![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to qemu-doc.texi CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Qemu by Fabrice Bellard] / qemu|
Return to qemu-doc.texi CVS log | Up to [Qemu by Fabrice Bellard] / qemu |
1.1 root 1: \input texinfo @c -*- texinfo -*-
2:
3: @iftex
4: @settitle QEMU CPU Emulator User Documentation
5: @titlepage
6: @sp 7
7: @center @titlefont{QEMU CPU Emulator User Documentation}
8: @sp 3
9: @end titlepage
10: @end iftex
11:
12: @chapter Introduction
13:
14: @section Features
15:
16: QEMU is a FAST! processor emulator using dynamic translation to
17: achieve good emulation speed.
18:
19: QEMU has two operating modes:
20:
21: @itemize @minus
22:
23: @item
24: Full system emulation. In this mode, QEMU emulates a full system (for
25: example a PC), including a processor and various peripherals. It can
26: be used to launch different Operating Systems without rebooting the
27: PC or to debug system code.
28:
29: @item
30: User mode emulation (Linux host only). In this mode, QEMU can launch
31: Linux processes compiled for one CPU on another CPU. It can be used to
32: launch the Wine Windows API emulator (@url{http://www.winehq.org}) or
33: to ease cross-compilation and cross-debugging.
34:
35: @end itemize
36:
37: QEMU can run without an host kernel driver and yet gives acceptable
38: performance.
39:
40: For system emulation, the following hardware targets are supported:
41: @itemize
42: @item PC (x86 or x86_64 processor)
43: @item PREP (PowerPC processor)
44: @item G3 BW PowerMac (PowerPC processor)
45: @item Mac99 PowerMac (PowerPC processor, in progress)
46: @item Sun4m (32-bit Sparc processor)
47: @item Sun4u (64-bit Sparc processor, in progress)
48: @item Malta board (32-bit MIPS processor, in progress)
49: @end itemize
50:
51: For user emulation, x86, PowerPC, ARM, and Sparc32/64 CPUs are supported.
52:
53: @chapter Installation
54:
55: If you want to compile QEMU yourself, see @ref{compilation}.
56:
57: @section Linux
58:
59: If a precompiled package is available for your distribution - you just
60: have to install it. Otherwise, see @ref{compilation}.
61:
62: @section Windows
63:
64: Download the experimental binary installer at
65: @url{http://www.freeoszoo.org/download.php}.
66:
67: @section Mac OS X
68:
69: Download the experimental binary installer at
70: @url{http://www.freeoszoo.org/download.php}.
71:
72: @chapter QEMU PC System emulator invocation
73:
74: @section Introduction
75:
76: @c man begin DESCRIPTION
77:
78: The QEMU System emulator simulates the
79: following PC peripherals:
80:
81: @itemize @minus
82: @item
83: i440FX host PCI bridge and PIIX3 PCI to ISA bridge
84: @item
85: Cirrus CLGD 5446 PCI VGA card or dummy VGA card with Bochs VESA
86: extensions (hardware level, including all non standard modes).
87: @item
88: PS/2 mouse and keyboard
89: @item
90: 2 PCI IDE interfaces with hard disk and CD-ROM support
91: @item
92: Floppy disk
93: @item
94: NE2000 PCI network adapters
95: @item
96: Serial ports
97: @item
98: Soundblaster 16 card
99: @end itemize
100:
101: QEMU uses the PC BIOS from the Bochs project and the Plex86/Bochs LGPL
102: VGA BIOS.
103:
104: @c man end
105:
106: @section Quick Start
107:
108: Download and uncompress the linux image (@file{linux.img}) and type:
109:
110: @example
111: qemu linux.img
112: @end example
113:
114: Linux should boot and give you a prompt.
115:
116: @node sec_invocation
117: @section Invocation
118:
119: @example
120: @c man begin SYNOPSIS
121: usage: qemu [options] [disk_image]
122: @c man end
123: @end example
124:
125: @c man begin OPTIONS
126: @var{disk_image} is a raw hard disk image for IDE hard disk 0.
127:
128: General options:
129: @table @option
130: @item -fda file
131: @item -fdb file
132: Use @var{file} as floppy disk 0/1 image (@xref{disk_images}). You can
133: use the host floppy by using @file{/dev/fd0} as filename.
134:
135: @item -hda file
136: @item -hdb file
137: @item -hdc file
138: @item -hdd file
139: Use @var{file} as hard disk 0, 1, 2 or 3 image (@xref{disk_images}).
140:
141: @item -cdrom file
142: Use @var{file} as CD-ROM image (you cannot use @option{-hdc} and and
143: @option{-cdrom} at the same time). You can use the host CD-ROM by
144: using @file{/dev/cdrom} as filename.
145:
146: @item -boot [a|c|d]
147: Boot on floppy (a), hard disk (c) or CD-ROM (d). Hard disk boot is
148: the default.
149:
150: @item -snapshot
151: Write to temporary files instead of disk image files. In this case,
152: the raw disk image you use is not written back. You can however force
153: the write back by pressing @key{C-a s} (@xref{disk_images}).
154:
155: @item -m megs
156: Set virtual RAM size to @var{megs} megabytes. Default is 128 MB.
157:
158: @item -nographic
159:
160: Normally, QEMU uses SDL to display the VGA output. With this option,
161: you can totally disable graphical output so that QEMU is a simple
162: command line application. The emulated serial port is redirected on
163: the console. Therefore, you can still use QEMU to debug a Linux kernel
164: with a serial console.
165:
166: @item -k language
167:
168: Use keyboard layout @var{language} (for example @code{fr} for
169: French). This option is only needed where it is not easy to get raw PC
170: keycodes (e.g. on Macs or with some X11 servers). You don't need to
171: use it on PC/Linux or PC/Windows hosts.
172:
173: The available layouts are:
174: @example
175: ar de-ch es fo fr-ca hu ja mk no pt-br sv
176: da en-gb et fr fr-ch is lt nl pl ru th
177: de en-us fi fr-be hr it lv nl-be pt sl tr
178: @end example
179:
180: The default is @code{en-us}.
181:
182: @item -enable-audio
183:
184: The SB16 emulation is disabled by default as it may give problems with
185: Windows. You can enable it manually with this option.
186:
187: @item -localtime
188: Set the real time clock to local time (the default is to UTC
189: time). This option is needed to have correct date in MS-DOS or
190: Windows.
191:
192: @item -full-screen
193: Start in full screen.
194:
195: @item -pidfile file
196: Store the QEMU process PID in @var{file}. It is useful if you launch QEMU
197: from a script.
198:
199: @item -win2k-hack
200: Use it when installing Windows 2000 to avoid a disk full bug. After
201: Windows 2000 is installed, you no longer need this option (this option
202: slows down the IDE transfers).
203:
204: @end table
205:
206: Network options:
207:
208: @table @option
209:
210: @item -n script
211: Set TUN/TAP network init script [default=/etc/qemu-ifup]. This script
212: is launched to configure the host network interface (usually tun0)
213: corresponding to the virtual NE2000 card.
214:
215: @item -nics n
216:
217: Simulate @var{n} network cards (the default is 1).
218:
219: @item -macaddr addr
220:
221: Set the mac address of the first interface (the format is
222: aa:bb:cc:dd:ee:ff in hexa). The mac address is incremented for each
223: new network interface.
224:
225: @item -tun-fd fd
226: Assumes @var{fd} talks to a tap/tun host network interface and use
227: it. Read @url{http://bellard.org/qemu/tetrinet.html} to have an
228: example of its use.
229:
230: @item -user-net
231: Use the user mode network stack. This is the default if no tun/tap
232: network init script is found.
233:
234: @item -tftp prefix
235: When using the user mode network stack, activate a built-in TFTP
236: server. All filenames beginning with @var{prefix} can be downloaded
237: from the host to the guest using a TFTP client. The TFTP client on the
238: guest must be configured in binary mode (use the command @code{bin} of
239: the Unix TFTP client). The host IP address on the guest is as usual
240: 10.0.2.2.
241:
242: @item -smb dir
243: When using the user mode network stack, activate a built-in SMB
244: server so that Windows OSes can access to the host files in @file{dir}
245: transparently.
246:
247: In the guest Windows OS, the line:
248: @example
249: 10.0.2.4 smbserver
250: @end example
251: must be added in the file @file{C:\WINDOWS\LMHOSTS} (for windows 9x/Me)
252: or @file{C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS} (Windows NT/2000).
253:
254: Then @file{dir} can be accessed in @file{\\smbserver\qemu}.
255:
256: Note that a SAMBA server must be installed on the host OS in
257: @file{/usr/sbin/smbd}. QEMU was tested succesfully with smbd version
258: 2.2.7a from the Red Hat 9 and version 3.0.10-1.fc3 from Fedora Core 3.
259:
260: @item -redir [tcp|udp]:host-port:[guest-host]:guest-port
261:
262: When using the user mode network stack, redirect incoming TCP or UDP
263: connections to the host port @var{host-port} to the guest
264: @var{guest-host} on guest port @var{guest-port}. If @var{guest-host}
265: is not specified, its value is 10.0.2.15 (default address given by the
266: built-in DHCP server).
267:
268: For example, to redirect host X11 connection from screen 1 to guest
269: screen 0, use the following:
270:
271: @example
272: # on the host
273: qemu -redir tcp:6001::6000 [...]
274: # this host xterm should open in the guest X11 server
275: xterm -display :1
276: @end example
277:
278: To redirect telnet connections from host port 5555 to telnet port on
279: the guest, use the following:
280:
281: @example
282: # on the host
283: qemu -redir tcp:5555::23 [...]
284: telnet localhost 5555
285: @end example
286:
287: Then when you use on the host @code{telnet localhost 5555}, you
288: connect to the guest telnet server.
289:
290: @item -dummy-net
291: Use the dummy network stack: no packet will be received by the network
292: cards.
293:
294: @end table
295:
296: Linux boot specific. When using this options, you can use a given
297: Linux kernel without installing it in the disk image. It can be useful
298: for easier testing of various kernels.
299:
300: @table @option
301:
302: @item -kernel bzImage
303: Use @var{bzImage} as kernel image.
304:
305: @item -append cmdline
306: Use @var{cmdline} as kernel command line
307:
308: @item -initrd file
309: Use @var{file} as initial ram disk.
310:
311: @end table
312:
313: Debug/Expert options:
314: @table @option
315:
316: @item -serial dev
317: Redirect the virtual serial port to host device @var{dev}. Available
318: devices are:
319: @table @code
320: @item vc
321: Virtual console
322: @item pty
323: [Linux only] Pseudo TTY (a new PTY is automatically allocated)
324: @item null
325: void device
326: @item stdio
327: [Unix only] standard input/output
328: @end table
329: The default device is @code{vc} in graphical mode and @code{stdio} in
330: non graphical mode.
331:
332: This option can be used several times to simulate up to 4 serials
333: ports.
334:
335: @item -monitor dev
336: Redirect the monitor to host device @var{dev} (same devices as the
337: serial port).
338: The default device is @code{vc} in graphical mode and @code{stdio} in
339: non graphical mode.
340:
341: @item -s
342: Wait gdb connection to port 1234 (@xref{gdb_usage}).
343: @item -p port
344: Change gdb connection port.
345: @item -S
346: Do not start CPU at startup (you must type 'c' in the monitor).
347: @item -d
348: Output log in /tmp/qemu.log
349: @item -hdachs c,h,s,[,t]
350: Force hard disk 0 physical geometry (1 <= @var{c} <= 16383, 1 <=
351: @var{h} <= 16, 1 <= @var{s} <= 63) and optionally force the BIOS
352: translation mode (@var{t}=none, lba or auto). Usually QEMU can guess
353: all thoses parameters. This option is useful for old MS-DOS disk
354: images.
355:
356: @item -isa
357: Simulate an ISA-only system (default is PCI system).
358: @item -std-vga
359: Simulate a standard VGA card with Bochs VBE extensions (default is
360: Cirrus Logic GD5446 PCI VGA)
361: @item -loadvm file
362: Start right away with a saved state (@code{loadvm} in monitor)
363: @end table
364:
365: @c man end
366:
367: @section Keys
368:
369: @c man begin OPTIONS
370:
371: During the graphical emulation, you can use the following keys:
372: @table @key
373: @item Ctrl-Alt-f
374: Toggle full screen
375:
376: @item Ctrl-Alt-n
377: Switch to virtual console 'n'. Standard console mappings are:
378: @table @emph
379: @item 1
380: Target system display
381: @item 2
382: Monitor
383: @item 3
384: Serial port
385: @end table
386:
387: @item Ctrl-Alt
388: Toggle mouse and keyboard grab.
389: @end table
390:
391: In the virtual consoles, you can use @key{Ctrl-Up}, @key{Ctrl-Down},
392: @key{Ctrl-PageUp} and @key{Ctrl-PageDown} to move in the back log.
393:
394: During emulation, if you are using the @option{-nographic} option, use
395: @key{Ctrl-a h} to get terminal commands:
396:
397: @table @key
398: @item Ctrl-a h
399: Print this help
400: @item Ctrl-a x
401: Exit emulatior
402: @item Ctrl-a s
403: Save disk data back to file (if -snapshot)
404: @item Ctrl-a b
405: Send break (magic sysrq in Linux)
406: @item Ctrl-a c
407: Switch between console and monitor
408: @item Ctrl-a Ctrl-a
409: Send Ctrl-a
410: @end table
411: @c man end
412:
413: @ignore
414:
415: @setfilename qemu
416: @settitle QEMU System Emulator
417:
418: @c man begin SEEALSO
419: The HTML documentation of QEMU for more precise information and Linux
420: user mode emulator invocation.
421: @c man end
422:
423: @c man begin AUTHOR
424: Fabrice Bellard
425: @c man end
426:
427: @end ignore
428:
429: @end ignore
430:
431: @section QEMU Monitor
432:
433: The QEMU monitor is used to give complex commands to the QEMU
434: emulator. You can use it to:
435:
436: @itemize @minus
437:
438: @item
439: Remove or insert removable medias images
440: (such as CD-ROM or floppies)
441:
442: @item
443: Freeze/unfreeze the Virtual Machine (VM) and save or restore its state
444: from a disk file.
445:
446: @item Inspect the VM state without an external debugger.
447:
448: @end itemize
449:
450: @subsection Commands
451:
452: The following commands are available:
453:
454: @table @option
455:
456: @item help or ? [cmd]
457: Show the help for all commands or just for command @var{cmd}.
458:
459: @item commit
460: Commit changes to the disk images (if -snapshot is used)
461:
462: @item info subcommand
463: show various information about the system state
464:
465: @table @option
466: @item info network
467: show the network state
468: @item info block
469: show the block devices
470: @item info registers
471: show the cpu registers
472: @item info history
473: show the command line history
474: @end table
475:
476: @item q or quit
477: Quit the emulator.
478:
479: @item eject [-f] device
480: Eject a removable media (use -f to force it).
481:
482: @item change device filename
483: Change a removable media.
484:
485: @item screendump filename
486: Save screen into PPM image @var{filename}.
487:
488: @item log item1[,...]
489: Activate logging of the specified items to @file{/tmp/qemu.log}.
490:
491: @item savevm filename
492: Save the whole virtual machine state to @var{filename}.
493:
494: @item loadvm filename
495: Restore the whole virtual machine state from @var{filename}.
496:
497: @item stop
498: Stop emulation.
499:
500: @item c or cont
501: Resume emulation.
502:
503: @item gdbserver [port]
504: Start gdbserver session (default port=1234)
505:
506: @item x/fmt addr
507: Virtual memory dump starting at @var{addr}.
508:
509: @item xp /fmt addr
510: Physical memory dump starting at @var{addr}.
511:
512: @var{fmt} is a format which tells the command how to format the
513: data. Its syntax is: @option{/@{count@}@{format@}@{size@}}
514:
515: @table @var
516: @item count
517: is the number of items to be dumped.
518:
519: @item format
520: can be x (hexa), d (signed decimal), u (unsigned decimal), o (octal),
521: c (char) or i (asm instruction).
522:
523: @item size
524: can be b (8 bits), h (16 bits), w (32 bits) or g (64 bits). On x86,
525: @code{h} or @code{w} can be specified with the @code{i} format to
526: respectively select 16 or 32 bit code instruction size.
527:
528: @end table
529:
530: Examples:
531: @itemize
532: @item
533: Dump 10 instructions at the current instruction pointer:
534: @example
535: (qemu) x/10i $eip
536: 0x90107063: ret
537: 0x90107064: sti
538: 0x90107065: lea 0x0(%esi,1),%esi
539: 0x90107069: lea 0x0(%edi,1),%edi
540: 0x90107070: ret
541: 0x90107071: jmp 0x90107080
542: 0x90107073: nop
543: 0x90107074: nop
544: 0x90107075: nop
545: 0x90107076: nop
546: @end example
547:
548: @item
549: Dump 80 16 bit values at the start of the video memory.
550: @example
551: (qemu) xp/80hx 0xb8000
552: 0x000b8000: 0x0b50 0x0b6c 0x0b65 0x0b78 0x0b38 0x0b36 0x0b2f 0x0b42
553: 0x000b8010: 0x0b6f 0x0b63 0x0b68 0x0b73 0x0b20 0x0b56 0x0b47 0x0b41
554: 0x000b8020: 0x0b42 0x0b69 0x0b6f 0x0b73 0x0b20 0x0b63 0x0b75 0x0b72
555: 0x000b8030: 0x0b72 0x0b65 0x0b6e 0x0b74 0x0b2d 0x0b63 0x0b76 0x0b73
556: 0x000b8040: 0x0b20 0x0b30 0x0b35 0x0b20 0x0b4e 0x0b6f 0x0b76 0x0b20
557: 0x000b8050: 0x0b32 0x0b30 0x0b30 0x0b33 0x0720 0x0720 0x0720 0x0720
558: 0x000b8060: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
559: 0x000b8070: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
560: 0x000b8080: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
561: 0x000b8090: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
562: @end example
563: @end itemize
564:
565: @item p or print/fmt expr
566:
567: Print expression value. Only the @var{format} part of @var{fmt} is
568: used.
569:
570: @item sendkey keys
571:
572: Send @var{keys} to the emulator. Use @code{-} to press several keys
573: simultaneously. Example:
574: @example
575: sendkey ctrl-alt-f1
576: @end example
577:
578: This command is useful to send keys that your graphical user interface
579: intercepts at low level, such as @code{ctrl-alt-f1} in X Window.
580:
581: @item system_reset
582:
583: Reset the system.
584:
585: @end table
586:
587: @subsection Integer expressions
588:
589: The monitor understands integers expressions for every integer
590: argument. You can use register names to get the value of specifics
591: CPU registers by prefixing them with @emph{$}.
592:
593: @node disk_images
594: @section Disk Images
595:
596: Since version 0.6.1, QEMU supports many disk image formats, including
597: growable disk images (their size increase as non empty sectors are
598: written), compressed and encrypted disk images.
599:
600: @subsection Quick start for disk image creation
601:
602: You can create a disk image with the command:
603: @example
604: qemu-img create myimage.img mysize
605: @end example
606: where @var{myimage.img} is the disk image filename and @var{mysize} is its
607: size in kilobytes. You can add an @code{M} suffix to give the size in
608: megabytes and a @code{G} suffix for gigabytes.
609:
610: @xref{qemu_img_invocation} for more information.
611:
612: @subsection Snapshot mode
613:
614: If you use the option @option{-snapshot}, all disk images are
615: considered as read only. When sectors in written, they are written in
616: a temporary file created in @file{/tmp}. You can however force the
617: write back to the raw disk images by using the @code{commit} monitor
618: command (or @key{C-a s} in the serial console).
619:
620: @node qemu_img_invocation
621: @subsection @code{qemu-img} Invocation
622:
623: @include qemu-img.texi
624:
625: @section Network emulation
626:
627: QEMU simulates up to 6 networks cards (NE2000 boards). Each card can
628: be connected to a specific host network interface.
629:
630: @subsection Using tun/tap network interface
631:
632: This is the standard way to emulate network. QEMU adds a virtual
633: network device on your host (called @code{tun0}), and you can then
634: configure it as if it was a real ethernet card.
635:
636: As an example, you can download the @file{linux-test-xxx.tar.gz}
637: archive and copy the script @file{qemu-ifup} in @file{/etc} and
638: configure properly @code{sudo} so that the command @code{ifconfig}
639: contained in @file{qemu-ifup} can be executed as root. You must verify
640: that your host kernel supports the TUN/TAP network interfaces: the
641: device @file{/dev/net/tun} must be present.
642:
643: See @ref{direct_linux_boot} to have an example of network use with a
644: Linux distribution.
645:
646: @subsection Using the user mode network stack
647:
648: By using the option @option{-user-net} or if you have no tun/tap init
649: script, QEMU uses a completely user mode network stack (you don't need
650: root priviledge to use the virtual network). The virtual network
651: configuration is the following:
652:
653: @example
654:
655: QEMU Virtual Machine <------> Firewall/DHCP server <-----> Internet
656: (10.0.2.x) | (10.0.2.2)
657: |
658: ----> DNS server (10.0.2.3)
659: |
660: ----> SMB server (10.0.2.4)
661: @end example
662:
663: The QEMU VM behaves as if it was behind a firewall which blocks all
664: incoming connections. You can use a DHCP client to automatically
665: configure the network in the QEMU VM.
666:
667: In order to check that the user mode network is working, you can ping
668: the address 10.0.2.2 and verify that you got an address in the range
669: 10.0.2.x from the QEMU virtual DHCP server.
670:
671: Note that @code{ping} is not supported reliably to the internet as it
672: would require root priviledges. It means you can only ping the local
673: router (10.0.2.2).
674:
675: When using the built-in TFTP server, the router is also the TFTP
676: server.
677:
678: When using the @option{-redir} option, TCP or UDP connections can be
679: redirected from the host to the guest. It allows for example to
680: redirect X11, telnet or SSH connections.
681:
682: @node direct_linux_boot
683: @section Direct Linux Boot
684:
685: This section explains how to launch a Linux kernel inside QEMU without
686: having to make a full bootable image. It is very useful for fast Linux
687: kernel testing. The QEMU network configuration is also explained.
688:
689: @enumerate
690: @item
691: Download the archive @file{linux-test-xxx.tar.gz} containing a Linux
692: kernel and a disk image.
693:
694: @item Optional: If you want network support (for example to launch X11 examples), you
695: must copy the script @file{qemu-ifup} in @file{/etc} and configure
696: properly @code{sudo} so that the command @code{ifconfig} contained in
697: @file{qemu-ifup} can be executed as root. You must verify that your host
698: kernel supports the TUN/TAP network interfaces: the device
699: @file{/dev/net/tun} must be present.
700:
701: When network is enabled, there is a virtual network connection between
702: the host kernel and the emulated kernel. The emulated kernel is seen
703: from the host kernel at IP address 172.20.0.2 and the host kernel is
704: seen from the emulated kernel at IP address 172.20.0.1.
705:
706: @item Launch @code{qemu.sh}. You should have the following output:
707:
708: @example
709: > ./qemu.sh
710: Connected to host network interface: tun0
711: Linux version 2.4.21 ([email protected]) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003
712: BIOS-provided physical RAM map:
713: BIOS-e801: 0000000000000000 - 000000000009f000 (usable)
714: BIOS-e801: 0000000000100000 - 0000000002000000 (usable)
715: 32MB LOWMEM available.
716: On node 0 totalpages: 8192
717: zone(0): 4096 pages.
718: zone(1): 4096 pages.
719: zone(2): 0 pages.
720: Kernel command line: root=/dev/hda sb=0x220,5,1,5 ide2=noprobe ide3=noprobe ide4=noprobe ide5=noprobe console=ttyS0
721: ide_setup: ide2=noprobe
722: ide_setup: ide3=noprobe
723: ide_setup: ide4=noprobe
724: ide_setup: ide5=noprobe
725: Initializing CPU#0
726: Detected 2399.621 MHz processor.
727: Console: colour EGA 80x25
728: Calibrating delay loop... 4744.80 BogoMIPS
729: Memory: 28872k/32768k available (1210k kernel code, 3508k reserved, 266k data, 64k init, 0k highmem)
730: Dentry cache hash table entries: 4096 (order: 3, 32768 bytes)
731: Inode cache hash table entries: 2048 (order: 2, 16384 bytes)
732: Mount cache hash table entries: 512 (order: 0, 4096 bytes)
733: Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
734: Page-cache hash table entries: 8192 (order: 3, 32768 bytes)
735: CPU: Intel Pentium Pro stepping 03
736: Checking 'hlt' instruction... OK.
737: POSIX conformance testing by UNIFIX
738: Linux NET4.0 for Linux 2.4
739: Based upon Swansea University Computer Society NET3.039
740: Initializing RT netlink socket
741: apm: BIOS not found.
742: Starting kswapd
743: Journalled Block Device driver loaded
744: Detected PS/2 Mouse Port.
745: pty: 256 Unix98 ptys configured
746: Serial driver version 5.05c (2001-07-08) with no serial options enabled
747: ttyS00 at 0x03f8 (irq = 4) is a 16450
748: ne.c:v1.10 9/23/94 Donald Becker ([email protected])
749: Last modified Nov 1, 2000 by Paul Gortmaker
750: NE*000 ethercard probe at 0x300: 52 54 00 12 34 56
751: eth0: NE2000 found at 0x300, using IRQ 9.
752: RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize
753: Uniform Multi-Platform E-IDE driver Revision: 7.00beta4-2.4
754: ide: Assuming 50MHz system bus speed for PIO modes; override with idebus=xx
755: hda: QEMU HARDDISK, ATA DISK drive
756: ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
757: hda: attached ide-disk driver.
758: hda: 20480 sectors (10 MB) w/256KiB Cache, CHS=20/16/63
759: Partition check:
760: hda:
761: Soundblaster audio driver Copyright (C) by Hannu Savolainen 1993-1996
762: NET4: Linux TCP/IP 1.0 for NET4.0
763: IP Protocols: ICMP, UDP, TCP, IGMP
764: IP: routing cache hash table of 512 buckets, 4Kbytes
765: TCP: Hash tables configured (established 2048 bind 4096)
766: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
767: EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
768: VFS: Mounted root (ext2 filesystem).
769: Freeing unused kernel memory: 64k freed
770:
771: Linux version 2.4.21 ([email protected]) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003
772:
773: QEMU Linux test distribution (based on Redhat 9)
774:
775: Type 'exit' to halt the system
776:
777: sh-2.05b#
778: @end example
779:
780: @item
781: Then you can play with the kernel inside the virtual serial console. You
782: can launch @code{ls} for example. Type @key{Ctrl-a h} to have an help
783: about the keys you can type inside the virtual serial console. In
784: particular, use @key{Ctrl-a x} to exit QEMU and use @key{Ctrl-a b} as
785: the Magic SysRq key.
786:
787: @item
788: If the network is enabled, launch the script @file{/etc/linuxrc} in the
789: emulator (don't forget the leading dot):
790: @example
791: . /etc/linuxrc
792: @end example
793:
794: Then enable X11 connections on your PC from the emulated Linux:
795: @example
796: xhost +172.20.0.2
797: @end example
798:
799: You can now launch @file{xterm} or @file{xlogo} and verify that you have
800: a real Virtual Linux system !
801:
802: @end enumerate
803:
804: NOTES:
805: @enumerate
806: @item
807: A 2.5.74 kernel is also included in the archive. Just
808: replace the bzImage in qemu.sh to try it.
809:
810: @item
811: In order to exit cleanly from qemu, you can do a @emph{shutdown} inside
812: qemu. qemu will automatically exit when the Linux shutdown is done.
813:
814: @item
815: You can boot slightly faster by disabling the probe of non present IDE
816: interfaces. To do so, add the following options on the kernel command
817: line:
818: @example
819: ide1=noprobe ide2=noprobe ide3=noprobe ide4=noprobe ide5=noprobe
820: @end example
821:
822: @item
823: The example disk image is a modified version of the one made by Kevin
824: Lawton for the plex86 Project (@url{www.plex86.org}).
825:
826: @end enumerate
827:
828: @node gdb_usage
829: @section GDB usage
830:
831: QEMU has a primitive support to work with gdb, so that you can do
832: 'Ctrl-C' while the virtual machine is running and inspect its state.
833:
834: In order to use gdb, launch qemu with the '-s' option. It will wait for a
835: gdb connection:
836: @example
837: > qemu -s -kernel arch/i386/boot/bzImage -hda root-2.4.20.img -append "root=/dev/hda"
838: Connected to host network interface: tun0
839: Waiting gdb connection on port 1234
840: @end example
841:
842: Then launch gdb on the 'vmlinux' executable:
843: @example
844: > gdb vmlinux
845: @end example
846:
847: In gdb, connect to QEMU:
848: @example
849: (gdb) target remote localhost:1234
850: @end example
851:
852: Then you can use gdb normally. For example, type 'c' to launch the kernel:
853: @example
854: (gdb) c
855: @end example
856:
857: Here are some useful tips in order to use gdb on system code:
858:
859: @enumerate
860: @item
861: Use @code{info reg} to display all the CPU registers.
862: @item
863: Use @code{x/10i $eip} to display the code at the PC position.
864: @item
865: Use @code{set architecture i8086} to dump 16 bit code. Then use
866: @code{x/10i $cs*16+*eip} to dump the code at the PC position.
867: @end enumerate
868:
869: @section Target OS specific information
870:
871: @subsection Linux
872:
873: To have access to SVGA graphic modes under X11, use the @code{vesa} or
874: the @code{cirrus} X11 driver. For optimal performances, use 16 bit
875: color depth in the guest and the host OS.
876:
877: When using a 2.6 guest Linux kernel, you should add the option
878: @code{clock=pit} on the kernel command line because the 2.6 Linux
879: kernels make very strict real time clock checks by default that QEMU
880: cannot simulate exactly.
881:
882: When using a 2.6 guest Linux kernel, verify that the 4G/4G patch is
883: not activated because QEMU is slower with this patch. The QEMU
884: Accelerator Module is also much slower in this case. Earlier Fedora
885: Core 3 Linux kernel (< 2.6.9-1.724_FC3) were known to incorporte this
886: patch by default. Newer kernels don't have it.
887:
888: @subsection Windows
889:
890: If you have a slow host, using Windows 95 is better as it gives the
891: best speed. Windows 2000 is also a good choice.
892:
893: @subsubsection SVGA graphic modes support
894:
895: QEMU emulates a Cirrus Logic GD5446 Video
896: card. All Windows versions starting from Windows 95 should recognize
897: and use this graphic card. For optimal performances, use 16 bit color
898: depth in the guest and the host OS.
899:
900: @subsubsection CPU usage reduction
901:
902: Windows 9x does not correctly use the CPU HLT
903: instruction. The result is that it takes host CPU cycles even when
904: idle. You can install the utility from
905: @url{http://www.user.cityline.ru/~maxamn/amnhltm.zip} to solve this
906: problem. Note that no such tool is needed for NT, 2000 or XP.
907:
908: @subsubsection Windows 2000 disk full problem
909:
910: Windows 2000 has a bug which gives a disk full problem during its
911: installation. When installing it, use the @option{-win2k-hack} QEMU
912: option to enable a specific workaround. After Windows 2000 is
913: installed, you no longer need this option (this option slows down the
914: IDE transfers).
915:
916: @subsubsection Windows 2000 shutdown
917:
918: Windows 2000 cannot automatically shutdown in QEMU although Windows 98
919: can. It comes from the fact that Windows 2000 does not automatically
920: use the APM driver provided by the BIOS.
921:
922: In order to correct that, do the following (thanks to Struan
923: Bartlett): go to the Control Panel => Add/Remove Hardware & Next =>
924: Add/Troubleshoot a device => Add a new device & Next => No, select the
925: hardware from a list & Next => NT Apm/Legacy Support & Next => Next
926: (again) a few times. Now the driver is installed and Windows 2000 now
927: correctly instructs QEMU to shutdown at the appropriate moment.
928:
929: @subsubsection Share a directory between Unix and Windows
930:
931: See @ref{sec_invocation} about the help of the option @option{-smb}.
932:
933: @subsubsection Windows XP security problems
934:
935: Some releases of Windows XP install correctly but give a security
936: error when booting:
937: @example
938: A problem is preventing Windows from accurately checking the
939: license for this computer. Error code: 0x800703e6.
940: @end example
941: The only known workaround is to boot in Safe mode
942: without networking support.
943:
944: Future QEMU releases are likely to correct this bug.
945:
946: @subsection MS-DOS and FreeDOS
947:
948: @subsubsection CPU usage reduction
949:
950: DOS does not correctly use the CPU HLT instruction. The result is that
951: it takes host CPU cycles even when idle. You can install the utility
952: from @url{http://www.vmware.com/software/dosidle210.zip} to solve this
953: problem.
954:
955: @chapter QEMU PowerPC System emulator invocation
956:
957: Use the executable @file{qemu-system-ppc} to simulate a complete PREP
958: or PowerMac PowerPC system.
959:
960: QEMU emulates the following PowerMac peripherals:
961:
962: @itemize @minus
963: @item
964: UniNorth PCI Bridge
965: @item
966: PCI VGA compatible card with VESA Bochs Extensions
967: @item
968: 2 PMAC IDE interfaces with hard disk and CD-ROM support
969: @item
970: NE2000 PCI adapters
971: @item
972: Non Volatile RAM
973: @item
974: VIA-CUDA with ADB keyboard and mouse.
975: @end itemize
976:
977: QEMU emulates the following PREP peripherals:
978:
979: @itemize @minus
980: @item
981: PCI Bridge
982: @item
983: PCI VGA compatible card with VESA Bochs Extensions
984: @item
985: 2 IDE interfaces with hard disk and CD-ROM support
986: @item
987: Floppy disk
988: @item
989: NE2000 network adapters
990: @item
991: Serial port
992: @item
993: PREP Non Volatile RAM
994: @item
995: PC compatible keyboard and mouse.
996: @end itemize
997:
998: QEMU uses the Open Hack'Ware Open Firmware Compatible BIOS available at
999: @url{http://site.voila.fr/jmayer/OpenHackWare/index.htm}.
1000:
1001: You can read the qemu PC system emulation chapter to have more
1002: informations about QEMU usage.
1003:
1004: @c man begin OPTIONS
1005:
1006: The following options are specific to the PowerPC emulation:
1007:
1008: @table @option
1009:
1010: @item -prep
1011: Simulate a PREP system (default is PowerMAC)
1012:
1013: @item -g WxH[xDEPTH]
1014:
1015: Set the initial VGA graphic mode. The default is 800x600x15.
1016:
1017: @end table
1018:
1019: @c man end
1020:
1021:
1022: More information is available at
1023: @url{http://jocelyn.mayer.free.fr/qemu-ppc/}.
1024:
1025: @chapter Sparc32 System emulator invocation
1026:
1027: Use the executable @file{qemu-system-sparc} to simulate a JavaStation
1028: (sun4m architecture). The emulation is somewhat complete.
1029:
1030: QEMU emulates the following sun4m peripherals:
1031:
1032: @itemize @minus
1033: @item
1034: IOMMU
1035: @item
1036: TCX Frame buffer
1037: @item
1038: Lance (Am7990) Ethernet
1039: @item
1040: Non Volatile RAM M48T08
1041: @item
1042: Slave I/O: timers, interrupt controllers, Zilog serial ports, keyboard
1043: and power/reset logic
1044: @item
1045: ESP SCSI controller with hard disk and CD-ROM support
1046: @item
1047: Floppy drive
1048: @end itemize
1049:
1050: The number of peripherals is fixed in the architecture.
1051:
1052: QEMU uses the Proll, a PROM replacement available at
1053: @url{http://people.redhat.com/zaitcev/linux/}. The required
1054: QEMU-specific patches are included with the sources.
1055:
1056: A sample Linux 2.6 series kernel and ram disk image are available on
1057: the QEMU web site. Please note that currently neither Linux 2.4
1058: series, NetBSD, nor OpenBSD kernels work.
1059:
1060: @c man begin OPTIONS
1061:
1062: The following options are specific to the Sparc emulation:
1063:
1064: @table @option
1065:
1066: @item -g WxH
1067:
1068: Set the initial TCX graphic mode. The default is 1024x768.
1069:
1070: @end table
1071:
1072: @c man end
1073:
1074: @chapter Sparc64 System emulator invocation
1075:
1076: Use the executable @file{qemu-system-sparc64} to simulate a Sun4u machine.
1077: The emulator is not usable for anything yet.
1078:
1079: QEMU emulates the following sun4u peripherals:
1080:
1081: @itemize @minus
1082: @item
1083: UltraSparc IIi APB PCI Bridge
1084: @item
1085: PCI VGA compatible card with VESA Bochs Extensions
1086: @item
1087: Non Volatile RAM M48T59
1088: @item
1089: PC-compatible serial ports
1090: @end itemize
1091:
1092: @chapter MIPS System emulator invocation
1093:
1094: Use the executable @file{qemu-system-mips} to simulate a MIPS machine.
1095: The emulator begins to launch a Linux kernel.
1096:
1097: @chapter QEMU User space emulator invocation
1098:
1099: @section Quick Start
1100:
1101: In order to launch a Linux process, QEMU needs the process executable
1102: itself and all the target (x86) dynamic libraries used by it.
1103:
1104: @itemize
1105:
1106: @item On x86, you can just try to launch any process by using the native
1107: libraries:
1108:
1109: @example
1110: qemu-i386 -L / /bin/ls
1111: @end example
1112:
1113: @code{-L /} tells that the x86 dynamic linker must be searched with a
1114: @file{/} prefix.
1115:
1116: @item Since QEMU is also a linux process, you can launch qemu with qemu (NOTE: you can only do that if you compiled QEMU from the sources):
1117:
1118: @example
1119: qemu-i386 -L / qemu-i386 -L / /bin/ls
1120: @end example
1121:
1122: @item On non x86 CPUs, you need first to download at least an x86 glibc
1123: (@file{qemu-runtime-i386-XXX-.tar.gz} on the QEMU web page). Ensure that
1124: @code{LD_LIBRARY_PATH} is not set:
1125:
1126: @example
1127: unset LD_LIBRARY_PATH
1128: @end example
1129:
1130: Then you can launch the precompiled @file{ls} x86 executable:
1131:
1132: @example
1133: qemu-i386 tests/i386/ls
1134: @end example
1135: You can look at @file{qemu-binfmt-conf.sh} so that
1136: QEMU is automatically launched by the Linux kernel when you try to
1137: launch x86 executables. It requires the @code{binfmt_misc} module in the
1138: Linux kernel.
1139:
1140: @item The x86 version of QEMU is also included. You can try weird things such as:
1141: @example
1142: qemu-i386 /usr/local/qemu-i386/bin/qemu-i386 /usr/local/qemu-i386/bin/ls-i386
1143: @end example
1144:
1145: @end itemize
1146:
1147: @section Wine launch
1148:
1149: @itemize
1150:
1151: @item Ensure that you have a working QEMU with the x86 glibc
1152: distribution (see previous section). In order to verify it, you must be
1153: able to do:
1154:
1155: @example
1156: qemu-i386 /usr/local/qemu-i386/bin/ls-i386
1157: @end example
1158:
1159: @item Download the binary x86 Wine install
1160: (@file{qemu-XXX-i386-wine.tar.gz} on the QEMU web page).
1161:
1162: @item Configure Wine on your account. Look at the provided script
1163: @file{/usr/local/qemu-i386/bin/wine-conf.sh}. Your previous
1164: @code{$@{HOME@}/.wine} directory is saved to @code{$@{HOME@}/.wine.org}.
1165:
1166: @item Then you can try the example @file{putty.exe}:
1167:
1168: @example
1169: qemu-i386 /usr/local/qemu-i386/wine/bin/wine /usr/local/qemu-i386/wine/c/Program\ Files/putty.exe
1170: @end example
1171:
1172: @end itemize
1173:
1174: @section Command line options
1175:
1176: @example
1177: usage: qemu-i386 [-h] [-d] [-L path] [-s size] program [arguments...]
1178: @end example
1179:
1180: @table @option
1181: @item -h
1182: Print the help
1183: @item -L path
1184: Set the x86 elf interpreter prefix (default=/usr/local/qemu-i386)
1185: @item -s size
1186: Set the x86 stack size in bytes (default=524288)
1187: @end table
1188:
1189: Debug options:
1190:
1191: @table @option
1192: @item -d
1193: Activate log (logfile=/tmp/qemu.log)
1194: @item -p pagesize
1195: Act as if the host page size was 'pagesize' bytes
1196: @end table
1197:
1198: @node compilation
1199: @chapter Compilation from the sources
1200:
1201: @section Linux/Unix
1202:
1203: @subsection Compilation
1204:
1205: First you must decompress the sources:
1206: @example
1207: cd /tmp
1208: tar zxvf qemu-x.y.z.tar.gz
1209: cd qemu-x.y.z
1210: @end example
1211:
1212: Then you configure QEMU and build it (usually no options are needed):
1213: @example
1214: ./configure
1215: make
1216: @end example
1217:
1218: Then type as root user:
1219: @example
1220: make install
1221: @end example
1222: to install QEMU in @file{/usr/local}.
1223:
1224: @subsection Tested tool versions
1225:
1226: In order to compile QEMU succesfully, it is very important that you
1227: have the right tools. The most important one is gcc. I cannot guaranty
1228: that QEMU works if you do not use a tested gcc version. Look at
1229: 'configure' and 'Makefile' if you want to make a different gcc
1230: version work.
1231:
1232: @example
1233: host gcc binutils glibc linux distribution
1234: ----------------------------------------------------------------------
1235: x86 3.2 2.13.2 2.1.3 2.4.18
1236: 2.96 2.11.93.0.2 2.2.5 2.4.18 Red Hat 7.3
1237: 3.2.2 2.13.90.0.18 2.3.2 2.4.20 Red Hat 9
1238:
1239: PowerPC 3.3 [4] 2.13.90.0.18 2.3.1 2.4.20briq
1240: 3.2
1241:
1242: Alpha 3.3 [1] 2.14.90.0.4 2.2.5 2.2.20 [2] Debian 3.0
1243:
1244: Sparc32 2.95.4 2.12.90.0.1 2.2.5 2.4.18 Debian 3.0
1245:
1246: ARM 2.95.4 2.12.90.0.1 2.2.5 2.4.9 [3] Debian 3.0
1247:
1248: [1] On Alpha, QEMU needs the gcc 'visibility' attribute only available
1249: for gcc version >= 3.3.
1250: [2] Linux >= 2.4.20 is necessary for precise exception support
1251: (untested).
1252: [3] 2.4.9-ac10-rmk2-np1-cerf2
1253:
1254: [4] gcc 2.95.x generates invalid code when using too many register
1255: variables. You must use gcc 3.x on PowerPC.
1256: @end example
1257:
1258: @section Windows
1259:
1260: @itemize
1261: @item Install the current versions of MSYS and MinGW from
1262: @url{http://www.mingw.org/}. You can find detailed installation
1263: instructions in the download section and the FAQ.
1264:
1265: @item Download
1266: the MinGW development library of SDL 1.2.x
1267: (@file{SDL-devel-1.2.x-mingw32.tar.gz}) from
1268: @url{http://www.libsdl.org}. Unpack it in a temporary place, and
1269: unpack the archive @file{i386-mingw32msvc.tar.gz} in the MinGW tool
1270: directory. Edit the @file{sdl-config} script so that it gives the
1271: correct SDL directory when invoked.
1272:
1273: @item Extract the current version of QEMU.
1274:
1275: @item Start the MSYS shell (file @file{msys.bat}).
1276:
1277: @item Change to the QEMU directory. Launch @file{./configure} and
1278: @file{make}. If you have problems using SDL, verify that
1279: @file{sdl-config} can be launched from the MSYS command line.
1280:
1281: @item You can install QEMU in @file{Program Files/Qemu} by typing
1282: @file{make install}. Don't forget to copy @file{SDL.dll} in
1283: @file{Program Files/Qemu}.
1284:
1285: @end itemize
1286:
1287: @section Cross compilation for Windows with Linux
1288:
1289: @itemize
1290: @item
1291: Install the MinGW cross compilation tools available at
1292: @url{http://www.mingw.org/}.
1293:
1294: @item
1295: Install the Win32 version of SDL (@url{http://www.libsdl.org}) by
1296: unpacking @file{i386-mingw32msvc.tar.gz}. Set up the PATH environment
1297: variable so that @file{i386-mingw32msvc-sdl-config} can be launched by
1298: the QEMU configuration script.
1299:
1300: @item
1301: Configure QEMU for Windows cross compilation:
1302: @example
1303: ./configure --enable-mingw32
1304: @end example
1305: If necessary, you can change the cross-prefix according to the prefix
1306: choosen for the MinGW tools with --cross-prefix. You can also use
1307: --prefix to set the Win32 install path.
1308:
1309: @item You can install QEMU in the installation directory by typing
1310: @file{make install}. Don't forget to copy @file{SDL.dll} in the
1311: installation directory.
1312:
1313: @end itemize
1314:
1315: Note: Currently, Wine does not seem able to launch
1316: QEMU for Win32.
1317:
1318: @section Mac OS X
1319:
1320: The Mac OS X patches are not fully merged in QEMU, so you should look
1321: at the QEMU mailing list archive to have all the necessary
1322: information.
1323:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.