./emulators/qemu, CPU emulator using dynamic translation

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.6.0nb2, Package name: qemu-2.6.0nb2, Maintainer: pkgsrc-users

QEMU is a FAST! processor emulator using dynamic translation to achieve
good emulation speed, QEMU has two operating modes:

* Full system emulation. In this mode, QEMU emulates a full system
(for example a PC), including a processor and various peripherals.
It can be used to launch different Operating Systems without rebooting
the PC or to debug system code.
* User mode emulation (Linux host only). In this mode, QEMU can launch
Linux processes compiled for one CPU on another CPU. It can be used
to launch the Wine Windows API emulator or to ease cross-compilation
and cross-debugging.

Required to run:
[security/libgcrypt] [devel/glib2] [devel/SDL] [devel/ncurses] [x11/pixman] [lang/python27]

Required to build:
[textproc/texi2html] [pkgtools/x11-links] [x11/glproto] [x11/renderproto] [x11/xproto] [x11/xf86vidmodeproto] [x11/xf86driproto] [x11/damageproto] [x11/inputproto] [x11/xextproto] [x11/randrproto] [x11/dri2proto] [x11/fixesproto4]

Package options: sdl

Master sites:

SHA1: d558a11d681dd095b1d7cb03c5b723c9d3045020
RMD160: 97e41fab12ad15ba05e63229bf57a51a1564bd32
Filesize: 25151.628 KB

Version history: (Expand)

CVS history: (Expand)

   2016-07-09 15:04:18 by Thomas Klausner | Files touched by this commit (599)
Log message:
Remove python33: adapt all packages that refer to it.
   2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
   2016-05-31 07:25:12 by Paul Goyette | Files touched by this commit (1)
Log message:
Mark x86_64 emulator as not safe for MPROTECT

XXX Other platform emulators may be similarly affected, but I can't test
XXX the adequately.
   2016-05-15 03:25:15 by Ryo ONODERA | Files touched by this commit (10) | Package updated
Log message:
Update to 2.6.0

System emulation
Incompatible changes

    The aio=native option to "-drive" now requires the cache=none \ 
option, instead of silently disabling itself for other cache modes. The newly \ 
invalid combination had been warning since QEMU 2.3.
    Specifying block device parameter aio=native is now an error on POSIX \ 
systems if qemu is compiled without libaio support. The newly invalid \ 
combination had been warning since QEMU 2.3.
    The experimental x-drive option for the sdhci-pci device has been removed. \ 
Instead of passing a drive directly to the SD controller device you now must \ 
create an SD card object (which will automatically be plugged into the SD \ 
controller), so "-device sdhci-pci,x-drive=mydrive -drive \ 
id=mydrive,[...]" becomes "-device sdhci-pci -device \ 
sd-card,drive=mydrive -drive id=mydrive,[...]".
    The s390-virtio machine has been removed.
    Machine types pc-q35-1.4, pc-q35-1.5, pc-q35-1.6, pc-q35-1.7, pc-q35-2.0, \ 
pc-q35-2.1, pc-q35-2.2 and pc-q35-2.3 have been removed.
    The "virt" machine type's flash device has changed when TrustZone \ 
is active ("-machine virt,secure=on"). The first flash device is only \ 
available in secure memory, while the second is available in non-secure memory \ 

Future incompatible changes

    Three options are using different names on the command line and in \ 
configuration file. In particular:
        The "acpi" configuration file section matches command-line \ 
option "acpitable";
        The "boot-opts" configuration file section matches \ 
command-line option "boot";
        The "smp-opts" configuration file section matches command-line \ 
option "smp".

    -readconfig will standardize on the name for the command line option.

    Behavior of automatic calculation of SMP topology when some SMP topology \ 
options for -smp are omitted (sockets, cores, threads) will change in the \ 
future. If guest ABI needs to be preserved on upgrades while using the SMP \ 
topology options, users should either set set all options explicitly (sockets, \ 
cores, threads), or omit all of them.
    The original qcow2 image encryption is fatally flawed, and support for it \ 
will be disabled entirely from the system emulators. It'll remain available only \ 
in command line tools qemu-img, qemu-io, qemu-nbd to facilitate data liberation. \ 
It is recommended to use 'qemu-img convert' to convert qcow2 encrypted images to \ 
uncrypted ones. The new LUKS encryption driver can provide a secure replacement \ 
if raw files are acceptable, while a future release will integrate luks into \ 
qcow2 natively.
    A few devices will be configured with explicit properties instead of \ 
implicitly. Unlikely to affect users; for the full list, see the 2.3 ChangeLog.
    QMP command blockdev-add is still a work in progress. It doesn't support all \ 
block drivers, it lacks a matching blockdev-del, and more. It might change \ 


    Support for a separate EL3 address space
    System mode supports BE8 and BE32. Note that qemu-system-arm can emulate \ 
both big-endian and little-endian guests (unlike user-mode emulation which has \ 
separate qemu-arm and qemu-armeb binaries).
    Support for the SETEND instruction, used most notably on Raspbian through \ 
the arm-mem library (previously known as libcofi).
    Faster boot thanks to DMA support in fw_cfg
    The "virt" machine type supports a virtual power button and the \ 
"system_powerdown" monitor command
    The "virt" machine type supports configuring network cards with \ 
-nic in addition to -netdev
    The RAM limit for the "virt" machine type is now 255GB
    The "xlnz-zynqmp" machine type now includes SPI controllers
    The "xlnx-ep108" machine type now supports SPI flash
    New partial Raspberry Pi 2 emulation with "raspi2" machine type. \ 
For now, it can boot older releases of Windows and Raspbian, but lacks a number \ 
of devices including USB.
    New palmetto-bmc machine type using the new, partial ASPEED AST2400 SoC \ 


    Support for guest debugging (software and hardware breakpoints, single step) \ 
on AArch64


    Support for FPU and MSA in KVM guests
    Support for R6 Virtual Processors
    Initial support for Cluster Power Controller and Global Configuration \ 
Registers allowing the guest to control the start of Virtual Processors
    Support for Inter-Thread Communication Unit
    Support for MAAR registers in P5600 CPU


    Improved support for migration of g3beige and mac99 machines
    Fix serial ports for g3beige and mac99 machines (OpenBIOS)
    The gdb stub supports the VSX instruction set extensions


    pSeries machine types starting at pseries-2.6 use XHCI as the USB host \ 
controller instead of OHCI
    Support for more hypercalls (H_SET_SPRG0, H_SET_DABR, H_SET_XDABR and \ 
    Support for EEH on assigned PCI devices can use the normal \ 
spapr-pci-host-bridge instead of the special spapr-pci-vfio-host-bridge.


    Fixes and improvements in s390x PCI support
    Support for hotplug of s390x cpus via cpu-add
    Support for booting from virtio-scsi devices in the s390-ccw bios


    sun4m: Fix for ldstub instruction resolves several 32-bit Solaris bugs \ 
(MUTEX_HELD hang, libC error, Java WebStart segfault)
    sun4u: FreeBSD 10.3+ can now run under qemu-system-sparc64 in -nographic mode


    Support for context management, illegal opcode and opd traps
    Support for FPU instructions


    Support for the XSAVE/XSAVEOPT, MPX, FSGSBASE and PKE features


    Support for "split irqchip". In this mode, QEMU emulates the \ 
IOAPIC, PIC (i8259) and PIT (i8254) devices while leaving the local APIC \ 
emulation to the kernel. This mode reduces the attack surface of KVM.
    Support for the new PKU feature found in some Skylake processors
    Support for migrating the TSC rate


    Support resume (S3)
    Support for legacy Windows guests (XP/2003)

Device emulation and assignment

    New IPMI emulation subsystem. QEMU can now emulate an internal BMC or attach \ 
to an external BMC simulator such as OpenIPMI's lanserv. IPMI however is not yet \ 
exposed in SMBIOS and ACPI tables (do we want to docume?)
    FIXME: what's the state of nvdimm?


    The floppy disk controller's characteristics are now exposed in the ACPI \ 
tables, which makes it possible to use floppies on Windows together with UEFI \ 

Block devices

    The floppy disk consk or an empty disk to a 2.88 MB disk
    Improved compatibility of the SD device model with various operating systems \ 
and firmwares
    The NVMe device supports the "bootindex" property.
    The SDHCI device supports reset.


    No longer available on hosts lacking eventfd(2), because inter-vm interrupts \ 
don't work there
    New devices ivshmem-plain and ivshmem-doorbell, fully backwards compatible \ 
for guests, notable differences to ivshmem:
        PCI revision is 1 instead of 0
        ivshmem role=master becomes master=on, role=peer becomes master=off
        ivshmem x-memdev=ID becomes ivshmem-plain memdev=ID
        ivshmem shm=NAME,size=SZ becomes ivshmem-plain memdev=ID, with -object \ 
        ivshmem chardev=ID becomes ivshmem-doorbell,chardev=ID
        Property ioeventfd defaults to on instead of off
        ivshmem-plain never has MSI-X capability, and ivshmem-doorbell always \ 
has MSI-X capability
    Device ivshmem is deprecated, and its experimental property x-memdev is gone
    Interrupting a peer that reuses an unplugged peer's ID works again (broken \ 
in v1.2.0)
    Unplug no longer destroys the character device, for consistency with other \ 
    The funny "no shared memory, yet" state is no longer \ 
guest-visible, and can no longer fail or mess up migration
        Guests may require PCI revision 1 to make sure they're not exposed to \ 
the funny state
    docs/specs/ivshmem-spec.txt rewritten for completeness and accuracy.


    Support for the LSI SAS1068 HBA (also known as "MPT Fusion"). Note \ 
that some operating systems will not recognize disks attached to this adapter, \ 
unless the disks are assigned a world-wide name (WWN).


    PCIe Multi-root support (using the new pxb-pcie root-compex)


    MTP: initial support for events


    Support for AMD XGBE platform passthrough
    New sysfsdev property provides a more general way to specify the device to \ 
attach to.
    Provided PCI option ROMs are fixed to include the same vendor and device id \ 
as the device exposed to the guest. This facilitates changing the ids of the \ 


    Performance improvements via optimized vring accesses
    The balloon driver statistics now include the amount of available memory \ 
(corresponding to "Available" in /proc/meminfo for Linux guests).

Character devices

    The socket character device backend can now enable TLS over TCP connections, \ 
acting either as a TLS server:

$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
      -chardev socket,id=s0,host=,port=9000,tls-creds=tls0,server \
      -device isa-serial,chardev=s0 \
      ...other args...

or a TLS client:

$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
      -chardev socket,id=s0,host=,port=9000,tls-creds=tls0 \
      -device isa-serial,chardev=s0 \
      ...other args...

If operating in server mode, the same set of TLS credentials can be used for \ 
both character devices and the VNC server

    All character devices can have their output logged to a plain file

$QEMU -chardev stdio,id=mon0,logfile=monitor.log \
      -mon chardev=mon0 \
      ...other args...

will result in logging of all output on the HMP monitor. The logappend parameter \ 
controls whether the file is truncated at startup, defaulting to append.

    SDL2 and SPICE now support OpenGL and virgl. For SPICE, Unix sockets are the \ 
only usable transport when OpenGL is enabled.
    The "-vnc" and "-display vnc" options support ipv4=off \ 
and ipv6=off. Previously, only "ipv4" and "ipv6" were \ 
    Support getting input events directly from linux evdev devices, using \ 
"-object input-linux,id=$name,evdev=/dev/input/event$nr"
    Support for ncurses on Windows.


    Support for a new "detach" option to \ 
"dump-guest-memory". The option dumps memory in the background. \ 
Progress can be queried using the new commands "info dump" (human \ 
monitor) and "query-dump" (QMP), as well as through the QMP event \ 
    Support for a new command "input-send-event" replacing the \ 
previous experimental command "x-input-send-event".
    The human monitor command "drive_add -n" allows creating block \ 
devices that do not have a BlockBackend (similar to QMP blockdev-add).


    Postcopy is not experimental anymore; the x-postcopy-ram capability was \ 
renamed to postcopy-ram.


    SLIRP now supports IPv6 for ICMP, UDP, TCP and TFTP.
    mirror filter which can mirror traffic from netdev to socket chardev, vice versa.
    redirector filter which can redirect traffic from netdev to socket chardev, \ 
vice versa.

Secret passing system

There is a new standard mechanism for securely passing secret credentials to \ 
QEMU, which will be used in combination with other subsystems. For example, \ 
network block device passwords, block device decryption passphrases, or TLS \ 
private key passwords can all use the same mechanism.

    Passing credentials inline (insecure, only for developer testing)

$QEMU -object secret,id=sec0,data=letmein

    Passing credentials via a plain file

$QEMU -object secret,id=sec0,file=mypassword.txt

    Passing credentials via a base64 encoded file

$QEMU -object secret,id=sec0,file=mypassword.txt,format=base64

    Passing credentials inline, encrypted with a master key (recommended for \ 
management apps)

 $QEMU -object secret,id=master0,file=mykey.b64,format=base64 \
       -object secret,id=sec0,data=[base64 ciphertext],\
               keyid=master0,iv=[base64 IV],format=base64

TLS credential handling

It is now possible to use encrypted TLS private keys with credentials for TLS \ 
servers/clients in QEMU. The password for unlocking the private key is provided \ 
by a secret object whose id is specified via the passwordid' property

$QEMU -object secret,id=tlskey0,file=mypassword.txt \
      -object \ 
tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server,passwordid=tlskey0 \ 
      ...other args...

Block devices

    Block device throttling now support specifying a burst length as well. While \ 
previously the burst could only be specified as a total number of IOPS (e.g. \ 
10000 IOPS), more complex specifications such as "10000 IOPS for 10 \ 
seconds" are now possible. Note that, because of the implementation of the \ 
algorithm, a guest that is allowed "10000 IOPS for 10 seconds" will \ 
also be allowed to perform for example 5000 IOPS for 20 seconds.
    The curl block device driver now supports HTTP authentication and HTTP proxy \ 
authentication via the new properties 'username', 'password-secret', \ 
'proxy-username' and 'proxy-password-secret'.

$QEMU -object secret,id=sec0,file=password.txt \
      -object secret,id=sec1,file=proxy-password.txt \
      -drive \ 
driver=http,host=localhost,port=443,username=fred,password-secret=sec0,proxy-username=bob,proxy-password-secret=sec1 \ 
      ...other args...

    The RBD block device driver can now use the secret object type to securely \ 
receive the authentication password without exposing it in the command line args

$QEMU -object secret,id=sec0,file=password.b64,format=base64 \
      -drive \ 
driver=rbd,filename=rbd:pool/image:id=myname:auth_supported=cephx,password-secret=sec0 \ 
      ...other args...

    The iSCSI block device driver can now use the secret object type to securely \ 
receive the authentication password without exposing it in the command line args

$QEMU -object secret,id=sec0,file=password.txt \
      -iscsi user=fred,password-secret=sec0 \
      -drive \ 

NB this syntax requires that all iSCSI backed drives use the same password

    The qemu-io tool gained support for new '--object' and '--image-opts' \ 
arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to \ 
be defined for use in association with a block device backend. The \ 
'--image-opts' argument instructs qemu-io to parse the image string as a set of \ 
image options, instead of a plain filename. For example, to connect qemu-io to \ 
an NBD server using TLS

qemu-io -c "read 0 512" \
        --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
        --image-opts driver=nbd,host=localhost,port=10809,tls-creds=tls0

    The qemu-nbd tool gained support for new '--object' and '--image-opts' \ 
arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to \ 
be defined for use in association with a block device backend or the NBD server. \ 
The '--image-opts' argument instructs qemu-io to parse the image string as a set \ 
of image options, instead of a plain filename. For example, to connect qemu-nbd \ 
to an HTTP server with authentication and export it over NBD using TLS

qemu-nbd --readonly \
         --object secret,id=sec0,file=passwd.txt \
         --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
         --image-opts \ 

    The qemu-img tool gained support for new '--object' and '--image-opts' \ 
arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to \ 
be defined for use in association with a block device backend or the NBD server. \ 
The '--image-opts' argument instructs qemu-io to parse the image string as a set \ 
of image options, instead of a plain filename. For example, to a remote HTTP \ 
server with authentication

qemu-img info --object secret,id=sec0,file=passwd.txt \
              --image-opts \ 

    Support for deleting snapshots on Sheepdog devices.
    The NBD client and server now support use of TLS. When enabled, the server \ 
will mandate that the client also enable TLS and drop any client which attempts \ 
to continue in plain text. To run a qemu-nbd server with TLS:

qemu-nbd --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
         --tls-creds tls0 \

To connect to a server that requires TLS with qemu-img:

qemu-img info --object \ 
tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
              --image-opts driver=nbd,host=localhost,port=10809,tls-creds=tls0

To start a VM pointing to the NBD server

$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
      -drive driver=nbd,host=localhost,port=10809,tls-creds=tls0 \
      ...other args...

    The NBD server gained support for specifying an export name. When the client \ 
negotiates use of the new style NBD protocol the default export name is \ 
"". The --exportname argument allows this to be customized:

qemu-nbd --exportname myvol  /path/to/myvol.qcow2

    QEMU gained support for volumes formatted with the LUKSv1 data format. To \ 
format a new LUKS volume

qemu-img create -f luks \
                --object secret,id=sec0,file=passphrase.txt \
                -o key-secret=sec0 \
                demo.luks 10G

To boot a guest from a LUKS volume:

$QEMU -object secret,id=sec0,file=passphrase.txt \
      -drive driver=luks,key-secret=sec0,file=demo.luks \
      ...other args...

The LUKS implementation is intended to be compatible with that used by \ 
cryptsetup/dm-crypt, so it should be possible to use disk images interchangeably \ 
between them. The only caveat is that some less common cipher/hash algorithms \ 
are not yet supported by QEMU. It is also not yet possible to manage key-slots \ 
with qemu-img.

    Record/replay support extended to cover character devices.


    The "stderr" tracing backend was replaced by the "log" \ 
tracing backend, which is now the default. This backend prints tracing messages \ 
to the destination specified with the "-D" option.
    In addition to the existing "-trace file=...", tracepoints can be \ 
enabled using "-trace [enable=]...". The new option also supports \ 
globbing, as in "-trace bdrv_aio_*".
    In addition to the existing "-trace file=...", tracepoints can be \ 
enabling using "-d trace:...". This option also supports globbing, as \ 
in "-d trace:bdrv_aio_*".
    When using "-daemonize", the "-D" option also provides \ 
the file to which QEMU's stderr output will be redirected.
    TCG supports a new "-dfilter" option to limit exec, out_asm, op \ 
and op_opt logging to a range of guest physical addresses. ARM also applies the \ 
filter to in_asm logging; this will be extended to other targets in future \ 
releases (FIXME: probably should do it now instead...)
    A "%d" substring in the log file name is replaced with QEMU's pid.

User-mode emulation

    The default CPU for ppc64 and ppc64le is now POWER8
   2016-03-24 16:21:10 by Pierre Pronchery | Files touched by this commit (2)
Log message:
Avoid a "bad substitution" error in the configure script

This fixes building emulators/qemu on netbsd-7 (amd64).
On a related note, it may also make sense to include
security/nettle/buildlink3.mk to the build.
   2016-03-06 20:41:24 by Darrin B. Jewell | Files touched by this commit (2)
Log message:
slightly better shm_open check fix
   2016-03-06 10:55:58 by Darrin B. Jewell | Files touched by this commit (2)
Log message:
tweak check for shm_open.  Fixes build on darwin
   2015-12-23 00:52:00 by Ryo ONODERA | Files touched by this commit (2)
Log message:
Build ivshmem* conditionally, fix broken if conditional