![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to qemu-doc.texi CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Qemu by Fabrice Bellard] / qemu|
Return to qemu-doc.texi CVS log | Up to [Qemu by Fabrice Bellard] / qemu |
1.1 root 1: \input texinfo @c -*- texinfo -*-
2:
3: @iftex
4: @settitle QEMU CPU Emulator User Documentation
5: @titlepage
6: @sp 7
7: @center @titlefont{QEMU CPU Emulator User Documentation}
8: @sp 3
9: @end titlepage
10: @end iftex
11:
12: @chapter Introduction
13:
14: @section Features
15:
16: QEMU is a FAST! processor emulator using dynamic translation to
17: achieve good emulation speed.
18:
19: QEMU has two operating modes:
20:
21: @itemize @minus
22:
23: @item
24: Full system emulation. In this mode, QEMU emulates a full system (for
1.1.1.2 ! root 25: example a PC), including one or several processors and various
! 26: peripherals. It can be used to launch different Operating Systems
! 27: without rebooting the PC or to debug system code.
1.1 root 28:
29: @item
30: User mode emulation (Linux host only). In this mode, QEMU can launch
31: Linux processes compiled for one CPU on another CPU. It can be used to
32: launch the Wine Windows API emulator (@url{http://www.winehq.org}) or
33: to ease cross-compilation and cross-debugging.
34:
35: @end itemize
36:
37: QEMU can run without an host kernel driver and yet gives acceptable
38: performance.
39:
40: For system emulation, the following hardware targets are supported:
41: @itemize
42: @item PC (x86 or x86_64 processor)
1.1.1.2 ! root 43: @item ISA PC (old style PC without PCI bus)
1.1 root 44: @item PREP (PowerPC processor)
45: @item G3 BW PowerMac (PowerPC processor)
46: @item Mac99 PowerMac (PowerPC processor, in progress)
47: @item Sun4m (32-bit Sparc processor)
48: @item Sun4u (64-bit Sparc processor, in progress)
1.1.1.2 ! root 49: @item Malta board (32-bit MIPS processor)
! 50: @item ARM Integrator/CP (ARM1026E processor)
1.1 root 51: @end itemize
52:
1.1.1.2 ! root 53: For user emulation, x86, PowerPC, ARM, MIPS, and Sparc32/64 CPUs are supported.
1.1 root 54:
55: @chapter Installation
56:
57: If you want to compile QEMU yourself, see @ref{compilation}.
58:
59: @section Linux
60:
61: If a precompiled package is available for your distribution - you just
62: have to install it. Otherwise, see @ref{compilation}.
63:
64: @section Windows
65:
66: Download the experimental binary installer at
67: @url{http://www.freeoszoo.org/download.php}.
68:
69: @section Mac OS X
70:
71: Download the experimental binary installer at
72: @url{http://www.freeoszoo.org/download.php}.
73:
1.1.1.2 ! root 74: @chapter QEMU PC System emulator
1.1 root 75:
76: @section Introduction
77:
78: @c man begin DESCRIPTION
79:
1.1.1.2 ! root 80: The QEMU PC System emulator simulates the
! 81: following peripherals:
1.1 root 82:
83: @itemize @minus
84: @item
85: i440FX host PCI bridge and PIIX3 PCI to ISA bridge
86: @item
87: Cirrus CLGD 5446 PCI VGA card or dummy VGA card with Bochs VESA
88: extensions (hardware level, including all non standard modes).
89: @item
90: PS/2 mouse and keyboard
91: @item
92: 2 PCI IDE interfaces with hard disk and CD-ROM support
93: @item
94: Floppy disk
95: @item
96: NE2000 PCI network adapters
97: @item
98: Serial ports
99: @item
1.1.1.2 ! root 100: Creative SoundBlaster 16 sound card
! 101: @item
! 102: ENSONIQ AudioPCI ES1370 sound card
! 103: @item
! 104: Adlib(OPL2) - Yamaha YM3812 compatible chip
! 105: @item
! 106: PCI UHCI USB controller and a virtual USB hub.
1.1 root 107: @end itemize
108:
1.1.1.2 ! root 109: SMP is supported with up to 255 CPUs.
! 110:
! 111: Note that adlib is only available when QEMU was configured with
! 112: -enable-adlib
! 113:
1.1 root 114: QEMU uses the PC BIOS from the Bochs project and the Plex86/Bochs LGPL
115: VGA BIOS.
116:
1.1.1.2 ! root 117: QEMU uses YM3812 emulation by Tatsuyuki Satoh.
! 118:
1.1 root 119: @c man end
120:
121: @section Quick Start
122:
123: Download and uncompress the linux image (@file{linux.img}) and type:
124:
125: @example
126: qemu linux.img
127: @end example
128:
129: Linux should boot and give you a prompt.
130:
131: @node sec_invocation
132: @section Invocation
133:
134: @example
135: @c man begin SYNOPSIS
136: usage: qemu [options] [disk_image]
137: @c man end
138: @end example
139:
140: @c man begin OPTIONS
141: @var{disk_image} is a raw hard disk image for IDE hard disk 0.
142:
143: General options:
144: @table @option
1.1.1.2 ! root 145: @item -M machine
! 146: Select the emulated machine (@code{-M ?} for list)
! 147:
1.1 root 148: @item -fda file
149: @item -fdb file
150: Use @var{file} as floppy disk 0/1 image (@xref{disk_images}). You can
151: use the host floppy by using @file{/dev/fd0} as filename.
152:
153: @item -hda file
154: @item -hdb file
155: @item -hdc file
156: @item -hdd file
157: Use @var{file} as hard disk 0, 1, 2 or 3 image (@xref{disk_images}).
158:
159: @item -cdrom file
160: Use @var{file} as CD-ROM image (you cannot use @option{-hdc} and and
161: @option{-cdrom} at the same time). You can use the host CD-ROM by
162: using @file{/dev/cdrom} as filename.
163:
164: @item -boot [a|c|d]
165: Boot on floppy (a), hard disk (c) or CD-ROM (d). Hard disk boot is
166: the default.
167:
168: @item -snapshot
169: Write to temporary files instead of disk image files. In this case,
170: the raw disk image you use is not written back. You can however force
171: the write back by pressing @key{C-a s} (@xref{disk_images}).
172:
173: @item -m megs
174: Set virtual RAM size to @var{megs} megabytes. Default is 128 MB.
175:
1.1.1.2 ! root 176: @item -smp n
! 177: Simulate an SMP system with @var{n} CPUs. On the PC target, up to 255
! 178: CPUs are supported.
! 179:
1.1 root 180: @item -nographic
181:
182: Normally, QEMU uses SDL to display the VGA output. With this option,
183: you can totally disable graphical output so that QEMU is a simple
184: command line application. The emulated serial port is redirected on
185: the console. Therefore, you can still use QEMU to debug a Linux kernel
186: with a serial console.
187:
188: @item -k language
189:
190: Use keyboard layout @var{language} (for example @code{fr} for
191: French). This option is only needed where it is not easy to get raw PC
192: keycodes (e.g. on Macs or with some X11 servers). You don't need to
193: use it on PC/Linux or PC/Windows hosts.
194:
195: The available layouts are:
196: @example
197: ar de-ch es fo fr-ca hu ja mk no pt-br sv
198: da en-gb et fr fr-ch is lt nl pl ru th
199: de en-us fi fr-be hr it lv nl-be pt sl tr
200: @end example
201:
202: The default is @code{en-us}.
203:
1.1.1.2 ! root 204: @item -audio-help
1.1 root 205:
1.1.1.2 ! root 206: Will show the audio subsystem help: list of drivers, tunable
! 207: parameters.
! 208:
! 209: @item -soundhw card1,card2,... or -soundhw all
! 210:
! 211: Enable audio and selected sound hardware. Use ? to print all
! 212: available sound hardware.
! 213:
! 214: @example
! 215: qemu -soundhw sb16,adlib hda
! 216: qemu -soundhw es1370 hda
! 217: qemu -soundhw all hda
! 218: qemu -soundhw ?
! 219: @end example
1.1 root 220:
221: @item -localtime
222: Set the real time clock to local time (the default is to UTC
223: time). This option is needed to have correct date in MS-DOS or
224: Windows.
225:
226: @item -full-screen
227: Start in full screen.
228:
229: @item -pidfile file
230: Store the QEMU process PID in @var{file}. It is useful if you launch QEMU
231: from a script.
232:
233: @item -win2k-hack
234: Use it when installing Windows 2000 to avoid a disk full bug. After
235: Windows 2000 is installed, you no longer need this option (this option
236: slows down the IDE transfers).
237:
238: @end table
239:
1.1.1.2 ! root 240: USB options:
! 241: @table @option
! 242:
! 243: @item -usb
! 244: Enable the USB driver (will be the default soon)
! 245:
! 246: @item -usbdevice devname
! 247: Add the USB device @var{devname}. See the monitor command
! 248: @code{usb_add} to have more information.
! 249: @end table
! 250:
1.1 root 251: Network options:
252:
253: @table @option
254:
1.1.1.2 ! root 255: @item -net nic[,vlan=n][,macaddr=addr]
! 256: Create a new Network Interface Card and connect it to VLAN @var{n} (@var{n}
! 257: = 0 is the default). The NIC is currently an NE2000 on the PC
! 258: target. Optionally, the MAC address can be changed. If no
! 259: @option{-net} option is specified, a single NIC is created.
! 260:
! 261: @item -net user[,vlan=n]
! 262: Use the user mode network stack which requires no administrator
! 263: priviledge to run. This is the default if no @option{-net} option is
! 264: specified.
1.1 root 265:
1.1.1.2 ! root 266: @item -net tap[,vlan=n][,fd=h][,ifname=name][,script=file]
! 267: Connect the host TAP network interface @var{name} to VLAN @var{n} and
! 268: use the network script @var{file} to configure it. The default
! 269: network script is @file{/etc/qemu-ifup}. If @var{name} is not
! 270: provided, the OS automatically provides one. @option{fd=h} can be
! 271: used to specify the handle of an already opened host TAP interface. Example:
1.1 root 272:
1.1.1.2 ! root 273: @example
! 274: qemu linux.img -net nic -net tap
! 275: @end example
1.1 root 276:
1.1.1.2 ! root 277: More complicated example (two NICs, each one connected to a TAP device)
! 278: @example
! 279: qemu linux.img -net nic,vlan=0 -net tap,vlan=0,ifname=tap0 \
! 280: -net nic,vlan=1 -net tap,vlan=1,ifname=tap1
! 281: @end example
1.1 root 282:
283:
1.1.1.2 ! root 284: @item -net socket[,vlan=n][,fd=h][,listen=[host]:port][,connect=host:port]
1.1 root 285:
1.1.1.2 ! root 286: Connect the VLAN @var{n} to a remote VLAN in another QEMU virtual
! 287: machine using a TCP socket connection. If @option{listen} is
! 288: specified, QEMU waits for incoming connections on @var{port}
! 289: (@var{host} is optional). @option{connect} is used to connect to
! 290: another QEMU instance using the @option{listen} option. @option{fd=h}
! 291: specifies an already opened TCP socket.
! 292:
! 293: Example:
! 294: @example
! 295: # launch a first QEMU instance
! 296: qemu linux.img -net nic,macaddr=52:54:00:12:34:56 -net socket,listen=:1234
! 297: # connect the VLAN 0 of this instance to the VLAN 0 of the first instance
! 298: qemu linux.img -net nic,macaddr=52:54:00:12:34:57 -net socket,connect=127.0.0.1:1234
! 299: @end example
! 300:
! 301: @item -net socket[,vlan=n][,fd=h][,mcast=maddr:port]
! 302:
! 303: Create a VLAN @var{n} shared with another QEMU virtual
! 304: machines using a UDP multicast socket, effectively making a bus for
! 305: every QEMU with same multicast address @var{maddr} and @var{port}.
! 306: NOTES:
! 307: @enumerate
! 308: @item
! 309: Several QEMU can be running on different hosts and share same bus (assuming
! 310: correct multicast setup for these hosts).
! 311: @item
! 312: mcast support is compatible with User Mode Linux (argument @option{eth@var{N}=mcast}), see
! 313: @url{http://user-mode-linux.sf.net}.
! 314: @item Use @option{fd=h} to specify an already opened UDP multicast socket.
! 315: @end enumerate
! 316:
! 317: Example:
! 318: @example
! 319: # launch one QEMU instance
! 320: qemu linux.img -net nic,macaddr=52:54:00:12:34:56 -net socket,mcast=230.0.0.1:1234
! 321: # launch another QEMU instance on same "bus"
! 322: qemu linux.img -net nic,macaddr=52:54:00:12:34:57 -net socket,mcast=230.0.0.1:1234
! 323: # launch yet another QEMU instance on same "bus"
! 324: qemu linux.img -net nic,macaddr=52:54:00:12:34:58 -net socket,mcast=230.0.0.1:1234
! 325: @end example
! 326:
! 327: Example (User Mode Linux compat.):
! 328: @example
! 329: # launch QEMU instance (note mcast address selected is UML's default)
! 330: qemu linux.img -net nic,macaddr=52:54:00:12:34:56 -net socket,mcast=239.192.168.1:1102
! 331: # launch UML
! 332: /path/to/linux ubd0=/path/to/root_fs eth0=mcast
! 333: @end example
! 334:
! 335: @item -net none
! 336: Indicate that no network devices should be configured. It is used to
! 337: override the default configuration which is activated if no
! 338: @option{-net} options are provided.
1.1 root 339:
340: @item -tftp prefix
341: When using the user mode network stack, activate a built-in TFTP
342: server. All filenames beginning with @var{prefix} can be downloaded
343: from the host to the guest using a TFTP client. The TFTP client on the
344: guest must be configured in binary mode (use the command @code{bin} of
345: the Unix TFTP client). The host IP address on the guest is as usual
346: 10.0.2.2.
347:
348: @item -smb dir
349: When using the user mode network stack, activate a built-in SMB
350: server so that Windows OSes can access to the host files in @file{dir}
351: transparently.
352:
353: In the guest Windows OS, the line:
354: @example
355: 10.0.2.4 smbserver
356: @end example
357: must be added in the file @file{C:\WINDOWS\LMHOSTS} (for windows 9x/Me)
358: or @file{C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS} (Windows NT/2000).
359:
360: Then @file{dir} can be accessed in @file{\\smbserver\qemu}.
361:
362: Note that a SAMBA server must be installed on the host OS in
363: @file{/usr/sbin/smbd}. QEMU was tested succesfully with smbd version
364: 2.2.7a from the Red Hat 9 and version 3.0.10-1.fc3 from Fedora Core 3.
365:
366: @item -redir [tcp|udp]:host-port:[guest-host]:guest-port
367:
368: When using the user mode network stack, redirect incoming TCP or UDP
369: connections to the host port @var{host-port} to the guest
370: @var{guest-host} on guest port @var{guest-port}. If @var{guest-host}
371: is not specified, its value is 10.0.2.15 (default address given by the
372: built-in DHCP server).
373:
374: For example, to redirect host X11 connection from screen 1 to guest
375: screen 0, use the following:
376:
377: @example
378: # on the host
379: qemu -redir tcp:6001::6000 [...]
380: # this host xterm should open in the guest X11 server
381: xterm -display :1
382: @end example
383:
384: To redirect telnet connections from host port 5555 to telnet port on
385: the guest, use the following:
386:
387: @example
388: # on the host
389: qemu -redir tcp:5555::23 [...]
390: telnet localhost 5555
391: @end example
392:
393: Then when you use on the host @code{telnet localhost 5555}, you
394: connect to the guest telnet server.
395:
396: @end table
397:
1.1.1.2 ! root 398: Linux boot specific: When using these options, you can use a given
1.1 root 399: Linux kernel without installing it in the disk image. It can be useful
400: for easier testing of various kernels.
401:
402: @table @option
403:
404: @item -kernel bzImage
405: Use @var{bzImage} as kernel image.
406:
407: @item -append cmdline
408: Use @var{cmdline} as kernel command line
409:
410: @item -initrd file
411: Use @var{file} as initial ram disk.
412:
413: @end table
414:
415: Debug/Expert options:
416: @table @option
417:
418: @item -serial dev
419: Redirect the virtual serial port to host device @var{dev}. Available
420: devices are:
421: @table @code
422: @item vc
423: Virtual console
424: @item pty
425: [Linux only] Pseudo TTY (a new PTY is automatically allocated)
426: @item null
427: void device
1.1.1.2 ! root 428: @item /dev/XXX
! 429: [Linux only] Use host tty, e.g. @file{/dev/ttyS0}. The host serial port
! 430: parameters are set according to the emulated ones.
! 431: @item /dev/parportN
! 432: [Linux only, parallel port only] Use host parallel port
! 433: @var{N}. Currently only SPP parallel port features can be used.
! 434: @item file:filename
! 435: Write output to filename. No character can be read.
1.1 root 436: @item stdio
437: [Unix only] standard input/output
1.1.1.2 ! root 438: @item pipe:filename
! 439: [Unix only] name pipe @var{filename}
1.1 root 440: @end table
441: The default device is @code{vc} in graphical mode and @code{stdio} in
442: non graphical mode.
443:
444: This option can be used several times to simulate up to 4 serials
445: ports.
446:
1.1.1.2 ! root 447: @item -parallel dev
! 448: Redirect the virtual parallel port to host device @var{dev} (same
! 449: devices as the serial port). On Linux hosts, @file{/dev/parportN} can
! 450: be used to use hardware devices connected on the corresponding host
! 451: parallel port.
! 452:
! 453: This option can be used several times to simulate up to 3 parallel
! 454: ports.
! 455:
1.1 root 456: @item -monitor dev
457: Redirect the monitor to host device @var{dev} (same devices as the
458: serial port).
459: The default device is @code{vc} in graphical mode and @code{stdio} in
460: non graphical mode.
461:
462: @item -s
463: Wait gdb connection to port 1234 (@xref{gdb_usage}).
464: @item -p port
465: Change gdb connection port.
466: @item -S
467: Do not start CPU at startup (you must type 'c' in the monitor).
468: @item -d
469: Output log in /tmp/qemu.log
470: @item -hdachs c,h,s,[,t]
471: Force hard disk 0 physical geometry (1 <= @var{c} <= 16383, 1 <=
472: @var{h} <= 16, 1 <= @var{s} <= 63) and optionally force the BIOS
473: translation mode (@var{t}=none, lba or auto). Usually QEMU can guess
474: all thoses parameters. This option is useful for old MS-DOS disk
475: images.
476:
477: @item -std-vga
478: Simulate a standard VGA card with Bochs VBE extensions (default is
479: Cirrus Logic GD5446 PCI VGA)
480: @item -loadvm file
481: Start right away with a saved state (@code{loadvm} in monitor)
482: @end table
483:
484: @c man end
485:
486: @section Keys
487:
488: @c man begin OPTIONS
489:
490: During the graphical emulation, you can use the following keys:
491: @table @key
492: @item Ctrl-Alt-f
493: Toggle full screen
494:
495: @item Ctrl-Alt-n
496: Switch to virtual console 'n'. Standard console mappings are:
497: @table @emph
498: @item 1
499: Target system display
500: @item 2
501: Monitor
502: @item 3
503: Serial port
504: @end table
505:
506: @item Ctrl-Alt
507: Toggle mouse and keyboard grab.
508: @end table
509:
510: In the virtual consoles, you can use @key{Ctrl-Up}, @key{Ctrl-Down},
511: @key{Ctrl-PageUp} and @key{Ctrl-PageDown} to move in the back log.
512:
513: During emulation, if you are using the @option{-nographic} option, use
514: @key{Ctrl-a h} to get terminal commands:
515:
516: @table @key
517: @item Ctrl-a h
518: Print this help
519: @item Ctrl-a x
520: Exit emulatior
521: @item Ctrl-a s
522: Save disk data back to file (if -snapshot)
523: @item Ctrl-a b
524: Send break (magic sysrq in Linux)
525: @item Ctrl-a c
526: Switch between console and monitor
527: @item Ctrl-a Ctrl-a
528: Send Ctrl-a
529: @end table
530: @c man end
531:
532: @ignore
533:
534: @setfilename qemu
535: @settitle QEMU System Emulator
536:
537: @c man begin SEEALSO
538: The HTML documentation of QEMU for more precise information and Linux
539: user mode emulator invocation.
540: @c man end
541:
542: @c man begin AUTHOR
543: Fabrice Bellard
544: @c man end
545:
546: @end ignore
547:
548: @end ignore
549:
550: @section QEMU Monitor
551:
552: The QEMU monitor is used to give complex commands to the QEMU
553: emulator. You can use it to:
554:
555: @itemize @minus
556:
557: @item
558: Remove or insert removable medias images
559: (such as CD-ROM or floppies)
560:
561: @item
562: Freeze/unfreeze the Virtual Machine (VM) and save or restore its state
563: from a disk file.
564:
565: @item Inspect the VM state without an external debugger.
566:
567: @end itemize
568:
569: @subsection Commands
570:
571: The following commands are available:
572:
573: @table @option
574:
575: @item help or ? [cmd]
576: Show the help for all commands or just for command @var{cmd}.
577:
578: @item commit
579: Commit changes to the disk images (if -snapshot is used)
580:
581: @item info subcommand
582: show various information about the system state
583:
584: @table @option
585: @item info network
1.1.1.2 ! root 586: show the various VLANs and the associated devices
1.1 root 587: @item info block
588: show the block devices
589: @item info registers
590: show the cpu registers
591: @item info history
592: show the command line history
1.1.1.2 ! root 593: @item info pci
! 594: show emulated PCI device
! 595: @item info usb
! 596: show USB devices plugged on the virtual USB hub
! 597: @item info usbhost
! 598: show all USB host devices
1.1 root 599: @end table
600:
601: @item q or quit
602: Quit the emulator.
603:
604: @item eject [-f] device
605: Eject a removable media (use -f to force it).
606:
607: @item change device filename
608: Change a removable media.
609:
610: @item screendump filename
611: Save screen into PPM image @var{filename}.
612:
613: @item log item1[,...]
614: Activate logging of the specified items to @file{/tmp/qemu.log}.
615:
616: @item savevm filename
617: Save the whole virtual machine state to @var{filename}.
618:
619: @item loadvm filename
620: Restore the whole virtual machine state from @var{filename}.
621:
622: @item stop
623: Stop emulation.
624:
625: @item c or cont
626: Resume emulation.
627:
628: @item gdbserver [port]
629: Start gdbserver session (default port=1234)
630:
631: @item x/fmt addr
632: Virtual memory dump starting at @var{addr}.
633:
634: @item xp /fmt addr
635: Physical memory dump starting at @var{addr}.
636:
637: @var{fmt} is a format which tells the command how to format the
638: data. Its syntax is: @option{/@{count@}@{format@}@{size@}}
639:
640: @table @var
641: @item count
642: is the number of items to be dumped.
643:
644: @item format
645: can be x (hexa), d (signed decimal), u (unsigned decimal), o (octal),
646: c (char) or i (asm instruction).
647:
648: @item size
649: can be b (8 bits), h (16 bits), w (32 bits) or g (64 bits). On x86,
650: @code{h} or @code{w} can be specified with the @code{i} format to
651: respectively select 16 or 32 bit code instruction size.
652:
653: @end table
654:
655: Examples:
656: @itemize
657: @item
658: Dump 10 instructions at the current instruction pointer:
659: @example
660: (qemu) x/10i $eip
661: 0x90107063: ret
662: 0x90107064: sti
663: 0x90107065: lea 0x0(%esi,1),%esi
664: 0x90107069: lea 0x0(%edi,1),%edi
665: 0x90107070: ret
666: 0x90107071: jmp 0x90107080
667: 0x90107073: nop
668: 0x90107074: nop
669: 0x90107075: nop
670: 0x90107076: nop
671: @end example
672:
673: @item
674: Dump 80 16 bit values at the start of the video memory.
675: @example
676: (qemu) xp/80hx 0xb8000
677: 0x000b8000: 0x0b50 0x0b6c 0x0b65 0x0b78 0x0b38 0x0b36 0x0b2f 0x0b42
678: 0x000b8010: 0x0b6f 0x0b63 0x0b68 0x0b73 0x0b20 0x0b56 0x0b47 0x0b41
679: 0x000b8020: 0x0b42 0x0b69 0x0b6f 0x0b73 0x0b20 0x0b63 0x0b75 0x0b72
680: 0x000b8030: 0x0b72 0x0b65 0x0b6e 0x0b74 0x0b2d 0x0b63 0x0b76 0x0b73
681: 0x000b8040: 0x0b20 0x0b30 0x0b35 0x0b20 0x0b4e 0x0b6f 0x0b76 0x0b20
682: 0x000b8050: 0x0b32 0x0b30 0x0b30 0x0b33 0x0720 0x0720 0x0720 0x0720
683: 0x000b8060: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
684: 0x000b8070: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
685: 0x000b8080: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
686: 0x000b8090: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
687: @end example
688: @end itemize
689:
690: @item p or print/fmt expr
691:
692: Print expression value. Only the @var{format} part of @var{fmt} is
693: used.
694:
695: @item sendkey keys
696:
697: Send @var{keys} to the emulator. Use @code{-} to press several keys
698: simultaneously. Example:
699: @example
700: sendkey ctrl-alt-f1
701: @end example
702:
703: This command is useful to send keys that your graphical user interface
704: intercepts at low level, such as @code{ctrl-alt-f1} in X Window.
705:
706: @item system_reset
707:
708: Reset the system.
709:
1.1.1.2 ! root 710: @item usb_add devname
! 711:
! 712: Plug the USB device devname to the QEMU virtual USB hub. @var{devname}
! 713: is either a virtual device name (for example @code{mouse}) or a host
! 714: USB device identifier. Host USB device identifiers have the following
! 715: syntax: @code{host:bus.addr} or @code{host:vendor_id:product_id}.
! 716:
! 717: @item usb_del devname
! 718:
! 719: Remove the USB device @var{devname} from the QEMU virtual USB
! 720: hub. @var{devname} has the syntax @code{bus.addr}. Use the monitor
! 721: command @code{info usb} to see the devices you can remove.
! 722:
1.1 root 723: @end table
724:
725: @subsection Integer expressions
726:
727: The monitor understands integers expressions for every integer
728: argument. You can use register names to get the value of specifics
729: CPU registers by prefixing them with @emph{$}.
730:
731: @node disk_images
732: @section Disk Images
733:
734: Since version 0.6.1, QEMU supports many disk image formats, including
735: growable disk images (their size increase as non empty sectors are
736: written), compressed and encrypted disk images.
737:
738: @subsection Quick start for disk image creation
739:
740: You can create a disk image with the command:
741: @example
742: qemu-img create myimage.img mysize
743: @end example
744: where @var{myimage.img} is the disk image filename and @var{mysize} is its
745: size in kilobytes. You can add an @code{M} suffix to give the size in
746: megabytes and a @code{G} suffix for gigabytes.
747:
748: @xref{qemu_img_invocation} for more information.
749:
750: @subsection Snapshot mode
751:
752: If you use the option @option{-snapshot}, all disk images are
753: considered as read only. When sectors in written, they are written in
754: a temporary file created in @file{/tmp}. You can however force the
755: write back to the raw disk images by using the @code{commit} monitor
756: command (or @key{C-a s} in the serial console).
757:
758: @node qemu_img_invocation
759: @subsection @code{qemu-img} Invocation
760:
761: @include qemu-img.texi
762:
1.1.1.2 ! root 763: @subsection Virtual FAT disk images
! 764:
! 765: QEMU can automatically create a virtual FAT disk image from a
! 766: directory tree. In order to use it, just type:
! 767:
! 768: @example
! 769: qemu linux.img -hdb fat:/my_directory
! 770: @end example
! 771:
! 772: Then you access access to all the files in the @file{/my_directory}
! 773: directory without having to copy them in a disk image or to export
! 774: them via SAMBA or NFS. The default access is @emph{read-only}.
1.1 root 775:
1.1.1.2 ! root 776: Floppies can be emulated with the @code{:floppy:} option:
1.1 root 777:
1.1.1.2 ! root 778: @example
! 779: qemu linux.img -fda fat:floppy:/my_directory
! 780: @end example
1.1 root 781:
1.1.1.2 ! root 782: A read/write support is available for testing (beta stage) with the
! 783: @code{:rw:} option:
! 784:
! 785: @example
! 786: qemu linux.img -fda fat:floppy:rw:/my_directory
! 787: @end example
! 788:
! 789: What you should @emph{never} do:
! 790: @itemize
! 791: @item use non-ASCII filenames ;
! 792: @item use "-snapshot" together with ":rw:" ;
! 793: @item expect it to work when loadvm'ing ;
! 794: @item write to the FAT directory on the host system while accessing it with the guest system.
! 795: @end itemize
! 796:
! 797: @section Network emulation
! 798:
! 799: QEMU can simulate several networks cards (NE2000 boards on the PC
! 800: target) and can connect them to an arbitrary number of Virtual Local
! 801: Area Networks (VLANs). Host TAP devices can be connected to any QEMU
! 802: VLAN. VLAN can be connected between separate instances of QEMU to
! 803: simulate large networks. For simpler usage, a non priviledged user mode
! 804: network stack can replace the TAP device to have a basic network
! 805: connection.
! 806:
! 807: @subsection VLANs
! 808:
! 809: QEMU simulates several VLANs. A VLAN can be symbolised as a virtual
! 810: connection between several network devices. These devices can be for
! 811: example QEMU virtual Ethernet cards or virtual Host ethernet devices
! 812: (TAP devices).
! 813:
! 814: @subsection Using TAP network interfaces
! 815:
! 816: This is the standard way to connect QEMU to a real network. QEMU adds
! 817: a virtual network device on your host (called @code{tapN}), and you
! 818: can then configure it as if it was a real ethernet card.
1.1 root 819:
820: As an example, you can download the @file{linux-test-xxx.tar.gz}
821: archive and copy the script @file{qemu-ifup} in @file{/etc} and
822: configure properly @code{sudo} so that the command @code{ifconfig}
823: contained in @file{qemu-ifup} can be executed as root. You must verify
1.1.1.2 ! root 824: that your host kernel supports the TAP network interfaces: the
1.1 root 825: device @file{/dev/net/tun} must be present.
826:
827: See @ref{direct_linux_boot} to have an example of network use with a
1.1.1.2 ! root 828: Linux distribution and @ref{sec_invocation} to have examples of
! 829: command lines using the TAP network interfaces.
1.1 root 830:
831: @subsection Using the user mode network stack
832:
1.1.1.2 ! root 833: By using the option @option{-net user} (default configuration if no
! 834: @option{-net} option is specified), QEMU uses a completely user mode
! 835: network stack (you don't need root priviledge to use the virtual
! 836: network). The virtual network configuration is the following:
1.1 root 837:
838: @example
839:
1.1.1.2 ! root 840: QEMU VLAN <------> Firewall/DHCP server <-----> Internet
! 841: | (10.0.2.2)
1.1 root 842: |
843: ----> DNS server (10.0.2.3)
844: |
845: ----> SMB server (10.0.2.4)
846: @end example
847:
848: The QEMU VM behaves as if it was behind a firewall which blocks all
849: incoming connections. You can use a DHCP client to automatically
1.1.1.2 ! root 850: configure the network in the QEMU VM. The DHCP server assign addresses
! 851: to the hosts starting from 10.0.2.15.
1.1 root 852:
853: In order to check that the user mode network is working, you can ping
854: the address 10.0.2.2 and verify that you got an address in the range
855: 10.0.2.x from the QEMU virtual DHCP server.
856:
857: Note that @code{ping} is not supported reliably to the internet as it
858: would require root priviledges. It means you can only ping the local
859: router (10.0.2.2).
860:
861: When using the built-in TFTP server, the router is also the TFTP
862: server.
863:
864: When using the @option{-redir} option, TCP or UDP connections can be
865: redirected from the host to the guest. It allows for example to
866: redirect X11, telnet or SSH connections.
867:
1.1.1.2 ! root 868: @subsection Connecting VLANs between QEMU instances
! 869:
! 870: Using the @option{-net socket} option, it is possible to make VLANs
! 871: that span several QEMU instances. See @ref{sec_invocation} to have a
! 872: basic example.
! 873:
1.1 root 874: @node direct_linux_boot
875: @section Direct Linux Boot
876:
877: This section explains how to launch a Linux kernel inside QEMU without
878: having to make a full bootable image. It is very useful for fast Linux
879: kernel testing. The QEMU network configuration is also explained.
880:
881: @enumerate
882: @item
883: Download the archive @file{linux-test-xxx.tar.gz} containing a Linux
884: kernel and a disk image.
885:
886: @item Optional: If you want network support (for example to launch X11 examples), you
887: must copy the script @file{qemu-ifup} in @file{/etc} and configure
888: properly @code{sudo} so that the command @code{ifconfig} contained in
889: @file{qemu-ifup} can be executed as root. You must verify that your host
890: kernel supports the TUN/TAP network interfaces: the device
891: @file{/dev/net/tun} must be present.
892:
893: When network is enabled, there is a virtual network connection between
894: the host kernel and the emulated kernel. The emulated kernel is seen
895: from the host kernel at IP address 172.20.0.2 and the host kernel is
896: seen from the emulated kernel at IP address 172.20.0.1.
897:
898: @item Launch @code{qemu.sh}. You should have the following output:
899:
900: @example
901: > ./qemu.sh
902: Connected to host network interface: tun0
903: Linux version 2.4.21 ([email protected]) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003
904: BIOS-provided physical RAM map:
905: BIOS-e801: 0000000000000000 - 000000000009f000 (usable)
906: BIOS-e801: 0000000000100000 - 0000000002000000 (usable)
907: 32MB LOWMEM available.
908: On node 0 totalpages: 8192
909: zone(0): 4096 pages.
910: zone(1): 4096 pages.
911: zone(2): 0 pages.
912: Kernel command line: root=/dev/hda sb=0x220,5,1,5 ide2=noprobe ide3=noprobe ide4=noprobe ide5=noprobe console=ttyS0
913: ide_setup: ide2=noprobe
914: ide_setup: ide3=noprobe
915: ide_setup: ide4=noprobe
916: ide_setup: ide5=noprobe
917: Initializing CPU#0
918: Detected 2399.621 MHz processor.
919: Console: colour EGA 80x25
920: Calibrating delay loop... 4744.80 BogoMIPS
921: Memory: 28872k/32768k available (1210k kernel code, 3508k reserved, 266k data, 64k init, 0k highmem)
922: Dentry cache hash table entries: 4096 (order: 3, 32768 bytes)
923: Inode cache hash table entries: 2048 (order: 2, 16384 bytes)
924: Mount cache hash table entries: 512 (order: 0, 4096 bytes)
925: Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
926: Page-cache hash table entries: 8192 (order: 3, 32768 bytes)
927: CPU: Intel Pentium Pro stepping 03
928: Checking 'hlt' instruction... OK.
929: POSIX conformance testing by UNIFIX
930: Linux NET4.0 for Linux 2.4
931: Based upon Swansea University Computer Society NET3.039
932: Initializing RT netlink socket
933: apm: BIOS not found.
934: Starting kswapd
935: Journalled Block Device driver loaded
936: Detected PS/2 Mouse Port.
937: pty: 256 Unix98 ptys configured
938: Serial driver version 5.05c (2001-07-08) with no serial options enabled
939: ttyS00 at 0x03f8 (irq = 4) is a 16450
940: ne.c:v1.10 9/23/94 Donald Becker ([email protected])
941: Last modified Nov 1, 2000 by Paul Gortmaker
942: NE*000 ethercard probe at 0x300: 52 54 00 12 34 56
943: eth0: NE2000 found at 0x300, using IRQ 9.
944: RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize
945: Uniform Multi-Platform E-IDE driver Revision: 7.00beta4-2.4
946: ide: Assuming 50MHz system bus speed for PIO modes; override with idebus=xx
947: hda: QEMU HARDDISK, ATA DISK drive
948: ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
949: hda: attached ide-disk driver.
950: hda: 20480 sectors (10 MB) w/256KiB Cache, CHS=20/16/63
951: Partition check:
952: hda:
953: Soundblaster audio driver Copyright (C) by Hannu Savolainen 1993-1996
954: NET4: Linux TCP/IP 1.0 for NET4.0
955: IP Protocols: ICMP, UDP, TCP, IGMP
956: IP: routing cache hash table of 512 buckets, 4Kbytes
957: TCP: Hash tables configured (established 2048 bind 4096)
958: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
959: EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
960: VFS: Mounted root (ext2 filesystem).
961: Freeing unused kernel memory: 64k freed
962:
963: Linux version 2.4.21 ([email protected]) (gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003
964:
965: QEMU Linux test distribution (based on Redhat 9)
966:
967: Type 'exit' to halt the system
968:
969: sh-2.05b#
970: @end example
971:
972: @item
973: Then you can play with the kernel inside the virtual serial console. You
974: can launch @code{ls} for example. Type @key{Ctrl-a h} to have an help
975: about the keys you can type inside the virtual serial console. In
976: particular, use @key{Ctrl-a x} to exit QEMU and use @key{Ctrl-a b} as
977: the Magic SysRq key.
978:
979: @item
980: If the network is enabled, launch the script @file{/etc/linuxrc} in the
981: emulator (don't forget the leading dot):
982: @example
983: . /etc/linuxrc
984: @end example
985:
986: Then enable X11 connections on your PC from the emulated Linux:
987: @example
988: xhost +172.20.0.2
989: @end example
990:
991: You can now launch @file{xterm} or @file{xlogo} and verify that you have
992: a real Virtual Linux system !
993:
994: @end enumerate
995:
996: NOTES:
997: @enumerate
998: @item
999: A 2.5.74 kernel is also included in the archive. Just
1000: replace the bzImage in qemu.sh to try it.
1001:
1002: @item
1003: In order to exit cleanly from qemu, you can do a @emph{shutdown} inside
1004: qemu. qemu will automatically exit when the Linux shutdown is done.
1005:
1006: @item
1007: You can boot slightly faster by disabling the probe of non present IDE
1008: interfaces. To do so, add the following options on the kernel command
1009: line:
1010: @example
1011: ide1=noprobe ide2=noprobe ide3=noprobe ide4=noprobe ide5=noprobe
1012: @end example
1013:
1014: @item
1015: The example disk image is a modified version of the one made by Kevin
1016: Lawton for the plex86 Project (@url{www.plex86.org}).
1017:
1018: @end enumerate
1019:
1.1.1.2 ! root 1020: @section USB emulation
! 1021:
! 1022: QEMU emulates a PCI UHCI USB controller and a 8 port USB hub connected
! 1023: to it. You can virtually plug to the hub virtual USB devices or real
! 1024: host USB devices (experimental, works only on Linux hosts).
! 1025:
! 1026: @subsection Using virtual USB devices
! 1027:
! 1028: A virtual USB mouse device is available for testing in QEMU.
! 1029:
! 1030: You can try it with the following monitor commands:
! 1031:
! 1032: @example
! 1033: # add the mouse device
! 1034: (qemu) usb_add mouse
! 1035:
! 1036: # show the virtual USB devices plugged on the QEMU Virtual USB hub
! 1037: (qemu) info usb
! 1038: Device 0.3, speed 12 Mb/s
! 1039:
! 1040: # after some time you can try to remove the mouse
! 1041: (qemu) usb_del 0.3
! 1042: @end example
! 1043:
! 1044: The option @option{-usbdevice} is similar to the monitor command
! 1045: @code{usb_add}.
! 1046:
! 1047: @subsection Using host USB devices on a Linux host
! 1048:
! 1049: WARNING: this is an experimental feature. QEMU will slow down when
! 1050: using it. USB devices requiring real time streaming (i.e. USB Video
! 1051: Cameras) are not supported yet.
! 1052:
! 1053: @enumerate
! 1054: @item If you use an early Linux 2.4 kernel, verify that no Linux driver
! 1055: is actually using the USB device. A simple way to do that is simply to
! 1056: disable the corresponding kernel module by renaming it from @file{mydriver.o}
! 1057: to @file{mydriver.o.disabled}.
! 1058:
! 1059: @item Verify that @file{/proc/bus/usb} is working (most Linux distributions should enable it by default). You should see something like that:
! 1060: @example
! 1061: ls /proc/bus/usb
! 1062: 001 devices drivers
! 1063: @end example
! 1064:
! 1065: @item Since only root can access to the USB devices directly, you can either launch QEMU as root or change the permissions of the USB devices you want to use. For testing, the following suffices:
! 1066: @example
! 1067: chown -R myuid /proc/bus/usb
! 1068: @end example
! 1069:
! 1070: @item Launch QEMU and do in the monitor:
! 1071: @example
! 1072: info usbhost
! 1073: Device 1.2, speed 480 Mb/s
! 1074: Class 00: USB device 1234:5678, USB DISK
! 1075: @end example
! 1076: You should see the list of the devices you can use (Never try to use
! 1077: hubs, it won't work).
! 1078:
! 1079: @item Add the device in QEMU by using:
! 1080: @example
! 1081: usb_add host:1234:5678
! 1082: @end example
! 1083:
! 1084: Normally the guest OS should report that a new USB device is
! 1085: plugged. You can use the option @option{-usbdevice} to do the same.
! 1086:
! 1087: @item Now you can try to use the host USB device in QEMU.
! 1088:
! 1089: @end enumerate
! 1090:
! 1091: When relaunching QEMU, you may have to unplug and plug again the USB
! 1092: device to make it work again (this is a bug).
! 1093:
1.1 root 1094: @node gdb_usage
1095: @section GDB usage
1096:
1097: QEMU has a primitive support to work with gdb, so that you can do
1098: 'Ctrl-C' while the virtual machine is running and inspect its state.
1099:
1100: In order to use gdb, launch qemu with the '-s' option. It will wait for a
1101: gdb connection:
1102: @example
1103: > qemu -s -kernel arch/i386/boot/bzImage -hda root-2.4.20.img -append "root=/dev/hda"
1104: Connected to host network interface: tun0
1105: Waiting gdb connection on port 1234
1106: @end example
1107:
1108: Then launch gdb on the 'vmlinux' executable:
1109: @example
1110: > gdb vmlinux
1111: @end example
1112:
1113: In gdb, connect to QEMU:
1114: @example
1115: (gdb) target remote localhost:1234
1116: @end example
1117:
1118: Then you can use gdb normally. For example, type 'c' to launch the kernel:
1119: @example
1120: (gdb) c
1121: @end example
1122:
1123: Here are some useful tips in order to use gdb on system code:
1124:
1125: @enumerate
1126: @item
1127: Use @code{info reg} to display all the CPU registers.
1128: @item
1129: Use @code{x/10i $eip} to display the code at the PC position.
1130: @item
1131: Use @code{set architecture i8086} to dump 16 bit code. Then use
1132: @code{x/10i $cs*16+*eip} to dump the code at the PC position.
1133: @end enumerate
1134:
1135: @section Target OS specific information
1136:
1137: @subsection Linux
1138:
1139: To have access to SVGA graphic modes under X11, use the @code{vesa} or
1140: the @code{cirrus} X11 driver. For optimal performances, use 16 bit
1141: color depth in the guest and the host OS.
1142:
1143: When using a 2.6 guest Linux kernel, you should add the option
1144: @code{clock=pit} on the kernel command line because the 2.6 Linux
1145: kernels make very strict real time clock checks by default that QEMU
1146: cannot simulate exactly.
1147:
1148: When using a 2.6 guest Linux kernel, verify that the 4G/4G patch is
1149: not activated because QEMU is slower with this patch. The QEMU
1150: Accelerator Module is also much slower in this case. Earlier Fedora
1151: Core 3 Linux kernel (< 2.6.9-1.724_FC3) were known to incorporte this
1152: patch by default. Newer kernels don't have it.
1153:
1154: @subsection Windows
1155:
1156: If you have a slow host, using Windows 95 is better as it gives the
1157: best speed. Windows 2000 is also a good choice.
1158:
1159: @subsubsection SVGA graphic modes support
1160:
1161: QEMU emulates a Cirrus Logic GD5446 Video
1162: card. All Windows versions starting from Windows 95 should recognize
1163: and use this graphic card. For optimal performances, use 16 bit color
1164: depth in the guest and the host OS.
1165:
1166: @subsubsection CPU usage reduction
1167:
1168: Windows 9x does not correctly use the CPU HLT
1169: instruction. The result is that it takes host CPU cycles even when
1170: idle. You can install the utility from
1171: @url{http://www.user.cityline.ru/~maxamn/amnhltm.zip} to solve this
1172: problem. Note that no such tool is needed for NT, 2000 or XP.
1173:
1174: @subsubsection Windows 2000 disk full problem
1175:
1176: Windows 2000 has a bug which gives a disk full problem during its
1177: installation. When installing it, use the @option{-win2k-hack} QEMU
1178: option to enable a specific workaround. After Windows 2000 is
1179: installed, you no longer need this option (this option slows down the
1180: IDE transfers).
1181:
1182: @subsubsection Windows 2000 shutdown
1183:
1184: Windows 2000 cannot automatically shutdown in QEMU although Windows 98
1185: can. It comes from the fact that Windows 2000 does not automatically
1186: use the APM driver provided by the BIOS.
1187:
1188: In order to correct that, do the following (thanks to Struan
1189: Bartlett): go to the Control Panel => Add/Remove Hardware & Next =>
1190: Add/Troubleshoot a device => Add a new device & Next => No, select the
1191: hardware from a list & Next => NT Apm/Legacy Support & Next => Next
1192: (again) a few times. Now the driver is installed and Windows 2000 now
1193: correctly instructs QEMU to shutdown at the appropriate moment.
1194:
1195: @subsubsection Share a directory between Unix and Windows
1196:
1197: See @ref{sec_invocation} about the help of the option @option{-smb}.
1198:
1199: @subsubsection Windows XP security problems
1200:
1201: Some releases of Windows XP install correctly but give a security
1202: error when booting:
1203: @example
1204: A problem is preventing Windows from accurately checking the
1205: license for this computer. Error code: 0x800703e6.
1206: @end example
1207: The only known workaround is to boot in Safe mode
1208: without networking support.
1209:
1210: Future QEMU releases are likely to correct this bug.
1211:
1212: @subsection MS-DOS and FreeDOS
1213:
1214: @subsubsection CPU usage reduction
1215:
1216: DOS does not correctly use the CPU HLT instruction. The result is that
1217: it takes host CPU cycles even when idle. You can install the utility
1218: from @url{http://www.vmware.com/software/dosidle210.zip} to solve this
1219: problem.
1220:
1.1.1.2 ! root 1221: @chapter QEMU System emulator for non PC targets
! 1222:
! 1223: QEMU is a generic emulator and it emulates many non PC
! 1224: machines. Most of the options are similar to the PC emulator. The
! 1225: differences are mentionned in the following sections.
! 1226:
! 1227: @section QEMU PowerPC System emulator
1.1 root 1228:
1229: Use the executable @file{qemu-system-ppc} to simulate a complete PREP
1230: or PowerMac PowerPC system.
1231:
1232: QEMU emulates the following PowerMac peripherals:
1233:
1234: @itemize @minus
1235: @item
1236: UniNorth PCI Bridge
1237: @item
1238: PCI VGA compatible card with VESA Bochs Extensions
1239: @item
1240: 2 PMAC IDE interfaces with hard disk and CD-ROM support
1241: @item
1242: NE2000 PCI adapters
1243: @item
1244: Non Volatile RAM
1245: @item
1246: VIA-CUDA with ADB keyboard and mouse.
1247: @end itemize
1248:
1249: QEMU emulates the following PREP peripherals:
1250:
1251: @itemize @minus
1252: @item
1253: PCI Bridge
1254: @item
1255: PCI VGA compatible card with VESA Bochs Extensions
1256: @item
1257: 2 IDE interfaces with hard disk and CD-ROM support
1258: @item
1259: Floppy disk
1260: @item
1261: NE2000 network adapters
1262: @item
1263: Serial port
1264: @item
1265: PREP Non Volatile RAM
1266: @item
1267: PC compatible keyboard and mouse.
1268: @end itemize
1269:
1270: QEMU uses the Open Hack'Ware Open Firmware Compatible BIOS available at
1.1.1.2 ! root 1271: @url{http://perso.magic.fr/l_indien/OpenHackWare/index.htm}.
1.1 root 1272:
1273: @c man begin OPTIONS
1274:
1275: The following options are specific to the PowerPC emulation:
1276:
1277: @table @option
1278:
1279: @item -g WxH[xDEPTH]
1280:
1281: Set the initial VGA graphic mode. The default is 800x600x15.
1282:
1283: @end table
1284:
1285: @c man end
1286:
1287:
1288: More information is available at
1.1.1.2 ! root 1289: @url{http://perso.magic.fr/l_indien/qemu-ppc/}.
1.1 root 1290:
1.1.1.2 ! root 1291: @section Sparc32 System emulator invocation
1.1 root 1292:
1293: Use the executable @file{qemu-system-sparc} to simulate a JavaStation
1294: (sun4m architecture). The emulation is somewhat complete.
1295:
1296: QEMU emulates the following sun4m peripherals:
1297:
1298: @itemize @minus
1299: @item
1300: IOMMU
1301: @item
1302: TCX Frame buffer
1303: @item
1304: Lance (Am7990) Ethernet
1305: @item
1306: Non Volatile RAM M48T08
1307: @item
1308: Slave I/O: timers, interrupt controllers, Zilog serial ports, keyboard
1309: and power/reset logic
1310: @item
1311: ESP SCSI controller with hard disk and CD-ROM support
1312: @item
1313: Floppy drive
1314: @end itemize
1315:
1316: The number of peripherals is fixed in the architecture.
1317:
1318: QEMU uses the Proll, a PROM replacement available at
1319: @url{http://people.redhat.com/zaitcev/linux/}. The required
1320: QEMU-specific patches are included with the sources.
1321:
1322: A sample Linux 2.6 series kernel and ram disk image are available on
1323: the QEMU web site. Please note that currently neither Linux 2.4
1324: series, NetBSD, nor OpenBSD kernels work.
1325:
1326: @c man begin OPTIONS
1327:
1328: The following options are specific to the Sparc emulation:
1329:
1330: @table @option
1331:
1332: @item -g WxH
1333:
1334: Set the initial TCX graphic mode. The default is 1024x768.
1335:
1336: @end table
1337:
1338: @c man end
1339:
1.1.1.2 ! root 1340: @section Sparc64 System emulator invocation
1.1 root 1341:
1342: Use the executable @file{qemu-system-sparc64} to simulate a Sun4u machine.
1343: The emulator is not usable for anything yet.
1344:
1345: QEMU emulates the following sun4u peripherals:
1346:
1347: @itemize @minus
1348: @item
1349: UltraSparc IIi APB PCI Bridge
1350: @item
1351: PCI VGA compatible card with VESA Bochs Extensions
1352: @item
1353: Non Volatile RAM M48T59
1354: @item
1355: PC-compatible serial ports
1356: @end itemize
1357:
1.1.1.2 ! root 1358: @section MIPS System emulator invocation
1.1 root 1359:
1360: Use the executable @file{qemu-system-mips} to simulate a MIPS machine.
1.1.1.2 ! root 1361: The emulator is able to boot a Linux kernel and to run a Linux Debian
! 1362: installation from NFS. The following devices are emulated:
! 1363:
! 1364: @itemize @minus
! 1365: @item
! 1366: MIPS R4K CPU
! 1367: @item
! 1368: PC style serial port
! 1369: @item
! 1370: NE2000 network card
! 1371: @end itemize
! 1372:
! 1373: More information is available in the QEMU mailing-list archive.
! 1374:
! 1375: @section ARM System emulator invocation
! 1376:
! 1377: Use the executable @file{qemu-system-arm} to simulate a ARM
! 1378: machine. The ARM Integrator/CP board is emulated with the following
! 1379: devices:
! 1380:
! 1381: @itemize @minus
! 1382: @item
! 1383: ARM1026E CPU
! 1384: @item
! 1385: Two PL011 UARTs
! 1386: @item
! 1387: SMC 91c111 Ethernet adapter
! 1388: @end itemize
! 1389:
! 1390: A Linux 2.6 test image is available on the QEMU web site. More
! 1391: information is available in the QEMU mailing-list archive.
1.1 root 1392:
1.1.1.2 ! root 1393: @chapter QEMU Linux User space emulator
1.1 root 1394:
1395: @section Quick Start
1396:
1397: In order to launch a Linux process, QEMU needs the process executable
1398: itself and all the target (x86) dynamic libraries used by it.
1399:
1400: @itemize
1401:
1402: @item On x86, you can just try to launch any process by using the native
1403: libraries:
1404:
1405: @example
1406: qemu-i386 -L / /bin/ls
1407: @end example
1408:
1409: @code{-L /} tells that the x86 dynamic linker must be searched with a
1410: @file{/} prefix.
1411:
1412: @item Since QEMU is also a linux process, you can launch qemu with qemu (NOTE: you can only do that if you compiled QEMU from the sources):
1413:
1414: @example
1415: qemu-i386 -L / qemu-i386 -L / /bin/ls
1416: @end example
1417:
1418: @item On non x86 CPUs, you need first to download at least an x86 glibc
1419: (@file{qemu-runtime-i386-XXX-.tar.gz} on the QEMU web page). Ensure that
1420: @code{LD_LIBRARY_PATH} is not set:
1421:
1422: @example
1423: unset LD_LIBRARY_PATH
1424: @end example
1425:
1426: Then you can launch the precompiled @file{ls} x86 executable:
1427:
1428: @example
1429: qemu-i386 tests/i386/ls
1430: @end example
1431: You can look at @file{qemu-binfmt-conf.sh} so that
1432: QEMU is automatically launched by the Linux kernel when you try to
1433: launch x86 executables. It requires the @code{binfmt_misc} module in the
1434: Linux kernel.
1435:
1436: @item The x86 version of QEMU is also included. You can try weird things such as:
1437: @example
1438: qemu-i386 /usr/local/qemu-i386/bin/qemu-i386 /usr/local/qemu-i386/bin/ls-i386
1439: @end example
1440:
1441: @end itemize
1442:
1443: @section Wine launch
1444:
1445: @itemize
1446:
1447: @item Ensure that you have a working QEMU with the x86 glibc
1448: distribution (see previous section). In order to verify it, you must be
1449: able to do:
1450:
1451: @example
1452: qemu-i386 /usr/local/qemu-i386/bin/ls-i386
1453: @end example
1454:
1455: @item Download the binary x86 Wine install
1456: (@file{qemu-XXX-i386-wine.tar.gz} on the QEMU web page).
1457:
1458: @item Configure Wine on your account. Look at the provided script
1459: @file{/usr/local/qemu-i386/bin/wine-conf.sh}. Your previous
1460: @code{$@{HOME@}/.wine} directory is saved to @code{$@{HOME@}/.wine.org}.
1461:
1462: @item Then you can try the example @file{putty.exe}:
1463:
1464: @example
1465: qemu-i386 /usr/local/qemu-i386/wine/bin/wine /usr/local/qemu-i386/wine/c/Program\ Files/putty.exe
1466: @end example
1467:
1468: @end itemize
1469:
1470: @section Command line options
1471:
1472: @example
1473: usage: qemu-i386 [-h] [-d] [-L path] [-s size] program [arguments...]
1474: @end example
1475:
1476: @table @option
1477: @item -h
1478: Print the help
1479: @item -L path
1480: Set the x86 elf interpreter prefix (default=/usr/local/qemu-i386)
1481: @item -s size
1482: Set the x86 stack size in bytes (default=524288)
1483: @end table
1484:
1485: Debug options:
1486:
1487: @table @option
1488: @item -d
1489: Activate log (logfile=/tmp/qemu.log)
1490: @item -p pagesize
1491: Act as if the host page size was 'pagesize' bytes
1492: @end table
1493:
1494: @node compilation
1495: @chapter Compilation from the sources
1496:
1497: @section Linux/Unix
1498:
1499: @subsection Compilation
1500:
1501: First you must decompress the sources:
1502: @example
1503: cd /tmp
1504: tar zxvf qemu-x.y.z.tar.gz
1505: cd qemu-x.y.z
1506: @end example
1507:
1508: Then you configure QEMU and build it (usually no options are needed):
1509: @example
1510: ./configure
1511: make
1512: @end example
1513:
1514: Then type as root user:
1515: @example
1516: make install
1517: @end example
1518: to install QEMU in @file{/usr/local}.
1519:
1520: @subsection Tested tool versions
1521:
1522: In order to compile QEMU succesfully, it is very important that you
1523: have the right tools. The most important one is gcc. I cannot guaranty
1524: that QEMU works if you do not use a tested gcc version. Look at
1525: 'configure' and 'Makefile' if you want to make a different gcc
1526: version work.
1527:
1528: @example
1529: host gcc binutils glibc linux distribution
1530: ----------------------------------------------------------------------
1531: x86 3.2 2.13.2 2.1.3 2.4.18
1532: 2.96 2.11.93.0.2 2.2.5 2.4.18 Red Hat 7.3
1533: 3.2.2 2.13.90.0.18 2.3.2 2.4.20 Red Hat 9
1534:
1535: PowerPC 3.3 [4] 2.13.90.0.18 2.3.1 2.4.20briq
1536: 3.2
1537:
1538: Alpha 3.3 [1] 2.14.90.0.4 2.2.5 2.2.20 [2] Debian 3.0
1539:
1540: Sparc32 2.95.4 2.12.90.0.1 2.2.5 2.4.18 Debian 3.0
1541:
1542: ARM 2.95.4 2.12.90.0.1 2.2.5 2.4.9 [3] Debian 3.0
1543:
1544: [1] On Alpha, QEMU needs the gcc 'visibility' attribute only available
1545: for gcc version >= 3.3.
1546: [2] Linux >= 2.4.20 is necessary for precise exception support
1547: (untested).
1548: [3] 2.4.9-ac10-rmk2-np1-cerf2
1549:
1550: [4] gcc 2.95.x generates invalid code when using too many register
1551: variables. You must use gcc 3.x on PowerPC.
1552: @end example
1553:
1554: @section Windows
1555:
1556: @itemize
1557: @item Install the current versions of MSYS and MinGW from
1558: @url{http://www.mingw.org/}. You can find detailed installation
1559: instructions in the download section and the FAQ.
1560:
1561: @item Download
1562: the MinGW development library of SDL 1.2.x
1563: (@file{SDL-devel-1.2.x-mingw32.tar.gz}) from
1564: @url{http://www.libsdl.org}. Unpack it in a temporary place, and
1565: unpack the archive @file{i386-mingw32msvc.tar.gz} in the MinGW tool
1566: directory. Edit the @file{sdl-config} script so that it gives the
1567: correct SDL directory when invoked.
1568:
1569: @item Extract the current version of QEMU.
1570:
1571: @item Start the MSYS shell (file @file{msys.bat}).
1572:
1573: @item Change to the QEMU directory. Launch @file{./configure} and
1574: @file{make}. If you have problems using SDL, verify that
1575: @file{sdl-config} can be launched from the MSYS command line.
1576:
1577: @item You can install QEMU in @file{Program Files/Qemu} by typing
1578: @file{make install}. Don't forget to copy @file{SDL.dll} in
1579: @file{Program Files/Qemu}.
1580:
1581: @end itemize
1582:
1583: @section Cross compilation for Windows with Linux
1584:
1585: @itemize
1586: @item
1587: Install the MinGW cross compilation tools available at
1588: @url{http://www.mingw.org/}.
1589:
1590: @item
1591: Install the Win32 version of SDL (@url{http://www.libsdl.org}) by
1592: unpacking @file{i386-mingw32msvc.tar.gz}. Set up the PATH environment
1593: variable so that @file{i386-mingw32msvc-sdl-config} can be launched by
1594: the QEMU configuration script.
1595:
1596: @item
1597: Configure QEMU for Windows cross compilation:
1598: @example
1599: ./configure --enable-mingw32
1600: @end example
1601: If necessary, you can change the cross-prefix according to the prefix
1602: choosen for the MinGW tools with --cross-prefix. You can also use
1603: --prefix to set the Win32 install path.
1604:
1605: @item You can install QEMU in the installation directory by typing
1606: @file{make install}. Don't forget to copy @file{SDL.dll} in the
1607: installation directory.
1608:
1609: @end itemize
1610:
1611: Note: Currently, Wine does not seem able to launch
1612: QEMU for Win32.
1613:
1614: @section Mac OS X
1615:
1616: The Mac OS X patches are not fully merged in QEMU, so you should look
1617: at the QEMU mailing list archive to have all the necessary
1618: information.
1619:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.