More recent kernels sometimes expose new registers in an
unconditionnal manner. This situation breaks backward migration
as qemu notices there are more registers in the input stream
than supported on the destination host. This leads to a
"failed to load cpu:cpreg_vmstate_array_len" error.
A good example is the introduction of KVM_REG_ARM_VENDOR_HYP_BMAP_2
pseudo FW register in v6.16 by commit C0000e58c74e (“KVM: arm64:
Introduce KVM_REG_ARM_VENDOR_HYP_BMAP_2”). Trying to do backward
migration from a host kernel that features the commit to a destination
host that doesn't, fail with above error.
Currently QEMU is not using that feature so ignoring this latter
is not a problem. An easy way to fix the migration issue is to teach
qemu we don't care about that register and we can simply ignore it
when syncing its state during migration.
This patch introduces an array of such hidden registers. Soon it will
be settable through an array property.
If hidden, the register is moved out of the array of cpreg which is
built in kvm_arm_init_cpreg_list(). That way their state won't be
synced.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
---
v1 -> v2:
- Move the property in a separate patch
- improve the commit msg
- change the trace point to just print info in
kvm_arm_init_cpreg_list()
- improve comment in cpu.h (Connie)
---
target/arm/cpu.h | 20 ++++++++++++++++++++
target/arm/kvm.c | 12 +++++++++++-
target/arm/trace-events | 2 ++
3 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 077b0cce5b..dcbdeaa742 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1044,6 +1044,15 @@ struct ArchCPU {
/* KVM steal time */
OnOffAuto kvm_steal_time;
+ /*
+ * Array of register indexes that need to be hidden to allow migration
+ * in certain cases, i.e. when a register is exposed in KVM or defined
+ * in TCG but not actually used in QEMU. Indexes are described in Linux
+ * Documentation/virt/kvm/api.rst for both KVM and TCG.
+ */
+ uint64_t *hidden_regs;
+ uint32_t nr_hidden_regs;
+
/* Uniprocessor system with MP extensions */
bool mp_is_up;
@@ -1184,6 +1193,17 @@ struct ARMCPUClass {
ResettablePhases parent_phases;
};
+static inline bool
+arm_cpu_hidden_reg(ARMCPU *cpu, uint64_t regidx)
+{
+ for (int i = 0; i < cpu->nr_hidden_regs; i++) {
+ if (cpu->hidden_regs[i] == regidx) {
+ return true;
+ }
+ }
+ return false;
+}
+
/* Callback functions for the generic timer's timers. */
void arm_gt_ptimer_cb(void *opaque);
void arm_gt_vtimer_cb(void *opaque);
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 58c6075a9e..575a668f49 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -788,7 +788,10 @@ static int kvm_arm_init_cpreg_list(ARMCPU *cpu)
qsort(&rlp->reg, rlp->n, sizeof(rlp->reg[0]), compare_u64);
for (i = 0, arraylen = 0; i < rlp->n; i++) {
- if (!kvm_arm_reg_syncs_via_cpreg_list(rlp->reg[i])) {
+ uint64_t regidx = rlp->reg[i];
+
+ if (!kvm_arm_reg_syncs_via_cpreg_list(regidx) ||
+ arm_cpu_hidden_reg(cpu, regidx)) {
continue;
}
switch (rlp->reg[i] & KVM_REG_SIZE_MASK) {
@@ -804,6 +807,8 @@ static int kvm_arm_init_cpreg_list(ARMCPU *cpu)
arraylen++;
}
+ trace_kvm_arm_init_cpreg_list_arraylen(arraylen);
+
cpu->cpreg_indexes = g_renew(uint64_t, cpu->cpreg_indexes, arraylen);
cpu->cpreg_values = g_renew(uint64_t, cpu->cpreg_values, arraylen);
cpu->cpreg_vmstate_indexes = g_renew(uint64_t, cpu->cpreg_vmstate_indexes,
@@ -815,9 +820,14 @@ static int kvm_arm_init_cpreg_list(ARMCPU *cpu)
for (i = 0, arraylen = 0; i < rlp->n; i++) {
uint64_t regidx = rlp->reg[i];
+
if (!kvm_arm_reg_syncs_via_cpreg_list(regidx)) {
continue;
}
+ if (arm_cpu_hidden_reg(cpu, regidx)) {
+ trace_kvm_arm_init_cpreg_list_skip_hidden_reg(rlp->reg[i]);
+ continue;
+ }
cpu->cpreg_indexes[arraylen] = regidx;
arraylen++;
}
diff --git a/target/arm/trace-events b/target/arm/trace-events
index 0a5ed3e69d..20f4b4f2cd 100644
--- a/target/arm/trace-events
+++ b/target/arm/trace-events
@@ -14,6 +14,8 @@ arm_gt_update_irq(int timer, int irqstate) "gt_update_irq: timer %d irqstate %d"
# kvm.c
kvm_arm_fixup_msi_route(uint64_t iova, uint64_t gpa) "MSI iova = 0x%"PRIx64" is translated into 0x%"PRIx64
kvm_arm_cpu_post_load_missing_reg(char *name) "Missing register in input stream: %s"
+kvm_arm_init_cpreg_list_arraylen(uint32_t arraylen) "arraylen=%d"
+kvm_arm_init_cpreg_list_skip_hidden_reg(uint64_t regidx) "hidden 0x%"PRIx64" is skipped"
# cpu.c
arm_cpu_reset(uint64_t mp_aff) "cpu %" PRIu64
--
2.52.0
On Tue, 25 Nov 2025, Eric Auger wrote: > More recent kernels sometimes expose new registers in an > unconditionnal manner. This situation breaks backward migration > as qemu notices there are more registers in the input stream > than supported on the destination host. This leads to a > "failed to load cpu:cpreg_vmstate_array_len" error. > > A good example is the introduction of KVM_REG_ARM_VENDOR_HYP_BMAP_2 > pseudo FW register in v6.16 by commit C0000e58c74e (“KVM: arm64: > Introduce KVM_REG_ARM_VENDOR_HYP_BMAP_2”). Trying to do backward > migration from a host kernel that features the commit to a destination > host that doesn't, fail with above error. > > Currently QEMU is not using that feature so ignoring this latter > is not a problem. An easy way to fix the migration issue is to teach > qemu we don't care about that register and we can simply ignore it > when syncing its state during migration. > > This patch introduces an array of such hidden registers. Soon it will > be settable through an array property. > > If hidden, the register is moved out of the array of cpreg which is > built in kvm_arm_init_cpreg_list(). That way their state won't be > synced. > > Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Sebastian Ott <sebott@redhat.com>
On Tue, Nov 25 2025, Eric Auger <eric.auger@redhat.com> wrote: > More recent kernels sometimes expose new registers in an > unconditionnal manner. This situation breaks backward migration > as qemu notices there are more registers in the input stream > than supported on the destination host. This leads to a > "failed to load cpu:cpreg_vmstate_array_len" error. > > A good example is the introduction of KVM_REG_ARM_VENDOR_HYP_BMAP_2 > pseudo FW register in v6.16 by commit C0000e58c74e (“KVM: arm64: > Introduce KVM_REG_ARM_VENDOR_HYP_BMAP_2”). Trying to do backward > migration from a host kernel that features the commit to a destination > host that doesn't, fail with above error. > > Currently QEMU is not using that feature so ignoring this latter > is not a problem. An easy way to fix the migration issue is to teach > qemu we don't care about that register and we can simply ignore it > when syncing its state during migration. > > This patch introduces an array of such hidden registers. Soon it will > be settable through an array property. > > If hidden, the register is moved out of the array of cpreg which is > built in kvm_arm_init_cpreg_list(). That way their state won't be > synced. I'm wondering whether the patch description should also mention non-KVM cases (e.g. the bogus reg that was exposed). It might also make sense to merge patch 5 here? > > Signed-off-by: Eric Auger <eric.auger@redhat.com> Otherwise, LGTM.
On 11/25/25 6:04 PM, Cornelia Huck wrote: > On Tue, Nov 25 2025, Eric Auger <eric.auger@redhat.com> wrote: > >> More recent kernels sometimes expose new registers in an >> unconditionnal manner. This situation breaks backward migration >> as qemu notices there are more registers in the input stream >> than supported on the destination host. This leads to a >> "failed to load cpu:cpreg_vmstate_array_len" error. >> >> A good example is the introduction of KVM_REG_ARM_VENDOR_HYP_BMAP_2 >> pseudo FW register in v6.16 by commit C0000e58c74e (“KVM: arm64: >> Introduce KVM_REG_ARM_VENDOR_HYP_BMAP_2”). Trying to do backward >> migration from a host kernel that features the commit to a destination >> host that doesn't, fail with above error. >> >> Currently QEMU is not using that feature so ignoring this latter >> is not a problem. An easy way to fix the migration issue is to teach >> qemu we don't care about that register and we can simply ignore it >> when syncing its state during migration. >> >> This patch introduces an array of such hidden registers. Soon it will >> be settable through an array property. >> >> If hidden, the register is moved out of the array of cpreg which is >> built in kvm_arm_init_cpreg_list(). That way their state won't be >> synced. > I'm wondering whether the patch description should also mention non-KVM > cases (e.g. the bogus reg that was exposed). It might also make sense to > merge patch 5 here? Actually the AArch32 DBGDTRTX is not "hidden" on destination but rather marked as safe to ignore in the incoming stream (so the other category). So I don't have any example of TCG usage for this category. wrt potiential merge I agree they could. 2nd patch is an enforcement of non access so I prefer to keep them separate but will put them contiguously in the series. Eric > >> Signed-off-by: Eric Auger <eric.auger@redhat.com> > Otherwise, LGTM. >
Hi Connie On 12/22/25 2:17 PM, Eric Auger wrote: > > > On 11/25/25 6:04 PM, Cornelia Huck wrote: >> On Tue, Nov 25 2025, Eric Auger <eric.auger@redhat.com> wrote: >> >>> More recent kernels sometimes expose new registers in an >>> unconditionnal manner. This situation breaks backward migration >>> as qemu notices there are more registers in the input stream >>> than supported on the destination host. This leads to a >>> "failed to load cpu:cpreg_vmstate_array_len" error. >>> >>> A good example is the introduction of KVM_REG_ARM_VENDOR_HYP_BMAP_2 >>> pseudo FW register in v6.16 by commit C0000e58c74e (“KVM: arm64: >>> Introduce KVM_REG_ARM_VENDOR_HYP_BMAP_2”). Trying to do backward >>> migration from a host kernel that features the commit to a destination >>> host that doesn't, fail with above error. >>> >>> Currently QEMU is not using that feature so ignoring this latter >>> is not a problem. An easy way to fix the migration issue is to teach >>> qemu we don't care about that register and we can simply ignore it >>> when syncing its state during migration. >>> >>> This patch introduces an array of such hidden registers. Soon it will >>> be settable through an array property. >>> >>> If hidden, the register is moved out of the array of cpreg which is >>> built in kvm_arm_init_cpreg_list(). That way their state won't be >>> synced. >> I'm wondering whether the patch description should also mention non-KVM >> cases (e.g. the bogus reg that was exposed). It might also make sense to >> merge patch 5 here? > > Actually the AArch32 DBGDTRTX is not "hidden" on destination but rather > marked as safe to ignore in the incoming stream (so the other category). > So I don't have any example of TCG usage for this category. > > wrt potiential merge I agree they could. 2nd patch is an enforcement of > non access so I prefer to keep them separate but will put them > contiguously in the series. Sorry I mixed up with 6/11. I will squash 5/11 in this patch. Thanks! Eric> > Eric >> >>> Signed-off-by: Eric Auger <eric.auger@redhat.com> >> Otherwise, LGTM. >> >
© 2016 - 2026 Red Hat, Inc.