• R/O
  • HTTP
  • SSH
  • HTTPS

Commit

Tags
No Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

Commit MetaInfo

Revisão3a8273b1ab3299cf92f7f72b41f56471ecb8e5cf (tree)
Hora2020-03-06 20:06:55
AutorPeter Maydell <peter.maydell@lina...>
CommiterPeter Maydell

Mensagem de Log

docs: Remove old texinfo sources

We can now delete the old .texi files, which we have been keeping in
the tree as a parallel set of documentation to the new rST sources.
The only remaining use of Texinfo is the autogenerated manuals
and HTML documents created from the QAPI JSON doc comments.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Kashyap Chamarthy <kchamart@redhat.com>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20200228153619.9906-33-peter.maydell@linaro.org

Mudança Sumário

  • modified: MAINTAINERS (diff)
  • delete: docs/system/build-platforms.texi
  • delete: docs/system/cpu-models-mips.texi
  • delete: docs/system/cpu-models-x86.texi
  • delete: docs/system/deprecated.texi
  • delete: docs/system/gdb.texi
  • delete: docs/system/images.texi
  • delete: docs/system/invocation.texi
  • delete: docs/system/ivshmem.texi
  • delete: docs/system/keys.texi
  • delete: docs/system/license.texi
  • delete: docs/system/linuxboot.texi
  • delete: docs/system/managed-startup.texi
  • delete: docs/system/monitor.texi
  • delete: docs/system/mux-chardev.texi
  • delete: docs/system/net.texi
  • delete: docs/system/qemu-option-trace.texi
  • delete: docs/system/quickstart.texi
  • delete: docs/system/security.texi
  • delete: docs/system/target-arm.texi
  • delete: docs/system/target-i386.texi
  • delete: docs/system/target-m68k.texi
  • delete: docs/system/target-mips.texi
  • delete: docs/system/target-ppc.texi
  • delete: docs/system/target-sparc.texi
  • delete: docs/system/target-sparc64.texi
  • delete: docs/system/target-xtensa.texi
  • delete: docs/system/tls.texi
  • delete: docs/system/usb.texi
  • delete: docs/system/vnc-security.texi
  • delete: qemu-doc.texi

Diff

--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -215,7 +215,6 @@ S: Maintained
215215 F: target/mips/
216216 F: default-configs/*mips*
217217 F: disas/*mips*
218-F: docs/system/cpu-models-mips.texi
219218 F: docs/system/cpu-models-mips.rst.inc
220219 F: hw/intc/mips_gic.c
221220 F: hw/mips/
@@ -321,7 +320,6 @@ F: tests/tcg/i386/
321320 F: tests/tcg/x86_64/
322321 F: hw/i386/
323322 F: disas/i386.c
324-F: docs/system/cpu-models-x86.texi
325323 F: docs/system/cpu-models-x86.rst.inc
326324 T: git https://github.com/ehabkost/qemu.git x86-next
327325
@@ -2236,7 +2234,7 @@ M: Stefan Hajnoczi <stefanha@redhat.com>
22362234 S: Maintained
22372235 F: trace/
22382236 F: trace-events
2239-F: docs/system/qemu-option-trace.texi
2237+F: docs/qemu-option-trace.rst.inc
22402238 F: scripts/tracetool.py
22412239 F: scripts/tracetool/
22422240 F: scripts/qemu-trace-stap*
@@ -2806,7 +2804,6 @@ F: contrib/gitdm/*
28062804
28072805 Incompatible changes
28082806 R: libvir-list@redhat.com
2809-F: docs/system/deprecated.texi
28102807 F: docs/system/deprecated.rst
28112808
28122809 Build System
--- a/docs/system/build-platforms.texi
+++ /dev/null
@@ -1,67 +0,0 @@
1-@node Supported build platforms
2-@appendix Supported build platforms
3-
4-QEMU aims to support building and executing on multiple host OS platforms.
5-This appendix outlines which platforms are the major build targets. These
6-platforms are used as the basis for deciding upon the minimum required
7-versions of 3rd party software QEMU depends on. The supported platforms
8-are the targets for automated testing performed by the project when patches
9-are submitted for review, and tested before and after merge.
10-
11-If a platform is not listed here, it does not imply that QEMU won't work.
12-If an unlisted platform has comparable software versions to a listed platform,
13-there is every expectation that it will work. Bug reports are welcome for
14-problems encountered on unlisted platforms unless they are clearly older
15-vintage than what is described here.
16-
17-Note that when considering software versions shipped in distros as support
18-targets, QEMU considers only the version number, and assumes the features in
19-that distro match the upstream release with the same version. In other words,
20-if a distro backports extra features to the software in their distro, QEMU
21-upstream code will not add explicit support for those backports, unless the
22-feature is auto-detectable in a manner that works for the upstream releases
23-too.
24-
25-The Repology site @url{https://repology.org} is a useful resource to identify
26-currently shipped versions of software in various operating systems, though
27-it does not cover all distros listed below.
28-
29-@section Linux OS
30-
31-For distributions with frequent, short-lifetime releases, the project will
32-aim to support all versions that are not end of life by their respective
33-vendors. For the purposes of identifying supported software versions, the
34-project will look at Fedora, Ubuntu, and openSUSE distros. Other short-
35-lifetime distros will be assumed to ship similar software versions.
36-
37-For distributions with long-lifetime releases, the project will aim to support
38-the most recent major version at all times. Support for the previous major
39-version will be dropped 2 years after the new major version is released,
40-or when it reaches ``end of life''. For the purposes of identifying
41-supported software versions, the project will look at RHEL, Debian,
42-Ubuntu LTS, and SLES distros. Other long-lifetime distros will be
43-assumed to ship similar software versions.
44-
45-@section Windows
46-
47-The project supports building with current versions of the MinGW toolchain,
48-hosted on Linux.
49-
50-@section macOS
51-
52-The project supports building with the two most recent versions of macOS, with
53-the current homebrew package set available.
54-
55-@section FreeBSD
56-
57-The project aims to support the all the versions which are not end of life.
58-
59-@section NetBSD
60-
61-The project aims to support the most recent major version at all times. Support
62-for the previous major version will be dropped 2 years after the new major
63-version is released.
64-
65-@section OpenBSD
66-
67-The project aims to support the all the versions which are not end of life.
--- a/docs/system/cpu-models-mips.texi
+++ /dev/null
@@ -1,157 +0,0 @@
1-@node recommendations_cpu_models_MIPS
2-@section Supported CPU model configurations on MIPS hosts
3-
4-QEMU supports variety of MIPS CPU models:
5-
6-@menu
7-* cpu_models_MIPS32:: Supported CPU models for MIPS32 hosts
8-* cpu_models_MIPS64:: Supported CPU models for MIPS64 hosts
9-* cpu_models_nanoMIPS:: Supported CPU models for nanoMIPS hosts
10-* preferred_cpu_models_MIPS:: Preferred CPU models for MIPS hosts
11-@end menu
12-
13-@node cpu_models_MIPS32
14-@subsection Supported CPU models for MIPS32 hosts
15-
16-The following CPU models are supported for use on MIPS32 hosts. Administrators /
17-applications are recommended to use the CPU model that matches the generation
18-of the host CPUs in use. In a deployment with a mixture of host CPU models
19-between machines, if live migration compatibility is required, use the newest
20-CPU model that is compatible across all desired hosts.
21-
22-@table @option
23-@item @code{mips32r6-generic}
24-
25-MIPS32 Processor (Release 6, 2015)
26-
27-
28-@item @code{P5600}
29-
30-MIPS32 Processor (P5600, 2014)
31-
32-
33-@item @code{M14K}
34-@item @code{M14Kc}
35-
36-MIPS32 Processor (M14K, 2009)
37-
38-
39-@item @code{74Kf}
40-
41-MIPS32 Processor (74K, 2007)
42-
43-
44-@item @code{34Kf}
45-
46-MIPS32 Processor (34K, 2006)
47-
48-
49-@item @code{24Kc}
50-@item @code{24KEc}
51-@item @code{24Kf}
52-
53-MIPS32 Processor (24K, 2003)
54-
55-
56-@item @code{4Kc}
57-@item @code{4Km}
58-@item @code{4KEcR1}
59-@item @code{4KEmR1}
60-@item @code{4KEc}
61-@item @code{4KEm}
62-
63-MIPS32 Processor (4K, 1999)
64-@end table
65-
66-@node cpu_models_MIPS64
67-@subsection Supported CPU models for MIPS64 hosts
68-
69-The following CPU models are supported for use on MIPS64 hosts. Administrators /
70-applications are recommended to use the CPU model that matches the generation
71-of the host CPUs in use. In a deployment with a mixture of host CPU models
72-between machines, if live migration compatibility is required, use the newest
73-CPU model that is compatible across all desired hosts.
74-
75-@table @option
76-@item @code{I6400}
77-
78-MIPS64 Processor (Release 6, 2014)
79-
80-
81-@item @code{Loongson-2F}
82-
83-MIPS64 Processor (Loongson 2, 2008)
84-
85-
86-@item @code{Loongson-2E}
87-
88-MIPS64 Processor (Loongson 2, 2006)
89-
90-
91-@item @code{mips64dspr2}
92-
93-MIPS64 Processor (Release 2, 2006)
94-
95-
96-@item @code{MIPS64R2-generic}
97-@item @code{5KEc}
98-@item @code{5KEf}
99-
100-MIPS64 Processor (Release 2, 2002)
101-
102-
103-@item @code{20Kc}
104-
105-MIPS64 Processor (20K, 2000)
106-
107-
108-@item @code{5Kc}
109-@item @code{5Kf}
110-
111-MIPS64 Processor (5K, 1999)
112-
113-
114-@item @code{VR5432}
115-
116-MIPS64 Processor (VR, 1998)
117-
118-
119-@item @code{R4000}
120-
121-MIPS64 Processor (MIPS III, 1991)
122-@end table
123-
124-@node cpu_models_nanoMIPS
125-@subsection Supported CPU models for nanoMIPS hosts
126-
127-The following CPU models are supported for use on nanoMIPS hosts. Administrators /
128-applications are recommended to use the CPU model that matches the generation
129-of the host CPUs in use. In a deployment with a mixture of host CPU models
130-between machines, if live migration compatibility is required, use the newest
131-CPU model that is compatible across all desired hosts.
132-
133-@table @option
134-@item @code{I7200}
135-
136-MIPS I7200 (nanoMIPS, 2018)
137-
138-@end table
139-
140-@node preferred_cpu_models_MIPS
141-@subsection Preferred CPU models for MIPS hosts
142-
143-The following CPU models are preferred for use on different MIPS hosts:
144-
145-@table @option
146-@item @code{MIPS III}
147-R4000
148-
149-@item @code{MIPS32R2}
150-34Kf
151-
152-@item @code{MIPS64R6}
153-I6400
154-
155-@item @code{nanoMIPS}
156-I7200
157-@end table
--- a/docs/system/cpu-models-x86.texi
+++ /dev/null
@@ -1,482 +0,0 @@
1-@node cpu_models_x86
2-@section Recommendations for KVM CPU model configuration on x86 hosts
3-
4-QEMU / KVM virtualization supports two ways to configure CPU models
5-
6-@table @option
7-
8-@item Host passthrough
9-
10-This passes the host CPU model features, model, stepping, exactly to the
11-guest. Note that KVM may filter out some host CPU model features if they
12-cannot be supported with virtualization. Live migration is unsafe when
13-this mode is used as libvirt / QEMU cannot guarantee a stable CPU is
14-exposed to the guest across hosts. This is the recommended CPU to use,
15-provided live migration is not required.
16-
17-@item Named model
18-
19-QEMU comes with a number of predefined named CPU models, that typically
20-refer to specific generations of hardware released by Intel and AMD.
21-These allow the guest VMs to have a degree of isolation from the host CPU,
22-allowing greater flexibility in live migrating between hosts with differing
23-hardware.
24-@end table
25-
26-In both cases, it is possible to optionally add or remove individual CPU
27-features, to alter what is presented to the guest by default.
28-
29-Libvirt supports a third way to configure CPU models known as "Host model".
30-This uses the QEMU "Named model" feature, automatically picking a CPU model
31-that is similar the host CPU, and then adding extra features to approximate
32-the host model as closely as possible. This does not guarantee the CPU family,
33-stepping, etc will precisely match the host CPU, as they would with "Host
34-passthrough", but gives much of the benefit of passthrough, while making
35-live migration safe.
36-
37-The information that follows provides recommendations for configuring
38-CPU models on x86 hosts. The goals are to maximise performance, while
39-protecting guest OS against various CPU hardware flaws, and optionally
40-enabling live migration between hosts with heterogeneous CPU models.
41-
42-@menu
43-* preferred_cpu_models_intel_x86:: Preferred CPU models for Intel x86 hosts
44-* important_cpu_features_intel_x86:: Important CPU features for Intel x86 hosts
45-* preferred_cpu_models_amd_x86:: Preferred CPU models for AMD x86 hosts
46-* important_cpu_features_amd_x86:: Important CPU features for AMD x86 hosts
47-* default_cpu_models_x86:: Default x86 CPU models
48-* other_non_recommended_cpu_models_x86:: Other non-recommended x86 CPUs
49-* cpu_model_syntax_apps:: Syntax for configuring CPU models
50-@end menu
51-
52-@node preferred_cpu_models_intel_x86
53-@subsection Preferred CPU models for Intel x86 hosts
54-
55-The following CPU models are preferred for use on Intel hosts. Administrators /
56-applications are recommended to use the CPU model that matches the generation
57-of the host CPUs in use. In a deployment with a mixture of host CPU models
58-between machines, if live migration compatibility is required, use the newest
59-CPU model that is compatible across all desired hosts.
60-
61-@table @option
62-@item @code{Skylake-Server}
63-@item @code{Skylake-Server-IBRS}
64-
65-Intel Xeon Processor (Skylake, 2016)
66-
67-
68-@item @code{Skylake-Client}
69-@item @code{Skylake-Client-IBRS}
70-
71-Intel Core Processor (Skylake, 2015)
72-
73-
74-@item @code{Broadwell}
75-@item @code{Broadwell-IBRS}
76-@item @code{Broadwell-noTSX}
77-@item @code{Broadwell-noTSX-IBRS}
78-
79-Intel Core Processor (Broadwell, 2014)
80-
81-
82-@item @code{Haswell}
83-@item @code{Haswell-IBRS}
84-@item @code{Haswell-noTSX}
85-@item @code{Haswell-noTSX-IBRS}
86-
87-Intel Core Processor (Haswell, 2013)
88-
89-
90-@item @code{IvyBridge}
91-@item @code{IvyBridge-IBRS}
92-
93-Intel Xeon E3-12xx v2 (Ivy Bridge, 2012)
94-
95-
96-@item @code{SandyBridge}
97-@item @code{SandyBridge-IBRS}
98-
99-Intel Xeon E312xx (Sandy Bridge, 2011)
100-
101-
102-@item @code{Westmere}
103-@item @code{Westmere-IBRS}
104-
105-Westmere E56xx/L56xx/X56xx (Nehalem-C, 2010)
106-
107-
108-@item @code{Nehalem}
109-@item @code{Nehalem-IBRS}
110-
111-Intel Core i7 9xx (Nehalem Class Core i7, 2008)
112-
113-
114-@item @code{Penryn}
115-
116-Intel Core 2 Duo P9xxx (Penryn Class Core 2, 2007)
117-
118-
119-@item @code{Conroe}
120-
121-Intel Celeron_4x0 (Conroe/Merom Class Core 2, 2006)
122-
123-@end table
124-
125-@node important_cpu_features_intel_x86
126-@subsection Important CPU features for Intel x86 hosts
127-
128-The following are important CPU features that should be used on Intel x86
129-hosts, when available in the host CPU. Some of them require explicit
130-configuration to enable, as they are not included by default in some, or all,
131-of the named CPU models listed above. In general all of these features are
132-included if using "Host passthrough" or "Host model".
133-
134-
135-@table @option
136-
137-@item @code{pcid}
138-
139-Recommended to mitigate the cost of the Meltdown (CVE-2017-5754) fix
140-
141-Included by default in Haswell, Broadwell & Skylake Intel CPU models.
142-
143-Should be explicitly turned on for Westmere, SandyBridge, and IvyBridge
144-Intel CPU models. Note that some desktop/mobile Westmere CPUs cannot
145-support this feature.
146-
147-
148-@item @code{spec-ctrl}
149-
150-Required to enable the Spectre v2 (CVE-2017-5715) fix.
151-
152-Included by default in Intel CPU models with -IBRS suffix.
153-
154-Must be explicitly turned on for Intel CPU models without -IBRS suffix.
155-
156-Requires the host CPU microcode to support this feature before it
157-can be used for guest CPUs.
158-
159-
160-@item @code{stibp}
161-
162-Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in some
163-operating systems.
164-
165-Must be explicitly turned on for all Intel CPU models.
166-
167-Requires the host CPU microcode to support this feature before it
168-can be used for guest CPUs.
169-
170-
171-@item @code{ssbd}
172-
173-Required to enable the CVE-2018-3639 fix
174-
175-Not included by default in any Intel CPU model.
176-
177-Must be explicitly turned on for all Intel CPU models.
178-
179-Requires the host CPU microcode to support this feature before it
180-can be used for guest CPUs.
181-
182-
183-@item @code{pdpe1gb}
184-
185-Recommended to allow guest OS to use 1GB size pages
186-
187-Not included by default in any Intel CPU model.
188-
189-Should be explicitly turned on for all Intel CPU models.
190-
191-Note that not all CPU hardware will support this feature.
192-
193-@item @code{md-clear}
194-
195-Required to confirm the MDS (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
196-CVE-2019-11091) fixes.
197-
198-Not included by default in any Intel CPU model.
199-
200-Must be explicitly turned on for all Intel CPU models.
201-
202-Requires the host CPU microcode to support this feature before it
203-can be used for guest CPUs.
204-@end table
205-
206-
207-@node preferred_cpu_models_amd_x86
208-@subsection Preferred CPU models for AMD x86 hosts
209-
210-The following CPU models are preferred for use on Intel hosts. Administrators /
211-applications are recommended to use the CPU model that matches the generation
212-of the host CPUs in use. In a deployment with a mixture of host CPU models
213-between machines, if live migration compatibility is required, use the newest
214-CPU model that is compatible across all desired hosts.
215-
216-@table @option
217-
218-@item @code{EPYC}
219-@item @code{EPYC-IBPB}
220-
221-AMD EPYC Processor (2017)
222-
223-
224-@item @code{Opteron_G5}
225-
226-AMD Opteron 63xx class CPU (2012)
227-
228-
229-@item @code{Opteron_G4}
230-
231-AMD Opteron 62xx class CPU (2011)
232-
233-
234-@item @code{Opteron_G3}
235-
236-AMD Opteron 23xx (Gen 3 Class Opteron, 2009)
237-
238-
239-@item @code{Opteron_G2}
240-
241-AMD Opteron 22xx (Gen 2 Class Opteron, 2006)
242-
243-
244-@item @code{Opteron_G1}
245-
246-AMD Opteron 240 (Gen 1 Class Opteron, 2004)
247-@end table
248-
249-@node important_cpu_features_amd_x86
250-@subsection Important CPU features for AMD x86 hosts
251-
252-The following are important CPU features that should be used on AMD x86
253-hosts, when available in the host CPU. Some of them require explicit
254-configuration to enable, as they are not included by default in some, or all,
255-of the named CPU models listed above. In general all of these features are
256-included if using "Host passthrough" or "Host model".
257-
258-
259-@table @option
260-
261-@item @code{ibpb}
262-
263-Required to enable the Spectre v2 (CVE-2017-5715) fix.
264-
265-Included by default in AMD CPU models with -IBPB suffix.
266-
267-Must be explicitly turned on for AMD CPU models without -IBPB suffix.
268-
269-Requires the host CPU microcode to support this feature before it
270-can be used for guest CPUs.
271-
272-
273-@item @code{stibp}
274-
275-Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in some
276-operating systems.
277-
278-Must be explicitly turned on for all AMD CPU models.
279-
280-Requires the host CPU microcode to support this feature before it
281-can be used for guest CPUs.
282-
283-
284-@item @code{virt-ssbd}
285-
286-Required to enable the CVE-2018-3639 fix
287-
288-Not included by default in any AMD CPU model.
289-
290-Must be explicitly turned on for all AMD CPU models.
291-
292-This should be provided to guests, even if amd-ssbd is also
293-provided, for maximum guest compatibility.
294-
295-Note for some QEMU / libvirt versions, this must be force enabled
296-when when using "Host model", because this is a virtual feature
297-that doesn't exist in the physical host CPUs.
298-
299-
300-@item @code{amd-ssbd}
301-
302-Required to enable the CVE-2018-3639 fix
303-
304-Not included by default in any AMD CPU model.
305-
306-Must be explicitly turned on for all AMD CPU models.
307-
308-This provides higher performance than virt-ssbd so should be
309-exposed to guests whenever available in the host. virt-ssbd
310-should none the less also be exposed for maximum guest
311-compatibility as some kernels only know about virt-ssbd.
312-
313-
314-@item @code{amd-no-ssb}
315-
316-Recommended to indicate the host is not vulnerable CVE-2018-3639
317-
318-Not included by default in any AMD CPU model.
319-
320-Future hardware generations of CPU will not be vulnerable to
321-CVE-2018-3639, and thus the guest should be told not to enable
322-its mitigations, by exposing amd-no-ssb. This is mutually
323-exclusive with virt-ssbd and amd-ssbd.
324-
325-
326-@item @code{pdpe1gb}
327-
328-Recommended to allow guest OS to use 1GB size pages
329-
330-Not included by default in any AMD CPU model.
331-
332-Should be explicitly turned on for all AMD CPU models.
333-
334-Note that not all CPU hardware will support this feature.
335-@end table
336-
337-
338-@node default_cpu_models_x86
339-@subsection Default x86 CPU models
340-
341-The default QEMU CPU models are designed such that they can run on all hosts.
342-If an application does not wish to do perform any host compatibility checks
343-before launching guests, the default is guaranteed to work.
344-
345-The default CPU models will, however, leave the guest OS vulnerable to various
346-CPU hardware flaws, so their use is strongly discouraged. Applications should
347-follow the earlier guidance to setup a better CPU configuration, with host
348-passthrough recommended if live migration is not needed.
349-
350-@table @option
351-@item @code{qemu32}
352-@item @code{qemu64}
353-
354-QEMU Virtual CPU version 2.5+ (32 & 64 bit variants)
355-
356-qemu64 is used for x86_64 guests and qemu32 is used for i686 guests, when no
357--cpu argument is given to QEMU, or no <cpu> is provided in libvirt XML.
358-@end table
359-
360-
361-@node other_non_recommended_cpu_models_x86
362-@subsection Other non-recommended x86 CPUs
363-
364-The following CPUs models are compatible with most AMD and Intel x86 hosts, but
365-their usage is discouraged, as they expose a very limited featureset, which
366-prevents guests having optimal performance.
367-
368-@table @option
369-
370-@item @code{kvm32}
371-@item @code{kvm64}
372-
373-Common KVM processor (32 & 64 bit variants)
374-
375-Legacy models just for historical compatibility with ancient QEMU versions.
376-
377-
378-@item @code{486}
379-@item @code{athlon}
380-@item @code{phenom}
381-@item @code{coreduo}
382-@item @code{core2duo}
383-@item @code{n270}
384-@item @code{pentium}
385-@item @code{pentium2}
386-@item @code{pentium3}
387-
388-Various very old x86 CPU models, mostly predating the introduction of
389-hardware assisted virtualization, that should thus not be required for
390-running virtual machines.
391-@end table
392-
393-@node cpu_model_syntax_apps
394-@subsection Syntax for configuring CPU models
395-
396-The example below illustrate the approach to configuring the various
397-CPU models / features in QEMU and libvirt.
398-
399-QEMU command line:
400-
401-@table @option
402-
403-@item Host passthrough
404-
405-@example
406- $ @value{qemu_system_x86} -cpu host
407-@end example
408-
409-With feature customization:
410-
411-@example
412- $ @value{qemu_system_x86} -cpu host,-vmx,...
413-@end example
414-
415-@item Named CPU models
416-
417-@example
418- $ @value{qemu_system_x86} -cpu Westmere
419-@end example
420-
421-With feature customization:
422-
423-@example
424- $ @value{qemu_system_x86} -cpu Westmere,+pcid,...
425-@end example
426-
427-@end table
428-
429-
430-Libvirt guest XML:
431-
432-@table @option
433-
434-@item Host passthrough
435-
436-@example
437- <cpu mode='host-passthrough'/>
438-@end example
439-
440-With feature customization:
441-
442-@example
443- <cpu mode='host-passthrough'>
444- <feature name="vmx" policy="disable"/>
445- ...
446- </cpu>
447-@end example
448-
449-@item Host model
450-
451-@example
452- <cpu mode='host-model'/>
453-@end example
454-
455-With feature customization:
456-
457-@example
458- <cpu mode='host-model'>
459- <feature name="vmx" policy="disable"/>
460- ...
461- </cpu>
462-@end example
463-
464-@item Named model
465-
466-@example
467- <cpu mode='custom'>
468- <model name="Westmere"/>
469- </cpu>
470-@end example
471-
472-With feature customization:
473-
474-@example
475- <cpu mode='custom'>
476- <model name="Westmere"/>
477- <feature name="pcid" policy="require"/>
478- ...
479- </cpu>
480-@end example
481-
482-@end table
--- a/docs/system/deprecated.texi
+++ /dev/null
@@ -1,377 +0,0 @@
1-@node Deprecated features
2-@appendix Deprecated features
3-
4-In general features are intended to be supported indefinitely once
5-introduced into QEMU. In the event that a feature needs to be removed,
6-it will be listed in this appendix. The feature will remain functional
7-for 2 releases prior to actual removal. Deprecated features may also
8-generate warnings on the console when QEMU starts up, or if activated
9-via a monitor command, however, this is not a mandatory requirement.
10-
11-Prior to the 2.10.0 release there was no official policy on how
12-long features would be deprecated prior to their removal, nor
13-any documented list of which features were deprecated. Thus
14-any features deprecated prior to 2.10.0 will be treated as if
15-they were first deprecated in the 2.10.0 release.
16-
17-What follows is a list of all features currently marked as
18-deprecated.
19-
20-@section System emulator command line arguments
21-
22-@subsection -machine enforce-config-section=on|off (since 3.1)
23-
24-The @option{enforce-config-section} parameter is replaced by the
25-@option{-global migration.send-configuration=@var{on|off}} option.
26-
27-@subsection -no-kvm (since 1.3.0)
28-
29-The ``-no-kvm'' argument is now a synonym for setting ``-accel tcg''.
30-
31-@subsection -usbdevice (since 2.10.0)
32-
33-The ``-usbdevice DEV'' argument is now a synonym for setting
34-the ``-device usb-DEV'' argument instead. The deprecated syntax
35-would automatically enable USB support on the machine type.
36-If using the new syntax, USB support must be explicitly
37-enabled via the ``-machine usb=on'' argument.
38-
39-@subsection -drive file=json:@{...@{'driver':'file'@}@} (since 3.0)
40-
41-The 'file' driver for drives is no longer appropriate for character or host
42-devices and will only accept regular files (S_IFREG). The correct driver
43-for these file types is 'host_cdrom' or 'host_device' as appropriate.
44-
45-@subsection -net ...,name=@var{name} (since 3.1)
46-
47-The @option{name} parameter of the @option{-net} option is a synonym
48-for the @option{id} parameter, which should now be used instead.
49-
50-@subsection -smp (invalid topologies) (since 3.1)
51-
52-CPU topology properties should describe whole machine topology including
53-possible CPUs.
54-
55-However, historically it was possible to start QEMU with an incorrect topology
56-where @math{@var{n} <= @var{sockets} * @var{cores} * @var{threads} < @var{maxcpus}},
57-which could lead to an incorrect topology enumeration by the guest.
58-Support for invalid topologies will be removed, the user must ensure
59-topologies described with -smp include all possible cpus, i.e.
60- @math{@var{sockets} * @var{cores} * @var{threads} = @var{maxcpus}}.
61-
62-@subsection -vnc acl (since 4.0.0)
63-
64-The @code{acl} option to the @code{-vnc} argument has been replaced
65-by the @code{tls-authz} and @code{sasl-authz} options.
66-
67-@subsection QEMU_AUDIO_ environment variables and -audio-help (since 4.0)
68-
69-The ``-audiodev'' argument is now the preferred way to specify audio
70-backend settings instead of environment variables. To ease migration to
71-the new format, the ``-audiodev-help'' option can be used to convert
72-the current values of the environment variables to ``-audiodev'' options.
73-
74-@subsection Creating sound card devices and vnc without audiodev= property (since 4.2)
75-
76-When not using the deprecated legacy audio config, each sound card
77-should specify an @code{audiodev=} property. Additionally, when using
78-vnc, you should specify an @code{audiodev=} propery if you plan to
79-transmit audio through the VNC protocol.
80-
81-@subsection -mon ...,control=readline,pretty=on|off (since 4.1)
82-
83-The @code{pretty=on|off} switch has no effect for HMP monitors, but is
84-silently ignored. Using the switch with HMP monitors will become an
85-error in the future.
86-
87-@subsection -realtime (since 4.1)
88-
89-The @code{-realtime mlock=on|off} argument has been replaced by the
90-@code{-overcommit mem-lock=on|off} argument.
91-
92-@subsection -numa node,mem=@var{size} (since 4.1)
93-
94-The parameter @option{mem} of @option{-numa node} is used to assign a part of
95-guest RAM to a NUMA node. But when using it, it's impossible to manage specified
96-RAM chunk on the host side (like bind it to a host node, setting bind policy, ...),
97-so guest end-ups with the fake NUMA configuration with suboptiomal performance.
98-However since 2014 there is an alternative way to assign RAM to a NUMA node
99-using parameter @option{memdev}, which does the same as @option{mem} and adds
100-means to actualy manage node RAM on the host side. Use parameter @option{memdev}
101-with @var{memory-backend-ram} backend as an replacement for parameter @option{mem}
102-to achieve the same fake NUMA effect or a properly configured
103-@var{memory-backend-file} backend to actually benefit from NUMA configuration.
104-In future new machine versions will not accept the option but it will still
105-work with old machine types. User can check QAPI schema to see if the legacy
106-option is supported by looking at MachineInfo::numa-mem-supported property.
107-
108-@subsection -numa node (without memory specified) (since 4.1)
109-
110-Splitting RAM by default between NUMA nodes has the same issues as @option{mem}
111-parameter described above with the difference that the role of the user plays
112-QEMU using implicit generic or board specific splitting rule.
113-Use @option{memdev} with @var{memory-backend-ram} backend or @option{mem} (if
114-it's supported by used machine type) to define mapping explictly instead.
115-
116-@subsection RISC-V -bios (since 4.1)
117-
118-QEMU 4.1 introduced support for the -bios option in QEMU for RISC-V for the
119-RISC-V virt machine and sifive_u machine.
120-
121-QEMU 4.1 has no changes to the default behaviour to avoid breakages. This
122-default will change in a future QEMU release, so please prepare now. All users
123-of the virt or sifive_u machine must change their command line usage.
124-
125-QEMU 4.1 has three options, please migrate to one of these three:
126- 1. ``-bios none`` - This is the current default behavior if no -bios option
127- is included. QEMU will not automatically load any firmware. It is up
128- to the user to load all the images they need.
129- 2. ``-bios default`` - In a future QEMU release this will become the default
130- behaviour if no -bios option is specified. This option will load the
131- default OpenSBI firmware automatically. The firmware is included with
132- the QEMU release and no user interaction is required. All a user needs
133- to do is specify the kernel they want to boot with the -kernel option
134- 3. ``-bios <file>`` - Tells QEMU to load the specified file as the firmwrae.
135-
136-@subsection -tb-size option (since 5.0)
137-
138-QEMU 5.0 introduced an alternative syntax to specify the size of the translation
139-block cache, @option{-accel tcg,tb-size=}. The new syntax deprecates the
140-previously available @option{-tb-size} option.
141-
142-@subsection -show-cursor option (since 5.0)
143-
144-Use @option{-display sdl,show-cursor=on} or
145- @option{-display gtk,show-cursor=on} instead.
146-
147-@section QEMU Machine Protocol (QMP) commands
148-
149-@subsection change (since 2.5.0)
150-
151-Use ``blockdev-change-medium'' or ``change-vnc-password'' instead.
152-
153-@subsection migrate_set_downtime and migrate_set_speed (since 2.8.0)
154-
155-Use ``migrate-set-parameters'' instead.
156-
157-@subsection migrate-set-cache-size and query-migrate-cache-size (since 2.11.0)
158-
159-Use ``migrate-set-parameters'' and ``query-migrate-parameters'' instead.
160-
161-@subsection query-block result field dirty-bitmaps[i].status (since 4.0)
162-
163-The ``status'' field of the ``BlockDirtyInfo'' structure, returned by
164-the query-block command is deprecated. Two new boolean fields,
165-``recording'' and ``busy'' effectively replace it.
166-
167-@subsection query-block result field dirty-bitmaps (Since 4.2)
168-
169-The ``dirty-bitmaps`` field of the ``BlockInfo`` structure, returned by
170-the query-block command is itself now deprecated. The ``dirty-bitmaps``
171-field of the ``BlockDeviceInfo`` struct should be used instead, which is the
172-type of the ``inserted`` field in query-block replies, as well as the
173-type of array items in query-named-block-nodes.
174-
175-Since the ``dirty-bitmaps`` field is optionally present in both the old and
176-new locations, clients must use introspection to learn where to anticipate
177-the field if/when it does appear in command output.
178-
179-@subsection query-cpus (since 2.12.0)
180-
181-The ``query-cpus'' command is replaced by the ``query-cpus-fast'' command.
182-
183-@subsection query-cpus-fast "arch" output member (since 3.0.0)
184-
185-The ``arch'' output member of the ``query-cpus-fast'' command is
186-replaced by the ``target'' output member.
187-
188-@subsection cpu-add (since 4.0)
189-
190-Use ``device_add'' for hotplugging vCPUs instead of ``cpu-add''. See
191-documentation of ``query-hotpluggable-cpus'' for additional
192-details.
193-
194-@subsection query-events (since 4.0)
195-
196-The ``query-events'' command has been superseded by the more powerful
197-and accurate ``query-qmp-schema'' command.
198-
199-@subsection chardev client socket with 'wait' option (since 4.0)
200-
201-Character devices creating sockets in client mode should not specify
202-the 'wait' field, which is only applicable to sockets in server mode
203-
204-@section Human Monitor Protocol (HMP) commands
205-
206-@subsection The hub_id parameter of 'hostfwd_add' / 'hostfwd_remove' (since 3.1)
207-
208-The @option{[hub_id name]} parameter tuple of the 'hostfwd_add' and
209-'hostfwd_remove' HMP commands has been replaced by @option{netdev_id}.
210-
211-@subsection cpu-add (since 4.0)
212-
213-Use ``device_add'' for hotplugging vCPUs instead of ``cpu-add''. See
214-documentation of ``query-hotpluggable-cpus'' for additional details.
215-
216-@subsection acl_show, acl_reset, acl_policy, acl_add, acl_remove (since 4.0.0)
217-
218-The ``acl_show'', ``acl_reset'', ``acl_policy'', ``acl_add'', and
219-``acl_remove'' commands are deprecated with no replacement. Authorization
220-for VNC should be performed using the pluggable QAuthZ objects.
221-
222-@section Guest Emulator ISAs
223-
224-@subsection RISC-V ISA privledge specification version 1.09.1 (since 4.1)
225-
226-The RISC-V ISA privledge specification version 1.09.1 has been deprecated.
227-QEMU supports both the newer version 1.10.0 and the ratified version 1.11.0, these
228-should be used instead of the 1.09.1 version.
229-
230-@section System emulator CPUS
231-
232-@subsection RISC-V ISA CPUs (since 4.1)
233-
234-The RISC-V cpus with the ISA version in the CPU name have been depcreated. The
235-four CPUs are: ``rv32gcsu-v1.9.1``, ``rv32gcsu-v1.10.0``, ``rv64gcsu-v1.9.1`` and
236-``rv64gcsu-v1.10.0``. Instead the version can be specified via the CPU ``priv_spec``
237-option when using the ``rv32`` or ``rv64`` CPUs.
238-
239-@subsection RISC-V ISA CPUs (since 4.1)
240-
241-The RISC-V no MMU cpus have been depcreated. The two CPUs: ``rv32imacu-nommu`` and
242-``rv64imacu-nommu`` should no longer be used. Instead the MMU status can be specified
243-via the CPU ``mmu`` option when using the ``rv32`` or ``rv64`` CPUs.
244-
245-@section System emulator devices
246-
247-@subsection ide-drive (since 4.2)
248-
249-The 'ide-drive' device is deprecated. Users should use 'ide-hd' or
250-'ide-cd' as appropriate to get an IDE hard disk or CD-ROM as needed.
251-
252-@subsection scsi-disk (since 4.2)
253-
254-The 'scsi-disk' device is deprecated. Users should use 'scsi-hd' or
255-'scsi-cd' as appropriate to get a SCSI hard disk or CD-ROM as needed.
256-
257-@section System emulator machines
258-
259-@subsection mips r4k platform (since 5.0)
260-
261-This machine type is very old and unmaintained. Users should use the 'malta'
262-machine type instead.
263-
264-@subsection pc-1.0, pc-1.1, pc-1.2 and pc-1.3 (since 5.0)
265-
266-These machine types are very old and likely can not be used for live migration
267-from old QEMU versions anymore. A newer machine type should be used instead.
268-
269-@subsection spike_v1.9.1 and spike_v1.10 (since 4.1)
270-
271-The version specific Spike machines have been deprecated in favour of the
272-generic ``spike`` machine. If you need to specify an older version of the RISC-V
273-spec you can use the ``-cpu rv64gcsu,priv_spec=v1.9.1`` command line argument.
274-
275-@section Device options
276-
277-@subsection Emulated device options
278-
279-@subsubsection -device virtio-blk,scsi=on|off (since 5.0.0)
280-
281-The virtio-blk SCSI passthrough feature is a legacy VIRTIO feature. VIRTIO 1.0
282-and later do not support it because the virtio-scsi device was introduced for
283-full SCSI support. Use virtio-scsi instead when SCSI passthrough is required.
284-
285-Note this also applies to ``-device virtio-blk-pci,scsi=on|off'', which is an
286-alias.
287-
288-@subsection Block device options
289-
290-@subsubsection "backing": "" (since 2.12.0)
291-
292-In order to prevent QEMU from automatically opening an image's backing
293-chain, use ``"backing": null'' instead.
294-
295-@subsubsection rbd keyvalue pair encoded filenames: "" (since 3.1.0)
296-
297-Options for ``rbd'' should be specified according to its runtime options,
298-like other block drivers. Legacy parsing of keyvalue pair encoded
299-filenames is useful to open images with the old format for backing files;
300-These image files should be updated to use the current format.
301-
302-Example of legacy encoding:
303-
304-@code{json:@{"file.driver":"rbd", "file.filename":"rbd:rbd/name"@}}
305-
306-The above, converted to the current supported format:
307-
308-@code{json:@{"file.driver":"rbd", "file.pool":"rbd", "file.image":"name"@}}
309-
310-@section Related binaries
311-
312-@subsection qemu-img convert -n -o (since 4.2.0)
313-
314-All options specified in @option{-o} are image creation options, so
315-they have no effect when used with @option{-n} to skip image creation.
316-Silently ignored options can be confusing, so this combination of
317-options will be made an error in future versions.
318-
319-@section Backwards compatibility
320-
321-@subsection Runnability guarantee of CPU models (since 4.1.0)
322-
323-Previous versions of QEMU never changed existing CPU models in
324-ways that introduced additional host software or hardware
325-requirements to the VM. This allowed management software to
326-safely change the machine type of an existing VM without
327-introducing new requirements ("runnability guarantee"). This
328-prevented CPU models from being updated to include CPU
329-vulnerability mitigations, leaving guests vulnerable in the
330-default configuration.
331-
332-The CPU model runnability guarantee won't apply anymore to
333-existing CPU models. Management software that needs runnability
334-guarantees must resolve the CPU model aliases using te
335-``alias-of'' field returned by the ``query-cpu-definitions'' QMP
336-command.
337-
338-While those guarantees are kept, the return value of
339-``query-cpu-definitions'' will have existing CPU model aliases
340-point to a version that doesn't break runnability guarantees
341-(specifically, version 1 of those CPU models). In future QEMU
342-versions, aliases will point to newer CPU model versions
343-depending on the machine type, so management software must
344-resolve CPU model aliases before starting a virtual machine.
345-
346-
347-@node Recently removed features
348-@appendix Recently removed features
349-
350-What follows is a record of recently removed, formerly deprecated
351-features that serves as a record for users who have encountered
352-trouble after a recent upgrade.
353-
354-@section QEMU Machine Protocol (QMP) commands
355-
356-@subsection block-dirty-bitmap-add "autoload" parameter (since 4.2.0)
357-
358-The "autoload" parameter has been ignored since 2.12.0. All bitmaps
359-are automatically loaded from qcow2 images.
360-
361-@section Related binaries
362-
363-@subsection qemu-nbd --partition (removed in 5.0.0)
364-
365-The ``qemu-nbd --partition $digit'' code (also spelled @option{-P})
366-could only handle MBR partitions, and never correctly handled logical
367-partitions beyond partition 5. Exporting a partition can still be
368-done by utilizing the @option{--image-opts} option with a raw blockdev
369-using the @code{offset} and @code{size} parameters layered on top of
370-any other existing blockdev. For example, if partition 1 is 100MiB
371-long starting at 1MiB, the old command:
372-
373-@code{qemu-nbd -t -P 1 -f qcow2 file.qcow2}
374-
375-can be rewritten as:
376-
377-@code{qemu-nbd -t --image-opts driver=raw,offset=1M,size=100M,file.driver=qcow2,file.file.driver=file,file.file.filename=file.qcow2}
--- a/docs/system/gdb.texi
+++ /dev/null
@@ -1,71 +0,0 @@
1-@node gdb_usage
2-@section GDB usage
3-
4-QEMU has a primitive support to work with gdb, so that you can do
5-'Ctrl-C' while the virtual machine is running and inspect its state.
6-
7-In order to use gdb, launch QEMU with the '-s' option. It will wait for a
8-gdb connection:
9-@example
10-@value{qemu_system} -s -kernel bzImage -hda rootdisk.img -append "root=/dev/hda"
11-Connected to host network interface: tun0
12-Waiting gdb connection on port 1234
13-@end example
14-
15-Then launch gdb on the 'vmlinux' executable:
16-@example
17-> gdb vmlinux
18-@end example
19-
20-In gdb, connect to QEMU:
21-@example
22-(gdb) target remote localhost:1234
23-@end example
24-
25-Then you can use gdb normally. For example, type 'c' to launch the kernel:
26-@example
27-(gdb) c
28-@end example
29-
30-Here are some useful tips in order to use gdb on system code:
31-
32-@enumerate
33-@item
34-Use @code{info reg} to display all the CPU registers.
35-@item
36-Use @code{x/10i $eip} to display the code at the PC position.
37-@item
38-Use @code{set architecture i8086} to dump 16 bit code. Then use
39-@code{x/10i $cs*16+$eip} to dump the code at the PC position.
40-@end enumerate
41-
42-Advanced debugging options:
43-
44-The default single stepping behavior is step with the IRQs and timer service routines off. It is set this way because when gdb executes a single step it expects to advance beyond the current instruction. With the IRQs and timer service routines on, a single step might jump into the one of the interrupt or exception vectors instead of executing the current instruction. This means you may hit the same breakpoint a number of times before executing the instruction gdb wants to have executed. Because there are rare circumstances where you want to single step into an interrupt vector the behavior can be controlled from GDB. There are three commands you can query and set the single step behavior:
45-@table @code
46-@item maintenance packet qqemu.sstepbits
47-
48-This will display the MASK bits used to control the single stepping IE:
49-@example
50-(gdb) maintenance packet qqemu.sstepbits
51-sending: "qqemu.sstepbits"
52-received: "ENABLE=1,NOIRQ=2,NOTIMER=4"
53-@end example
54-@item maintenance packet qqemu.sstep
55-
56-This will display the current value of the mask used when single stepping IE:
57-@example
58-(gdb) maintenance packet qqemu.sstep
59-sending: "qqemu.sstep"
60-received: "0x7"
61-@end example
62-@item maintenance packet Qqemu.sstep=HEX_VALUE
63-
64-This will change the single step mask, so if wanted to enable IRQs on the single step, but not timers, you would use:
65-@example
66-(gdb) maintenance packet Qqemu.sstep=0x5
67-sending: "qemu.sstep=0x5"
68-received: "OK"
69-@end example
70-@end table
71-
--- a/docs/system/images.texi
+++ /dev/null
@@ -1,88 +0,0 @@
1-@node disk_images
2-@section Disk Images
3-
4-QEMU supports many disk image formats, including growable disk images
5-(their size increase as non empty sectors are written), compressed and
6-encrypted disk images.
7-
8-@menu
9-* disk_images_quickstart:: Quick start for disk image creation
10-* disk_images_snapshot_mode:: Snapshot mode
11-* vm_snapshots:: VM snapshots
12-@end menu
13-
14-@node disk_images_quickstart
15-@subsection Quick start for disk image creation
16-
17-You can create a disk image with the command:
18-@example
19-qemu-img create myimage.img mysize
20-@end example
21-where @var{myimage.img} is the disk image filename and @var{mysize} is its
22-size in kilobytes. You can add an @code{M} suffix to give the size in
23-megabytes and a @code{G} suffix for gigabytes.
24-
25-@c When this document is converted to rst we should make this into
26-@c a proper linked reference to the qemu-img documentation again:
27-See the qemu-img invocation documentation for more information.
28-
29-@node disk_images_snapshot_mode
30-@subsection Snapshot mode
31-
32-If you use the option @option{-snapshot}, all disk images are
33-considered as read only. When sectors in written, they are written in
34-a temporary file created in @file{/tmp}. You can however force the
35-write back to the raw disk images by using the @code{commit} monitor
36-command (or @key{C-a s} in the serial console).
37-
38-@node vm_snapshots
39-@subsection VM snapshots
40-
41-VM snapshots are snapshots of the complete virtual machine including
42-CPU state, RAM, device state and the content of all the writable
43-disks. In order to use VM snapshots, you must have at least one non
44-removable and writable block device using the @code{qcow2} disk image
45-format. Normally this device is the first virtual hard drive.
46-
47-Use the monitor command @code{savevm} to create a new VM snapshot or
48-replace an existing one. A human readable name can be assigned to each
49-snapshot in addition to its numerical ID.
50-
51-Use @code{loadvm} to restore a VM snapshot and @code{delvm} to remove
52-a VM snapshot. @code{info snapshots} lists the available snapshots
53-with their associated information:
54-
55-@example
56-(qemu) info snapshots
57-Snapshot devices: hda
58-Snapshot list (from hda):
59-ID TAG VM SIZE DATE VM CLOCK
60-1 start 41M 2006-08-06 12:38:02 00:00:14.954
61-2 40M 2006-08-06 12:43:29 00:00:18.633
62-3 msys 40M 2006-08-06 12:44:04 00:00:23.514
63-@end example
64-
65-A VM snapshot is made of a VM state info (its size is shown in
66-@code{info snapshots}) and a snapshot of every writable disk image.
67-The VM state info is stored in the first @code{qcow2} non removable
68-and writable block device. The disk image snapshots are stored in
69-every disk image. The size of a snapshot in a disk image is difficult
70-to evaluate and is not shown by @code{info snapshots} because the
71-associated disk sectors are shared among all the snapshots to save
72-disk space (otherwise each snapshot would need a full copy of all the
73-disk images).
74-
75-When using the (unrelated) @code{-snapshot} option
76-(@ref{disk_images_snapshot_mode}), you can always make VM snapshots,
77-but they are deleted as soon as you exit QEMU.
78-
79-VM snapshots currently have the following known limitations:
80-@itemize
81-@item
82-They cannot cope with removable devices if they are removed or
83-inserted after a snapshot is done.
84-@item
85-A few device drivers still have incomplete snapshot support so their
86-state is not saved or restored properly (in particular USB).
87-@end itemize
88-
--- a/docs/system/invocation.texi
+++ /dev/null
@@ -1,240 +0,0 @@
1-@node sec_invocation
2-@section Invocation
3-
4-@example
5-@c man begin SYNOPSIS
6-@command{@value{qemu_system}} [@var{options}] [@var{disk_image}]
7-@c man end
8-@end example
9-
10-@c man begin OPTIONS
11-@var{disk_image} is a raw hard disk image for IDE hard disk 0. Some
12-targets do not need a disk image.
13-
14-@include qemu-options.texi
15-
16-@c man end
17-
18-@subsection Device URL Syntax
19-@c TODO merge this with section Disk Images
20-
21-@c man begin NOTES
22-
23-In addition to using normal file images for the emulated storage devices,
24-QEMU can also use networked resources such as iSCSI devices. These are
25-specified using a special URL syntax.
26-
27-@table @option
28-@item iSCSI
29-iSCSI support allows QEMU to access iSCSI resources directly and use as
30-images for the guest storage. Both disk and cdrom images are supported.
31-
32-Syntax for specifying iSCSI LUNs is
33-``iscsi://<target-ip>[:<port>]/<target-iqn>/<lun>''
34-
35-By default qemu will use the iSCSI initiator-name
36-'iqn.2008-11.org.linux-kvm[:<name>]' but this can also be set from the command
37-line or a configuration file.
38-
39-Since version Qemu 2.4 it is possible to specify a iSCSI request timeout to detect
40-stalled requests and force a reestablishment of the session. The timeout
41-is specified in seconds. The default is 0 which means no timeout. Libiscsi
42-1.15.0 or greater is required for this feature.
43-
44-Example (without authentication):
45-@example
46-@value{qemu_system} -iscsi initiator-name=iqn.2001-04.com.example:my-initiator \
47- -cdrom iscsi://192.0.2.1/iqn.2001-04.com.example/2 \
48- -drive file=iscsi://192.0.2.1/iqn.2001-04.com.example/1
49-@end example
50-
51-Example (CHAP username/password via URL):
52-@example
53-@value{qemu_system} -drive file=iscsi://user%password@@192.0.2.1/iqn.2001-04.com.example/1
54-@end example
55-
56-Example (CHAP username/password via environment variables):
57-@example
58-LIBISCSI_CHAP_USERNAME="user" \
59-LIBISCSI_CHAP_PASSWORD="password" \
60-@value{qemu_system} -drive file=iscsi://192.0.2.1/iqn.2001-04.com.example/1
61-@end example
62-
63-@item NBD
64-QEMU supports NBD (Network Block Devices) both using TCP protocol as well
65-as Unix Domain Sockets. With TCP, the default port is 10809.
66-
67-Syntax for specifying a NBD device using TCP, in preferred URI form:
68-``nbd://<server-ip>[:<port>]/[<export>]''
69-
70-Syntax for specifying a NBD device using Unix Domain Sockets; remember
71-that '?' is a shell glob character and may need quoting:
72-``nbd+unix:///[<export>]?socket=<domain-socket>''
73-
74-Older syntax that is also recognized:
75-``nbd:<server-ip>:<port>[:exportname=<export>]''
76-
77-Syntax for specifying a NBD device using Unix Domain Sockets
78-``nbd:unix:<domain-socket>[:exportname=<export>]''
79-
80-Example for TCP
81-@example
82-@value{qemu_system} --drive file=nbd:192.0.2.1:30000
83-@end example
84-
85-Example for Unix Domain Sockets
86-@example
87-@value{qemu_system} --drive file=nbd:unix:/tmp/nbd-socket
88-@end example
89-
90-@item SSH
91-QEMU supports SSH (Secure Shell) access to remote disks.
92-
93-Examples:
94-@example
95-@value{qemu_system} -drive file=ssh://user@@host/path/to/disk.img
96-@value{qemu_system} -drive file.driver=ssh,file.user=user,file.host=host,file.port=22,file.path=/path/to/disk.img
97-@end example
98-
99-Currently authentication must be done using ssh-agent. Other
100-authentication methods may be supported in future.
101-
102-@item Sheepdog
103-Sheepdog is a distributed storage system for QEMU.
104-QEMU supports using either local sheepdog devices or remote networked
105-devices.
106-
107-Syntax for specifying a sheepdog device
108-@example
109-sheepdog[+tcp|+unix]://[host:port]/vdiname[?socket=path][#snapid|#tag]
110-@end example
111-
112-Example
113-@example
114-@value{qemu_system} --drive file=sheepdog://192.0.2.1:30000/MyVirtualMachine
115-@end example
116-
117-See also @url{https://sheepdog.github.io/sheepdog/}.
118-
119-@item GlusterFS
120-GlusterFS is a user space distributed file system.
121-QEMU supports the use of GlusterFS volumes for hosting VM disk images using
122-TCP, Unix Domain Sockets and RDMA transport protocols.
123-
124-Syntax for specifying a VM disk image on GlusterFS volume is
125-@example
126-
127-URI:
128-gluster[+type]://[host[:port]]/volume/path[?socket=...][,debug=N][,logfile=...]
129-
130-JSON:
131-'json:@{"driver":"qcow2","file":@{"driver":"gluster","volume":"testvol","path":"a.img","debug":N,"logfile":"...",
132-@ "server":[@{"type":"tcp","host":"...","port":"..."@},
133-@ @{"type":"unix","socket":"..."@}]@}@}'
134-@end example
135-
136-
137-Example
138-@example
139-URI:
140-@value{qemu_system} --drive file=gluster://192.0.2.1/testvol/a.img,
141-@ file.debug=9,file.logfile=/var/log/qemu-gluster.log
142-
143-JSON:
144-@value{qemu_system} 'json:@{"driver":"qcow2",
145-@ "file":@{"driver":"gluster",
146-@ "volume":"testvol","path":"a.img",
147-@ "debug":9,"logfile":"/var/log/qemu-gluster.log",
148-@ "server":[@{"type":"tcp","host":"1.2.3.4","port":24007@},
149-@ @{"type":"unix","socket":"/var/run/glusterd.socket"@}]@}@}'
150-@value{qemu_system} -drive driver=qcow2,file.driver=gluster,file.volume=testvol,file.path=/path/a.img,
151-@ file.debug=9,file.logfile=/var/log/qemu-gluster.log,
152-@ file.server.0.type=tcp,file.server.0.host=1.2.3.4,file.server.0.port=24007,
153-@ file.server.1.type=unix,file.server.1.socket=/var/run/glusterd.socket
154-@end example
155-
156-See also @url{http://www.gluster.org}.
157-
158-@item HTTP/HTTPS/FTP/FTPS
159-QEMU supports read-only access to files accessed over http(s) and ftp(s).
160-
161-Syntax using a single filename:
162-@example
163-<protocol>://[<username>[:<password>]@@]<host>/<path>
164-@end example
165-
166-where:
167-@table @option
168-@item protocol
169-'http', 'https', 'ftp', or 'ftps'.
170-
171-@item username
172-Optional username for authentication to the remote server.
173-
174-@item password
175-Optional password for authentication to the remote server.
176-
177-@item host
178-Address of the remote server.
179-
180-@item path
181-Path on the remote server, including any query string.
182-@end table
183-
184-The following options are also supported:
185-@table @option
186-@item url
187-The full URL when passing options to the driver explicitly.
188-
189-@item readahead
190-The amount of data to read ahead with each range request to the remote server.
191-This value may optionally have the suffix 'T', 'G', 'M', 'K', 'k' or 'b'. If it
192-does not have a suffix, it will be assumed to be in bytes. The value must be a
193-multiple of 512 bytes. It defaults to 256k.
194-
195-@item sslverify
196-Whether to verify the remote server's certificate when connecting over SSL. It
197-can have the value 'on' or 'off'. It defaults to 'on'.
198-
199-@item cookie
200-Send this cookie (it can also be a list of cookies separated by ';') with
201-each outgoing request. Only supported when using protocols such as HTTP
202-which support cookies, otherwise ignored.
203-
204-@item timeout
205-Set the timeout in seconds of the CURL connection. This timeout is the time
206-that CURL waits for a response from the remote server to get the size of the
207-image to be downloaded. If not set, the default timeout of 5 seconds is used.
208-@end table
209-
210-Note that when passing options to qemu explicitly, @option{driver} is the value
211-of <protocol>.
212-
213-Example: boot from a remote Fedora 20 live ISO image
214-@example
215-@value{qemu_system_x86} --drive media=cdrom,file=https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/20/Live/x86_64/Fedora-Live-Desktop-x86_64-20-1.iso,readonly
216-
217-@value{qemu_system_x86} --drive media=cdrom,file.driver=http,file.url=http://archives.fedoraproject.org/pub/fedora/linux/releases/20/Live/x86_64/Fedora-Live-Desktop-x86_64-20-1.iso,readonly
218-@end example
219-
220-Example: boot from a remote Fedora 20 cloud image using a local overlay for
221-writes, copy-on-read, and a readahead of 64k
222-@example
223-qemu-img create -f qcow2 -o backing_file='json:@{"file.driver":"http",, "file.url":"http://archives.fedoraproject.org/pub/archive/fedora/linux/releases/20/Images/x86_64/Fedora-x86_64-20-20131211.1-sda.qcow2",, "file.readahead":"64k"@}' /tmp/Fedora-x86_64-20-20131211.1-sda.qcow2
224-
225-@value{qemu_system_x86} -drive file=/tmp/Fedora-x86_64-20-20131211.1-sda.qcow2,copy-on-read=on
226-@end example
227-
228-Example: boot from an image stored on a VMware vSphere server with a self-signed
229-certificate using a local overlay for writes, a readahead of 64k and a timeout
230-of 10 seconds.
231-@example
232-qemu-img create -f qcow2 -o backing_file='json:@{"file.driver":"https",, "file.url":"https://user:password@@vsphere.example.com/folder/test/test-flat.vmdk?dcPath=Datacenter&dsName=datastore1",, "file.sslverify":"off",, "file.readahead":"64k",, "file.timeout":10@}' /tmp/test.qcow2
233-
234-@value{qemu_system_x86} -drive file=/tmp/test.qcow2
235-@end example
236-
237-@end table
238-
239-@c man end
240-
--- a/docs/system/ivshmem.texi
+++ /dev/null
@@ -1,60 +0,0 @@
1-@node pcsys_ivshmem
2-@section Inter-VM Shared Memory device
3-
4-On Linux hosts, a shared memory device is available. The basic syntax
5-is:
6-
7-@example
8-@value{qemu_system_x86} -device ivshmem-plain,memdev=@var{hostmem}
9-@end example
10-
11-where @var{hostmem} names a host memory backend. For a POSIX shared
12-memory backend, use something like
13-
14-@example
15--object memory-backend-file,size=1M,share,mem-path=/dev/shm/ivshmem,id=@var{hostmem}
16-@end example
17-
18-If desired, interrupts can be sent between guest VMs accessing the same shared
19-memory region. Interrupt support requires using a shared memory server and
20-using a chardev socket to connect to it. The code for the shared memory server
21-is qemu.git/contrib/ivshmem-server. An example syntax when using the shared
22-memory server is:
23-
24-@example
25-# First start the ivshmem server once and for all
26-ivshmem-server -p @var{pidfile} -S @var{path} -m @var{shm-name} -l @var{shm-size} -n @var{vectors}
27-
28-# Then start your qemu instances with matching arguments
29-@value{qemu_system_x86} -device ivshmem-doorbell,vectors=@var{vectors},chardev=@var{id}
30- -chardev socket,path=@var{path},id=@var{id}
31-@end example
32-
33-When using the server, the guest will be assigned a VM ID (>=0) that allows guests
34-using the same server to communicate via interrupts. Guests can read their
35-VM ID from a device register (see ivshmem-spec.txt).
36-
37-@subsection Migration with ivshmem
38-
39-With device property @option{master=on}, the guest will copy the shared
40-memory on migration to the destination host. With @option{master=off},
41-the guest will not be able to migrate with the device attached. In the
42-latter case, the device should be detached and then reattached after
43-migration using the PCI hotplug support.
44-
45-At most one of the devices sharing the same memory can be master. The
46-master must complete migration before you plug back the other devices.
47-
48-@subsection ivshmem and hugepages
49-
50-Instead of specifying the <shm size> using POSIX shm, you may specify
51-a memory backend that has hugepage support:
52-
53-@example
54-@value{qemu_system_x86} -object memory-backend-file,size=1G,mem-path=/dev/hugepages/my-shmem-file,share,id=mb1
55- -device ivshmem-plain,memdev=mb1
56-@end example
57-
58-ivshmem-server also supports hugepages mount points with the
59-@option{-m} memory path argument.
60-
--- a/docs/system/keys.texi
+++ /dev/null
@@ -1,43 +0,0 @@
1-@node pcsys_keys
2-@section Keys in the graphical frontends
3-
4-@c man begin OPTIONS
5-
6-During the graphical emulation, you can use special key combinations to change
7-modes. The default key mappings are shown below, but if you use @code{-alt-grab}
8-then the modifier is Ctrl-Alt-Shift (instead of Ctrl-Alt) and if you use
9-@code{-ctrl-grab} then the modifier is the right Ctrl key (instead of Ctrl-Alt):
10-
11-@table @key
12-@item Ctrl-Alt-f
13-Toggle full screen
14-
15-@item Ctrl-Alt-+
16-Enlarge the screen
17-
18-@item Ctrl-Alt--
19-Shrink the screen
20-
21-@item Ctrl-Alt-u
22-Restore the screen's un-scaled dimensions
23-
24-@item Ctrl-Alt-n
25-Switch to virtual console 'n'. Standard console mappings are:
26-@table @emph
27-@item 1
28-Target system display
29-@item 2
30-Monitor
31-@item 3
32-Serial port
33-@end table
34-
35-@item Ctrl-Alt
36-Toggle mouse and keyboard grab.
37-@end table
38-
39-In the virtual consoles, you can use @key{Ctrl-Up}, @key{Ctrl-Down},
40-@key{Ctrl-PageUp} and @key{Ctrl-PageDown} to move in the back log.
41-
42-@c man end
43-
--- a/docs/system/license.texi
+++ /dev/null
@@ -1,9 +0,0 @@
1-@node License
2-@appendix License
3-
4-QEMU is a trademark of Fabrice Bellard.
5-
6-QEMU is released under the
7-@url{https://www.gnu.org/licenses/gpl-2.0.txt,GNU General Public License},
8-version 2. Parts of QEMU have specific licenses, see file
9-@url{https://git.qemu.org/?p=qemu.git;a=blob_plain;f=LICENSE,LICENSE}.
--- a/docs/system/linuxboot.texi
+++ /dev/null
@@ -1,27 +0,0 @@
1-@node direct_linux_boot
2-@section Direct Linux Boot
3-
4-This section explains how to launch a Linux kernel inside QEMU without
5-having to make a full bootable image. It is very useful for fast Linux
6-kernel testing.
7-
8-The syntax is:
9-@example
10-@value{qemu_system} -kernel bzImage -hda rootdisk.img -append "root=/dev/hda"
11-@end example
12-
13-Use @option{-kernel} to provide the Linux kernel image and
14-@option{-append} to give the kernel command line arguments. The
15-@option{-initrd} option can be used to provide an INITRD image.
16-
17-If you do not need graphical output, you can disable it and redirect
18-the virtual serial port and the QEMU monitor to the console with the
19-@option{-nographic} option. The typical command line is:
20-@example
21-@value{qemu_system} -kernel bzImage -hda rootdisk.img \
22- -append "root=/dev/hda console=ttyS0" -nographic
23-@end example
24-
25-Use @key{Ctrl-a c} to switch between the serial console and the
26-monitor (@pxref{pcsys_keys}).
27-
--- a/docs/system/managed-startup.texi
+++ /dev/null
@@ -1,35 +0,0 @@
1-@node managed_startup
2-@section Managed start up options
3-
4-In system mode emulation, it's possible to create a VM in a paused state using
5-the -S command line option. In this state the machine is completely initialized
6-according to command line options and ready to execute VM code but VCPU threads
7-are not executing any code. The VM state in this paused state depends on the way
8-QEMU was started. It could be in:
9-@table @asis
10-@item initial state (after reset/power on state)
11-@item with direct kernel loading, the initial state could be amended to execute
12-code loaded by QEMU in the VM's RAM and with incoming migration
13-@item with incoming migration, initial state will by amended with the migrated
14-machine state after migration completes.
15-@end table
16-
17-This paused state is typically used by users to query machine state and/or
18-additionally configure the machine (by hotplugging devices) in runtime before
19-allowing VM code to run.
20-
21-However, at the -S pause point, it's impossible to configure options that affect
22-initial VM creation (like: -smp/-m/-numa ...) or cold plug devices. The
23-experimental --preconfig command line option allows pausing QEMU
24-before the initial VM creation, in a ``preconfig'' state, where additional
25-queries and configuration can be performed via QMP before moving on to
26-the resulting configuration startup. In the preconfig state, QEMU only allows
27-a limited set of commands over the QMP monitor, where the commands do not
28-depend on an initialized machine, including but not limited to:
29-@table @asis
30-@item qmp_capabilities
31-@item query-qmp-schema
32-@item query-commands
33-@item query-status
34-@item x-exit-preconfig
35-@end table
--- a/docs/system/monitor.texi
+++ /dev/null
@@ -1,34 +0,0 @@
1-@node pcsys_monitor
2-@section QEMU Monitor
3-
4-The QEMU monitor is used to give complex commands to the QEMU
5-emulator. You can use it to:
6-
7-@itemize @minus
8-
9-@item
10-Remove or insert removable media images
11-(such as CD-ROM or floppies).
12-
13-@item
14-Freeze/unfreeze the Virtual Machine (VM) and save or restore its state
15-from a disk file.
16-
17-@item Inspect the VM state without an external debugger.
18-
19-@end itemize
20-
21-@subsection Commands
22-
23-The following commands are available:
24-
25-@include qemu-monitor.texi
26-
27-@include qemu-monitor-info.texi
28-
29-@subsection Integer expressions
30-
31-The monitor understands integers expressions for every integer
32-argument. You can use register names to get the value of specifics
33-CPU registers by prefixing them with @emph{$}.
34-
--- a/docs/system/mux-chardev.texi
+++ /dev/null
@@ -1,44 +0,0 @@
1-@node mux_keys
2-@section Keys in the character backend multiplexer
3-
4-@c man begin OPTIONS
5-
6-During emulation, if you are using a character backend multiplexer
7-(which is the default if you are using @option{-nographic}) then
8-several commands are available via an escape sequence. These
9-key sequences all start with an escape character, which is @key{Ctrl-a}
10-by default, but can be changed with @option{-echr}. The list below assumes
11-you're using the default.
12-
13-@table @key
14-@item Ctrl-a h
15-Print this help
16-@item Ctrl-a x
17-Exit emulator
18-@item Ctrl-a s
19-Save disk data back to file (if -snapshot)
20-@item Ctrl-a t
21-Toggle console timestamps
22-@item Ctrl-a b
23-Send break (magic sysrq in Linux)
24-@item Ctrl-a c
25-Rotate between the frontends connected to the multiplexer (usually
26-this switches between the monitor and the console)
27-@item Ctrl-a Ctrl-a
28-Send the escape character to the frontend
29-@end table
30-@c man end
31-
32-@ignore
33-
34-@c man begin SEEALSO
35-The HTML documentation of QEMU for more precise information and Linux
36-user mode emulator invocation.
37-@c man end
38-
39-@c man begin AUTHOR
40-Fabrice Bellard
41-@c man end
42-
43-@end ignore
44-
--- a/docs/system/net.texi
+++ /dev/null
@@ -1,96 +0,0 @@
1-@node pcsys_network
2-@section Network emulation
3-
4-QEMU can simulate several network cards (e.g. PCI or ISA cards on the PC
5-target) and can connect them to a network backend on the host or an emulated
6-hub. The various host network backends can either be used to connect the NIC of
7-the guest to a real network (e.g. by using a TAP devices or the non-privileged
8-user mode network stack), or to other guest instances running in another QEMU
9-process (e.g. by using the socket host network backend).
10-
11-@subsection Using TAP network interfaces
12-
13-This is the standard way to connect QEMU to a real network. QEMU adds
14-a virtual network device on your host (called @code{tapN}), and you
15-can then configure it as if it was a real ethernet card.
16-
17-@subsubsection Linux host
18-
19-As an example, you can download the @file{linux-test-xxx.tar.gz}
20-archive and copy the script @file{qemu-ifup} in @file{/etc} and
21-configure properly @code{sudo} so that the command @code{ifconfig}
22-contained in @file{qemu-ifup} can be executed as root. You must verify
23-that your host kernel supports the TAP network interfaces: the
24-device @file{/dev/net/tun} must be present.
25-
26-See @ref{sec_invocation} to have examples of command lines using the
27-TAP network interfaces.
28-
29-@subsubsection Windows host
30-
31-There is a virtual ethernet driver for Windows 2000/XP systems, called
32-TAP-Win32. But it is not included in standard QEMU for Windows,
33-so you will need to get it separately. It is part of OpenVPN package,
34-so download OpenVPN from : @url{https://openvpn.net/}.
35-
36-@subsection Using the user mode network stack
37-
38-By using the option @option{-net user} (default configuration if no
39-@option{-net} option is specified), QEMU uses a completely user mode
40-network stack (you don't need root privilege to use the virtual
41-network). The virtual network configuration is the following:
42-
43-@example
44-
45- guest (10.0.2.15) <------> Firewall/DHCP server <-----> Internet
46- | (10.0.2.2)
47- |
48- ----> DNS server (10.0.2.3)
49- |
50- ----> SMB server (10.0.2.4)
51-@end example
52-
53-The QEMU VM behaves as if it was behind a firewall which blocks all
54-incoming connections. You can use a DHCP client to automatically
55-configure the network in the QEMU VM. The DHCP server assign addresses
56-to the hosts starting from 10.0.2.15.
57-
58-In order to check that the user mode network is working, you can ping
59-the address 10.0.2.2 and verify that you got an address in the range
60-10.0.2.x from the QEMU virtual DHCP server.
61-
62-Note that ICMP traffic in general does not work with user mode networking.
63-@code{ping}, aka. ICMP echo, to the local router (10.0.2.2) shall work,
64-however. If you're using QEMU on Linux >= 3.0, it can use unprivileged ICMP
65-ping sockets to allow @code{ping} to the Internet. The host admin has to set
66-the ping_group_range in order to grant access to those sockets. To allow ping
67-for GID 100 (usually users group):
68-
69-@example
70-echo 100 100 > /proc/sys/net/ipv4/ping_group_range
71-@end example
72-
73-When using the built-in TFTP server, the router is also the TFTP
74-server.
75-
76-When using the @option{'-netdev user,hostfwd=...'} option, TCP or UDP
77-connections can be redirected from the host to the guest. It allows for
78-example to redirect X11, telnet or SSH connections.
79-
80-@subsection Hubs
81-
82-QEMU can simulate several hubs. A hub can be thought of as a virtual connection
83-between several network devices. These devices can be for example QEMU virtual
84-ethernet cards or virtual Host ethernet devices (TAP devices). You can connect
85-guest NICs or host network backends to such a hub using the @option{-netdev
86-hubport} or @option{-nic hubport} options. The legacy @option{-net} option
87-also connects the given device to the emulated hub with ID 0 (i.e. the default
88-hub) unless you specify a netdev with @option{-net nic,netdev=xxx} here.
89-
90-@subsection Connecting emulated networks between QEMU instances
91-
92-Using the @option{-netdev socket} (or @option{-nic socket} or
93-@option{-net socket}) option, it is possible to create emulated
94-networks that span several QEMU instances.
95-See the description of the @option{-netdev socket} option in the
96-@ref{sec_invocation,,Invocation chapter} to have a basic example.
--- a/docs/system/qemu-option-trace.texi
+++ /dev/null
@@ -1,28 +0,0 @@
1-@c The contents of this file must be kept in sync with qemu-option-trace.rst.inc
2-@c until all the users of the texi file have been converted to rst and
3-@c the texi file can be removed.
4-
5-Specify tracing options.
6-
7-@table @option
8-@item [enable=]@var{pattern}
9-Immediately enable events matching @var{pattern}
10-(either event name or a globbing pattern). This option is only
11-available if QEMU has been compiled with the @var{simple}, @var{log}
12-or @var{ftrace} tracing backend. To specify multiple events or patterns,
13-specify the @option{-trace} option multiple times.
14-
15-Use @code{-trace help} to print a list of names of trace points.
16-
17-@item events=@var{file}
18-Immediately enable events listed in @var{file}.
19-The file must contain one event name (as listed in the @file{trace-events-all}
20-file) per line; globbing patterns are accepted too. This option is only
21-available if QEMU has been compiled with the @var{simple}, @var{log} or
22-@var{ftrace} tracing backend.
23-
24-@item file=@var{file}
25-Log output traces to @var{file}.
26-This option is only available if QEMU has been compiled with
27-the @var{simple} tracing backend.
28-@end table
--- a/docs/system/quickstart.texi
+++ /dev/null
@@ -1,12 +0,0 @@
1-@node pcsys_quickstart
2-@section Quick Start
3-
4-Download and uncompress a PC hard disk image with Linux installed (e.g.
5-@file{linux.img}) and type:
6-
7-@example
8-@value{qemu_system} linux.img
9-@end example
10-
11-Linux should boot and give you a prompt.
12-
--- a/docs/system/security.texi
+++ /dev/null
@@ -1,167 +0,0 @@
1-@node Security
2-@chapter Security
3-
4-@section Overview
5-
6-This chapter explains the security requirements that QEMU is designed to meet
7-and principles for securely deploying QEMU.
8-
9-@section Security Requirements
10-
11-QEMU supports many different use cases, some of which have stricter security
12-requirements than others. The community has agreed on the overall security
13-requirements that users may depend on. These requirements define what is
14-considered supported from a security perspective.
15-
16-@subsection Virtualization Use Case
17-
18-The virtualization use case covers cloud and virtual private server (VPS)
19-hosting, as well as traditional data center and desktop virtualization. These
20-use cases rely on hardware virtualization extensions to execute guest code
21-safely on the physical CPU at close-to-native speed.
22-
23-The following entities are untrusted, meaning that they may be buggy or
24-malicious:
25-
26-@itemize
27-@item Guest
28-@item User-facing interfaces (e.g. VNC, SPICE, WebSocket)
29-@item Network protocols (e.g. NBD, live migration)
30-@item User-supplied files (e.g. disk images, kernels, device trees)
31-@item Passthrough devices (e.g. PCI, USB)
32-@end itemize
33-
34-Bugs affecting these entities are evaluated on whether they can cause damage in
35-real-world use cases and treated as security bugs if this is the case.
36-
37-@subsection Non-virtualization Use Case
38-
39-The non-virtualization use case covers emulation using the Tiny Code Generator
40-(TCG). In principle the TCG and device emulation code used in conjunction with
41-the non-virtualization use case should meet the same security requirements as
42-the virtualization use case. However, for historical reasons much of the
43-non-virtualization use case code was not written with these security
44-requirements in mind.
45-
46-Bugs affecting the non-virtualization use case are not considered security
47-bugs at this time. Users with non-virtualization use cases must not rely on
48-QEMU to provide guest isolation or any security guarantees.
49-
50-@section Architecture
51-
52-This section describes the design principles that ensure the security
53-requirements are met.
54-
55-@subsection Guest Isolation
56-
57-Guest isolation is the confinement of guest code to the virtual machine. When
58-guest code gains control of execution on the host this is called escaping the
59-virtual machine. Isolation also includes resource limits such as throttling of
60-CPU, memory, disk, or network. Guests must be unable to exceed their resource
61-limits.
62-
63-QEMU presents an attack surface to the guest in the form of emulated devices.
64-The guest must not be able to gain control of QEMU. Bugs in emulated devices
65-could allow malicious guests to gain code execution in QEMU. At this point the
66-guest has escaped the virtual machine and is able to act in the context of the
67-QEMU process on the host.
68-
69-Guests often interact with other guests and share resources with them. A
70-malicious guest must not gain control of other guests or access their data.
71-Disk image files and network traffic must be protected from other guests unless
72-explicitly shared between them by the user.
73-
74-@subsection Principle of Least Privilege
75-
76-The principle of least privilege states that each component only has access to
77-the privileges necessary for its function. In the case of QEMU this means that
78-each process only has access to resources belonging to the guest.
79-
80-The QEMU process should not have access to any resources that are inaccessible
81-to the guest. This way the guest does not gain anything by escaping into the
82-QEMU process since it already has access to those same resources from within
83-the guest.
84-
85-Following the principle of least privilege immediately fulfills guest isolation
86-requirements. For example, guest A only has access to its own disk image file
87-@code{a.img} and not guest B's disk image file @code{b.img}.
88-
89-In reality certain resources are inaccessible to the guest but must be
90-available to QEMU to perform its function. For example, host system calls are
91-necessary for QEMU but are not exposed to guests. A guest that escapes into
92-the QEMU process can then begin invoking host system calls.
93-
94-New features must be designed to follow the principle of least privilege.
95-Should this not be possible for technical reasons, the security risk must be
96-clearly documented so users are aware of the trade-off of enabling the feature.
97-
98-@subsection Isolation mechanisms
99-
100-Several isolation mechanisms are available to realize this architecture of
101-guest isolation and the principle of least privilege. With the exception of
102-Linux seccomp, these mechanisms are all deployed by management tools that
103-launch QEMU, such as libvirt. They are also platform-specific so they are only
104-described briefly for Linux here.
105-
106-The fundamental isolation mechanism is that QEMU processes must run as
107-unprivileged users. Sometimes it seems more convenient to launch QEMU as
108-root to give it access to host devices (e.g. @code{/dev/net/tun}) but this poses a
109-huge security risk. File descriptor passing can be used to give an otherwise
110-unprivileged QEMU process access to host devices without running QEMU as root.
111-It is also possible to launch QEMU as a non-root user and configure UNIX groups
112-for access to @code{/dev/kvm}, @code{/dev/net/tun}, and other device nodes.
113-Some Linux distros already ship with UNIX groups for these devices by default.
114-
115-@itemize
116-@item SELinux and AppArmor make it possible to confine processes beyond the
117-traditional UNIX process and file permissions model. They restrict the QEMU
118-process from accessing processes and files on the host system that are not
119-needed by QEMU.
120-
121-@item Resource limits and cgroup controllers provide throughput and utilization
122-limits on key resources such as CPU time, memory, and I/O bandwidth.
123-
124-@item Linux namespaces can be used to make process, file system, and other system
125-resources unavailable to QEMU. A namespaced QEMU process is restricted to only
126-those resources that were granted to it.
127-
128-@item Linux seccomp is available via the QEMU @option{--sandbox} option. It disables
129-system calls that are not needed by QEMU, thereby reducing the host kernel
130-attack surface.
131-@end itemize
132-
133-@section Sensitive configurations
134-
135-There are aspects of QEMU that can have security implications which users &
136-management applications must be aware of.
137-
138-@subsection Monitor console (QMP and HMP)
139-
140-The monitor console (whether used with QMP or HMP) provides an interface
141-to dynamically control many aspects of QEMU's runtime operation. Many of the
142-commands exposed will instruct QEMU to access content on the host file system
143-and/or trigger spawning of external processes.
144-
145-For example, the @code{migrate} command allows for the spawning of arbitrary
146-processes for the purpose of tunnelling the migration data stream. The
147-@code{blockdev-add} command instructs QEMU to open arbitrary files, exposing
148-their content to the guest as a virtual disk.
149-
150-Unless QEMU is otherwise confined using technologies such as SELinux, AppArmor,
151-or Linux namespaces, the monitor console should be considered to have privileges
152-equivalent to those of the user account QEMU is running under.
153-
154-It is further important to consider the security of the character device backend
155-over which the monitor console is exposed. It needs to have protection against
156-malicious third parties which might try to make unauthorized connections, or
157-perform man-in-the-middle attacks. Many of the character device backends do not
158-satisfy this requirement and so must not be used for the monitor console.
159-
160-The general recommendation is that the monitor console should be exposed over
161-a UNIX domain socket backend to the local host only. Use of the TCP based
162-character device backend is inappropriate unless configured to use both TLS
163-encryption and authorization control policy on client connections.
164-
165-In summary, the monitor console is considered a privileged control interface to
166-QEMU and as such should only be made accessible to a trusted management
167-application or user.
--- a/docs/system/target-arm.texi
+++ /dev/null
@@ -1,245 +0,0 @@
1-@node ARM System emulator
2-@section ARM System emulator
3-
4-Use the executable @file{qemu-system-arm} to simulate a ARM
5-machine. The ARM Integrator/CP board is emulated with the following
6-devices:
7-
8-@itemize @minus
9-@item
10-ARM926E, ARM1026E, ARM946E, ARM1136 or Cortex-A8 CPU
11-@item
12-Two PL011 UARTs
13-@item
14-SMC 91c111 Ethernet adapter
15-@item
16-PL110 LCD controller
17-@item
18-PL050 KMI with PS/2 keyboard and mouse.
19-@item
20-PL181 MultiMedia Card Interface with SD card.
21-@end itemize
22-
23-The ARM Versatile baseboard is emulated with the following devices:
24-
25-@itemize @minus
26-@item
27-ARM926E, ARM1136 or Cortex-A8 CPU
28-@item
29-PL190 Vectored Interrupt Controller
30-@item
31-Four PL011 UARTs
32-@item
33-SMC 91c111 Ethernet adapter
34-@item
35-PL110 LCD controller
36-@item
37-PL050 KMI with PS/2 keyboard and mouse.
38-@item
39-PCI host bridge. Note the emulated PCI bridge only provides access to
40-PCI memory space. It does not provide access to PCI IO space.
41-This means some devices (eg. ne2k_pci NIC) are not usable, and others
42-(eg. rtl8139 NIC) are only usable when the guest drivers use the memory
43-mapped control registers.
44-@item
45-PCI OHCI USB controller.
46-@item
47-LSI53C895A PCI SCSI Host Bus Adapter with hard disk and CD-ROM devices.
48-@item
49-PL181 MultiMedia Card Interface with SD card.
50-@end itemize
51-
52-Several variants of the ARM RealView baseboard are emulated,
53-including the EB, PB-A8 and PBX-A9. Due to interactions with the
54-bootloader, only certain Linux kernel configurations work out
55-of the box on these boards.
56-
57-Kernels for the PB-A8 board should have CONFIG_REALVIEW_HIGH_PHYS_OFFSET
58-enabled in the kernel, and expect 512M RAM. Kernels for The PBX-A9 board
59-should have CONFIG_SPARSEMEM enabled, CONFIG_REALVIEW_HIGH_PHYS_OFFSET
60-disabled and expect 1024M RAM.
61-
62-The following devices are emulated:
63-
64-@itemize @minus
65-@item
66-ARM926E, ARM1136, ARM11MPCore, Cortex-A8 or Cortex-A9 MPCore CPU
67-@item
68-ARM AMBA Generic/Distributed Interrupt Controller
69-@item
70-Four PL011 UARTs
71-@item
72-SMC 91c111 or SMSC LAN9118 Ethernet adapter
73-@item
74-PL110 LCD controller
75-@item
76-PL050 KMI with PS/2 keyboard and mouse
77-@item
78-PCI host bridge
79-@item
80-PCI OHCI USB controller
81-@item
82-LSI53C895A PCI SCSI Host Bus Adapter with hard disk and CD-ROM devices
83-@item
84-PL181 MultiMedia Card Interface with SD card.
85-@end itemize
86-
87-The XScale-based clamshell PDA models ("Spitz", "Akita", "Borzoi"
88-and "Terrier") emulation includes the following peripherals:
89-
90-@itemize @minus
91-@item
92-Intel PXA270 System-on-chip (ARM V5TE core)
93-@item
94-NAND Flash memory
95-@item
96-IBM/Hitachi DSCM microdrive in a PXA PCMCIA slot - not in "Akita"
97-@item
98-On-chip OHCI USB controller
99-@item
100-On-chip LCD controller
101-@item
102-On-chip Real Time Clock
103-@item
104-TI ADS7846 touchscreen controller on SSP bus
105-@item
106-Maxim MAX1111 analog-digital converter on I@math{^2}C bus
107-@item
108-GPIO-connected keyboard controller and LEDs
109-@item
110-Secure Digital card connected to PXA MMC/SD host
111-@item
112-Three on-chip UARTs
113-@item
114-WM8750 audio CODEC on I@math{^2}C and I@math{^2}S busses
115-@end itemize
116-
117-The Palm Tungsten|E PDA (codename "Cheetah") emulation includes the
118-following elements:
119-
120-@itemize @minus
121-@item
122-Texas Instruments OMAP310 System-on-chip (ARM 925T core)
123-@item
124-ROM and RAM memories (ROM firmware image can be loaded with -option-rom)
125-@item
126-On-chip LCD controller
127-@item
128-On-chip Real Time Clock
129-@item
130-TI TSC2102i touchscreen controller / analog-digital converter / Audio
131-CODEC, connected through MicroWire and I@math{^2}S busses
132-@item
133-GPIO-connected matrix keypad
134-@item
135-Secure Digital card connected to OMAP MMC/SD host
136-@item
137-Three on-chip UARTs
138-@end itemize
139-
140-Nokia N800 and N810 internet tablets (known also as RX-34 and RX-44 / 48)
141-emulation supports the following elements:
142-
143-@itemize @minus
144-@item
145-Texas Instruments OMAP2420 System-on-chip (ARM 1136 core)
146-@item
147-RAM and non-volatile OneNAND Flash memories
148-@item
149-Display connected to EPSON remote framebuffer chip and OMAP on-chip
150-display controller and a LS041y3 MIPI DBI-C controller
151-@item
152-TI TSC2301 (in N800) and TI TSC2005 (in N810) touchscreen controllers
153-driven through SPI bus
154-@item
155-National Semiconductor LM8323-controlled qwerty keyboard driven
156-through I@math{^2}C bus
157-@item
158-Secure Digital card connected to OMAP MMC/SD host
159-@item
160-Three OMAP on-chip UARTs and on-chip STI debugging console
161-@item
162-Mentor Graphics "Inventra" dual-role USB controller embedded in a TI
163-TUSB6010 chip - only USB host mode is supported
164-@item
165-TI TMP105 temperature sensor driven through I@math{^2}C bus
166-@item
167-TI TWL92230C power management companion with an RTC on I@math{^2}C bus
168-@item
169-Nokia RETU and TAHVO multi-purpose chips with an RTC, connected
170-through CBUS
171-@end itemize
172-
173-The Luminary Micro Stellaris LM3S811EVB emulation includes the following
174-devices:
175-
176-@itemize @minus
177-@item
178-Cortex-M3 CPU core.
179-@item
180-64k Flash and 8k SRAM.
181-@item
182-Timers, UARTs, ADC and I@math{^2}C interface.
183-@item
184-OSRAM Pictiva 96x16 OLED with SSD0303 controller on I@math{^2}C bus.
185-@end itemize
186-
187-The Luminary Micro Stellaris LM3S6965EVB emulation includes the following
188-devices:
189-
190-@itemize @minus
191-@item
192-Cortex-M3 CPU core.
193-@item
194-256k Flash and 64k SRAM.
195-@item
196-Timers, UARTs, ADC, I@math{^2}C and SSI interfaces.
197-@item
198-OSRAM Pictiva 128x64 OLED with SSD0323 controller connected via SSI.
199-@end itemize
200-
201-The Freecom MusicPal internet radio emulation includes the following
202-elements:
203-
204-@itemize @minus
205-@item
206-Marvell MV88W8618 ARM core.
207-@item
208-32 MB RAM, 256 KB SRAM, 8 MB flash.
209-@item
210-Up to 2 16550 UARTs
211-@item
212-MV88W8xx8 Ethernet controller
213-@item
214-MV88W8618 audio controller, WM8750 CODEC and mixer
215-@item
216-128×64 display with brightness control
217-@item
218-2 buttons, 2 navigation wheels with button function
219-@end itemize
220-
221-The Siemens SX1 models v1 and v2 (default) basic emulation.
222-The emulation includes the following elements:
223-
224-@itemize @minus
225-@item
226-Texas Instruments OMAP310 System-on-chip (ARM 925T core)
227-@item
228-ROM and RAM memories (ROM firmware image can be loaded with -pflash)
229-V1
230-1 Flash of 16MB and 1 Flash of 8MB
231-V2
232-1 Flash of 32MB
233-@item
234-On-chip LCD controller
235-@item
236-On-chip Real Time Clock
237-@item
238-Secure Digital card connected to OMAP MMC/SD host
239-@item
240-Three on-chip UARTs
241-@end itemize
242-
243-A Linux 2.6 test image is available on the QEMU web site. More
244-information is available in the QEMU mailing-list archive.
245-
--- a/docs/system/target-i386.texi
+++ /dev/null
@@ -1,91 +0,0 @@
1-@node x86 (PC) System emulator
2-@section x86 (PC) System emulator
3-
4-@menu
5-* pcsys_devices:: Peripherals
6-* cpu_models_x86:: CPU models
7-* pcsys_req:: OS requirements
8-@end menu
9-
10-@node pcsys_devices
11-@subsection Peripherals
12-
13-@c man begin DESCRIPTION
14-
15-The QEMU PC System emulator simulates the following peripherals:
16-
17-@itemize @minus
18-@item
19-i440FX host PCI bridge and PIIX3 PCI to ISA bridge
20-@item
21-Cirrus CLGD 5446 PCI VGA card or dummy VGA card with Bochs VESA
22-extensions (hardware level, including all non standard modes).
23-@item
24-PS/2 mouse and keyboard
25-@item
26-2 PCI IDE interfaces with hard disk and CD-ROM support
27-@item
28-Floppy disk
29-@item
30-PCI and ISA network adapters
31-@item
32-Serial ports
33-@item
34-IPMI BMC, either and internal or external one
35-@item
36-Creative SoundBlaster 16 sound card
37-@item
38-ENSONIQ AudioPCI ES1370 sound card
39-@item
40-Intel 82801AA AC97 Audio compatible sound card
41-@item
42-Intel HD Audio Controller and HDA codec
43-@item
44-Adlib (OPL2) - Yamaha YM3812 compatible chip
45-@item
46-Gravis Ultrasound GF1 sound card
47-@item
48-CS4231A compatible sound card
49-@item
50-PCI UHCI, OHCI, EHCI or XHCI USB controller and a virtual USB-1.1 hub.
51-@end itemize
52-
53-SMP is supported with up to 255 CPUs.
54-
55-QEMU uses the PC BIOS from the Seabios project and the Plex86/Bochs LGPL
56-VGA BIOS.
57-
58-QEMU uses YM3812 emulation by Tatsuyuki Satoh.
59-
60-QEMU uses GUS emulation (GUSEMU32 @url{http://www.deinmeister.de/gusemu/})
61-by Tibor "TS" Schütz.
62-
63-Note that, by default, GUS shares IRQ(7) with parallel ports and so
64-QEMU must be told to not have parallel ports to have working GUS.
65-
66-@example
67-@value{qemu_system_x86} dos.img -soundhw gus -parallel none
68-@end example
69-
70-Alternatively:
71-@example
72-@value{qemu_system_x86} dos.img -device gus,irq=5
73-@end example
74-
75-Or some other unclaimed IRQ.
76-
77-CS4231A is the chip used in Windows Sound System and GUSMAX products
78-
79-@c man end
80-
81-@lowersections
82-@include docs/system/cpu-models-x86.texi
83-@raisesections
84-
85-@node pcsys_req
86-@subsection OS requirements
87-
88-On x86_64 hosts, the default set of CPU features enabled by the KVM accelerator
89-require the host to be running Linux v4.5 or newer. Red Hat Enterprise Linux
90-7 is also supported, since the required functionality was backported.
91-
--- a/docs/system/target-m68k.texi
+++ /dev/null
@@ -1,25 +0,0 @@
1-@node ColdFire System emulator
2-@section ColdFire System emulator
3-
4-Use the executable @file{qemu-system-m68k} to simulate a ColdFire machine.
5-The emulator is able to boot a uClinux kernel.
6-
7-The M5208EVB emulation includes the following devices:
8-
9-@itemize @minus
10-@item
11-MCF5208 ColdFire V2 Microprocessor (ISA A+ with EMAC).
12-@item
13-Three Two on-chip UARTs.
14-@item
15-Fast Ethernet Controller (FEC)
16-@end itemize
17-
18-The AN5206 emulation includes the following devices:
19-
20-@itemize @minus
21-@item
22-MCF5206 ColdFire V2 Microprocessor.
23-@item
24-Two on-chip UARTs.
25-@end itemize
--- a/docs/system/target-mips.texi
+++ /dev/null
@@ -1,150 +0,0 @@
1-@node MIPS System emulator
2-@section MIPS System emulator
3-
4-@menu
5-* recommendations_cpu_models_MIPS:: Supported CPU model configurations on MIPS hosts
6-* nanoMIPS System emulator ::
7-@end menu
8-
9-Four executables cover simulation of 32 and 64-bit MIPS systems in
10-both endian options, @file{qemu-system-mips}, @file{qemu-system-mipsel}
11-@file{qemu-system-mips64} and @file{qemu-system-mips64el}.
12-Five different machine types are emulated:
13-
14-@itemize @minus
15-@item
16-A generic ISA PC-like machine "mips"
17-@item
18-The MIPS Malta prototype board "malta"
19-@item
20-An ACER Pica "pica61". This machine needs the 64-bit emulator.
21-@item
22-MIPS emulator pseudo board "mipssim"
23-@item
24-A MIPS Magnum R4000 machine "magnum". This machine needs the 64-bit emulator.
25-@end itemize
26-
27-The generic emulation is supported by Debian 'Etch' and is able to
28-install Debian into a virtual disk image. The following devices are
29-emulated:
30-
31-@itemize @minus
32-@item
33-A range of MIPS CPUs, default is the 24Kf
34-@item
35-PC style serial port
36-@item
37-PC style IDE disk
38-@item
39-NE2000 network card
40-@end itemize
41-
42-The Malta emulation supports the following devices:
43-
44-@itemize @minus
45-@item
46-Core board with MIPS 24Kf CPU and Galileo system controller
47-@item
48-PIIX4 PCI/USB/SMbus controller
49-@item
50-The Multi-I/O chip's serial device
51-@item
52-PCI network cards (PCnet32 and others)
53-@item
54-Malta FPGA serial device
55-@item
56-Cirrus (default) or any other PCI VGA graphics card
57-@end itemize
58-
59-The Boston board emulation supports the following devices:
60-
61-@itemize @minus
62-@item
63-Xilinx FPGA, which includes a PCIe root port and an UART
64-@item
65-Intel EG20T PCH connects the I/O peripherals, but only the SATA bus is emulated
66-@end itemize
67-
68-The ACER Pica emulation supports:
69-
70-@itemize @minus
71-@item
72-MIPS R4000 CPU
73-@item
74-PC-style IRQ and DMA controllers
75-@item
76-PC Keyboard
77-@item
78-IDE controller
79-@end itemize
80-
81-The MIPS Magnum R4000 emulation supports:
82-
83-@itemize @minus
84-@item
85-MIPS R4000 CPU
86-@item
87-PC-style IRQ controller
88-@item
89-PC Keyboard
90-@item
91-SCSI controller
92-@item
93-G364 framebuffer
94-@end itemize
95-
96-The Fulong 2E emulation supports:
97-
98-@itemize @minus
99-@item
100-Loongson 2E CPU
101-@item
102-Bonito64 system controller as North Bridge
103-@item
104-VT82C686 chipset as South Bridge
105-@item
106-RTL8139D as a network card chipset
107-@end itemize
108-
109-The mipssim pseudo board emulation provides an environment similar
110-to what the proprietary MIPS emulator uses for running Linux.
111-It supports:
112-
113-@itemize @minus
114-@item
115-A range of MIPS CPUs, default is the 24Kf
116-@item
117-PC style serial port
118-@item
119-MIPSnet network emulation
120-@end itemize
121-
122-@lowersections
123-@include docs/system/cpu-models-mips.texi
124-@raisesections
125-
126-@node nanoMIPS System emulator
127-@subsection nanoMIPS System emulator
128-
129-Executable @file{qemu-system-mipsel} also covers simulation of
130-32-bit nanoMIPS system in little endian mode:
131-
132-@itemize @minus
133-@item
134-nanoMIPS I7200 CPU
135-@end itemize
136-
137-Example of @file{qemu-system-mipsel} usage for nanoMIPS is shown below:
138-
139-Download @code{<disk_image_file>} from @url{https://mipsdistros.mips.com/LinuxDistro/nanomips/buildroot/index.html}.
140-
141-Download @code{<kernel_image_file>} from @url{https://mipsdistros.mips.com/LinuxDistro/nanomips/kernels/v4.15.18-432-gb2eb9a8b07a1-20180627102142/index.html}.
142-
143-Start system emulation of Malta board with nanoMIPS I7200 CPU:
144-@example
145-qemu-system-mipsel -cpu I7200 -kernel @code{<kernel_image_file>} \
146- -M malta -serial stdio -m @code{<memory_size>} -hda @code{<disk_image_file>} \
147- -append "mem=256m@@0x0 rw console=ttyS0 vga=cirrus vesa=0x111 root=/dev/sda"
148-@end example
149-
150-
--- a/docs/system/target-ppc.texi
+++ /dev/null
@@ -1,52 +0,0 @@
1-@node PowerPC System emulator
2-@section PowerPC System emulator
3-
4-Use the executable @file{qemu-system-ppc} to simulate a complete 40P (PREP)
5-or PowerMac PowerPC system.
6-
7-QEMU emulates the following PowerMac peripherals:
8-
9-@itemize @minus
10-@item
11-UniNorth or Grackle PCI Bridge
12-@item
13-PCI VGA compatible card with VESA Bochs Extensions
14-@item
15-2 PMAC IDE interfaces with hard disk and CD-ROM support
16-@item
17-NE2000 PCI adapters
18-@item
19-Non Volatile RAM
20-@item
21-VIA-CUDA with ADB keyboard and mouse.
22-@end itemize
23-
24-QEMU emulates the following 40P (PREP) peripherals:
25-
26-@itemize @minus
27-@item
28-PCI Bridge
29-@item
30-PCI VGA compatible card with VESA Bochs Extensions
31-@item
32-2 IDE interfaces with hard disk and CD-ROM support
33-@item
34-Floppy disk
35-@item
36-PCnet network adapters
37-@item
38-Serial port
39-@item
40-PREP Non Volatile RAM
41-@item
42-PC compatible keyboard and mouse.
43-@end itemize
44-
45-Since version 0.9.1, QEMU uses OpenBIOS @url{https://www.openbios.org/}
46-for the g3beige and mac99 PowerMac and the 40p machines. OpenBIOS is a free
47-(GPL v2) portable firmware implementation. The goal is to implement a 100%
48-IEEE 1275-1994 (referred to as Open Firmware) compliant firmware.
49-
50-More information is available at
51-@url{http://perso.magic.fr/l_indien/qemu-ppc/}.
52-
--- a/docs/system/target-sparc.texi
+++ /dev/null
@@ -1,68 +0,0 @@
1-@node Sparc32 System emulator
2-@section Sparc32 System emulator
3-
4-Use the executable @file{qemu-system-sparc} to simulate the following
5-Sun4m architecture machines:
6-@itemize @minus
7-@item
8-SPARCstation 4
9-@item
10-SPARCstation 5
11-@item
12-SPARCstation 10
13-@item
14-SPARCstation 20
15-@item
16-SPARCserver 600MP
17-@item
18-SPARCstation LX
19-@item
20-SPARCstation Voyager
21-@item
22-SPARCclassic
23-@item
24-SPARCbook
25-@end itemize
26-
27-The emulation is somewhat complete. SMP up to 16 CPUs is supported,
28-but Linux limits the number of usable CPUs to 4.
29-
30-QEMU emulates the following sun4m peripherals:
31-
32-@itemize @minus
33-@item
34-IOMMU
35-@item
36-TCX or cgthree Frame buffer
37-@item
38-Lance (Am7990) Ethernet
39-@item
40-Non Volatile RAM M48T02/M48T08
41-@item
42-Slave I/O: timers, interrupt controllers, Zilog serial ports, keyboard
43-and power/reset logic
44-@item
45-ESP SCSI controller with hard disk and CD-ROM support
46-@item
47-Floppy drive (not on SS-600MP)
48-@item
49-CS4231 sound device (only on SS-5, not working yet)
50-@end itemize
51-
52-The number of peripherals is fixed in the architecture. Maximum
53-memory size depends on the machine type, for SS-5 it is 256MB and for
54-others 2047MB.
55-
56-Since version 0.8.2, QEMU uses OpenBIOS
57-@url{https://www.openbios.org/}. OpenBIOS is a free (GPL v2) portable
58-firmware implementation. The goal is to implement a 100% IEEE
59-1275-1994 (referred to as Open Firmware) compliant firmware.
60-
61-A sample Linux 2.6 series kernel and ram disk image are available on
62-the QEMU web site. There are still issues with NetBSD and OpenBSD, but
63-most kernel versions work. Please note that currently older Solaris kernels
64-don't work probably due to interface issues between OpenBIOS and
65-Solaris.
66-
67-@c man end
68-
--- a/docs/system/target-sparc64.texi
+++ /dev/null
@@ -1,38 +0,0 @@
1-@node Sparc64 System emulator
2-@section Sparc64 System emulator
3-
4-Use the executable @file{qemu-system-sparc64} to simulate a Sun4u
5-(UltraSPARC PC-like machine), Sun4v (T1 PC-like machine), or generic
6-Niagara (T1) machine. The Sun4u emulator is mostly complete, being
7-able to run Linux, NetBSD and OpenBSD in headless (-nographic) mode. The
8-Sun4v emulator is still a work in progress.
9-
10-The Niagara T1 emulator makes use of firmware and OS binaries supplied in the S10image/ directory
11-of the OpenSPARC T1 project @url{http://download.oracle.com/technetwork/systems/opensparc/OpenSPARCT1_Arch.1.5.tar.bz2}
12-and is able to boot the disk.s10hw2 Solaris image.
13-@example
14-qemu-system-sparc64 -M niagara -L /path-to/S10image/ \
15- -nographic -m 256 \
16- -drive if=pflash,readonly=on,file=/S10image/disk.s10hw2
17-@end example
18-
19-
20-QEMU emulates the following peripherals:
21-
22-@itemize @minus
23-@item
24-UltraSparc IIi APB PCI Bridge
25-@item
26-PCI VGA compatible card with VESA Bochs Extensions
27-@item
28-PS/2 mouse and keyboard
29-@item
30-Non Volatile RAM M48T59
31-@item
32-PC-compatible serial ports
33-@item
34-2 PCI IDE interfaces with hard disk and CD-ROM support
35-@item
36-Floppy disk
37-@end itemize
38-
--- a/docs/system/target-xtensa.texi
+++ /dev/null
@@ -1,35 +0,0 @@
1-@node Xtensa System emulator
2-@section Xtensa System emulator
3-
4-Two executables cover simulation of both Xtensa endian options,
5-@file{qemu-system-xtensa} and @file{qemu-system-xtensaeb}.
6-Two different machine types are emulated:
7-
8-@itemize @minus
9-@item
10-Xtensa emulator pseudo board "sim"
11-@item
12-Avnet LX60/LX110/LX200 board
13-@end itemize
14-
15-The sim pseudo board emulation provides an environment similar
16-to one provided by the proprietary Tensilica ISS.
17-It supports:
18-
19-@itemize @minus
20-@item
21-A range of Xtensa CPUs, default is the DC232B
22-@item
23-Console and filesystem access via semihosting calls
24-@end itemize
25-
26-The Avnet LX60/LX110/LX200 emulation supports:
27-
28-@itemize @minus
29-@item
30-A range of Xtensa CPUs, default is the DC232B
31-@item
32-16550 UART
33-@item
34-OpenCores 10/100 Mbps Ethernet MAC
35-@end itemize
--- a/docs/system/tls.texi
+++ /dev/null
@@ -1,329 +0,0 @@
1-@node network_tls
2-@section TLS setup for network services
3-
4-Almost all network services in QEMU have the ability to use TLS for
5-session data encryption, along with x509 certificates for simple
6-client authentication. What follows is a description of how to
7-generate certificates suitable for usage with QEMU, and applies to
8-the VNC server, character devices with the TCP backend, NBD server
9-and client, and migration server and client.
10-
11-At a high level, QEMU requires certificates and private keys to be
12-provided in PEM format. Aside from the core fields, the certificates
13-should include various extension data sets, including v3 basic
14-constraints data, key purpose, key usage and subject alt name.
15-
16-The GnuTLS package includes a command called @code{certtool} which can
17-be used to easily generate certificates and keys in the required format
18-with expected data present. Alternatively a certificate management
19-service may be used.
20-
21-At a minimum it is necessary to setup a certificate authority, and
22-issue certificates to each server. If using x509 certificates for
23-authentication, then each client will also need to be issued a
24-certificate.
25-
26-Assuming that the QEMU network services will only ever be exposed to
27-clients on a private intranet, there is no need to use a commercial
28-certificate authority to create certificates. A self-signed CA is
29-sufficient, and in fact likely to be more secure since it removes
30-the ability of malicious 3rd parties to trick the CA into mis-issuing
31-certs for impersonating your services. The only likely exception
32-where a commercial CA might be desirable is if enabling the VNC
33-websockets server and exposing it directly to remote browser clients.
34-In such a case it might be useful to use a commercial CA to avoid
35-needing to install custom CA certs in the web browsers.
36-
37-The recommendation is for the server to keep its certificates in either
38-@code{/etc/pki/qemu} or for unprivileged users in @code{$HOME/.pki/qemu}.
39-
40-@menu
41-* tls_generate_ca::
42-* tls_generate_server::
43-* tls_generate_client::
44-* tls_creds_setup::
45-* tls_psk::
46-@end menu
47-@node tls_generate_ca
48-@subsection Setup the Certificate Authority
49-
50-This step only needs to be performed once per organization / organizational
51-unit. First the CA needs a private key. This key must be kept VERY secret
52-and secure. If this key is compromised the entire trust chain of the certificates
53-issued with it is lost.
54-
55-@example
56-# certtool --generate-privkey > ca-key.pem
57-@end example
58-
59-To generate a self-signed certificate requires one core piece of information,
60-the name of the organization. A template file @code{ca.info} should be
61-populated with the desired data to avoid having to deal with interactive
62-prompts from certtool:
63-@example
64-# cat > ca.info <<EOF
65-cn = Name of your organization
66-ca
67-cert_signing_key
68-EOF
69-# certtool --generate-self-signed \
70- --load-privkey ca-key.pem
71- --template ca.info \
72- --outfile ca-cert.pem
73-@end example
74-
75-The @code{ca} keyword in the template sets the v3 basic constraints extension
76-to indicate this certificate is for a CA, while @code{cert_signing_key} sets
77-the key usage extension to indicate this will be used for signing other keys.
78-The generated @code{ca-cert.pem} file should be copied to all servers and
79-clients wishing to utilize TLS support in the VNC server. The @code{ca-key.pem}
80-must not be disclosed/copied anywhere except the host responsible for issuing
81-certificates.
82-
83-@node tls_generate_server
84-@subsection Issuing server certificates
85-
86-Each server (or host) needs to be issued with a key and certificate. When connecting
87-the certificate is sent to the client which validates it against the CA certificate.
88-The core pieces of information for a server certificate are the hostnames and/or IP
89-addresses that will be used by clients when connecting. The hostname / IP address
90-that the client specifies when connecting will be validated against the hostname(s)
91-and IP address(es) recorded in the server certificate, and if no match is found
92-the client will close the connection.
93-
94-Thus it is recommended that the server certificate include both the fully qualified
95-and unqualified hostnames. If the server will have permanently assigned IP address(es),
96-and clients are likely to use them when connecting, they may also be included in the
97-certificate. Both IPv4 and IPv6 addresses are supported. Historically certificates
98-only included 1 hostname in the @code{CN} field, however, usage of this field for
99-validation is now deprecated. Instead modern TLS clients will validate against the
100-Subject Alt Name extension data, which allows for multiple entries. In the future
101-usage of the @code{CN} field may be discontinued entirely, so providing SAN
102-extension data is strongly recommended.
103-
104-On the host holding the CA, create template files containing the information
105-for each server, and use it to issue server certificates.
106-
107-@example
108-# cat > server-hostNNN.info <<EOF
109-organization = Name of your organization
110-cn = hostNNN.foo.example.com
111-dns_name = hostNNN
112-dns_name = hostNNN.foo.example.com
113-ip_address = 10.0.1.87
114-ip_address = 192.8.0.92
115-ip_address = 2620:0:cafe::87
116-ip_address = 2001:24::92
117-tls_www_server
118-encryption_key
119-signing_key
120-EOF
121-# certtool --generate-privkey > server-hostNNN-key.pem
122-# certtool --generate-certificate \
123- --load-ca-certificate ca-cert.pem \
124- --load-ca-privkey ca-key.pem \
125- --load-privkey server-hostNNN-key.pem \
126- --template server-hostNNN.info \
127- --outfile server-hostNNN-cert.pem
128-@end example
129-
130-The @code{dns_name} and @code{ip_address} fields in the template are setting
131-the subject alt name extension data. The @code{tls_www_server} keyword is the
132-key purpose extension to indicate this certificate is intended for usage in
133-a web server. Although QEMU network services are not in fact HTTP servers
134-(except for VNC websockets), setting this key purpose is still recommended.
135-The @code{encryption_key} and @code{signing_key} keyword is the key usage
136-extension to indicate this certificate is intended for usage in the data
137-session.
138-
139-The @code{server-hostNNN-key.pem} and @code{server-hostNNN-cert.pem} files
140-should now be securely copied to the server for which they were generated,
141-and renamed to @code{server-key.pem} and @code{server-cert.pem} when added
142-to the @code{/etc/pki/qemu} directory on the target host. The @code{server-key.pem}
143-file is security sensitive and should be kept protected with file mode 0600
144-to prevent disclosure.
145-
146-@node tls_generate_client
147-@subsection Issuing client certificates
148-
149-The QEMU x509 TLS credential setup defaults to enabling client verification
150-using certificates, providing a simple authentication mechanism. If this
151-default is used, each client also needs to be issued a certificate. The client
152-certificate contains enough metadata to uniquely identify the client with the
153-scope of the certificate authority. The client certificate would typically
154-include fields for organization, state, city, building, etc.
155-
156-Once again on the host holding the CA, create template files containing the
157-information for each client, and use it to issue client certificates.
158-
159-
160-@example
161-# cat > client-hostNNN.info <<EOF
162-country = GB
163-state = London
164-locality = City Of London
165-organization = Name of your organization
166-cn = hostNNN.foo.example.com
167-tls_www_client
168-encryption_key
169-signing_key
170-EOF
171-# certtool --generate-privkey > client-hostNNN-key.pem
172-# certtool --generate-certificate \
173- --load-ca-certificate ca-cert.pem \
174- --load-ca-privkey ca-key.pem \
175- --load-privkey client-hostNNN-key.pem \
176- --template client-hostNNN.info \
177- --outfile client-hostNNN-cert.pem
178-@end example
179-
180-The subject alt name extension data is not required for clients, so the
181-the @code{dns_name} and @code{ip_address} fields are not included.
182-The @code{tls_www_client} keyword is the key purpose extension to indicate
183-this certificate is intended for usage in a web client. Although QEMU
184-network clients are not in fact HTTP clients, setting this key purpose is
185-still recommended. The @code{encryption_key} and @code{signing_key} keyword
186-is the key usage extension to indicate this certificate is intended for
187-usage in the data session.
188-
189-The @code{client-hostNNN-key.pem} and @code{client-hostNNN-cert.pem} files
190-should now be securely copied to the client for which they were generated,
191-and renamed to @code{client-key.pem} and @code{client-cert.pem} when added
192-to the @code{/etc/pki/qemu} directory on the target host. The @code{client-key.pem}
193-file is security sensitive and should be kept protected with file mode 0600
194-to prevent disclosure.
195-
196-If a single host is going to be using TLS in both a client and server
197-role, it is possible to create a single certificate to cover both roles.
198-This would be quite common for the migration and NBD services, where a
199-QEMU process will be started by accepting a TLS protected incoming migration,
200-and later itself be migrated out to another host. To generate a single
201-certificate, simply include the template data from both the client and server
202-instructions in one.
203-
204-@example
205-# cat > both-hostNNN.info <<EOF
206-country = GB
207-state = London
208-locality = City Of London
209-organization = Name of your organization
210-cn = hostNNN.foo.example.com
211-dns_name = hostNNN
212-dns_name = hostNNN.foo.example.com
213-ip_address = 10.0.1.87
214-ip_address = 192.8.0.92
215-ip_address = 2620:0:cafe::87
216-ip_address = 2001:24::92
217-tls_www_server
218-tls_www_client
219-encryption_key
220-signing_key
221-EOF
222-# certtool --generate-privkey > both-hostNNN-key.pem
223-# certtool --generate-certificate \
224- --load-ca-certificate ca-cert.pem \
225- --load-ca-privkey ca-key.pem \
226- --load-privkey both-hostNNN-key.pem \
227- --template both-hostNNN.info \
228- --outfile both-hostNNN-cert.pem
229-@end example
230-
231-When copying the PEM files to the target host, save them twice,
232-once as @code{server-cert.pem} and @code{server-key.pem}, and
233-again as @code{client-cert.pem} and @code{client-key.pem}.
234-
235-@node tls_creds_setup
236-@subsection TLS x509 credential configuration
237-
238-QEMU has a standard mechanism for loading x509 credentials that will be
239-used for network services and clients. It requires specifying the
240-@code{tls-creds-x509} class name to the @code{--object} command line
241-argument for the system emulators. Each set of credentials loaded should
242-be given a unique string identifier via the @code{id} parameter. A single
243-set of TLS credentials can be used for multiple network backends, so VNC,
244-migration, NBD, character devices can all share the same credentials. Note,
245-however, that credentials for use in a client endpoint must be loaded
246-separately from those used in a server endpoint.
247-
248-When specifying the object, the @code{dir} parameters specifies which
249-directory contains the credential files. This directory is expected to
250-contain files with the names mentioned previously, @code{ca-cert.pem},
251-@code{server-key.pem}, @code{server-cert.pem}, @code{client-key.pem}
252-and @code{client-cert.pem} as appropriate. It is also possible to
253-include a set of pre-generated Diffie-Hellman (DH) parameters in a file
254-@code{dh-params.pem}, which can be created using the
255-@code{certtool --generate-dh-params} command. If omitted, QEMU will
256-dynamically generate DH parameters when loading the credentials.
257-
258-The @code{endpoint} parameter indicates whether the credentials will
259-be used for a network client or server, and determines which PEM
260-files are loaded.
261-
262-The @code{verify} parameter determines whether x509 certificate
263-validation should be performed. This defaults to enabled, meaning
264-clients will always validate the server hostname against the
265-certificate subject alt name fields and/or CN field. It also
266-means that servers will request that clients provide a certificate
267-and validate them. Verification should never be turned off for
268-client endpoints, however, it may be turned off for server endpoints
269-if an alternative mechanism is used to authenticate clients. For
270-example, the VNC server can use SASL to authenticate clients
271-instead.
272-
273-To load server credentials with client certificate validation
274-enabled
275-
276-@example
277-@value{qemu_system} -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server
278-@end example
279-
280-while to load client credentials use
281-
282-@example
283-@value{qemu_system} -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=client
284-@end example
285-
286-Network services which support TLS will all have a @code{tls-creds}
287-parameter which expects the ID of the TLS credentials object. For
288-example with VNC:
289-
290-@example
291-@value{qemu_system} -vnc 0.0.0.0:0,tls-creds=tls0
292-@end example
293-
294-@node tls_psk
295-@subsection TLS Pre-Shared Keys (PSK)
296-
297-Instead of using certificates, you may also use TLS Pre-Shared Keys
298-(TLS-PSK). This can be simpler to set up than certificates but is
299-less scalable.
300-
301-Use the GnuTLS @code{psktool} program to generate a @code{keys.psk}
302-file containing one or more usernames and random keys:
303-
304-@example
305-mkdir -m 0700 /tmp/keys
306-psktool -u rich -p /tmp/keys/keys.psk
307-@end example
308-
309-TLS-enabled servers such as qemu-nbd can use this directory like so:
310-
311-@example
312-qemu-nbd \
313- -t -x / \
314- --object tls-creds-psk,id=tls0,endpoint=server,dir=/tmp/keys \
315- --tls-creds tls0 \
316- image.qcow2
317-@end example
318-
319-When connecting from a qemu-based client you must specify the
320-directory containing @code{keys.psk} and an optional @var{username}
321-(defaults to ``qemu''):
322-
323-@example
324-qemu-img info \
325- --object tls-creds-psk,id=tls0,dir=/tmp/keys,username=rich,endpoint=client \
326- --image-opts \
327- file.driver=nbd,file.host=localhost,file.port=10809,file.tls-creds=tls0,file.export=/
328-@end example
329-
--- a/docs/system/usb.texi
+++ /dev/null
@@ -1,115 +0,0 @@
1-@node pcsys_usb
2-@section USB emulation
3-
4-QEMU can emulate a PCI UHCI, OHCI, EHCI or XHCI USB controller. You can
5-plug virtual USB devices or real host USB devices (only works with certain
6-host operating systems). QEMU will automatically create and connect virtual
7-USB hubs as necessary to connect multiple USB devices.
8-
9-@menu
10-* usb_devices::
11-* host_usb_devices::
12-@end menu
13-@node usb_devices
14-@subsection Connecting USB devices
15-
16-USB devices can be connected with the @option{-device usb-...} command line
17-option or the @code{device_add} monitor command. Available devices are:
18-
19-@table @code
20-@item usb-mouse
21-Virtual Mouse. This will override the PS/2 mouse emulation when activated.
22-@item usb-tablet
23-Pointer device that uses absolute coordinates (like a touchscreen).
24-This means QEMU is able to report the mouse position without having
25-to grab the mouse. Also overrides the PS/2 mouse emulation when activated.
26-@item usb-storage,drive=@var{drive_id}
27-Mass storage device backed by @var{drive_id} (@pxref{disk_images})
28-@item usb-uas
29-USB attached SCSI device, see
30-@url{https://git.qemu.org/?p=qemu.git;a=blob_plain;f=docs/usb-storage.txt,usb-storage.txt}
31-for details
32-@item usb-bot
33-Bulk-only transport storage device, see
34-@url{https://git.qemu.org/?p=qemu.git;a=blob_plain;f=docs/usb-storage.txt,usb-storage.txt}
35-for details here, too
36-@item usb-mtp,rootdir=@var{dir}
37-Media transfer protocol device, using @var{dir} as root of the file tree
38-that is presented to the guest.
39-@item usb-host,hostbus=@var{bus},hostaddr=@var{addr}
40-Pass through the host device identified by @var{bus} and @var{addr}
41-@item usb-host,vendorid=@var{vendor},productid=@var{product}
42-Pass through the host device identified by @var{vendor} and @var{product} ID
43-@item usb-wacom-tablet
44-Virtual Wacom PenPartner tablet. This device is similar to the @code{tablet}
45-above but it can be used with the tslib library because in addition to touch
46-coordinates it reports touch pressure.
47-@item usb-kbd
48-Standard USB keyboard. Will override the PS/2 keyboard (if present).
49-@item usb-serial,chardev=@var{id}
50-Serial converter. This emulates an FTDI FT232BM chip connected to host character
51-device @var{id}.
52-@item usb-braille,chardev=@var{id}
53-Braille device. This will use BrlAPI to display the braille output on a real
54-or fake device referenced by @var{id}.
55-@item usb-net[,netdev=@var{id}]
56-Network adapter that supports CDC ethernet and RNDIS protocols. @var{id}
57-specifies a netdev defined with @code{-netdev @dots{},id=@var{id}}.
58-For instance, user-mode networking can be used with
59-@example
60-@value{qemu_system} [...] -netdev user,id=net0 -device usb-net,netdev=net0
61-@end example
62-@item usb-ccid
63-Smartcard reader device
64-@item usb-audio
65-USB audio device
66-@end table
67-
68-@node host_usb_devices
69-@subsection Using host USB devices on a Linux host
70-
71-WARNING: this is an experimental feature. QEMU will slow down when
72-using it. USB devices requiring real time streaming (i.e. USB Video
73-Cameras) are not supported yet.
74-
75-@enumerate
76-@item If you use an early Linux 2.4 kernel, verify that no Linux driver
77-is actually using the USB device. A simple way to do that is simply to
78-disable the corresponding kernel module by renaming it from @file{mydriver.o}
79-to @file{mydriver.o.disabled}.
80-
81-@item Verify that @file{/proc/bus/usb} is working (most Linux distributions should enable it by default). You should see something like that:
82-@example
83-ls /proc/bus/usb
84-001 devices drivers
85-@end example
86-
87-@item Since only root can access to the USB devices directly, you can either launch QEMU as root or change the permissions of the USB devices you want to use. For testing, the following suffices:
88-@example
89-chown -R myuid /proc/bus/usb
90-@end example
91-
92-@item Launch QEMU and do in the monitor:
93-@example
94-info usbhost
95- Device 1.2, speed 480 Mb/s
96- Class 00: USB device 1234:5678, USB DISK
97-@end example
98-You should see the list of the devices you can use (Never try to use
99-hubs, it won't work).
100-
101-@item Add the device in QEMU by using:
102-@example
103-device_add usb-host,vendorid=0x1234,productid=0x5678
104-@end example
105-
106-Normally the guest OS should report that a new USB device is plugged.
107-You can use the option @option{-device usb-host,...} to do the same.
108-
109-@item Now you can try to use the host USB device in QEMU.
110-
111-@end enumerate
112-
113-When relaunching QEMU, you may have to unplug and plug again the USB
114-device to make it work again (this is a bug).
115-
--- a/docs/system/vnc-security.texi
+++ /dev/null
@@ -1,196 +0,0 @@
1-@node vnc_security
2-@section VNC security
3-
4-The VNC server capability provides access to the graphical console
5-of the guest VM across the network. This has a number of security
6-considerations depending on the deployment scenarios.
7-
8-@menu
9-* vnc_sec_none::
10-* vnc_sec_password::
11-* vnc_sec_certificate::
12-* vnc_sec_certificate_verify::
13-* vnc_sec_certificate_pw::
14-* vnc_sec_sasl::
15-* vnc_sec_certificate_sasl::
16-* vnc_setup_sasl::
17-@end menu
18-@node vnc_sec_none
19-@subsection Without passwords
20-
21-The simplest VNC server setup does not include any form of authentication.
22-For this setup it is recommended to restrict it to listen on a UNIX domain
23-socket only. For example
24-
25-@example
26-@value{qemu_system} [...OPTIONS...] -vnc unix:/home/joebloggs/.qemu-myvm-vnc
27-@end example
28-
29-This ensures that only users on local box with read/write access to that
30-path can access the VNC server. To securely access the VNC server from a
31-remote machine, a combination of netcat+ssh can be used to provide a secure
32-tunnel.
33-
34-@node vnc_sec_password
35-@subsection With passwords
36-
37-The VNC protocol has limited support for password based authentication. Since
38-the protocol limits passwords to 8 characters it should not be considered
39-to provide high security. The password can be fairly easily brute-forced by
40-a client making repeat connections. For this reason, a VNC server using password
41-authentication should be restricted to only listen on the loopback interface
42-or UNIX domain sockets. Password authentication is not supported when operating
43-in FIPS 140-2 compliance mode as it requires the use of the DES cipher. Password
44-authentication is requested with the @code{password} option, and then once QEMU
45-is running the password is set with the monitor. Until the monitor is used to
46-set the password all clients will be rejected.
47-
48-@example
49-@value{qemu_system} [...OPTIONS...] -vnc :1,password -monitor stdio
50-(qemu) change vnc password
51-Password: ********
52-(qemu)
53-@end example
54-
55-@node vnc_sec_certificate
56-@subsection With x509 certificates
57-
58-The QEMU VNC server also implements the VeNCrypt extension allowing use of
59-TLS for encryption of the session, and x509 certificates for authentication.
60-The use of x509 certificates is strongly recommended, because TLS on its
61-own is susceptible to man-in-the-middle attacks. Basic x509 certificate
62-support provides a secure session, but no authentication. This allows any
63-client to connect, and provides an encrypted session.
64-
65-@example
66-@value{qemu_system} [...OPTIONS...] \
67- -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=no \
68- -vnc :1,tls-creds=tls0 -monitor stdio
69-@end example
70-
71-In the above example @code{/etc/pki/qemu} should contain at least three files,
72-@code{ca-cert.pem}, @code{server-cert.pem} and @code{server-key.pem}. Unprivileged
73-users will want to use a private directory, for example @code{$HOME/.pki/qemu}.
74-NB the @code{server-key.pem} file should be protected with file mode 0600 to
75-only be readable by the user owning it.
76-
77-@node vnc_sec_certificate_verify
78-@subsection With x509 certificates and client verification
79-
80-Certificates can also provide a means to authenticate the client connecting.
81-The server will request that the client provide a certificate, which it will
82-then validate against the CA certificate. This is a good choice if deploying
83-in an environment with a private internal certificate authority. It uses the
84-same syntax as previously, but with @code{verify-peer} set to @code{yes}
85-instead.
86-
87-@example
88-@value{qemu_system} [...OPTIONS...] \
89- -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \
90- -vnc :1,tls-creds=tls0 -monitor stdio
91-@end example
92-
93-
94-@node vnc_sec_certificate_pw
95-@subsection With x509 certificates, client verification and passwords
96-
97-Finally, the previous method can be combined with VNC password authentication
98-to provide two layers of authentication for clients.
99-
100-@example
101-@value{qemu_system} [...OPTIONS...] \
102- -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \
103- -vnc :1,tls-creds=tls0,password -monitor stdio
104-(qemu) change vnc password
105-Password: ********
106-(qemu)
107-@end example
108-
109-
110-@node vnc_sec_sasl
111-@subsection With SASL authentication
112-
113-The SASL authentication method is a VNC extension, that provides an
114-easily extendable, pluggable authentication method. This allows for
115-integration with a wide range of authentication mechanisms, such as
116-PAM, GSSAPI/Kerberos, LDAP, SQL databases, one-time keys and more.
117-The strength of the authentication depends on the exact mechanism
118-configured. If the chosen mechanism also provides a SSF layer, then
119-it will encrypt the datastream as well.
120-
121-Refer to the later docs on how to choose the exact SASL mechanism
122-used for authentication, but assuming use of one supporting SSF,
123-then QEMU can be launched with:
124-
125-@example
126-@value{qemu_system} [...OPTIONS...] -vnc :1,sasl -monitor stdio
127-@end example
128-
129-@node vnc_sec_certificate_sasl
130-@subsection With x509 certificates and SASL authentication
131-
132-If the desired SASL authentication mechanism does not supported
133-SSF layers, then it is strongly advised to run it in combination
134-with TLS and x509 certificates. This provides securely encrypted
135-data stream, avoiding risk of compromising of the security
136-credentials. This can be enabled, by combining the 'sasl' option
137-with the aforementioned TLS + x509 options:
138-
139-@example
140-@value{qemu_system} [...OPTIONS...] \
141- -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \
142- -vnc :1,tls-creds=tls0,sasl -monitor stdio
143-@end example
144-
145-@node vnc_setup_sasl
146-
147-@subsection Configuring SASL mechanisms
148-
149-The following documentation assumes use of the Cyrus SASL implementation on a
150-Linux host, but the principles should apply to any other SASL implementation
151-or host. When SASL is enabled, the mechanism configuration will be loaded from
152-system default SASL service config /etc/sasl2/qemu.conf. If running QEMU as an
153-unprivileged user, an environment variable SASL_CONF_PATH can be used to make
154-it search alternate locations for the service config file.
155-
156-If the TLS option is enabled for VNC, then it will provide session encryption,
157-otherwise the SASL mechanism will have to provide encryption. In the latter
158-case the list of possible plugins that can be used is drastically reduced. In
159-fact only the GSSAPI SASL mechanism provides an acceptable level of security
160-by modern standards. Previous versions of QEMU referred to the DIGEST-MD5
161-mechanism, however, it has multiple serious flaws described in detail in
162-RFC 6331 and thus should never be used any more. The SCRAM-SHA-1 mechanism
163-provides a simple username/password auth facility similar to DIGEST-MD5, but
164-does not support session encryption, so can only be used in combination with
165-TLS.
166-
167-When not using TLS the recommended configuration is
168-
169-@example
170-mech_list: gssapi
171-keytab: /etc/qemu/krb5.tab
172-@end example
173-
174-This says to use the 'GSSAPI' mechanism with the Kerberos v5 protocol, with
175-the server principal stored in /etc/qemu/krb5.tab. For this to work the
176-administrator of your KDC must generate a Kerberos principal for the server,
177-with a name of 'qemu/somehost.example.com@@EXAMPLE.COM' replacing
178-'somehost.example.com' with the fully qualified host name of the machine
179-running QEMU, and 'EXAMPLE.COM' with the Kerberos Realm.
180-
181-When using TLS, if username+password authentication is desired, then a
182-reasonable configuration is
183-
184-@example
185-mech_list: scram-sha-1
186-sasldb_path: /etc/qemu/passwd.db
187-@end example
188-
189-The @code{saslpasswd2} program can be used to populate the @code{passwd.db}
190-file with accounts.
191-
192-Other SASL configurations will be left as an exercise for the reader. Note that
193-all mechanisms, except GSSAPI, should be combined with use of TLS to ensure a
194-secure data channel.
195-
196-
--- a/qemu-doc.texi
+++ /dev/null
@@ -1,201 +0,0 @@
1-\input texinfo @c -*- texinfo -*-
2-@c %**start of header
3-@setfilename qemu-doc.info
4-@include version.texi
5-
6-@documentlanguage en
7-@documentencoding UTF-8
8-
9-@settitle QEMU version @value{VERSION} User Documentation
10-@exampleindent 0
11-@paragraphindent 0
12-@c %**end of header
13-
14-@set qemu_system qemu-system-x86_64
15-@set qemu_system_x86 qemu-system-x86_64
16-
17-@ifinfo
18-@direntry
19-* QEMU: (qemu-doc). The QEMU Emulator User Documentation.
20-@end direntry
21-@end ifinfo
22-
23-@iftex
24-@titlepage
25-@sp 7
26-@center @titlefont{QEMU version @value{VERSION}}
27-@sp 1
28-@center @titlefont{User Documentation}
29-@sp 3
30-@end titlepage
31-@end iftex
32-
33-@ifnottex
34-@node Top
35-@top
36-
37-@menu
38-* Introduction::
39-* QEMU System emulator::
40-* QEMU System emulator targets::
41-* Security::
42-* Deprecated features::
43-* Recently removed features::
44-* Supported build platforms::
45-* License::
46-* Index::
47-@end menu
48-@end ifnottex
49-
50-@contents
51-
52-@node Introduction
53-@chapter Introduction
54-
55-@menu
56-* intro_features:: Features
57-@end menu
58-
59-@node intro_features
60-@section Features
61-
62-QEMU is a FAST! processor emulator using dynamic translation to
63-achieve good emulation speed.
64-
65-QEMU has two operating modes:
66-
67-@itemize
68-@item Full system emulation. In this mode, QEMU emulates a full system (for
69-example a PC), including one or several processors and various
70-peripherals. It can be used to launch different Operating Systems
71-without rebooting the PC or to debug system code.
72-
73-@item User mode emulation. In this mode, QEMU can launch
74-processes compiled for one CPU on another CPU. It can be used to
75-launch the Wine Windows API emulator (@url{https://www.winehq.org}) or
76-to ease cross-compilation and cross-debugging.
77-
78-@end itemize
79-
80-QEMU has the following features:
81-
82-@itemize
83-@item QEMU can run without a host kernel driver and yet gives acceptable
84-performance. It uses dynamic translation to native code for reasonable speed,
85-with support for self-modifying code and precise exceptions.
86-
87-@item It is portable to several operating systems (GNU/Linux, *BSD, Mac OS X,
88-Windows) and architectures.
89-
90-@item It performs accurate software emulation of the FPU.
91-@end itemize
92-
93-QEMU user mode emulation has the following features:
94-@itemize
95-@item Generic Linux system call converter, including most ioctls.
96-
97-@item clone() emulation using native CPU clone() to use Linux scheduler for threads.
98-
99-@item Accurate signal handling by remapping host signals to target signals.
100-@end itemize
101-
102-QEMU full system emulation has the following features:
103-@itemize
104-@item
105-QEMU uses a full software MMU for maximum portability.
106-
107-@item
108-QEMU can optionally use an in-kernel accelerator, like kvm. The accelerators
109-execute most of the guest code natively, while
110-continuing to emulate the rest of the machine.
111-
112-@item
113-Various hardware devices can be emulated and in some cases, host
114-devices (e.g. serial and parallel ports, USB, drives) can be used
115-transparently by the guest Operating System. Host device passthrough
116-can be used for talking to external physical peripherals (e.g. a
117-webcam, modem or tape drive).
118-
119-@item
120-Symmetric multiprocessing (SMP) support. Currently, an in-kernel
121-accelerator is required to use more than one host CPU for emulation.
122-
123-@end itemize
124-
125-@node QEMU System emulator
126-@chapter QEMU System emulator
127-
128-@menu
129-* pcsys_quickstart:: Quick start
130-* sec_invocation:: Invocation
131-* pcsys_keys:: Keys in the graphical frontends
132-* mux_keys:: Keys in the character backend multiplexer
133-* pcsys_monitor:: QEMU Monitor
134-* disk_images:: Disk Images
135-* pcsys_network:: Network emulation
136-* pcsys_usb:: USB emulation
137-* pcsys_ivshmem:: Inter-VM Shared Memory device
138-* direct_linux_boot:: Direct Linux Boot
139-* vnc_security:: VNC security
140-* network_tls:: TLS setup for network services
141-* gdb_usage:: GDB usage
142-* managed_startup:: Managed startup options
143-@end menu
144-
145-@include docs/system/quickstart.texi
146-@include docs/system/invocation.texi
147-@include docs/system/keys.texi
148-@include docs/system/mux-chardev.texi
149-@include docs/system/monitor.texi
150-@include docs/system/images.texi
151-@include docs/system/net.texi
152-@include docs/system/usb.texi
153-@include docs/system/ivshmem.texi
154-@include docs/system/linuxboot.texi
155-@include docs/system/vnc-security.texi
156-@include docs/system/tls.texi
157-@include docs/system/gdb.texi
158-@include docs/system/managed-startup.texi
159-
160-@node QEMU System emulator targets
161-@chapter QEMU System emulator targets
162-
163-QEMU is a generic emulator and it emulates many machines. Most of the
164-options are similar for all machines. Specific information about the
165-various targets are mentioned in the following sections.
166-
167-@menu
168-* x86 (PC) System emulator::
169-* PowerPC System emulator::
170-* Sparc32 System emulator::
171-* Sparc64 System emulator::
172-* MIPS System emulator::
173-* ARM System emulator::
174-* ColdFire System emulator::
175-* Xtensa System emulator::
176-@end menu
177-
178-@include docs/system/target-i386.texi
179-@include docs/system/target-ppc.texi
180-@include docs/system/target-sparc.texi
181-@include docs/system/target-sparc64.texi
182-@include docs/system/target-mips.texi
183-@include docs/system/target-arm.texi
184-@include docs/system/target-m68k.texi
185-@include docs/system/target-xtensa.texi
186-
187-@include docs/system/security.texi
188-
189-@include docs/system/deprecated.texi
190-
191-@include docs/system/build-platforms.texi
192-
193-@include docs/system/license.texi
194-
195-
196-@node Index
197-@appendix Index
198-
199-@printindex fn
200-
201-@bye