Big news this week: Lauro Ramos Vanancio announced a qemu stable branch to track bug fixes separate from new development, along with a corresponding bug tracker.
A new E1000 gigabit eithernet card emulation allows much higher network throughput with less CPU usage. Support for a new USB serial device (FTDI) is a step towards eventually allowing QEMU to emulate braile devices. More work on reducing the CPU consumption of idle guests under QEMU.
Also, preliminary support for running Intel MacOS X (Leopard) under QEMU was contributed, although a dongle key needs to be harvested from real Mac hardware and supplied on the command line (to ensure purchasing a boxed copy of MacOS by itself remains useless).
Edgar E Iglesias submitted a patch to fix a corner case in application emulation's handling of mmap. On a host with a smaller page size with the target being emulated, access off the end of the file could trap in places real hardware wouldn't:
Apparently, when mapping files into a memory area larger than the file, accesses to pages beyond the file size will cause a SIGBUS.
For example, if mmap-ing a file of 100 bytes on a host with 4K pages emulating a target with 8K pages, the target expects to be able to access the first 8K. But the host OS will trap us on any access beyond 4K.
In my particular test-case, the problem trigged when the dynamic linker was setting up the .bss which happened to share a targets worth of page with the .data section. On the host, two pages were needed, one of them beyond the file size.
When emulating a target with a larger page-size than the hosts, we may need to truncate fixed file maps at EOF and add extra anonymous pages up to the targets page boundary to compensate. Luckily AFAICS, most of the code was already there to handle this case. I believe the hack in elfload.c is safe to remove now, but I'd appreciate it some one (the author) can verify that.
Alexander Graf submitted a series of 9 patches which enable qemu to run Mac OS X for Intel.
the following patchset enables qemu to run Mac OS X with disabled AppleIntelCPUPowerManagement.kext, by emulating hardware that resembles an Intel Mac close enough. The following patches are included: 1. DMI This is based on the DMI support by Ryan Harper. As it is currently unclear, if this approach is taken or if the Bochsbios is going to be patched, I would recommend to not apply this patch for now. I still submit it for completeness and because I have touched parts of it. 2. HPET This adds an HPET emulator device. It is not feature-complete but should suffice for this purpose. 3. LPC This adds a dummy LPC device the HPET is located on. 4. AppleSMC Apples binary protection sits in the fan control, which is the AppleSMC chip. This emulates the devices and takes the protective key from the command line. 5. CoreDUO Mac OS X as is has a condition to only run on family 13 Intel CPUs, so this adds a definition for a CoreDuo CPU and an MSR as well as a CPUID instruction that is required by Mac OS X 6. IDE The oldest supported IDE controller in Mac OS X is the ICH6. This is an incomplete implementation for that controller, that suffices for running Mac OS X and worked with libata for me as well. 7. IntelMac To leave the default behavior unchanged, this adds a "mac" machine definition that automatically chooses the right hardware for an emulated Intel Mac. 8. Multiboot To boot Mac OS X a mach bootloader has to be run. David Elliot modified the original i386 Mac OS X BIOS based bootloader to emulate the EFI entries and support multiboot, an easy but straight-forward kernel loading interface founded by grub. To boot multiboot-compliant kernels directly, this adds support for multiboot loading to the -kernel option. 9. Bochsbios Several ACPI entries were missing from the bios and the new controllers need to be initialized properly. This patch is against the bochsbios. Should this rather be sent to the bochs ML?
The main downside is patch 4 of the series. In order to emulate the Apple hardware dongle, you need to provide an encryption key on the command line taken from existing Mac hardware. This is needed to run an uncracked copy of MacOS X, because simply buying a boxed copy of the software isn't enough to satisfy Apple.
The appropriate keys were later posted to the list.
Herve Poussineau posted a debugging patch:
This patch adds the "-translation no-cache" option to disable the use of Translation Blocks Cache. The emulated system runs much slower, but it is easier to debug it. The -translation value can be extended to handle more settings. It also adds help for "-startdate" flag and displays right log
Marius Groeger noticed that when using qemu's built in gdb support for the powerpc target, single stepping past various instructions didn't work. He eventually posted a patch to fix it.
Dor Laor implemented e1000 support, QEMU's first emulated gigabit ethernet adapter. It does indeed provide significantly higher throughput than the existing 100baseT adapter emulations:
It... supports TCP/UDP and IP transmit checksum, as well as TSO. It has been tested with Linux (2.6.18|22|23|24)++ and Windows XP (using the driver supplied at the intel download site). Windows Vista recognizes it but there is no traffic.
Checksum calculation is currently naive and unoptimized (the host kernel does it better). But when working in conjuction to tso the performance is drastically better.
Some figures: Linux rx 350Mbps, tx 150bps, Windows rx 700mbps, tx 100 mbps.
The e1000_hw.h is copied from Linux kernel. Also attached is the pxe boot option rom that works with netboot.
Reaction to the patch was quite positive, such as Alex Williamson's reply:
Nice! I did the trivial port of this to Xen and tested that it works with both Linux and Windows guests on ia64 (Windows Server 2003 with drivers from intel.com, 2008 with shipped drivers). Port attached below for anyone else that wants to try it. We should definitely pick this up in Xen when it goes upstream too.
andrzej zaborowski suggested some cleanups to reduce the size of the patch.
Following up on last week's thread, Lauro Ramos Venancio announced his intention to maintain a stable branch of QEMU:
As discussed yesterday in the qemu irc channel, I've created a stable branch for qemu 0.9.1. This branch will follow two basic rules: 1. Only fixes will be applied. 2. Patches will be applied only after they are applied on qemu head. The repository is http://repo.or.cz/w/qemu/qemu_0_9_1_stable.git Any help (indicating patches that should be applied on this branch) is welcomed.
The discussion noted that the qemu irc channel is #qemu on irc.freenode.net.
Hi, here's an iteration of the curses UI patch, for 0.9.1. This time it takes into account "such modern concepts" ;) like endianness and 64-bits, so it should work on PPC and on amd64, as opposed to previous versions. (ncurses apparently chose to not make a seamless transition to 64-bits).
I would like to merge this patch at some point if there's no objection. It was in Debian until now and recently broke and a number of users got annoyed.
The runtime UI switching trick is not included. The monitor history saving is not included but it is in the svn.openmoko.org tree and should apply ok. Switching between VCs is still done with
+ .
Lauro Ramos Venancio announced a bug tracker for the stable branch:
I've set up an experimental bug track for Qemu stable branch. If the community wants it can be used for qemu head too.
If the community agrees, I will do the configuration to send an email to qemu mailing list when a bug is opened.
Let me know if someone (especially the developers that have write permission on cvs) wants permission on bug track administration.
The bug track: https://launchpad.net/qemu
Samuel Thibault implemented support for USB serial devices based on the FTDI chip, as a step towards emulating braile devices.
Marcelo Tosatti wrote:
The PIIX4 ACPI controller prior to revision 0x3 contains a bug where reading of the timer port is unreliable, so the kernel reads it three times for consistency check.
QEMU does not suffer from that problem :)
The datasheet for PIIX4, PIIX4E, and PIIX4M is the same. I failed to find any indication that the revision increase could affect anything other than the PMTimer port read.
This reduces idle guest CPU consumption from 14% to 8% on 4-way KVM guest.
Eddie Kohler wrote:
The following patch is useful for whole-system mode debugging and breakpoint setting on i386 QEMU. It seems like both breakpoints and memory examination used semi-physical addresses, in that neither took account of segment translation. This patch (relative to 0.9.1) adds segment translation.
Anthony Liguori posted this patch, but Paul Brook vetoed it because he doesn't like environment variables (partly because windows hosts can't do them properly, and also because a user's environment seldom gets included in a bug report) , and proposed removing QEMU's existing uses of them.
Mike Kronenberg worked to get qemu working on a 32-bit MacOS X host. (The patch series on the 8th was about running MacOS X under x86-64 qemu, this is about running qemu under 32-bit MacOS X.)
The ensuing discussion centered around the fact that only gcc 4 supports the Intel version of MacOS. There is no version of gcc3 that outputs Mach-o executables for Intel, but qemu is still tied to gcc 3. Properly supporting Intel Mac hosts requires making qemu build with gcc 4.
Several bugfixes, USB mouse wheel, automatically distinguish CD-ROM from DVD-ROM by image size, another USB-to-serial device, lots of sound work (EsounD and dsound on the host, Intel PCI AC97 and Gravis Ultrasound GF1 on the client).
This week's commits: