qemu-doc.texi 50.6 KB
Newer Older
bellard's avatar
bellard committed
1
\input texinfo @c -*- texinfo -*-
bellard's avatar
bellard committed
2
3
4
5
6
7
@c %**start of header
@setfilename qemu-doc.info
@settitle QEMU CPU Emulator User Documentation
@exampleindent 0
@paragraphindent 0
@c %**end of header
bellard's avatar
bellard committed
8

bellard's avatar
updated    
bellard committed
9
@iftex
bellard's avatar
bellard committed
10
11
@titlepage
@sp 7
bellard's avatar
bellard committed
12
13
14
@center @titlefont{QEMU CPU Emulator}
@sp 1
@center @titlefont{User Documentation}
bellard's avatar
bellard committed
15
16
@sp 3
@end titlepage
bellard's avatar
updated    
bellard committed
17
@end iftex
bellard's avatar
bellard committed
18

bellard's avatar
bellard committed
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
@ifnottex
@node Top
@top

@menu
* Introduction::
* Installation::
* QEMU PC System emulator::
* QEMU System emulator for non PC targets::
* QEMU Linux User space emulator::
* compilation:: Compilation from the sources
* Index::
@end menu
@end ifnottex

@contents

@node Introduction
bellard's avatar
bellard committed
37
38
@chapter Introduction

bellard's avatar
bellard committed
39
40
41
42
43
@menu
* intro_features:: Features
@end menu

@node intro_features
bellard's avatar
update    
bellard committed
44
@section Features
bellard's avatar
bellard committed
45

bellard's avatar
bellard committed
46
47
QEMU is a FAST! processor emulator using dynamic translation to
achieve good emulation speed.
bellard's avatar
update    
bellard committed
48
49

QEMU has two operating modes:
bellard's avatar
updated    
bellard committed
50
51
52
53

@itemize @minus

@item 
bellard's avatar
bellard committed
54
Full system emulation. In this mode, QEMU emulates a full system (for
bellard's avatar
bellard committed
55
56
57
example a PC), including one or several processors and various
peripherals. It can be used to launch different Operating Systems
without rebooting the PC or to debug system code.
bellard's avatar
update    
bellard committed
58

bellard's avatar
updated    
bellard committed
59
@item 
bellard's avatar
bellard committed
60
61
62
63
User mode emulation (Linux host only). In this mode, QEMU can launch
Linux processes compiled for one CPU on another CPU. It can be used to
launch the Wine Windows API emulator (@url{http://www.winehq.org}) or
to ease cross-compilation and cross-debugging.
bellard's avatar
update    
bellard committed
64
65
66

@end itemize

bellard's avatar
update    
bellard committed
67
QEMU can run without an host kernel driver and yet gives acceptable
68
performance. 
bellard's avatar
update    
bellard committed
69

bellard's avatar
update    
bellard committed
70
71
For system emulation, the following hardware targets are supported:
@itemize
bellard's avatar
update    
bellard committed
72
@item PC (x86 or x86_64 processor)
bellard's avatar
bellard committed
73
@item ISA PC (old style PC without PCI bus)
bellard's avatar
update    
bellard committed
74
@item PREP (PowerPC processor)
bellard's avatar
update    
bellard committed
75
76
@item G3 BW PowerMac (PowerPC processor)
@item Mac99 PowerMac (PowerPC processor, in progress)
bellard's avatar
bellard committed
77
78
@item Sun4m (32-bit Sparc processor)
@item Sun4u (64-bit Sparc processor, in progress)
bellard's avatar
bellard committed
79
@item Malta board (32-bit MIPS processor)
pbrook's avatar
pbrook committed
80
@item ARM Integrator/CP (ARM926E or 1026E processor)
pbrook's avatar
pbrook committed
81
@item ARM Versatile baseboard (ARM926E)
bellard's avatar
update    
bellard committed
82
@end itemize
bellard's avatar
bellard committed
83

bellard's avatar
bellard committed
84
For user emulation, x86, PowerPC, ARM, MIPS, and Sparc32/64 CPUs are supported.
bellard's avatar
updated    
bellard committed
85

bellard's avatar
bellard committed
86
@node Installation
bellard's avatar
update    
bellard committed
87
88
@chapter Installation

bellard's avatar
bellard committed
89
90
If you want to compile QEMU yourself, see @ref{compilation}.

bellard's avatar
bellard committed
91
92
93
94
95
96
97
@menu
* install_linux::   Linux
* install_windows:: Windows
* install_mac::     Macintosh
@end menu

@node install_linux
bellard's avatar
bellard committed
98
99
@section Linux

bellard's avatar
update    
bellard committed
100
101
If a precompiled package is available for your distribution - you just
have to install it. Otherwise, see @ref{compilation}.
bellard's avatar
update    
bellard committed
102

bellard's avatar
bellard committed
103
@node install_windows
bellard's avatar
bellard committed
104
@section Windows
bellard's avatar
update    
bellard committed
105

bellard's avatar
bellard committed
106
Download the experimental binary installer at
bellard's avatar
bellard committed
107
@url{http://www.free.oszoo.org/@/download.html}.
108

bellard's avatar
bellard committed
109
@node install_mac
bellard's avatar
bellard committed
110
@section Mac OS X
111

bellard's avatar
bellard committed
112
Download the experimental binary installer at
bellard's avatar
bellard committed
113
@url{http://www.free.oszoo.org/@/download.html}.
bellard's avatar
update    
bellard committed
114

bellard's avatar
bellard committed
115
@node QEMU PC System emulator
bellard's avatar
bellard committed
116
@chapter QEMU PC System emulator
bellard's avatar
update    
bellard committed
117

bellard's avatar
bellard committed
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
@menu
* pcsys_introduction:: Introduction
* pcsys_quickstart::   Quick Start
* sec_invocation::     Invocation
* pcsys_keys::         Keys
* pcsys_monitor::      QEMU Monitor
* disk_images::        Disk Images
* pcsys_network::      Network emulation
* direct_linux_boot::  Direct Linux Boot
* pcsys_usb::          USB emulation
* gdb_usage::          GDB usage
* pcsys_os_specific::  Target OS specific information
@end menu

@node pcsys_introduction
bellard's avatar
updated    
bellard committed
133
134
135
136
@section Introduction

@c man begin DESCRIPTION

bellard's avatar
bellard committed
137
138
The QEMU PC System emulator simulates the
following peripherals:
bellard's avatar
updated    
bellard committed
139
140

@itemize @minus
bellard's avatar
bellard committed
141
142
@item 
i440FX host PCI bridge and PIIX3 PCI to ISA bridge
bellard's avatar
updated    
bellard committed
143
@item
bellard's avatar
bellard committed
144
145
Cirrus CLGD 5446 PCI VGA card or dummy VGA card with Bochs VESA
extensions (hardware level, including all non standard modes).
bellard's avatar
updated    
bellard committed
146
147
148
@item
PS/2 mouse and keyboard
@item 
bellard's avatar
bellard committed
149
2 PCI IDE interfaces with hard disk and CD-ROM support
bellard's avatar
bellard committed
150
151
@item
Floppy disk
bellard's avatar
updated    
bellard committed
152
@item 
bellard's avatar
bellard committed
153
NE2000 PCI network adapters
bellard's avatar
updated    
bellard committed
154
@item
bellard's avatar
update    
bellard committed
155
156
Serial ports
@item
bellard's avatar
bellard committed
157
158
159
160
161
Creative SoundBlaster 16 sound card
@item
ENSONIQ AudioPCI ES1370 sound card
@item
Adlib(OPL2) - Yamaha YM3812 compatible chip
bellard's avatar
bellard committed
162
163
@item
PCI UHCI USB controller and a virtual USB hub.
bellard's avatar
updated    
bellard committed
164
165
@end itemize

bellard's avatar
bellard committed
166
167
SMP is supported with up to 255 CPUs.

bellard's avatar
bellard committed
168
169
170
Note that adlib is only available when QEMU was configured with
-enable-adlib

bellard's avatar
bellard committed
171
172
173
QEMU uses the PC BIOS from the Bochs project and the Plex86/Bochs LGPL
VGA BIOS.

bellard's avatar
bellard committed
174
175
QEMU uses YM3812 emulation by Tatsuyuki Satoh.

bellard's avatar
updated    
bellard committed
176
177
@c man end

bellard's avatar
bellard committed
178
@node pcsys_quickstart
bellard's avatar
update    
bellard committed
179
180
@section Quick Start

bellard's avatar
update    
bellard committed
181
Download and uncompress the linux image (@file{linux.img}) and type:
bellard's avatar
updated    
bellard committed
182
183

@example
bellard's avatar
update    
bellard committed
184
qemu linux.img
bellard's avatar
updated    
bellard committed
185
186
187
188
@end example

Linux should boot and give you a prompt.

bellard's avatar
update    
bellard committed
189
@node sec_invocation
bellard's avatar
update    
bellard committed
190
191
192
@section Invocation

@example
bellard's avatar
updated    
bellard committed
193
194
195
@c man begin SYNOPSIS
usage: qemu [options] [disk_image]
@c man end
bellard's avatar
update    
bellard committed
196
197
@end example

bellard's avatar
updated    
bellard committed
198
@c man begin OPTIONS
bellard's avatar
update    
bellard committed
199
@var{disk_image} is a raw hard disk image for IDE hard disk 0.
bellard's avatar
update    
bellard committed
200
201
202

General options:
@table @option
203
204
205
@item -M machine
Select the emulated machine (@code{-M ?} for list)

bellard's avatar
update    
bellard committed
206
207
@item -fda file
@item -fdb file
bellard's avatar
bellard committed
208
Use @var{file} as floppy disk 0/1 image (@pxref{disk_images}). You can
bellard's avatar
update    
bellard committed
209
use the host floppy by using @file{/dev/fd0} as filename.
bellard's avatar
update    
bellard committed
210

bellard's avatar
update    
bellard committed
211
212
@item -hda file
@item -hdb file
bellard's avatar
update    
bellard committed
213
214
@item -hdc file
@item -hdd file
bellard's avatar
bellard committed
215
Use @var{file} as hard disk 0, 1, 2 or 3 image (@pxref{disk_images}).
bellard's avatar
bellard committed
216

bellard's avatar
update    
bellard committed
217
218
@item -cdrom file
Use @var{file} as CD-ROM image (you cannot use @option{-hdc} and and
bellard's avatar
update    
bellard committed
219
220
@option{-cdrom} at the same time). You can use the host CD-ROM by
using @file{/dev/cdrom} as filename.
bellard's avatar
update    
bellard committed
221

bellard's avatar
bellard committed
222
223
@item -boot [a|c|d]
Boot on floppy (a), hard disk (c) or CD-ROM (d). Hard disk boot is
bellard's avatar
update    
bellard committed
224
the default.
bellard's avatar
bellard committed
225

bellard's avatar
update    
bellard committed
226
@item -snapshot
bellard's avatar
bellard committed
227
228
Write to temporary files instead of disk image files. In this case,
the raw disk image you use is not written back. You can however force
bellard's avatar
bellard committed
229
the write back by pressing @key{C-a s} (@pxref{disk_images}). 
bellard's avatar
update    
bellard committed
230
231

@item -m megs
bellard's avatar
bellard committed
232
Set virtual RAM size to @var{megs} megabytes. Default is 128 MB.
bellard's avatar
update    
bellard committed
233

bellard's avatar
bellard committed
234
235
236
237
@item -smp n
Simulate an SMP system with @var{n} CPUs. On the PC target, up to 255
CPUs are supported.

bellard's avatar
updated    
bellard committed
238
239
240
241
242
243
244
245
@item -nographic

Normally, QEMU uses SDL to display the VGA output. With this option,
you can totally disable graphical output so that QEMU is a simple
command line application. The emulated serial port is redirected on
the console. Therefore, you can still use QEMU to debug a Linux kernel
with a serial console.

bellard's avatar
bellard committed
246
247
248
249
250
251
252
@item -vnc d

Normally, QEMU uses SDL to display the VGA output.  With this option,
you can have QEMU listen on VNC display d and redirect the VGA display
over the VNC session.  It is very useful to enable the usb tablet device
when using this option (option @option{-usbdevice tablet}).

253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
@item -k language

Use keyboard layout @var{language} (for example @code{fr} for
French). This option is only needed where it is not easy to get raw PC
keycodes (e.g. on Macs or with some X11 servers). You don't need to
use it on PC/Linux or PC/Windows hosts.

The available layouts are:
@example
ar  de-ch  es  fo     fr-ca  hu  ja  mk     no  pt-br  sv
da  en-gb  et  fr     fr-ch  is  lt  nl     pl  ru     th
de  en-us  fi  fr-be  hr     it  lv  nl-be  pt  sl     tr
@end example

The default is @code{en-us}.

269
270
271
272
273
@item -audio-help

Will show the audio subsystem help: list of drivers, tunable
parameters.

274
@item -soundhw card1,card2,... or -soundhw all
275
276
277
278
279
280
281

Enable audio and selected sound hardware. Use ? to print all
available sound hardware.

@example
qemu -soundhw sb16,adlib hda
qemu -soundhw es1370 hda
282
qemu -soundhw all hda
283
284
qemu -soundhw ?
@end example
bellard's avatar
update    
bellard committed
285

bellard's avatar
bellard committed
286
287
288
289
290
@item -localtime
Set the real time clock to local time (the default is to UTC
time). This option is needed to have correct date in MS-DOS or
Windows.

bellard's avatar
bellard committed
291
292
293
@item -full-screen
Start in full screen.

bellard's avatar
bellard committed
294
295
296
297
@item -pidfile file
Store the QEMU process PID in @var{file}. It is useful if you launch QEMU
from a script.

bellard's avatar
update    
bellard committed
298
299
300
301
302
@item -win2k-hack
Use it when installing Windows 2000 to avoid a disk full bug. After
Windows 2000 is installed, you no longer need this option (this option
slows down the IDE transfers).

bellard's avatar
updated    
bellard committed
303
304
@end table

bellard's avatar
bellard committed
305
306
307
308
309
310
311
USB options:
@table @option

@item -usb
Enable the USB driver (will be the default soon)

@item -usbdevice devname
pbrook's avatar
pbrook committed
312
Add the USB device @var{devname}. @xref{usb_devices}.
bellard's avatar
bellard committed
313
314
@end table

bellard's avatar
bellard committed
315
316
317
318
Network options:

@table @option

319
@item -net nic[,vlan=n][,macaddr=addr][,model=type]
bellard's avatar
update    
bellard committed
320
321
322
323
Create a new Network Interface Card and connect it to VLAN @var{n} (@var{n}
= 0 is the default). The NIC is currently an NE2000 on the PC
target. Optionally, the MAC address can be changed. If no
@option{-net} option is specified, a single NIC is created.
324
325
326
327
Qemu can emulate several different models of network card.  Valid values for
@var{type} are @code{ne2k_pci}, @code{ne2k_isa}, @code{rtl8139},
@code{smc91c111} and @code{lance}.  Not all devices are supported on all
targets.
bellard's avatar
update    
bellard committed
328

pbrook's avatar
pbrook committed
329
@item -net user[,vlan=n][,hostname=name]
bellard's avatar
update    
bellard committed
330
Use the user mode network stack which requires no administrator
pbrook's avatar
pbrook committed
331
priviledge to run.  @option{hostname=name} can be used to specify the client
pbrook's avatar
pbrook committed
332
hostname reported by the builtin DHCP server.
bellard's avatar
update    
bellard committed
333
334
335
336
337
338
339

@item -net tap[,vlan=n][,fd=h][,ifname=name][,script=file]
Connect the host TAP network interface @var{name} to VLAN @var{n} and
use the network script @var{file} to configure it. The default
network script is @file{/etc/qemu-ifup}. If @var{name} is not
provided, the OS automatically provides one.  @option{fd=h} can be
used to specify the handle of an already opened host TAP interface. Example:
bellard's avatar
bellard committed
340

bellard's avatar
update    
bellard committed
341
342
343
344
345
346
347
348
349
@example
qemu linux.img -net nic -net tap
@end example

More complicated example (two NICs, each one connected to a TAP device)
@example
qemu linux.img -net nic,vlan=0 -net tap,vlan=0,ifname=tap0 \
               -net nic,vlan=1 -net tap,vlan=1,ifname=tap1
@end example
bellard's avatar
bellard committed
350
351


bellard's avatar
update    
bellard committed
352
@item -net socket[,vlan=n][,fd=h][,listen=[host]:port][,connect=host:port]
bellard's avatar
bellard committed
353

bellard's avatar
update    
bellard committed
354
355
356
357
Connect the VLAN @var{n} to a remote VLAN in another QEMU virtual
machine using a TCP socket connection. If @option{listen} is
specified, QEMU waits for incoming connections on @var{port}
(@var{host} is optional). @option{connect} is used to connect to
358
359
another QEMU instance using the @option{listen} option. @option{fd=h}
specifies an already opened TCP socket.
bellard's avatar
bellard committed
360

bellard's avatar
update    
bellard committed
361
362
363
Example:
@example
# launch a first QEMU instance
bellard's avatar
bellard committed
364
365
366
367
368
369
qemu linux.img -net nic,macaddr=52:54:00:12:34:56 \
               -net socket,listen=:1234
# connect the VLAN 0 of this instance to the VLAN 0
# of the first instance
qemu linux.img -net nic,macaddr=52:54:00:12:34:57 \
               -net socket,connect=127.0.0.1:1234
bellard's avatar
update    
bellard committed
370
@end example
bellard's avatar
update    
bellard committed
371

372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
@item -net socket[,vlan=n][,fd=h][,mcast=maddr:port]

Create a VLAN @var{n} shared with another QEMU virtual
machines using a UDP multicast socket, effectively making a bus for 
every QEMU with same multicast address @var{maddr} and @var{port}.
NOTES:
@enumerate
@item 
Several QEMU can be running on different hosts and share same bus (assuming 
correct multicast setup for these hosts).
@item
mcast support is compatible with User Mode Linux (argument @option{eth@var{N}=mcast}), see
@url{http://user-mode-linux.sf.net}.
@item Use @option{fd=h} to specify an already opened UDP multicast socket.
@end enumerate

Example:
@example
# launch one QEMU instance
bellard's avatar
bellard committed
391
392
qemu linux.img -net nic,macaddr=52:54:00:12:34:56 \
               -net socket,mcast=230.0.0.1:1234
393
# launch another QEMU instance on same "bus"
bellard's avatar
bellard committed
394
395
qemu linux.img -net nic,macaddr=52:54:00:12:34:57 \
               -net socket,mcast=230.0.0.1:1234
396
# launch yet another QEMU instance on same "bus"
bellard's avatar
bellard committed
397
398
qemu linux.img -net nic,macaddr=52:54:00:12:34:58 \
               -net socket,mcast=230.0.0.1:1234
399
400
401
402
@end example

Example (User Mode Linux compat.):
@example
bellard's avatar
bellard committed
403
404
405
406
# launch QEMU instance (note mcast address selected
# is UML's default)
qemu linux.img -net nic,macaddr=52:54:00:12:34:56 \
               -net socket,mcast=239.192.168.1:1102
407
408
409
410
# launch UML
/path/to/linux ubd0=/path/to/root_fs eth0=mcast
@end example

bellard's avatar
update    
bellard committed
411
412
@item -net none
Indicate that no network devices should be configured. It is used to
bellard's avatar
bellard committed
413
414
override the default configuration (@option{-net nic -net user}) which
is activated if no @option{-net} options are provided.
bellard's avatar
update    
bellard committed
415

bellard's avatar
bellard committed
416
417
418
419
420
421
422
423
@item -tftp prefix
When using the user mode network stack, activate a built-in TFTP
server. All filenames beginning with @var{prefix} can be downloaded
from the host to the guest using a TFTP client. The TFTP client on the
guest must be configured in binary mode (use the command @code{bin} of
the Unix TFTP client). The host IP address on the guest is as usual
10.0.2.2.

bellard's avatar
update    
bellard committed
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
@item -smb dir
When using the user mode network stack, activate a built-in SMB
server so that Windows OSes can access to the host files in @file{dir}
transparently.

In the guest Windows OS, the line:
@example
10.0.2.4 smbserver
@end example
must be added in the file @file{C:\WINDOWS\LMHOSTS} (for windows 9x/Me)
or @file{C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS} (Windows NT/2000).

Then @file{dir} can be accessed in @file{\\smbserver\qemu}.

Note that a SAMBA server must be installed on the host OS in
@file{/usr/sbin/smbd}. QEMU was tested succesfully with smbd version
bellard's avatar
update    
bellard committed
440
2.2.7a from the Red Hat 9 and version 3.0.10-1.fc3 from Fedora Core 3.
bellard's avatar
update    
bellard committed
441

bellard's avatar
bellard committed
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
@item -redir [tcp|udp]:host-port:[guest-host]:guest-port

When using the user mode network stack, redirect incoming TCP or UDP
connections to the host port @var{host-port} to the guest
@var{guest-host} on guest port @var{guest-port}. If @var{guest-host}
is not specified, its value is 10.0.2.15 (default address given by the
built-in DHCP server).

For example, to redirect host X11 connection from screen 1 to guest
screen 0, use the following:

@example
# on the host
qemu -redir tcp:6001::6000 [...]
# this host xterm should open in the guest X11 server
xterm -display :1
@end example

To redirect telnet connections from host port 5555 to telnet port on
the guest, use the following:

@example
# on the host
qemu -redir tcp:5555::23 [...]
telnet localhost 5555
@end example

Then when you use on the host @code{telnet localhost 5555}, you
connect to the guest telnet server.

bellard's avatar
bellard committed
472
473
@end table

bellard's avatar
update    
bellard committed
474
Linux boot specific: When using these options, you can use a given
bellard's avatar
bellard committed
475
476
477
Linux kernel without installing it in the disk image. It can be useful
for easier testing of various kernels.

bellard's avatar
updated    
bellard committed
478
479
480
481
482
483
484
485
486
487
488
@table @option

@item -kernel bzImage 
Use @var{bzImage} as kernel image.

@item -append cmdline 
Use @var{cmdline} as kernel command line

@item -initrd file
Use @var{file} as initial ram disk.

bellard's avatar
update    
bellard committed
489
490
@end table

bellard's avatar
bellard committed
491
Debug/Expert options:
bellard's avatar
update    
bellard committed
492
@table @option
bellard's avatar
update    
bellard committed
493
494
495
496
497
498
499
500
501
502
503

@item -serial dev
Redirect the virtual serial port to host device @var{dev}. Available
devices are:
@table @code
@item vc
Virtual console
@item pty
[Linux only] Pseudo TTY (a new PTY is automatically allocated)
@item null
void device
bellard's avatar
bellard committed
504
@item /dev/XXX
bellard's avatar
bellard committed
505
[Linux only] Use host tty, e.g. @file{/dev/ttyS0}. The host serial port
bellard's avatar
bellard committed
506
parameters are set according to the emulated ones.
bellard's avatar
bellard committed
507
508
509
@item /dev/parportN
[Linux only, parallel port only] Use host parallel port
@var{N}. Currently only SPP parallel port features can be used.
bellard's avatar
bellard committed
510
511
@item file:filename
Write output to filename. No character can be read.
bellard's avatar
update    
bellard committed
512
513
@item stdio
[Unix only] standard input/output
bellard's avatar
bellard committed
514
515
@item pipe:filename
[Unix only] name pipe @var{filename}
bellard's avatar
update    
bellard committed
516
517
518
519
@end table
The default device is @code{vc} in graphical mode and @code{stdio} in
non graphical mode.

bellard's avatar
update    
bellard committed
520
521
522
This option can be used several times to simulate up to 4 serials
ports.

bellard's avatar
bellard committed
523
524
525
526
527
528
529
530
531
@item -parallel dev
Redirect the virtual parallel port to host device @var{dev} (same
devices as the serial port). On Linux hosts, @file{/dev/parportN} can
be used to use hardware devices connected on the corresponding host
parallel port.

This option can be used several times to simulate up to 3 parallel
ports.

bellard's avatar
update    
bellard committed
532
533
534
535
536
537
@item -monitor dev
Redirect the monitor to host device @var{dev} (same devices as the
serial port).
The default device is @code{vc} in graphical mode and @code{stdio} in
non graphical mode.

bellard's avatar
update    
bellard committed
538
@item -s
bellard's avatar
bellard committed
539
Wait gdb connection to port 1234 (@pxref{gdb_usage}). 
bellard's avatar
update    
bellard committed
540
541
@item -p port
Change gdb connection port.
bellard's avatar
update    
bellard committed
542
543
@item -S
Do not start CPU at startup (you must type 'c' in the monitor).
bellard's avatar
update    
bellard committed
544
@item -d             
bellard's avatar
update    
bellard committed
545
Output log in /tmp/qemu.log
bellard's avatar
bellard committed
546
547
548
549
550
551
@item -hdachs c,h,s,[,t]
Force hard disk 0 physical geometry (1 <= @var{c} <= 16383, 1 <=
@var{h} <= 16, 1 <= @var{s} <= 63) and optionally force the BIOS
translation mode (@var{t}=none, lba or auto). Usually QEMU can guess
all thoses parameters. This option is useful for old MS-DOS disk
images.
bellard's avatar
update    
bellard committed
552

bellard's avatar
bellard committed
553
554
555
@item -std-vga
Simulate a standard VGA card with Bochs VBE extensions (default is
Cirrus Logic GD5446 PCI VGA)
bellard's avatar
bellard committed
556
557
@item -loadvm file
Start right away with a saved state (@code{loadvm} in monitor)
bellard's avatar
update    
bellard committed
558
559
@end table

bellard's avatar
update    
bellard committed
560
561
@c man end

bellard's avatar
bellard committed
562
@node pcsys_keys
bellard's avatar
update    
bellard committed
563
564
565
566
@section Keys

@c man begin OPTIONS

bellard's avatar
update    
bellard committed
567
568
During the graphical emulation, you can use the following keys:
@table @key
bellard's avatar
update    
bellard committed
569
@item Ctrl-Alt-f
bellard's avatar
update    
bellard committed
570
Toggle full screen
bellard's avatar
update    
bellard committed
571

bellard's avatar
update    
bellard committed
572
@item Ctrl-Alt-n
bellard's avatar
update    
bellard committed
573
574
575
576
577
578
579
580
Switch to virtual console 'n'. Standard console mappings are:
@table @emph
@item 1
Target system display
@item 2
Monitor
@item 3
Serial port
bellard's avatar
update    
bellard committed
581
582
@end table

bellard's avatar
update    
bellard committed
583
@item Ctrl-Alt
bellard's avatar
update    
bellard committed
584
585
586
Toggle mouse and keyboard grab.
@end table

bellard's avatar
update    
bellard committed
587
588
589
In the virtual consoles, you can use @key{Ctrl-Up}, @key{Ctrl-Down},
@key{Ctrl-PageUp} and @key{Ctrl-PageDown} to move in the back log.

bellard's avatar
update    
bellard committed
590
591
During emulation, if you are using the @option{-nographic} option, use
@key{Ctrl-a h} to get terminal commands:
bellard's avatar
update    
bellard committed
592
593

@table @key
bellard's avatar
update    
bellard committed
594
@item Ctrl-a h
bellard's avatar
update    
bellard committed
595
Print this help
bellard's avatar
update    
bellard committed
596
@item Ctrl-a x    
bellard's avatar
update    
bellard committed
597
Exit emulatior
bellard's avatar
update    
bellard committed
598
@item Ctrl-a s    
bellard's avatar
bellard committed
599
Save disk data back to file (if -snapshot)
bellard's avatar
update    
bellard committed
600
@item Ctrl-a b
bellard's avatar
bellard committed
601
Send break (magic sysrq in Linux)
bellard's avatar
update    
bellard committed
602
@item Ctrl-a c
bellard's avatar
bellard committed
603
Switch between console and monitor
bellard's avatar
update    
bellard committed
604
605
@item Ctrl-a Ctrl-a
Send Ctrl-a
bellard's avatar
update    
bellard committed
606
@end table
bellard's avatar
updated    
bellard committed
607
608
609
610
@c man end

@ignore

bellard's avatar
bellard committed
611
612
613
614
615
616
617
618
619
620
621
@c man begin SEEALSO
The HTML documentation of QEMU for more precise information and Linux
user mode emulator invocation.
@c man end

@c man begin AUTHOR
Fabrice Bellard
@c man end

@end ignore

bellard's avatar
bellard committed
622
@node pcsys_monitor
bellard's avatar
bellard committed
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
@section QEMU Monitor

The QEMU monitor is used to give complex commands to the QEMU
emulator. You can use it to:

@itemize @minus

@item
Remove or insert removable medias images
(such as CD-ROM or floppies)

@item 
Freeze/unfreeze the Virtual Machine (VM) and save or restore its state
from a disk file.

@item Inspect the VM state without an external debugger.

@end itemize

@subsection Commands

The following commands are available:

@table @option

@item help or ? [cmd]
Show the help for all commands or just for command @var{cmd}.

@item commit  
Commit changes to the disk images (if -snapshot is used)

@item info subcommand 
show various information about the system state

@table @option
@item info network
bellard's avatar
update    
bellard committed
659
show the various VLANs and the associated devices
bellard's avatar
bellard committed
660
661
662
663
664
665
@item info block
show the block devices
@item info registers
show the cpu registers
@item info history
show the command line history
bellard's avatar
bellard committed
666
667
668
669
670
671
@item info pci
show emulated PCI device
@item info usb
show USB devices plugged on the virtual USB hub
@item info usbhost
show all USB host devices
bellard's avatar
bellard committed
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
@end table

@item q or quit
Quit the emulator.

@item eject [-f] device
Eject a removable media (use -f to force it).

@item change device filename
Change a removable media.

@item screendump filename
Save screen into PPM image @var{filename}.

@item log item1[,...]
Activate logging of the specified items to @file{/tmp/qemu.log}.

@item savevm filename
Save the whole virtual machine state to @var{filename}.

@item loadvm filename
Restore the whole virtual machine state from @var{filename}.

@item stop
Stop emulation.

@item c or cont
Resume emulation.

@item gdbserver [port]
Start gdbserver session (default port=1234)

@item x/fmt addr
Virtual memory dump starting at @var{addr}.

@item xp /fmt addr
Physical memory dump starting at @var{addr}.

@var{fmt} is a format which tells the command how to format the
data. Its syntax is: @option{/@{count@}@{format@}@{size@}}

@table @var
@item count 
is the number of items to be dumped.

@item format
can be x (hexa), d (signed decimal), u (unsigned decimal), o (octal),
c (char) or i (asm instruction).

@item size
bellard's avatar
update    
bellard committed
722
723
724
can be b (8 bits), h (16 bits), w (32 bits) or g (64 bits). On x86,
@code{h} or @code{w} can be specified with the @code{i} format to
respectively select 16 or 32 bit code instruction size.
bellard's avatar
bellard committed
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747

@end table

Examples: 
@itemize
@item
Dump 10 instructions at the current instruction pointer:
@example 
(qemu) x/10i $eip
0x90107063:  ret
0x90107064:  sti
0x90107065:  lea    0x0(%esi,1),%esi
0x90107069:  lea    0x0(%edi,1),%edi
0x90107070:  ret
0x90107071:  jmp    0x90107080
0x90107073:  nop
0x90107074:  nop
0x90107075:  nop
0x90107076:  nop
@end example

@item
Dump 80 16 bit values at the start of the video memory.
bellard's avatar
bellard committed
748
@smallexample 
bellard's avatar
bellard committed
749
750
751
752
753
754
755
756
757
758
759
(qemu) xp/80hx 0xb8000
0x000b8000: 0x0b50 0x0b6c 0x0b65 0x0b78 0x0b38 0x0b36 0x0b2f 0x0b42
0x000b8010: 0x0b6f 0x0b63 0x0b68 0x0b73 0x0b20 0x0b56 0x0b47 0x0b41
0x000b8020: 0x0b42 0x0b69 0x0b6f 0x0b73 0x0b20 0x0b63 0x0b75 0x0b72
0x000b8030: 0x0b72 0x0b65 0x0b6e 0x0b74 0x0b2d 0x0b63 0x0b76 0x0b73
0x000b8040: 0x0b20 0x0b30 0x0b35 0x0b20 0x0b4e 0x0b6f 0x0b76 0x0b20
0x000b8050: 0x0b32 0x0b30 0x0b30 0x0b33 0x0720 0x0720 0x0720 0x0720
0x000b8060: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
0x000b8070: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
0x000b8080: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
0x000b8090: 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720 0x0720
bellard's avatar
bellard committed
760
@end smallexample
bellard's avatar
bellard committed
761
762
763
764
765
766
@end itemize

@item p or print/fmt expr

Print expression value. Only the @var{format} part of @var{fmt} is
used.
bellard's avatar
updated    
bellard committed
767

bellard's avatar
bellard committed
768
769
770
771
772
773
774
775
776
777
778
@item sendkey keys

Send @var{keys} to the emulator. Use @code{-} to press several keys
simultaneously. Example:
@example
sendkey ctrl-alt-f1
@end example

This command is useful to send keys that your graphical user interface
intercepts at low level, such as @code{ctrl-alt-f1} in X Window.

bellard's avatar
bellard committed
779
780
781
782
@item system_reset

Reset the system.

bellard's avatar
bellard committed
783
784
@item usb_add devname

pbrook's avatar
pbrook committed
785
786
Add the USB device @var{devname}.  For details of available devices see
@ref{usb_devices}
bellard's avatar
bellard committed
787
788
789
790
791
792
793

@item usb_del devname

Remove the USB device @var{devname} from the QEMU virtual USB
hub. @var{devname} has the syntax @code{bus.addr}. Use the monitor
command @code{info usb} to see the devices you can remove.

bellard's avatar
bellard committed
794
@end table
bellard's avatar
updated    
bellard committed
795

bellard's avatar
bellard committed
796
797
798
799
800
@subsection Integer expressions

The monitor understands integers expressions for every integer
argument. You can use register names to get the value of specifics
CPU registers by prefixing them with @emph{$}.
bellard's avatar
update    
bellard committed
801

bellard's avatar
bellard committed
802
803
804
@node disk_images
@section Disk Images

805
806
807
Since version 0.6.1, QEMU supports many disk image formats, including
growable disk images (their size increase as non empty sectors are
written), compressed and encrypted disk images.
bellard's avatar
bellard committed
808

bellard's avatar
bellard committed
809
810
811
812
813
814
815
816
@menu
* disk_images_quickstart::    Quick start for disk image creation
* disk_images_snapshot_mode:: Snapshot mode
* qemu_img_invocation::       qemu-img Invocation
* disk_images_fat_images::    Virtual FAT disk images
@end menu

@node disk_images_quickstart
817
818
819
@subsection Quick start for disk image creation

You can create a disk image with the command:
bellard's avatar
bellard committed
820
@example
821
qemu-img create myimage.img mysize
bellard's avatar
bellard committed
822
@end example
823
824
825
826
where @var{myimage.img} is the disk image filename and @var{mysize} is its
size in kilobytes. You can add an @code{M} suffix to give the size in
megabytes and a @code{G} suffix for gigabytes.

bellard's avatar
bellard committed
827
See @ref{qemu_img_invocation} for more information.
bellard's avatar
bellard committed
828

bellard's avatar
bellard committed
829
@node disk_images_snapshot_mode
bellard's avatar
bellard committed
830
831
832
833
834
@subsection Snapshot mode

If you use the option @option{-snapshot}, all disk images are
considered as read only. When sectors in written, they are written in
a temporary file created in @file{/tmp}. You can however force the
835
836
write back to the raw disk images by using the @code{commit} monitor
command (or @key{C-a s} in the serial console).
bellard's avatar
bellard committed
837

838
839
@node qemu_img_invocation
@subsection @code{qemu-img} Invocation
bellard's avatar
bellard committed
840

841
@include qemu-img.texi
bellard's avatar
bellard committed
842

bellard's avatar
bellard committed
843
@node disk_images_fat_images
bellard's avatar
update    
bellard committed
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
@subsection Virtual FAT disk images

QEMU can automatically create a virtual FAT disk image from a
directory tree. In order to use it, just type:

@example 
qemu linux.img -hdb fat:/my_directory
@end example

Then you access access to all the files in the @file{/my_directory}
directory without having to copy them in a disk image or to export
them via SAMBA or NFS. The default access is @emph{read-only}.

Floppies can be emulated with the @code{:floppy:} option:

@example 
qemu linux.img -fda fat:floppy:/my_directory
@end example

A read/write support is available for testing (beta stage) with the
@code{:rw:} option:

@example 
qemu linux.img -fda fat:floppy:rw:/my_directory
@end example

What you should @emph{never} do:
@itemize
@item use non-ASCII filenames ;
@item use "-snapshot" together with ":rw:" ;
bellard's avatar
bellard committed
874
875
@item expect it to work when loadvm'ing ;
@item write to the FAT directory on the host system while accessing it with the guest system.
bellard's avatar
update    
bellard committed
876
877
@end itemize

bellard's avatar
bellard committed
878
@node pcsys_network
bellard's avatar
update    
bellard committed
879
880
@section Network emulation

bellard's avatar
update    
bellard committed
881
882
883
884
885
886
887
888
889
QEMU can simulate several networks cards (NE2000 boards on the PC
target) and can connect them to an arbitrary number of Virtual Local
Area Networks (VLANs). Host TAP devices can be connected to any QEMU
VLAN. VLAN can be connected between separate instances of QEMU to
simulate large networks. For simpler usage, a non priviledged user mode
network stack can replace the TAP device to have a basic network
connection.

@subsection VLANs
bellard's avatar
update    
bellard committed
890

bellard's avatar
update    
bellard committed
891
892
893
894
QEMU simulates several VLANs. A VLAN can be symbolised as a virtual
connection between several network devices. These devices can be for
example QEMU virtual Ethernet cards or virtual Host ethernet devices
(TAP devices).
bellard's avatar
update    
bellard committed
895

bellard's avatar
update    
bellard committed
896
897
898
899
900
@subsection Using TAP network interfaces

This is the standard way to connect QEMU to a real network. QEMU adds
a virtual network device on your host (called @code{tapN}), and you
can then configure it as if it was a real ethernet card.
bellard's avatar
update    
bellard committed
901
902
903
904
905

As an example, you can download the @file{linux-test-xxx.tar.gz}
archive and copy the script @file{qemu-ifup} in @file{/etc} and
configure properly @code{sudo} so that the command @code{ifconfig}
contained in @file{qemu-ifup} can be executed as root. You must verify
bellard's avatar
update    
bellard committed
906
that your host kernel supports the TAP network interfaces: the
bellard's avatar
update    
bellard committed
907
908
909
device @file{/dev/net/tun} must be present.

See @ref{direct_linux_boot} to have an example of network use with a
bellard's avatar
update    
bellard committed
910
911
Linux distribution and @ref{sec_invocation} to have examples of
command lines using the TAP network interfaces.
bellard's avatar
update    
bellard committed
912
913
914

@subsection Using the user mode network stack

bellard's avatar
update    
bellard committed
915
916
917
918
By using the option @option{-net user} (default configuration if no
@option{-net} option is specified), QEMU uses a completely user mode
network stack (you don't need root priviledge to use the virtual
network). The virtual network configuration is the following:
bellard's avatar
update    
bellard committed
919
920
921

@example

bellard's avatar
update    
bellard committed
922
923
         QEMU VLAN      <------>  Firewall/DHCP server <-----> Internet
                           |          (10.0.2.2)
bellard's avatar
update    
bellard committed
924
                           |
bellard's avatar
update    
bellard committed
925
926
927
                           ---->  DNS server (10.0.2.3)
                           |     
                           ---->  SMB server (10.0.2.4)
bellard's avatar
update    
bellard committed
928
929
930
931
@end example

The QEMU VM behaves as if it was behind a firewall which blocks all
incoming connections. You can use a DHCP client to automatically
bellard's avatar
update    
bellard committed
932
933
configure the network in the QEMU VM. The DHCP server assign addresses
to the hosts starting from 10.0.2.15.
bellard's avatar
update    
bellard committed
934
935
936
937
938

In order to check that the user mode network is working, you can ping
the address 10.0.2.2 and verify that you got an address in the range
10.0.2.x from the QEMU virtual DHCP server.

bellard's avatar
update    
bellard committed
939
940
941
942
Note that @code{ping} is not supported reliably to the internet as it
would require root priviledges. It means you can only ping the local
router (10.0.2.2).

bellard's avatar
bellard committed
943
944
945
946
947
948
When using the built-in TFTP server, the router is also the TFTP
server.

When using the @option{-redir} option, TCP or UDP connections can be
redirected from the host to the guest. It allows for example to
redirect X11, telnet or SSH connections.
bellard's avatar
bellard committed
949

bellard's avatar
update    
bellard committed
950
951
952
953
954
955
@subsection Connecting VLANs between QEMU instances

Using the @option{-net socket} option, it is possible to make VLANs
that span several QEMU instances. See @ref{sec_invocation} to have a
basic example.

bellard's avatar
update    
bellard committed
956
957
@node direct_linux_boot
@section Direct Linux Boot
bellard's avatar
bellard committed
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981

This section explains how to launch a Linux kernel inside QEMU without
having to make a full bootable image. It is very useful for fast Linux
kernel testing. The QEMU network configuration is also explained.

@enumerate
@item
Download the archive @file{linux-test-xxx.tar.gz} containing a Linux
kernel and a disk image. 

@item Optional: If you want network support (for example to launch X11 examples), you
must copy the script @file{qemu-ifup} in @file{/etc} and configure
properly @code{sudo} so that the command @code{ifconfig} contained in
@file{qemu-ifup} can be executed as root. You must verify that your host
kernel supports the TUN/TAP network interfaces: the device
@file{/dev/net/tun} must be present.

When network is enabled, there is a virtual network connection between
the host kernel and the emulated kernel. The emulated kernel is seen
from the host kernel at IP address 172.20.0.2 and the host kernel is
seen from the emulated kernel at IP address 172.20.0.1.

@item Launch @code{qemu.sh}. You should have the following output:

bellard's avatar
bellard committed
982
@smallexample
bellard's avatar
bellard committed
983
984
> ./qemu.sh 
Connected to host network interface: tun0
bellard's avatar
bellard committed
985
Linux version 2.4.21 (bellard@@voyager.localdomain) (gcc version 3.2.2 20030222 @/(Red Hat @/Linux 3.2.2-5)) #5 Tue Nov 11 18:18:53 CET 2003
bellard's avatar
bellard committed
986
987
988
989
990
991
992
993
BIOS-provided physical RAM map:
 BIOS-e801: 0000000000000000 - 000000000009f000 (usable)
 BIOS-e801: 0000000000100000 - 0000000002000000 (usable)
32MB LOWMEM available.
On node 0 totalpages: 8192
zone(0): 4096 pages.
zone(1): 4096 pages.
zone(2): 0 pages.
bellard's avatar
bellard committed
994
Kernel command line: root=/dev/hda sb=0x220,5,1,5 ide2=noprobe ide3=noprobe ide4=noprobe @/ide5=noprobe console=ttyS0
bellard's avatar
bellard committed
995
996
997
998
999
1000
ide_setup: ide2=noprobe
ide_setup: ide3=noprobe
ide_setup: ide4=noprobe
ide_setup: ide5=noprobe
Initializing CPU#0
Detected 2399.621 MHz processor.
For faster browsing, not all history is shown. View entire blame