qemu-doc.texi 93.9 KB
Newer Older
bellard's avatar
bellard committed
1
\input texinfo @c -*- texinfo -*-
2 3
@c %**start of header
@setfilename qemu-doc.info
4
@include version.texi
5 6 7 8

@documentlanguage en
@documentencoding UTF-8

9
@settitle QEMU version @value{VERSION} User Documentation
10 11 12
@exampleindent 0
@paragraphindent 0
@c %**end of header
bellard's avatar
bellard committed
13

14 15 16 17 18 19
@ifinfo
@direntry
* QEMU: (qemu-doc).    The QEMU Emulator User Documentation.
@end direntry
@end ifinfo

bellard's avatar
bellard committed
20
@iftex
bellard's avatar
bellard committed
21 22
@titlepage
@sp 7
23
@center @titlefont{QEMU version @value{VERSION}}
24 25
@sp 1
@center @titlefont{User Documentation}
bellard's avatar
bellard committed
26 27
@sp 3
@end titlepage
bellard's avatar
bellard committed
28
@end iftex
bellard's avatar
bellard committed
29

30 31 32 33 34 35 36 37
@ifnottex
@node Top
@top

@menu
* Introduction::
* QEMU PC System emulator::
* QEMU System emulator for non PC targets::
38
* QEMU Guest Agent::
39
* QEMU User space emulator::
40
* Implementation notes::
41
* License::
42 43 44 45 46 47 48
* Index::
@end menu
@end ifnottex

@contents

@node Introduction
bellard's avatar
bellard committed
49 50
@chapter Introduction

51 52 53 54 55
@menu
* intro_features:: Features
@end menu

@node intro_features
bellard's avatar
bellard committed
56
@section Features
bellard's avatar
bellard committed
57

bellard's avatar
bellard committed
58 59
QEMU is a FAST! processor emulator using dynamic translation to
achieve good emulation speed.
bellard's avatar
bellard committed
60

61
@cindex operating modes
bellard's avatar
bellard committed
62
QEMU has two operating modes:
bellard's avatar
bellard committed
63

64
@itemize
65
@cindex system emulation
66
@item Full system emulation. In this mode, QEMU emulates a full system (for
bellard's avatar
bellard committed
67 68 69
example a PC), including one or several processors and various
peripherals. It can be used to launch different Operating Systems
without rebooting the PC or to debug system code.
bellard's avatar
bellard committed
70

71
@cindex user mode emulation
72
@item User mode emulation. In this mode, QEMU can launch
73
processes compiled for one CPU on another CPU. It can be used to
bellard's avatar
bellard committed
74 75
launch the Wine Windows API emulator (@url{http://www.winehq.org}) or
to ease cross-compilation and cross-debugging.
bellard's avatar
bellard committed
76 77 78

@end itemize

79 80 81 82 83 84 85 86 87 88 89 90
QEMU has the following features:

@itemize
@item QEMU can run without a host kernel driver and yet gives acceptable
performance.  It uses dynamic translation to native code for reasonable speed,
with support for self-modifying code and precise exceptions.

@item It is portable to several operating systems (GNU/Linux, *BSD, Mac OS X,
Windows) and architectures.

@item It performs accurate software emulation of the FPU.
@end itemize
bellard's avatar
bellard committed
91

92
QEMU user mode emulation has the following features:
bellard's avatar
bellard committed
93
@itemize
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121
@item Generic Linux system call converter, including most ioctls.

@item clone() emulation using native CPU clone() to use Linux scheduler for threads.

@item Accurate signal handling by remapping host signals to target signals.
@end itemize

QEMU full system emulation has the following features:
@itemize
@item
QEMU uses a full software MMU for maximum portability.

@item
QEMU can optionally use an in-kernel accelerator, like kvm. The accelerators 
execute most of the guest code natively, while
continuing to emulate the rest of the machine.

@item
Various hardware devices can be emulated and in some cases, host
devices (e.g. serial and parallel ports, USB, drives) can be used
transparently by the guest Operating System. Host device passthrough
can be used for talking to external physical peripherals (e.g. a
webcam, modem or tape drive).

@item
Symmetric multiprocessing (SMP) support.  Currently, an in-kernel
accelerator is required to use more than one host CPU for emulation.

bellard's avatar
bellard committed
122
@end itemize
bellard's avatar
bellard committed
123

bellard's avatar
bellard committed
124

125
@node QEMU PC System emulator
bellard's avatar
bellard committed
126
@chapter QEMU PC System emulator
127
@cindex system emulation (PC)
bellard's avatar
bellard committed
128

129 130 131 132
@menu
* pcsys_introduction:: Introduction
* pcsys_quickstart::   Quick Start
* sec_invocation::     Invocation
133 134
* pcsys_keys::         Keys in the graphical frontends
* mux_keys::           Keys in the character backend multiplexer
135 136 137
* pcsys_monitor::      QEMU Monitor
* disk_images::        Disk Images
* pcsys_network::      Network emulation
138
* pcsys_other_devs::   Other Devices
139 140
* direct_linux_boot::  Direct Linux Boot
* pcsys_usb::          USB emulation
141
* vnc_security::       VNC security
142 143 144 145 146
* gdb_usage::          GDB usage
* pcsys_os_specific::  Target OS specific information
@end menu

@node pcsys_introduction
bellard's avatar
bellard committed
147 148 149 150
@section Introduction

@c man begin DESCRIPTION

bellard's avatar
bellard committed
151 152
The QEMU PC System emulator simulates the
following peripherals:
bellard's avatar
bellard committed
153 154

@itemize @minus
155
@item
bellard's avatar
bellard committed
156
i440FX host PCI bridge and PIIX3 PCI to ISA bridge
bellard's avatar
bellard committed
157
@item
bellard's avatar
bellard committed
158 159
Cirrus CLGD 5446 PCI VGA card or dummy VGA card with Bochs VESA
extensions (hardware level, including all non standard modes).
bellard's avatar
bellard committed
160 161
@item
PS/2 mouse and keyboard
162
@item
bellard's avatar
bellard committed
163
2 PCI IDE interfaces with hard disk and CD-ROM support
bellard's avatar
bellard committed
164 165
@item
Floppy disk
166
@item
167
PCI and ISA network adapters
bellard's avatar
bellard committed
168
@item
bellard's avatar
bellard committed
169 170
Serial ports
@item
171 172
IPMI BMC, either and internal or external one
@item
bellard's avatar
bellard committed
173 174 175 176
Creative SoundBlaster 16 sound card
@item
ENSONIQ AudioPCI ES1370 sound card
@item
balrog's avatar
balrog committed
177 178
Intel 82801AA AC97 Audio compatible sound card
@item
179 180
Intel HD Audio Controller and HDA codec
@item
181
Adlib (OPL2) - Yamaha YM3812 compatible chip
bellard's avatar
bellard committed
182
@item
183 184
Gravis Ultrasound GF1 sound card
@item
malc's avatar
malc committed
185 186
CS4231A compatible sound card
@item
187
PCI UHCI, OHCI, EHCI or XHCI USB controller and a virtual USB-1.1 hub.
bellard's avatar
bellard committed
188 189
@end itemize

bellard's avatar
bellard committed
190 191
SMP is supported with up to 255 CPUs.

192
QEMU uses the PC BIOS from the Seabios project and the Plex86/Bochs LGPL
bellard's avatar
bellard committed
193 194
VGA BIOS.

bellard's avatar
bellard committed
195 196
QEMU uses YM3812 emulation by Tatsuyuki Satoh.

197
QEMU uses GUS emulation (GUSEMU32 @url{http://www.deinmeister.de/gusemu/})
198
by Tibor "TS" Schütz.
199

200
Note that, by default, GUS shares IRQ(7) with parallel ports and so
201
QEMU must be told to not have parallel ports to have working GUS.
202 203

@example
204
qemu-system-i386 dos.img -soundhw gus -parallel none
205 206 207 208
@end example

Alternatively:
@example
209
qemu-system-i386 dos.img -device gus,irq=5
210 211 212 213
@end example

Or some other unclaimed IRQ.

malc's avatar
malc committed
214 215
CS4231A is the chip used in Windows Sound System and GUSMAX products

bellard's avatar
bellard committed
216 217
@c man end

218
@node pcsys_quickstart
bellard's avatar
bellard committed
219
@section Quick Start
220
@cindex quick start
bellard's avatar
bellard committed
221

bellard's avatar
bellard committed
222
Download and uncompress the linux image (@file{linux.img}) and type:
bellard's avatar
bellard committed
223 224

@example
225
qemu-system-i386 linux.img
bellard's avatar
bellard committed
226 227 228 229
@end example

Linux should boot and give you a prompt.

bellard's avatar
bellard committed
230
@node sec_invocation
bellard's avatar
bellard committed
231 232 233
@section Invocation

@example
bellard's avatar
bellard committed
234
@c man begin SYNOPSIS
235
@command{qemu-system-i386} [@var{options}] [@var{disk_image}]
bellard's avatar
bellard committed
236
@c man end
bellard's avatar
bellard committed
237 238
@end example

bellard's avatar
bellard committed
239
@c man begin OPTIONS
blueswir1's avatar
blueswir1 committed
240 241
@var{disk_image} is a raw hard disk image for IDE hard disk 0. Some
targets do not need a disk image.
bellard's avatar
bellard committed
242

243
@include qemu-options.texi
bellard's avatar
bellard committed
244

bellard's avatar
bellard committed
245 246
@c man end

247
@node pcsys_keys
248
@section Keys in the graphical frontends
bellard's avatar
bellard committed
249 250 251

@c man begin OPTIONS

252 253 254 255 256
During the graphical emulation, you can use special key combinations to change
modes. The default key mappings are shown below, but if you use @code{-alt-grab}
then the modifier is Ctrl-Alt-Shift (instead of Ctrl-Alt) and if you use
@code{-ctrl-grab} then the modifier is the right Ctrl key (instead of Ctrl-Alt):

bellard's avatar
bellard committed
257
@table @key
bellard's avatar
bellard committed
258
@item Ctrl-Alt-f
259
@kindex Ctrl-Alt-f
bellard's avatar
bellard committed
260
Toggle full screen
bellard's avatar
bellard committed
261

Jan Kiszka's avatar
Jan Kiszka committed
262 263 264 265 266 267 268 269
@item Ctrl-Alt-+
@kindex Ctrl-Alt-+
Enlarge the screen

@item Ctrl-Alt--
@kindex Ctrl-Alt--
Shrink the screen

270
@item Ctrl-Alt-u
271
@kindex Ctrl-Alt-u
272 273
Restore the screen's un-scaled dimensions

bellard's avatar
bellard committed
274
@item Ctrl-Alt-n
275
@kindex Ctrl-Alt-n
bellard's avatar
bellard committed
276 277 278 279 280 281 282 283
Switch to virtual console 'n'. Standard console mappings are:
@table @emph
@item 1
Target system display
@item 2
Monitor
@item 3
Serial port
bellard's avatar
bellard committed
284 285
@end table

bellard's avatar
bellard committed
286
@item Ctrl-Alt
287
@kindex Ctrl-Alt
bellard's avatar
bellard committed
288 289 290
Toggle mouse and keyboard grab.
@end table

291 292 293 294
@kindex Ctrl-Up
@kindex Ctrl-Down
@kindex Ctrl-PageUp
@kindex Ctrl-PageDown
bellard's avatar
bellard committed
295 296 297
In the virtual consoles, you can use @key{Ctrl-Up}, @key{Ctrl-Down},
@key{Ctrl-PageUp} and @key{Ctrl-PageDown} to move in the back log.

298 299 300 301 302 303 304 305 306 307 308 309 310
@c man end

@node mux_keys
@section Keys in the character backend multiplexer

@c man begin OPTIONS

During emulation, if you are using a character backend multiplexer
(which is the default if you are using @option{-nographic}) then
several commands are available via an escape sequence. These
key sequences all start with an escape character, which is @key{Ctrl-a}
by default, but can be changed with @option{-echr}. The list below assumes
you're using the default.
bellard's avatar
bellard committed
311 312

@table @key
bellard's avatar
bellard committed
313
@item Ctrl-a h
314
@kindex Ctrl-a h
bellard's avatar
bellard committed
315
Print this help
316
@item Ctrl-a x
317
@kindex Ctrl-a x
ths's avatar
ths committed
318
Exit emulator
319
@item Ctrl-a s
320
@kindex Ctrl-a s
bellard's avatar
bellard committed
321
Save disk data back to file (if -snapshot)
322
@item Ctrl-a t
323
@kindex Ctrl-a t
blueswir1's avatar
blueswir1 committed
324
Toggle console timestamps
bellard's avatar
bellard committed
325
@item Ctrl-a b
326
@kindex Ctrl-a b
bellard's avatar
bellard committed
327
Send break (magic sysrq in Linux)
bellard's avatar
bellard committed
328
@item Ctrl-a c
329
@kindex Ctrl-a c
330 331
Rotate between the frontends connected to the multiplexer (usually
this switches between the monitor and the console)
bellard's avatar
bellard committed
332
@item Ctrl-a Ctrl-a
333 334
@kindex Ctrl-a Ctrl-a
Send the escape character to the frontend
bellard's avatar
bellard committed
335
@end table
bellard's avatar
bellard committed
336 337 338 339
@c man end

@ignore

bellard's avatar
bellard committed
340 341 342 343 344 345 346 347 348 349 350
@c man begin SEEALSO
The HTML documentation of QEMU for more precise information and Linux
user mode emulator invocation.
@c man end

@c man begin AUTHOR
Fabrice Bellard
@c man end

@end ignore

351
@node pcsys_monitor
bellard's avatar
bellard committed
352
@section QEMU Monitor
353
@cindex QEMU monitor
bellard's avatar
bellard committed
354 355 356 357 358 359 360

The QEMU monitor is used to give complex commands to the QEMU
emulator. You can use it to:

@itemize @minus

@item
ths's avatar
ths committed
361
Remove or insert removable media images
362
(such as CD-ROM or floppies).
bellard's avatar
bellard committed
363

364
@item
bellard's avatar
bellard committed
365 366 367 368 369 370 371 372 373 374 375
Freeze/unfreeze the Virtual Machine (VM) and save or restore its state
from a disk file.

@item Inspect the VM state without an external debugger.

@end itemize

@subsection Commands

The following commands are available:

376
@include qemu-monitor.texi
bellard's avatar
bellard committed
377

378 379
@include qemu-monitor-info.texi

bellard's avatar
bellard committed
380 381 382 383 384
@subsection Integer expressions

The monitor understands integers expressions for every integer
argument. You can use register names to get the value of specifics
CPU registers by prefixing them with @emph{$}.
bellard's avatar
bellard committed
385

bellard's avatar
bellard committed
386 387 388
@node disk_images
@section Disk Images

389 390
Since version 0.6.1, QEMU supports many disk image formats, including
growable disk images (their size increase as non empty sectors are
bellard's avatar
bellard committed
391 392 393
written), compressed and encrypted disk images. Version 0.8.3 added
the new qcow2 disk image format which is essential to support VM
snapshots.
bellard's avatar
bellard committed
394

395 396 397
@menu
* disk_images_quickstart::    Quick start for disk image creation
* disk_images_snapshot_mode:: Snapshot mode
bellard's avatar
bellard committed
398
* vm_snapshots::              VM snapshots
399
* qemu_img_invocation::       qemu-img Invocation
400
* qemu_nbd_invocation::       qemu-nbd Invocation
401
* disk_images_formats::       Disk image file formats
bellard's avatar
bellard committed
402
* host_drives::               Using host drives
403
* disk_images_fat_images::    Virtual FAT disk images
404
* disk_images_nbd::           NBD access
405
* disk_images_sheepdog::      Sheepdog disk images
406
* disk_images_iscsi::         iSCSI LUNs
407
* disk_images_gluster::       GlusterFS disk images
408
* disk_images_ssh::           Secure Shell (ssh) disk images
409 410 411
@end menu

@node disk_images_quickstart
412 413 414
@subsection Quick start for disk image creation

You can create a disk image with the command:
bellard's avatar
bellard committed
415
@example
416
qemu-img create myimage.img mysize
bellard's avatar
bellard committed
417
@end example
418 419 420 421
where @var{myimage.img} is the disk image filename and @var{mysize} is its
size in kilobytes. You can add an @code{M} suffix to give the size in
megabytes and a @code{G} suffix for gigabytes.

422
See @ref{qemu_img_invocation} for more information.
bellard's avatar
bellard committed
423

424
@node disk_images_snapshot_mode
bellard's avatar
bellard committed
425 426 427 428 429
@subsection Snapshot mode

If you use the option @option{-snapshot}, all disk images are
considered as read only. When sectors in written, they are written in
a temporary file created in @file{/tmp}. You can however force the
430 431
write back to the raw disk images by using the @code{commit} monitor
command (or @key{C-a s} in the serial console).
bellard's avatar
bellard committed
432

bellard's avatar
bellard committed
433 434 435 436 437 438 439 440 441 442 443
@node vm_snapshots
@subsection VM snapshots

VM snapshots are snapshots of the complete virtual machine including
CPU state, RAM, device state and the content of all the writable
disks. In order to use VM snapshots, you must have at least one non
removable and writable block device using the @code{qcow2} disk image
format. Normally this device is the first virtual hard drive.

Use the monitor command @code{savevm} to create a new VM snapshot or
replace an existing one. A human readable name can be assigned to each
bellard's avatar
bellard committed
444
snapshot in addition to its numerical ID.
bellard's avatar
bellard committed
445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466

Use @code{loadvm} to restore a VM snapshot and @code{delvm} to remove
a VM snapshot. @code{info snapshots} lists the available snapshots
with their associated information:

@example
(qemu) info snapshots
Snapshot devices: hda
Snapshot list (from hda):
ID        TAG                 VM SIZE                DATE       VM CLOCK
1         start                   41M 2006-08-06 12:38:02   00:00:14.954
2                                 40M 2006-08-06 12:43:29   00:00:18.633
3         msys                    40M 2006-08-06 12:44:04   00:00:23.514
@end example

A VM snapshot is made of a VM state info (its size is shown in
@code{info snapshots}) and a snapshot of every writable disk image.
The VM state info is stored in the first @code{qcow2} non removable
and writable block device. The disk image snapshots are stored in
every disk image. The size of a snapshot in a disk image is difficult
to evaluate and is not shown by @code{info snapshots} because the
associated disk sectors are shared among all the snapshots to save
bellard's avatar
bellard committed
467 468
disk space (otherwise each snapshot would need a full copy of all the
disk images).
bellard's avatar
bellard committed
469 470 471 472 473 474 475

When using the (unrelated) @code{-snapshot} option
(@ref{disk_images_snapshot_mode}), you can always make VM snapshots,
but they are deleted as soon as you exit QEMU.

VM snapshots currently have the following known limitations:
@itemize
476
@item
bellard's avatar
bellard committed
477 478
They cannot cope with removable devices if they are removed or
inserted after a snapshot is done.
479
@item
bellard's avatar
bellard committed
480 481 482 483
A few device drivers still have incomplete snapshot support so their
state is not saved or restored properly (in particular USB).
@end itemize

484 485
@node qemu_img_invocation
@subsection @code{qemu-img} Invocation
bellard's avatar
bellard committed
486

487
@include qemu-img.texi
bellard's avatar
bellard committed
488

489 490 491 492 493
@node qemu_nbd_invocation
@subsection @code{qemu-nbd} Invocation

@include qemu-nbd.texi

494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515
@node disk_images_formats
@subsection Disk image file formats

QEMU supports many image file formats that can be used with VMs as well as with
any of the tools (like @code{qemu-img}). This includes the preferred formats
raw and qcow2 as well as formats that are supported for compatibility with
older QEMU versions or other hypervisors.

Depending on the image format, different options can be passed to
@code{qemu-img create} and @code{qemu-img convert} using the @code{-o} option.
This section describes each format and the options that are supported for it.

@table @option
@item raw

Raw disk image format. This format has the advantage of
being simple and easily exportable to all other emulators. If your
file system supports @emph{holes} (for example in ext2 or ext3 on
Linux or NTFS on Windows), then only the written sectors will reserve
space. Use @code{qemu-img info} to know the real size used by the
image or @code{ls -ls} on Unix/Linux.

516 517 518 519 520 521 522 523 524
Supported options:
@table @code
@item preallocation
Preallocation mode (allowed values: @code{off}, @code{falloc}, @code{full}).
@code{falloc} mode preallocates space for image by calling posix_fallocate().
@code{full} mode preallocates space for image by writing zeros to underlying
storage.
@end table

525 526 527
@item qcow2
QEMU image format, the most versatile format. Use it to have smaller
images (useful if your filesystem does not supports holes, for example
528 529
on Windows), zlib based compression and support of multiple VM
snapshots.
530 531 532 533

Supported options:
@table @code
@item compat
534 535
Determines the qcow2 version to use. @code{compat=0.10} uses the
traditional image format that can be read by any QEMU since 0.10.
536
@code{compat=1.1} enables image format extensions that only QEMU 1.1 and
537 538
newer understand (this is the default). Amongst others, this includes
zero clusters, which allow efficient copy-on-read for sparse images.
539 540 541 542 543 544

@item backing_file
File name of a base image (see @option{create} subcommand)
@item backing_fmt
Image format of the base image
@item encryption
545
If this option is set to @code{on}, the image is encrypted with 128-bit AES-CBC.
546

547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562
The use of encryption in qcow and qcow2 images is considered to be flawed by
modern cryptography standards, suffering from a number of design problems:

@itemize @minus
@item The AES-CBC cipher is used with predictable initialization vectors based
on the sector number. This makes it vulnerable to chosen plaintext attacks
which can reveal the existence of encrypted data.
@item The user passphrase is directly used as the encryption key. A poorly
chosen or short passphrase will compromise the security of the encryption.
@item In the event of the passphrase being compromised there is no way to
change the passphrase to protect data in any qcow images. The files must
be cloned, using a different encryption passphrase in the new file. The
original file must then be securely erased using a program like shred,
though even this is ineffective with many modern storage technologies.
@end itemize

563 564 565 566
Use of qcow / qcow2 encryption with QEMU is deprecated, and support for
it will go away in a future release.  Users are recommended to use an
alternative encryption technology such as the Linux dm-crypt / LUKS
system.
567 568 569 570 571 572 573

@item cluster_size
Changes the qcow2 cluster size (must be between 512 and 2M). Smaller cluster
sizes can improve the image file size whereas larger cluster sizes generally
provide better performance.

@item preallocation
574 575 576 577 578
Preallocation mode (allowed values: @code{off}, @code{metadata}, @code{falloc},
@code{full}). An image with preallocated metadata is initially larger but can
improve performance when the image needs to grow. @code{falloc} and @code{full}
preallocations are like the same options of @code{raw} format, but sets up
metadata also.
579 580 581 582 583 584 585 586 587 588 589

@item lazy_refcounts
If this option is set to @code{on}, reference count updates are postponed with
the goal of avoiding metadata I/O and improving performance. This is
particularly interesting with @option{cache=writethrough} which doesn't batch
metadata updates. The tradeoff is that after a host crash, the reference count
tables must be rebuilt, i.e. on the next open an (automatic) @code{qemu-img
check -r all} is required, which may take some time.

This option can only be enabled if @code{compat=1.1} is specified.

590
@item nocow
Chunyan Liu's avatar
Chunyan Liu committed
591
If this option is set to @code{on}, it will turn off COW of the file. It's only
592 593 594 595 596 597 598 599 600 601 602 603
valid on btrfs, no effect on other file systems.

Btrfs has low performance when hosting a VM image file, even more when the guest
on the VM also using btrfs as file system. Turning off COW is a way to mitigate
this bad performance. Generally there are two ways to turn off COW on btrfs:
a) Disable it by mounting with nodatacow, then all newly created files will be
NOCOW. b) For an empty file, add the NOCOW file attribute. That's what this option
does.

Note: this option is only valid to new or empty files. If there is an existing
file which is COW and has data blocks already, it couldn't be changed to NOCOW
by setting @code{nocow=on}. One can issue @code{lsattr filename} to check if
Chunyan Liu's avatar
Chunyan Liu committed
604
the NOCOW flag is set or not (Capital 'C' is NOCOW flag).
605

606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661
@end table

@item qed
Old QEMU image format with support for backing files and compact image files
(when your filesystem or transport medium does not support holes).

When converting QED images to qcow2, you might want to consider using the
@code{lazy_refcounts=on} option to get a more QED-like behaviour.

Supported options:
@table @code
@item backing_file
File name of a base image (see @option{create} subcommand).
@item backing_fmt
Image file format of backing file (optional).  Useful if the format cannot be
autodetected because it has no header, like some vhd/vpc files.
@item cluster_size
Changes the cluster size (must be power-of-2 between 4K and 64K). Smaller
cluster sizes can improve the image file size whereas larger cluster sizes
generally provide better performance.
@item table_size
Changes the number of clusters per L1/L2 table (must be power-of-2 between 1
and 16).  There is normally no need to change this value but this option can be
used for performance benchmarking.
@end table

@item qcow
Old QEMU image format with support for backing files, compact image files,
encryption and compression.

Supported options:
@table @code
@item backing_file
File name of a base image (see @option{create} subcommand)
@item encryption
If this option is set to @code{on}, the image is encrypted.
@end table

@item vdi
VirtualBox 1.1 compatible image format.
Supported options:
@table @code
@item static
If this option is set to @code{on}, the image is created with metadata
preallocation.
@end table

@item vmdk
VMware 3 and 4 compatible image format.

Supported options:
@table @code
@item backing_file
File name of a base image (see @option{create} subcommand).
@item compat6
Create a VMDK version 6 image (instead of version 4)
662 663 664
@item hwversion
Specify vmdk virtual hardware version. Compat6 flag cannot be enabled
if hwversion is specified.
665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681
@item subformat
Specifies which VMDK subformat to use. Valid options are
@code{monolithicSparse} (default),
@code{monolithicFlat},
@code{twoGbMaxExtentSparse},
@code{twoGbMaxExtentFlat} and
@code{streamOptimized}.
@end table

@item vpc
VirtualPC compatible image format (VHD).
Supported options:
@table @code
@item subformat
Specifies which VHD subformat to use. Valid options are
@code{dynamic} (default) and @code{fixed}.
@end table
682 683 684 685 686 687 688 689 690

@item VHDX
Hyper-V compatible image format (VHDX).
Supported options:
@table @code
@item subformat
Specifies which VHDX subformat to use. Valid options are
@code{dynamic} (default) and @code{fixed}.
@item block_state_zero
691 692 693 694 695
Force use of payload blocks of type 'ZERO'.  Can be set to @code{on} (default)
or @code{off}.  When set to @code{off}, new blocks will be created as
@code{PAYLOAD_BLOCK_NOT_PRESENT}, which means parsers are free to return
arbitrary data for those blocks.  Do not set to @code{off} when using
@code{qemu-img convert} with @code{subformat=dynamic}.
696 697 698 699 700
@item block_size
Block size; min 1 MB, max 256 MB.  0 means auto-calculate based on image size.
@item log_size
Log size; min 1 MB.
@end table
701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717
@end table

@subsubsection Read-only formats
More disk image file formats are supported in a read-only mode.
@table @option
@item bochs
Bochs images of @code{growing} type.
@item cloop
Linux Compressed Loop image, useful only to reuse directly compressed
CD-ROM images present for example in the Knoppix CD-ROMs.
@item dmg
Apple disk image.
@item parallels
Parallels disk image format.
@end table


bellard's avatar
bellard committed
718 719 720 721 722 723 724 725 726
@node host_drives
@subsection Using host drives

In addition to disk image files, QEMU can directly access host
devices. We describe here the usage for QEMU version >= 0.8.3.

@subsubsection Linux

On Linux, you can directly use the host device filename instead of a
727
disk image filename provided you have enough privileges to access
728
it. For example, use @file{/dev/cdrom} to access to the CDROM.
bellard's avatar
bellard committed
729

bellard's avatar
bellard committed
730
@table @code
bellard's avatar
bellard committed
731 732 733 734 735 736 737 738 739
@item CD
You can specify a CDROM device even if no CDROM is loaded. QEMU has
specific code to detect CDROM insertion or removal. CDROM ejection by
the guest OS is supported. Currently only data CDs are supported.
@item Floppy
You can specify a floppy device even if no floppy is loaded. Floppy
removal is currently not detected accurately (if you change floppy
without doing floppy access while the floppy is not loaded, the guest
OS will think that the same floppy is loaded).
740 741
Use of the host's floppy device is deprecated, and support for it will
be removed in a future release.
bellard's avatar
bellard committed
742 743 744 745 746 747 748 749 750 751 752
@item Hard disks
Hard disks can be used. Normally you must specify the whole disk
(@file{/dev/hdb} instead of @file{/dev/hdb1}) so that the guest OS can
see it as a partitioned disk. WARNING: unless you know what you do, it
is better to only make READ-ONLY accesses to the hard disk otherwise
you may corrupt your host data (use the @option{-snapshot} command
line option or modify the device permissions accordingly).
@end table

@subsubsection Windows

753 754
@table @code
@item CD
755
The preferred syntax is the drive letter (e.g. @file{d:}). The
756 757
alternate syntax @file{\\.\d:} is supported. @file{/dev/cdrom} is
supported as an alias to the first CDROM drive.
bellard's avatar
bellard committed
758

ths's avatar
ths committed
759
Currently there is no specific code to handle removable media, so it
bellard's avatar
bellard committed
760 761
is better to use the @code{change} or @code{eject} monitor commands to
change or eject media.
762
@item Hard disks
763
Hard disks can be used with the syntax: @file{\\.\PhysicalDrive@var{N}}
764 765 766 767 768 769 770 771
where @var{N} is the drive number (0 is the first hard disk).

WARNING: unless you know what you do, it is better to only make
READ-ONLY accesses to the hard disk otherwise you may corrupt your
host data (use the @option{-snapshot} command line so that the
modifications are written in a temporary file).
@end table

bellard's avatar
bellard committed
772 773 774

@subsubsection Mac OS X

775
@file{/dev/cdrom} is an alias to the first CDROM.
bellard's avatar
bellard committed
776

ths's avatar
ths committed
777
Currently there is no specific code to handle removable media, so it
bellard's avatar
bellard committed
778 779 780
is better to use the @code{change} or @code{eject} monitor commands to
change or eject media.

781
@node disk_images_fat_images
bellard's avatar
bellard committed
782 783 784 785 786
@subsection Virtual FAT disk images

QEMU can automatically create a virtual FAT disk image from a
directory tree. In order to use it, just type:

787
@example
788
qemu-system-i386 linux.img -hdb fat:/my_directory
bellard's avatar
bellard committed
789 790 791 792 793 794 795 796
@end example

Then you access access to all the files in the @file{/my_directory}
directory without having to copy them in a disk image or to export
them via SAMBA or NFS. The default access is @emph{read-only}.

Floppies can be emulated with the @code{:floppy:} option:

797
@example
798
qemu-system-i386 linux.img -fda fat:floppy:/my_directory
bellard's avatar
bellard committed
799 800 801 802 803
@end example

A read/write support is available for testing (beta stage) with the
@code{:rw:} option:

804
@example
805
qemu-system-i386 linux.img -fda fat:floppy:rw:/my_directory
bellard's avatar
bellard committed
806 807 808 809 810 811
@end example

What you should @emph{never} do:
@itemize
@item use non-ASCII filenames ;
@item use "-snapshot" together with ":rw:" ;
bellard's avatar
bellard committed
812 813
@item expect it to work when loadvm'ing ;
@item write to the FAT directory on the host system while accessing it with the guest system.
bellard's avatar
bellard committed
814 815
@end itemize

816 817 818 819 820 821 822
@node disk_images_nbd
@subsection NBD access

QEMU can access directly to block device exported using the Network Block Device
protocol.

@example
Paolo Bonzini's avatar
Paolo Bonzini committed
823
qemu-system-i386 linux.img -hdb nbd://my_nbd_server.mydomain.org:1024/
824 825 826 827 828 829
@end example

If the NBD server is located on the same host, you can use an unix socket instead
of an inet socket:

@example
Paolo Bonzini's avatar
Paolo Bonzini committed
830
qemu-system-i386 linux.img -hdb nbd+unix://?socket=/tmp/my_socket
831 832 833 834 835 836 837 838
@end example

In this case, the block device must be exported using qemu-nbd:

@example
qemu-nbd --socket=/tmp/my_socket my_disk.qcow2
@end example

839
The use of qemu-nbd allows sharing of a disk between several guests:
840 841 842 843
@example
qemu-nbd --socket=/tmp/my_socket --share=2 my_disk.qcow2
@end example

Paolo Bonzini's avatar
Paolo Bonzini committed
844
@noindent
845 846
and then you can use it with two guests:
@example
Paolo Bonzini's avatar
Paolo Bonzini committed
847 848
qemu-system-i386 linux1.img -hdb nbd+unix://?socket=/tmp/my_socket
qemu-system-i386 linux2.img -hdb nbd+unix://?socket=/tmp/my_socket
849 850
@end example

Paolo Bonzini's avatar
Paolo Bonzini committed
851 852
If the nbd-server uses named exports (supported since NBD 2.9.18, or with QEMU's
own embedded NBD server), you must specify an export name in the URI:
853
@example
Paolo Bonzini's avatar
Paolo Bonzini committed
854 855 856 857 858 859 860 861 862 863
qemu-system-i386 -cdrom nbd://localhost/debian-500-ppc-netinst
qemu-system-i386 -cdrom nbd://localhost/openSUSE-11.1-ppc-netinst
@end example

The URI syntax for NBD is supported since QEMU 1.3.  An alternative syntax is
also available.  Here are some example of the older syntax:
@example
qemu-system-i386 linux.img -hdb nbd:my_nbd_server.mydomain.org:1024
qemu-system-i386 linux2.img -hdb nbd:unix:/tmp/my_socket
qemu-system-i386 -cdrom nbd:localhost:10809:exportname=debian-500-ppc-netinst
864 865
@end example

866 867 868 869 870 871 872 873 874
@node disk_images_sheepdog
@subsection Sheepdog disk images

Sheepdog is a distributed storage system for QEMU.  It provides highly
available block level storage volumes that can be attached to
QEMU-based virtual machines.

You can create a Sheepdog disk image with the command:
@example
MORITA Kazutaka's avatar
MORITA Kazutaka committed
875
qemu-img create sheepdog:///@var{image} @var{size}
876 877 878 879 880 881 882
@end example
where @var{image} is the Sheepdog image name and @var{size} is its
size.

To import the existing @var{filename} to Sheepdog, you can use a
convert command.
@example
MORITA Kazutaka's avatar
MORITA Kazutaka committed
883
qemu-img convert @var{filename} sheepdog:///@var{image}
884 885 886 887
@end example

You can boot from the Sheepdog disk image with the command:
@example
MORITA Kazutaka's avatar
MORITA Kazutaka committed
888
qemu-system-i386 sheepdog:///@var{image}
889 890 891 892
@end example

You can also create a snapshot of the Sheepdog image like qcow2.
@example
MORITA Kazutaka's avatar
MORITA Kazutaka committed
893
qemu-img snapshot -c @var{tag} sheepdog:///@var{image}
894 895 896 897 898 899
@end example
where @var{tag} is a tag name of the newly created snapshot.

To boot from the Sheepdog snapshot, specify the tag name of the
snapshot.
@example
MORITA Kazutaka's avatar
MORITA Kazutaka committed
900
qemu-system-i386 sheepdog:///@var{image}#@var{tag}
901 902 903 904
@end example

You can create a cloned image from the existing snapshot.
@example
MORITA Kazutaka's avatar
MORITA Kazutaka committed
905
qemu-img create -b sheepdog:///@var{base}#@var{tag} sheepdog:///@var{image}
906 907 908 909
@end example
where @var{base} is a image name of the source snapshot and @var{tag}
is its tag name.

910 911 912 913 914 915
You can use an unix socket instead of an inet socket:

@example
qemu-system-i386 sheepdog+unix:///@var{image}?socket=@var{path}
@end example

916 917 918
If the Sheepdog daemon doesn't run on the local host, you need to
specify one of the Sheepdog servers to connect to.
@example
MORITA Kazutaka's avatar
MORITA Kazutaka committed
919 920
qemu-img create sheepdog://@var{hostname}:@var{port}/@var{image} @var{size}
qemu-system-i386 sheepdog://@var{hostname}:@var{port}/@var{image}
921 922
@end example

923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957
@node disk_images_iscsi
@subsection iSCSI LUNs

iSCSI is a popular protocol used to access SCSI devices across a computer
network.

There are two different ways iSCSI devices can be used by QEMU.

The first method is to mount the iSCSI LUN on the host, and make it appear as
any other ordinary SCSI device on the host and then to access this device as a
/dev/sd device from QEMU. How to do this differs between host OSes.

The second method involves using the iSCSI initiator that is built into
QEMU. This provides a mechanism that works the same way regardless of which
host OS you are running QEMU on. This section will describe this second method
of using iSCSI together with QEMU.

In QEMU, iSCSI devices are described using special iSCSI URLs

@example
URL syntax:
iscsi://[<username>[%<password>]@@]<host>[:<port>]/<target-iqn-name>/<lun>
@end example

Username and password are optional and only used if your target is set up
using CHAP authentication for access control.
Alternatively the username and password can also be set via environment
variables to have these not show up in the process list

@example
export LIBISCSI_CHAP_USERNAME=<username>
export LIBISCSI_CHAP_PASSWORD=<password>
iscsi://<host>/<target-iqn-name>/<lun>
@end example

958 959 960 961
Various session related parameters can be set via special options, either
in a configuration file provided via '-readconfig' or directly on the
command line.

962 963 964 965 966
If the initiator-name is not specified qemu will use a default name
of 'iqn.2008-11.org.linux-kvm[:<name>'] where <name> is the name of the
virtual machine.


967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013
@example
Setting a specific initiator name to use when logging in to the target
-iscsi initiator-name=iqn.qemu.test:my-initiator
@end example

@example
Controlling which type of header digest to negotiate with the target
-iscsi header-digest=CRC32C|CRC32C-NONE|NONE-CRC32C|NONE
@end example

These can also be set via a configuration file
@example
[iscsi]
  user = "CHAP username"
  password = "CHAP password"
  initiator-name = "iqn.qemu.test:my-initiator"
  # header digest is one of CRC32C|CRC32C-NONE|NONE-CRC32C|NONE
  header-digest = "CRC32C"
@end example


Setting the target name allows different options for different targets
@example
[iscsi "iqn.target.name"]
  user = "CHAP username"
  password = "CHAP password"
  initiator-name = "iqn.qemu.test:my-initiator"
  # header digest is one of CRC32C|CRC32C-NONE|NONE-CRC32C|NONE
  header-digest = "CRC32C"
@end example


Howto use a configuration file to set iSCSI configuration options:
@example
cat >iscsi.conf <<EOF
[iscsi]
  user = "me"
  password = "my password"
  initiator-name = "iqn.qemu.test:my-initiator"
  header-digest = "CRC32C"
EOF

qemu-system-i386 -drive file=iscsi://127.0.0.1/iqn.qemu.test/1 \
    -readconfig iscsi.conf
@end example


1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027
Howto set up a simple iSCSI target on loopback and accessing it via QEMU:
@example
This example shows how to set up an iSCSI target with one CDROM and one DISK
using the Linux STGT software target. This target is available on Red Hat based
systems as the package 'scsi-target-utils'.

tgtd --iscsi portal=127.0.0.1:3260
tgtadm --lld iscsi --op new --mode target --tid 1 -T iqn.qemu.test
tgtadm --lld iscsi --mode logicalunit --op new --tid 1 --lun 1 \
    -b /IMAGES/disk.img --device-type=disk
tgtadm --lld iscsi --mode logicalunit --op new --tid 1 --lun 2 \
    -b /IMAGES/cd.iso --device-type=cd
tgtadm --lld iscsi --op bind --mode target --tid 1 -I ALL

1028 1029
qemu-system-i386 -iscsi initiator-name=iqn.qemu.test:my-initiator \
    -boot d -drive file=iscsi://127.0.0.1/iqn.qemu.test/1 \
1030 1031 1032
    -cdrom iscsi://127.0.0.1/iqn.qemu.test/2
@end example

1033 1034
@node disk_images_gluster
@subsection GlusterFS disk images
1035

1036
GlusterFS is a user space distributed file system.
1037 1038 1039

You can boot from the GlusterFS disk image with the command:
@example
1040 1041 1042 1043 1044 1045 1046 1047 1048 1049
URI:
qemu-system-x86_64 -drive file=gluster[+@var{type}]://[@var{host}[:@var{port}]]/@var{volume}/@var{path}
                               [?socket=...][,file.debug=9][,file.logfile=...]

JSON:
qemu-system-x86_64 'json:@{"driver":"qcow2",
                           "file":@{"driver":"gluster",
                                    "volume":"testvol","path":"a.img","debug":9,"logfile":"...",
                                    "server":[@{"type":"tcp","host":"...","port":"..."@},
                                              @{"type":"unix","socket":"..."@}]@}@}'
1050 1051 1052 1053
@end example

@var{gluster} is the protocol.

1054
@var{type} specifies the transport type used to connect to gluster
1055
management daemon (glusterd). Valid transport types are
1056 1057
tcp and unix. In the URI form, if a transport type isn't specified,
then tcp type is assumed.
1058

1059 1060 1061
@var{host} specifies the server where the volume file specification for
the given volume resides. This can be either a hostname or an ipv4 address.
If transport type is unix, then @var{host} field should not be specified.
1062 1063 1064 1065
Instead @var{socket} field needs to be populated with the path to unix domain
socket.

@var{port} is the port number on which glusterd is listening. This is optional
1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082
and if not specified, it defaults to port 24007. If the transport type is unix,
then @var{port} should not be specified.

@var{volume} is the name of the gluster volume which contains the disk image.

@var{path} is the path to the actual disk image that resides on gluster volume.

@var{debug} is the logging level of the gluster protocol driver. Debug levels
are 0-9, with 9 being the most verbose, and 0 representing no debugging output.
The default level is 4. The current logging levels defined in the gluster source
are 0 - None, 1 - Emergency, 2 - Alert, 3 - Critical, 4 - Error, 5 - Warning,
6 - Notice, 7 - Info, 8 - Debug, 9 - Trace

@var{logfile} is a commandline option to mention log file path which helps in
logging to the specified file and also help in persisting the gfapi logs. The
default is stderr.

1083 1084 1085 1086 1087



You can create a GlusterFS disk image with the command:
@example
1088
qemu-img create gluster://@var{host}/@var{volume}/@var{path} @var{size}
1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100
@end example

Examples
@example
qemu-system-x86_64 -drive file=gluster://1.2.3.4/testvol/a.img
qemu-system-x86_64 -drive file=gluster+tcp://1.2.3.4/testvol/a.img
qemu-system-x86_64 -drive file=gluster+tcp://1.2.3.4:24007/testvol/dir/a.img
qemu-system-x86_64 -drive file=gluster+tcp://[1:2:3:4:5:6:7:8]/testvol/dir/a.img
qemu-system-x86_64 -drive file=gluster+tcp://[1:2:3:4:5:6:7:8]:24007/testvol/dir/a.img
qemu-system-x86_64 -drive file=gluster+tcp://server.domain.com:24007/testvol/dir/a.img
qemu-system-x86_64 -drive file=gluster+unix:///testvol/dir/a.img?socket=/tmp/glusterd.socket
qemu-system-x86_64 -drive file=gluster+rdma://1.2.3.4:24007/testvol/a.img
1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111
qemu-system-x86_64 -drive file=gluster://1.2.3.4/testvol/a.img,file.debug=9,file.logfile=/var/log/qemu-gluster.log
qemu-system-x86_64 'json:@{"driver":"qcow2",
                           "file":@{"driver":"gluster",
                                    "volume":"testvol","path":"a.img",
                                    "debug":9,"logfile":"/var/log/qemu-gluster.log",
                                    "server":[@{"type":"tcp","host":"1.2.3.4","port":24007@},
                                              @{"type":"unix","socket":"/var/run/glusterd.socket"@}]@}@}'
qemu-system-x86_64 -drive driver=qcow2,file.driver=gluster,file.volume=testvol,file.path=/path/a.img,
                                       file.debug=9,file.logfile=/var/log/qemu-gluster.log,
                                       file.server.0.type=tcp,file.server.0.host=1.2.3.4,file.server.0.port=24007,
                                       file.server.1.type=unix,file.server.1.socket=/var/run/glusterd.socket
1112
@end example
1113

1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155
@node disk_images_ssh
@subsection Secure Shell (ssh) disk images

You can access disk images located on a remote ssh server
by using the ssh protocol:

@example
qemu-system-x86_64 -drive file=ssh://[@var{user}@@]@var{server}[:@var{port}]/@var{path}[?host_key_check=@var{host_key_check}]
@end example

Alternative syntax using properties:

@example
qemu-system-x86_64 -drive file.driver=ssh[,file.user=@var{user}],file.host=@var{server}[,file.port=@var{port}],file.path=@var{path}[,file.host_key_check=@var{host_key_check}]
@end example

@var{ssh} is the protocol.

@var{user} is the remote user.  If not specified, then the local
username is tried.

@var{server} specifies the remote ssh server.  Any ssh server can be
used, but it must implement the sftp-server protocol.  Most Unix/Linux
systems should work without requiring any extra configuration.

@var{port} is the port number on which sshd is listening.  By default
the standard ssh port (22) is used.

@var{path} is the path to the disk image.

The optional @var{host_key_check} parameter controls how the remote
host's key is checked.  The default is @code{yes} which means to use
the local @file{.ssh/known_hosts} file.  Setting this to @code{no}
turns off known-hosts checking.  Or you can check that the host key
matches a specific fingerprint:
@code{host_key_check=md5:78:45:8e:14:57:4f:d5:45:83:0a:0e:f3:49:82:c9:c8}
(@code{sha1:} can also be used as a prefix, but note that OpenSSH
tools only use MD5 to print fingerprints).

Currently authentication must be done using ssh-agent.  Other
authentication methods may be supported in future.

1156 1157 1158 1159 1160 1161 1162 1163 1164 1165
Note: Many ssh servers do not support an @code{fsync}-style operation.
The ssh driver cannot guarantee that disk flush requests are
obeyed, and this causes a risk of disk corruption if the remote
server or network goes down during writes.  The driver will
print a warning when @code{fsync} is not supported:

warning: ssh server @code{ssh.example.com:22} does not support fsync

With sufficiently new versions of libssh2 and OpenSSH, @code{fsync} is
supported.
1166

1167
@node pcsys_network
bellard's avatar
bellard committed
1168 1169
@section Network emulation

1170
QEMU can simulate several network cards (PCI or ISA cards on the PC
bellard's avatar
bellard committed
1171 1172 1173
target) and can connect them to an arbitrary number of Virtual Local
Area Networks (VLANs). Host TAP devices can be connected to any QEMU
VLAN. VLAN can be connected between separate instances of QEMU to
1174
simulate large networks. For simpler usage, a non privileged user mode
bellard's avatar
bellard committed
1175 1176 1177 1178
network stack can replace the TAP device to have a basic network
connection.

@subsection VLANs
bellard's avatar
bellard committed
1179

bellard's avatar
bellard committed
1180 1181 1182 1183
QEMU simulates several VLANs. A VLAN can be symbolised as a virtual
connection between several network devices. These devices can be for
example QEMU virtual Ethernet cards or virtual Host ethernet devices
(TAP devices).
bellard's avatar
bellard committed
1184

bellard's avatar
bellard committed
1185 1186 1187 1188 1189
@subsection Using TAP network interfaces

This is the standard way to connect QEMU to a real network. QEMU adds
a virtual network device on your host (called @code{tapN}), and you
can then configure it as if it was a real ethernet card.
bellard's avatar
bellard committed
1190

bellard's avatar
bellard committed
1191 1192
@subsubsection Linux host

bellard's avatar
bellard committed
1193 1194 1195 1196
As an example, you can download the @file{linux-test-xxx.tar.gz}
archive and copy the script @file{qemu-ifup} in @file{/etc} and
configure properly @code{sudo} so that the command @code{ifconfig}
contained in @file{qemu-ifup} can be executed as root. You must verify
bellard's avatar
bellard committed
1197
that your host kernel supports the TAP network interfaces: the
bellard's avatar
bellard committed
1198 1199
device @file{/dev/net/tun} must be present.

bellard's avatar
bellard committed
1200 1201
See @ref{sec_invocation} to have examples of command lines using the
TAP network interfaces.
bellard's avatar
bellard committed
1202

bellard's avatar
bellard committed
1203 1204 1205 1206 1207 1208 1209
@subsubsection Windows host

There is a virtual ethernet driver for Windows 2000/XP systems, called
TAP-Win32. But it is not included in standard QEMU for Windows,
so you will need to get it separately. It is part of OpenVPN package,
so download OpenVPN from : @url{http://openvpn.net/}.

bellard's avatar
bellard committed
1210 1211
@subsection Using the user mode network stack

bellard's avatar
bellard committed
1212 1213
By using the option @option{-net user} (default configuration if no
@option{-net} option is specified), QEMU uses a completely user mode
1214
network stack (you don't need root privilege to use the virtual
bellard's avatar
bellard committed
1215
network). The virtual network configuration is the following:
bellard's avatar
bellard committed
1216 1217 1218

@example

bellard's avatar
bellard committed
1219 1220
         QEMU VLAN      <------>  Firewall/DHCP server <-----> Internet
                           |          (10.0.2.2)
bellard's avatar
bellard committed
1221
                           |
bellard's avatar
bellard committed
1222
                           ---->  DNS server (10.0.2.3)
1223
                           |
bellard's avatar
bellard committed
1224
                           ---->  SMB server (10.0.2.4)
bellard's avatar
bellard committed
1225 1226 1227 1228
@end example

The QEMU VM behaves as if it was behind a firewall which blocks all
incoming connections. You can use a DHCP client to automatically
bellard's avatar
bellard committed
1229 1230
configure the network in the QEMU VM. The DHCP server assign addresses
to the hosts starting from 10.0.2.15.
bellard's avatar
bellard committed
1231 1232 1233 1234 1235

In order to check that the user mode network is working, you can ping
the address 10.0.2.2 and verify that you got an address in the range
10.0.2.x from the QEMU virtual DHCP server.

1236 1237 1238 1239 1240 1241 1242 1243 1244 1245
Note that ICMP traffic in general does not work with user mode networking.
@code{ping}, aka. ICMP echo, to the local router (10.0.2.2) shall work,
however. If you're using QEMU on Linux >= 3.0, it can use unprivileged ICMP
ping sockets to allow @code{ping} to the Internet. The host admin has to set
the ping_group_range in order to grant access to those sockets. To allow ping
for GID 100 (usually users group):

@example
echo 100 100 > /proc/sys/net/ipv4/ping_group_range
@end example
bellard's avatar
bellard committed
1246

bellard's avatar
bellard committed
1247 1248 1249
When using the built-in TFTP server, the router is also the TFTP
server.

1250 1251 1252
When using the @option{'-netdev user,hostfwd=...'} option, TCP or UDP
connections can be redirected from the host to the guest. It allows for
example to redirect X11, telnet or SSH connections.
bellard's avatar
bellard committed
1253

bellard's avatar
bellard committed
1254 1255 1256 1257 1258 1259
@subsection Connecting VLANs between QEMU instances

Using the @option{-net socket} option, it is possible to make VLANs
that span several QEMU instances. See @ref{sec_invocation} to have a
basic example.

1260
@node pcsys_other_devs
1261 1262 1263 1264
@section Other Devices

@subsection Inter-VM Shared Memory device

1265 1266
On Linux hosts, a shared memory device is available.  The basic syntax
is:
1267 1268

@example
1269 1270 1271 1272 1273 1274 1275 1276
qemu-system-x86_64 -device ivshmem-plain,memdev=@var{hostmem}
@end example

where @var{hostmem} names a host memory backend.  For a POSIX shared
memory backend, use something like

@example
-object memory-backend-file,size=1M,share,mem-path=/dev/shm/ivshmem,id=@var{hostmem}
1277 1278 1279 1280 1281 1282 1283 1284 1285
@end example

If desired, interrupts can be sent between guest VMs accessing the same shared
memory region.  Interrupt support requires using a shared memory server and
using a chardev socket to connect to it.  The code for the shared memory server
is qemu.git/contrib/ivshmem-server.  An example syntax when using the shared
memory server is:

@example
1286
# First start the ivshmem server once and for all
1287
ivshmem-server -p @var{pidfile} -S @var{path} -m @var{shm-name} -l @var{shm-size} -n @var{vectors}
1288 1289

# Then start your qemu instances with matching arguments
1290
qemu-system-x86_64 -device ivshmem-doorbell,vectors=@var{vectors},chardev=@var{id}
1291
                 -chardev socket,path=@var{path},id=@var{id}
1292 1293 1294 1295
@end example

When using the server, the guest will be assigned a VM ID (>=0) that allows guests
using the same server to communicate via interrupts.  Guests can read their
1296
VM ID from a device register (see ivshmem-spec.txt).
1297

1298 1299
@subsubsection Migration with ivshmem

1300 1301 1302 1303 1304
With device property @option{master=on}, the guest will copy the shared
memory on migration to the destination host.  With @option{master=off},
the guest will not be able to migrate with the device attached.  In the
latter case, the device should be detached and then reattached after
migration using the PCI hotplug support.
1305

1306 1307 1308
At most one of the devices sharing the same memory can be master.  The
master must complete migration before you plug back the other devices.

1309 1310 1311 1312 1313 1314
@subsubsection ivshmem and hugepages

Instead of specifying the <shm size> using POSIX shm, you may specify
a memory backend that has hugepage support:

@example
1315 1316
qemu-system-x86_64 -object memory-backend-file,size=1G,mem-path=/dev/hugepages/my-shmem-file,share,id=mb1
                 -device ivshmem-plain,memdev=mb1
1317 1318 1319 1320 1321
@end example

ivshmem-server also supports hugepages mount points with the
@option{-m} memory path argument.

bellard's avatar
bellard committed
1322 1323
@node direct_linux_boot
@section Direct Linux Boot
bellard's avatar
bellard committed
1324 1325 1326

This section explains how to launch a Linux kernel inside QEMU without
having to make a full bootable image. It is very useful for fast Linux
bellard's avatar
bellard committed
1327
kernel testing.
bellard's avatar
bellard committed
1328

bellard's avatar
bellard committed
1329
The syntax is:
bellard's avatar
bellard committed
1330
@example
1331
qemu-system-i386 -kernel arch/i386/boot/bzImage -hda root-2.4.20.img -append "root=/dev/hda"
bellard's avatar
bellard committed
1332 1333
@end example

bellard's avatar
bellard committed
1334 1335 1336
Use @option{-kernel} to provide the Linux kernel image and
@option{-append} to give the kernel command line arguments. The
@option{-initrd} option can be used to provide an INITRD image.
bellard's avatar
bellard committed
1337

bellard's avatar
bellard committed
1338 1339 1340
When using the direct Linux boot, a disk image for the first hard disk
@file{hda} is required because its boot sector is used to launch the
Linux kernel.
bellard's avatar
bellard committed
1341

bellard's avatar
bellard committed
1342 1343 1344
If you do not need graphical output, you can disable it and redirect
the virtual serial port and the QEMU monitor to the console with the
@option{-nographic} option. The typical command line is:
bellard's avatar
bellard committed
1345
@example
1346 1347
qemu-system-i386 -kernel arch/i386/boot/bzImage -hda root-2.4.20.img \
                 -append "root=/dev/hda console=ttyS0" -nographic
bellard's avatar
bellard committed
1348 1349
@end example

bellard's avatar
bellard committed
1350 1351
Use @key{Ctrl-a c} to switch between the serial console and the
monitor (@pxref{pcsys_keys}).
bellard's avatar
bellard committed
1352

1353
@node pcsys_usb
bellard's avatar
bellard committed
1354 1355
@section USB emulation

1356 1357 1358 1359
QEMU can emulate a PCI UHCI, OHCI, EHCI or XHCI USB controller. You can
plug virtual USB devices or real host USB devices (only works with certain
host operating systems). QEMU will automatically create and connect virtual
USB hubs as necessary to connect multiple USB devices.
bellard's avatar
bellard committed
1360

pbrook's avatar
pbrook committed
1361 1362 1363 1364 1365 1366
@menu
* usb_devices::
* host_usb_devices::
@end menu
@node usb_devices
@subsection Connecting USB devices
bellard's avatar
bellard committed
1367

1368 1369
USB devices can be connected with the @option{-device usb-...} command line
option or the @code{device_add} monitor command. Available devices are:
bellard's avatar
bellard committed
1370

1371
@table @code
1372
@item usb-mouse
pbrook's avatar
pbrook committed
1373
Virtual Mouse.  This will override the PS/2 mouse emulation when activated.
1374
@item usb-tablet
bellard's avatar
bellard committed
1375
Pointer device that uses absolute coordinates (like a touchscreen).
1376
This means QEMU is able to report the mouse position without having
pbrook's avatar
pbrook committed
1377
to grab the mouse.  Also overrides the PS/2 mouse emulation when activated.
1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395
@item usb-storage,drive=@var{drive_id}
Mass storage device backed by @var{drive_id} (@pxref{disk_images})
@item usb-uas
USB attached SCSI device, see
@url{http://git.qemu.org/?p=qemu.git;a=blob_plain;f=docs/usb-storage.txt,usb-storage.txt}
for details
@item usb-bot
Bulk-only transport storage device, see
@url{http://git.qemu.org/?p=qemu.git;a=blob_plain;f=docs/usb-storage.txt,usb-storage.txt}
for details here, too
@item usb-mtp,x-root=@var{dir}
Media transfer protocol device, using @var{dir} as root of the file tree
that is presented to the guest.
@item usb-host,hostbus=@var{bus},hostaddr=@var{addr}
Pass through the host device identified by @var{bus} and @var{addr}
@item usb-host,vendorid=@var{vendor},productid=@var{product}
Pass through the host device identified by @var{vendor} and @var{product} ID
@item usb-wacom-tablet
1396 1397 1398
Virtual Wacom PenPartner tablet.  This device is similar to the @code{tablet}
above but it can be used with the tslib library because in addition to touch
coordinates it reports touch pressure.
1399
@item usb-kbd
balrog's avatar
balrog committed
1400
Standard USB keyboard.  Will override the PS/2 keyboard (if present).
1401
@item usb-serial,chardev=@var{id}
1402
Serial converter. This emulates an FTDI FT232BM chip connected to host character
1403 1404
device @var{id}.
@item usb-braille,chardev=@var{id}
aurel32's avatar
aurel32 committed
1405
Braille device.  This will use BrlAPI to display the braille output on a real
1406 1407 1408 1409
or fake device referenced by @var{id}.
@item usb-net[,netdev=@var{id}]
Network adapter that supports CDC ethernet and RNDIS protocols.  @var{id}
specifies a netdev defined with @code{-netdev @dots{},id=@var{id}}.
1410
For instance, user-mode networking can be used with
1411
@example
1412
qemu-system-i386 [...] -netdev user,id=net0 -device usb-net,netdev=net0
1413
@end example
1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425
@item usb-ccid
Smartcard reader device
@item usb-audio
USB audio device
@item usb-bt-dongle
Bluetooth dongle for the transport layer of HCI. It is connected to HCI
scatternet 0 by default (corresponds to @code{-bt hci,vlan=0}).
Note that the syntax for the @code{-device usb-bt-dongle} option is not as
useful yet as it was with the legacy @code{-usbdevice} option. So to
configure an USB bluetooth device, you might need to use
"@code{-usbdevice bt}[:@var{hci-type}]" instead. This configures a
bluetooth dongle whose type is specified in the same format as with
1426 1427 1428 1429 1430
the @option{-bt hci} option, @pxref{bt-hcis,,allowed HCI types}.  If
no type is given, the HCI logic corresponds to @code{-bt hci,vlan=0}.
This USB device implements the USB Transport Layer of HCI.  Example
usage:
@example
1431
@command{qemu-system-i386} [...@var{OPTIONS}...] @option{-usbdevice} bt:hci,vlan=3 @option{-bt} device:keyboard,vlan=3
1432
@end example
pbrook's avatar
pbrook committed
1433
@end table
bellard's avatar
bellard committed
1434

pbrook's avatar
pbrook committed
1435
@node host_usb_devices
bellard's avatar
bellard committed
1436 1437 1438 1439 1440 1441 1442
@subsection Using host USB devices on a Linux host

WARNING: this is an experimental feature. QEMU will slow down when
using it. USB devices requiring real time streaming (i.e. USB Video
Cameras) are not supported yet.

@enumerate
1443
@item If you use an early Linux 2.4 kernel, verify that no Linux driver
bellard's avatar
bellard committed
1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459
is actually using the USB device. A simple way to do that is simply to
disable the corresponding kernel module by renaming it from @file{mydriver.o}
to @file{mydriver.o.disabled}.

@item Verify that @file{/proc/bus/usb} is working (most Linux distributions should enable it by default). You should see something like that:
@example
ls /proc/bus/usb
001  devices  drivers
@end example

@item Since only root can access to the USB devices directly, you can either launch QEMU as root or change the permissions of the USB devices you want to use. For testing, the following suffices:
@example
chown -R myuid /proc/bus/usb
@end example

@item Launch QEMU and do in the monitor:
1460
@example
bellard's avatar
bellard committed
1461 1462 1463 1464 1465 1466 1467 1468
info usbhost
  Device 1.2, speed 480 Mb/s
    Class 00: USB device 1234:5678, USB DISK
@end example
You should see the list of the devices you can use (Never try to use
hubs, it won't work).

@item Add the device in QEMU by using:
1469
@example
1470
device_add usb-host,vendorid=0x1234,productid=0x5678
bellard's avatar
bellard committed
1471 1472
@end example

1473 1474
Normally the guest OS should report that a new USB device is plugged.
You can use the option @option{-device usb-host,...} to do the same.
bellard's avatar
bellard committed
1475 1476 1477 1478 1479 1480 1481 1482

@item Now you can try to use the host USB device in QEMU.

@end enumerate

When relaunching QEMU, you may have to unplug and plug again the USB
device to make it work again (this is a bug).

1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495
@node vnc_security
@section VNC security

The VNC server capability provides access to the graphical console
of the guest VM across the network. This has a number of security
considerations depending on the deployment scenarios.

@menu
* vnc_sec_none::
* vnc_sec_password::
* vnc_sec_certificate::
* vnc_sec_certificate_verify::
* vnc_sec_certificate_pw::
1496 1497
* vnc_sec_sasl::
* vnc_sec_certificate_sasl::
1498
* vnc_generate_cert::
1499
* vnc_setup_sasl::
1500 1501 1502 1503 1504 1505 1506 1507 1508
@end menu
@node vnc_sec_none
@subsection Without passwords

The simplest VNC server setup does not include any form of authentication.
For this setup it is recommended to restrict it to listen on a UNIX domain
socket only. For example

@example
1509
qemu-system-i386 [...OPTIONS...] -vnc unix:/home/joebloggs/.qemu-myvm-vnc
1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524
@end example

This ensures that only users on local box with read/write access to that
path can access the VNC server. To securely access the VNC server from a
remote machine, a combination of netcat+ssh can be used to provide a secure
tunnel.

@node vnc_sec_password
@subsection With passwords

The VNC protocol has limited support for password based authentication. Since
the protocol limits passwords to 8 characters it should not be considered
to provide high security. The password can be fairly easily brute-forced by
a client making repeat connections. For this reason, a VNC server using password
authentication should be restricted to only listen on the loopback interface
1525 1526 1527 1528 1529
or UNIX domain sockets. Password authentication is not supported when operating
in FIPS 140-2 compliance mode as it requires the use of the DES cipher. Password
authentication is requested with the @code{password} option, and then once QEMU
is running the password is set with the monitor. Until the monitor is used to
set the password all clients will be rejected.
1530 1531

@example
1532
qemu-system-i386 [...OPTIONS...] -vnc :1,password -monitor stdio