./emulators/qemu, CPU emulator using dynamic translation

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.7.0nb1, Package name: qemu-2.7.0nb1, Maintainer: pkgsrc-users

QEMU is a FAST! processor emulator using dynamic translation to achieve
good emulation speed, QEMU has two operating modes:

* Full system emulation. In this mode, QEMU emulates a full system
(for example a PC), including a processor and various peripherals.
It can be used to launch different Operating Systems without rebooting
the PC or to debug system code.
* User mode emulation (Linux host only). In this mode, QEMU can launch
Linux processes compiled for one CPU on another CPU. It can be used
to launch the Wine Windows API emulator or to ease cross-compilation
and cross-debugging.


Required to run:
[security/libgcrypt] [devel/glib2] [devel/SDL] [devel/ncurses] [x11/pixman] [lang/python27]

Required to build:
[textproc/texi2html] [pkgtools/x11-links] [x11/glproto] [x11/renderproto] [x11/xproto] [x11/xf86vidmodeproto] [x11/xf86driproto] [x11/damageproto] [x11/inputproto] [x11/xextproto] [x11/randrproto] [x11/dri2proto] [x11/fixesproto4] [pkgtools/cwrappers]

Package options: sdl

Master sites:

SHA1: 96737d31a2fb74553dacbd0ddaa93014858dc986
RMD160: cc962261a4f7b05ace8c16027bda770a89322cd3
Filesize: 26238.047 KB

Version history: (Expand)


CVS history: (Expand)


   2016-10-30 15:48:01 by S.P.Zeidler | Files touched by this commit (6)
Log message:
add patches for CVE-2016-7423 and CVE-2016-790[789] from upstream
   2016-10-04 17:00:08 by Kamil Rytarowski | Files touched by this commit (1)
Log message:
Remove dead emulators/qemu0 reference
   2016-09-04 11:21:04 by Ryo ONODERA | Files touched by this commit (9) | Package updated
Log message:
Update to 2.7.0

Changelog:
System emulation
Incompatible changes

    SPI flash devices "160s33b", "320s33b", \ 
"640s33b", "at25df041a", "at25df321a", \ 
"at25df641", "at25fs010", "at25fs040", \ 
"at26df081a", "at26df161a", "at26df321", \ 
"at26f004", "at45db081d", "en25f32", \ 
"en25p32", "en25p64", "en25q32b", \ 
"en25q64", "gd25q32", "gd25q64", \ 
"m25p05", "m25p10", "m25p128", "m25p16", \ 
"m25p20", "m25p32", "m25p40", "m25p64", \ 
"m25p80", "m25pe16", "m25pe20", \ 
"m25pe80", "m25px32", "m25px32-s0", \ 
"m25px32-s1", "m25px64", "m45pe10", \ 
"m45pe16", "m45pe80", "mx25l12805d", \ 
"mx25l12855e", "mx25l1606e", "mx25l2005a", \ 
"mx25l25635e", "mx25l25655e", "mx25l3205d", \ 
"mx25l4005a", "mx25l6405d", "mx25l8005", \ 
"n25q032", "n25q032a11", "n25q032a13", \ 
"n25q064", "n25q064a11", "n25q064a13", \ 
"n25q128", "n25q128a11", "n25q128a13", \ 
"n25q256a11", "n25q256a13", "s25fl016k", \ 
"s25fl064k", "s25fl129p0", "s25fl129p1", \ 
"s25fl256s0", "s25fl256s1", "s25fl512s", \ 
"s25sl004a", "s25sl008a", "s25sl016a", \ 
"s25sl032a", "s25sl032p", "s25sl064a", \ 
"s25sl064p", "s25sl12800", "s25sl12801", \ 
"s70fl01gs", "
sst25vf016b", "sst25vf032b", "sst25vf040b", \ 
"sst25vf080b", "sst25wf010", "sst25wf020", \ 
"sst25wf040", "sst25wf512", "w25q256", \ 
"w25q32", "w25q32dw", "w25q64", \ 
"w25q80", "w25q80bl", "w25x10", \ 
"w25x16", "w25x20", "w25x32", "w25x40", \ 
"w25x64", "w25x80" connect to a backend explicitly named by \ 
a "drive" property instead of an implicit -drive if=mtd. This only \ 
affect devices created explicitly with -device; "-drive if=mtd" still \ 
works for SPI flash devices created by boards, so this should affect almost no \ 
one.
    Support for the original qcow2 image encryption has been disabled entirely \ 
from the system emulators. While QEMU 2.3 attempted to keep it available in \ 
system emulators, a bug in the code has actually broken it since 2.4, and no one \ 
complained. Supported for the format remains available only in command line \ 
tools qemu-img, qemu-io, qemu-nbd to facilitate data liberation. It is \ 
recommended to use 'qemu-img convert' to convert qcow2 encrypted images to \ 
uncrypted ones. The new LUKS encryption driver can provide a secure replacement, \ 
and a future release may integrate luks into qcow2 natively.
    Autoconverge is not considered experimental anymore; autoconverge-related \ 
commands do not have the "x-" prefix anymore.
    The MIPS64R6-generic CPU model was renamed to I6400.
    On Q35 machines, IOMMU are now enabled with "-device iommu" \ 
instead of "-machine iommu=on".

Future incompatible changes

    Three options are using different names on the command line and in \ 
configuration file. In particular:
        The "acpi" configuration file section matches command-line \ 
option "acpitable";
        The "boot-opts" configuration file section matches \ 
command-line option "boot";
        The "smp-opts" configuration file section matches command-line \ 
option "smp".

    -readconfig will standardize on the name for the command line option.

    Behavior of automatic calculation of SMP topology when some SMP topology \ 
options for -smp are omitted (sockets, cores, threads) will change in the \ 
future. If guest ABI needs to be preserved on upgrades while using the SMP \ 
topology options, users should either set set all options explicitly (sockets, \ 
cores, threads), or omit all of them.
    Devices "allwinner-a10", "pc87312", "ssi-sd" \ 
will be configured with explicit properties instead of implicitly. This is \ 
unlikely to affect users.
    QMP command blockdev-add is still a work in progress. It doesn't support all \ 
block drivers, it lacks a matching blockdev-del, and more. It might change \ 
incompatibly.

ARM

    The "virt" machine type has support for NUMA.
    We now implement an emulated GICv3 interrupt controller, which is supported \ 
by the "virt" board and can be enabled with "-machine \ 
gic-version=3". Note that many guest OSes do not correctly support a GICv3 \ 
without security extensions; if your guest is Linux it must include commit \ 
7c9b973061 "irqchip/gic-v3: Configure all interrupts as non-secure \ 
Group-1" or a backport of that patch to one of the stable branches. UEFI \ 
and FreeBSD are also known to need similar bug fixes.With a GICv3 the \ 
"virt" board now supports TCG (emulated CPU) configurations with more \ 
than 8 vCPUs.
    New Xilinx Zynq ZCU102 board (-M xlnx-zcu102).
    Xilinx Zynq boards have experimental support for ARM Security Extensions.
    Xilinx Zynq MP supports DisplayPort (graphics and audio) and DDC (used for \ 
EDID info).
    i.MX6?

KVM

    Xilinx Zynq boards support KVM on AArch64 hosts.

MIPS

    Support for 10-bit ASIDs
    The MIPS64R6-generic CPU model was renamed to I6400.
    Initial GIC support
    Support for IEE 754-2008

PowerPC

    Many TCG fixes.
    mac99 machine can now boot MacOS >= 9.1

pSeries

    Significant performance improvements for the spapr-llan device.
    Support for CPU hotplug.
    Performance improvements for VFIO through dynamic DMA windows.

s390

    Support for runtime instrumentation
    The IPL firmware can boot from devices in subchannel sets > 0
    Major refactoring and improvements of the s390x-specific PCI code
        Optionally, zPCI specific 'uid' and 'fid' attributes may be provided
        Guest-acknowledged hotunplug (rather than 'surprise removal' only)
    bootindex support for IPL from SCSI devices

SPARC

    Fix for sun4m Solaris 9 "Segmentation fault" regression (see bug \ 
#1588328)

x86

    CPU hot-remove support based on generic device_add/device_del interface
        support arbitrary CPU adding/removal
        Limitation: 1st (boot) CPU isn't removable

KVM

    Support for LMCE (local MCE) virtualization, which will require Linux 4.8. \ 
LMCE can be enabled through "-cpu model,lmce" on all CPUs as long as \ 
the kernel supports it.

Device emulation and assignment
ACPI

    NVDIMM devices are now described in the ACPI tables and support labels.
    new ACPI CPU hotplug MMIO interface since 2.7 machine types for PC/Q35
        more than 255 CPUs support
        CPU hot-remove support
        Guest side CPU hotplug status notification via _OST events

Block devices

    Removed dataplane blockers? (Fam)
    New -device properties replacing -drive properties?
    virtio-blk now supports multiqueue through a "num-queues" device \ 
property.

Network devices

    New device e1000e for Intel 82574 NIC.
    QEMU now includes iPXE ROMs for vmxnet3 devices.

SCSI

    scsi-block now passes sense data correctly to the guest, so that it can \ 
support for example persistent reservations.
    Support for passthrough of SCSI scanner.

PCI/PCIe

    On Q35 machines, IOMMU are now enabled with "-device iommu" \ 
instead of "-machine iommu=on".

USB

    Support for Xen paravirtualized USB
    usb-bot and usb-uas now support hotplug.

VFIO

    Support for device assignment of Intel integrated graphics devices.
    The SR-IOV capability is now hidden to guests when passing through a \ 
physical function.

virtio

    Initial reconnect support for vhost-user.
    Support for busy polling on vhost-net devices ("-netdev \ 
tap,...,poll-us=n").
    virtio-gpu multi-monitor fixes
    virtio-gpu 2d live migration support

Character devices

    QEMU for Windows: Fixed handling of files used for character devices – \ 
they are now truncated by default like on Linux.

TLS support

    Support for overriding the TLS property, for example "-object \ 
tls-creds-x509,...,priority=NORMAL:-VERS-SSL3.0" disables SSL 3.0. This can \ 
be used both to use a non-standard weaker set of prioririties, or to enforce a \ 
stronger default for QEMU. The default priority can also be specified through \ 
"--tls-priority=VALUE" at configure time.

GUI

    A new option "-machine graphics=on|off" lets you disable graphics \ 
in the VM like "-nographic" (e.g. OpenBIOS will use the serial port \ 
for boot messages) but without an implicit "-display none".

Monitor

    new 'info hotpluggable-cpus' and corresponding 'query-hotpluggable-cpus' QMP \ 
commands
    to list present/possible CPUs with properties necessary to add a CPU \ 
instance using device_add for a given '-smp ...' layout
        supported by x86 and SPAPR softmmu targets

Migration

    Autoconverge is not considered experimental anymore. Autoconverge-related \ 
commands do not have the "x-" prefix.
    TODO: TLS support

Network

    User-mode networking supports DHCPv6, RDNSS, DNS6 and link-local DNS addresses.
    Socket networking in TCP mode can now run over IPv6. UDP and multicast modes \ 
do not support IPv6 yet.

Block devices and tools

    New "bench" command in qemu-img .
    The "write" command in qemu-io grew "-f" and "-z \ 
-u" options.
    TODO: Block job ids?

TCG

    Speed improvements around 20%.
    Fixes for self-modifying code.

Tracing

    TODO: dfilter
    TODO: tracing for qemu-io, qemu-img and qemu-nbd

CLI options

    '-cpu cpu-model,feat1=foo,...' acts as a set of '-global \ 
cpu-model-type.feat1=foo' options, which affects initial CPUs as well as all \ 
CPUs created with help of -device/device_add/cpu-add for a given cpu-model
        doesn't apply to SPARC target which uses legacy -cpu semantics as its \ 
features haven't been converted to properties.
   2016-08-27 05:16:40 by Maya Rashish | Files touched by this commit (2) | Package updated
Log message:
qemu: update to 2.6.1

mark more things as not mprotect-safe
   2016-07-09 15:04:18 by Thomas Klausner | Files touched by this commit (599)
Log message:
Remove python33: adapt all packages that refer to it.
   2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
   2016-05-31 07:25:12 by Paul Goyette | Files touched by this commit (1)
Log message:
Mark x86_64 emulator as not safe for MPROTECT

XXX Other platform emulators may be similarly affected, but I can't test
XXX the adequately.
   2016-05-15 03:25:15 by Ryo ONODERA | Files touched by this commit (10) | Package updated
Log message:
Update to 2.6.0

Changelog:
System emulation
Incompatible changes

    The aio=native option to "-drive" now requires the cache=none \ 
option, instead of silently disabling itself for other cache modes. The newly \ 
invalid combination had been warning since QEMU 2.3.
    Specifying block device parameter aio=native is now an error on POSIX \ 
systems if qemu is compiled without libaio support. The newly invalid \ 
combination had been warning since QEMU 2.3.
    The experimental x-drive option for the sdhci-pci device has been removed. \ 
Instead of passing a drive directly to the SD controller device you now must \ 
create an SD card object (which will automatically be plugged into the SD \ 
controller), so "-device sdhci-pci,x-drive=mydrive -drive \ 
id=mydrive,[...]" becomes "-device sdhci-pci -device \ 
sd-card,drive=mydrive -drive id=mydrive,[...]".
    The s390-virtio machine has been removed.
    Machine types pc-q35-1.4, pc-q35-1.5, pc-q35-1.6, pc-q35-1.7, pc-q35-2.0, \ 
pc-q35-2.1, pc-q35-2.2 and pc-q35-2.3 have been removed.
    The "virt" machine type's flash device has changed when TrustZone \ 
is active ("-machine virt,secure=on"). The first flash device is only \ 
available in secure memory, while the second is available in non-secure memory \ 
too.

Future incompatible changes

    Three options are using different names on the command line and in \ 
configuration file. In particular:
        The "acpi" configuration file section matches command-line \ 
option "acpitable";
        The "boot-opts" configuration file section matches \ 
command-line option "boot";
        The "smp-opts" configuration file section matches command-line \ 
option "smp".

    -readconfig will standardize on the name for the command line option.

    Behavior of automatic calculation of SMP topology when some SMP topology \ 
options for -smp are omitted (sockets, cores, threads) will change in the \ 
future. If guest ABI needs to be preserved on upgrades while using the SMP \ 
topology options, users should either set set all options explicitly (sockets, \ 
cores, threads), or omit all of them.
    The original qcow2 image encryption is fatally flawed, and support for it \ 
will be disabled entirely from the system emulators. It'll remain available only \ 
in command line tools qemu-img, qemu-io, qemu-nbd to facilitate data liberation. \ 
It is recommended to use 'qemu-img convert' to convert qcow2 encrypted images to \ 
uncrypted ones. The new LUKS encryption driver can provide a secure replacement \ 
if raw files are acceptable, while a future release will integrate luks into \ 
qcow2 natively.
    A few devices will be configured with explicit properties instead of \ 
implicitly. Unlikely to affect users; for the full list, see the 2.3 ChangeLog.
    QMP command blockdev-add is still a work in progress. It doesn't support all \ 
block drivers, it lacks a matching blockdev-del, and more. It might change \ 
incompatibly.

ARM

    Support for a separate EL3 address space
    System mode supports BE8 and BE32. Note that qemu-system-arm can emulate \ 
both big-endian and little-endian guests (unlike user-mode emulation which has \ 
separate qemu-arm and qemu-armeb binaries).
    Support for the SETEND instruction, used most notably on Raspbian through \ 
the arm-mem library (previously known as libcofi).
    Faster boot thanks to DMA support in fw_cfg
    The "virt" machine type supports a virtual power button and the \ 
"system_powerdown" monitor command
    The "virt" machine type supports configuring network cards with \ 
-nic in addition to -netdev
    The RAM limit for the "virt" machine type is now 255GB
    The "xlnz-zynqmp" machine type now includes SPI controllers
    The "xlnx-ep108" machine type now supports SPI flash
    New partial Raspberry Pi 2 emulation with "raspi2" machine type. \ 
For now, it can boot older releases of Windows and Raspbian, but lacks a number \ 
of devices including USB.
    New palmetto-bmc machine type using the new, partial ASPEED AST2400 SoC \ 
implementation

KVM

    Support for guest debugging (software and hardware breakpoints, single step) \ 
on AArch64

MIPS

    Support for FPU and MSA in KVM guests
    Support for R6 Virtual Processors
    Initial support for Cluster Power Controller and Global Configuration \ 
Registers allowing the guest to control the start of Virtual Processors
    Support for Inter-Thread Communication Unit
    Support for MAAR registers in P5600 CPU

PowerPC

    Improved support for migration of g3beige and mac99 machines
    Fix serial ports for g3beige and mac99 machines (OpenBIOS)
    The gdb stub supports the VSX instruction set extensions

pSeries

    pSeries machine types starting at pseries-2.6 use XHCI as the USB host \ 
controller instead of OHCI
    Support for more hypercalls (H_SET_SPRG0, H_SET_DABR, H_SET_XDABR and \ 
H_PAGE_INIT)
    Support for EEH on assigned PCI devices can use the normal \ 
spapr-pci-host-bridge instead of the special spapr-pci-vfio-host-bridge.

s390

    Fixes and improvements in s390x PCI support
    Support for hotplug of s390x cpus via cpu-add
    Support for booting from virtio-scsi devices in the s390-ccw bios

SH
SPARC

    sun4m: Fix for ldstub instruction resolves several 32-bit Solaris bugs \ 
(MUTEX_HELD hang, libC error, Java WebStart segfault)
    sun4u: FreeBSD 10.3+ can now run under qemu-system-sparc64 in -nographic mode

TileGX
Tricore

    Support for context management, illegal opcode and opd traps
    Support for FPU instructions

x86
TCG

    Support for the XSAVE/XSAVEOPT, MPX, FSGSBASE and PKE features

KVM

    Support for "split irqchip". In this mode, QEMU emulates the \ 
IOAPIC, PIC (i8259) and PIT (i8254) devices while leaving the local APIC \ 
emulation to the kernel. This mode reduces the attack surface of KVM.
    Support for the new PKU feature found in some Skylake processors
    Support for migrating the TSC rate

Xen
Q35

    Support resume (S3)
    Support for legacy Windows guests (XP/2003)

Device emulation and assignment

    New IPMI emulation subsystem. QEMU can now emulate an internal BMC or attach \ 
to an external BMC simulator such as OpenIPMI's lanserv. IPMI however is not yet \ 
exposed in SMBIOS and ACPI tables (do we want to docume?)
    FIXME: what's the state of nvdimm?

ACPI

    The floppy disk controller's characteristics are now exposed in the ACPI \ 
tables, which makes it possible to use floppies on Windows together with UEFI \ 
firmware.

Block devices

    The floppy disk consk or an empty disk to a 2.88 MB disk
    Improved compatibility of the SD device model with various operating systems \ 
and firmwares
    The NVMe device supports the "bootindex" property.
    The SDHCI device supports reset.

 ivshmem

    No longer available on hosts lacking eventfd(2), because inter-vm interrupts \ 
don't work there
    New devices ivshmem-plain and ivshmem-doorbell, fully backwards compatible \ 
for guests, notable differences to ivshmem:
        PCI revision is 1 instead of 0
        ivshmem role=master becomes master=on, role=peer becomes master=off
        ivshmem x-memdev=ID becomes ivshmem-plain memdev=ID
        ivshmem shm=NAME,size=SZ becomes ivshmem-plain memdev=ID, with -object \ 
memory-backend-file,id=ID,mem-path=/dev/mem/NAME,size=SZ,share
        ivshmem chardev=ID becomes ivshmem-doorbell,chardev=ID
        Property ioeventfd defaults to on instead of off
        ivshmem-plain never has MSI-X capability, and ivshmem-doorbell always \ 
has MSI-X capability
    Device ivshmem is deprecated, and its experimental property x-memdev is gone
    Interrupting a peer that reuses an unplugged peer's ID works again (broken \ 
in v1.2.0)
    Unplug no longer destroys the character device, for consistency with other \ 
devices
    The funny "no shared memory, yet" state is no longer \ 
guest-visible, and can no longer fail or mess up migration
        Guests may require PCI revision 1 to make sure they're not exposed to \ 
the funny state
    docs/specs/ivshmem-spec.txt rewritten for completeness and accuracy.

SCSI

    Support for the LSI SAS1068 HBA (also known as "MPT Fusion"). Note \ 
that some operating systems will not recognize disks attached to this adapter, \ 
unless the disks are assigned a world-wide name (WWN).

PCI/PCIe

    PCIe Multi-root support (using the new pxb-pcie root-compex)

USB

    MTP: initial support for events

VFIO

    Support for AMD XGBE platform passthrough
    New sysfsdev property provides a more general way to specify the device to \ 
attach to.
    Provided PCI option ROMs are fixed to include the same vendor and device id \ 
as the device exposed to the guest. This facilitates changing the ids of the \ 
devices.

virtio

    Performance improvements via optimized vring accesses
    The balloon driver statistics now include the amount of available memory \ 
(corresponding to "Available" in /proc/meminfo for Linux guests).

Character devices

    The socket character device backend can now enable TLS over TCP connections, \ 
acting either as a TLS server:

$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
      -chardev socket,id=s0,host=127.0.0.1,port=9000,tls-creds=tls0,server \
      -device isa-serial,chardev=s0 \
      ...other args...

or a TLS client:

$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
      -chardev socket,id=s0,host=127.0.0.1,port=9000,tls-creds=tls0 \
      -device isa-serial,chardev=s0 \
      ...other args...

If operating in server mode, the same set of TLS credentials can be used for \ 
both character devices and the VNC server

    All character devices can have their output logged to a plain file

$QEMU -chardev stdio,id=mon0,logfile=monitor.log \
      -mon chardev=mon0 \
      ...other args...

will result in logging of all output on the HMP monitor. The logappend parameter \ 
controls whether the file is truncated at startup, defaulting to append.
GUI

    SDL2 and SPICE now support OpenGL and virgl. For SPICE, Unix sockets are the \ 
only usable transport when OpenGL is enabled.
    The "-vnc" and "-display vnc" options support ipv4=off \ 
and ipv6=off. Previously, only "ipv4" and "ipv6" were \ 
available.
    Support getting input events directly from linux evdev devices, using \ 
"-object input-linux,id=$name,evdev=/dev/input/event$nr"
    Support for ncurses on Windows.

Monitor

    Support for a new "detach" option to \ 
"dump-guest-memory". The option dumps memory in the background. \ 
Progress can be queried using the new commands "info dump" (human \ 
monitor) and "query-dump" (QMP), as well as through the QMP event \ 
DUMP_COMPLETED.
    Support for a new command "input-send-event" replacing the \ 
previous experimental command "x-input-send-event".
    The human monitor command "drive_add -n" allows creating block \ 
devices that do not have a BlockBackend (similar to QMP blockdev-add).

Migration

    Postcopy is not experimental anymore; the x-postcopy-ram capability was \ 
renamed to postcopy-ram.

Network

    SLIRP now supports IPv6 for ICMP, UDP, TCP and TFTP.
    mirror filter which can mirror traffic from netdev to socket chardev, vice versa.
    redirector filter which can redirect traffic from netdev to socket chardev, \ 
vice versa.

Secret passing system

There is a new standard mechanism for securely passing secret credentials to \ 
QEMU, which will be used in combination with other subsystems. For example, \ 
network block device passwords, block device decryption passphrases, or TLS \ 
private key passwords can all use the same mechanism.

    Passing credentials inline (insecure, only for developer testing)

$QEMU -object secret,id=sec0,data=letmein

    Passing credentials via a plain file

$QEMU -object secret,id=sec0,file=mypassword.txt

    Passing credentials via a base64 encoded file

$QEMU -object secret,id=sec0,file=mypassword.txt,format=base64

    Passing credentials inline, encrypted with a master key (recommended for \ 
management apps)

 $QEMU -object secret,id=master0,file=mykey.b64,format=base64 \
       -object secret,id=sec0,data=[base64 ciphertext],\
               keyid=master0,iv=[base64 IV],format=base64

TLS credential handling

It is now possible to use encrypted TLS private keys with credentials for TLS \ 
servers/clients in QEMU. The password for unlocking the private key is provided \ 
by a secret object whose id is specified via the passwordid' property

$QEMU -object secret,id=tlskey0,file=mypassword.txt \
      -object \ 
tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server,passwordid=tlskey0 \ 
\
      ...other args...

Block devices

    Block device throttling now support specifying a burst length as well. While \ 
previously the burst could only be specified as a total number of IOPS (e.g. \ 
10000 IOPS), more complex specifications such as "10000 IOPS for 10 \ 
seconds" are now possible. Note that, because of the implementation of the \ 
algorithm, a guest that is allowed "10000 IOPS for 10 seconds" will \ 
also be allowed to perform for example 5000 IOPS for 20 seconds.
    The curl block device driver now supports HTTP authentication and HTTP proxy \ 
authentication via the new properties 'username', 'password-secret', \ 
'proxy-username' and 'proxy-password-secret'.

$QEMU -object secret,id=sec0,file=password.txt \
      -object secret,id=sec1,file=proxy-password.txt \
      -drive \ 
driver=http,host=localhost,port=443,username=fred,password-secret=sec0,proxy-username=bob,proxy-password-secret=sec1 \ 
\
      ...other args...

    The RBD block device driver can now use the secret object type to securely \ 
receive the authentication password without exposing it in the command line args

$QEMU -object secret,id=sec0,file=password.b64,format=base64 \
      -drive \ 
driver=rbd,filename=rbd:pool/image:id=myname:auth_supported=cephx,password-secret=sec0 \ 
\
      ...other args...

    The iSCSI block device driver can now use the secret object type to securely \ 
receive the authentication password without exposing it in the command line args

$QEMU -object secret,id=sec0,file=password.txt \
      -iscsi user=fred,password-secret=sec0 \
      -drive \ 
file=iscsi://192.168.122.1:3260/iqn.2013-12.com.example%3Aiscsi-chap-netpool/1

NB this syntax requires that all iSCSI backed drives use the same password

    The qemu-io tool gained support for new '--object' and '--image-opts' \ 
arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to \ 
be defined for use in association with a block device backend. The \ 
'--image-opts' argument instructs qemu-io to parse the image string as a set of \ 
image options, instead of a plain filename. For example, to connect qemu-io to \ 
an NBD server using TLS

qemu-io -c "read 0 512" \
        --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
        --image-opts driver=nbd,host=localhost,port=10809,tls-creds=tls0

    The qemu-nbd tool gained support for new '--object' and '--image-opts' \ 
arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to \ 
be defined for use in association with a block device backend or the NBD server. \ 
The '--image-opts' argument instructs qemu-io to parse the image string as a set \ 
of image options, instead of a plain filename. For example, to connect qemu-nbd \ 
to an HTTP server with authentication and export it over NBD using TLS

qemu-nbd --readonly \
         --object secret,id=sec0,file=passwd.txt \
         --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
         --image-opts \ 
driver=http,url=http://some.random.host/some/image,username=fred,password-secret=sec0

    The qemu-img tool gained support for new '--object' and '--image-opts' \ 
arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to \ 
be defined for use in association with a block device backend or the NBD server. \ 
The '--image-opts' argument instructs qemu-io to parse the image string as a set \ 
of image options, instead of a plain filename. For example, to a remote HTTP \ 
server with authentication

qemu-img info --object secret,id=sec0,file=passwd.txt \
              --image-opts \ 
driver=http,url=http://some.random.host/some/image,username=fred,password-secret=sec0

    Support for deleting snapshots on Sheepdog devices.
    The NBD client and server now support use of TLS. When enabled, the server \ 
will mandate that the client also enable TLS and drop any client which attempts \ 
to continue in plain text. To run a qemu-nbd server with TLS:

qemu-nbd --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
         --tls-creds tls0 \
         /path/to/disk/image

To connect to a server that requires TLS with qemu-img:

qemu-img info --object \ 
tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
              --image-opts driver=nbd,host=localhost,port=10809,tls-creds=tls0

To start a VM pointing to the NBD server

$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
      -drive driver=nbd,host=localhost,port=10809,tls-creds=tls0 \
      ...other args...

    The NBD server gained support for specifying an export name. When the client \ 
negotiates use of the new style NBD protocol the default export name is \ 
"". The --exportname argument allows this to be customized:

qemu-nbd --exportname myvol  /path/to/myvol.qcow2

    QEMU gained support for volumes formatted with the LUKSv1 data format. To \ 
format a new LUKS volume

qemu-img create -f luks \
                --object secret,id=sec0,file=passphrase.txt \
                -o key-secret=sec0 \
                demo.luks 10G

To boot a guest from a LUKS volume:

$QEMU -object secret,id=sec0,file=passphrase.txt \
      -drive driver=luks,key-secret=sec0,file=demo.luks \
      ...other args...

The LUKS implementation is intended to be compatible with that used by \ 
cryptsetup/dm-crypt, so it should be possible to use disk images interchangeably \ 
between them. The only caveat is that some less common cipher/hash algorithms \ 
are not yet supported by QEMU. It is also not yet possible to manage key-slots \ 
with qemu-img.
TCG

    Record/replay support extended to cover character devices.

Tracing

    The "stderr" tracing backend was replaced by the "log" \ 
tracing backend, which is now the default. This backend prints tracing messages \ 
to the destination specified with the "-D" option.
    In addition to the existing "-trace file=...", tracepoints can be \ 
enabled using "-trace [enable=]...". The new option also supports \ 
globbing, as in "-trace bdrv_aio_*".
    In addition to the existing "-trace file=...", tracepoints can be \ 
enabling using "-d trace:...". This option also supports globbing, as \ 
in "-d trace:bdrv_aio_*".
    When using "-daemonize", the "-D" option also provides \ 
the file to which QEMU's stderr output will be redirected.
    TCG supports a new "-dfilter" option to limit exec, out_asm, op \ 
and op_opt logging to a range of guest physical addresses. ARM also applies the \ 
filter to in_asm logging; this will be extended to other targets in future \ 
releases (FIXME: probably should do it now instead...)
    A "%d" substring in the log file name is replaced with QEMU's pid.

User-mode emulation

    The default CPU for ppc64 and ppc64le is now POWER8