2003-03-24 00:28:45 +03:00
\input texinfo @c -*- texinfo -*-
2006-05-01 01:58:41 +04:00
@c %**start of header
@setfilename qemu-doc.info
2017-06-06 17:59:37 +03:00
@include version.texi
2010-02-06 01:52:00 +03:00
@documentlanguage en
@documentencoding UTF-8
2017-06-06 17:59:37 +03:00
@settitle QEMU version @value{VERSION} User Documentation
2006-05-01 01:58:41 +04:00
@exampleindent 0
@paragraphindent 0
@c %**end of header
2003-03-24 00:28:45 +03:00
2010-02-06 01:51:59 +03:00
@ifinfo
@direntry
* QEMU: (qemu-doc). The QEMU Emulator User Documentation.
@end direntry
@end ifinfo
2003-10-01 04:15:32 +04:00
@iftex
2003-03-24 00:28:45 +03:00
@titlepage
@sp 7
2017-06-06 17:59:37 +03:00
@center @titlefont{QEMU version @value{VERSION}}
2006-05-01 01:58:41 +04:00
@sp 1
@center @titlefont{User Documentation}
2003-03-24 00:28:45 +03:00
@sp 3
@end titlepage
2003-10-01 04:15:32 +04:00
@end iftex
2003-03-24 00:28:45 +03:00
2006-05-01 01:58:41 +04:00
@ifnottex
@node Top
@top
@menu
* Introduction::
* QEMU PC System emulator::
* QEMU System emulator for non PC targets::
2017-05-22 23:53:29 +03:00
* QEMU Guest Agent::
2007-02-05 22:42:07 +03:00
* QEMU User space emulator::
2016-10-06 17:12:11 +03:00
* Implementation notes::
2017-07-25 14:36:38 +03:00
* Deprecated features::
2010-02-06 01:52:03 +03:00
* License::
2006-05-01 01:58:41 +04:00
* Index::
@end menu
@end ifnottex
@contents
@node Introduction
2003-03-24 00:28:45 +03:00
@chapter Introduction
2006-05-01 01:58:41 +04:00
@menu
* intro_features:: Features
@end menu
@node intro_features
2003-06-16 03:29:28 +04:00
@section Features
2003-03-24 00:28:45 +03:00
2004-04-04 19:21:17 +04:00
QEMU is a FAST! processor emulator using dynamic translation to
achieve good emulation speed.
2003-06-25 20:21:49 +04:00
2016-10-06 15:59:26 +03:00
@cindex operating modes
2003-06-25 20:21:49 +04:00
QEMU has two operating modes:
2003-10-01 04:15:32 +04:00
2010-02-06 01:52:02 +03:00
@itemize
2010-02-06 01:52:03 +03:00
@cindex system emulation
2016-10-06 15:59:26 +03:00
@item Full system emulation. In this mode, QEMU emulates a full system (for
2005-12-18 23:11:37 +03:00
example a PC), including one or several processors and various
peripherals. It can be used to launch different Operating Systems
without rebooting the PC or to debug system code.
2003-06-25 20:21:49 +04:00
2010-02-06 01:52:03 +03:00
@cindex user mode emulation
2016-10-06 15:59:26 +03:00
@item User mode emulation. In this mode, QEMU can launch
2007-02-05 22:42:07 +03:00
processes compiled for one CPU on another CPU. It can be used to
2004-04-04 19:21:17 +04:00
launch the Wine Windows API emulator (@url{http://www.winehq.org}) or
to ease cross-compilation and cross-debugging.
2003-06-25 20:21:49 +04:00
@end itemize
2016-10-06 15:59:26 +03:00
QEMU has the following features:
@itemize
@item QEMU can run without a host kernel driver and yet gives acceptable
performance. It uses dynamic translation to native code for reasonable speed,
with support for self-modifying code and precise exceptions.
@item It is portable to several operating systems (GNU/Linux, *BSD, Mac OS X,
Windows) and architectures.
@item It performs accurate software emulation of the FPU.
@end itemize
2003-06-16 03:29:28 +04:00
2016-10-06 15:59:26 +03:00
QEMU user mode emulation has the following features:
2004-04-26 01:27:03 +04:00
@itemize
2016-10-06 15:59:26 +03:00
@item Generic Linux system call converter, including most ioctls.
@item clone() emulation using native CPU clone() to use Linux scheduler for threads.
@item Accurate signal handling by remapping host signals to target signals.
@end itemize
QEMU full system emulation has the following features:
@itemize
@item
QEMU uses a full software MMU for maximum portability.
@item
QEMU can optionally use an in-kernel accelerator, like kvm. The accelerators
execute most of the guest code natively, while
continuing to emulate the rest of the machine.
@item
Various hardware devices can be emulated and in some cases, host
devices (e.g. serial and parallel ports, USB, drives) can be used
transparently by the guest Operating System. Host device passthrough
can be used for talking to external physical peripherals (e.g. a
webcam, modem or tape drive).
@item
Symmetric multiprocessing (SMP) support. Currently, an in-kernel
accelerator is required to use more than one host CPU for emulation.
2004-04-26 01:27:03 +04:00
@end itemize
2003-03-24 00:28:45 +03:00
2003-10-01 04:15:32 +04:00
2006-05-01 01:58:41 +04:00
@node QEMU PC System emulator
2005-12-18 23:11:37 +03:00
@chapter QEMU PC System emulator
2010-02-06 01:52:03 +03:00
@cindex system emulation (PC)
2003-06-25 20:21:49 +04:00
2006-05-01 01:58:41 +04:00
@menu
* pcsys_introduction:: Introduction
* pcsys_quickstart:: Quick Start
* sec_invocation:: Invocation
2016-02-16 20:28:58 +03:00
* pcsys_keys:: Keys in the graphical frontends
* mux_keys:: Keys in the character backend multiplexer
2006-05-01 01:58:41 +04:00
* pcsys_monitor:: QEMU Monitor
* disk_images:: Disk Images
* pcsys_network:: Network emulation
2011-01-07 20:59:14 +03:00
* pcsys_other_devs:: Other Devices
2006-05-01 01:58:41 +04:00
* direct_linux_boot:: Direct Linux Boot
* pcsys_usb:: USB emulation
2007-08-25 05:40:37 +04:00
* vnc_security:: VNC security
2006-05-01 01:58:41 +04:00
* gdb_usage:: GDB usage
* pcsys_os_specific:: Target OS specific information
@end menu
@node pcsys_introduction
2003-10-01 04:15:32 +04:00
@section Introduction
@c man begin DESCRIPTION
2005-12-18 23:11:37 +03:00
The QEMU PC System emulator simulates the
following peripherals:
2003-10-01 04:15:32 +04:00
@itemize @minus
2007-09-17 01:08:06 +04:00
@item
2004-07-09 01:26:26 +04:00
i440FX host PCI bridge and PIIX3 PCI to ISA bridge
2003-10-01 04:15:32 +04:00
@item
2004-07-09 01:26:26 +04:00
Cirrus CLGD 5446 PCI VGA card or dummy VGA card with Bochs VESA
extensions (hardware level, including all non standard modes).
2003-10-01 04:15:32 +04:00
@item
PS/2 mouse and keyboard
2007-09-17 01:08:06 +04:00
@item
2004-07-09 01:26:26 +04:00
2 PCI IDE interfaces with hard disk and CD-ROM support
2004-04-04 19:21:17 +04:00
@item
Floppy disk
2007-09-17 01:08:06 +04:00
@item
2009-06-06 20:05:58 +04:00
PCI and ISA network adapters
2003-10-01 04:15:32 +04:00
@item
2004-08-25 01:12:04 +04:00
Serial ports
@item
2015-12-17 21:50:04 +03:00
IPMI BMC, either and internal or external one
@item
2005-11-05 21:55:28 +03:00
Creative SoundBlaster 16 sound card
@item
ENSONIQ AudioPCI ES1370 sound card
@item
2008-01-14 07:27:55 +03:00
Intel 82801AA AC97 Audio compatible sound card
@item
2010-11-01 18:57:48 +03:00
Intel HD Audio Controller and HDA codec
@item
2011-01-07 20:59:15 +03:00
Adlib (OPL2) - Yamaha YM3812 compatible chip
2005-11-06 19:49:55 +03:00
@item
2008-01-18 00:47:25 +03:00
Gravis Ultrasound GF1 sound card
@item
2008-06-13 14:48:22 +04:00
CS4231A compatible sound card
@item
2017-05-08 18:13:49 +03:00
PCI UHCI, OHCI, EHCI or XHCI USB controller and a virtual USB-1.1 hub.
2003-10-01 04:15:32 +04:00
@end itemize
2005-12-18 23:11:37 +03:00
SMP is supported with up to 255 CPUs.
2013-06-28 10:08:16 +04:00
QEMU uses the PC BIOS from the Seabios project and the Plex86/Bochs LGPL
2004-07-09 01:26:26 +04:00
VGA BIOS.
2005-11-05 21:55:28 +03:00
QEMU uses YM3812 emulation by Tatsuyuki Satoh.
2011-01-07 20:59:15 +03:00
QEMU uses GUS emulation (GUSEMU32 @url{http://www.deinmeister.de/gusemu/})
2008-01-18 00:47:25 +03:00
by Tibor "TS" Schütz.
2008-01-15 01:09:11 +03:00
2011-10-25 12:22:18 +04:00
Note that, by default, GUS shares IRQ(7) with parallel ports and so
2012-05-12 00:25:50 +04:00
QEMU must be told to not have parallel ports to have working GUS.
2009-09-10 20:05:59 +04:00
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 dos.img -soundhw gus -parallel none
2009-09-10 20:05:59 +04:00
@end example
Alternatively:
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 dos.img -device gus,irq=5
2009-09-10 20:05:59 +04:00
@end example
Or some other unclaimed IRQ.
2008-06-13 14:48:22 +04:00
CS4231A is the chip used in Windows Sound System and GUSMAX products
2003-10-01 04:15:32 +04:00
@c man end
2006-05-01 01:58:41 +04:00
@node pcsys_quickstart
2003-06-25 20:21:49 +04:00
@section Quick Start
2010-02-06 01:52:03 +03:00
@cindex quick start
2003-06-25 20:21:49 +04:00
2003-10-28 02:58:04 +03:00
Download and uncompress the linux image (@file{linux.img}) and type:
2003-10-01 04:15:32 +04:00
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 linux.img
2003-10-01 04:15:32 +04:00
@end example
Linux should boot and give you a prompt.
2005-07-29 02:27:28 +04:00
@node sec_invocation
2003-07-01 03:16:33 +04:00
@section Invocation
@example
2003-10-01 04:15:32 +04:00
@c man begin SYNOPSIS
2016-01-13 23:50:26 +03:00
@command{qemu-system-i386} [@var{options}] [@var{disk_image}]
2003-10-01 04:15:32 +04:00
@c man end
2003-07-01 03:16:33 +04:00
@end example
2003-10-01 04:15:32 +04:00
@c man begin OPTIONS
2009-01-24 21:19:25 +03:00
@var{disk_image} is a raw hard disk image for IDE hard disk 0. Some
targets do not need a disk image.
2003-07-01 03:16:33 +04:00
2009-03-28 09:44:27 +03:00
@include qemu-options.texi
2003-07-01 03:16:33 +04:00
2004-07-14 21:47:14 +04:00
@c man end
2006-05-01 01:58:41 +04:00
@node pcsys_keys
2016-02-16 20:28:58 +03:00
@section Keys in the graphical frontends
2004-07-14 21:47:14 +04:00
@c man begin OPTIONS
2011-04-29 15:46:12 +04:00
During the graphical emulation, you can use special key combinations to change
modes. The default key mappings are shown below, but if you use @code{-alt-grab}
then the modifier is Ctrl-Alt-Shift (instead of Ctrl-Alt) and if you use
@code{-ctrl-grab} then the modifier is the right Ctrl key (instead of Ctrl-Alt):
2004-05-08 17:26:35 +04:00
@table @key
2004-10-03 18:33:10 +04:00
@item Ctrl-Alt-f
2010-02-06 01:52:03 +03:00
@kindex Ctrl-Alt-f
2004-05-08 17:26:35 +04:00
Toggle full screen
2004-07-14 21:38:57 +04:00
2011-07-30 13:39:16 +04:00
@item Ctrl-Alt-+
@kindex Ctrl-Alt-+
Enlarge the screen
@item Ctrl-Alt--
@kindex Ctrl-Alt--
Shrink the screen
2009-09-10 05:15:07 +04:00
@item Ctrl-Alt-u
2010-02-06 01:52:03 +03:00
@kindex Ctrl-Alt-u
2009-09-10 05:15:07 +04:00
Restore the screen's un-scaled dimensions
2004-10-03 18:33:10 +04:00
@item Ctrl-Alt-n
2010-02-06 01:52:03 +03:00
@kindex Ctrl-Alt-n
2004-07-14 21:38:57 +04:00
Switch to virtual console 'n'. Standard console mappings are:
@table @emph
@item 1
Target system display
@item 2
Monitor
@item 3
Serial port
2004-05-08 17:26:35 +04:00
@end table
2004-10-03 18:33:10 +04:00
@item Ctrl-Alt
2010-02-06 01:52:03 +03:00
@kindex Ctrl-Alt
2004-07-14 21:38:57 +04:00
Toggle mouse and keyboard grab.
@end table
2010-02-06 01:52:03 +03:00
@kindex Ctrl-Up
@kindex Ctrl-Down
@kindex Ctrl-PageUp
@kindex Ctrl-PageDown
2004-07-14 21:47:14 +04:00
In the virtual consoles, you can use @key{Ctrl-Up}, @key{Ctrl-Down},
@key{Ctrl-PageUp} and @key{Ctrl-PageDown} to move in the back log.
2016-02-16 20:28:58 +03:00
@c man end
@node mux_keys
@section Keys in the character backend multiplexer
@c man begin OPTIONS
During emulation, if you are using a character backend multiplexer
(which is the default if you are using @option{-nographic}) then
several commands are available via an escape sequence. These
key sequences all start with an escape character, which is @key{Ctrl-a}
by default, but can be changed with @option{-echr}. The list below assumes
you're using the default.
2003-07-01 03:16:33 +04:00
@table @key
2004-05-08 17:26:35 +04:00
@item Ctrl-a h
2010-02-06 01:52:03 +03:00
@kindex Ctrl-a h
2003-07-01 03:16:33 +04:00
Print this help
2007-09-17 12:09:54 +04:00
@item Ctrl-a x
2010-02-06 01:52:03 +03:00
@kindex Ctrl-a x
2006-12-11 21:35:08 +03:00
Exit emulator
2007-09-17 12:09:54 +04:00
@item Ctrl-a s
2010-02-06 01:52:03 +03:00
@kindex Ctrl-a s
2003-07-06 23:01:55 +04:00
Save disk data back to file (if -snapshot)
2007-02-18 20:04:49 +03:00
@item Ctrl-a t
2010-02-06 01:52:03 +03:00
@kindex Ctrl-a t
2009-01-24 21:19:25 +03:00
Toggle console timestamps
2004-05-08 17:26:35 +04:00
@item Ctrl-a b
2010-02-06 01:52:03 +03:00
@kindex Ctrl-a b
2004-04-04 19:21:17 +04:00
Send break (magic sysrq in Linux)
2004-05-08 17:26:35 +04:00
@item Ctrl-a c
2010-02-06 01:52:03 +03:00
@kindex Ctrl-a c
2016-02-16 20:28:58 +03:00
Rotate between the frontends connected to the multiplexer (usually
this switches between the monitor and the console)
2004-05-08 17:26:35 +04:00
@item Ctrl-a Ctrl-a
2016-02-16 20:28:58 +03:00
@kindex Ctrl-a Ctrl-a
Send the escape character to the frontend
2003-07-01 03:16:33 +04:00
@end table
2003-10-01 04:15:32 +04:00
@c man end
@ignore
2004-04-04 19:21:17 +04:00
@c man begin SEEALSO
The HTML documentation of QEMU for more precise information and Linux
user mode emulator invocation.
@c man end
@c man begin AUTHOR
Fabrice Bellard
@c man end
@end ignore
2006-05-01 01:58:41 +04:00
@node pcsys_monitor
2004-04-04 19:21:17 +04:00
@section QEMU Monitor
2010-02-06 01:52:03 +03:00
@cindex QEMU monitor
2004-04-04 19:21:17 +04:00
The QEMU monitor is used to give complex commands to the QEMU
emulator. You can use it to:
@itemize @minus
@item
2007-03-30 22:58:01 +04:00
Remove or insert removable media images
2007-11-22 01:38:37 +03:00
(such as CD-ROM or floppies).
2004-04-04 19:21:17 +04:00
2007-09-17 01:08:06 +04:00
@item
2004-04-04 19:21:17 +04:00
Freeze/unfreeze the Virtual Machine (VM) and save or restore its state
from a disk file.
@item Inspect the VM state without an external debugger.
@end itemize
@subsection Commands
The following commands are available:
2009-06-06 12:22:04 +04:00
@include qemu-monitor.texi
2003-10-01 04:15:32 +04:00
2015-09-10 18:39:01 +03:00
@include qemu-monitor-info.texi
2004-04-04 19:21:17 +04:00
@subsection Integer expressions
The monitor understands integers expressions for every integer
argument. You can use register names to get the value of specifics
CPU registers by prefixing them with @emph{$}.
2003-07-01 03:16:33 +04:00
2003-07-06 23:01:55 +04:00
@node disk_images
@section Disk Images
2017-06-06 17:59:55 +03:00
QEMU supports many disk image formats, including growable disk images
(their size increase as non empty sectors are written), compressed and
encrypted disk images.
2003-07-06 23:01:55 +04:00
2006-05-01 01:58:41 +04:00
@menu
* disk_images_quickstart:: Quick start for disk image creation
* disk_images_snapshot_mode:: Snapshot mode
2006-08-06 18:50:31 +04:00
* vm_snapshots:: VM snapshots
2006-05-01 01:58:41 +04:00
* qemu_img_invocation:: qemu-img Invocation
2008-07-03 01:18:00 +04:00
* qemu_nbd_invocation:: qemu-nbd Invocation
2012-11-21 17:21:47 +04:00
* disk_images_formats:: Disk image file formats
2006-08-19 15:45:59 +04:00
* host_drives:: Using host drives
2006-05-01 01:58:41 +04:00
* disk_images_fat_images:: Virtual FAT disk images
2008-07-03 17:41:03 +04:00
* disk_images_nbd:: NBD access
2011-02-07 10:04:04 +03:00
* disk_images_sheepdog:: Sheepdog disk images
2011-11-12 04:06:30 +04:00
* disk_images_iscsi:: iSCSI LUNs
2012-10-24 15:47:53 +04:00
* disk_images_gluster:: GlusterFS disk images
2013-04-09 18:30:53 +04:00
* disk_images_ssh:: Secure Shell (ssh) disk images
2006-05-01 01:58:41 +04:00
@end menu
@node disk_images_quickstart
2004-11-16 01:57:26 +03:00
@subsection Quick start for disk image creation
You can create a disk image with the command:
2003-07-06 23:01:55 +04:00
@example
2004-11-16 01:57:26 +03:00
qemu-img create myimage.img mysize
2003-07-06 23:01:55 +04:00
@end example
2004-11-16 01:57:26 +03:00
where @var{myimage.img} is the disk image filename and @var{mysize} is its
size in kilobytes. You can add an @code{M} suffix to give the size in
megabytes and a @code{G} suffix for gigabytes.
2006-05-01 01:58:41 +04:00
See @ref{qemu_img_invocation} for more information.
2003-07-06 23:01:55 +04:00
2006-05-01 01:58:41 +04:00
@node disk_images_snapshot_mode
2003-07-06 23:01:55 +04:00
@subsection Snapshot mode
If you use the option @option{-snapshot}, all disk images are
considered as read only. When sectors in written, they are written in
a temporary file created in @file{/tmp}. You can however force the
2004-11-16 01:57:26 +03:00
write back to the raw disk images by using the @code{commit} monitor
command (or @key{C-a s} in the serial console).
2003-07-06 23:01:55 +04:00
2006-08-06 18:50:31 +04:00
@node vm_snapshots
@subsection VM snapshots
VM snapshots are snapshots of the complete virtual machine including
CPU state, RAM, device state and the content of all the writable
disks. In order to use VM snapshots, you must have at least one non
removable and writable block device using the @code{qcow2} disk image
format. Normally this device is the first virtual hard drive.
Use the monitor command @code{savevm} to create a new VM snapshot or
replace an existing one. A human readable name can be assigned to each
2006-08-08 01:34:34 +04:00
snapshot in addition to its numerical ID.
2006-08-06 18:50:31 +04:00
Use @code{loadvm} to restore a VM snapshot and @code{delvm} to remove
a VM snapshot. @code{info snapshots} lists the available snapshots
with their associated information:
@example
(qemu) info snapshots
Snapshot devices: hda
Snapshot list (from hda):
ID TAG VM SIZE DATE VM CLOCK
1 start 41M 2006-08-06 12:38:02 00:00:14.954
2 40M 2006-08-06 12:43:29 00:00:18.633
3 msys 40M 2006-08-06 12:44:04 00:00:23.514
@end example
A VM snapshot is made of a VM state info (its size is shown in
@code{info snapshots}) and a snapshot of every writable disk image.
The VM state info is stored in the first @code{qcow2} non removable
and writable block device. The disk image snapshots are stored in
every disk image. The size of a snapshot in a disk image is difficult
to evaluate and is not shown by @code{info snapshots} because the
associated disk sectors are shared among all the snapshots to save
2006-08-08 01:34:34 +04:00
disk space (otherwise each snapshot would need a full copy of all the
disk images).
2006-08-06 18:50:31 +04:00
When using the (unrelated) @code{-snapshot} option
(@ref{disk_images_snapshot_mode}), you can always make VM snapshots,
but they are deleted as soon as you exit QEMU.
VM snapshots currently have the following known limitations:
@itemize
2007-09-17 01:08:06 +04:00
@item
2006-08-06 18:50:31 +04:00
They cannot cope with removable devices if they are removed or
inserted after a snapshot is done.
2007-09-17 01:08:06 +04:00
@item
2006-08-06 18:50:31 +04:00
A few device drivers still have incomplete snapshot support so their
state is not saved or restored properly (in particular USB).
@end itemize
2004-11-16 01:57:26 +03:00
@node qemu_img_invocation
@subsection @code{qemu-img} Invocation
2003-07-06 23:01:55 +04:00
2004-11-16 01:57:26 +03:00
@include qemu-img.texi
2004-06-17 00:34:33 +04:00
2008-07-03 01:18:00 +04:00
@node qemu_nbd_invocation
@subsection @code{qemu-nbd} Invocation
@include qemu-nbd.texi
2012-11-21 17:21:47 +04:00
@node disk_images_formats
@subsection Disk image file formats
QEMU supports many image file formats that can be used with VMs as well as with
any of the tools (like @code{qemu-img}). This includes the preferred formats
raw and qcow2 as well as formats that are supported for compatibility with
older QEMU versions or other hypervisors.
Depending on the image format, different options can be passed to
@code{qemu-img create} and @code{qemu-img convert} using the @code{-o} option.
This section describes each format and the options that are supported for it.
@table @option
@item raw
Raw disk image format. This format has the advantage of
being simple and easily exportable to all other emulators. If your
file system supports @emph{holes} (for example in ext2 or ext3 on
Linux or NTFS on Windows), then only the written sectors will reserve
space. Use @code{qemu-img info} to know the real size used by the
image or @code{ls -ls} on Unix/Linux.
2014-09-10 13:05:48 +04:00
Supported options:
@table @code
@item preallocation
Preallocation mode (allowed values: @code{off}, @code{falloc}, @code{full}).
@code{falloc} mode preallocates space for image by calling posix_fallocate().
@code{full} mode preallocates space for image by writing zeros to underlying
storage.
@end table
2012-11-21 17:21:47 +04:00
@item qcow2
QEMU image format, the most versatile format. Use it to have smaller
images (useful if your filesystem does not supports holes, for example
block: Deprecate QCOW/QCOW2 encryption
We've steered users away from QCOW/QCOW2 encryption for a while,
because it's a flawed design (commit 136cd19 Describe flaws in
qcow/qcow2 encryption in the docs).
In addition to flawed crypto, we have comically bad usability, and
plain old bugs. Let me show you.
= Example images =
I'm going to use a raw image as backing file, and two QCOW2 images,
one encrypted, and one not:
$ qemu-img create -f raw backing.img 4m
Formatting 'backing.img', fmt=raw size=4194304
$ qemu-img create -f qcow2 -o encryption,backing_file=backing.img,backing_fmt=raw geheim.qcow2 4m
Formatting 'geheim.qcow2', fmt=qcow2 size=4194304 backing_file='backing.img' backing_fmt='raw' encryption=on cluster_size=65536 lazy_refcounts=off
$ qemu-img create -f qcow2 -o backing_file=backing.img,backing_fmt=raw normal.qcow2 4m
Formatting 'normal.qcow2', fmt=qcow2 size=4194304 backing_file='backing.img' backing_fmt='raw' encryption=off cluster_size=65536 lazy_refcounts=off
= Usability issues =
== Confusing startup ==
When no image is encrypted, and you don't give -S, QEMU starts the
guest immediately:
$ qemu-system-x86_64 -nodefaults -display none -monitor stdio normal.qcow2
QEMU 2.2.50 monitor - type 'help' for more information
(qemu) info status
VM status: running
But as soon as there's an encrypted image in play, the guest is *not*
started, with no notification whatsoever:
$ qemu-system-x86_64 -nodefaults -display none -monitor stdio geheim.qcow2
QEMU 2.2.50 monitor - type 'help' for more information
(qemu) info status
VM status: paused (prelaunch)
If the user figured out that he needs to type "cont" to enter his
keys, the confusion enters the next level: "cont" asks for at most
*one* key. If more are needed, it then silently does nothing. The
user has to type "cont" once per encrypted image:
$ qemu-system-x86_64 -nodefaults -display none -monitor stdio -drive if=none,file=geheim.qcow2 -drive if=none,file=geheim.qcow2
QEMU 2.2.50 monitor - type 'help' for more information
(qemu) info status
VM status: paused (prelaunch)
(qemu) c
none0 (geheim.qcow2) is encrypted.
Password: ******
(qemu) info status
VM status: paused (prelaunch)
(qemu) c
none1 (geheim.qcow2) is encrypted.
Password: ******
(qemu) info status
VM status: running
== Incorrect passwords not caught ==
All existing encryption schemes give you the GIGO treatment: garbage
password in, garbage data out. Guests usually refuse to mount
garbage, but other usage is prone to data loss.
== Need to stop the guest to add an encrypted image ==
$ qemu-system-x86_64 -nodefaults -display none -monitor stdio
QEMU 2.2.50 monitor - type 'help' for more information
(qemu) info status
VM status: running
(qemu) drive_add "" if=none,file=geheim.qcow2
Guest must be stopped for opening of encrypted image
(qemu) stop
(qemu) drive_add "" if=none,file=geheim.qcow2
OK
Commit c3adb58 added this restriction. Before, we could expose images
lacking an encryption key to guests, with potentially catastrophic
results. See also "Use without key is not always caught".
= Bugs =
== Use without key is not always caught ==
Encrypted images can be in an intermediate state "opened, but no key".
The weird startup behavior and the need to stop the guest are there to
ensure the guest isn't exposed to that state. But other things still
are!
* drive_backup
$ qemu-system-x86_64 -nodefaults -display none -monitor stdio geheim.qcow2
QEMU 2.2.50 monitor - type 'help' for more information
(qemu) drive_backup -f ide0-hd0 out.img raw
Formatting 'out.img', fmt=raw size=4194304
I guess this writes encrypted data to raw image out.img. Good luck
with figuring out how to decrypt that again.
* commit
$ qemu-system-x86_64 -nodefaults -display none -monitor stdio geheim.qcow2
QEMU 2.2.50 monitor - type 'help' for more information
(qemu) commit ide0-hd0
I guess this writes encrypted data into the unencrypted raw backing
image, effectively destroying it.
== QMP device_add of usb-storage fails when it shouldn't ==
When the image is encrypted, device_add creates the device, defers
actually attaching it to when the key becomes available, then fails.
This is wrong. device_add must either create the device and succeed,
or do nothing and fail.
$ qemu-system-x86_64 -nodefaults -display none -usb -qmp stdio -drive if=none,id=foo,file=geheim.qcow2
{"QMP": {"version": {"qemu": {"micro": 50, "minor": 2, "major": 2}, "package": ""}, "capabilities": []}}
{ "execute": "qmp_capabilities" }
{"return": {}}
{ "execute": "device_add", "arguments": { "driver": "usb-storage", "id": "bar", "drive": "foo" } }
{"error": {"class": "DeviceEncrypted", "desc": "'foo' (geheim.qcow2) is encrypted"}}
{"execute":"device_del","arguments": { "id": "bar" } }
{"timestamp": {"seconds": 1426003440, "microseconds": 237181}, "event": "DEVICE_DELETED", "data": {"path": "/machine/peripheral/bar/bar.0/legacy[0]"}}
{"timestamp": {"seconds": 1426003440, "microseconds": 238231}, "event": "DEVICE_DELETED", "data": {"device": "bar", "path": "/machine/peripheral/bar"}}
{"return": {}}
This stuff is worse than useless, it's a trap for users.
If people become sufficiently interested in encrypted images to
contribute a cryptographically sane implementation for QCOW2 (or
whatever other format), then rewriting the necessary support around it
from scratch will likely be easier and yield better results than
fixing up the existing mess.
Let's deprecate the mess now, drop it after a grace period, and move
on.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2015-03-13 23:09:40 +03:00
on Windows), zlib based compression and support of multiple VM
snapshots.
2012-11-21 17:21:47 +04:00
Supported options:
@table @code
@item compat
2014-01-06 08:39:01 +04:00
Determines the qcow2 version to use. @code{compat=0.10} uses the
traditional image format that can be read by any QEMU since 0.10.
2012-11-21 17:21:47 +04:00
@code{compat=1.1} enables image format extensions that only QEMU 1.1 and
2014-01-06 08:39:01 +04:00
newer understand (this is the default). Amongst others, this includes
zero clusters, which allow efficient copy-on-read for sparse images.
2012-11-21 17:21:47 +04:00
@item backing_file
File name of a base image (see @option{create} subcommand)
@item backing_fmt
Image format of the base image
@item encryption
2017-06-23 19:24:19 +03:00
This option is deprecated and equivalent to @code{encrypt.format=aes}
2012-11-21 17:21:47 +04:00
2017-06-23 19:24:19 +03:00
@item encrypt.format
If this is set to @code{luks}, it requests that the qcow2 payload (not
qcow2 header) be encrypted using the LUKS format. The passphrase to
use to unlock the LUKS key slot is given by the @code{encrypt.key-secret}
parameter. LUKS encryption parameters can be tuned with the other
@code{encrypt.*} parameters.
If this is set to @code{aes}, the image is encrypted with 128-bit AES-CBC.
The encryption key is given by the @code{encrypt.key-secret} parameter.
This encryption format is considered to be flawed by modern cryptography
standards, suffering from a number of design problems:
2014-01-22 19:47:10 +04:00
@itemize @minus
@item The AES-CBC cipher is used with predictable initialization vectors based
on the sector number. This makes it vulnerable to chosen plaintext attacks
which can reveal the existence of encrypted data.
@item The user passphrase is directly used as the encryption key. A poorly
chosen or short passphrase will compromise the security of the encryption.
@item In the event of the passphrase being compromised there is no way to
change the passphrase to protect data in any qcow images. The files must
be cloned, using a different encryption passphrase in the new file. The
original file must then be securely erased using a program like shred,
though even this is ineffective with many modern storage technologies.
@end itemize
2017-06-23 19:24:19 +03:00
The use of this is no longer supported in system emulators. Support only
remains in the command line utilities, for the purposes of data liberation
and interoperability with old versions of QEMU. The @code{luks} format
should be used instead.
@item encrypt.key-secret
Provides the ID of a @code{secret} object that contains the passphrase
(@code{encrypt.format=luks}) or encryption key (@code{encrypt.format=aes}).
@item encrypt.cipher-alg
Name of the cipher algorithm and key length. Currently defaults
to @code{aes-256}. Only used when @code{encrypt.format=luks}.
@item encrypt.cipher-mode
Name of the encryption mode to use. Currently defaults to @code{xts}.
Only used when @code{encrypt.format=luks}.
@item encrypt.ivgen-alg
Name of the initialization vector generator algorithm. Currently defaults
to @code{plain64}. Only used when @code{encrypt.format=luks}.
@item encrypt.ivgen-hash-alg
Name of the hash algorithm to use with the initialization vector generator
(if required). Defaults to @code{sha256}. Only used when @code{encrypt.format=luks}.
@item encrypt.hash-alg
Name of the hash algorithm to use for PBKDF algorithm
Defaults to @code{sha256}. Only used when @code{encrypt.format=luks}.
@item encrypt.iter-time
Amount of time, in milliseconds, to use for PBKDF algorithm per key slot.
Defaults to @code{2000}. Only used when @code{encrypt.format=luks}.
2012-11-21 17:21:47 +04:00
@item cluster_size
Changes the qcow2 cluster size (must be between 512 and 2M). Smaller cluster
sizes can improve the image file size whereas larger cluster sizes generally
provide better performance.
@item preallocation
2014-09-10 13:05:49 +04:00
Preallocation mode (allowed values: @code{off}, @code{metadata}, @code{falloc},
@code{full}). An image with preallocated metadata is initially larger but can
improve performance when the image needs to grow. @code{falloc} and @code{full}
preallocations are like the same options of @code{raw} format, but sets up
metadata also.
2012-11-21 17:21:47 +04:00
@item lazy_refcounts
If this option is set to @code{on}, reference count updates are postponed with
the goal of avoiding metadata I/O and improving performance. This is
particularly interesting with @option{cache=writethrough} which doesn't batch
metadata updates. The tradeoff is that after a host crash, the reference count
tables must be rebuilt, i.e. on the next open an (automatic) @code{qemu-img
check -r all} is required, which may take some time.
This option can only be enabled if @code{compat=1.1} is specified.
qemu-img create: add 'nocow' option
Add 'nocow' option so that users could have a chance to set NOCOW flag to
newly created files. It's useful on btrfs file system to enhance performance.
Btrfs has low performance when hosting VM images, even more when the guest
in those VM are also using btrfs as file system. One way to mitigate this bad
performance is to turn off COW attributes on VM files. Generally, there are
two ways to turn off NOCOW on btrfs: a) by mounting fs with nodatacow, then
all newly created files will be NOCOW. b) per file. Add the NOCOW file
attribute. It could only be done to empty or new files.
This patch tries the second way, according to the option, it could add NOCOW
per file.
For most block drivers, since the create file step is in raw-posix.c, so we
can do setting NOCOW flag ioctl in raw-posix.c only.
But there are some exceptions, like block/vpc.c and block/vdi.c, they are
creating file by calling qemu_open directly. For them, do the same setting
NOCOW flag ioctl work in them separately.
[Fixed up 082.out due to the new 'nocow' creation option
--Stefan]
Signed-off-by: Chunyan Liu <cyliu@suse.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-30 10:29:58 +04:00
@item nocow
2014-07-02 08:27:29 +04:00
If this option is set to @code{on}, it will turn off COW of the file. It's only
qemu-img create: add 'nocow' option
Add 'nocow' option so that users could have a chance to set NOCOW flag to
newly created files. It's useful on btrfs file system to enhance performance.
Btrfs has low performance when hosting VM images, even more when the guest
in those VM are also using btrfs as file system. One way to mitigate this bad
performance is to turn off COW attributes on VM files. Generally, there are
two ways to turn off NOCOW on btrfs: a) by mounting fs with nodatacow, then
all newly created files will be NOCOW. b) per file. Add the NOCOW file
attribute. It could only be done to empty or new files.
This patch tries the second way, according to the option, it could add NOCOW
per file.
For most block drivers, since the create file step is in raw-posix.c, so we
can do setting NOCOW flag ioctl in raw-posix.c only.
But there are some exceptions, like block/vpc.c and block/vdi.c, they are
creating file by calling qemu_open directly. For them, do the same setting
NOCOW flag ioctl work in them separately.
[Fixed up 082.out due to the new 'nocow' creation option
--Stefan]
Signed-off-by: Chunyan Liu <cyliu@suse.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-30 10:29:58 +04:00
valid on btrfs, no effect on other file systems.
Btrfs has low performance when hosting a VM image file, even more when the guest
on the VM also using btrfs as file system. Turning off COW is a way to mitigate
this bad performance. Generally there are two ways to turn off COW on btrfs:
a) Disable it by mounting with nodatacow, then all newly created files will be
NOCOW. b) For an empty file, add the NOCOW file attribute. That's what this option
does.
Note: this option is only valid to new or empty files. If there is an existing
file which is COW and has data blocks already, it couldn't be changed to NOCOW
by setting @code{nocow=on}. One can issue @code{lsattr filename} to check if
2014-07-02 08:27:29 +04:00
the NOCOW flag is set or not (Capital 'C' is NOCOW flag).
qemu-img create: add 'nocow' option
Add 'nocow' option so that users could have a chance to set NOCOW flag to
newly created files. It's useful on btrfs file system to enhance performance.
Btrfs has low performance when hosting VM images, even more when the guest
in those VM are also using btrfs as file system. One way to mitigate this bad
performance is to turn off COW attributes on VM files. Generally, there are
two ways to turn off NOCOW on btrfs: a) by mounting fs with nodatacow, then
all newly created files will be NOCOW. b) per file. Add the NOCOW file
attribute. It could only be done to empty or new files.
This patch tries the second way, according to the option, it could add NOCOW
per file.
For most block drivers, since the create file step is in raw-posix.c, so we
can do setting NOCOW flag ioctl in raw-posix.c only.
But there are some exceptions, like block/vpc.c and block/vdi.c, they are
creating file by calling qemu_open directly. For them, do the same setting
NOCOW flag ioctl work in them separately.
[Fixed up 082.out due to the new 'nocow' creation option
--Stefan]
Signed-off-by: Chunyan Liu <cyliu@suse.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2014-06-30 10:29:58 +04:00
2012-11-21 17:21:47 +04:00
@end table
@item qed
Old QEMU image format with support for backing files and compact image files
(when your filesystem or transport medium does not support holes).
When converting QED images to qcow2, you might want to consider using the
@code{lazy_refcounts=on} option to get a more QED-like behaviour.
Supported options:
@table @code
@item backing_file
File name of a base image (see @option{create} subcommand).
@item backing_fmt
Image file format of backing file (optional). Useful if the format cannot be
autodetected because it has no header, like some vhd/vpc files.
@item cluster_size
Changes the cluster size (must be power-of-2 between 4K and 64K). Smaller
cluster sizes can improve the image file size whereas larger cluster sizes
generally provide better performance.
@item table_size
Changes the number of clusters per L1/L2 table (must be power-of-2 between 1
and 16). There is normally no need to change this value but this option can be
used for performance benchmarking.
@end table
@item qcow
Old QEMU image format with support for backing files, compact image files,
encryption and compression.
Supported options:
@table @code
@item backing_file
File name of a base image (see @option{create} subcommand)
@item encryption
2017-06-23 19:24:19 +03:00
This option is deprecated and equivalent to @code{encrypt.format=aes}
@item encrypt.format
If this is set to @code{aes}, the image is encrypted with 128-bit AES-CBC.
The encryption key is given by the @code{encrypt.key-secret} parameter.
This encryption format is considered to be flawed by modern cryptography
standards, suffering from a number of design problems enumerated previously
against the @code{qcow2} image format.
The use of this is no longer supported in system emulators. Support only
remains in the command line utilities, for the purposes of data liberation
and interoperability with old versions of QEMU.
Users requiring native encryption should use the @code{qcow2} format
instead with @code{encrypt.format=luks}.
@item encrypt.key-secret
Provides the ID of a @code{secret} object that contains the encryption
key (@code{encrypt.format=aes}).
@end table
@item luks
LUKS v1 encryption format, compatible with Linux dm-crypt/cryptsetup
Supported options:
@table @code
@item key-secret
Provides the ID of a @code{secret} object that contains the passphrase.
@item cipher-alg
Name of the cipher algorithm and key length. Currently defaults
to @code{aes-256}.
@item cipher-mode
Name of the encryption mode to use. Currently defaults to @code{xts}.
@item ivgen-alg
Name of the initialization vector generator algorithm. Currently defaults
to @code{plain64}.
@item ivgen-hash-alg
Name of the hash algorithm to use with the initialization vector generator
(if required). Defaults to @code{sha256}.
@item hash-alg
Name of the hash algorithm to use for PBKDF algorithm
Defaults to @code{sha256}.
@item iter-time
Amount of time, in milliseconds, to use for PBKDF algorithm per key slot.
Defaults to @code{2000}.
2012-11-21 17:21:47 +04:00
@end table
@item vdi
VirtualBox 1.1 compatible image format.
Supported options:
@table @code
@item static
If this option is set to @code{on}, the image is created with metadata
preallocation.
@end table
@item vmdk
VMware 3 and 4 compatible image format.
Supported options:
@table @code
@item backing_file
File name of a base image (see @option{create} subcommand).
@item compat6
Create a VMDK version 6 image (instead of version 4)
2016-05-03 12:43:30 +03:00
@item hwversion
Specify vmdk virtual hardware version. Compat6 flag cannot be enabled
if hwversion is specified.
2012-11-21 17:21:47 +04:00
@item subformat
Specifies which VMDK subformat to use. Valid options are
@code{monolithicSparse} (default),
@code{monolithicFlat},
@code{twoGbMaxExtentSparse},
@code{twoGbMaxExtentFlat} and
@code{streamOptimized}.
@end table
@item vpc
VirtualPC compatible image format (VHD).
Supported options:
@table @code
@item subformat
Specifies which VHD subformat to use. Valid options are
@code{dynamic} (default) and @code{fixed}.
@end table
2013-12-17 22:56:06 +04:00
@item VHDX
Hyper-V compatible image format (VHDX).
Supported options:
@table @code
@item subformat
Specifies which VHDX subformat to use. Valid options are
@code{dynamic} (default) and @code{fixed}.
@item block_state_zero
2014-12-08 09:07:44 +03:00
Force use of payload blocks of type 'ZERO'. Can be set to @code{on} (default)
or @code{off}. When set to @code{off}, new blocks will be created as
@code{PAYLOAD_BLOCK_NOT_PRESENT}, which means parsers are free to return
arbitrary data for those blocks. Do not set to @code{off} when using
@code{qemu-img convert} with @code{subformat=dynamic}.
2013-12-17 22:56:06 +04:00
@item block_size
Block size; min 1 MB, max 256 MB. 0 means auto-calculate based on image size.
@item log_size
Log size; min 1 MB.
@end table
2012-11-21 17:21:47 +04:00
@end table
@subsubsection Read-only formats
More disk image file formats are supported in a read-only mode.
@table @option
@item bochs
Bochs images of @code{growing} type.
@item cloop
Linux Compressed Loop image, useful only to reuse directly compressed
CD-ROM images present for example in the Knoppix CD-ROMs.
@item dmg
Apple disk image.
@item parallels
Parallels disk image format.
@end table
2006-08-19 15:45:59 +04:00
@node host_drives
@subsection Using host drives
In addition to disk image files, QEMU can directly access host
devices. We describe here the usage for QEMU version >= 0.8.3.
@subsubsection Linux
On Linux, you can directly use the host device filename instead of a
2007-06-03 17:41:28 +04:00
disk image filename provided you have enough privileges to access
2015-03-17 19:02:20 +03:00
it. For example, use @file{/dev/cdrom} to access to the CDROM.
2006-08-19 15:45:59 +04:00
2006-08-22 00:26:44 +04:00
@table @code
2006-08-19 15:45:59 +04:00
@item CD
You can specify a CDROM device even if no CDROM is loaded. QEMU has
specific code to detect CDROM insertion or removal. CDROM ejection by
the guest OS is supported. Currently only data CDs are supported.
@item Floppy
You can specify a floppy device even if no floppy is loaded. Floppy
removal is currently not detected accurately (if you change floppy
without doing floppy access while the floppy is not loaded, the guest
OS will think that the same floppy is loaded).
2015-03-17 19:02:20 +03:00
Use of the host's floppy device is deprecated, and support for it will
be removed in a future release.
2006-08-19 15:45:59 +04:00
@item Hard disks
Hard disks can be used. Normally you must specify the whole disk
(@file{/dev/hdb} instead of @file{/dev/hdb1}) so that the guest OS can
see it as a partitioned disk. WARNING: unless you know what you do, it
is better to only make READ-ONLY accesses to the hard disk otherwise
you may corrupt your host data (use the @option{-snapshot} command
line option or modify the device permissions accordingly).
@end table
@subsubsection Windows
2007-01-08 01:43:30 +03:00
@table @code
@item CD
2007-06-03 17:41:28 +04:00
The preferred syntax is the drive letter (e.g. @file{d:}). The
2007-01-08 01:43:30 +03:00
alternate syntax @file{\\.\d:} is supported. @file{/dev/cdrom} is
supported as an alias to the first CDROM drive.
2006-08-19 15:45:59 +04:00
2007-03-30 22:58:01 +04:00
Currently there is no specific code to handle removable media, so it
2006-08-19 15:45:59 +04:00
is better to use the @code{change} or @code{eject} monitor commands to
change or eject media.
2007-01-08 01:43:30 +03:00
@item Hard disks
2007-11-22 01:38:37 +03:00
Hard disks can be used with the syntax: @file{\\.\PhysicalDrive@var{N}}
2007-01-08 01:43:30 +03:00
where @var{N} is the drive number (0 is the first hard disk).
WARNING: unless you know what you do, it is better to only make
READ-ONLY accesses to the hard disk otherwise you may corrupt your
host data (use the @option{-snapshot} command line so that the
modifications are written in a temporary file).
@end table
2006-08-19 15:45:59 +04:00
@subsubsection Mac OS X
2007-09-17 01:08:06 +04:00
@file{/dev/cdrom} is an alias to the first CDROM.
2006-08-19 15:45:59 +04:00
2007-03-30 22:58:01 +04:00
Currently there is no specific code to handle removable media, so it
2006-08-19 15:45:59 +04:00
is better to use the @code{change} or @code{eject} monitor commands to
change or eject media.
2006-05-01 01:58:41 +04:00
@node disk_images_fat_images
2005-12-18 21:31:45 +03:00
@subsection Virtual FAT disk images
QEMU can automatically create a virtual FAT disk image from a
directory tree. In order to use it, just type:
2007-09-17 01:08:06 +04:00
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 linux.img -hdb fat:/my_directory
2005-12-18 21:31:45 +03:00
@end example
Then you access access to all the files in the @file{/my_directory}
directory without having to copy them in a disk image or to export
them via SAMBA or NFS. The default access is @emph{read-only}.
Floppies can be emulated with the @code{:floppy:} option:
2007-09-17 01:08:06 +04:00
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 linux.img -fda fat:floppy:/my_directory
2005-12-18 21:31:45 +03:00
@end example
A read/write support is available for testing (beta stage) with the
@code{:rw:} option:
2007-09-17 01:08:06 +04:00
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 linux.img -fda fat:floppy:rw:/my_directory
2005-12-18 21:31:45 +03:00
@end example
What you should @emph{never} do:
@itemize
@item use non-ASCII filenames ;
@item use "-snapshot" together with ":rw:" ;
2005-12-20 01:12:34 +03:00
@item expect it to work when loadvm'ing ;
@item write to the FAT directory on the host system while accessing it with the guest system.
2005-12-18 21:31:45 +03:00
@end itemize
2008-07-03 17:41:03 +04:00
@node disk_images_nbd
@subsection NBD access
QEMU can access directly to block device exported using the Network Block Device
protocol.
@example
2012-11-04 16:04:24 +04:00
qemu-system-i386 linux.img -hdb nbd://my_nbd_server.mydomain.org:1024/
2008-07-03 17:41:03 +04:00
@end example
If the NBD server is located on the same host, you can use an unix socket instead
of an inet socket:
@example
2012-11-04 16:04:24 +04:00
qemu-system-i386 linux.img -hdb nbd+unix://?socket=/tmp/my_socket
2008-07-03 17:41:03 +04:00
@end example
In this case, the block device must be exported using qemu-nbd:
@example
qemu-nbd --socket=/tmp/my_socket my_disk.qcow2
@end example
2014-04-07 13:34:58 +04:00
The use of qemu-nbd allows sharing of a disk between several guests:
2008-07-03 17:41:03 +04:00
@example
qemu-nbd --socket=/tmp/my_socket --share=2 my_disk.qcow2
@end example
2012-11-04 16:04:24 +04:00
@noindent
2008-07-03 17:41:03 +04:00
and then you can use it with two guests:
@example
2012-11-04 16:04:24 +04:00
qemu-system-i386 linux1.img -hdb nbd+unix://?socket=/tmp/my_socket
qemu-system-i386 linux2.img -hdb nbd+unix://?socket=/tmp/my_socket
2008-07-03 17:41:03 +04:00
@end example
2012-11-04 16:04:24 +04:00
If the nbd-server uses named exports (supported since NBD 2.9.18, or with QEMU's
own embedded NBD server), you must specify an export name in the URI:
2010-08-26 00:48:33 +04:00
@example
2012-11-04 16:04:24 +04:00
qemu-system-i386 -cdrom nbd://localhost/debian-500-ppc-netinst
qemu-system-i386 -cdrom nbd://localhost/openSUSE-11.1-ppc-netinst
@end example
The URI syntax for NBD is supported since QEMU 1.3. An alternative syntax is
also available. Here are some example of the older syntax:
@example
qemu-system-i386 linux.img -hdb nbd:my_nbd_server.mydomain.org:1024
qemu-system-i386 linux2.img -hdb nbd:unix:/tmp/my_socket
qemu-system-i386 -cdrom nbd:localhost:10809:exportname=debian-500-ppc-netinst
2010-08-26 00:48:33 +04:00
@end example
2011-02-07 10:04:04 +03:00
@node disk_images_sheepdog
@subsection Sheepdog disk images
Sheepdog is a distributed storage system for QEMU. It provides highly
available block level storage volumes that can be attached to
QEMU-based virtual machines.
You can create a Sheepdog disk image with the command:
@example
2013-02-22 07:39:51 +04:00
qemu-img create sheepdog:///@var{image} @var{size}
2011-02-07 10:04:04 +03:00
@end example
where @var{image} is the Sheepdog image name and @var{size} is its
size.
To import the existing @var{filename} to Sheepdog, you can use a
convert command.
@example
2013-02-22 07:39:51 +04:00
qemu-img convert @var{filename} sheepdog:///@var{image}
2011-02-07 10:04:04 +03:00
@end example
You can boot from the Sheepdog disk image with the command:
@example
2013-02-22 07:39:51 +04:00
qemu-system-i386 sheepdog:///@var{image}
2011-02-07 10:04:04 +03:00
@end example
You can also create a snapshot of the Sheepdog image like qcow2.
@example
2013-02-22 07:39:51 +04:00
qemu-img snapshot -c @var{tag} sheepdog:///@var{image}
2011-02-07 10:04:04 +03:00
@end example
where @var{tag} is a tag name of the newly created snapshot.
To boot from the Sheepdog snapshot, specify the tag name of the
snapshot.
@example
2013-02-22 07:39:51 +04:00
qemu-system-i386 sheepdog:///@var{image}#@var{tag}
2011-02-07 10:04:04 +03:00
@end example
You can create a cloned image from the existing snapshot.
@example
2013-02-22 07:39:51 +04:00
qemu-img create -b sheepdog:///@var{base}#@var{tag} sheepdog:///@var{image}
2011-02-07 10:04:04 +03:00
@end example
where @var{base} is a image name of the source snapshot and @var{tag}
is its tag name.
2013-02-22 07:39:53 +04:00
You can use an unix socket instead of an inet socket:
@example
qemu-system-i386 sheepdog+unix:///@var{image}?socket=@var{path}
@end example
2011-02-07 10:04:04 +03:00
If the Sheepdog daemon doesn't run on the local host, you need to
specify one of the Sheepdog servers to connect to.
@example
2013-02-22 07:39:51 +04:00
qemu-img create sheepdog://@var{hostname}:@var{port}/@var{image} @var{size}
qemu-system-i386 sheepdog://@var{hostname}:@var{port}/@var{image}
2011-02-07 10:04:04 +03:00
@end example
2011-11-12 04:06:30 +04:00
@node disk_images_iscsi
@subsection iSCSI LUNs
iSCSI is a popular protocol used to access SCSI devices across a computer
network.
There are two different ways iSCSI devices can be used by QEMU.
The first method is to mount the iSCSI LUN on the host, and make it appear as
any other ordinary SCSI device on the host and then to access this device as a
/dev/sd device from QEMU. How to do this differs between host OSes.
The second method involves using the iSCSI initiator that is built into
QEMU. This provides a mechanism that works the same way regardless of which
host OS you are running QEMU on. This section will describe this second method
of using iSCSI together with QEMU.
In QEMU, iSCSI devices are described using special iSCSI URLs
@example
URL syntax:
iscsi://[<username>[%<password>]@@]<host>[:<port>]/<target-iqn-name>/<lun>
@end example
Username and password are optional and only used if your target is set up
using CHAP authentication for access control.
Alternatively the username and password can also be set via environment
variables to have these not show up in the process list
@example
export LIBISCSI_CHAP_USERNAME=<username>
export LIBISCSI_CHAP_PASSWORD=<password>
iscsi://<host>/<target-iqn-name>/<lun>
@end example
2012-01-26 02:39:02 +04:00
Various session related parameters can be set via special options, either
in a configuration file provided via '-readconfig' or directly on the
command line.
2012-08-06 12:24:55 +04:00
If the initiator-name is not specified qemu will use a default name
2017-08-23 11:48:30 +03:00
of 'iqn.2008-11.org.linux-kvm[:<uuid>'] where <uuid> is the UUID of the
virtual machine. If the UUID is not specified qemu will use
'iqn.2008-11.org.linux-kvm[:<name>'] where <name> is the name of the
2012-08-06 12:24:55 +04:00
virtual machine.
2012-01-26 02:39:02 +04:00
@example
Setting a specific initiator name to use when logging in to the target
-iscsi initiator-name=iqn.qemu.test:my-initiator
@end example
@example
Controlling which type of header digest to negotiate with the target
-iscsi header-digest=CRC32C|CRC32C-NONE|NONE-CRC32C|NONE
@end example
These can also be set via a configuration file
@example
[iscsi]
user = "CHAP username"
password = "CHAP password"
initiator-name = "iqn.qemu.test:my-initiator"
# header digest is one of CRC32C|CRC32C-NONE|NONE-CRC32C|NONE
header-digest = "CRC32C"
@end example
Setting the target name allows different options for different targets
@example
[iscsi "iqn.target.name"]
user = "CHAP username"
password = "CHAP password"
initiator-name = "iqn.qemu.test:my-initiator"
# header digest is one of CRC32C|CRC32C-NONE|NONE-CRC32C|NONE
header-digest = "CRC32C"
@end example
Howto use a configuration file to set iSCSI configuration options:
@example
cat >iscsi.conf <<EOF
[iscsi]
user = "me"
password = "my password"
initiator-name = "iqn.qemu.test:my-initiator"
header-digest = "CRC32C"
EOF
qemu-system-i386 -drive file=iscsi://127.0.0.1/iqn.qemu.test/1 \
-readconfig iscsi.conf
@end example
2011-11-12 04:06:30 +04:00
Howto set up a simple iSCSI target on loopback and accessing it via QEMU:
@example
This example shows how to set up an iSCSI target with one CDROM and one DISK
using the Linux STGT software target. This target is available on Red Hat based
systems as the package 'scsi-target-utils'.
tgtd --iscsi portal=127.0.0.1:3260
tgtadm --lld iscsi --op new --mode target --tid 1 -T iqn.qemu.test
tgtadm --lld iscsi --mode logicalunit --op new --tid 1 --lun 1 \
-b /IMAGES/disk.img --device-type=disk
tgtadm --lld iscsi --mode logicalunit --op new --tid 1 --lun 2 \
-b /IMAGES/cd.iso --device-type=cd
tgtadm --lld iscsi --op bind --mode target --tid 1 -I ALL
2012-01-26 02:39:02 +04:00
qemu-system-i386 -iscsi initiator-name=iqn.qemu.test:my-initiator \
-boot d -drive file=iscsi://127.0.0.1/iqn.qemu.test/1 \
2011-11-12 04:06:30 +04:00
-cdrom iscsi://127.0.0.1/iqn.qemu.test/2
@end example
2012-10-24 15:47:53 +04:00
@node disk_images_gluster
@subsection GlusterFS disk images
2011-11-12 04:06:30 +04:00
2016-11-19 22:22:07 +03:00
GlusterFS is a user space distributed file system.
2012-10-24 15:47:53 +04:00
You can boot from the GlusterFS disk image with the command:
@example
2016-11-02 19:50:38 +03:00
URI:
qemu-system-x86_64 -drive file=gluster[+@var{type}]://[@var{host}[:@var{port}]]/@var{volume}/@var{path}
[?socket=...][,file.debug=9][,file.logfile=...]
JSON:
qemu-system-x86_64 'json:@{"driver":"qcow2",
"file":@{"driver":"gluster",
"volume":"testvol","path":"a.img","debug":9,"logfile":"...",
"server":[@{"type":"tcp","host":"...","port":"..."@},
@{"type":"unix","socket":"..."@}]@}@}'
2012-10-24 15:47:53 +04:00
@end example
@var{gluster} is the protocol.
2016-11-02 19:50:38 +03:00
@var{type} specifies the transport type used to connect to gluster
2012-10-24 15:47:53 +04:00
management daemon (glusterd). Valid transport types are
2016-11-02 19:50:38 +03:00
tcp and unix. In the URI form, if a transport type isn't specified,
then tcp type is assumed.
2012-10-24 15:47:53 +04:00
2016-11-02 19:50:38 +03:00
@var{host} specifies the server where the volume file specification for
the given volume resides. This can be either a hostname or an ipv4 address.
If transport type is unix, then @var{host} field should not be specified.
2012-10-24 15:47:53 +04:00
Instead @var{socket} field needs to be populated with the path to unix domain
socket.
@var{port} is the port number on which glusterd is listening. This is optional
2016-11-02 19:50:38 +03:00
and if not specified, it defaults to port 24007. If the transport type is unix,
then @var{port} should not be specified.
@var{volume} is the name of the gluster volume which contains the disk image.
@var{path} is the path to the actual disk image that resides on gluster volume.
@var{debug} is the logging level of the gluster protocol driver. Debug levels
are 0-9, with 9 being the most verbose, and 0 representing no debugging output.
The default level is 4. The current logging levels defined in the gluster source
are 0 - None, 1 - Emergency, 2 - Alert, 3 - Critical, 4 - Error, 5 - Warning,
6 - Notice, 7 - Info, 8 - Debug, 9 - Trace
@var{logfile} is a commandline option to mention log file path which helps in
logging to the specified file and also help in persisting the gfapi logs. The
default is stderr.
2012-10-24 15:47:53 +04:00
You can create a GlusterFS disk image with the command:
@example
2016-11-02 19:50:38 +03:00
qemu-img create gluster://@var{host}/@var{volume}/@var{path} @var{size}
2012-10-24 15:47:53 +04:00
@end example
Examples
@example
qemu-system-x86_64 -drive file=gluster://1.2.3.4/testvol/a.img
qemu-system-x86_64 -drive file=gluster+tcp://1.2.3.4/testvol/a.img
qemu-system-x86_64 -drive file=gluster+tcp://1.2.3.4:24007/testvol/dir/a.img
qemu-system-x86_64 -drive file=gluster+tcp://[1:2:3:4:5:6:7:8]/testvol/dir/a.img
qemu-system-x86_64 -drive file=gluster+tcp://[1:2:3:4:5:6:7:8]:24007/testvol/dir/a.img
qemu-system-x86_64 -drive file=gluster+tcp://server.domain.com:24007/testvol/dir/a.img
qemu-system-x86_64 -drive file=gluster+unix:///testvol/dir/a.img?socket=/tmp/glusterd.socket
qemu-system-x86_64 -drive file=gluster+rdma://1.2.3.4:24007/testvol/a.img
2016-11-02 19:50:38 +03:00
qemu-system-x86_64 -drive file=gluster://1.2.3.4/testvol/a.img,file.debug=9,file.logfile=/var/log/qemu-gluster.log
qemu-system-x86_64 'json:@{"driver":"qcow2",
"file":@{"driver":"gluster",
"volume":"testvol","path":"a.img",
"debug":9,"logfile":"/var/log/qemu-gluster.log",
"server":[@{"type":"tcp","host":"1.2.3.4","port":24007@},
@{"type":"unix","socket":"/var/run/glusterd.socket"@}]@}@}'
qemu-system-x86_64 -drive driver=qcow2,file.driver=gluster,file.volume=testvol,file.path=/path/a.img,
file.debug=9,file.logfile=/var/log/qemu-gluster.log,
file.server.0.type=tcp,file.server.0.host=1.2.3.4,file.server.0.port=24007,
file.server.1.type=unix,file.server.1.socket=/var/run/glusterd.socket
2012-10-24 15:47:53 +04:00
@end example
2011-11-12 04:06:30 +04:00
2013-04-09 18:30:53 +04:00
@node disk_images_ssh
@subsection Secure Shell (ssh) disk images
You can access disk images located on a remote ssh server
by using the ssh protocol:
@example
qemu-system-x86_64 -drive file=ssh://[@var{user}@@]@var{server}[:@var{port}]/@var{path}[?host_key_check=@var{host_key_check}]
@end example
Alternative syntax using properties:
@example
qemu-system-x86_64 -drive file.driver=ssh[,file.user=@var{user}],file.host=@var{server}[,file.port=@var{port}],file.path=@var{path}[,file.host_key_check=@var{host_key_check}]
@end example
@var{ssh} is the protocol.
@var{user} is the remote user. If not specified, then the local
username is tried.
@var{server} specifies the remote ssh server. Any ssh server can be
used, but it must implement the sftp-server protocol. Most Unix/Linux
systems should work without requiring any extra configuration.
@var{port} is the port number on which sshd is listening. By default
the standard ssh port (22) is used.
@var{path} is the path to the disk image.
The optional @var{host_key_check} parameter controls how the remote
host's key is checked. The default is @code{yes} which means to use
the local @file{.ssh/known_hosts} file. Setting this to @code{no}
turns off known-hosts checking. Or you can check that the host key
matches a specific fingerprint:
@code{host_key_check=md5:78:45:8e:14:57:4f:d5:45:83:0a:0e:f3:49:82:c9:c8}
(@code{sha1:} can also be used as a prefix, but note that OpenSSH
tools only use MD5 to print fingerprints).
Currently authentication must be done using ssh-agent. Other
authentication methods may be supported in future.
2013-04-09 18:30:54 +04:00
Note: Many ssh servers do not support an @code{fsync}-style operation.
The ssh driver cannot guarantee that disk flush requests are
obeyed, and this causes a risk of disk corruption if the remote
server or network goes down during writes. The driver will
print a warning when @code{fsync} is not supported:
warning: ssh server @code{ssh.example.com:22} does not support fsync
With sufficiently new versions of libssh2 and OpenSSH, @code{fsync} is
supported.
2013-04-09 18:30:53 +04:00
2006-05-01 01:58:41 +04:00
@node pcsys_network
2004-04-27 00:55:38 +04:00
@section Network emulation
2007-06-03 17:41:28 +04:00
QEMU can simulate several network cards (PCI or ISA cards on the PC
2005-11-16 02:02:53 +03:00
target) and can connect them to an arbitrary number of Virtual Local
Area Networks (VLANs). Host TAP devices can be connected to any QEMU
VLAN. VLAN can be connected between separate instances of QEMU to
2007-06-03 17:41:28 +04:00
simulate large networks. For simpler usage, a non privileged user mode
2005-11-16 02:02:53 +03:00
network stack can replace the TAP device to have a basic network
connection.
@subsection VLANs
2004-04-27 00:55:38 +04:00
2005-11-16 02:02:53 +03:00
QEMU simulates several VLANs. A VLAN can be symbolised as a virtual
connection between several network devices. These devices can be for
example QEMU virtual Ethernet cards or virtual Host ethernet devices
(TAP devices).
2004-04-27 00:55:38 +04:00
2005-11-16 02:02:53 +03:00
@subsection Using TAP network interfaces
This is the standard way to connect QEMU to a real network. QEMU adds
a virtual network device on your host (called @code{tapN}), and you
can then configure it as if it was a real ethernet card.
2004-04-27 00:55:38 +04:00
2006-09-21 00:28:05 +04:00
@subsubsection Linux host
2004-04-27 00:55:38 +04:00
As an example, you can download the @file{linux-test-xxx.tar.gz}
archive and copy the script @file{qemu-ifup} in @file{/etc} and
configure properly @code{sudo} so that the command @code{ifconfig}
contained in @file{qemu-ifup} can be executed as root. You must verify
2005-11-16 02:02:53 +03:00
that your host kernel supports the TAP network interfaces: the
2004-04-27 00:55:38 +04:00
device @file{/dev/net/tun} must be present.
2006-08-19 20:56:18 +04:00
See @ref{sec_invocation} to have examples of command lines using the
TAP network interfaces.
2004-04-27 00:55:38 +04:00
2006-09-21 00:28:05 +04:00
@subsubsection Windows host
There is a virtual ethernet driver for Windows 2000/XP systems, called
TAP-Win32. But it is not included in standard QEMU for Windows,
so you will need to get it separately. It is part of OpenVPN package,
so download OpenVPN from : @url{http://openvpn.net/}.
2004-04-27 00:55:38 +04:00
@subsection Using the user mode network stack
2005-11-16 02:02:53 +03:00
By using the option @option{-net user} (default configuration if no
@option{-net} option is specified), QEMU uses a completely user mode
2007-06-03 17:41:28 +04:00
network stack (you don't need root privilege to use the virtual
2005-11-16 02:02:53 +03:00
network). The virtual network configuration is the following:
2004-04-27 00:55:38 +04:00
@example
2005-11-16 02:02:53 +03:00
QEMU VLAN <------> Firewall/DHCP server <-----> Internet
| (10.0.2.2)
2004-04-27 00:55:38 +04:00
|
2004-10-01 02:35:13 +04:00
----> DNS server (10.0.2.3)
2007-09-17 12:09:54 +04:00
|
2004-10-01 02:35:13 +04:00
----> SMB server (10.0.2.4)
2004-04-27 00:55:38 +04:00
@end example
The QEMU VM behaves as if it was behind a firewall which blocks all
incoming connections. You can use a DHCP client to automatically
2005-11-16 02:02:53 +03:00
configure the network in the QEMU VM. The DHCP server assign addresses
to the hosts starting from 10.0.2.15.
2004-04-27 00:55:38 +04:00
In order to check that the user mode network is working, you can ping
the address 10.0.2.2 and verify that you got an address in the range
10.0.2.x from the QEMU virtual DHCP server.
2014-07-10 18:01:25 +04:00
Note that ICMP traffic in general does not work with user mode networking.
@code{ping}, aka. ICMP echo, to the local router (10.0.2.2) shall work,
however. If you're using QEMU on Linux >= 3.0, it can use unprivileged ICMP
ping sockets to allow @code{ping} to the Internet. The host admin has to set
the ping_group_range in order to grant access to those sockets. To allow ping
for GID 100 (usually users group):
@example
echo 100 100 > /proc/sys/net/ipv4/ping_group_range
@end example
2004-05-24 01:04:06 +04:00
2004-08-26 02:12:49 +04:00
When using the built-in TFTP server, the router is also the TFTP
server.
2016-01-13 11:21:02 +03:00
When using the @option{'-netdev user,hostfwd=...'} option, TCP or UDP
connections can be redirected from the host to the guest. It allows for
example to redirect X11, telnet or SSH connections.
2004-06-04 15:13:20 +04:00
2005-11-16 02:02:53 +03:00
@subsection Connecting VLANs between QEMU instances
Using the @option{-net socket} option, it is possible to make VLANs
that span several QEMU instances. See @ref{sec_invocation} to have a
basic example.
2011-01-07 20:59:14 +03:00
@node pcsys_other_devs
RESEND: Inter-VM shared memory PCI device
resend for bug fix related to removal of irqfd
Support an inter-vm shared memory device that maps a shared-memory object as a
PCI device in the guest. This patch also supports interrupts between guest by
communicating over a unix domain socket. This patch applies to the qemu-kvm
repository.
-device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
Interrupts are supported between multiple VMs by using a shared memory server
by using a chardev socket.
-device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
[,chardev=<id>][,msi=on][,ioeventfd=on][,vectors=n][,role=peer|master]
-chardev socket,path=<path>,id=<id>
The shared memory server, sample programs and init scripts are in a git repo here:
www.gitorious.org/nahanni
Signed-off-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-07-27 20:54:13 +04:00
@section Other Devices
@subsection Inter-VM Shared Memory device
2016-03-15 21:34:51 +03:00
On Linux hosts, a shared memory device is available. The basic syntax
is:
RESEND: Inter-VM shared memory PCI device
resend for bug fix related to removal of irqfd
Support an inter-vm shared memory device that maps a shared-memory object as a
PCI device in the guest. This patch also supports interrupts between guest by
communicating over a unix domain socket. This patch applies to the qemu-kvm
repository.
-device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
Interrupts are supported between multiple VMs by using a shared memory server
by using a chardev socket.
-device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
[,chardev=<id>][,msi=on][,ioeventfd=on][,vectors=n][,role=peer|master]
-chardev socket,path=<path>,id=<id>
The shared memory server, sample programs and init scripts are in a git repo here:
www.gitorious.org/nahanni
Signed-off-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-07-27 20:54:13 +04:00
@example
2016-03-15 21:34:51 +03:00
qemu-system-x86_64 -device ivshmem-plain,memdev=@var{hostmem}
@end example
where @var{hostmem} names a host memory backend. For a POSIX shared
memory backend, use something like
@example
-object memory-backend-file,size=1M,share,mem-path=/dev/shm/ivshmem,id=@var{hostmem}
RESEND: Inter-VM shared memory PCI device
resend for bug fix related to removal of irqfd
Support an inter-vm shared memory device that maps a shared-memory object as a
PCI device in the guest. This patch also supports interrupts between guest by
communicating over a unix domain socket. This patch applies to the qemu-kvm
repository.
-device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
Interrupts are supported between multiple VMs by using a shared memory server
by using a chardev socket.
-device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
[,chardev=<id>][,msi=on][,ioeventfd=on][,vectors=n][,role=peer|master]
-chardev socket,path=<path>,id=<id>
The shared memory server, sample programs and init scripts are in a git repo here:
www.gitorious.org/nahanni
Signed-off-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-07-27 20:54:13 +04:00
@end example
If desired, interrupts can be sent between guest VMs accessing the same shared
memory region. Interrupt support requires using a shared memory server and
using a chardev socket to connect to it. The code for the shared memory server
is qemu.git/contrib/ivshmem-server. An example syntax when using the shared
memory server is:
@example
2014-09-08 13:17:48 +04:00
# First start the ivshmem server once and for all
2015-11-24 20:06:25 +03:00
ivshmem-server -p @var{pidfile} -S @var{path} -m @var{shm-name} -l @var{shm-size} -n @var{vectors}
2014-09-08 13:17:48 +04:00
# Then start your qemu instances with matching arguments
2016-03-15 21:34:51 +03:00
qemu-system-x86_64 -device ivshmem-doorbell,vectors=@var{vectors},chardev=@var{id}
2015-11-24 20:06:25 +03:00
-chardev socket,path=@var{path},id=@var{id}
RESEND: Inter-VM shared memory PCI device
resend for bug fix related to removal of irqfd
Support an inter-vm shared memory device that maps a shared-memory object as a
PCI device in the guest. This patch also supports interrupts between guest by
communicating over a unix domain socket. This patch applies to the qemu-kvm
repository.
-device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
Interrupts are supported between multiple VMs by using a shared memory server
by using a chardev socket.
-device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
[,chardev=<id>][,msi=on][,ioeventfd=on][,vectors=n][,role=peer|master]
-chardev socket,path=<path>,id=<id>
The shared memory server, sample programs and init scripts are in a git repo here:
www.gitorious.org/nahanni
Signed-off-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-07-27 20:54:13 +04:00
@end example
When using the server, the guest will be assigned a VM ID (>=0) that allows guests
using the same server to communicate via interrupts. Guests can read their
2016-03-15 21:34:41 +03:00
VM ID from a device register (see ivshmem-spec.txt).
RESEND: Inter-VM shared memory PCI device
resend for bug fix related to removal of irqfd
Support an inter-vm shared memory device that maps a shared-memory object as a
PCI device in the guest. This patch also supports interrupts between guest by
communicating over a unix domain socket. This patch applies to the qemu-kvm
repository.
-device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
Interrupts are supported between multiple VMs by using a shared memory server
by using a chardev socket.
-device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
[,chardev=<id>][,msi=on][,ioeventfd=on][,vectors=n][,role=peer|master]
-chardev socket,path=<path>,id=<id>
The shared memory server, sample programs and init scripts are in a git repo here:
www.gitorious.org/nahanni
Signed-off-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-07-27 20:54:13 +04:00
2016-03-15 21:34:54 +03:00
@subsubsection Migration with ivshmem
2016-03-15 21:34:51 +03:00
With device property @option{master=on}, the guest will copy the shared
memory on migration to the destination host. With @option{master=off},
the guest will not be able to migrate with the device attached. In the
latter case, the device should be detached and then reattached after
migration using the PCI hotplug support.
RESEND: Inter-VM shared memory PCI device
resend for bug fix related to removal of irqfd
Support an inter-vm shared memory device that maps a shared-memory object as a
PCI device in the guest. This patch also supports interrupts between guest by
communicating over a unix domain socket. This patch applies to the qemu-kvm
repository.
-device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
Interrupts are supported between multiple VMs by using a shared memory server
by using a chardev socket.
-device ivshmem,size=<size in format accepted by -m>[,shm=<shm name>]
[,chardev=<id>][,msi=on][,ioeventfd=on][,vectors=n][,role=peer|master]
-chardev socket,path=<path>,id=<id>
The shared memory server, sample programs and init scripts are in a git repo here:
www.gitorious.org/nahanni
Signed-off-by: Cam Macdonell <cam@cs.ualberta.ca>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-07-27 20:54:13 +04:00
2016-03-15 21:34:54 +03:00
At most one of the devices sharing the same memory can be master. The
master must complete migration before you plug back the other devices.
2015-10-07 17:31:47 +03:00
@subsubsection ivshmem and hugepages
Instead of specifying the <shm size> using POSIX shm, you may specify
a memory backend that has hugepage support:
@example
2016-03-15 21:34:51 +03:00
qemu-system-x86_64 -object memory-backend-file,size=1G,mem-path=/dev/hugepages/my-shmem-file,share,id=mb1
-device ivshmem-plain,memdev=mb1
2015-10-07 17:31:47 +03:00
@end example
ivshmem-server also supports hugepages mount points with the
@option{-m} memory path argument.
2004-04-27 00:55:38 +04:00
@node direct_linux_boot
@section Direct Linux Boot
2004-04-04 19:21:17 +04:00
This section explains how to launch a Linux kernel inside QEMU without
having to make a full bootable image. It is very useful for fast Linux
2006-08-19 20:56:18 +04:00
kernel testing.
2004-04-04 19:21:17 +04:00
2006-08-19 20:56:18 +04:00
The syntax is:
2004-04-04 19:21:17 +04:00
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 -kernel arch/i386/boot/bzImage -hda root-2.4.20.img -append "root=/dev/hda"
2004-04-04 19:21:17 +04:00
@end example
2006-08-19 20:56:18 +04:00
Use @option{-kernel} to provide the Linux kernel image and
@option{-append} to give the kernel command line arguments. The
@option{-initrd} option can be used to provide an INITRD image.
2004-04-04 19:21:17 +04:00
2006-08-19 20:56:18 +04:00
When using the direct Linux boot, a disk image for the first hard disk
@file{hda} is required because its boot sector is used to launch the
Linux kernel.
2004-04-04 19:21:17 +04:00
2006-08-19 20:56:18 +04:00
If you do not need graphical output, you can disable it and redirect
the virtual serial port and the QEMU monitor to the console with the
@option{-nographic} option. The typical command line is:
2004-04-04 19:21:17 +04:00
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 -kernel arch/i386/boot/bzImage -hda root-2.4.20.img \
-append "root=/dev/hda console=ttyS0" -nographic
2004-04-04 19:21:17 +04:00
@end example
2006-08-19 20:56:18 +04:00
Use @key{Ctrl-a c} to switch between the serial console and the
monitor (@pxref{pcsys_keys}).
2004-04-04 19:21:17 +04:00
2006-05-01 01:58:41 +04:00
@node pcsys_usb
2005-11-06 19:49:55 +03:00
@section USB emulation
2017-05-08 18:13:49 +03:00
QEMU can emulate a PCI UHCI, OHCI, EHCI or XHCI USB controller. You can
plug virtual USB devices or real host USB devices (only works with certain
host operating systems). QEMU will automatically create and connect virtual
USB hubs as necessary to connect multiple USB devices.
2005-11-06 19:49:55 +03:00
2006-05-26 04:49:52 +04:00
@menu
* usb_devices::
* host_usb_devices::
@end menu
@node usb_devices
@subsection Connecting USB devices
2005-11-06 19:49:55 +03:00
2017-05-08 18:13:49 +03:00
USB devices can be connected with the @option{-device usb-...} command line
option or the @code{device_add} monitor command. Available devices are:
2005-11-06 19:49:55 +03:00
2008-01-18 01:22:45 +03:00
@table @code
2017-05-08 18:13:49 +03:00
@item usb-mouse
2006-05-26 04:49:52 +04:00
Virtual Mouse. This will override the PS/2 mouse emulation when activated.
2017-05-08 18:13:49 +03:00
@item usb-tablet
2006-09-03 21:10:41 +04:00
Pointer device that uses absolute coordinates (like a touchscreen).
2012-05-12 00:25:50 +04:00
This means QEMU is able to report the mouse position without having
2006-05-26 04:49:52 +04:00
to grab the mouse. Also overrides the PS/2 mouse emulation when activated.
2017-05-08 18:13:49 +03:00
@item usb-storage,drive=@var{drive_id}
Mass storage device backed by @var{drive_id} (@pxref{disk_images})
@item usb-uas
USB attached SCSI device, see
@url{http://git.qemu.org/?p=qemu.git;a=blob_plain;f=docs/usb-storage.txt,usb-storage.txt}
for details
@item usb-bot
Bulk-only transport storage device, see
@url{http://git.qemu.org/?p=qemu.git;a=blob_plain;f=docs/usb-storage.txt,usb-storage.txt}
for details here, too
@item usb-mtp,x-root=@var{dir}
Media transfer protocol device, using @var{dir} as root of the file tree
that is presented to the guest.
@item usb-host,hostbus=@var{bus},hostaddr=@var{addr}
Pass through the host device identified by @var{bus} and @var{addr}
@item usb-host,vendorid=@var{vendor},productid=@var{product}
Pass through the host device identified by @var{vendor} and @var{product} ID
@item usb-wacom-tablet
2007-06-10 23:21:04 +04:00
Virtual Wacom PenPartner tablet. This device is similar to the @code{tablet}
above but it can be used with the tslib library because in addition to touch
coordinates it reports touch pressure.
2017-05-08 18:13:49 +03:00
@item usb-kbd
2007-06-22 12:16:00 +04:00
Standard USB keyboard. Will override the PS/2 keyboard (if present).
2017-05-08 18:13:49 +03:00
@item usb-serial,chardev=@var{id}
2008-01-18 01:22:45 +03:00
Serial converter. This emulates an FTDI FT232BM chip connected to host character
2017-05-08 18:13:49 +03:00
device @var{id}.
@item usb-braille,chardev=@var{id}
2008-04-08 10:01:02 +04:00
Braille device. This will use BrlAPI to display the braille output on a real
2017-05-08 18:13:49 +03:00
or fake device referenced by @var{id}.
@item usb-net[,netdev=@var{id}]
Network adapter that supports CDC ethernet and RNDIS protocols. @var{id}
specifies a netdev defined with @code{-netdev @dots{},id=@var{id}}.
2008-07-29 17:16:31 +04:00
For instance, user-mode networking can be used with
2008-07-18 00:47:13 +04:00
@example
2017-05-08 18:13:49 +03:00
qemu-system-i386 [...] -netdev user,id=net0 -device usb-net,netdev=net0
2008-07-18 00:47:13 +04:00
@end example
2017-05-08 18:13:49 +03:00
@item usb-ccid
Smartcard reader device
@item usb-audio
USB audio device
@item usb-bt-dongle
Bluetooth dongle for the transport layer of HCI. It is connected to HCI
scatternet 0 by default (corresponds to @code{-bt hci,vlan=0}).
Note that the syntax for the @code{-device usb-bt-dongle} option is not as
useful yet as it was with the legacy @code{-usbdevice} option. So to
configure an USB bluetooth device, you might need to use
"@code{-usbdevice bt}[:@var{hci-type}]" instead. This configures a
bluetooth dongle whose type is specified in the same format as with
2008-11-09 05:24:54 +03:00
the @option{-bt hci} option, @pxref{bt-hcis,,allowed HCI types}. If
no type is given, the HCI logic corresponds to @code{-bt hci,vlan=0}.
This USB device implements the USB Transport Layer of HCI. Example
usage:
@example
2016-01-13 23:50:26 +03:00
@command{qemu-system-i386} [...@var{OPTIONS}...] @option{-usbdevice} bt:hci,vlan=3 @option{-bt} device:keyboard,vlan=3
2008-11-09 05:24:54 +03:00
@end example
2006-05-26 04:49:52 +04:00
@end table
2005-11-06 19:49:55 +03:00
2006-05-26 04:49:52 +04:00
@node host_usb_devices
2005-11-06 19:49:55 +03:00
@subsection Using host USB devices on a Linux host
WARNING: this is an experimental feature. QEMU will slow down when
using it. USB devices requiring real time streaming (i.e. USB Video
Cameras) are not supported yet.
@enumerate
2007-09-17 01:08:06 +04:00
@item If you use an early Linux 2.4 kernel, verify that no Linux driver
2005-11-06 19:49:55 +03:00
is actually using the USB device. A simple way to do that is simply to
disable the corresponding kernel module by renaming it from @file{mydriver.o}
to @file{mydriver.o.disabled}.
@item Verify that @file{/proc/bus/usb} is working (most Linux distributions should enable it by default). You should see something like that:
@example
ls /proc/bus/usb
001 devices drivers
@end example
@item Since only root can access to the USB devices directly, you can either launch QEMU as root or change the permissions of the USB devices you want to use. For testing, the following suffices:
@example
chown -R myuid /proc/bus/usb
@end example
@item Launch QEMU and do in the monitor:
2007-09-17 01:08:06 +04:00
@example
2005-11-06 19:49:55 +03:00
info usbhost
Device 1.2, speed 480 Mb/s
Class 00: USB device 1234:5678, USB DISK
@end example
You should see the list of the devices you can use (Never try to use
hubs, it won't work).
@item Add the device in QEMU by using:
2007-09-17 01:08:06 +04:00
@example
2017-05-08 18:13:49 +03:00
device_add usb-host,vendorid=0x1234,productid=0x5678
2005-11-06 19:49:55 +03:00
@end example
2017-05-08 18:13:49 +03:00
Normally the guest OS should report that a new USB device is plugged.
You can use the option @option{-device usb-host,...} to do the same.
2005-11-06 19:49:55 +03:00
@item Now you can try to use the host USB device in QEMU.
@end enumerate
When relaunching QEMU, you may have to unplug and plug again the USB
device to make it work again (this is a bug).
2007-08-25 05:40:37 +04:00
@node vnc_security
@section VNC security
The VNC server capability provides access to the graphical console
of the guest VM across the network. This has a number of security
considerations depending on the deployment scenarios.
@menu
* vnc_sec_none::
* vnc_sec_password::
* vnc_sec_certificate::
* vnc_sec_certificate_verify::
* vnc_sec_certificate_pw::
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
* vnc_sec_sasl::
* vnc_sec_certificate_sasl::
2007-08-25 05:40:37 +04:00
* vnc_generate_cert::
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
* vnc_setup_sasl::
2007-08-25 05:40:37 +04:00
@end menu
@node vnc_sec_none
@subsection Without passwords
The simplest VNC server setup does not include any form of authentication.
For this setup it is recommended to restrict it to listen on a UNIX domain
socket only. For example
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 [...OPTIONS...] -vnc unix:/home/joebloggs/.qemu-myvm-vnc
2007-08-25 05:40:37 +04:00
@end example
This ensures that only users on local box with read/write access to that
path can access the VNC server. To securely access the VNC server from a
remote machine, a combination of netcat+ssh can be used to provide a secure
tunnel.
@node vnc_sec_password
@subsection With passwords
The VNC protocol has limited support for password based authentication. Since
the protocol limits passwords to 8 characters it should not be considered
to provide high security. The password can be fairly easily brute-forced by
a client making repeat connections. For this reason, a VNC server using password
authentication should be restricted to only listen on the loopback interface
2012-08-03 22:39:21 +04:00
or UNIX domain sockets. Password authentication is not supported when operating
in FIPS 140-2 compliance mode as it requires the use of the DES cipher. Password
authentication is requested with the @code{password} option, and then once QEMU
is running the password is set with the monitor. Until the monitor is used to
set the password all clients will be rejected.
2007-08-25 05:40:37 +04:00
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 [...OPTIONS...] -vnc :1,password -monitor stdio
2007-08-25 05:40:37 +04:00
(qemu) change vnc password
Password: ********
(qemu)
@end example
@node vnc_sec_certificate
@subsection With x509 certificates
The QEMU VNC server also implements the VeNCrypt extension allowing use of
TLS for encryption of the session, and x509 certificates for authentication.
The use of x509 certificates is strongly recommended, because TLS on its
own is susceptible to man-in-the-middle attacks. Basic x509 certificate
support provides a secure session, but no authentication. This allows any
client to connect, and provides an encrypted session.
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 [...OPTIONS...] -vnc :1,tls,x509=/etc/pki/qemu -monitor stdio
2007-08-25 05:40:37 +04:00
@end example
In the above example @code{/etc/pki/qemu} should contain at least three files,
@code{ca-cert.pem}, @code{server-cert.pem} and @code{server-key.pem}. Unprivileged
users will want to use a private directory, for example @code{$HOME/.pki/qemu}.
NB the @code{server-key.pem} file should be protected with file mode 0600 to
only be readable by the user owning it.
@node vnc_sec_certificate_verify
@subsection With x509 certificates and client verification
Certificates can also provide a means to authenticate the client connecting.
The server will request that the client provide a certificate, which it will
then validate against the CA certificate. This is a good choice if deploying
in an environment with a private internal certificate authority.
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 [...OPTIONS...] -vnc :1,tls,x509verify=/etc/pki/qemu -monitor stdio
2007-08-25 05:40:37 +04:00
@end example
@node vnc_sec_certificate_pw
@subsection With x509 certificates, client verification and passwords
Finally, the previous method can be combined with VNC password authentication
to provide two layers of authentication for clients.
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 [...OPTIONS...] -vnc :1,password,tls,x509verify=/etc/pki/qemu -monitor stdio
2007-08-25 05:40:37 +04:00
(qemu) change vnc password
Password: ********
(qemu)
@end example
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
@node vnc_sec_sasl
@subsection With SASL authentication
The SASL authentication method is a VNC extension, that provides an
easily extendable, pluggable authentication method. This allows for
integration with a wide range of authentication mechanisms, such as
PAM, GSSAPI/Kerberos, LDAP, SQL databases, one-time keys and more.
The strength of the authentication depends on the exact mechanism
configured. If the chosen mechanism also provides a SSF layer, then
it will encrypt the datastream as well.
Refer to the later docs on how to choose the exact SASL mechanism
used for authentication, but assuming use of one supporting SSF,
then QEMU can be launched with:
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 [...OPTIONS...] -vnc :1,sasl -monitor stdio
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
@end example
@node vnc_sec_certificate_sasl
@subsection With x509 certificates and SASL authentication
If the desired SASL authentication mechanism does not supported
SSF layers, then it is strongly advised to run it in combination
with TLS and x509 certificates. This provides securely encrypted
data stream, avoiding risk of compromising of the security
credentials. This can be enabled, by combining the 'sasl' option
with the aforementioned TLS + x509 options:
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 [...OPTIONS...] -vnc :1,tls,x509,sasl -monitor stdio
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
@end example
2007-08-25 05:40:37 +04:00
@node vnc_generate_cert
@subsection Generating certificates for VNC
The GNU TLS packages provides a command called @code{certtool} which can
be used to generate certificates and keys in PEM format. At a minimum it
2011-01-07 20:59:16 +03:00
is necessary to setup a certificate authority, and issue certificates to
2007-08-25 05:40:37 +04:00
each server. If using certificates for authentication, then each client
will also need to be issued a certificate. The recommendation is for the
server to keep its certificates in either @code{/etc/pki/qemu} or for
unprivileged users in @code{$HOME/.pki/qemu}.
@menu
* vnc_generate_ca::
* vnc_generate_server::
* vnc_generate_client::
@end menu
@node vnc_generate_ca
@subsubsection Setup the Certificate Authority
This step only needs to be performed once per organization / organizational
unit. First the CA needs a private key. This key must be kept VERY secret
and secure. If this key is compromised the entire trust chain of the certificates
issued with it is lost.
@example
# certtool --generate-privkey > ca-key.pem
@end example
A CA needs to have a public certificate. For simplicity it can be a self-signed
certificate, or one issue by a commercial certificate issuing authority. To
generate a self-signed certificate requires one core piece of information, the
name of the organization.
@example
# cat > ca.info <<EOF
cn = Name of your organization
ca
cert_signing_key
EOF
# certtool --generate-self-signed \
--load-privkey ca-key.pem
--template ca.info \
--outfile ca-cert.pem
@end example
The @code{ca-cert.pem} file should be copied to all servers and clients wishing to utilize
TLS support in the VNC server. The @code{ca-key.pem} must not be disclosed/copied at all.
@node vnc_generate_server
@subsubsection Issuing server certificates
Each server (or host) needs to be issued with a key and certificate. When connecting
the certificate is sent to the client which validates it against the CA certificate.
The core piece of information for a server certificate is the hostname. This should
be the fully qualified hostname that the client will connect with, since the client
will typically also verify the hostname in the certificate. On the host holding the
secure CA private key:
@example
# cat > server.info <<EOF
organization = Name of your organization
cn = server.foo.example.com
tls_www_server
encryption_key
signing_key
EOF
# certtool --generate-privkey > server-key.pem
# certtool --generate-certificate \
--load-ca-certificate ca-cert.pem \
--load-ca-privkey ca-key.pem \
2014-11-03 15:48:30 +03:00
--load-privkey server-key.pem \
2007-08-25 05:40:37 +04:00
--template server.info \
--outfile server-cert.pem
@end example
The @code{server-key.pem} and @code{server-cert.pem} files should now be securely copied
to the server for which they were generated. The @code{server-key.pem} is security
sensitive and should be kept protected with file mode 0600 to prevent disclosure.
@node vnc_generate_client
@subsubsection Issuing client certificates
If the QEMU VNC server is to use the @code{x509verify} option to validate client
certificates as its authentication mechanism, each client also needs to be issued
a certificate. The client certificate contains enough metadata to uniquely identify
the client, typically organization, state, city, building, etc. On the host holding
the secure CA private key:
@example
# cat > client.info <<EOF
country = GB
state = London
locality = London
2014-11-03 15:48:30 +03:00
organization = Name of your organization
2007-08-25 05:40:37 +04:00
cn = client.foo.example.com
tls_www_client
encryption_key
signing_key
EOF
# certtool --generate-privkey > client-key.pem
# certtool --generate-certificate \
--load-ca-certificate ca-cert.pem \
--load-ca-privkey ca-key.pem \
--load-privkey client-key.pem \
--template client.info \
--outfile client-cert.pem
@end example
The @code{client-key.pem} and @code{client-cert.pem} files should now be securely
copied to the client for which they were generated.
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
@node vnc_setup_sasl
@subsection Configuring SASL mechanisms
The following documentation assumes use of the Cyrus SASL implementation on a
Linux host, but the principals should apply to any other SASL impl. When SASL
is enabled, the mechanism configuration will be loaded from system default
SASL service config /etc/sasl2/qemu.conf. If running QEMU as an
unprivileged user, an environment variable SASL_CONF_PATH can be used
to make it search alternate locations for the service config.
2017-03-15 14:53:22 +03:00
If the TLS option is enabled for VNC, then it will provide session encryption,
otherwise the SASL mechanism will have to provide encryption. In the latter
case the list of possible plugins that can be used is drastically reduced. In
fact only the GSSAPI SASL mechanism provides an acceptable level of security
by modern standards. Previous versions of QEMU referred to the DIGEST-MD5
mechanism, however, it has multiple serious flaws described in detail in
RFC 6331 and thus should never be used any more. The SCRAM-SHA-1 mechanism
provides a simple username/password auth facility similar to DIGEST-MD5, but
does not support session encryption, so can only be used in combination with
TLS.
When not using TLS the recommended configuration is
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
@example
2017-03-15 14:53:22 +03:00
mech_list: gssapi
keytab: /etc/qemu/krb5.tab
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
@end example
2017-03-15 14:53:22 +03:00
This says to use the 'GSSAPI' mechanism with the Kerberos v5 protocol, with
the server principal stored in /etc/qemu/krb5.tab. For this to work the
administrator of your KDC must generate a Kerberos principal for the server,
with a name of 'qemu/somehost.example.com@@EXAMPLE.COM' replacing
'somehost.example.com' with the fully qualified host name of the machine
running QEMU, and 'EXAMPLE.COM' with the Kerberos Realm.
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
2017-03-15 14:53:22 +03:00
When using TLS, if username+password authentication is desired, then a
reasonable configuration is
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
@example
2017-03-15 14:53:22 +03:00
mech_list: scram-sha-1
sasldb_path: /etc/qemu/passwd.db
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
@end example
2017-03-15 14:53:22 +03:00
The saslpasswd2 program can be used to populate the passwd.db file with
accounts.
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
2017-03-15 14:53:22 +03:00
Other SASL configurations will be left as an exercise for the reader. Note that
all mechanisms except GSSAPI, should be combined with use of TLS to ensure a
secure data channel.
Add SASL authentication support ("Daniel P. Berrange")
This patch adds the new SASL authentication protocol to the VNC server.
It is enabled by setting the 'sasl' flag when launching VNC. SASL can
optionally provide encryption via its SSF layer, if a suitable mechanism
is configured (eg, GSSAPI/Kerberos, or Digest-MD5). If an SSF layer is
not available, then it should be combined with the x509 VNC authentication
protocol which provides encryption.
eg, if using GSSAPI
qemu -vnc localhost:1,sasl
eg if using TLS/x509 for encryption
qemu -vnc localhost:1,sasl,tls,x509
By default the Cyrus SASL library will look for its configuration in
the file /etc/sasl2/qemu.conf. For non-root users, this can be overridden
by setting the SASL_CONF_PATH environment variable, eg to make it look in
$HOME/.sasl2. NB unprivileged users may not have access to the full range
of SASL mechanisms, since some of them require some administrative privileges
to configure. The patch includes an example SASL configuration file which
illustrates config for GSSAPI and Digest-MD5, though it should be noted that
the latter is not really considered secure any more.
Most of the SASL authentication code is located in a separate source file,
vnc-auth-sasl.c. The main vnc.c file only contains minimal integration
glue, specifically parsing of command line flags / setup, and calls to
start the SASL auth process, to do encoding/decoding for data.
There are several possible stacks for reading & writing of data, depending
on the combo of VNC authentication methods in use
- Clear. read/write straight to socket
- TLS. read/write via GNUTLS helpers
- SASL. encode/decode via SASL SSF layer, then read/write to socket
- SASL+TLS. encode/decode via SASL SSF layer, then read/write via GNUTLS
Hence, the vnc_client_read & vnc_client_write methods have been refactored
a little.
vnc_client_read: main entry point for reading, calls either
- vnc_client_read_plain reading, with no intermediate decoding
- vnc_client_read_sasl reading, with SASL SSF decoding
These two methods, then call vnc_client_read_buf(). This decides
whether to write to the socket directly or write via GNUTLS.
The situation is the same for writing data. More extensive comments
have been added in the code / patch. The vnc_client_read_sasl and
vnc_client_write_sasl method implementations live in the separate
vnc-auth-sasl.c file.
The state required for the SASL auth mechanism is kept in a separate
VncStateSASL struct, defined in vnc-auth-sasl.h and included in the
main VncState.
The configure script probes for SASL and automatically enables it
if found, unless --disable-vnc-sasl was given to override it.
Makefile | 7
Makefile.target | 5
b/qemu.sasl | 34 ++
b/vnc-auth-sasl.c | 626 ++++++++++++++++++++++++++++++++++++++++++++++++++++
b/vnc-auth-sasl.h | 67 +++++
configure | 34 ++
qemu-doc.texi | 97 ++++++++
vnc-auth-vencrypt.c | 12
vnc.c | 249 ++++++++++++++++++--
vnc.h | 31 ++
10 files changed, 1129 insertions(+), 33 deletions(-)
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6724 c046a42c-6fe2-441c-8c8c-71466251a162
2009-03-06 23:27:28 +03:00
2003-10-01 04:15:32 +04:00
@node gdb_usage
2003-06-27 22:50:50 +04:00
@section GDB usage
QEMU has a primitive support to work with gdb, so that you can do
2003-10-01 04:15:32 +04:00
'Ctrl-C' while the virtual machine is running and inspect its state.
2003-06-27 22:50:50 +04:00
2012-05-12 00:25:50 +04:00
In order to use gdb, launch QEMU with the '-s' option. It will wait for a
2003-06-27 22:50:50 +04:00
gdb connection:
@example
2012-05-12 00:21:50 +04:00
qemu-system-i386 -s -kernel arch/i386/boot/bzImage -hda root-2.4.20.img \
-append "root=/dev/hda"
2003-06-27 22:50:50 +04:00
Connected to host network interface: tun0
Waiting gdb connection on port 1234
@end example
Then launch gdb on the 'vmlinux' executable:
@example
> gdb vmlinux
@end example
In gdb, connect to QEMU:
@example
2004-01-24 16:46:56 +03:00
(gdb) target remote localhost:1234
2003-06-27 22:50:50 +04:00
@end example
Then you can use gdb normally. For example, type 'c' to launch the kernel:
@example
(gdb) c
@end example
2003-10-01 04:15:32 +04:00
Here are some useful tips in order to use gdb on system code:
@enumerate
@item
Use @code{info reg} to display all the CPU registers.
@item
Use @code{x/10i $eip} to display the code at the PC position.
@item
Use @code{set architecture i8086} to dump 16 bit code. Then use
2006-05-06 18:23:06 +04:00
@code{x/10i $cs*16+$eip} to dump the code at the PC position.
2003-10-01 04:15:32 +04:00
@end enumerate
2008-05-09 12:25:14 +04:00
Advanced debugging options:
2015-08-26 14:17:13 +03:00
The default single stepping behavior is step with the IRQs and timer service routines off. It is set this way because when gdb executes a single step it expects to advance beyond the current instruction. With the IRQs and timer service routines on, a single step might jump into the one of the interrupt or exception vectors instead of executing the current instruction. This means you may hit the same breakpoint a number of times before executing the instruction gdb wants to have executed. Because there are rare circumstances where you want to single step into an interrupt vector the behavior can be controlled from GDB. There are three commands you can query and set the single step behavior:
2008-05-10 23:37:44 +04:00
@table @code
2008-05-09 12:25:14 +04:00
@item maintenance packet qqemu.sstepbits
This will display the MASK bits used to control the single stepping IE:
@example
(gdb) maintenance packet qqemu.sstepbits
sending: "qqemu.sstepbits"
received: "ENABLE=1,NOIRQ=2,NOTIMER=4"
@end example
@item maintenance packet qqemu.sstep
This will display the current value of the mask used when single stepping IE:
@example
(gdb) maintenance packet qqemu.sstep
sending: "qqemu.sstep"
received: "0x7"
@end example
@item maintenance packet Qqemu.sstep=HEX_VALUE
This will change the single step mask, so if wanted to enable IRQs on the single step, but not timers, you would use:
@example
(gdb) maintenance packet Qqemu.sstep=0x5
sending: "qemu.sstep=0x5"
received: "OK"
@end example
2008-05-10 23:37:44 +04:00
@end table
2008-05-09 12:25:14 +04:00
2006-05-01 01:58:41 +04:00
@node pcsys_os_specific
2004-05-14 02:34:49 +04:00
@section Target OS specific information
@subsection Linux
2004-07-09 01:26:26 +04:00
To have access to SVGA graphic modes under X11, use the @code{vesa} or
the @code{cirrus} X11 driver. For optimal performances, use 16 bit
color depth in the guest and the host OS.
2004-05-14 02:34:49 +04:00
2004-07-10 20:26:02 +04:00
When using a 2.6 guest Linux kernel, you should add the option
@code{clock=pit} on the kernel command line because the 2.6 Linux
kernels make very strict real time clock checks by default that QEMU
cannot simulate exactly.
2005-02-11 00:46:47 +03:00
When using a 2.6 guest Linux kernel, verify that the 4G/4G patch is
not activated because QEMU is slower with this patch. The QEMU
Accelerator Module is also much slower in this case. Earlier Fedora
2007-06-03 17:41:28 +04:00
Core 3 Linux kernel (< 2.6.9-1.724_FC3) were known to incorporate this
2005-02-11 00:46:47 +03:00
patch by default. Newer kernels don't have it.
2004-05-14 02:34:49 +04:00
@subsection Windows
If you have a slow host, using Windows 95 is better as it gives the
best speed. Windows 2000 is also a good choice.
2004-07-10 20:26:02 +04:00
@subsubsection SVGA graphic modes support
QEMU emulates a Cirrus Logic GD5446 Video
2004-07-09 01:26:26 +04:00
card. All Windows versions starting from Windows 95 should recognize
and use this graphic card. For optimal performances, use 16 bit color
depth in the guest and the host OS.
2004-05-14 02:34:49 +04:00
2006-06-22 01:19:50 +04:00
If you are using Windows XP as guest OS and if you want to use high
resolution modes which the Cirrus Logic BIOS does not support (i.e. >=
1280x1024x16), then you should use the VESA VBE virtual graphic card
(option @option{-std-vga}).
2004-07-10 20:26:02 +04:00
@subsubsection CPU usage reduction
Windows 9x does not correctly use the CPU HLT
2004-07-09 01:26:26 +04:00
instruction. The result is that it takes host CPU cycles even when
idle. You can install the utility from
2017-03-08 15:13:25 +03:00
@url{http://web.archive.org/web/20060212132151/http://www.user.cityline.ru/~maxamn/amnhltm.zip}
to solve this problem. Note that no such tool is needed for NT, 2000 or XP.
2004-05-14 02:34:49 +04:00
2005-07-03 21:34:05 +04:00
@subsubsection Windows 2000 disk full problem
2004-07-10 20:26:02 +04:00
2005-07-03 21:34:05 +04:00
Windows 2000 has a bug which gives a disk full problem during its
installation. When installing it, use the @option{-win2k-hack} QEMU
option to enable a specific workaround. After Windows 2000 is
installed, you no longer need this option (this option slows down the
IDE transfers).
2004-07-10 20:26:02 +04:00
2005-07-29 02:27:28 +04:00
@subsubsection Windows 2000 shutdown
Windows 2000 cannot automatically shutdown in QEMU although Windows 98
can. It comes from the fact that Windows 2000 does not automatically
use the APM driver provided by the BIOS.
In order to correct that, do the following (thanks to Struan
Bartlett): go to the Control Panel => Add/Remove Hardware & Next =>
Add/Troubleshoot a device => Add a new device & Next => No, select the
hardware from a list & Next => NT Apm/Legacy Support & Next => Next
(again) a few times. Now the driver is installed and Windows 2000 now
2007-09-17 01:08:06 +04:00
correctly instructs QEMU to shutdown at the appropriate moment.
2005-07-29 02:27:28 +04:00
@subsubsection Share a directory between Unix and Windows
2016-01-13 11:21:02 +03:00
See @ref{sec_invocation} about the help of the option
@option{'-netdev user,smb=...'}.
2005-07-29 02:27:28 +04:00
2006-08-22 00:28:18 +04:00
@subsubsection Windows XP security problem
2004-07-10 20:26:02 +04:00
Some releases of Windows XP install correctly but give a security
error when booting:
@example
A problem is preventing Windows from accurately checking the
license for this computer. Error code: 0x800703e6.
@end example
2006-08-22 00:28:18 +04:00
The workaround is to install a service pack for XP after a boot in safe
mode. Then reboot, and the problem should go away. Since there is no
network while in safe mode, its recommended to download the full
installation of SP1 or SP2 and transfer that via an ISO or using the
vvfat block device ("-hdb fat:directory_which_holds_the_SP").
2004-07-10 20:26:02 +04:00
2004-07-14 21:38:57 +04:00
@subsection MS-DOS and FreeDOS
@subsubsection CPU usage reduction
DOS does not correctly use the CPU HLT instruction. The result is that
2017-03-08 15:13:25 +03:00
it takes host CPU cycles even when idle. You can install the utility from
@url{http://web.archive.org/web/20051222085335/http://www.vmware.com/software/dosidle210.zip}
to solve this problem.
2004-07-14 21:38:57 +04:00
2006-05-01 01:58:41 +04:00
@node QEMU System emulator for non PC targets
2005-12-18 23:11:37 +03:00
@chapter QEMU System emulator for non PC targets
QEMU is a generic emulator and it emulates many non PC
machines. Most of the options are similar to the PC emulator. The
2007-06-03 17:41:28 +04:00
differences are mentioned in the following sections.
2005-12-18 23:11:37 +03:00
2006-05-01 01:58:41 +04:00
@menu
2010-02-06 01:52:03 +03:00
* PowerPC System emulator::
2007-07-11 14:24:28 +04:00
* Sparc32 System emulator::
* Sparc64 System emulator::
* MIPS System emulator::
* ARM System emulator::
* ColdFire System emulator::
2010-02-06 01:52:03 +03:00
* Cris System emulator::
* Microblaze System emulator::
* SH4 System emulator::
2011-10-10 14:48:23 +04:00
* Xtensa System emulator::
2006-05-01 01:58:41 +04:00
@end menu
2010-02-06 01:52:03 +03:00
@node PowerPC System emulator
@section PowerPC System emulator
@cindex system emulation (PowerPC)
2004-05-14 02:34:49 +04:00
2004-07-09 01:26:26 +04:00
Use the executable @file{qemu-system-ppc} to simulate a complete PREP
or PowerMac PowerPC system.
2004-05-14 02:34:49 +04:00
2005-04-30 19:08:33 +04:00
QEMU emulates the following PowerMac peripherals:
2004-05-14 02:34:49 +04:00
2004-07-09 01:26:26 +04:00
@itemize @minus
2007-09-17 01:08:06 +04:00
@item
2009-02-08 18:59:36 +03:00
UniNorth or Grackle PCI Bridge
2004-07-09 01:26:26 +04:00
@item
PCI VGA compatible card with VESA Bochs Extensions
2007-09-17 01:08:06 +04:00
@item
2004-07-09 01:26:26 +04:00
2 PMAC IDE interfaces with hard disk and CD-ROM support
2007-09-17 01:08:06 +04:00
@item
2004-07-09 01:26:26 +04:00
NE2000 PCI adapters
@item
Non Volatile RAM
@item
VIA-CUDA with ADB keyboard and mouse.
2004-05-14 02:34:49 +04:00
@end itemize
2005-04-30 19:08:33 +04:00
QEMU emulates the following PREP peripherals:
2004-04-26 01:27:03 +04:00
@itemize @minus
2007-09-17 01:08:06 +04:00
@item
2004-07-09 01:26:26 +04:00
PCI Bridge
@item
PCI VGA compatible card with VESA Bochs Extensions
2007-09-17 01:08:06 +04:00
@item
2004-04-26 01:27:03 +04:00
2 IDE interfaces with hard disk and CD-ROM support
@item
Floppy disk
2007-09-17 01:08:06 +04:00
@item
2004-07-09 01:26:26 +04:00
NE2000 network adapters
2004-04-26 01:27:03 +04:00
@item
Serial port
@item
PREP Non Volatile RAM
2004-07-09 01:26:26 +04:00
@item
PC compatible keyboard and mouse.
2004-04-26 01:27:03 +04:00
@end itemize
2004-07-09 01:26:26 +04:00
QEMU uses the Open Hack'Ware Open Firmware Compatible BIOS available at
2005-12-18 23:11:37 +03:00
@url{http://perso.magic.fr/l_indien/OpenHackWare/index.htm}.
2004-04-26 01:27:03 +04:00
2008-12-24 23:23:51 +03:00
Since version 0.9.1, QEMU uses OpenBIOS @url{http://www.openbios.org/}
2009-02-08 18:59:36 +03:00
for the g3beige and mac99 PowerMac machines. OpenBIOS is a free (GPL
v2) portable firmware implementation. The goal is to implement a 100%
IEEE 1275-1994 (referred to as Open Firmware) compliant firmware.
2008-12-24 23:23:51 +03:00
2004-07-09 01:26:26 +04:00
@c man begin OPTIONS
The following options are specific to the PowerPC emulation:
@table @option
2009-10-09 12:58:36 +04:00
@item -g @var{W}x@var{H}[x@var{DEPTH}]
2004-07-09 01:26:26 +04:00
2014-03-18 01:46:26 +04:00
Set the initial VGA graphic mode. The default is 800x600x32.
2004-07-09 01:26:26 +04:00
2009-10-09 12:58:36 +04:00
@item -prom-env @var{string}
2008-12-24 23:26:14 +03:00
Set OpenBIOS variables in NVRAM, for example:
@example
qemu-system-ppc -prom-env 'auto-boot?=false' \
-prom-env 'boot-device=hd:2,\yaboot' \
-prom-env 'boot-args=conf=hd:2,\yaboot.conf'
@end example
These variables are not used by Open Hack'Ware.
2004-07-09 01:26:26 +04:00
@end table
2007-09-17 01:08:06 +04:00
@c man end
2004-07-09 01:26:26 +04:00
2004-04-26 01:27:03 +04:00
More information is available at
2005-12-18 23:11:37 +03:00
@url{http://perso.magic.fr/l_indien/qemu-ppc/}.
2004-04-26 01:27:03 +04:00
2007-07-11 14:24:28 +04:00
@node Sparc32 System emulator
@section Sparc32 System emulator
2010-02-06 01:52:03 +03:00
@cindex system emulation (Sparc32)
2004-12-20 02:18:01 +03:00
2008-10-05 00:43:39 +04:00
Use the executable @file{qemu-system-sparc} to simulate the following
Sun4m architecture machines:
@itemize @minus
@item
SPARCstation 4
@item
SPARCstation 5
@item
SPARCstation 10
@item
SPARCstation 20
@item
SPARCserver 600MP
@item
SPARCstation LX
@item
SPARCstation Voyager
@item
SPARCclassic
@item
SPARCbook
@end itemize
The emulation is somewhat complete. SMP up to 16 CPUs is supported,
but Linux limits the number of usable CPUs to 4.
2004-12-20 02:18:01 +03:00
2013-04-14 22:10:28 +04:00
QEMU emulates the following sun4m peripherals:
2004-12-20 02:18:01 +03:00
@itemize @minus
2005-07-02 18:31:34 +04:00
@item
2013-04-14 22:10:28 +04:00
IOMMU
2004-12-20 02:18:01 +03:00
@item
2014-03-18 01:46:25 +04:00
TCX or cgthree Frame buffer
2007-09-17 01:08:06 +04:00
@item
2004-12-20 02:18:01 +03:00
Lance (Am7990) Ethernet
@item
2008-10-05 00:43:39 +04:00
Non Volatile RAM M48T02/M48T08
2004-12-20 02:18:01 +03:00
@item
2005-07-02 18:31:34 +04:00
Slave I/O: timers, interrupt controllers, Zilog serial ports, keyboard
and power/reset logic
@item
ESP SCSI controller with hard disk and CD-ROM support
@item
2007-11-11 20:56:38 +03:00
Floppy drive (not on SS-600MP)
2007-06-10 21:01:00 +04:00
@item
CS4231 sound device (only on SS-5, not working yet)
2004-12-20 02:18:01 +03:00
@end itemize
2007-11-11 20:56:38 +03:00
The number of peripherals is fixed in the architecture. Maximum
memory size depends on the machine type, for SS-5 it is 256MB and for
2007-12-28 23:57:43 +03:00
others 2047MB.
2005-07-02 18:31:34 +04:00
2006-06-14 22:35:18 +04:00
Since version 0.8.2, QEMU uses OpenBIOS
2006-06-14 16:36:32 +04:00
@url{http://www.openbios.org/}. OpenBIOS is a free (GPL v2) portable
firmware implementation. The goal is to implement a 100% IEEE
1275-1994 (referred to as Open Firmware) compliant firmware.
2005-07-02 18:31:34 +04:00
A sample Linux 2.6 series kernel and ram disk image are available on
2008-10-05 00:43:39 +04:00
the QEMU web site. There are still issues with NetBSD and OpenBSD, but
2015-03-03 01:23:27 +03:00
most kernel versions work. Please note that currently older Solaris kernels
2008-10-05 00:43:39 +04:00
don't work probably due to interface issues between OpenBIOS and
Solaris.
2005-07-02 18:31:34 +04:00
@c man begin OPTIONS
2007-06-10 21:01:00 +04:00
The following options are specific to the Sparc32 emulation:
2005-07-02 18:31:34 +04:00
@table @option
2009-10-09 12:58:36 +04:00
@item -g @var{W}x@var{H}x[x@var{DEPTH}]
2005-07-02 18:31:34 +04:00
2014-03-18 01:46:25 +04:00
Set the initial graphics mode. For TCX, the default is 1024x768x8 with the
option of 1024x768x24. For cgthree, the default is 1024x768x8 with the option
of 1152x900x8 for people who wish to use OBP.
2005-07-02 18:31:34 +04:00
2009-10-09 12:58:36 +04:00
@item -prom-env @var{string}
2007-05-01 18:16:52 +04:00
Set OpenBIOS variables in NVRAM, for example:
@example
qemu-system-sparc -prom-env 'auto-boot?=false' \
-prom-env 'boot-device=sd(0,2,0):d' -prom-env 'boot-args=linux single'
@end example
2013-04-14 22:10:28 +04:00
@item -M [SS-4|SS-5|SS-10|SS-20|SS-600MP|LX|Voyager|SPARCClassic] [|SPARCbook]
2007-06-10 21:01:00 +04:00
Set the emulated machine type. Default is SS-5.
2005-07-02 18:31:34 +04:00
@end table
2007-09-17 01:08:06 +04:00
@c man end
2005-07-02 18:31:34 +04:00
2007-07-11 14:24:28 +04:00
@node Sparc64 System emulator
@section Sparc64 System emulator
2010-02-06 01:52:03 +03:00
@cindex system emulation (Sparc64)
2004-12-20 02:18:01 +03:00
2008-10-05 00:43:39 +04:00
Use the executable @file{qemu-system-sparc64} to simulate a Sun4u
(UltraSPARC PC-like machine), Sun4v (T1 PC-like machine), or generic
2015-03-03 01:23:27 +03:00
Niagara (T1) machine. The Sun4u emulator is mostly complete, being
able to run Linux, NetBSD and OpenBSD in headless (-nographic) mode. The
2016-09-29 15:46:45 +03:00
Sun4v emulator is still a work in progress.
The Niagara T1 emulator makes use of firmware and OS binaries supplied in the S10image/ directory
of the OpenSPARC T1 project @url{http://download.oracle.com/technetwork/systems/opensparc/OpenSPARCT1_Arch.1.5.tar.bz2}
and is able to boot the disk.s10hw2 Solaris image.
@example
qemu-system-sparc64 -M niagara -L /path-to/S10image/ \
-nographic -m 256 \
-drive if=pflash,readonly=on,file=/S10image/disk.s10hw2
@end example
2005-03-13 12:43:05 +03:00
2008-07-22 11:07:34 +04:00
QEMU emulates the following peripherals:
2005-07-23 18:27:54 +04:00
@itemize @minus
@item
2007-09-17 01:08:06 +04:00
UltraSparc IIi APB PCI Bridge
2005-07-23 18:27:54 +04:00
@item
PCI VGA compatible card with VESA Bochs Extensions
@item
2008-10-05 00:43:39 +04:00
PS/2 mouse and keyboard
@item
2005-07-23 18:27:54 +04:00
Non Volatile RAM M48T59
@item
PC-compatible serial ports
2008-07-22 11:07:34 +04:00
@item
2 PCI IDE interfaces with hard disk and CD-ROM support
2008-10-05 00:43:39 +04:00
@item
Floppy disk
2005-07-23 18:27:54 +04:00
@end itemize
2008-07-22 11:07:34 +04:00
@c man begin OPTIONS
The following options are specific to the Sparc64 emulation:
@table @option
2009-10-09 12:58:36 +04:00
@item -prom-env @var{string}
2008-10-05 00:43:39 +04:00
Set OpenBIOS variables in NVRAM, for example:
@example
qemu-system-sparc64 -prom-env 'auto-boot?=false'
@end example
2016-09-29 15:46:45 +03:00
@item -M [sun4u|sun4v|niagara]
2008-07-22 11:07:34 +04:00
Set the emulated machine type. The default is sun4u.
@end table
@c man end
2007-07-11 14:24:28 +04:00
@node MIPS System emulator
@section MIPS System emulator
2010-02-06 01:52:03 +03:00
@cindex system emulation (MIPS)
2005-07-03 21:34:05 +04:00
2007-12-17 06:47:55 +03:00
Four executables cover simulation of 32 and 64-bit MIPS systems in
both endian options, @file{qemu-system-mips}, @file{qemu-system-mipsel}
@file{qemu-system-mips64} and @file{qemu-system-mips64el}.
2008-04-08 09:57:37 +04:00
Five different machine types are emulated:
2007-07-11 14:24:28 +04:00
@itemize @minus
@item
A generic ISA PC-like machine "mips"
@item
The MIPS Malta prototype board "malta"
@item
2007-12-17 06:47:55 +03:00
An ACER Pica "pica61". This machine needs the 64-bit emulator.
2007-10-17 17:08:32 +04:00
@item
2007-10-17 17:39:42 +04:00
MIPS emulator pseudo board "mipssim"
2008-04-08 09:57:37 +04:00
@item
A MIPS Magnum R4000 machine "magnum". This machine needs the 64-bit emulator.
2007-07-11 14:24:28 +04:00
@end itemize
The generic emulation is supported by Debian 'Etch' and is able to
install Debian into a virtual disk image. The following devices are
emulated:
2005-12-18 23:11:37 +03:00
@itemize @minus
2007-09-17 01:08:06 +04:00
@item
2007-10-17 17:08:32 +04:00
A range of MIPS CPUs, default is the 24Kf
2005-12-18 23:11:37 +03:00
@item
PC style serial port
@item
2007-07-11 14:24:28 +04:00
PC style IDE disk
@item
2005-12-18 23:11:37 +03:00
NE2000 network card
@end itemize
2007-07-11 14:24:28 +04:00
The Malta emulation supports the following devices:
@itemize @minus
@item
2007-07-12 01:43:14 +04:00
Core board with MIPS 24Kf CPU and Galileo system controller
2007-07-11 14:24:28 +04:00
@item
PIIX4 PCI/USB/SMbus controller
@item
The Multi-I/O chip's serial device
@item
2009-06-06 20:05:58 +04:00
PCI network cards (PCnet32 and others)
2007-07-11 14:24:28 +04:00
@item
Malta FPGA serial device
@item
2009-02-08 17:51:19 +03:00
Cirrus (default) or any other PCI VGA graphics card
2007-07-11 14:24:28 +04:00
@end itemize
The ACER Pica emulation supports:
@itemize @minus
@item
MIPS R4000 CPU
@item
PC-style IRQ and DMA controllers
@item
PC Keyboard
@item
IDE controller
@end itemize
2005-12-18 23:11:37 +03:00
2011-11-14 01:24:26 +04:00
The mipssim pseudo board emulation provides an environment similar
2007-10-17 17:39:42 +04:00
to what the proprietary MIPS emulator uses for running Linux.
It supports:
2007-10-17 17:08:32 +04:00
@itemize @minus
@item
A range of MIPS CPUs, default is the 24Kf
@item
PC style serial port
@item
MIPSnet network emulation
@end itemize
2008-04-08 09:57:37 +04:00
The MIPS Magnum R4000 emulation supports:
@itemize @minus
@item
MIPS R4000 CPU
@item
PC-style IRQ controller
@item
PC Keyboard
@item
SCSI controller
@item
G364 framebuffer
@end itemize
2007-07-11 14:24:28 +04:00
@node ARM System emulator
@section ARM System emulator
2010-02-06 01:52:03 +03:00
@cindex system emulation (ARM)
2005-12-18 23:11:37 +03:00
Use the executable @file{qemu-system-arm} to simulate a ARM
machine. The ARM Integrator/CP board is emulated with the following
devices:
@itemize @minus
@item
2007-11-11 03:04:49 +03:00
ARM926E, ARM1026E, ARM946E, ARM1136 or Cortex-A8 CPU
2005-12-18 23:11:37 +03:00
@item
Two PL011 UARTs
2007-09-17 01:08:06 +04:00
@item
2005-12-18 23:11:37 +03:00
SMC 91c111 Ethernet adapter
2006-05-13 20:55:46 +04:00
@item
PL110 LCD controller
@item
PL050 KMI with PS/2 keyboard and mouse.
2007-04-06 20:49:48 +04:00
@item
PL181 MultiMedia Card Interface with SD card.
2006-05-13 20:55:46 +04:00
@end itemize
The ARM Versatile baseboard is emulated with the following devices:
@itemize @minus
@item
2007-11-11 03:04:49 +03:00
ARM926E, ARM1136 or Cortex-A8 CPU
2006-05-13 20:55:46 +04:00
@item
PL190 Vectored Interrupt Controller
@item
Four PL011 UARTs
2007-09-17 01:08:06 +04:00
@item
2006-05-13 20:55:46 +04:00
SMC 91c111 Ethernet adapter
@item
PL110 LCD controller
@item
PL050 KMI with PS/2 keyboard and mouse.
@item
PCI host bridge. Note the emulated PCI bridge only provides access to
PCI memory space. It does not provide access to PCI IO space.
2007-06-03 17:41:28 +04:00
This means some devices (eg. ne2k_pci NIC) are not usable, and others
(eg. rtl8139 NIC) are only usable when the guest drivers use the memory
2006-05-13 20:55:46 +04:00
mapped control registers.
2006-06-17 01:48:48 +04:00
@item
PCI OHCI USB controller.
@item
LSI53C895A PCI SCSI Host Bus Adapter with hard disk and CD-ROM devices.
2007-04-06 20:49:48 +04:00
@item
PL181 MultiMedia Card Interface with SD card.
2005-12-18 23:11:37 +03:00
@end itemize
2009-12-21 23:19:12 +03:00
Several variants of the ARM RealView baseboard are emulated,
including the EB, PB-A8 and PBX-A9. Due to interactions with the
bootloader, only certain Linux kernel configurations work out
of the box on these boards.
Kernels for the PB-A8 board should have CONFIG_REALVIEW_HIGH_PHYS_OFFSET
enabled in the kernel, and expect 512M RAM. Kernels for The PBX-A9 board
should have CONFIG_SPARSEMEM enabled, CONFIG_REALVIEW_HIGH_PHYS_OFFSET
disabled and expect 1024M RAM.
2011-01-07 20:59:16 +03:00
The following devices are emulated:
2007-02-28 19:25:17 +03:00
@itemize @minus
@item
2009-11-19 19:45:21 +03:00
ARM926E, ARM1136, ARM11MPCore, Cortex-A8 or Cortex-A9 MPCore CPU
2007-02-28 19:25:17 +03:00
@item
ARM AMBA Generic/Distributed Interrupt Controller
@item
Four PL011 UARTs
2007-09-17 01:08:06 +04:00
@item
2009-11-16 20:06:43 +03:00
SMC 91c111 or SMSC LAN9118 Ethernet adapter
2007-02-28 19:25:17 +03:00
@item
PL110 LCD controller
@item
PL050 KMI with PS/2 keyboard and mouse
@item
PCI host bridge
@item
PCI OHCI USB controller
@item
LSI53C895A PCI SCSI Host Bus Adapter with hard disk and CD-ROM devices
2007-04-06 20:49:48 +04:00
@item
PL181 MultiMedia Card Interface with SD card.
2007-02-28 19:25:17 +03:00
@end itemize
2007-04-30 06:22:06 +04:00
The XScale-based clamshell PDA models ("Spitz", "Akita", "Borzoi"
and "Terrier") emulation includes the following peripherals:
@itemize @minus
@item
Intel PXA270 System-on-chip (ARM V5TE core)
@item
NAND Flash memory
@item
IBM/Hitachi DSCM microdrive in a PXA PCMCIA slot - not in "Akita"
@item
On-chip OHCI USB controller
@item
On-chip LCD controller
@item
On-chip Real Time Clock
@item
TI ADS7846 touchscreen controller on SSP bus
@item
Maxim MAX1111 analog-digital converter on I@math{^2}C bus
@item
GPIO-connected keyboard controller and LEDs
@item
2007-05-01 21:53:37 +04:00
Secure Digital card connected to PXA MMC/SD host
2007-04-30 06:22:06 +04:00
@item
Three on-chip UARTs
@item
WM8750 audio CODEC on I@math{^2}C and I@math{^2}S busses
@end itemize
2007-11-03 15:50:46 +03:00
The Palm Tungsten|E PDA (codename "Cheetah") emulation includes the
following elements:
@itemize @minus
@item
Texas Instruments OMAP310 System-on-chip (ARM 925T core)
@item
ROM and RAM memories (ROM firmware image can be loaded with -option-rom)
@item
On-chip LCD controller
@item
On-chip Real Time Clock
@item
TI TSC2102i touchscreen controller / analog-digital converter / Audio
CODEC, connected through MicroWire and I@math{^2}S busses
@item
GPIO-connected matrix keypad
@item
Secure Digital card connected to OMAP MMC/SD host
@item
Three on-chip UARTs
@end itemize
2008-05-18 17:01:40 +04:00
Nokia N800 and N810 internet tablets (known also as RX-34 and RX-44 / 48)
emulation supports the following elements:
@itemize @minus
@item
Texas Instruments OMAP2420 System-on-chip (ARM 1136 core)
@item
RAM and non-volatile OneNAND Flash memories
@item
Display connected to EPSON remote framebuffer chip and OMAP on-chip
display controller and a LS041y3 MIPI DBI-C controller
@item
TI TSC2301 (in N800) and TI TSC2005 (in N810) touchscreen controllers
driven through SPI bus
@item
National Semiconductor LM8323-controlled qwerty keyboard driven
through I@math{^2}C bus
@item
Secure Digital card connected to OMAP MMC/SD host
@item
Three OMAP on-chip UARTs and on-chip STI debugging console
@item
2011-01-07 20:59:16 +03:00
A Bluetooth(R) transceiver and HCI connected to an UART
2008-11-09 05:24:54 +03:00
@item
2008-05-18 17:01:40 +04:00
Mentor Graphics "Inventra" dual-role USB controller embedded in a TI
TUSB6010 chip - only USB host mode is supported
@item
TI TMP105 temperature sensor driven through I@math{^2}C bus
@item
TI TWL92230C power management companion with an RTC on I@math{^2}C bus
@item
Nokia RETU and TAHVO multi-purpose chips with an RTC, connected
through CBUS
@end itemize
2007-11-11 03:04:49 +03:00
The Luminary Micro Stellaris LM3S811EVB emulation includes the following
devices:
@itemize @minus
@item
Cortex-M3 CPU core.
@item
64k Flash and 8k SRAM.
@item
Timers, UARTs, ADC and I@math{^2}C interface.
@item
OSRAM Pictiva 96x16 OLED with SSD0303 controller on I@math{^2}C bus.
@end itemize
The Luminary Micro Stellaris LM3S6965EVB emulation includes the following
devices:
@itemize @minus
@item
Cortex-M3 CPU core.
@item
256k Flash and 64k SRAM.
@item
Timers, UARTs, ADC, I@math{^2}C and SSI interfaces.
@item
OSRAM Pictiva 128x64 OLED with SSD0323 controller connected via SSI.
@end itemize
2008-05-07 16:23:32 +04:00
The Freecom MusicPal internet radio emulation includes the following
elements:
@itemize @minus
@item
Marvell MV88W8618 ARM core.
@item
32 MB RAM, 256 KB SRAM, 8 MB flash.
@item
Up to 2 16550 UARTs
@item
MV88W8xx8 Ethernet controller
@item
MV88W8618 audio controller, WM8750 CODEC and mixer
@item
2010-02-06 01:52:00 +03:00
128× 64 display with brightness control
2008-05-07 16:23:32 +04:00
@item
2 buttons, 2 navigation wheels with button function
@end itemize
2008-12-15 05:05:00 +03:00
The Siemens SX1 models v1 and v2 (default) basic emulation.
2011-01-07 20:59:16 +03:00
The emulation includes the following elements:
2008-12-15 05:05:00 +03:00
@itemize @minus
@item
Texas Instruments OMAP310 System-on-chip (ARM 925T core)
@item
ROM and RAM memories (ROM firmware image can be loaded with -pflash)
V1
1 Flash of 16MB and 1 Flash of 8MB
V2
1 Flash of 32MB
@item
On-chip LCD controller
@item
On-chip Real Time Clock
@item
Secure Digital card connected to OMAP MMC/SD host
@item
Three on-chip UARTs
@end itemize
2005-12-18 23:11:37 +03:00
A Linux 2.6 test image is available on the QEMU web site. More
information is available in the QEMU mailing-list archive.
2005-07-03 21:34:05 +04:00
2009-01-24 21:19:25 +03:00
@c man begin OPTIONS
The following options are specific to the ARM emulation:
@table @option
@item -semihosting
Enable semihosting syscall emulation.
On ARM this implements the "Angel" interface.
Note that this allows guest direct access to the host filesystem,
so should only be used with trusted guest OS.
@end table
2017-06-19 12:16:11 +03:00
@c man end
2007-07-11 14:24:28 +04:00
@node ColdFire System emulator
@section ColdFire System emulator
2010-02-06 01:52:03 +03:00
@cindex system emulation (ColdFire)
@cindex system emulation (M68K)
2007-05-24 00:16:15 +04:00
Use the executable @file{qemu-system-m68k} to simulate a ColdFire machine.
The emulator is able to boot a uClinux kernel.
2007-06-04 04:50:06 +04:00
The M5208EVB emulation includes the following devices:
@itemize @minus
2007-09-17 01:08:06 +04:00
@item
2007-06-04 04:50:06 +04:00
MCF5208 ColdFire V2 Microprocessor (ISA A+ with EMAC).
@item
Three Two on-chip UARTs.
@item
Fast Ethernet Controller (FEC)
@end itemize
The AN5206 emulation includes the following devices:
2007-05-24 00:16:15 +04:00
@itemize @minus
2007-09-17 01:08:06 +04:00
@item
2007-05-24 00:16:15 +04:00
MCF5206 ColdFire V2 Microprocessor.
@item
Two on-chip UARTs.
@end itemize
2009-01-24 21:19:25 +03:00
@c man begin OPTIONS
2010-02-06 01:52:03 +03:00
The following options are specific to the ColdFire emulation:
2009-01-24 21:19:25 +03:00
@table @option
@item -semihosting
Enable semihosting syscall emulation.
On M68K this implements the "ColdFire GDB" interface used by libgloss.
Note that this allows guest direct access to the host filesystem,
so should only be used with trusted guest OS.
@end table
2017-06-19 12:16:11 +03:00
@c man end
2010-02-06 01:52:03 +03:00
@node Cris System emulator
@section Cris System emulator
@cindex system emulation (Cris)
TODO
@node Microblaze System emulator
@section Microblaze System emulator
@cindex system emulation (Microblaze)
TODO
@node SH4 System emulator
@section SH4 System emulator
@cindex system emulation (SH4)
TODO
2011-10-10 14:48:23 +04:00
@node Xtensa System emulator
@section Xtensa System emulator
@cindex system emulation (Xtensa)
Two executables cover simulation of both Xtensa endian options,
@file{qemu-system-xtensa} and @file{qemu-system-xtensaeb}.
Two different machine types are emulated:
@itemize @minus
@item
Xtensa emulator pseudo board "sim"
@item
Avnet LX60/LX110/LX200 board
@end itemize
2011-11-14 01:24:26 +04:00
The sim pseudo board emulation provides an environment similar
2011-10-10 14:48:23 +04:00
to one provided by the proprietary Tensilica ISS.
It supports:
@itemize @minus
@item
A range of Xtensa CPUs, default is the DC232B
@item
Console and filesystem access via semihosting calls
@end itemize
The Avnet LX60/LX110/LX200 emulation supports:
@itemize @minus
@item
A range of Xtensa CPUs, default is the DC232B
@item
16550 UART
@item
OpenCores 10/100 Mbps Ethernet MAC
@end itemize
@c man begin OPTIONS
The following options are specific to the Xtensa emulation:
@table @option
@item -semihosting
Enable semihosting syscall emulation.
Xtensa semihosting provides basic file IO calls, such as open/read/write/seek/select.
Tensilica baremetal libc for ISS and linux platform "sim" use this interface.
Note that this allows guest direct access to the host filesystem,
so should only be used with trusted guest OS.
@end table
2017-05-22 23:53:29 +03:00
2017-06-19 12:16:11 +03:00
@c man end
2017-05-22 23:53:29 +03:00
@node QEMU Guest Agent
@chapter QEMU Guest Agent invocation
@include qemu-ga.texi
2007-09-17 01:08:06 +04:00
@node QEMU User space emulator
@chapter QEMU User space emulator
2007-02-05 22:42:07 +03:00
@menu
* Supported Operating Systems ::
2016-10-06 16:22:05 +03:00
* Features::
2007-02-05 22:42:07 +03:00
* Linux User space emulator::
2008-10-26 23:33:16 +03:00
* BSD User space emulator ::
2007-02-05 22:42:07 +03:00
@end menu
@node Supported Operating Systems
@section Supported Operating Systems
The following OS are supported in user space emulation:
@itemize @minus
@item
2007-06-03 17:41:28 +04:00
Linux (referred as qemu-linux-user)
2007-02-05 22:42:07 +03:00
@item
2008-10-26 23:33:16 +03:00
BSD (referred as qemu-bsd-user)
2007-02-05 22:42:07 +03:00
@end itemize
2016-10-06 16:22:05 +03:00
@node Features
@section Features
QEMU user space emulation has the following notable features:
@table @strong
@item System call translation:
QEMU includes a generic system call translator. This means that
the parameters of the system calls can be converted to fix
endianness and 32/64-bit mismatches between hosts and targets.
IOCTLs can be converted too.
@item POSIX signal handling:
QEMU can redirect to the running program all signals coming from
the host (such as @code{SIGALRM}), as well as synthesize signals from
virtual CPU exceptions (for example @code{SIGFPE} when the program
executes a division by zero).
QEMU relies on the host kernel to emulate most signal system
calls, for example to emulate the signal mask. On Linux, QEMU
supports both normal and real-time signals.
@item Threading:
On Linux, QEMU can emulate the @code{clone} syscall and create a real
host thread (with a separate virtual CPU) for each emulated thread.
Note that not all targets currently emulate atomic operations correctly.
x86 and ARM use a global lock in order to preserve their semantics.
@end table
QEMU was conceived so that ultimately it can emulate itself. Although
it is not very useful, it is an important test to show the power of the
emulator.
2007-02-05 22:42:07 +03:00
@node Linux User space emulator
@section Linux User space emulator
2003-03-24 00:28:45 +03:00
2006-05-01 01:58:41 +04:00
@menu
* Quick Start::
* Wine launch::
* Command line options::
2006-06-11 20:28:41 +04:00
* Other binaries::
2006-05-01 01:58:41 +04:00
@end menu
@node Quick Start
2007-02-05 22:42:07 +03:00
@subsection Quick Start
2003-05-28 04:27:57 +04:00
2004-04-04 19:21:17 +04:00
In order to launch a Linux process, QEMU needs the process executable
2007-09-17 01:08:06 +04:00
itself and all the target (x86) dynamic libraries used by it.
2003-03-24 00:28:45 +03:00
2004-04-04 19:21:17 +04:00
@itemize
2003-03-24 00:28:45 +03:00
2004-04-04 19:21:17 +04:00
@item On x86, you can just try to launch any process by using the native
libraries:
2003-03-24 00:28:45 +03:00
2007-09-17 01:08:06 +04:00
@example
2004-04-04 19:21:17 +04:00
qemu-i386 -L / /bin/ls
@end example
2003-03-24 00:28:45 +03:00
2004-04-04 19:21:17 +04:00
@code{-L /} tells that the x86 dynamic linker must be searched with a
@file{/} prefix.
2003-03-24 00:28:45 +03:00
2012-05-12 00:25:50 +04:00
@item Since QEMU is also a linux process, you can launch QEMU with
QEMU (NOTE: you can only do that if you compiled QEMU from the sources):
2003-03-24 00:28:45 +03:00
2007-09-17 01:08:06 +04:00
@example
2004-04-04 19:21:17 +04:00
qemu-i386 -L / qemu-i386 -L / /bin/ls
@end example
2003-03-24 00:28:45 +03:00
2004-04-04 19:21:17 +04:00
@item On non x86 CPUs, you need first to download at least an x86 glibc
(@file{qemu-runtime-i386-XXX-.tar.gz} on the QEMU web page). Ensure that
@code{LD_LIBRARY_PATH} is not set:
2003-05-28 04:27:57 +04:00
2004-04-04 19:21:17 +04:00
@example
2007-09-17 01:08:06 +04:00
unset LD_LIBRARY_PATH
2004-04-04 19:21:17 +04:00
@end example
2003-04-11 05:12:28 +04:00
2004-04-04 19:21:17 +04:00
Then you can launch the precompiled @file{ls} x86 executable:
2003-04-11 05:12:28 +04:00
2004-04-04 19:21:17 +04:00
@example
qemu-i386 tests/i386/ls
@end example
2011-01-20 23:54:21 +03:00
You can look at @file{scripts/qemu-binfmt-conf.sh} so that
2004-04-04 19:21:17 +04:00
QEMU is automatically launched by the Linux kernel when you try to
launch x86 executables. It requires the @code{binfmt_misc} module in the
Linux kernel.
2003-04-11 05:12:28 +04:00
2004-04-04 19:21:17 +04:00
@item The x86 version of QEMU is also included. You can try weird things such as:
@example
2006-05-01 01:58:41 +04:00
qemu-i386 /usr/local/qemu-i386/bin/qemu-i386 \
/usr/local/qemu-i386/bin/ls-i386
2004-04-04 19:21:17 +04:00
@end example
2003-06-25 20:21:49 +04:00
2004-04-04 19:21:17 +04:00
@end itemize
2003-06-25 20:21:49 +04:00
2006-05-01 01:58:41 +04:00
@node Wine launch
2007-02-05 22:42:07 +03:00
@subsection Wine launch
2003-06-25 20:21:49 +04:00
2004-04-04 19:21:17 +04:00
@itemize
2003-03-24 00:28:45 +03:00
2004-04-04 19:21:17 +04:00
@item Ensure that you have a working QEMU with the x86 glibc
distribution (see previous section). In order to verify it, you must be
able to do:
2003-03-24 00:28:45 +03:00
2004-04-04 19:21:17 +04:00
@example
qemu-i386 /usr/local/qemu-i386/bin/ls-i386
@end example
2003-03-24 00:28:45 +03:00
2004-04-04 19:21:17 +04:00
@item Download the binary x86 Wine install
2007-09-17 01:08:06 +04:00
(@file{qemu-XXX-i386-wine.tar.gz} on the QEMU web page).
2003-03-24 00:28:45 +03:00
2004-04-04 19:21:17 +04:00
@item Configure Wine on your account. Look at the provided script
2006-05-01 01:58:41 +04:00
@file{/usr/local/qemu-i386/@/bin/wine-conf.sh}. Your previous
2004-04-04 19:21:17 +04:00
@code{$@{HOME@}/.wine} directory is saved to @code{$@{HOME@}/.wine.org}.
2003-03-24 00:28:45 +03:00
2004-04-04 19:21:17 +04:00
@item Then you can try the example @file{putty.exe}:
2003-03-24 00:28:45 +03:00
2004-04-04 19:21:17 +04:00
@example
2006-05-01 01:58:41 +04:00
qemu-i386 /usr/local/qemu-i386/wine/bin/wine \
/usr/local/qemu-i386/wine/c/Program\ Files/putty.exe
2004-04-04 19:21:17 +04:00
@end example
2003-03-24 00:28:45 +03:00
2004-04-04 19:21:17 +04:00
@end itemize
2003-03-31 00:59:46 +04:00
2006-05-01 01:58:41 +04:00
@node Command line options
2007-02-05 22:42:07 +03:00
@subsection Command line options
2003-06-25 20:21:49 +04:00
2004-04-04 19:21:17 +04:00
@example
2016-01-13 23:50:26 +03:00
@command{qemu-i386} [@option{-h]} [@option{-d]} [@option{-L} @var{path}] [@option{-s} @var{size}] [@option{-cpu} @var{model}] [@option{-g} @var{port}] [@option{-B} @var{offset}] [@option{-R} @var{size}] @var{program} [@var{arguments}...]
2004-04-04 19:21:17 +04:00
@end example
2003-06-25 20:21:49 +04:00
2004-04-04 19:21:17 +04:00
@table @option
@item -h
Print the help
2007-09-17 12:09:54 +04:00
@item -L path
2004-04-04 19:21:17 +04:00
Set the x86 elf interpreter prefix (default=/usr/local/qemu-i386)
@item -s size
Set the x86 stack size in bytes (default=524288)
2008-10-05 00:43:39 +04:00
@item -cpu model
2012-08-02 16:45:54 +04:00
Select CPU model (-cpu help for list and additional feature selection)
2010-07-16 00:28:02 +04:00
@item -E @var{var}=@var{value}
Set environment @var{var} to @var{value}.
@item -U @var{var}
Remove @var{var} from the environment.
2009-07-17 15:48:08 +04:00
@item -B offset
Offset guest address by the specified number of bytes. This is useful when
2010-07-11 20:34:28 +04:00
the address region required by guest applications is reserved on the host.
This option is currently only supported on some hosts.
2010-05-29 05:27:35 +04:00
@item -R size
Pre-allocate a guest virtual address space of the given size (in bytes).
2011-01-07 20:59:13 +03:00
"G", "M", and "k" suffixes may be used when specifying the size.
2003-03-24 00:28:45 +03:00
@end table
2004-04-04 19:21:17 +04:00
Debug options:
2003-03-24 00:28:45 +03:00
2004-04-04 19:21:17 +04:00
@table @option
2013-02-26 21:52:40 +04:00
@item -d item1,...
Activate logging of the specified items (use '-d help' for a list of log items)
2004-04-04 19:21:17 +04:00
@item -p pagesize
Act as if the host page size was 'pagesize' bytes
2008-10-05 00:43:39 +04:00
@item -g port
Wait gdb connection to port
2009-04-06 00:08:59 +04:00
@item -singlestep
Run the emulation in single step mode.
2004-04-04 19:21:17 +04:00
@end table
2003-03-24 00:28:45 +03:00
2007-12-16 16:05:59 +03:00
Environment variables:
@table @env
@item QEMU_STRACE
Print system calls and arguments similar to the 'strace' program
(NOTE: the actual 'strace' program will not work because the user
space emulator hasn't implemented ptrace). At the moment this is
incomplete. All system calls that don't have a specific argument
format are printed with information for six arguments. Many
flag-style arguments don't have decoders and will show up as numbers.
2007-12-17 06:38:26 +03:00
@end table
2007-12-16 16:05:59 +03:00
2006-06-11 20:28:41 +04:00
@node Other binaries
2007-02-05 22:42:07 +03:00
@subsection Other binaries
2006-06-11 20:28:41 +04:00
2010-02-06 01:52:03 +03:00
@cindex user mode (Alpha)
@command{qemu-alpha} TODO.
@cindex user mode (ARM)
@command{qemu-armeb} TODO.
@cindex user mode (ARM)
2006-06-11 20:28:41 +04:00
@command{qemu-arm} is also capable of running ARM "Angel" semihosted ELF
binaries (as implemented by the arm-elf and arm-eabi Newlib/GDB
configurations), and arm-uclinux bFLT format binaries.
2010-02-06 01:52:03 +03:00
@cindex user mode (ColdFire)
@cindex user mode (M68K)
2006-10-22 04:18:54 +04:00
@command{qemu-m68k} is capable of running semihosted binaries using the BDM
(m5xxx-ram-hosted.ld) or m68k-sim (sim.ld) syscall interfaces, and
coldfire uClinux bFLT format binaries.
2006-06-11 20:28:41 +04:00
The binary format is detected automatically.
2010-02-06 01:52:03 +03:00
@cindex user mode (Cris)
@command{qemu-cris} TODO.
@cindex user mode (i386)
@command{qemu-i386} TODO.
@command{qemu-x86_64} TODO.
@cindex user mode (Microblaze)
@command{qemu-microblaze} TODO.
@cindex user mode (MIPS)
@command{qemu-mips} TODO.
@command{qemu-mipsel} TODO.
2017-01-19 01:01:46 +03:00
@cindex user mode (NiosII)
@command{qemu-nios2} TODO.
2010-02-06 01:52:03 +03:00
@cindex user mode (PowerPC)
@command{qemu-ppc64abi32} TODO.
@command{qemu-ppc64} TODO.
@command{qemu-ppc} TODO.
@cindex user mode (SH4)
@command{qemu-sh4eb} TODO.
@command{qemu-sh4} TODO.
@cindex user mode (SPARC)
2008-10-05 00:43:39 +04:00
@command{qemu-sparc} can execute Sparc32 binaries (Sparc32 CPU, 32 bit ABI).
2007-10-20 12:09:05 +04:00
@command{qemu-sparc32plus} can execute Sparc32 and SPARC32PLUS binaries
(Sparc64 CPU, 32 bit ABI).
@command{qemu-sparc64} can execute some Sparc64 (Sparc64 CPU, 64 bit ABI) and
SPARC32PLUS binaries (Sparc64 CPU, 32 bit ABI).
2008-10-26 23:33:16 +03:00
@node BSD User space emulator
@section BSD User space emulator
@menu
* BSD Status::
* BSD Quick Start::
* BSD Command line options::
@end menu
@node BSD Status
@subsection BSD Status
@itemize @minus
@item
target Sparc64 on Sparc64: Some trivial programs work.
@end itemize
@node BSD Quick Start
@subsection Quick Start
In order to launch a BSD process, QEMU needs the process executable
itself and all the target dynamic libraries used by it.
@itemize
@item On Sparc64, you can just try to launch any process by using the native
libraries:
@example
qemu-sparc64 /bin/ls
@end example
@end itemize
@node BSD Command line options
@subsection Command line options
@example
2016-01-13 23:50:26 +03:00
@command{qemu-sparc64} [@option{-h]} [@option{-d]} [@option{-L} @var{path}] [@option{-s} @var{size}] [@option{-bsd} @var{type}] @var{program} [@var{arguments}...]
2008-10-26 23:33:16 +03:00
@end example
@table @option
@item -h
Print the help
@item -L path
Set the library root path (default=/)
@item -s size
Set the stack size in bytes (default=524288)
2010-07-16 00:28:02 +04:00
@item -ignore-environment
Start with an empty environment. Without this option,
2011-01-07 20:59:16 +03:00
the initial environment is a copy of the caller's environment.
2010-07-16 00:28:02 +04:00
@item -E @var{var}=@var{value}
Set environment @var{var} to @var{value}.
@item -U @var{var}
Remove @var{var} from the environment.
2008-10-26 23:33:16 +03:00
@item -bsd type
Set the type of the emulated BSD Operating system. Valid values are
FreeBSD, NetBSD and OpenBSD (default).
@end table
Debug options:
@table @option
2013-02-26 21:52:40 +04:00
@item -d item1,...
Activate logging of the specified items (use '-d help' for a list of log items)
2008-10-26 23:33:16 +03:00
@item -p pagesize
Act as if the host page size was 'pagesize' bytes
2009-04-06 00:08:59 +04:00
@item -singlestep
Run the emulation in single step mode.
2008-10-26 23:33:16 +03:00
@end table
2010-02-06 01:52:01 +03:00
2016-10-06 17:12:11 +03:00
@include qemu-tech.texi
2017-07-25 14:36:38 +03:00
@node Deprecated features
@appendix Deprecated features
In general features are intended to be supported indefinitely once
introduced into QEMU. In the event that a feature needs to be removed,
it will be listed in this appendix. The feature will remain functional
for 2 releases prior to actual removal. Deprecated features may also
generate warnings on the console when QEMU starts up, or if activated
via a monitor command, however, this is not a mandatory requirement.
Prior to the 2.10.0 release there was no official policy on how
long features would be deprecated prior to their removal, nor
any documented list of which features were deprecated. Thus
any features deprecated prior to 2.10.0 will be treated as if
they were first deprecated in the 2.10.0 release.
What follows is a list of all features currently marked as
deprecated.
@section System emulator command line arguments
@subsection -drive boot=on|off (since 1.3.0)
The ``boot=on|off'' option to the ``-drive'' argument is
ignored. Applications should use the ``bootindex=N'' parameter
to set an absolute ordering between devices instead.
@subsection -tdf (since 1.3.0)
The ``-tdf'' argument is ignored. The behaviour implemented
by this argument is now the default when using the KVM PIT,
but can be requested explicitly using
``-global kvm-pit.lost_tick_policy=slew''.
@subsection -no-kvm-pit-reinjection (since 1.3.0)
The ``-no-kvm-pit-reinjection'' argument is now a
synonym for setting ``-global kvm-pit.lost_tick_policy=discard''.
@subsection -no-kvm-irqchip (since 1.3.0)
The ``-no-kvm-irqchip'' argument is now a synonym for
setting ``-machine kernel_irqchip=off''.
@subsection -no-kvm-pit (since 1.3.0)
The ``-no-kvm-pit'' argument is ignored. It is no longer
possible to disable the KVM PIT directly.
@subsection -no-kvm (since 1.3.0)
The ``-no-kvm'' argument is now a synonym for setting
``-machine accel=tcg''.
@subsection -mon default=on (since 2.4.0)
The ``default'' option to the ``-mon'' argument is
now ignored. When multiple monitors were enabled, it
indicated which monitor would receive log messages
from the various subsystems. This feature is no longer
required as messages are now only sent to the monitor
in response to explicitly monitor commands.
@subsection -vnc tls (since 2.5.0)
The ``-vnc tls'' argument is now a synonym for setting
``-object tls-creds-anon,id=tls0'' combined with
``-vnc tls-creds=tls0'
@subsection -vnc x509 (since 2.5.0)
The ``-vnc x509=/path/to/certs'' argument is now a
synonym for setting
``-object tls-creds-x509,dir=/path/to/certs,id=tls0,verify-peer=no''
combined with ``-vnc tls-creds=tls0'
@subsection -vnc x509verify (since 2.5.0)
The ``-vnc x509verify=/path/to/certs'' argument is now a
synonym for setting
``-object tls-creds-x509,dir=/path/to/certs,id=tls0,verify-peer=yes''
combined with ``-vnc tls-creds=tls0'
@subsection -tftp (since 2.6.0)
The ``-tftp /some/dir'' argument is now a synonym for setting
the ``-netdev user,tftp=/some/dir' argument. The new syntax
allows different settings to be provided per NIC.
@subsection -bootp (since 2.6.0)
The ``-bootp /some/file'' argument is now a synonym for setting
the ``-netdev user,bootp=/some/file' argument. The new syntax
allows different settings to be provided per NIC.
@subsection -redir (since 2.6.0)
The ``-redir ARGS'' argument is now a synonym for setting
the ``-netdev user,hostfwd=ARGS'' argument instead. The new
syntax allows different settings to be provided per NIC.
@subsection -smb (since 2.6.0)
The ``-smb /some/dir'' argument is now a synonym for setting
the ``-netdev user,smb=/some/dir'' argument instead. The new
syntax allows different settings to be provided per NIC.
@subsection -net channel (since 2.6.0)
The ``--net channel,ARGS'' argument is now a synonym for setting
the ``-netdev user,guestfwd=ARGS'' argument instead.
@subsection -net vlan (since 2.9.0)
2017-08-10 14:44:26 +03:00
The ``-net vlan=NN'' argument is partially replaced with the
2017-07-25 14:36:38 +03:00
new ``-netdev'' argument. The remaining use cases will no
longer be directly supported in QEMU.
@subsection -drive if=scsi (since 2.9.0)
The ``-drive if=scsi'' argument is replaced by the the
``-device BUS-TYPE'' argument combined with ``-drive if=none''.
@subsection -net dump (since 2.10.0)
The ``--net dump'' argument is now replaced with the
``-object filter-dump'' argument which works in combination
with the modern ``-netdev`` backends instead.
@subsection -hdachs (since 2.10.0)
The ``-hdachs'' argument is now a synonym for setting
the ``cyls'', ``heads'', ``secs'', and ``trans'' properties
on the ``ide-hd'' device using the ``-device'' argument.
The new syntax allows different settings to be provided
per disk.
@subsection -usbdevice (since 2.10.0)
The ``-usbdevice DEV'' argument is now a synonym for setting
the ``-device usb-DEV'' argument instead. The deprecated syntax
would automatically enable USB support on the machine type.
If using the new syntax, USB support must be explicitly
enabled via the ``-machine usb=on'' argument.
@section qemu-img command line arguments
@subsection convert -s (since 2.0.0)
The ``convert -s snapshot_id_or_name'' argument is obsoleted
by the ``convert -l snapshot_param'' argument instead.
@section System emulator human monitor commands
2017-08-10 11:00:17 +03:00
@subsection host_net_add (since 2.10.0)
The ``host_net_add'' command is replaced by the ``netdev_add'' command.
@subsection host_net_remove (since 2.10.0)
The ``host_net_remove'' command is replaced by the ``netdev_del'' command.
2017-07-25 14:36:38 +03:00
@subsection usb_add (since 2.10.0)
The ``usb_add'' command is replaced by the ``device_add'' command.
@subsection usb_del (since 2.10.0)
The ``usb_del'' command is replaced by the ``device_del'' command.
@section System emulator devices
@subsection ivshmem (since 2.6.0)
The ``ivshmem'' device type is replaced by either the ``ivshmem-plain''
or ``ivshmem-doorbell`` device types.
@subsection spapr-pci-vfio-host-bridge (since 2.6.0)
The ``spapr-pci-vfio-host-bridge'' device type is replaced by
the ``spapr-pci-host-bridge'' device type.
2010-02-06 01:52:03 +03:00
@node License
@appendix License
QEMU is a trademark of Fabrice Bellard.
2017-05-22 23:26:45 +03:00
QEMU is released under the
@url{https://www.gnu.org/licenses/gpl-2.0.txt,GNU General Public License},
version 2. Parts of QEMU have specific licenses, see file
@url{http://git.qemu.org/?p=qemu.git;a=blob_plain;f=LICENSE,LICENSE}.
2010-02-06 01:52:03 +03:00
2006-05-01 01:58:41 +04:00
@node Index
2010-02-06 01:52:03 +03:00
@appendix Index
@menu
* Concept Index::
* Function Index::
* Keystroke Index::
* Program Index::
* Data Type Index::
* Variable Index::
@end menu
@node Concept Index
@section Concept Index
This is the main index. Should we combine all keywords in one index? TODO
2006-05-01 01:58:41 +04:00
@printindex cp
2010-02-06 01:52:03 +03:00
@node Function Index
@section Function Index
This index could be used for command line options and monitor functions.
@printindex fn
@node Keystroke Index
@section Keystroke Index
This is a list of all keystrokes which have a special function
in system emulation.
@printindex ky
@node Program Index
@section Program Index
@printindex pg
@node Data Type Index
@section Data Type Index
This index could be used for qdev device names and options.
@printindex tp
@node Variable Index
@section Variable Index
@printindex vr
2006-05-01 01:58:41 +04:00
@bye