1HXCOMM See docs/devel/docs.rst for the format of this file. 2HXCOMM 3HXCOMM Use DEFHEADING() to define headings in both help text and rST. 4HXCOMM Text between SRST and ERST is copied to the rST version and 5HXCOMM discarded from C version. 6HXCOMM DEF(option, HAS_ARG/0, opt_enum, opt_help, arch_mask) is used to 7HXCOMM construct option structures, enums and help message for specified 8HXCOMM architectures. 9HXCOMM HXCOMM can be used for comments, discarded from both rST and C. 10 11DEFHEADING(Standard options:) 12 13DEF("help", 0, QEMU_OPTION_h, 14 "-h or -help display this help and exit\n", QEMU_ARCH_ALL) 15SRST 16``-h`` 17 Display help and exit 18ERST 19 20DEF("version", 0, QEMU_OPTION_version, 21 "-version display version information and exit\n", QEMU_ARCH_ALL) 22SRST 23``-version`` 24 Display version information and exit 25ERST 26 27DEF("machine", HAS_ARG, QEMU_OPTION_machine, \ 28 "-machine [type=]name[,prop[=value][,...]]\n" 29 " selects emulated machine ('-machine help' for list)\n" 30 " property accel=accel1[:accel2[:...]] selects accelerator\n" 31 " supported accelerators are kvm, xen, hvf, nvmm, whpx or tcg (default: tcg)\n" 32 " vmport=on|off|auto controls emulation of vmport (default: auto)\n" 33 " dump-guest-core=on|off include guest memory in a core dump (default=on)\n" 34 " mem-merge=on|off controls memory merge support (default: on)\n" 35 " aes-key-wrap=on|off controls support for AES key wrapping (default=on)\n" 36 " dea-key-wrap=on|off controls support for DEA key wrapping (default=on)\n" 37 " suppress-vmdesc=on|off disables self-describing migration (default=off)\n" 38 " nvdimm=on|off controls NVDIMM support (default=off)\n" 39 " memory-encryption=@var{} memory encryption object to use (default=none)\n" 40 " hmat=on|off controls ACPI HMAT support (default=off)\n" 41#ifdef CONFIG_POSIX 42 " aux-ram-share=on|off allocate auxiliary guest RAM as shared (default: off)\n" 43#endif 44 " memory-backend='backend-id' specifies explicitly provided backend for main RAM (default=none)\n" 45 " cxl-fmw.0.targets.0=firsttarget,cxl-fmw.0.targets.1=secondtarget,cxl-fmw.0.size=size[,cxl-fmw.0.interleave-granularity=granularity]\n", 46 QEMU_ARCH_ALL) 47SRST 48``-machine [type=]name[,prop=value[,...]]`` 49 Select the emulated machine by name. Use ``-machine help`` to list 50 available machines. 51 52 For architectures which aim to support live migration compatibility 53 across releases, each release will introduce a new versioned machine 54 type. For example, the 2.8.0 release introduced machine types 55 "pc-i440fx-2.8" and "pc-q35-2.8" for the x86\_64/i686 architectures. 56 57 To allow live migration of guests from QEMU version 2.8.0, to QEMU 58 version 2.9.0, the 2.9.0 version must support the "pc-i440fx-2.8" 59 and "pc-q35-2.8" machines too. To allow users live migrating VMs to 60 skip multiple intermediate releases when upgrading, new releases of 61 QEMU will support machine types from many previous versions. 62 63 Supported machine properties are: 64 65 ``accel=accels1[:accels2[:...]]`` 66 This is used to enable an accelerator. Depending on the target 67 architecture, kvm, xen, hvf, nvmm, whpx or tcg can be available. 68 By default, tcg is used. If there is more than one accelerator 69 specified, the next one is used if the previous one fails to 70 initialize. 71 72 ``vmport=on|off|auto`` 73 Enables emulation of VMWare IO port, for vmmouse etc. auto says 74 to select the value based on accel and i8042. For accel=xen or 75 i8042=off the default is off otherwise the default is on. 76 77 ``dump-guest-core=on|off`` 78 Include guest memory in a core dump. The default is on. 79 80 ``mem-merge=on|off`` 81 Enables or disables memory merge support. This feature, when 82 supported by the host, de-duplicates identical memory pages 83 among VMs instances (enabled by default). 84 85 ``aes-key-wrap=on|off`` 86 Enables or disables AES key wrapping support on s390-ccw hosts. 87 This feature controls whether AES wrapping keys will be created 88 to allow execution of AES cryptographic functions. The default 89 is on. 90 91 ``dea-key-wrap=on|off`` 92 Enables or disables DEA key wrapping support on s390-ccw hosts. 93 This feature controls whether DEA wrapping keys will be created 94 to allow execution of DEA cryptographic functions. The default 95 is on. 96 97 ``nvdimm=on|off`` 98 Enables or disables NVDIMM support. The default is off. 99 100 ``memory-encryption=`` 101 Memory encryption object to use. The default is none. 102 103 ``hmat=on|off`` 104 Enables or disables ACPI Heterogeneous Memory Attribute Table 105 (HMAT) support. The default is off. 106 107 ``aux-ram-share=on|off`` 108 Allocate auxiliary guest RAM as an anonymous file that is 109 shareable with an external process. This option applies to 110 memory allocated as a side effect of creating various devices. 111 It does not apply to memory-backend-objects, whether explicitly 112 specified on the command line, or implicitly created by the -m 113 command line option. The default is off. 114 115 ``memory-backend='id'`` 116 An alternative to legacy ``-mem-path`` and ``mem-prealloc`` options. 117 Allows to use a memory backend as main RAM. 118 119 For example: 120 :: 121 122 -object memory-backend-file,id=pc.ram,size=512M,mem-path=/hugetlbfs,prealloc=on,share=on 123 -machine memory-backend=pc.ram 124 -m 512M 125 126 Migration compatibility note: 127 128 * as backend id one shall use value of 'default-ram-id', advertised by 129 machine type (available via ``query-machines`` QMP command), if migration 130 to/from old QEMU (<5.0) is expected. 131 * for machine types 4.0 and older, user shall 132 use ``x-use-canonical-path-for-ramblock-id=off`` backend option 133 if migration to/from old QEMU (<5.0) is expected. 134 135 For example: 136 :: 137 138 -object memory-backend-ram,id=pc.ram,size=512M,x-use-canonical-path-for-ramblock-id=off 139 -machine memory-backend=pc.ram 140 -m 512M 141 142 ``cxl-fmw.0.targets.0=firsttarget,cxl-fmw.0.targets.1=secondtarget,cxl-fmw.0.size=size[,cxl-fmw.0.interleave-granularity=granularity]`` 143 Define a CXL Fixed Memory Window (CFMW). 144 145 Described in the CXL 2.0 ECN: CEDT CFMWS & QTG _DSM. 146 147 They are regions of Host Physical Addresses (HPA) on a system which 148 may be interleaved across one or more CXL host bridges. The system 149 software will assign particular devices into these windows and 150 configure the downstream Host-managed Device Memory (HDM) decoders 151 in root ports, switch ports and devices appropriately to meet the 152 interleave requirements before enabling the memory devices. 153 154 ``targets.X=target`` provides the mapping to CXL host bridges 155 which may be identified by the id provided in the -device entry. 156 Multiple entries are needed to specify all the targets when 157 the fixed memory window represents interleaved memory. X is the 158 target index from 0. 159 160 ``size=size`` sets the size of the CFMW. This must be a multiple of 161 256MiB. The region will be aligned to 256MiB but the location is 162 platform and configuration dependent. 163 164 ``interleave-granularity=granularity`` sets the granularity of 165 interleave. Default 256 (bytes). Only 256, 512, 1k, 2k, 166 4k, 8k and 16k granularities supported. 167 168 Example: 169 170 :: 171 172 -machine cxl-fmw.0.targets.0=cxl.0,cxl-fmw.0.targets.1=cxl.1,cxl-fmw.0.size=128G,cxl-fmw.0.interleave-granularity=512 173ERST 174 175DEF("M", HAS_ARG, QEMU_OPTION_M, 176 " sgx-epc.0.memdev=memid,sgx-epc.0.node=numaid\n", 177 QEMU_ARCH_ALL) 178 179SRST 180``sgx-epc.0.memdev=@var{memid},sgx-epc.0.node=@var{numaid}`` 181 Define an SGX EPC section. 182ERST 183 184DEF("cpu", HAS_ARG, QEMU_OPTION_cpu, 185 "-cpu cpu select CPU ('-cpu help' for list)\n", QEMU_ARCH_ALL) 186SRST 187``-cpu model`` 188 Select CPU model (``-cpu help`` for list and additional feature 189 selection) 190ERST 191 192DEF("accel", HAS_ARG, QEMU_OPTION_accel, 193 "-accel [accel=]accelerator[,prop[=value][,...]]\n" 194 " select accelerator (kvm, xen, hvf, nvmm, whpx or tcg; use 'help' for a list)\n" 195 " igd-passthru=on|off (enable Xen integrated Intel graphics passthrough, default=off)\n" 196 " kernel-irqchip=on|off|split controls accelerated irqchip support (default=on)\n" 197 " kvm-shadow-mem=size of KVM shadow MMU in bytes\n" 198 " one-insn-per-tb=on|off (one guest instruction per TCG translation block)\n" 199 " split-wx=on|off (enable TCG split w^x mapping)\n" 200 " tb-size=n (TCG translation block cache size)\n" 201 " dirty-ring-size=n (KVM dirty ring GFN count, default 0)\n" 202 " eager-split-size=n (KVM Eager Page Split chunk size, default 0, disabled. ARM only)\n" 203 " notify-vmexit=run|internal-error|disable,notify-window=n (enable notify VM exit and set notify window, x86 only)\n" 204 " thread=single|multi (enable multi-threaded TCG)\n" 205 " device=path (KVM device path, default /dev/kvm)\n", QEMU_ARCH_ALL) 206SRST 207``-accel name[,prop=value[,...]]`` 208 This is used to enable an accelerator. Depending on the target 209 architecture, kvm, xen, hvf, nvmm, whpx or tcg can be available. By 210 default, tcg is used. If there is more than one accelerator 211 specified, the next one is used if the previous one fails to 212 initialize. 213 214 ``igd-passthru=on|off`` 215 When Xen is in use, this option controls whether Intel 216 integrated graphics devices can be passed through to the guest 217 (default=off) 218 219 ``kernel-irqchip=on|off|split`` 220 Controls KVM in-kernel irqchip support. The default is full 221 acceleration of the interrupt controllers. On x86, split irqchip 222 reduces the kernel attack surface, at a performance cost for 223 non-MSI interrupts. Disabling the in-kernel irqchip completely 224 is not recommended except for debugging purposes. 225 226 ``kvm-shadow-mem=size`` 227 Defines the size of the KVM shadow MMU. 228 229 ``one-insn-per-tb=on|off`` 230 Makes the TCG accelerator put only one guest instruction into 231 each translation block. This slows down emulation a lot, but 232 can be useful in some situations, such as when trying to analyse 233 the logs produced by the ``-d`` option. 234 235 ``split-wx=on|off`` 236 Controls the use of split w^x mapping for the TCG code generation 237 buffer. Some operating systems require this to be enabled, and in 238 such a case this will default on. On other operating systems, this 239 will default off, but one may enable this for testing or debugging. 240 241 ``tb-size=n`` 242 Controls the size (in MiB) of the TCG translation block cache. 243 244 ``thread=single|multi`` 245 Controls number of TCG threads. When the TCG is multi-threaded 246 there will be one thread per vCPU therefore taking advantage of 247 additional host cores. The default is to enable multi-threading 248 where both the back-end and front-ends support it and no 249 incompatible TCG features have been enabled (e.g. 250 icount/replay). 251 252 ``dirty-ring-size=n`` 253 When the KVM accelerator is used, it controls the size of the per-vCPU 254 dirty page ring buffer (number of entries for each vCPU). It should 255 be a value that is power of two, and it should be 1024 or bigger (but 256 still less than the maximum value that the kernel supports). 4096 257 could be a good initial value if you have no idea which is the best. 258 Set this value to 0 to disable the feature. By default, this feature 259 is disabled (dirty-ring-size=0). When enabled, KVM will instead 260 record dirty pages in a bitmap. 261 262 ``eager-split-size=n`` 263 KVM implements dirty page logging at the PAGE_SIZE granularity and 264 enabling dirty-logging on a huge-page requires breaking it into 265 PAGE_SIZE pages in the first place. KVM on ARM does this splitting 266 lazily by default. There are performance benefits in doing huge-page 267 split eagerly, especially in situations where TLBI costs associated 268 with break-before-make sequences are considerable and also if guest 269 workloads are read intensive. The size here specifies how many pages 270 to break at a time and needs to be a valid block size which is 271 1GB/2MB/4KB, 32MB/16KB and 512MB/64KB for 4KB/16KB/64KB PAGE_SIZE 272 respectively. Be wary of specifying a higher size as it will have an 273 impact on the memory. By default, this feature is disabled 274 (eager-split-size=0). 275 276 ``notify-vmexit=run|internal-error|disable,notify-window=n`` 277 Enables or disables notify VM exit support on x86 host and specify 278 the corresponding notify window to trigger the VM exit if enabled. 279 ``run`` option enables the feature. It does nothing and continue 280 if the exit happens. ``internal-error`` option enables the feature. 281 It raises a internal error. ``disable`` option doesn't enable the feature. 282 This feature can mitigate the CPU stuck issue due to event windows don't 283 open up for a specified of time (i.e. notify-window). 284 Default: notify-vmexit=run,notify-window=0. 285 286 ``device=path`` 287 Sets the path to the KVM device node. Defaults to ``/dev/kvm``. This 288 option can be used to pass the KVM device to use via a file descriptor 289 by setting the value to ``/dev/fdset/NN``. 290 291ERST 292 293DEF("smp", HAS_ARG, QEMU_OPTION_smp, 294 "-smp [[cpus=]n][,maxcpus=maxcpus][,drawers=drawers][,books=books][,sockets=sockets]\n" 295 " [,dies=dies][,clusters=clusters][,modules=modules][,cores=cores]\n" 296 " [,threads=threads]\n" 297 " set the number of initial CPUs to 'n' [default=1]\n" 298 " maxcpus= maximum number of total CPUs, including\n" 299 " offline CPUs for hotplug, etc\n" 300 " drawers= number of drawers on the machine board\n" 301 " books= number of books in one drawer\n" 302 " sockets= number of sockets in one book\n" 303 " dies= number of dies in one socket\n" 304 " clusters= number of clusters in one die\n" 305 " modules= number of modules in one cluster\n" 306 " cores= number of cores in one module\n" 307 " threads= number of threads in one core\n" 308 "Note: Different machines may have different subsets of the CPU topology\n" 309 " parameters supported, so the actual meaning of the supported parameters\n" 310 " will vary accordingly. For example, for a machine type that supports a\n" 311 " three-level CPU hierarchy of sockets/cores/threads, the parameters will\n" 312 " sequentially mean as below:\n" 313 " sockets means the number of sockets on the machine board\n" 314 " cores means the number of cores in one socket\n" 315 " threads means the number of threads in one core\n" 316 " For a particular machine type board, an expected CPU topology hierarchy\n" 317 " can be defined through the supported sub-option. Unsupported parameters\n" 318 " can also be provided in addition to the sub-option, but their values\n" 319 " must be set as 1 in the purpose of correct parsing.\n", 320 QEMU_ARCH_ALL) 321SRST 322``-smp [[cpus=]n][,maxcpus=maxcpus][,drawers=drawers][,books=books][,sockets=sockets][,dies=dies][,clusters=clusters][,modules=modules][,cores=cores][,threads=threads]`` 323 Simulate a SMP system with '\ ``n``\ ' CPUs initially present on 324 the machine type board. On boards supporting CPU hotplug, the optional 325 '\ ``maxcpus``\ ' parameter can be set to enable further CPUs to be 326 added at runtime. When both parameters are omitted, the maximum number 327 of CPUs will be calculated from the provided topology members and the 328 initial CPU count will match the maximum number. When only one of them 329 is given then the omitted one will be set to its counterpart's value. 330 Both parameters may be specified, but the maximum number of CPUs must 331 be equal to or greater than the initial CPU count. Product of the 332 CPU topology hierarchy must be equal to the maximum number of CPUs. 333 Both parameters are subject to an upper limit that is determined by 334 the specific machine type chosen. 335 336 To control reporting of CPU topology information, values of the topology 337 parameters can be specified. Machines may only support a subset of the 338 parameters and different machines may have different subsets supported 339 which vary depending on capacity of the corresponding CPU targets. So 340 for a particular machine type board, an expected topology hierarchy can 341 be defined through the supported sub-option. Unsupported parameters can 342 also be provided in addition to the sub-option, but their values must be 343 set as 1 in the purpose of correct parsing. 344 345 Either the initial CPU count, or at least one of the topology parameters 346 must be specified. The specified parameters must be greater than zero, 347 explicit configuration like "cpus=0" is not allowed. Values for any 348 omitted parameters will be computed from those which are given. 349 350 For example, the following sub-option defines a CPU topology hierarchy 351 (2 sockets totally on the machine, 2 cores per socket, 2 threads per 352 core) for a machine that only supports sockets/cores/threads. 353 Some members of the option can be omitted but their values will be 354 automatically computed: 355 356 :: 357 358 -smp 8,sockets=2,cores=2,threads=2,maxcpus=8 359 360 The following sub-option defines a CPU topology hierarchy (2 sockets 361 totally on the machine, 2 dies per socket, 2 modules per die, 2 cores per 362 module, 2 threads per core) for PC machines which support sockets/dies 363 /modules/cores/threads. Some members of the option can be omitted but 364 their values will be automatically computed: 365 366 :: 367 368 -smp 32,sockets=2,dies=2,modules=2,cores=2,threads=2,maxcpus=32 369 370 The following sub-option defines a CPU topology hierarchy (2 sockets 371 totally on the machine, 2 clusters per socket, 2 cores per cluster, 372 2 threads per core) for ARM virt machines which support sockets/clusters 373 /cores/threads. Some members of the option can be omitted but their values 374 will be automatically computed: 375 376 :: 377 378 -smp 16,sockets=2,clusters=2,cores=2,threads=2,maxcpus=16 379 380 Historically preference was given to the coarsest topology parameters 381 when computing missing values (ie sockets preferred over cores, which 382 were preferred over threads), however, this behaviour is considered 383 liable to change. Prior to 6.2 the preference was sockets over cores 384 over threads. Since 6.2 the preference is cores over sockets over threads. 385 386 For example, the following option defines a machine board with 2 sockets 387 of 1 core before 6.2 and 1 socket of 2 cores after 6.2: 388 389 :: 390 391 -smp 2 392 393 Note: The cluster topology will only be generated in ACPI and exposed 394 to guest if it's explicitly specified in -smp. 395ERST 396 397DEF("numa", HAS_ARG, QEMU_OPTION_numa, 398 "-numa node[,mem=size][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=node]\n" 399 "-numa node[,memdev=id][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=node]\n" 400 "-numa dist,src=source,dst=destination,val=distance\n" 401 "-numa cpu,node-id=node[,socket-id=x][,core-id=y][,thread-id=z]\n" 402 "-numa hmat-lb,initiator=node,target=node,hierarchy=memory|first-level|second-level|third-level,data-type=access-latency|read-latency|write-latency[,latency=lat][,bandwidth=bw]\n" 403 "-numa hmat-cache,node-id=node,size=size,level=level[,associativity=none|direct|complex][,policy=none|write-back|write-through][,line=size]\n", 404 QEMU_ARCH_ALL) 405SRST 406``-numa node[,mem=size][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=initiator]`` 407 \ 408``-numa node[,memdev=id][,cpus=firstcpu[-lastcpu]][,nodeid=node][,initiator=initiator]`` 409 \ 410``-numa dist,src=source,dst=destination,val=distance`` 411 \ 412``-numa cpu,node-id=node[,socket-id=x][,core-id=y][,thread-id=z]`` 413 \ 414``-numa hmat-lb,initiator=node,target=node,hierarchy=hierarchy,data-type=type[,latency=lat][,bandwidth=bw]`` 415 \ 416``-numa hmat-cache,node-id=node,size=size,level=level[,associativity=str][,policy=str][,line=size]`` 417 Define a NUMA node and assign RAM and VCPUs to it. Set the NUMA 418 distance from a source node to a destination node. Set the ACPI 419 Heterogeneous Memory Attributes for the given nodes. 420 421 Legacy VCPU assignment uses '\ ``cpus``\ ' option where firstcpu and 422 lastcpu are CPU indexes. Each '\ ``cpus``\ ' option represent a 423 contiguous range of CPU indexes (or a single VCPU if lastcpu is 424 omitted). A non-contiguous set of VCPUs can be represented by 425 providing multiple '\ ``cpus``\ ' options. If '\ ``cpus``\ ' is 426 omitted on all nodes, VCPUs are automatically split between them. 427 428 For example, the following option assigns VCPUs 0, 1, 2 and 5 to a 429 NUMA node: 430 431 :: 432 433 -numa node,cpus=0-2,cpus=5 434 435 '\ ``cpu``\ ' option is a new alternative to '\ ``cpus``\ ' option 436 which uses '\ ``socket-id|core-id|thread-id``\ ' properties to 437 assign CPU objects to a node using topology layout properties of 438 CPU. The set of properties is machine specific, and depends on used 439 machine type/'\ ``smp``\ ' options. It could be queried with 440 '\ ``hotpluggable-cpus``\ ' monitor command. '\ ``node-id``\ ' 441 property specifies node to which CPU object will be assigned, it's 442 required for node to be declared with '\ ``node``\ ' option before 443 it's used with '\ ``cpu``\ ' option. 444 445 For example: 446 447 :: 448 449 -M pc \ 450 -smp 1,sockets=2,maxcpus=2 \ 451 -numa node,nodeid=0 -numa node,nodeid=1 \ 452 -numa cpu,node-id=0,socket-id=0 -numa cpu,node-id=1,socket-id=1 453 454 '\ ``memdev``\ ' option assigns RAM from a given memory backend 455 device to a node. It is recommended to use '\ ``memdev``\ ' option 456 over legacy '\ ``mem``\ ' option. This is because '\ ``memdev``\ ' 457 option provides better performance and more control over the 458 backend's RAM (e.g. '\ ``prealloc``\ ' parameter of 459 '\ ``-memory-backend-ram``\ ' allows memory preallocation). 460 461 For compatibility reasons, legacy '\ ``mem``\ ' option is 462 supported in 5.0 and older machine types. Note that '\ ``mem``\ ' 463 and '\ ``memdev``\ ' are mutually exclusive. If one node uses 464 '\ ``memdev``\ ', the rest nodes have to use '\ ``memdev``\ ' 465 option, and vice versa. 466 467 Users must specify memory for all NUMA nodes by '\ ``memdev``\ ' 468 (or legacy '\ ``mem``\ ' if available). In QEMU 5.2, the support 469 for '\ ``-numa node``\ ' without memory specified was removed. 470 471 '\ ``initiator``\ ' is an additional option that points to an 472 initiator NUMA node that has best performance (the lowest latency or 473 largest bandwidth) to this NUMA node. Note that this option can be 474 set only when the machine property 'hmat' is set to 'on'. 475 476 Following example creates a machine with 2 NUMA nodes, node 0 has 477 CPU. node 1 has only memory, and its initiator is node 0. Note that 478 because node 0 has CPU, by default the initiator of node 0 is itself 479 and must be itself. 480 481 :: 482 483 -machine hmat=on \ 484 -m 2G,slots=2,maxmem=4G \ 485 -object memory-backend-ram,size=1G,id=m0 \ 486 -object memory-backend-ram,size=1G,id=m1 \ 487 -numa node,nodeid=0,memdev=m0 \ 488 -numa node,nodeid=1,memdev=m1,initiator=0 \ 489 -smp 2,sockets=2,maxcpus=2 \ 490 -numa cpu,node-id=0,socket-id=0 \ 491 -numa cpu,node-id=0,socket-id=1 492 493 source and destination are NUMA node IDs. distance is the NUMA 494 distance from source to destination. The distance from a node to 495 itself is always 10. If any pair of nodes is given a distance, then 496 all pairs must be given distances. Although, when distances are only 497 given in one direction for each pair of nodes, then the distances in 498 the opposite directions are assumed to be the same. If, however, an 499 asymmetrical pair of distances is given for even one node pair, then 500 all node pairs must be provided distance values for both directions, 501 even when they are symmetrical. When a node is unreachable from 502 another node, set the pair's distance to 255. 503 504 Note that the -``numa`` option doesn't allocate any of the specified 505 resources, it just assigns existing resources to NUMA nodes. This 506 means that one still has to use the ``-m``, ``-smp`` options to 507 allocate RAM and VCPUs respectively. 508 509 Use '\ ``hmat-lb``\ ' to set System Locality Latency and Bandwidth 510 Information between initiator and target NUMA nodes in ACPI 511 Heterogeneous Attribute Memory Table (HMAT). Initiator NUMA node can 512 create memory requests, usually it has one or more processors. 513 Target NUMA node contains addressable memory. 514 515 In '\ ``hmat-lb``\ ' option, node are NUMA node IDs. hierarchy is 516 the memory hierarchy of the target NUMA node: if hierarchy is 517 'memory', the structure represents the memory performance; if 518 hierarchy is 'first-level\|second-level\|third-level', this 519 structure represents aggregated performance of memory side caches 520 for each domain. type of 'data-type' is type of data represented by 521 this structure instance: if 'hierarchy' is 'memory', 'data-type' is 522 'access\|read\|write' latency or 'access\|read\|write' bandwidth of 523 the target memory; if 'hierarchy' is 524 'first-level\|second-level\|third-level', 'data-type' is 525 'access\|read\|write' hit latency or 'access\|read\|write' hit 526 bandwidth of the target memory side cache. 527 528 lat is latency value in nanoseconds. bw is bandwidth value, the 529 possible value and units are NUM[M\|G\|T], mean that the bandwidth 530 value are NUM byte per second (or MB/s, GB/s or TB/s depending on 531 used suffix). Note that if latency or bandwidth value is 0, means 532 the corresponding latency or bandwidth information is not provided. 533 534 In '\ ``hmat-cache``\ ' option, node-id is the NUMA-id of the memory 535 belongs. size is the size of memory side cache in bytes. level is 536 the cache level described in this structure, note that the cache 537 level 0 should not be used with '\ ``hmat-cache``\ ' option. 538 associativity is the cache associativity, the possible value is 539 'none/direct(direct-mapped)/complex(complex cache indexing)'. policy 540 is the write policy. line is the cache Line size in bytes. 541 542 For example, the following options describe 2 NUMA nodes. Node 0 has 543 2 cpus and a ram, node 1 has only a ram. The processors in node 0 544 access memory in node 0 with access-latency 5 nanoseconds, 545 access-bandwidth is 200 MB/s; The processors in NUMA node 0 access 546 memory in NUMA node 1 with access-latency 10 nanoseconds, 547 access-bandwidth is 100 MB/s. And for memory side cache information, 548 NUMA node 0 and 1 both have 1 level memory cache, size is 10KB, 549 policy is write-back, the cache Line size is 8 bytes: 550 551 :: 552 553 -machine hmat=on \ 554 -m 2G \ 555 -object memory-backend-ram,size=1G,id=m0 \ 556 -object memory-backend-ram,size=1G,id=m1 \ 557 -smp 2,sockets=2,maxcpus=2 \ 558 -numa node,nodeid=0,memdev=m0 \ 559 -numa node,nodeid=1,memdev=m1,initiator=0 \ 560 -numa cpu,node-id=0,socket-id=0 \ 561 -numa cpu,node-id=0,socket-id=1 \ 562 -numa hmat-lb,initiator=0,target=0,hierarchy=memory,data-type=access-latency,latency=5 \ 563 -numa hmat-lb,initiator=0,target=0,hierarchy=memory,data-type=access-bandwidth,bandwidth=200M \ 564 -numa hmat-lb,initiator=0,target=1,hierarchy=memory,data-type=access-latency,latency=10 \ 565 -numa hmat-lb,initiator=0,target=1,hierarchy=memory,data-type=access-bandwidth,bandwidth=100M \ 566 -numa hmat-cache,node-id=0,size=10K,level=1,associativity=direct,policy=write-back,line=8 \ 567 -numa hmat-cache,node-id=1,size=10K,level=1,associativity=direct,policy=write-back,line=8 568ERST 569 570DEF("add-fd", HAS_ARG, QEMU_OPTION_add_fd, 571 "-add-fd fd=fd,set=set[,opaque=opaque]\n" 572 " Add 'fd' to fd 'set'\n", QEMU_ARCH_ALL) 573SRST 574``-add-fd fd=fd,set=set[,opaque=opaque]`` 575 Add a file descriptor to an fd set. Valid options are: 576 577 ``fd=fd`` 578 This option defines the file descriptor of which a duplicate is 579 added to fd set. The file descriptor cannot be stdin, stdout, or 580 stderr. 581 582 ``set=set`` 583 This option defines the ID of the fd set to add the file 584 descriptor to. 585 586 ``opaque=opaque`` 587 This option defines a free-form string that can be used to 588 describe fd. 589 590 You can open an image using pre-opened file descriptors from an fd 591 set: 592 593 .. parsed-literal:: 594 595 |qemu_system| \\ 596 -add-fd fd=3,set=2,opaque="rdwr:/path/to/file" \\ 597 -add-fd fd=4,set=2,opaque="rdonly:/path/to/file" \\ 598 -drive file=/dev/fdset/2,index=0,media=disk 599ERST 600 601DEF("set", HAS_ARG, QEMU_OPTION_set, 602 "-set group.id.arg=value\n" 603 " set <arg> parameter for item <id> of type <group>\n" 604 " i.e. -set drive.$id.file=/path/to/image\n", QEMU_ARCH_ALL) 605SRST 606``-set group.id.arg=value`` 607 Set parameter arg for item id of type group 608ERST 609 610DEF("global", HAS_ARG, QEMU_OPTION_global, 611 "-global driver.property=value\n" 612 "-global driver=driver,property=property,value=value\n" 613 " set a global default for a driver property\n", 614 QEMU_ARCH_ALL) 615SRST 616``-global driver.prop=value`` 617 \ 618``-global driver=driver,property=property,value=value`` 619 Set default value of driver's property prop to value, e.g.: 620 621 .. parsed-literal:: 622 623 |qemu_system_x86| -global ide-hd.physical_block_size=4096 disk-image.img 624 625 In particular, you can use this to set driver properties for devices 626 which are created automatically by the machine model. To create a 627 device which is not created automatically and set properties on it, 628 use -``device``. 629 630 -global driver.prop=value is shorthand for -global 631 driver=driver,property=prop,value=value. The longhand syntax works 632 even when driver contains a dot. 633ERST 634 635DEF("boot", HAS_ARG, QEMU_OPTION_boot, 636 "-boot [order=drives][,once=drives][,menu=on|off]\n" 637 " [,splash=sp_name][,splash-time=sp_time][,reboot-timeout=rb_time][,strict=on|off]\n" 638 " 'drives': floppy (a), hard disk (c), CD-ROM (d), network (n)\n" 639 " 'sp_name': the file's name that would be passed to bios as logo picture, if menu=on\n" 640 " 'sp_time': the period that splash picture last if menu=on, unit is ms\n" 641 " 'rb_timeout': the timeout before guest reboot when boot failed, unit is ms\n", 642 QEMU_ARCH_ALL) 643SRST 644``-boot [order=drives][,once=drives][,menu=on|off][,splash=sp_name][,splash-time=sp_time][,reboot-timeout=rb_timeout][,strict=on|off]`` 645 Specify boot order drives as a string of drive letters. Valid drive 646 letters depend on the target architecture. The x86 PC uses: a, b 647 (floppy 1 and 2), c (first hard disk), d (first CD-ROM), n-p 648 (Etherboot from network adapter 1-4), hard disk boot is the default. 649 To apply a particular boot order only on the first startup, specify 650 it via ``once``. Note that the ``order`` or ``once`` parameter 651 should not be used together with the ``bootindex`` property of 652 devices, since the firmware implementations normally do not support 653 both at the same time. 654 655 Interactive boot menus/prompts can be enabled via ``menu=on`` as far 656 as firmware/BIOS supports them. The default is non-interactive boot. 657 658 A splash picture could be passed to bios, enabling user to show it 659 as logo, when option splash=sp\_name is given and menu=on, If 660 firmware/BIOS supports them. Currently Seabios for X86 system 661 support it. limitation: The splash file could be a jpeg file or a 662 BMP file in 24 BPP format(true color). The resolution should be 663 supported by the SVGA mode, so the recommended is 320x240, 640x480, 664 800x640. 665 666 A timeout could be passed to bios, guest will pause for rb\_timeout 667 ms when boot failed, then reboot. If rb\_timeout is '-1', guest will 668 not reboot, qemu passes '-1' to bios by default. Currently Seabios 669 for X86 system support it. 670 671 Do strict boot via ``strict=on`` as far as firmware/BIOS supports 672 it. This only effects when boot priority is changed by bootindex 673 options. The default is non-strict boot. 674 675 .. parsed-literal:: 676 677 # try to boot from network first, then from hard disk 678 |qemu_system_x86| -boot order=nc 679 # boot from CD-ROM first, switch back to default order after reboot 680 |qemu_system_x86| -boot once=d 681 # boot with a splash picture for 5 seconds. 682 |qemu_system_x86| -boot menu=on,splash=/root/boot.bmp,splash-time=5000 683 684 Note: The legacy format '-boot drives' is still supported but its 685 use is discouraged as it may be removed from future versions. 686ERST 687 688DEF("m", HAS_ARG, QEMU_OPTION_m, 689 "-m [size=]megs[,slots=n,maxmem=size]\n" 690 " configure guest RAM\n" 691 " size: initial amount of guest memory\n" 692 " slots: number of hotplug slots (default: none)\n" 693 " maxmem: maximum amount of guest memory (default: none)\n" 694 " Note: Some architectures might enforce a specific granularity\n", 695 QEMU_ARCH_ALL) 696SRST 697``-m [size=]megs[,slots=n,maxmem=size]`` 698 Sets guest startup RAM size to megs megabytes. Default is 128 MiB. 699 Optionally, a suffix of "M" or "G" can be used to signify a value in 700 megabytes or gigabytes respectively. Optional pair slots, maxmem 701 could be used to set amount of hotpluggable memory slots and maximum 702 amount of memory. Note that maxmem must be aligned to the page size. 703 704 For example, the following command-line sets the guest startup RAM 705 size to 1GB, creates 3 slots to hotplug additional memory and sets 706 the maximum memory the guest can reach to 4GB: 707 708 .. parsed-literal:: 709 710 |qemu_system| -m 1G,slots=3,maxmem=4G 711 712 If slots and maxmem are not specified, memory hotplug won't be 713 enabled and the guest startup RAM will never increase. 714ERST 715 716DEF("mem-path", HAS_ARG, QEMU_OPTION_mempath, 717 "-mem-path FILE provide backing storage for guest RAM\n", QEMU_ARCH_ALL) 718SRST 719``-mem-path path`` 720 Allocate guest RAM from a temporarily created file in path. 721ERST 722 723DEF("mem-prealloc", 0, QEMU_OPTION_mem_prealloc, 724 "-mem-prealloc preallocate guest memory (use with -mem-path)\n", 725 QEMU_ARCH_ALL) 726SRST 727``-mem-prealloc`` 728 Preallocate memory when using -mem-path. 729ERST 730 731DEF("k", HAS_ARG, QEMU_OPTION_k, 732 "-k language use keyboard layout (for example 'fr' for French)\n", 733 QEMU_ARCH_ALL) 734SRST 735``-k language`` 736 Use keyboard layout language (for example ``fr`` for French). This 737 option is only needed where it is not easy to get raw PC keycodes 738 (e.g. on Macs, with some X11 servers or with a VNC or curses 739 display). You don't normally need to use it on PC/Linux or 740 PC/Windows hosts. 741 742 The available layouts are: 743 744 :: 745 746 ar de-ch es fo fr-ca hu ja mk no pt-br sv 747 da en-gb et fr fr-ch is lt nl pl ru th 748 de en-us fi fr-be hr it lv nl-be pt sl tr 749 750 The default is ``en-us``. 751ERST 752 753 754DEF("audio", HAS_ARG, QEMU_OPTION_audio, 755 "-audio [driver=]driver[,prop[=value][,...]]\n" 756 " specifies default audio backend when `audiodev` is not\n" 757 " used to create a machine or sound device;" 758 " options are the same as for -audiodev\n" 759 "-audio [driver=]driver,model=value[,prop[=value][,...]]\n" 760 " specifies the audio backend and device to use;\n" 761 " apart from 'model', options are the same as for -audiodev.\n" 762 " use '-audio model=help' to show possible devices.\n", 763 QEMU_ARCH_ALL) 764SRST 765``-audio [driver=]driver[,model=value][,prop[=value][,...]]`` 766 If the ``model`` option is specified, ``-audio`` is a shortcut 767 for configuring both the guest audio hardware and the host audio 768 backend in one go. The guest hardware model can be set with 769 ``model=modelname``. Use ``model=help`` to list the available 770 device types. 771 772 The following two example do exactly the same, to show how ``-audio`` 773 can be used to shorten the command line length: 774 775 .. parsed-literal:: 776 777 |qemu_system| -audiodev pa,id=pa -device sb16,audiodev=pa 778 |qemu_system| -audio pa,model=sb16 779 780 If the ``model`` option is not specified, ``-audio`` is used to 781 configure a default audio backend that will be used whenever the 782 ``audiodev`` property is not set on a device or machine. In 783 particular, ``-audio none`` ensures that no audio is produced even 784 for machines that have embedded sound hardware. 785 786 In both cases, the driver option is the same as with the corresponding 787 ``-audiodev`` option below. Use ``driver=help`` to list the available 788 drivers. 789 790ERST 791 792DEF("audiodev", HAS_ARG, QEMU_OPTION_audiodev, 793 "-audiodev [driver=]driver,id=id[,prop[=value][,...]]\n" 794 " specifies the audio backend to use\n" 795 " Use ``-audiodev help`` to list the available drivers\n" 796 " id= identifier of the backend\n" 797 " timer-period= timer period in microseconds\n" 798 " in|out.mixing-engine= use mixing engine to mix streams inside QEMU\n" 799 " in|out.fixed-settings= use fixed settings for host audio\n" 800 " in|out.frequency= frequency to use with fixed settings\n" 801 " in|out.channels= number of channels to use with fixed settings\n" 802 " in|out.format= sample format to use with fixed settings\n" 803 " valid values: s8, s16, s32, u8, u16, u32, f32\n" 804 " in|out.voices= number of voices to use\n" 805 " in|out.buffer-length= length of buffer in microseconds\n" 806 "-audiodev none,id=id,[,prop[=value][,...]]\n" 807 " dummy driver that discards all output\n" 808#ifdef CONFIG_AUDIO_ALSA 809 "-audiodev alsa,id=id[,prop[=value][,...]]\n" 810 " in|out.dev= name of the audio device to use\n" 811 " in|out.period-length= length of period in microseconds\n" 812 " in|out.try-poll= attempt to use poll mode\n" 813 " threshold= threshold (in microseconds) when playback starts\n" 814#endif 815#ifdef CONFIG_AUDIO_COREAUDIO 816 "-audiodev coreaudio,id=id[,prop[=value][,...]]\n" 817 " in|out.buffer-count= number of buffers\n" 818#endif 819#ifdef CONFIG_AUDIO_DSOUND 820 "-audiodev dsound,id=id[,prop[=value][,...]]\n" 821 " latency= add extra latency to playback in microseconds\n" 822#endif 823#ifdef CONFIG_AUDIO_OSS 824 "-audiodev oss,id=id[,prop[=value][,...]]\n" 825 " in|out.dev= path of the audio device to use\n" 826 " in|out.buffer-count= number of buffers\n" 827 " in|out.try-poll= attempt to use poll mode\n" 828 " try-mmap= try using memory mapped access\n" 829 " exclusive= open device in exclusive mode\n" 830 " dsp-policy= set timing policy (0..10), -1 to use fragment mode\n" 831#endif 832#ifdef CONFIG_AUDIO_PA 833 "-audiodev pa,id=id[,prop[=value][,...]]\n" 834 " server= PulseAudio server address\n" 835 " in|out.name= source/sink device name\n" 836 " in|out.latency= desired latency in microseconds\n" 837#endif 838#ifdef CONFIG_AUDIO_PIPEWIRE 839 "-audiodev pipewire,id=id[,prop[=value][,...]]\n" 840 " in|out.name= source/sink device name\n" 841 " in|out.stream-name= name of pipewire stream\n" 842 " in|out.latency= desired latency in microseconds\n" 843#endif 844#ifdef CONFIG_AUDIO_SDL 845 "-audiodev sdl,id=id[,prop[=value][,...]]\n" 846 " in|out.buffer-count= number of buffers\n" 847#endif 848#ifdef CONFIG_AUDIO_SNDIO 849 "-audiodev sndio,id=id[,prop[=value][,...]]\n" 850#endif 851#ifdef CONFIG_SPICE 852 "-audiodev spice,id=id[,prop[=value][,...]]\n" 853#endif 854#ifdef CONFIG_DBUS_DISPLAY 855 "-audiodev dbus,id=id[,prop[=value][,...]]\n" 856#endif 857 "-audiodev wav,id=id[,prop[=value][,...]]\n" 858 " path= path of wav file to record\n", 859 QEMU_ARCH_ALL) 860SRST 861``-audiodev [driver=]driver,id=id[,prop[=value][,...]]`` 862 Adds a new audio backend driver identified by id. There are global 863 and driver specific properties. Some values can be set differently 864 for input and output, they're marked with ``in|out.``. You can set 865 the input's property with ``in.prop`` and the output's property with 866 ``out.prop``. For example: 867 868 :: 869 870 -audiodev alsa,id=example,in.frequency=44110,out.frequency=8000 871 -audiodev alsa,id=example,out.channels=1 # leaves in.channels unspecified 872 873 NOTE: parameter validation is known to be incomplete, in many cases 874 specifying an invalid option causes QEMU to print an error message 875 and continue emulation without sound. 876 877 Valid global options are: 878 879 ``id=identifier`` 880 Identifies the audio backend. 881 882 ``timer-period=period`` 883 Sets the timer period used by the audio subsystem in 884 microseconds. Default is 10000 (10 ms). 885 886 ``in|out.mixing-engine=on|off`` 887 Use QEMU's mixing engine to mix all streams inside QEMU and 888 convert audio formats when not supported by the backend. When 889 off, fixed-settings must be off too. Note that disabling this 890 option means that the selected backend must support multiple 891 streams and the audio formats used by the virtual cards, 892 otherwise you'll get no sound. It's not recommended to disable 893 this option unless you want to use 5.1 or 7.1 audio, as mixing 894 engine only supports mono and stereo audio. Default is on. 895 896 ``in|out.fixed-settings=on|off`` 897 Use fixed settings for host audio. When off, it will change 898 based on how the guest opens the sound card. In this case you 899 must not specify frequency, channels or format. Default is on. 900 901 ``in|out.frequency=frequency`` 902 Specify the frequency to use when using fixed-settings. Default 903 is 44100Hz. 904 905 ``in|out.channels=channels`` 906 Specify the number of channels to use when using fixed-settings. 907 Default is 2 (stereo). 908 909 ``in|out.format=format`` 910 Specify the sample format to use when using fixed-settings. 911 Valid values are: ``s8``, ``s16``, ``s32``, ``u8``, ``u16``, 912 ``u32``, ``f32``. Default is ``s16``. 913 914 ``in|out.voices=voices`` 915 Specify the number of voices to use. Default is 1. 916 917 ``in|out.buffer-length=usecs`` 918 Sets the size of the buffer in microseconds. 919 920``-audiodev none,id=id[,prop[=value][,...]]`` 921 Creates a dummy backend that discards all outputs. This backend has 922 no backend specific properties. 923 924``-audiodev alsa,id=id[,prop[=value][,...]]`` 925 Creates backend using the ALSA. This backend is only available on 926 Linux. 927 928 ALSA specific options are: 929 930 ``in|out.dev=device`` 931 Specify the ALSA device to use for input and/or output. Default 932 is ``default``. 933 934 ``in|out.period-length=usecs`` 935 Sets the period length in microseconds. 936 937 ``in|out.try-poll=on|off`` 938 Attempt to use poll mode with the device. Default is on. 939 940 ``threshold=threshold`` 941 Threshold (in microseconds) when playback starts. Default is 0. 942 943``-audiodev coreaudio,id=id[,prop[=value][,...]]`` 944 Creates a backend using Apple's Core Audio. This backend is only 945 available on Mac OS and only supports playback. 946 947 Core Audio specific options are: 948 949 ``in|out.buffer-count=count`` 950 Sets the count of the buffers. 951 952``-audiodev dsound,id=id[,prop[=value][,...]]`` 953 Creates a backend using Microsoft's DirectSound. This backend is 954 only available on Windows and only supports playback. 955 956 DirectSound specific options are: 957 958 ``latency=usecs`` 959 Add extra usecs microseconds latency to playback. Default is 960 10000 (10 ms). 961 962``-audiodev oss,id=id[,prop[=value][,...]]`` 963 Creates a backend using OSS. This backend is available on most 964 Unix-like systems. 965 966 OSS specific options are: 967 968 ``in|out.dev=device`` 969 Specify the file name of the OSS device to use. Default is 970 ``/dev/dsp``. 971 972 ``in|out.buffer-count=count`` 973 Sets the count of the buffers. 974 975 ``in|out.try-poll=on|of`` 976 Attempt to use poll mode with the device. Default is on. 977 978 ``try-mmap=on|off`` 979 Try using memory mapped device access. Default is off. 980 981 ``exclusive=on|off`` 982 Open the device in exclusive mode (vmix won't work in this 983 case). Default is off. 984 985 ``dsp-policy=policy`` 986 Sets the timing policy (between 0 and 10, where smaller number 987 means smaller latency but higher CPU usage). Use -1 to use 988 buffer sizes specified by ``buffer`` and ``buffer-count``. This 989 option is ignored if you do not have OSS 4. Default is 5. 990 991``-audiodev pa,id=id[,prop[=value][,...]]`` 992 Creates a backend using PulseAudio. This backend is available on 993 most systems. 994 995 PulseAudio specific options are: 996 997 ``server=server`` 998 Sets the PulseAudio server to connect to. 999 1000 ``in|out.name=sink`` 1001 Use the specified source/sink for recording/playback. 1002 1003 ``in|out.latency=usecs`` 1004 Desired latency in microseconds. The PulseAudio server will try 1005 to honor this value but actual latencies may be lower or higher. 1006 1007``-audiodev pipewire,id=id[,prop[=value][,...]]`` 1008 Creates a backend using PipeWire. This backend is available on 1009 most systems. 1010 1011 PipeWire specific options are: 1012 1013 ``in|out.latency=usecs`` 1014 Desired latency in microseconds. 1015 1016 ``in|out.name=sink`` 1017 Use the specified source/sink for recording/playback. 1018 1019 ``in|out.stream-name`` 1020 Specify the name of pipewire stream. 1021 1022``-audiodev sdl,id=id[,prop[=value][,...]]`` 1023 Creates a backend using SDL. This backend is available on most 1024 systems, but you should use your platform's native backend if 1025 possible. 1026 1027 SDL specific options are: 1028 1029 ``in|out.buffer-count=count`` 1030 Sets the count of the buffers. 1031 1032``-audiodev sndio,id=id[,prop[=value][,...]]`` 1033 Creates a backend using SNDIO. This backend is available on 1034 OpenBSD and most other Unix-like systems. 1035 1036 Sndio specific options are: 1037 1038 ``in|out.dev=device`` 1039 Specify the sndio device to use for input and/or output. Default 1040 is ``default``. 1041 1042 ``in|out.latency=usecs`` 1043 Sets the desired period length in microseconds. 1044 1045``-audiodev spice,id=id[,prop[=value][,...]]`` 1046 Creates a backend that sends audio through SPICE. This backend 1047 requires ``-spice`` and automatically selected in that case, so 1048 usually you can ignore this option. This backend has no backend 1049 specific properties. 1050 1051``-audiodev wav,id=id[,prop[=value][,...]]`` 1052 Creates a backend that writes audio to a WAV file. 1053 1054 Backend specific options are: 1055 1056 ``path=path`` 1057 Write recorded audio into the specified file. Default is 1058 ``qemu.wav``. 1059ERST 1060 1061DEF("device", HAS_ARG, QEMU_OPTION_device, 1062 "-device driver[,prop[=value][,...]]\n" 1063 " add device (based on driver)\n" 1064 " prop=value,... sets driver properties\n" 1065 " use '-device help' to print all possible drivers\n" 1066 " use '-device driver,help' to print all possible properties\n", 1067 QEMU_ARCH_ALL) 1068SRST 1069``-device driver[,prop[=value][,...]]`` 1070 Add device driver. prop=value sets driver properties. Valid 1071 properties depend on the driver. To get help on possible drivers and 1072 properties, use ``-device help`` and ``-device driver,help``. 1073 1074 Some drivers are: 1075 1076``-device ipmi-bmc-sim,id=id[,prop[=value][,...]]`` 1077 Add an IPMI BMC. This is a simulation of a hardware management 1078 interface processor that normally sits on a system. It provides a 1079 watchdog and the ability to reset and power control the system. You 1080 need to connect this to an IPMI interface to make it useful 1081 1082 The IPMI slave address to use for the BMC. The default is 0x20. This 1083 address is the BMC's address on the I2C network of management 1084 controllers. If you don't know what this means, it is safe to ignore 1085 it. 1086 1087 ``id=id`` 1088 The BMC id for interfaces to use this device. 1089 1090 ``slave_addr=val`` 1091 Define slave address to use for the BMC. The default is 0x20. 1092 1093 ``sdrfile=file`` 1094 file containing raw Sensor Data Records (SDR) data. The default 1095 is none. 1096 1097 ``fruareasize=val`` 1098 size of a Field Replaceable Unit (FRU) area. The default is 1099 1024. 1100 1101 ``frudatafile=file`` 1102 file containing raw Field Replaceable Unit (FRU) inventory data. 1103 The default is none. 1104 1105 ``guid=uuid`` 1106 value for the GUID for the BMC, in standard UUID format. If this 1107 is set, get "Get GUID" command to the BMC will return it. 1108 Otherwise "Get GUID" will return an error. 1109 1110``-device ipmi-bmc-extern,id=id,chardev=id[,slave_addr=val]`` 1111 Add a connection to an external IPMI BMC simulator. Instead of 1112 locally emulating the BMC like the above item, instead connect to an 1113 external entity that provides the IPMI services. 1114 1115 A connection is made to an external BMC simulator. If you do this, 1116 it is strongly recommended that you use the "reconnect-ms=" chardev 1117 option to reconnect to the simulator if the connection is lost. Note 1118 that if this is not used carefully, it can be a security issue, as 1119 the interface has the ability to send resets, NMIs, and power off 1120 the VM. It's best if QEMU makes a connection to an external 1121 simulator running on a secure port on localhost, so neither the 1122 simulator nor QEMU is exposed to any outside network. 1123 1124 See the "lanserv/README.vm" file in the OpenIPMI library for more 1125 details on the external interface. 1126 1127``-device isa-ipmi-kcs,bmc=id[,ioport=val][,irq=val]`` 1128 Add a KCS IPMI interface on the ISA bus. This also adds a 1129 corresponding ACPI and SMBIOS entries, if appropriate. 1130 1131 ``bmc=id`` 1132 The BMC to connect to, one of ipmi-bmc-sim or ipmi-bmc-extern 1133 above. 1134 1135 ``ioport=val`` 1136 Define the I/O address of the interface. The default is 0xca0 1137 for KCS. 1138 1139 ``irq=val`` 1140 Define the interrupt to use. The default is 5. To disable 1141 interrupts, set this to 0. 1142 1143``-device isa-ipmi-bt,bmc=id[,ioport=val][,irq=val]`` 1144 Like the KCS interface, but defines a BT interface. The default port 1145 is 0xe4 and the default interrupt is 5. 1146 1147``-device pci-ipmi-kcs,bmc=id`` 1148 Add a KCS IPMI interface on the PCI bus. 1149 1150 ``bmc=id`` 1151 The BMC to connect to, one of ipmi-bmc-sim or ipmi-bmc-extern above. 1152 1153``-device pci-ipmi-bt,bmc=id`` 1154 Like the KCS interface, but defines a BT interface on the PCI bus. 1155 1156``-device intel-iommu[,option=...]`` 1157 This is only supported by ``-machine q35``, which will enable Intel VT-d 1158 emulation within the guest. It supports below options: 1159 1160 ``intremap=on|off`` (default: auto) 1161 This enables interrupt remapping feature. It's required to enable 1162 complete x2apic. Currently it only supports kvm kernel-irqchip modes 1163 ``off`` or ``split``, while full kernel-irqchip is not yet supported. 1164 The default value is "auto", which will be decided by the mode of 1165 kernel-irqchip. 1166 1167 ``caching-mode=on|off`` (default: off) 1168 This enables caching mode for the VT-d emulated device. When 1169 caching-mode is enabled, each guest DMA buffer mapping will generate an 1170 IOTLB invalidation from the guest IOMMU driver to the vIOMMU device in 1171 a synchronous way. It is required for ``-device vfio-pci`` to work 1172 with the VT-d device, because host assigned devices requires to setup 1173 the DMA mapping on the host before guest DMA starts. 1174 1175 ``device-iotlb=on|off`` (default: off) 1176 This enables device-iotlb capability for the emulated VT-d device. So 1177 far virtio/vhost should be the only real user for this parameter, 1178 paired with ats=on configured for the device. 1179 1180 ``aw-bits=39|48`` (default: 39) 1181 This decides the address width of IOVA address space. The address 1182 space has 39 bits width for 3-level IOMMU page tables, and 48 bits for 1183 4-level IOMMU page tables. 1184 1185 Please also refer to the wiki page for general scenarios of VT-d 1186 emulation in QEMU: https://wiki.qemu.org/Features/VT-d. 1187 1188``-device virtio-iommu-pci[,option=...]`` 1189 This is only supported by ``-machine q35`` (x86_64) and ``-machine virt`` (ARM). 1190 It supports below options: 1191 1192 ``granule=val`` (possible values are 4k, 8k, 16k, 64k and host; default: host) 1193 This decides the default granule to be be exposed by the 1194 virtio-iommu. If host, the granule matches the host page size. 1195 1196 ``aw-bits=val`` (val between 32 and 64, default depends on machine) 1197 This decides the address width of the IOVA address space. 1198 1199ERST 1200 1201DEF("name", HAS_ARG, QEMU_OPTION_name, 1202 "-name string1[,process=string2][,debug-threads=on|off]\n" 1203 " set the name of the guest\n" 1204 " string1 sets the window title and string2 the process name\n" 1205 " When debug-threads is enabled, individual threads are given a separate name\n" 1206 " NOTE: The thread names are for debugging and not a stable API.\n", 1207 QEMU_ARCH_ALL) 1208SRST 1209``-name name`` 1210 Sets the name of the guest. This name will be displayed in the SDL 1211 window caption. The name will also be used for the VNC server. Also 1212 optionally set the top visible process name in Linux. Naming of 1213 individual threads can also be enabled on Linux to aid debugging. 1214ERST 1215 1216DEF("uuid", HAS_ARG, QEMU_OPTION_uuid, 1217 "-uuid %08x-%04x-%04x-%04x-%012x\n" 1218 " specify machine UUID\n", QEMU_ARCH_ALL) 1219SRST 1220``-uuid uuid`` 1221 Set system UUID. 1222ERST 1223 1224DEFHEADING() 1225 1226DEFHEADING(Block device options:) 1227 1228SRST 1229The QEMU block device handling options have a long history and 1230have gone through several iterations as the feature set and complexity 1231of the block layer have grown. Many online guides to QEMU often 1232reference older and deprecated options, which can lead to confusion. 1233 1234The most explicit way to describe disks is to use a combination of 1235``-device`` to specify the hardware device and ``-blockdev`` to 1236describe the backend. The device defines what the guest sees and the 1237backend describes how QEMU handles the data. It is the only guaranteed 1238stable interface for describing block devices and as such is 1239recommended for management tools and scripting. 1240 1241The ``-drive`` option combines the device and backend into a single 1242command line option which is a more human friendly. There is however no 1243interface stability guarantee although some older board models still 1244need updating to work with the modern blockdev forms. 1245 1246Older options like ``-hda`` are essentially macros which expand into 1247``-drive`` options for various drive interfaces. The original forms 1248bake in a lot of assumptions from the days when QEMU was emulating a 1249legacy PC, they are not recommended for modern configurations. 1250 1251ERST 1252 1253DEF("fda", HAS_ARG, QEMU_OPTION_fda, 1254 "-fda/-fdb file use 'file' as floppy disk 0/1 image\n", QEMU_ARCH_ALL) 1255DEF("fdb", HAS_ARG, QEMU_OPTION_fdb, "", QEMU_ARCH_ALL) 1256SRST 1257``-fda file`` 1258 \ 1259``-fdb file`` 1260 Use file as floppy disk 0/1 image (see the :ref:`disk images` chapter in 1261 the System Emulation Users Guide). 1262ERST 1263 1264DEF("hda", HAS_ARG, QEMU_OPTION_hda, 1265 "-hda/-hdb file use 'file' as hard disk 0/1 image\n", QEMU_ARCH_ALL) 1266DEF("hdb", HAS_ARG, QEMU_OPTION_hdb, "", QEMU_ARCH_ALL) 1267DEF("hdc", HAS_ARG, QEMU_OPTION_hdc, 1268 "-hdc/-hdd file use 'file' as hard disk 2/3 image\n", QEMU_ARCH_ALL) 1269DEF("hdd", HAS_ARG, QEMU_OPTION_hdd, "", QEMU_ARCH_ALL) 1270SRST 1271``-hda file`` 1272 \ 1273``-hdb file`` 1274 \ 1275``-hdc file`` 1276 \ 1277``-hdd file`` 1278 Use file as hard disk 0, 1, 2 or 3 image on the default bus of the 1279 emulated machine (this is for example the IDE bus on most x86 machines, 1280 but it can also be SCSI, virtio or something else on other target 1281 architectures). See also the :ref:`disk images` chapter in the System 1282 Emulation Users Guide. 1283ERST 1284 1285DEF("cdrom", HAS_ARG, QEMU_OPTION_cdrom, 1286 "-cdrom file use 'file' as CD-ROM image\n", 1287 QEMU_ARCH_ALL) 1288SRST 1289``-cdrom file`` 1290 Use file as CD-ROM image on the default bus of the emulated machine 1291 (which is IDE1 master on x86, so you cannot use ``-hdc`` and ``-cdrom`` 1292 at the same time there). On systems that support it, you can use the 1293 host CD-ROM by using ``/dev/cdrom`` as filename. 1294ERST 1295 1296DEF("blockdev", HAS_ARG, QEMU_OPTION_blockdev, 1297 "-blockdev [driver=]driver[,node-name=N][,discard=ignore|unmap]\n" 1298 " [,cache.direct=on|off][,cache.no-flush=on|off]\n" 1299 " [,read-only=on|off][,auto-read-only=on|off]\n" 1300 " [,force-share=on|off][,detect-zeroes=on|off|unmap]\n" 1301 " [,driver specific parameters...]\n" 1302 " configure a block backend\n", QEMU_ARCH_ALL) 1303SRST 1304``-blockdev option[,option[,option[,...]]]`` 1305 Define a new block driver node. Some of the options apply to all 1306 block drivers, other options are only accepted for a specific block 1307 driver. See below for a list of generic options and options for the 1308 most common block drivers. 1309 1310 Options that expect a reference to another node (e.g. ``file``) can 1311 be given in two ways. Either you specify the node name of an already 1312 existing node (file=node-name), or you define a new node inline, 1313 adding options for the referenced node after a dot 1314 (file.filename=path,file.aio=native). 1315 1316 A block driver node created with ``-blockdev`` can be used for a 1317 guest device by specifying its node name for the ``drive`` property 1318 in a ``-device`` argument that defines a block device. 1319 1320 ``Valid options for any block driver node:`` 1321 ``driver`` 1322 Specifies the block driver to use for the given node. 1323 1324 ``node-name`` 1325 This defines the name of the block driver node by which it 1326 will be referenced later. The name must be unique, i.e. it 1327 must not match the name of a different block driver node, or 1328 (if you use ``-drive`` as well) the ID of a drive. 1329 1330 If no node name is specified, it is automatically generated. 1331 The generated node name is not intended to be predictable 1332 and changes between QEMU invocations. For the top level, an 1333 explicit node name must be specified. 1334 1335 ``read-only`` 1336 Open the node read-only. Guest write attempts will fail. 1337 1338 Note that some block drivers support only read-only access, 1339 either generally or in certain configurations. In this case, 1340 the default value ``read-only=off`` does not work and the 1341 option must be specified explicitly. 1342 1343 ``auto-read-only`` 1344 If ``auto-read-only=on`` is set, QEMU may fall back to 1345 read-only usage even when ``read-only=off`` is requested, or 1346 even switch between modes as needed, e.g. depending on 1347 whether the image file is writable or whether a writing user 1348 is attached to the node. 1349 1350 ``force-share`` 1351 Override the image locking system of QEMU by forcing the 1352 node to utilize weaker shared access for permissions where 1353 it would normally request exclusive access. When there is 1354 the potential for multiple instances to have the same file 1355 open (whether this invocation of QEMU is the first or the 1356 second instance), both instances must permit shared access 1357 for the second instance to succeed at opening the file. 1358 1359 Enabling ``force-share=on`` requires ``read-only=on``. 1360 1361 ``cache.direct`` 1362 The host page cache can be avoided with ``cache.direct=on``. 1363 This will attempt to do disk IO directly to the guest's 1364 memory. QEMU may still perform an internal copy of the data. 1365 1366 ``cache.no-flush`` 1367 In case you don't care about data integrity over host 1368 failures, you can use ``cache.no-flush=on``. This option 1369 tells QEMU that it never needs to write any data to the disk 1370 but can instead keep things in cache. If anything goes 1371 wrong, like your host losing power, the disk storage getting 1372 disconnected accidentally, etc. your image will most 1373 probably be rendered unusable. 1374 1375 ``discard=discard`` 1376 discard is one of "ignore" (or "off") or "unmap" (or "on") 1377 and controls whether ``discard`` (also known as ``trim`` or 1378 ``unmap``) requests are ignored or passed to the filesystem. 1379 Some machine types may not support discard requests. 1380 1381 ``detect-zeroes=detect-zeroes`` 1382 detect-zeroes is "off", "on" or "unmap" and enables the 1383 automatic conversion of plain zero writes by the OS to 1384 driver specific optimized zero write commands. You may even 1385 choose "unmap" if discard is set to "unmap" to allow a zero 1386 write to be converted to an ``unmap`` operation. 1387 1388 ``Driver-specific options for file`` 1389 This is the protocol-level block driver for accessing regular 1390 files. 1391 1392 ``filename`` 1393 The path to the image file in the local filesystem 1394 1395 ``aio`` 1396 Specifies the AIO backend (threads/native/io_uring, 1397 default: threads) 1398 1399 ``locking`` 1400 Specifies whether the image file is protected with Linux OFD 1401 / POSIX locks. The default is to use the Linux Open File 1402 Descriptor API if available, otherwise no lock is applied. 1403 (auto/on/off, default: auto) 1404 1405 Example: 1406 1407 :: 1408 1409 -blockdev driver=file,node-name=disk,filename=disk.img 1410 1411 ``Driver-specific options for raw`` 1412 This is the image format block driver for raw images. It is 1413 usually stacked on top of a protocol level block driver such as 1414 ``file``. 1415 1416 ``file`` 1417 Reference to or definition of the data source block driver 1418 node (e.g. a ``file`` driver node) 1419 1420 Example 1: 1421 1422 :: 1423 1424 -blockdev driver=file,node-name=disk_file,filename=disk.img 1425 -blockdev driver=raw,node-name=disk,file=disk_file 1426 1427 Example 2: 1428 1429 :: 1430 1431 -blockdev driver=raw,node-name=disk,file.driver=file,file.filename=disk.img 1432 1433 ``Driver-specific options for qcow2`` 1434 This is the image format block driver for qcow2 images. It is 1435 usually stacked on top of a protocol level block driver such as 1436 ``file``. 1437 1438 ``file`` 1439 Reference to or definition of the data source block driver 1440 node (e.g. a ``file`` driver node) 1441 1442 ``backing`` 1443 Reference to or definition of the backing file block device 1444 (default is taken from the image file). It is allowed to 1445 pass ``null`` here in order to disable the default backing 1446 file. 1447 1448 ``lazy-refcounts`` 1449 Whether to enable the lazy refcounts feature (on/off; 1450 default is taken from the image file) 1451 1452 ``cache-size`` 1453 The maximum total size of the L2 table and refcount block 1454 caches in bytes (default: the sum of l2-cache-size and 1455 refcount-cache-size) 1456 1457 ``l2-cache-size`` 1458 The maximum size of the L2 table cache in bytes (default: if 1459 cache-size is not specified - 32M on Linux platforms, and 8M 1460 on non-Linux platforms; otherwise, as large as possible 1461 within the cache-size, while permitting the requested or the 1462 minimal refcount cache size) 1463 1464 ``refcount-cache-size`` 1465 The maximum size of the refcount block cache in bytes 1466 (default: 4 times the cluster size; or if cache-size is 1467 specified, the part of it which is not used for the L2 1468 cache) 1469 1470 ``cache-clean-interval`` 1471 Clean unused entries in the L2 and refcount caches. The 1472 interval is in seconds. The default value is 600 on 1473 supporting platforms, and 0 on other platforms. Setting it 1474 to 0 disables this feature. 1475 1476 ``pass-discard-request`` 1477 Whether discard requests to the qcow2 device should be 1478 forwarded to the data source (on/off; default: on if 1479 discard=unmap is specified, off otherwise) 1480 1481 ``pass-discard-snapshot`` 1482 Whether discard requests for the data source should be 1483 issued when a snapshot operation (e.g. deleting a snapshot) 1484 frees clusters in the qcow2 file (on/off; default: on) 1485 1486 ``pass-discard-other`` 1487 Whether discard requests for the data source should be 1488 issued on other occasions where a cluster gets freed 1489 (on/off; default: off) 1490 1491 ``discard-no-unref`` 1492 When enabled, data clusters will remain preallocated when they are 1493 no longer used, e.g. because they are discarded or converted to 1494 zero clusters. As usual, whether the old data is discarded or kept 1495 on the protocol level (i.e. in the image file) depends on the 1496 setting of the pass-discard-request option. Keeping the clusters 1497 preallocated prevents qcow2 fragmentation that would otherwise be 1498 caused by freeing and re-allocating them later. Besides potential 1499 performance degradation, such fragmentation can lead to increased 1500 allocation of clusters past the end of the image file, 1501 resulting in image files whose file length can grow much larger 1502 than their guest disk size would suggest. 1503 If image file length is of concern (e.g. when storing qcow2 1504 images directly on block devices), you should consider enabling 1505 this option. 1506 1507 ``overlap-check`` 1508 Which overlap checks to perform for writes to the image 1509 (none/constant/cached/all; default: cached). For details or 1510 finer granularity control refer to the QAPI documentation of 1511 ``blockdev-add``. 1512 1513 Example 1: 1514 1515 :: 1516 1517 -blockdev driver=file,node-name=my_file,filename=/tmp/disk.qcow2 1518 -blockdev driver=qcow2,node-name=hda,file=my_file,overlap-check=none,cache-size=16777216 1519 1520 Example 2: 1521 1522 :: 1523 1524 -blockdev driver=qcow2,node-name=disk,file.driver=http,file.filename=http://example.com/image.qcow2 1525 1526 ``Driver-specific options for other drivers`` 1527 Please refer to the QAPI documentation of the ``blockdev-add`` 1528 QMP command. 1529ERST 1530 1531DEF("drive", HAS_ARG, QEMU_OPTION_drive, 1532 "-drive [file=file][,if=type][,bus=n][,unit=m][,media=d][,index=i]\n" 1533 " [,cache=writethrough|writeback|none|directsync|unsafe][,format=f]\n" 1534 " [,snapshot=on|off][,rerror=ignore|stop|report]\n" 1535 " [,werror=ignore|stop|report|enospc][,id=name]\n" 1536 " [,aio=threads|native|io_uring]\n" 1537 " [,readonly=on|off][,copy-on-read=on|off]\n" 1538 " [,discard=ignore|unmap][,detect-zeroes=on|off|unmap]\n" 1539 " [[,bps=b]|[[,bps_rd=r][,bps_wr=w]]]\n" 1540 " [[,iops=i]|[[,iops_rd=r][,iops_wr=w]]]\n" 1541 " [[,bps_max=bm]|[[,bps_rd_max=rm][,bps_wr_max=wm]]]\n" 1542 " [[,iops_max=im]|[[,iops_rd_max=irm][,iops_wr_max=iwm]]]\n" 1543 " [[,iops_size=is]]\n" 1544 " [[,group=g]]\n" 1545 " use 'file' as a drive image\n", QEMU_ARCH_ALL) 1546SRST 1547``-drive option[,option[,option[,...]]]`` 1548 Define a new drive. This includes creating a block driver node (the 1549 backend) as well as a guest device, and is mostly a shortcut for 1550 defining the corresponding ``-blockdev`` and ``-device`` options. 1551 1552 ``-drive`` accepts all options that are accepted by ``-blockdev``. 1553 In addition, it knows the following options: 1554 1555 ``file=file`` 1556 This option defines which disk image (see the :ref:`disk images` 1557 chapter in the System Emulation Users Guide) to use with this drive. 1558 If the filename contains comma, you must double it (for instance, 1559 "file=my,,file" to use file "my,file"). 1560 1561 Special files such as iSCSI devices can be specified using 1562 protocol specific URLs. See the section for "Device URL Syntax" 1563 for more information. 1564 1565 ``if=interface`` 1566 This option defines on which type on interface the drive is 1567 connected. Available types are: ide, scsi, sd, mtd, floppy, 1568 pflash, virtio, none. 1569 1570 ``bus=bus,unit=unit`` 1571 These options define where is connected the drive by defining 1572 the bus number and the unit id. 1573 1574 ``index=index`` 1575 This option defines where the drive is connected by using an 1576 index in the list of available connectors of a given interface 1577 type. 1578 1579 ``media=media`` 1580 This option defines the type of the media: disk or cdrom. 1581 1582 ``snapshot=snapshot`` 1583 snapshot is "on" or "off" and controls snapshot mode for the 1584 given drive (see ``-snapshot``). 1585 1586 ``cache=cache`` 1587 cache is "none", "writeback", "unsafe", "directsync" or 1588 "writethrough" and controls how the host cache is used to access 1589 block data. This is a shortcut that sets the ``cache.direct`` 1590 and ``cache.no-flush`` options (as in ``-blockdev``), and 1591 additionally ``cache.writeback``, which provides a default for 1592 the ``write-cache`` option of block guest devices (as in 1593 ``-device``). The modes correspond to the following settings: 1594 1595 ============= =============== ============ ============== 1596 \ cache.writeback cache.direct cache.no-flush 1597 ============= =============== ============ ============== 1598 writeback on off off 1599 none on on off 1600 writethrough off off off 1601 directsync off on off 1602 unsafe on off on 1603 ============= =============== ============ ============== 1604 1605 The default mode is ``cache=writeback``. 1606 1607 ``aio=aio`` 1608 aio is "threads", "native", or "io_uring" and selects between pthread 1609 based disk I/O, native Linux AIO, or Linux io_uring API. 1610 1611 ``format=format`` 1612 Specify which disk format will be used rather than detecting the 1613 format. Can be used to specify format=raw to avoid interpreting 1614 an untrusted format header. 1615 1616 ``werror=action,rerror=action`` 1617 Specify which action to take on write and read errors. Valid 1618 actions are: "ignore" (ignore the error and try to continue), 1619 "stop" (pause QEMU), "report" (report the error to the guest), 1620 "enospc" (pause QEMU only if the host disk is full; report the 1621 error to the guest otherwise). The default setting is 1622 ``werror=enospc`` and ``rerror=report``. 1623 1624 ``copy-on-read=copy-on-read`` 1625 copy-on-read is "on" or "off" and enables whether to copy read 1626 backing file sectors into the image file. 1627 1628 ``bps=b,bps_rd=r,bps_wr=w`` 1629 Specify bandwidth throttling limits in bytes per second, either 1630 for all request types or for reads or writes only. Small values 1631 can lead to timeouts or hangs inside the guest. A safe minimum 1632 for disks is 2 MB/s. 1633 1634 ``bps_max=bm,bps_rd_max=rm,bps_wr_max=wm`` 1635 Specify bursts in bytes per second, either for all request types 1636 or for reads or writes only. Bursts allow the guest I/O to spike 1637 above the limit temporarily. 1638 1639 ``iops=i,iops_rd=r,iops_wr=w`` 1640 Specify request rate limits in requests per second, either for 1641 all request types or for reads or writes only. 1642 1643 ``iops_max=bm,iops_rd_max=rm,iops_wr_max=wm`` 1644 Specify bursts in requests per second, either for all request 1645 types or for reads or writes only. Bursts allow the guest I/O to 1646 spike above the limit temporarily. 1647 1648 ``iops_size=is`` 1649 Let every is bytes of a request count as a new request for iops 1650 throttling purposes. Use this option to prevent guests from 1651 circumventing iops limits by sending fewer but larger requests. 1652 1653 ``group=g`` 1654 Join a throttling quota group with given name g. All drives that 1655 are members of the same group are accounted for together. Use 1656 this option to prevent guests from circumventing throttling 1657 limits by using many small disks instead of a single larger 1658 disk. 1659 1660 By default, the ``cache.writeback=on`` mode is used. It will report 1661 data writes as completed as soon as the data is present in the host 1662 page cache. This is safe as long as your guest OS makes sure to 1663 correctly flush disk caches where needed. If your guest OS does not 1664 handle volatile disk write caches correctly and your host crashes or 1665 loses power, then the guest may experience data corruption. 1666 1667 For such guests, you should consider using ``cache.writeback=off``. 1668 This means that the host page cache will be used to read and write 1669 data, but write notification will be sent to the guest only after 1670 QEMU has made sure to flush each write to the disk. Be aware that 1671 this has a major impact on performance. 1672 1673 When using the ``-snapshot`` option, unsafe caching is always used. 1674 1675 Copy-on-read avoids accessing the same backing file sectors 1676 repeatedly and is useful when the backing file is over a slow 1677 network. By default copy-on-read is off. 1678 1679 Instead of ``-cdrom`` you can use: 1680 1681 .. parsed-literal:: 1682 1683 |qemu_system| -drive file=file,index=2,media=cdrom 1684 1685 Instead of ``-hda``, ``-hdb``, ``-hdc``, ``-hdd``, you can use: 1686 1687 .. parsed-literal:: 1688 1689 |qemu_system| -drive file=file,index=0,media=disk 1690 |qemu_system| -drive file=file,index=1,media=disk 1691 |qemu_system| -drive file=file,index=2,media=disk 1692 |qemu_system| -drive file=file,index=3,media=disk 1693 1694 You can open an image using pre-opened file descriptors from an fd 1695 set: 1696 1697 .. parsed-literal:: 1698 1699 |qemu_system| \\ 1700 -add-fd fd=3,set=2,opaque="rdwr:/path/to/file" \\ 1701 -add-fd fd=4,set=2,opaque="rdonly:/path/to/file" \\ 1702 -drive file=/dev/fdset/2,index=0,media=disk 1703 1704 You can connect a CDROM to the slave of ide0: 1705 1706 .. parsed-literal:: 1707 1708 |qemu_system_x86| -drive file=file,if=ide,index=1,media=cdrom 1709 1710 If you don't specify the "file=" argument, you define an empty 1711 drive: 1712 1713 .. parsed-literal:: 1714 1715 |qemu_system_x86| -drive if=ide,index=1,media=cdrom 1716 1717 Instead of ``-fda``, ``-fdb``, you can use: 1718 1719 .. parsed-literal:: 1720 1721 |qemu_system_x86| -drive file=file,index=0,if=floppy 1722 |qemu_system_x86| -drive file=file,index=1,if=floppy 1723 1724 By default, interface is "ide" and index is automatically 1725 incremented: 1726 1727 .. parsed-literal:: 1728 1729 |qemu_system_x86| -drive file=a -drive file=b 1730 1731 is interpreted like: 1732 1733 .. parsed-literal:: 1734 1735 |qemu_system_x86| -hda a -hdb b 1736ERST 1737 1738DEF("mtdblock", HAS_ARG, QEMU_OPTION_mtdblock, 1739 "-mtdblock file use 'file' as on-board Flash memory image\n", 1740 QEMU_ARCH_ALL) 1741SRST 1742``-mtdblock file`` 1743 Use file as on-board Flash memory image. 1744ERST 1745 1746DEF("sd", HAS_ARG, QEMU_OPTION_sd, 1747 "-sd file use 'file' as SecureDigital card image\n", QEMU_ARCH_ALL) 1748SRST 1749``-sd file`` 1750 Use file as SecureDigital card image. 1751ERST 1752 1753DEF("snapshot", 0, QEMU_OPTION_snapshot, 1754 "-snapshot write to temporary files instead of disk image files\n", 1755 QEMU_ARCH_ALL) 1756SRST 1757``-snapshot`` 1758 Write to temporary files instead of disk image files. In this case, 1759 the raw disk image you use is not written back. You can however 1760 force the write back by pressing C-a s (see the :ref:`disk images` 1761 chapter in the System Emulation Users Guide). 1762 1763 .. warning:: 1764 snapshot is incompatible with ``-blockdev`` (instead use qemu-img 1765 to manually create snapshot images to attach to your blockdev). 1766 If you have mixed ``-blockdev`` and ``-drive`` declarations you 1767 can use the 'snapshot' property on your drive declarations 1768 instead of this global option. 1769 1770ERST 1771 1772DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev, 1773 "-fsdev local,id=id,path=path,security_model=mapped-xattr|mapped-file|passthrough|none\n" 1774 " [,writeout=immediate][,readonly=on][,fmode=fmode][,dmode=dmode]\n" 1775 " [[,throttling.bps-total=b]|[[,throttling.bps-read=r][,throttling.bps-write=w]]]\n" 1776 " [[,throttling.iops-total=i]|[[,throttling.iops-read=r][,throttling.iops-write=w]]]\n" 1777 " [[,throttling.bps-total-max=bm]|[[,throttling.bps-read-max=rm][,throttling.bps-write-max=wm]]]\n" 1778 " [[,throttling.iops-total-max=im]|[[,throttling.iops-read-max=irm][,throttling.iops-write-max=iwm]]]\n" 1779 " [[,throttling.iops-size=is]]\n" 1780 "-fsdev synth,id=id\n", 1781 QEMU_ARCH_ALL) 1782 1783SRST 1784``-fsdev local,id=id,path=path,security_model=security_model [,writeout=writeout][,readonly=on][,fmode=fmode][,dmode=dmode] [,throttling.option=value[,throttling.option=value[,...]]]`` 1785 \ 1786``-fsdev synth,id=id[,readonly=on]`` 1787 Define a new file system device. Valid options are: 1788 1789 ``local`` 1790 Accesses to the filesystem are done by QEMU. 1791 1792 ``synth`` 1793 Synthetic filesystem, only used by QTests. 1794 1795 ``id=id`` 1796 Specifies identifier for this device. 1797 1798 ``path=path`` 1799 Specifies the export path for the file system device. Files 1800 under this path will be available to the 9p client on the guest. 1801 1802 ``security_model=security_model`` 1803 Specifies the security model to be used for this export path. 1804 Supported security models are "passthrough", "mapped-xattr", 1805 "mapped-file" and "none". In "passthrough" security model, files 1806 are stored using the same credentials as they are created on the 1807 guest. This requires QEMU to run as root. In "mapped-xattr" 1808 security model, some of the file attributes like uid, gid, mode 1809 bits and link target are stored as file attributes. For 1810 "mapped-file" these attributes are stored in the hidden 1811 .virtfs\_metadata directory. Directories exported by this 1812 security model cannot interact with other unix tools. "none" 1813 security model is same as passthrough except the sever won't 1814 report failures if it fails to set file attributes like 1815 ownership. Security model is mandatory only for local fsdriver. 1816 1817 ``writeout=writeout`` 1818 This is an optional argument. The only supported value is 1819 "immediate". This means that host page cache will be used to 1820 read and write data but write notification will be sent to the 1821 guest only when the data has been reported as written by the 1822 storage subsystem. 1823 1824 ``readonly=on`` 1825 Enables exporting 9p share as a readonly mount for guests. By 1826 default read-write access is given. 1827 1828 ``fmode=fmode`` 1829 Specifies the default mode for newly created files on the host. 1830 Works only with security models "mapped-xattr" and 1831 "mapped-file". 1832 1833 ``dmode=dmode`` 1834 Specifies the default mode for newly created directories on the 1835 host. Works only with security models "mapped-xattr" and 1836 "mapped-file". 1837 1838 ``throttling.bps-total=b,throttling.bps-read=r,throttling.bps-write=w`` 1839 Specify bandwidth throttling limits in bytes per second, either 1840 for all request types or for reads or writes only. 1841 1842 ``throttling.bps-total-max=bm,bps-read-max=rm,bps-write-max=wm`` 1843 Specify bursts in bytes per second, either for all request types 1844 or for reads or writes only. Bursts allow the guest I/O to spike 1845 above the limit temporarily. 1846 1847 ``throttling.iops-total=i,throttling.iops-read=r, throttling.iops-write=w`` 1848 Specify request rate limits in requests per second, either for 1849 all request types or for reads or writes only. 1850 1851 ``throttling.iops-total-max=im,throttling.iops-read-max=irm, throttling.iops-write-max=iwm`` 1852 Specify bursts in requests per second, either for all request 1853 types or for reads or writes only. Bursts allow the guest I/O to 1854 spike above the limit temporarily. 1855 1856 ``throttling.iops-size=is`` 1857 Let every is bytes of a request count as a new request for iops 1858 throttling purposes. 1859 1860 -fsdev option is used along with -device driver "virtio-9p-...". 1861 1862``-device virtio-9p-type,fsdev=id,mount_tag=mount_tag`` 1863 Options for virtio-9p-... driver are: 1864 1865 ``type`` 1866 Specifies the variant to be used. Supported values are "pci", 1867 "ccw" or "device", depending on the machine type. 1868 1869 ``fsdev=id`` 1870 Specifies the id value specified along with -fsdev option. 1871 1872 ``mount_tag=mount_tag`` 1873 Specifies the tag name to be used by the guest to mount this 1874 export point. 1875ERST 1876 1877DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs, 1878 "-virtfs local,path=path,mount_tag=tag,security_model=mapped-xattr|mapped-file|passthrough|none\n" 1879 " [,id=id][,writeout=immediate][,readonly=on][,fmode=fmode][,dmode=dmode][,multidevs=remap|forbid|warn]\n" 1880 "-virtfs synth,mount_tag=tag[,id=id][,readonly=on]\n", 1881 QEMU_ARCH_ALL) 1882 1883SRST 1884``-virtfs local,path=path,mount_tag=mount_tag ,security_model=security_model[,writeout=writeout][,readonly=on] [,fmode=fmode][,dmode=dmode][,multidevs=multidevs]`` 1885 \ 1886``-virtfs synth,mount_tag=mount_tag`` 1887 Define a new virtual filesystem device and expose it to the guest using 1888 a virtio-9p-device (a.k.a. 9pfs), which essentially means that a certain 1889 directory on host is made directly accessible by guest as a pass-through 1890 file system by using the 9P network protocol for communication between 1891 host and guests, if desired even accessible, shared by several guests 1892 simultaneously. 1893 1894 Note that ``-virtfs`` is actually just a convenience shortcut for its 1895 generalized form ``-fsdev -device virtio-9p-pci``. 1896 1897 The general form of pass-through file system options are: 1898 1899 ``local`` 1900 Accesses to the filesystem are done by QEMU. 1901 1902 ``synth`` 1903 Synthetic filesystem, only used by QTests. 1904 1905 ``id=id`` 1906 Specifies identifier for the filesystem device 1907 1908 ``path=path`` 1909 Specifies the export path for the file system device. Files 1910 under this path will be available to the 9p client on the guest. 1911 1912 ``security_model=security_model`` 1913 Specifies the security model to be used for this export path. 1914 Supported security models are "passthrough", "mapped-xattr", 1915 "mapped-file" and "none". In "passthrough" security model, files 1916 are stored using the same credentials as they are created on the 1917 guest. This requires QEMU to run as root. In "mapped-xattr" 1918 security model, some of the file attributes like uid, gid, mode 1919 bits and link target are stored as file attributes. For 1920 "mapped-file" these attributes are stored in the hidden 1921 .virtfs\_metadata directory. Directories exported by this 1922 security model cannot interact with other unix tools. "none" 1923 security model is same as passthrough except the sever won't 1924 report failures if it fails to set file attributes like 1925 ownership. Security model is mandatory only for local fsdriver. 1926 1927 ``writeout=writeout`` 1928 This is an optional argument. The only supported value is 1929 "immediate". This means that host page cache will be used to 1930 read and write data but write notification will be sent to the 1931 guest only when the data has been reported as written by the 1932 storage subsystem. 1933 1934 ``readonly=on`` 1935 Enables exporting 9p share as a readonly mount for guests. By 1936 default read-write access is given. 1937 1938 ``fmode=fmode`` 1939 Specifies the default mode for newly created files on the host. 1940 Works only with security models "mapped-xattr" and 1941 "mapped-file". 1942 1943 ``dmode=dmode`` 1944 Specifies the default mode for newly created directories on the 1945 host. Works only with security models "mapped-xattr" and 1946 "mapped-file". 1947 1948 ``mount_tag=mount_tag`` 1949 Specifies the tag name to be used by the guest to mount this 1950 export point. 1951 1952 ``multidevs=multidevs`` 1953 Specifies how to deal with multiple devices being shared with a 1954 9p export. Supported behaviours are either "remap", "forbid" or 1955 "warn". The latter is the default behaviour on which virtfs 9p 1956 expects only one device to be shared with the same export, and 1957 if more than one device is shared and accessed via the same 9p 1958 export then only a warning message is logged (once) by qemu on 1959 host side. In order to avoid file ID collisions on guest you 1960 should either create a separate virtfs export for each device to 1961 be shared with guests (recommended way) or you might use "remap" 1962 instead which allows you to share multiple devices with only one 1963 export instead, which is achieved by remapping the original 1964 inode numbers from host to guest in a way that would prevent 1965 such collisions. Remapping inodes in such use cases is required 1966 because the original device IDs from host are never passed and 1967 exposed on guest. Instead all files of an export shared with 1968 virtfs always share the same device id on guest. So two files 1969 with identical inode numbers but from actually different devices 1970 on host would otherwise cause a file ID collision and hence 1971 potential misbehaviours on guest. "forbid" on the other hand 1972 assumes like "warn" that only one device is shared by the same 1973 export, however it will not only log a warning message but also 1974 deny access to additional devices on guest. Note though that 1975 "forbid" does currently not block all possible file access 1976 operations (e.g. readdir() would still return entries from other 1977 devices). 1978ERST 1979 1980DEF("iscsi", HAS_ARG, QEMU_OPTION_iscsi, 1981 "-iscsi [user=user][,password=password][,password-secret=secret-id]\n" 1982 " [,header-digest=CRC32C|CR32C-NONE|NONE-CRC32C|NONE]\n" 1983 " [,initiator-name=initiator-iqn][,id=target-iqn]\n" 1984 " [,timeout=timeout]\n" 1985 " iSCSI session parameters\n", QEMU_ARCH_ALL) 1986 1987SRST 1988``-iscsi`` 1989 Configure iSCSI session parameters. 1990ERST 1991 1992DEFHEADING() 1993 1994DEFHEADING(USB convenience options:) 1995 1996DEF("usb", 0, QEMU_OPTION_usb, 1997 "-usb enable on-board USB host controller (if not enabled by default)\n", 1998 QEMU_ARCH_ALL) 1999SRST 2000``-usb`` 2001 Enable USB emulation on machine types with an on-board USB host 2002 controller (if not enabled by default). Note that on-board USB host 2003 controllers may not support USB 3.0. In this case 2004 ``-device qemu-xhci`` can be used instead on machines with PCI. 2005ERST 2006 2007DEF("usbdevice", HAS_ARG, QEMU_OPTION_usbdevice, 2008 "-usbdevice name add the host or guest USB device 'name'\n", 2009 QEMU_ARCH_ALL) 2010SRST 2011``-usbdevice devname`` 2012 Add the USB device devname, and enable an on-board USB controller 2013 if possible and necessary (just like it can be done via 2014 ``-machine usb=on``). Note that this option is mainly intended for 2015 the user's convenience only. More fine-grained control can be 2016 achieved by selecting a USB host controller (if necessary) and the 2017 desired USB device via the ``-device`` option instead. For example, 2018 instead of using ``-usbdevice mouse`` it is possible to use 2019 ``-device qemu-xhci -device usb-mouse`` to connect the USB mouse 2020 to a USB 3.0 controller instead (at least on machines that support 2021 PCI and do not have an USB controller enabled by default yet). 2022 For more details, see the chapter about 2023 :ref:`Connecting USB devices` in the System Emulation Users Guide. 2024 Possible devices for devname are: 2025 2026 ``braille`` 2027 Braille device. This will use BrlAPI to display the braille 2028 output on a real or fake device (i.e. it also creates a 2029 corresponding ``braille`` chardev automatically beside the 2030 ``usb-braille`` USB device). 2031 2032 ``keyboard`` 2033 Standard USB keyboard. Will override the PS/2 keyboard (if present). 2034 2035 ``mouse`` 2036 Virtual Mouse. This will override the PS/2 mouse emulation when 2037 activated. 2038 2039 ``tablet`` 2040 Pointer device that uses absolute coordinates (like a 2041 touchscreen). This means QEMU is able to report the mouse 2042 position without having to grab the mouse. Also overrides the 2043 PS/2 mouse emulation when activated. 2044 2045 ``wacom-tablet`` 2046 Wacom PenPartner USB tablet. 2047 2048 2049ERST 2050 2051DEFHEADING() 2052 2053DEFHEADING(Display options:) 2054 2055DEF("display", HAS_ARG, QEMU_OPTION_display, 2056#if defined(CONFIG_SPICE) 2057 "-display spice-app[,gl=on|off]\n" 2058#endif 2059#if defined(CONFIG_SDL) 2060 "-display sdl[,gl=on|core|es|off][,grab-mod=<mod>][,show-cursor=on|off]\n" 2061 " [,window-close=on|off]\n" 2062#endif 2063#if defined(CONFIG_GTK) 2064 "-display gtk[,full-screen=on|off][,gl=on|off][,grab-on-hover=on|off]\n" 2065 " [,show-tabs=on|off][,show-cursor=on|off][,window-close=on|off]\n" 2066 " [,show-menubar=on|off][,zoom-to-fit=on|off]\n" 2067#endif 2068#if defined(CONFIG_VNC) 2069 "-display vnc=<display>[,<optargs>]\n" 2070#endif 2071#if defined(CONFIG_CURSES) 2072 "-display curses[,charset=<encoding>]\n" 2073#endif 2074#if defined(CONFIG_COCOA) 2075 "-display cocoa[,full-grab=on|off][,swap-opt-cmd=on|off]\n" 2076 " [,show-cursor=on|off][,left-command-key=on|off]\n" 2077 " [,full-screen=on|off][,zoom-to-fit=on|off]\n" 2078#endif 2079#if defined(CONFIG_OPENGL) 2080 "-display egl-headless[,rendernode=<file>]\n" 2081#endif 2082#if defined(CONFIG_DBUS_DISPLAY) 2083 "-display dbus[,addr=<dbusaddr>]\n" 2084 " [,gl=on|core|es|off][,rendernode=<file>]\n" 2085#endif 2086 "-display none\n" 2087 " select display backend type\n" 2088 " The default display is equivalent to\n " 2089#if defined(CONFIG_GTK) 2090 "\"-display gtk\"\n" 2091#elif defined(CONFIG_SDL) 2092 "\"-display sdl\"\n" 2093#elif defined(CONFIG_COCOA) 2094 "\"-display cocoa\"\n" 2095#elif defined(CONFIG_VNC) 2096 "\"-vnc localhost:0,to=99,id=default\"\n" 2097#else 2098 "\"-display none\"\n" 2099#endif 2100 , QEMU_ARCH_ALL) 2101SRST 2102``-display type`` 2103 Select type of display to use. Use ``-display help`` to list the available 2104 display types. Valid values for type are 2105 2106 ``spice-app[,gl=on|off]`` 2107 Start QEMU as a Spice server and launch the default Spice client 2108 application. The Spice server will redirect the serial consoles 2109 and QEMU monitors. (Since 4.0) 2110 2111 ``dbus`` 2112 Export the display over D-Bus interfaces. (Since 7.0) 2113 2114 The connection is registered with the "org.qemu" name (and queued when 2115 already owned). 2116 2117 ``addr=<dbusaddr>`` : D-Bus bus address to connect to. 2118 2119 ``p2p=yes|no`` : Use peer-to-peer connection, accepted via QMP ``add_client``. 2120 2121 ``gl=on|off|core|es`` : Use OpenGL for rendering (the D-Bus interface 2122 will share framebuffers with DMABUF file descriptors). 2123 2124 ``sdl`` 2125 Display video output via SDL (usually in a separate graphics 2126 window; see the SDL documentation for other possibilities). 2127 Valid parameters are: 2128 2129 ``grab-mod=<mods>`` : Used to select the modifier keys for toggling 2130 the mouse grabbing in conjunction with the "g" key. ``<mods>`` can be 2131 either ``lshift-lctrl-lalt`` or ``rctrl``. 2132 2133 ``gl=on|off|core|es`` : Use OpenGL for displaying 2134 2135 ``show-cursor=on|off`` : Force showing the mouse cursor 2136 2137 ``window-close=on|off`` : Allow to quit qemu with window close button 2138 2139 ``gtk`` 2140 Display video output in a GTK window. This interface provides 2141 drop-down menus and other UI elements to configure and control 2142 the VM during runtime. Valid parameters are: 2143 2144 ``full-screen=on|off`` : Start in fullscreen mode 2145 2146 ``gl=on|off`` : Use OpenGL for displaying 2147 2148 ``grab-on-hover=on|off`` : Grab keyboard input on mouse hover 2149 2150 ``show-tabs=on|off`` : Display the tab bar for switching between the 2151 various graphical interfaces (e.g. VGA and 2152 virtual console character devices) by default. 2153 2154 ``show-cursor=on|off`` : Force showing the mouse cursor 2155 2156 ``window-close=on|off`` : Allow to quit qemu with window close button 2157 2158 ``show-menubar=on|off`` : Display the main window menubar, defaults to "on" 2159 2160 ``zoom-to-fit=on|off`` : Expand video output to the window size, 2161 defaults to "off" 2162 2163 ``curses[,charset=<encoding>]`` 2164 Display video output via curses. For graphics device models 2165 which support a text mode, QEMU can display this output using a 2166 curses/ncurses interface. Nothing is displayed when the graphics 2167 device is in graphical mode or if the graphics device does not 2168 support a text mode. Generally only the VGA device models 2169 support text mode. The font charset used by the guest can be 2170 specified with the ``charset`` option, for example 2171 ``charset=CP850`` for IBM CP850 encoding. The default is 2172 ``CP437``. 2173 2174 ``cocoa`` 2175 Display video output in a Cocoa window. Mac only. This interface 2176 provides drop-down menus and other UI elements to configure and 2177 control the VM during runtime. Valid parameters are: 2178 2179 ``full-grab=on|off`` : Capture all key presses, including system combos. 2180 This requires accessibility permissions, since it 2181 performs a global grab on key events. 2182 (default: off) See 2183 https://support.apple.com/en-in/guide/mac-help/mh32356/mac 2184 2185 ``swap-opt-cmd=on|off`` : Swap the Option and Command keys so that their 2186 key codes match their position on non-Mac 2187 keyboards and you can use Meta/Super and Alt 2188 where you expect them. (default: off) 2189 2190 ``show-cursor=on|off`` : Force showing the mouse cursor 2191 2192 ``left-command-key=on|off`` : Disable forwarding left command key to host 2193 2194 ``full-screen=on|off`` : Start in fullscreen mode 2195 2196 ``zoom-to-fit=on|off`` : Expand video output to the window size, 2197 defaults to "off" 2198 2199 ``egl-headless[,rendernode=<file>]`` 2200 Offload all OpenGL operations to a local DRI device. For any 2201 graphical display, this display needs to be paired with either 2202 VNC or SPICE displays. 2203 2204 ``vnc=<display>`` 2205 Start a VNC server on display <display> 2206 2207 ``none`` 2208 Do not display video output. The guest will still see an 2209 emulated graphics card, but its output will not be displayed to 2210 the QEMU user. This option differs from the -nographic option in 2211 that it only affects what is done with video output; -nographic 2212 also changes the destination of the serial and parallel port 2213 data. 2214ERST 2215 2216DEF("nographic", 0, QEMU_OPTION_nographic, 2217 "-nographic disable graphical output and redirect serial I/Os to console\n", 2218 QEMU_ARCH_ALL) 2219SRST 2220``-nographic`` 2221 Normally, if QEMU is compiled with graphical window support, it 2222 displays output such as guest graphics, guest console, and the QEMU 2223 monitor in a window. With this option, you can totally disable 2224 graphical output so that QEMU is a simple command line application. 2225 The emulated serial port is redirected on the console and muxed with 2226 the monitor (unless redirected elsewhere explicitly). Therefore, you 2227 can still use QEMU to debug a Linux kernel with a serial console. 2228 Use C-a h for help on switching between the console and monitor. 2229ERST 2230 2231#ifdef CONFIG_SPICE 2232DEF("spice", HAS_ARG, QEMU_OPTION_spice, 2233 "-spice [port=port][,tls-port=secured-port][,x509-dir=<dir>]\n" 2234 " [,x509-key-file=<file>][,x509-key-password=<file>]\n" 2235 " [,x509-cert-file=<file>][,x509-cacert-file=<file>]\n" 2236 " [,x509-dh-key-file=<file>][,addr=addr]\n" 2237 " [,ipv4=on|off][,ipv6=on|off][,unix=on|off]\n" 2238 " [,tls-ciphers=<list>]\n" 2239 " [,tls-channel=[main|display|cursor|inputs|record|playback]]\n" 2240 " [,plaintext-channel=[main|display|cursor|inputs|record|playback]]\n" 2241 " [,sasl=on|off][,disable-ticketing=on|off]\n" 2242 " [,password-secret=<secret-id>]\n" 2243 " [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]\n" 2244 " [,jpeg-wan-compression=[auto|never|always]]\n" 2245 " [,zlib-glz-wan-compression=[auto|never|always]]\n" 2246 " [,streaming-video=[off|all|filter]][,disable-copy-paste=on|off]\n" 2247 " [,disable-agent-file-xfer=on|off][,agent-mouse=[on|off]]\n" 2248 " [,playback-compression=[on|off]][,seamless-migration=[on|off]]\n" 2249 " [,gl=[on|off]][,rendernode=<file>]\n" 2250 " enable spice\n" 2251 " at least one of {port, tls-port} is mandatory\n", 2252 QEMU_ARCH_ALL) 2253#endif 2254SRST 2255``-spice option[,option[,...]]`` 2256 Enable the spice remote desktop protocol. Valid options are 2257 2258 ``port=<nr>`` 2259 Set the TCP port spice is listening on for plaintext channels. 2260 2261 ``addr=<addr>`` 2262 Set the IP address spice is listening on. Default is any 2263 address. 2264 2265 ``ipv4=on|off``; \ ``ipv6=on|off``; \ ``unix=on|off`` 2266 Force using the specified IP version. 2267 2268 ``password-secret=<secret-id>`` 2269 Set the ID of the ``secret`` object containing the password 2270 you need to authenticate. 2271 2272 ``sasl=on|off`` 2273 Require that the client use SASL to authenticate with the spice. 2274 The exact choice of authentication method used is controlled 2275 from the system / user's SASL configuration file for the 'qemu' 2276 service. This is typically found in /etc/sasl2/qemu.conf. If 2277 running QEMU as an unprivileged user, an environment variable 2278 SASL\_CONF\_PATH can be used to make it search alternate 2279 locations for the service config. While some SASL auth methods 2280 can also provide data encryption (eg GSSAPI), it is recommended 2281 that SASL always be combined with the 'tls' and 'x509' settings 2282 to enable use of SSL and server certificates. This ensures a 2283 data encryption preventing compromise of authentication 2284 credentials. 2285 2286 ``disable-ticketing=on|off`` 2287 Allow client connects without authentication. 2288 2289 ``disable-copy-paste=on|off`` 2290 Disable copy paste between the client and the guest. 2291 2292 ``disable-agent-file-xfer=on|off`` 2293 Disable spice-vdagent based file-xfer between the client and the 2294 guest. 2295 2296 ``tls-port=<nr>`` 2297 Set the TCP port spice is listening on for encrypted channels. 2298 2299 ``x509-dir=<dir>`` 2300 Set the x509 file directory. Expects same filenames as -vnc 2301 $display,x509=$dir 2302 2303 ``x509-key-file=<file>``; \ ``x509-key-password=<file>``; \ ``x509-cert-file=<file>``; \ ``x509-cacert-file=<file>``; \ ``x509-dh-key-file=<file>`` 2304 The x509 file names can also be configured individually. 2305 2306 ``tls-ciphers=<list>`` 2307 Specify which ciphers to use. 2308 2309 ``tls-channel=[main|display|cursor|inputs|record|playback]``; \ ``plaintext-channel=[main|display|cursor|inputs|record|playback]`` 2310 Force specific channel to be used with or without TLS 2311 encryption. The options can be specified multiple times to 2312 configure multiple channels. The special name "default" can be 2313 used to set the default mode. For channels which are not 2314 explicitly forced into one mode the spice client is allowed to 2315 pick tls/plaintext as he pleases. 2316 2317 ``image-compression=[auto_glz|auto_lz|quic|glz|lz|off]`` 2318 Configure image compression (lossless). Default is auto\_glz. 2319 2320 ``jpeg-wan-compression=[auto|never|always]``; \ ``zlib-glz-wan-compression=[auto|never|always]`` 2321 Configure wan image compression (lossy for slow links). Default 2322 is auto. 2323 2324 ``streaming-video=[off|all|filter]`` 2325 Configure video stream detection. Default is off. 2326 2327 ``agent-mouse=[on|off]`` 2328 Enable/disable passing mouse events via vdagent. Default is on. 2329 2330 ``playback-compression=[on|off]`` 2331 Enable/disable audio stream compression (using celt 0.5.1). 2332 Default is on. 2333 2334 ``seamless-migration=[on|off]`` 2335 Enable/disable spice seamless migration. Default is off. 2336 2337 ``gl=[on|off]`` 2338 Enable/disable OpenGL context. Default is off. 2339 2340 ``rendernode=<file>`` 2341 DRM render node for OpenGL rendering. If not specified, it will 2342 pick the first available. (Since 2.9) 2343ERST 2344 2345DEF("vga", HAS_ARG, QEMU_OPTION_vga, 2346 "-vga [std|cirrus|vmware|qxl|xenfb|tcx|cg3|virtio|none]\n" 2347 " select video card type\n", QEMU_ARCH_ALL) 2348SRST 2349``-vga type`` 2350 Select type of VGA card to emulate. Valid values for type are 2351 2352 ``cirrus`` 2353 Cirrus Logic GD5446 Video card. All Windows versions starting 2354 from Windows 95 should recognize and use this graphic card. For 2355 optimal performances, use 16 bit color depth in the guest and 2356 the host OS. (This card was the default before QEMU 2.2) 2357 2358 ``std`` 2359 Standard VGA card with Bochs VBE extensions. If your guest OS 2360 supports the VESA 2.0 VBE extensions (e.g. Windows XP) and if 2361 you want to use high resolution modes (>= 1280x1024x16) then you 2362 should use this option. (This card is the default since QEMU 2363 2.2) 2364 2365 ``vmware`` 2366 VMWare SVGA-II compatible adapter. Use it if you have 2367 sufficiently recent XFree86/XOrg server or Windows guest with a 2368 driver for this card. 2369 2370 ``qxl`` 2371 QXL paravirtual graphic card. It is VGA compatible (including 2372 VESA 2.0 VBE support). Works best with qxl guest drivers 2373 installed though. Recommended choice when using the spice 2374 protocol. 2375 2376 ``tcx`` 2377 (sun4m only) Sun TCX framebuffer. This is the default 2378 framebuffer for sun4m machines and offers both 8-bit and 24-bit 2379 colour depths at a fixed resolution of 1024x768. 2380 2381 ``cg3`` 2382 (sun4m only) Sun cgthree framebuffer. This is a simple 8-bit 2383 framebuffer for sun4m machines available in both 1024x768 2384 (OpenBIOS) and 1152x900 (OBP) resolutions aimed at people 2385 wishing to run older Solaris versions. 2386 2387 ``virtio`` 2388 Virtio VGA card. 2389 2390 ``none`` 2391 Disable VGA card. 2392ERST 2393 2394DEF("full-screen", 0, QEMU_OPTION_full_screen, 2395 "-full-screen start in full screen\n", QEMU_ARCH_ALL) 2396SRST 2397``-full-screen`` 2398 Start in full screen. 2399ERST 2400 2401DEF("g", HAS_ARG, QEMU_OPTION_g , 2402 "-g WxH[xDEPTH] Set the initial graphical resolution and depth\n", 2403 QEMU_ARCH_PPC | QEMU_ARCH_SPARC | QEMU_ARCH_M68K) 2404SRST 2405``-g`` *width*\ ``x``\ *height*\ ``[x``\ *depth*\ ``]`` 2406 Set the initial graphical resolution and depth (PPC, SPARC only). 2407 2408 For PPC the default is 800x600x32. 2409 2410 For SPARC with the TCX graphics device, the default is 1024x768x8 2411 with the option of 1024x768x24. For cgthree, the default is 2412 1024x768x8 with the option of 1152x900x8 for people who wish to use 2413 OBP. 2414ERST 2415 2416#ifdef CONFIG_VNC 2417DEF("vnc", HAS_ARG, QEMU_OPTION_vnc , 2418 "-vnc <display> shorthand for -display vnc=<display>\n", QEMU_ARCH_ALL) 2419#endif 2420SRST 2421``-vnc display[,option[,option[,...]]]`` 2422 Normally, if QEMU is compiled with graphical window support, it 2423 displays output such as guest graphics, guest console, and the QEMU 2424 monitor in a window. With this option, you can have QEMU listen on 2425 VNC display display and redirect the VGA display over the VNC 2426 session. It is very useful to enable the usb tablet device when 2427 using this option (option ``-device usb-tablet``). When using the 2428 VNC display, you must use the ``-k`` parameter to set the keyboard 2429 layout if you are not using en-us. Valid syntax for the display is 2430 2431 ``to=L`` 2432 With this option, QEMU will try next available VNC displays, 2433 until the number L, if the originally defined "-vnc display" is 2434 not available, e.g. port 5900+display is already used by another 2435 application. By default, to=0. 2436 2437 ``host:d`` 2438 TCP connections will only be allowed from host on display d. By 2439 convention the TCP port is 5900+d. Optionally, host can be 2440 omitted in which case the server will accept connections from 2441 any host. 2442 2443 ``unix:path`` 2444 Connections will be allowed over UNIX domain sockets where path 2445 is the location of a unix socket to listen for connections on. 2446 2447 ``none`` 2448 VNC is initialized but not started. The monitor ``change`` 2449 command can be used to later start the VNC server. 2450 2451 Following the display value there may be one or more option flags 2452 separated by commas. Valid options are 2453 2454 ``reverse=on|off`` 2455 Connect to a listening VNC client via a "reverse" connection. 2456 The client is specified by the display. For reverse network 2457 connections (host:d,``reverse``), the d argument is a TCP port 2458 number, not a display number. 2459 2460 ``websocket=on|off`` 2461 Opens an additional TCP listening port dedicated to VNC 2462 Websocket connections. If a bare websocket option is given, the 2463 Websocket port is 5700+display. An alternative port can be 2464 specified with the syntax ``websocket``\ =port. 2465 2466 If host is specified connections will only be allowed from this 2467 host. It is possible to control the websocket listen address 2468 independently, using the syntax ``websocket``\ =host:port. 2469 2470 Websocket could be allowed over UNIX domain socket, using the syntax 2471 ``websocket``\ =unix:path, where path is the location of a unix socket 2472 to listen for connections on. 2473 2474 If no TLS credentials are provided, the websocket connection 2475 runs in unencrypted mode. If TLS credentials are provided, the 2476 websocket connection requires encrypted client connections. 2477 2478 ``password=on|off`` 2479 Require that password based authentication is used for client 2480 connections. 2481 2482 The password must be set separately using the ``set_password`` 2483 command in the :ref:`QEMU monitor`. The 2484 syntax to change your password is: 2485 ``set_password <protocol> <password>`` where <protocol> could be 2486 either "vnc" or "spice". 2487 2488 If you would like to change <protocol> password expiration, you 2489 should use ``expire_password <protocol> <expiration-time>`` 2490 where expiration time could be one of the following options: 2491 now, never, +seconds or UNIX time of expiration, e.g. +60 to 2492 make password expire in 60 seconds, or 1335196800 to make 2493 password expire on "Mon Apr 23 12:00:00 EDT 2012" (UNIX time for 2494 this date and time). 2495 2496 You can also use keywords "now" or "never" for the expiration 2497 time to allow <protocol> password to expire immediately or never 2498 expire. 2499 2500 ``password-secret=<secret-id>`` 2501 Require that password based authentication is used for client 2502 connections, using the password provided by the ``secret`` 2503 object identified by ``secret-id``. 2504 2505 ``tls-creds=ID`` 2506 Provides the ID of a set of TLS credentials to use to secure the 2507 VNC server. They will apply to both the normal VNC server socket 2508 and the websocket socket (if enabled). Setting TLS credentials 2509 will cause the VNC server socket to enable the VeNCrypt auth 2510 mechanism. The credentials should have been previously created 2511 using the ``-object tls-creds`` argument. 2512 2513 ``tls-authz=ID`` 2514 Provides the ID of the QAuthZ authorization object against which 2515 the client's x509 distinguished name will validated. This object 2516 is only resolved at time of use, so can be deleted and recreated 2517 on the fly while the VNC server is active. If missing, it will 2518 default to denying access. 2519 2520 ``sasl=on|off`` 2521 Require that the client use SASL to authenticate with the VNC 2522 server. The exact choice of authentication method used is 2523 controlled from the system / user's SASL configuration file for 2524 the 'qemu' service. This is typically found in 2525 /etc/sasl2/qemu.conf. If running QEMU as an unprivileged user, 2526 an environment variable SASL\_CONF\_PATH can be used to make it 2527 search alternate locations for the service config. While some 2528 SASL auth methods can also provide data encryption (eg GSSAPI), 2529 it is recommended that SASL always be combined with the 'tls' 2530 and 'x509' settings to enable use of SSL and server 2531 certificates. This ensures a data encryption preventing 2532 compromise of authentication credentials. See the 2533 :ref:`VNC security` section in the System Emulation Users Guide 2534 for details on using SASL authentication. 2535 2536 ``sasl-authz=ID`` 2537 Provides the ID of the QAuthZ authorization object against which 2538 the client's SASL username will validated. This object is only 2539 resolved at time of use, so can be deleted and recreated on the 2540 fly while the VNC server is active. If missing, it will default 2541 to denying access. 2542 2543 ``acl=on|off`` 2544 Legacy method for enabling authorization of clients against the 2545 x509 distinguished name and SASL username. It results in the 2546 creation of two ``authz-list`` objects with IDs of 2547 ``vnc.username`` and ``vnc.x509dname``. The rules for these 2548 objects must be configured with the HMP ACL commands. 2549 2550 This option is deprecated and should no longer be used. The new 2551 ``sasl-authz`` and ``tls-authz`` options are a replacement. 2552 2553 ``lossy=on|off`` 2554 Enable lossy compression methods (gradient, JPEG, ...). If this 2555 option is set, VNC client may receive lossy framebuffer updates 2556 depending on its encoding settings. Enabling this option can 2557 save a lot of bandwidth at the expense of quality. 2558 2559 ``non-adaptive=on|off`` 2560 Disable adaptive encodings. Adaptive encodings are enabled by 2561 default. An adaptive encoding will try to detect frequently 2562 updated screen regions, and send updates in these regions using 2563 a lossy encoding (like JPEG). This can be really helpful to save 2564 bandwidth when playing videos. Disabling adaptive encodings 2565 restores the original static behavior of encodings like Tight. 2566 2567 ``share=[allow-exclusive|force-shared|ignore]`` 2568 Set display sharing policy. 'allow-exclusive' allows clients to 2569 ask for exclusive access. As suggested by the rfb spec this is 2570 implemented by dropping other connections. Connecting multiple 2571 clients in parallel requires all clients asking for a shared 2572 session (vncviewer: -shared switch). This is the default. 2573 'force-shared' disables exclusive client access. Useful for 2574 shared desktop sessions, where you don't want someone forgetting 2575 specify -shared disconnect everybody else. 'ignore' completely 2576 ignores the shared flag and allows everybody connect 2577 unconditionally. Doesn't conform to the rfb spec but is 2578 traditional QEMU behavior. 2579 2580 ``key-delay-ms`` 2581 Set keyboard delay, for key down and key up events, in 2582 milliseconds. Default is 10. Keyboards are low-bandwidth 2583 devices, so this slowdown can help the device and guest to keep 2584 up and not lose events in case events are arriving in bulk. 2585 Possible causes for the latter are flaky network connections, or 2586 scripts for automated testing. 2587 2588 ``audiodev=audiodev`` 2589 Use the specified audiodev when the VNC client requests audio 2590 transmission. When not using an -audiodev argument, this option 2591 must be omitted, otherwise is must be present and specify a 2592 valid audiodev. 2593 2594 ``power-control=on|off`` 2595 Permit the remote client to issue shutdown, reboot or reset power 2596 control requests. 2597ERST 2598 2599ARCHHEADING(, QEMU_ARCH_I386) 2600 2601ARCHHEADING(i386 target only:, QEMU_ARCH_I386) 2602 2603DEF("win2k-hack", 0, QEMU_OPTION_win2k_hack, 2604 "-win2k-hack use it when installing Windows 2000 to avoid a disk full bug\n", 2605 QEMU_ARCH_I386) 2606SRST 2607``-win2k-hack`` 2608 Use it when installing Windows 2000 to avoid a disk full bug. After 2609 Windows 2000 is installed, you no longer need this option (this 2610 option slows down the IDE transfers). Synonym of ``-global 2611 ide-device.win2k-install-hack=on``. 2612ERST 2613 2614DEF("no-fd-bootchk", 0, QEMU_OPTION_no_fd_bootchk, 2615 "-no-fd-bootchk disable boot signature checking for floppy disks\n", 2616 QEMU_ARCH_I386) 2617SRST 2618``-no-fd-bootchk`` 2619 Disable boot signature checking for floppy disks in BIOS. May be 2620 needed to boot from old floppy disks. Synonym of ``-m fd-bootchk=off``. 2621ERST 2622 2623DEF("acpitable", HAS_ARG, QEMU_OPTION_acpitable, 2624 "-acpitable [sig=str][,rev=n][,oem_id=str][,oem_table_id=str][,oem_rev=n][,asl_compiler_id=str][,asl_compiler_rev=n][,{data|file}=file1[:file2]...]\n" 2625 " ACPI table description\n", QEMU_ARCH_I386) 2626SRST 2627``-acpitable [sig=str][,rev=n][,oem_id=str][,oem_table_id=str][,oem_rev=n] [,asl_compiler_id=str][,asl_compiler_rev=n][,data=file1[:file2]...]`` 2628 Add ACPI table with specified header fields and context from 2629 specified files. For file=, take whole ACPI table from the specified 2630 files, including all ACPI headers (possible overridden by other 2631 options). For data=, only data portion of the table is used, all 2632 header information is specified in the command line. If a SLIC table 2633 is supplied to QEMU, then the SLIC's oem\_id and oem\_table\_id 2634 fields will override the same in the RSDT and the FADT (a.k.a. 2635 FACP), in order to ensure the field matches required by the 2636 Microsoft SLIC spec and the ACPI spec. 2637ERST 2638 2639DEF("smbios", HAS_ARG, QEMU_OPTION_smbios, 2640 "-smbios file=binary\n" 2641 " load SMBIOS entry from binary file\n" 2642 "-smbios type=0[,vendor=str][,version=str][,date=str][,release=%d.%d]\n" 2643 " [,uefi=on|off]\n" 2644 " specify SMBIOS type 0 fields\n" 2645 "-smbios type=1[,manufacturer=str][,product=str][,version=str][,serial=str]\n" 2646 " [,uuid=uuid][,sku=str][,family=str]\n" 2647 " specify SMBIOS type 1 fields\n" 2648 "-smbios type=2[,manufacturer=str][,product=str][,version=str][,serial=str]\n" 2649 " [,asset=str][,location=str]\n" 2650 " specify SMBIOS type 2 fields\n" 2651 "-smbios type=3[,manufacturer=str][,version=str][,serial=str][,asset=str]\n" 2652 " [,sku=str]\n" 2653 " specify SMBIOS type 3 fields\n" 2654 "-smbios type=4[,sock_pfx=str][,manufacturer=str][,version=str][,serial=str]\n" 2655 " [,asset=str][,part=str][,max-speed=%d][,current-speed=%d]\n" 2656 " [,processor-family=%d][,processor-id=%d]\n" 2657 " specify SMBIOS type 4 fields\n" 2658 "-smbios type=8[,external_reference=str][,internal_reference=str][,connector_type=%d][,port_type=%d]\n" 2659 " specify SMBIOS type 8 fields\n" 2660 "-smbios type=11[,value=str][,path=filename]\n" 2661 " specify SMBIOS type 11 fields\n" 2662 "-smbios type=17[,loc_pfx=str][,bank=str][,manufacturer=str][,serial=str]\n" 2663 " [,asset=str][,part=str][,speed=%d]\n" 2664 " specify SMBIOS type 17 fields\n" 2665 "-smbios type=41[,designation=str][,kind=str][,instance=%d][,pcidev=str]\n" 2666 " specify SMBIOS type 41 fields\n", 2667 QEMU_ARCH_I386 | QEMU_ARCH_ARM | QEMU_ARCH_LOONGARCH | QEMU_ARCH_RISCV) 2668SRST 2669``-smbios file=binary`` 2670 Load SMBIOS entry from binary file. 2671 2672``-smbios type=0[,vendor=str][,version=str][,date=str][,release=%d.%d][,uefi=on|off]`` 2673 Specify SMBIOS type 0 fields 2674 2675``-smbios type=1[,manufacturer=str][,product=str][,version=str][,serial=str][,uuid=uuid][,sku=str][,family=str]`` 2676 Specify SMBIOS type 1 fields 2677 2678``-smbios type=2[,manufacturer=str][,product=str][,version=str][,serial=str][,asset=str][,location=str]`` 2679 Specify SMBIOS type 2 fields 2680 2681``-smbios type=3[,manufacturer=str][,version=str][,serial=str][,asset=str][,sku=str]`` 2682 Specify SMBIOS type 3 fields 2683 2684``-smbios type=4[,sock_pfx=str][,manufacturer=str][,version=str][,serial=str][,asset=str][,part=str][,processor-family=%d][,processor-id=%d]`` 2685 Specify SMBIOS type 4 fields 2686 2687``-smbios type=9[,slot_designation=str][,slot_type=%d][,slot_data_bus_width=%d][,current_usage=%d][,slot_length=%d][,slot_id=%d][,slot_characteristics1=%d][,slot_characteristics12=%d][,pci_device=str]`` 2688 Specify SMBIOS type 9 fields 2689 2690``-smbios type=11[,value=str][,path=filename]`` 2691 Specify SMBIOS type 11 fields 2692 2693 This argument can be repeated multiple times, and values are added in the order they are parsed. 2694 Applications intending to use OEM strings data are encouraged to use their application name as 2695 a prefix for the value string. This facilitates passing information for multiple applications 2696 concurrently. 2697 2698 The ``value=str`` syntax provides the string data inline, while the ``path=filename`` syntax 2699 loads data from a file on disk. Note that the file is not permitted to contain any NUL bytes. 2700 2701 Both the ``value`` and ``path`` options can be repeated multiple times and will be added to 2702 the SMBIOS table in the order in which they appear. 2703 2704 Note that on the x86 architecture, the total size of all SMBIOS tables is limited to 65535 2705 bytes. Thus the OEM strings data is not suitable for passing large amounts of data into the 2706 guest. Instead it should be used as a indicator to inform the guest where to locate the real 2707 data set, for example, by specifying the serial ID of a block device. 2708 2709 An example passing three strings is 2710 2711 .. parsed-literal:: 2712 2713 -smbios type=11,value=cloud-init:ds=nocloud-net;s=http://10.10.0.1:8000/,\\ 2714 value=anaconda:method=http://dl.fedoraproject.org/pub/fedora/linux/releases/25/x86_64/os,\\ 2715 path=/some/file/with/oemstringsdata.txt 2716 2717 In the guest OS this is visible with the ``dmidecode`` command 2718 2719 .. parsed-literal:: 2720 2721 $ dmidecode -t 11 2722 Handle 0x0E00, DMI type 11, 5 bytes 2723 OEM Strings 2724 String 1: cloud-init:ds=nocloud-net;s=http://10.10.0.1:8000/ 2725 String 2: anaconda:method=http://dl.fedoraproject.org/pub/fedora/linux/releases/25/x86_64/os 2726 String 3: myapp:some extra data 2727 2728 2729``-smbios type=17[,loc_pfx=str][,bank=str][,manufacturer=str][,serial=str][,asset=str][,part=str][,speed=%d]`` 2730 Specify SMBIOS type 17 fields 2731 2732``-smbios type=41[,designation=str][,kind=str][,instance=%d][,pcidev=str]`` 2733 Specify SMBIOS type 41 fields 2734 2735 This argument can be repeated multiple times. Its main use is to allow network interfaces be created 2736 as ``enoX`` on Linux, with X being the instance number, instead of the name depending on the interface 2737 position on the PCI bus. 2738 2739 Here is an example of use: 2740 2741 .. parsed-literal:: 2742 2743 -netdev user,id=internet \\ 2744 -device virtio-net-pci,mac=50:54:00:00:00:42,netdev=internet,id=internet-dev \\ 2745 -smbios type=41,designation='Onboard LAN',instance=1,kind=ethernet,pcidev=internet-dev 2746 2747 In the guest OS, the device should then appear as ``eno1``: 2748 2749 ..parsed-literal:: 2750 2751 $ ip -brief l 2752 lo UNKNOWN 00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP> 2753 eno1 UP 50:54:00:00:00:42 <BROADCAST,MULTICAST,UP,LOWER_UP> 2754 2755 Currently, the PCI device has to be attached to the root bus. 2756 2757ERST 2758 2759DEFHEADING() 2760 2761DEFHEADING(Network options:) 2762 2763DEF("netdev", HAS_ARG, QEMU_OPTION_netdev, 2764#ifdef CONFIG_SLIRP 2765 "-netdev user,id=str[,ipv4=on|off][,net=addr[/mask]][,host=addr]\n" 2766 " [,ipv6=on|off][,ipv6-net=addr[/int]][,ipv6-host=addr]\n" 2767 " [,restrict=on|off][,hostname=host][,dhcpstart=addr]\n" 2768 " [,dns=addr][,ipv6-dns=addr][,dnssearch=domain][,domainname=domain]\n" 2769 " [,tftp=dir][,tftp-server-name=name][,bootfile=f][,hostfwd=rule][,guestfwd=rule]" 2770#ifndef _WIN32 2771 "[,smb=dir[,smbserver=addr]]\n" 2772#endif 2773 " configure a user mode network backend with ID 'str',\n" 2774 " its DHCP server and optional services\n" 2775#endif 2776#ifdef _WIN32 2777 "-netdev tap,id=str,ifname=name\n" 2778 " configure a host TAP network backend with ID 'str'\n" 2779#else 2780 "-netdev tap,id=str[,fd=h][,fds=x:y:...:z][,ifname=name][,script=file][,downscript=dfile]\n" 2781 " [,br=bridge][,helper=helper][,sndbuf=nbytes][,vnet_hdr=on|off][,vhost=on|off]\n" 2782 " [,vhostfd=h][,vhostfds=x:y:...:z][,vhostforce=on|off][,queues=n]\n" 2783 " [,poll-us=n]\n" 2784 " configure a host TAP network backend with ID 'str'\n" 2785 " connected to a bridge (default=" DEFAULT_BRIDGE_INTERFACE ")\n" 2786 " use network scripts 'file' (default=" DEFAULT_NETWORK_SCRIPT ")\n" 2787 " to configure it and 'dfile' (default=" DEFAULT_NETWORK_DOWN_SCRIPT ")\n" 2788 " to deconfigure it\n" 2789 " use '[down]script=no' to disable script execution\n" 2790 " use network helper 'helper' (default=" DEFAULT_BRIDGE_HELPER ") to\n" 2791 " configure it\n" 2792 " use 'fd=h' to connect to an already opened TAP interface\n" 2793 " use 'fds=x:y:...:z' to connect to already opened multiqueue capable TAP interfaces\n" 2794 " use 'sndbuf=nbytes' to limit the size of the send buffer (the\n" 2795 " default is disabled 'sndbuf=0' to enable flow control set 'sndbuf=1048576')\n" 2796 " use vnet_hdr=off to avoid enabling the IFF_VNET_HDR tap flag\n" 2797 " use vnet_hdr=on to make the lack of IFF_VNET_HDR support an error condition\n" 2798 " use vhost=on to enable experimental in kernel accelerator\n" 2799 " (only has effect for virtio guests which use MSIX)\n" 2800 " use vhostforce=on to force vhost on for non-MSIX virtio guests\n" 2801 " use 'vhostfd=h' to connect to an already opened vhost net device\n" 2802 " use 'vhostfds=x:y:...:z to connect to multiple already opened vhost net devices\n" 2803 " use 'queues=n' to specify the number of queues to be created for multiqueue TAP\n" 2804 " use 'poll-us=n' to specify the maximum number of microseconds that could be\n" 2805 " spent on busy polling for vhost net\n" 2806 "-netdev bridge,id=str[,br=bridge][,helper=helper]\n" 2807 " configure a host TAP network backend with ID 'str' that is\n" 2808 " connected to a bridge (default=" DEFAULT_BRIDGE_INTERFACE ")\n" 2809 " using the program 'helper (default=" DEFAULT_BRIDGE_HELPER ")\n" 2810#endif 2811#ifdef __linux__ 2812 "-netdev l2tpv3,id=str,src=srcaddr,dst=dstaddr[,srcport=srcport][,dstport=dstport]\n" 2813 " [,rxsession=rxsession],txsession=txsession[,ipv6=on|off][,udp=on|off]\n" 2814 " [,cookie64=on|off][,counter][,pincounter][,txcookie=txcookie]\n" 2815 " [,rxcookie=rxcookie][,offset=offset]\n" 2816 " configure a network backend with ID 'str' connected to\n" 2817 " an Ethernet over L2TPv3 pseudowire.\n" 2818 " Linux kernel 3.3+ as well as most routers can talk\n" 2819 " L2TPv3. This transport allows connecting a VM to a VM,\n" 2820 " VM to a router and even VM to Host. It is a nearly-universal\n" 2821 " standard (RFC3931). Note - this implementation uses static\n" 2822 " pre-configured tunnels (same as the Linux kernel).\n" 2823 " use 'src=' to specify source address\n" 2824 " use 'dst=' to specify destination address\n" 2825 " use 'udp=on' to specify udp encapsulation\n" 2826 " use 'srcport=' to specify source udp port\n" 2827 " use 'dstport=' to specify destination udp port\n" 2828 " use 'ipv6=on' to force v6\n" 2829 " L2TPv3 uses cookies to prevent misconfiguration as\n" 2830 " well as a weak security measure\n" 2831 " use 'rxcookie=0x012345678' to specify a rxcookie\n" 2832 " use 'txcookie=0x012345678' to specify a txcookie\n" 2833 " use 'cookie64=on' to set cookie size to 64 bit, otherwise 32\n" 2834 " use 'counter=off' to force a 'cut-down' L2TPv3 with no counter\n" 2835 " use 'pincounter=on' to work around broken counter handling in peer\n" 2836 " use 'offset=X' to add an extra offset between header and data\n" 2837#endif 2838 "-netdev socket,id=str[,fd=h][,listen=[host]:port][,connect=host:port]\n" 2839 " configure a network backend to connect to another network\n" 2840 " using a socket connection\n" 2841 "-netdev socket,id=str[,fd=h][,mcast=maddr:port[,localaddr=addr]]\n" 2842 " configure a network backend to connect to a multicast maddr and port\n" 2843 " use 'localaddr=addr' to specify the host address to send packets from\n" 2844 "-netdev socket,id=str[,fd=h][,udp=host:port][,localaddr=host:port]\n" 2845 " configure a network backend to connect to another network\n" 2846 " using an UDP tunnel\n" 2847 "-netdev stream,id=str[,server=on|off],addr.type=inet,addr.host=host,addr.port=port[,to=maxport][,numeric=on|off][,keep-alive=on|off][,mptcp=on|off][,addr.ipv4=on|off][,addr.ipv6=on|off][,reconnect-ms=milliseconds]\n" 2848 "-netdev stream,id=str[,server=on|off],addr.type=unix,addr.path=path[,abstract=on|off][,tight=on|off][,reconnect-ms=milliseconds]\n" 2849 "-netdev stream,id=str[,server=on|off],addr.type=fd,addr.str=file-descriptor[,reconnect-ms=milliseconds]\n" 2850 " configure a network backend to connect to another network\n" 2851 " using a socket connection in stream mode.\n" 2852 "-netdev dgram,id=str,remote.type=inet,remote.host=maddr,remote.port=port[,local.type=inet,local.host=addr]\n" 2853 "-netdev dgram,id=str,remote.type=inet,remote.host=maddr,remote.port=port[,local.type=fd,local.str=file-descriptor]\n" 2854 " configure a network backend to connect to a multicast maddr and port\n" 2855 " use ``local.host=addr`` to specify the host address to send packets from\n" 2856 "-netdev dgram,id=str,local.type=inet,local.host=addr,local.port=port[,remote.type=inet,remote.host=addr,remote.port=port]\n" 2857 "-netdev dgram,id=str,local.type=unix,local.path=path[,remote.type=unix,remote.path=path]\n" 2858 "-netdev dgram,id=str,local.type=fd,local.str=file-descriptor\n" 2859 " configure a network backend to connect to another network\n" 2860 " using an UDP tunnel\n" 2861#ifdef CONFIG_VDE 2862 "-netdev vde,id=str[,sock=socketpath][,port=n][,group=groupname][,mode=octalmode]\n" 2863 " configure a network backend to connect to port 'n' of a vde switch\n" 2864 " running on host and listening for incoming connections on 'socketpath'.\n" 2865 " Use group 'groupname' and mode 'octalmode' to change default\n" 2866 " ownership and permissions for communication port.\n" 2867#endif 2868#ifdef CONFIG_NETMAP 2869 "-netdev netmap,id=str,ifname=name[,devname=nmname]\n" 2870 " attach to the existing netmap-enabled network interface 'name', or to a\n" 2871 " VALE port (created on the fly) called 'name' ('nmname' is name of the \n" 2872 " netmap device, defaults to '/dev/netmap')\n" 2873#endif 2874#ifdef CONFIG_AF_XDP 2875 "-netdev af-xdp,id=str,ifname=name[,mode=native|skb][,force-copy=on|off]\n" 2876 " [,queues=n][,start-queue=m][,inhibit=on|off][,sock-fds=x:y:...:z]\n" 2877 " attach to the existing network interface 'name' with AF_XDP socket\n" 2878 " use 'mode=MODE' to specify an XDP program attach mode\n" 2879 " use 'force-copy=on|off' to force XDP copy mode even if device supports zero-copy (default: off)\n" 2880 " use 'inhibit=on|off' to inhibit loading of a default XDP program (default: off)\n" 2881 " with inhibit=on,\n" 2882 " use 'sock-fds' to provide file descriptors for already open AF_XDP sockets\n" 2883 " added to a socket map in XDP program. One socket per queue.\n" 2884 " use 'queues=n' to specify how many queues of a multiqueue interface should be used\n" 2885 " use 'start-queue=m' to specify the first queue that should be used\n" 2886#endif 2887#ifdef CONFIG_POSIX 2888 "-netdev vhost-user,id=str,chardev=dev[,vhostforce=on|off]\n" 2889 " configure a vhost-user network, backed by a chardev 'dev'\n" 2890#endif 2891#ifdef __linux__ 2892 "-netdev vhost-vdpa,id=str[,vhostdev=/path/to/dev][,vhostfd=h]\n" 2893 " configure a vhost-vdpa network,Establish a vhost-vdpa netdev\n" 2894 " use 'vhostdev=/path/to/dev' to open a vhost vdpa device\n" 2895 " use 'vhostfd=h' to connect to an already opened vhost vdpa device\n" 2896#endif 2897#ifdef CONFIG_VMNET 2898 "-netdev vmnet-host,id=str[,isolated=on|off][,net-uuid=uuid]\n" 2899 " [,start-address=addr,end-address=addr,subnet-mask=mask]\n" 2900 " configure a vmnet network backend in host mode with ID 'str',\n" 2901 " isolate this interface from others with 'isolated',\n" 2902 " configure the address range and choose a subnet mask,\n" 2903 " specify network UUID 'uuid' to disable DHCP and interact with\n" 2904 " vmnet-host interfaces within this isolated network\n" 2905 "-netdev vmnet-shared,id=str[,isolated=on|off][,nat66-prefix=addr]\n" 2906 " [,start-address=addr,end-address=addr,subnet-mask=mask]\n" 2907 " configure a vmnet network backend in shared mode with ID 'str',\n" 2908 " configure the address range and choose a subnet mask,\n" 2909 " set IPv6 ULA prefix (of length 64) to use for internal network,\n" 2910 " isolate this interface from others with 'isolated'\n" 2911 "-netdev vmnet-bridged,id=str,ifname=name[,isolated=on|off]\n" 2912 " configure a vmnet network backend in bridged mode with ID 'str',\n" 2913 " use 'ifname=name' to select a physical network interface to be bridged,\n" 2914 " isolate this interface from others with 'isolated'\n" 2915#endif 2916 "-netdev hubport,id=str,hubid=n[,netdev=nd]\n" 2917 " configure a hub port on the hub with ID 'n'\n", QEMU_ARCH_ALL) 2918DEF("nic", HAS_ARG, QEMU_OPTION_nic, 2919 "-nic [tap|bridge|" 2920#ifdef CONFIG_SLIRP 2921 "user|" 2922#endif 2923#ifdef __linux__ 2924 "l2tpv3|" 2925#endif 2926#ifdef CONFIG_VDE 2927 "vde|" 2928#endif 2929#ifdef CONFIG_NETMAP 2930 "netmap|" 2931#endif 2932#ifdef CONFIG_AF_XDP 2933 "af-xdp|" 2934#endif 2935#ifdef CONFIG_POSIX 2936 "vhost-user|" 2937#endif 2938#ifdef CONFIG_VMNET 2939 "vmnet-host|vmnet-shared|vmnet-bridged|" 2940#endif 2941 "socket][,option][,...][mac=macaddr]\n" 2942 " initialize an on-board / default host NIC (using MAC address\n" 2943 " macaddr) and connect it to the given host network backend\n" 2944 "-nic none use it alone to have zero network devices (the default is to\n" 2945 " provided a 'user' network connection)\n", 2946 QEMU_ARCH_ALL) 2947DEF("net", HAS_ARG, QEMU_OPTION_net, 2948 "-net nic[,macaddr=mac][,model=type][,name=str][,addr=str][,vectors=v]\n" 2949 " configure or create an on-board (or machine default) NIC and\n" 2950 " connect it to hub 0 (please use -nic unless you need a hub)\n" 2951 "-net [" 2952#ifdef CONFIG_SLIRP 2953 "user|" 2954#endif 2955 "tap|" 2956 "bridge|" 2957#ifdef CONFIG_VDE 2958 "vde|" 2959#endif 2960#ifdef CONFIG_NETMAP 2961 "netmap|" 2962#endif 2963#ifdef CONFIG_AF_XDP 2964 "af-xdp|" 2965#endif 2966#ifdef CONFIG_VMNET 2967 "vmnet-host|vmnet-shared|vmnet-bridged|" 2968#endif 2969 "socket][,option][,option][,...]\n" 2970 " old way to initialize a host network interface\n" 2971 " (use the -netdev option if possible instead)\n", QEMU_ARCH_ALL) 2972SRST 2973``-nic [tap|bridge|user|l2tpv3|vde|netmap|af-xdp|vhost-user|socket][,...][,mac=macaddr][,model=mn]`` 2974 This option is a shortcut for configuring both the on-board 2975 (default) guest NIC hardware and the host network backend in one go. 2976 The host backend options are the same as with the corresponding 2977 ``-netdev`` options below. The guest NIC model can be set with 2978 ``model=modelname``. Use ``model=help`` to list the available device 2979 types. The hardware MAC address can be set with ``mac=macaddr``. 2980 2981 The following two example do exactly the same, to show how ``-nic`` 2982 can be used to shorten the command line length: 2983 2984 .. parsed-literal:: 2985 2986 |qemu_system| -netdev user,id=n1,ipv6=off -device e1000,netdev=n1,mac=52:54:98:76:54:32 2987 |qemu_system| -nic user,ipv6=off,model=e1000,mac=52:54:98:76:54:32 2988 2989``-nic none`` 2990 Indicate that no network devices should be configured. It is used to 2991 override the default configuration (default NIC with "user" host 2992 network backend) which is activated if no other networking options 2993 are provided. 2994 2995``-netdev user,id=id[,option][,option][,...]`` 2996 Configure user mode host network backend which requires no 2997 administrator privilege to run. Valid options are: 2998 2999 ``id=id`` 3000 Assign symbolic name for use in monitor commands. 3001 3002 ``ipv4=on|off and ipv6=on|off`` 3003 Specify that either IPv4 or IPv6 must be enabled. If neither is 3004 specified both protocols are enabled. 3005 3006 ``net=addr[/mask]`` 3007 Set IP network address the guest will see. Optionally specify 3008 the netmask, either in the form a.b.c.d or as number of valid 3009 top-most bits. Default is 10.0.2.0/24. 3010 3011 ``host=addr`` 3012 Specify the guest-visible address of the host. Default is the 3013 2nd IP in the guest network, i.e. x.x.x.2. 3014 3015 ``ipv6-net=addr[/int]`` 3016 Set IPv6 network address the guest will see (default is 3017 fec0::/64). The network prefix is given in the usual hexadecimal 3018 IPv6 address notation. The prefix size is optional, and is given 3019 as the number of valid top-most bits (default is 64). 3020 3021 ``ipv6-host=addr`` 3022 Specify the guest-visible IPv6 address of the host. Default is 3023 the 2nd IPv6 in the guest network, i.e. xxxx::2. 3024 3025 ``restrict=on|off`` 3026 If this option is enabled, the guest will be isolated, i.e. it 3027 will not be able to contact the host and no guest IP packets 3028 will be routed over the host to the outside. This option does 3029 not affect any explicitly set forwarding rules. 3030 3031 ``hostname=name`` 3032 Specifies the client hostname reported by the built-in DHCP 3033 server. 3034 3035 ``dhcpstart=addr`` 3036 Specify the first of the 16 IPs the built-in DHCP server can 3037 assign. Default is the 15th to 31st IP in the guest network, 3038 i.e. x.x.x.15 to x.x.x.31. 3039 3040 ``dns=addr`` 3041 Specify the guest-visible address of the virtual nameserver. The 3042 address must be different from the host address. Default is the 3043 3rd IP in the guest network, i.e. x.x.x.3. 3044 3045 ``ipv6-dns=addr`` 3046 Specify the guest-visible address of the IPv6 virtual 3047 nameserver. The address must be different from the host address. 3048 Default is the 3rd IP in the guest network, i.e. xxxx::3. 3049 3050 ``dnssearch=domain`` 3051 Provides an entry for the domain-search list sent by the 3052 built-in DHCP server. More than one domain suffix can be 3053 transmitted by specifying this option multiple times. If 3054 supported, this will cause the guest to automatically try to 3055 append the given domain suffix(es) in case a domain name can not 3056 be resolved. 3057 3058 Example: 3059 3060 .. parsed-literal:: 3061 3062 |qemu_system| -nic user,dnssearch=mgmt.example.org,dnssearch=example.org 3063 3064 ``domainname=domain`` 3065 Specifies the client domain name reported by the built-in DHCP 3066 server. 3067 3068 ``tftp=dir`` 3069 When using the user mode network stack, activate a built-in TFTP 3070 server. The files in dir will be exposed as the root of a TFTP 3071 server. The TFTP client on the guest must be configured in 3072 binary mode (use the command ``bin`` of the Unix TFTP client). 3073 The built-in TFTP server is read-only; it does not implement any 3074 command for writing files. QEMU will not write to this directory. 3075 3076 ``tftp-server-name=name`` 3077 In BOOTP reply, broadcast name as the "TFTP server name" 3078 (RFC2132 option 66). This can be used to advise the guest to 3079 load boot files or configurations from a different server than 3080 the host address. 3081 3082 ``bootfile=file`` 3083 When using the user mode network stack, broadcast file as the 3084 BOOTP filename. In conjunction with ``tftp``, this can be used 3085 to network boot a guest from a local directory. 3086 3087 Example (using pxelinux): 3088 3089 .. parsed-literal:: 3090 3091 |qemu_system| -hda linux.img -boot n -device e1000,netdev=n1 \\ 3092 -netdev user,id=n1,tftp=/path/to/tftp/files,bootfile=/pxelinux.0 3093 3094 ``smb=dir[,smbserver=addr]`` 3095 When using the user mode network stack, activate a built-in SMB 3096 server so that Windows OSes can access to the host files in 3097 ``dir`` transparently. The IP address of the SMB server can be 3098 set to addr. By default the 4th IP in the guest network is used, 3099 i.e. x.x.x.4. 3100 3101 In the guest Windows OS, the line: 3102 3103 :: 3104 3105 10.0.2.4 smbserver 3106 3107 must be added in the file ``C:\WINDOWS\LMHOSTS`` (for windows 3108 9x/Me) or ``C:\WINNT\SYSTEM32\DRIVERS\ETC\LMHOSTS`` (Windows 3109 NT/2000). 3110 3111 Then ``dir`` can be accessed in ``\\smbserver\qemu``. 3112 3113 Note that a SAMBA server must be installed on the host OS. 3114 3115 ``hostfwd=[tcp|udp]:[hostaddr]:hostport-[guestaddr]:guestport`` 3116 Redirect incoming TCP or UDP connections to the host port 3117 hostport to the guest IP address guestaddr on guest port 3118 guestport. If guestaddr is not specified, its value is x.x.x.15 3119 (default first address given by the built-in DHCP server). By 3120 specifying hostaddr, the rule can be bound to a specific host 3121 interface. If no connection type is set, TCP is used. This 3122 option can be given multiple times. 3123 3124 For example, to redirect host X11 connection from screen 1 to 3125 guest screen 0, use the following: 3126 3127 .. parsed-literal:: 3128 3129 # on the host 3130 |qemu_system| -nic user,hostfwd=tcp:127.0.0.1:6001-:6000 3131 # this host xterm should open in the guest X11 server 3132 xterm -display :1 3133 3134 To redirect telnet connections from host port 5555 to telnet 3135 port on the guest, use the following: 3136 3137 .. parsed-literal:: 3138 3139 # on the host 3140 |qemu_system| -nic user,hostfwd=tcp::5555-:23 3141 telnet localhost 5555 3142 3143 Then when you use on the host ``telnet localhost 5555``, you 3144 connect to the guest telnet server. 3145 3146 ``guestfwd=[tcp]:server:port-dev``; \ ``guestfwd=[tcp]:server:port-cmd:command`` 3147 Forward guest TCP connections to the IP address server on port 3148 port to the character device dev or to a program executed by 3149 cmd:command which gets spawned for each connection. This option 3150 can be given multiple times. 3151 3152 You can either use a chardev directly and have that one used 3153 throughout QEMU's lifetime, like in the following example: 3154 3155 .. parsed-literal:: 3156 3157 # open 10.10.1.1:4321 on bootup, connect 10.0.2.100:1234 to it whenever 3158 # the guest accesses it 3159 |qemu_system| -nic user,guestfwd=tcp:10.0.2.100:1234-tcp:10.10.1.1:4321 3160 3161 Or you can execute a command on every TCP connection established 3162 by the guest, so that QEMU behaves similar to an inetd process 3163 for that virtual server: 3164 3165 .. parsed-literal:: 3166 3167 # call "netcat 10.10.1.1 4321" on every TCP connection to 10.0.2.100:1234 3168 # and connect the TCP stream to its stdin/stdout 3169 |qemu_system| -nic 'user,id=n1,guestfwd=tcp:10.0.2.100:1234-cmd:netcat 10.10.1.1 4321' 3170 3171``-netdev tap,id=id[,fd=h][,ifname=name][,script=file][,downscript=dfile][,br=bridge][,helper=helper]`` 3172 Configure a host TAP network backend with ID id. 3173 3174 Use the network script file to configure it and the network script 3175 dfile to deconfigure it. If name is not provided, the OS 3176 automatically provides one. The default network configure script is 3177 ``/etc/qemu-ifup`` and the default network deconfigure script is 3178 ``/etc/qemu-ifdown``. Use ``script=no`` or ``downscript=no`` to 3179 disable script execution. 3180 3181 If running QEMU as an unprivileged user, use the network helper 3182 to configure the TAP interface and attach it to the bridge. 3183 The default network helper executable is 3184 ``/path/to/qemu-bridge-helper`` and the default bridge device is 3185 ``br0``. 3186 3187 ``fd``\ =h can be used to specify the handle of an already opened 3188 host TAP interface. 3189 3190 Examples: 3191 3192 .. parsed-literal:: 3193 3194 #launch a QEMU instance with the default network script 3195 |qemu_system| linux.img -nic tap 3196 3197 .. parsed-literal:: 3198 3199 #launch a QEMU instance with two NICs, each one connected 3200 #to a TAP device 3201 |qemu_system| linux.img \\ 3202 -netdev tap,id=nd0,ifname=tap0 -device e1000,netdev=nd0 \\ 3203 -netdev tap,id=nd1,ifname=tap1 -device rtl8139,netdev=nd1 3204 3205 .. parsed-literal:: 3206 3207 #launch a QEMU instance with the default network helper to 3208 #connect a TAP device to bridge br0 3209 |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \\ 3210 -netdev tap,id=n1,"helper=/path/to/qemu-bridge-helper" 3211 3212``-netdev bridge,id=id[,br=bridge][,helper=helper]`` 3213 Connect a host TAP network interface to a host bridge device. 3214 3215 Use the network helper helper to configure the TAP interface and 3216 attach it to the bridge. The default network helper executable is 3217 ``/path/to/qemu-bridge-helper`` and the default bridge device is 3218 ``br0``. 3219 3220 Examples: 3221 3222 .. parsed-literal:: 3223 3224 #launch a QEMU instance with the default network helper to 3225 #connect a TAP device to bridge br0 3226 |qemu_system| linux.img -netdev bridge,id=n1 -device virtio-net,netdev=n1 3227 3228 .. parsed-literal:: 3229 3230 #launch a QEMU instance with the default network helper to 3231 #connect a TAP device to bridge qemubr0 3232 |qemu_system| linux.img -netdev bridge,br=qemubr0,id=n1 -device virtio-net,netdev=n1 3233 3234``-netdev socket,id=id[,fd=h][,listen=[host]:port][,connect=host:port]`` 3235 This host network backend can be used to connect the guest's network 3236 to another QEMU virtual machine using a TCP socket connection. If 3237 ``listen`` is specified, QEMU waits for incoming connections on port 3238 (host is optional). ``connect`` is used to connect to another QEMU 3239 instance using the ``listen`` option. ``fd``\ =h specifies an 3240 already opened TCP socket. 3241 3242 Example: 3243 3244 .. parsed-literal:: 3245 3246 # launch a first QEMU instance 3247 |qemu_system| linux.img \\ 3248 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\ 3249 -netdev socket,id=n1,listen=:1234 3250 # connect the network of this instance to the network of the first instance 3251 |qemu_system| linux.img \\ 3252 -device e1000,netdev=n2,mac=52:54:00:12:34:57 \\ 3253 -netdev socket,id=n2,connect=127.0.0.1:1234 3254 3255``-netdev socket,id=id[,fd=h][,mcast=maddr:port[,localaddr=addr]]`` 3256 Configure a socket host network backend to share the guest's network 3257 traffic with another QEMU virtual machines using a UDP multicast 3258 socket, effectively making a bus for every QEMU with same multicast 3259 address maddr and port. NOTES: 3260 3261 1. Several QEMU can be running on different hosts and share same bus 3262 (assuming correct multicast setup for these hosts). 3263 3264 2. mcast support is compatible with User Mode Linux (argument 3265 ``ethN=mcast``), see http://user-mode-linux.sf.net. 3266 3267 3. Use ``fd=h`` to specify an already opened UDP multicast socket. 3268 3269 Example: 3270 3271 .. parsed-literal:: 3272 3273 # launch one QEMU instance 3274 |qemu_system| linux.img \\ 3275 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\ 3276 -netdev socket,id=n1,mcast=230.0.0.1:1234 3277 # launch another QEMU instance on same "bus" 3278 |qemu_system| linux.img \\ 3279 -device e1000,netdev=n2,mac=52:54:00:12:34:57 \\ 3280 -netdev socket,id=n2,mcast=230.0.0.1:1234 3281 # launch yet another QEMU instance on same "bus" 3282 |qemu_system| linux.img \\ 3283 -device e1000,netdev=n3,mac=52:54:00:12:34:58 \\ 3284 -netdev socket,id=n3,mcast=230.0.0.1:1234 3285 3286 Example (User Mode Linux compat.): 3287 3288 .. parsed-literal:: 3289 3290 # launch QEMU instance (note mcast address selected is UML's default) 3291 |qemu_system| linux.img \\ 3292 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\ 3293 -netdev socket,id=n1,mcast=239.192.168.1:1102 3294 # launch UML 3295 /path/to/linux ubd0=/path/to/root_fs eth0=mcast 3296 3297 Example (send packets from host's 1.2.3.4): 3298 3299 .. parsed-literal:: 3300 3301 |qemu_system| linux.img \\ 3302 -device e1000,netdev=n1,mac=52:54:00:12:34:56 \\ 3303 -netdev socket,id=n1,mcast=239.192.168.1:1102,localaddr=1.2.3.4 3304 3305``-netdev stream,id=str[,server=on|off],addr.type=inet,addr.host=host,addr.port=port[,to=maxport][,numeric=on|off][,keep-alive=on|off][,mptcp=on|off][,addr.ipv4=on|off][,addr.ipv6=on|off][,reconnect-ms=milliseconds]`` 3306 Configure a network backend to connect to another QEMU virtual machine or a proxy using a TCP/IP socket. 3307 3308 ``server=on|off`` 3309 if ``on`` create a server socket 3310 3311 ``addr.host=host,addr.port=port`` 3312 socket address to listen on (server=on) or connect to (server=off) 3313 3314 ``to=maxport`` 3315 if present, this is range of possible addresses, with port between ``port`` and ``maxport``. 3316 3317 ``numeric=on|off`` 3318 if ``on`` ``host`` and ``port`` are guaranteed to be numeric, otherwise a name resolution should be attempted (default: ``off``) 3319 3320 ``keep-alive=on|off`` 3321 enable keep-alive when connecting to this socket. Not supported for passive sockets. 3322 3323 ``mptcp=on|off`` 3324 enable multipath TCP 3325 3326 ``ipv4=on|off`` 3327 whether to accept IPv4 addresses, default to try both IPv4 and IPv6 3328 3329 ``ipv6=on|off`` 3330 whether to accept IPv6 addresses, default to try both IPv4 and IPv6 3331 3332 ``reconnect-ms=milliseconds`` 3333 for a client socket, if a socket is disconnected, then attempt a reconnect after the given number of milliseconds. 3334 Setting this to zero disables this function. (default: 0) 3335 3336 Example (two guests connected using a TCP/IP socket): 3337 3338 .. parsed-literal:: 3339 3340 # first VM 3341 |qemu_system| linux.img \\ 3342 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\ 3343 -netdev stream,id=net0,server=on,addr.type=inet,addr.host=localhost,addr.port=1234 3344 # second VM 3345 |qemu_system| linux.img \\ 3346 -device virtio-net,netdev=net0,mac=52:54:00:12:34:57 \\ 3347 -netdev stream,id=net0,server=off,addr.type=inet,addr.host=localhost,addr.port=1234,reconnect-ms=5000 3348 3349``-netdev stream,id=str[,server=on|off],addr.type=unix,addr.path=path[,abstract=on|off][,tight=on|off][,reconnect-ms=milliseconds]`` 3350 Configure a network backend to connect to another QEMU virtual machine or a proxy using a stream oriented unix domain socket. 3351 3352 ``server=on|off`` 3353 if ``on`` create a server socket 3354 3355 ``addr.path=path`` 3356 filesystem path to use 3357 3358 ``abstract=on|off`` 3359 if ``on``, this is a Linux abstract socket address. 3360 3361 ``tight=on|off`` 3362 if false, pad an abstract socket address with enough null bytes to make it fill struct sockaddr_un member sun_path. 3363 3364 ``reconnect-ms=milliseconds`` 3365 for a client socket, if a socket is disconnected, then attempt a reconnect after the given number of milliseconds. 3366 Setting this to zero disables this function. (default: 0) 3367 3368 Example (using passt as a replacement of -netdev user): 3369 3370 .. parsed-literal:: 3371 3372 # start passt server as a non privileged user 3373 passt 3374 UNIX domain socket bound at /tmp/passt_1.socket 3375 # start QEMU to connect to passt 3376 |qemu_system| linux.img \\ 3377 -device virtio-net,netdev=net0 \\ 3378 -netdev stream,id=net0,server=off,addr.type=unix,addr.path=/tmp/passt_1.socket 3379 3380 Example (two guests connected using a stream oriented unix domain socket): 3381 3382 .. parsed-literal:: 3383 3384 # first VM 3385 |qemu_system| linux.img \\ 3386 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\ 3387 netdev stream,id=net0,server=on,addr.type=unix,addr.path=/tmp/qemu0 3388 # second VM 3389 |qemu_system| linux.img \\ 3390 -device virtio-net,netdev=net0,mac=52:54:00:12:34:57 \\ 3391 -netdev stream,id=net0,server=off,addr.type=unix,addr.path=/tmp/qemu0,reconnect-ms=5000 3392 3393``-netdev stream,id=str[,server=on|off],addr.type=fd,addr.str=file-descriptor[,reconnect-ms=milliseconds]`` 3394 Configure a network backend to connect to another QEMU virtual machine or a proxy using a stream oriented socket file descriptor. 3395 3396 ``server=on|off`` 3397 if ``on`` create a server socket 3398 3399 ``addr.str=file-descriptor`` 3400 file descriptor number to use as a socket 3401 3402 ``reconnect-ms=milliseconds`` 3403 for a client socket, if a socket is disconnected, then attempt a reconnect after the given number of milliseconds. 3404 Setting this to zero disables this function. (default: 0) 3405 3406``-netdev dgram,id=str,remote.type=inet,remote.host=maddr,remote.port=port[,local.type=inet,local.host=addr]`` 3407 Configure a network backend to connect to a multicast address. 3408 3409 ``remote.host=maddr,remote.port=port`` 3410 multicast address 3411 3412 ``local.host=addr`` 3413 specify the host address to send packets from 3414 3415 Example: 3416 3417 .. parsed-literal:: 3418 3419 # launch one QEMU instance 3420 |qemu_system| linux.img \\ 3421 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\ 3422 -netdev dgram,id=net0,remote.type=inet,remote.host=224.0.0.1,remote.port=1234 3423 # launch another QEMU instance on same "bus" 3424 |qemu_system| linux.img \\ 3425 -device virtio-net,netdev=net0,mac=52:54:00:12:34:57 \\ 3426 -netdev dgram,id=net0,remote.type=inet,remote.host=224.0.0.1,remote.port=1234 3427 # launch yet another QEMU instance on same "bus" 3428 |qemu_system| linux.img \\ 3429 -device virtio-net,netdev=net0,mac=52:54:00:12:34:58 \\ 3430 -netdev dgram,id=net0,remote.type=inet,remote.host=224.0.0.1,remote.port=1234 3431 3432``-netdev dgram,id=str,remote.type=inet,remote.host=maddr,remote.port=port[,local.type=fd,local.str=file-descriptor]`` 3433 Configure a network backend to connect to a multicast address using a UDP socket file descriptor. 3434 3435 ``remote.host=maddr,remote.port=port`` 3436 multicast address 3437 3438 ``local.str=file-descriptor`` 3439 File descriptor to use to send packets 3440 3441``-netdev dgram,id=str,local.type=inet,local.host=addr,local.port=port[,remote.type=inet,remote.host=addr,remote.port=port]`` 3442 Configure a network backend to connect to another QEMU virtual 3443 machine or a proxy using a datagram oriented unix domain socket. 3444 3445 ``local.host=addr,local.port=port`` 3446 IP address to use to send the packets from 3447 3448 ``remote.host=addr,remote.port=port`` 3449 Destination IP address 3450 3451 Example (two guests connected using an UDP/IP socket): 3452 3453 .. parsed-literal:: 3454 3455 # first VM 3456 |qemu_system| linux.img \\ 3457 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\ 3458 -netdev dgram,id=net0,local.type=inet,local.host=localhost,local.port=1234,remote.type=inet,remote.host=localhost,remote.port=1235 3459 # second VM 3460 |qemu_system| linux.img \\ 3461 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\ 3462 -netdev dgram,id=net0,local.type=inet,local.host=localhost,local.port=1235,remote.type=inet,remote.host=localhost,remote.port=1234 3463 3464``-netdev dgram,id=str,local.type=unix,local.path=path[,remote.type=unix,remote.path=path]`` 3465 Configure a network backend to connect to another QEMU virtual 3466 machine or a proxy using a datagram oriented unix socket. 3467 3468 ``local.path=path`` 3469 filesystem path to use to bind the socket 3470 3471 ``remote.path=path`` 3472 filesystem path to use as a destination (see sendto(2)) 3473 3474 Example (two guests connected using an UDP/UNIX socket): 3475 3476 .. parsed-literal:: 3477 3478 # first VM 3479 |qemu_system| linux.img \\ 3480 -device virtio-net,netdev=net0,mac=52:54:00:12:34:56 \\ 3481 -netdev dgram,id=net0,local.type=unix,local.path=/tmp/qemu0,remote.type=unix,remote.path=/tmp/qemu1 3482 # second VM 3483 |qemu_system| linux.img \\ 3484 -device virtio-net,netdev=net0,mac=52:54:00:12:34:57 \\ 3485 -netdev dgram,id=net0,local.type=unix,local.path=/tmp/qemu1,remote.type=unix,remote.path=/tmp/qemu0 3486 3487``-netdev dgram,id=str,local.type=fd,local.str=file-descriptor`` 3488 Configure a network backend to connect to another QEMU virtual 3489 machine or a proxy using a datagram oriented socket file descriptor. 3490 3491 ``local.str=file-descriptor`` 3492 File descriptor to use to send packets 3493 3494``-netdev l2tpv3,id=id,src=srcaddr,dst=dstaddr[,srcport=srcport][,dstport=dstport],txsession=txsession[,rxsession=rxsession][,ipv6=on|off][,udp=on|off][,cookie64=on|off][,counter=on|off][,pincounter=on|off][,txcookie=txcookie][,rxcookie=rxcookie][,offset=offset]`` 3495 Configure a L2TPv3 pseudowire host network backend. L2TPv3 (RFC3931) 3496 is a popular protocol to transport Ethernet (and other Layer 2) data 3497 frames between two systems. It is present in routers, firewalls and 3498 the Linux kernel (from version 3.3 onwards). 3499 3500 This transport allows a VM to communicate to another VM, router or 3501 firewall directly. 3502 3503 ``src=srcaddr`` 3504 source address (mandatory) 3505 3506 ``dst=dstaddr`` 3507 destination address (mandatory) 3508 3509 ``udp=on`` 3510 select udp encapsulation (default is ip). 3511 3512 ``srcport=srcport`` 3513 source udp port. 3514 3515 ``dstport=dstport`` 3516 destination udp port. 3517 3518 ``ipv6=on`` 3519 force v6, otherwise defaults to v4. 3520 3521 ``rxcookie=rxcookie``; \ ``txcookie=txcookie`` 3522 Cookies are a weak form of security in the l2tpv3 specification. 3523 Their function is mostly to prevent misconfiguration. By default 3524 they are 32 bit. 3525 3526 ``cookie64=on`` 3527 Set cookie size to 64 bit instead of the default 32 3528 3529 ``counter=off`` 3530 Force a 'cut-down' L2TPv3 with no counter as in 3531 draft-mkonstan-l2tpext-keyed-ipv6-tunnel-00 3532 3533 ``pincounter=on`` 3534 Work around broken counter handling in peer. This may also help 3535 on networks which have packet reorder. 3536 3537 ``offset=offset`` 3538 Add an extra offset between header and data 3539 3540 For example, to attach a VM running on host 4.3.2.1 via L2TPv3 to 3541 the bridge br-lan on the remote Linux host 1.2.3.4: 3542 3543 .. parsed-literal:: 3544 3545 # Setup tunnel on linux host using raw ip as encapsulation 3546 # on 1.2.3.4 3547 ip l2tp add tunnel remote 4.3.2.1 local 1.2.3.4 tunnel_id 1 peer_tunnel_id 1 \\ 3548 encap udp udp_sport 16384 udp_dport 16384 3549 ip l2tp add session tunnel_id 1 name vmtunnel0 session_id \\ 3550 0xFFFFFFFF peer_session_id 0xFFFFFFFF 3551 ifconfig vmtunnel0 mtu 1500 3552 ifconfig vmtunnel0 up 3553 brctl addif br-lan vmtunnel0 3554 3555 3556 # on 4.3.2.1 3557 # launch QEMU instance - if your network has reorder or is very lossy add ,pincounter 3558 3559 |qemu_system| linux.img -device e1000,netdev=n1 \\ 3560 -netdev l2tpv3,id=n1,src=4.2.3.1,dst=1.2.3.4,udp=on,srcport=16384,dstport=16384,rxsession=0xffffffff,txsession=0xffffffff,counter=on 3561 3562``-netdev vde,id=id[,sock=socketpath][,port=n][,group=groupname][,mode=octalmode]`` 3563 Configure VDE backend to connect to PORT n of a vde switch running 3564 on host and listening for incoming connections on socketpath. Use 3565 GROUP groupname and MODE octalmode to change default ownership and 3566 permissions for communication port. This option is only available if 3567 QEMU has been compiled with vde support enabled. 3568 3569 Example: 3570 3571 .. parsed-literal:: 3572 3573 # launch vde switch 3574 vde_switch -F -sock /tmp/myswitch 3575 # launch QEMU instance 3576 |qemu_system| linux.img -nic vde,sock=/tmp/myswitch 3577 3578``-netdev af-xdp,id=str,ifname=name[,mode=native|skb][,force-copy=on|off][,queues=n][,start-queue=m][,inhibit=on|off][,sock-fds=x:y:...:z]`` 3579 Configure AF_XDP backend to connect to a network interface 'name' 3580 using AF_XDP socket. A specific program attach mode for a default 3581 XDP program can be forced with 'mode', defaults to best-effort, 3582 where the likely most performant mode will be in use. Number of queues 3583 'n' should generally match the number or queues in the interface, 3584 defaults to 1. Traffic arriving on non-configured device queues will 3585 not be delivered to the network backend. 3586 3587 .. parsed-literal:: 3588 3589 # set number of queues to 4 3590 ethtool -L eth0 combined 4 3591 # launch QEMU instance 3592 |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \\ 3593 -netdev af-xdp,id=n1,ifname=eth0,queues=4 3594 3595 'start-queue' option can be specified if a particular range of queues 3596 [m, m + n] should be in use. For example, this is may be necessary in 3597 order to use certain NICs in native mode. Kernel allows the driver to 3598 create a separate set of XDP queues on top of regular ones, and only 3599 these queues can be used for AF_XDP sockets. NICs that work this way 3600 may also require an additional traffic redirection with ethtool to these 3601 special queues. 3602 3603 .. parsed-literal:: 3604 3605 # set number of queues to 1 3606 ethtool -L eth0 combined 1 3607 # redirect all the traffic to the second queue (id: 1) 3608 # note: drivers may require non-empty key/mask pair. 3609 ethtool -N eth0 flow-type ether \\ 3610 dst 00:00:00:00:00:00 m FF:FF:FF:FF:FF:FE action 1 3611 ethtool -N eth0 flow-type ether \\ 3612 dst 00:00:00:00:00:01 m FF:FF:FF:FF:FF:FE action 1 3613 # launch QEMU instance 3614 |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \\ 3615 -netdev af-xdp,id=n1,ifname=eth0,queues=1,start-queue=1 3616 3617 XDP program can also be loaded externally. In this case 'inhibit' option 3618 should be set to 'on' and 'sock-fds' provided with file descriptors for 3619 already open but not bound XDP sockets already added to a socket map for 3620 corresponding queues. One socket per queue. 3621 3622 .. parsed-literal:: 3623 3624 |qemu_system| linux.img -device virtio-net-pci,netdev=n1 \\ 3625 -netdev af-xdp,id=n1,ifname=eth0,queues=3,inhibit=on,sock-fds=15:16:17 3626 3627``-netdev vhost-user,chardev=id[,vhostforce=on|off][,queues=n]`` 3628 Establish a vhost-user netdev, backed by a chardev id. The chardev 3629 should be a unix domain socket backed one. The vhost-user uses a 3630 specifically defined protocol to pass vhost ioctl replacement 3631 messages to an application on the other end of the socket. On 3632 non-MSIX guests, the feature can be forced with vhostforce. Use 3633 'queues=n' to specify the number of queues to be created for 3634 multiqueue vhost-user. 3635 3636 Example: 3637 3638 :: 3639 3640 qemu -m 512 -object memory-backend-file,id=mem,size=512M,mem-path=/hugetlbfs,share=on \ 3641 -numa node,memdev=mem \ 3642 -chardev socket,id=chr0,path=/path/to/socket \ 3643 -netdev type=vhost-user,id=net0,chardev=chr0 \ 3644 -device virtio-net-pci,netdev=net0 3645 3646``-netdev vhost-vdpa[,vhostdev=/path/to/dev][,vhostfd=h]`` 3647 Establish a vhost-vdpa netdev. 3648 3649 vDPA device is a device that uses a datapath which complies with 3650 the virtio specifications with a vendor specific control path. 3651 vDPA devices can be both physically located on the hardware or 3652 emulated by software. 3653 3654``-netdev hubport,id=id,hubid=hubid[,netdev=nd]`` 3655 Create a hub port on the emulated hub with ID hubid. 3656 3657 The hubport netdev lets you connect a NIC to a QEMU emulated hub 3658 instead of a single netdev. Alternatively, you can also connect the 3659 hubport to another netdev with ID nd by using the ``netdev=nd`` 3660 option. 3661 3662``-net nic[,netdev=nd][,macaddr=mac][,model=type] [,name=name][,addr=addr][,vectors=v]`` 3663 Legacy option to configure or create an on-board (or machine 3664 default) Network Interface Card(NIC) and connect it either to the 3665 emulated hub with ID 0 (i.e. the default hub), or to the netdev nd. 3666 If model is omitted, then the default NIC model associated with the 3667 machine type is used. Note that the default NIC model may change in 3668 future QEMU releases, so it is highly recommended to always specify 3669 a model. Optionally, the MAC address can be changed to mac, the 3670 device address set to addr (PCI cards only), and a name can be 3671 assigned for use in monitor commands. Optionally, for PCI cards, you 3672 can specify the number v of MSI-X vectors that the card should have; 3673 this option currently only affects virtio cards; set v = 0 to 3674 disable MSI-X. If no ``-net`` option is specified, a single NIC is 3675 created. QEMU can emulate several different models of network card. 3676 Use ``-net nic,model=help`` for a list of available devices for your 3677 target. 3678 3679``-net user|tap|bridge|socket|l2tpv3|vde[,...][,name=name]`` 3680 Configure a host network backend (with the options corresponding to 3681 the same ``-netdev`` option) and connect it to the emulated hub 0 3682 (the default hub). Use name to specify the name of the hub port. 3683ERST 3684 3685DEFHEADING() 3686 3687DEFHEADING(Character device options:) 3688 3689DEF("chardev", HAS_ARG, QEMU_OPTION_chardev, 3690 "-chardev help\n" 3691 "-chardev null,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 3692 "-chardev socket,id=id[,host=host],port=port[,to=to][,ipv4=on|off][,ipv6=on|off][,nodelay=on|off]\n" 3693 " [,server=on|off][,wait=on|off][,telnet=on|off][,websocket=on|off][,reconnect-ms=milliseconds][,mux=on|off]\n" 3694 " [,logfile=PATH][,logappend=on|off][,tls-creds=ID][,tls-authz=ID] (tcp)\n" 3695 "-chardev socket,id=id,path=path[,server=on|off][,wait=on|off][,telnet=on|off][,websocket=on|off][,reconnect-ms=milliseconds]\n" 3696 " [,mux=on|off][,logfile=PATH][,logappend=on|off][,abstract=on|off][,tight=on|off] (unix)\n" 3697 "-chardev udp,id=id[,host=host],port=port[,localaddr=localaddr]\n" 3698 " [,localport=localport][,ipv4=on|off][,ipv6=on|off][,mux=on|off]\n" 3699 " [,logfile=PATH][,logappend=on|off]\n" 3700 "-chardev msmouse,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 3701 "-chardev vc,id=id[[,width=width][,height=height]][[,cols=cols][,rows=rows]]\n" 3702 " [,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 3703 "-chardev ringbuf,id=id[,size=size][,logfile=PATH][,logappend=on|off]\n" 3704 "-chardev file,id=id,path=path[,input-path=input-file][,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 3705 "-chardev pipe,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 3706#ifdef _WIN32 3707 "-chardev console,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 3708 "-chardev serial,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 3709#else 3710 "-chardev pty,id=id[,path=path][,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 3711 "-chardev stdio,id=id[,mux=on|off][,signal=on|off][,logfile=PATH][,logappend=on|off]\n" 3712#endif 3713#ifdef CONFIG_BRLAPI 3714 "-chardev braille,id=id[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 3715#endif 3716#if defined(__linux__) || defined(__sun__) || defined(__FreeBSD__) \ 3717 || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) 3718 "-chardev serial,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 3719#endif 3720#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) 3721 "-chardev parallel,id=id,path=path[,mux=on|off][,logfile=PATH][,logappend=on|off]\n" 3722#endif 3723#if defined(CONFIG_SPICE) 3724 "-chardev spicevmc,id=id,name=name[,debug=debug][,logfile=PATH][,logappend=on|off]\n" 3725 "-chardev spiceport,id=id,name=name[,debug=debug][,logfile=PATH][,logappend=on|off]\n" 3726#endif 3727 , QEMU_ARCH_ALL 3728) 3729 3730SRST 3731The general form of a character device option is: 3732 3733``-chardev backend,id=id[,mux=on|off][,options]`` 3734 Backend is one of: ``null``, ``socket``, ``udp``, ``msmouse``, 3735 ``vc``, ``ringbuf``, ``file``, ``pipe``, ``console``, ``serial``, 3736 ``pty``, ``stdio``, ``braille``, ``parallel``, 3737 ``spicevmc``, ``spiceport``. The specific backend will determine the 3738 applicable options. 3739 3740 Use ``-chardev help`` to print all available chardev backend types. 3741 3742 All devices must have an id, which can be any string up to 127 3743 characters long. It is used to uniquely identify this device in 3744 other command line directives. 3745 3746 A character device may be used in multiplexing mode by multiple 3747 front-ends. Specify ``mux=on`` to enable this mode. A multiplexer is 3748 a "1:N" device, and here the "1" end is your specified chardev 3749 backend, and the "N" end is the various parts of QEMU that can talk 3750 to a chardev. If you create a chardev with ``id=myid`` and 3751 ``mux=on``, QEMU will create a multiplexer with your specified ID, 3752 and you can then configure multiple front ends to use that chardev 3753 ID for their input/output. Up to four different front ends can be 3754 connected to a single multiplexed chardev. (Without multiplexing 3755 enabled, a chardev can only be used by a single front end.) For 3756 instance you could use this to allow a single stdio chardev to be 3757 used by two serial ports and the QEMU monitor: 3758 3759 :: 3760 3761 -chardev stdio,mux=on,id=char0 \ 3762 -mon chardev=char0,mode=readline \ 3763 -serial chardev:char0 \ 3764 -serial chardev:char0 3765 3766 You can have more than one multiplexer in a system configuration; 3767 for instance you could have a TCP port multiplexed between UART 0 3768 and UART 1, and stdio multiplexed between the QEMU monitor and a 3769 parallel port: 3770 3771 :: 3772 3773 -chardev stdio,mux=on,id=char0 \ 3774 -mon chardev=char0,mode=readline \ 3775 -parallel chardev:char0 \ 3776 -chardev tcp,...,mux=on,id=char1 \ 3777 -serial chardev:char1 \ 3778 -serial chardev:char1 3779 3780 When you're using a multiplexed character device, some escape 3781 sequences are interpreted in the input. See the chapter about 3782 :ref:`keys in the character backend multiplexer` in the 3783 System Emulation Users Guide for more details. 3784 3785 Note that some other command line options may implicitly create 3786 multiplexed character backends; for instance ``-serial mon:stdio`` 3787 creates a multiplexed stdio backend connected to the serial port and 3788 the QEMU monitor, and ``-nographic`` also multiplexes the console 3789 and the monitor to stdio. 3790 3791 There is currently no support for multiplexing in the other 3792 direction (where a single QEMU front end takes input and output from 3793 multiple chardevs). 3794 3795 Every backend supports the ``logfile`` option, which supplies the 3796 path to a file to record all data transmitted via the backend. The 3797 ``logappend`` option controls whether the log file will be truncated 3798 or appended to when opened. 3799 3800The available backends are: 3801 3802``-chardev null,id=id`` 3803 A void device. This device will not emit any data, and will drop any 3804 data it receives. The null backend does not take any options. 3805 3806``-chardev socket,id=id[,TCP options or unix options][,server=on|off][,wait=on|off][,telnet=on|off][,websocket=on|off][,reconnect-ms=milliseconds][,tls-creds=id][,tls-authz=id]`` 3807 Create a two-way stream socket, which can be either a TCP or a unix 3808 socket. A unix socket will be created if ``path`` is specified. 3809 Behaviour is undefined if TCP options are specified for a unix 3810 socket. 3811 3812 ``server=on|off`` specifies that the socket shall be a listening socket. 3813 3814 ``wait=on|off`` specifies that QEMU should not block waiting for a client 3815 to connect to a listening socket. 3816 3817 ``telnet=on|off`` specifies that traffic on the socket should interpret 3818 telnet escape sequences. 3819 3820 ``websocket=on|off`` specifies that the socket uses WebSocket protocol for 3821 communication. 3822 3823 ``reconnect-ms`` sets the timeout for reconnecting on non-server 3824 sockets when the remote end goes away. qemu will delay this many 3825 milliseconds and then attempt to reconnect. Zero disables reconnecting, 3826 and is the default. 3827 3828 ``tls-creds`` requests enablement of the TLS protocol for 3829 encryption, and specifies the id of the TLS credentials to use for 3830 the handshake. The credentials must be previously created with the 3831 ``-object tls-creds`` argument. 3832 3833 ``tls-auth`` provides the ID of the QAuthZ authorization object 3834 against which the client's x509 distinguished name will be 3835 validated. This object is only resolved at time of use, so can be 3836 deleted and recreated on the fly while the chardev server is active. 3837 If missing, it will default to denying access. 3838 3839 TCP and unix socket options are given below: 3840 3841 ``TCP options: port=port[,host=host][,to=to][,ipv4=on|off][,ipv6=on|off][,nodelay=on|off]`` 3842 ``host`` for a listening socket specifies the local address to 3843 be bound. For a connecting socket species the remote host to 3844 connect to. ``host`` is optional for listening sockets. If not 3845 specified it defaults to ``0.0.0.0``. 3846 3847 ``port`` for a listening socket specifies the local port to be 3848 bound. For a connecting socket specifies the port on the remote 3849 host to connect to. ``port`` can be given as either a port 3850 number or a service name. ``port`` is required. 3851 3852 ``to`` is only relevant to listening sockets. If it is 3853 specified, and ``port`` cannot be bound, QEMU will attempt to 3854 bind to subsequent ports up to and including ``to`` until it 3855 succeeds. ``to`` must be specified as a port number. 3856 3857 ``ipv4=on|off`` and ``ipv6=on|off`` specify that either IPv4 3858 or IPv6 must be used. If neither is specified the socket may 3859 use either protocol. 3860 3861 ``nodelay=on|off`` disables the Nagle algorithm. 3862 3863 ``unix options: path=path[,abstract=on|off][,tight=on|off]`` 3864 ``path`` specifies the local path of the unix socket. ``path`` 3865 is required. 3866 ``abstract=on|off`` specifies the use of the abstract socket namespace, 3867 rather than the filesystem. Optional, defaults to false. 3868 ``tight=on|off`` sets the socket length of abstract sockets to their minimum, 3869 rather than the full sun_path length. Optional, defaults to true. 3870 3871``-chardev udp,id=id[,host=host],port=port[,localaddr=localaddr][,localport=localport][,ipv4=on|off][,ipv6=on|off]`` 3872 Sends all traffic from the guest to a remote host over UDP. 3873 3874 ``host`` specifies the remote host to connect to. If not specified 3875 it defaults to ``localhost``. 3876 3877 ``port`` specifies the port on the remote host to connect to. 3878 ``port`` is required. 3879 3880 ``localaddr`` specifies the local address to bind to. If not 3881 specified it defaults to ``0.0.0.0``. 3882 3883 ``localport`` specifies the local port to bind to. If not specified 3884 any available local port will be used. 3885 3886 ``ipv4=on|off`` and ``ipv6=on|off`` specify that either IPv4 or IPv6 must be used. 3887 If neither is specified the device may use either protocol. 3888 3889``-chardev msmouse,id=id`` 3890 Forward QEMU's emulated msmouse events to the guest. ``msmouse`` 3891 does not take any options. 3892 3893``-chardev vc,id=id[[,width=width][,height=height]][[,cols=cols][,rows=rows]]`` 3894 Connect to a QEMU text console. ``vc`` may optionally be given a 3895 specific size. 3896 3897 ``width`` and ``height`` specify the width and height respectively 3898 of the console, in pixels. 3899 3900 ``cols`` and ``rows`` specify that the console be sized to fit a 3901 text console with the given dimensions. 3902 3903``-chardev ringbuf,id=id[,size=size]`` 3904 Create a ring buffer with fixed size ``size``. size must be a power 3905 of two and defaults to ``64K``. 3906 3907``-chardev file,id=id,path=path[,input-path=input-path]`` 3908 Log all traffic received from the guest to a file. 3909 3910 ``path`` specifies the path of the file to be opened. This file will 3911 be created if it does not already exist, and overwritten if it does. 3912 ``path`` is required. 3913 3914 If ``input-path`` is specified, this is the path of a second file 3915 which will be used for input. If ``input-path`` is not specified, 3916 no input will be available from the chardev. 3917 3918 Note that ``input-path`` is not supported on Windows hosts. 3919 3920``-chardev pipe,id=id,path=path`` 3921 Create a two-way connection to the guest. The behaviour differs 3922 slightly between Windows hosts and other hosts: 3923 3924 On Windows, a single duplex pipe will be created at 3925 ``\\.pipe\path``. 3926 3927 On other hosts, 2 pipes will be created called ``path.in`` and 3928 ``path.out``. Data written to ``path.in`` will be received by the 3929 guest. Data written by the guest can be read from ``path.out``. QEMU 3930 will not create these fifos, and requires them to be present. 3931 3932 ``path`` forms part of the pipe path as described above. ``path`` is 3933 required. 3934 3935``-chardev console,id=id`` 3936 Send traffic from the guest to QEMU's standard output. ``console`` 3937 does not take any options. 3938 3939 ``console`` is only available on Windows hosts. 3940 3941``-chardev serial,id=id,path=path`` 3942 Send traffic from the guest to a serial device on the host. 3943 3944 On Unix hosts serial will actually accept any tty device, not only 3945 serial lines. 3946 3947 ``path`` specifies the name of the serial device to open. 3948 3949``-chardev pty,id=id[,path=path]`` 3950 Create a new pseudo-terminal on the host and connect to it. 3951 3952 ``pty`` is not available on Windows hosts. 3953 3954 If ``path`` is specified, QEMU will create a symbolic link at 3955 that location which points to the new PTY device. 3956 3957 This avoids having to make QMP or HMP monitor queries to find out 3958 what the new PTY device path is. 3959 3960 Note that while QEMU will remove the symlink when it exits 3961 gracefully, it will not do so in case of crashes or on certain 3962 startup errors. It is recommended that the user checks and removes 3963 the symlink after QEMU terminates to account for this. 3964 3965``-chardev stdio,id=id[,signal=on|off]`` 3966 Connect to standard input and standard output of the QEMU process. 3967 3968 ``signal`` controls if signals are enabled on the terminal, that 3969 includes exiting QEMU with the key sequence Control-c. This option 3970 is enabled by default, use ``signal=off`` to disable it. 3971 3972``-chardev braille,id=id`` 3973 Connect to a local BrlAPI server. ``braille`` does not take any 3974 options. 3975 3976``-chardev parallel,id=id,path=path`` 3977 \ 3978 ``parallel`` is only available on Linux, FreeBSD and DragonFlyBSD 3979 hosts. 3980 3981 Connect to a local parallel port. 3982 3983 ``path`` specifies the path to the parallel port device. ``path`` is 3984 required. 3985 3986``-chardev spicevmc,id=id,debug=debug,name=name`` 3987 ``spicevmc`` is only available when spice support is built in. 3988 3989 ``debug`` debug level for spicevmc 3990 3991 ``name`` name of spice channel to connect to 3992 3993 Connect to a spice virtual machine channel, such as vdiport. 3994 3995``-chardev spiceport,id=id,debug=debug,name=name`` 3996 ``spiceport`` is only available when spice support is built in. 3997 3998 ``debug`` debug level for spicevmc 3999 4000 ``name`` name of spice port to connect to 4001 4002 Connect to a spice port, allowing a Spice client to handle the 4003 traffic identified by a name (preferably a fqdn). 4004ERST 4005 4006DEFHEADING() 4007 4008#ifdef CONFIG_TPM 4009DEFHEADING(TPM device options:) 4010 4011DEF("tpmdev", HAS_ARG, QEMU_OPTION_tpmdev, \ 4012 "-tpmdev passthrough,id=id[,path=path][,cancel-path=path]\n" 4013 " use path to provide path to a character device; default is /dev/tpm0\n" 4014 " use cancel-path to provide path to TPM's cancel sysfs entry; if\n" 4015 " not provided it will be searched for in /sys/class/misc/tpm?/device\n" 4016 "-tpmdev emulator,id=id,chardev=dev\n" 4017 " configure the TPM device using chardev backend\n", 4018 QEMU_ARCH_ALL) 4019SRST 4020The general form of a TPM device option is: 4021 4022``-tpmdev backend,id=id[,options]`` 4023 The specific backend type will determine the applicable options. The 4024 ``-tpmdev`` option creates the TPM backend and requires a 4025 ``-device`` option that specifies the TPM frontend interface model. 4026 4027 Use ``-tpmdev help`` to print all available TPM backend types. 4028 4029The available backends are: 4030 4031``-tpmdev passthrough,id=id,path=path,cancel-path=cancel-path`` 4032 (Linux-host only) Enable access to the host's TPM using the 4033 passthrough driver. 4034 4035 ``path`` specifies the path to the host's TPM device, i.e., on a 4036 Linux host this would be ``/dev/tpm0``. ``path`` is optional and by 4037 default ``/dev/tpm0`` is used. 4038 4039 ``cancel-path`` specifies the path to the host TPM device's sysfs 4040 entry allowing for cancellation of an ongoing TPM command. 4041 ``cancel-path`` is optional and by default QEMU will search for the 4042 sysfs entry to use. 4043 4044 Some notes about using the host's TPM with the passthrough driver: 4045 4046 The TPM device accessed by the passthrough driver must not be used 4047 by any other application on the host. 4048 4049 Since the host's firmware (BIOS/UEFI) has already initialized the 4050 TPM, the VM's firmware (BIOS/UEFI) will not be able to initialize 4051 the TPM again and may therefore not show a TPM-specific menu that 4052 would otherwise allow the user to configure the TPM, e.g., allow the 4053 user to enable/disable or activate/deactivate the TPM. Further, if 4054 TPM ownership is released from within a VM then the host's TPM will 4055 get disabled and deactivated. To enable and activate the TPM again 4056 afterwards, the host has to be rebooted and the user is required to 4057 enter the firmware's menu to enable and activate the TPM. If the TPM 4058 is left disabled and/or deactivated most TPM commands will fail. 4059 4060 To create a passthrough TPM use the following two options: 4061 4062 :: 4063 4064 -tpmdev passthrough,id=tpm0 -device tpm-tis,tpmdev=tpm0 4065 4066 Note that the ``-tpmdev`` id is ``tpm0`` and is referenced by 4067 ``tpmdev=tpm0`` in the device option. 4068 4069``-tpmdev emulator,id=id,chardev=dev`` 4070 (Linux-host only) Enable access to a TPM emulator using Unix domain 4071 socket based chardev backend. 4072 4073 ``chardev`` specifies the unique ID of a character device backend 4074 that provides connection to the software TPM server. 4075 4076 To create a TPM emulator backend device with chardev socket backend: 4077 4078 :: 4079 4080 -chardev socket,id=chrtpm,path=/tmp/swtpm-sock -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0 4081ERST 4082 4083DEFHEADING() 4084 4085#endif 4086 4087DEFHEADING(Boot Image or Kernel specific:) 4088SRST 4089There are broadly 4 ways you can boot a system with QEMU. 4090 4091 - specify a firmware and let it control finding a kernel 4092 - specify a firmware and pass a hint to the kernel to boot 4093 - direct kernel image boot 4094 - manually load files into the guest's address space 4095 4096The third method is useful for quickly testing kernels but as there is 4097no firmware to pass configuration information to the kernel the 4098hardware must either be probeable, the kernel built for the exact 4099configuration or passed some configuration data (e.g. a DTB blob) 4100which tells the kernel what drivers it needs. This exact details are 4101often hardware specific. 4102 4103The final method is the most generic way of loading images into the 4104guest address space and used mostly for ``bare metal`` type 4105development where the reset vectors of the processor are taken into 4106account. 4107 4108ERST 4109 4110SRST 4111 4112For x86 machines and some other architectures ``-bios`` will generally 4113do the right thing with whatever it is given. For other machines the 4114more strict ``-pflash`` option needs an image that is sized for the 4115flash device for the given machine type. 4116 4117Please see the :ref:`system-targets-ref` section of the manual for 4118more detailed documentation. 4119 4120ERST 4121 4122DEF("bios", HAS_ARG, QEMU_OPTION_bios, \ 4123 "-bios file set the filename for the BIOS\n", QEMU_ARCH_ALL) 4124SRST 4125``-bios file`` 4126 Set the filename for the BIOS. 4127ERST 4128 4129DEF("pflash", HAS_ARG, QEMU_OPTION_pflash, 4130 "-pflash file use 'file' as a parallel flash image\n", QEMU_ARCH_ALL) 4131SRST 4132``-pflash file`` 4133 Use file as a parallel flash image. 4134ERST 4135 4136SRST 4137 4138The kernel options were designed to work with Linux kernels although 4139other things (like hypervisors) can be packaged up as a kernel 4140executable image. The exact format of a executable image is usually 4141architecture specific. 4142 4143The way in which the kernel is started (what address it is loaded at, 4144what if any information is passed to it via CPU registers, the state 4145of the hardware when it is started, and so on) is also architecture 4146specific. Typically it follows the specification laid down by the 4147Linux kernel for how kernels for that architecture must be started. 4148 4149ERST 4150 4151DEF("kernel", HAS_ARG, QEMU_OPTION_kernel, \ 4152 "-kernel bzImage use 'bzImage' as kernel image\n", QEMU_ARCH_ALL) 4153SRST 4154``-kernel bzImage`` 4155 Use bzImage as kernel image. The kernel can be either a Linux kernel 4156 or in multiboot format. 4157ERST 4158 4159DEF("shim", HAS_ARG, QEMU_OPTION_shim, \ 4160 "-shim shim.efi use 'shim.efi' to boot the kernel\n", QEMU_ARCH_ALL) 4161SRST 4162``-shim shim.efi`` 4163 Use 'shim.efi' to boot the kernel 4164ERST 4165 4166DEF("append", HAS_ARG, QEMU_OPTION_append, \ 4167 "-append cmdline use 'cmdline' as kernel command line\n", QEMU_ARCH_ALL) 4168SRST 4169``-append cmdline`` 4170 Use cmdline as kernel command line 4171ERST 4172 4173DEF("initrd", HAS_ARG, QEMU_OPTION_initrd, \ 4174 "-initrd file use 'file' as initial ram disk\n", QEMU_ARCH_ALL) 4175SRST(initrd) 4176 4177``-initrd file`` 4178 Use file as initial ram disk. 4179 4180``-initrd "file1 arg=foo,file2"`` 4181 This syntax is only available with multiboot. 4182 4183 Use file1 and file2 as modules and pass ``arg=foo`` as parameter to the 4184 first module. Commas can be provided in module parameters by doubling 4185 them on the command line to escape them: 4186 4187``-initrd "bzImage earlyprintk=xen,,keep root=/dev/xvda1,initrd.img"`` 4188 Multiboot only. Use bzImage as the first module with 4189 "``earlyprintk=xen,keep root=/dev/xvda1``" as its command line, 4190 and initrd.img as the second module. 4191 4192ERST 4193 4194DEF("dtb", HAS_ARG, QEMU_OPTION_dtb, \ 4195 "-dtb file use 'file' as device tree image\n", QEMU_ARCH_ALL) 4196SRST 4197``-dtb file`` 4198 Use file as a device tree binary (dtb) image and pass it to the 4199 kernel on boot. 4200ERST 4201 4202SRST 4203 4204Finally you can also manually load images directly into the address 4205space of the guest. This is most useful for developers who already 4206know the layout of their guest and take care to ensure something sane 4207will happen when the reset vector executes. 4208 4209The generic loader can be invoked by using the loader device: 4210 4211``-device loader,addr=<addr>,data=<data>,data-len=<data-len>[,data-be=<data-be>][,cpu-num=<cpu-num>]`` 4212 4213there is also the guest loader which operates in a similar way but 4214tweaks the DTB so a hypervisor loaded via ``-kernel`` can find where 4215the guest image is: 4216 4217``-device guest-loader,addr=<addr>[,kernel=<path>,[bootargs=<arguments>]][,initrd=<path>]`` 4218 4219ERST 4220 4221DEFHEADING() 4222 4223DEFHEADING(Debug/Expert options:) 4224 4225DEF("compat", HAS_ARG, QEMU_OPTION_compat, 4226 "-compat [deprecated-input=accept|reject|crash][,deprecated-output=accept|hide]\n" 4227 " Policy for handling deprecated management interfaces\n" 4228 "-compat [unstable-input=accept|reject|crash][,unstable-output=accept|hide]\n" 4229 " Policy for handling unstable management interfaces\n", 4230 QEMU_ARCH_ALL) 4231SRST 4232``-compat [deprecated-input=@var{input-policy}][,deprecated-output=@var{output-policy}]`` 4233 Set policy for handling deprecated management interfaces (experimental): 4234 4235 ``deprecated-input=accept`` (default) 4236 Accept deprecated commands and arguments 4237 ``deprecated-input=reject`` 4238 Reject deprecated commands and arguments 4239 ``deprecated-input=crash`` 4240 Crash on deprecated commands and arguments 4241 ``deprecated-output=accept`` (default) 4242 Emit deprecated command results and events 4243 ``deprecated-output=hide`` 4244 Suppress deprecated command results and events 4245 4246 Limitation: covers only syntactic aspects of QMP. 4247 4248``-compat [unstable-input=@var{input-policy}][,unstable-output=@var{output-policy}]`` 4249 Set policy for handling unstable management interfaces (experimental): 4250 4251 ``unstable-input=accept`` (default) 4252 Accept unstable commands and arguments 4253 ``unstable-input=reject`` 4254 Reject unstable commands and arguments 4255 ``unstable-input=crash`` 4256 Crash on unstable commands and arguments 4257 ``unstable-output=accept`` (default) 4258 Emit unstable command results and events 4259 ``unstable-output=hide`` 4260 Suppress unstable command results and events 4261 4262 Limitation: covers only syntactic aspects of QMP. 4263ERST 4264 4265DEF("fw_cfg", HAS_ARG, QEMU_OPTION_fwcfg, 4266 "-fw_cfg [name=]<name>,file=<file>\n" 4267 " add named fw_cfg entry with contents from file\n" 4268 "-fw_cfg [name=]<name>,string=<str>\n" 4269 " add named fw_cfg entry with contents from string\n", 4270 QEMU_ARCH_ALL) 4271SRST 4272``-fw_cfg [name=]name,file=file`` 4273 Add named fw\_cfg entry with contents from file file. 4274 If the filename contains comma, you must double it (for instance, 4275 "file=my,,file" to use file "my,file"). 4276 4277``-fw_cfg [name=]name,string=str`` 4278 Add named fw\_cfg entry with contents from string str. 4279 If the string contains comma, you must double it (for instance, 4280 "string=my,,string" to use file "my,string"). 4281 4282 The terminating NUL character of the contents of str will not be 4283 included as part of the fw\_cfg item data. To insert contents with 4284 embedded NUL characters, you have to use the file parameter. 4285 4286 The fw\_cfg entries are passed by QEMU through to the guest. 4287 4288 Example: 4289 4290 :: 4291 4292 -fw_cfg name=opt/com.mycompany/blob,file=./my_blob.bin 4293 4294 creates an fw\_cfg entry named opt/com.mycompany/blob with contents 4295 from ./my\_blob.bin. 4296ERST 4297 4298DEF("serial", HAS_ARG, QEMU_OPTION_serial, \ 4299 "-serial dev redirect the serial port to char device 'dev'\n", 4300 QEMU_ARCH_ALL) 4301SRST 4302``-serial dev`` 4303 Redirect the virtual serial port to host character device dev. The 4304 default device is ``vc`` in graphical mode and ``stdio`` in non 4305 graphical mode. 4306 4307 This option can be used several times to simulate multiple serial 4308 ports. 4309 4310 You can use ``-serial none`` to suppress the creation of default 4311 serial devices. 4312 4313 Available character devices are: 4314 4315 ``vc[:WxH]`` 4316 Virtual console. Optionally, a width and height can be given in 4317 pixel with 4318 4319 :: 4320 4321 vc:800x600 4322 4323 It is also possible to specify width or height in characters: 4324 4325 :: 4326 4327 vc:80Cx24C 4328 4329 ``pty[:path]`` 4330 [Linux only] Pseudo TTY (a new PTY is automatically allocated). 4331 4332 If ``path`` is specified, QEMU will create a symbolic link at 4333 that location which points to the new PTY device. 4334 4335 This avoids having to make QMP or HMP monitor queries to find 4336 out what the new PTY device path is. 4337 4338 Note that while QEMU will remove the symlink when it exits 4339 gracefully, it will not do so in case of crashes or on certain 4340 startup errors. It is recommended that the user checks and 4341 removes the symlink after QEMU terminates to account for this. 4342 4343 ``none`` 4344 No device is allocated. Note that for machine types which 4345 emulate systems where a serial device is always present in 4346 real hardware, this may be equivalent to the ``null`` option, 4347 in that the serial device is still present but all output 4348 is discarded. For boards where the number of serial ports is 4349 truly variable, this suppresses the creation of the device. 4350 4351 ``null`` 4352 A guest will see the UART or serial device as present in the 4353 machine, but all output is discarded, and there is no input. 4354 Conceptually equivalent to redirecting the output to ``/dev/null``. 4355 4356 ``chardev:id`` 4357 Use a named character device defined with the ``-chardev`` 4358 option. 4359 4360 ``/dev/XXX`` 4361 [Linux only] Use host tty, e.g. ``/dev/ttyS0``. The host serial 4362 port parameters are set according to the emulated ones. 4363 4364 ``/dev/parportN`` 4365 [Linux only, parallel port only] Use host parallel port N. 4366 Currently SPP and EPP parallel port features can be used. 4367 4368 ``file:filename`` 4369 Write output to filename. No character can be read. 4370 4371 ``stdio`` 4372 [Unix only] standard input/output 4373 4374 ``pipe:filename`` 4375 name pipe filename 4376 4377 ``COMn`` 4378 [Windows only] Use host serial port n 4379 4380 ``udp:[remote_host]:remote_port[@[src_ip]:src_port]`` 4381 This implements UDP Net Console. When remote\_host or src\_ip 4382 are not specified they default to ``0.0.0.0``. When not using a 4383 specified src\_port a random port is automatically chosen. 4384 4385 If you just want a simple readonly console you can use 4386 ``netcat`` or ``nc``, by starting QEMU with: 4387 ``-serial udp::4555`` and nc as: ``nc -u -l -p 4555``. Any time 4388 QEMU writes something to that port it will appear in the 4389 netconsole session. 4390 4391 If you plan to send characters back via netconsole or you want 4392 to stop and start QEMU a lot of times, you should have QEMU use 4393 the same source port each time by using something like ``-serial 4394 udp::4555@:4556`` to QEMU. Another approach is to use a patched 4395 version of netcat which can listen to a TCP port and send and 4396 receive characters via udp. If you have a patched version of 4397 netcat which activates telnet remote echo and single char 4398 transfer, then you can use the following options to set up a 4399 netcat redirector to allow telnet on port 5555 to access the 4400 QEMU port. 4401 4402 ``QEMU Options:`` 4403 -serial udp::4555@:4556 4404 4405 ``netcat options:`` 4406 -u -P 4555 -L 0.0.0.0:4556 -t -p 5555 -I -T 4407 4408 ``telnet options:`` 4409 localhost 5555 4410 4411 ``tcp:[host]:port[,server=on|off][,wait=on|off][,nodelay=on|off][,reconnect-ms=milliseconds]`` 4412 The TCP Net Console has two modes of operation. It can send the 4413 serial I/O to a location or wait for a connection from a 4414 location. By default the TCP Net Console is sent to host at the 4415 port. If you use the ``server=on`` option QEMU will wait for a client 4416 socket application to connect to the port before continuing, 4417 unless the ``wait=on|off`` option was specified. The ``nodelay=on|off`` 4418 option disables the Nagle buffering algorithm. The ``reconnect-ms`` 4419 option only applies if ``server=no`` is set, if the connection goes 4420 down it will attempt to reconnect at the given interval. If host 4421 is omitted, 0.0.0.0 is assumed. Only one TCP connection at a 4422 time is accepted. You can use ``telnet=on`` to connect to the 4423 corresponding character device. 4424 4425 ``Example to send tcp console to 192.168.0.2 port 4444`` 4426 -serial tcp:192.168.0.2:4444 4427 4428 ``Example to listen and wait on port 4444 for connection`` 4429 -serial tcp::4444,server=on 4430 4431 ``Example to not wait and listen on ip 192.168.0.100 port 4444`` 4432 -serial tcp:192.168.0.100:4444,server=on,wait=off 4433 4434 ``telnet:host:port[,server=on|off][,wait=on|off][,nodelay=on|off]`` 4435 The telnet protocol is used instead of raw tcp sockets. The 4436 options work the same as if you had specified ``-serial tcp``. 4437 The difference is that the port acts like a telnet server or 4438 client using telnet option negotiation. This will also allow you 4439 to send the MAGIC\_SYSRQ sequence if you use a telnet that 4440 supports sending the break sequence. Typically in unix telnet 4441 you do it with Control-] and then type "send break" followed by 4442 pressing the enter key. 4443 4444 ``websocket:host:port,server=on[,wait=on|off][,nodelay=on|off]`` 4445 The WebSocket protocol is used instead of raw tcp socket. The 4446 port acts as a WebSocket server. Client mode is not supported. 4447 4448 ``unix:path[,server=on|off][,wait=on|off][,reconnect-ms=milliseconds]`` 4449 A unix domain socket is used instead of a tcp socket. The option 4450 works the same as if you had specified ``-serial tcp`` except 4451 the unix domain socket path is used for connections. 4452 4453 ``mon:dev_string`` 4454 This is a special option to allow the monitor to be multiplexed 4455 onto another serial port. The monitor is accessed with key 4456 sequence of Control-a and then pressing c. dev\_string should be 4457 any one of the serial devices specified above. An example to 4458 multiplex the monitor onto a telnet server listening on port 4459 4444 would be: 4460 4461 ``-serial mon:telnet::4444,server=on,wait=off`` 4462 4463 When the monitor is multiplexed to stdio in this way, Ctrl+C 4464 will not terminate QEMU any more but will be passed to the guest 4465 instead. 4466 4467 ``braille`` 4468 Braille device. This will use BrlAPI to display the braille 4469 output on a real or fake device. 4470 4471 ``msmouse`` 4472 Three button serial mouse. Configure the guest to use Microsoft 4473 protocol. 4474ERST 4475 4476DEF("parallel", HAS_ARG, QEMU_OPTION_parallel, \ 4477 "-parallel dev redirect the parallel port to char device 'dev'\n", 4478 QEMU_ARCH_ALL) 4479SRST 4480``-parallel dev`` 4481 Redirect the virtual parallel port to host device dev (same devices 4482 as the serial port). On Linux hosts, ``/dev/parportN`` can be used 4483 to use hardware devices connected on the corresponding host parallel 4484 port. 4485 4486 This option can be used several times to simulate up to 3 parallel 4487 ports. 4488 4489 Use ``-parallel none`` to disable all parallel ports. 4490ERST 4491 4492DEF("monitor", HAS_ARG, QEMU_OPTION_monitor, \ 4493 "-monitor dev redirect the monitor to char device 'dev'\n", 4494 QEMU_ARCH_ALL) 4495SRST 4496``-monitor dev`` 4497 Redirect the monitor to host device dev (same devices as the serial 4498 port). The default device is ``vc`` in graphical mode and ``stdio`` 4499 in non graphical mode. Use ``-monitor none`` to disable the default 4500 monitor. 4501ERST 4502DEF("qmp", HAS_ARG, QEMU_OPTION_qmp, \ 4503 "-qmp dev like -monitor but opens in 'control' mode\n", 4504 QEMU_ARCH_ALL) 4505SRST 4506``-qmp dev`` 4507 Like ``-monitor`` but opens in 'control' mode. For example, to make 4508 QMP available on localhost port 4444:: 4509 4510 -qmp tcp:localhost:4444,server=on,wait=off 4511 4512 Not all options are configurable via this syntax; for maximum 4513 flexibility use the ``-mon`` option and an accompanying ``-chardev``. 4514 4515ERST 4516DEF("qmp-pretty", HAS_ARG, QEMU_OPTION_qmp_pretty, \ 4517 "-qmp-pretty dev like -qmp but uses pretty JSON formatting\n", 4518 QEMU_ARCH_ALL) 4519SRST 4520``-qmp-pretty dev`` 4521 Like ``-qmp`` but uses pretty JSON formatting. 4522ERST 4523 4524DEF("mon", HAS_ARG, QEMU_OPTION_mon, \ 4525 "-mon [chardev=]name[,mode=readline|control][,pretty[=on|off]]\n", QEMU_ARCH_ALL) 4526SRST 4527``-mon [chardev=]name[,mode=readline|control][,pretty[=on|off]]`` 4528 Set up a monitor connected to the chardev ``name``. 4529 QEMU supports two monitors: the Human Monitor Protocol 4530 (HMP; for human interaction), and the QEMU Monitor Protocol 4531 (QMP; a JSON RPC-style protocol). 4532 The default is HMP; ``mode=control`` selects QMP instead. 4533 ``pretty`` is only valid when ``mode=control``, 4534 turning on JSON pretty printing to ease 4535 human reading and debugging. 4536 4537 For example:: 4538 4539 -chardev socket,id=mon1,host=localhost,port=4444,server=on,wait=off \ 4540 -mon chardev=mon1,mode=control,pretty=on 4541 4542 enables the QMP monitor on localhost port 4444 with pretty-printing. 4543ERST 4544 4545DEF("debugcon", HAS_ARG, QEMU_OPTION_debugcon, \ 4546 "-debugcon dev redirect the debug console to char device 'dev'\n", 4547 QEMU_ARCH_ALL) 4548SRST 4549``-debugcon dev`` 4550 Redirect the debug console to host device dev (same devices as the 4551 serial port). The debug console is an I/O port which is typically 4552 port 0xe9; writing to that I/O port sends output to this device. The 4553 default device is ``vc`` in graphical mode and ``stdio`` in non 4554 graphical mode. 4555ERST 4556 4557DEF("pidfile", HAS_ARG, QEMU_OPTION_pidfile, \ 4558 "-pidfile file write PID to 'file'\n", QEMU_ARCH_ALL) 4559SRST 4560``-pidfile file`` 4561 Store the QEMU process PID in file. It is useful if you launch QEMU 4562 from a script. 4563ERST 4564 4565DEF("preconfig", 0, QEMU_OPTION_preconfig, \ 4566 "--preconfig pause QEMU before machine is initialized (experimental)\n", 4567 QEMU_ARCH_ALL) 4568SRST 4569``--preconfig`` 4570 Pause QEMU for interactive configuration before the machine is 4571 created, which allows querying and configuring properties that will 4572 affect machine initialization. Use QMP command 'x-exit-preconfig' to 4573 exit the preconfig state and move to the next state (i.e. run guest 4574 if -S isn't used or pause the second time if -S is used). This 4575 option is experimental. 4576ERST 4577 4578DEF("S", 0, QEMU_OPTION_S, \ 4579 "-S freeze CPU at startup (use 'c' to start execution)\n", 4580 QEMU_ARCH_ALL) 4581SRST 4582``-S`` 4583 Do not start CPU at startup (you must type 'c' in the monitor). 4584ERST 4585 4586DEF("overcommit", HAS_ARG, QEMU_OPTION_overcommit, 4587 "-overcommit [mem-lock=on|off][cpu-pm=on|off]\n" 4588 " run qemu with overcommit hints\n" 4589 " mem-lock=on|off controls memory lock support (default: off)\n" 4590 " cpu-pm=on|off controls cpu power management (default: off)\n", 4591 QEMU_ARCH_ALL) 4592SRST 4593``-overcommit mem-lock=on|off`` 4594 \ 4595``-overcommit cpu-pm=on|off`` 4596 Run qemu with hints about host resource overcommit. The default is 4597 to assume that host overcommits all resources. 4598 4599 Locking qemu and guest memory can be enabled via ``mem-lock=on`` 4600 (disabled by default). This works when host memory is not 4601 overcommitted and reduces the worst-case latency for guest. 4602 4603 Guest ability to manage power state of host cpus (increasing latency 4604 for other processes on the same host cpu, but decreasing latency for 4605 guest) can be enabled via ``cpu-pm=on`` (disabled by default). This 4606 works best when host CPU is not overcommitted. When used, host 4607 estimates of CPU cycle and power utilization will be incorrect, not 4608 taking into account guest idle time. 4609ERST 4610 4611DEF("gdb", HAS_ARG, QEMU_OPTION_gdb, \ 4612 "-gdb dev accept gdb connection on 'dev'. (QEMU defaults to starting\n" 4613 " the guest without waiting for gdb to connect; use -S too\n" 4614 " if you want it to not start execution.)\n", 4615 QEMU_ARCH_ALL) 4616SRST 4617``-gdb dev`` 4618 Accept a gdb connection on device dev (see the :ref:`GDB usage` chapter 4619 in the System Emulation Users Guide). Note that this option does not pause QEMU 4620 execution -- if you want QEMU to not start the guest until you 4621 connect with gdb and issue a ``continue`` command, you will need to 4622 also pass the ``-S`` option to QEMU. 4623 4624 The most usual configuration is to listen on a local TCP socket:: 4625 4626 -gdb tcp::3117 4627 4628 but you can specify other backends; UDP, pseudo TTY, or even stdio 4629 are all reasonable use cases. For example, a stdio connection 4630 allows you to start QEMU from within gdb and establish the 4631 connection via a pipe: 4632 4633 .. parsed-literal:: 4634 4635 (gdb) target remote | exec |qemu_system| -gdb stdio ... 4636ERST 4637 4638DEF("s", 0, QEMU_OPTION_s, \ 4639 "-s shorthand for -gdb tcp::" DEFAULT_GDBSTUB_PORT "\n", 4640 QEMU_ARCH_ALL) 4641SRST 4642``-s`` 4643 Shorthand for -gdb tcp::1234, i.e. open a gdbserver on TCP port 1234 4644 (see the :ref:`GDB usage` chapter in the System Emulation Users Guide). 4645ERST 4646 4647DEF("d", HAS_ARG, QEMU_OPTION_d, \ 4648 "-d item1,... enable logging of specified items (use '-d help' for a list of log items)\n", 4649 QEMU_ARCH_ALL) 4650SRST 4651``-d item1[,...]`` 4652 Enable logging of specified items. Use '-d help' for a list of log 4653 items. 4654ERST 4655 4656DEF("D", HAS_ARG, QEMU_OPTION_D, \ 4657 "-D logfile output log to logfile (default stderr)\n", 4658 QEMU_ARCH_ALL) 4659SRST 4660``-D logfile`` 4661 Output log in logfile instead of to stderr 4662ERST 4663 4664DEF("dfilter", HAS_ARG, QEMU_OPTION_DFILTER, \ 4665 "-dfilter range,.. filter debug output to range of addresses (useful for -d cpu,exec,etc..)\n", 4666 QEMU_ARCH_ALL) 4667SRST 4668``-dfilter range1[,...]`` 4669 Filter debug output to that relevant to a range of target addresses. 4670 The filter spec can be either start+size, start-size or start..end 4671 where start end and size are the addresses and sizes required. For 4672 example: 4673 4674 :: 4675 4676 -dfilter 0x8000..0x8fff,0xffffffc000080000+0x200,0xffffffc000060000-0x1000 4677 4678 Will dump output for any code in the 0x1000 sized block starting at 4679 0x8000 and the 0x200 sized block starting at 0xffffffc000080000 and 4680 another 0x1000 sized block starting at 0xffffffc00005f000. 4681ERST 4682 4683DEF("seed", HAS_ARG, QEMU_OPTION_seed, \ 4684 "-seed number seed the pseudo-random number generator\n", 4685 QEMU_ARCH_ALL) 4686SRST 4687``-seed number`` 4688 Force the guest to use a deterministic pseudo-random number 4689 generator, seeded with number. This does not affect crypto routines 4690 within the host. 4691ERST 4692 4693DEF("L", HAS_ARG, QEMU_OPTION_L, \ 4694 "-L path set the directory for the BIOS, VGA BIOS and keymaps\n", 4695 QEMU_ARCH_ALL) 4696SRST 4697``-L path`` 4698 Set the directory for the BIOS, VGA BIOS and keymaps. 4699 4700 To list all the data directories, use ``-L help``. 4701ERST 4702 4703DEF("enable-kvm", 0, QEMU_OPTION_enable_kvm, \ 4704 "-enable-kvm enable KVM full virtualization support\n", 4705 QEMU_ARCH_ARM | QEMU_ARCH_I386 | QEMU_ARCH_MIPS | QEMU_ARCH_PPC | 4706 QEMU_ARCH_RISCV | QEMU_ARCH_S390X) 4707SRST 4708``-enable-kvm`` 4709 Enable KVM full virtualization support. This option is only 4710 available if KVM support is enabled when compiling. 4711ERST 4712 4713DEF("xen-domid", HAS_ARG, QEMU_OPTION_xen_domid, 4714 "-xen-domid id specify xen guest domain id\n", 4715 QEMU_ARCH_ARM | QEMU_ARCH_I386) 4716DEF("xen-attach", 0, QEMU_OPTION_xen_attach, 4717 "-xen-attach attach to existing xen domain\n" 4718 " libxl will use this when starting QEMU\n", 4719 QEMU_ARCH_ARM | QEMU_ARCH_I386) 4720DEF("xen-domid-restrict", 0, QEMU_OPTION_xen_domid_restrict, 4721 "-xen-domid-restrict restrict set of available xen operations\n" 4722 " to specified domain id. (Does not affect\n" 4723 " xenpv machine type).\n", 4724 QEMU_ARCH_ARM | QEMU_ARCH_I386) 4725SRST 4726``-xen-domid id`` 4727 Specify xen guest domain id (XEN only). 4728 4729``-xen-attach`` 4730 Attach to existing xen domain. libxl will use this when starting 4731 QEMU (XEN only). Restrict set of available xen operations to 4732 specified domain id (XEN only). 4733ERST 4734 4735DEF("no-reboot", 0, QEMU_OPTION_no_reboot, \ 4736 "-no-reboot exit instead of rebooting\n", QEMU_ARCH_ALL) 4737SRST 4738``-no-reboot`` 4739 Exit instead of rebooting. 4740ERST 4741 4742DEF("no-shutdown", 0, QEMU_OPTION_no_shutdown, \ 4743 "-no-shutdown stop before shutdown\n", QEMU_ARCH_ALL) 4744SRST 4745``-no-shutdown`` 4746 Don't exit QEMU on guest shutdown, but instead only stop the 4747 emulation. This allows for instance switching to monitor to commit 4748 changes to the disk image. 4749ERST 4750 4751DEF("action", HAS_ARG, QEMU_OPTION_action, 4752 "-action reboot=reset|shutdown\n" 4753 " action when guest reboots [default=reset]\n" 4754 "-action shutdown=poweroff|pause\n" 4755 " action when guest shuts down [default=poweroff]\n" 4756 "-action panic=pause|shutdown|exit-failure|none\n" 4757 " action when guest panics [default=shutdown]\n" 4758 "-action watchdog=reset|shutdown|poweroff|inject-nmi|pause|debug|none\n" 4759 " action when watchdog fires [default=reset]\n", 4760 QEMU_ARCH_ALL) 4761SRST 4762``-action event=action`` 4763 The action parameter serves to modify QEMU's default behavior when 4764 certain guest events occur. It provides a generic method for specifying the 4765 same behaviors that are modified by the ``-no-reboot`` and ``-no-shutdown`` 4766 parameters. 4767 4768 Examples: 4769 4770 ``-action panic=none`` 4771 ``-action reboot=shutdown,shutdown=pause`` 4772 ``-device i6300esb -action watchdog=pause`` 4773 4774ERST 4775 4776DEF("loadvm", HAS_ARG, QEMU_OPTION_loadvm, \ 4777 "-loadvm [tag|id]\n" \ 4778 " start right away with a saved state (loadvm in monitor)\n", 4779 QEMU_ARCH_ALL) 4780SRST 4781``-loadvm file`` 4782 Start right away with a saved state (``loadvm`` in monitor) 4783ERST 4784 4785#ifndef _WIN32 4786DEF("daemonize", 0, QEMU_OPTION_daemonize, \ 4787 "-daemonize daemonize QEMU after initializing\n", QEMU_ARCH_ALL) 4788#endif 4789SRST 4790``-daemonize`` 4791 Daemonize the QEMU process after initialization. QEMU will not 4792 detach from standard IO until it is ready to receive connections on 4793 any of its devices. This option is a useful way for external 4794 programs to launch QEMU without having to cope with initialization 4795 race conditions. 4796ERST 4797 4798DEF("option-rom", HAS_ARG, QEMU_OPTION_option_rom, \ 4799 "-option-rom rom load a file, rom, into the option ROM space\n", 4800 QEMU_ARCH_ALL) 4801SRST 4802``-option-rom file`` 4803 Load the contents of file as an option ROM. This option is useful to 4804 load things like EtherBoot. 4805ERST 4806 4807DEF("rtc", HAS_ARG, QEMU_OPTION_rtc, \ 4808 "-rtc [base=utc|localtime|<datetime>][,clock=host|rt|vm][,driftfix=none|slew]\n" \ 4809 " set the RTC base and clock, enable drift fix for clock ticks (x86 only)\n", 4810 QEMU_ARCH_ALL) 4811 4812SRST 4813``-rtc [base=utc|localtime|datetime][,clock=host|rt|vm][,driftfix=none|slew]`` 4814 Specify ``base`` as ``utc`` or ``localtime`` to let the RTC start at 4815 the current UTC or local time, respectively. ``localtime`` is 4816 required for correct date in MS-DOS or Windows. To start at a 4817 specific point in time, provide datetime in the format 4818 ``2006-06-17T16:01:21`` or ``2006-06-17``. The default base is UTC. 4819 4820 By default the RTC is driven by the host system time. This allows 4821 using of the RTC as accurate reference clock inside the guest, 4822 specifically if the host time is smoothly following an accurate 4823 external reference clock, e.g. via NTP. If you want to isolate the 4824 guest time from the host, you can set ``clock`` to ``rt`` instead, 4825 which provides a host monotonic clock if host support it. To even 4826 prevent the RTC from progressing during suspension, you can set 4827 ``clock`` to ``vm`` (virtual clock). '\ ``clock=vm``\ ' is 4828 recommended especially in icount mode in order to preserve 4829 determinism; however, note that in icount mode the speed of the 4830 virtual clock is variable and can in general differ from the host 4831 clock. 4832 4833 Enable ``driftfix`` (i386 targets only) if you experience time drift 4834 problems, specifically with Windows' ACPI HAL. This option will try 4835 to figure out how many timer interrupts were not processed by the 4836 Windows guest and will re-inject them. 4837ERST 4838 4839DEF("icount", HAS_ARG, QEMU_OPTION_icount, \ 4840 "-icount [shift=N|auto][,align=on|off][,sleep=on|off][,rr=record|replay,rrfile=<filename>[,rrsnapshot=<snapshot>]]\n" \ 4841 " enable virtual instruction counter with 2^N clock ticks per\n" \ 4842 " instruction, enable aligning the host and virtual clocks\n" \ 4843 " or disable real time cpu sleeping, and optionally enable\n" \ 4844 " record-and-replay mode\n", QEMU_ARCH_ALL) 4845SRST 4846``-icount [shift=N|auto][,align=on|off][,sleep=on|off][,rr=record|replay,rrfile=filename[,rrsnapshot=snapshot]]`` 4847 Enable virtual instruction counter. The virtual cpu will execute one 4848 instruction every 2^N ns of virtual time. If ``auto`` is specified 4849 then the virtual cpu speed will be automatically adjusted to keep 4850 virtual time within a few seconds of real time. 4851 4852 Note that while this option can give deterministic behavior, it does 4853 not provide cycle accurate emulation. Modern CPUs contain 4854 superscalar out of order cores with complex cache hierarchies. The 4855 number of instructions executed often has little or no correlation 4856 with actual performance. 4857 4858 When the virtual cpu is sleeping, the virtual time will advance at 4859 default speed unless ``sleep=on`` is specified. With 4860 ``sleep=on``, the virtual time will jump to the next timer 4861 deadline instantly whenever the virtual cpu goes to sleep mode and 4862 will not advance if no timer is enabled. This behavior gives 4863 deterministic execution times from the guest point of view. 4864 The default if icount is enabled is ``sleep=off``. 4865 ``sleep=on`` cannot be used together with either ``shift=auto`` 4866 or ``align=on``. 4867 4868 ``align=on`` will activate the delay algorithm which will try to 4869 synchronise the host clock and the virtual clock. The goal is to 4870 have a guest running at the real frequency imposed by the shift 4871 option. Whenever the guest clock is behind the host clock and if 4872 ``align=on`` is specified then we print a message to the user to 4873 inform about the delay. Currently this option does not work when 4874 ``shift`` is ``auto``. Note: The sync algorithm will work for those 4875 shift values for which the guest clock runs ahead of the host clock. 4876 Typically this happens when the shift value is high (how high 4877 depends on the host machine). The default if icount is enabled 4878 is ``align=off``. 4879 4880 When the ``rr`` option is specified deterministic record/replay is 4881 enabled. The ``rrfile=`` option must also be provided to 4882 specify the path to the replay log. In record mode data is written 4883 to this file, and in replay mode it is read back. 4884 If the ``rrsnapshot`` option is given then it specifies a VM snapshot 4885 name. In record mode, a new VM snapshot with the given name is created 4886 at the start of execution recording. In replay mode this option 4887 specifies the snapshot name used to load the initial VM state. 4888ERST 4889 4890DEF("watchdog-action", HAS_ARG, QEMU_OPTION_watchdog_action, \ 4891 "-watchdog-action reset|shutdown|poweroff|inject-nmi|pause|debug|none\n" \ 4892 " action when watchdog fires [default=reset]\n", 4893 QEMU_ARCH_ALL) 4894SRST 4895``-watchdog-action action`` 4896 The action controls what QEMU will do when the watchdog timer 4897 expires. The default is ``reset`` (forcefully reset the guest). 4898 Other possible actions are: ``shutdown`` (attempt to gracefully 4899 shutdown the guest), ``poweroff`` (forcefully poweroff the guest), 4900 ``inject-nmi`` (inject a NMI into the guest), ``pause`` (pause the 4901 guest), ``debug`` (print a debug message and continue), or ``none`` 4902 (do nothing). 4903 4904 Note that the ``shutdown`` action requires that the guest responds 4905 to ACPI signals, which it may not be able to do in the sort of 4906 situations where the watchdog would have expired, and thus 4907 ``-watchdog-action shutdown`` is not recommended for production use. 4908 4909 Examples: 4910 4911 ``-device i6300esb -watchdog-action pause`` 4912 4913ERST 4914 4915DEF("echr", HAS_ARG, QEMU_OPTION_echr, \ 4916 "-echr chr set terminal escape character instead of ctrl-a\n", 4917 QEMU_ARCH_ALL) 4918SRST 4919``-echr numeric_ascii_value`` 4920 Change the escape character used for switching to the monitor when 4921 using monitor and serial sharing. The default is ``0x01`` when using 4922 the ``-nographic`` option. ``0x01`` is equal to pressing 4923 ``Control-a``. You can select a different character from the ascii 4924 control keys where 1 through 26 map to Control-a through Control-z. 4925 For instance you could use the either of the following to change the 4926 escape character to Control-t. 4927 4928 ``-echr 0x14``; \ ``-echr 20`` 4929 4930ERST 4931 4932DEF("incoming", HAS_ARG, QEMU_OPTION_incoming, \ 4933 "-incoming tcp:[host]:port[,to=maxport][,ipv4=on|off][,ipv6=on|off]\n" \ 4934 "-incoming rdma:host:port[,ipv4=on|off][,ipv6=on|off]\n" \ 4935 "-incoming unix:socketpath\n" \ 4936 " prepare for incoming migration, listen on\n" \ 4937 " specified protocol and socket address\n" \ 4938 "-incoming fd:fd\n" \ 4939 "-incoming file:filename[,offset=offset]\n" \ 4940 "-incoming exec:cmdline\n" \ 4941 " accept incoming migration on given file descriptor\n" \ 4942 " or from given external command\n" \ 4943 "-incoming defer\n" \ 4944 " wait for the URI to be specified via migrate_incoming\n", 4945 QEMU_ARCH_ALL) 4946SRST 4947``-incoming tcp:[host]:port[,to=maxport][,ipv4=on|off][,ipv6=on|off]`` 4948 \ 4949``-incoming rdma:host:port[,ipv4=on|off][,ipv6=on|off]`` 4950 Prepare for incoming migration, listen on a given tcp port. 4951 4952``-incoming unix:socketpath`` 4953 Prepare for incoming migration, listen on a given unix socket. 4954 4955``-incoming fd:fd`` 4956 Accept incoming migration from a given file descriptor. 4957 4958``-incoming file:filename[,offset=offset]`` 4959 Accept incoming migration from a given file starting at offset. 4960 offset allows the common size suffixes, or a 0x prefix, but not both. 4961 4962``-incoming exec:cmdline`` 4963 Accept incoming migration as an output from specified external 4964 command. 4965 4966``-incoming defer`` 4967 Wait for the URI to be specified via migrate\_incoming. The monitor 4968 can be used to change settings (such as migration parameters) prior 4969 to issuing the migrate\_incoming to allow the migration to begin. 4970ERST 4971 4972DEF("only-migratable", 0, QEMU_OPTION_only_migratable, \ 4973 "-only-migratable allow only migratable devices\n", QEMU_ARCH_ALL) 4974SRST 4975``-only-migratable`` 4976 Only allow migratable devices. Devices will not be allowed to enter 4977 an unmigratable state. 4978ERST 4979 4980DEF("nodefaults", 0, QEMU_OPTION_nodefaults, \ 4981 "-nodefaults don't create default devices\n", QEMU_ARCH_ALL) 4982SRST 4983``-nodefaults`` 4984 Don't create default devices. Normally, QEMU sets the default 4985 devices like serial port, parallel port, virtual console, monitor 4986 device, VGA adapter, floppy and CD-ROM drive and others. The 4987 ``-nodefaults`` option will disable all those default devices. 4988ERST 4989 4990DEF("prom-env", HAS_ARG, QEMU_OPTION_prom_env, 4991 "-prom-env variable=value\n" 4992 " set OpenBIOS nvram variables\n", 4993 QEMU_ARCH_PPC | QEMU_ARCH_SPARC) 4994SRST 4995``-prom-env variable=value`` 4996 Set OpenBIOS nvram variable to given value (PPC, SPARC only). 4997 4998 :: 4999 5000 qemu-system-sparc -prom-env 'auto-boot?=false' \ 5001 -prom-env 'boot-device=sd(0,2,0):d' -prom-env 'boot-args=linux single' 5002 5003 :: 5004 5005 qemu-system-ppc -prom-env 'auto-boot?=false' \ 5006 -prom-env 'boot-device=hd:2,\yaboot' \ 5007 -prom-env 'boot-args=conf=hd:2,\yaboot.conf' 5008ERST 5009DEF("semihosting", 0, QEMU_OPTION_semihosting, 5010 "-semihosting semihosting mode\n", 5011 QEMU_ARCH_ARM | QEMU_ARCH_M68K | QEMU_ARCH_XTENSA | 5012 QEMU_ARCH_MIPS | QEMU_ARCH_RISCV) 5013SRST 5014``-semihosting`` 5015 Enable :ref:`Semihosting` mode (ARM, M68K, Xtensa, MIPS, RISC-V only). 5016 5017 .. warning:: 5018 Note that this allows guest direct access to the host filesystem, so 5019 should only be used with a trusted guest OS. 5020 5021 See the -semihosting-config option documentation for further 5022 information about the facilities this enables. 5023ERST 5024DEF("semihosting-config", HAS_ARG, QEMU_OPTION_semihosting_config, 5025 "-semihosting-config [enable=on|off][,target=native|gdb|auto][,chardev=id][,userspace=on|off][,arg=str[,...]]\n" \ 5026 " semihosting configuration\n", 5027QEMU_ARCH_ARM | QEMU_ARCH_M68K | QEMU_ARCH_XTENSA | 5028QEMU_ARCH_MIPS | QEMU_ARCH_RISCV) 5029SRST 5030``-semihosting-config [enable=on|off][,target=native|gdb|auto][,chardev=id][,userspace=on|off][,arg=str[,...]]`` 5031 Enable and configure :ref:`Semihosting` (ARM, M68K, Xtensa, MIPS, RISC-V 5032 only). 5033 5034 .. warning:: 5035 Note that this allows guest direct access to the host filesystem, so 5036 should only be used with a trusted guest OS. 5037 5038 ``target=native|gdb|auto`` 5039 Defines where the semihosting calls will be addressed, to QEMU 5040 (``native``) or to GDB (``gdb``). The default is ``auto``, which 5041 means ``gdb`` during debug sessions and ``native`` otherwise. 5042 5043 ``chardev=str1`` 5044 Send the output to a chardev backend output for native or auto 5045 output when not in gdb 5046 5047 ``userspace=on|off`` 5048 Allows code running in guest userspace to access the semihosting 5049 interface. The default is that only privileged guest code can 5050 make semihosting calls. Note that setting ``userspace=on`` should 5051 only be used if all guest code is trusted (for example, in 5052 bare-metal test case code). 5053 5054 ``arg=str1,arg=str2,...`` 5055 Allows the user to pass input arguments, and can be used 5056 multiple times to build up a list. The old-style 5057 ``-kernel``/``-append`` method of passing a command line is 5058 still supported for backward compatibility. If both the 5059 ``--semihosting-config arg`` and the ``-kernel``/``-append`` are 5060 specified, the former is passed to semihosting as it always 5061 takes precedence. 5062ERST 5063DEF("old-param", 0, QEMU_OPTION_old_param, 5064 "-old-param old param mode\n", QEMU_ARCH_ARM) 5065SRST 5066``-old-param`` 5067 Old param mode (ARM only). 5068ERST 5069 5070DEF("sandbox", HAS_ARG, QEMU_OPTION_sandbox, \ 5071 "-sandbox on[,obsolete=allow|deny][,elevateprivileges=allow|deny|children]\n" \ 5072 " [,spawn=allow|deny][,resourcecontrol=allow|deny]\n" \ 5073 " Enable seccomp mode 2 system call filter (default 'off').\n" \ 5074 " use 'obsolete' to allow obsolete system calls that are provided\n" \ 5075 " by the kernel, but typically no longer used by modern\n" \ 5076 " C library implementations.\n" \ 5077 " use 'elevateprivileges' to allow or deny the QEMU process ability\n" \ 5078 " to elevate privileges using set*uid|gid system calls.\n" \ 5079 " The value 'children' will deny set*uid|gid system calls for\n" \ 5080 " main QEMU process but will allow forks and execves to run unprivileged\n" \ 5081 " use 'spawn' to avoid QEMU to spawn new threads or processes by\n" \ 5082 " blocking *fork and execve\n" \ 5083 " use 'resourcecontrol' to disable process affinity and schedular priority\n", 5084 QEMU_ARCH_ALL) 5085SRST 5086``-sandbox arg[,obsolete=string][,elevateprivileges=string][,spawn=string][,resourcecontrol=string]`` 5087 Enable Seccomp mode 2 system call filter. 'on' will enable syscall 5088 filtering and 'off' will disable it. The default is 'off'. 5089 5090 ``obsolete=string`` 5091 Enable Obsolete system calls 5092 5093 ``elevateprivileges=string`` 5094 Disable set\*uid\|gid system calls 5095 5096 ``spawn=string`` 5097 Disable \*fork and execve 5098 5099 ``resourcecontrol=string`` 5100 Disable process affinity and schedular priority 5101ERST 5102 5103DEF("readconfig", HAS_ARG, QEMU_OPTION_readconfig, 5104 "-readconfig <file>\n" 5105 " read config file\n", QEMU_ARCH_ALL) 5106SRST 5107``-readconfig file`` 5108 Read device configuration from file. This approach is useful when 5109 you want to spawn QEMU process with many command line options but 5110 you don't want to exceed the command line character limit. 5111ERST 5112 5113DEF("no-user-config", 0, QEMU_OPTION_nouserconfig, 5114 "-no-user-config\n" 5115 " do not load default user-provided config files at startup\n", 5116 QEMU_ARCH_ALL) 5117SRST 5118``-no-user-config`` 5119 The ``-no-user-config`` option makes QEMU not load any of the 5120 user-provided config files on sysconfdir. 5121ERST 5122 5123DEF("trace", HAS_ARG, QEMU_OPTION_trace, 5124 "-trace [[enable=]<pattern>][,events=<file>][,file=<file>]\n" 5125 " specify tracing options\n", 5126 QEMU_ARCH_ALL) 5127SRST 5128``-trace [[enable=]pattern][,events=file][,file=file]`` 5129 .. include:: ../qemu-option-trace.rst.inc 5130 5131ERST 5132DEF("plugin", HAS_ARG, QEMU_OPTION_plugin, 5133 "-plugin [file=]<file>[,<argname>=<argvalue>]\n" 5134 " load a plugin\n", 5135 QEMU_ARCH_ALL) 5136SRST 5137``-plugin file=file[,argname=argvalue]`` 5138 Load a plugin. 5139 5140 ``file=file`` 5141 Load the given plugin from a shared library file. 5142 5143 ``argname=argvalue`` 5144 Argument passed to the plugin. (Can be given multiple times.) 5145ERST 5146 5147HXCOMM Internal use 5148DEF("qtest", HAS_ARG, QEMU_OPTION_qtest, "", QEMU_ARCH_ALL) 5149DEF("qtest-log", HAS_ARG, QEMU_OPTION_qtest_log, "", QEMU_ARCH_ALL) 5150 5151#ifdef CONFIG_POSIX 5152DEF("run-with", HAS_ARG, QEMU_OPTION_run_with, 5153 "-run-with [async-teardown=on|off][,chroot=dir][user=username|uid:gid]\n" 5154 " Set miscellaneous QEMU process lifecycle options:\n" 5155 " async-teardown=on enables asynchronous teardown (Linux only)\n" 5156 " chroot=dir chroot to dir just before starting the VM\n" 5157 " user=username switch to the specified user before starting the VM\n" 5158 " user=uid:gid ditto, but use specified user-ID and group-ID instead\n", 5159 QEMU_ARCH_ALL) 5160SRST 5161``-run-with [async-teardown=on|off][,chroot=dir][user=username|uid:gid]`` 5162 Set QEMU process lifecycle options. 5163 5164 ``async-teardown=on`` enables asynchronous teardown. A new process called 5165 "cleanup/<QEMU_PID>" will be created at startup sharing the address 5166 space with the main QEMU process, using clone. It will wait for the 5167 main QEMU process to terminate completely, and then exit. This allows 5168 QEMU to terminate very quickly even if the guest was huge, leaving the 5169 teardown of the address space to the cleanup process. Since the cleanup 5170 process shares the same cgroups as the main QEMU process, accounting is 5171 performed correctly. This only works if the cleanup process is not 5172 forcefully killed with SIGKILL before the main QEMU process has 5173 terminated completely. 5174 5175 ``chroot=dir`` can be used for doing a chroot to the specified directory 5176 immediately before starting the guest execution. This is especially useful 5177 in combination with ``user=...``. 5178 5179 ``user=username`` or ``user=uid:gid`` can be used to drop root privileges 5180 before starting guest execution. QEMU will use the ``setuid`` and ``setgid`` 5181 system calls to switch to the specified identity. Note that the 5182 ``user=username`` syntax will also apply the full set of supplementary 5183 groups for the user, whereas the ``user=uid:gid`` will use only the 5184 ``gid`` group. 5185ERST 5186#endif 5187 5188DEF("msg", HAS_ARG, QEMU_OPTION_msg, 5189 "-msg [timestamp[=on|off]][,guest-name=[on|off]]\n" 5190 " control error message format\n" 5191 " timestamp=on enables timestamps (default: off)\n" 5192 " guest-name=on enables guest name prefix but only if\n" 5193 " -name guest option is set (default: off)\n", 5194 QEMU_ARCH_ALL) 5195SRST 5196``-msg [timestamp[=on|off]][,guest-name[=on|off]]`` 5197 Control error message format. 5198 5199 ``timestamp=on|off`` 5200 Prefix messages with a timestamp. Default is off. 5201 5202 ``guest-name=on|off`` 5203 Prefix messages with guest name but only if -name guest option is set 5204 otherwise the option is ignored. Default is off. 5205ERST 5206 5207DEF("dump-vmstate", HAS_ARG, QEMU_OPTION_dump_vmstate, 5208 "-dump-vmstate <file>\n" 5209 " Output vmstate information in JSON format to file.\n" 5210 " Use the scripts/vmstate-static-checker.py file to\n" 5211 " check for possible regressions in migration code\n" 5212 " by comparing two such vmstate dumps.\n", 5213 QEMU_ARCH_ALL) 5214SRST 5215``-dump-vmstate file`` 5216 Dump json-encoded vmstate information for current machine type to 5217 file in file 5218ERST 5219 5220DEF("enable-sync-profile", 0, QEMU_OPTION_enable_sync_profile, 5221 "-enable-sync-profile\n" 5222 " enable synchronization profiling\n", 5223 QEMU_ARCH_ALL) 5224SRST 5225``-enable-sync-profile`` 5226 Enable synchronization profiling. 5227ERST 5228 5229#if defined(CONFIG_TCG) && defined(CONFIG_LINUX) 5230DEF("perfmap", 0, QEMU_OPTION_perfmap, 5231 "-perfmap generate a /tmp/perf-${pid}.map file for perf\n", 5232 QEMU_ARCH_ALL) 5233SRST 5234``-perfmap`` 5235 Generate a map file for Linux perf tools that will allow basic profiling 5236 information to be broken down into basic blocks. 5237ERST 5238 5239DEF("jitdump", 0, QEMU_OPTION_jitdump, 5240 "-jitdump generate a jit-${pid}.dump file for perf\n", 5241 QEMU_ARCH_ALL) 5242SRST 5243``-jitdump`` 5244 Generate a dump file for Linux perf tools that maps basic blocks to symbol 5245 names, line numbers and JITted code. 5246ERST 5247#endif 5248 5249DEFHEADING() 5250 5251DEFHEADING(Generic object creation:) 5252 5253DEF("object", HAS_ARG, QEMU_OPTION_object, 5254 "-object TYPENAME[,PROP1=VALUE1,...]\n" 5255 " create a new object of type TYPENAME setting properties\n" 5256 " in the order they are specified. Note that the 'id'\n" 5257 " property must be set. These objects are placed in the\n" 5258 " '/objects' path.\n", 5259 QEMU_ARCH_ALL) 5260SRST 5261``-object typename[,prop1=value1,...]`` 5262 Create a new object of type typename setting properties in the order 5263 they are specified. Note that the 'id' property must be set. These 5264 objects are placed in the '/objects' path. 5265 5266 ``-object memory-backend-file,id=id,size=size,mem-path=dir,share=on|off,discard-data=on|off,merge=on|off,dump=on|off,prealloc=on|off,host-nodes=host-nodes,policy=default|preferred|bind|interleave,align=align,offset=offset,readonly=on|off,rom=on|off|auto`` 5267 Creates a memory file backend object, which can be used to back 5268 the guest RAM with huge pages. 5269 5270 The ``id`` parameter is a unique ID that will be used to 5271 reference this memory region in other parameters, e.g. ``-numa``, 5272 ``-device nvdimm``, etc. 5273 5274 The ``size`` option provides the size of the memory region, and 5275 accepts common suffixes, e.g. ``500M``. 5276 5277 The ``mem-path`` provides the path to either a shared memory or 5278 huge page filesystem mount. 5279 5280 The ``share`` boolean option determines whether the memory 5281 region is marked as private to QEMU, or shared. The latter 5282 allows a co-operating external process to access the QEMU memory 5283 region. 5284 5285 Setting share=on might affect the ability to configure NUMA 5286 bindings for the memory backend under some circumstances, see 5287 Documentation/vm/numa\_memory\_policy.txt on the Linux kernel 5288 source tree for additional details. 5289 5290 Setting the ``discard-data`` boolean option to on indicates that 5291 file contents can be destroyed when QEMU exits, to avoid 5292 unnecessarily flushing data to the backing file. Note that 5293 ``discard-data`` is only an optimization, and QEMU might not 5294 discard file contents if it aborts unexpectedly or is terminated 5295 using SIGKILL. 5296 5297 The ``merge`` boolean option enables memory merge, also known as 5298 MADV\_MERGEABLE, so that Kernel Samepage Merging will consider 5299 the pages for memory deduplication. 5300 5301 Setting the ``dump`` boolean option to off excludes the memory 5302 from core dumps. This feature is also known as MADV\_DONTDUMP. 5303 5304 The ``prealloc`` boolean option enables memory preallocation. 5305 5306 The ``host-nodes`` option binds the memory range to a list of 5307 NUMA host nodes. 5308 5309 The ``policy`` option sets the NUMA policy to one of the 5310 following values: 5311 5312 ``default`` 5313 default host policy 5314 5315 ``preferred`` 5316 prefer the given host node list for allocation 5317 5318 ``bind`` 5319 restrict memory allocation to the given host node list 5320 5321 ``interleave`` 5322 interleave memory allocations across the given host node 5323 list 5324 5325 The ``align`` option specifies the base address alignment when 5326 QEMU mmap(2) ``mem-path``, and accepts common suffixes, eg 5327 ``2M``. Some backend store specified by ``mem-path`` requires an 5328 alignment different than the default one used by QEMU, eg the 5329 device DAX /dev/dax0.0 requires 2M alignment rather than 4K. In 5330 such cases, users can specify the required alignment via this 5331 option. 5332 5333 The ``offset`` option specifies the offset into the target file 5334 that the region starts at. You can use this parameter to back 5335 multiple regions with a single file. 5336 5337 The ``pmem`` option specifies whether the backing file specified 5338 by ``mem-path`` is in host persistent memory that can be 5339 accessed using the SNIA NVM programming model (e.g. Intel 5340 NVDIMM). If ``pmem`` is set to 'on', QEMU will take necessary 5341 operations to guarantee the persistence of its own writes to 5342 ``mem-path`` (e.g. in vNVDIMM label emulation and live 5343 migration). Also, we will map the backend-file with MAP\_SYNC 5344 flag, which ensures the file metadata is in sync for 5345 ``mem-path`` in case of host crash or a power failure. MAP\_SYNC 5346 requires support from both the host kernel (since Linux kernel 5347 4.15) and the filesystem of ``mem-path`` mounted with DAX 5348 option. 5349 5350 The ``readonly`` option specifies whether the backing file is opened 5351 read-only or read-write (default). 5352 5353 The ``rom`` option specifies whether to create Read Only Memory 5354 (ROM) that cannot be modified by the VM. Any write attempts to such 5355 ROM will be denied. Most use cases want proper RAM instead of ROM. 5356 However, selected use cases, like R/O NVDIMMs, can benefit from 5357 ROM. If set to ``on``, create ROM; if set to ``off``, create 5358 writable RAM; if set to ``auto`` (default), the value of the 5359 ``readonly`` option is used. This option is primarily helpful when 5360 we want to have writable RAM in configurations that would 5361 traditionally create ROM before the ``rom`` option was introduced: 5362 VM templating, where we want to open a file readonly 5363 (``readonly=on``) and mark the memory to be private for QEMU 5364 (``share=off``). For this use case, we need writable RAM instead 5365 of ROM, and want to also set ``rom=off``. 5366 5367 ``-object memory-backend-ram,id=id,merge=on|off,dump=on|off,share=on|off,prealloc=on|off,size=size,host-nodes=host-nodes,policy=default|preferred|bind|interleave`` 5368 Creates a memory backend object, which can be used to back the 5369 guest RAM. Memory backend objects offer more control than the 5370 ``-m`` option that is traditionally used to define guest RAM. 5371 Please refer to ``memory-backend-file`` for a description of the 5372 options. 5373 5374 ``-object memory-backend-memfd,id=id,merge=on|off,dump=on|off,share=on|off,prealloc=on|off,size=size,host-nodes=host-nodes,policy=default|preferred|bind|interleave,seal=on|off,hugetlb=on|off,hugetlbsize=size`` 5375 Creates an anonymous memory file backend object, which allows 5376 QEMU to share the memory with an external process (e.g. when 5377 using vhost-user). The memory is allocated with memfd and 5378 optional sealing. (Linux only) 5379 5380 The ``seal`` option creates a sealed-file, that will block 5381 further resizing the memory ('on' by default). 5382 5383 The ``hugetlb`` option specify the file to be created resides in 5384 the hugetlbfs filesystem (since Linux 4.14). Used in conjunction 5385 with the ``hugetlb`` option, the ``hugetlbsize`` option specify 5386 the hugetlb page size on systems that support multiple hugetlb 5387 page sizes (it must be a power of 2 value supported by the 5388 system). 5389 5390 In some versions of Linux, the ``hugetlb`` option is 5391 incompatible with the ``seal`` option (requires at least Linux 5392 4.16). 5393 5394 Please refer to ``memory-backend-file`` for a description of the 5395 other options. 5396 5397 The ``share`` boolean option is on by default with memfd. 5398 5399 ``-object memory-backend-shm,id=id,merge=on|off,dump=on|off,share=on|off,prealloc=on|off,size=size,host-nodes=host-nodes,policy=default|preferred|bind|interleave`` 5400 Creates a POSIX shared memory backend object, which allows 5401 QEMU to share the memory with an external process (e.g. when 5402 using vhost-user). 5403 5404 ``memory-backend-shm`` is a more portable and less featureful version 5405 of ``memory-backend-memfd``. It can then be used in any POSIX system, 5406 especially when memfd is not supported. 5407 5408 Please refer to ``memory-backend-file`` for a description of the 5409 options. 5410 5411 The ``share`` boolean option is on by default with shm. Setting it to 5412 off will cause a failure during allocation because it is not supported 5413 by this backend. 5414 5415 ``-object iommufd,id=id[,fd=fd]`` 5416 Creates an iommufd backend which allows control of DMA mapping 5417 through the ``/dev/iommu`` device. 5418 5419 The ``id`` parameter is a unique ID which frontends (such as 5420 vfio-pci of vdpa) will use to connect with the iommufd backend. 5421 5422 The ``fd`` parameter is an optional pre-opened file descriptor 5423 resulting from ``/dev/iommu`` opening. Usually the iommufd is shared 5424 across all subsystems, bringing the benefit of centralized 5425 reference counting. 5426 5427 ``-object rng-builtin,id=id`` 5428 Creates a random number generator backend which obtains entropy 5429 from QEMU builtin functions. The ``id`` parameter is a unique ID 5430 that will be used to reference this entropy backend from the 5431 ``virtio-rng`` device. By default, the ``virtio-rng`` device 5432 uses this RNG backend. 5433 5434 ``-object rng-random,id=id,filename=/dev/random`` 5435 Creates a random number generator backend which obtains entropy 5436 from a device on the host. The ``id`` parameter is a unique ID 5437 that will be used to reference this entropy backend from the 5438 ``virtio-rng`` device. The ``filename`` parameter specifies 5439 which file to obtain entropy from and if omitted defaults to 5440 ``/dev/urandom``. 5441 5442 ``-object rng-egd,id=id,chardev=chardevid`` 5443 Creates a random number generator backend which obtains entropy 5444 from an external daemon running on the host. The ``id`` 5445 parameter is a unique ID that will be used to reference this 5446 entropy backend from the ``virtio-rng`` device. The ``chardev`` 5447 parameter is the unique ID of a character device backend that 5448 provides the connection to the RNG daemon. 5449 5450 ``-object tls-creds-anon,id=id,endpoint=endpoint,dir=/path/to/cred/dir,verify-peer=on|off`` 5451 Creates a TLS anonymous credentials object, which can be used to 5452 provide TLS support on network backends. The ``id`` parameter is 5453 a unique ID which network backends will use to access the 5454 credentials. The ``endpoint`` is either ``server`` or ``client`` 5455 depending on whether the QEMU network backend that uses the 5456 credentials will be acting as a client or as a server. If 5457 ``verify-peer`` is enabled (the default) then once the handshake 5458 is completed, the peer credentials will be verified, though this 5459 is a no-op for anonymous credentials. 5460 5461 The dir parameter tells QEMU where to find the credential files. 5462 For server endpoints, this directory may contain a file 5463 dh-params.pem providing diffie-hellman parameters to use for the 5464 TLS server. If the file is missing, QEMU will generate a set of 5465 DH parameters at startup. This is a computationally expensive 5466 operation that consumes random pool entropy, so it is 5467 recommended that a persistent set of parameters be generated 5468 upfront and saved. 5469 5470 ``-object tls-creds-psk,id=id,endpoint=endpoint,dir=/path/to/keys/dir[,username=username]`` 5471 Creates a TLS Pre-Shared Keys (PSK) credentials object, which 5472 can be used to provide TLS support on network backends. The 5473 ``id`` parameter is a unique ID which network backends will use 5474 to access the credentials. The ``endpoint`` is either ``server`` 5475 or ``client`` depending on whether the QEMU network backend that 5476 uses the credentials will be acting as a client or as a server. 5477 For clients only, ``username`` is the username which will be 5478 sent to the server. If omitted it defaults to "qemu". 5479 5480 The dir parameter tells QEMU where to find the keys file. It is 5481 called "dir/keys.psk" and contains "username:key" pairs. This 5482 file can most easily be created using the GnuTLS ``psktool`` 5483 program. 5484 5485 For server endpoints, dir may also contain a file dh-params.pem 5486 providing diffie-hellman parameters to use for the TLS server. 5487 If the file is missing, QEMU will generate a set of DH 5488 parameters at startup. This is a computationally expensive 5489 operation that consumes random pool entropy, so it is 5490 recommended that a persistent set of parameters be generated up 5491 front and saved. 5492 5493 ``-object tls-creds-x509,id=id,endpoint=endpoint,dir=/path/to/cred/dir,priority=priority,verify-peer=on|off,passwordid=id`` 5494 Creates a TLS anonymous credentials object, which can be used to 5495 provide TLS support on network backends. The ``id`` parameter is 5496 a unique ID which network backends will use to access the 5497 credentials. The ``endpoint`` is either ``server`` or ``client`` 5498 depending on whether the QEMU network backend that uses the 5499 credentials will be acting as a client or as a server. If 5500 ``verify-peer`` is enabled (the default) then once the handshake 5501 is completed, the peer credentials will be verified. With x509 5502 certificates, this implies that the clients must be provided 5503 with valid client certificates too. 5504 5505 The dir parameter tells QEMU where to find the credential files. 5506 For server endpoints, this directory may contain a file 5507 dh-params.pem providing diffie-hellman parameters to use for the 5508 TLS server. If the file is missing, QEMU will generate a set of 5509 DH parameters at startup. This is a computationally expensive 5510 operation that consumes random pool entropy, so it is 5511 recommended that a persistent set of parameters be generated 5512 upfront and saved. 5513 5514 For x509 certificate credentials the directory will contain 5515 further files providing the x509 certificates. The certificates 5516 must be stored in PEM format, in filenames ca-cert.pem, 5517 ca-crl.pem (optional), server-cert.pem (only servers), 5518 server-key.pem (only servers), client-cert.pem (only clients), 5519 and client-key.pem (only clients). 5520 5521 For the server-key.pem and client-key.pem files which contain 5522 sensitive private keys, it is possible to use an encrypted 5523 version by providing the passwordid parameter. This provides the 5524 ID of a previously created ``secret`` object containing the 5525 password for decryption. 5526 5527 The priority parameter allows to override the global default 5528 priority used by gnutls. This can be useful if the system 5529 administrator needs to use a weaker set of crypto priorities for 5530 QEMU without potentially forcing the weakness onto all 5531 applications. Or conversely if one wants wants a stronger 5532 default for QEMU than for all other applications, they can do 5533 this through this parameter. Its format is a gnutls priority 5534 string as described at 5535 https://gnutls.org/manual/html_node/Priority-Strings.html. 5536 5537 ``-object tls-cipher-suites,id=id,priority=priority`` 5538 Creates a TLS cipher suites object, which can be used to control 5539 the TLS cipher/protocol algorithms that applications are permitted 5540 to use. 5541 5542 The ``id`` parameter is a unique ID which frontends will use to 5543 access the ordered list of permitted TLS cipher suites from the 5544 host. 5545 5546 The ``priority`` parameter allows to override the global default 5547 priority used by gnutls. This can be useful if the system 5548 administrator needs to use a weaker set of crypto priorities for 5549 QEMU without potentially forcing the weakness onto all 5550 applications. Or conversely if one wants wants a stronger 5551 default for QEMU than for all other applications, they can do 5552 this through this parameter. Its format is a gnutls priority 5553 string as described at 5554 https://gnutls.org/manual/html_node/Priority-Strings.html. 5555 5556 An example of use of this object is to control UEFI HTTPS Boot. 5557 The tls-cipher-suites object exposes the ordered list of permitted 5558 TLS cipher suites from the host side to the guest firmware, via 5559 fw_cfg. The list is represented as an array of IANA_TLS_CIPHER 5560 objects. The firmware uses the IANA_TLS_CIPHER array for configuring 5561 guest-side TLS. 5562 5563 In the following example, the priority at which the host-side policy 5564 is retrieved is given by the ``priority`` property. 5565 Given that QEMU uses GNUTLS, ``priority=@SYSTEM`` may be used to 5566 refer to /etc/crypto-policies/back-ends/gnutls.config. 5567 5568 .. parsed-literal:: 5569 5570 # |qemu_system| \\ 5571 -object tls-cipher-suites,id=mysuite0,priority=@SYSTEM \\ 5572 -fw_cfg name=etc/edk2/https/ciphers,gen_id=mysuite0 5573 5574 ``-object filter-buffer,id=id,netdev=netdevid,interval=t[,queue=all|rx|tx][,status=on|off][,position=head|tail|id=<id>][,insert=behind|before]`` 5575 Interval t can't be 0, this filter batches the packet delivery: 5576 all packets arriving in a given interval on netdev netdevid are 5577 delayed until the end of the interval. Interval is in 5578 microseconds. ``status`` is optional that indicate whether the 5579 netfilter is on (enabled) or off (disabled), the default status 5580 for netfilter will be 'on'. 5581 5582 queue all\|rx\|tx is an option that can be applied to any 5583 netfilter. 5584 5585 ``all``: the filter is attached both to the receive and the 5586 transmit queue of the netdev (default). 5587 5588 ``rx``: the filter is attached to the receive queue of the 5589 netdev, where it will receive packets sent to the netdev. 5590 5591 ``tx``: the filter is attached to the transmit queue of the 5592 netdev, where it will receive packets sent by the netdev. 5593 5594 position head\|tail\|id=<id> is an option to specify where the 5595 filter should be inserted in the filter list. It can be applied 5596 to any netfilter. 5597 5598 ``head``: the filter is inserted at the head of the filter list, 5599 before any existing filters. 5600 5601 ``tail``: the filter is inserted at the tail of the filter list, 5602 behind any existing filters (default). 5603 5604 ``id=<id>``: the filter is inserted before or behind the filter 5605 specified by <id>, see the insert option below. 5606 5607 insert behind\|before is an option to specify where to insert 5608 the new filter relative to the one specified with 5609 position=id=<id>. It can be applied to any netfilter. 5610 5611 ``before``: insert before the specified filter. 5612 5613 ``behind``: insert behind the specified filter (default). 5614 5615 ``-object filter-mirror,id=id,netdev=netdevid,outdev=chardevid,queue=all|rx|tx[,vnet_hdr_support][,position=head|tail|id=<id>][,insert=behind|before]`` 5616 filter-mirror on netdev netdevid,mirror net packet to 5617 chardevchardevid, if it has the vnet\_hdr\_support flag, 5618 filter-mirror will mirror packet with vnet\_hdr\_len. 5619 5620 ``-object filter-redirector,id=id,netdev=netdevid,indev=chardevid,outdev=chardevid,queue=all|rx|tx[,vnet_hdr_support][,position=head|tail|id=<id>][,insert=behind|before]`` 5621 filter-redirector on netdev netdevid,redirect filter's net 5622 packet to chardev chardevid,and redirect indev's packet to 5623 filter.if it has the vnet\_hdr\_support flag, filter-redirector 5624 will redirect packet with vnet\_hdr\_len. Create a 5625 filter-redirector we need to differ outdev id from indev id, id 5626 can not be the same. we can just use indev or outdev, but at 5627 least one of indev or outdev need to be specified. 5628 5629 ``-object filter-rewriter,id=id,netdev=netdevid,queue=all|rx|tx,[vnet_hdr_support][,position=head|tail|id=<id>][,insert=behind|before]`` 5630 Filter-rewriter is a part of COLO project.It will rewrite tcp 5631 packet to secondary from primary to keep secondary tcp 5632 connection,and rewrite tcp packet to primary from secondary make 5633 tcp packet can be handled by client.if it has the 5634 vnet\_hdr\_support flag, we can parse packet with vnet header. 5635 5636 usage: colo secondary: -object 5637 filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0 -object 5638 filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1 -object 5639 filter-rewriter,id=rew0,netdev=hn0,queue=all 5640 5641 ``-object filter-dump,id=id,netdev=dev[,file=filename][,maxlen=len][,position=head|tail|id=<id>][,insert=behind|before]`` 5642 Dump the network traffic on netdev dev to the file specified by 5643 filename. At most len bytes (64k by default) per packet are 5644 stored. The file format is libpcap, so it can be analyzed with 5645 tools such as tcpdump or Wireshark. 5646 5647 ``-object colo-compare,id=id,primary_in=chardevid,secondary_in=chardevid,outdev=chardevid,iothread=id[,vnet_hdr_support][,notify_dev=id][,compare_timeout=@var{ms}][,expired_scan_cycle=@var{ms}][,max_queue_size=@var{size}]`` 5648 Colo-compare gets packet from primary\_in chardevid and 5649 secondary\_in, then compare whether the payload of primary packet 5650 and secondary packet are the same. If same, it will output 5651 primary packet to out\_dev, else it will notify COLO-framework to do 5652 checkpoint and send primary packet to out\_dev. In order to 5653 improve efficiency, we need to put the task of comparison in 5654 another iothread. If it has the vnet\_hdr\_support flag, 5655 colo compare will send/recv packet with vnet\_hdr\_len. 5656 The compare\_timeout=@var{ms} determines the maximum time of the 5657 colo-compare hold the packet. The expired\_scan\_cycle=@var{ms} 5658 is to set the period of scanning expired primary node network packets. 5659 The max\_queue\_size=@var{size} is to set the max compare queue 5660 size depend on user environment. 5661 If user want to use Xen COLO, need to add the notify\_dev to 5662 notify Xen colo-frame to do checkpoint. 5663 5664 COLO-compare must be used with the help of filter-mirror, 5665 filter-redirector and filter-rewriter. 5666 5667 :: 5668 5669 KVM COLO 5670 5671 primary: 5672 -netdev tap,id=hn0,vhost=off 5673 -device e1000,id=e0,netdev=hn0,mac=52:a4:00:12:78:66 5674 -chardev socket,id=mirror0,host=3.3.3.3,port=9003,server=on,wait=off 5675 -chardev socket,id=compare1,host=3.3.3.3,port=9004,server=on,wait=off 5676 -chardev socket,id=compare0,host=3.3.3.3,port=9001,server=on,wait=off 5677 -chardev socket,id=compare0-0,host=3.3.3.3,port=9001 5678 -chardev socket,id=compare_out,host=3.3.3.3,port=9005,server=on,wait=off 5679 -chardev socket,id=compare_out0,host=3.3.3.3,port=9005 5680 -object iothread,id=iothread1 5681 -object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0 5682 -object filter-redirector,netdev=hn0,id=redire0,queue=rx,indev=compare_out 5683 -object filter-redirector,netdev=hn0,id=redire1,queue=rx,outdev=compare0 5684 -object colo-compare,id=comp0,primary_in=compare0-0,secondary_in=compare1,outdev=compare_out0,iothread=iothread1 5685 5686 secondary: 5687 -netdev tap,id=hn0,vhost=off 5688 -device e1000,netdev=hn0,mac=52:a4:00:12:78:66 5689 -chardev socket,id=red0,host=3.3.3.3,port=9003 5690 -chardev socket,id=red1,host=3.3.3.3,port=9004 5691 -object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0 5692 -object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1 5693 5694 5695 Xen COLO 5696 5697 primary: 5698 -netdev tap,id=hn0,vhost=off 5699 -device e1000,id=e0,netdev=hn0,mac=52:a4:00:12:78:66 5700 -chardev socket,id=mirror0,host=3.3.3.3,port=9003,server=on,wait=off 5701 -chardev socket,id=compare1,host=3.3.3.3,port=9004,server=on,wait=off 5702 -chardev socket,id=compare0,host=3.3.3.3,port=9001,server=on,wait=off 5703 -chardev socket,id=compare0-0,host=3.3.3.3,port=9001 5704 -chardev socket,id=compare_out,host=3.3.3.3,port=9005,server=on,wait=off 5705 -chardev socket,id=compare_out0,host=3.3.3.3,port=9005 5706 -chardev socket,id=notify_way,host=3.3.3.3,port=9009,server=on,wait=off 5707 -object filter-mirror,id=m0,netdev=hn0,queue=tx,outdev=mirror0 5708 -object filter-redirector,netdev=hn0,id=redire0,queue=rx,indev=compare_out 5709 -object filter-redirector,netdev=hn0,id=redire1,queue=rx,outdev=compare0 5710 -object iothread,id=iothread1 5711 -object colo-compare,id=comp0,primary_in=compare0-0,secondary_in=compare1,outdev=compare_out0,notify_dev=notify_way,iothread=iothread1 5712 5713 secondary: 5714 -netdev tap,id=hn0,vhost=off 5715 -device e1000,netdev=hn0,mac=52:a4:00:12:78:66 5716 -chardev socket,id=red0,host=3.3.3.3,port=9003 5717 -chardev socket,id=red1,host=3.3.3.3,port=9004 5718 -object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0 5719 -object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1 5720 5721 If you want to know the detail of above command line, you can 5722 read the colo-compare git log. 5723 5724 ``-object cryptodev-backend-builtin,id=id[,queues=queues]`` 5725 Creates a cryptodev backend which executes crypto operations from 5726 the QEMU cipher APIs. The id parameter is a unique ID that will 5727 be used to reference this cryptodev backend from the 5728 ``virtio-crypto`` device. The queues parameter is optional, 5729 which specify the queue number of cryptodev backend, the default 5730 of queues is 1. 5731 5732 .. parsed-literal:: 5733 5734 # |qemu_system| \\ 5735 [...] \\ 5736 -object cryptodev-backend-builtin,id=cryptodev0 \\ 5737 -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \\ 5738 [...] 5739 5740 ``-object cryptodev-vhost-user,id=id,chardev=chardevid[,queues=queues]`` 5741 Creates a vhost-user cryptodev backend, backed by a chardev 5742 chardevid. The id parameter is a unique ID that will be used to 5743 reference this cryptodev backend from the ``virtio-crypto`` 5744 device. The chardev should be a unix domain socket backed one. 5745 The vhost-user uses a specifically defined protocol to pass 5746 vhost ioctl replacement messages to an application on the other 5747 end of the socket. The queues parameter is optional, which 5748 specify the queue number of cryptodev backend for multiqueue 5749 vhost-user, the default of queues is 1. 5750 5751 .. parsed-literal:: 5752 5753 # |qemu_system| \\ 5754 [...] \\ 5755 -chardev socket,id=chardev0,path=/path/to/socket \\ 5756 -object cryptodev-vhost-user,id=cryptodev0,chardev=chardev0 \\ 5757 -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 \\ 5758 [...] 5759 5760 ``-object secret,id=id,data=string,format=raw|base64[,keyid=secretid,iv=string]`` 5761 \ 5762 ``-object secret,id=id,file=filename,format=raw|base64[,keyid=secretid,iv=string]`` 5763 Defines a secret to store a password, encryption key, or some 5764 other sensitive data. The sensitive data can either be passed 5765 directly via the data parameter, or indirectly via the file 5766 parameter. Using the data parameter is insecure unless the 5767 sensitive data is encrypted. 5768 5769 The sensitive data can be provided in raw format (the default), 5770 or base64. When encoded as JSON, the raw format only supports 5771 valid UTF-8 characters, so base64 is recommended for sending 5772 binary data. QEMU will convert from which ever format is 5773 provided to the format it needs internally. eg, an RBD password 5774 can be provided in raw format, even though it will be base64 5775 encoded when passed onto the RBD sever. 5776 5777 For added protection, it is possible to encrypt the data 5778 associated with a secret using the AES-256-CBC cipher. Use of 5779 encryption is indicated by providing the keyid and iv 5780 parameters. The keyid parameter provides the ID of a previously 5781 defined secret that contains the AES-256 decryption key. This 5782 key should be 32-bytes long and be base64 encoded. The iv 5783 parameter provides the random initialization vector used for 5784 encryption of this particular secret and should be a base64 5785 encrypted string of the 16-byte IV. 5786 5787 The simplest (insecure) usage is to provide the secret inline 5788 5789 .. parsed-literal:: 5790 5791 # |qemu_system| -object secret,id=sec0,data=letmein,format=raw 5792 5793 The simplest secure usage is to provide the secret via a file 5794 5795 # printf "letmein" > mypasswd.txt # QEMU\_SYSTEM\_MACRO -object 5796 secret,id=sec0,file=mypasswd.txt,format=raw 5797 5798 For greater security, AES-256-CBC should be used. To illustrate 5799 usage, consider the openssl command line tool which can encrypt 5800 the data. Note that when encrypting, the plaintext must be 5801 padded to the cipher block size (32 bytes) using the standard 5802 PKCS#5/6 compatible padding algorithm. 5803 5804 First a master key needs to be created in base64 encoding: 5805 5806 :: 5807 5808 # openssl rand -base64 32 > key.b64 5809 # KEY=$(base64 -d key.b64 | hexdump -v -e '/1 "%02X"') 5810 5811 Each secret to be encrypted needs to have a random 5812 initialization vector generated. These do not need to be kept 5813 secret 5814 5815 :: 5816 5817 # openssl rand -base64 16 > iv.b64 5818 # IV=$(base64 -d iv.b64 | hexdump -v -e '/1 "%02X"') 5819 5820 The secret to be defined can now be encrypted, in this case 5821 we're telling openssl to base64 encode the result, but it could 5822 be left as raw bytes if desired. 5823 5824 :: 5825 5826 # SECRET=$(printf "letmein" | 5827 openssl enc -aes-256-cbc -a -K $KEY -iv $IV) 5828 5829 When launching QEMU, create a master secret pointing to 5830 ``key.b64`` and specify that to be used to decrypt the user 5831 password. Pass the contents of ``iv.b64`` to the second secret 5832 5833 .. parsed-literal:: 5834 5835 # |qemu_system| \\ 5836 -object secret,id=secmaster0,format=base64,file=key.b64 \\ 5837 -object secret,id=sec0,keyid=secmaster0,format=base64,\\ 5838 data=$SECRET,iv=$(<iv.b64) 5839 5840 ``-object sev-guest,id=id,cbitpos=cbitpos,reduced-phys-bits=val,[sev-device=string,policy=policy,handle=handle,dh-cert-file=file,session-file=file,kernel-hashes=on|off]`` 5841 Create a Secure Encrypted Virtualization (SEV) guest object, 5842 which can be used to provide the guest memory encryption support 5843 on AMD processors. 5844 5845 When memory encryption is enabled, one of the physical address 5846 bit (aka the C-bit) is utilized to mark if a memory page is 5847 protected. The ``cbitpos`` is used to provide the C-bit 5848 position. The C-bit position is Host family dependent hence user 5849 must provide this value. On EPYC, the value should be 47. 5850 5851 When memory encryption is enabled, we loose certain bits in 5852 physical address space. The ``reduced-phys-bits`` is used to 5853 provide the number of bits we loose in physical address space. 5854 Similar to C-bit, the value is Host family dependent. On EPYC, 5855 a guest will lose a maximum of 1 bit, so the value should be 1. 5856 5857 The ``sev-device`` provides the device file to use for 5858 communicating with the SEV firmware running inside AMD Secure 5859 Processor. The default device is '/dev/sev'. If hardware 5860 supports memory encryption then /dev/sev devices are created by 5861 CCP driver. 5862 5863 The ``policy`` provides the guest policy to be enforced by the 5864 SEV firmware and restrict what configuration and operational 5865 commands can be performed on this guest by the hypervisor. The 5866 policy should be provided by the guest owner and is bound to the 5867 guest and cannot be changed throughout the lifetime of the 5868 guest. The default is 0. 5869 5870 If guest ``policy`` allows sharing the key with another SEV 5871 guest then ``handle`` can be use to provide handle of the guest 5872 from which to share the key. 5873 5874 The ``dh-cert-file`` and ``session-file`` provides the guest 5875 owner's Public Diffie-Hillman key defined in SEV spec. The PDH 5876 and session parameters are used for establishing a cryptographic 5877 session with the guest owner to negotiate keys used for 5878 attestation. The file must be encoded in base64. 5879 5880 The ``kernel-hashes`` adds the hashes of given kernel/initrd/ 5881 cmdline to a designated guest firmware page for measured Linux 5882 boot with -kernel. The default is off. (Since 6.2) 5883 5884 e.g to launch a SEV guest 5885 5886 .. parsed-literal:: 5887 5888 # |qemu_system_x86| \\ 5889 ...... \\ 5890 -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1 \\ 5891 -machine ...,memory-encryption=sev0 \\ 5892 ..... 5893 5894 ``-object authz-simple,id=id,identity=string`` 5895 Create an authorization object that will control access to 5896 network services. 5897 5898 The ``identity`` parameter is identifies the user and its format 5899 depends on the network service that authorization object is 5900 associated with. For authorizing based on TLS x509 certificates, 5901 the identity must be the x509 distinguished name. Note that care 5902 must be taken to escape any commas in the distinguished name. 5903 5904 An example authorization object to validate a x509 distinguished 5905 name would look like: 5906 5907 .. parsed-literal:: 5908 5909 # |qemu_system| \\ 5910 ... \\ 5911 -object 'authz-simple,id=auth0,identity=CN=laptop.example.com,,O=Example Org,,L=London,,ST=London,,C=GB' \\ 5912 ... 5913 5914 Note the use of quotes due to the x509 distinguished name 5915 containing whitespace, and escaping of ','. 5916 5917 ``-object authz-listfile,id=id,filename=path,refresh=on|off`` 5918 Create an authorization object that will control access to 5919 network services. 5920 5921 The ``filename`` parameter is the fully qualified path to a file 5922 containing the access control list rules in JSON format. 5923 5924 An example set of rules that match against SASL usernames might 5925 look like: 5926 5927 :: 5928 5929 { 5930 "rules": [ 5931 { "match": "fred", "policy": "allow", "format": "exact" }, 5932 { "match": "bob", "policy": "allow", "format": "exact" }, 5933 { "match": "danb", "policy": "deny", "format": "glob" }, 5934 { "match": "dan*", "policy": "allow", "format": "exact" }, 5935 ], 5936 "policy": "deny" 5937 } 5938 5939 When checking access the object will iterate over all the rules 5940 and the first rule to match will have its ``policy`` value 5941 returned as the result. If no rules match, then the default 5942 ``policy`` value is returned. 5943 5944 The rules can either be an exact string match, or they can use 5945 the simple UNIX glob pattern matching to allow wildcards to be 5946 used. 5947 5948 If ``refresh`` is set to true the file will be monitored and 5949 automatically reloaded whenever its content changes. 5950 5951 As with the ``authz-simple`` object, the format of the identity 5952 strings being matched depends on the network service, but is 5953 usually a TLS x509 distinguished name, or a SASL username. 5954 5955 An example authorization object to validate a SASL username 5956 would look like: 5957 5958 .. parsed-literal:: 5959 5960 # |qemu_system| \\ 5961 ... \\ 5962 -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=on \\ 5963 ... 5964 5965 ``-object authz-pam,id=id,service=string`` 5966 Create an authorization object that will control access to 5967 network services. 5968 5969 The ``service`` parameter provides the name of a PAM service to 5970 use for authorization. It requires that a file 5971 ``/etc/pam.d/service`` exist to provide the configuration for 5972 the ``account`` subsystem. 5973 5974 An example authorization object to validate a TLS x509 5975 distinguished name would look like: 5976 5977 .. parsed-literal:: 5978 5979 # |qemu_system| \\ 5980 ... \\ 5981 -object authz-pam,id=auth0,service=qemu-vnc \\ 5982 ... 5983 5984 There would then be a corresponding config file for PAM at 5985 ``/etc/pam.d/qemu-vnc`` that contains: 5986 5987 :: 5988 5989 account requisite pam_listfile.so item=user sense=allow \ 5990 file=/etc/qemu/vnc.allow 5991 5992 Finally the ``/etc/qemu/vnc.allow`` file would contain the list 5993 of x509 distinguished names that are permitted access 5994 5995 :: 5996 5997 CN=laptop.example.com,O=Example Home,L=London,ST=London,C=GB 5998 5999 ``-object iothread,id=id,poll-max-ns=poll-max-ns,poll-grow=poll-grow,poll-shrink=poll-shrink,aio-max-batch=aio-max-batch`` 6000 Creates a dedicated event loop thread that devices can be 6001 assigned to. This is known as an IOThread. By default device 6002 emulation happens in vCPU threads or the main event loop thread. 6003 This can become a scalability bottleneck. IOThreads allow device 6004 emulation and I/O to run on other host CPUs. 6005 6006 The ``id`` parameter is a unique ID that will be used to 6007 reference this IOThread from ``-device ...,iothread=id``. 6008 Multiple devices can be assigned to an IOThread. Note that not 6009 all devices support an ``iothread`` parameter. 6010 6011 The ``query-iothreads`` QMP command lists IOThreads and reports 6012 their thread IDs so that the user can configure host CPU 6013 pinning/affinity. 6014 6015 IOThreads use an adaptive polling algorithm to reduce event loop 6016 latency. Instead of entering a blocking system call to monitor 6017 file descriptors and then pay the cost of being woken up when an 6018 event occurs, the polling algorithm spins waiting for events for 6019 a short time. The algorithm's default parameters are suitable 6020 for many cases but can be adjusted based on knowledge of the 6021 workload and/or host device latency. 6022 6023 The ``poll-max-ns`` parameter is the maximum number of 6024 nanoseconds to busy wait for events. Polling can be disabled by 6025 setting this value to 0. 6026 6027 The ``poll-grow`` parameter is the multiplier used to increase 6028 the polling time when the algorithm detects it is missing events 6029 due to not polling long enough. 6030 6031 The ``poll-shrink`` parameter is the divisor used to decrease 6032 the polling time when the algorithm detects it is spending too 6033 long polling without encountering events. 6034 6035 The ``aio-max-batch`` parameter is the maximum number of requests 6036 in a batch for the AIO engine, 0 means that the engine will use 6037 its default. 6038 6039 The IOThread parameters can be modified at run-time using the 6040 ``qom-set`` command (where ``iothread1`` is the IOThread's 6041 ``id``): 6042 6043 :: 6044 6045 (qemu) qom-set /objects/iothread1 poll-max-ns 100000 6046ERST 6047 6048 6049HXCOMM This is the last statement. Insert new options before this line! 6050 6051#undef DEF 6052#undef DEFHEADING 6053#undef ARCHHEADING 6054
