ChangeLog/5.1: Difference between revisions
(→TCG) |
|||
(44 intermediate revisions by 19 users not shown) | |||
Line 2: | Line 2: | ||
== System emulation == | == System emulation == | ||
=== Incompatible changes === | === Incompatible changes === | ||
* The 'name' parameter of the '-net' option has been removed. 'id' can be used instead. | |||
* 'qemu-img resize' now requires --shrink for shrinking raw images, too. Previously, this was an error only for non-raw formats and resulting only in a deprecation warning for raw images. | |||
* The 'mem' parameter of the '-numa' option is not supported for 5.1 and newer machine types, use the 'memdev' parameter instead. Though for compatibility reasons the 'mem' parameter should still work for 5.0 and older machine types. The 'memdev' parameter provides better performance (pinning RAM to specified host NUMA nodes) and more control over backend's RAM, and users are advised to reconfigure existing virtual machines to use the 'memdev' parameter (requires restarting virtual machine). | |||
Details can be found in the [https://www.qemu.org/docs/master/system/deprecated.html#recently-removed-features "Recently removed features"] chapter of the QEMU System Emulation User's Guide. | |||
=== New deprecated options and features === | === New deprecated options and features === | ||
Line 7: | Line 13: | ||
Consult the [https://www.qemu.org/docs/master/system/deprecated.html "Deprecated Features"] chapter of the QEMU System Emulation User's Guide for the full list of historically deprecated features/options. | Consult the [https://www.qemu.org/docs/master/system/deprecated.html "Deprecated Features"] chapter of the QEMU System Emulation User's Guide for the full list of historically deprecated features/options. | ||
In particular, note that the TileGX guest support has been deprecated and will be removed in a future version. | |||
=== 68k === | === 68k === | ||
* The coldfire machines do not bail out anymore if a guest writes to or reads from an unimplemented hardware register. You can start QEMU with "-d unimp" to see these accesses instead. | |||
* Fixes in the FPU emulation | |||
=== Alpha === | |||
=== Arm === | === Arm === | ||
Line 15: | Line 26: | ||
* Emulation of the following architecture features is now implemented: | * Emulation of the following architecture features is now implemented: | ||
** ARMv8.2-TTS2UXN | ** ARMv8.2-TTS2UXN | ||
** ARMv8.5-MemTag ('virt' board only, disabled by default: enable with '-machine mte=on') | |||
* xlnx-versal-virt: machine now supports RTC and SD | * xlnx-versal-virt: machine now supports RTC and SD | ||
* New board model: sonorapass-bmc | * New board model: sonorapass-bmc | ||
Line 20: | Line 32: | ||
* All the imx6 and imx7 machines now support the watchdog timer device | * All the imx6 and imx7 machines now support the watchdog timer device | ||
* The Raspberry Pi boards now support the USB controller. Note that for the moment booting a Raspbian guest kernel requires adding "dwc_otg.fiq_fsm_enable=0" to the guest kernel command line. | * The Raspberry Pi boards now support the USB controller. Note that for the moment booting a Raspbian guest kernel requires adding "dwc_otg.fiq_fsm_enable=0" to the guest kernel command line. | ||
* MPS2 board models have a few new devices (watchdog, S2I, I2C) | |||
* The "virt" board now supports hot-remove of memory | |||
* Some arm boards used to automatically create a fake "empty" SD card if none was provided on the command line; these boards now correctly emulate an SD controller with no SD card present in this situation. | |||
=== AVR === | |||
* QEMU now supports some AVR CPUs and related boards: Arduino Duemilanove (ATmega168), Arduino Mega 2560 (ATmega2560), Arduino Mega (ATmega1280) and Arduino UNO (ATmega328P). | |||
=== HPPA === | === HPPA === | ||
Line 26: | Line 45: | ||
=== MIPS === | === MIPS === | ||
* Added support for two Loongson 3A CPUs. | |||
* Loongson MMI ASE is now emulated completely. | |||
* Hardware page walker and CMMGR features enabled for P5600 CPU. | |||
* Performance of all FPU instructions for all ISAs is slightly improved. | |||
* Performance of all MSA FPU instructions is slightly improved. | |||
* Performance of a number of MSA non-FPU instructions is slightly improved. | |||
* Fulong 2E machine is renamed to Fuloong 2E. | |||
=== Nios2 === | === Nios2 === | ||
Line 38: | Line 65: | ||
* scv and rfscv instructions now supported in TCG | * scv and rfscv instructions now supported in TCG | ||
* Can now select POWER10 with the "pseries" machine type | * Can now select POWER10 with the "pseries" machine type | ||
* Fix regression when booting from virtio-blk-pci devices for the g3beige/mac99 machines (OpenBIOS) | |||
=== Renesas RX === | |||
* RX GDB simulator added (as machines ''gdbsim-r5f562n7'' and ''gdbsim-r5f562n8'') | |||
=== Renesas SH === | |||
=== RISC-V === | === RISC-V === | ||
Line 47: | Line 80: | ||
* Spike machine supports the ''-bios'' option | * Spike machine supports the ''-bios'' option | ||
* OpenSBI updated to v0.7 | * OpenSBI updated to v0.7 | ||
* Support for OpenSBI firmware dynamic support | |||
* Experimental support for the v0.7.1 Vector extensions | |||
* linux-usermode improvements | * linux-usermode improvements | ||
* Expose a "serial" property for the ''sifive_u machine that specifys the board serial number | |||
* Expose a "msel" property for the ''sifive_u machine that specifys the MSEL pin state | |||
* Support for the SiFive E34 CPU | * Support for the SiFive E34 CPU | ||
* Support for the Ibex CPU | |||
* Support for the SiFive HiFive1 revB | |||
* Support for the OpenTitan machine (''opentitan'') with PLIC and UART support | |||
* 32-bit improvements for the ''sifive_u'' machine | * 32-bit improvements for the ''sifive_u'' machine | ||
* Corrections to the Hypervisor extension page table walking | * Corrections to the Hypervisor extension page table walking | ||
* | * Checks implemented when running the ''hfence'' instruction | ||
* Support for booting U-Boot on the ''sifive_u'' machine | |||
* Support for the | |||
=== s390 === | === s390 === | ||
Line 62: | Line 101: | ||
** Note that a channel program that actually relies on no prefetching being done will still fail. In practice, though, this only applies to IPL CCWs, and that process is accommodated by the s390-ccw bios already. | ** Note that a channel program that actually relies on no prefetching being done will still fail. In practice, though, this only applies to IPL CCWs, and that process is accommodated by the s390-ccw bios already. | ||
** The 'force-orb-pfch' property to force setting of the 'allow prefetch' bit by vfio-ccw itself still exists. | ** The 'force-orb-pfch' property to force setting of the 'allow prefetch' bit by vfio-ccw itself still exists. | ||
* vfio-ccw now contains basic support for relaying changes of the path state to the guest | |||
=== | === SPARC === | ||
* Fix booting SPARC64 kernels directly via -kernel (OpenBIOS) | |||
* Fix regression when booting from virtio-blk-pci devices for the sun4u machine (OpenBIOS) | |||
=== TileGX === | === TileGX === | ||
Line 75: | Line 116: | ||
=== x86 === | === x86 === | ||
* Improve integration between QEMU monitor and HVF accel on macOS (e.g. "info registers" displays state of CPU registers) | |||
* Fix an issue with HVF accel where guests stop responding to interrupts | |||
* Fix an issue with boot from floppy on isapc and 486 cpu (applies for all accels) | |||
* Support for live migration of AMD systems with nested virtualization | |||
=== Xtensa === | === Xtensa === | ||
Line 89: | Line 134: | ||
==== Block devices ==== | ==== Block devices ==== | ||
* The maximum logical and physical blocksizes for virtual storage devices have been increased from 32 KiB to 2 MiB. | |||
* The limit for <code>min_io_size</code> has been increased from 65536 bytes to 65536 logical blocks. | |||
* The options <code>min_io_size</code>, <code>opt_io_size</code> and <code>discard_granularity</code> accept the usual size unit suffixes (k for kilobytes, M for megabytes etc.) now. | |||
==== Graphics ==== | ==== Graphics ==== | ||
Line 97: | Line 145: | ||
==== Network devices ==== | ==== Network devices ==== | ||
Introduce attributes rss and hash for virt-net. | |||
==== NVDIMM ==== | ==== NVDIMM ==== | ||
==== NVMe ==== | |||
* Introduce PMR support from NVMe 1.4 spec | |||
* Add the <code>max_ioqpairs device</code> parameter. The parameter specifies the maximum number of supported I/O queue pairs and should be used instead of the <code>num_queues</code> parameter. <code>num_queues</code> is not formally deprecated, but the device will issue a warning if used. If neither <code>num_queues</code> nor <code>max_ioqpairs</code> are specified, device behavior is unchanged from the previous default. | |||
* Add the <code>msix_qsize</code> parameter. The parameter specifies the maximum number of msix interrupt vectors supported by the device. If not specified, device behavior is unchanged from the previous default. | |||
==== PCI/PCIe ==== | ==== PCI/PCIe ==== | ||
Line 105: | Line 159: | ||
==== SCSI ==== | ==== SCSI ==== | ||
==== SD card ==== | |||
Images not multiple of power of 2 are not allowed any longer and have to be expanded to a power of 2. | |||
==== SMBIOS ==== | ==== SMBIOS ==== | ||
Line 116: | Line 173: | ||
==== virtio ==== | ==== virtio ==== | ||
* TCG guests can now use vhost-user daemons (including virtiofsd). There are corner cases which could interfere with TCG's self-modifying code detection although this shouldn't occur with sane guest OSes. | * TCG guests can now use vhost-user daemons (including virtiofsd). There are corner cases which could interfere with TCG's self-modifying code detection although this shouldn't occur with sane guest OSes. | ||
* The virtio code (PCI and CCW) now enforces that newer devices for which legacy support has never been specified indeed show up as virtio-1.0 or later only. | |||
** For most devices this should be not noticeable; for virtio-iommu-pci, you may need to specify the device as modern only. | |||
* A new feature, VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS, has been added to the vhost-user protocol. VMs with vhost-user device backends which support this feature will not be subject to the current max RAM slots limit of 8 and will be able to hot-add memory as many times as the target platform supports. | |||
* A first version of virtio-mem, including virtio-mem-pci, for x86-64 has been included in QEMU. virtio-mem allows for fine-grained, NUMA-aware memory hot(un)plug for VMs, avoiding many limitations known from memory ballooning (virtio-balloon) and DIMM-based memory hot(un)plug. Linux guests support virito-mem with v5.8. More information can be found at https://virtio-mem.gitlab.io/ | |||
==== Xen ==== | ==== Xen ==== | ||
Line 137: | Line 198: | ||
=== Crypto subsystem === | === Crypto subsystem === | ||
* Support for passing secrets to QEMU via the Linux keyring, using the "secret-keyring" object type. | |||
* Add ability to disable all RNG sources at build time for constrained use cases not requiring this functionality. | |||
* Added support for LUKS keyslot management via qemu-img amend and via qmp (experimental) | |||
Typical usage: | |||
* Adding new keyslot | |||
qemu-img amend \ | |||
--object secret,id=sec0,data=current_password \ | |||
--object secret,id=sec1,data=new_password \ | |||
--image-opts driver=luks,file.filename=test.luks,key-secret=sec0 \ #image has to be opened with --image-opts to pass current secret | |||
-o state=active,new-secret=sec1,[keyslot=1] #keyslot is optional | |||
* Erasing a keyslot that contains an old password. | |||
qemu-img amend \ | |||
--object secret,id=sec0,data=current_password \ | |||
--object secret,id=sec1,data=new_password \ | |||
--image-opts driver=luks,file.filename=test.luks,key-secret=sec0 \ | |||
-o state=inactive,old-secret=sec1 | |||
Note that you can't erase last keyslot since that will make image non-recoverable. | |||
If you insist to destroy the data by erasing last keyslot you can pass --force to qemu-img for that purpose. | |||
You can also erase a specific keyslot. The comment about last keyslot applies here as well. | |||
qemu-img amend \ | |||
--object secret,id=sec0,data=current_password \ | |||
--object secret,id=sec1,data=new_password \ | |||
--image-opts driver=luks,file.filename=test.luks,key-secret=sec0 \ | |||
-o state=inactive,keyslot=sec1 | |||
The same interface is also available for qcow2 encrypted images in similar matter: | |||
qemu-img amend \ | |||
--object secret,id=sec0,data=current_password \ | |||
--object secret,id=sec1,data=new_password \ | |||
--image-opts driver=qcow2,file.filename=test.qcow2,encrypt.key-secret=sec0 \ | |||
-o encrypt.new-secret=sec1,encrypt.state=active | |||
==== experimental qmp interface ==== | |||
x-blockdev-amend was added with similiar interface to blockdev-create, which accepts driver specific options. | |||
It is currently only defined for luks and qcow2 | |||
Open an image: | |||
{'execute': 'object-add', 'arguments': {'qom-type': 'secret', 'id': 'keysec0', 'props': {'data': 'current_password'}}} | |||
{'execute': 'object-add', 'arguments': {'qom-type': 'secret', 'id': 'keysec1', 'props': {'data': 'new_password'}}} | |||
{'execute': 'blockdev-add', 'arguments': {'driver': 'qcow2', 'node-name': 'testdev', 'read-only': False, 'encrypt': { | |||
'format': 'luks', 'key-secret': 'keysec0'}, 'file': {'driver': 'file', 'filename': 'test.qcow2'}}} | |||
Add a new key (as blockdev-create, also uses a job, so job needs to be waited upon) | |||
{'execute': 'x-blockdev-amend', 'arguments': {'node-name': 'testdev', 'job-id': 'my_job_id', 'options': {'driver': 'qcow2', 'encrypt': {'state': 'active', 'new-secret': 'keysec1', 'format': 'luks'}}}} | |||
Remove a key: | |||
{'execute': 'x-blockdev-amend', 'arguments': {'node-name': 'testdev', 'job-id': 'my_job_id', 'options': {'driver': 'qcow2', 'encrypt': {'state': 'inactive', 'old-secret': 'keysec0', 'format': 'luks'}}}} | |||
It is expected that higher-level libraries (e.g libvirt) will make more user friendly interface. | |||
=== GUI === | === GUI === | ||
Line 150: | Line 284: | ||
=== Memory backends === | === Memory backends === | ||
=== Migration === | === Migration === | ||
* Migration of block dirty bitmaps when not using -blockdev now avoids using generated node names; without this fix, a migration attempt that included bitmaps and was attempted while a mirror job was active (which was a common scenario with older libvirt that did not use -blockdev but set up an NBD mirror for storage migration in parallel) would generally fail due to the difference in generated node names between the source and destination. | * Migration of block dirty bitmaps when not using -blockdev now avoids using generated node names; without this fix, a migration attempt that included bitmaps and was attempted while a mirror job was active (which was a common scenario with older libvirt that did not use -blockdev but set up an NBD mirror for storage migration in parallel) would generally fail due to the difference in generated node names between the source and destination. | ||
* Error handling during migration with block dirty bitmaps is improved. As block dirty bitmaps are not essential to guest operation but merely permit an incremental backup, and as a full backup is always a reliable solution when incremental backup is not possible, any failure to migrate a dirty bitmap is no longer fatal to migration in general. Similarly, migrating when a backing file has a read-only bitmap no longer causes an error when trying to reload that bitmap. | |||
=== Monitor === | |||
==== HMP ==== | |||
* "info qom-tree" now shows children sorted. | |||
=== Network === | === Network === | ||
Line 161: | Line 299: | ||
* Optional zstd compression for qcow2 (enable with <code>compression_type=zstd</code> as a creation option) | * Optional zstd compression for qcow2 (enable with <code>compression_type=zstd</code> as a creation option) | ||
* | * file-posix has a new image creation option <code>extent_size_hint</code> that defines an extent size hint that should be added to the image file to help avoiding fragmentation (especially with cache=none or more generally cache.direct=on). The default is 1M, 0 disables the hint. Note that this optimisation does not apply to existing images and images created outside of QEMU. For example, if you copy images with tools like ''cp'', the copy will not have the extent size hint set and will be as prone to filesystem fragmentation as before. | ||
* 'qemu-img map' gained --start-offset and --max-length options for mapping only a subset of a file | * 'qemu-img map' gained --start-offset and --max-length options for mapping only a subset of a file | ||
* 'qemu-img' gained a new command mode 'bitmap' for manipulating persistent bitmaps in qcow2 files | * 'qemu-img' gained a new command mode 'bitmap' for manipulating persistent bitmaps in qcow2 files | ||
* 'qemu-img measure' now reports the space occupied by persistent bitmaps in qcow2 files | * 'qemu-img measure' now reports the space occupied by persistent bitmaps in qcow2 files | ||
* 'qemu-img convert' gained a new --bitmaps option for convenience in copying bitmaps alongside guest-visible content of qcow2 files | * 'qemu-img convert' gained a new --bitmaps option for convenience in copying bitmaps alongside guest-visible content of qcow2 files | ||
* Fixed regression with 'qemu-nbd -c /dev/nbd0' keeping inherited stderr open (introduced in 4.1) | |||
* Fixed regression where a compliant NBD client could cause qemu as NBD server to assert (CVE-2020-10761, introduced in 4.2) | |||
* Fixed extending resize of overlay images that are shorter than their backing file (this would previously make the backing file content reappear, but it should contain only zeros) | |||
* Block jobs that copy the image content check now that the source and target image have the same size and return an error if this is not the case. If you are intentionally copying only part of the image, consider using a ''raw'' node with a <code>size=...</code> option specified to make only the right size of the larger image visible. | |||
* file-posix: Fixed read-only Linux block devices with auto-read-only | |||
* VMDK: Fixed handling of zeroed clusters | |||
* Fixed bug where NBD trim and zero requests larger than 2G would fail with EIO | |||
* Fixed bug where NBD reconnect could deadlock in various scenarios | |||
* NBD now allows no-op resize requests, which in turn permits 'qemu-img convert -c' to an appropriately-sized NBD destination | |||
=== Tracing === | === Tracing === | ||
Line 171: | Line 318: | ||
=== Miscellaneous === | === Miscellaneous === | ||
* HMP: qom-set now | * HMP: qom-set can now take JSON for the value with the optional -j flag | ||
* HMP: new command: qom-get can now be used to read the value of a qom property | * HMP: new command: qom-get can now be used to read the value of a qom property | ||
Line 179: | Line 326: | ||
* support for wider watchpoints in system emulation | * support for wider watchpoints in system emulation | ||
* support for vhost-user daemons | |||
* new "lockstep" plugin | |||
* smarter auto-sizing of tb-size based on host-physical memory. You should still use -tb-size if you run a lot of system emulation at the same time. | |||
== Guest agent == | == Guest agent == | ||
Line 189: | Line 339: | ||
=== Container Based Builds === | === Container Based Builds === | ||
* Prebuilt docker images are now stored at the GitLab registry: registry.gitlab.com/qemu-project/qemu | |||
* docker.py build framework is now registry aware | |||
* Updated aarch64 container for bullseye based compiler for testing newer features | * Updated aarch64 container for bullseye based compiler for testing newer features | ||
Line 197: | Line 349: | ||
* vm-build tests can now use alternatives to genisoimage (cdrkit) | * vm-build tests can now use alternatives to genisoimage (cdrkit) | ||
* new ubuntu.aarch64 and centos.aarch64 vm-build targets | |||
* Support for --enable-tsan build | |||
=== Windows === | === Windows === |
Latest revision as of 01:26, 7 May 2022
System emulation
Incompatible changes
- The 'name' parameter of the '-net' option has been removed. 'id' can be used instead.
- 'qemu-img resize' now requires --shrink for shrinking raw images, too. Previously, this was an error only for non-raw formats and resulting only in a deprecation warning for raw images.
- The 'mem' parameter of the '-numa' option is not supported for 5.1 and newer machine types, use the 'memdev' parameter instead. Though for compatibility reasons the 'mem' parameter should still work for 5.0 and older machine types. The 'memdev' parameter provides better performance (pinning RAM to specified host NUMA nodes) and more control over backend's RAM, and users are advised to reconfigure existing virtual machines to use the 'memdev' parameter (requires restarting virtual machine).
Details can be found in the "Recently removed features" chapter of the QEMU System Emulation User's Guide.
New deprecated options and features
Consult the "Deprecated Features" chapter of the QEMU System Emulation User's Guide for the full list of historically deprecated features/options.
In particular, note that the TileGX guest support has been deprecated and will be removed in a future version.
68k
- The coldfire machines do not bail out anymore if a guest writes to or reads from an unimplemented hardware register. You can start QEMU with "-d unimp" to see these accesses instead.
- Fixes in the FPU emulation
Alpha
Arm
- Emulation of the following architecture features is now implemented:
- ARMv8.2-TTS2UXN
- ARMv8.5-MemTag ('virt' board only, disabled by default: enable with '-machine mte=on')
- xlnx-versal-virt: machine now supports RTC and SD
- New board model: sonorapass-bmc
- Host memory errors can now be reported to AArch64 KVM guests via ACPI when using the 'virt' board (this is disabled by default; enable with '-machine ras=on')
- All the imx6 and imx7 machines now support the watchdog timer device
- The Raspberry Pi boards now support the USB controller. Note that for the moment booting a Raspbian guest kernel requires adding "dwc_otg.fiq_fsm_enable=0" to the guest kernel command line.
- MPS2 board models have a few new devices (watchdog, S2I, I2C)
- The "virt" board now supports hot-remove of memory
- Some arm boards used to automatically create a fake "empty" SD card if none was provided on the command line; these boards now correctly emulate an SD controller with no SD card present in this situation.
AVR
- QEMU now supports some AVR CPUs and related boards: Arduino Duemilanove (ATmega168), Arduino Mega 2560 (ATmega2560), Arduino Mega (ATmega1280) and Arduino UNO (ATmega328P).
HPPA
Microblaze
MIPS
- Added support for two Loongson 3A CPUs.
- Loongson MMI ASE is now emulated completely.
- Hardware page walker and CMMGR features enabled for P5600 CPU.
- Performance of all FPU instructions for all ISAs is slightly improved.
- Performance of all MSA FPU instructions is slightly improved.
- Performance of a number of MSA non-FPU instructions is slightly improved.
- Fulong 2E machine is renamed to Fuloong 2E.
Nios2
OpenRISC
PowerPC
- The "label-size" property is now mandatory for NVDIMMs on the "pseries" machine type (the PAPR specification only supports labelled NVDIMMs)
- NVLink2 devices can no longer be unplugged. This is not possible on real hardware, and was never supported by the guest side drivers, so this makes things safer.
- We no longer use reconfiguration reboots to handle difficult cases during CAS option negotiation
- Added an interface to inject POWER style NMIs
- scv and rfscv instructions now supported in TCG
- Can now select POWER10 with the "pseries" machine type
- Fix regression when booting from virtio-blk-pci devices for the g3beige/mac99 machines (OpenBIOS)
Renesas RX
- RX GDB simulator added (as machines gdbsim-r5f562n7 and gdbsim-r5f562n8)
Renesas SH
RISC-V
- OpenSBI loaded by default for virt and sifive_u machines
- The spike_v1.9.1 and spike_v1.10 machines have been removed
- The rv32gcsu-v1.9.1, rv32gcsu-v1.10.0, rv64gcsu-v1.9.1, rv64gcsu-v1.10.0, rv32imacu-nommu and rv64imacu-nommu CPUs have been removed
- The RISC-V privilege spec 1.09.1 has been removed
- Spike machine supports more then 1 CPU
- Spike machine supports the -bios option
- OpenSBI updated to v0.7
- Support for OpenSBI firmware dynamic support
- Experimental support for the v0.7.1 Vector extensions
- linux-usermode improvements
- Expose a "serial" property for the sifive_u machine that specifys the board serial number
- Expose a "msel" property for the sifive_u machine that specifys the MSEL pin state
- Support for the SiFive E34 CPU
- Support for the Ibex CPU
- Support for the SiFive HiFive1 revB
- Support for the OpenTitan machine (opentitan) with PLIC and UART support
- 32-bit improvements for the sifive_u machine
- Corrections to the Hypervisor extension page table walking
- Checks implemented when running the hfence instruction
- Support for booting U-Boot on the sifive_u machine
s390
- Support for protected virtualization aka secure execution has been merged (KVM only)
- The host needs to be a z15 or Linux One III with at least Linux 5.7
- vfio-ccw devices no longer require that the issuer sets the 'allow prefetch' bit in the ORB
- The host kernel still may reject those requests, though (5.7 or older)
- Note that a channel program that actually relies on no prefetching being done will still fail. In practice, though, this only applies to IPL CCWs, and that process is accommodated by the s390-ccw bios already.
- The 'force-orb-pfch' property to force setting of the 'allow prefetch' bit by vfio-ccw itself still exists.
- vfio-ccw now contains basic support for relaying changes of the path state to the guest
SPARC
- Fix booting SPARC64 kernels directly via -kernel (OpenBIOS)
- Fix regression when booting from virtio-blk-pci devices for the sun4u machine (OpenBIOS)
TileGX
Tricore
- Add gdb stub
- Fix segfault due to uninitialized ctx->env ptr
x86
- Improve integration between QEMU monitor and HVF accel on macOS (e.g. "info registers" displays state of CPU registers)
- Fix an issue with HVF accel where guests stop responding to interrupts
- Fix an issue with boot from floppy on isapc and 486 cpu (applies for all accels)
- Support for live migration of AMD systems with nested virtualization
Xtensa
Device emulation and assignment
ACPI
- QEMU now exposes a WAET (Windows ACPI Emulated Devices Table) to guests -
this reduces virtualization overhead for non-enlightened windows (Vista and later) guests by avoiding guest workarounds for an unreliable ACPI PM timer.
- QEMU now supports both cold and hot plug of nvdimms for ARM Guests with ACPI.
Audio
Block devices
- The maximum logical and physical blocksizes for virtual storage devices have been increased from 32 KiB to 2 MiB.
- The limit for
min_io_size
has been increased from 65536 bytes to 65536 logical blocks. - The options
min_io_size
,opt_io_size
anddiscard_granularity
accept the usual size unit suffixes (k for kilobytes, M for megabytes etc.) now.
Graphics
Input devices
IPMI
Network devices
Introduce attributes rss and hash for virt-net.
NVDIMM
NVMe
- Introduce PMR support from NVMe 1.4 spec
- Add the
max_ioqpairs device
parameter. The parameter specifies the maximum number of supported I/O queue pairs and should be used instead of thenum_queues
parameter.num_queues
is not formally deprecated, but the device will issue a warning if used. If neithernum_queues
normax_ioqpairs
are specified, device behavior is unchanged from the previous default. - Add the
msix_qsize
parameter. The parameter specifies the maximum number of msix interrupt vectors supported by the device. If not specified, device behavior is unchanged from the previous default.
PCI/PCIe
Attempts to hotplug devices into a pci slot with hotplug disabled will now return an error instead of adding the device without notifying the guest.
SCSI
SD card
Images not multiple of power of 2 are not allowed any longer and have to be expanded to a power of 2.
SMBIOS
TPM
USB
VFIO
virtio
- TCG guests can now use vhost-user daemons (including virtiofsd). There are corner cases which could interfere with TCG's self-modifying code detection although this shouldn't occur with sane guest OSes.
- The virtio code (PCI and CCW) now enforces that newer devices for which legacy support has never been specified indeed show up as virtio-1.0 or later only.
- For most devices this should be not noticeable; for virtio-iommu-pci, you may need to specify the device as modern only.
- A new feature, VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS, has been added to the vhost-user protocol. VMs with vhost-user device backends which support this feature will not be subject to the current max RAM slots limit of 8 and will be able to hot-add memory as many times as the target platform supports.
- A first version of virtio-mem, including virtio-mem-pci, for x86-64 has been included in QEMU. virtio-mem allows for fine-grained, NUMA-aware memory hot(un)plug for VMs, avoiding many limitations known from memory ballooning (virtio-balloon) and DIMM-based memory hot(un)plug. Linux guests support virito-mem with v5.8. More information can be found at https://virtio-mem.gitlab.io/
Xen
fw_cfg
9pfs
virtiofs
- virtiofsd:
- Security fix: CVE-2020-10717, resource exhaustion of host fd's
- Jailing improvements
- Ensure that existing mounts under the shared directory are visible to the guest
Semihosting
Audio
Character devices
- The 'socket' backend now supports the abstract namespace for UNIX sockets, with the new 'abstract' and 'tight' options
Crypto subsystem
- Support for passing secrets to QEMU via the Linux keyring, using the "secret-keyring" object type.
- Add ability to disable all RNG sources at build time for constrained use cases not requiring this functionality.
- Added support for LUKS keyslot management via qemu-img amend and via qmp (experimental)
Typical usage:
- Adding new keyslot
qemu-img amend \ --object secret,id=sec0,data=current_password \ --object secret,id=sec1,data=new_password \ --image-opts driver=luks,file.filename=test.luks,key-secret=sec0 \ #image has to be opened with --image-opts to pass current secret -o state=active,new-secret=sec1,[keyslot=1] #keyslot is optional
- Erasing a keyslot that contains an old password.
qemu-img amend \ --object secret,id=sec0,data=current_password \ --object secret,id=sec1,data=new_password \ --image-opts driver=luks,file.filename=test.luks,key-secret=sec0 \ -o state=inactive,old-secret=sec1
Note that you can't erase last keyslot since that will make image non-recoverable.
If you insist to destroy the data by erasing last keyslot you can pass --force to qemu-img for that purpose.
You can also erase a specific keyslot. The comment about last keyslot applies here as well.
qemu-img amend \ --object secret,id=sec0,data=current_password \ --object secret,id=sec1,data=new_password \ --image-opts driver=luks,file.filename=test.luks,key-secret=sec0 \ -o state=inactive,keyslot=sec1
The same interface is also available for qcow2 encrypted images in similar matter:
qemu-img amend \ --object secret,id=sec0,data=current_password \ --object secret,id=sec1,data=new_password \ --image-opts driver=qcow2,file.filename=test.qcow2,encrypt.key-secret=sec0 \ -o encrypt.new-secret=sec1,encrypt.state=active
experimental qmp interface
x-blockdev-amend was added with similiar interface to blockdev-create, which accepts driver specific options.
It is currently only defined for luks and qcow2
Open an image:
{'execute': 'object-add', 'arguments': {'qom-type': 'secret', 'id': 'keysec0', 'props': {'data': 'current_password'}}} {'execute': 'object-add', 'arguments': {'qom-type': 'secret', 'id': 'keysec1', 'props': {'data': 'new_password'}}}
{'execute': 'blockdev-add', 'arguments': {'driver': 'qcow2', 'node-name': 'testdev', 'read-only': False, 'encrypt': { 'format': 'luks', 'key-secret': 'keysec0'}, 'file': {'driver': 'file', 'filename': 'test.qcow2'}}}
Add a new key (as blockdev-create, also uses a job, so job needs to be waited upon)
{'execute': 'x-blockdev-amend', 'arguments': {'node-name': 'testdev', 'job-id': 'my_job_id', 'options': {'driver': 'qcow2', 'encrypt': {'state': 'active', 'new-secret': 'keysec1', 'format': 'luks'}}}}
Remove a key:
{'execute': 'x-blockdev-amend', 'arguments': {'node-name': 'testdev', 'job-id': 'my_job_id', 'options': {'driver': 'qcow2', 'encrypt': {'state': 'inactive', 'old-secret': 'keysec0', 'format': 'luks'}}}}
It is expected that higher-level libraries (e.g libvirt) will make more user friendly interface.
GUI
- Windows keyboard fixes for GTK and SDL
GDBStub
- bug fix to m68k gdbstub
- linux-user now supports unix socket for debugging (needs a new gdb)
- some tests for the stub added to check-tcg
- wider watchpoints are supported in system emulation mode
Host support
Memory backends
Migration
- Migration of block dirty bitmaps when not using -blockdev now avoids using generated node names; without this fix, a migration attempt that included bitmaps and was attempted while a mirror job was active (which was a common scenario with older libvirt that did not use -blockdev but set up an NBD mirror for storage migration in parallel) would generally fail due to the difference in generated node names between the source and destination.
- Error handling during migration with block dirty bitmaps is improved. As block dirty bitmaps are not essential to guest operation but merely permit an incremental backup, and as a full backup is always a reliable solution when incremental backup is not possible, any failure to migrate a dirty bitmap is no longer fatal to migration in general. Similarly, migrating when a backing file has a read-only bitmap no longer causes an error when trying to reload that bitmap.
Monitor
HMP
- "info qom-tree" now shows children sorted.
Network
Block device backends and tools
- Optional zstd compression for qcow2 (enable with
compression_type=zstd
as a creation option) - file-posix has a new image creation option
extent_size_hint
that defines an extent size hint that should be added to the image file to help avoiding fragmentation (especially with cache=none or more generally cache.direct=on). The default is 1M, 0 disables the hint. Note that this optimisation does not apply to existing images and images created outside of QEMU. For example, if you copy images with tools like cp, the copy will not have the extent size hint set and will be as prone to filesystem fragmentation as before. - 'qemu-img map' gained --start-offset and --max-length options for mapping only a subset of a file
- 'qemu-img' gained a new command mode 'bitmap' for manipulating persistent bitmaps in qcow2 files
- 'qemu-img measure' now reports the space occupied by persistent bitmaps in qcow2 files
- 'qemu-img convert' gained a new --bitmaps option for convenience in copying bitmaps alongside guest-visible content of qcow2 files
- Fixed regression with 'qemu-nbd -c /dev/nbd0' keeping inherited stderr open (introduced in 4.1)
- Fixed regression where a compliant NBD client could cause qemu as NBD server to assert (CVE-2020-10761, introduced in 4.2)
- Fixed extending resize of overlay images that are shorter than their backing file (this would previously make the backing file content reappear, but it should contain only zeros)
- Block jobs that copy the image content check now that the source and target image have the same size and return an error if this is not the case. If you are intentionally copying only part of the image, consider using a raw node with a
size=...
option specified to make only the right size of the larger image visible. - file-posix: Fixed read-only Linux block devices with auto-read-only
- VMDK: Fixed handling of zeroed clusters
- Fixed bug where NBD trim and zero requests larger than 2G would fail with EIO
- Fixed bug where NBD reconnect could deadlock in various scenarios
- NBD now allows no-op resize requests, which in turn permits 'qemu-img convert -c' to an appropriately-sized NBD destination
Tracing
Miscellaneous
- HMP: qom-set can now take JSON for the value with the optional -j flag
- HMP: new command: qom-get can now be used to read the value of a qom property
User-mode emulation
TCG
- support for wider watchpoints in system emulation
- support for vhost-user daemons
- new "lockstep" plugin
- smarter auto-sizing of tb-size based on host-physical memory. You should still use -tb-size if you run a lot of system emulation at the same time.
Guest agent
Build Information
Python
GIT submodules
Container Based Builds
- Prebuilt docker images are now stored at the GitLab registry: registry.gitlab.com/qemu-project/qemu
- docker.py build framework is now registry aware
- Updated aarch64 container for bullseye based compiler for testing newer features
Build Dependencies
- Now requires GTK 3.22 or newer
Testing
- vm-build tests can now use alternatives to genisoimage (cdrkit)
- new ubuntu.aarch64 and centos.aarch64 vm-build targets
- Support for --enable-tsan build
Windows
Known issues
- see Planning/5.1