Merge tag 'pull-vfio-20250715' of https://github.com/legoater/qemu into staging

vfio queue:

* Fixed vfio-user issues reported by Coverity
* Tweaked VFIO migration with multifd to support aarch64
* Introduced a property to override a device PCI class code

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmh2ciAACgkQUaNDx8/7
# 7KErLQ/+PyyV+lGPvqNzFaNL3w9LVDiCzppPZ5dIkJ7MuwFAgonltzQS/HpoGOLW
# NMMJlDyBpilGO4pB8BGRL/Le4lZPQ+41zeCfOjG4q5cB9gYFAazj5356HOJNCsvH
# xVeBINOrwcyqa5b31UN8gRsakcJjlBv7rSDhzGPedbjek7hmfYP9Y5EBr39yx5jU
# Qw9WdI4Jxfwrz9pNkZstKNCHJDeSn8hwO4huAd6doC/Lno8rNleslALr+VdEfN7c
# SaZ+opCiNGAowzD0Whg3wnsWa/wlczkPgcQ/qa3xH0D33AGhDXCJMDdNMXeZMBra
# hjepQPPD8X6XXCBdRg7BavtxtjLAJSlghBTU5hZ+CJ/Pabyjhjh7rSmEcro2IvfL
# ++ZAakwj3tj1sBYuT0u0C5eBeieSKroInz3r7zqLPyxeYDBvD+IPySxcqgA2w3cX
# oJYgshQQHe4T4xdZKnWU2isWqkJ/X49sl7lIYCld1MgnGoZ/qEugmowsSzdnaJPG
# Rq2T8G7tk/HYDQlGbNgEsBTeHJod1ZbNw00hs1DesbJLdT4OF0d5XzxvPIHHdsHc
# 9N+NCLr22gMWBi1IMqM0X8Fx5rZYKiDChW2D9onnDXUEqXT5BI+5YYefIPFQJ2xy
# fggbGXqKBfkUPoFlM8E19/dZSotgxyAS9wO3A3kx/z+J3+f24XI=
# =Ns5P
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 15 Jul 2025 11:22:08 EDT
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [full]
# gpg:                 aka "Cédric Le Goater <clg@kaod.org>" [full]
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* tag 'pull-vfio-20250715' of https://github.com/legoater/qemu:
  vfio/migration: Max in-flight VFIO device state buffers size limit
  vfio/migration: Add x-migration-load-config-after-iter VFIO property
  vfio/pci: Introduce x-pci-class-code option
  hw/vfio-user: fix use of uninitialized variable
  hw/vfio-user: wait for proxy close correctly
  hw/vfio: fix region fd initialization
  hw/vfio-user: add Cédric Le Goater as a maintainer

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

1 files changed, 19 insertions, 0 deletions

diff --git a/docs/devel/migration/vfio.rst b/docs/devel/migration/vfio.rst
index 2d8e5ca..0790e50 100644
--- a/docs/devel/migration/vfio.rst
+++ b/docs/devel/migration/vfio.rst
@@ -247,3 +247,22 @@ The multifd VFIO device state transfer is controlled by
 "x-migration-multifd-transfer" VFIO device property. This property defaults to
 AUTO, which means that VFIO device state transfer via multifd channels is
 attempted in configurations that otherwise support it.
+
+Since the target QEMU needs to load device state buffers in-order it needs to
+queue incoming buffers until they can be loaded into the device.
+This means that a malicious QEMU source could theoretically cause the target
+QEMU to allocate unlimited amounts of memory for such buffers-in-flight.
+
+The "x-migration-max-queued-buffers-size" property allows capping the total size
+of these VFIO device state buffers queued at the destination.
+
+Because a malicious QEMU source causing OOM on the target is not expected to be
+a realistic threat in most of VFIO live migration use cases and the right value
+depends on the particular setup by default this queued buffers size limit is
+disabled by setting it to UINT64_MAX.
+
+Some host platforms (like ARM64) require that VFIO device config is loaded only
+after all iterables were loaded, during non-iterables loading phase.
+Such interlocking is controlled by "x-migration-load-config-after-iter" VFIO
+device property, which in its default setting (AUTO) does so only on platforms
+that actually require it.