System emulation

Incompatible changes

The "handle" option to -fsdev and -virtfs has been removed. The "local" or "proxy" options should be used instead.

The "-virtioconsole" option has been removed. Use "-device virtconsole" instead.

The "-no-frame" option has been removed. It was only usable with SDL1.2, and support for this library has been suspended now.

The "-enable-hax" option has been removed. Use "-accel hax" instead.

The "-clock" option has been removed. It was only a "dummy" option without meaning since QEMU 1.7, so there is no replacement.

The legacy "ivshmem" device has been removed. Use "ivshmem-doorbell" or "ivshmem-plain" instead.

The x86 machine types "pc-0.10" and "pc-0.11" have been removed. Use a newer machine type instead.

The "irq" property of the "spapr-vscsi", "spapr-vlan" and "spapr-vty" devices has been removed with no replacement.

The "memory-backend-memfd" backend object type will be reported as unavailable on hosts systems without memfd sealing support. On previous versions, "memory-backend-memfd" was reported as available, but didn't work properly without sealing support.

HMP snapshot commands (such as "savevm", "loadvm" and "delvm") use only the snapshot tag, and not the ID any more, to identify snapshots. This removes ambiguity from the interface, but may require changing the HMP command in existing scripts.

The range of "reboot-timeout" parameter has been adjusted from 0 to 0xffff. -1 will not valid for it.

New deprecated options and features

cpu-add QMP/HMP command

QMP/HMP command machine-types pc-0.12 , pc-0.13 , pc-0.14 and pc-0.15

, , and qemu-nbd --partition=N option

option The query-events QMP command has been superseded by the more powerful and accurate query-qmp-schema command.

QMP command has been superseded by the more powerful and accurate command. The acl option to the "-vnc" argument has been replaced by the tls-authz and sasl-authz options.

option to the "-vnc" argument has been replaced by the and options. The acl_show , acl_reset , acl_policy , acl_add , and acl_remove commands are deprecated with no replacement. Authorization for VNC should be performed using the pluggable QAuthZ objects.

, , , , and commands are deprecated with no replacement. Authorization for VNC should be performed using the pluggable QAuthZ objects. QEMU_AUDIO_ environment variables and "-audio-help" are now deprecated. Use "-audiodev" instead.

Consult the "Deprecated Features" appendix for the full list of historically deprecated features/options.

Alpha

Updated PALcode firmware supports machine check exceptions.

Arm

Implement the ARMv8.0-SB extension

Implement the ARMv8.0-PredInv extension

Implement the ARMv8.1-HPD extension

Implement the ARMv8.1-LOR extension (as the trivial "no limited ordering regions provided" minimum)

Implement the ARMv8.2-FHM extension

Implement the ARMv8.2-AA32HPD extension

Implement the ARMv8.3-PAuth extension

Implement the ARMv8.3-JSConv extension

Implement the ARMv8.4-CondM extension

Implement the ARMv8.5-CondM extension

Implement the ARMv8.5-FRINT extension

Implement the Armv8.5-BTI extension for system emulation mode

New machines "musca-a" and "musca-b1" -- these model the Arm "Musca" development boards

New machine "mps2-an521" -- this is a model of the AN521 FPGA image for the MPS2 devboard

Support TBI (top-byte-ignore) properly for linux-user mode

The micro:bit board now boots simple MicroPython programs since device emulation for the timer, GPIO, NVMC and RNG has been added

The cubieboard model now implements the 'A' SRAM

AArch64 processors can now boot from a kernel placed over 4GB into RAM

The stellaris boards ("lm3s6965evb", "lm3s811evb") now implement the watchdog timer device

The BLK_MAX register in the TZ MPC device now reports the correct value

The u-boot "noload" image type is now supported for the Arm virt board

The Arm virt board now permits more than 255GB of RAM

stm32f2xx_usart: Do not update data register when device is disabled

virt board ACPI tables: COHACC override flag now correctly set in IORT SMMUv3 node

AArch32 exception return is fixed to permit a switch from Mon->Hyp mode

ftgmac100: implement the new MDIO interface on Aspeed SoC

Emulation of the ARM PMU has been improved

Fix various places where we failed to UNDEF invalid A64 instructions

Don't UNDEF a valid FCMLA on 32-bit inputs

Make FPSCR/FPCR trapped-exception bits RAZ/WI

Fixed a bug in handling clearing of FPSCR/FPSR exception status bits

armv7m_nvic: Allow byte accesses to SHPR1 register

linux-user: support HWCAP_CPUID which exposes ID registers to user code

Fixed a bug where the v8M MPU was always using the background region if it was enabled, rather than only if there was no hit on a more specific region

Fixed bug where SVE ADDVL/ADDPL/RDVL instructions were missing the "is SVE enabled" check

The raspi2 and raspi3 models now implement the "local timer" in the bcm2836_control block

Fixed bug preventing EL0 from writing to architected timer registers

Fixed SMMUv3 interrupt line numbers in ACPI tables for 'virt' board

Fixed bug in emulation of CASP instruction

Cris

check-tcg now builds and runs the cris tests using the fedora-cris-cross docker image

HPPA

Fix condition code generation for "add,<" & "add,<=", "addb".

Fix the output for "dcor".

Fix pci config address access.

Fix the output for "b,gate".

Map CPU HPA regions into PCI address space.

Support TLB protection IDs

Accept but ignore the diag instruction

Add TLB trace events.

Update seabios-hppa to upstream latest.

M68k

The "mcf5208evb" machine now supports loading of firmware binaries with the "-bios" option.

Microblaze

MIPS

Added support for I7200 CPU (nanoMIPS32 ISA + DSP ASE; system mode only).

Added support for I6500 CPU (MIPS64R6 ISA + MSA ASE + multicore features).

Added support for QMP-based querying of the available CPU types.

Added support for SAARI and SAAR configuration registers.

Added support for MTTCG (multi-threaded TCG).

Improved support for ITU (Interthread Communication Unit).

Improved support for Fulong 2E machine.

Improved end user documentation.

Fixed build for MIPS n32 hosts.

Nios2

OpenRISC

PowerPC

POWER9 large decrementer is now supported (pseries & powernv machines, TCG & KVM)

sam460ex can now have 2GB memory

pseries default CPU type is now POWER9

pseries now supports the XIVE interrupt controller of POWER9 (emulated version only)

pseries can now select its interrupt controller through a new ic-mode machine option

pseries can now control the exposure of the host model and system-id through the new host-model and host-serial machine options

pseries now supports "-vga cirrus"

pseries now supports hot plug and unplug of PCI Host Bridges (PHBs)

pseries now enables Spectre/Meltdown mitigations by default (this will cause warnings with TCG which doesn't have the mitigations implemented)

pseries now supports the proposed count-cache-flush mitigation for Spectre (this requires guest co-operation, but should be lower cost than the current approaches)

powernv now supports POWER9 cpus

powernv now allows kernel images up to 256MiB

gdbstub can now access SPRs

mac99 machine now defaults to sungem NIC instead of ne2k_pci

e500 now has a device for its I2C controller

e500 has had an update to a newer U-Boot version

ref405, sam460ex and taihu now have flash memory of fixed size matching the physical hardware instead of deriving it from -drive if-pflash

RISC-V

The virt board now supports PCI and USB.

The FS field of mstatus now supports three states (dirty, clean, and off).

The TSR, TW, and TVM fields of mstatus are now implemented.

The misa CSR is now writable.

The built-in gdbserver supports register lists via XML files.

The sifive_u machine supports SMP.

The SiFive UART supports TX interrupts.

The sifive_u machine has the correct number of PLIC interrupts.

s390

CPU models

The 'zpci' feature bit is now indicated by default in the 'qemu' cpu model.

The z14 cpu model now includes the multiple epoch and PTFF enhancement features per default.

A cpu model for the z14 GA 2 has been added.

Devices

vfio-ap now no longer inhibits usage of memory ballooners.

zPCI devices now provide some instruction counters to the guest (for a Linux guest, check /sys/kernel/debug/pci/<function>/statistics).

zPCI devices are now explicitly marked as unmigratable. No change in functionality, migration support for zPCI devices had never been implemented.

vfio-ap now supports hot(un)plug of the vfio-ap device.

TCG

Support for the floating-point extension facility has been added.

Code for vector support instructions has been added.

SH

Machine r2d's flash memory size doubled to 16MiB to match physical hardware.

SPARC

Fix Solaris boot on SS-10/SS-20 machines with OpenBIOS (OpenBIOS)

TileGX

Tricore

Fixed mixed up operands in CADDN and CADD

x86

The HAX accelerator is now supported for POSIX hosts other than Darwin, including Linux and NetBSD.

Machines pc-* now support configuring firmware with -machine pflash0=ID0,pflash1=ID1 in addition to -drive if=pflash,... This permits use of -blockdev.

MPX is considered a failed experiment by Intel, and has thus been removed from all named CPU models. It is still accessible via "-cpu host".

PVH Linux images can be booted with "-kernel".

Xtensa

xtfpga boards provide SMP support expected by linux (interrupt distributor, IPI and runstall)

New test_mmuhifi_c3 core configuration capable of running SMP linux

Flexible length instructions extension (FLIX) is now supported

check-tcg now builds and runs xtensa system tests

Device emulation and assignment

ACPI

Audio

Block devices

IDE/via: Implement PCI IDE mode

virtio-blk: DISCARD and WRITE_ZEROES support

Graphics

Input devices

I2C

smbus_eeprom: Will now transfer its state

pm_smbus: I2C block transfers will now work properly

pm_smbus: state transfer will now work properly

IPMI

Network devices

pvrdma: Add support for RDMA MAD

pvrdma: Removed the dev-caps-max-sge parameter

NVDIMM

PCI/PCIe

Generic PCIe root port link speed and width enhancements: Starting with the Q35 QEMU 4.0 machine type, generic pcie-root-port will default to the maximum PCIe link speed (16GT/s) and width (x32) provided by the PCIe 4.0 specification. Experimental options x-speed= and x-width= are provided for custom tuning, but it is expected that the default over-provisioning of bandwidth is optimal for the vast majority of use cases. Previous machine versions and ioh3420 root ports will continue to default to 2.5GT/x1 links.

SCSI

Added the device_id property for SCSI disks that specifies which value to use for the vendor specific designator in the Device Identification VPD page

property for SCSI disks that specifies which value to use for the vendor specific designator in the Device Identification VPD page Fixed erroneously detected multipath setup with multiple disks created with node-names (these would use an empty string as the vendor specific designator before, now the designator is left out)

Several bugfixes in the LSI53C8xxA and ESP/PCscsi parallel SCSI adapters.

SMBIOS

TPM

ACPI HID for TPM TIS for TPM 2.0 has been corrected to MSFT0101; this should allow all Operating Systems to use the TPM 2.0 through the TIS interface

QEMU support for TPM PPI (Physical Presence Interface) allows OS to use PPI functionality if the firmware supports it

USB

VFIO

EDID interface for supported mdevs (Intel vGPU, host kernel v5.0+). Use options xres= and yres= to specify display resolution.

virtio

Xen

New 'xen-disk' device which can create a Xen PV disk backend (instead of having to create it via xenstore).

Improved performance of the Xen PV disk backend.

Xen PV disk backend can now handle resize.

fw_cfg

9pfs

Audio

Character devices

The "wait" option for the socket backend is now forbidden for client sockets. It previously had no functional effect except for server sockets.

The "reconnect" option for the socket backend is now forbidden for server sockets. It previously had no functional effect except for client sockets.

The "tls-authz" option for the socket backend allows associating an authorization object with the character device to check against the TLS client's x509 certificate identity.

The websocket protocol on socket character devices now correctly handles end of file when a client disconnects

Crypto subsystem

The block storage encryption backends are now capable of using multiple threads for encryption/decryption

GUI

Add -display spice-app : configure & launch a Spice client. With virt-viewer >= 8.0, this will present a UI similar to QEMU GTK (with monitor & console etc), but running in a separate process.

: configure & launch a Spice client. With virt-viewer >= 8.0, this will present a UI similar to QEMU GTK (with monitor & console etc), but running in a separate process. Support for building against SDL1.2 has been deleted. SDL2 should be used instead.

The VNC server will no longer accidentally delete its UNIX listener socket when clients disconnect

The VNC server supports two new options "tls-authz" and "sasl-authz". These provide the ID of a previously create "authz" object to be used for authorization checks on incoming client identities.

The VNC server "acl" option has been deprecated in favour of "tls-authz" and "sasl-authz"

Host support

Memory backends

Monitor

QMP can now execute a few commands "out of band". This is useful for postcopy recovery. For details, see docs/interop/qmp-spec.txt.

query-qmp-schema reflects QEMU's build configuration more closely. For instance, stuff related to replication is properly absent when QEMU was built with --disable-replication , and stuff specific to other targets is properly absent.

reflects QEMU's build configuration more closely. For instance, stuff related to replication is properly absent when QEMU was built with , and stuff specific to other targets is properly absent. QMP events SHUTDOWN and RESET now carry a reason

New QMP command query-current-machine

QMP/HMP command system_wakeup now fails when the guest isn't suspended, or doesn't even support suspend.

now fails when the guest isn't suspended, or doesn't even support suspend. QMP/HMP command cpu-add is now deprecated

is now deprecated New QMP commands block-dirty-bitmap-enable , block-dirty-bitmap-disable , and block-dirty-bitmap-merge , plus enhancements to transaction , nbd-server-add , query-block , and block-dirty-bitmap-add . See Bitmaps & Incremental Backups for greater detail.

, , and , plus enhancements to , , , and . See Bitmaps & Incremental Backups for greater detail. The HMP commands acl_show , acl_reset , acl_policy , acl_add , acl_remove are deprecated with no direct replacement. The new authorization framework provides an alternative object based approach to the authorization / access control problem, with pluggable implementations.

, , , , are deprecated with no direct replacement. The new authorization framework provides an alternative object based approach to the authorization / access control problem, with pluggable implementations. New experimental QMP command x-blockdev-reopen that allows reopening any block device in use with a new set of options.

Migration

free page hinting through virtio-balloon to avoid migrating unused pages

ignore-shared feature for skipping shared memory blocks for migration-on-same-host hacks

The new "tls-authz" migration parameter can be used on the incoming migration server, to specify an authorization policy to an check incoming client connections' TLS certificate. This ensures only the intended source host may initiate the incoming migration.

Network

new QMP/HMP command announce_self to trigger generation of broadcast RARP frames to update network switches.

to trigger generation of broadcast RARP frames to update network switches. Slirp license has been clarified again as BSD-3, and the code has been adjusted to build as a standalone project (https://gitlab.freedesktop.org/slirp)

Improved tracing and error diagnostics for NBD code

Many fixes related to iothreads

auto-read-only=on for the file driver switches dynamically between read-only and read-write file descriptors now, depending on whether writers (such as read-write guest devices, or block jobs that write to the node) are attached to the image. This allows starting without write permissions for backing files, but automatically making them writable e.g. for a commit block job.

driver switches dynamically between read-only and read-write file descriptors now, depending on whether writers (such as read-write guest devices, or block jobs that write to the node) are attached to the image. This allows starting without write permissions for backing files, but automatically making them writable e.g. for a commit block job. HMP snapshot commands use only the snapshot tag, and not the ID any more, to identify snapshots. This removes ambiguity from the interface, but may require changing the HMP command in existing scripts.

The block-latency-histogram QMP command (used to be x-block-latency-histogram ) is now considered stable and not marked as experimental any more

QMP command (used to be ) is now considered stable and not marked as experimental any more Added the experimental x-blockdev-reopen QMP command to change options of block nodes after their creation

QMP command to change options of block nodes after their creation NBD client code no longer attempts to access beyond end-of-file for a compliant server that advertised a size that is not a multiple of a sector, allowing for better interoperability with nbdkit

qemu-img map --output=human now works for NBD disks

now works for NBD disks NBD client code now gracefully works around several alignment compliance bugs present in the qemu 3.1 server code, rather than dropping the connection

Bitmaps & Incremental Backups

Fixes:

Transactions now abort in reverse order, fixing crashes involving bitmap modifying commands

Failed transactions involving disabled bitmaps should unwind cleanly

Adding/Removing bitmaps to dataplane disks will no longer crash QEMU

read-only bitmaps are now prohibited for use in incremental push backups instead of trying and failing at conclusion.

busy bitmaps are now prohibited from being used as the source of x-block-dirty-bitmap-merge.

API Changes:

QMP x-block-dirty-bitmap-merge now accepts multiple source bitmaps.

now accepts multiple source bitmaps. Stable QMP promotions: x-disabled parameter of block-dirty-bitmap-add becomes disabled x-block-dirty-bitmap-enable becomes block-dirty-bitmap-enable x-block-dirty-bitmap-disable becomes block-dirty-bitmap-disable x-block-dirty-bitmap-merge becomes block-dirty-bitmap-merge all matching transactions (-enable, -disable, -merge) are promoted as well.

BlockDirtyInfo , the query-block field [i]/dirty-bitmaps[j] structure, has changed: BlockDirtyInfo.status is deprecated, to be removed in 3 releases. BlockDirtyInfo.recording is added. It's true when the bitmap is recording guest writes. BlockDirtyInfo.persistent is added. It's true when the bitmap is either stored on-disk or scheduled to be written out to disk. BlockDirtyInfo.busy is added. It's true when the bitmap is in-use by an operation. BlockDirtyInfo.inconsistent is added. It's true when a persistent bitmap is no longer reliable. BlockDirtyInfo.status will report "inconsistent" when the inconsistent bit is true.

, the query-block field structure, has changed:

New Features:

Pull Mode Incremental Backup: block-dirty-bitmap-enable , block-dirty-bitmap-disable , and block-dirty-bitmap-merge , plus enhancements to transaction , nbd-server-add allow a management application to perform incremental backups with an NBD client as a consumer learning which portions of the disk were changed while the bitmap was enabled. The experimental commands x-block-dirty-bitmap-enable , x-block-dirty-bitmap-disable , x-block-dirty-bitmap-merge and x-nbd-server-add-bitmap were removed in favor of the stable commands.

, , and , plus enhancements to , allow a management application to perform incremental backups with an NBD client as a consumer learning which portions of the disk were changed while the bitmap was enabled. The experimental commands , , and were removed in favor of the stable commands. Bitmap checkpoints: The addition of block-dirty-bitmap-enable and block-dirty-bitmap-disable allow for a management API to enable/disable bitmaps at critical moments (push, pull backups) to create discrete deltas per-bitmap. These deltas can be combined with block-dirty-bitmap-merge to create arbitrary differential-style backups including only the deltas chosen by the user.

and allow for a management API to enable/disable bitmaps at critical moments (push, pull backups) to create discrete deltas per-bitmap. These deltas can be combined with to create arbitrary differential-style backups including only the deltas chosen by the user. QEMU now allows resizing of qcow2 files with persistent bitmaps.

QEMU will now open qcow2 files with improperly saved bitmaps, with status='inconsistent' and inconsistent=true.

qemu-img info will show persistent dirty bitmaps

will show persistent dirty bitmaps QAPI documentation updates to reflect the new interface(s) described above.

qemu-nbd

A new qemu-nbd --bitmap option allows the exposure of a persistent dirty bitmap for a qcow2 image not in use by a guest, in a simpler manner than the older procedure of using QMP commands to a temporary qemu process attached to the file.

option allows the exposure of a persistent dirty bitmap for a qcow2 image not in use by a guest, in a simpler manner than the older procedure of using QMP commands to a temporary qemu process attached to the file. A new qemu-nbd --list option enables the ability to probe a remote NBD server for information about what it is exporting.

option enables the ability to probe a remote NBD server for information about what it is exporting. The qemu-nbd --partition=N option has been deprecated; it does not support GPT partitions, and has always been broken for MBR logical partition 6 and beyond. Its functionality of exporting a subset of the guest-visible data can still be accomplished with --image-opts driver=raw,offset=X,size=Y .

option has been deprecated; it does not support GPT partitions, and has always been broken for MBR logical partition 6 and beyond. Its functionality of exporting a subset of the guest-visible data can still be accomplished with . A new qemu-nbd --tls-authz command line argument and counterpart tls-authz argument to QMP nbd-server-start permit an NBD server to fine-tune which clients may connect to a TLS session.

command line argument and counterpart tls-authz argument to QMP permit an NBD server to fine-tune which clients may connect to a TLS session. Several bugs in qemu-nbd providing non-aligned responses to NBD_CMD_READ and NBD_CMD_BLOCK_STATUS have been fixed, although there are still some corner cases left if a backing file has smaller granularity than the active layer.

Image formats

dmg: lzfse compression support

dmg: Fixed infinite loop

qcow2: Support for external data files

qcow2: The size of L2 cache entries is reduced to 4k by default to make better use of the memory and increase the I/O performance

qcow2: Decompression is now delegated to worker threads, improving the read performance for compressed images

qcow2: Include LUKS overhead in qemu-img measure output

vmdk: Support for blockdev-create

Tracing

The new qemu-trace-stap script makes it convenient to collect traces without writing SystemTap scripts. See "man qemu-trace-stap" for details.

Miscellaneous

QEMU's builtin gdbstub now supports the gdb multiprocess extension. Boards which have more than one cluster of CPUs (like the 'xlnx-zcu102' board when run with '-smp 6') will report them as being two processes (each of which has one thread per CPU in the cluster). You will need at least GDB 7.2. Attach to QEMU with a GDB command sequence like:

target extended :1234 add-inferior inferior 2 attach 2 and then the "info threads" command should show 2 processes.

QEMU will default to KVM when compiled with --disable-tcg or when launched from an executable whose name ends with "kvm".

Common Python code now lives under "python", instead of under "scripts". That directory now contains a proper "qemu" Python module. qmp Python libraries, previously under "scripts/qmp" have also moved to the same location.

The curses front-end now allows to type non-ascii letters. Emulating pressing escape now takes 25ms instead of 1s.

The curses front-end now supports printing all non-ascii letters. The VGA font encoding can now be set with e.g. "-display curses,charset=CP850" . The default charset is CP437 (default VGA font).

The sandbox seccomp filter for resource resource syscalls will no longer kill the QEMU process. It will report EPERM instead. This will avoid virgl dieing when using recent Mesa that tries to do CPU pinning.

User-mode emulation

The docker.py script now checks the path and persistence status of binfmt_misc entries when installing and updating user-mode docker containers

TCG

SoftFloat acceleration - where it is safe to do so, the softfloat helpers will use host floating-point instructions yielding significant performance increases

Dynamic sizing of software TLBs, yielding noticable performance increases

Host support for 64-bit RISC-V.

Guest agent

Build Information

CI & Testing

FreeBSD builds are now done via https://cirrus-ci.com/github/qemu/qemu

Additional CI builds are now run if you host your repo on gitlab

The check-tcg build framework can now be used to build system-mode/softmmu based tests

GIT submodules

Build Dependencies

QEMU now requires at least GCC version 4.8 or Clang version 3.4 (equivalent to Clang from Xcode 5.1 on macOS) to be built

Running the QEMU testsuite now requires the Perl Test::Harness module. Most Linux and BSD distributions however install it by default together with Perl.

For macOS hosts, our minimum supported version is now macOS 10.10. We have fixed the bug which meant that some guests would crash when running with the Cocoa UI on macOS 10.14 Mojave.

We now have some documentation in rST format which we process with Sphinx. The host system must now have the 'build-sphinx' program available (version 1.3 or better) in order for any of the documentation to be built.