./emulators/qemu, CPU emulator using dynamic translation

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.5.0, Package name: qemu-2.5.0, Maintainer: pkgsrc-users

QEMU is a FAST! processor emulator using dynamic translation to achieve
good emulation speed, QEMU has two operating modes:

* Full system emulation. In this mode, QEMU emulates a full system
(for example a PC), including a processor and various peripherals.
It can be used to launch different Operating Systems without rebooting
the PC or to debug system code.
* User mode emulation (Linux host only). In this mode, QEMU can launch
Linux processes compiled for one CPU on another CPU. It can be used
to launch the Wine Windows API emulator or to ease cross-compilation
and cross-debugging.


Required to run:
[security/libgcrypt] [devel/glib2] [devel/SDL] [devel/ncurses] [x11/pixman] [lang/python27]

Required to build:
[textproc/texi2html] [pkgtools/x11-links] [x11/glproto] [x11/renderproto] [x11/xproto] [x11/xf86vidmodeproto] [x11/xf86driproto] [x11/damageproto] [x11/inputproto] [x11/xextproto] [x11/randrproto] [x11/dri2proto] [x11/fixesproto4]

Package options: sdl

Master sites:

SHA1: ed6c02a267f9edf98058743f0f76a25743a0dfe7
RMD160: 51007a50ddbeae1ba2c986e0cb0b110efeae2dc9
Filesize: 24868.16 KB

Version history: (Expand)


CVS history: (Expand)


   2015-12-23 00:52:00 by Ryo ONODERA | Files touched by this commit (2)
Log message:
Build ivshmem* conditionally, fix broken if conditional
   2015-12-21 13:10:22 by Ryo ONODERA | Files touched by this commit (7)
Log message:
Fix build under NetBSD 6 or other platform that has no shm_open()
Fix PR pkg/50572.
   2015-12-18 23:39:33 by Ryo ONODERA | Files touched by this commit (5) | Package updated
Log message:
Update to 2.5.0

Changelog:
== System emulation ==
* guard pages are now inserted after guest RAM, to guard against guest-triggered \ 
buffer overflow attacks

=== Incompatible changes ===
* The mips32r5-generic CPU was renamed to P5600
* Host floppy device pass-through (block driver "host_floppy") has \ 
been removed; it is still possible to use them just like any other device file, \ 
however, a medium change will no longer be passed through to the guest

=== Future incompatible changes ===
* Three options are using different names on the command line and in \ 
configuration file.  In particular:
** The "acpi" configuration file section matches command-line option \ 
"acpitable";
** The "boot-opts" configuration file section matches command-line \ 
option "boot";
** The "smp-opts" configuration file section matches command-line \ 
option "smp".
:-readconfig will standardize on the name for the command line option.
* Behavior of automatic calculation of SMP topology when some SMP topology \ 
options for -smp are omitted (sockets, cores, threads) will change in the \ 
future. If guest ABI needs to be preserved on upgrades while using the SMP \ 
topology options, users should either set set all options explicitly (sockets, \ 
cores, threads), or omit all of them.
* Image encryption is fatally flawed, and will be dropped entirely.  It'll \ 
remain available only in qemu-img, so you can use 'qemu-img convert' to convert \ 
encrypted images to uncrypted ones.
* Block device parameter aio=native has no effect without cache.direct=on.  It \ 
will be made an error.
* Block device parameter aio=native has no effect if qemu is compiled without \ 
libaio support.  It will be made an error.
* A few devices will be configured with explicit properties instead of \ 
implicitly.  Unlikely to affect users; for the full list, see the 2.3 ChangeLog.
* QMP command blockdev-add is still a work in progress.  It doesn't support all \ 
block drivers, it lacks a matching blockdev-del, and more.  It might change \ 
incompatibly.
* The s390-virtio machine has been deprecated for 2.5; it will be removed in \ 
2.6. s390x users should switch to the (default) s390-ccw-virtio machine.
* Changes to device "sdhci-pci" will make migration between old and \ 
new versions impossible.
* We intend to drop support for running QEMU on MacOSX 10.5 hosts in the QEMU \ 
2.6 release, unless somebody who uses it wishes to step forward and help us with \ 
regular testing.

=== Alpha ===
=== ARM ===
* The "virt" machine type supports passing SMBIOS to the firmware.
* Semihosting support on AArch64
* New i.MX31 SoC.
* The ZynqMP and Allwinner A10 platforms support AHCI.
* Support for VGICv3 in KVM
* Support for GICv3 in the ACPI tables.
* The "virt" machine now has a second PCIe MMIO region of 512GB in \ 
size in high memory. Note that older 32-bit ARM Linux kernels built without \ 
CONFIG_LPAE have a bug where the presence of this region in high memory causes \ 
them to refuse to use the PCIe controller at all. In this case you can either \ 
reconfigure your kernel with CONFIG_LPAE=y, or pass QEMU the "-machine \ 
highmem=off" option to disable the use of high memory for PCIe. The kernel \ 
bug is expected to be fixed in Linux kernel release 4.4.
=== MIPS ===
* The mips32r5-generic CPU was renamed to P5600
* Improvements to MIPS R6 emulation

=== PowerPC ===
==== pSeries ====
* Support for memory hotplug
* The shipped version of SLOF includes GPT support.
* Using VFIO doesn't need spapr-pci-vfio-host-bridge anymore.
* virtio-vga now supported on sPAPR guests.
* [[Features/HRandomHypercall | H_RANDOM hypercall]] device for providing good \ 
random data to the guests.
==== Mac99 ====
* Improve ability to boot MacOS 9 (based upon GSoC project "Implement \ 
support for Mac OS 9 in QEMU " by Cormac O'Brien)

=== s390 ===
* Storage keys are migrated.
* New "info skeys" command in HMP to dump the storage key for a given \ 
address.
* Support for virtio 1 in the virtio-ccw devices.
** A maximum virtio-ccw revision can be specified via the \ 
"max_revision" property: max_revision=0 may be used to enforce usage \ 
of legacy virtio mode.
* Support for boot from El Torito iso images on virtio-blk has been added.

=== SH ===
=== SPARC ===

* sun4u: Fix EBus device enumeration under FreeBSD SPARC64 (OpenBIOS)

=== TileGX ===
* New target.
=== x86 ===
* The emulated IOMMU (VT-d) supports devices behind a bridge
* QEMU will warn when using a "-cpu" model that includes unsupported \ 
features. These features are disabled automatically, just like in previous \ 
versions of QEMU
* /machine/icc-bridge was removed from the QOM tree. Software relying on \ 
icc-bridge to find CPU objects should use the "qom_path" field of \ 
"query-cpus" QMP command

==== CPU models and features ====
* Haswell and Broadwell CPU models now include ABM
* Cache information passthrough (which was enabled by default on "-cpu \ 
host") is now disabled by default
* ABM, POPCNT, and SSE4a are not enabled in the default CPU models (qemu64, \ 
qemu32) anymore, as many hosts don't support it
* RDTSCP was removed from AMD CPU models, as current KVM versions can't expose \ 
RDTSCP to guests in AMD hosts
* New Intel memory instructions (clflushopt/clwb/pcommit) are now supported
* TCG now supports Debug Extensions (CR4.DE)

==== KVM ====
* Support for Hyper-V-compatible reporting of crashes.

==== Xen ====
* Support for passthrough of Intel integrated GPUs.

=== Device emulation and assignment ===
* fw_cfg supports a DMA interface on ARM and x86.  This interface makes \ 
-kernel/-initrd much faster if supported by the firmware. SeaBIOS supports the \ 
DMA interface starting with release 1.9.0 (commit 06316c9d). The UEFI guest fw \ 
for ARM VMs (known as ArmVirtQemu or AAVMF) supports the DMA interface starting \ 
with git commit 953bcbcc / SVN r18545.
==== ACPI ====
==== Audio ====
==== Block devices ====
==== Character devices ====
==== IDE ====
* AHCI ATAPI PIO transfers greater than one sector are fixed. This helps on \ 
OVMF, which utilizes such transfers.
* Zero byte count limits will no longer hang ATAPI drives.
* ATAPI PIO reads, when the byte count limit is set to the ATAPI block size, are \ 
now asynchronous. This should help to prevent hangs due to missing CDROM media \ 
mounted via NFS.

==== Mouse/keyboard ====
==== Network ====
==== SCSI ====
* scsi-generic devices now can be used together with a "readonly=on" \ 
backend.
==== Shared memory device ====
* A sample implementation of the ivshmem client and ivhsmem server is included \ 
with QEMU.
* ivshmem supports a new "x-memdev" property that uses a memory object \ 
for the backend.  This makes it possible to use ivshmem with a hugetlbfs \ 
backend. This property is experimental and may be removed in future release in \ 
favour of an alternative ivshmem device.
* Use kvm irqfd for msi notifications
* Protocol change, native long -> LE int64_t

==== PCI/PCIe ====
* hotplug support added for multifunction devices. To use, add all functions \ 
except function 0 first. Adding function 0 exposes the device to the guest. \ 
Request removal on function 0. On guest acknowledge, all functions are ejected \ 
together.

==== TPM ====
==== VFIO ====
==== virtio ====
* virtio-gpu now supports 3D mode
* vhost-user now supports live migration. client changes are required to enable \ 
this. When used with an old client without migration support, vhost-user will \ 
now block migration (instead of failing silently)
* vhost-user now supports multi-queue. Use queues=# to enable this. client \ 
changes are required to enable this mode.  When used with an old client without \ 
multi-queue support, device will automatically fall back on using a single pair \ 
of queues.
* vhost-user protocol now includes protocol feature negotiation, including \ 
multiple new messages. When used with old clients, all new messages are \ 
automatically disabled.
* vhost-user no longer sents the RESET_OWNER message on device stop. The only \ 
QEMU version that sent it was 2.4, the message is now officially deprecated.
* migration now works when virtio 1 is enabled for virtio-pci
* For virtio-pci, virtio 1 performance on kvm on Intel CPUs has been improved \ 
(on kernel 4.4 and up).
* a new flag modern-pio-notify can be used to enable PIO for notifications in \ 
virtio 1 mode, to improve performance for host kernels older than 4.4, and \ 
processors without EPT support.
* virtio devices can now be placed on the pci express bus
* vhost is no longer disabled when guest does not use MSI-X. The vhostforce flag \ 
is no longer required.
* in virtio 1 mode, scsi passthrough is now disabled for virtio blk
* Please note that for virtio-pci, the modern (virtio 1) interface is still \ 
disabled by default. To enable, set the flag disable-modern=off.

==== VGA ====

=== Character devices ===
=== GUI ===
* New syntax for enabling TLS in the VNC server:
** Equivalent to <tt>-vnc hostname:0,tls</tt>: <tt>-object \ 
tls-creds-anon,id=tls0,endpoint=server -vnc hostname:0,tls-creds=tls0</tt>
** Equivalent to <tt>-vnc hostname:0,tls,x509=/path/to/certs</tt>: \ 
<tt>-object \ 
tls-creds-x509,id=tls0,endpoint=server,dir=/path/to/certs,verify-peer=no -vnc \ 
hostname:0,tls-creds=tls0</tt>
** Equivalent to <tt>-vnc \ 
hostname:0,tls,x509verify=/path/to/certs</tt>: <tt>-object \ 
tls-creds-x509,id=tls0,endpoint=server,dir=/path/to/certs,verify-peer=yes -vnc \ 
hostname:0,tls-creds=tls0</tt>
* The Cocoa GUI does not have show an 'open image file' dialog box anymore even \ 
if QEMU is started without arguments
* Thu curses GUI supports 256 colors and line graphics.

=== Monitor ===
* New "info iothreads" command.
* New "query-qmp-schema" command allows the caller to \ 
[[Features/QMP/Introspection | introspect the QMP schema]] used by QEMU.

=== Migration ===
* [[Features/PostCopyLiveMigration | Postcopy migration]] for migration of \ 
large/busy guests
* A more flexible [[Features/AutoconvergeLiveMigration | auto-converge \ 
mechanism]] (for busy guests)

=== Network ===
* Support for multiqueue in vhost-user.
* Support for network filters.  Currently, the only filter objects are \ 
"filter-buffer", which batches packets every N microseconds, and \ 
"filter-dump", which can be used to log the network traffic in a file. \ 
 Filters are attached to a netdev device using e.g. "-object \ 
filter-buffer,id=filter,netdev=net0,queue=rx,interval=1000" (which creates \ 
a 1ms filter-buffer).
=== Block devices in system emulation ===
=== Command-line options ===
=== TCG ===
* Improved system emulation performance for targets with software TLBs (e.g. SPARC).
* Initial support for [[Features/record-replay | record/replay]].

== Block devices and tools ==
* The HMP "change" command (QMP's \ 
“"lockdev-change-medium") now allows you to change the read-only \ 
mode of the device (e.g. when inserting a read-only floppy disk image into a \ 
previously R/W drive)
* Fine-grained control over a block device's tray with the new QMP commands \ 
"blockdev-open-tray", "blockdev-close-tray", \ 
"x-blockdev-insert-medium", and "x-blockdev-remove-medium" \ 
(the latter two are experimental for now)
* New "reopen" command in qemu-io
* block-dirty-bitmap-add and block-dirty-bitmap-clear transaction actions have \ 
been added to now fully support (transient) incremental bitmap usage and \ 
management.
* QMP transactions now support a "completion-mode" parameter which \ 
controls the completion behavior of jobs launched by transactions, which will \ 
allow them to fail together. See the \ 
[https://github.com/qemu/qemu/blob/master/docs/bitmaps.md bitmaps.md] \ 
documentation for how this affects incremental backups.
* Block I/O accounting can now report average queue depth, min/avg/max latency, \ 
and failed/invalid request counts
* qcow2 learnt a new option ''cache-clean-interval'', which allows to free \ 
unused cache entries after some time.
* An experimental QMP command ''x-blockdev-del'' was added as a completement for \ 
the (also still experimental) ''blockdev-add'' command.
* A new QMP command ''blockdev-snapshot'' that allows creating a snapshot using \ 
as overlay an image previously opened with ''blockdev-add''. This allows opening \ 
the overlay image with arbitrary run-time options, solving one of the \ 
limitations of ''blockdev-snapshot-sync''.
* It is now possible to open an image without its backing file by specifying the \ 
empty string as a backing file reference when opening the image. This is useful \ 
for creating snapshots, since images opened with ''blockdev-add'' are not \ 
supposed to have a backing file before the ''blockdev-snapshot'' operation.
* Host CD-ROM support now works on Mac OS X hosts
* Host floppy support has been removed (it was deprecated in QEMU 2.3)
* The temporary "x-data-plane=on/off" option for virtio-blk device is \ 
removed now, all users are requested to use the canonical "-object \ 
iothread,id=<id> -device virtio-blk,iothread=<id>,..." syntax.

== Audio ==

== Guest agent ==
* Add an optional qemu-ga.conf system configuration
* Support for dumping the configuration current file with --dump-conf
* Win32 support for guest-set-user-password
* New command guest-exec

== User-mode emulation ==
* The configure option --disable-guest-base has been removed.
== Build dependencies ==
* libcacard has been moved to a standalone project, hosted at \ 
git://anongit.freedesktop.org/spice/libcacard.  The libcacard library from QEMU \ 
2.4 can also be used to build QEMU 2.5.
* virtio-gpu 3D support requires virglrenderer.
== Known issues ==
* SDL audio only works with SDL 1.x.
* 64-bit QEMU might crash on Windows (problems with stack unwinding, depends on \ 
build environment, \ 
[http://repo.or.cz/w/qemu/ar7.git/commit/8fa9c07c9a33174905e67589bea6be3e278712cb \ 
possible fix])
* QEMU's configure script fails with pdksh from OpenBSD (see \ 
[https://bugs.launchpad.net/qemu/+bug/1525682 bug #1525682]. Using another shell \ 
with configure should work.
   2015-12-10 03:51:05 by Joerg Sonnenberger | Files touched by this commit (1)
Log message:
ppc64le and aarch64 have system call emulation on Linux, too.
   2015-12-05 22:26:09 by Adam Ciarcinski | Files touched by this commit (578)
Log message:
Extend PYTHON_VERSIONS_INCOMPATIBLE to 35
   2015-11-08 10:29:35 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 2.4.1:
Bug fixes.
   2015-11-03 21:31:11 by Alistair G. Crooks | Files touched by this commit (211)
Log message:
Add SHA512 digests for distfiles for emulators category

Problems found with existing digests:
	Package suse131_libSDL
	1c4d17a53bece6243cb3e6dd11c36d50f851a4f4 [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
	Package suse131_libdbus
	de99fcfa8e2c7ced28caf38c24d217d6037aaa56 [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
	Package suse131_qt4
	94daff738912c96ed8878ce1a131cd49fb379206 [recorded]
	886206018431aee9f8a01e1fb7e46973e8dca9d9 [calculated]

Problems found locating distfiles for atari800, compat12, compat 13,
compat14, compat15, compat20, compat30, compat40, compat50,
compat50-x11, compat51, compat51-x11, compat60, compat61,
compat61-x11, fmsx, osf1_lib, vice, xbeeb, xm7.

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-09-25 16:57:59 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 2.4.0.1

Changelog:
* net: avoid infinite loop when receiving packets(CVE-2015-5278)

Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, leading to an infinite
loop situation.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 737d2b3c41d59eb8f94ab7eb419b957938f24943)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

* net: add checks to validate ring buffer pointers(CVE-2015-5279)

Ne2000 NIC uses ring buffer of NE2000_MEM_SIZE(49152)
bytes to process network packets. While receiving packets
via ne2000_receive() routine, a local 'index' variable
could exceed the ring buffer size, which could lead to a
memory buffer overflow. Added other checks at initialisation.

Reported-by: Qinghao Tang <luodalongde@gmail.com>
Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 9bbdbc66e5765068dce76e9269dce4547afd8ad4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

* e1000: Avoid infinite loop in processing transmit descriptor (CVE-2015-6815)

While processing transmit descriptors, it could lead to an infinite
loop if 'bytes' was to become zero; Add a check to avoid it.

[The guest can force 'bytes' to 0 by setting the hdr_len and mss
descriptor fields to 0.
--Stefan]

Signed-off-by: P J P <pjp@fedoraproject.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-id: 1441383666-6590-1-git-send-email-stefanha@redhat.com
(cherry picked from commit b947ac2bf26479e710489739c465c8af336599e7)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

* vnc: fix memory corruption (CVE-2015-5225)

The _cmp_bytes variable added by commit "bea60dd ui/vnc: fix potential
memory corruption issues" can become negative.  Result is (possibly
exploitable) memory corruption.  Reason for that is it uses the stride
instead of bytes per scanline to apply limits.

For the server surface is is actually fine.  vnc creates that itself,
there is never any padding and thus scanline length always equals stride.

For the guest surface scanline length and stride are typically identical
too, but it doesn't has to be that way.  So add and use a new variable
(guest_ll) for the guest scanline length.  Also rename min_stride to
line_bytes to make more clear what it actually is.  Finally sprinkle
in an assert() to make sure we never use a negative _cmp_bytes again.

Reported-by: 范祚至(库特) <zuozhi.fzz@alibaba-inc.com>
Reviewed-by: P J P <ppandit@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit eb8934b0418b3b1d125edddc4fc334a54334a49b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>