba,
@@ -XXX,XX +XXX,XX @@ void HELPER(stpcifc)(CPUS390XState *env, uint32_t r1, uint64_t fiba,
 {
     S390CPU *cpu = env_archcpu(env);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     stpcifc_service_call(cpu, r1, fiba, ar, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(sic)(CPUS390XState *env, uint64_t r1, uint64_t r3)
@@ -XXX,XX +XXX,XX @@ void HELPER(sic)(CPUS390XState *env, uint64_t r1, uint64_t r3)
     S390CPU *cpu = env_archcpu(env);
     int r;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     r = css_do_sic(cpu, (r3 >> 27) & 0x7, r1 & 0xffff);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     /* css_do_sic() may actually return a PGM_xxx value to inject */
     if (r) {
         tcg_s390_program_interrupt(env, -r, GETPC());
@@ -XXX,XX +XXX,XX @@ void HELPER(rpcit)(CPUS390XState *env, uint32_t r1, uint32_t r2)
 {
     S390CPU *cpu = env_archcpu(env);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     rpcit_service_call(cpu, r1, r2, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(pcistb)(CPUS390XState *env, uint32_t r1, uint32_t r3,
@@ -XXX,XX +XXX,XX @@ void HELPER(pcistb)(CPUS390XState *env, uint32_t r1, uint32_t r3,
 {
     S390CPU *cpu = env_archcpu(env);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     pcistb_service_call(cpu, r1, r3, gaddr, ar, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(mpcifc)(CPUS390XState *env, uint32_t r1, uint64_t fiba,
@@ -XXX,XX +XXX,XX @@ void HELPER(mpcifc)(CPUS390XState *env, uint32_t r1, uint64_t fiba,
 {
     S390CPU *cpu = env_archcpu(env);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     mpcifc_service_call(cpu, r1, fiba, ar, GETPC());
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 #endif
diff --git a/target/sparc/int32_helper.c b/target/sparc/int32_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/int32_helper.c
+++ b/target/sparc/int32_helper.c
@@ -XXX,XX +XXX,XX @@ void cpu_check_irqs(CPUSPARCState *env)
     CPUState *cs;
 
     /* We should be holding the BQL before we mess with IRQs */
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
 
     if (env->pil_in && (env->interrupt_index == 0 ||
                         (env->interrupt_index & ~15) == TT_EXTINT)) {
diff --git a/target/sparc/int64_helper.c b/target/sparc/int64_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/int64_helper.c
+++ b/target/sparc/int64_helper.c
@@ -XXX,XX +XXX,XX @@ void cpu_check_irqs(CPUSPARCState *env)
                   (env->softint & ~(SOFTINT_TIMER | SOFTINT_STIMER));
 
     /* We should be holding the BQL before we mess with IRQs */
-    g_assert(qemu_mutex_iothread_locked());
+    g_assert(bql_locked());
 
     /* TT_IVEC has a higher priority (16) than TT_EXTINT (31..17) */
     if (env->ivec_status & 0x20) {
@@ -XXX,XX +XXX,XX @@ static bool do_modify_softint(CPUSPARCState *env, uint32_t value)
         env->softint = value;
 #if !defined(CONFIG_USER_ONLY)
         if (cpu_interrupts_enabled(env)) {
-            qemu_mutex_lock_iothread();
+            bql_lock();
             cpu_check_irqs(env);
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
         }
 #endif
         return true;
diff --git a/target/sparc/win_helper.c b/target/sparc/win_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/sparc/win_helper.c
+++ b/target/sparc/win_helper.c
@@ -XXX,XX +XXX,XX @@ void helper_wrpsr(CPUSPARCState *env, target_ulong new_psr)
         cpu_raise_exception_ra(env, TT_ILL_INSN, GETPC());
     } else {
         /* cpu_put_psr may trigger interrupts, hence BQL */
-        qemu_mutex_lock_iothread();
+        bql_lock();
         cpu_put_psr(env, new_psr);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 }
 
@@ -XXX,XX +XXX,XX @@ void helper_wrpstate(CPUSPARCState *env, target_ulong new_state)
 
 #if !defined(CONFIG_USER_ONLY)
     if (cpu_interrupts_enabled(env)) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
         cpu_check_irqs(env);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 #endif
 }
@@ -XXX,XX +XXX,XX @@ void helper_wrpil(CPUSPARCState *env, target_ulong new_pil)
     env->psrpil = new_pil;
 
     if (cpu_interrupts_enabled(env)) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
         cpu_check_irqs(env);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 #endif
 }
@@ -XXX,XX +XXX,XX @@ void helper_done(CPUSPARCState *env)
 
 #if !defined(CONFIG_USER_ONLY)
     if (cpu_interrupts_enabled(env)) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
         cpu_check_irqs(env);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 #endif
 }
@@ -XXX,XX +XXX,XX @@ void helper_retry(CPUSPARCState *env)
 
 #if !defined(CONFIG_USER_ONLY)
     if (cpu_interrupts_enabled(env)) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
         cpu_check_irqs(env);
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 #endif
 }
diff --git a/target/xtensa/exc_helper.c b/target/xtensa/exc_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/xtensa/exc_helper.c
+++ b/target/xtensa/exc_helper.c
@@ -XXX,XX +XXX,XX @@ void HELPER(waiti)(CPUXtensaState *env, uint32_t pc, uint32_t intlevel)
     env->sregs[PS] = (env->sregs[PS] & ~PS_INTLEVEL) |
         (intlevel << PS_INTLEVEL_SHIFT);
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     check_interrupts(env);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     if (env->pending_irq_level) {
         cpu_loop_exit(cpu);
@@ -XXX,XX +XXX,XX @@ void HELPER(waiti)(CPUXtensaState *env, uint32_t pc, uint32_t intlevel)
 
 void HELPER(check_interrupts)(CPUXtensaState *env)
 {
-    qemu_mutex_lock_iothread();
+    bql_lock();
     check_interrupts(env);
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 }
 
 void HELPER(intset)(CPUXtensaState *env, uint32_t v)
diff --git a/ui/spice-core.c b/ui/spice-core.c
index XXXXXXX..XXXXXXX 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -XXX,XX +XXX,XX @@ static void channel_event(int event, SpiceChannelEventInfo *info)
      */
     bool need_lock = !qemu_thread_is_self(&me);
     if (need_lock) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
     }
 
     if (info->flags & SPICE_CHANNEL_EVENT_FLAG_ADDR_EXT) {
@@ -XXX,XX +XXX,XX @@ static void channel_event(int event, SpiceChannelEventInfo *info)
     }
 
     if (need_lock) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 
     qapi_free_SpiceServerInfo(server);
diff --git a/util/async.c b/util/async.c
index XXXXXXX..XXXXXXX 100644
--- a/util/async.c
+++ b/util/async.c
@@ -XXX,XX +XXX,XX @@ AioContext *qemu_get_current_aio_context(void)
     if (ctx) {
         return ctx;
     }
-    if (qemu_mutex_iothread_locked()) {
+    if (bql_locked()) {
         /* Possibly in a vCPU thread.  */
         return qemu_get_aio_context();
     }
diff --git a/util/main-loop.c b/util/main-loop.c
index XXXXXXX..XXXXXXX 100644
--- a/util/main-loop.c
+++ b/util/main-loop.c
@@ -XXX,XX +XXX,XX @@ static int os_host_main_loop_wait(int64_t timeout)
 
     glib_pollfds_fill(&timeout);
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     replay_mutex_unlock();
 
     ret = qemu_poll_ns((GPollFD *)gpollfds->data, gpollfds->len, timeout);
 
     replay_mutex_lock();
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     glib_pollfds_poll();
 
@@ -XXX,XX +XXX,XX @@ static int os_host_main_loop_wait(int64_t timeout)
 
     poll_timeout_ns = qemu_soonest_timeout(poll_timeout_ns, timeout);
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
 
     replay_mutex_unlock();
 
@@ -XXX,XX +XXX,XX @@ static int os_host_main_loop_wait(int64_t timeout)
 
     replay_mutex_lock();
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
     if (g_poll_ret > 0) {
         for (i = 0; i < w->num; i++) {
             w->revents[i] = poll_fds[n_poll_fds + i].revents;
diff --git a/util/qsp.c b/util/qsp.c
index XXXXXXX..XXXXXXX 100644
--- a/util/qsp.c
+++ b/util/qsp.c
@@ -XXX,XX +XXX,XX @@ static const char * const qsp_typenames[] = {
     [QSP_CONDVAR]   = "condvar",
 };
 
-QemuMutexLockFunc qemu_bql_mutex_lock_func = qemu_mutex_lock_impl;
+QemuMutexLockFunc bql_mutex_lock_func = qemu_mutex_lock_impl;
 QemuMutexLockFunc qemu_mutex_lock_func = qemu_mutex_lock_impl;
 QemuMutexTrylockFunc qemu_mutex_trylock_func = qemu_mutex_trylock_impl;
 QemuRecMutexLockFunc qemu_rec_mutex_lock_func = qemu_rec_mutex_lock_impl;
@@ -XXX,XX +XXX,XX @@ void qsp_enable(void)
 {
     qatomic_set(&qemu_mutex_lock_func, qsp_mutex_lock);
     qatomic_set(&qemu_mutex_trylock_func, qsp_mutex_trylock);
-    qatomic_set(&qemu_bql_mutex_lock_func, qsp_bql_mutex_lock);
+    qatomic_set(&bql_mutex_lock_func, qsp_bql_mutex_lock);
     qatomic_set(&qemu_rec_mutex_lock_func, qsp_rec_mutex_lock);
     qatomic_set(&qemu_rec_mutex_trylock_func, qsp_rec_mutex_trylock);
     qatomic_set(&qemu_cond_wait_func, qsp_cond_wait);
@@ -XXX,XX +XXX,XX @@ void qsp_disable(void)
 {
     qatomic_set(&qemu_mutex_lock_func, qemu_mutex_lock_impl);
     qatomic_set(&qemu_mutex_trylock_func, qemu_mutex_trylock_impl);
-    qatomic_set(&qemu_bql_mutex_lock_func, qemu_mutex_lock_impl);
+    qatomic_set(&bql_mutex_lock_func, qemu_mutex_lock_impl);
     qatomic_set(&qemu_rec_mutex_lock_func, qemu_rec_mutex_lock_impl);
     qatomic_set(&qemu_rec_mutex_trylock_func, qemu_rec_mutex_trylock_impl);
     qatomic_set(&qemu_cond_wait_func, qemu_cond_wait_impl);
diff --git a/util/rcu.c b/util/rcu.c
index XXXXXXX..XXXXXXX 100644
--- a/util/rcu.c
+++ b/util/rcu.c
@@ -XXX,XX +XXX,XX @@ static void *call_rcu_thread(void *opaque)
 
         qatomic_sub(&rcu_call_count, n);
         synchronize_rcu();
-        qemu_mutex_lock_iothread();
+        bql_lock();
         while (n > 0) {
             node = try_dequeue();
             while (!node) {
-                qemu_mutex_unlock_iothread();
+                bql_unlock();
                 qemu_event_reset(&rcu_call_ready_event);
                 node = try_dequeue();
                 if (!node) {
                     qemu_event_wait(&rcu_call_ready_event);
                     node = try_dequeue();
                 }
-                qemu_mutex_lock_iothread();
+                bql_lock();
             }
 
             n--;
             node->func(node);
         }
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
     abort();
 }
@@ -XXX,XX +XXX,XX @@ static void drain_rcu_callback(struct rcu_head *node)
 void drain_call_rcu(void)
 {
     struct rcu_drain rcu_drain;
-    bool locked = qemu_mutex_iothread_locked();
+    bool locked = bql_locked();
 
     memset(&rcu_drain, 0, sizeof(struct rcu_drain));
     qemu_event_init(&rcu_drain.drain_complete_event, false);
 
     if (locked) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 
 
@@ -XXX,XX +XXX,XX @@ void drain_call_rcu(void)
     qatomic_dec(&in_drain_call_rcu);
 
     if (locked) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
     }
 
 }
diff --git a/audio/coreaudio.m b/audio/coreaudio.m
index XXXXXXX..XXXXXXX 100644
--- a/audio/coreaudio.m
+++ b/audio/coreaudio.m
@@ -XXX,XX +XXX,XX @@ static OSStatus handle_voice_change(
 {
     coreaudioVoiceOut *core = in_client_data;
 
-    qemu_mutex_lock_iothread();
+    bql_lock();
 
     if (core->outputDeviceID) {
         fini_out_device(core);
@@ -XXX,XX +XXX,XX @@ static OSStatus handle_voice_change(
         update_device_playback_state(core);
     }
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     return 0;
 }
 
diff --git a/memory_ldst.c.inc b/memory_ldst.c.inc
index XXXXXXX..XXXXXXX 100644
--- a/memory_ldst.c.inc
+++ b/memory_ldst.c.inc
@@ -XXX,XX +XXX,XX @@ static inline uint32_t glue(address_space_ldl_internal, SUFFIX)(ARG1_DECL,
         *result = r;
     }
     if (release_lock) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
     RCU_READ_UNLOCK();
     return val;
@@ -XXX,XX +XXX,XX @@ static inline uint64_t glue(address_space_ldq_internal, SUFFIX)(ARG1_DECL,
         *result = r;
     }
     if (release_lock) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
     RCU_READ_UNLOCK();
     return val;
@@ -XXX,XX +XXX,XX @@ uint8_t glue(address_space_ldub, SUFFIX)(ARG1_DECL,
         *result = r;
     }
     if (release_lock) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
     RCU_READ_UNLOCK();
     return val;
@@ -XXX,XX +XXX,XX @@ static inline uint16_t glue(address_space_lduw_internal, SUFFIX)(ARG1_DECL,
         *result = r;
     }
     if (release_lock) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
     RCU_READ_UNLOCK();
     return val;
@@ -XXX,XX +XXX,XX @@ void glue(address_space_stl_notdirty, SUFFIX)(ARG1_DECL,
         *result = r;
     }
     if (release_lock) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
     RCU_READ_UNLOCK();
 }
@@ -XXX,XX +XXX,XX @@ static inline void glue(address_space_stl_internal, SUFFIX)(ARG1_DECL,
         *result = r;
     }
     if (release_lock) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
     RCU_READ_UNLOCK();
 }
@@ -XXX,XX +XXX,XX @@ void glue(address_space_stb, SUFFIX)(ARG1_DECL,
         *result = r;
     }
     if (release_lock) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
     RCU_READ_UNLOCK();
 }
@@ -XXX,XX +XXX,XX @@ static inline void glue(address_space_stw_internal, SUFFIX)(ARG1_DECL,
         *result = r;
     }
     if (release_lock) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
     RCU_READ_UNLOCK();
 }
@@ -XXX,XX +XXX,XX @@ static void glue(address_space_stq_internal, SUFFIX)(ARG1_DECL,
         *result = r;
     }
     if (release_lock) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
     RCU_READ_UNLOCK();
 }
diff --git a/target/i386/hvf/README.md b/target/i386/hvf/README.md
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/hvf/README.md
+++ b/target/i386/hvf/README.md
@@ -XXX,XX +XXX,XX @@ These sources (and ../hvf-all.c) are adapted from Veertu Inc's vdhh (Veertu Desk
 
 1. Adapt to our current QEMU's `CPUState` structure and `address_space_rw` API; many struct members have been moved around (emulated x86 state, xsave_buf) due to historical differences + QEMU needing to handle more emulation targets.
 2. Removal of `apic_page` and hyperv-related functionality.
-3. More relaxed use of `qemu_mutex_lock_iothread`.
+3. More relaxed use of `bql_lock`.
diff --git a/ui/cocoa.m b/ui/cocoa.m
index XXXXXXX..XXXXXXX 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -XXX,XX +XXX,XX @@ static void cocoa_switch(DisplayChangeListener *dcl,
 typedef void (^CodeBlock)(void);
 typedef bool (^BoolCodeBlock)(void);
 
-static void with_iothread_lock(CodeBlock block)
+static void with_bql(CodeBlock block)
 {
-    bool locked = qemu_mutex_iothread_locked();
+    bool locked = bql_locked();
     if (!locked) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
     }
     block();
     if (!locked) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
 }
 
-static bool bool_with_iothread_lock(BoolCodeBlock block)
+static bool bool_with_bql(BoolCodeBlock block)
 {
-    bool locked = qemu_mutex_iothread_locked();
+    bool locked = bql_locked();
     bool val;
 
     if (!locked) {
-        qemu_mutex_lock_iothread();
+        bql_lock();
     }
     val = block();
     if (!locked) {
-        qemu_mutex_unlock_iothread();
+        bql_unlock();
     }
     return val;
 }
@@ -XXX,XX +XXX,XX @@ - (void) updateUIInfo
         return;
     }
 
-    with_iothread_lock(^{
+    with_bql(^{
         [self updateUIInfoLocked];
     });
 }
@@ -XXX,XX +XXX,XX @@ - (void) handleMonitorInput:(NSEvent *)event
 
 - (bool) handleEvent:(NSEvent *)event
 {
-    return bool_with_iothread_lock(^{
+    return bool_with_bql(^{
         return [self handleEventLocked:event];
     });
 }
@@ -XXX,XX +XXX,XX @@ - (QEMUScreen) gscreen {return screen;}
  */
 - (void) raiseAllKeys
 {
-    with_iothread_lock(^{
+    with_bql(^{
         qkbd_state_lift_all_keys(kbd);
     });
 }
@@ -XXX,XX +XXX,XX @@ - (void)applicationWillTerminate:(NSNotification *)aNotification
 {
     COCOA_DEBUG("QemuCocoaAppController: applicationWillTerminate\n");
 
-    with_iothread_lock(^{
+    with_bql(^{
         shutdown_action = SHUTDOWN_ACTION_POWEROFF;
         qemu_system_shutdown_request(SHUTDOWN_CAUSE_HOST_UI);
     });
@@ -XXX,XX +XXX,XX @@ - (void)displayConsole:(id)sender
 /* Pause the guest */
 - (void)pauseQEMU:(id)sender
 {
-    with_iothread_lock(^{
+    with_bql(^{
         qmp_stop(NULL);
     });
     [sender setEnabled: NO];
@@ -XXX,XX +XXX,XX @@ - (void)pauseQEMU:(id)sender
 /* Resume running the guest operating system */
 - (void)resumeQEMU:(id) sender
 {
-    with_iothread_lock(^{
+    with_bql(^{
         qmp_cont(NULL);
     });
     [sender setEnabled: NO];
@@ -XXX,XX +XXX,XX @@ - (void)removePause
 /* Restarts QEMU */
 - (void)restartQEMU:(id)sender
 {
-    with_iothread_lock(^{
+    with_bql(^{
         qmp_system_reset(NULL);
     });
 }
@@ -XXX,XX +XXX,XX @@ - (void)restartQEMU:(id)sender
 /* Powers down QEMU */
 - (void)powerDownQEMU:(id)sender
 {
-    with_iothread_lock(^{
+    with_bql(^{
         qmp_system_powerdown(NULL);
     });
 }
@@ -XXX,XX +XXX,XX @@ - (void)ejectDeviceMedia:(id)sender
     }
 
     __block Error *err = NULL;
-    with_iothread_lock(^{
+    with_bql(^{
         qmp_eject([drive cStringUsingEncoding: NSASCIIStringEncoding],
                   NULL, false, false, &err);
     });
@@ -XXX,XX +XXX,XX @@ - (void)changeDeviceMedia:(id)sender
         }
 
         __block Error *err = NULL;
-        with_iothread_lock(^{
+        with_bql(^{
             qmp_blockdev_change_medium([drive cStringUsingEncoding:
                                                   NSASCIIStringEncoding],
                                        NULL,
@@ -XXX,XX +XXX,XX @@ - (void)adjustSpeed:(id)sender
     // get the throttle percentage
     throttle_pct = [sender tag];
 
-    with_iothread_lock(^{
+    with_bql(^{
         cpu_throttle_set(throttle_pct);
     });
     COCOA_DEBUG("cpu throttling at %d%c\n", cpu_throttle_get_percentage(), '%');
@@ -XXX,XX +XXX,XX @@ - (void)pasteboard:(NSPasteboard *)sender provideDataForType:(NSPasteboardType)t
         return;
     }
 
-    with_iothread_lock(^{
+    with_bql(^{
         QemuClipboardInfo *info = qemu_clipboard_info_ref(cbinfo);
         qemu_event_reset(&cbevent);
         qemu_clipboard_request(info, QEMU_CLIPBOARD_TYPE_TEXT);
@@ -XXX,XX +XXX,XX @@ - (void)pasteboard:(NSPasteboard *)sender provideDataForType:(NSPasteboardType)t
         while (info == cbinfo &&
                info->types[QEMU_CLIPBOARD_TYPE_TEXT].available &&
                info->types[QEMU_CLIPBOARD_TYPE_TEXT].data == NULL) {
-            qemu_mutex_unlock_iothread();
+            bql_unlock();
             qemu_event_wait(&cbevent);
-            qemu_mutex_lock_iothread();
+            bql_lock();
         }
 
         if (info == cbinfo) {
@@ -XXX,XX +XXX,XX @@ static void cocoa_clipboard_request(QemuClipboardInfo *info,
     int status;
 
     COCOA_DEBUG("Second thread: calling qemu_default_main()\n");
-    qemu_mutex_lock_iothread();
+    bql_lock();
     status = qemu_default_main();
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     COCOA_DEBUG("Second thread: qemu_default_main() returned, exiting\n");
     [cbowner release];
     exit(status);
@@ -XXX,XX +XXX,XX @@ static int cocoa_main(void)
 
     COCOA_DEBUG("Entered %s()\n", __func__);
 
-    qemu_mutex_unlock_iothread();
+    bql_unlock();
     qemu_thread_create(&thread, "qemu_main", call_qemu_main,
                        NULL, QEMU_THREAD_DETACHED);
 
-- 
2.43.0

The name "iothread" is overloaded. Use the term Big QEMU Lock (BQL)
instead, it is already widely used and unambiguous.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Acked-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-id: 20240102153529.486531-3-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/qemu/main-loop.h  | 19 +++++++++----------
 hw/i386/kvm/xen_evtchn.c  | 14 +++++++-------
 hw/i386/kvm/xen_gnttab.c  |  2 +-
 hw/mips/mips_int.c        |  2 +-
 hw/ppc/ppc.c              |  2 +-
 target/i386/kvm/xen-emu.c |  2 +-
 target/ppc/excp_helper.c  |  2 +-
 target/ppc/helper_regs.c  |  2 +-
 target/riscv/cpu_helper.c |  4 ++--
 9 files changed, 24 insertions(+), 25 deletions(-)

diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/main-loop.h
+++ b/include/qemu/main-loop.h
@@ -XXX,XX +XXX,XX @@ void bql_lock_impl(const char *file, int line);
 void bql_unlock(void);
 
 /**
- * QEMU_IOTHREAD_LOCK_GUARD
+ * BQL_LOCK_GUARD
  *
  * Wrap a block of code in a conditional bql_{lock,unlock}.
  */
-typedef struct IOThreadLockAuto IOThreadLockAuto;
+typedef struct BQLLockAuto BQLLockAuto;
 
-static inline IOThreadLockAuto *qemu_iothread_auto_lock(const char *file,
-                                                        int line)
+static inline BQLLockAuto *bql_auto_lock(const char *file, int line)
 {
     if (bql_locked()) {
         return NULL;
     }
     bql_lock_impl(file, line);
     /* Anything non-NULL causes the cleanup function to be called */
-    return (IOThreadLockAuto *)(uintptr_t)1;
+    return (BQLLockAuto *)(uintptr_t)1;
 }
 
-static inline void qemu_iothread_auto_unlock(IOThreadLockAuto *l)
+static inline void bql_auto_unlock(BQLLockAuto *l)
 {
     bql_unlock();
 }
 
-G_DEFINE_AUTOPTR_CLEANUP_FUNC(IOThreadLockAuto, qemu_iothread_auto_unlock)
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(BQLLockAuto, bql_auto_unlock)
 
-#define QEMU_IOTHREAD_LOCK_GUARD() \
-    g_autoptr(IOThreadLockAuto) _iothread_lock_auto __attribute__((unused)) \
-        = qemu_iothread_auto_lock(__FILE__, __LINE__)
+#define BQL_LOCK_GUARD() \
+    g_autoptr(BQLLockAuto) _bql_lock_auto __attribute__((unused)) \
+        = bql_auto_lock(__FILE__, __LINE__)
 
 /*
  * qemu_cond_wait_iothread: Wait on condition for the main loop mutex
diff --git a/hw/i386/kvm/xen_evtchn.c b/hw/i386/kvm/xen_evtchn.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i386/kvm/xen_evtchn.c
+++ b/hw/i386/kvm/xen_evtchn.c
@@ -XXX,XX +XXX,XX @@ int xen_evtchn_reset_op(struct evtchn_reset *reset)
         return -ESRCH;
     }
 
-    QEMU_IOTHREAD_LOCK_GUARD();
+    BQL_LOCK_GUARD();
     return xen_evtchn_soft_reset();
 }
 
@@ -XXX,XX +XXX,XX @@ int xen_evtchn_close_op(struct evtchn_close *close)
         return -EINVAL;
     }
 
-    QEMU_IOTHREAD_LOCK_GUARD();
+    BQL_LOCK_GUARD();
     qemu_mutex_lock(&s->port_lock);
 
     ret = close_port(s, close->port, &flush_kvm_routes);
@@ -XXX,XX +XXX,XX @@ int xen_evtchn_bind_pirq_op(struct evtchn_bind_pirq *pirq)
         return -EINVAL;
     }
 
-    QEMU_IOTHREAD_LOCK_GUARD();
+    BQL_LOCK_GUARD();
 
     if (s->pirq[pirq->pirq].port) {
         return -EBUSY;
@@ -XXX,XX +XXX,XX @@ int xen_physdev_map_pirq(struct physdev_map_pirq *map)
         return -ENOTSUP;
     }
 
-    QEMU_IOTHREAD_LOCK_GUARD();
+    BQL_LOCK_GUARD();
     QEMU_LOCK_GUARD(&s->port_lock);
 
     if (map->domid != DOMID_SELF && map->domid != xen_domid) {
@@ -XXX,XX +XXX,XX @@ int xen_physdev_unmap_pirq(struct physdev_unmap_pirq *unmap)
         return -EINVAL;
     }
 
-    QEMU_IOTHREAD_LOCK_GUARD();
+    BQL_LOCK_GUARD();
     qemu_mutex_lock(&s->port_lock);
 
     if (!pirq_inuse(s, pirq)) {
@@ -XXX,XX +XXX,XX @@ int xen_physdev_eoi_pirq(struct physdev_eoi *eoi)
         return -ENOTSUP;
     }
 
-    QEMU_IOTHREAD_LOCK_GUARD();
+    BQL_LOCK_GUARD();
     QEMU_LOCK_GUARD(&s->port_lock);
 
     if (!pirq_inuse(s, pirq)) {
@@ -XXX,XX +XXX,XX @@ int xen_physdev_query_pirq(struct physdev_irq_status_query *query)
         return -ENOTSUP;
     }
 
-    QEMU_IOTHREAD_LOCK_GUARD();
+    BQL_LOCK_GUARD();
     QEMU_LOCK_GUARD(&s->port_lock);
 
     if (!pirq_inuse(s, pirq)) {
diff --git a/hw/i386/kvm/xen_gnttab.c b/hw/i386/kvm/xen_gnttab.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i386/kvm/xen_gnttab.c
+++ b/hw/i386/kvm/xen_gnttab.c
@@ -XXX,XX +XXX,XX @@ int xen_gnttab_map_page(uint64_t idx, uint64_t gfn)
         return -EINVAL;
     }
 
-    QEMU_IOTHREAD_LOCK_GUARD();
+    BQL_LOCK_GUARD();
     QEMU_LOCK_GUARD(&s->gnt_lock);
 
     xen_overlay_do_map_page(&s->gnt_aliases[idx], gpa);
diff --git a/hw/mips/mips_int.c b/hw/mips/mips_int.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/mips/mips_int.c
+++ b/hw/mips/mips_int.c
@@ -XXX,XX +XXX,XX @@ static void cpu_mips_irq_request(void *opaque, int irq, int level)
         return;
     }
 
-    QEMU_IOTHREAD_LOCK_GUARD();
+    BQL_LOCK_GUARD();
 
     if (level) {
         env->CP0_Cause |= 1 << (irq + CP0Ca_IP);
diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/ppc/ppc.c
+++ b/hw/ppc/ppc.c
@@ -XXX,XX +XXX,XX @@ void ppc_set_irq(PowerPCCPU *cpu, int irq, int level)
     unsigned int old_pending;
 
     /* We may already have the BQL if coming from the reset path */
-    QEMU_IOTHREAD_LOCK_GUARD();
+    BQL_LOCK_GUARD();
 
     old_pending = env->pending_interrupts;
 
diff --git a/target/i386/kvm/xen-emu.c b/target/i386/kvm/xen-emu.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/kvm/xen-emu.c
+++ b/target/i386/kvm/xen-emu.c
@@ -XXX,XX +XXX,XX @@ static int xen_set_shared_info(uint64_t gfn)
     uint64_t gpa = gfn << TARGET_PAGE_BITS;
     int i, err;
 
-    QEMU_IOTHREAD_LOCK_GUARD();
+    BQL_LOCK_GUARD();
 
     /*
      * The xen_overlay device tells KVM about it too, since it had to
diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -XXX,XX +XXX,XX @@ static int ppc_next_unmasked_interrupt(CPUPPCState *env)
 void ppc_maybe_interrupt(CPUPPCState *env)
 {
     CPUState *cs = env_cpu(env);
-    QEMU_IOTHREAD_LOCK_GUARD();
+    BQL_LOCK_GUARD();
 
     if (ppc_next_unmasked_interrupt(env)) {
         cpu_interrupt(cs, CPU_INTERRUPT_HARD);
diff --git a/target/ppc/helper_regs.c b/target/ppc/helper_regs.c
index XXXXXXX..XXXXXXX 100644
--- a/target/ppc/helper_regs.c
+++ b/target/ppc/helper_regs.c
@@ -XXX,XX +XXX,XX @@ void cpu_interrupt_exittb(CPUState *cs)
      * unless running with TCG.
      */
     if (tcg_enabled()) {
-        QEMU_IOTHREAD_LOCK_GUARD();
+        BQL_LOCK_GUARD();
         cpu_interrupt(cs, CPU_INTERRUPT_EXITTB);
     }
 }
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -XXX,XX +XXX,XX @@ void riscv_cpu_interrupt(CPURISCVState *env)
     uint64_t gein, vsgein = 0, vstip = 0, irqf = 0;
     CPUState *cs = env_cpu(env);
 
-    QEMU_IOTHREAD_LOCK_GUARD();
+    BQL_LOCK_GUARD();
 
     if (env->virt_enabled) {
         gein = get_field(env->hstatus, HSTATUS_VGEIN);
@@ -XXX,XX +XXX,XX @@ uint64_t riscv_cpu_update_mip(CPURISCVState *env, uint64_t mask, uint64_t value)
     /* No need to update mip for VSTIP */
     mask = ((mask == MIP_VSTIP) && env->vstime_irq) ? 0 : mask;
 
-    QEMU_IOTHREAD_LOCK_GUARD();
+    BQL_LOCK_GUARD();
 
     env->mip = (env->mip & ~mask) | (value & mask);
 
-- 
2.43.0

The name "iothread" is overloaded. Use the term Big QEMU Lock (BQL)
instead, it is already widely used and unambiguous.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Paul Durrant <paul@xen.org>
Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-id: 20240102153529.486531-4-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/qemu/main-loop.h          | 10 +++++-----
 accel/tcg/tcg-accel-ops-rr.c      |  4 ++--
 hw/display/virtio-gpu.c           |  2 +-
 hw/ppc/spapr_events.c             |  2 +-
 system/cpu-throttle.c             |  2 +-
 system/cpus.c                     |  4 ++--
 target/i386/nvmm/nvmm-accel-ops.c |  2 +-
 target/i386/whpx/whpx-accel-ops.c |  2 +-
 8 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/main-loop.h
+++ b/include/qemu/main-loop.h
@@ -XXX,XX +XXX,XX @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(BQLLockAuto, bql_auto_unlock)
         = bql_auto_lock(__FILE__, __LINE__)
 
 /*
- * qemu_cond_wait_iothread: Wait on condition for the main loop mutex
+ * qemu_cond_wait_bql: Wait on condition for the Big QEMU Lock (BQL)
  *
- * This function atomically releases the main loop mutex and causes
+ * This function atomically releases the Big QEMU Lock (BQL) and causes
  * the calling thread to block on the condition.
  */
-void qemu_cond_wait_iothread(QemuCond *cond);
+void qemu_cond_wait_bql(QemuCond *cond);
 
 /*
- * qemu_cond_timedwait_iothread: like the previous, but with timeout
+ * qemu_cond_timedwait_bql: like the previous, but with timeout
  */
-void qemu_cond_timedwait_iothread(QemuCond *cond, int ms);
+void qemu_cond_timedwait_bql(QemuCond *cond, int ms);
 
 /* internal interfaces */
 
diff --git a/accel/tcg/tcg-accel-ops-rr.c b/accel/tcg/tcg-accel-ops-rr.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tcg-accel-ops-rr.c
+++ b/accel/tcg/tcg-accel-ops-rr.c
@@ -XXX,XX +XXX,XX @@ static void rr_wait_io_event(void)
 
     while (all_cpu_threads_idle()) {
         rr_stop_kick_timer();
-        qemu_cond_wait_iothread(first_cpu->halt_cond);
+        qemu_cond_wait_bql(first_cpu->halt_cond);
     }
 
     rr_start_kick_timer();
@@ -XXX,XX +XXX,XX @@ static void *rr_cpu_thread_fn(void *arg)
 
     /* wait for initial kick-off after machine start */
     while (first_cpu->stopped) {
-        qemu_cond_wait_iothread(first_cpu->halt_cond);
+        qemu_cond_wait_bql(first_cpu->halt_cond);
 
         /* process any pending work */
         CPU_FOREACH(cpu) {
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -XXX,XX +XXX,XX @@ void virtio_gpu_reset(VirtIODevice *vdev)
         g->reset_finished = false;
         qemu_bh_schedule(g->reset_bh);
         while (!g->reset_finished) {
-            qemu_cond_wait_iothread(&g->reset_cond);
+            qemu_cond_wait_bql(&g->reset_cond);
         }
     } else {
         virtio_gpu_reset_bh(g);
diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -XXX,XX +XXX,XX @@ void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
             }
             return;
         }
-        qemu_cond_wait_iothread(&spapr->fwnmi_machine_check_interlock_cond);
+        qemu_cond_wait_bql(&spapr->fwnmi_machine_check_interlock_cond);
         if (spapr->fwnmi_machine_check_addr == -1) {
             /*
              * If the machine was reset while waiting for the interlock,
diff --git a/system/cpu-throttle.c b/system/cpu-throttle.c
index XXXXXXX..XXXXXXX 100644
--- a/system/cpu-throttle.c
+++ b/system/cpu-throttle.c
@@ -XXX,XX +XXX,XX @@ static void cpu_throttle_thread(CPUState *cpu, run_on_cpu_data opaque)
     endtime_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME) + sleeptime_ns;
     while (sleeptime_ns > 0 && !cpu->stop) {
         if (sleeptime_ns > SCALE_MS) {
-            qemu_cond_timedwait_iothread(cpu->halt_cond,
+            qemu_cond_timedwait_bql(cpu->halt_cond,
                                          sleeptime_ns / SCALE_MS);
         } else {
             bql_unlock();
diff --git a/system/cpus.c b/system/cpus.c
index XXXXXXX..XXXXXXX 100644
--- a/system/cpus.c
+++ b/system/cpus.c
@@ -XXX,XX +XXX,XX @@ void bql_unlock(void)
     qemu_mutex_unlock(&bql);
 }
 
-void qemu_cond_wait_iothread(QemuCond *cond)
+void qemu_cond_wait_bql(QemuCond *cond)
 {
     qemu_cond_wait(cond, &bql);
 }
 
-void qemu_cond_timedwait_iothread(QemuCond *cond, int ms)
+void qemu_cond_timedwait_bql(QemuCond *cond, int ms)
 {
     qemu_cond_timedwait(cond, &bql, ms);
 }
diff --git a/target/i386/nvmm/nvmm-accel-ops.c b/target/i386/nvmm/nvmm-accel-ops.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/nvmm/nvmm-accel-ops.c
+++ b/target/i386/nvmm/nvmm-accel-ops.c
@@ -XXX,XX +XXX,XX @@ static void *qemu_nvmm_cpu_thread_fn(void *arg)
             }
         }
         while (cpu_thread_is_idle(cpu)) {
-            qemu_cond_wait_iothread(cpu->halt_cond);
+            qemu_cond_wait_bql(cpu->halt_cond);
         }
         qemu_wait_io_event_common(cpu);
     } while (!cpu->unplug || cpu_can_run(cpu));
diff --git a/target/i386/whpx/whpx-accel-ops.c b/target/i386/whpx/whpx-accel-ops.c
index XXXXXXX..XXXXXXX 100644
--- a/target/i386/whpx/whpx-accel-ops.c
+++ b/target/i386/whpx/whpx-accel-ops.c
@@ -XXX,XX +XXX,XX @@ static void *whpx_cpu_thread_fn(void *arg)
             }
         }
         while (cpu_thread_is_idle(cpu)) {
-            qemu_cond_wait_iothread(cpu->halt_cond);
+            qemu_cond_wait_bql(cpu->halt_cond);
         }
         qemu_wait_io_event_common(cpu);
     } while (!cpu->unplug || cpu_can_run(cpu));
-- 
2.43.0

The term "iothread lock" is obsolete. The APIs use Big QEMU Lock (BQL)
in their names. Update the code comments to use "BQL" instead of
"iothread lock".

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Paul Durrant <paul@xen.org>
Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Message-id: 20240102153529.486531-5-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 docs/devel/reset.rst             |  2 +-
 hw/display/qxl.h                 |  2 +-
 include/exec/cpu-common.h        |  2 +-
 include/exec/memory.h            |  4 ++--
 include/exec/ramblock.h          |  2 +-
 include/migration/register.h     |  8 ++++----
 target/arm/internals.h           |  4 ++--
 accel/tcg/cputlb.c               |  4 ++--
 accel/tcg/tcg-accel-ops-icount.c |  2 +-
 hw/remote/mpqemu-link.c          |  2 +-
 migration/block-dirty-bitmap.c   | 10 +++++-----
 migration/block.c                | 22 +++++++++++-----------
 migration/colo.c                 |  2 +-
 migration/migration.c            |  2 +-
 migration/ram.c                  |  4 ++--
 system/physmem.c                 |  6 +++---
 target/arm/helper.c              |  2 +-
 ui/spice-core.c                  |  2 +-
 util/rcu.c                       |  2 +-
 audio/coreaudio.m                |  4 ++--
 ui/cocoa.m                       |  6 +++---
 21 files changed, 47 insertions(+), 47 deletions(-)

diff --git a/docs/devel/reset.rst b/docs/devel/reset.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/devel/reset.rst
+++ b/docs/devel/reset.rst
@@ -XXX,XX +XXX,XX @@ Triggering reset
 
 This section documents the APIs which "users" of a resettable object should use
 to control it. All resettable control functions must be called while holding
-the iothread lock.
+the BQL.
 
 You can apply a reset to an object using ``resettable_assert_reset()``. You need
 to call ``resettable_release_reset()`` to release the object from reset. To
diff --git a/hw/display/qxl.h b/hw/display/qxl.h
index XXXXXXX..XXXXXXX 100644
--- a/hw/display/qxl.h
+++ b/hw/display/qxl.h
@@ -XXX,XX +XXX,XX @@ OBJECT_DECLARE_SIMPLE_TYPE(PCIQXLDevice, PCI_QXL)
  *
  * Use with care; by the time this function returns, the returned pointer is
  * not protected by RCU anymore.  If the caller is not within an RCU critical
- * section and does not hold the iothread lock, it must have other means of
+ * section and does not hold the BQL, it must have other means of
  * protecting the pointer, such as a reference to the region that includes
  * the incoming ram_addr_t.
  *
diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -XXX,XX +XXX,XX @@ RAMBlock *qemu_ram_block_by_name(const char *name);
  *
  * By the time this function returns, the returned pointer is not protected
  * by RCU anymore.  If the caller is not within an RCU critical section and
- * does not hold the iothread lock, it must have other means of protecting the
+ * does not hold the BQL, it must have other means of protecting the
  * pointer, such as a reference to the memory region that owns the RAMBlock.
  */
 RAMBlock *qemu_ram_block_from_host(void *ptr, bool round_offset,
diff --git a/include/exec/memory.h b/include/exec/memory.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -XXX,XX +XXX,XX @@ int memory_region_get_fd(MemoryRegion *mr);
  *
  * Use with care; by the time this function returns, the returned pointer is
  * not protected by RCU anymore.  If the caller is not within an RCU critical
- * section and does not hold the iothread lock, it must have other means of
+ * section and does not hold the BQL, it must have other means of
  * protecting the pointer, such as a reference to the region that includes
  * the incoming ram_addr_t.
  *
@@ -XXX,XX +XXX,XX @@ MemoryRegion *memory_region_from_host(void *ptr, ram_addr_t *offset);
  *
  * Use with care; by the time this function returns, the returned pointer is
  * not protected by RCU anymore.  If the caller is not within an RCU critical
- * section and does not hold the iothread lock, it must have other means of
+ * section and does not hold the BQL, it must have other means of
  * protecting the pointer, such as a reference to the region that includes
  * the incoming ram_addr_t.
  *
diff --git a/include/exec/ramblock.h b/include/exec/ramblock.h
index XXXXXXX..XXXXXXX 100644
--- a/include/exec/ramblock.h
+++ b/include/exec/ramblock.h
@@ -XXX,XX +XXX,XX @@ struct RAMBlock {
     ram_addr_t max_length;
     void (*resized)(const char*, uint64_t length, void *host);
     uint32_t flags;
-    /* Protected by iothread lock.  */
+    /* Protected by the BQL.  */
     char idstr[256];
     /* RCU-enabled, writes protected by the ramlist lock */
     QLIST_ENTRY(RAMBlock) next;
diff --git a/include/migration/register.h b/include/migration/register.h
index XXXXXXX..XXXXXXX 100644
--- a/include/migration/register.h
+++ b/include/migration/register.h
@@ -XXX,XX +XXX,XX @@
 #include "hw/vmstate-if.h"
 
 typedef struct SaveVMHandlers {
-    /* This runs inside the iothread lock.  */
+    /* This runs inside the BQL.  */
     SaveStateHandler *save_state;
 
     /*
@@ -XXX,XX +XXX,XX @@ typedef struct SaveVMHandlers {
     int (*save_live_complete_postcopy)(QEMUFile *f, void *opaque);
     int (*save_live_complete_precopy)(QEMUFile *f, void *opaque);
 
-    /* This runs both outside and inside the iothread lock.  */
+    /* This runs both outside and inside the BQL.  */
     bool (*is_active)(void *opaque);
     bool (*has_postcopy)(void *opaque);
 
@@ -XXX,XX +XXX,XX @@ typedef struct SaveVMHandlers {
      */
     bool (*is_active_iterate)(void *opaque);
 
-    /* This runs outside the iothread lock in the migration case, and
+    /* This runs outside the BQL in the migration case, and
      * within the lock in the savevm case.  The callback had better only
      * use data that is local to the migration thread or protected
      * by other locks.
      */
     int (*save_live_iterate)(QEMUFile *f, void *opaque);
 
-    /* This runs outside the iothread lock!  */
+    /* This runs outside the BQL!  */
     /* Note for save_live_pending:
      * must_precopy:
      * - must be migrated in precopy or in stopped state
diff --git a/target/arm/internals.h b/target/arm/internals.h
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -XXX,XX +XXX,XX @@ static inline const char *aarch32_mode_name(uint32_t psr)
  *
  * Update the CPU_INTERRUPT_VIRQ bit in cs->interrupt_request, following
  * a change to either the input VIRQ line from the GIC or the HCR_EL2.VI bit.
- * Must be called with the iothread lock held.
+ * Must be called with the BQL held.
  */
 void arm_cpu_update_virq(ARMCPU *cpu);
 
@@ -XXX,XX +XXX,XX @@ void arm_cpu_update_virq(ARMCPU *cpu);
  *
  * Update the CPU_INTERRUPT_VFIQ bit in cs->interrupt_request, following
  * a change to either the input VFIQ line from the GIC or the HCR_EL2.VF bit.
- * Must be called with the iothread lock held.
+ * Must be called with the BQL held.
  */
 void arm_cpu_update_vfiq(ARMCPU *cpu);
 
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -XXX,XX +XXX,XX @@ static void *atomic_mmu_lookup(CPUState *cpu, vaddr addr, MemOpIdx oi,
  * @size: number of bytes
  * @mmu_idx: virtual address context
  * @ra: return address into tcg generated code, or 0
- * Context: iothread lock held
+ * Context: BQL held
  *
  * Load @size bytes from @addr, which is memory-mapped i/o.
  * The bytes are concatenated in big-endian order with @ret_be.
@@ -XXX,XX +XXX,XX @@ static Int128 do_ld16_mmu(CPUState *cpu, vaddr addr,
  * @size: number of bytes
  * @mmu_idx: virtual address context
  * @ra: return address into tcg generated code, or 0
- * Context: iothread lock held
+ * Context: BQL held
  *
  * Store @size bytes at @addr, which is memory-mapped i/o.
  * The bytes to store are extracted in little-endian order from @val_le;
diff --git a/accel/tcg/tcg-accel-ops-icount.c b/accel/tcg/tcg-accel-ops-icount.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tcg-accel-ops-icount.c
+++ b/accel/tcg/tcg-accel-ops-icount.c
@@ -XXX,XX +XXX,XX @@ void icount_prepare_for_run(CPUState *cpu, int64_t cpu_budget)
 
     if (cpu->icount_budget == 0) {
         /*
-         * We're called without the iothread lock, so must take it while
+         * We're called without the BQL, so must take it while
          * we're calling timer handlers.
          */
         bql_lock();
diff --git a/hw/remote/mpqemu-link.c b/hw/remote/mpqemu-link.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/remote/mpqemu-link.c
+++ b/hw/remote/mpqemu-link.c
@@ -XXX,XX +XXX,XX @@ bool mpqemu_msg_send(MPQemuMsg *msg, QIOChannel *ioc, Error **errp)
     assert(qemu_in_coroutine() || !iothread);
 
     /*
-     * Skip unlocking/locking iothread lock when the IOThread is running
+     * Skip unlocking/locking BQL when the IOThread is running
      * in co-routine context. Co-routine context is asserted above
      * for IOThread case.
      * Also skip lock handling while in a co-routine in the main context.
diff --git a/migration/block-dirty-bitmap.c b/migration/block-dirty-bitmap.c
index XXXXXXX..XXXXXXX 100644
--- a/migration/block-dirty-bitmap.c
+++ b/migration/block-dirty-bitmap.c
@@ -XXX,XX +XXX,XX @@ static void send_bitmap_bits(QEMUFile *f, DBMSaveState *s,
     g_free(buf);
 }
 
-/* Called with iothread lock taken.  */
+/* Called with the BQL taken.  */
 static void dirty_bitmap_do_save_cleanup(DBMSaveState *s)
 {
     SaveBitmapState *dbms;
@@ -XXX,XX +XXX,XX @@ static void dirty_bitmap_do_save_cleanup(DBMSaveState *s)
     }
 }
 
-/* Called with iothread lock taken. */
+/* Called with the BQL taken. */
 static int add_bitmaps_to_list(DBMSaveState *s, BlockDriverState *bs,
                                const char *bs_name, GHashTable *alias_map)
 {
@@ -XXX,XX +XXX,XX @@ static int add_bitmaps_to_list(DBMSaveState *s, BlockDriverState *bs,
     return 0;
 }
 
-/* Called with iothread lock taken. */
+/* Called with the BQL taken. */
 static int init_dirty_bitmap_migration(DBMSaveState *s)
 {
     BlockDriverState *bs;
@@ -XXX,XX +XXX,XX @@ static int init_dirty_bitmap_migration(DBMSaveState *s)
     BlockBackend *blk;
     GHashTable *alias_map = NULL;
 
-    /* Runs in the migration thread, but holds the iothread lock */
+    /* Runs in the migration thread, but holds the BQL */
     GLOBAL_STATE_CODE();
     GRAPH_RDLOCK_GUARD_MAINLOOP();
 
@@ -XXX,XX +XXX,XX @@ static int dirty_bitmap_save_iterate(QEMUFile *f, void *opaque)
     return s->bulk_completed;
 }
 
-/* Called with iothread lock taken.  */
+/* Called with the BQL taken.  */
 
 static int dirty_bitmap_save_complete(QEMUFile *f, void *opaque)
 {
diff --git a/migration/block.c b/migration/block.c
index XXXXXXX..XXXXXXX 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -XXX,XX +XXX,XX @@ typedef struct BlkMigState {
     int prev_progress;
     int bulk_completed;
 
-    /* Lock must be taken _inside_ the iothread lock.  */
+    /* Lock must be taken _inside_ the BQL.  */
     QemuMutex lock;
 } BlkMigState;
 
@@ -XXX,XX +XXX,XX @@ static void blk_mig_unlock(void)
     qemu_mutex_unlock(&block_mig_state.lock);
 }
 
-/* Must run outside of the iothread lock during the bulk phase,
+/* Must run outside of the BQL during the bulk phase,
  * or the VM will stall.
  */
 
@@ -XXX,XX +XXX,XX @@ static int mig_save_device_bulk(QEMUFile *f, BlkMigDevState *bmds)
     return (bmds->cur_sector >= total_sectors);
 }
 
-/* Called with iothread lock taken.  */
+/* Called with the BQL taken.  */
 
 static int set_dirty_tracking(void)
 {
@@ -XXX,XX +XXX,XX @@ fail:
     return ret;
 }
 
-/* Called with iothread lock taken.  */
+/* Called with the BQL taken.  */
 
 static void unset_dirty_tracking(void)
 {
@@ -XXX,XX +XXX,XX @@ static void blk_mig_reset_dirty_cursor(void)
     }
 }
 
-/* Called with iothread lock taken.  */
+/* Called with the BQL taken.  */
 
 static int mig_save_device_dirty(QEMUFile *f, BlkMigDevState *bmds,
                                  int is_async)
@@ -XXX,XX +XXX,XX @@ error:
     return ret;
 }
 
-/* Called with iothread lock taken.
+/* Called with the BQL taken.
  *
  * return value:
  * 0: too much data for max_downtime
@@ -XXX,XX +XXX,XX @@ static int flush_blks(QEMUFile *f)
     return ret;
 }
 
-/* Called with iothread lock taken.  */
+/* Called with the BQL taken.  */
 
 static int64_t get_remaining_dirty(void)
 {
@@ -XXX,XX +XXX,XX @@ static int64_t get_remaining_dirty(void)
 
 
 
-/* Called with iothread lock taken.  */
+/* Called with the BQL taken.  */
 static void block_migration_cleanup_bmds(void)
 {
     BlkMigDevState *bmds;
@@ -XXX,XX +XXX,XX @@ static void block_migration_cleanup_bmds(void)
     }
 }
 
-/* Called with iothread lock taken.  */
+/* Called with the BQL taken.  */
 static void block_migration_cleanup(void *opaque)
 {
     BlkMigBlock *blk;
@@ -XXX,XX +XXX,XX @@ static int block_save_iterate(QEMUFile *f, void *opaque)
             }
             ret = 0;
         } else {
-            /* Always called with iothread lock taken for
+            /* Always called with the BQL taken for
              * simplicity, block_save_complete also calls it.
              */
             bql_lock();
@@ -XXX,XX +XXX,XX @@ static int block_save_iterate(QEMUFile *f, void *opaque)
     return (delta_bytes > 0);
 }
 
-/* Called with iothread lock taken.  */
+/* Called with the BQL taken.  */
 
 static int block_save_complete(QEMUFile *f, void *opaque)
 {
diff --git a/migration/colo.c b/migration/colo.c
index XXXXXXX..XXXXXXX 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -XXX,XX +XXX,XX @@ int coroutine_fn colo_incoming_co(void)
     qemu_thread_join(&th);
     bql_lock();
 
-    /* We hold the global iothread lock, so it is safe here */
+    /* We hold the global BQL, so it is safe here */
     colo_release_ram_cache();
 
     return 0;
diff --git a/migration/migration.c b/migration/migration.c
index XXXXXXX..XXXXXXX 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -XXX,XX +XXX,XX @@ fail:
 
 /**
  * migration_maybe_pause: Pause if required to by
- * migrate_pause_before_switchover called with the iothread locked
+ * migrate_pause_before_switchover called with the BQL locked
  * Returns: 0 on success
  */
 static int migration_maybe_pause(MigrationState *s,
diff --git a/migration/ram.c b/migration/ram.c
index XXXXXXX..XXXXXXX 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -XXX,XX +XXX,XX @@ static void ram_save_cleanup(void *opaque)
 
     /* We don't use dirty log with background snapshots */
     if (!migrate_background_snapshot()) {
-        /* caller have hold iothread lock or is in a bh, so there is
+        /* caller have hold BQL or is in a bh, so there is
          * no writing race against the migration bitmap
          */
         if (global_dirty_tracking & GLOBAL_DIRTY_MIGRATION) {
@@ -XXX,XX +XXX,XX @@ out:
  *
  * Returns zero to indicate success or negative on error
  *
- * Called with iothread lock
+ * Called with the BQL
  *
  * @f: QEMUFile where to send the data
  * @opaque: RAMState pointer
diff --git a/system/physmem.c b/system/physmem.c
index XXXXXXX..XXXXXXX 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -XXX,XX +XXX,XX @@ static RAMBlock *qemu_get_ram_block(ram_addr_t addr)
     abort();
 
 found:
-    /* It is safe to write mru_block outside the iothread lock.  This
+    /* It is safe to write mru_block outside the BQL.  This
      * is what happens:
      *
      *     mru_block = xxx
@@ -XXX,XX +XXX,XX @@ int qemu_ram_get_fd(RAMBlock *rb)
     return rb->fd;
 }
 
-/* Called with iothread lock held.  */
+/* Called with the BQL held.  */
 void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
 {
     RAMBlock *block;
@@ -XXX,XX +XXX,XX @@ void qemu_ram_set_idstr(RAMBlock *new_block, const char *name, DeviceState *dev)
     }
 }
 
-/* Called with iothread lock held.  */
+/* Called with the BQL held.  */
 void qemu_ram_unset_idstr(RAMBlock *block)
 {
     /* FIXME: arch_init.c assumes that this is not called throughout
diff --git a/target/arm/helper.c b/target/arm/helper.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -XXX,XX +XXX,XX @@ static void do_hcr_write(CPUARMState *env, uint64_t value, uint64_t valid_mask)
      * Updates to VI and VF require us to update the status of
      * virtual interrupts, which are the logical OR of these bits
      * and the state of the input lines from the GIC. (This requires
-     * that we have the iothread lock, which is done by marking the
+     * that we have the BQL, which is done by marking the
      * reginfo structs as ARM_CP_IO.)
      * Note that if a write to HCR pends a VIRQ or VFIQ it is never
      * possible for it to be taken immediately, because VIRQ and
diff --git a/ui/spice-core.c b/ui/spice-core.c
index XXXXXXX..XXXXXXX 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -XXX,XX +XXX,XX @@ static void channel_event(int event, SpiceChannelEventInfo *info)
      * not do that.  It isn't that easy to fix it in spice and even
      * when it is fixed we still should cover the already released
      * spice versions.  So detect that we've been called from another
-     * thread and grab the iothread lock if so before calling qemu
+     * thread and grab the BQL if so before calling qemu
      * functions.
      */
     bool need_lock = !qemu_thread_is_self(&me);
diff --git a/util/rcu.c b/util/rcu.c
index XXXXXXX..XXXXXXX 100644
--- a/util/rcu.c
+++ b/util/rcu.c
@@ -XXX,XX +XXX,XX @@ static void rcu_init_complete(void)
 
     qemu_event_init(&rcu_call_ready_event, false);
 
-    /* The caller is assumed to have iothread lock, so the call_rcu thread
+    /* The caller is assumed to have BQL, so the call_rcu thread
      * must have been quiescent even after forking, just recreate it.
      */
     qemu_thread_create(&thread, "call_rcu", call_rcu_thread,
diff --git a/audio/coreaudio.m b/audio/coreaudio.m
index XXXXXXX..XXXXXXX 100644
--- a/audio/coreaudio.m
+++ b/audio/coreaudio.m
@@ -XXX,XX +XXX,XX @@ static ret_type glue(coreaudio_, name)args_decl             \
 #undef COREAUDIO_WRAPPER_FUNC
 
 /*
- * callback to feed audiooutput buffer. called without iothread lock.
+ * callback to feed audiooutput buffer. called without BQL.
  * allowed to lock "buf_mutex", but disallowed to have any other locks.
  */
 static OSStatus audioDeviceIOProc(
@@ -XXX,XX +XXX,XX @@ static void update_device_playback_state(coreaudioVoiceOut *core)
     }
 }
 
-/* called without iothread lock. */
+/* called without BQL. */
 static OSStatus handle_voice_change(
     AudioObjectID in_object_id,
     UInt32 in_number_addresses,
diff --git a/ui/cocoa.m b/ui/cocoa.m
index XXXXXXX..XXXXXXX 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -XXX,XX +XXX,XX @@ static void cocoa_switch(DisplayChangeListener *dcl,
 static QemuClipboardInfo *cbinfo;
 static QemuEvent cbevent;
 
-// Utility functions to run specified code block with iothread lock held
+// Utility functions to run specified code block with the BQL held
 typedef void (^CodeBlock)(void);
 typedef bool (^BoolCodeBlock)(void);
 
@@ -XXX,XX +XXX,XX @@ - (void) setContentDimensions
 
 - (void) updateUIInfoLocked
 {
-    /* Must be called with the iothread lock, i.e. via updateUIInfo */
+    /* Must be called with the BQL, i.e. via updateUIInfo */
     NSSize frameSize;
     QemuUIInfo info;
 
@@ -XXX,XX +XXX,XX @@ static void cocoa_display_init(DisplayState *ds, DisplayOptions *opts)
      * Create the menu entries which depend on QEMU state (for consoles
      * and removable devices). These make calls back into QEMU functions,
      * which is OK because at this point we know that the second thread
-     * holds the iothread lock and is synchronously waiting for us to
+     * holds the BQL and is synchronously waiting for us to
      * finish.
      */
     add_console_menu_entries();
-- 
2.43.0

The term "QEMU global mutex" is identical to the more widely used Big
QEMU Lock ("BQL"). Update the code comments and documentation to use
"BQL" instead of "QEMU global mutex".

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Paul Durrant <paul@xen.org>
Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Message-id: 20240102153529.486531-6-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 docs/devel/multi-thread-tcg.rst   |  7 +++----
 docs/devel/qapi-code-gen.rst      |  2 +-
 docs/devel/replay.rst             |  2 +-
 docs/devel/multiple-iothreads.txt | 14 +++++++-------
 include/block/blockjob.h          |  6 +++---
 include/io/task.h                 |  2 +-
 include/qemu/coroutine-core.h     |  2 +-
 include/qemu/coroutine.h          |  2 +-
 hw/block/dataplane/virtio-blk.c   |  8 ++++----
 hw/block/virtio-blk.c             |  2 +-
 hw/scsi/virtio-scsi-dataplane.c   |  6 +++---
 net/tap.c                         |  2 +-
 12 files changed, 27 insertions(+), 28 deletions(-)

diff --git a/docs/devel/multi-thread-tcg.rst b/docs/devel/multi-thread-tcg.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/devel/multi-thread-tcg.rst
+++ b/docs/devel/multi-thread-tcg.rst
@@ -XXX,XX +XXX,XX @@ instruction. This could be a future optimisation.
 Emulated hardware state
 -----------------------
 
-Currently thanks to KVM work any access to IO memory is automatically
-protected by the global iothread mutex, also known as the BQL (Big
-QEMU Lock). Any IO region that doesn't use global mutex is expected to
-do its own locking.
+Currently thanks to KVM work any access to IO memory is automatically protected
+by the BQL (Big QEMU Lock). Any IO region that doesn't use the BQL is expected
+to do its own locking.
 
 However IO memory isn't the only way emulated hardware state can be
 modified. Some architectures have model specific registers that
diff --git a/docs/devel/qapi-code-gen.rst b/docs/devel/qapi-code-gen.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/devel/qapi-code-gen.rst
+++ b/docs/devel/qapi-code-gen.rst
@@ -XXX,XX +XXX,XX @@ blocking the guest and other background operations.
 Coroutine safety can be hard to prove, similar to thread safety.  Common
 pitfalls are:
 
-- The global mutex isn't held across ``qemu_coroutine_yield()``, so
+- The BQL isn't held across ``qemu_coroutine_yield()``, so
   operations that used to assume that they execute atomically may have
   to be more careful to protect against changes in the global state.
 
diff --git a/docs/devel/replay.rst b/docs/devel/replay.rst
index XXXXXXX..XXXXXXX 100644
--- a/docs/devel/replay.rst
+++ b/docs/devel/replay.rst
@@ -XXX,XX +XXX,XX @@ modes.
 Reading and writing requests are created by CPU thread of QEMU. Later these
 requests proceed to block layer which creates "bottom halves". Bottom
 halves consist of callback and its parameters. They are processed when
-main loop locks the global mutex. These locks are not synchronized with
+main loop locks the BQL. These locks are not synchronized with
 replaying process because main loop also processes the events that do not
 affect the virtual machine state (like user interaction with monitor).
 
diff --git a/docs/devel/multiple-iothreads.txt b/docs/devel/multiple-iothreads.txt
index XXXXXXX..XXXXXXX 100644
--- a/docs/devel/multiple-iothreads.txt
+++ b/docs/devel/multiple-iothreads.txt
@@ -XXX,XX +XXX,XX @@ the COPYING file in the top-level directory.
 
 
 This document explains the IOThread feature and how to write code that runs
-outside the QEMU global mutex.
+outside the BQL.
 
 The main loop and IOThreads
 ---------------------------
@@ -XXX,XX +XXX,XX @@ scalability bottleneck on hosts with many CPUs.  Work can be spread across
 several IOThreads instead of just one main loop.  When set up correctly this
 can improve I/O latency and reduce jitter seen by the guest.
 
-The main loop is also deeply associated with the QEMU global mutex, which is a
-scalability bottleneck in itself.  vCPU threads and the main loop use the QEMU
-global mutex to serialize execution of QEMU code.  This mutex is necessary
-because a lot of QEMU's code historically was not thread-safe.
+The main loop is also deeply associated with the BQL, which is a
+scalability bottleneck in itself.  vCPU threads and the main loop use the BQL
+to serialize execution of QEMU code.  This mutex is necessary because a lot of
+QEMU's code historically was not thread-safe.
 
 The fact that all I/O processing is done in a single main loop and that the
-QEMU global mutex is contended by all vCPU threads and the main loop explain
+BQL is contended by all vCPU threads and the main loop explain
 why it is desirable to place work into IOThreads.
 
 The experimental virtio-blk data-plane implementation has been benchmarked and
@@ -XXX,XX +XXX,XX @@ There are several old APIs that use the main loop AioContext:
 
 Since they implicitly work on the main loop they cannot be used in code that
 runs in an IOThread.  They might cause a crash or deadlock if called from an
-IOThread since the QEMU global mutex is not held.
+IOThread since the BQL is not held.
 
 Instead, use the AioContext functions directly (see include/block/aio.h):
  * aio_set_fd_handler() - monitor a file descriptor
diff --git a/include/block/blockjob.h b/include/block/blockjob.h
index XXXXXXX..XXXXXXX 100644
--- a/include/block/blockjob.h
+++ b/include/block/blockjob.h
@@ -XXX,XX +XXX,XX @@ typedef struct BlockJob {
 
     /**
      * Speed that was set with @block_job_set_speed.
-     * Always modified and read under QEMU global mutex (GLOBAL_STATE_CODE).
+     * Always modified and read under the BQL (GLOBAL_STATE_CODE).
      */
     int64_t speed;
 
@@ -XXX,XX +XXX,XX @@ typedef struct BlockJob {
 
     /**
      * Block other operations when block job is running.
-     * Always modified and read under QEMU global mutex (GLOBAL_STATE_CODE).
+     * Always modified and read under the BQL (GLOBAL_STATE_CODE).
      */
     Error *blocker;
 
@@ -XXX,XX +XXX,XX @@ typedef struct BlockJob {
 
     /**
      * BlockDriverStates that are involved in this block job.
-     * Always modified and read under QEMU global mutex (GLOBAL_STATE_CODE).
+     * Always modified and read under the BQL (GLOBAL_STATE_CODE).
      */
     GSList *nodes;
 } BlockJob;
diff --git a/include/io/task.h b/include/io/task.h
index XXXXXXX..XXXXXXX 100644
--- a/include/io/task.h
+++ b/include/io/task.h
@@ -XXX,XX +XXX,XX @@ typedef void (*QIOTaskWorker)(QIOTask *task,
  * lookups) to be easily run non-blocking. Reporting the
  * results in the main thread context means that the caller
  * typically does not need to be concerned about thread
- * safety wrt the QEMU global mutex.
+ * safety wrt the BQL.
  *
  * For example, the socket_listen() method will block the caller
  * while DNS lookups take place if given a name, instead of IP
diff --git a/include/qemu/coroutine-core.h b/include/qemu/coroutine-core.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/coroutine-core.h
+++ b/include/qemu/coroutine-core.h
@@ -XXX,XX +XXX,XX @@
  * rather than callbacks, for operations that need to give up control while
  * waiting for events to complete.
  *
- * These functions are re-entrant and may be used outside the global mutex.
+ * These functions are re-entrant and may be used outside the BQL.
  *
  * Functions that execute in coroutine context cannot be called
  * directly from normal functions.  Use @coroutine_fn to mark such
diff --git a/include/qemu/coroutine.h b/include/qemu/coroutine.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/coroutine.h
+++ b/include/qemu/coroutine.h
@@ -XXX,XX +XXX,XX @@
  * rather than callbacks, for operations that need to give up control while
  * waiting for events to complete.
  *
- * These functions are re-entrant and may be used outside the global mutex.
+ * These functions are re-entrant and may be used outside the BQL.
  *
  * Functions that execute in coroutine context cannot be called
  * directly from normal functions.  Use @coroutine_fn to mark such
diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/block/dataplane/virtio-blk.c
+++ b/hw/block/dataplane/virtio-blk.c
@@ -XXX,XX +XXX,XX @@ apply_vq_mapping(IOThreadVirtQueueMappingList *iothread_vq_mapping_list,
     }
 }
 
-/* Context: QEMU global mutex held */
+/* Context: BQL held */
 bool virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *conf,
                                   VirtIOBlockDataPlane **dataplane,
                                   Error **errp)
@@ -XXX,XX +XXX,XX @@ bool virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *conf,
     return true;
 }
 
-/* Context: QEMU global mutex held */
+/* Context: BQL held */
 void virtio_blk_data_plane_destroy(VirtIOBlockDataPlane *s)
 {
     VirtIOBlock *vblk;
@@ -XXX,XX +XXX,XX @@ void virtio_blk_data_plane_destroy(VirtIOBlockDataPlane *s)
     g_free(s);
 }
 
-/* Context: QEMU global mutex held */
+/* Context: BQL held */
 int virtio_blk_data_plane_start(VirtIODevice *vdev)
 {
     VirtIOBlock *vblk = VIRTIO_BLK(vdev);
@@ -XXX,XX +XXX,XX @@ static void virtio_blk_data_plane_stop_vq_bh(void *opaque)
     virtio_queue_host_notifier_read(host_notifier);
 }
 
-/* Context: QEMU global mutex held */
+/* Context: BQL held */
 void virtio_blk_data_plane_stop(VirtIODevice *vdev)
 {
     VirtIOBlock *vblk = VIRTIO_BLK(vdev);
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -XXX,XX +XXX,XX @@ static void virtio_blk_resize(void *opaque)
     VirtIODevice *vdev = VIRTIO_DEVICE(opaque);
 
     /*
-     * virtio_notify_config() needs to acquire the global mutex,
+     * virtio_notify_config() needs to acquire the BQL,
      * so it can't be called from an iothread. Instead, schedule
      * it to be run in the main context BH.
      */
diff --git a/hw/scsi/virtio-scsi-dataplane.c b/hw/scsi/virtio-scsi-dataplane.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/scsi/virtio-scsi-dataplane.c
+++ b/hw/scsi/virtio-scsi-dataplane.c
@@ -XXX,XX +XXX,XX @@
 #include "scsi/constants.h"
 #include "hw/virtio/virtio-bus.h"
 
-/* Context: QEMU global mutex held */
+/* Context: BQL held */
 void virtio_scsi_dataplane_setup(VirtIOSCSI *s, Error **errp)
 {
     VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s);
@@ -XXX,XX +XXX,XX @@ static void virtio_scsi_dataplane_stop_bh(void *opaque)
     }
 }
 
-/* Context: QEMU global mutex held */
+/* Context: BQL held */
 int virtio_scsi_dataplane_start(VirtIODevice *vdev)
 {
     int i;
@@ -XXX,XX +XXX,XX @@ fail_guest_notifiers:
     return -ENOSYS;
 }
 
-/* Context: QEMU global mutex held */
+/* Context: BQL held */
 void virtio_scsi_dataplane_stop(VirtIODevice *vdev)
 {
     BusState *qbus = qdev_get_parent_bus(DEVICE(vdev));
diff --git a/net/tap.c b/net/tap.c
index XXXXXXX..XXXXXXX 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -XXX,XX +XXX,XX @@ static void tap_send(void *opaque)
 
         /*
          * When the host keeps receiving more packets while tap_send() is
-         * running we can hog the QEMU global mutex.  Limit the number of
+         * running we can hog the BQL.  Limit the number of
          * packets that are processed per tap_send() callback to prevent
          * stalling the guest.
          */
-- 
2.43.0

The following changes since commit 813bac3d8d70d85cb7835f7945eb9eed84c2d8d0:

Merge tag '2023q3-bsd-user-pull-request' of https://gitlab.com/bsdimp/qemu into staging (2023-08-29 08:58:00 -0400)

are available in the Git repository at:

https://gitlab.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to 87ec6f55af38e29be5b2b65a8acf84da73e06d06:

aio-posix: zero out io_uring sqe user_data (2023-08-30 07:39:59 -0400)

----------------------------------------------------------------
Pull request

v3:
- Drop UFS emulation due to CI failures
- Add "aio-posix: zero out io_uring sqe user_data"

----------------------------------------------------------------

Andrey Drobyshev (3):
  block: add subcluster_size field to BlockDriverInfo
  block/io: align requests to subcluster_size
  tests/qemu-iotests/197: add testcase for CoR with subclusters

Fabiano Rosas (1):
  block-migration: Ensure we don't crash during migration cleanup

Stefan Hajnoczi (1):
  aio-posix: zero out io_uring sqe user_data

-- 
2.41.0

From: Fabiano Rosas <farosas@suse.de>

We can fail the blk_insert_bs() at init_blk_migration(), leaving the
BlkMigDevState without a dirty_bitmap and BlockDriverState. Account
for the possibly missing elements when doing cleanup.

Fix the following crashes:

Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x0000555555ec83ef in bdrv_release_dirty_bitmap (bitmap=0x0) at ../block/dirty-bitmap.c:359
359         BlockDriverState *bs = bitmap->bs;
 #0  0x0000555555ec83ef in bdrv_release_dirty_bitmap (bitmap=0x0) at ../block/dirty-bitmap.c:359
 #1  0x0000555555bba331 in unset_dirty_tracking () at ../migration/block.c:371
 #2  0x0000555555bbad98 in block_migration_cleanup_bmds () at ../migration/block.c:681

Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x0000555555e971ff in bdrv_op_unblock (bs=0x0, op=BLOCK_OP_TYPE_BACKUP_SOURCE, reason=0x0) at ../block.c:7073
7073        QLIST_FOREACH_SAFE(blocker, &bs->op_blockers[op], list, next) {
 #0  0x0000555555e971ff in bdrv_op_unblock (bs=0x0, op=BLOCK_OP_TYPE_BACKUP_SOURCE, reason=0x0) at ../block.c:7073
 #1  0x0000555555e9734a in bdrv_op_unblock_all (bs=0x0, reason=0x0) at ../block.c:7095
 #2  0x0000555555bbae13 in block_migration_cleanup_bmds () at ../migration/block.c:690

Signed-off-by: Fabiano Rosas <farosas@suse.de>
Message-id: 20230731203338.27581-1-farosas@suse.de
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 migration/block.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/migration/block.c b/migration/block.c
index XXXXXXX..XXXXXXX 100644
--- a/migration/block.c
+++ b/migration/block.c
@@ -XXX,XX +XXX,XX @@ static void unset_dirty_tracking(void)
     BlkMigDevState *bmds;
 
     QSIMPLEQ_FOREACH(bmds, &block_mig_state.bmds_list, entry) {
-        bdrv_release_dirty_bitmap(bmds->dirty_bitmap);
+        if (bmds->dirty_bitmap) {
+            bdrv_release_dirty_bitmap(bmds->dirty_bitmap);
+        }
     }
 }
 
@@ -XXX,XX +XXX,XX @@ static int64_t get_remaining_dirty(void)
 static void block_migration_cleanup_bmds(void)
 {
     BlkMigDevState *bmds;
+    BlockDriverState *bs;
     AioContext *ctx;
 
     unset_dirty_tracking();
 
     while ((bmds = QSIMPLEQ_FIRST(&block_mig_state.bmds_list)) != NULL) {
         QSIMPLEQ_REMOVE_HEAD(&block_mig_state.bmds_list, entry);
-        bdrv_op_unblock_all(blk_bs(bmds->blk), bmds->blocker);
+
+        bs = blk_bs(bmds->blk);
+        if (bs) {
+            bdrv_op_unblock_all(bs, bmds->blocker);
+        }
         error_free(bmds->blocker);
 
         /* Save ctx, because bmds->blk can disappear during blk_unref.  */
-- 
2.41.0

From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>

This is going to be used in the subsequent commit as requests alignment
(in particular, during copy-on-read).  This value only makes sense for
the formats which support subclusters (currently QCOW2 only).  If this
field isn't set by driver's own bdrv_get_info() implementation, we
simply set it equal to the cluster size thus treating each cluster as
having a single subcluster.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20230711172553.234055-2-andrey.drobyshev@virtuozzo.com>
---
 include/block/block-common.h | 5 +++++
 block.c                      | 7 +++++++
 block/qcow2.c                | 1 +
 3 files changed, 13 insertions(+)

diff --git a/include/block/block-common.h b/include/block/block-common.h
index XXXXXXX..XXXXXXX 100644
--- a/include/block/block-common.h
+++ b/include/block/block-common.h
@@ -XXX,XX +XXX,XX @@ typedef struct BlockZoneWps {
 typedef struct BlockDriverInfo {
     /* in bytes, 0 if irrelevant */
     int cluster_size;
+    /*
+     * A fraction of cluster_size, if supported (currently QCOW2 only); if
+     * disabled or unsupported, set equal to cluster_size.
+     */
+    int subcluster_size;
     /* offset at which the VM state can be saved (0 if not possible) */
     int64_t vm_state_offset;
     bool is_dirty;
diff --git a/block.c b/block.c
index XXXXXXX..XXXXXXX 100644
--- a/block.c
+++ b/block.c
@@ -XXX,XX +XXX,XX @@ int coroutine_fn bdrv_co_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
     }
     memset(bdi, 0, sizeof(*bdi));
     ret = drv->bdrv_co_get_info(bs, bdi);
+    if (bdi->subcluster_size == 0) {
+        /*
+         * If the driver left this unset, subclusters are not supported.
+         * Then it is safe to treat each cluster as having only one subcluster.
+         */
+        bdi->subcluster_size = bdi->cluster_size;
+    }
     if (ret < 0) {
         return ret;
     }
diff --git a/block/qcow2.c b/block/qcow2.c
index XXXXXXX..XXXXXXX 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -XXX,XX +XXX,XX @@ qcow2_co_get_info(BlockDriverState *bs, BlockDriverInfo *bdi)
 {
     BDRVQcow2State *s = bs->opaque;
     bdi->cluster_size = s->cluster_size;
+    bdi->subcluster_size = s->subcluster_size;
     bdi->vm_state_offset = qcow2_vm_state_offset(s);
     bdi->is_dirty = s->incompatible_features & QCOW2_INCOMPAT_DIRTY;
     return 0;
-- 
2.41.0

From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>

When target image is using subclusters, and we align the request during
copy-on-read, it makes sense to align to subcluster_size rather than
cluster_size.  Otherwise we end up with unnecessary allocations.

This commit renames bdrv_round_to_clusters() to bdrv_round_to_subclusters()
and utilizes subcluster_size field of BlockDriverInfo to make necessary
alignments.  It affects copy-on-read as well as mirror job (which is
using bdrv_round_to_clusters()).

This change also fixes the following bug with failing assert (covered by
the test in the subsequent commit):

qemu-img create -f qcow2 base.qcow2 64K
qemu-img create -f qcow2 -o extended_l2=on,backing_file=base.qcow2,backing_fmt=qcow2 img.qcow2 64K
qemu-io -c "write -P 0xaa 0 2K" img.qcow2
qemu-io -C -c "read -P 0x00 2K 62K" img.qcow2

qemu-io: ../block/io.c:1236: bdrv_co_do_copy_on_readv: Assertion `skip_bytes < pnum' failed.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20230711172553.234055-3-andrey.drobyshev@virtuozzo.com>
---
 include/block/block-io.h |  8 +++----
 block/io.c               | 50 ++++++++++++++++++++--------------------
 block/mirror.c           |  8 +++----
 3 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/include/block/block-io.h b/include/block/block-io.h
index XXXXXXX..XXXXXXX 100644
--- a/include/block/block-io.h
+++ b/include/block/block-io.h
@@ -XXX,XX +XXX,XX @@ bdrv_get_info(BlockDriverState *bs, BlockDriverInfo *bdi);
 ImageInfoSpecific *bdrv_get_specific_info(BlockDriverState *bs,
                                           Error **errp);
 BlockStatsSpecific *bdrv_get_specific_stats(BlockDriverState *bs);
-void bdrv_round_to_clusters(BlockDriverState *bs,
-                            int64_t offset, int64_t bytes,
-                            int64_t *cluster_offset,
-                            int64_t *cluster_bytes);
+void bdrv_round_to_subclusters(BlockDriverState *bs,
+                               int64_t offset, int64_t bytes,
+                               int64_t *cluster_offset,
+                               int64_t *cluster_bytes);
 
 void bdrv_get_backing_filename(BlockDriverState *bs,
                                char *filename, int filename_size);
diff --git a/block/io.c b/block/io.c
index XXXXXXX..XXXXXXX 100644
--- a/block/io.c
+++ b/block/io.c
@@ -XXX,XX +XXX,XX @@ BdrvTrackedRequest *coroutine_fn bdrv_co_get_self_request(BlockDriverState *bs)
 }
 
 /**
- * Round a region to cluster boundaries
+ * Round a region to subcluster (if supported) or cluster boundaries
  */
 void coroutine_fn GRAPH_RDLOCK
-bdrv_round_to_clusters(BlockDriverState *bs, int64_t offset, int64_t bytes,
-                       int64_t *cluster_offset, int64_t *cluster_bytes)
+bdrv_round_to_subclusters(BlockDriverState *bs, int64_t offset, int64_t bytes,
+                          int64_t *align_offset, int64_t *align_bytes)
 {
     BlockDriverInfo bdi;
     IO_CODE();
-    if (bdrv_co_get_info(bs, &bdi) < 0 || bdi.cluster_size == 0) {
-        *cluster_offset = offset;
-        *cluster_bytes = bytes;
+    if (bdrv_co_get_info(bs, &bdi) < 0 || bdi.subcluster_size == 0) {
+        *align_offset = offset;
+        *align_bytes = bytes;
     } else {
-        int64_t c = bdi.cluster_size;
-        *cluster_offset = QEMU_ALIGN_DOWN(offset, c);
-        *cluster_bytes = QEMU_ALIGN_UP(offset - *cluster_offset + bytes, c);
+        int64_t c = bdi.subcluster_size;
+        *align_offset = QEMU_ALIGN_DOWN(offset, c);
+        *align_bytes = QEMU_ALIGN_UP(offset - *align_offset + bytes, c);
     }
 }
 
@@ -XXX,XX +XXX,XX @@ bdrv_co_do_copy_on_readv(BdrvChild *child, int64_t offset, int64_t bytes,
     void *bounce_buffer = NULL;
 
     BlockDriver *drv = bs->drv;
-    int64_t cluster_offset;
-    int64_t cluster_bytes;
+    int64_t align_offset;
+    int64_t align_bytes;
     int64_t skip_bytes;
     int ret;
     int max_transfer = MIN_NON_ZERO(bs->bl.max_transfer,
@@ -XXX,XX +XXX,XX @@ bdrv_co_do_copy_on_readv(BdrvChild *child, int64_t offset, int64_t bytes,
      * BDRV_REQUEST_MAX_BYTES (even when the original read did not), which
      * is one reason we loop rather than doing it all at once.
      */
-    bdrv_round_to_clusters(bs, offset, bytes, &cluster_offset, &cluster_bytes);
-    skip_bytes = offset - cluster_offset;
+    bdrv_round_to_subclusters(bs, offset, bytes, &align_offset, &align_bytes);
+    skip_bytes = offset - align_offset;
 
     trace_bdrv_co_do_copy_on_readv(bs, offset, bytes,
-                                   cluster_offset, cluster_bytes);
+                                   align_offset, align_bytes);
 
-    while (cluster_bytes) {
+    while (align_bytes) {
         int64_t pnum;
 
         if (skip_write) {
             ret = 1; /* "already allocated", so nothing will be copied */
-            pnum = MIN(cluster_bytes, max_transfer);
+            pnum = MIN(align_bytes, max_transfer);
         } else {
-            ret = bdrv_is_allocated(bs, cluster_offset,
-                                    MIN(cluster_bytes, max_transfer), &pnum);
+            ret = bdrv_is_allocated(bs, align_offset,
+                                    MIN(align_bytes, max_transfer), &pnum);
             if (ret < 0) {
                 /*
                  * Safe to treat errors in querying allocation as if
                  * unallocated; we'll probably fail again soon on the
                  * read, but at least that will set a decent errno.
                  */
-                pnum = MIN(cluster_bytes, max_transfer);
+                pnum = MIN(align_bytes, max_transfer);
             }
 
             /* Stop at EOF if the image ends in the middle of the cluster */
@@ -XXX,XX +XXX,XX @@ bdrv_co_do_copy_on_readv(BdrvChild *child, int64_t offset, int64_t bytes,
             /* Must copy-on-read; use the bounce buffer */
             pnum = MIN(pnum, MAX_BOUNCE_BUFFER);
             if (!bounce_buffer) {
-                int64_t max_we_need = MAX(pnum, cluster_bytes - pnum);
+                int64_t max_we_need = MAX(pnum, align_bytes - pnum);
                 int64_t max_allowed = MIN(max_transfer, MAX_BOUNCE_BUFFER);
                 int64_t bounce_buffer_len = MIN(max_we_need, max_allowed);
 
@@ -XXX,XX +XXX,XX @@ bdrv_co_do_copy_on_readv(BdrvChild *child, int64_t offset, int64_t bytes,
             }
             qemu_iovec_init_buf(&local_qiov, bounce_buffer, pnum);
 
-            ret = bdrv_driver_preadv(bs, cluster_offset, pnum,
+            ret = bdrv_driver_preadv(bs, align_offset, pnum,
                                      &local_qiov, 0, 0);
             if (ret < 0) {
                 goto err;
@@ -XXX,XX +XXX,XX @@ bdrv_co_do_copy_on_readv(BdrvChild *child, int64_t offset, int64_t bytes,
                 /* FIXME: Should we (perhaps conditionally) be setting
                  * BDRV_REQ_MAY_UNMAP, if it will allow for a sparser copy
                  * that still correctly reads as zero? */
-                ret = bdrv_co_do_pwrite_zeroes(bs, cluster_offset, pnum,
+                ret = bdrv_co_do_pwrite_zeroes(bs, align_offset, pnum,
                                                BDRV_REQ_WRITE_UNCHANGED);
             } else {
                 /* This does not change the data on the disk, it is not
                  * necessary to flush even in cache=writethrough mode.
                  */
-                ret = bdrv_driver_pwritev(bs, cluster_offset, pnum,
+                ret = bdrv_driver_pwritev(bs, align_offset, pnum,
                                           &local_qiov, 0,
                                           BDRV_REQ_WRITE_UNCHANGED);
             }
@@ -XXX,XX +XXX,XX @@ bdrv_co_do_copy_on_readv(BdrvChild *child, int64_t offset, int64_t bytes,
             }
         }
 
-        cluster_offset += pnum;
-        cluster_bytes -= pnum;
+        align_offset += pnum;
+        align_bytes -= pnum;
         progress += pnum - skip_bytes;
         skip_bytes = 0;
     }
diff --git a/block/mirror.c b/block/mirror.c
index XXXXXXX..XXXXXXX 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -XXX,XX +XXX,XX @@ static int coroutine_fn mirror_cow_align(MirrorBlockJob *s, int64_t *offset,
     need_cow |= !test_bit((*offset + *bytes - 1) / s->granularity,
                           s->cow_bitmap);
     if (need_cow) {
-        bdrv_round_to_clusters(blk_bs(s->target), *offset, *bytes,
-                               &align_offset, &align_bytes);
+        bdrv_round_to_subclusters(blk_bs(s->target), *offset, *bytes,
+                                  &align_offset, &align_bytes);
     }
 
     if (align_bytes > max_bytes) {
@@ -XXX,XX +XXX,XX @@ static void coroutine_fn mirror_iteration(MirrorBlockJob *s)
             int64_t target_offset;
             int64_t target_bytes;
             WITH_GRAPH_RDLOCK_GUARD() {
-                bdrv_round_to_clusters(blk_bs(s->target), offset, io_bytes,
-                                       &target_offset, &target_bytes);
+                bdrv_round_to_subclusters(blk_bs(s->target), offset, io_bytes,
+                                          &target_offset, &target_bytes);
             }
             if (target_offset == offset &&
                 target_bytes == io_bytes) {
-- 
2.41.0

From: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>

Add testcase which checks that allocations during copy-on-read are
performed on the subcluster basis when subclusters are enabled in target
image.

This testcase also triggers the following assert with previous commit
not being applied, so we check that as well:

qemu-io: ../block/io.c:1236: bdrv_co_do_copy_on_readv: Assertion `skip_bytes < pnum' failed.

Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20230711172553.234055-4-andrey.drobyshev@virtuozzo.com>
---
 tests/qemu-iotests/197     | 29 +++++++++++++++++++++++++++++
 tests/qemu-iotests/197.out | 24 ++++++++++++++++++++++++
 2 files changed, 53 insertions(+)

diff --git a/tests/qemu-iotests/197 b/tests/qemu-iotests/197
index XXXXXXX..XXXXXXX 100755
--- a/tests/qemu-iotests/197
+++ b/tests/qemu-iotests/197
@@ -XXX,XX +XXX,XX @@ $QEMU_IO -f qcow2 -C -c 'read 0 1024' "$TEST_WRAP" | _filter_qemu_io
 $QEMU_IO -f qcow2 -c map "$TEST_WRAP"
 _check_test_img
 
+echo
+echo '=== Copy-on-read with subclusters ==='
+echo
+
+# Create base and top images 64K (1 cluster) each.  Make subclusters enabled
+# for the top image
+_make_test_img 64K
+IMGPROTO=file IMGFMT=qcow2 TEST_IMG_FILE="$TEST_WRAP" \
+    _make_test_img --no-opts -o extended_l2=true -F "$IMGFMT" -b "$TEST_IMG" \
+    64K | _filter_img_create
+
+$QEMU_IO -c "write -P 0xaa 0 64k" "$TEST_IMG" | _filter_qemu_io
+
+# Allocate individual subclusters in the top image, and not the whole cluster
+$QEMU_IO -c "write -P 0xbb 28K 2K" -c "write -P 0xcc 34K 2K" "$TEST_WRAP" \
+    | _filter_qemu_io
+
+# Only 2 subclusters should be allocated in the top image at this point
+$QEMU_IMG map "$TEST_WRAP" | _filter_qemu_img_map
+
+# Actual copy-on-read operation
+$QEMU_IO -C -c "read -P 0xaa 30K 4K" "$TEST_WRAP" | _filter_qemu_io
+
+# And here we should have 4 subclusters allocated right in the middle of the
+# top image. Make sure the whole cluster remains unallocated
+$QEMU_IMG map "$TEST_WRAP" | _filter_qemu_img_map
+
+_check_test_img
+
 # success, all done
 echo '*** done'
 status=0
diff --git a/tests/qemu-iotests/197.out b/tests/qemu-iotests/197.out
index XXXXXXX..XXXXXXX 100644
--- a/tests/qemu-iotests/197.out
+++ b/tests/qemu-iotests/197.out
@@ -XXX,XX +XXX,XX @@ read 1024/1024 bytes at offset 0
 1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 1 KiB (0x400) bytes     allocated at offset 0 bytes (0x0)
 No errors were found on the image.
+
+=== Copy-on-read with subclusters ===
+
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=65536
+Formatting 'TEST_DIR/t.wrap.IMGFMT', fmt=IMGFMT size=65536 backing_file=TEST_DIR/t.IMGFMT backing_fmt=IMGFMT
+wrote 65536/65536 bytes at offset 0
+64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 2048/2048 bytes at offset 28672
+2 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 2048/2048 bytes at offset 34816
+2 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+Offset          Length          File
+0               0x7000          TEST_DIR/t.IMGFMT
+0x7000          0x800           TEST_DIR/t.wrap.IMGFMT
+0x7800          0x1000          TEST_DIR/t.IMGFMT
+0x8800          0x800           TEST_DIR/t.wrap.IMGFMT
+0x9000          0x7000          TEST_DIR/t.IMGFMT
+read 4096/4096 bytes at offset 30720
+4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+Offset          Length          File
+0               0x7000          TEST_DIR/t.IMGFMT
+0x7000          0x2000          TEST_DIR/t.wrap.IMGFMT
+0x9000          0x7000          TEST_DIR/t.IMGFMT
+No errors were found on the image.
 *** done
-- 
2.41.0

liburing does not clear sqe->user_data. We must do it ourselves to avoid
undefined behavior in process_cqe() when user_data is used.

Note that fdmon-io_uring is currently disabled, so this is a latent bug
that does not affect users. Let's merge this fix now to make it easier
to enable fdmon-io_uring in the future (and I'm working on that).

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20230426212639.82310-1-stefanha@redhat.com>
---
 util/fdmon-io_uring.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/util/fdmon-io_uring.c b/util/fdmon-io_uring.c
index XXXXXXX..XXXXXXX 100644
--- a/util/fdmon-io_uring.c
+++ b/util/fdmon-io_uring.c
@@ -XXX,XX +XXX,XX @@ static void add_poll_remove_sqe(AioContext *ctx, AioHandler *node)
 #else
     io_uring_prep_poll_remove(sqe, node);
 #endif
+    io_uring_sqe_set_data(sqe, NULL);
 }
 
 /* Add a timeout that self-cancels when another cqe becomes ready */
@@ -XXX,XX +XXX,XX @@ static void add_timeout_sqe(AioContext *ctx, int64_t ns)
 
     sqe = get_sqe(ctx);
     io_uring_prep_timeout(sqe, &ts, 1, 0);
+    io_uring_sqe_set_data(sqe, NULL);
 }
 
 /* Add sqes from ctx->submit_list for submission */
-- 
2.41.0