@item PREP (PowerPC processor)
@item G3 BW PowerMac (PowerPC processor)
@item Mac99 PowerMac (PowerPC processor, in progress)
-@item Sun4m (32-bit Sparc processor)
-@item Sun4u (64-bit Sparc processor, in progress)
-@item Malta board (32-bit MIPS processor)
+@item Sun4m/Sun4c/Sun4d (32-bit Sparc processor)
+@item Sun4u/Sun4v (64-bit Sparc processor, in progress)
+@item Malta board (32-bit and 64-bit MIPS processors)
+@item MIPS Magnum (64-bit MIPS processor)
@item ARM Integrator/CP (ARM)
@item ARM Versatile baseboard (ARM)
@item ARM RealView Emulation baseboard (ARM)
@item Freescale MCF5208EVB (ColdFire V2).
@item Arnewsh MCF5206 evaluation board (ColdFire V2).
@item Palm Tungsten|E PDA (OMAP310 processor)
+@item N800 and N810 tablets (OMAP2420 processor)
+@item MusicPal (MV88W8618 ARM processor)
@end itemize
-For user emulation, x86, PowerPC, ARM, MIPS, Sparc32/64 and ColdFire(m68k) CPUs are supported.
+For user emulation, x86, PowerPC, ARM, 32-bit MIPS, Sparc32/64 and ColdFire(m68k) CPUs are supported.
@node Installation
@chapter Installation
@item
ENSONIQ AudioPCI ES1370 sound card
@item
+Intel 82801AA AC97 Audio compatible sound card
+@item
Adlib(OPL2) - Yamaha YM3812 compatible chip
@item
+Gravis Ultrasound GF1 sound card
+@item
+CS4231A compatible sound card
+@item
PCI UHCI USB controller and a virtual USB hub.
@end itemize
SMP is supported with up to 255 CPUs.
-Note that adlib is only available when QEMU was configured with
--enable-adlib
+Note that adlib, ac97, gus and cs4231a are only available when QEMU
+was configured with --audio-card-list option containing the name(s) of
+required card(s).
QEMU uses the PC BIOS from the Bochs project and the Plex86/Bochs LGPL
VGA BIOS.
QEMU uses YM3812 emulation by Tatsuyuki Satoh.
+QEMU uses GUS emulation(GUSEMU32 @url{http://www.deinmeister.de/gusemu/})
+by Tibor "TS" Schütz.
+
+CS4231A is the chip used in Windows Sound System and GUSMAX products
+
@c man end
@node pcsys_quickstart
@table @code
@item file=@var{file}
This option defines which disk image (@pxref{disk_images}) to use with
-this drive.
+this drive. If the filename contains comma, you must double it
+(for instance, "file=my,,file" to use file "my,file").
@item if=@var{interface}
This option defines on which type on interface the drive is connected.
Available types are: ide, scsi, sd, mtd, floppy, pflash.
These options have the same definition as they have in @option{-hdachs}.
@item snapshot=@var{snapshot}
@var{snapshot} is "on" or "off" and allows to enable snapshot for given drive (see @option{-snapshot}).
+@item cache=@var{cache}
+@var{cache} is "on" or "off" and allows to disable host cache to access data.
+@item format=@var{format}
+Specify which disk @var{format} will be used rather than detecting
+the format. Can be used to specifiy format=raw to avoid interpreting
+an untrusted format header.
@end table
Instead of @option{-cdrom} you can use:
be needed to boot from old floppy disks.
@item -m @var{megs}
-Set virtual RAM size to @var{megs} megabytes. Default is 128 MiB.
+Set virtual RAM size to @var{megs} megabytes. Default is 128 MiB. Optionally,
+a suffix of ``M'' or ``G'' can be used to signify a value in megabytes or
+gigabytes respectively.
@item -smp @var{n}
Simulate an SMP system with @var{n} CPUs. On the PC target, up to 255
@example
qemu -soundhw sb16,adlib hda
qemu -soundhw es1370 hda
+qemu -soundhw ac97 hda
qemu -soundhw all hda
qemu -soundhw ?
@end example
+Note that Linux's i810_audio OSS kernel (for AC97) module might
+require manually specifying clocking.
+
+@example
+modprobe i810_audio clocking=48000
+@end example
+
@item -localtime
Set the real time clock to local time (the default is to UTC
time). This option is needed to have correct date in MS-DOS or
the console. Therefore, you can still use QEMU to debug a Linux kernel
with a serial console.
+@item -curses
+
+Normally, QEMU uses SDL to display the VGA output. With this option,
+QEMU can display the VGA output when in text mode using a
+curses/ncurses interface. Nothing is displayed in graphical mode.
+
@item -no-frame
Do not use decorations for SDL windows and start them using the whole
available screen space. This makes the using QEMU in a dedicated desktop
workspace more convenient.
+@item -no-quit
+
+Disable SDL window close capability.
+
@item -full-screen
Start in full screen.
@table @code
-@item @var{interface}:@var{d}
+@item @var{host}:@var{d}
-TCP connections will only be allowed from @var{interface} on display @var{d}.
-By convention the TCP port is 5900+@var{d}. Optionally, @var{interface} can
-be omitted in which case the server will bind to all interfaces.
+TCP connections will only be allowed from @var{host} on display @var{d}.
+By convention the TCP port is 5900+@var{d}. Optionally, @var{host} can
+be omitted in which case the server will accept connections from any host.
-@item @var{unix}:@var{path}
+@item @code{unix}:@var{path}
Connections will be allowed over UNIX domain sockets where @var{path} is the
location of a unix socket to listen for connections on.
@item none
-VNC is initialized by not started. The monitor @code{change} command can be used
-to later start the VNC server.
+VNC is initialized but not started. The monitor @code{change} command
+can be used to later start the VNC server.
@end table
@table @code
+@item reverse
+
+Connect to a listening VNC client via a ``reverse'' connection. The
+client is specified by the @var{display}. For reverse network
+connections (@var{host}:@var{d},@code{reverse}), the @var{d} argument
+is a TCP port number, not a display number.
+
@item password
Require that password based authentication is used for client connections.
@item -usbdevice @var{devname}
Add the USB device @var{devname}. @xref{usb_devices}.
+
+@table @code
+
+@item mouse
+Virtual Mouse. This will override the PS/2 mouse emulation when activated.
+
+@item tablet
+Pointer device that uses absolute coordinates (like a touchscreen). This
+means qemu is able to report the mouse position without having to grab the
+mouse. Also overrides the PS/2 mouse emulation when activated.
+
+@item disk:[format=@var{format}]:file
+Mass storage device based on file. The optional @var{format} argument
+will be used rather than detecting the format. Can be used to specifiy
+format=raw to avoid interpreting an untrusted format header.
+
+@item host:bus.addr
+Pass through the host device identified by bus.addr (Linux only).
+
+@item host:vendor_id:product_id
+Pass through the host device identified by vendor_id:product_id (Linux only).
+
+@item serial:[vendorid=@var{vendor_id}][,productid=@var{product_id}]:@var{dev}
+Serial converter to host character device @var{dev}, see @code{-serial} for the
+available devices.
+
+@item braille
+Braille device. This will use BrlAPI to display the braille output on a real
+or fake device.
+
+@item net:options
+Network adapter that supports CDC ethernet and RNDIS protocols.
+
+@end table
+
@end table
Network options:
Valid values for @var{type} are
@code{i82551}, @code{i82557b}, @code{i82559er},
@code{ne2k_pci}, @code{ne2k_isa}, @code{pcnet}, @code{rtl8139},
-@code{smc91c111}, @code{lance} and @code{mcf_fec}.
+@code{e1000}, @code{smc91c111}, @code{lance} and @code{mcf_fec}.
Not all devices are supported on all targets. Use -net nic,model=?
for a list of available devices for your target.
/path/to/linux ubd0=/path/to/root_fs eth0=mcast
@end example
+@item -net vde[,vlan=@var{n}][,sock=@var{socketpath}][,port=@var{n}][,group=@var{groupname}][,mode=@var{octalmode}]
+Connect VLAN @var{n} to PORT @var{n} of a vde switch running on host and
+listening for incoming connections on @var{socketpath}. Use GROUP @var{groupname}
+and MODE @var{octalmode} to change default ownership and permissions for
+communication port. This option is available only if QEMU has been compiled
+with vde support enabled.
+
+Example:
+@example
+# launch vde switch
+vde_switch -F -sock /tmp/myswitch
+# launch QEMU instance
+qemu linux.img -net nic -net vde,sock=/tmp/myswitch
+@end example
+
@item -net none
Indicate that no network devices should be configured. It is used to
override the default configuration (@option{-net nic -net user}) which
@item -serial mon:telnet::4444,server,nowait
@end table
+@item braille
+Braille device. This will use BrlAPI to display the braille output on a real
+or fake device.
+
@end table
@item -parallel @var{dev}
@item -no-reboot
Exit instead of rebooting.
+@item -no-shutdown
+Don't exit QEMU on guest shutdown, but instead only stop the emulation.
+This allows for instance switching to monitor to commit changes to the
+disk image.
+
@item -loadvm file
Start right away with a saved state (@code{loadvm} in monitor)
Note that this allows guest direct access to the host filesystem,
so should only be used with trusted guest OS.
+
+@item -icount [N|auto]
+Enable virtual instruction counter. The virtual cpu will execute one
+instruction every 2^N ns of virtual time. If @code{auto} is specified
+then the virtual cpu speed will be automatically adjusted to keep virtual
+time within a few seconds of real time.
+
+Note that while this option can give deterministic behavior, it does not
+provide cycle accurate emulation. Modern CPUs contain superscalar out of
+order cores with complex cache hierarchies. The number of instructions
+executed often has little or no correlation with actual performance.
@end table
@c man end
Change the medium for a removable disk device to point to @var{filename}. eg
@example
-(qemu) change cdrom /path/to/some.iso
+(qemu) change ide1-cd0 /path/to/some.iso
@end example
@item change vnc @var{display},@var{options}
Reset the system.
+@item boot_set @var{bootdevicelist}
+
+Define new values for the boot device list. Those values will override
+the values specified on the command line through the @code{-boot} option.
+
+The values that can be specified here depend on the machine type, but are
+the same that can be specified in the @code{-boot} command line option.
+
@item usb_add @var{devname}
Add the USB device @var{devname}. For details of available devices see
* disk_images_snapshot_mode:: Snapshot mode
* vm_snapshots:: VM snapshots
* qemu_img_invocation:: qemu-img Invocation
+* qemu_nbd_invocation:: qemu-nbd Invocation
* host_drives:: Using host drives
* disk_images_fat_images:: Virtual FAT disk images
+* disk_images_nbd:: NBD access
@end menu
@node disk_images_quickstart
@include qemu-img.texi
+@node qemu_nbd_invocation
+@subsection @code{qemu-nbd} Invocation
+
+@include qemu-nbd.texi
+
@node host_drives
@subsection Using host drives
@item write to the FAT directory on the host system while accessing it with the guest system.
@end itemize
+@node disk_images_nbd
+@subsection NBD access
+
+QEMU can access directly to block device exported using the Network Block Device
+protocol.
+
+@example
+qemu linux.img -hdb nbd:my_nbd_server.mydomain.org:1024
+@end example
+
+If the NBD server is located on the same host, you can use an unix socket instead
+of an inet socket:
+
+@example
+qemu linux.img -hdb nbd:unix:/tmp/my_socket
+@end example
+
+In this case, the block device must be exported using qemu-nbd:
+
+@example
+qemu-nbd --socket=/tmp/my_socket my_disk.qcow2
+@end example
+
+The use of qemu-nbd allows to share a disk between several guests:
+@example
+qemu-nbd --socket=/tmp/my_socket --share=2 my_disk.qcow2
+@end example
+
+and then you can use it with two guests:
+@example
+qemu linux1.img -hdb nbd:unix:/tmp/my_socket
+qemu linux2.img -hdb nbd:unix:/tmp/my_socket
+@end example
+
@node pcsys_network
@section Network emulation
USB devices can be connected with the @option{-usbdevice} commandline option
or the @code{usb_add} monitor command. Available devices are:
-@table @var
-@item @code{mouse}
+@table @code
+@item mouse
Virtual Mouse. This will override the PS/2 mouse emulation when activated.
-@item @code{tablet}
+@item tablet
Pointer device that uses absolute coordinates (like a touchscreen).
This means qemu is able to report the mouse position without having
to grab the mouse. Also overrides the PS/2 mouse emulation when activated.
-@item @code{disk:@var{file}}
+@item disk:@var{file}
Mass storage device based on @var{file} (@pxref{disk_images})
-@item @code{host:@var{bus.addr}}
+@item host:@var{bus.addr}
Pass through the host device identified by @var{bus.addr}
(Linux only)
-@item @code{host:@var{vendor_id:product_id}}
+@item host:@var{vendor_id:product_id}
Pass through the host device identified by @var{vendor_id:product_id}
(Linux only)
-@item @code{wacom-tablet}
+@item wacom-tablet
Virtual Wacom PenPartner tablet. This device is similar to the @code{tablet}
above but it can be used with the tslib library because in addition to touch
coordinates it reports touch pressure.
-@item @code{keyboard}
+@item keyboard
Standard USB keyboard. Will override the PS/2 keyboard (if present).
+@item serial:[vendorid=@var{vendor_id}][,product_id=@var{product_id}]:@var{dev}
+Serial converter. This emulates an FTDI FT232BM chip connected to host character
+device @var{dev}. The available character devices are the same as for the
+@code{-serial} option. The @code{vendorid} and @code{productid} options can be
+used to override the default 0403:6001. For instance,
+@example
+usb_add serial:productid=FA00:tcp:192.168.0.2:4444
+@end example
+will connect to tcp port 4444 of ip 192.168.0.2, and plug that to the virtual
+serial converter, faking a Matrix Orbital LCD Display (USB ID 0403:FA00).
+@item braille
+Braille device. This will use BrlAPI to display the braille output on a real
+or fake device.
+@item net:@var{options}
+Network adapter that supports CDC ethernet and RNDIS protocols. @var{options}
+specifies NIC options as with @code{-net nic,}@var{options} (see description).
+For instance, user-mode networking can be used with
+@example
+qemu [...OPTIONS...] -net user,vlan=0 -usbdevice net:vlan=0
+@end example
+Currently this cannot be used in machines that support PCI NICs.
@end table
@node host_usb_devices
@code{x/10i $cs*16+$eip} to dump the code at the PC position.
@end enumerate
+Advanced debugging options:
+
+The default single stepping behavior is step with the IRQs and timer service routines off. It is set this way because when gdb executes a single step it expects to advance beyond the current instruction. With the IRQs and and timer service routines on, a single step might jump into the one of the interrupt or exception vectors instead of executing the current instruction. This means you may hit the same breakpoint a number of times before executing the instruction gdb wants to have executed. Because there are rare circumstances where you want to single step into an interrupt vector the behavior can be controlled from GDB. There are three commands you can query and set the single step behavior:
+@table @code
+@item maintenance packet qqemu.sstepbits
+
+This will display the MASK bits used to control the single stepping IE:
+@example
+(gdb) maintenance packet qqemu.sstepbits
+sending: "qqemu.sstepbits"
+received: "ENABLE=1,NOIRQ=2,NOTIMER=4"
+@end example
+@item maintenance packet qqemu.sstep
+
+This will display the current value of the mask used when single stepping IE:
+@example
+(gdb) maintenance packet qqemu.sstep
+sending: "qqemu.sstep"
+received: "0x7"
+@end example
+@item maintenance packet Qqemu.sstep=HEX_VALUE
+
+This will change the single step mask, so if wanted to enable IRQs on the single step, but not timers, you would use:
+@example
+(gdb) maintenance packet Qqemu.sstep=0x5
+sending: "qemu.sstep=0x5"
+received: "OK"
+@end example
+@end table
+
@node pcsys_os_specific
@section Target OS specific information
@section Sparc32 System emulator
Use the executable @file{qemu-system-sparc} to simulate a SPARCstation
-5, SPARCstation 10, or SPARCserver 600MP (sun4m architecture). The
-emulation is somewhat complete. SMP up to 16 CPUs is supported, but
-Linux limits the number of usable CPUs to 4.
+5, SPARCstation 10, SPARCstation 20, SPARCserver 600MP (sun4m
+architecture), SPARCstation 2 (sun4c architecture), SPARCserver 1000,
+or SPARCcenter 2000 (sun4d architecture). The emulation is somewhat
+complete. SMP up to 16 CPUs is supported, but Linux limits the number
+of usable CPUs to 4.
-QEMU emulates the following sun4m peripherals:
+QEMU emulates the following sun4m/sun4d peripherals:
@itemize @minus
@item
-IOMMU
+IOMMU or IO-UNITs
@item
TCX Frame buffer
@item
The number of peripherals is fixed in the architecture. Maximum
memory size depends on the machine type, for SS-5 it is 256MB and for
-SS-10 and SS-600MP 2047MB.
+others 2047MB.
Since version 0.8.2, QEMU uses OpenBIOS
@url{http://www.openbios.org/}. OpenBIOS is a free (GPL v2) portable
-prom-env 'boot-device=sd(0,2,0):d' -prom-env 'boot-args=linux single'
@end example
-@item -M [SS-5|SS-10|SS-600MP]
+@item -M [SS-5|SS-10|SS-20|SS-600MP|SS-2|SS-1000|SS-2000]
Set the emulated machine type. Default is SS-5.
@node Sparc64 System emulator
@section Sparc64 System emulator
-Use the executable @file{qemu-system-sparc64} to simulate a Sun4u machine.
-The emulator is not usable for anything yet.
+Use the executable @file{qemu-system-sparc64} to simulate a Sun4u or
+Sun4v machine. The emulator is not usable for anything yet.
-QEMU emulates the following sun4u peripherals:
+QEMU emulates the following peripherals:
@itemize @minus
@item
Non Volatile RAM M48T59
@item
PC-compatible serial ports
+@item
+2 PCI IDE interfaces with hard disk and CD-ROM support
@end itemize
+@c man begin OPTIONS
+
+The following options are specific to the Sparc64 emulation:
+
+@table @option
+
+@item -M [sun4u|sun4v]
+
+Set the emulated machine type. The default is sun4u.
+
+@end table
+
+@c man end
+
@node MIPS System emulator
@section MIPS System emulator
-Use the executable @file{qemu-system-mips} to simulate a MIPS machine.
-Three different machine types are emulated:
+Four executables cover simulation of 32 and 64-bit MIPS systems in
+both endian options, @file{qemu-system-mips}, @file{qemu-system-mipsel}
+@file{qemu-system-mips64} and @file{qemu-system-mips64el}.
+Five different machine types are emulated:
@itemize @minus
@item
@item
The MIPS Malta prototype board "malta"
@item
-An ACER Pica "pica61"
+An ACER Pica "pica61". This machine needs the 64-bit emulator.
@item
MIPS emulator pseudo board "mipssim"
+@item
+A MIPS Magnum R4000 machine "magnum". This machine needs the 64-bit emulator.
@end itemize
The generic emulation is supported by Debian 'Etch' and is able to
MIPSnet network emulation
@end itemize
+The MIPS Magnum R4000 emulation supports:
+
+@itemize @minus
+@item
+MIPS R4000 CPU
+@item
+PC-style IRQ controller
+@item
+PC Keyboard
+@item
+SCSI controller
+@item
+G364 framebuffer
+@end itemize
+
+
@node ARM System emulator
@section ARM System emulator
Three on-chip UARTs
@end itemize
+Nokia N800 and N810 internet tablets (known also as RX-34 and RX-44 / 48)
+emulation supports the following elements:
+
+@itemize @minus
+@item
+Texas Instruments OMAP2420 System-on-chip (ARM 1136 core)
+@item
+RAM and non-volatile OneNAND Flash memories
+@item
+Display connected to EPSON remote framebuffer chip and OMAP on-chip
+display controller and a LS041y3 MIPI DBI-C controller
+@item
+TI TSC2301 (in N800) and TI TSC2005 (in N810) touchscreen controllers
+driven through SPI bus
+@item
+National Semiconductor LM8323-controlled qwerty keyboard driven
+through I@math{^2}C bus
+@item
+Secure Digital card connected to OMAP MMC/SD host
+@item
+Three OMAP on-chip UARTs and on-chip STI debugging console
+@item
+Mentor Graphics "Inventra" dual-role USB controller embedded in a TI
+TUSB6010 chip - only USB host mode is supported
+@item
+TI TMP105 temperature sensor driven through I@math{^2}C bus
+@item
+TI TWL92230C power management companion with an RTC on I@math{^2}C bus
+@item
+Nokia RETU and TAHVO multi-purpose chips with an RTC, connected
+through CBUS
+@end itemize
+
The Luminary Micro Stellaris LM3S811EVB emulation includes the following
devices:
OSRAM Pictiva 128x64 OLED with SSD0323 controller connected via SSI.
@end itemize
+The Freecom MusicPal internet radio emulation includes the following
+elements:
+
+@itemize @minus
+@item
+Marvell MV88W8618 ARM core.
+@item
+32 MB RAM, 256 KB SRAM, 8 MB flash.
+@item
+Up to 2 16550 UARTs
+@item
+MV88W8xx8 Ethernet controller
+@item
+MV88W8618 audio controller, WM8750 CODEC and mixer
+@item
+128×64 display with brightness control
+@item
+2 buttons, 2 navigation wheels with button function
+@end itemize
+
A Linux 2.6 test image is available on the QEMU web site. More
information is available in the QEMU mailing-list archive.
Act as if the host page size was 'pagesize' bytes
@end table
+Environment variables:
+
+@table @env
+@item QEMU_STRACE
+Print system calls and arguments similar to the 'strace' program
+(NOTE: the actual 'strace' program will not work because the user
+space emulator hasn't implemented ptrace). At the moment this is
+incomplete. All system calls that don't have a specific argument
+format are printed with information for six arguments. Many
+flag-style arguments don't have decoders and will show up as numbers.
+@end table
+
@node Other binaries
@subsection Other binaries
projects / qemu.git / blobdiff