Commit 4022a1dcee for qemu.org

commit 4022a1dceea88a15b871591141c5b77f5f0748a3
Author: Ross Lagerwall <ross.lagerwall@citrix.com>
Date:   Thu Jan 8 13:25:14 2026 +0000

    xen-hvm: Handle framebuffer relocation

    It is possible for a guest to relocate the linear framebuffer by writing
    to the VGA device's BAR. This causes QEMU to report an error and if the
    VM is migrated, the destination QEMU hits an assertion.
    The problem is that updating the BAR causes the PCI core code to call
    the del region callback followed by the add region callback but the
    xen-hvm code ignores the del region call and therefore the subsequent
    call to xen_relocate_memory() during the add region callback fails
    because the source address is not correct.

    Fix it by calling in to xen_remove_from_physmap() in response to a
    del region callback for the linear framebuffer so that the subsequent
    add region callback succeeds.

    Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
    Reviewed-by: Anthony PERARD <anthony.perard@vates.tech>
    Message-ID: <20260108132514.1862552-1-ross.lagerwall@citrix.com>
    Signed-off-by: Anthony PERARD <anthony.perard@vates.tech>

diff --git a/hw/i386/xen/xen-hvm.c b/hw/i386/xen/xen-hvm.c
index a6e1683885..fd7ef56bdb 100644
--- a/hw/i386/xen/xen-hvm.c
+++ b/hw/i386/xen/xen-hvm.c
@@ -720,7 +720,8 @@ void arch_xen_set_memory(XenIOState *state, MemoryRegionSection *section,
         return;
     }

-    if (log_dirty != add) {
+    if (log_dirty != add &&
+        !(section->mr == framebuffer && start_addr > 0xbffff)) {
         return;
     }