bff4b02ca1
As per the deprecation notice in commit c7bbef4023: The CRIS architecture was pulled from Linux in 4.17 and the compiler is no longer packaged in any distro making it harder to run the `check-tcg` tests. Unless we can improve the testing situation there is a chance the code will bitrot without anyone noticing. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Edgar E. Iglesias <edgar.iglesias@amd.com> Message-ID: <20240904143603.52934-5-philmd@linaro.org>
240 lines
6.4 KiB
ReStructuredText
240 lines
6.4 KiB
ReStructuredText
QEMU User space emulator
|
|
========================
|
|
|
|
Supported Operating Systems
|
|
---------------------------
|
|
|
|
The following OS are supported in user space emulation:
|
|
|
|
- Linux (referred as qemu-linux-user)
|
|
|
|
- BSD (referred as qemu-bsd-user)
|
|
|
|
Features
|
|
--------
|
|
|
|
QEMU user space emulation has the following notable features:
|
|
|
|
**System call translation:**
|
|
QEMU includes a generic system call translator. This means that the
|
|
parameters of the system calls can be converted to fix endianness and
|
|
32/64-bit mismatches between hosts and targets. IOCTLs can be
|
|
converted too.
|
|
|
|
**POSIX signal handling:**
|
|
QEMU can redirect to the running program all signals coming from the
|
|
host (such as ``SIGALRM``), as well as synthesize signals from
|
|
virtual CPU exceptions (for example ``SIGFPE`` when the program
|
|
executes a division by zero).
|
|
|
|
QEMU relies on the host kernel to emulate most signal system calls,
|
|
for example to emulate the signal mask. On Linux, QEMU supports both
|
|
normal and real-time signals.
|
|
|
|
**Threading:**
|
|
On Linux, QEMU can emulate the ``clone`` syscall and create a real
|
|
host thread (with a separate virtual CPU) for each emulated thread.
|
|
Note that not all targets currently emulate atomic operations
|
|
correctly. x86 and Arm use a global lock in order to preserve their
|
|
semantics.
|
|
|
|
QEMU was conceived so that ultimately it can emulate itself. Although it
|
|
is not very useful, it is an important test to show the power of the
|
|
emulator.
|
|
|
|
Linux User space emulator
|
|
-------------------------
|
|
|
|
Command line options
|
|
~~~~~~~~~~~~~~~~~~~~
|
|
|
|
::
|
|
|
|
qemu-i386 [-h] [-d] [-L path] [-s size] [-cpu model] [-g port] [-B offset] [-R size] program [arguments...]
|
|
|
|
``-h``
|
|
Print the help
|
|
|
|
``-L path``
|
|
Set the x86 elf interpreter prefix (default=/usr/local/qemu-i386)
|
|
|
|
``-s size``
|
|
Set the x86 stack size in bytes (default=524288)
|
|
|
|
``-cpu model``
|
|
Select CPU model (-cpu help for list and additional feature
|
|
selection)
|
|
|
|
``-E var=value``
|
|
Set environment var to value.
|
|
|
|
``-U var``
|
|
Remove var from the environment.
|
|
|
|
``-B offset``
|
|
Offset guest address by the specified number of bytes. This is useful
|
|
when the address region required by guest applications is reserved on
|
|
the host. This option is currently only supported on some hosts.
|
|
|
|
``-R size``
|
|
Pre-allocate a guest virtual address space of the given size (in
|
|
bytes). \"G\", \"M\", and \"k\" suffixes may be used when specifying
|
|
the size.
|
|
|
|
Debug options:
|
|
|
|
``-d item1,...``
|
|
Activate logging of the specified items (use '-d help' for a list of
|
|
log items)
|
|
|
|
``-g port``
|
|
Wait gdb connection to port
|
|
|
|
``-one-insn-per-tb``
|
|
Run the emulation with one guest instruction per translation block.
|
|
This slows down emulation a lot, but can be useful in some situations,
|
|
such as when trying to analyse the logs produced by the ``-d`` option.
|
|
|
|
Environment variables:
|
|
|
|
QEMU_STRACE
|
|
Print system calls and arguments similar to the 'strace' program
|
|
(NOTE: the actual 'strace' program will not work because the user
|
|
space emulator hasn't implemented ptrace). At the moment this is
|
|
incomplete. All system calls that don't have a specific argument
|
|
format are printed with information for six arguments. Many
|
|
flag-style arguments don't have decoders and will show up as numbers.
|
|
|
|
Other binaries
|
|
~~~~~~~~~~~~~~
|
|
|
|
- user mode (Alpha)
|
|
|
|
* ``qemu-alpha`` TODO.
|
|
|
|
- user mode (Arm)
|
|
|
|
* ``qemu-armeb`` TODO.
|
|
|
|
* ``qemu-arm`` is also capable of running Arm \"Angel\" semihosted ELF
|
|
binaries (as implemented by the arm-elf and arm-eabi Newlib/GDB
|
|
configurations), and arm-uclinux bFLT format binaries.
|
|
|
|
- user mode (ColdFire)
|
|
|
|
- user mode (M68K)
|
|
|
|
* ``qemu-m68k`` is capable of running semihosted binaries using the BDM
|
|
(m5xxx-ram-hosted.ld) or m68k-sim (sim.ld) syscall interfaces, and
|
|
coldfire uClinux bFLT format binaries.
|
|
|
|
The binary format is detected automatically.
|
|
|
|
- user mode (i386)
|
|
|
|
* ``qemu-i386`` TODO.
|
|
* ``qemu-x86_64`` TODO.
|
|
|
|
- user mode (Microblaze)
|
|
|
|
* ``qemu-microblaze`` TODO.
|
|
|
|
- user mode (MIPS)
|
|
|
|
* ``qemu-mips`` executes 32-bit big endian MIPS binaries (MIPS O32 ABI).
|
|
|
|
* ``qemu-mipsel`` executes 32-bit little endian MIPS binaries (MIPS O32 ABI).
|
|
|
|
* ``qemu-mips64`` executes 64-bit big endian MIPS binaries (MIPS N64 ABI).
|
|
|
|
* ``qemu-mips64el`` executes 64-bit little endian MIPS binaries (MIPS N64
|
|
ABI).
|
|
|
|
* ``qemu-mipsn32`` executes 32-bit big endian MIPS binaries (MIPS N32 ABI).
|
|
|
|
* ``qemu-mipsn32el`` executes 32-bit little endian MIPS binaries (MIPS N32
|
|
ABI).
|
|
|
|
- user mode (PowerPC)
|
|
|
|
* ``qemu-ppc64`` TODO.
|
|
* ``qemu-ppc`` TODO.
|
|
|
|
- user mode (SH4)
|
|
|
|
* ``qemu-sh4eb`` TODO.
|
|
* ``qemu-sh4`` TODO.
|
|
|
|
- user mode (SPARC)
|
|
|
|
* ``qemu-sparc`` can execute Sparc32 binaries (Sparc32 CPU, 32 bit ABI).
|
|
|
|
* ``qemu-sparc32plus`` can execute Sparc32 and SPARC32PLUS binaries
|
|
(Sparc64 CPU, 32 bit ABI).
|
|
|
|
* ``qemu-sparc64`` can execute some Sparc64 (Sparc64 CPU, 64 bit ABI) and
|
|
SPARC32PLUS binaries (Sparc64 CPU, 32 bit ABI).
|
|
|
|
BSD User space emulator
|
|
-----------------------
|
|
|
|
BSD Status
|
|
~~~~~~~~~~
|
|
|
|
- target Sparc64 on Sparc64: Some trivial programs work.
|
|
|
|
Quick Start
|
|
~~~~~~~~~~~
|
|
|
|
In order to launch a BSD process, QEMU needs the process executable
|
|
itself and all the target dynamic libraries used by it.
|
|
|
|
- On Sparc64, you can just try to launch any process by using the
|
|
native libraries::
|
|
|
|
qemu-sparc64 /bin/ls
|
|
|
|
Command line options
|
|
~~~~~~~~~~~~~~~~~~~~
|
|
|
|
::
|
|
|
|
qemu-sparc64 [-h] [-d] [-L path] [-s size] [-bsd type] program [arguments...]
|
|
|
|
``-h``
|
|
Print the help
|
|
|
|
``-L path``
|
|
Set the library root path (default=/)
|
|
|
|
``-s size``
|
|
Set the stack size in bytes (default=524288)
|
|
|
|
``-ignore-environment``
|
|
Start with an empty environment. Without this option, the initial
|
|
environment is a copy of the caller's environment.
|
|
|
|
``-E var=value``
|
|
Set environment var to value.
|
|
|
|
``-U var``
|
|
Remove var from the environment.
|
|
|
|
``-bsd type``
|
|
Set the type of the emulated BSD Operating system. Valid values are
|
|
FreeBSD, NetBSD and OpenBSD (default).
|
|
|
|
Debug options:
|
|
|
|
``-d item1,...``
|
|
Activate logging of the specified items (use '-d help' for a list of
|
|
log items)
|
|
|
|
``-p pagesize``
|
|
Act as if the host page size was 'pagesize' bytes
|
|
|
|
``-one-insn-per-tb``
|
|
Run the emulation with one guest instruction per translation block.
|
|
This slows down emulation a lot, but can be useful in some situations,
|
|
such as when trying to analyse the logs produced by the ``-d`` option.
|