Jump to navigation Jump to search

System emulation

Incompatible changes

Consult the 'Removed features' page for details of suggested replacement functionality.

Some remarkable changes are:

  • The -enable-fips option to QEMU system emulators has been removed
  • The -writeconfig option to QEMU system emulators has been removed
  • The deprecated x86 CPU model Icelake-Client has been removed
  • The deprecated properties loaded (for crypto objects) and opened (for RNG backends) are now read-only
  • The deprecated -soundhw option has been replaced by -audio (e.g. -audio pa,model=hda)
  • The deprecated -sdl and -curses have been removed, use -display sdl and -display curses instead.
  • The -display sdl,window_close=... suboption has been removed, use -display sdl,window-close=... instead, i.e. with a minus instead of an underscore between “window” and “close”
  • The -alt-grab option and the -display sdl,alt_grab=on suboption have been removed, use -display sdl,grab-mod=lshift-lctrl-lalt instead.
  • The -ctrl-grab option and the -display sdl,ctrl_grab=on suboption have been removed, use -display sdl,grab-mod=rctrl instead.
  • The x86 Icelake-Client CPU does not exist in the real world and has therefore been removed.

New deprecated options and features

Consult the "Deprecated Features" chapter of the QEMU System Emulation User's Guide for further details of the deprecations and their suggested replacements.




  • The following CPU architecture features are now emulated:
    • FEAT_TTL (Translation Table Level)
    • FEAT_BBM at level 2 (Translation table break-before-make levels)
    • FEAT_Debugv8p2 (Debug changes for v8.2)
    • FEAT_Debugv8p4 (Debug changes for v8.4)
    • FEAT_DoubleFault
    • FEAT_RAS (Reliability, Availability and Serviceability extension, minimal version only)
    • FEAT_RASv1p1 (RAS extension v1.1, minimal version only)
    • FEAT_IESB (Implicit error synchronization event)
    • FEAT_CSV2 (Cache speculation variant 2)
    • FEAT_CSV2_2 (Cache speculation variant 2, version 2)
    • FEAT_CSV3 (Cache speculation variant 3)
    • FEAT_DGH (Data gathering hint)
    • FEAT_S2FWB (Stage 2 forced Write-Back)
    • FEAT_IDST (ID space trap handling)
    • FEAT_HCX (Support for the HCRX_EL2 register)
    • FEAT_SME (Scalable Matrix Extension)
  • The emulated SMMUv3 now advertises support for SMMUv3.2-BBML2
  • The xlnx-zynqmp SoC model now implements the 4 TTC timers
  • The versal machine now models the Cortex-R5s in the Real-Time Processing Unit (RPU) subsystem
  • The virt board now supports emulation of the GICv4.0
  • New emulated CPU types:
    • Cortex-A76
    • Neoverse-N1
  • The libvixl- and libopcode-based disassemblers have been removed. Use Capstone instead.


  • New Aspeed AST1030 SoC and eval board
  • New Qualcomm machines
  • New fby35 machine (AST2600 based)
  • New fby35 multi-SoC machine (AST1030 BIC + AST2600 BMC)




  • Update to SeaBIOS-hppa firmware version 6:
    • supports emulated PS/2 keyboard in boot menu when running in GTK UI
    • assigns serial port #1 to LASI and serial port #2 to DINO (as on real hardware)
    • includes additional STI text fonts
  • Fix performance issue with X11 artist framebuffer (makes the GTK UI faster and thus usable)
  • Fix X11 graphics cursor position when running HP-UX 10 or HP-UX 11
  • Allows the screensaver to blank the screen in X11
  • Allows the X11 server to turn cursor on/off
  • Fix serial port pass-through from host to guest
  • Lots of general code improvements and tidy-ups


  • Add initial support for the LoongArch64 architecture, the Loongson 3A5000 multiprocessor SoC, and the Loongson 7A1000 host bridge.




  • Implement the Vectored Interrupt Controller (enable with -machine 10m50-ghrd,vic=on).
  • Implement shadow register sets, and enable them with the VIC.
  • Raise supervisor-only instruction exception for ERET and BRET.
  • Raise misaligned data exception for misaligned memory accesses.
  • Raise misaligned destination exception for misaligned branch addresses.
  • Raise division error exception for divide by zero and divide overflow (disable with -cpu diverr_present=off).


  • The or1k-sim machine now supports 4 16550A UART serial devices, expanded from 1.


  • The libopcode-based disassembler has been removed. Use Capstone instead.

Renesas RX

  • Fix the clrpsw and setpsw instructions with respect to changes to PSW.U.
  • Fix the wait instruction corrupting the PC and setting PSW.I.

Renesas SH


ISA and Extensions

  • Add support for privileged spec version 1.12.0
  • Use privileged spec version 1.12.0 for virt machine by default
  • Allow software access to MIP SEIP
  • Add initial support for the Sdtrig extension
  • Optimisations and improvements for the vector extension
  • Improvements to the misa ISA string
  • Add isa extension strings to the device tree
  • Add and enable native debug feature
  • Support configurable marchid, mvendorid, mimpid CSR values
  • Add support for the Zbkb, Zbkc, Zbkx, Zknd/Zkne, Zknh, Zksed/Zksh and Zkr extensions
  • Enforce floating point extension requirements
  • Add support for Zmmul extension
  • Support Vector extension tail agnostic setting elements' bits to all 1
  • Implement mcountinhibit CSR
  • Add support for hpmcounters/hpmevents
  • Improve PMU implenentation
  • Support mcycle/minstret write operation
  • AIA update to v0.3 of the spec


  • Add support for Ibex SPI to OpenTitan
  • Make RISC-V ACLINT mtime MMIO register writable
  • Add TPM support to the virt board
  • Improvements to RISC-V machine error handling
  • Don't expose the CPU properties on named CPUs

Fixes and Misc

  • Don't allow `-bios` options with KVM machines
  • Fix NAPOT range computation overflow
  • Fix DT property mmu-type when CPU mmu option is disabled
  • Support 64bit fdt addresses
  • Fix incorrect PTE merge in walk_pte
  • Fixes for accessing VS hypervisor CSRs
  • Fixes for accessing mtimecmp
  • Add new short-isa-string CPU option
  • Disable the "G" extension by default internally, no functional change
  • Improvements for virtulisation
  • Add zicsr/zifencei to isa_string
  • Support for VxWorks uImage
  • Fixup FDT errors when supplying device tree from the command line for virt machine
  • Avoid overflowing the addr_config buffer in the SiFive PLIC
  • Support -device loader addresses above 2GB
  • Correctly wake from WFI on VS-level external interrupts
  • Fixes for RV128 support
  • Fix vector extension assert for RV32
  • Fix register zero guarding for auipc and lui
  • Ensure mtval is set correctly
  • Guard against PMP ranges with a negative size
  • Ibex (OpenTitan) fixup priv version
  • Reduce FDT address alignment constraints
  • Set minumum priv spec version for mcountinhibit


  • Fix condition code generation for the ICMH instruction.
  • Emulate the s390x Vector-Enhancements Facility 2 with TCG
  • Remove the old libopcode-based s390 disassembler (use Capstone instead)
  • Silence the warning about the msa5 feature when using the "max" CPU on s390x. The "max" CPU now matches the "qemu" CPU of the newest machine type.
  • The s390-ccw bios has been fixed to also boot from drives with non-512 sector sizes that have a different geometry than the typical DASD drives
  • Fix the emulation of the EXECUTE instruction to look for interrupts in all cases




  • Support for architectural LBRs on KVM virtual machines.
  • The libopcode-based disassembler has been removed. Use Capstone instead.


  • Implement cache testing opcodes.
  • Add lx106 core.

Device emulation and assignment



Block devices

  • m25p80 : Block Protect and Top Bottom bits for write protect
  • m25p80 : WP# pin and SRWD bit for write protection



  • new I2C register interface on AST2600 and AST1030 SoCs
  • slave mode for old and new register interface on Aspeed I2C
  • Renesas ISL69259
  • Maxim MAX31785

Input devices

  • Replace legacy PS2 functions/callbacks with new implementation using qdev GPIOs and QOM-ified PS2 devices


Multi-process QEMU

Network devices



Emulated NVMe Controller



SD card





  • Experimental --object x-vfio-user-server,id=<id>,type=unix,path=<socket-path>,device=<pci-dev-id> for exposing emulated PCI devices over the new vfio-user protocol. A vfio-user client is not yet available in QEMU.






  • The 'killpriv_v2' option has been disabled by default in the daemon, and is now consistent with the Rust version. SGID bit clearing was found to be less consistent with the kernel behaviour when enabled.



Character devices

Crypto subsystem

Authorization subsystem



TCG Plugins

Host support

Memory backends


  • Support for zero-copy-send on Linux, which reduces CPU usage on the source host. Note that locked memory is needed to support this.



  • The block-export-add QMP command, when exporting an NBD image with dirty bitmaps, now supports passing a specific paired bitmap and node name, rather than a less-specific bitmap name that requires a search for the bitmap through a backing chain of nodes.
  • The on-cbw-error option for copy-before-write filter, to specify behavior on CBW (copy before write) operation failure.
  • The cbw-timeout option for copy-before-write filter, to specify timeout for CBW operation.
  • New commands query-stats and query-stats-schema to retrieve statistics from various QEMU subsystems (right now only from KVM).
  • The PanicAction can now be configured to report an exit-failure (useful for automated testing)


  • New command info stats to retrieve statistics from various QEMU subsystems (right now only from KVM).


  • QEMU can be compiled with the system slirp library even when using CFI. This requires libslirp 4.7.

Block device backends and tools



  • Extra error checking on ARM compat semihosting arguments
  • semihosting console write should never return a negative number


  • The -m and -boot options are also available via -M mem.* and -M boot.*.

User-mode emulation


  • Fix compatibility with GLibC >= 2.36, which no longer permits use of linux/fs.h or linux/mount.h in the same source file as use of sys/mount.h




  • Add initial support for the LoongArch64 architecture.


  • Fix the rt_sigreturn system call.
  • Fix the siginfo_t data for SIGSEGV.


  • Fix emulation of proberi assembler instruction to allow running "ldd" in chroot



Guest agent

  • guest-get-disks can now return NVMe SMART informations (on Linux)
  • guest-get-fsinfo can now return NVMe bus-type
  • Improve Solaris support
  • Add guest-get-diskstats command (for Linux guests only)
  • Add guest-get-cpustats command (for Linux guests only)

Build Information


GIT submodules

Container Based Builds

VM Based Builds

Build Dependencies

  • The final Python 3.6 release was 3.6.15 in September 2021. This release series is now End-of-Life (EOL). As a result, we will begin requiring Python 3.7 or newer in QEMU 7.2, which is the next release.
  • The minimum supported version of libslirp is 4.1. Please note the QEMU project will drop the slirp submodule in future releases. The QEMU tarball won't embed the code for user mode networking in the future anymore, so that an external libslirp installation will be required.
  • QEMU does not ship with the "capstone" disassembler code anymore. If you need disassembler support for certain CPU types (x86, ppc, arm or s390x), you now should make sure to have the capstone package of your OS distribution installed first.
  • The building process now uses symbolic links which, on newer versions of Windows 10, can only be created by unprivileged accounts if Developer Mode is enabled. On those releases, building QEMU requires either Developer Mode or the SeCreateSymbolicLinkPrivilege privilege.


Testing and CI

  • Bump Fedora image version for cross-compilation
  • More avocado tests for the Aspeed machines using the Aspeed SDK and buildroot

Known issues