QEMU, one of the silent pillars of the open-source virtualization and emulation ecosystem, closed 2025 with a significant update. The 10.2.0 version, officially announced on December 24th (with the tarball published on the download page on December 23rd), arrives with a development pace that once again puts the project’s size into perspective: more than 2,300 commits signed by 188 authors for a release that impacts everything from architecture laboratories to private cloud platforms and enterprise environments.
In a market where much of the conversation revolves around “branded” hypervisors or comprehensive suites, QEMU continues playing a different game: powering the engines that enable many upper layers — managers, orchestrators, and panels — to run virtual machines efficiently and with compatibility. That’s why every QEMU update usually translates into real changes for system administrators, infrastructure operators, and security teams.
io_uring in the main loop: performance with a future-facing commitment
The most repeated technical headline around QEMU 10.2 is the adoption of io_uring in the main loop when the host system supports it. Practically, this move aims to reduce I/O costs and open the door to additional optimizations, especially in scenarios intensive in asynchronous operations.
It’s not just a one-off “trick” or cosmetic change: it’s an architectural decision. In virtualization, where performance is measured in small latencies and long queues, improving main loop efficiency can have cumulative effects on mixed workloads, virtual storage, and high-event networks. The community itself presents it as an enabler for “better performance” and new capabilities in the medium term.
‘cpr-exec’: hot updates with lower overhead
The other major feature of this release is the new ‘cpr-exec’ migration mode, described as a foundation for “live updates”. The idea is to reduce resource consumption when updating virtual machines and potentially reusing existing state and connections during the process.
While live migration isn’t new in virtualization, the nuance here lies in the intent: transforming component updates into less “heavy” and more repeatable operations. For operators working between maintenance windows, scheduled changes, and continuity demands, any improvement that minimizes friction and resource use is significant — even before it becomes standard practice in management platforms.
FreeBSD and 9pfs: a nod to mixed environments and real-world needs
QEMU 10.2 also introduces 9pfs support (shared filesystem) on FreeBSD hosts, a feature that might seem niche but aligns with a growing reality: heterogeneous infrastructures, teams with specific requirements, and labs not exclusively based on Linux.
Additionally, the release emphasizes that there are “many fixes and improvements” in user-mode emulation — an area less visible than classic virtualization but critical for cross-binary testing, portability, development environments, and compatibility.
ARM, PowerPC, s390x, and RISC-V: progress where it counts
The highlights list for QEMU 10.2 clearly shows that the project isn’t limited to x86:
- ARM gains support for new CPU features (like FEAT_SCTLR2, FEAT_TCR2, FEAT_LSE128, or FEAT_GCS) and adds a new board model ‘amd-versal2-virt’, along with improvements in existing models.
- PowerPC supports PowerNV11 and PPE42, and incorporates FADUMP for pSeries, a relevant capability for scenarios where memory dumps and failure recovery are part of operational procedures.
- s390x enhances performance of virtio-pci via irqfd, a technical detail well aligned with IBM Z’s enterprise focus and ecosystem.
- RISC-V appears with “numerous fixes and improvements,” a reminder that the architecture continues maturing in emulation as its presence in research and development grows.
Furthermore, in the less-publicized but equally important section, QEMU 10.2 adds emulation for an HP 715/64 station (HPPA) and support for specific components (NCR 53c710 SCSI controller and HP LASI multi-I/O chip), progress often driven by community efforts and programs like Google Summer of Code.
Security: QEMU clarifies what is considered “secure virtualization”
One of the most significant — and less “viral” — changes isn’t a feature but a message: QEMU strengthens its documentation on security requirements and more precisely defines what it considers covered under its support policy from an isolation standpoint.
In its documentation, the project distinguishes between a virtualization use case (cloud, VPS, traditional data centers, desktop virtualization) and non-virtualization (emulation with TCG). For the former, QEMU emphasizes that, to be within the scope of guarantees, a virtualization accelerator (e.g., KVM or HVF) must be used along with specific machine types per architecture (such as q35/pc on x86_64 or virt on aarch64 and riscv). Outside this list, the project warns that security guarantees should not be assumed.
Practically, this entails operational implications: it requires reviewing inherited defaults, VM templates, and machine-type choices when aiming for a robust security posture. It also feeds into an increasingly common debate in modern infrastructure: virtualization isn’t enough; it must be done with parameters and models aligned with support and security expectations of the stack.
Clean-up and maintenance: less legacy, more clarity
As with mature projects, QEMU 10.2 also trims unnecessary baggage. Among the notable changes are the removal of deprecated VFIO drivers and the discontinuation of support for the old Arm PXA family. Though affecting minorities, these decisions help keep the project manageable and focus efforts on what’s actively used today.
Additional improvements include enhancements in the cryptography subsystem (with “sanity checks”) and the addition of RPMB (Replay Protected Memory Block) emulation for eMMC devices, a detail relevant where data integrity and specific security properties are critical.
A release arriving at a pivotal moment for open virtualization
QEMU doesn’t seek headlines; it depends on being a core component: it’s the underlying layer many virtualization stacks and private clouds rely on. That’s why a version like 10.2 is significant—even if it lacks a marketing campaign. Performance improvements with io_uring, a pathway for “live updates,” cross-platform support (including FreeBSD), and a more explicit security framework signal a project that not only advances but also strives to reduce gray areas.
And during a period when many organizations review costs, control, and infrastructure strategies—including transitions to KVM-based solutions— the evolution of the virtualization engine is just as important as the hypervisor or management platform being displayed.
Frequently Asked Questions
What does io_uring bring to QEMU 10.2 for virtualization workloads on Linux?
It can improve main loop efficiency on compatible systems, potentially impacting performance and latencies by handling I/O and events more modernly.
What is the ‘cpr-exec’ mode, and why is it associated with “live update” for VMs?
It’s a new migration mode designed to reduce resource usage during VM updates and to potentially reuse state and connections during the process.
What are QEMU’s security policies regarding “supported machine types”?
QEMU states that for virtualization guarantees, an accelerator (like KVM/HVF) and specific machine types per architecture must be used; outside that, security guarantees should not be assumed.
Which architectures benefit most from QEMU 10.2 in professional environments?
Besides x86_64, there are significant improvements for ARM, s390x, and PowerPC, along with ongoing support and fixes for RISC-V, impacting data centers, research, and specialized platforms.
Source: