OSDN -- 오픈 소스 소프트웨어 개발 및 다운로드
Translation Status of 한국말 translation status for ko
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

Commit

Tags
No Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

Commit MetaInfo

Revisione2fcbf4263231f09723e60811c3419cf509225d6 (tree)
Time2020-03-06 19:07:14
AuthorPeter Maydell <peter.maydell@lina...>
CommiterPeter Maydell

Log Message

qemu-options.hx: Add rST documentation fragments

Add the rST versions of the documentation fragments to qemu-options.hx.

This is entirely autogenerated using scripts/hxtool-conv.pl.
The result is not quite valid rST in all places; the following
commit will have the manual adjustments needed.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Change Summary

Incremental Difference

--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -18,6 +18,10 @@ STEXI
1818 @findex -h
1919 Display help and exit
2020 ETEXI
21+SRST
22+``-h``
23+ Display help and exit
24+ERST
2125
2226 DEF("version", 0, QEMU_OPTION_version,
2327 "-version display version information and exit\n", QEMU_ARCH_ALL)
@@ -26,6 +30,10 @@ STEXI
2630 @findex -version
2731 Display version information and exit
2832 ETEXI
33+SRST
34+``-version``
35+ Display version information and exit
36+ERST
2937
3038 DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
3139 "-machine [type=]name[,prop[=value][,...]]\n"
@@ -100,6 +108,73 @@ Enables or disables ACPI Heterogeneous Memory Attribute Table (HMAT) support.
100108 The default is off.
101109 @end table
102110 ETEXI
111+SRST
112+``-machine [type=]name[,prop=value[,...]]``
113+ Select the emulated machine by name. Use ``-machine help`` to list
114+ available machines.
115+
116+ For architectures which aim to support live migration compatibility
117+ across releases, each release will introduce a new versioned machine
118+ type. For example, the 2.8.0 release introduced machine types
119+ "pc-i440fx-2.8" and "pc-q35-2.8" for the x86\_64/i686 architectures.
120+
121+ To allow live migration of guests from QEMU version 2.8.0, to QEMU
122+ version 2.9.0, the 2.9.0 version must support the "pc-i440fx-2.8"
123+ and "pc-q35-2.8" machines too. To allow users live migrating VMs to
124+ skip multiple intermediate releases when upgrading, new releases of
125+ QEMU will support machine types from many previous versions.
126+
127+ Supported machine properties are:
128+
129+ ``accel=accels1[:accels2[:...]]``
130+ This is used to enable an accelerator. Depending on the target
131+ architecture, kvm, xen, hax, hvf, whpx or tcg can be available.
132+ By default, tcg is used. If there is more than one accelerator
133+ specified, the next one is used if the previous one fails to
134+ initialize.
135+
136+ ``vmport=on|off|auto``
137+ Enables emulation of VMWare IO port, for vmmouse etc. auto says
138+ to select the value based on accel. For accel=xen the default is
139+ off otherwise the default is on.
140+
141+ ``dump-guest-core=on|off``
142+ Include guest memory in a core dump. The default is on.
143+
144+ ``mem-merge=on|off``
145+ Enables or disables memory merge support. This feature, when
146+ supported by the host, de-duplicates identical memory pages
147+ among VMs instances (enabled by default).
148+
149+ ``aes-key-wrap=on|off``
150+ Enables or disables AES key wrapping support on s390-ccw hosts.
151+ This feature controls whether AES wrapping keys will be created
152+ to allow execution of AES cryptographic functions. The default
153+ is on.
154+
155+ ``dea-key-wrap=on|off``
156+ Enables or disables DEA key wrapping support on s390-ccw hosts.
157+ This feature controls whether DEA wrapping keys will be created
158+ to allow execution of DEA cryptographic functions. The default
159+ is on.
160+
161+ ``nvdimm=on|off``
162+ Enables or disables NVDIMM support. The default is off.
163+
164+ ``enforce-config-section=on|off``
165+ If ``enforce-config-section`` is set to on, force migration code
166+ to send configuration section even if the machine-type sets the
167+ ``migration.send-configuration`` property to off. NOTE: this
168+ parameter is deprecated. Please use ``-global``
169+ ``migration.send-configuration``\ =on\|off instead.
170+
171+ ``memory-encryption=``
172+ Memory encryption object to use. The default is none.
173+
174+ ``hmat=on|off``
175+ Enables or disables ACPI Heterogeneous Memory Attribute Table
176+ (HMAT) support. The default is off.
177+ERST
103178
104179 HXCOMM Deprecated by -machine
105180 DEF("M", HAS_ARG, QEMU_OPTION_M, "", QEMU_ARCH_ALL)
@@ -111,6 +186,11 @@ STEXI
111186 @findex -cpu
112187 Select CPU model (@code{-cpu help} for list and additional feature selection)
113188 ETEXI
189+SRST
190+``-cpu model``
191+ Select CPU model (``-cpu help`` for list and additional feature
192+ selection)
193+ERST
114194
115195 DEF("accel", HAS_ARG, QEMU_OPTION_accel,
116196 "-accel [accel=]accelerator[,prop[=value][,...]]\n"
@@ -147,6 +227,40 @@ is to enable multi-threading where both the back-end and front-ends support it a
147227 no incompatible TCG features have been enabled (e.g. icount/replay).
148228 @end table
149229 ETEXI
230+SRST
231+``-accel name[,prop=value[,...]]``
232+ This is used to enable an accelerator. Depending on the target
233+ architecture, kvm, xen, hax, hvf, whpx or tcg can be available. By
234+ default, tcg is used. If there is more than one accelerator
235+ specified, the next one is used if the previous one fails to
236+ initialize.
237+
238+ ``igd-passthru=on|off``
239+ When Xen is in use, this option controls whether Intel
240+ integrated graphics devices can be passed through to the guest
241+ (default=off)
242+
243+ ``kernel-irqchip=on|off|split``
244+ Controls KVM in-kernel irqchip support. The default is full
245+ acceleration of the interrupt controllers. On x86, split irqchip
246+ reduces the kernel attack surface, at a performance cost for
247+ non-MSI interrupts. Disabling the in-kernel irqchip completely
248+ is not recommended except for debugging purposes.
249+
250+ ``kvm-shadow-mem=size``
251+ Defines the size of the KVM shadow MMU.
252+
253+ ``tb-size=n``
254+ Controls the size (in MiB) of the TCG translation block cache.
255+
256+ ``thread=single|multi``
257+ Controls number of TCG threads. When the TCG is multi-threaded
258+ there will be one thread per vCPU therefor taking advantage of
259+ additional host cores. The default is to enable multi-threading
260+ where both the back-end and front-ends support it and no
261+ incompatible TCG features have been enabled (e.g.
262+ icount/replay).
263+ERST
150264
151265 DEF("smp", HAS_ARG, QEMU_OPTION_smp,
152266 "-smp [cpus=]n[,maxcpus=cpus][,cores=cores][,threads=threads][,dies=dies][,sockets=sockets]\n"
@@ -170,6 +284,17 @@ per cores, the number of @var{dies} per packages and the total number of
170284 If any on the three values is given, the total number of CPUs @var{n} can be omitted.
171285 @var{maxcpus} specifies the maximum number of hotpluggable CPUs.
172286 ETEXI
287+SRST
288+``-smp [cpus=]n[,cores=cores][,threads=threads][,dies=dies][,sockets=sockets][,maxcpus=maxcpus]``
289+ Simulate an SMP system with n CPUs. On the PC target, up to 255 CPUs
290+ are supported. On Sparc32 target, Linux limits the number of usable
291+ CPUs to 4. For the PC target, the number of cores per die, the
292+ number of threads per cores, the number of dies per packages and the
293+ total number of sockets can be specified. Missing values will be
294+ computed. If any on the three values is given, the total number of
295+ CPUs n can be omitted. maxcpus specifies the maximum number of
296+ hotpluggable CPUs.
297+ERST
173298
174299 DEF("numa", HAS_ARG, QEMU_OPTION_numa,
175300 "-numa node[,mem=size][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=node]\n"
@@ -322,6 +447,152 @@ cache, size is 10KB, policy is write-back, the cache Line size is 8 bytes:
322447 @end example
323448
324449 ETEXI
450+SRST
451+``-numa node[,mem=size][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=initiator]``; \ ``-numa node[,memdev=id][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=initiator]``; \ ``-numa dist,src=source,dst=destination,val=distance``; \ ``-numa cpu,node-id=node[,socket-id=x][,core-id=y][,thread-id=z]``; \ ``-numa hmat-lb,initiator=node,target=node,hierarchy=hierarchy,data-type=tpye[,latency=lat][,bandwidth=bw]``; \ ``-numa hmat-cache,node-id=node,size=size,level=level[,associativity=str][,policy=str][,line=size]``
452+ Define a NUMA node and assign RAM and VCPUs to it. Set the NUMA
453+ distance from a source node to a destination node. Set the ACPI
454+ Heterogeneous Memory Attributes for the given nodes.
455+
456+ Legacy VCPU assignment uses '\ ``cpus``\ ' option where firstcpu and
457+ lastcpu are CPU indexes. Each '\ ``cpus``\ ' option represent a
458+ contiguous range of CPU indexes (or a single VCPU if lastcpu is
459+ omitted). A non-contiguous set of VCPUs can be represented by
460+ providing multiple '\ ``cpus``\ ' options. If '\ ``cpus``\ ' is
461+ omitted on all nodes, VCPUs are automatically split between them.
462+
463+ For example, the following option assigns VCPUs 0, 1, 2 and 5 to a
464+ NUMA node:
465+
466+ ::
467+
468+ -numa node,cpus=0-2,cpus=5
469+
470+ '\ ``cpu``\ ' option is a new alternative to '\ ``cpus``\ ' option
471+ which uses '\ ``socket-id|core-id|thread-id``\ ' properties to
472+ assign CPU objects to a node using topology layout properties of
473+ CPU. The set of properties is machine specific, and depends on used
474+ machine type/'\ ``smp``\ ' options. It could be queried with
475+ '\ ``hotpluggable-cpus``\ ' monitor command. '\ ``node-id``\ '
476+ property specifies node to which CPU object will be assigned, it's
477+ required for node to be declared with '\ ``node``\ ' option before
478+ it's used with '\ ``cpu``\ ' option.
479+
480+ For example:
481+
482+ ::
483+
484+ -M pc \
485+ -smp 1,sockets=2,maxcpus=2 \
486+ -numa node,nodeid=0 -numa node,nodeid=1 \
487+ -numa cpu,node-id=0,socket-id=0 -numa cpu,node-id=1,socket-id=1
488+
489+ '\ ``mem``\ ' assigns a given RAM amount to a node. '\ ``memdev``\ '
490+ assigns RAM from a given memory backend device to a node. If
491+ '\ ``mem``\ ' and '\ ``memdev``\ ' are omitted in all nodes, RAM is
492+ split equally between them.
493+
494+ '\ ``mem``\ ' and '\ ``memdev``\ ' are mutually exclusive.
495+ Furthermore, if one node uses '\ ``memdev``\ ', all of them have to
496+ use it.
497+
498+ '\ ``initiator``\ ' is an additional option that points to an
499+ initiator NUMA node that has best performance (the lowest latency or
500+ largest bandwidth) to this NUMA node. Note that this option can be
501+ set only when the machine property 'hmat' is set to 'on'.
502+
503+ Following example creates a machine with 2 NUMA nodes, node 0 has
504+ CPU. node 1 has only memory, and its initiator is node 0. Note that
505+ because node 0 has CPU, by default the initiator of node 0 is itself
506+ and must be itself.
507+
508+ ::
509+
510+ -machine hmat=on \
511+ -m 2G,slots=2,maxmem=4G \
512+ -object memory-backend-ram,size=1G,id=m0 \
513+ -object memory-backend-ram,size=1G,id=m1 \
514+ -numa node,nodeid=0,memdev=m0 \
515+ -numa node,nodeid=1,memdev=m1,initiator=0 \
516+ -smp 2,sockets=2,maxcpus=2 \
517+ -numa cpu,node-id=0,socket-id=0 \
518+ -numa cpu,node-id=0,socket-id=1
519+
520+ source and destination are NUMA node IDs. distance is the NUMA
521+ distance from source to destination. The distance from a node to
522+ itself is always 10. If any pair of nodes is given a distance, then
523+ all pairs must be given distances. Although, when distances are only
524+ given in one direction for each pair of nodes, then the distances in
525+ the opposite directions are assumed to be the same. If, however, an
526+ asymmetrical pair of distances is given for even one node pair, then
527+ all node pairs must be provided distance values for both directions,
528+ even when they are symmetrical. When a node is unreachable from
529+ another node, set the pair's distance to 255.
530+
531+ Note that the -``numa`` option doesn't allocate any of the specified
532+ resources, it just assigns existing resources to NUMA nodes. This
533+ means that one still has to use the ``-m``, ``-smp`` options to
534+ allocate RAM and VCPUs respectively.
535+
536+ Use '\ ``hmat-lb``\ ' to set System Locality Latency and Bandwidth
537+ Information between initiator and target NUMA nodes in ACPI
538+ Heterogeneous Attribute Memory Table (HMAT). Initiator NUMA node can
539+ create memory requests, usually it has one or more processors.
540+ Target NUMA node contains addressable memory.
541+
542+ In '\ ``hmat-lb``\ ' option, node are NUMA node IDs. hierarchy is
543+ the memory hierarchy of the target NUMA node: if hierarchy is
544+ 'memory', the structure represents the memory performance; if
545+ hierarchy is 'first-level\|second-level\|third-level', this
546+ structure represents aggregated performance of memory side caches
547+ for each domain. type of 'data-type' is type of data represented by
548+ this structure instance: if 'hierarchy' is 'memory', 'data-type' is
549+ 'access\|read\|write' latency or 'access\|read\|write' bandwidth of
550+ the target memory; if 'hierarchy' is
551+ 'first-level\|second-level\|third-level', 'data-type' is
552+ 'access\|read\|write' hit latency or 'access\|read\|write' hit
553+ bandwidth of the target memory side cache.
554+
555+ lat is latency value in nanoseconds. bw is bandwidth value, the
556+ possible value and units are NUM[M\|G\|T], mean that the bandwidth
557+ value are NUM byte per second (or MB/s, GB/s or TB/s depending on
558+ used suffix). Note that if latency or bandwidth value is 0, means
559+ the corresponding latency or bandwidth information is not provided.
560+
561+ In '\ ``hmat-cache``\ ' option, node-id is the NUMA-id of the memory
562+ belongs. size is the size of memory side cache in bytes. level is
563+ the cache level described in this structure, note that the cache
564+ level 0 should not be used with '\ ``hmat-cache``\ ' option.
565+ associativity is the cache associativity, the possible value is
566+ 'none/direct(direct-mapped)/complex(complex cache indexing)'. policy
567+ is the write policy. line is the cache Line size in bytes.
568+
569+ For example, the following options describe 2 NUMA nodes. Node 0 has
570+ 2 cpus and a ram, node 1 has only a ram. The processors in node 0
571+ access memory in node 0 with access-latency 5 nanoseconds,
572+ access-bandwidth is 200 MB/s; The processors in NUMA node 0 access
573+ memory in NUMA node 1 with access-latency 10 nanoseconds,
574+ access-bandwidth is 100 MB/s. And for memory side cache information,
575+ NUMA node 0 and 1 both have 1 level memory cache, size is 10KB,
576+ policy is write-back, the cache Line size is 8 bytes:
577+
578+ ::
579+
580+ -machine hmat=on \
581+ -m 2G \
582+ -object memory-backend-ram,size=1G,id=m0 \
583+ -object memory-backend-ram,size=1G,id=m1 \
584+ -smp 2 \
585+ -numa node,nodeid=0,memdev=m0 \
586+ -numa node,nodeid=1,memdev=m1,initiator=0 \
587+ -numa cpu,node-id=0,socket-id=0 \
588+ -numa cpu,node-id=0,socket-id=1 \
589+ -numa hmat-lb,initiator=0,target=0,hierarchy=memory,data-type=access-latency,latency=5 \
590+ -numa hmat-lb,initiator=0,target=0,hierarchy=memory,data-type=access-bandwidth,bandwidth=200M \
591+ -numa hmat-lb,initiator=0,target=1,hierarchy=memory,data-type=access-latency,latency=10 \
592+ -numa hmat-lb,initiator=0,target=1,hierarchy=memory,data-type=access-bandwidth,bandwidth=100M \
593+ -numa hmat-cache,node-id=0,size=10K,level=1,associativity=direct,policy=write-back,line=8 \
594+ -numa hmat-cache,node-id=1,size=10K,level=1,associativity=direct,policy=write-back,line=8
595+ERST
325596
326597 DEF("add-fd", HAS_ARG, QEMU_OPTION_add_fd,
327598 "-add-fd fd=fd,set=set[,opaque=opaque]\n"
@@ -350,6 +621,33 @@ You can open an image using pre-opened file descriptors from an fd set:
350621 -drive file=/dev/fdset/2,index=0,media=disk
351622 @end example
352623 ETEXI
624+SRST
625+``-add-fd fd=fd,set=set[,opaque=opaque]``
626+ Add a file descriptor to an fd set. Valid options are:
627+
628+ ``fd=fd``
629+ This option defines the file descriptor of which a duplicate is
630+ added to fd set. The file descriptor cannot be stdin, stdout, or
631+ stderr.
632+
633+ ``set=set``
634+ This option defines the ID of the fd set to add the file
635+ descriptor to.
636+
637+ ``opaque=opaque``
638+ This option defines a free-form string that can be used to
639+ describe fd.
640+
641+ You can open an image using pre-opened file descriptors from an fd
642+ set:
643+
644+ .. parsed-literal::
645+
646+ |qemu_system| \
647+ -add-fd fd=3,set=2,opaque="rdwr:/path/to/file" \
648+ -add-fd fd=4,set=2,opaque="rdonly:/path/to/file" \
649+ -drive file=/dev/fdset/2,index=0,media=disk
650+ERST
353651
354652 DEF("set", HAS_ARG, QEMU_OPTION_set,
355653 "-set group.id.arg=value\n"
@@ -360,6 +658,10 @@ STEXI
360658 @findex -set
361659 Set parameter @var{arg} for item @var{id} of type @var{group}
362660 ETEXI
661+SRST
662+``-set group.id.arg=value``
663+ Set parameter arg for item id of type group
664+ERST
363665
364666 DEF("global", HAS_ARG, QEMU_OPTION_global,
365667 "-global driver.property=value\n"
@@ -384,6 +686,23 @@ created automatically and set properties on it, use -@option{device}.
384686 driver=@var{driver},property=@var{prop},value=@var{value}. The
385687 longhand syntax works even when @var{driver} contains a dot.
386688 ETEXI
689+SRST
690+``-global driver.prop=value``; \ ``-global driver=driver,property=property,value=value``
691+ Set default value of driver's property prop to value, e.g.:
692+
693+ .. parsed-literal::
694+
695+ |qemu_system_x86| -global ide-hd.physical_block_size=4096 disk-image.img
696+
697+ In particular, you can use this to set driver properties for devices
698+ which are created automatically by the machine model. To create a
699+ device which is not created automatically and set properties on it,
700+ use -``device``.
701+
702+ -global driver.prop=value is shorthand for -global
703+ driver=driver,property=prop,value=value. The longhand syntax works
704+ even when driver contains a dot.
705+ERST
387706
388707 DEF("boot", HAS_ARG, QEMU_OPTION_boot,
389708 "-boot [order=drives][,once=drives][,menu=on|off]\n"
@@ -437,6 +756,50 @@ bootindex options. The default is non-strict boot.
437756 Note: The legacy format '-boot @var{drives}' is still supported but its
438757 use is discouraged as it may be removed from future versions.
439758 ETEXI
759+SRST
760+``-boot [order=drives][,once=drives][,menu=on|off][,splash=sp_name][,splash-time=sp_time][,reboot-timeout=rb_timeout][,strict=on|off]``
761+ Specify boot order drives as a string of drive letters. Valid drive
762+ letters depend on the target architecture. The x86 PC uses: a, b
763+ (floppy 1 and 2), c (first hard disk), d (first CD-ROM), n-p
764+ (Etherboot from network adapter 1-4), hard disk boot is the default.
765+ To apply a particular boot order only on the first startup, specify
766+ it via ``once``. Note that the ``order`` or ``once`` parameter
767+ should not be used together with the ``bootindex`` property of
768+ devices, since the firmware implementations normally do not support
769+ both at the same time.
770+
771+ Interactive boot menus/prompts can be enabled via ``menu=on`` as far
772+ as firmware/BIOS supports them. The default is non-interactive boot.
773+
774+ A splash picture could be passed to bios, enabling user to show it
775+ as logo, when option splash=sp\_name is given and menu=on, If
776+ firmware/BIOS supports them. Currently Seabios for X86 system
777+ support it. limitation: The splash file could be a jpeg file or a
778+ BMP file in 24 BPP format(true color). The resolution should be
779+ supported by the SVGA mode, so the recommended is 320x240, 640x480,
780+ 800x640.
781+
782+ A timeout could be passed to bios, guest will pause for rb\_timeout
783+ ms when boot failed, then reboot. If rb\_timeout is '-1', guest will
784+ not reboot, qemu passes '-1' to bios by default. Currently Seabios
785+ for X86 system support it.
786+
787+ Do strict boot via ``strict=on`` as far as firmware/BIOS supports
788+ it. This only effects when boot priority is changed by bootindex
789+ options. The default is non-strict boot.
790+
791+ ::
792+
793+ # try to boot from network first, then from hard disk
794+ |qemu_system_x86| -boot order=nc
795+ # boot from CD-ROM first, switch back to default order after reboot
796+ |qemu_system_x86| -boot once=d
797+ # boot with a splash picture for 5 seconds.
798+ |qemu_system_x86| -boot menu=on,splash=/root/boot.bmp,splash-time=5000
799+
800+ Note: The legacy format '-boot drives' is still supported but its
801+ use is discouraged as it may be removed from future versions.
802+ERST
440803
441804 DEF("m", HAS_ARG, QEMU_OPTION_m,
442805 "-m [size=]megs[,slots=n,maxmem=size]\n"
@@ -466,6 +829,25 @@ memory the guest can reach to 4GB:
466829 If @var{slots} and @var{maxmem} are not specified, memory hotplug won't
467830 be enabled and the guest startup RAM will never increase.
468831 ETEXI
832+SRST
833+``-m [size=]megs[,slots=n,maxmem=size]``
834+ Sets guest startup RAM size to megs megabytes. Default is 128 MiB.
835+ Optionally, a suffix of "M" or "G" can be used to signify a value in
836+ megabytes or gigabytes respectively. Optional pair slots, maxmem
837+ could be used to set amount of hotpluggable memory slots and maximum
838+ amount of memory. Note that maxmem must be aligned to the page size.
839+
840+ For example, the following command-line sets the guest startup RAM
841+ size to 1GB, creates 3 slots to hotplug additional memory and sets
842+ the maximum memory the guest can reach to 4GB:
843+
844+ .. parsed-literal::
845+
846+ |qemu_system| -m 1G,slots=3,maxmem=4G
847+
848+ If slots and maxmem are not specified, memory hotplug won't be
849+ enabled and the guest startup RAM will never increase.
850+ERST
469851
470852 DEF("mem-path", HAS_ARG, QEMU_OPTION_mempath,
471853 "-mem-path FILE provide backing storage for guest RAM\n", QEMU_ARCH_ALL)
@@ -474,6 +856,10 @@ STEXI
474856 @findex -mem-path
475857 Allocate guest RAM from a temporarily created file in @var{path}.
476858 ETEXI
859+SRST
860+``-mem-path path``
861+ Allocate guest RAM from a temporarily created file in path.
862+ERST
477863
478864 DEF("mem-prealloc", 0, QEMU_OPTION_mem_prealloc,
479865 "-mem-prealloc preallocate guest memory (use with -mem-path)\n",
@@ -483,6 +869,10 @@ STEXI
483869 @findex -mem-prealloc
484870 Preallocate memory when using -mem-path.
485871 ETEXI
872+SRST
873+``-mem-prealloc``
874+ Preallocate memory when using -mem-path.
875+ERST
486876
487877 DEF("k", HAS_ARG, QEMU_OPTION_k,
488878 "-k language use keyboard layout (for example 'fr' for French)\n",
@@ -505,6 +895,24 @@ de en-us fi fr-be hr it lv nl-be pt sl tr
505895
506896 The default is @code{en-us}.
507897 ETEXI
898+SRST
899+``-k language``
900+ Use keyboard layout language (for example ``fr`` for French). This
901+ option is only needed where it is not easy to get raw PC keycodes
902+ (e.g. on Macs, with some X11 servers or with a VNC or curses
903+ display). You don't normally need to use it on PC/Linux or
904+ PC/Windows hosts.
905+
906+ The available layouts are:
907+
908+ ::
909+
910+ ar de-ch es fo fr-ca hu ja mk no pt-br sv
911+ da en-gb et fr fr-ch is lt nl pl ru th
912+ de en-us fi fr-be hr it lv nl-be pt sl tr
913+
914+ The default is ``en-us``.
915+ERST
508916
509917
510918 HXCOMM Deprecated by -audiodev
@@ -517,6 +925,11 @@ STEXI
517925 Will show the -audiodev equivalent of the currently specified
518926 (deprecated) environment variables.
519927 ETEXI
928+SRST
929+``-audio-help``
930+ Will show the -audiodev equivalent of the currently specified
931+ (deprecated) environment variables.
932+ERST
520933
521934 DEF("audiodev", HAS_ARG, QEMU_OPTION_audiodev,
522935 "-audiodev [driver=]driver,id=id[,prop[=value][,...]]\n"
@@ -766,6 +1179,173 @@ Write recorded audio into the specified file. Default is
7661179
7671180 @end table
7681181 ETEXI
1182+SRST
1183+``-audiodev [driver=]driver,id=id[,prop[=value][,...]]``
1184+ Adds a new audio backend driver identified by id. There are global
1185+ and driver specific properties. Some values can be set differently
1186+ for input and output, they're marked with ``in|out.``. You can set
1187+ the input's property with ``in.prop`` and the output's property with
1188+ ``out.prop``. For example:
1189+
1190+ ::
1191+
1192+ -audiodev alsa,id=example,in.frequency=44110,out.frequency=8000
1193+ -audiodev alsa,id=example,out.channels=1 # leaves in.channels unspecified
1194+
1195+ NOTE: parameter validation is known to be incomplete, in many cases
1196+ specifying an invalid option causes QEMU to print an error message
1197+ and continue emulation without sound.
1198+
1199+ Valid global options are:
1200+
1201+ ``id=identifier``
1202+ Identifies the audio backend.
1203+
1204+ ``timer-period=period``
1205+ Sets the timer period used by the audio subsystem in
1206+ microseconds. Default is 10000 (10 ms).
1207+
1208+ ``in|out.mixing-engine=on|off``
1209+ Use QEMU's mixing engine to mix all streams inside QEMU and
1210+ convert audio formats when not supported by the backend. When
1211+ off, fixed-settings must be off too. Note that disabling this
1212+ option means that the selected backend must support multiple
1213+ streams and the audio formats used by the virtual cards,
1214+ otherwise you'll get no sound. It's not recommended to disable
1215+ this option unless you want to use 5.1 or 7.1 audio, as mixing
1216+ engine only supports mono and stereo audio. Default is on.
1217+
1218+ ``in|out.fixed-settings=on|off``
1219+ Use fixed settings for host audio. When off, it will change
1220+ based on how the guest opens the sound card. In this case you
1221+ must not specify frequency, channels or format. Default is on.
1222+
1223+ ``in|out.frequency=frequency``
1224+ Specify the frequency to use when using fixed-settings. Default
1225+ is 44100Hz.
1226+
1227+ ``in|out.channels=channels``
1228+ Specify the number of channels to use when using fixed-settings.
1229+ Default is 2 (stereo).
1230+
1231+ ``in|out.format=format``
1232+ Specify the sample format to use when using fixed-settings.
1233+ Valid values are: ``s8``, ``s16``, ``s32``, ``u8``, ``u16``,
1234+ ``u32``. Default is ``s16``.
1235+
1236+ ``in|out.voices=voices``
1237+ Specify the number of voices to use. Default is 1.
1238+
1239+ ``in|out.buffer-length=usecs``
1240+ Sets the size of the buffer in microseconds.
1241+
1242+``-audiodev none,id=id[,prop[=value][,...]]``
1243+ Creates a dummy backend that discards all outputs. This backend has
1244+ no backend specific properties.
1245+
1246+``-audiodev alsa,id=id[,prop[=value][,...]]``
1247+ Creates backend using the ALSA. This backend is only available on
1248+ Linux.
1249+
1250+ ALSA specific options are:
1251+
1252+ ``in|out.dev=device``
1253+ Specify the ALSA device to use for input and/or output. Default
1254+ is ``default``.
1255+
1256+ ``in|out.period-length=usecs``
1257+ Sets the period length in microseconds.
1258+
1259+ ``in|out.try-poll=on|off``
1260+ Attempt to use poll mode with the device. Default is on.
1261+
1262+ ``threshold=threshold``
1263+ Threshold (in microseconds) when playback starts. Default is 0.
1264+
1265+``-audiodev coreaudio,id=id[,prop[=value][,...]]``
1266+ Creates a backend using Apple's Core Audio. This backend is only
1267+ available on Mac OS and only supports playback.
1268+
1269+ Core Audio specific options are:
1270+
1271+ ``in|out.buffer-count=count``
1272+ Sets the count of the buffers.
1273+
1274+``-audiodev dsound,id=id[,prop[=value][,...]]``
1275+ Creates a backend using Microsoft's DirectSound. This backend is
1276+ only available on Windows and only supports playback.
1277+
1278+ DirectSound specific options are:
1279+
1280+ ``latency=usecs``
1281+ Add extra usecs microseconds latency to playback. Default is
1282+ 10000 (10 ms).
1283+
1284+``-audiodev oss,id=id[,prop[=value][,...]]``
1285+ Creates a backend using OSS. This backend is available on most
1286+ Unix-like systems.
1287+
1288+ OSS specific options are:
1289+
1290+ ``in|out.dev=device``
1291+ Specify the file name of the OSS device to use. Default is
1292+ ``/dev/dsp``.
1293+
1294+ ``in|out.buffer-count=count``
1295+ Sets the count of the buffers.
1296+
1297+ ``in|out.try-poll=on|of``
1298+ Attempt to use poll mode with the device. Default is on.
1299+
1300+ ``try-mmap=on|off``
1301+ Try using memory mapped device access. Default is off.
1302+
1303+ ``exclusive=on|off``
1304+ Open the device in exclusive mode (vmix won't work in this
1305+ case). Default is off.
1306+
1307+ ``dsp-policy=policy``
1308+ Sets the timing policy (between 0 and 10, where smaller number
1309+ means smaller latency but higher CPU usage). Use -1 to use
1310+ buffer sizes specified by ``buffer`` and ``buffer-count``. This
1311+ option is ignored if you do not have OSS 4. Default is 5.
1312+
1313+``-audiodev pa,id=id[,prop[=value][,...]]``
1314+ Creates a backend using PulseAudio. This backend is available on
1315+ most systems.
1316+
1317+ PulseAudio specific options are:
1318+
1319+ ``server=server``
1320+ Sets the PulseAudio server to connect to.
1321+
1322+ ``in|out.name=sink``
1323+ Use the specified source/sink for recording/playback.
1324+
1325+ ``in|out.latency=usecs``
1326+ Desired latency in microseconds. The PulseAudio server will try
1327+ to honor this value but actual latencies may be lower or higher.
1328+
1329+``-audiodev sdl,id=id[,prop[=value][,...]]``
1330+ Creates a backend using SDL. This backend is available on most
1331+ systems, but you should use your platform's native backend if
1332+ possible. This backend has no backend specific properties.
1333+
1334+``-audiodev spice,id=id[,prop[=value][,...]]``
1335+ Creates a backend that sends audio through SPICE. This backend
1336+ requires ``-spice`` and automatically selected in that case, so
1337+ usually you can ignore this option. This backend has no backend
1338+ specific properties.
1339+
1340+``-audiodev wav,id=id[,prop[=value][,...]]``
1341+ Creates a backend that writes audio to a WAV file.
1342+
1343+ Backend specific options are:
1344+
1345+ ``path=path``
1346+ Write recorded audio into the specified file. Default is
1347+ ``qemu.wav``.
1348+ERST
7691349
7701350 DEF("soundhw", HAS_ARG, QEMU_OPTION_soundhw,
7711351 "-soundhw c1,... enable audio support\n"
@@ -794,6 +1374,27 @@ require manually specifying clocking.
7941374 modprobe i810_audio clocking=48000
7951375 @end example
7961376 ETEXI
1377+SRST
1378+``-soundhw card1[,card2,...] or -soundhw all``
1379+ Enable audio and selected sound hardware. Use 'help' to print all
1380+ available sound hardware. For example:
1381+
1382+ .. parsed-literal::
1383+
1384+ |qemu_system_x86| -soundhw sb16,adlib disk.img
1385+ |qemu_system_x86| -soundhw es1370 disk.img
1386+ |qemu_system_x86| -soundhw ac97 disk.img
1387+ |qemu_system_x86| -soundhw hda disk.img
1388+ |qemu_system_x86| -soundhw all disk.img
1389+ |qemu_system_x86| -soundhw help
1390+
1391+ Note that Linux's i810\_audio OSS kernel (for AC97) module might
1392+ require manually specifying clocking.
1393+
1394+ ::
1395+
1396+ modprobe i810_audio clocking=48000
1397+ERST
7971398
7981399 DEF("device", HAS_ARG, QEMU_OPTION_device,
7991400 "-device driver[,prop[=value][,...]]\n"
@@ -879,6 +1480,85 @@ Like the KCS interface, but defines a BT interface. The default port is
8791480 0xe4 and the default interrupt is 5.
8801481
8811482 ETEXI
1483+SRST
1484+``-device driver[,prop[=value][,...]]``
1485+ Add device driver. prop=value sets driver properties. Valid
1486+ properties depend on the driver. To get help on possible drivers and
1487+ properties, use ``-device help`` and ``-device driver,help``.
1488+
1489+ Some drivers are:
1490+
1491+``-device ipmi-bmc-sim,id=id[,slave_addr=val][,sdrfile=file][,furareasize=val][,furdatafile=file][,guid=uuid]``
1492+ Add an IPMI BMC. This is a simulation of a hardware management
1493+ interface processor that normally sits on a system. It provides a
1494+ watchdog and the ability to reset and power control the system. You
1495+ need to connect this to an IPMI interface to make it useful
1496+
1497+ The IPMI slave address to use for the BMC. The default is 0x20. This
1498+ address is the BMC's address on the I2C network of management
1499+ controllers. If you don't know what this means, it is safe to ignore
1500+ it.
1501+
1502+ ``id=id``
1503+ The BMC id for interfaces to use this device.
1504+
1505+ ``slave_addr=val``
1506+ Define slave address to use for the BMC. The default is 0x20.
1507+
1508+ ``sdrfile=file``
1509+ file containing raw Sensor Data Records (SDR) data. The default
1510+ is none.
1511+
1512+ ``fruareasize=val``
1513+ size of a Field Replaceable Unit (FRU) area. The default is
1514+ 1024.
1515+
1516+ ``frudatafile=file``
1517+ file containing raw Field Replaceable Unit (FRU) inventory data.
1518+ The default is none.
1519+
1520+ ``guid=uuid``
1521+ value for the GUID for the BMC, in standard UUID format. If this
1522+ is set, get "Get GUID" command to the BMC will return it.
1523+ Otherwise "Get GUID" will return an error.
1524+
1525+``-device ipmi-bmc-extern,id=id,chardev=id[,slave_addr=val]``
1526+ Add a connection to an external IPMI BMC simulator. Instead of
1527+ locally emulating the BMC like the above item, instead connect to an
1528+ external entity that provides the IPMI services.
1529+
1530+ A connection is made to an external BMC simulator. If you do this,
1531+ it is strongly recommended that you use the "reconnect=" chardev
1532+ option to reconnect to the simulator if the connection is lost. Note
1533+ that if this is not used carefully, it can be a security issue, as
1534+ the interface has the ability to send resets, NMIs, and power off
1535+ the VM. It's best if QEMU makes a connection to an external
1536+ simulator running on a secure port on localhost, so neither the
1537+ simulator nor QEMU is exposed to any outside network.
1538+
1539+ See the "lanserv/README.vm" file in the OpenIPMI library for more
1540+ details on the external interface.
1541+
1542+``-device isa-ipmi-kcs,bmc=id[,ioport=val][,irq=val]``
1543+ Add a KCS IPMI interafce on the ISA bus. This also adds a
1544+ corresponding ACPI and SMBIOS entries, if appropriate.
1545+
1546+ ``bmc=id``
1547+ The BMC to connect to, one of ipmi-bmc-sim or ipmi-bmc-extern
1548+ above.
1549+
1550+ ``ioport=val``
1551+ Define the I/O address of the interface. The default is 0xca0
1552+ for KCS.
1553+
1554+ ``irq=val``
1555+ Define the interrupt to use. The default is 5. To disable
1556+ interrupts, set this to 0.
1557+
1558+``-device isa-ipmi-bt,bmc=id[,ioport=val][,irq=val]``
1559+ Like the KCS interface, but defines a BT interface. The default port
1560+ is 0xe4 and the default interrupt is 5.
1561+ERST
8821562
8831563 DEF("name", HAS_ARG, QEMU_OPTION_name,
8841564 "-name string1[,process=string2][,debug-threads=on|off]\n"
@@ -896,6 +1576,13 @@ The @var{name} will also be used for the VNC server.
8961576 Also optionally set the top visible process name in Linux.
8971577 Naming of individual threads can also be enabled on Linux to aid debugging.
8981578 ETEXI
1579+SRST
1580+``-name name``
1581+ Sets the name of the guest. This name will be displayed in the SDL
1582+ window caption. The name will also be used for the VNC server. Also
1583+ optionally set the top visible process name in Linux. Naming of
1584+ individual threads can also be enabled on Linux to aid debugging.
1585+ERST
8991586
9001587 DEF("uuid", HAS_ARG, QEMU_OPTION_uuid,
9011588 "-uuid %08x-%04x-%04x-%04x-%012x\n"
@@ -905,6 +1592,10 @@ STEXI
9051592 @findex -uuid
9061593 Set system UUID.
9071594 ETEXI
1595+SRST
1596+``-uuid uuid``
1597+ Set system UUID.
1598+ERST
9081599
9091600 STEXI
9101601 @end table
@@ -926,6 +1617,11 @@ STEXI
9261617 @findex -fdb
9271618 Use @var{file} as floppy disk 0/1 image (@pxref{disk_images}).
9281619 ETEXI
1620+SRST
1621+``-fda file``; \ ``-fdb file``
1622+ Use file as floppy disk 0/1 image (see
1623+ :ref:`disk_005fimages`).
1624+ERST
9291625
9301626 DEF("hda", HAS_ARG, QEMU_OPTION_hda,
9311627 "-hda/-hdb file use 'file' as IDE hard disk 0/1 image\n", QEMU_ARCH_ALL)
@@ -944,6 +1640,11 @@ STEXI
9441640 @findex -hdd
9451641 Use @var{file} as hard disk 0, 1, 2 or 3 image (@pxref{disk_images}).
9461642 ETEXI
1643+SRST
1644+``-hda file``; \ ``-hdb file``; \ ``-hdc file``; \ ``-hdd file``
1645+ Use file as hard disk 0, 1, 2 or 3 image (see
1646+ :ref:`disk_005fimages`).
1647+ERST
9471648
9481649 DEF("cdrom", HAS_ARG, QEMU_OPTION_cdrom,
9491650 "-cdrom file use 'file' as IDE cdrom image (cdrom is ide1 master)\n",
@@ -955,6 +1656,12 @@ Use @var{file} as CD-ROM image (you cannot use @option{-hdc} and
9551656 @option{-cdrom} at the same time). You can use the host CD-ROM by
9561657 using @file{/dev/cdrom} as filename.
9571658 ETEXI
1659+SRST
1660+``-cdrom file``
1661+ Use file as CD-ROM image (you cannot use ``-hdc`` and ``-cdrom`` at
1662+ the same time). You can use the host CD-ROM by using ``/dev/cdrom``
1663+ as filename.
1664+ERST
9581665
9591666 DEF("blockdev", HAS_ARG, QEMU_OPTION_blockdev,
9601667 "-blockdev [driver=]driver[,node-name=N][,discard=ignore|unmap]\n"
@@ -1150,6 +1857,216 @@ Please refer to the QAPI documentation of the @code{blockdev-add} QMP command.
11501857 @end table
11511858
11521859 ETEXI
1860+SRST
1861+``-blockdev option[,option[,option[,...]]]``
1862+ Define a new block driver node. Some of the options apply to all
1863+ block drivers, other options are only accepted for a specific block
1864+ driver. See below for a list of generic options and options for the
1865+ most common block drivers.
1866+
1867+ Options that expect a reference to another node (e.g. ``file``) can
1868+ be given in two ways. Either you specify the node name of an already
1869+ existing node (file=node-name), or you define a new node inline,
1870+ adding options for the referenced node after a dot
1871+ (file.filename=path,file.aio=native).
1872+
1873+ A block driver node created with ``-blockdev`` can be used for a
1874+ guest device by specifying its node name for the ``drive`` property
1875+ in a ``-device`` argument that defines a block device.
1876+
1877+ ``Valid options for any block driver node:``
1878+ ``driver``
1879+ Specifies the block driver to use for the given node.
1880+
1881+ ``node-name``
1882+ This defines the name of the block driver node by which it
1883+ will be referenced later. The name must be unique, i.e. it
1884+ must not match the name of a different block driver node, or
1885+ (if you use ``-drive`` as well) the ID of a drive.
1886+
1887+ If no node name is specified, it is automatically generated.
1888+ The generated node name is not intended to be predictable
1889+ and changes between QEMU invocations. For the top level, an
1890+ explicit node name must be specified.
1891+
1892+ ``read-only``
1893+ Open the node read-only. Guest write attempts will fail.
1894+
1895+ Note that some block drivers support only read-only access,
1896+ either generally or in certain configurations. In this case,
1897+ the default value ``read-only=off`` does not work and the
1898+ option must be specified explicitly.
1899+
1900+ ``auto-read-only``
1901+ If ``auto-read-only=on`` is set, QEMU may fall back to
1902+ read-only usage even when ``read-only=off`` is requested, or
1903+ even switch between modes as needed, e.g. depending on
1904+ whether the image file is writable or whether a writing user
1905+ is attached to the node.
1906+
1907+ ``force-share``
1908+ Override the image locking system of QEMU by forcing the
1909+ node to utilize weaker shared access for permissions where
1910+ it would normally request exclusive access. When there is
1911+ the potential for multiple instances to have the same file
1912+ open (whether this invocation of QEMU is the first or the
1913+ second instance), both instances must permit shared access
1914+ for the second instance to succeed at opening the file.
1915+
1916+ Enabling ``force-share=on`` requires ``read-only=on``.
1917+
1918+ ``cache.direct``
1919+ The host page cache can be avoided with ``cache.direct=on``.
1920+ This will attempt to do disk IO directly to the guest's
1921+ memory. QEMU may still perform an internal copy of the data.
1922+
1923+ ``cache.no-flush``
1924+ In case you don't care about data integrity over host
1925+ failures, you can use ``cache.no-flush=on``. This option
1926+ tells QEMU that it never needs to write any data to the disk
1927+ but can instead keep things in cache. If anything goes
1928+ wrong, like your host losing power, the disk storage getting
1929+ disconnected accidentally, etc. your image will most
1930+ probably be rendered unusable.
1931+
1932+ ``discard=discard``
1933+ discard is one of "ignore" (or "off") or "unmap" (or "on")
1934+ and controls whether ``discard`` (also known as ``trim`` or
1935+ ``unmap``) requests are ignored or passed to the filesystem.
1936+ Some machine types may not support discard requests.
1937+
1938+ ``detect-zeroes=detect-zeroes``
1939+ detect-zeroes is "off", "on" or "unmap" and enables the
1940+ automatic conversion of plain zero writes by the OS to
1941+ driver specific optimized zero write commands. You may even
1942+ choose "unmap" if discard is set to "unmap" to allow a zero
1943+ write to be converted to an ``unmap`` operation.
1944+
1945+ ``Driver-specific options for file``
1946+ This is the protocol-level block driver for accessing regular
1947+ files.
1948+
1949+ ``filename``
1950+ The path to the image file in the local filesystem
1951+
1952+ ``aio``
1953+ Specifies the AIO backend (threads/native, default: threads)
1954+
1955+ ``locking``
1956+ Specifies whether the image file is protected with Linux OFD
1957+ / POSIX locks. The default is to use the Linux Open File
1958+ Descriptor API if available, otherwise no lock is applied.
1959+ (auto/on/off, default: auto)
1960+
1961+ Example:
1962+
1963+ ::
1964+
1965+ -blockdev driver=file,node-name=disk,filename=disk.img
1966+
1967+ ``Driver-specific options for raw``
1968+ This is the image format block driver for raw images. It is
1969+ usually stacked on top of a protocol level block driver such as
1970+ ``file``.
1971+
1972+ ``file``
1973+ Reference to or definition of the data source block driver
1974+ node (e.g. a ``file`` driver node)
1975+
1976+ Example 1:
1977+
1978+ ::
1979+
1980+ -blockdev driver=file,node-name=disk_file,filename=disk.img
1981+ -blockdev driver=raw,node-name=disk,file=disk_file
1982+
1983+ Example 2:
1984+
1985+ ::
1986+
1987+ -blockdev driver=raw,node-name=disk,file.driver=file,file.filename=disk.img
1988+
1989+ ``Driver-specific options for qcow2``
1990+ This is the image format block driver for qcow2 images. It is
1991+ usually stacked on top of a protocol level block driver such as
1992+ ``file``.
1993+
1994+ ``file``
1995+ Reference to or definition of the data source block driver
1996+ node (e.g. a ``file`` driver node)
1997+
1998+ ``backing``
1999+ Reference to or definition of the backing file block device
2000+ (default is taken from the image file). It is allowed to
2001+ pass ``null`` here in order to disable the default backing
2002+ file.
2003+
2004+ ``lazy-refcounts``
2005+ Whether to enable the lazy refcounts feature (on/off;
2006+ default is taken from the image file)
2007+
2008+ ``cache-size``
2009+ The maximum total size of the L2 table and refcount block
2010+ caches in bytes (default: the sum of l2-cache-size and
2011+ refcount-cache-size)
2012+
2013+ ``l2-cache-size``
2014+ The maximum size of the L2 table cache in bytes (default: if
2015+ cache-size is not specified - 32M on Linux platforms, and 8M
2016+ on non-Linux platforms; otherwise, as large as possible
2017+ within the cache-size, while permitting the requested or the
2018+ minimal refcount cache size)
2019+
2020+ ``refcount-cache-size``
2021+ The maximum size of the refcount block cache in bytes
2022+ (default: 4 times the cluster size; or if cache-size is
2023+ specified, the part of it which is not used for the L2
2024+ cache)
2025+
2026+ ``cache-clean-interval``
2027+ Clean unused entries in the L2 and refcount caches. The
2028+ interval is in seconds. The default value is 600 on
2029+ supporting platforms, and 0 on other platforms. Setting it
2030+ to 0 disables this feature.
2031+
2032+ ``pass-discard-request``
2033+ Whether discard requests to the qcow2 device should be
2034+ forwarded to the data source (on/off; default: on if
2035+ discard=unmap is specified, off otherwise)
2036+
2037+ ``pass-discard-snapshot``
2038+ Whether discard requests for the data source should be
2039+ issued when a snapshot operation (e.g. deleting a snapshot)
2040+ frees clusters in the qcow2 file (on/off; default: on)
2041+
2042+ ``pass-discard-other``
2043+ Whether discard requests for the data source should be
2044+ issued on other occasions where a cluster gets freed
2045+ (on/off; default: off)
2046+
2047+ ``overlap-check``
2048+ Which overlap checks to perform for writes to the image
2049+ (none/constant/cached/all; default: cached). For details or
2050+ finer granularity control refer to the QAPI documentation of
2051+ ``blockdev-add``.
2052+
2053+ Example 1:
2054+
2055+ ::
2056+
2057+ -blockdev driver=file,node-name=my_file,filename=/tmp/disk.qcow2
2058+ -blockdev driver=qcow2,node-name=hda,file=my_file,overlap-check=none,cache-size=16777216
2059+
2060+ Example 2:
2061+
2062+ ::
2063+
2064+ -blockdev driver=qcow2,node-name=disk,file.driver=http,file.filename=http://example.com/image.qcow2
2065+
2066+ ``Driver-specific options for other drivers``
2067+ Please refer to the QAPI documentation of the ``blockdev-add``
2068+ QMP command.
2069+ERST
11532070
11542071 DEF("drive", HAS_ARG, QEMU_OPTION_drive,
11552072 "-drive [file=file][,if=type][,bus=n][,unit=m][,media=d][,index=i]\n"
@@ -1329,6 +2246,197 @@ is interpreted like:
13292246 @value{qemu_system_x86} -hda a -hdb b
13302247 @end example
13312248 ETEXI
2249+SRST
2250+``-drive option[,option[,option[,...]]]``
2251+ Define a new drive. This includes creating a block driver node (the
2252+ backend) as well as a guest device, and is mostly a shortcut for
2253+ defining the corresponding ``-blockdev`` and ``-device`` options.
2254+
2255+ ``-drive`` accepts all options that are accepted by ``-blockdev``.
2256+ In addition, it knows the following options:
2257+
2258+ ``file=file``
2259+ This option defines which disk image (see
2260+ :ref:`disk_005fimages`) to use with this drive. If
2261+ the filename contains comma, you must double it (for instance,
2262+ "file=my,,file" to use file "my,file").
2263+
2264+ Special files such as iSCSI devices can be specified using
2265+ protocol specific URLs. See the section for "Device URL Syntax"
2266+ for more information.
2267+
2268+ ``if=interface``
2269+ This option defines on which type on interface the drive is
2270+ connected. Available types are: ide, scsi, sd, mtd, floppy,
2271+ pflash, virtio, none.
2272+
2273+ ``bus=bus,unit=unit``
2274+ These options define where is connected the drive by defining
2275+ the bus number and the unit id.
2276+
2277+ ``index=index``
2278+ This option defines where is connected the drive by using an
2279+ index in the list of available connectors of a given interface
2280+ type.
2281+
2282+ ``media=media``
2283+ This option defines the type of the media: disk or cdrom.
2284+
2285+ ``snapshot=snapshot``
2286+ snapshot is "on" or "off" and controls snapshot mode for the
2287+ given drive (see ``-snapshot``).
2288+
2289+ ``cache=cache``
2290+ cache is "none", "writeback", "unsafe", "directsync" or
2291+ "writethrough" and controls how the host cache is used to access
2292+ block data. This is a shortcut that sets the ``cache.direct``
2293+ and ``cache.no-flush`` options (as in ``-blockdev``), and
2294+ additionally ``cache.writeback``, which provides a default for
2295+ the ``write-cache`` option of block guest devices (as in
2296+ ``-device``). The modes correspond to the following settings:
2297+
2298+ ::
2299+
2300
2301+ ─────────────┼─────────────────────────────────────────────────
2302+ writeback │ on off off
2303+ none │ on on off
2304+ writethrough │ off off off
2305+ directsync │ off on off
2306+ unsafe │ on off on
2307+
2308+ The default mode is ``cache=writeback``.
2309+
2310+ ``aio=aio``
2311+ aio is "threads", or "native" and selects between pthread based
2312+ disk I/O and native Linux AIO.
2313+
2314+ ``format=format``
2315+ Specify which disk format will be used rather than detecting the
2316+ format. Can be used to specify format=raw to avoid interpreting
2317+ an untrusted format header.
2318+
2319+ ``werror=action,rerror=action``
2320+ Specify which action to take on write and read errors. Valid
2321+ actions are: "ignore" (ignore the error and try to continue),
2322+ "stop" (pause QEMU), "report" (report the error to the guest),
2323+ "enospc" (pause QEMU only if the host disk is full; report the
2324+ error to the guest otherwise). The default setting is
2325+ ``werror=enospc`` and ``rerror=report``.
2326+
2327+ ``copy-on-read=copy-on-read``
2328+ copy-on-read is "on" or "off" and enables whether to copy read
2329+ backing file sectors into the image file.
2330+
2331+ ``bps=b,bps_rd=r,bps_wr=w``
2332+ Specify bandwidth throttling limits in bytes per second, either
2333+ for all request types or for reads or writes only. Small values
2334+ can lead to timeouts or hangs inside the guest. A safe minimum
2335+ for disks is 2 MB/s.
2336+
2337+ ``bps_max=bm,bps_rd_max=rm,bps_wr_max=wm``
2338+ Specify bursts in bytes per second, either for all request types
2339+ or for reads or writes only. Bursts allow the guest I/O to spike
2340+ above the limit temporarily.
2341+
2342+ ``iops=i,iops_rd=r,iops_wr=w``
2343+ Specify request rate limits in requests per second, either for
2344+ all request types or for reads or writes only.
2345+
2346+ ``iops_max=bm,iops_rd_max=rm,iops_wr_max=wm``
2347+ Specify bursts in requests per second, either for all request
2348+ types or for reads or writes only. Bursts allow the guest I/O to
2349+ spike above the limit temporarily.
2350+
2351+ ``iops_size=is``
2352+ Let every is bytes of a request count as a new request for iops
2353+ throttling purposes. Use this option to prevent guests from
2354+ circumventing iops limits by sending fewer but larger requests.
2355+
2356+ ``group=g``
2357+ Join a throttling quota group with given name g. All drives that
2358+ are members of the same group are accounted for together. Use
2359+ this option to prevent guests from circumventing throttling
2360+ limits by using many small disks instead of a single larger
2361+ disk.
2362+
2363+ By default, the ``cache.writeback=on`` mode is used. It will report
2364+ data writes as completed as soon as the data is present in the host
2365+ page cache. This is safe as long as your guest OS makes sure to
2366+ correctly flush disk caches where needed. If your guest OS does not
2367+ handle volatile disk write caches correctly and your host crashes or
2368+ loses power, then the guest may experience data corruption.
2369+
2370+ For such guests, you should consider using ``cache.writeback=off``.
2371+ This means that the host page cache will be used to read and write
2372+ data, but write notification will be sent to the guest only after
2373+ QEMU has made sure to flush each write to the disk. Be aware that
2374+ this has a major impact on performance.
2375+
2376+ When using the ``-snapshot`` option, unsafe caching is always used.
2377+
2378+ Copy-on-read avoids accessing the same backing file sectors
2379+ repeatedly and is useful when the backing file is over a slow
2380+ network. By default copy-on-read is off.
2381+
2382+ Instead of ``-cdrom`` you can use:
2383+
2384+ .. parsed-literal::
2385+
2386+ |qemu_system| -drive file=file,index=2,media=cdrom
2387+
2388+ Instead of ``-hda``, ``-hdb``, ``-hdc``, ``-hdd``, you can use:
2389+
2390+ .. parsed-literal::
2391+
2392+ |qemu_system| -drive file=file,index=0,media=disk
2393+ |qemu_system| -drive file=file,index=1,media=disk
2394+ |qemu_system| -drive file=file,index=2,media=disk
2395+ |qemu_system| -drive file=file,index=3,media=disk
2396+
2397+ You can open an image using pre-opened file descriptors from an fd
2398+ set:
2399+
2400+ .. parsed-literal::
2401+
2402+ |qemu_system| \
2403+ -add-fd fd=3,set=2,opaque="rdwr:/path/to/file" \
2404+ -add-fd fd=4,set=2,opaque="rdonly:/path/to/file" \
2405+ -drive file=/dev/fdset/2,index=0,media=disk
2406+
2407+ You can connect a CDROM to the slave of ide0:
2408+
2409+ .. parsed-literal::
2410+
2411+ |qemu_system_x86| -drive file=file,if=ide,index=1,media=cdrom
2412+
2413+ If you don't specify the "file=" argument, you define an empty
2414+ drive:
2415+
2416+ .. parsed-literal::
2417+
2418+ |qemu_system_x86| -drive if=ide,index=1,media=cdrom
2419+
2420+ Instead of ``-fda``, ``-fdb``, you can use:
2421+
2422+ .. parsed-literal::
2423+
2424+ |qemu_system_x86| -drive file=file,index=0,if=floppy
2425+ |qemu_system_x86| -drive file=file,index=1,if=floppy
2426+
2427+ By default, interface is "ide" and index is automatically
2428+ incremented:
2429+
2430+ .. parsed-literal::
2431+
2432+ |qemu_system_x86| -drive file=a -drive file=b"
2433+
2434+ is interpreted like:
2435+
2436+ .. parsed-literal::
2437+
2438+ |qemu_system_x86| -hda a -hdb b
2439+ERST
13322440
13332441 DEF("mtdblock", HAS_ARG, QEMU_OPTION_mtdblock,
13342442 "-mtdblock file use 'file' as on-board Flash memory image\n",
@@ -1338,6 +2446,10 @@ STEXI
13382446 @findex -mtdblock
13392447 Use @var{file} as on-board Flash memory image.
13402448 ETEXI
2449+SRST
2450+``-mtdblock file``
2451+ Use file as on-board Flash memory image.
2452+ERST
13412453
13422454 DEF("sd", HAS_ARG, QEMU_OPTION_sd,
13432455 "-sd file use 'file' as SecureDigital card image\n", QEMU_ARCH_ALL)
@@ -1346,6 +2458,10 @@ STEXI
13462458 @findex -sd
13472459 Use @var{file} as SecureDigital card image.
13482460 ETEXI
2461+SRST
2462+``-sd file``
2463+ Use file as SecureDigital card image.
2464+ERST
13492465
13502466 DEF("pflash", HAS_ARG, QEMU_OPTION_pflash,
13512467 "-pflash file use 'file' as a parallel flash image\n", QEMU_ARCH_ALL)
@@ -1354,6 +2470,10 @@ STEXI
13542470 @findex -pflash
13552471 Use @var{file} as a parallel flash image.
13562472 ETEXI
2473+SRST
2474+``-pflash file``
2475+ Use file as a parallel flash image.
2476+ERST
13572477
13582478 DEF("snapshot", 0, QEMU_OPTION_snapshot,
13592479 "-snapshot write to temporary files instead of disk image files\n",
@@ -1365,6 +2485,13 @@ Write to temporary files instead of disk image files. In this case,
13652485 the raw disk image you use is not written back. You can however force
13662486 the write back by pressing @key{C-a s} (@pxref{disk_images}).
13672487 ETEXI
2488+SRST
2489+``-snapshot``
2490+ Write to temporary files instead of disk image files. In this case,
2491+ the raw disk image you use is not written back. You can however
2492+ force the write back by pressing C-a s (see
2493+ :ref:`disk_005fimages`).
2494+ERST
13682495
13692496 DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
13702497 "-fsdev local,id=id,path=path,security_model=mapped-xattr|mapped-file|passthrough|none\n"
@@ -1466,6 +2593,112 @@ Specifies the tag name to be used by the guest to mount this export point.
14662593 @end table
14672594
14682595 ETEXI
2596+SRST
2597+``-fsdev local,id=id,path=path,security_model=security_model [,writeout=writeout][,readonly][,fmode=fmode][,dmode=dmode] [,throttling.option=value[,throttling.option=value[,...]]]``; \ ``-fsdev proxy,id=id,socket=socket[,writeout=writeout][,readonly]``; \ ``-fsdev proxy,id=id,sock_fd=sock_fd[,writeout=writeout][,readonly]``; \ ``-fsdev synth,id=id[,readonly]``
2598+ Define a new file system device. Valid options are:
2599+
2600+ ``local``
2601+ Accesses to the filesystem are done by QEMU.
2602+
2603+ ``proxy``
2604+ Accesses to the filesystem are done by virtfs-proxy-helper(1).
2605+
2606+ ``synth``
2607+ Synthetic filesystem, only used by QTests.
2608+
2609+ ``id=id``
2610+ Specifies identifier for this device.
2611+
2612+ ``path=path``
2613+ Specifies the export path for the file system device. Files
2614+ under this path will be available to the 9p client on the guest.
2615+
2616+ ``security_model=security_model``
2617+ Specifies the security model to be used for this export path.
2618+ Supported security models are "passthrough", "mapped-xattr",
2619+ "mapped-file" and "none". In "passthrough" security model, files
2620+ are stored using the same credentials as they are created on the
2621+ guest. This requires QEMU to run as root. In "mapped-xattr"
2622+ security model, some of the file attributes like uid, gid, mode
2623+ bits and link target are stored as file attributes. For
2624+ "mapped-file" these attributes are stored in the hidden
2625+ .virtfs\_metadata directory. Directories exported by this
2626+ security model cannot interact with other unix tools. "none"
2627+ security model is same as passthrough except the sever won't
2628+ report failures if it fails to set file attributes like
2629+ ownership. Security model is mandatory only for local fsdriver.
2630+ Other fsdrivers (like proxy) don't take security model as a
2631+ parameter.
2632+
2633+ ``writeout=writeout``
2634+ This is an optional argument. The only supported value is
2635+ "immediate". This means that host page cache will be used to
2636+ read and write data but write notification will be sent to the
2637+ guest only when the data has been reported as written by the
2638+ storage subsystem.
2639+
2640+ ``readonly``
2641+ Enables exporting 9p share as a readonly mount for guests. By
2642+ default read-write access is given.
2643+
2644+ ``socket=socket``
2645+ Enables proxy filesystem driver to use passed socket file for
2646+ communicating with virtfs-proxy-helper(1).
2647+
2648+ ``sock_fd=sock_fd``
2649+ Enables proxy filesystem driver to use passed socket descriptor
2650+ for communicating with virtfs-proxy-helper(1). Usually a helper
2651+ like libvirt will create socketpair and pass one of the fds as
2652+ sock\_fd.
2653+
2654+ ``fmode=fmode``
2655+ Specifies the default mode for newly created files on the host.
2656+ Works only with security models "mapped-xattr" and
2657+ "mapped-file".
2658+
2659+ ``dmode=dmode``
2660+ Specifies the default mode for newly created directories on the
2661+ host. Works only with security models "mapped-xattr" and
2662+ "mapped-file".
2663+
2664+ ``throttling.bps-total=b,throttling.bps-read=r,throttling.bps-write=w``
2665+ Specify bandwidth throttling limits in bytes per second, either
2666+ for all request types or for reads or writes only.
2667+
2668+ ``throttling.bps-total-max=bm,bps-read-max=rm,bps-write-max=wm``
2669+ Specify bursts in bytes per second, either for all request types
2670+ or for reads or writes only. Bursts allow the guest I/O to spike
2671+ above the limit temporarily.
2672+
2673+ ``throttling.iops-total=i,throttling.iops-read=r, throttling.iops-write=w``
2674+ Specify request rate limits in requests per second, either for
2675+ all request types or for reads or writes only.
2676+
2677+ ``throttling.iops-total-max=im,throttling.iops-read-max=irm, throttling.iops-write-max=iwm``
2678+ Specify bursts in requests per second, either for all request
2679+ types or for reads or writes only. Bursts allow the guest I/O to
2680+ spike above the limit temporarily.
2681+
2682+ ``throttling.iops-size=is``
2683+ Let every is bytes of a request count as a new request for iops
2684+ throttling purposes.
2685+
2686+ -fsdev option is used along with -device driver "virtio-9p-...".
2687+
2688+``-device virtio-9p-type,fsdev=id,mount_tag=mount_tag``
2689+ Options for virtio-9p-... driver are:
2690+
2691+ ``type``
2692+ Specifies the variant to be used. Supported values are "pci",
2693+ "ccw" or "device", depending on the machine type.
2694+
2695+ ``fsdev=id``
2696+ Specifies the id value specified along with -fsdev option.
2697+
2698+ ``mount_tag=mount_tag``
2699+ Specifies the tag name to be used by the guest to mount this
2700+ export point.
2701+ERST
14692702
14702703 DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
14712704 "-virtfs local,path=path,mount_tag=tag,security_model=mapped-xattr|mapped-file|passthrough|none\n"
@@ -1557,6 +2790,107 @@ currently not block all possible file access operations (e.g. readdir()
15572790 would still return entries from other devices).
15582791 @end table
15592792 ETEXI
2793+SRST
2794+``-virtfs local,path=path,mount_tag=mount_tag ,security_model=security_model[,writeout=writeout][,readonly] [,fmode=fmode][,dmode=dmode][,multidevs=multidevs]``; \ ``-virtfs proxy,socket=socket,mount_tag=mount_tag [,writeout=writeout][,readonly]``; \ ``-virtfs proxy,sock_fd=sock_fd,mount_tag=mount_tag [,writeout=writeout][,readonly]``; \ ``-virtfs synth,mount_tag=mount_tag``
2795+ Define a new filesystem device and expose it to the guest using a
2796+ virtio-9p-device. The general form of a Virtual File system
2797+ pass-through options are:
2798+
2799+ ``local``
2800+ Accesses to the filesystem are done by QEMU.
2801+
2802+ ``proxy``
2803+ Accesses to the filesystem are done by virtfs-proxy-helper(1).
2804+
2805+ ``synth``
2806+ Synthetic filesystem, only used by QTests.
2807+
2808+ ``id=id``
2809+ Specifies identifier for the filesystem device
2810+
2811+ ``path=path``
2812+ Specifies the export path for the file system device. Files
2813+ under this path will be available to the 9p client on the guest.
2814+
2815+ ``security_model=security_model``
2816+ Specifies the security model to be used for this export path.
2817+ Supported security models are "passthrough", "mapped-xattr",
2818+ "mapped-file" and "none". In "passthrough" security model, files
2819+ are stored using the same credentials as they are created on the
2820+ guest. This requires QEMU to run as root. In "mapped-xattr"
2821+ security model, some of the file attributes like uid, gid, mode
2822+ bits and link target are stored as file attributes. For
2823+ "mapped-file" these attributes are stored in the hidden
2824+ .virtfs\_metadata directory. Directories exported by this
2825+ security model cannot interact with other unix tools. "none"
2826+ security model is same as passthrough except the sever won't
2827+ report failures if it fails to set file attributes like
2828+ ownership. Security model is mandatory only for local fsdriver.
2829+ Other fsdrivers (like proxy) don't take security model as a
2830+ parameter.
2831+
2832+ ``writeout=writeout``
2833+ This is an optional argument. The only supported value is
2834+ "immediate". This means that host page cache will be used to
2835+ read and write data but write notification will be sent to the
2836+ guest only when the data has been reported as written by the
2837+ storage subsystem.
2838+
2839+ ``readonly``
2840+ Enables exporting 9p share as a readonly mount for guests. By
2841+ default read-write access is given.
2842+
2843+ ``socket=socket``
2844+ Enables proxy filesystem driver to use passed socket file for
2845+ communicating with virtfs-proxy-helper(1). Usually a helper like
2846+ libvirt will create socketpair and pass one of the fds as
2847+ sock\_fd.
2848+
2849+ ``sock_fd``
2850+ Enables proxy filesystem driver to use passed 'sock\_fd' as the
2851+ socket descriptor for interfacing with virtfs-proxy-helper(1).
2852+
2853+ ``fmode=fmode``
2854+ Specifies the default mode for newly created files on the host.
2855+ Works only with security models "mapped-xattr" and
2856+ "mapped-file".
2857+
2858+ ``dmode=dmode``
2859+ Specifies the default mode for newly created directories on the
2860+ host. Works only with security models "mapped-xattr" and
2861+ "mapped-file".
2862+
2863+ ``mount_tag=mount_tag``
2864+ Specifies the tag name to be used by the guest to mount this
2865+ export point.
2866+
2867+ ``multidevs=multidevs``
2868+ Specifies how to deal with multiple devices being shared with a
2869+ 9p export. Supported behaviours are either "remap", "forbid" or
2870+ "warn". The latter is the default behaviour on which virtfs 9p
2871+ expects only one device to be shared with the same export, and
2872+ if more than one device is shared and accessed via the same 9p
2873+ export then only a warning message is logged (once) by qemu on
2874+ host side. In order to avoid file ID collisions on guest you
2875+ should either create a separate virtfs export for each device to
2876+ be shared with guests (recommended way) or you might use "remap"
2877+ instead which allows you to share multiple devices with only one
2878+ export instead, which is achieved by remapping the original
2879+ inode numbers from host to guest in a way that would prevent
2880+ such collisions. Remapping inodes in such use cases is required
2881+ because the original device IDs from host are never passed and
2882+ exposed on guest. Instead all files of an export shared with
2883+ virtfs always share the same device id on guest. So two files
2884+ with identical inode numbers but from actually different devices
2885+ on host would otherwise cause a file ID collision and hence
2886+ potential misbehaviours on guest. "forbid" on the other hand
2887+ assumes like "warn" that only one device is shared by the same
2888+ export, however it will not only log a warning message but also
2889+ deny access to additional devices on guest. Note though that
2890+ "forbid" does currently not block all possible file access
2891+ operations (e.g. readdir() would still return entries from other
2892+ devices).
2893+ERST
15602894
15612895 DEF("iscsi", HAS_ARG, QEMU_OPTION_iscsi,
15622896 "-iscsi [user=user][,password=password]\n"
@@ -1570,6 +2904,10 @@ STEXI
15702904 @findex -iscsi
15712905 Configure iSCSI session parameters.
15722906 ETEXI
2907+SRST
2908+``-iscsi``
2909+ Configure iSCSI session parameters.
2910+ERST
15732911
15742912 STEXI
15752913 @end table
@@ -1592,6 +2930,13 @@ not enabled by default). Note that on-board USB host controllers may not
15922930 support USB 3.0. In this case @option{-device qemu-xhci} can be used instead
15932931 on machines with PCI.
15942932 ETEXI
2933+SRST
2934+``-usb``
2935+ Enable USB emulation on machine types with an on-board USB host
2936+ controller (if not enabled by default). Note that on-board USB host
2937+ controllers may not support USB 3.0. In this case
2938+ ``-device qemu-xhci`` can be used instead on machines with PCI.
2939+ERST
15952940
15962941 DEF("usbdevice", HAS_ARG, QEMU_OPTION_usbdevice,
15972942 "-usbdevice name add the host or guest USB device 'name'\n",
@@ -1619,6 +2964,26 @@ or fake device.
16192964
16202965 @end table
16212966 ETEXI
2967+SRST
2968+``-usbdevice devname``
2969+ Add the USB device devname. Note that this option is deprecated,
2970+ please use ``-device usb-...`` instead. See
2971+ :ref:`usb_005fdevices`.
2972+
2973+ ``mouse``
2974+ Virtual Mouse. This will override the PS/2 mouse emulation when
2975+ activated.
2976+
2977+ ``tablet``
2978+ Pointer device that uses absolute coordinates (like a
2979+ touchscreen). This means QEMU is able to report the mouse
2980+ position without having to grab the mouse. Also overrides the
2981+ PS/2 mouse emulation when activated.
2982+
2983+ ``braille``
2984+ Braille device. This will use BrlAPI to display the braille
2985+ output on a real or fake device.
2986+ERST
16222987
16232988 STEXI
16242989 @end table
@@ -1705,6 +3070,53 @@ application. The Spice server will redirect the serial consoles and
17053070 QEMU monitors. (Since 4.0)
17063071 @end table
17073072 ETEXI
3073+SRST
3074+``-display type``
3075+ Select type of display to use. This option is a replacement for the
3076+ old style -sdl/-curses/... options. Use ``-display help`` to list
3077+ the available display types. Valid values for type are
3078+
3079+ ``sdl``
3080+ Display video output via SDL (usually in a separate graphics
3081+ window; see the SDL documentation for other possibilities).
3082+
3083+ ``curses``
3084+ Display video output via curses. For graphics device models
3085+ which support a text mode, QEMU can display this output using a
3086+ curses/ncurses interface. Nothing is displayed when the graphics
3087+ device is in graphical mode or if the graphics device does not
3088+ support a text mode. Generally only the VGA device models
3089+ support text mode. The font charset used by the guest can be
3090+ specified with the ``charset`` option, for example
3091+ ``charset=CP850`` for IBM CP850 encoding. The default is
3092+ ``CP437``.
3093+
3094+ ``none``
3095+ Do not display video output. The guest will still see an
3096+ emulated graphics card, but its output will not be displayed to
3097+ the QEMU user. This option differs from the -nographic option in
3098+ that it only affects what is done with video output; -nographic
3099+ also changes the destination of the serial and parallel port
3100+ data.
3101+
3102+ ``gtk``
3103+ Display video output in a GTK window. This interface provides
3104+ drop-down menus and other UI elements to configure and control
3105+ the VM during runtime.
3106+
3107+ ``vnc``
3108+ Start a VNC server on display <arg>
3109+
3110+ ``egl-headless``
3111+ Offload all OpenGL operations to a local DRI device. For any
3112+ graphical display, this display needs to be paired with either
3113+ VNC or SPICE displays.
3114+
3115+ ``spice-app``
3116+ Start QEMU as a Spice server and launch the default Spice client
3117+ application. The Spice server will redirect the serial consoles
3118+ and QEMU monitors. (Since 4.0)
3119+ERST
17083120
17093121 DEF("nographic", 0, QEMU_OPTION_nographic,
17103122 "-nographic disable graphical output and redirect serial I/Os to console\n",
@@ -1721,6 +3133,17 @@ redirected elsewhere explicitly). Therefore, you can still use QEMU to
17213133 debug a Linux kernel with a serial console. Use @key{C-a h} for help on
17223134 switching between the console and monitor.
17233135 ETEXI
3136+SRST
3137+``-nographic``
3138+ Normally, if QEMU is compiled with graphical window support, it
3139+ displays output such as guest graphics, guest console, and the QEMU
3140+ monitor in a window. With this option, you can totally disable
3141+ graphical output so that QEMU is a simple command line application.
3142+ The emulated serial port is redirected on the console and muxed with
3143+ the monitor (unless redirected elsewhere explicitly). Therefore, you
3144+ can still use QEMU to debug a Linux kernel with a serial console.
3145+ Use C-a h for help on switching between the console and monitor.
3146+ERST
17243147
17253148 DEF("curses", 0, QEMU_OPTION_curses,
17263149 "-curses shorthand for -display curses\n",
@@ -1734,6 +3157,14 @@ window. With this option, QEMU can display the VGA output when in text
17343157 mode using a curses/ncurses interface. Nothing is displayed in graphical
17353158 mode.
17363159 ETEXI
3160+SRST
3161+``-curses``
3162+ Normally, if QEMU is compiled with graphical window support, it
3163+ displays output such as guest graphics, guest console, and the QEMU
3164+ monitor in a window. With this option, QEMU can display the VGA
3165+ output when in text mode using a curses/ncurses interface. Nothing
3166+ is displayed in graphical mode.
3167+ERST
17373168
17383169 DEF("alt-grab", 0, QEMU_OPTION_alt_grab,
17393170 "-alt-grab use Ctrl-Alt-Shift to grab mouse (instead of Ctrl-Alt)\n",
@@ -1744,6 +3175,12 @@ STEXI
17443175 Use Ctrl-Alt-Shift to grab mouse (instead of Ctrl-Alt). Note that this also
17453176 affects the special keys (for fullscreen, monitor-mode switching, etc).
17463177 ETEXI
3178+SRST
3179+``-alt-grab``
3180+ Use Ctrl-Alt-Shift to grab mouse (instead of Ctrl-Alt). Note that
3181+ this also affects the special keys (for fullscreen, monitor-mode
3182+ switching, etc).
3183+ERST
17473184
17483185 DEF("ctrl-grab", 0, QEMU_OPTION_ctrl_grab,
17493186 "-ctrl-grab use Right-Ctrl to grab mouse (instead of Ctrl-Alt)\n",
@@ -1754,6 +3191,12 @@ STEXI
17543191 Use Right-Ctrl to grab mouse (instead of Ctrl-Alt). Note that this also
17553192 affects the special keys (for fullscreen, monitor-mode switching, etc).
17563193 ETEXI
3194+SRST
3195+``-ctrl-grab``
3196+ Use Right-Ctrl to grab mouse (instead of Ctrl-Alt). Note that this
3197+ also affects the special keys (for fullscreen, monitor-mode
3198+ switching, etc).
3199+ERST
17573200
17583201 DEF("no-quit", 0, QEMU_OPTION_no_quit,
17593202 "-no-quit disable SDL window close capability\n", QEMU_ARCH_ALL)
@@ -1762,6 +3205,10 @@ STEXI
17623205 @findex -no-quit
17633206 Disable SDL window close capability.
17643207 ETEXI
3208+SRST
3209+``-no-quit``
3210+ Disable SDL window close capability.
3211+ERST
17653212
17663213 DEF("sdl", 0, QEMU_OPTION_sdl,
17673214 "-sdl shorthand for -display sdl\n", QEMU_ARCH_ALL)
@@ -1770,6 +3217,10 @@ STEXI
17703217 @findex -sdl
17713218 Enable SDL.
17723219 ETEXI
3220+SRST
3221+``-sdl``
3222+ Enable SDL.
3223+ERST
17733224
17743225 DEF("spice", HAS_ARG, QEMU_OPTION_spice,
17753226 "-spice [port=port][,tls-port=secured-port][,x509-dir=<dir>]\n"
@@ -1887,6 +3338,95 @@ the first available. (Since 2.9)
18873338
18883339 @end table
18893340 ETEXI
3341+SRST
3342+``-spice option[,option[,...]]``
3343+ Enable the spice remote desktop protocol. Valid options are
3344+
3345+ ``port=<nr>``
3346+ Set the TCP port spice is listening on for plaintext channels.
3347+
3348+ ``addr=<addr>``
3349+ Set the IP address spice is listening on. Default is any
3350+ address.
3351+
3352+ ``ipv4``; \ ``ipv6``; \ ``unix``
3353+ Force using the specified IP version.
3354+
3355+ ``password=<secret>``
3356+ Set the password you need to authenticate.
3357+
3358+ ``sasl``
3359+ Require that the client use SASL to authenticate with the spice.
3360+ The exact choice of authentication method used is controlled
3361+ from the system / user's SASL configuration file for the 'qemu'
3362+ service. This is typically found in /etc/sasl2/qemu.conf. If
3363+ running QEMU as an unprivileged user, an environment variable
3364+ SASL\_CONF\_PATH can be used to make it search alternate
3365+ locations for the service config. While some SASL auth methods
3366+ can also provide data encryption (eg GSSAPI), it is recommended
3367+ that SASL always be combined with the 'tls' and 'x509' settings
3368+ to enable use of SSL and server certificates. This ensures a
3369+ data encryption preventing compromise of authentication
3370+ credentials.
3371+
3372+ ``disable-ticketing``
3373+ Allow client connects without authentication.
3374+
3375+ ``disable-copy-paste``
3376+ Disable copy paste between the client and the guest.
3377+
3378+ ``disable-agent-file-xfer``
3379+ Disable spice-vdagent based file-xfer between the client and the
3380+ guest.
3381+
3382+ ``tls-port=<nr>``
3383+ Set the TCP port spice is listening on for encrypted channels.
3384+
3385+ ``x509-dir=<dir>``
3386+ Set the x509 file directory. Expects same filenames as -vnc
3387+ $display,x509=$dir
3388+
3389+ ``x509-key-file=<file>``; \ ``x509-key-password=<file>``; \ ``x509-cert-file=<file>``; \ ``x509-cacert-file=<file>``; \ ``x509-dh-key-file=<file>``
3390+ The x509 file names can also be configured individually.
3391+
3392+ ``tls-ciphers=<list>``
3393+ Specify which ciphers to use.
3394+
3395+ ``tls-channel=[main|display|cursor|inputs|record|playback]``; \ ``plaintext-channel=[main|display|cursor|inputs|record|playback]``
3396+ Force specific channel to be used with or without TLS
3397+ encryption. The options can be specified multiple times to
3398+ configure multiple channels. The special name "default" can be
3399+ used to set the default mode. For channels which are not
3400+ explicitly forced into one mode the spice client is allowed to
3401+ pick tls/plaintext as he pleases.
3402+
3403+ ``image-compression=[auto_glz|auto_lz|quic|glz|lz|off]``
3404+ Configure image compression (lossless). Default is auto\_glz.
3405+
3406+ ``jpeg-wan-compression=[auto|never|always]``; \ ``zlib-glz-wan-compression=[auto|never|always]``
3407+ Configure wan image compression (lossy for slow links). Default
3408+ is auto.
3409+
3410+ ``streaming-video=[off|all|filter]``
3411+ Configure video stream detection. Default is off.
3412+
3413+ ``agent-mouse=[on|off]``
3414+ Enable/disable passing mouse events via vdagent. Default is on.
3415+
3416+ ``playback-compression=[on|off]``
3417+ Enable/disable audio stream compression (using celt 0.5.1).
3418+ Default is on.
3419+
3420+ ``seamless-migration=[on|off]``
3421+ Enable/disable spice seamless migration. Default is off.
3422+
3423+ ``gl=[on|off]``
3424+ Enable/disable OpenGL context. Default is off.
3425+
3426+ ``rendernode=<file>``
3427+ DRM render node for OpenGL rendering. If not specified, it will
3428+ pick the first available. (Since 2.9)
3429+ERST
18903430
18913431 DEF("portrait", 0, QEMU_OPTION_portrait,
18923432 "-portrait rotate graphical output 90 deg left (only PXA LCD)\n",
@@ -1896,6 +3436,10 @@ STEXI
18963436 @findex -portrait
18973437 Rotate graphical output 90 deg left (only PXA LCD).
18983438 ETEXI
3439+SRST
3440+``-portrait``
3441+ Rotate graphical output 90 deg left (only PXA LCD).
3442+ERST
18993443
19003444 DEF("rotate", HAS_ARG, QEMU_OPTION_rotate,
19013445 "-rotate <deg> rotate graphical output some deg left (only PXA LCD)\n",
@@ -1905,6 +3449,10 @@ STEXI
19053449 @findex -rotate
19063450 Rotate graphical output some deg left (only PXA LCD).
19073451 ETEXI
3452+SRST
3453+``-rotate deg``
3454+ Rotate graphical output some deg left (only PXA LCD).
3455+ERST
19083456
19093457 DEF("vga", HAS_ARG, QEMU_OPTION_vga,
19103458 "-vga [std|cirrus|vmware|qxl|xenfb|tcx|cg3|virtio|none]\n"
@@ -1946,6 +3494,51 @@ Virtio VGA card.
19463494 Disable VGA card.
19473495 @end table
19483496 ETEXI
3497+SRST
3498+``-vga type``
3499+ Select type of VGA card to emulate. Valid values for type are
3500+
3501+ ``cirrus``
3502+ Cirrus Logic GD5446 Video card. All Windows versions starting
3503+ from Windows 95 should recognize and use this graphic card. For
3504+ optimal performances, use 16 bit color depth in the guest and
3505+ the host OS. (This card was the default before QEMU 2.2)
3506+
3507+ ``std``
3508+ Standard VGA card with Bochs VBE extensions. If your guest OS
3509+ supports the VESA 2.0 VBE extensions (e.g. Windows XP) and if
3510+ you want to use high resolution modes (>= 1280x1024x16) then you
3511+ should use this option. (This card is the default since QEMU
3512+ 2.2)
3513+
3514+ ``vmware``
3515+ VMWare SVGA-II compatible adapter. Use it if you have
3516+ sufficiently recent XFree86/XOrg server or Windows guest with a
3517+ driver for this card.
3518+
3519+ ``qxl``
3520+ QXL paravirtual graphic card. It is VGA compatible (including
3521+ VESA 2.0 VBE support). Works best with qxl guest drivers
3522+ installed though. Recommended choice when using the spice
3523+ protocol.
3524+
3525+ ``tcx``
3526+ (sun4m only) Sun TCX framebuffer. This is the default
3527+ framebuffer for sun4m machines and offers both 8-bit and 24-bit
3528+ colour depths at a fixed resolution of 1024x768.
3529+
3530+ ``cg3``
3531+ (sun4m only) Sun cgthree framebuffer. This is a simple 8-bit
3532+ framebuffer for sun4m machines available in both 1024x768
3533+ (OpenBIOS) and 1152x900 (OBP) resolutions aimed at people
3534+ wishing to run older Solaris versions.
3535+
3536+ ``virtio``
3537+ Virtio VGA card.
3538+
3539+ ``none``
3540+ Disable VGA card.
3541+ERST
19493542
19503543 DEF("full-screen", 0, QEMU_OPTION_full_screen,
19513544 "-full-screen start in full screen\n", QEMU_ARCH_ALL)
@@ -1954,6 +3547,10 @@ STEXI
19543547 @findex -full-screen
19553548 Start in full screen.
19563549 ETEXI
3550+SRST
3551+``-full-screen``
3552+ Start in full screen.
3553+ERST
19573554
19583555 DEF("g", HAS_ARG, QEMU_OPTION_g ,
19593556 "-g WxH[xDEPTH] Set the initial graphical resolution and depth\n",
@@ -1970,6 +3567,17 @@ option of 1024x768x24. For cgthree, the default is 1024x768x8 with the option
19703567 of 1152x900x8 for people who wish to use OBP.
19713568
19723569 ETEXI
3570+SRST
3571+``-g widthxheight[xdepth]``
3572+ Set the initial graphical resolution and depth (PPC, SPARC only).
3573+
3574+ For PPC the default is 800x600x32.
3575+
3576+ For SPARC with the TCX graphics device, the default is 1024x768x8
3577+ with the option of 1024x768x24. For cgthree, the default is
3578+ 1024x768x8 with the option of 1152x900x8 for people who wish to use
3579+ OBP.
3580+ERST
19733581
19743582 DEF("vnc", HAS_ARG, QEMU_OPTION_vnc ,
19753583 "-vnc <display> shorthand for -display vnc=<display>\n", QEMU_ARCH_ALL)
@@ -2155,6 +3763,171 @@ be omitted, otherwise is must be present and specify a valid audiodev.
21553763
21563764 @end table
21573765 ETEXI
3766+SRST
3767+``-vnc display[,option[,option[,...]]]``
3768+ Normally, if QEMU is compiled with graphical window support, it
3769+ displays output such as guest graphics, guest console, and the QEMU
3770+ monitor in a window. With this option, you can have QEMU listen on
3771+ VNC display display and redirect the VGA display over the VNC
3772+ session. It is very useful to enable the usb tablet device when
3773+ using this option (option ``-device usb-tablet``). When using the
3774+ VNC display, you must use the ``-k`` parameter to set the keyboard
3775+ layout if you are not using en-us. Valid syntax for the display is
3776+
3777+ ``to=L``
3778+ With this option, QEMU will try next available VNC displays,
3779+ until the number L, if the origianlly defined "-vnc display" is
3780+ not available, e.g. port 5900+display is already used by another
3781+ application. By default, to=0.
3782+
3783+ ``host:d``
3784+ TCP connections will only be allowed from host on display d. By
3785+ convention the TCP port is 5900+d. Optionally, host can be
3786+ omitted in which case the server will accept connections from
3787+ any host.
3788+
3789+ ``unix:path``
3790+ Connections will be allowed over UNIX domain sockets where path
3791+ is the location of a unix socket to listen for connections on.
3792+
3793+ ``none``
3794+ VNC is initialized but not started. The monitor ``change``
3795+ command can be used to later start the VNC server.
3796+
3797+ Following the display value there may be one or more option flags
3798+ separated by commas. Valid options are
3799+
3800+ ``reverse``
3801+ Connect to a listening VNC client via a "reverse" connection.
3802+ The client is specified by the display. For reverse network
3803+ connections (host:d,``reverse``), the d argument is a TCP port
3804+ number, not a display number.
3805+
3806+ ``websocket``
3807+ Opens an additional TCP listening port dedicated to VNC
3808+ Websocket connections. If a bare websocket option is given, the
3809+ Websocket port is 5700+display. An alternative port can be
3810+ specified with the syntax ``websocket``\ =port.
3811+
3812+ If host is specified connections will only be allowed from this
3813+ host. It is possible to control the websocket listen address
3814+ independently, using the syntax ``websocket``\ =host:port.
3815+
3816+ If no TLS credentials are provided, the websocket connection
3817+ runs in unencrypted mode. If TLS credentials are provided, the
3818+ websocket connection requires encrypted client connections.
3819+
3820+ ``password``
3821+ Require that password based authentication is used for client
3822+ connections.
3823+
3824+ The password must be set separately using the ``set_password``
3825+ command in the :ref:`pcsys_005fmonitor`. The
3826+ syntax to change your password is:
3827+ ``set_password <protocol> <password>`` where <protocol> could be
3828+ either "vnc" or "spice".
3829+
3830+ If you would like to change <protocol> password expiration, you
3831+ should use ``expire_password <protocol> <expiration-time>``
3832+ where expiration time could be one of the following options:
3833+ now, never, +seconds or UNIX time of expiration, e.g. +60 to
3834+ make password expire in 60 seconds, or 1335196800 to make
3835+ password expire on "Mon Apr 23 12:00:00 EDT 2012" (UNIX time for
3836+ this date and time).
3837+
3838+ You can also use keywords "now" or "never" for the expiration
3839+ time to allow <protocol> password to expire immediately or never
3840+ expire.
3841+
3842+ ``tls-creds=ID``
3843+ Provides the ID of a set of TLS credentials to use to secure the
3844+ VNC server. They will apply to both the normal VNC server socket
3845+ and the websocket socket (if enabled). Setting TLS credentials
3846+ will cause the VNC server socket to enable the VeNCrypt auth
3847+ mechanism. The credentials should have been previously created
3848+ using the ``-object tls-creds`` argument.
3849+
3850+ ``tls-authz=ID``
3851+ Provides the ID of the QAuthZ authorization object against which
3852+ the client's x509 distinguished name will validated. This object
3853+ is only resolved at time of use, so can be deleted and recreated
3854+ on the fly while the VNC server is active. If missing, it will
3855+ default to denying access.
3856+
3857+ ``sasl``
3858+ Require that the client use SASL to authenticate with the VNC
3859+ server. The exact choice of authentication method used is
3860+ controlled from the system / user's SASL configuration file for
3861+ the 'qemu' service. This is typically found in
3862+ /etc/sasl2/qemu.conf. If running QEMU as an unprivileged user,
3863+ an environment variable SASL\_CONF\_PATH can be used to make it
3864+ search alternate locations for the service config. While some
3865+ SASL auth methods can also provide data encryption (eg GSSAPI),
3866+ it is recommended that SASL always be combined with the 'tls'
3867+ and 'x509' settings to enable use of SSL and server
3868+ certificates. This ensures a data encryption preventing
3869+ compromise of authentication credentials. See the
3870+ :ref:`vnc_005fsecurity` section for details on
3871+ using SASL authentication.
3872+
3873+ ``sasl-authz=ID``
3874+ Provides the ID of the QAuthZ authorization object against which
3875+ the client's SASL username will validated. This object is only
3876+ resolved at time of use, so can be deleted and recreated on the
3877+ fly while the VNC server is active. If missing, it will default
3878+ to denying access.
3879+
3880+ ``acl``
3881+ Legacy method for enabling authorization of clients against the
3882+ x509 distinguished name and SASL username. It results in the
3883+ creation of two ``authz-list`` objects with IDs of
3884+ ``vnc.username`` and ``vnc.x509dname``. The rules for these
3885+ objects must be configured with the HMP ACL commands.
3886+
3887+ This option is deprecated and should no longer be used. The new
3888+ ``sasl-authz`` and ``tls-authz`` options are a replacement.
3889+
3890+ ``lossy``
3891+ Enable lossy compression methods (gradient, JPEG, ...). If this
3892+ option is set, VNC client may receive lossy framebuffer updates
3893+ depending on its encoding settings. Enabling this option can
3894+ save a lot of bandwidth at the expense of quality.
3895+
3896+ ``non-adaptive``
3897+ Disable adaptive encodings. Adaptive encodings are enabled by
3898+ default. An adaptive encoding will try to detect frequently
3899+ updated screen regions, and send updates in these regions using
3900+ a lossy encoding (like JPEG). This can be really helpful to save
3901+ bandwidth when playing videos. Disabling adaptive encodings
3902+ restores the original static behavior of encodings like Tight.
3903+
3904+ ``share=[allow-exclusive|force-shared|ignore]``
3905+ Set display sharing policy. 'allow-exclusive' allows clients to
3906+ ask for exclusive access. As suggested by the rfb spec this is
3907+ implemented by dropping other connections. Connecting multiple
3908+ clients in parallel requires all clients asking for a shared
3909+ session (vncviewer: -shared switch). This is the default.
3910+ 'force-shared' disables exclusive client access. Useful for
3911+ shared desktop sessions, where you don't want someone forgetting
3912+ specify -shared disconnect everybody else. 'ignore' completely
3913+ ignores the shared flag and allows everybody connect
3914+ unconditionally. Doesn't conform to the rfb spec but is
3915+ traditional QEMU behavior.
3916+
3917+ ``key-delay-ms``
3918+ Set keyboard delay, for key down and key up events, in
3919+ milliseconds. Default is 10. Keyboards are low-bandwidth
3920+ devices, so this slowdown can help the device and guest to keep
3921+ up and not lose events in case events are arriving in bulk.
3922+ Possible causes for the latter are flaky network connections, or
3923+ scripts for automated testing.
3924+
3925+ ``audiodev=audiodev``
3926+ Use the specified audiodev when the VNC client requests audio
3927+ transmission. When not using an -audiodev argument, this option
3928+ must be omitted, otherwise is must be present and specify a
3929+ valid audiodev.
3930+ERST
21583931
21593932 STEXI
21603933 @end table
@@ -2176,6 +3949,12 @@ Use it when installing Windows 2000 to avoid a disk full bug. After
21763949 Windows 2000 is installed, you no longer need this option (this option
21773950 slows down the IDE transfers).
21783951 ETEXI
3952+SRST
3953+``-win2k-hack``
3954+ Use it when installing Windows 2000 to avoid a disk full bug. After
3955+ Windows 2000 is installed, you no longer need this option (this
3956+ option slows down the IDE transfers).
3957+ERST
21793958
21803959 DEF("no-fd-bootchk", 0, QEMU_OPTION_no_fd_bootchk,
21813960 "-no-fd-bootchk disable boot signature checking for floppy disks\n",
@@ -2186,6 +3965,11 @@ STEXI
21863965 Disable boot signature checking for floppy disks in BIOS. May
21873966 be needed to boot from old floppy disks.
21883967 ETEXI
3968+SRST
3969+``-no-fd-bootchk``
3970+ Disable boot signature checking for floppy disks in BIOS. May be
3971+ needed to boot from old floppy disks.
3972+ERST
21893973
21903974 DEF("no-acpi", 0, QEMU_OPTION_no_acpi,
21913975 "-no-acpi disable ACPI\n", QEMU_ARCH_I386 | QEMU_ARCH_ARM)
@@ -2196,6 +3980,12 @@ Disable ACPI (Advanced Configuration and Power Interface) support. Use
21963980 it if your guest OS complains about ACPI problems (PC target machine
21973981 only).
21983982 ETEXI
3983+SRST
3984+``-no-acpi``
3985+ Disable ACPI (Advanced Configuration and Power Interface) support.
3986+ Use it if your guest OS complains about ACPI problems (PC target
3987+ machine only).
3988+ERST
21993989
22003990 DEF("no-hpet", 0, QEMU_OPTION_no_hpet,
22013991 "-no-hpet disable HPET\n", QEMU_ARCH_I386)
@@ -2204,6 +3994,10 @@ STEXI
22043994 @findex -no-hpet
22053995 Disable HPET support.
22063996 ETEXI
3997+SRST
3998+``-no-hpet``
3999+ Disable HPET support.
4000+ERST
22074001
22084002 DEF("acpitable", HAS_ARG, QEMU_OPTION_acpitable,
22094003 "-acpitable [sig=str][,rev=n][,oem_id=str][,oem_table_id=str][,oem_rev=n][,asl_compiler_id=str][,asl_compiler_rev=n][,{data|file}=file1[:file2]...]\n"
@@ -2222,6 +4016,18 @@ fields will override the same in the RSDT and the FADT (a.k.a. FACP), in order
22224016 to ensure the field matches required by the Microsoft SLIC spec and the ACPI
22234017 spec.
22244018 ETEXI
4019+SRST
4020+``-acpitable [sig=str][,rev=n][,oem_id=str][,oem_table_id=str][,oem_rev=n] [,asl_compiler_id=str][,asl_compiler_rev=n][,data=file1[:file2]...]``
4021+ Add ACPI table with specified header fields and context from
4022+ specified files. For file=, take whole ACPI table from the specified
4023+ files, including all ACPI headers (possible overridden by other
4024+ options). For data=, only data portion of the table is used, all
4025+ header information is specified in the command line. If a SLIC table
4026+ is supplied to QEMU, then the SLIC's oem\_id and oem\_table\_id
4027+ fields will override the same in the RSDT and the FADT (a.k.a.
4028+ FACP), in order to ensure the field matches required by the
4029+ Microsoft SLIC spec and the ACPI spec.
4030+ERST
22254031
22264032 DEF("smbios", HAS_ARG, QEMU_OPTION_smbios,
22274033 "-smbios file=binary\n"
@@ -2268,6 +4074,28 @@ Specify SMBIOS type 4 fields
22684074 @item -smbios type=17[,loc_pfx=@var{str}][,bank=@var{str}][,manufacturer=@var{str}][,serial=@var{str}][,asset=@var{str}][,part=@var{str}][,speed=@var{%d}]
22694075 Specify SMBIOS type 17 fields
22704076 ETEXI
4077+SRST
4078+``-smbios file=binary``
4079+ Load SMBIOS entry from binary file.
4080+
4081+``-smbios type=0[,vendor=str][,version=str][,date=str][,release=%d.%d][,uefi=on|off]``
4082+ Specify SMBIOS type 0 fields
4083+
4084+``-smbios type=1[,manufacturer=str][,product=str][,version=str][,serial=str][,uuid=uuid][,sku=str][,family=str]``
4085+ Specify SMBIOS type 1 fields
4086+
4087+``-smbios type=2[,manufacturer=str][,product=str][,version=str][,serial=str][,asset=str][,location=str]``
4088+ Specify SMBIOS type 2 fields
4089+
4090+``-smbios type=3[,manufacturer=str][,version=str][,serial=str][,asset=str][,sku=str]``
4091+ Specify SMBIOS type 3 fields
4092+
4093+``-smbios type=4[,sock_pfx=str][,manufacturer=str][,version=str][,serial=str][,asset=str][,part=str]``
4094+ Specify SMBIOS type 4 fields
4095+
4096+``-smbios type=17[,loc_pfx=str][,bank=str][,manufacturer=str][,serial=str][,asset=str][,part=str][,speed=%d]``
4097+ Specify SMBIOS type 17 fields
4098+ERST
22714099
22724100 STEXI
22734101 @end table
@@ -2866,6 +4694,470 @@ Configure a host network backend (with the options corresponding to the same
28664694 @option{-netdev} option) and connect it to the emulated hub 0 (the default
28674695 hub). Use @var{name} to specify the name of the hub port.
28684696 ETEXI
4697+SRST
4698+``-nic [tap|bridge|user|l2tpv3|vde|netmap|vhost-user|socket][,...][,mac=macaddr][,model=mn]``
4699+ This option is a shortcut for configuring both the on-board
4700+ (default) guest NIC hardware and the host network backend in one go.
4701+ The host backend options are the same as with the corresponding
4702+ ``-netdev`` options below. The guest NIC model can be set with
4703+ ``model=modelname``. Use ``model=help`` to list the available device
4704+ types. The hardware MAC address can be set with ``mac=macaddr``.
4705+
4706+ The following two example do exactly the same, to show how ``-nic``
4707+ can be used to shorten the command line length:
4708+
4709+ .. parsed-literal::
4710+
4711+ |qemu_system| -netdev user,id=n1,ipv6=off -device e1000,netdev=n1,mac=52:54:98:76:54:32
4712+ |qemu_system| -nic user,ipv6=off,model=e1000,mac=52:54:98:76:54:32
4713+
4714+``-nic none``
4715+ Indicate that no network devices should be configured. It is used to
4716+ override the default configuration (default NIC with "user" host
4717+ network backend) which is activated if no other networking options
4718+ are provided.
4719+
4720+``-netdev user,id=id[,option][,option][,...]``
4721+ Configure user mode host network backend which requires no
4722+ administrator privilege to run. Valid options are:
4723+
4724+ ``id=id``
4725+ Assign symbolic name for use in monitor commands.
4726+
4727+ ``ipv4=on|off and ipv6=on|off``
4728+ Specify that either IPv4 or IPv6 must be enabled. If neither is
4729+ specified both protocols are enabled.
4730+
4731+ ``net=addr[/mask]``
4732+ Set IP network address the guest will see. Optionally specify
4733+ the netmask, either in the form a.b.c.d or as number of valid
4734+ top-most bits. Default is 10.0.2.0/24.
4735+
4736+ ``host=addr``
4737+ Specify the guest-visible address of the host. Default is the
4738+ 2nd IP in the guest network, i.e. x.x.x.2.
4739+
4740+ ``ipv6-net=addr[/int]``
4741+ Set IPv6 network address the guest will see (default is
4742+ fec0::/64). The network prefix is given in the usual hexadecimal
4743+ IPv6 address notation. The prefix size is optional, and is given
4744+ as the number of valid top-most bits (default is 64).
4745+
4746+ ``ipv6-host=addr``
4747+ Specify the guest-visible IPv6 address of the host. Default is
4748+ the 2nd IPv6 in the guest network, i.e. xxxx::2.
4749+
4750+ ``restrict=on|off``
4751+ If this option is enabled, the guest will be isolated, i.e. it
4752+ will not be able to contact the host and no guest IP packets
4753+ will be routed over the host to the outside. This option does
4754+ not affect any explicitly set forwarding rules.
4755+
4756+ ``hostname=name``
4757+ Specifies the client hostname reported by the built-in DHCP
4758+ server.
4759+
4760+ ``dhcpstart=addr``
4761+ Specify the first of the 16 IPs the built-in DHCP server can
4762+ assign. Default is the 15th to 31st IP in the guest network,
4763+ i.e. x.x.x.15 to x.x.x.31.
4764+
4765+ ``dns=addr``
4766+ Specify the guest-visible address of the virtual nameserver. The
4767+ address must be different from the host address. Default is the
4768+ 3rd IP in the guest network, i.e. x.x.x.3.
4769+
4770+ ``ipv6-dns=addr``
4771+ Specify the guest-visible address of the IPv6 virtual
4772+ nameserver. The address must be different from the host address.
4773+ Default is the 3rd IP in the guest network, i.e. xxxx::3.
4774+
4775+ ``dnssearch=domain``
4776+ Provides an entry for the domain-search list sent by the
4777+ built-in DHCP server. More than one domain suffix can be
4778+ transmitted by specifying this option multiple times. If
4779+ supported, this will cause the guest to automatically try to
4780+ append the given domain suffix(es) in case a domain name can not
4781+ be resolved.
4782+
4783+ Example:
4784+
4785+ .. parsed-literal::
4786+
4787+ |qemu_system| -nic user,dnssearch=mgmt.example.org,dnssearch=example.org
4788+
4789+ ``domainname=domain``
4790+ Specifies the client domain name reported by the built-in DHCP
4791+ server.
4792+
4793+ ``tftp=dir``
4794+ When using the user mode network stack, activate a built-in TFTP
4795+ server. The files in dir will be exposed as the root of a TFTP
4796+ server. The TFTP client on the guest must be configured in
4797+ binary mode (use the command ``bin`` of the Unix TFTP client).
4798+
4799+ ``tftp-server-name=name``
4800+ In BOOTP reply, broadcast name as the "TFTP server name"
4801+ (RFC2132 option 66). This can be used to advise the guest to
4802+ load boot files or configurations from a different server than
4803+ the host address.
4804+
4805+ ``bootfile=file``
4806+ When using the user mode network stack, broadcast file as the
4807+ BOOTP filename. In conjunction with ``tftp``, this can be used
4808+ to network boot a guest from a local directory.
4809+
4810+ Example (using pxelinux):
4811+
4812+ .. parsed-literal::
4813+
4814+ |qemu_system| -hda linux.img -boot n -device e1000,netdev=n1 \
4815+ -netdev user,id=n1,tftp=/path/to/tftp/files,bootfile=/pxelinux.0
4816+
4817+ ``smb=dir[,smbserver=addr]``
4818+ When using the user mode network stack, activate a built-in SMB
4819+ server so that Windows OSes can access to the host files in
4820+ ``dir`` transparently. The IP address of the SMB server can be
4821+ set to addr. By default the 4th IP in the guest network is used,
4822+ i.e. x.x.x.4.
4823+
4824+ In the guest Windows OS, the line:
4825+
4826+ ::
4827+
4828+ 10.0.2.4 smbserver
4829+
4830+ must be added in the file ``C:\WINDOWS\LMHOSTS`` (for windows
4831+ 9x/Me) or ``C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS`` (Windows
4832+ NT/2000).
4833+
4834+ Then ``dir`` can be accessed in ``\\smbserver\qemu``.
4835+
4836+ Note that a SAMBA server must be installed on the host OS.
4837+
4838+ ``hostfwd=[tcp|udp]:[hostaddr]:hostport-[guestaddr]:guestport``
4839+ Redirect incoming TCP or UDP connections to the host port
4840+ hostport to the guest IP address guestaddr on guest port
4841+ guestport. If guestaddr is not specified, its value is x.x.x.15
4842+ (default first address given by the built-in DHCP server). By
4843+ specifying hostaddr, the rule can be bound to a specific host
4844+ interface. If no connection type is set, TCP is used. This
4845+ option can be given multiple times.
4846+
4847+ For example, to redirect host X11 connection from screen 1 to
4848+ guest screen 0, use the following:
4849+
4850+ ::
4851+
4852+ # on the host
4853+ |qemu_system| -nic user,hostfwd=tcp:127.0.0.1:6001-:6000
4854+ # this host xterm should open in the guest X11 server
4855+ xterm -display :1
4856+
4857+ To redirect telnet connections from host port 5555 to telnet
4858+ port on the guest, use the following:
4859+
4860+ ::
4861+
4862+ # on the host
4863+ |qemu_system| -nic user,hostfwd=tcp::5555-:23
4864+ telnet localhost 5555
4865+
4866+ Then when you use on the host ``telnet localhost 5555``, you
4867+ connect to the guest telnet server.
4868+
4869+ ``guestfwd=[tcp]:server:port-dev``; \ ``guestfwd=[tcp]:server:port-cmd:command``
4870+ Forward guest TCP connections to the IP address server on port
4871+ port to the character device dev or to a program executed by
4872+ cmd:command which gets spawned for each connection. This option
4873+ can be given multiple times.
4874+
4875+ You can either use a chardev directly and have that one used
4876+ throughout QEMU's lifetime, like in the following example:
4877+
4878+ ::
4879+
4880+ # open 10.10.1.1:4321 on bootup, connect 10.0.2.100:1234 to it whenever
4881+ # the guest accesses it
4882+ |qemu_system| -nic user,guestfwd=tcp:10.0.2.100:1234-tcp:10.10.1.1:4321
4883+
4884+ Or you can execute a command on every TCP connection established
4885+ by the guest, so that QEMU behaves similar to an inetd process
4886+ for that virtual server:
4887+
4888+ ::
4889+
4890+ # call "netcat 10.10.1.1 4321" on every TCP connection to 10.0.2.100:1234
4891+ # and connect the TCP stream to its stdin/stdout
4892+ |qemu_system| -nic 'user,id=n1,guestfwd=tcp:10.0.2.100:1234-cmd:netcat 10.10.1.1 4321'
4893+
4894+``-netdev tap,id=id[,fd=h][,ifname=name][,script=file][,downscript=dfile][,br=bridge][,helper=helper]``
4895+ Configure a host TAP network backend with ID id.
4896+
4897+ Use the network script file to configure it and the network script
4898+ dfile to deconfigure it. If name is not provided, the OS
4899+ automatically provides one. The default network configure script is
4900+ ``/etc/qemu-ifup`` and the default network deconfigure script is
4901+ ``/etc/qemu-ifdown``. Use ``script=no`` or ``downscript=no`` to
4902+ disable script execution.
4903+
4904+ If running QEMU as an unprivileged user, use the network helper
4905+ helper to configure the TAP interface and attach it to the bridge.
4906+ The default network helper executable is
4907+ ``/path/to/qemu-bridge-helper`` and the default bridge device is
4908+ ``br0``.
4909+
4910+ ``fd``\ =h can be used to specify the handle of an already opened
4911+ host TAP interface.
4912+
4913+ Examples:
4914+
4915+ ::
4916+
4917+ #launch a QEMU instance with the default network script
4918+ |qemu_system| linux.img -nic tap
4919+
4920+ ::
4921+
4922+ #launch a QEMU instance with two NICs, each one connected
4923+ #to a TAP device
4924+ |qemu_system| linux.img \
4925+ -netdev tap,id=nd0,ifname=tap0 -device e1000,netdev=nd0 \
4926+ -netdev tap,id=nd1,ifname=tap1 -device rtl8139,netdev=nd1
4927+
4928+ ::
4929+
4930+ #launch a QEMU instance with the default network helper to
4931+ #connect a TAP device to bridge br0
4932+ |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \
4933+ -netdev tap,id=n1,"helper=/path/to/qemu-bridge-helper"
4934+
4935+``-netdev bridge,id=id[,br=bridge][,helper=helper]``
4936+ Connect a host TAP network interface to a host bridge device.
4937+
4938+ Use the network helper helper to configure the TAP interface and
4939+ attach it to the bridge. The default network helper executable is
4940+ ``/path/to/qemu-bridge-helper`` and the default bridge device is
4941+ ``br0``.
4942+
4943+ Examples:
4944+
4945+ ::
4946+
4947+ #launch a QEMU instance with the default network helper to
4948+ #connect a TAP device to bridge br0
4949+ |qemu_system| linux.img -netdev bridge,id=n1 -device virtio-net,netdev=n1
4950+
4951+ ::
4952+
4953+ #launch a QEMU instance with the default network helper to
4954+ #connect a TAP device to bridge qemubr0
4955+ |qemu_system| linux.img -netdev bridge,br=qemubr0,id=n1 -device virtio-net,netdev=n1
4956+
4957+``-netdev socket,id=id[,fd=h][,listen=[host]:port][,connect=host:port]``
4958+ This host network backend can be used to connect the guest's network
4959+ to another QEMU virtual machine using a TCP socket connection. If
4960+ ``listen`` is specified, QEMU waits for incoming connections on port
4961+ (host is optional). ``connect`` is used to connect to another QEMU
4962+ instance using the ``listen`` option. ``fd``\ =h specifies an
4963+ already opened TCP socket.
4964+
4965+ Example:
4966+
4967+ ::
4968+
4969+ # launch a first QEMU instance
4970+ |qemu_system| linux.img \
4971+ -device e1000,netdev=n1,mac=52:54:00:12:34:56 \
4972+ -netdev socket,id=n1,listen=:1234
4973+ # connect the network of this instance to the network of the first instance
4974+ |qemu_system| linux.img \
4975+ -device e1000,netdev=n2,mac=52:54:00:12:34:57 \
4976+ -netdev socket,id=n2,connect=127.0.0.1:1234
4977+
4978+``-netdev socket,id=id[,fd=h][,mcast=maddr:port[,localaddr=addr]]``
4979+ Configure a socket host network backend to share the guest's network
4980+ traffic with another QEMU virtual machines using a UDP multicast
4981+ socket, effectively making a bus for every QEMU with same multicast
4982+ address maddr and port. NOTES:
4983+
4984+ 1. Several QEMU can be running on different hosts and share same bus
4985+ (assuming correct multicast setup for these hosts).
4986+
4987+ 2. mcast support is compatible with User Mode Linux (argument
4988+ ``ethN=mcast``), see http://user-mode-linux.sf.net.
4989+
4990+ 3. Use ``fd=h`` to specify an already opened UDP multicast socket.
4991+
4992+ Example:
4993+
4994+ ::
4995+
4996+ # launch one QEMU instance
4997+ |qemu_system| linux.img \
4998+ -device e1000,netdev=n1,mac=52:54:00:12:34:56 \
4999+ -netdev socket,id=n1,mcast=230.0.0.1:1234
5000+ # launch another QEMU instance on same "bus"
5001+ |qemu_system| linux.img \
5002+ -device e1000,netdev=n2,mac=52:54:00:12:34:57 \
5003+ -netdev socket,id=n2,mcast=230.0.0.1:1234
5004+ # launch yet another QEMU instance on same "bus"
5005+ |qemu_system| linux.img \
5006+ -device e1000,netdev=n3,mac=52:54:00:12:34:58 \
5007+ -netdev socket,id=n3,mcast=230.0.0.1:1234
5008+
5009+ Example (User Mode Linux compat.):
5010+
5011+ ::
5012+
5013+ # launch QEMU instance (note mcast address selected is UML's default)
5014+ |qemu_system| linux.img \
5015+ -device e1000,netdev=n1,mac=52:54:00:12:34:56 \
5016+ -netdev socket,id=n1,mcast=239.192.168.1:1102
5017+ # launch UML
5018+ /path/to/linux ubd0=/path/to/root_fs eth0=mcast
5019+
5020+ Example (send packets from host's 1.2.3.4):
5021+
5022+ .. parsed-literal::
5023+
5024+ |qemu_system| linux.img \
5025+ -device e1000,netdev=n1,mac=52:54:00:12:34:56 \
5026+ -netdev socket,id=n1,mcast=239.192.168.1:1102,localaddr=1.2.3.4
5027+
5028+``-netdev l2tpv3,id=id,src=srcaddr,dst=dstaddr[,srcport=srcport][,dstport=dstport],txsession=txsession[,rxsession=rxsession][,ipv6][,udp][,cookie64][,counter][,pincounter][,txcookie=txcookie][,rxcookie=rxcookie][,offset=offset]``
5029+ Configure a L2TPv3 pseudowire host network backend. L2TPv3 (RFC3931)
5030+ is a popular protocol to transport Ethernet (and other Layer 2) data
5031+ frames between two systems. It is present in routers, firewalls and
5032+ the Linux kernel (from version 3.3 onwards).
5033+
5034+ This transport allows a VM to communicate to another VM, router or
5035+ firewall directly.
5036+
5037+ ``src=srcaddr``
5038+ source address (mandatory)
5039+
5040+ ``dst=dstaddr``
5041+ destination address (mandatory)
5042+
5043+ ``udp``
5044+ select udp encapsulation (default is ip).
5045+
5046+ ``srcport=srcport``
5047+ source udp port.
5048+
5049+ ``dstport=dstport``
5050+ destination udp port.
5051+
5052+ ``ipv6``
5053+ force v6, otherwise defaults to v4.
5054+
5055+ ``rxcookie=rxcookie``; \ ``txcookie=txcookie``
5056+ Cookies are a weak form of security in the l2tpv3 specification.
5057+ Their function is mostly to prevent misconfiguration. By default
5058+ they are 32 bit.
5059+
5060+ ``cookie64``
5061+ Set cookie size to 64 bit instead of the default 32
5062+
5063+ ``counter=off``
5064+ Force a 'cut-down' L2TPv3 with no counter as in
5065+ draft-mkonstan-l2tpext-keyed-ipv6-tunnel-00
5066+
5067+ ``pincounter=on``
5068+ Work around broken counter handling in peer. This may also help
5069+ on networks which have packet reorder.
5070+
5071+ ``offset=offset``
5072+ Add an extra offset between header and data
5073+
5074+ For example, to attach a VM running on host 4.3.2.1 via L2TPv3 to
5075+ the bridge br-lan on the remote Linux host 1.2.3.4:
5076+
5077+ ::
5078+
5079+ # Setup tunnel on linux host using raw ip as encapsulation
5080+ # on 1.2.3.4
5081+ ip l2tp add tunnel remote 4.3.2.1 local 1.2.3.4 tunnel_id 1 peer_tunnel_id 1 \
5082+ encap udp udp_sport 16384 udp_dport 16384
5083+ ip l2tp add session tunnel_id 1 name vmtunnel0 session_id \
5084+ 0xFFFFFFFF peer_session_id 0xFFFFFFFF
5085+ ifconfig vmtunnel0 mtu 1500
5086+ ifconfig vmtunnel0 up
5087+ brctl addif br-lan vmtunnel0
5088+
5089+
5090+ # on 4.3.2.1
5091+ # launch QEMU instance - if your network has reorder or is very lossy add ,pincounter
5092+
5093+ |qemu_system| linux.img -device e1000,netdev=n1 \
5094+ -netdev l2tpv3,id=n1,src=4.2.3.1,dst=1.2.3.4,udp,srcport=16384,dstport=16384,rxsession=0xffffffff,txsession=0xffffffff,counter
5095+
5096+``-netdev vde,id=id[,sock=socketpath][,port=n][,group=groupname][,mode=octalmode]``
5097+ Configure VDE backend to connect to PORT n of a vde switch running
5098+ on host and listening for incoming connections on socketpath. Use
5099+ GROUP groupname and MODE octalmode to change default ownership and
5100+ permissions for communication port. This option is only available if
5101+ QEMU has been compiled with vde support enabled.
5102+
5103+ Example:
5104+
5105+ ::
5106+
5107+ # launch vde switch
5108+ vde_switch -F -sock /tmp/myswitch
5109+ # launch QEMU instance
5110+ |qemu_system| linux.img -nic vde,sock=/tmp/myswitch
5111+
5112+``-netdev vhost-user,chardev=id[,vhostforce=on|off][,queues=n]``
5113+ Establish a vhost-user netdev, backed by a chardev id. The chardev
5114+ should be a unix domain socket backed one. The vhost-user uses a
5115+ specifically defined protocol to pass vhost ioctl replacement
5116+ messages to an application on the other end of the socket. On
5117+ non-MSIX guests, the feature can be forced with vhostforce. Use
5118+ 'queues=n' to specify the number of queues to be created for
5119+ multiqueue vhost-user.
5120+
5121+ Example:
5122+
5123+ ::
5124+
5125+ qemu -m 512 -object memory-backend-file,id=mem,size=512M,mem-path=/hugetlbfs,share=on \
5126+ -numa node,memdev=mem \
5127+ -chardev socket,id=chr0,path=/path/to/socket \
5128+ -netdev type=vhost-user,id=net0,chardev=chr0 \
5129+ -device virtio-net-pci,netdev=net0
5130+
5131+``-netdev hubport,id=id,hubid=hubid[,netdev=nd]``
5132+ Create a hub port on the emulated hub with ID hubid.
5133+
5134+ The hubport netdev lets you connect a NIC to a QEMU emulated hub
5135+ instead of a single netdev. Alternatively, you can also connect the
5136+ hubport to another netdev with ID nd by using the ``netdev=nd``
5137+ option.
5138+
5139+``-net nic[,netdev=nd][,macaddr=mac][,model=type] [,name=name][,addr=addr][,vectors=v]``
5140+ Legacy option to configure or create an on-board (or machine
5141+ default) Network Interface Card(NIC) and connect it either to the
5142+ emulated hub with ID 0 (i.e. the default hub), or to the netdev nd.
5143+ If model is omitted, then the default NIC model associated with the
5144+ machine type is used. Note that the default NIC model may change in
5145+ future QEMU releases, so it is highly recommended to always specify
5146+ a model. Optionally, the MAC address can be changed to mac, the
5147+ device address set to addr (PCI cards only), and a name can be
5148+ assigned for use in monitor commands. Optionally, for PCI cards, you
5149+ can specify the number v of MSI-X vectors that the card should have;
5150+ this option currently only affects virtio cards; set v = 0 to
5151+ disable MSI-X. If no ``-net`` option is specified, a single NIC is
5152+ created. QEMU can emulate several different models of network card.
5153+ Use ``-net nic,model=help`` for a list of available devices for your
5154+ target.
5155+
5156+``-net user|tap|bridge|socket|l2tpv3|vde[,...][,name=name]``
5157+ Configure a host network backend (with the options corresponding to
5158+ the same ``-netdev`` option) and connect it to the emulated hub 0
5159+ (the default hub). Use name to specify the name of the hub port.
5160+ERST
28695161
28705162 STEXI
28715163 @end table
@@ -3209,6 +5501,264 @@ Connect to a spice virtual machine channel, such as vdiport.
32095501 Connect to a spice port, allowing a Spice client to handle the traffic
32105502 identified by a name (preferably a fqdn).
32115503 ETEXI
5504+SRST
5505+The general form of a character device option is:
5506+
5507+``-chardev backend,id=id[,mux=on|off][,options]``
5508+ Backend is one of: ``null``, ``socket``, ``udp``, ``msmouse``,
5509+ ``vc``, ``ringbuf``, ``file``, ``pipe``, ``console``, ``serial``,
5510+ ``pty``, ``stdio``, ``braille``, ``tty``, ``parallel``, ``parport``,
5511+ ``spicevmc``, ``spiceport``. The specific backend will determine the
5512+ applicable options.
5513+
5514+ Use ``-chardev help`` to print all available chardev backend types.
5515+
5516+ All devices must have an id, which can be any string up to 127
5517+ characters long. It is used to uniquely identify this device in
5518+ other command line directives.
5519+
5520+ A character device may be used in multiplexing mode by multiple
5521+ front-ends. Specify ``mux=on`` to enable this mode. A multiplexer is
5522+ a "1:N" device, and here the "1" end is your specified chardev
5523+ backend, and the "N" end is the various parts of QEMU that can talk
5524+ to a chardev. If you create a chardev with ``id=myid`` and
5525+ ``mux=on``, QEMU will create a multiplexer with your specified ID,
5526+ and you can then configure multiple front ends to use that chardev
5527+ ID for their input/output. Up to four different front ends can be
5528+ connected to a single multiplexed chardev. (Without multiplexing
5529+ enabled, a chardev can only be used by a single front end.) For
5530+ instance you could use this to allow a single stdio chardev to be
5531+ used by two serial ports and the QEMU monitor:
5532+
5533+ ::
5534+
5535+ -chardev stdio,mux=on,id=char0 \
5536+ -mon chardev=char0,mode=readline \
5537+ -serial chardev:char0 \
5538+ -serial chardev:char0
5539+
5540+ You can have more than one multiplexer in a system configuration;
5541+ for instance you could have a TCP port multiplexed between UART 0
5542+ and UART 1, and stdio multiplexed between the QEMU monitor and a
5543+ parallel port:
5544+
5545+ ::
5546+
5547+ -chardev stdio,mux=on,id=char0 \
5548+ -mon chardev=char0,mode=readline \
5549+ -parallel chardev:char0 \
5550+ -chardev tcp,...,mux=on,id=char1 \
5551+ -serial chardev:char1 \
5552+ -serial chardev:char1
5553+
5554+ When you're using a multiplexed character device, some escape
5555+ sequences are interpreted in the input. See :ref:`mux_005fkeys`.
5556+
5557+ Note that some other command line options may implicitly create
5558+ multiplexed character backends; for instance ``-serial mon:stdio``
5559+ creates a multiplexed stdio backend connected to the serial port and
5560+ the QEMU monitor, and ``-nographic`` also multiplexes the console
5561+ and the monitor to stdio.
5562+
5563+ There is currently no support for multiplexing in the other
5564+ direction (where a single QEMU front end takes input and output from
5565+ multiple chardevs).
5566+
5567+ Every backend supports the ``logfile`` option, which supplies the
5568+ path to a file to record all data transmitted via the backend. The
5569+ ``logappend`` option controls whether the log file will be truncated
5570+ or appended to when opened.
5571+
5572+The available backends are:
5573+
5574+``-chardev null,id=id``
5575+ A void device. This device will not emit any data, and will drop any
5576+ data it receives. The null backend does not take any options.
5577+
5578+``-chardev socket,id=id[,TCP options or unix options][,server][,nowait][,telnet][,websocket][,reconnect=seconds][,tls-creds=id][,tls-authz=id]``
5579+ Create a two-way stream socket, which can be either a TCP or a unix
5580+ socket. A unix socket will be created if ``path`` is specified.
5581+ Behaviour is undefined if TCP options are specified for a unix
5582+ socket.
5583+
5584+ ``server`` specifies that the socket shall be a listening socket.
5585+
5586+ ``nowait`` specifies that QEMU should not block waiting for a client
5587+ to connect to a listening socket.
5588+
5589+ ``telnet`` specifies that traffic on the socket should interpret
5590+ telnet escape sequences.
5591+
5592+ ``websocket`` specifies that the socket uses WebSocket protocol for
5593+ communication.
5594+
5595+ ``reconnect`` sets the timeout for reconnecting on non-server
5596+ sockets when the remote end goes away. qemu will delay this many
5597+ seconds and then attempt to reconnect. Zero disables reconnecting,
5598+ and is the default.
5599+
5600+ ``tls-creds`` requests enablement of the TLS protocol for
5601+ encryption, and specifies the id of the TLS credentials to use for
5602+ the handshake. The credentials must be previously created with the
5603+ ``-object tls-creds`` argument.
5604+
5605+ ``tls-auth`` provides the ID of the QAuthZ authorization object
5606+ against which the client's x509 distinguished name will be
5607+ validated. This object is only resolved at time of use, so can be
5608+ deleted and recreated on the fly while the chardev server is active.
5609+ If missing, it will default to denying access.
5610+
5611+ TCP and unix socket options are given below:
5612+
5613+ ``TCP options: port=port[,host=host][,to=to][,ipv4][,ipv6][,nodelay]``
5614+ ``host`` for a listening socket specifies the local address to
5615+ be bound. For a connecting socket species the remote host to
5616+ connect to. ``host`` is optional for listening sockets. If not
5617+ specified it defaults to ``0.0.0.0``.
5618+
5619+ ``port`` for a listening socket specifies the local port to be
5620+ bound. For a connecting socket specifies the port on the remote
5621+ host to connect to. ``port`` can be given as either a port
5622+ number or a service name. ``port`` is required.
5623+
5624+ ``to`` is only relevant to listening sockets. If it is
5625+ specified, and ``port`` cannot be bound, QEMU will attempt to
5626+ bind to subsequent ports up to and including ``to`` until it
5627+ succeeds. ``to`` must be specified as a port number.
5628+
5629+ ``ipv4`` and ``ipv6`` specify that either IPv4 or IPv6 must be
5630+ used. If neither is specified the socket may use either
5631+ protocol.
5632+
5633+ ``nodelay`` disables the Nagle algorithm.
5634+
5635+ ``unix options: path=path``
5636+ ``path`` specifies the local path of the unix socket. ``path``
5637+ is required.
5638+
5639+``-chardev udp,id=id[,host=host],port=port[,localaddr=localaddr][,localport=localport][,ipv4][,ipv6]``
5640+ Sends all traffic from the guest to a remote host over UDP.
5641+
5642+ ``host`` specifies the remote host to connect to. If not specified
5643+ it defaults to ``localhost``.
5644+
5645+ ``port`` specifies the port on the remote host to connect to.
5646+ ``port`` is required.
5647+
5648+ ``localaddr`` specifies the local address to bind to. If not
5649+ specified it defaults to ``0.0.0.0``.
5650+
5651+ ``localport`` specifies the local port to bind to. If not specified
5652+ any available local port will be used.
5653+
5654+ ``ipv4`` and ``ipv6`` specify that either IPv4 or IPv6 must be used.
5655+ If neither is specified the device may use either protocol.
5656+
5657+``-chardev msmouse,id=id``
5658+ Forward QEMU's emulated msmouse events to the guest. ``msmouse``
5659+ does not take any options.
5660+
5661+``-chardev vc,id=id[[,width=width][,height=height]][[,cols=cols][,rows=rows]]``
5662+ Connect to a QEMU text console. ``vc`` may optionally be given a
5663+ specific size.
5664+
5665+ ``width`` and ``height`` specify the width and height respectively
5666+ of the console, in pixels.
5667+
5668+ ``cols`` and ``rows`` specify that the console be sized to fit a
5669+ text console with the given dimensions.
5670+
5671+``-chardev ringbuf,id=id[,size=size]``
5672+ Create a ring buffer with fixed size ``size``. size must be a power
5673+ of two and defaults to ``64K``.
5674+
5675+``-chardev file,id=id,path=path``
5676+ Log all traffic received from the guest to a file.
5677+
5678+ ``path`` specifies the path of the file to be opened. This file will
5679+ be created if it does not already exist, and overwritten if it does.
5680+ ``path`` is required.
5681+
5682+``-chardev pipe,id=id,path=path``
5683+ Create a two-way connection to the guest. The behaviour differs
5684+ slightly between Windows hosts and other hosts:
5685+
5686+ On Windows, a single duplex pipe will be created at
5687+ ``\\.pipe\path``.
5688+
5689+ On other hosts, 2 pipes will be created called ``path.in`` and
5690+ ``path.out``. Data written to ``path.in`` will be received by the
5691+ guest. Data written by the guest can be read from ``path.out``. QEMU
5692+ will not create these fifos, and requires them to be present.
5693+
5694+ ``path`` forms part of the pipe path as described above. ``path`` is
5695+ required.
5696+
5697+``-chardev console,id=id``
5698+ Send traffic from the guest to QEMU's standard output. ``console``
5699+ does not take any options.
5700+
5701+ ``console`` is only available on Windows hosts.
5702+
5703+``-chardev serial,id=id,path=path``
5704+ Send traffic from the guest to a serial device on the host.
5705+
5706+ On Unix hosts serial will actually accept any tty device, not only
5707+ serial lines.
5708+
5709+ ``path`` specifies the name of the serial device to open.
5710+
5711+``-chardev pty,id=id``
5712+ Create a new pseudo-terminal on the host and connect to it. ``pty``
5713+ does not take any options.
5714+
5715+ ``pty`` is not available on Windows hosts.
5716+
5717+``-chardev stdio,id=id[,signal=on|off]``
5718+ Connect to standard input and standard output of the QEMU process.
5719+
5720+ ``signal`` controls if signals are enabled on the terminal, that
5721+ includes exiting QEMU with the key sequence Control-c. This option
5722+ is enabled by default, use ``signal=off`` to disable it.
5723+
5724+``-chardev braille,id=id``
5725+ Connect to a local BrlAPI server. ``braille`` does not take any
5726+ options.
5727+
5728+``-chardev tty,id=id,path=path``
5729+ ``tty`` is only available on Linux, Sun, FreeBSD, NetBSD, OpenBSD
5730+ and DragonFlyBSD hosts. It is an alias for ``serial``.
5731+
5732+ ``path`` specifies the path to the tty. ``path`` is required.
5733+
5734+``-chardev parallel,id=id,path=path``; \ ``-chardev parport,id=id,path=path``
5735+ ``parallel`` is only available on Linux, FreeBSD and DragonFlyBSD
5736+ hosts.
5737+
5738+ Connect to a local parallel port.
5739+
5740+ ``path`` specifies the path to the parallel port device. ``path`` is
5741+ required.
5742+
5743+``-chardev spicevmc,id=id,debug=debug,name=name``
5744+ ``spicevmc`` is only available when spice support is built in.
5745+
5746+ ``debug`` debug level for spicevmc
5747+
5748+ ``name`` name of spice channel to connect to
5749+
5750+ Connect to a spice virtual machine channel, such as vdiport.
5751+
5752+``-chardev spiceport,id=id,debug=debug,name=name``
5753+ ``spiceport`` is only available when spice support is built in.
5754+
5755+ ``debug`` debug level for spicevmc
5756+
5757+ ``name`` name of spice port to connect to
5758+
5759+ Connect to a spice port, allowing a Spice client to handle the
5760+ traffic identified by a name (preferably a fqdn).
5761+ERST
32125762
32135763 STEXI
32145764 @end table
@@ -3298,6 +5848,69 @@ To create a TPM emulator backend device with chardev socket backend:
32985848 @end example
32995849
33005850 ETEXI
5851+SRST
5852+The general form of a TPM device option is:
5853+
5854+``-tpmdev backend,id=id[,options]``
5855+ The specific backend type will determine the applicable options. The
5856+ ``-tpmdev`` option creates the TPM backend and requires a
5857+ ``-device`` option that specifies the TPM frontend interface model.
5858+
5859+ Use ``-tpmdev help`` to print all available TPM backend types.
5860+
5861+The available backends are:
5862+
5863+``-tpmdev passthrough,id=id,path=path,cancel-path=cancel-path``
5864+ (Linux-host only) Enable access to the host's TPM using the
5865+ passthrough driver.
5866+
5867+ ``path`` specifies the path to the host's TPM device, i.e., on a
5868+ Linux host this would be ``/dev/tpm0``. ``path`` is optional and by
5869+ default ``/dev/tpm0`` is used.
5870+
5871+ ``cancel-path`` specifies the path to the host TPM device's sysfs
5872+ entry allowing for cancellation of an ongoing TPM command.
5873+ ``cancel-path`` is optional and by default QEMU will search for the
5874+ sysfs entry to use.
5875+
5876+ Some notes about using the host's TPM with the passthrough driver:
5877+
5878+ The TPM device accessed by the passthrough driver must not be used
5879+ by any other application on the host.
5880+
5881+ Since the host's firmware (BIOS/UEFI) has already initialized the
5882+ TPM, the VM's firmware (BIOS/UEFI) will not be able to initialize
5883+ the TPM again and may therefore not show a TPM-specific menu that
5884+ would otherwise allow the user to configure the TPM, e.g., allow the
5885+ user to enable/disable or activate/deactivate the TPM. Further, if
5886+ TPM ownership is released from within a VM then the host's TPM will
5887+ get disabled and deactivated. To enable and activate the TPM again
5888+ afterwards, the host has to be rebooted and the user is required to
5889+ enter the firmware's menu to enable and activate the TPM. If the TPM
5890+ is left disabled and/or deactivated most TPM commands will fail.
5891+
5892+ To create a passthrough TPM use the following two options:
5893+
5894+ ::
5895+
5896+ -tpmdev passthrough,id=tpm0 -device tpm-tis,tpmdev=tpm0
5897+
5898+ Note that the ``-tpmdev`` id is ``tpm0`` and is referenced by
5899+ ``tpmdev=tpm0`` in the device option.
5900+
5901+``-tpmdev emulator,id=id,chardev=dev``
5902+ (Linux-host only) Enable access to a TPM emulator using Unix domain
5903+ socket based chardev backend.
5904+
5905+ ``chardev`` specifies the unique ID of a character device backend
5906+ that provides connection to the software TPM server.
5907+
5908+ To create a TPM emulator backend device with chardev socket backend:
5909+
5910+ ::
5911+
5912+ -chardev socket,id=chrtpm,path=/tmp/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0
5913+ERST
33015914
33025915 STEXI
33035916 @end table
@@ -3315,6 +5928,13 @@ for easier testing of various kernels.
33155928
33165929 @table @option
33175930 ETEXI
5931+SRST
5932+When using these options, you can use a given Linux or Multiboot kernel
5933+without installing it in the disk image. It can be useful for easier
5934+testing of various kernels.
5935+
5936+
5937+ERST
33185938
33195939 DEF("kernel", HAS_ARG, QEMU_OPTION_kernel, \
33205940 "-kernel bzImage use 'bzImage' as kernel image\n", QEMU_ARCH_ALL)
@@ -3324,6 +5944,11 @@ STEXI
33245944 Use @var{bzImage} as kernel image. The kernel can be either a Linux kernel
33255945 or in multiboot format.
33265946 ETEXI
5947+SRST
5948+``-kernel bzImage``
5949+ Use bzImage as kernel image. The kernel can be either a Linux kernel
5950+ or in multiboot format.
5951+ERST
33275952
33285953 DEF("append", HAS_ARG, QEMU_OPTION_append, \
33295954 "-append cmdline use 'cmdline' as kernel command line\n", QEMU_ARCH_ALL)
@@ -3332,6 +5957,10 @@ STEXI
33325957 @findex -append
33335958 Use @var{cmdline} as kernel command line
33345959 ETEXI
5960+SRST
5961+``-append cmdline``
5962+ Use cmdline as kernel command line
5963+ERST
33355964
33365965 DEF("initrd", HAS_ARG, QEMU_OPTION_initrd, \
33375966 "-initrd file use 'file' as initial ram disk\n", QEMU_ARCH_ALL)
@@ -3347,6 +5976,16 @@ This syntax is only available with multiboot.
33475976 Use @var{file1} and @var{file2} as modules and pass arg=foo as parameter to the
33485977 first module.
33495978 ETEXI
5979+SRST
5980+``-initrd file``
5981+ Use file as initial ram disk.
5982+
5983+``-initrd "file1 arg=foo,file2"``
5984+ This syntax is only available with multiboot.
5985+
5986+ Use file1 and file2 as modules and pass arg=foo as parameter to the
5987+ first module.
5988+ERST
33505989
33515990 DEF("dtb", HAS_ARG, QEMU_OPTION_dtb, \
33525991 "-dtb file use 'file' as device tree image\n", QEMU_ARCH_ALL)
@@ -3356,6 +5995,11 @@ STEXI
33565995 Use @var{file} as a device tree binary (dtb) image and pass it to the kernel
33575996 on boot.
33585997 ETEXI
5998+SRST
5999+``-dtb file``
6000+ Use file as a device tree binary (dtb) image and pass it to the
6001+ kernel on boot.
6002+ERST
33596003
33606004 STEXI
33616005 @end table
@@ -3396,6 +6040,28 @@ creates an fw_cfg entry named opt/com.mycompany/blob with contents
33966040 from ./my_blob.bin.
33976041
33986042 ETEXI
6043+SRST
6044+``-fw_cfg [name=]name,file=file``
6045+ Add named fw\_cfg entry with contents from file file.
6046+
6047+``-fw_cfg [name=]name,string=str``
6048+ Add named fw\_cfg entry with contents from string str.
6049+
6050+ The terminating NUL character of the contents of str will not be
6051+ included as part of the fw\_cfg item data. To insert contents with
6052+ embedded NUL characters, you have to use the file parameter.
6053+
6054+ The fw\_cfg entries are passed by QEMU through to the guest.
6055+
6056+ Example:
6057+
6058+ ::
6059+
6060+ -fw_cfg name=opt/com.mycompany/blob,file=./my_blob.bin
6061+
6062+ creates an fw\_cfg entry named opt/com.mycompany/blob with contents
6063+ from ./my\_blob.bin.
6064+ERST
33996065
34006066 DEF("serial", HAS_ARG, QEMU_OPTION_serial, \
34016067 "-serial dev redirect the serial port to char device 'dev'\n",
@@ -3534,6 +6200,161 @@ or fake device.
35346200 Three button serial mouse. Configure the guest to use Microsoft protocol.
35356201 @end table
35366202 ETEXI
6203+SRST
6204+``-serial dev``
6205+ Redirect the virtual serial port to host character device dev. The
6206+ default device is ``vc`` in graphical mode and ``stdio`` in non
6207+ graphical mode.
6208+
6209+ This option can be used several times to simulate up to 4 serial
6210+ ports.
6211+
6212+ Use ``-serial none`` to disable all serial ports.
6213+
6214+ Available character devices are:
6215+
6216+ ``vc[:WxH]``
6217+ Virtual console. Optionally, a width and height can be given in
6218+ pixel with
6219+
6220+ ::
6221+
6222+ vc:800x600
6223+
6224+ It is also possible to specify width or height in characters:
6225+
6226+ ::
6227+
6228+ vc:80Cx24C
6229+
6230+ ``pty``
6231+ [Linux only] Pseudo TTY (a new PTY is automatically allocated)
6232+
6233+ ``none``
6234+ No device is allocated.
6235+
6236+ ``null``
6237+ void device
6238+
6239+ ``chardev:id``
6240+ Use a named character device defined with the ``-chardev``
6241+ option.
6242+
6243+ ``/dev/XXX``
6244+ [Linux only] Use host tty, e.g. ``/dev/ttyS0``. The host serial
6245+ port parameters are set according to the emulated ones.
6246+
6247+ ``/dev/parportN``
6248+ [Linux only, parallel port only] Use host parallel port N.
6249+ Currently SPP and EPP parallel port features can be used.
6250+
6251+ ``file:filename``
6252+ Write output to filename. No character can be read.
6253+
6254+ ``stdio``
6255+ [Unix only] standard input/output
6256+
6257+ ``pipe:filename``
6258+ name pipe filename
6259+
6260+ ``COMn``
6261+ [Windows only] Use host serial port n
6262+
6263+ ``udp:[remote_host]:remote_port[@[src_ip]:src_port]``
6264+ This implements UDP Net Console. When remote\_host or src\_ip
6265+ are not specified they default to ``0.0.0.0``. When not using a
6266+ specified src\_port a random port is automatically chosen.
6267+
6268+ If you just want a simple readonly console you can use
6269+ ``netcat`` or ``nc``, by starting QEMU with:
6270+ ``-serial udp::4555`` and nc as: ``nc -u -l -p 4555``. Any time
6271+ QEMU writes something to that port it will appear in the
6272+ netconsole session.
6273+
6274+ If you plan to send characters back via netconsole or you want
6275+ to stop and start QEMU a lot of times, you should have QEMU use
6276+ the same source port each time by using something like ``-serial
6277+ udp::4555@:4556`` to QEMU. Another approach is to use a patched
6278+ version of netcat which can listen to a TCP port and send and
6279+ receive characters via udp. If you have a patched version of
6280+ netcat which activates telnet remote echo and single char
6281+ transfer, then you can use the following options to set up a
6282+ netcat redirector to allow telnet on port 5555 to access the
6283+ QEMU port.
6284+
6285+ ``QEMU Options:``
6286+ -serial udp::4555@:4556
6287+
6288+ ``netcat options:``
6289+ -u -P 4555 -L 0.0.0.0:4556 -t -p 5555 -I -T
6290+
6291+ ``telnet options:``
6292+ localhost 5555
6293+
6294+ ``tcp:[host]:port[,server][,nowait][,nodelay][,reconnect=seconds]``
6295+ The TCP Net Console has two modes of operation. It can send the
6296+ serial I/O to a location or wait for a connection from a
6297+ location. By default the TCP Net Console is sent to host at the
6298+ port. If you use the server option QEMU will wait for a client
6299+ socket application to connect to the port before continuing,
6300+ unless the ``nowait`` option was specified. The ``nodelay``
6301+ option disables the Nagle buffering algorithm. The ``reconnect``
6302+ option only applies if noserver is set, if the connection goes
6303+ down it will attempt to reconnect at the given interval. If host
6304+ is omitted, 0.0.0.0 is assumed. Only one TCP connection at a
6305+ time is accepted. You can use ``telnet`` to connect to the
6306+ corresponding character device.
6307+
6308+ ``Example to send tcp console to 192.168.0.2 port 4444``
6309+ -serial tcp:192.168.0.2:4444
6310+
6311+ ``Example to listen and wait on port 4444 for connection``
6312+ -serial tcp::4444,server
6313+
6314+ ``Example to not wait and listen on ip 192.168.0.100 port 4444``
6315+ -serial tcp:192.168.0.100:4444,server,nowait
6316+
6317+ ``telnet:host:port[,server][,nowait][,nodelay]``
6318+ The telnet protocol is used instead of raw tcp sockets. The
6319+ options work the same as if you had specified ``-serial tcp``.
6320+ The difference is that the port acts like a telnet server or
6321+ client using telnet option negotiation. This will also allow you
6322+ to send the MAGIC\_SYSRQ sequence if you use a telnet that
6323+ supports sending the break sequence. Typically in unix telnet
6324+ you do it with Control-] and then type "send break" followed by
6325+ pressing the enter key.
6326+
6327+ ``websocket:host:port,server[,nowait][,nodelay]``
6328+ The WebSocket protocol is used instead of raw tcp socket. The
6329+ port acts as a WebSocket server. Client mode is not supported.
6330+
6331+ ``unix:path[,server][,nowait][,reconnect=seconds]``
6332+ A unix domain socket is used instead of a tcp socket. The option
6333+ works the same as if you had specified ``-serial tcp`` except
6334+ the unix domain socket path is used for connections.
6335+
6336+ ``mon:dev_string``
6337+ This is a special option to allow the monitor to be multiplexed
6338+ onto another serial port. The monitor is accessed with key
6339+ sequence of Control-a and then pressing c. dev\_string should be
6340+ any one of the serial devices specified above. An example to
6341+ multiplex the monitor onto a telnet server listening on port
6342+ 4444 would be:
6343+
6344+ ``-serial mon:telnet::4444,server,nowait``
6345+
6346+ When the monitor is multiplexed to stdio in this way, Ctrl+C
6347+ will not terminate QEMU any more but will be passed to the guest
6348+ instead.
6349+
6350+ ``braille``
6351+ Braille device. This will use BrlAPI to display the braille
6352+ output on a real or fake device.
6353+
6354+ ``msmouse``
6355+ Three button serial mouse. Configure the guest to use Microsoft
6356+ protocol.
6357+ERST
35376358
35386359 DEF("parallel", HAS_ARG, QEMU_OPTION_parallel, \
35396360 "-parallel dev redirect the parallel port to char device 'dev'\n",
@@ -3551,6 +6372,18 @@ ports.
35516372
35526373 Use @code{-parallel none} to disable all parallel ports.
35536374 ETEXI
6375+SRST
6376+``-parallel dev``
6377+ Redirect the virtual parallel port to host device dev (same devices
6378+ as the serial port). On Linux hosts, ``/dev/parportN`` can be used
6379+ to use hardware devices connected on the corresponding host parallel
6380+ port.
6381+
6382+ This option can be used several times to simulate up to 3 parallel
6383+ ports.
6384+
6385+ Use ``-parallel none`` to disable all parallel ports.
6386+ERST
35546387
35556388 DEF("monitor", HAS_ARG, QEMU_OPTION_monitor, \
35566389 "-monitor dev redirect the monitor to char device 'dev'\n",
@@ -3564,6 +6397,13 @@ The default device is @code{vc} in graphical mode and @code{stdio} in
35646397 non graphical mode.
35656398 Use @code{-monitor none} to disable the default monitor.
35666399 ETEXI
6400+SRST
6401+``-monitor dev``
6402+ Redirect the monitor to host device dev (same devices as the serial
6403+ port). The default device is ``vc`` in graphical mode and ``stdio``
6404+ in non graphical mode. Use ``-monitor none`` to disable the default
6405+ monitor.
6406+ERST
35676407 DEF("qmp", HAS_ARG, QEMU_OPTION_qmp, \
35686408 "-qmp dev like -monitor but opens in 'control' mode\n",
35696409 QEMU_ARCH_ALL)
@@ -3572,6 +6412,10 @@ STEXI
35726412 @findex -qmp
35736413 Like -monitor but opens in 'control' mode.
35746414 ETEXI
6415+SRST
6416+``-qmp dev``
6417+ Like -monitor but opens in 'control' mode.
6418+ERST
35756419 DEF("qmp-pretty", HAS_ARG, QEMU_OPTION_qmp_pretty, \
35766420 "-qmp-pretty dev like -qmp but uses pretty JSON formatting\n",
35776421 QEMU_ARCH_ALL)
@@ -3580,6 +6424,10 @@ STEXI
35806424 @findex -qmp-pretty
35816425 Like -qmp but uses pretty JSON formatting.
35826426 ETEXI
6427+SRST
6428+``-qmp-pretty dev``
6429+ Like -qmp but uses pretty JSON formatting.
6430+ERST
35836431
35846432 DEF("mon", HAS_ARG, QEMU_OPTION_mon, \
35856433 "-mon [chardev=]name[,mode=readline|control][,pretty[=on|off]]\n", QEMU_ARCH_ALL)
@@ -3589,6 +6437,11 @@ STEXI
35896437 Setup monitor on chardev @var{name}. @code{pretty} turns on JSON pretty printing
35906438 easing human reading and debugging.
35916439 ETEXI
6440+SRST
6441+``-mon [chardev=]name[,mode=readline|control][,pretty[=on|off]]``
6442+ Setup monitor on chardev name. ``pretty`` turns on JSON pretty
6443+ printing easing human reading and debugging.
6444+ERST
35926445
35936446 DEF("debugcon", HAS_ARG, QEMU_OPTION_debugcon, \
35946447 "-debugcon dev redirect the debug console to char device 'dev'\n",
@@ -3602,6 +6455,14 @@ serial port). The debug console is an I/O port which is typically port
36026455 The default device is @code{vc} in graphical mode and @code{stdio} in
36036456 non graphical mode.
36046457 ETEXI
6458+SRST
6459+``-debugcon dev``
6460+ Redirect the debug console to host device dev (same devices as the
6461+ serial port). The debug console is an I/O port which is typically
6462+ port 0xe9; writing to that I/O port sends output to this device. The
6463+ default device is ``vc`` in graphical mode and ``stdio`` in non
6464+ graphical mode.
6465+ERST
36056466
36066467 DEF("pidfile", HAS_ARG, QEMU_OPTION_pidfile, \
36076468 "-pidfile file write PID to 'file'\n", QEMU_ARCH_ALL)
@@ -3611,6 +6472,11 @@ STEXI
36116472 Store the QEMU process PID in @var{file}. It is useful if you launch QEMU
36126473 from a script.
36136474 ETEXI
6475+SRST
6476+``-pidfile file``
6477+ Store the QEMU process PID in file. It is useful if you launch QEMU
6478+ from a script.
6479+ERST
36146480
36156481 DEF("singlestep", 0, QEMU_OPTION_singlestep, \
36166482 "-singlestep always run in singlestep mode\n", QEMU_ARCH_ALL)
@@ -3619,6 +6485,10 @@ STEXI
36196485 @findex -singlestep
36206486 Run the emulation in single step mode.
36216487 ETEXI
6488+SRST
6489+``-singlestep``
6490+ Run the emulation in single step mode.
6491+ERST
36226492
36236493 DEF("preconfig", 0, QEMU_OPTION_preconfig, \
36246494 "--preconfig pause QEMU before machine is initialized (experimental)\n",
@@ -3633,6 +6503,15 @@ the preconfig state and move to the next state (i.e. run guest if -S
36336503 isn't used or pause the second time if -S is used). This option is
36346504 experimental.
36356505 ETEXI
6506+SRST
6507+``--preconfig``
6508+ Pause QEMU for interactive configuration before the machine is
6509+ created, which allows querying and configuring properties that will
6510+ affect machine initialization. Use QMP command 'x-exit-preconfig' to
6511+ exit the preconfig state and move to the next state (i.e. run guest
6512+ if -S isn't used or pause the second time if -S is used). This
6513+ option is experimental.
6514+ERST
36366515
36376516 DEF("S", 0, QEMU_OPTION_S, \
36386517 "-S freeze CPU at startup (use 'c' to start execution)\n",
@@ -3642,6 +6521,10 @@ STEXI
36426521 @findex -S
36436522 Do not start CPU at startup (you must type 'c' in the monitor).
36446523 ETEXI
6524+SRST
6525+``-S``
6526+ Do not start CPU at startup (you must type 'c' in the monitor).
6527+ERST
36456528
36466529 DEF("realtime", HAS_ARG, QEMU_OPTION_realtime,
36476530 "-realtime [mlock=on|off]\n"
@@ -3655,6 +6538,11 @@ Run qemu with realtime features.
36556538 mlocking qemu and guest memory can be enabled via @option{mlock=on}
36566539 (enabled by default).
36576540 ETEXI
6541+SRST
6542+``-realtime mlock=on|off``
6543+ Run qemu with realtime features. mlocking qemu and guest memory can
6544+ be enabled via ``mlock=on`` (enabled by default).
6545+ERST
36586546
36596547 DEF("overcommit", HAS_ARG, QEMU_OPTION_overcommit,
36606548 "-overcommit [mem-lock=on|off][cpu-pm=on|off]\n"
@@ -3679,6 +6567,24 @@ enabled via @option{cpu-pm=on} (disabled by default). This works best when
36796567 host CPU is not overcommitted. When used, host estimates of CPU cycle and power
36806568 utilization will be incorrect, not taking into account guest idle time.
36816569 ETEXI
6570+SRST
6571+``-overcommit mem-lock=on|off``
6572+``-overcommit cpu-pm=on|off``
6573+ Run qemu with hints about host resource overcommit. The default is
6574+ to assume that host overcommits all resources.
6575+
6576+ Locking qemu and guest memory can be enabled via ``mem-lock=on``
6577+ (disabled by default). This works when host memory is not
6578+ overcommitted and reduces the worst-case latency for guest. This is
6579+ equivalent to ``realtime``.
6580+
6581+ Guest ability to manage power state of host cpus (increasing latency
6582+ for other processes on the same host cpu, but decreasing latency for
6583+ guest) can be enabled via ``cpu-pm=on`` (disabled by default). This
6584+ works best when host CPU is not overcommitted. When used, host
6585+ estimates of CPU cycle and power utilization will be incorrect, not
6586+ taking into account guest idle time.
6587+ERST
36826588
36836589 DEF("gdb", HAS_ARG, QEMU_OPTION_gdb, \
36846590 "-gdb dev wait for gdb connection on 'dev'\n", QEMU_ARCH_ALL)
@@ -3693,6 +6599,18 @@ within gdb and establish the connection via a pipe:
36936599 (gdb) target remote | exec @value{qemu_system} -gdb stdio ...
36946600 @end example
36956601 ETEXI
6602+SRST
6603+``-gdb dev``
6604+ Wait for gdb connection on device dev (see
6605+ :ref:`gdb_005fusage`). Typical connections will likely be
6606+ TCP-based, but also UDP, pseudo TTY, or even stdio are reasonable
6607+ use case. The latter is allowing to start QEMU from within gdb and
6608+ establish the connection via a pipe:
6609+
6610+ ::
6611+
6612+ (gdb) target remote | exec |qemu_system| -gdb stdio ...
6613+ERST
36966614
36976615 DEF("s", 0, QEMU_OPTION_s, \
36986616 "-s shorthand for -gdb tcp::" DEFAULT_GDBSTUB_PORT "\n",
@@ -3703,6 +6621,11 @@ STEXI
37036621 Shorthand for -gdb tcp::1234, i.e. open a gdbserver on TCP port 1234
37046622 (@pxref{gdb_usage}).
37056623 ETEXI
6624+SRST
6625+``-s``
6626+ Shorthand for -gdb tcp::1234, i.e. open a gdbserver on TCP port 1234
6627+ (see :ref:`gdb_005fusage`).
6628+ERST
37066629
37076630 DEF("d", HAS_ARG, QEMU_OPTION_d, \
37086631 "-d item1,... enable logging of specified items (use '-d help' for a list of log items)\n",
@@ -3712,6 +6635,11 @@ STEXI
37126635 @findex -d
37136636 Enable logging of specified items. Use '-d help' for a list of log items.
37146637 ETEXI
6638+SRST
6639+``-d item1[,...]``
6640+ Enable logging of specified items. Use '-d help' for a list of log
6641+ items.
6642+ERST
37156643
37166644 DEF("D", HAS_ARG, QEMU_OPTION_D, \
37176645 "-D logfile output log to logfile (default stderr)\n",
@@ -3721,6 +6649,10 @@ STEXI
37216649 @findex -D
37226650 Output log in @var{logfile} instead of to stderr
37236651 ETEXI
6652+SRST
6653+``-D logfile``
6654+ Output log in logfile instead of to stderr
6655+ERST
37246656
37256657 DEF("dfilter", HAS_ARG, QEMU_OPTION_DFILTER, \
37266658 "-dfilter range,.. filter debug output to range of addresses (useful for -d cpu,exec,etc..)\n",
@@ -3739,6 +6671,21 @@ Will dump output for any code in the 0x1000 sized block starting at 0x8000 and
37396671 the 0x200 sized block starting at 0xffffffc000080000 and another 0x1000 sized
37406672 block starting at 0xffffffc00005f000.
37416673 ETEXI
6674+SRST
6675+``-dfilter range1[,...]``
6676+ Filter debug output to that relevant to a range of target addresses.
6677+ The filter spec can be either start+size, start-size or start..end
6678+ where start end and size are the addresses and sizes required. For
6679+ example:
6680+
6681+ ::
6682+
6683+ -dfilter 0x8000..0x8fff,0xffffffc000080000+0x200,0xffffffc000060000-0x1000
6684+
6685+ Will dump output for any code in the 0x1000 sized block starting at
6686+ 0x8000 and the 0x200 sized block starting at 0xffffffc000080000 and
6687+ another 0x1000 sized block starting at 0xffffffc00005f000.
6688+ERST
37426689
37436690 DEF("seed", HAS_ARG, QEMU_OPTION_seed, \
37446691 "-seed number seed the pseudo-random number generator\n",
@@ -3749,6 +6696,12 @@ STEXI
37496696 Force the guest to use a deterministic pseudo-random number generator, seeded
37506697 with @var{number}. This does not affect crypto routines within the host.
37516698 ETEXI
6699+SRST
6700+``-seed number``
6701+ Force the guest to use a deterministic pseudo-random number
6702+ generator, seeded with number. This does not affect crypto routines
6703+ within the host.
6704+ERST
37526705
37536706 DEF("L", HAS_ARG, QEMU_OPTION_L, \
37546707 "-L path set the directory for the BIOS, VGA BIOS and keymaps\n",
@@ -3760,6 +6713,12 @@ Set the directory for the BIOS, VGA BIOS and keymaps.
37606713
37616714 To list all the data directories, use @code{-L help}.
37626715 ETEXI
6716+SRST
6717+``-L path``
6718+ Set the directory for the BIOS, VGA BIOS and keymaps.
6719+
6720+ To list all the data directories, use ``-L help``.
6721+ERST
37636722
37646723 DEF("bios", HAS_ARG, QEMU_OPTION_bios, \
37656724 "-bios file set the filename for the BIOS\n", QEMU_ARCH_ALL)
@@ -3768,6 +6727,10 @@ STEXI
37686727 @findex -bios
37696728 Set the filename for the BIOS.
37706729 ETEXI
6730+SRST
6731+``-bios file``
6732+ Set the filename for the BIOS.
6733+ERST
37716734
37726735 DEF("enable-kvm", 0, QEMU_OPTION_enable_kvm, \
37736736 "-enable-kvm enable KVM full virtualization support\n", QEMU_ARCH_ALL)
@@ -3777,6 +6740,11 @@ STEXI
37776740 Enable KVM full virtualization support. This option is only available
37786741 if KVM support is enabled when compiling.
37796742 ETEXI
6743+SRST
6744+``-enable-kvm``
6745+ Enable KVM full virtualization support. This option is only
6746+ available if KVM support is enabled when compiling.
6747+ERST
37806748
37816749 DEF("xen-domid", HAS_ARG, QEMU_OPTION_xen_domid,
37826750 "-xen-domid id specify xen guest domain id\n", QEMU_ARCH_ALL)
@@ -3800,6 +6768,15 @@ libxl will use this when starting QEMU (XEN only).
38006768 @findex -xen-domid-restrict
38016769 Restrict set of available xen operations to specified domain id (XEN only).
38026770 ETEXI
6771+SRST
6772+``-xen-domid id``
6773+ Specify xen guest domain id (XEN only).
6774+
6775+``-xen-attach``
6776+ Attach to existing xen domain. libxl will use this when starting
6777+ QEMU (XEN only). Restrict set of available xen operations to
6778+ specified domain id (XEN only).
6779+ERST
38036780
38046781 DEF("no-reboot", 0, QEMU_OPTION_no_reboot, \
38056782 "-no-reboot exit instead of rebooting\n", QEMU_ARCH_ALL)
@@ -3808,6 +6785,10 @@ STEXI
38086785 @findex -no-reboot
38096786 Exit instead of rebooting.
38106787 ETEXI
6788+SRST
6789+``-no-reboot``
6790+ Exit instead of rebooting.
6791+ERST
38116792
38126793 DEF("no-shutdown", 0, QEMU_OPTION_no_shutdown, \
38136794 "-no-shutdown stop before shutdown\n", QEMU_ARCH_ALL)
@@ -3818,6 +6799,12 @@ Don't exit QEMU on guest shutdown, but instead only stop the emulation.
38186799 This allows for instance switching to monitor to commit changes to the
38196800 disk image.
38206801 ETEXI
6802+SRST
6803+``-no-shutdown``
6804+ Don't exit QEMU on guest shutdown, but instead only stop the
6805+ emulation. This allows for instance switching to monitor to commit
6806+ changes to the disk image.
6807+ERST
38216808
38226809 DEF("loadvm", HAS_ARG, QEMU_OPTION_loadvm, \
38236810 "-loadvm [tag|id]\n" \
@@ -3828,6 +6815,10 @@ STEXI
38286815 @findex -loadvm
38296816 Start right away with a saved state (@code{loadvm} in monitor)
38306817 ETEXI
6818+SRST
6819+``-loadvm file``
6820+ Start right away with a saved state (``loadvm`` in monitor)
6821+ERST
38316822
38326823 #ifndef _WIN32
38336824 DEF("daemonize", 0, QEMU_OPTION_daemonize, \
@@ -3841,6 +6832,14 @@ standard IO until it is ready to receive connections on any of its devices.
38416832 This option is a useful way for external programs to launch QEMU without having
38426833 to cope with initialization race conditions.
38436834 ETEXI
6835+SRST
6836+``-daemonize``
6837+ Daemonize the QEMU process after initialization. QEMU will not
6838+ detach from standard IO until it is ready to receive connections on
6839+ any of its devices. This option is a useful way for external
6840+ programs to launch QEMU without having to cope with initialization
6841+ race conditions.
6842+ERST
38446843
38456844 DEF("option-rom", HAS_ARG, QEMU_OPTION_option_rom, \
38466845 "-option-rom rom load a file, rom, into the option ROM space\n",
@@ -3851,6 +6850,11 @@ STEXI
38516850 Load the contents of @var{file} as an option ROM.
38526851 This option is useful to load things like EtherBoot.
38536852 ETEXI
6853+SRST
6854+``-option-rom file``
6855+ Load the contents of file as an option ROM. This option is useful to
6856+ load things like EtherBoot.
6857+ERST
38546858
38556859 DEF("rtc", HAS_ARG, QEMU_OPTION_rtc, \
38566860 "-rtc [base=utc|localtime|<datetime>][,clock=host|rt|vm][,driftfix=none|slew]\n" \
@@ -3882,6 +6886,32 @@ specifically with Windows' ACPI HAL. This option will try to figure out how
38826886 many timer interrupts were not processed by the Windows guest and will
38836887 re-inject them.
38846888 ETEXI
6889+SRST
6890+``-rtc [base=utc|localtime|datetime][,clock=host|rt|vm][,driftfix=none|slew]``
6891+ Specify ``base`` as ``utc`` or ``localtime`` to let the RTC start at
6892+ the current UTC or local time, respectively. ``localtime`` is
6893+ required for correct date in MS-DOS or Windows. To start at a
6894+ specific point in time, provide datetime in the format
6895+ ``2006-06-17T16:01:21`` or ``2006-06-17``. The default base is UTC.
6896+
6897+ By default the RTC is driven by the host system time. This allows
6898+ using of the RTC as accurate reference clock inside the guest,
6899+ specifically if the host time is smoothly following an accurate
6900+ external reference clock, e.g. via NTP. If you want to isolate the
6901+ guest time from the host, you can set ``clock`` to ``rt`` instead,
6902+ which provides a host monotonic clock if host support it. To even
6903+ prevent the RTC from progressing during suspension, you can set
6904+ ``clock`` to ``vm`` (virtual clock). '\ ``clock=vm``\ ' is
6905+ recommended especially in icount mode in order to preserve
6906+ determinism; however, note that in icount mode the speed of the
6907+ virtual clock is variable and can in general differ from the host
6908+ clock.
6909+
6910+ Enable ``driftfix`` (i386 targets only) if you experience time drift
6911+ problems, specifically with Windows' ACPI HAL. This option will try
6912+ to figure out how many timer interrupts were not processed by the
6913+ Windows guest and will re-inject them.
6914+ERST
38856915
38866916 DEF("icount", HAS_ARG, QEMU_OPTION_icount, \
38876917 "-icount [shift=N|auto][,align=on|off][,sleep=on|off,rr=record|replay,rrfile=<filename>,rrsnapshot=<snapshot>]\n" \
@@ -3927,6 +6957,45 @@ Option rrsnapshot is used to create new vm snapshot named @var{snapshot}
39276957 at the start of execution recording. In replay mode this option is used
39286958 to load the initial VM state.
39296959 ETEXI
6960+SRST
6961+``-icount [shift=N|auto][,rr=record|replay,rrfile=filename,rrsnapshot=snapshot]``
6962+ Enable virtual instruction counter. The virtual cpu will execute one
6963+ instruction every 2^N ns of virtual time. If ``auto`` is specified
6964+ then the virtual cpu speed will be automatically adjusted to keep
6965+ virtual time within a few seconds of real time.
6966+
6967+ When the virtual cpu is sleeping, the virtual time will advance at
6968+ default speed unless ``sleep=on|off`` is specified. With
6969+ ``sleep=on|off``, the virtual time will jump to the next timer
6970+ deadline instantly whenever the virtual cpu goes to sleep mode and
6971+ will not advance if no timer is enabled. This behavior give
6972+ deterministic execution times from the guest point of view.
6973+
6974+ Note that while this option can give deterministic behavior, it does
6975+ not provide cycle accurate emulation. Modern CPUs contain
6976+ superscalar out of order cores with complex cache hierarchies. The
6977+ number of instructions executed often has little or no correlation
6978+ with actual performance.
6979+
6980+ ``align=on`` will activate the delay algorithm which will try to
6981+ synchronise the host clock and the virtual clock. The goal is to
6982+ have a guest running at the real frequency imposed by the shift
6983+ option. Whenever the guest clock is behind the host clock and if
6984+ ``align=on`` is specified then we print a message to the user to
6985+ inform about the delay. Currently this option does not work when
6986+ ``shift`` is ``auto``. Note: The sync algorithm will work for those
6987+ shift values for which the guest clock runs ahead of the host clock.
6988+ Typically this happens when the shift value is high (how high
6989+ depends on the host machine).
6990+
6991+ When ``rr`` option is specified deterministic record/replay is
6992+ enabled. Replay log is written into filename file in record mode and
6993+ read from this file in replay mode.
6994+
6995+ Option rrsnapshot is used to create new vm snapshot named snapshot
6996+ at the start of execution recording. In replay mode this option is
6997+ used to load the initial VM state.
6998+ERST
39306999
39317000 DEF("watchdog", HAS_ARG, QEMU_OPTION_watchdog, \
39327001 "-watchdog model\n" \
@@ -3956,6 +7025,30 @@ A virtual watchdog for s390x backed by the diagnose 288 hypercall
39567025 (currently KVM only).
39577026 @end table
39587027 ETEXI
7028+SRST
7029+``-watchdog model``
7030+ Create a virtual hardware watchdog device. Once enabled (by a guest
7031+ action), the watchdog must be periodically polled by an agent inside
7032+ the guest or else the guest will be restarted. Choose a model for
7033+ which your guest has drivers.
7034+
7035+ The model is the model of hardware watchdog to emulate. Use
7036+ ``-watchdog help`` to list available hardware models. Only one
7037+ watchdog can be enabled for a guest.
7038+
7039+ The following models may be available:
7040+
7041+ ``ib700``
7042+ iBASE 700 is a very simple ISA watchdog with a single timer.
7043+
7044+ ``i6300esb``
7045+ Intel 6300ESB I/O controller hub is a much more featureful
7046+ PCI-based dual-timer watchdog.
7047+
7048+ ``diag288``
7049+ A virtual watchdog for s390x backed by the diagnose 288
7050+ hypercall (currently KVM only).
7051+ERST
39597052
39607053 DEF("watchdog-action", HAS_ARG, QEMU_OPTION_watchdog_action, \
39617054 "-watchdog-action reset|shutdown|poweroff|inject-nmi|pause|debug|none\n" \
@@ -3989,6 +7082,26 @@ Examples:
39897082 @itemx -watchdog ib700
39907083 @end table
39917084 ETEXI
7085+SRST
7086+``-watchdog-action action``
7087+ The action controls what QEMU will do when the watchdog timer
7088+ expires. The default is ``reset`` (forcefully reset the guest).
7089+ Other possible actions are: ``shutdown`` (attempt to gracefully
7090+ shutdown the guest), ``poweroff`` (forcefully poweroff the guest),
7091+ ``inject-nmi`` (inject a NMI into the guest), ``pause`` (pause the
7092+ guest), ``debug`` (print a debug message and continue), or ``none``
7093+ (do nothing).
7094+
7095+ Note that the ``shutdown`` action requires that the guest responds
7096+ to ACPI signals, which it may not be able to do in the sort of
7097+ situations where the watchdog would have expired, and thus
7098+ ``-watchdog-action shutdown`` is not recommended for production use.
7099+
7100+ Examples:
7101+
7102+ ``-watchdog i6300esb -watchdog-action pause``; \ ``-watchdog ib700``
7103+
7104+ERST
39927105
39937106 DEF("echr", HAS_ARG, QEMU_OPTION_echr, \
39947107 "-echr chr set terminal escape character instead of ctrl-a\n",
@@ -4009,6 +7122,19 @@ character to Control-t.
40097122 @itemx -echr 20
40107123 @end table
40117124 ETEXI
7125+SRST
7126+``-echr numeric_ascii_value``
7127+ Change the escape character used for switching to the monitor when
7128+ using monitor and serial sharing. The default is ``0x01`` when using
7129+ the ``-nographic`` option. ``0x01`` is equal to pressing
7130+ ``Control-a``. You can select a different character from the ascii
7131+ control keys where 1 through 26 map to Control-a through Control-z.
7132+ For instance you could use the either of the following to change the
7133+ escape character to Control-t.
7134+
7135+ ``-echr 0x14``; \ ``-echr 20``
7136+
7137+ERST
40127138
40137139 DEF("show-cursor", 0, QEMU_OPTION_show_cursor, \
40147140 "-show-cursor show cursor\n", QEMU_ARCH_ALL)
@@ -4017,6 +7143,10 @@ STEXI
40177143 @findex -show-cursor
40187144 Show cursor.
40197145 ETEXI
7146+SRST
7147+``-show-cursor``
7148+ Show cursor.
7149+ERST
40207150
40217151 DEF("tb-size", HAS_ARG, QEMU_OPTION_tb_size, \
40227152 "-tb-size n set TB size\n", QEMU_ARCH_ALL)
@@ -4026,6 +7156,11 @@ STEXI
40267156 Set TCG translation block cache size. Deprecated, use @samp{-accel tcg,tb-size=@var{n}}
40277157 instead.
40287158 ETEXI
7159+SRST
7160+``-tb-size n``
7161+ Set TCG translation block cache size. Deprecated, use
7162+ '\ ``-accel tcg,tb-size=n``\ ' instead.
7163+ERST
40297164
40307165 DEF("incoming", HAS_ARG, QEMU_OPTION_incoming, \
40317166 "-incoming tcp:[host]:port[,to=maxport][,ipv4][,ipv6]\n" \
@@ -4060,6 +7195,25 @@ Wait for the URI to be specified via migrate_incoming. The monitor can
40607195 be used to change settings (such as migration parameters) prior to issuing
40617196 the migrate_incoming to allow the migration to begin.
40627197 ETEXI
7198+SRST
7199+``-incoming tcp:[host]:port[,to=maxport][,ipv4][,ipv6]``; \ ``-incoming rdma:host:port[,ipv4][,ipv6]``
7200+ Prepare for incoming migration, listen on a given tcp port.
7201+
7202+``-incoming unix:socketpath``
7203+ Prepare for incoming migration, listen on a given unix socket.
7204+
7205+``-incoming fd:fd``
7206+ Accept incoming migration from a given filedescriptor.
7207+
7208+``-incoming exec:cmdline``
7209+ Accept incoming migration as an output from specified external
7210+ command.
7211+
7212+``-incoming defer``
7213+ Wait for the URI to be specified via migrate\_incoming. The monitor
7214+ can be used to change settings (such as migration parameters) prior
7215+ to issuing the migrate\_incoming to allow the migration to begin.
7216+ERST
40637217
40647218 DEF("only-migratable", 0, QEMU_OPTION_only_migratable, \
40657219 "-only-migratable allow only migratable devices\n", QEMU_ARCH_ALL)
@@ -4069,6 +7223,11 @@ STEXI
40697223 Only allow migratable devices. Devices will not be allowed to enter an
40707224 unmigratable state.
40717225 ETEXI
7226+SRST
7227+``-only-migratable``
7228+ Only allow migratable devices. Devices will not be allowed to enter
7229+ an unmigratable state.
7230+ERST
40727231
40737232 DEF("nodefaults", 0, QEMU_OPTION_nodefaults, \
40747233 "-nodefaults don't create default devices\n", QEMU_ARCH_ALL)
@@ -4080,6 +7239,13 @@ port, parallel port, virtual console, monitor device, VGA adapter, floppy and
40807239 CD-ROM drive and others. The @code{-nodefaults} option will disable all those
40817240 default devices.
40827241 ETEXI
7242+SRST
7243+``-nodefaults``
7244+ Don't create default devices. Normally, QEMU sets the default
7245+ devices like serial port, parallel port, virtual console, monitor
7246+ device, VGA adapter, floppy and CD-ROM drive and others. The
7247+ ``-nodefaults`` option will disable all those default devices.
7248+ERST
40837249
40847250 #ifndef _WIN32
40857251 DEF("chroot", HAS_ARG, QEMU_OPTION_chroot, \
@@ -4092,6 +7258,11 @@ STEXI
40927258 Immediately before starting guest execution, chroot to the specified
40937259 directory. Especially useful in combination with -runas.
40947260 ETEXI
7261+SRST
7262+``-chroot dir``
7263+ Immediately before starting guest execution, chroot to the specified
7264+ directory. Especially useful in combination with -runas.
7265+ERST
40957266
40967267 #ifndef _WIN32
40977268 DEF("runas", HAS_ARG, QEMU_OPTION_runas, \
@@ -4105,6 +7276,11 @@ STEXI
41057276 Immediately before starting guest execution, drop root privileges, switching
41067277 to the specified user.
41077278 ETEXI
7279+SRST
7280+``-runas user``
7281+ Immediately before starting guest execution, drop root privileges,
7282+ switching to the specified user.
7283+ERST
41087284
41097285 DEF("prom-env", HAS_ARG, QEMU_OPTION_prom_env,
41107286 "-prom-env variable=value\n"
@@ -4127,6 +7303,21 @@ qemu-system-ppc -prom-env 'auto-boot?=false' \
41277303 @end example
41287304
41297305 ETEXI
7306+SRST
7307+``-prom-env variable=value``
7308+ Set OpenBIOS nvram variable to given value (PPC, SPARC only).
7309+
7310+ ::
7311+
7312+ qemu-system-sparc -prom-env 'auto-boot?=false' \
7313+ -prom-env 'boot-device=sd(0,2,0):d' -prom-env 'boot-args=linux single'
7314+
7315+ ::
7316+
7317+ qemu-system-ppc -prom-env 'auto-boot?=false' \
7318+ -prom-env 'boot-device=hd:2,\yaboot' \
7319+ -prom-env 'boot-args=conf=hd:2,\yaboot.conf'
7320+ERST
41307321 DEF("semihosting", 0, QEMU_OPTION_semihosting,
41317322 "-semihosting semihosting mode\n",
41327323 QEMU_ARCH_ARM | QEMU_ARCH_M68K | QEMU_ARCH_XTENSA | QEMU_ARCH_LM32 |
@@ -4142,6 +7333,16 @@ should only be used with a trusted guest OS.
41427333 See the -semihosting-config option documentation for further information
41437334 about the facilities this enables.
41447335 ETEXI
7336+SRST
7337+``-semihosting``
7338+ Enable semihosting mode (ARM, M68K, Xtensa, MIPS, Nios II only).
7339+
7340+ Note that this allows guest direct access to the host filesystem, so
7341+ should only be used with a trusted guest OS.
7342+
7343+ See the -semihosting-config option documentation for further
7344+ information about the facilities this enables.
7345+ERST
41457346 DEF("semihosting-config", HAS_ARG, QEMU_OPTION_semihosting_config,
41467347 "-semihosting-config [enable=on|off][,target=native|gdb|auto][,chardev=id][,arg=str[,...]]\n" \
41477348 " semihosting configuration\n",
@@ -4178,6 +7379,41 @@ command line is still supported for backward compatibility. If both the
41787379 specified, the former is passed to semihosting as it always takes precedence.
41797380 @end table
41807381 ETEXI
7382+SRST
7383+``-semihosting-config [enable=on|off][,target=native|gdb|auto][,chardev=id][,arg=str[,...]]``
7384+ Enable and configure semihosting (ARM, M68K, Xtensa, MIPS, Nios II
7385+ only).
7386+
7387+ Note that this allows guest direct access to the host filesystem, so
7388+ should only be used with a trusted guest OS.
7389+
7390+ On Arm this implements the standard semihosting API, version 2.0.
7391+
7392+ On M68K this implements the "ColdFire GDB" interface used by
7393+ libgloss.
7394+
7395+ Xtensa semihosting provides basic file IO calls, such as
7396+ open/read/write/seek/select. Tensilica baremetal libc for ISS and
7397+ linux platform "sim" use this interface.
7398+
7399+ ``target=native|gdb|auto``
7400+ Defines where the semihosting calls will be addressed, to QEMU
7401+ (``native``) or to GDB (``gdb``). The default is ``auto``, which
7402+ means ``gdb`` during debug sessions and ``native`` otherwise.
7403+
7404+ ``chardev=str1``
7405+ Send the output to a chardev backend output for native or auto
7406+ output when not in gdb
7407+
7408+ ``arg=str1,arg=str2,...``
7409+ Allows the user to pass input arguments, and can be used
7410+ multiple times to build up a list. The old-style
7411+ ``-kernel``/``-append`` method of passing a command line is
7412+ still supported for backward compatibility. If both the
7413+ ``--semihosting-config arg`` and the ``-kernel``/``-append`` are
7414+ specified, the former is passed to semihosting as it always
7415+ takes precedence.
7416+ERST
41817417 DEF("old-param", 0, QEMU_OPTION_old_param,
41827418 "-old-param old param mode\n", QEMU_ARCH_ARM)
41837419 STEXI
@@ -4185,6 +7421,10 @@ STEXI
41857421 @findex -old-param (ARM)
41867422 Old param mode (ARM only).
41877423 ETEXI
7424+SRST
7425+``-old-param``
7426+ Old param mode (ARM only).
7427+ERST
41887428
41897429 DEF("sandbox", HAS_ARG, QEMU_OPTION_sandbox, \
41907430 "-sandbox on[,obsolete=allow|deny][,elevateprivileges=allow|deny|children]\n" \
@@ -4217,6 +7457,23 @@ Disable *fork and execve
42177457 Disable process affinity and schedular priority
42187458 @end table
42197459 ETEXI
7460+SRST
7461+``-sandbox arg[,obsolete=string][,elevateprivileges=string][,spawn=string][,resourcecontrol=string]``
7462+ Enable Seccomp mode 2 system call filter. 'on' will enable syscall
7463+ filtering and 'off' will disable it. The default is 'off'.
7464+
7465+ ``obsolete=string``
7466+ Enable Obsolete system calls
7467+
7468+ ``elevateprivileges=string``
7469+ Disable set\*uid\|gid system calls
7470+
7471+ ``spawn=string``
7472+ Disable \*fork and execve
7473+
7474+ ``resourcecontrol=string``
7475+ Disable process affinity and schedular priority
7476+ERST
42207477
42217478 DEF("readconfig", HAS_ARG, QEMU_OPTION_readconfig,
42227479 "-readconfig <file>\n", QEMU_ARCH_ALL)
@@ -4227,6 +7484,12 @@ Read device configuration from @var{file}. This approach is useful when you want
42277484 QEMU process with many command line options but you don't want to exceed the command line
42287485 character limit.
42297486 ETEXI
7487+SRST
7488+``-readconfig file``
7489+ Read device configuration from file. This approach is useful when
7490+ you want to spawn QEMU process with many command line options but
7491+ you don't want to exceed the command line character limit.
7492+ERST
42307493 DEF("writeconfig", HAS_ARG, QEMU_OPTION_writeconfig,
42317494 "-writeconfig <file>\n"
42327495 " read/write config file\n", QEMU_ARCH_ALL)
@@ -4237,6 +7500,13 @@ Write device configuration to @var{file}. The @var{file} can be either filename
42377500 command line and device configuration into file or dash @code{-}) character to print the
42387501 output to stdout. This can be later used as input file for @code{-readconfig} option.
42397502 ETEXI
7503+SRST
7504+``-writeconfig file``
7505+ Write device configuration to file. The file can be either filename
7506+ to save command line and device configuration into file or dash
7507+ ``-``) character to print the output to stdout. This can be later
7508+ used as input file for ``-readconfig`` option.
7509+ERST
42407510
42417511 DEF("no-user-config", 0, QEMU_OPTION_nouserconfig,
42427512 "-no-user-config\n"
@@ -4248,6 +7518,11 @@ STEXI
42487518 The @code{-no-user-config} option makes QEMU not load any of the user-provided
42497519 config files on @var{sysconfdir}.
42507520 ETEXI
7521+SRST
7522+``-no-user-config``
7523+ The ``-no-user-config`` option makes QEMU not load any of the
7524+ user-provided config files on sysconfdir.
7525+ERST
42517526
42527527 DEF("trace", HAS_ARG, QEMU_OPTION_trace,
42537528 "-trace [[enable=]<pattern>][,events=<file>][,file=<file>]\n"
@@ -4260,6 +7535,30 @@ HXCOMM HX does not support conditional compilation of text.
42607535 @findex -trace
42617536 @include docs/system/qemu-option-trace.texi
42627537 ETEXI
7538+SRST
7539+``-trace [[enable=]pattern][,events=file][,file=file]``
7540+ Specify tracing options.
7541+
7542+ ``[enable=]pattern``
7543+ Immediately enable events matching pattern (either event name or
7544+ a globbing pattern). This option is only available if QEMU has
7545+ been compiled with the simple, log or ftrace tracing backend. To
7546+ specify multiple events or patterns, specify the ``-trace``
7547+ option multiple times.
7548+
7549+ Use ``-trace help`` to print a list of names of trace points.
7550+
7551+ ``events=file``
7552+ Immediately enable events listed in file. The file must contain
7553+ one event name (as listed in the ``trace-events-all`` file) per
7554+ line; globbing patterns are accepted too. This option is only
7555+ available if QEMU has been compiled with the simple, log or
7556+ ftrace tracing backend.
7557+
7558+ ``file=file``
7559+ Log output traces to file. This option is only available if QEMU
7560+ has been compiled with the simple tracing backend.
7561+ERST
42637562 DEF("plugin", HAS_ARG, QEMU_OPTION_plugin,
42647563 "-plugin [file=]<file>[,arg=<string>]\n"
42657564 " load a plugin\n",
@@ -4277,6 +7576,17 @@ Load the given plugin from a shared library file.
42777576 Argument string passed to the plugin. (Can be given multiple times.)
42787577 @end table
42797578 ETEXI
7579+SRST
7580+``-plugin file=file[,arg=string]``
7581+ Load a plugin.
7582+
7583+ ``file=file``
7584+ Load the given plugin from a shared library file.
7585+
7586+ ``arg=string``
7587+ Argument string passed to the plugin. (Can be given multiple
7588+ times.)
7589+ERST
42807590
42817591 HXCOMM Internal use
42827592 DEF("qtest", HAS_ARG, QEMU_OPTION_qtest, "", QEMU_ARCH_ALL)
@@ -4292,6 +7602,10 @@ STEXI
42927602 @findex -enable-fips
42937603 Enable FIPS 140-2 compliance mode.
42947604 ETEXI
7605+SRST
7606+``-enable-fips``
7607+ Enable FIPS 140-2 compliance mode.
7608+ERST
42957609
42967610 HXCOMM Deprecated by -accel tcg
42977611 DEF("no-kvm", 0, QEMU_OPTION_no_kvm, "", QEMU_ARCH_I386)
@@ -4310,6 +7624,13 @@ Control error message format.
43107624 Prefix messages with a timestamp. Default is off.
43117625 @end table
43127626 ETEXI
7627+SRST
7628+``-msg timestamp[=on|off]``
7629+ Control error message format.
7630+
7631+ ``timestamp=on|off``
7632+ Prefix messages with a timestamp. Default is off.
7633+ERST
43137634
43147635 DEF("dump-vmstate", HAS_ARG, QEMU_OPTION_dump_vmstate,
43157636 "-dump-vmstate <file>\n"
@@ -4324,6 +7645,11 @@ STEXI
43247645 Dump json-encoded vmstate information for current machine type to file
43257646 in @var{file}
43267647 ETEXI
7648+SRST
7649+``-dump-vmstate file``
7650+ Dump json-encoded vmstate information for current machine type to
7651+ file in file
7652+ERST
43277653
43287654 DEF("enable-sync-profile", 0, QEMU_OPTION_enable_sync_profile,
43297655 "-enable-sync-profile\n"
@@ -4334,6 +7660,10 @@ STEXI
43347660 @findex -enable-sync-profile
43357661 Enable synchronization profiling.
43367662 ETEXI
7663+SRST
7664+``-enable-sync-profile``
7665+ Enable synchronization profiling.
7666+ERST
43377667
43387668 STEXI
43397669 @end table
@@ -5035,6 +8365,696 @@ The polling parameters can be modified at run-time using the @code{qom-set} comm
50358365 @end table
50368366
50378367 ETEXI
8368+SRST
8369+``-object typename[,prop1=value1,...]``
8370+ Create a new object of type typename setting properties in the order
8371+ they are specified. Note that the 'id' property must be set. These
8372+ objects are placed in the '/objects' path.
8373+
8374+ ``-object memory-backend-file,id=id,size=size,mem-path=dir,share=on|off,discard-data=on|off,merge=on|off,dump=on|off,prealloc=on|off,host-nodes=host-nodes,policy=default|preferred|bind|interleave,align=align``
8375+ Creates a memory file backend object, which can be used to back
8376+ the guest RAM with huge pages.
8377+
8378+ The ``id`` parameter is a unique ID that will be used to
8379+ reference this memory region when configuring the ``-numa``
8380+ argument.
8381+
8382+ The ``size`` option provides the size of the memory region, and
8383+ accepts common suffixes, eg ``500M``.
8384+
8385+ The ``mem-path`` provides the path to either a shared memory or
8386+ huge page filesystem mount.
8387+
8388+ The ``share`` boolean option determines whether the memory
8389+ region is marked as private to QEMU, or shared. The latter
8390+ allows a co-operating external process to access the QEMU memory
8391+ region.
8392+
8393+ The ``share`` is also required for pvrdma devices due to
8394+ limitations in the RDMA API provided by Linux.
8395+
8396+ Setting share=on might affect the ability to configure NUMA
8397+ bindings for the memory backend under some circumstances, see
8398+ Documentation/vm/numa\_memory\_policy.txt on the Linux kernel
8399+ source tree for additional details.
8400+
8401+ Setting the ``discard-data`` boolean option to on indicates that
8402+ file contents can be destroyed when QEMU exits, to avoid
8403+ unnecessarily flushing data to the backing file. Note that
8404+ ``discard-data`` is only an optimization, and QEMU might not
8405+ discard file contents if it aborts unexpectedly or is terminated
8406+ using SIGKILL.
8407+
8408+ The ``merge`` boolean option enables memory merge, also known as
8409+ MADV\_MERGEABLE, so that Kernel Samepage Merging will consider
8410+ the pages for memory deduplication.
8411+
8412+ Setting the ``dump`` boolean option to off excludes the memory
8413+ from core dumps. This feature is also known as MADV\_DONTDUMP.
8414+
8415+ The ``prealloc`` boolean option enables memory preallocation.
8416+
8417+ The ``host-nodes`` option binds the memory range to a list of
8418+ NUMA host nodes.
8419+
8420+ The ``policy`` option sets the NUMA policy to one of the
8421+ following values:
8422+
8423+ ``default``
8424+ default host policy
8425+
8426+ ``preferred``
8427+ prefer the given host node list for allocation
8428+
8429+ ``bind``
8430+ restrict memory allocation to the given host node list
8431+
8432+ ``interleave``
8433+ interleave memory allocations across the given host node
8434+ list
8435+
8436+ The ``align`` option specifies the base address alignment when
8437+ QEMU mmap(2) ``mem-path``, and accepts common suffixes, eg
8438+ ``2M``. Some backend store specified by ``mem-path`` requires an
8439+ alignment different than the default one used by QEMU, eg the
8440+ device DAX /dev/dax0.0 requires 2M alignment rather than 4K. In
8441+ such cases, users can specify the required alignment via this
8442+ option.
8443+
8444+ The ``pmem`` option specifies whether the backing file specified
8445+ by ``mem-path`` is in host persistent memory that can be
8446+ accessed using the SNIA NVM programming model (e.g. Intel
8447+ NVDIMM). If ``pmem`` is set to 'on', QEMU will take necessary
8448+ operations to guarantee the persistence of its own writes to
8449+ ``mem-path`` (e.g. in vNVDIMM label emulation and live
8450+ migration). Also, we will map the backend-file with MAP\_SYNC
8451+ flag, which ensures the file metadata is in sync for
8452+ ``mem-path`` in case of host crash or a power failure. MAP\_SYNC
8453+ requires support from both the host kernel (since Linux kernel
8454+ 4.15) and the filesystem of ``mem-path`` mounted with DAX
8455+ option.
8456+
8457+ ``-object memory-backend-ram,id=id,merge=on|off,dump=on|off,share=on|off,prealloc=on|off,size=size,host-nodes=host-nodes,policy=default|preferred|bind|interleave``
8458+ Creates a memory backend object, which can be used to back the
8459+ guest RAM. Memory backend objects offer more control than the
8460+ ``-m`` option that is traditionally used to define guest RAM.
8461+ Please refer to ``memory-backend-file`` for a description of the
8462+ options.
8463+
8464+ ``-object memory-backend-memfd,id=id,merge=on|off,dump=on|off,share=on|off,prealloc=on|off,size=size,host-nodes=host-nodes,policy=default|preferred|bind|interleave,seal=on|off,hugetlb=on|off,hugetlbsize=size``
8465+ Creates an anonymous memory file backend object, which allows
8466+ QEMU to share the memory with an external process (e.g. when
8467+ using vhost-user). The memory is allocated with memfd and
8468+ optional sealing. (Linux only)
8469+
8470+ The ``seal`` option creates a sealed-file, that will block
8471+ further resizing the memory ('on' by default).
8472+
8473+ The ``hugetlb`` option specify the file to be created resides in
8474+ the hugetlbfs filesystem (since Linux 4.14). Used in conjunction
8475+ with the ``hugetlb`` option, the ``hugetlbsize`` option specify
8476+ the hugetlb page size on systems that support multiple hugetlb
8477+ page sizes (it must be a power of 2 value supported by the
8478+ system).
8479+
8480+ In some versions of Linux, the ``hugetlb`` option is
8481+ incompatible with the ``seal`` option (requires at least Linux
8482+ 4.16).
8483+
8484+ Please refer to ``memory-backend-file`` for a description of the
8485+ other options.
8486+
8487+ The ``share`` boolean option is on by default with memfd.
8488+
8489+ ``-object rng-builtin,id=id``
8490+ Creates a random number generator backend which obtains entropy
8491+ from QEMU builtin functions. The ``id`` parameter is a unique ID
8492+ that will be used to reference this entropy backend from the
8493+ ``virtio-rng`` device. By default, the ``virtio-rng`` device
8494+ uses this RNG backend.
8495+
8496+ ``-object rng-random,id=id,filename=/dev/random``
8497+ Creates a random number generator backend which obtains entropy
8498+ from a device on the host. The ``id`` parameter is a unique ID
8499+ that will be used to reference this entropy backend from the
8500+ ``virtio-rng`` device. The ``filename`` parameter specifies
8501+ which file to obtain entropy from and if omitted defaults to
8502+ ``/dev/urandom``.
8503+
8504+ ``-object rng-egd,id=id,chardev=chardevid``
8505+ Creates a random number generator backend which obtains entropy
8506+ from an external daemon running on the host. The ``id``
8507+ parameter is a unique ID that will be used to reference this
8508+ entropy backend from the ``virtio-rng`` device. The ``chardev``
8509+ parameter is the unique ID of a character device backend that
8510+ provides the connection to the RNG daemon.
8511+
8512+ ``-object tls-creds-anon,id=id,endpoint=endpoint,dir=/path/to/cred/dir,verify-peer=on|off``
8513+ Creates a TLS anonymous credentials object, which can be used to
8514+ provide TLS support on network backends. The ``id`` parameter is
8515+ a unique ID which network backends will use to access the
8516+ credentials. The ``endpoint`` is either ``server`` or ``client``
8517+ depending on whether the QEMU network backend that uses the
8518+ credentials will be acting as a client or as a server. If
8519+ ``verify-peer`` is enabled (the default) then once the handshake
8520+ is completed, the peer credentials will be verified, though this
8521+ is a no-op for anonymous credentials.
8522+
8523+ The dir parameter tells QEMU where to find the credential files.
8524+ For server endpoints, this directory may contain a file
8525+ dh-params.pem providing diffie-hellman parameters to use for the
8526+ TLS server. If the file is missing, QEMU will generate a set of
8527+ DH parameters at startup. This is a computationally expensive
8528+ operation that consumes random pool entropy, so it is
8529+ recommended that a persistent set of parameters be generated
8530+ upfront and saved.
8531+
8532+ ``-object tls-creds-psk,id=id,endpoint=endpoint,dir=/path/to/keys/dir[,username=username]``
8533+ Creates a TLS Pre-Shared Keys (PSK) credentials object, which
8534+ can be used to provide TLS support on network backends. The
8535+ ``id`` parameter is a unique ID which network backends will use
8536+ to access the credentials. The ``endpoint`` is either ``server``
8537+ or ``client`` depending on whether the QEMU network backend that
8538+ uses the credentials will be acting as a client or as a server.
8539+ For clients only, ``username`` is the username which will be
8540+ sent to the server. If omitted it defaults to "qemu".
8541+
8542+ The dir parameter tells QEMU where to find the keys file. It is
8543+ called "dir/keys.psk" and contains "username:key" pairs. This
8544+ file can most easily be created using the GnuTLS ``psktool``
8545+ program.
8546+
8547+ For server endpoints, dir may also contain a file dh-params.pem
8548+ providing diffie-hellman parameters to use for the TLS server.
8549+ If the file is missing, QEMU will generate a set of DH
8550+ parameters at startup. This is a computationally expensive
8551+ operation that consumes random pool entropy, so it is
8552+ recommended that a persistent set of parameters be generated up
8553+ front and saved.
8554+
8555+ ``-object tls-creds-x509,id=id,endpoint=endpoint,dir=/path/to/cred/dir,priority=priority,verify-peer=on|off,passwordid=id``
8556+ Creates a TLS anonymous credentials object, which can be used to
8557+ provide TLS support on network backends. The ``id`` parameter is
8558+ a unique ID which network backends will use to access the
8559+ credentials. The ``endpoint`` is either ``server`` or ``client``
8560+ depending on whether the QEMU network backend that uses the
8561+ credentials will be acting as a client or as a server. If
8562+ ``verify-peer`` is enabled (the default) then once the handshake
8563+ is completed, the peer credentials will be verified. With x509
8564+ certificates, this implies that the clients must be provided
8565+ with valid client certificates too.
8566+
8567+ The dir parameter tells QEMU where to find the credential files.
8568+ For server endpoints, this directory may contain a file
8569+ dh-params.pem providing diffie-hellman parameters to use for the
8570+ TLS server. If the file is missing, QEMU will generate a set of
8571+ DH parameters at startup. This is a computationally expensive
8572+ operation that consumes random pool entropy, so it is
8573+ recommended that a persistent set of parameters be generated
8574+ upfront and saved.
8575+
8576+ For x509 certificate credentials the directory will contain
8577+ further files providing the x509 certificates. The certificates
8578+ must be stored in PEM format, in filenames ca-cert.pem,
8579+ ca-crl.pem (optional), server-cert.pem (only servers),
8580+ server-key.pem (only servers), client-cert.pem (only clients),
8581+ and client-key.pem (only clients).
8582+
8583+ For the server-key.pem and client-key.pem files which contain
8584+ sensitive private keys, it is possible to use an encrypted
8585+ version by providing the passwordid parameter. This provides the
8586+ ID of a previously created ``secret`` object containing the
8587+ password for decryption.
8588+
8589+ The priority parameter allows to override the global default
8590+ priority used by gnutls. This can be useful if the system
8591+ administrator needs to use a weaker set of crypto priorities for
8592+ QEMU without potentially forcing the weakness onto all
8593+ applications. Or conversely if one wants wants a stronger
8594+ default for QEMU than for all other applications, they can do
8595+ this through this parameter. Its format is a gnutls priority
8596+ string as described at
8597+ https://gnutls.org/manual/html_node/Priority-Strings.html.
8598+
8599+ ``-object filter-buffer,id=id,netdev=netdevid,interval=t[,queue=all|rx|tx][,status=on|off][,position=head|tail|id=<id>][,insert=behind|before]``
8600+ Interval t can't be 0, this filter batches the packet delivery:
8601+ all packets arriving in a given interval on netdev netdevid are
8602+ delayed until the end of the interval. Interval is in
8603+ microseconds. ``status`` is optional that indicate whether the
8604+ netfilter is on (enabled) or off (disabled), the default status
8605+ for netfilter will be 'on'.
8606+
8607+ queue all\|rx\|tx is an option that can be applied to any
8608+ netfilter.
8609+
8610+ ``all``: the filter is attached both to the receive and the
8611+ transmit queue of the netdev (default).
8612+
8613+ ``rx``: the filter is attached to the receive queue of the
8614+ netdev, where it will receive packets sent to the netdev.
8615+
8616+ ``tx``: the filter is attached to the transmit queue of the
8617+ netdev, where it will receive packets sent by the netdev.
8618+
8619+ position head\|tail\|id=<id> is an option to specify where the
8620+ filter should be inserted in the filter list. It can be applied
8621+ to any netfilter.
8622+
8623+ ``head``: the filter is inserted at the head of the filter list,
8624+ before any existing filters.
8625+
8626+ ``tail``: the filter is inserted at the tail of the filter list,
8627+ behind any existing filters (default).
8628+
8629+ ``id=<id>``: the filter is inserted before or behind the filter
8630+ specified by <id>, see the insert option below.
8631+
8632+ insert behind\|before is an option to specify where to insert
8633+ the new filter relative to the one specified with
8634+ position=id=<id>. It can be applied to any netfilter.
8635+
8636+ ``before``: insert before the specified filter.
8637+
8638+ ``behind``: insert behind the specified filter (default).
8639+
8640+ ``-object filter-mirror,id=id,netdev=netdevid,outdev=chardevid,queue=all|rx|tx[,vnet_hdr_support][,position=head|tail|id=<id>][,insert=behind|before]``
8641+ filter-mirror on netdev netdevid,mirror net packet to
8642+ chardevchardevid, if it has the vnet\_hdr\_support flag,
8643+ filter-mirror will mirror packet with vnet\_hdr\_len.
8644+
8645+ ``-object filter-redirector,id=id,netdev=netdevid,indev=chardevid,outdev=chardevid,queue=all|rx|tx[,vnet_hdr_support][,position=head|tail|id=<id>][,insert=behind|before]``
8646+ filter-redirector on netdev netdevid,redirect filter's net
8647+ packet to chardev chardevid,and redirect indev's packet to
8648+ filter.if it has the vnet\_hdr\_support flag, filter-redirector
8649+ will redirect packet with vnet\_hdr\_len. Create a
8650+ filter-redirector we need to differ outdev id from indev id, id
8651+ can not be the same. we can just use indev or outdev, but at
8652+ least one of indev or outdev need to be specified.
8653+
8654+ ``-object filter-rewriter,id=id,netdev=netdevid,queue=all|rx|tx,[vnet_hdr_support][,position=head|tail|id=<id>][,insert=behind|before]``
8655+ Filter-rewriter is a part of COLO project.It will rewrite tcp
8656+ packet to secondary from primary to keep secondary tcp
8657+ connection,and rewrite tcp packet to primary from secondary make
8658+ tcp packet can be handled by client.if it has the
8659+ vnet\_hdr\_support flag, we can parse packet with vnet header.
8660+
8661+ usage: colo secondary: -object
8662+ filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0 -object
8663+ filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1 -object
8664+ filter-rewriter,id=rew0,netdev=hn0,queue=all
8665+
8666+ ``-object filter-dump,id=id,netdev=dev[,file=filename][,maxlen=len][,position=head|tail|id=<id>][,insert=behind|before]``
8667+ Dump the network traffic on netdev dev to the file specified by
8668+ filename. At most len bytes (64k by default) per packet are
8669+ stored. The file format is libpcap, so it can be analyzed with
8670+ tools such as tcpdump or Wireshark.
8671+
8672+ ``-object colo-compare,id=id,primary_in=chardevid,secondary_in=chardevid,outdev=chardevid,iothread=id[,vnet_hdr_support][,notify_dev=id]``
8673+ Colo-compare gets packet from primary\_inchardevid and
8674+ secondary\_inchardevid, than compare primary packet with
8675+ secondary packet. If the packets are same, we will output
8676+ primary packet to outdevchardevid, else we will notify
8677+ colo-frame do checkpoint and send primary packet to
8678+ outdevchardevid. In order to improve efficiency, we need to put
8679+ the task of comparison in another thread. If it has the
8680+ vnet\_hdr\_support flag, colo compare will send/recv packet with
8681+ vnet\_hdr\_len. If you want to use Xen COLO, will need the
8682+ notify\_dev to notify Xen colo-frame to do checkpoint.
8683+
8684+ we must use it with the help of filter-mirror and
8685+ filter-redirector.
8686+
8687+ ::
8688+
8689+ KVM COLO
8690+
8691+ primary:
8692+ -netdev tap,id=hn0,vhost=off,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown
8693+ -device e1000,id=e0,netdev=hn0,mac=52:a4:00:12:78:66
8694+ -chardev socket,id=mirror0,host=3.3.3.3,port=9003,server,nowait
8695+ -chardev socket,id=compare1,host=3.3.3.3,port=9004,server,nowait
8696+ -chardev socket,id=compare0,host=3.3.3.3,port=9001,server,nowait
8697+ -chardev socket,id=compare0-0,host=3.3.3.3,port=9001
8698+ -chardev socket,id=compare_out,host=3.3.3.3,port=9005,server,nowait
8699+ -chardev socket,id=compare_out0,host=3.3.3.3,port=9005
8700+ -object iothread,id=iothread1
8701+ -object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0
8702+ -object filter-redirector,netdev=hn0,id=redire0,queue=rx,indev=compare_out
8703+ -object filter-redirector,netdev=hn0,id=redire1,queue=rx,outdev=compare0
8704+ -object colo-compare,id=comp0,primary_in=compare0-0,secondary_in=compare1,outdev=compare_out0,iothread=iothread1
8705+
8706+ secondary:
8707+ -netdev tap,id=hn0,vhost=off,script=/etc/qemu-ifup,down script=/etc/qemu-ifdown
8708+ -device e1000,netdev=hn0,mac=52:a4:00:12:78:66
8709+ -chardev socket,id=red0,host=3.3.3.3,port=9003
8710+ -chardev socket,id=red1,host=3.3.3.3,port=9004
8711+ -object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
8712+ -object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
8713+
8714+
8715+ Xen COLO
8716+
8717+ primary:
8718+ -netdev tap,id=hn0,vhost=off,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown
8719+ -device e1000,id=e0,netdev=hn0,mac=52:a4:00:12:78:66
8720+ -chardev socket,id=mirror0,host=3.3.3.3,port=9003,server,nowait
8721+ -chardev socket,id=compare1,host=3.3.3.3,port=9004,server,nowait
8722+ -chardev socket,id=compare0,host=3.3.3.3,port=9001,server,nowait
8723+ -chardev socket,id=compare0-0,host=3.3.3.3,port=9001
8724+ -chardev socket,id=compare_out,host=3.3.3.3,port=9005,server,nowait
8725+ -chardev socket,id=compare_out0,host=3.3.3.3,port=9005
8726+ -chardev socket,id=notify_way,host=3.3.3.3,port=9009,server,nowait
8727+ -object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0
8728+ -object filter-redirector,netdev=hn0,id=redire0,queue=rx,indev=compare_out
8729+ -object filter-redirector,netdev=hn0,id=redire1,queue=rx,outdev=compare0
8730+ -object iothread,id=iothread1
8731+ -object colo-compare,id=comp0,primary_in=compare0-0,secondary_in=compare1,outdev=compare_out0,notify_dev=nofity_way,iothread=iothread1
8732+
8733+ secondary:
8734+ -netdev tap,id=hn0,vhost=off,script=/etc/qemu-ifup,down script=/etc/qemu-ifdown
8735+ -device e1000,netdev=hn0,mac=52:a4:00:12:78:66
8736+ -chardev socket,id=red0,host=3.3.3.3,port=9003
8737+ -chardev socket,id=red1,host=3.3.3.3,port=9004
8738+ -object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
8739+ -object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
8740+
8741+ If you want to know the detail of above command line, you can
8742+ read the colo-compare git log.
8743+
8744+ ``-object cryptodev-backend-builtin,id=id[,queues=queues]``
8745+ Creates a cryptodev backend which executes crypto opreation from
8746+ the QEMU cipher APIS. The id parameter is a unique ID that will
8747+ be used to reference this cryptodev backend from the
8748+ ``virtio-crypto`` device. The queues parameter is optional,
8749+ which specify the queue number of cryptodev backend, the default
8750+ of queues is 1.
8751+
8752+ ::
8753+
8754+ # |qemu_system| \
8755+ [...] \
8756+ -object cryptodev-backend-builtin,id=cryptodev0 \
8757+ -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \
8758+ [...]
8759+
8760+ ``-object cryptodev-vhost-user,id=id,chardev=chardevid[,queues=queues]``
8761+ Creates a vhost-user cryptodev backend, backed by a chardev
8762+ chardevid. The id parameter is a unique ID that will be used to
8763+ reference this cryptodev backend from the ``virtio-crypto``
8764+ device. The chardev should be a unix domain socket backed one.
8765+ The vhost-user uses a specifically defined protocol to pass
8766+ vhost ioctl replacement messages to an application on the other
8767+ end of the socket. The queues parameter is optional, which
8768+ specify the queue number of cryptodev backend for multiqueue
8769+ vhost-user, the default of queues is 1.
8770+
8771+ ::
8772+
8773+ # |qemu_system| \
8774+ [...] \
8775+ -chardev socket,id=chardev0,path=/path/to/socket \
8776+ -object cryptodev-vhost-user,id=cryptodev0,chardev=chardev0 \
8777+ -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \
8778+ [...]
8779+
8780+ ``-object secret,id=id,data=string,format=raw|base64[,keyid=secretid,iv=string]``
8781+ ``-object secret,id=id,file=filename,format=raw|base64[,keyid=secretid,iv=string]``
8782+ Defines a secret to store a password, encryption key, or some
8783+ other sensitive data. The sensitive data can either be passed
8784+ directly via the data parameter, or indirectly via the file
8785+ parameter. Using the data parameter is insecure unless the
8786+ sensitive data is encrypted.
8787+
8788+ The sensitive data can be provided in raw format (the default),
8789+ or base64. When encoded as JSON, the raw format only supports
8790+ valid UTF-8 characters, so base64 is recommended for sending
8791+ binary data. QEMU will convert from which ever format is
8792+ provided to the format it needs internally. eg, an RBD password
8793+ can be provided in raw format, even though it will be base64
8794+ encoded when passed onto the RBD sever.
8795+
8796+ For added protection, it is possible to encrypt the data
8797+ associated with a secret using the AES-256-CBC cipher. Use of
8798+ encryption is indicated by providing the keyid and iv
8799+ parameters. The keyid parameter provides the ID of a previously
8800+ defined secret that contains the AES-256 decryption key. This
8801+ key should be 32-bytes long and be base64 encoded. The iv
8802+ parameter provides the random initialization vector used for
8803+ encryption of this particular secret and should be a base64
8804+ encrypted string of the 16-byte IV.
8805+
8806+ The simplest (insecure) usage is to provide the secret inline
8807+
8808+ ::
8809+
8810+ # |qemu_system| -object secret,id=sec0,data=letmein,format=raw
8811+
8812+ The simplest secure usage is to provide the secret via a file
8813+
8814+ # printf "letmein" > mypasswd.txt # QEMU\_SYSTEM\_MACRO -object
8815+ secret,id=sec0,file=mypasswd.txt,format=raw
8816+
8817+ For greater security, AES-256-CBC should be used. To illustrate
8818+ usage, consider the openssl command line tool which can encrypt
8819+ the data. Note that when encrypting, the plaintext must be
8820+ padded to the cipher block size (32 bytes) using the standard
8821+ PKCS#5/6 compatible padding algorithm.
8822+
8823+ First a master key needs to be created in base64 encoding:
8824+
8825+ ::
8826+
8827+ # openssl rand -base64 32 > key.b64
8828+ # KEY=$(base64 -d key.b64 | hexdump -v -e '/1 "%02X"')
8829+
8830+ Each secret to be encrypted needs to have a random
8831+ initialization vector generated. These do not need to be kept
8832+ secret
8833+
8834+ ::
8835+
8836+ # openssl rand -base64 16 > iv.b64
8837+ # IV=$(base64 -d iv.b64 | hexdump -v -e '/1 "%02X"')
8838+
8839+ The secret to be defined can now be encrypted, in this case
8840+ we're telling openssl to base64 encode the result, but it could
8841+ be left as raw bytes if desired.
8842+
8843+ ::
8844+
8845+ # SECRET=$(printf "letmein" |
8846+ openssl enc -aes-256-cbc -a -K $KEY -iv $IV)
8847+
8848+ When launching QEMU, create a master secret pointing to
8849+ ``key.b64`` and specify that to be used to decrypt the user
8850+ password. Pass the contents of ``iv.b64`` to the second secret
8851+
8852+ ::
8853+
8854+ # |qemu_system| \
8855+ -object secret,id=secmaster0,format=base64,file=key.b64 \
8856+ -object secret,id=sec0,keyid=secmaster0,format=base64,\
8857+ data=$SECRET,iv=$(<iv.b64)
8858+
8859+ ``-object sev-guest,id=id,cbitpos=cbitpos,reduced-phys-bits=val,[sev-device=string,policy=policy,handle=handle,dh-cert-file=file,session-file=file]``
8860+ Create a Secure Encrypted Virtualization (SEV) guest object,
8861+ which can be used to provide the guest memory encryption support
8862+ on AMD processors.
8863+
8864+ When memory encryption is enabled, one of the physical address
8865+ bit (aka the C-bit) is utilized to mark if a memory page is
8866+ protected. The ``cbitpos`` is used to provide the C-bit
8867+ position. The C-bit position is Host family dependent hence user
8868+ must provide this value. On EPYC, the value should be 47.
8869+
8870+ When memory encryption is enabled, we loose certain bits in
8871+ physical address space. The ``reduced-phys-bits`` is used to
8872+ provide the number of bits we loose in physical address space.
8873+ Similar to C-bit, the value is Host family dependent. On EPYC,
8874+ the value should be 5.
8875+
8876+ The ``sev-device`` provides the device file to use for
8877+ communicating with the SEV firmware running inside AMD Secure
8878+ Processor. The default device is '/dev/sev'. If hardware
8879+ supports memory encryption then /dev/sev devices are created by
8880+ CCP driver.
8881+
8882+ The ``policy`` provides the guest policy to be enforced by the
8883+ SEV firmware and restrict what configuration and operational
8884+ commands can be performed on this guest by the hypervisor. The
8885+ policy should be provided by the guest owner and is bound to the
8886+ guest and cannot be changed throughout the lifetime of the
8887+ guest. The default is 0.
8888+
8889+ If guest ``policy`` allows sharing the key with another SEV
8890+ guest then ``handle`` can be use to provide handle of the guest
8891+ from which to share the key.
8892+
8893+ The ``dh-cert-file`` and ``session-file`` provides the guest
8894+ owner's Public Diffie-Hillman key defined in SEV spec. The PDH
8895+ and session parameters are used for establishing a cryptographic
8896+ session with the guest owner to negotiate keys used for
8897+ attestation. The file must be encoded in base64.
8898+
8899+ e.g to launch a SEV guest
8900+
8901+ ::
8902+
8903+ # |qemu_system_x86| \
8904+ ......
8905+ -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=5 \
8906+ -machine ...,memory-encryption=sev0
8907+ .....
8908+
8909+ ``-object authz-simple,id=id,identity=string``
8910+ Create an authorization object that will control access to
8911+ network services.
8912+
8913+ The ``identity`` parameter is identifies the user and its format
8914+ depends on the network service that authorization object is
8915+ associated with. For authorizing based on TLS x509 certificates,
8916+ the identity must be the x509 distinguished name. Note that care
8917+ must be taken to escape any commas in the distinguished name.
8918+
8919+ An example authorization object to validate a x509 distinguished
8920+ name would look like:
8921+
8922+ ::
8923+
8924+ # |qemu_system| \
8925+ ...
8926+ -object 'authz-simple,id=auth0,identity=CN=laptop.example.com,,O=Example Org,,L=London,,ST=London,,C=GB' \
8927+ ...
8928+
8929+ Note the use of quotes due to the x509 distinguished name
8930+ containing whitespace, and escaping of ','.
8931+
8932+ ``-object authz-listfile,id=id,filename=path,refresh=yes|no``
8933+ Create an authorization object that will control access to
8934+ network services.
8935+
8936+ The ``filename`` parameter is the fully qualified path to a file
8937+ containing the access control list rules in JSON format.
8938+
8939+ An example set of rules that match against SASL usernames might
8940+ look like:
8941+
8942+ ::
8943+
8944+ {
8945+ "rules": [
8946+ { "match": "fred", "policy": "allow", "format": "exact" },
8947+ { "match": "bob", "policy": "allow", "format": "exact" },
8948+ { "match": "danb", "policy": "deny", "format": "glob" },
8949+ { "match": "dan*", "policy": "allow", "format": "exact" },
8950+ ],
8951+ "policy": "deny"
8952+ }
8953+
8954+ When checking access the object will iterate over all the rules
8955+ and the first rule to match will have its ``policy`` value
8956+ returned as the result. If no rules match, then the default
8957+ ``policy`` value is returned.
8958+
8959+ The rules can either be an exact string match, or they can use
8960+ the simple UNIX glob pattern matching to allow wildcards to be
8961+ used.
8962+
8963+ If ``refresh`` is set to true the file will be monitored and
8964+ automatically reloaded whenever its content changes.
8965+
8966+ As with the ``authz-simple`` object, the format of the identity
8967+ strings being matched depends on the network service, but is
8968+ usually a TLS x509 distinguished name, or a SASL username.
8969+
8970+ An example authorization object to validate a SASL username
8971+ would look like:
8972+
8973+ ::
8974+
8975+ # |qemu_system| \
8976+ ...
8977+ -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=yes
8978+ ...
8979+
8980+ ``-object authz-pam,id=id,service=string``
8981+ Create an authorization object that will control access to
8982+ network services.
8983+
8984+ The ``service`` parameter provides the name of a PAM service to
8985+ use for authorization. It requires that a file
8986+ ``/etc/pam.d/service`` exist to provide the configuration for
8987+ the ``account`` subsystem.
8988+
8989+ An example authorization object to validate a TLS x509
8990+ distinguished name would look like:
8991+
8992+ ::
8993+
8994+ # |qemu_system| \
8995+ ...
8996+ -object authz-pam,id=auth0,service=qemu-vnc
8997+ ...
8998+
8999+ There would then be a corresponding config file for PAM at
9000+ ``/etc/pam.d/qemu-vnc`` that contains:
9001+
9002+ ::
9003+
9004+ account requisite pam_listfile.so item=user sense=allow \
9005+ file=/etc/qemu/vnc.allow
9006+
9007+ Finally the ``/etc/qemu/vnc.allow`` file would contain the list
9008+ of x509 distingished names that are permitted access
9009+
9010+ ::
9011+
9012+ CN=laptop.example.com,O=Example Home,L=London,ST=London,C=GB
9013+
9014+ ``-object iothread,id=id,poll-max-ns=poll-max-ns,poll-grow=poll-grow,poll-shrink=poll-shrink``
9015+ Creates a dedicated event loop thread that devices can be
9016+ assigned to. This is known as an IOThread. By default device
9017+ emulation happens in vCPU threads or the main event loop thread.
9018+ This can become a scalability bottleneck. IOThreads allow device
9019+ emulation and I/O to run on other host CPUs.
9020+
9021+ The ``id`` parameter is a unique ID that will be used to
9022+ reference this IOThread from ``-device ...,iothread=id``.
9023+ Multiple devices can be assigned to an IOThread. Note that not
9024+ all devices support an ``iothread`` parameter.
9025+
9026+ The ``query-iothreads`` QMP command lists IOThreads and reports
9027+ their thread IDs so that the user can configure host CPU
9028+ pinning/affinity.
9029+
9030+ IOThreads use an adaptive polling algorithm to reduce event loop
9031+ latency. Instead of entering a blocking system call to monitor
9032+ file descriptors and then pay the cost of being woken up when an
9033+ event occurs, the polling algorithm spins waiting for events for
9034+ a short time. The algorithm's default parameters are suitable
9035+ for many cases but can be adjusted based on knowledge of the
9036+ workload and/or host device latency.
9037+
9038+ The ``poll-max-ns`` parameter is the maximum number of
9039+ nanoseconds to busy wait for events. Polling can be disabled by
9040+ setting this value to 0.
9041+
9042+ The ``poll-grow`` parameter is the multiplier used to increase
9043+ the polling time when the algorithm detects it is missing events
9044+ due to not polling long enough.
9045+
9046+ The ``poll-shrink`` parameter is the divisor used to decrease
9047+ the polling time when the algorithm detects it is spending too
9048+ long polling without encountering events.
9049+
9050+ The polling parameters can be modified at run-time using the
9051+ ``qom-set`` command (where ``iothread1`` is the IOThread's
9052+ ``id``):
9053+
9054+ ::
9055+
9056+ (qemu) qom-set /objects/iothread1 poll-max-ns 100000
9057+ERST
50389058
50399059
50409060 HXCOMM This is the last statement. Insert new options before this line!