head 1.3;
access;
symbols
pkgsrc-2017Q2:1.2.0.10
pkgsrc-2017Q2-base:1.2
pkgsrc-2017Q1:1.2.0.8
pkgsrc-2017Q1-base:1.2
pkgsrc-2016Q4:1.2.0.6
pkgsrc-2016Q4-base:1.2
pkgsrc-2016Q3:1.2.0.4
pkgsrc-2016Q3-base:1.2
pkgsrc-2016Q2:1.2.0.2
pkgsrc-2016Q2-base:1.2
pkgsrc-2016Q1:1.1.0.6
pkgsrc-2016Q1-base:1.1
pkgsrc-2015Q4:1.1.0.4
pkgsrc-2015Q4-base:1.1
pkgsrc-2015Q3:1.1.0.2;
locks; strict;
comment @# @;
1.3
date 2017.08.30.21.00.46; author kamil; state dead;
branches;
next 1.2;
commitid Loj6g6knWgkRmh5A;
1.2
date 2016.05.15.01.25.15; author ryoon; state Exp;
branches;
next 1.1;
commitid zFy0Jq67hO8r5w6z;
1.1
date 2015.12.21.12.10.22; author ryoon; state Exp;
branches
1.1.2.1
1.1.6.1;
next ;
commitid iIgk3Ub0QDkKlONy;
1.1.2.1
date 2015.12.21.12.10.22; author bsiegert; state dead;
branches;
next 1.1.2.2;
commitid cJtt2KoCyBXk2ZNy;
1.1.2.2
date 2015.12.22.20.21.43; author bsiegert; state Exp;
branches;
next ;
commitid cJtt2KoCyBXk2ZNy;
1.1.6.1
date 2016.05.19.12.56.38; author bsiegert; state Exp;
branches;
next ;
commitid 2jzGz3zomTRHM57z;
desc
@@
1.3
log
@qemu: Upgrade to 2.10.0
pkgsrc changes:
- remove stray conflict with qemu-bin - I cannot find references to it in
pkgsrc
- drop mentions of NetBSD version < 6.0 - it's already broken there
regardless of the directives and not supported
- remove stray BUILDLINK_PASSTHRU_DIRS and BUILDLINK_PASSTHRU_RPATHDIRS
this is redundant with the default pkgsrc framework defines
- not yet ported to 3.x as of 2.10.0, newer versions get initial patches
- remove ivshmem - it's not a user settable option, it requires as of now
Linux kernel API (eventfd) and it builds only for Linux now (no longer
for BSD and SunOS)
- add test target - all tests pass on NetBSD 8.99.2 (with disabled PaX
MPROTECT)
- sync PLIST
- drop patches that are no longer needed, proper fixes merged upstream
upstream changelog
==================
The full list of changes are available at:
http://wiki.qemu.org/ChangeLog/2.10
Highlights include:
* Support for ACPI NUMA distance info and control over CPU NUMA
assignments via '-numa cpu' parameters
* Support for LUKS encryption format in qcow2 images
* Monitor/Management interface improvments: additional debug
information available through 'info ramblock/cmma/register/qtree',
support for viewing connected clients via 'info vnc', improved
parsing support for QMP protocol, and other additional commands
* QXL and virtio-gpu support for controlling default display resolution
* Support for vhost-user-scsi devices
* NVMe emulation support for Write Zeroes command and Controller
Memory Buffers
* Guest agent support for querying guest hostname, users, timezone, and
OS version/release information
* ARM: KVM support for Raspberry Pi 3
* ARM: emulation support for MPS2/MPS2+ FPGA-based dev boards
* ARM: zynq: SPIPS flash support
* ARM: exynos4210: hardware PRNG device, SDHCI, and system poweroff
* Microblaze: support for CPU versions 9.4, 9.5, 9.6, and 10.0
* MIPS: support for Enhanced Virtual Addressing (EVA)
* MIPS: initrd support for kaslr-enabled kernels
* OpenRISC: support for shadow registers, idle states, and
numcores/coreid/EVAR/EPH registers
* PowerPC: Multi-threaded TCG emulation support
* PowerPC: OpenBIOS VGA driver for MacOS guests
* PowerPC: pseries: KVM and emulation support for POWER9 guests
* PowerPC: pseries: support for hash page table resizing
* s390: channel device passthrough support via vfio-ccw
* s390: support for channel-attached 3270 "green screen" devices for
use as guest consoles or additional TTYs
* s390: improved support for PCI (AEN, AIS, and zPCI)
* s390: support for z14 CPU models and netboot/TFTP via CCW BIOS,
* s390: TCG support for atomic "LOAD AND x" and "COMPARE SWAP"
operations, LOAD PROGRAM PARAMETER, extended facilities, CPU type,
and many more less-common instructions.
* SH: TCG support for host atomic instructions for emulating tas.b and
gUSA (user-space atomics), and support for fpchg/fsrra instructions
* SPARC: fixes for booting Solaris 2.6 on sun4m/OpenBIOS machines
* x86: Q35 MCH supports TSEG higher than 8MB
* x86: SSE register access via gdbstub
* Xen: support for multi-page shared rings, and 9pfs/virtfs backend
* Xtensa: sim machine console can be directed to chardev via -serial
* and lots more...
@
text
@$NetBSD: patch-default-configs_pci.mak,v 1.2 2016/05/15 01:25:15 ryoon Exp $
--- default-configs/pci.mak.orig 2016-05-11 15:56:07.000000000 +0000
+++ default-configs/pci.mak
@@@@ -36,5 +36,5 @@@@ CONFIG_SDHCI=y
CONFIG_EDU=y
CONFIG_VGA=y
CONFIG_VGA_PCI=y
-CONFIG_IVSHMEM=$(CONFIG_EVENTFD)
+CONFIG_IVSHMEM=$(CONFIG_SHM_OPEN)
CONFIG_ROCKER=y
@
1.2
log
@Update to 2.6.0
Changelog:
System emulation
Incompatible changes
The aio=native option to "-drive" now requires the cache=none option, instead of silently disabling itself for other cache modes. The newly invalid combination had been warning since QEMU 2.3.
Specifying block device parameter aio=native is now an error on POSIX systems if qemu is compiled without libaio support. The newly invalid combination had been warning since QEMU 2.3.
The experimental x-drive option for the sdhci-pci device has been removed. Instead of passing a drive directly to the SD controller device you now must create an SD card object (which will automatically be plugged into the SD controller), so "-device sdhci-pci,x-drive=mydrive -drive id=mydrive,[...]" becomes "-device sdhci-pci -device sd-card,drive=mydrive -drive id=mydrive,[...]".
The s390-virtio machine has been removed.
Machine types pc-q35-1.4, pc-q35-1.5, pc-q35-1.6, pc-q35-1.7, pc-q35-2.0, pc-q35-2.1, pc-q35-2.2 and pc-q35-2.3 have been removed.
The "virt" machine type's flash device has changed when TrustZone is active ("-machine virt,secure=on"). The first flash device is only available in secure memory, while the second is available in non-secure memory too.
Future incompatible changes
Three options are using different names on the command line and in configuration file. In particular:
The "acpi" configuration file section matches command-line option "acpitable";
The "boot-opts" configuration file section matches command-line option "boot";
The "smp-opts" configuration file section matches command-line option "smp".
-readconfig will standardize on the name for the command line option.
Behavior of automatic calculation of SMP topology when some SMP topology options for -smp are omitted (sockets, cores, threads) will change in the future. If guest ABI needs to be preserved on upgrades while using the SMP topology options, users should either set set all options explicitly (sockets, cores, threads), or omit all of them.
The original qcow2 image encryption is fatally flawed, and support for it will be disabled entirely from the system emulators. It'll remain available only in command line tools qemu-img, qemu-io, qemu-nbd to facilitate data liberation. It is recommended to use 'qemu-img convert' to convert qcow2 encrypted images to uncrypted ones. The new LUKS encryption driver can provide a secure replacement if raw files are acceptable, while a future release will integrate luks into qcow2 natively.
A few devices will be configured with explicit properties instead of implicitly. Unlikely to affect users; for the full list, see the 2.3 ChangeLog.
QMP command blockdev-add is still a work in progress. It doesn't support all block drivers, it lacks a matching blockdev-del, and more. It might change incompatibly.
ARM
Support for a separate EL3 address space
System mode supports BE8 and BE32. Note that qemu-system-arm can emulate both big-endian and little-endian guests (unlike user-mode emulation which has separate qemu-arm and qemu-armeb binaries).
Support for the SETEND instruction, used most notably on Raspbian through the arm-mem library (previously known as libcofi).
Faster boot thanks to DMA support in fw_cfg
The "virt" machine type supports a virtual power button and the "system_powerdown" monitor command
The "virt" machine type supports configuring network cards with -nic in addition to -netdev
The RAM limit for the "virt" machine type is now 255GB
The "xlnz-zynqmp" machine type now includes SPI controllers
The "xlnx-ep108" machine type now supports SPI flash
New partial Raspberry Pi 2 emulation with "raspi2" machine type. For now, it can boot older releases of Windows and Raspbian, but lacks a number of devices including USB.
New palmetto-bmc machine type using the new, partial ASPEED AST2400 SoC implementation
KVM
Support for guest debugging (software and hardware breakpoints, single step) on AArch64
MIPS
Support for FPU and MSA in KVM guests
Support for R6 Virtual Processors
Initial support for Cluster Power Controller and Global Configuration Registers allowing the guest to control the start of Virtual Processors
Support for Inter-Thread Communication Unit
Support for MAAR registers in P5600 CPU
PowerPC
Improved support for migration of g3beige and mac99 machines
Fix serial ports for g3beige and mac99 machines (OpenBIOS)
The gdb stub supports the VSX instruction set extensions
pSeries
pSeries machine types starting at pseries-2.6 use XHCI as the USB host controller instead of OHCI
Support for more hypercalls (H_SET_SPRG0, H_SET_DABR, H_SET_XDABR and H_PAGE_INIT)
Support for EEH on assigned PCI devices can use the normal spapr-pci-host-bridge instead of the special spapr-pci-vfio-host-bridge.
s390
Fixes and improvements in s390x PCI support
Support for hotplug of s390x cpus via cpu-add
Support for booting from virtio-scsi devices in the s390-ccw bios
SH
SPARC
sun4m: Fix for ldstub instruction resolves several 32-bit Solaris bugs (MUTEX_HELD hang, libC error, Java WebStart segfault)
sun4u: FreeBSD 10.3+ can now run under qemu-system-sparc64 in -nographic mode
TileGX
Tricore
Support for context management, illegal opcode and opd traps
Support for FPU instructions
x86
TCG
Support for the XSAVE/XSAVEOPT, MPX, FSGSBASE and PKE features
KVM
Support for "split irqchip". In this mode, QEMU emulates the IOAPIC, PIC (i8259) and PIT (i8254) devices while leaving the local APIC emulation to the kernel. This mode reduces the attack surface of KVM.
Support for the new PKU feature found in some Skylake processors
Support for migrating the TSC rate
Xen
Q35
Support resume (S3)
Support for legacy Windows guests (XP/2003)
Device emulation and assignment
New IPMI emulation subsystem. QEMU can now emulate an internal BMC or attach to an external BMC simulator such as OpenIPMI's lanserv. IPMI however is not yet exposed in SMBIOS and ACPI tables (do we want to docume?)
FIXME: what's the state of nvdimm?
ACPI
The floppy disk controller's characteristics are now exposed in the ACPI tables, which makes it possible to use floppies on Windows together with UEFI firmware.
Block devices
The floppy disk consk or an empty disk to a 2.88 MB disk
Improved compatibility of the SD device model with various operating systems and firmwares
The NVMe device supports the "bootindex" property.
The SDHCI device supports reset.
ivshmem
No longer available on hosts lacking eventfd(2), because inter-vm interrupts don't work there
New devices ivshmem-plain and ivshmem-doorbell, fully backwards compatible for guests, notable differences to ivshmem:
PCI revision is 1 instead of 0
ivshmem role=master becomes master=on, role=peer becomes master=off
ivshmem x-memdev=ID becomes ivshmem-plain memdev=ID
ivshmem shm=NAME,size=SZ becomes ivshmem-plain memdev=ID, with -object memory-backend-file,id=ID,mem-path=/dev/mem/NAME,size=SZ,share
ivshmem chardev=ID becomes ivshmem-doorbell,chardev=ID
Property ioeventfd defaults to on instead of off
ivshmem-plain never has MSI-X capability, and ivshmem-doorbell always has MSI-X capability
Device ivshmem is deprecated, and its experimental property x-memdev is gone
Interrupting a peer that reuses an unplugged peer's ID works again (broken in v1.2.0)
Unplug no longer destroys the character device, for consistency with other devices
The funny "no shared memory, yet" state is no longer guest-visible, and can no longer fail or mess up migration
Guests may require PCI revision 1 to make sure they're not exposed to the funny state
docs/specs/ivshmem-spec.txt rewritten for completeness and accuracy.
SCSI
Support for the LSI SAS1068 HBA (also known as "MPT Fusion"). Note that some operating systems will not recognize disks attached to this adapter, unless the disks are assigned a world-wide name (WWN).
PCI/PCIe
PCIe Multi-root support (using the new pxb-pcie root-compex)
USB
MTP: initial support for events
VFIO
Support for AMD XGBE platform passthrough
New sysfsdev property provides a more general way to specify the device to attach to.
Provided PCI option ROMs are fixed to include the same vendor and device id as the device exposed to the guest. This facilitates changing the ids of the devices.
virtio
Performance improvements via optimized vring accesses
The balloon driver statistics now include the amount of available memory (corresponding to "Available" in /proc/meminfo for Linux guests).
Character devices
The socket character device backend can now enable TLS over TCP connections, acting either as a TLS server:
$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
-chardev socket,id=s0,host=127.0.0.1,port=9000,tls-creds=tls0,server \
-device isa-serial,chardev=s0 \
...other args...
or a TLS client:
$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
-chardev socket,id=s0,host=127.0.0.1,port=9000,tls-creds=tls0 \
-device isa-serial,chardev=s0 \
...other args...
If operating in server mode, the same set of TLS credentials can be used for both character devices and the VNC server
All character devices can have their output logged to a plain file
$QEMU -chardev stdio,id=mon0,logfile=monitor.log \
-mon chardev=mon0 \
...other args...
will result in logging of all output on the HMP monitor. The logappend parameter controls whether the file is truncated at startup, defaulting to append.
GUI
SDL2 and SPICE now support OpenGL and virgl. For SPICE, Unix sockets are the only usable transport when OpenGL is enabled.
The "-vnc" and "-display vnc" options support ipv4=off and ipv6=off. Previously, only "ipv4" and "ipv6" were available.
Support getting input events directly from linux evdev devices, using "-object input-linux,id=$name,evdev=/dev/input/event$nr"
Support for ncurses on Windows.
Monitor
Support for a new "detach" option to "dump-guest-memory". The option dumps memory in the background. Progress can be queried using the new commands "info dump" (human monitor) and "query-dump" (QMP), as well as through the QMP event DUMP_COMPLETED.
Support for a new command "input-send-event" replacing the previous experimental command "x-input-send-event".
The human monitor command "drive_add -n" allows creating block devices that do not have a BlockBackend (similar to QMP blockdev-add).
Migration
Postcopy is not experimental anymore; the x-postcopy-ram capability was renamed to postcopy-ram.
Network
SLIRP now supports IPv6 for ICMP, UDP, TCP and TFTP.
mirror filter which can mirror traffic from netdev to socket chardev, vice versa.
redirector filter which can redirect traffic from netdev to socket chardev, vice versa.
Secret passing system
There is a new standard mechanism for securely passing secret credentials to QEMU, which will be used in combination with other subsystems. For example, network block device passwords, block device decryption passphrases, or TLS private key passwords can all use the same mechanism.
Passing credentials inline (insecure, only for developer testing)
$QEMU -object secret,id=sec0,data=letmein
Passing credentials via a plain file
$QEMU -object secret,id=sec0,file=mypassword.txt
Passing credentials via a base64 encoded file
$QEMU -object secret,id=sec0,file=mypassword.txt,format=base64
Passing credentials inline, encrypted with a master key (recommended for management apps)
$QEMU -object secret,id=master0,file=mykey.b64,format=base64 \
-object secret,id=sec0,data=[base64 ciphertext],\
keyid=master0,iv=[base64 IV],format=base64
TLS credential handling
It is now possible to use encrypted TLS private keys with credentials for TLS servers/clients in QEMU. The password for unlocking the private key is provided by a secret object whose id is specified via the passwordid' property
$QEMU -object secret,id=tlskey0,file=mypassword.txt \
-object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server,passwordid=tlskey0 \
...other args...
Block devices
Block device throttling now support specifying a burst length as well. While previously the burst could only be specified as a total number of IOPS (e.g. 10000 IOPS), more complex specifications such as "10000 IOPS for 10 seconds" are now possible. Note that, because of the implementation of the algorithm, a guest that is allowed "10000 IOPS for 10 seconds" will also be allowed to perform for example 5000 IOPS for 20 seconds.
The curl block device driver now supports HTTP authentication and HTTP proxy authentication via the new properties 'username', 'password-secret', 'proxy-username' and 'proxy-password-secret'.
$QEMU -object secret,id=sec0,file=password.txt \
-object secret,id=sec1,file=proxy-password.txt \
-drive driver=http,host=localhost,port=443,username=fred,password-secret=sec0,proxy-username=bob,proxy-password-secret=sec1 \
...other args...
The RBD block device driver can now use the secret object type to securely receive the authentication password without exposing it in the command line args
$QEMU -object secret,id=sec0,file=password.b64,format=base64 \
-drive driver=rbd,filename=rbd:pool/image:id=myname:auth_supported=cephx,password-secret=sec0 \
...other args...
The iSCSI block device driver can now use the secret object type to securely receive the authentication password without exposing it in the command line args
$QEMU -object secret,id=sec0,file=password.txt \
-iscsi user=fred,password-secret=sec0 \
-drive file=iscsi://192.168.122.1:3260/iqn.2013-12.com.example%3Aiscsi-chap-netpool/1
NB this syntax requires that all iSCSI backed drives use the same password
The qemu-io tool gained support for new '--object' and '--image-opts' arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to be defined for use in association with a block device backend. The '--image-opts' argument instructs qemu-io to parse the image string as a set of image options, instead of a plain filename. For example, to connect qemu-io to an NBD server using TLS
qemu-io -c "read 0 512" \
--object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
--image-opts driver=nbd,host=localhost,port=10809,tls-creds=tls0
The qemu-nbd tool gained support for new '--object' and '--image-opts' arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to be defined for use in association with a block device backend or the NBD server. The '--image-opts' argument instructs qemu-io to parse the image string as a set of image options, instead of a plain filename. For example, to connect qemu-nbd to an HTTP server with authentication and export it over NBD using TLS
qemu-nbd --readonly \
--object secret,id=sec0,file=passwd.txt \
--object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
--image-opts driver=http,url=http://some.random.host/some/image,username=fred,password-secret=sec0
The qemu-img tool gained support for new '--object' and '--image-opts' arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to be defined for use in association with a block device backend or the NBD server. The '--image-opts' argument instructs qemu-io to parse the image string as a set of image options, instead of a plain filename. For example, to a remote HTTP server with authentication
qemu-img info --object secret,id=sec0,file=passwd.txt \
--image-opts driver=http,url=http://some.random.host/some/image,username=fred,password-secret=sec0
Support for deleting snapshots on Sheepdog devices.
The NBD client and server now support use of TLS. When enabled, the server will mandate that the client also enable TLS and drop any client which attempts to continue in plain text. To run a qemu-nbd server with TLS:
qemu-nbd --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
--tls-creds tls0 \
/path/to/disk/image
To connect to a server that requires TLS with qemu-img:
qemu-img info --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
--image-opts driver=nbd,host=localhost,port=10809,tls-creds=tls0
To start a VM pointing to the NBD server
$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
-drive driver=nbd,host=localhost,port=10809,tls-creds=tls0 \
...other args...
The NBD server gained support for specifying an export name. When the client negotiates use of the new style NBD protocol the default export name is "". The --exportname argument allows this to be customized:
qemu-nbd --exportname myvol /path/to/myvol.qcow2
QEMU gained support for volumes formatted with the LUKSv1 data format. To format a new LUKS volume
qemu-img create -f luks \
--object secret,id=sec0,file=passphrase.txt \
-o key-secret=sec0 \
demo.luks 10G
To boot a guest from a LUKS volume:
$QEMU -object secret,id=sec0,file=passphrase.txt \
-drive driver=luks,key-secret=sec0,file=demo.luks \
...other args...
The LUKS implementation is intended to be compatible with that used by cryptsetup/dm-crypt, so it should be possible to use disk images interchangeably between them. The only caveat is that some less common cipher/hash algorithms are not yet supported by QEMU. It is also not yet possible to manage key-slots with qemu-img.
TCG
Record/replay support extended to cover character devices.
Tracing
The "stderr" tracing backend was replaced by the "log" tracing backend, which is now the default. This backend prints tracing messages to the destination specified with the "-D" option.
In addition to the existing "-trace file=...", tracepoints can be enabled using "-trace [enable=]...". The new option also supports globbing, as in "-trace bdrv_aio_*".
In addition to the existing "-trace file=...", tracepoints can be enabling using "-d trace:...". This option also supports globbing, as in "-d trace:bdrv_aio_*".
When using "-daemonize", the "-D" option also provides the file to which QEMU's stderr output will be redirected.
TCG supports a new "-dfilter" option to limit exec, out_asm, op and op_opt logging to a range of guest physical addresses. ARM also applies the filter to in_asm logging; this will be extended to other targets in future releases (FIXME: probably should do it now instead...)
A "%d" substring in the log file name is replaced with QEMU's pid.
User-mode emulation
The default CPU for ppc64 and ppc64le is now POWER8
@
text
@d1 1
a1 1
$NetBSD: patch-default-configs_pci.mak,v 1.1 2015/12/21 12:10:22 ryoon Exp $
@
1.1
log
@Fix build under NetBSD 6 or other platform that has no shm_open()
Fix PR pkg/50572.
@
text
@d1 1
a1 1
$NetBSD$
d3 1
a3 1
--- default-configs/pci.mak.orig 2015-12-16 22:04:48.000000000 +0000
d5 1
a5 1
@@@@ -35,5 +35,5 @@@@ CONFIG_SDHCI=y
d9 1
a9 1
-CONFIG_IVSHMEM=$(CONFIG_POSIX)
@
1.1.6.1
log
@Pullup ticket #5016 - requested by sevan
emulators/qemu: security fix
Revisions pulled up:
- emulators/qemu/Makefile 1.149
- emulators/qemu/PLIST 1.46
- emulators/qemu/distinfo 1.115
- emulators/qemu/patches/patch-configure 1.13
- emulators/qemu/patches/patch-default-configs_pci.mak 1.2
- emulators/qemu/patches/patch-hw_misc_ivshmem.c 1.1
- emulators/qemu/patches/patch-hw_ppc_mac__newworld.c 1.3
- emulators/qemu/patches/patch-hw_ppc_mac__oldworld.c 1.3
- emulators/qemu/patches/patch-memory.c 1.10
- emulators/qemu/patches/patch-slirp_tcp__subr.c 1.7
---
Module Name: pkgsrc
Committed By: ryoon
Date: Sun May 15 01:25:15 UTC 2016
Modified Files:
pkgsrc/emulators/qemu: Makefile PLIST distinfo
pkgsrc/emulators/qemu/patches: patch-configure
patch-default-configs_pci.mak patch-hw_ppc_mac__newworld.c
patch-hw_ppc_mac__oldworld.c patch-memory.c patch-slirp_tcp__subr.c
Added Files:
pkgsrc/emulators/qemu/patches: patch-hw_misc_ivshmem.c
Log Message:
Update to 2.6.0
Changelog:
System emulation
Incompatible changes
The aio=native option to "-drive" now requires the cache=none option, instead of silently disabling itself for other cache modes. The newly invalid combination had been warning since QEMU 2.3.
Specifying block device parameter aio=native is now an error on POSIX systems if qemu is compiled without libaio support. The newly invalid combination had been warning since QEMU 2.3.
The experimental x-drive option for the sdhci-pci device has been removed. Instead of passing a drive directly to the SD controller device you now must create an SD card object (which will
automatically be plugged into the SD controller), so "-device sdhci-pci,x-drive=mydrive -drive id=mydrive,[...]" becomes "-device sdhci-pci -device sd-card,drive=mydrive -drive id=mydrive,[...]".
The s390-virtio machine has been removed.
Machine types pc-q35-1.4, pc-q35-1.5, pc-q35-1.6, pc-q35-1.7, pc-q35-2.0, pc-q35-2.1, pc-q35-2.2 and pc-q35-2.3 have been removed.
The "virt" machine type's flash device has changed when TrustZone is active ("-machine virt,secure=on"). The first flash device is only available in secure memory, while the second is available
in non-secure memory too.
Future incompatible changes
Three options are using different names on the command line and in configuration file. In particular:
The "acpi" configuration file section matches command-line option "acpitable";
The "boot-opts" configuration file section matches command-line option "boot";
The "smp-opts" configuration file section matches command-line option "smp".
-readconfig will standardize on the name for the command line option.
Behavior of automatic calculation of SMP topology when some SMP topology options for -smp are omitted (sockets, cores, threads) will change in the future. If guest ABI needs to be preserved on
upgrades while using the SMP topology options, users should either set set all options explicitly (sockets, cores, threads), or omit all of them.
The original qcow2 image encryption is fatally flawed, and support for it will be disabled entirely from the system emulators. It'll remain available only in command line tools qemu-img, qemu-io,
qemu-nbd to facilitate data liberation. It is recommended to use 'qemu-img convert' to convert qcow2 encrypted images to uncrypted ones. The new LUKS encryption driver can provide a secure
replacement if raw files are acceptable, while a future release will integrate luks into qcow2 natively.
A few devices will be configured with explicit properties instead of implicitly. Unlikely to affect users; for the full list, see the 2.3 ChangeLog.
QMP command blockdev-add is still a work in progress. It doesn't support all block drivers, it lacks a matching blockdev-del, and more. It might change incompatibly.
ARM
Support for a separate EL3 address space
System mode supports BE8 and BE32. Note that qemu-system-arm can emulate both big-endian and little-endian guests (unlike user-mode emulation which has separate qemu-arm and qemu-armeb binaries).
Support for the SETEND instruction, used most notably on Raspbian through the arm-mem library (previously known as libcofi).
Faster boot thanks to DMA support in fw_cfg
The "virt" machine type supports a virtual power button and the "system_powerdown" monitor command
The "virt" machine type supports configuring network cards with -nic in addition to -netdev
The RAM limit for the "virt" machine type is now 255GB
The "xlnz-zynqmp" machine type now includes SPI controllers
The "xlnx-ep108" machine type now supports SPI flash
New partial Raspberry Pi 2 emulation with "raspi2" machine type. For now, it can boot older releases of Windows and Raspbian, but lacks a number of devices including USB.
New palmetto-bmc machine type using the new, partial ASPEED AST2400 SoC implementation
KVM
Support for guest debugging (software and hardware breakpoints, single step) on AArch64
MIPS
Support for FPU and MSA in KVM guests
Support for R6 Virtual Processors
Initial support for Cluster Power Controller and Global Configuration Registers allowing the guest to control the start of Virtual Processors
Support for Inter-Thread Communication Unit
Support for MAAR registers in P5600 CPU
PowerPC
Improved support for migration of g3beige and mac99 machines
Fix serial ports for g3beige and mac99 machines (OpenBIOS)
The gdb stub supports the VSX instruction set extensions
pSeries
pSeries machine types starting at pseries-2.6 use XHCI as the USB host controller instead of OHCI
Support for more hypercalls (H_SET_SPRG0, H_SET_DABR, H_SET_XDABR and H_PAGE_INIT)
Support for EEH on assigned PCI devices can use the normal spapr-pci-host-bridge instead of the special spapr-pci-vfio-host-bridge.
s390
Fixes and improvements in s390x PCI support
Support for hotplug of s390x cpus via cpu-add
Support for booting from virtio-scsi devices in the s390-ccw bios
SH
SPARC
sun4m: Fix for ldstub instruction resolves several 32-bit Solaris bugs (MUTEX_HELD hang, libC error, Java WebStart segfault)
sun4u: FreeBSD 10.3+ can now run under qemu-system-sparc64 in -nographic mode
TileGX
Tricore
Support for context management, illegal opcode and opd traps
Support for FPU instructions
x86
TCG
Support for the XSAVE/XSAVEOPT, MPX, FSGSBASE and PKE features
KVM
Support for "split irqchip". In this mode, QEMU emulates the IOAPIC, PIC (i8259) and PIT (i8254) devices while leaving the local APIC emulation to the kernel. This mode reduces the attack surface
of KVM.
Support for the new PKU feature found in some Skylake processors
Support for migrating the TSC rate
Xen
Q35
Support resume (S3)
Support for legacy Windows guests (XP/2003)
Device emulation and assignment
New IPMI emulation subsystem. QEMU can now emulate an internal BMC or attach to an external BMC simulator such as OpenIPMI's lanserv. IPMI however is not yet exposed in SMBIOS and ACPI tables (do
we want to docume?)
FIXME: what's the state of nvdimm?
ACPI
The floppy disk controller's characteristics are now exposed in the ACPI tables, which makes it possible to use floppies on Windows together with UEFI firmware.
Block devices
The floppy disk consk or an empty disk to a 2.88 MB disk
Improved compatibility of the SD device model with various operating systems and firmwares
The NVMe device supports the "bootindex" property.
The SDHCI device supports reset.
ivshmem
No longer available on hosts lacking eventfd(2), because inter-vm interrupts don't work there
New devices ivshmem-plain and ivshmem-doorbell, fully backwards compatible for guests, notable differences to ivshmem:
PCI revision is 1 instead of 0
ivshmem role=master becomes master=on, role=peer becomes master=off
ivshmem x-memdev=ID becomes ivshmem-plain memdev=ID
ivshmem shm=NAME,size=SZ becomes ivshmem-plain memdev=ID, with -object memory-backend-file,id=ID,mem-path=/dev/mem/NAME,size=SZ,share
ivshmem chardev=ID becomes ivshmem-doorbell,chardev=ID
Property ioeventfd defaults to on instead of off
ivshmem-plain never has MSI-X capability, and ivshmem-doorbell always has MSI-X capability
Device ivshmem is deprecated, and its experimental property x-memdev is gone
Interrupting a peer that reuses an unplugged peer's ID works again (broken in v1.2.0)
Unplug no longer destroys the character device, for consistency with other devices
The funny "no shared memory, yet" state is no longer guest-visible, and can no longer fail or mess up migration
Guests may require PCI revision 1 to make sure they're not exposed to the funny state
docs/specs/ivshmem-spec.txt rewritten for completeness and accuracy.
SCSI
Support for the LSI SAS1068 HBA (also known as "MPT Fusion"). Note that some operating systems will not recognize disks attached to this adapter, unless the disks are assigned a world-wide name
(WWN).
PCI/PCIe
PCIe Multi-root support (using the new pxb-pcie root-compex)
USB
MTP: initial support for events
VFIO
Support for AMD XGBE platform passthrough
New sysfsdev property provides a more general way to specify the device to attach to.
Provided PCI option ROMs are fixed to include the same vendor and device id as the device exposed to the guest. This facilitates changing the ids of the devices.
virtio
Performance improvements via optimized vring accesses
The balloon driver statistics now include the amount of available memory (corresponding to "Available" in /proc/meminfo for Linux guests).
Character devices
The socket character device backend can now enable TLS over TCP connections, acting either as a TLS server:
$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
-chardev socket,id=s0,host=127.0.0.1,port=9000,tls-creds=tls0,server \
-device isa-serial,chardev=s0 \
...other args...
or a TLS client:
$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
-chardev socket,id=s0,host=127.0.0.1,port=9000,tls-creds=tls0 \
-device isa-serial,chardev=s0 \
...other args...
If operating in server mode, the same set of TLS credentials can be used for both character devices and the VNC server
All character devices can have their output logged to a plain file
$QEMU -chardev stdio,id=mon0,logfile=monitor.log \
-mon chardev=mon0 \
...other args...
will result in logging of all output on the HMP monitor. The logappend parameter controls whether the file is truncated at startup, defaulting to append.
GUI
SDL2 and SPICE now support OpenGL and virgl. For SPICE, Unix sockets are the only usable transport when OpenGL is enabled.
The "-vnc" and "-display vnc" options support ipv4=off and ipv6=off. Previously, only "ipv4" and "ipv6" were available.
Support getting input events directly from linux evdev devices, using "-object input-linux,id=$name,evdev=/dev/input/event$nr"
Support for ncurses on Windows.
Monitor
Support for a new "detach" option to "dump-guest-memory". The option dumps memory in the background. Progress can be queried using the new commands "info dump" (human monitor) and "query-dump"
(QMP), as well as through the QMP event DUMP_COMPLETED.
Support for a new command "input-send-event" replacing the previous experimental command "x-input-send-event".
The human monitor command "drive_add -n" allows creating block devices that do not have a BlockBackend (similar to QMP blockdev-add).
Migration
Postcopy is not experimental anymore; the x-postcopy-ram capability was renamed to postcopy-ram.
Network
SLIRP now supports IPv6 for ICMP, UDP, TCP and TFTP.
mirror filter which can mirror traffic from netdev to socket chardev, vice versa.
redirector filter which can redirect traffic from netdev to socket chardev, vice versa.
Secret passing system
There is a new standard mechanism for securely passing secret credentials to QEMU, which will be used in combination with other subsystems. For example, network block device passwords, block device
decryption passphrases, or TLS private key passwords can all use the same mechanism.
Passing credentials inline (insecure, only for developer testing)
$QEMU -object secret,id=sec0,data=letmein
Passing credentials via a plain file
$QEMU -object secret,id=sec0,file=mypassword.txt
Passing credentials via a base64 encoded file
$QEMU -object secret,id=sec0,file=mypassword.txt,format=base64
Passing credentials inline, encrypted with a master key (recommended for management apps)
$QEMU -object secret,id=master0,file=mykey.b64,format=base64 \
-object secret,id=sec0,data=[base64 ciphertext],\
keyid=master0,iv=[base64 IV],format=base64
TLS credential handling
It is now possible to use encrypted TLS private keys with credentials for TLS servers/clients in QEMU. The password for unlocking the private key is provided by a secret object whose id is specified
via the passwordid' property
$QEMU -object secret,id=tlskey0,file=mypassword.txt \
-object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server,passwordid=tlskey0 \
...other args...
Block devices
Block device throttling now support specifying a burst length as well. While previously the burst could only be specified as a total number of IOPS (e.g. 10000 IOPS), more complex specifications
such as "10000 IOPS for 10 seconds" are now possible. Note that, because of the implementation of the algorithm, a guest that is allowed "10000 IOPS for 10 seconds" will also be allowed to perform
for example 5000 IOPS for 20 seconds.
The curl block device driver now supports HTTP authentication and HTTP proxy authentication via the new properties 'username', 'password-secret', 'proxy-username' and 'proxy-password-secret'.
$QEMU -object secret,id=sec0,file=password.txt \
-object secret,id=sec1,file=proxy-password.txt \
-drive driver=http,host=localhost,port=443,username=fred,password-secret=sec0,proxy-username=bob,proxy-password-secret=sec1 \
...other args...
The RBD block device driver can now use the secret object type to securely receive the authentication password without exposing it in the command line args
$QEMU -object secret,id=sec0,file=password.b64,format=base64 \
-drive driver=rbd,filename=rbd:pool/image:id=myname:auth_supported=cephx,password-secret=sec0 \
...other args...
The iSCSI block device driver can now use the secret object type to securely receive the authentication password without exposing it in the command line args
$QEMU -object secret,id=sec0,file=password.txt \
-iscsi user=fred,password-secret=sec0 \
-drive file=iscsi://192.168.122.1:3260/iqn.2013-12.com.example%3Aiscsi-chap-netpool/1
NB this syntax requires that all iSCSI backed drives use the same password
The qemu-io tool gained support for new '--object' and '--image-opts' arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to be defined for use in association with a
block device backend. The '--image-opts' argument instructs qemu-io to parse the image string as a set of image options, instead of a plain filename. For example, to connect qemu-io to an NBD server
using TLS
qemu-io -c "read 0 512" \
--object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
--image-opts driver=nbd,host=localhost,port=10809,tls-creds=tls0
The qemu-nbd tool gained support for new '--object' and '--image-opts' arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to be defined for use in association with a
block device backend or the NBD server. The '--image-opts' argument instructs qemu-io to parse the image string as a set of image options, instead of a plain filename. For example, to connect
qemu-nbd to an HTTP server with authentication and export it over NBD using TLS
qemu-nbd --readonly \
--object secret,id=sec0,file=passwd.txt \
--object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
--image-opts driver=http,url=http://some.random.host/some/image,username=fred,password-secret=sec0
The qemu-img tool gained support for new '--object' and '--image-opts' arguments. The --object argument allows 'secret' and 'tls-creds-x509' objects to be defined for use in association with a
block device backend or the NBD server. The '--image-opts' argument instructs qemu-io to parse the image string as a set of image options, instead of a plain filename. For example, to a remote HTTP
server with authentication
qemu-img info --object secret,id=sec0,file=passwd.txt \
--image-opts driver=http,url=http://some.random.host/some/image,username=fred,password-secret=sec0
Support for deleting snapshots on Sheepdog devices.
The NBD client and server now support use of TLS. When enabled, the server will mandate that the client also enable TLS and drop any client which attempts to continue in plain text. To run a
qemu-nbd server with TLS:
qemu-nbd --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=server \
--tls-creds tls0 \
/path/to/disk/image
To connect to a server that requires TLS with qemu-img:
qemu-img info --object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
--image-opts driver=nbd,host=localhost,port=10809,tls-creds=tls0
To start a VM pointing to the NBD server
$QEMU -object tls-creds-x509,id=tls0,dir=$HOME/.pki/qemutls,endpoint=client \
-drive driver=nbd,host=localhost,port=10809,tls-creds=tls0 \
...other args...
The NBD server gained support for specifying an export name. When the client negotiates use of the new style NBD protocol the default export name is "". The --exportname argument allows this to
be customized:
qemu-nbd --exportname myvol /path/to/myvol.qcow2
QEMU gained support for volumes formatted with the LUKSv1 data format. To format a new LUKS volume
qemu-img create -f luks \
--object secret,id=sec0,file=passphrase.txt \
-o key-secret=sec0 \
demo.luks 10G
To boot a guest from a LUKS volume:
$QEMU -object secret,id=sec0,file=passphrase.txt \
-drive driver=luks,key-secret=sec0,file=demo.luks \
...other args...
The LUKS implementation is intended to be compatible with that used by cryptsetup/dm-crypt, so it should be possible to use disk images interchangeably between them. The only caveat is that some less
common cipher/hash algorithms are not yet supported by QEMU. It is also not yet possible to manage key-slots with qemu-img.
TCG
Record/replay support extended to cover character devices.
Tracing
The "stderr" tracing backend was replaced by the "log" tracing backend, which is now the default. This backend prints tracing messages to the destination specified with the "-D" option.
In addition to the existing "-trace file=...", tracepoints can be enabled using "-trace [enable=]...". The new option also supports globbing, as in "-trace bdrv_aio_*".
In addition to the existing "-trace file=...", tracepoints can be enabling using "-d trace:...". This option also supports globbing, as in "-d trace:bdrv_aio_*".
When using "-daemonize", the "-D" option also provides the file to which QEMU's stderr output will be redirected.
TCG supports a new "-dfilter" option to limit exec, out_asm, op and op_opt logging to a range of guest physical addresses. ARM also applies the filter to in_asm logging; this will be extended to
other targets in future releases (FIXME: probably should do it now instead...)
A "%d" substring in the log file name is replaced with QEMU's pid.
User-mode emulation
The default CPU for ppc64 and ppc64le is now POWER8
@
text
@d3 1
a3 1
--- default-configs/pci.mak.orig 2016-05-11 15:56:07.000000000 +0000
d5 1
a5 1
@@@@ -36,5 +36,5 @@@@ CONFIG_SDHCI=y
d9 1
a9 1
-CONFIG_IVSHMEM=$(CONFIG_EVENTFD)
@
1.1.2.1
log
@file patch-default-configs_pci.mak was added on branch pkgsrc-2015Q3 on 2015-12-22 20:21:43 +0000
@
text
@d1 11
@
1.1.2.2
log
@Pullup ticket #4876 - requested by ryoon
emulators/qemu: security fix
Revisions pulled up:
- emulators/qemu/Makefile 1.147-1.148
- emulators/qemu/PLIST 1.44-1.45
- emulators/qemu/distinfo 1.109-1.110
- emulators/qemu/options.mk 1.2
- emulators/qemu/patches/patch-Makefile.objs 1.1
- emulators/qemu/patches/patch-configure 1.7-1.8
- emulators/qemu/patches/patch-default-configs_pci.mak 1.1
- emulators/qemu/patches/patch-tests_Makefile 1.3
---
Module Name: pkgsrc
Committed By: ryoon
Date: Fri Dec 18 22:39:33 UTC 2015
Modified Files:
pkgsrc/emulators/qemu: Makefile PLIST distinfo
pkgsrc/emulators/qemu/patches: patch-configure patch-tests_Makefile
Log Message:
Update to 2.5.0
Changelog:
== System emulation ==
* guard pages are now inserted after guest RAM, to guard against guest-triggered buffer overflow attacks
=== Incompatible changes ===
* The mips32r5-generic CPU was renamed to P5600
* Host floppy device pass-through (block driver "host_floppy") has been removed; it is still possible to use them just like any other device file, however, a medium change will no longer be passed
through to the guest
=== Future incompatible changes ===
* Three options are using different names on the command line and in configuration file. In particular:
** The "acpi" configuration file section matches command-line option "acpitable";
** The "boot-opts" configuration file section matches command-line option "boot";
** The "smp-opts" configuration file section matches command-line option "smp".
:-readconfig will standardize on the name for the command line option.
* Behavior of automatic calculation of SMP topology when some SMP topology options for -smp are omitted (sockets, cores, threads) will change in the future. If guest ABI needs to be preserved on
upgrades while using the SMP topology options, users should either set set all options explicitly (sockets, cores, threads), or omit all of them.
* Image encryption is fatally flawed, and will be dropped entirely. It'll remain available only in qemu-img, so you can use 'qemu-img convert' to convert encrypted images to uncrypted ones.
* Block device parameter aio=native has no effect without cache.direct=on. It will be made an error.
* Block device parameter aio=native has no effect if qemu is compiled without libaio support. It will be made an error.
* A few devices will be configured with explicit properties instead of implicitly. Unlikely to affect users; for the full list, see the 2.3 ChangeLog.
* QMP command blockdev-add is still a work in progress. It doesn't support all block drivers, it lacks a matching blockdev-del, and more. It might change incompatibly.
* The s390-virtio machine has been deprecated for 2.5; it will be removed in 2.6. s390x users should switch to the (default) s390-ccw-virtio machine.
* Changes to device "sdhci-pci" will make migration between old and new versions impossible.
* We intend to drop support for running QEMU on MacOSX 10.5 hosts in the QEMU 2.6 release, unless somebody who uses it wishes to step forward and help us with regular testing.
=== Alpha ===
=== ARM ===
* The "virt" machine type supports passing SMBIOS to the firmware.
* Semihosting support on AArch64
* New i.MX31 SoC.
* The ZynqMP and Allwinner A10 platforms support AHCI.
* Support for VGICv3 in KVM
* Support for GICv3 in the ACPI tables.
* The "virt" machine now has a second PCIe MMIO region of 512GB in size in high memory. Note that older 32-bit ARM Linux kernels built without CONFIG_LPAE have a bug where the presence of this region
in high memory causes them to refuse to use the PCIe controller at all. In this case you can either reconfigure your kernel with CONFIG_LPAE=y, or pass QEMU the "-machine highmem=off" option to
disable the use of high memory for PCIe. The kernel bug is expected to be fixed in Linux kernel release 4.4.
=== MIPS ===
* The mips32r5-generic CPU was renamed to P5600
* Improvements to MIPS R6 emulation
=== PowerPC ===
==== pSeries ====
* Support for memory hotplug
* The shipped version of SLOF includes GPT support.
* Using VFIO doesn't need spapr-pci-vfio-host-bridge anymore.
* virtio-vga now supported on sPAPR guests.
* [[Features/HRandomHypercall | H_RANDOM hypercall]] device for providing good random data to the guests.
==== Mac99 ====
* Improve ability to boot MacOS 9 (based upon GSoC project "Implement support for Mac OS 9 in QEMU " by Cormac O'Brien)
=== s390 ===
* Storage keys are migrated.
* New "info skeys" command in HMP to dump the storage key for a given address.
* Support for virtio 1 in the virtio-ccw devices.
** A maximum virtio-ccw revision can be specified via the "max_revision" property: max_revision=0 may be used to enforce usage of legacy virtio mode.
* Support for boot from El Torito iso images on virtio-blk has been added.
=== SH ===
=== SPARC ===
* sun4u: Fix EBus device enumeration under FreeBSD SPARC64 (OpenBIOS)
=== TileGX ===
* New target.
=== x86 ===
* The emulated IOMMU (VT-d) supports devices behind a bridge
* QEMU will warn when using a "-cpu" model that includes unsupported features. These features are disabled automatically, just like in previous versions of QEMU
* /machine/icc-bridge was removed from the QOM tree. Software relying on icc-bridge to find CPU objects should use the "qom_path" field of "query-cpus" QMP command
==== CPU models and features ====
* Haswell and Broadwell CPU models now include ABM
* Cache information passthrough (which was enabled by default on "-cpu host") is now disabled by default
* ABM, POPCNT, and SSE4a are not enabled in the default CPU models (qemu64, qemu32) anymore, as many hosts don't support it
* RDTSCP was removed from AMD CPU models, as current KVM versions can't expose RDTSCP to guests in AMD hosts
* New Intel memory instructions (clflushopt/clwb/pcommit) are now supported
* TCG now supports Debug Extensions (CR4.DE)
==== KVM ====
* Support for Hyper-V-compatible reporting of crashes.
==== Xen ====
* Support for passthrough of Intel integrated GPUs.
=== Device emulation and assignment ===
* fw_cfg supports a DMA interface on ARM and x86. This interface makes -kernel/-initrd much faster if supported by the firmware. SeaBIOS supports the DMA interface starting with release 1.9.0
(commit 06316c9d). The UEFI guest fw for ARM VMs (known as ArmVirtQemu or AAVMF) supports the DMA interface starting with git commit 953bcbcc / SVN r18545.
==== ACPI ====
==== Audio ====
==== Block devices ====
==== Character devices ====
==== IDE ====
* AHCI ATAPI PIO transfers greater than one sector are fixe 0. On guest
acknowledge, all functions are ejected together.
==== TPM ====
==== VFIO ====
==== virtio ====
* virtio-gpu now supports 3D mode
* vhost-user now supports live migration. client changes are required to enable this. When used with an old client without migration support, vhost-user will now block migration (instead of failing
silently)
* vhost-user now supports multi-queue. Use queues=# to enable this. client changes are required to enable this mode. When used with an old client without multi-queue support, device will
automatically fall back on using a single pair of queues.
* vhost-user protocol now includes protocol feature negotiation, including multiple new messages. When used with old clients, all new messages are automatically disabled.
* vhost-user no longer sents the RESET_OWNER message on device stop. The only QEMU version that sent it was 2.4, the message is now officially deprecated.
* migration now works when virtio 1 is enabled for virtio-pci
* For virtio-pci, virtio 1 performance on kvm on Intel CPUs has been improved (on kernel 4.4 and up).
* a new flag modern-pio-notify can be used to enable PIO for notifications in virtio 1 mode, to improve performance for host kernels older than 4.4, and processors without EPT support.
* virtio devices can now be placed on the pci express bus
* vhost is no longer disabled when guest does not use MSI-X. The vhostforce flag is no longer required.
* in virtio 1 mode, scsi passthrough is now disabled for virtio blk
* Please note that for virtio-pci, the modern (virtio 1) interface is still disabled by default. To enable, set the flag disable-modern=off.
==== VGA ====
=== Character devices ===
=== GUI ===
* New syntax for enabling TLS in the VNC server:
** Equivalent to -vnc hostname:0,tls: -object tls-creds-anon,id=tls0,endpoint=server -vnc hostname:0,tls-creds=tls0
** Equivalent to -vnc hostname:0,tls,x509=/path/to/certs: -object tls-creds-x509,id=tls0,endpoint=server,dir=/path/to/certs,verify-peer=no -vnc hostname:0,tls-creds=tls0
** Equivalent to -vnc hostname:0,tls,x509verify=/path/to/certs: -object tls-creds-x509,id=tls0,endpoint=server,dir=/path/to/certs,verify-peer=yes -vnc hostname:0,tls-creds=tls0
* The Cocoa GUI does not have show an 'open image file' dialog box anymore even if QEMU is started without arguments
* Thu curses GUI supports 256 colors and line graphics.
=== Monitor ===
* New "info iothreads" command.
* New "query-qmp-schema" command allows the caller to [[Features/QMP/Introspection | introspect the QMP schema]] used by QEMU.
=== Migration ===
* [[Features/PostCopyLiveMigration | Postcopy migration]] for migration of large/busy guests
* A more flexible [[Features/AutoconvergeLiveMigration | auto-converge mechanism]] (for busy guests)
=== Network ===
* Support for multiqueue in vhost-user.
* Support for network filters. Currently, the only filter objects are "filter-buffer", which batches packets every N microseconds, and "filter-dump", which can be used to log the network traffic in
a file. Filters are attached to a netdev device using e.g. "-object filter-buffer,id=filter,netdev=net0,queue=rx,interval=1000" (which creates a 1ms filter-buffer).
=== Block devices in system emulation ===
=== Command-line options ===
=== TCG ===
* Improved system emulation performance for targets with software TLBs (e.g. SPARC).
* Initial support for [[Features/record-replay | record/replay]].
== Block devices and tools ==
* The HMP "change" command (QMP's “"lockdev-change-medium") now allows you to change the read-only mode of the device (e.g. when inserting a read-only floppy disk image into a previously R/W drive)
* Fine-grained control over a block device's tray with the new QMP commands "blockdev-open-tray", "blockdev-close-tray", "x-blockdev-insert-medium", and "x-blockdev-remove-medium" (the latter two are
experimental for now)
* New "reopen" command in qemu-io
* block-dirty-bitmap-add and block-dirty-bitmap-clear transaction actions have been added to now fully support (transient) incremental bitmap usage and management.
* QMP transactions now support a "completion-mode" parameter which controls the completion behavior of jobs launched by transactions, which will allow them to fail together. See the
[https://github.com/qemu/qemu/blob/master/docs/bitmaps.md bitmaps.md] documentation for how this affects incremental backups.
* Block I/O accounting can now report average queue depth, min/avg/max latency, and failed/invalid request counts
* qcow2 learnt a new option ''cache-clean-interval'', which allows to free unused cache entries after some time.
* An experimental QMP command ''x-blockdev-del'' was added as a completement for the (also still experimental) ''blockdev-add'' command.
* A new QMP command ''blockdev-snapshot'' that allows creating a snapshot using as overlay an image previously opened with ''blockdev-add''. This allows opening the overlay image with arbitrary
run-time options, solving one of the limitations of ''blockdev-snapshot-sync''.
* It is now possible to open an image without its backing file by specifying the empty string as a backing file reference when opening the image. This is useful for creating snapshots, since images
opened with ''blockdev-add'' are not supposed to have a backing file before the ''blockdev-snapshot'' operation.
* Host CD-ROM support now works on Mac OS X hosts
* Host floppy support has been removed (it was deprecated in QEMU 2.3)
* The temporary "x-data-plane=on/off" option for virtio-blk device is removed now, all users are requested to use the canonical "-object iothread,id= -device virtio-blk,iothread=,..." syntax.
== Audio ==
== Guest agent ==
* Add an optional qemu-ga.conf system configuration
* Support for dumping the configuration current file with --dump-conf
* Win32 support for guest-set-user-password
* New command guest-exec
== User-mode emulation ==
* The configure option --disable-guest-base has been removed.
== Build dependencies ==
* libcacard has been moved to a standalone project, hosted at git://anongit.freedesktop.org/spice/libcacard. The libcacard library from QEMU 2.4 can also be used to build QEMU 2.5.
* virtio-gpu 3D support requires virglrenderer.
== Known issues ==
* SDL audio only works with SDL 1.x.
* 64-bit QEMU might crash on Windows (problems with stack unwinding, depends on build environment, [http://repo.or.cz/w/qemu/ar7.git/commit/8fa9c07c9a33174905e67589bea6be3e278712cb possible fix])
* QEMU's configure script fails with pdksh from OpenBSD (see [https://bugs.launchpad.net/qemu/+bug/1525682 bug #1525682]. Using another shell with configure should work.
---
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Dec 21 12:10:22 UTC 2015
Modified Files:
pkgsrc/emulators/qemu: Makefile PLIST distinfo options.mk
pkgsrc/emulators/qemu/patches: patch-configure
Added Files:
pkgsrc/emulators/qemu/patches: patch-Makefile.objs
patch-default-configs_pci.mak
Log Message:
Fix build under NetBSD 6 or other platform that has no shm_open()
Fix PR pkg/50572.
@
text
@a0 11
$NetBSD$
--- default-configs/pci.mak.orig 2015-12-16 22:04:48.000000000 +0000
+++ default-configs/pci.mak
@@@@ -35,5 +35,5 @@@@ CONFIG_SDHCI=y
CONFIG_EDU=y
CONFIG_VGA=y
CONFIG_VGA_PCI=y
-CONFIG_IVSHMEM=$(CONFIG_POSIX)
+CONFIG_IVSHMEM=$(CONFIG_SHM_OPEN)
CONFIG_ROCKER=y
@