2020-02-28 23:36:04 +08:00
|
|
|
Deprecated features
|
|
|
|
===================
|
|
|
|
|
|
|
|
In general features are intended to be supported indefinitely once
|
|
|
|
introduced into QEMU. In the event that a feature needs to be removed,
|
2020-09-15 23:07:34 +08:00
|
|
|
it will be listed in this section. The feature will remain functional for the
|
|
|
|
release in which it was deprecated and one further release. After these two
|
|
|
|
releases, the feature is liable to be removed. Deprecated features may also
|
|
|
|
generate warnings on the console when QEMU starts up, or if activated via a
|
|
|
|
monitor command, however, this is not a mandatory requirement.
|
2020-02-28 23:36:04 +08:00
|
|
|
|
|
|
|
Prior to the 2.10.0 release there was no official policy on how
|
|
|
|
long features would be deprecated prior to their removal, nor
|
|
|
|
any documented list of which features were deprecated. Thus
|
|
|
|
any features deprecated prior to 2.10.0 will be treated as if
|
|
|
|
they were first deprecated in the 2.10.0 release.
|
|
|
|
|
|
|
|
What follows is a list of all features currently marked as
|
|
|
|
deprecated.
|
|
|
|
|
|
|
|
System emulator command line arguments
|
|
|
|
--------------------------------------
|
|
|
|
|
|
|
|
``QEMU_AUDIO_`` environment variables and ``-audio-help`` (since 4.0)
|
|
|
|
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
The ``-audiodev`` argument is now the preferred way to specify audio
|
|
|
|
backend settings instead of environment variables. To ease migration to
|
|
|
|
the new format, the ``-audiodev-help`` option can be used to convert
|
|
|
|
the current values of the environment variables to ``-audiodev`` options.
|
|
|
|
|
|
|
|
Creating sound card devices and vnc without ``audiodev=`` property (since 4.2)
|
|
|
|
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
When not using the deprecated legacy audio config, each sound card
|
|
|
|
should specify an ``audiodev=`` property. Additionally, when using
|
2020-09-17 15:50:22 +08:00
|
|
|
vnc, you should specify an ``audiodev=`` property if you plan to
|
2020-02-28 23:36:04 +08:00
|
|
|
transmit audio through the VNC protocol.
|
|
|
|
|
2020-07-02 21:25:23 +08:00
|
|
|
Creating sound card devices using ``-soundhw`` (since 5.1)
|
|
|
|
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
Sound card devices should be created using ``-device`` instead. The
|
|
|
|
names are the same for most devices. The exceptions are ``hda`` which
|
|
|
|
needs two devices (``-device intel-hda -device hda-duplex``) and
|
|
|
|
``pcspk`` which can be activated using ``-machine
|
|
|
|
pcspk-audiodev=<name>``.
|
|
|
|
|
2020-05-29 01:55:13 +08:00
|
|
|
RISC-V ``-bios`` (since 5.1)
|
2020-02-28 23:36:04 +08:00
|
|
|
''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
QEMU 4.1 introduced support for the -bios option in QEMU for RISC-V for the
|
2020-05-29 01:55:13 +08:00
|
|
|
RISC-V virt machine and sifive_u machine. QEMU 4.1 had no changes to the
|
|
|
|
default behaviour to avoid breakages.
|
|
|
|
|
|
|
|
QEMU 5.1 changes the default behaviour from ``-bios none`` to ``-bios default``.
|
|
|
|
|
|
|
|
QEMU 5.1 has three options:
|
|
|
|
1. ``-bios default`` - This is the current default behavior if no -bios option
|
|
|
|
is included. This option will load the default OpenSBI firmware automatically.
|
|
|
|
The firmware is included with the QEMU release and no user interaction is
|
|
|
|
required. All a user needs to do is specify the kernel they want to boot
|
|
|
|
with the -kernel option
|
|
|
|
2. ``-bios none`` - QEMU will not automatically load any firmware. It is up
|
2020-02-28 23:36:04 +08:00
|
|
|
to the user to load all the images they need.
|
|
|
|
3. ``-bios <file>`` - Tells QEMU to load the specified file as the firmwrae.
|
|
|
|
|
2020-06-22 17:42:17 +08:00
|
|
|
``Configuring floppies with ``-global``
|
|
|
|
'''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
Use ``-device floppy,...`` instead:
|
|
|
|
::
|
|
|
|
|
|
|
|
-global isa-fdc.driveA=...
|
|
|
|
-global sysbus-fdc.driveA=...
|
|
|
|
-global SUNW,fdtwo.drive=...
|
|
|
|
|
|
|
|
become
|
|
|
|
::
|
|
|
|
|
|
|
|
-device floppy,unit=0,drive=...
|
|
|
|
|
|
|
|
and
|
|
|
|
::
|
|
|
|
|
|
|
|
-global isa-fdc.driveB=...
|
|
|
|
-global sysbus-fdc.driveB=...
|
|
|
|
|
|
|
|
become
|
|
|
|
::
|
|
|
|
|
|
|
|
-device floppy,unit=1,drive=...
|
|
|
|
|
blockdev: Deprecate -drive with bogus interface type
Drives with interface types other than if=none are for onboard
devices. Unfortunately, any such drives the board doesn't pick up can
still be used with -device, like this:
$ qemu-system-x86_64 -nodefaults -display none -S -drive if=floppy,id=bogus,unit=7 -device ide-cd,drive=bogus -monitor stdio
QEMU 5.0.50 monitor - type 'help' for more information
(qemu) info block
bogus: [not inserted]
Attached to: /machine/peripheral-anon/device[0]
Removable device: not locked, tray closed
(qemu) info qtree
bus: main-system-bus
type System
[...]
bus: ide.1
type IDE
dev: ide-cd, id ""
---> drive = "bogus"
[...]
unit = 0 (0x0)
[...]
This kind of abuse has always worked. Deprecate it:
qemu-system-x86_64: -drive if=floppy,id=bogus,unit=7: warning: bogus if=floppy is deprecated, use if=none
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200622094227.1271650-9-armbru@redhat.com>
2020-06-22 17:42:19 +08:00
|
|
|
``-drive`` with bogus interface type
|
|
|
|
''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
Drives with interface types other than ``if=none`` are for onboard
|
|
|
|
devices. It is possible to use drives the board doesn't pick up with
|
|
|
|
-device. This usage is now deprecated. Use ``if=none`` instead.
|
|
|
|
|
2020-11-09 17:13:39 +08:00
|
|
|
Short-form boolean options (since 6.0)
|
|
|
|
''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
Boolean options such as ``share=on``/``share=off`` could be written
|
|
|
|
in short form as ``share`` and ``noshare``. This is now deprecated
|
|
|
|
and will cause a warning.
|
blockdev: Deprecate -drive with bogus interface type
Drives with interface types other than if=none are for onboard
devices. Unfortunately, any such drives the board doesn't pick up can
still be used with -device, like this:
$ qemu-system-x86_64 -nodefaults -display none -S -drive if=floppy,id=bogus,unit=7 -device ide-cd,drive=bogus -monitor stdio
QEMU 5.0.50 monitor - type 'help' for more information
(qemu) info block
bogus: [not inserted]
Attached to: /machine/peripheral-anon/device[0]
Removable device: not locked, tray closed
(qemu) info qtree
bus: main-system-bus
type System
[...]
bus: ide.1
type IDE
dev: ide-cd, id ""
---> drive = "bogus"
[...]
unit = 0 (0x0)
[...]
This kind of abuse has always worked. Deprecate it:
qemu-system-x86_64: -drive if=floppy,id=bogus,unit=7: warning: bogus if=floppy is deprecated, use if=none
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200622094227.1271650-9-armbru@redhat.com>
2020-06-22 17:42:19 +08:00
|
|
|
|
2021-02-25 18:51:30 +08:00
|
|
|
``delay`` option for socket character devices (since 6.0)
|
|
|
|
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
The replacement for the ``nodelay`` short-form boolean option is ``nodelay=on``
|
|
|
|
rather than ``delay=off``.
|
|
|
|
|
2020-10-21 00:08:27 +08:00
|
|
|
``--enable-fips`` (since 6.0)
|
|
|
|
'''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
This option restricts usage of certain cryptographic algorithms when
|
|
|
|
the host is operating in FIPS mode.
|
|
|
|
|
|
|
|
If FIPS compliance is required, QEMU should be built with the ``libgcrypt``
|
|
|
|
library enabled as a cryptography provider.
|
|
|
|
|
|
|
|
Neither the ``nettle`` library, or the built-in cryptography provider are
|
|
|
|
supported on FIPS enabled hosts.
|
|
|
|
|
2021-02-25 18:55:27 +08:00
|
|
|
``-writeconfig`` (since 6.0)
|
|
|
|
'''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
The ``-writeconfig`` option is not able to serialize the entire contents
|
|
|
|
of the QEMU command line. It is thus considered a failed experiment
|
|
|
|
and deprecated, with no current replacement.
|
|
|
|
|
2021-03-01 19:14:14 +08:00
|
|
|
Userspace local APIC with KVM (x86, since 6.0)
|
|
|
|
''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
Using ``-M kernel-irqchip=off`` with x86 machine types that include a local
|
|
|
|
APIC is deprecated. The ``split`` setting is supported, as is using
|
|
|
|
``-M kernel-irqchip=off`` with the ISA PC machine type.
|
|
|
|
|
2021-02-12 04:44:37 +08:00
|
|
|
hexadecimal sizes with scaling multipliers (since 6.0)
|
|
|
|
''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
Input parameters that take a size value should only use a size suffix
|
|
|
|
(such as 'k' or 'M') when the base is written in decimal, and not when
|
|
|
|
the value is hexadecimal. That is, '0x20M' is deprecated, and should
|
|
|
|
be written either as '32M' or as '0x2000000'.
|
|
|
|
|
2021-03-11 19:43:43 +08:00
|
|
|
``-spice password=string`` (since 6.0)
|
|
|
|
''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
This option is insecure because the SPICE password remains visible in
|
|
|
|
the process listing. This is replaced by the new ``password-secret``
|
|
|
|
option which lets the password be securely provided on the command
|
|
|
|
line using a ``secret`` object instance.
|
|
|
|
|
2020-10-20 18:47:58 +08:00
|
|
|
``opened`` property of ``rng-*`` objects (since 6.0.0)
|
|
|
|
''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
The only effect of specifying ``opened=on`` in the command line or QMP
|
|
|
|
``object-add`` is that the device is opened immediately, possibly before all
|
|
|
|
other options have been processed. This will either have no effect (if
|
|
|
|
``opened`` was the last option) or cause errors. The property is therefore
|
|
|
|
useless and should not be specified.
|
|
|
|
|
2020-02-28 23:36:04 +08:00
|
|
|
QEMU Machine Protocol (QMP) commands
|
|
|
|
------------------------------------
|
|
|
|
|
2020-03-17 19:54:26 +08:00
|
|
|
``blockdev-open-tray``, ``blockdev-close-tray`` argument ``device`` (since 2.8.0)
|
|
|
|
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
Use argument ``id`` instead.
|
|
|
|
|
|
|
|
``eject`` argument ``device`` (since 2.8.0)
|
|
|
|
'''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
Use argument ``id`` instead.
|
|
|
|
|
|
|
|
``blockdev-change-medium`` argument ``device`` (since 2.8.0)
|
|
|
|
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
Use argument ``id`` instead.
|
|
|
|
|
|
|
|
``block_set_io_throttle`` argument ``device`` (since 2.8.0)
|
|
|
|
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
Use argument ``id`` instead.
|
|
|
|
|
|
|
|
``blockdev-add`` empty string argument ``backing`` (since 2.10.0)
|
|
|
|
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
Use argument value ``null`` instead.
|
|
|
|
|
|
|
|
``block-commit`` arguments ``base`` and ``top`` (since 3.1.0)
|
|
|
|
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
Use arguments ``base-node`` and ``top-node`` instead.
|
|
|
|
|
2020-09-24 23:27:13 +08:00
|
|
|
``nbd-server-add`` and ``nbd-server-remove`` (since 5.2)
|
|
|
|
''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
Use the more generic commands ``block-export-add`` and ``block-export-del``
|
2020-10-27 13:05:49 +08:00
|
|
|
instead. As part of this deprecation, where ``nbd-server-add`` used a
|
|
|
|
single ``bitmap``, the new ``block-export-add`` uses a list of ``bitmaps``.
|
2020-09-24 23:27:13 +08:00
|
|
|
|
2020-02-28 23:36:04 +08:00
|
|
|
System emulator CPUS
|
|
|
|
--------------------
|
|
|
|
|
2020-09-23 22:05:34 +08:00
|
|
|
``moxie`` CPU (since 5.2.0)
|
|
|
|
'''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
The ``moxie`` guest CPU support is deprecated and will be removed in
|
|
|
|
a future version of QEMU. It's unclear whether anybody is still using
|
|
|
|
CPU emulation in QEMU, and there are no test images available to make
|
|
|
|
sure that the code is still working.
|
|
|
|
|
2020-09-23 16:00:15 +08:00
|
|
|
``lm32`` CPUs (since 5.2.0)
|
|
|
|
'''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
The ``lm32`` guest CPU support is deprecated and will be removed in
|
|
|
|
a future version of QEMU. The only public user of this architecture
|
|
|
|
was the milkymist project, which has been dead for years; there was
|
|
|
|
never an upstream Linux port.
|
|
|
|
|
|
|
|
``unicore32`` CPUs (since 5.2.0)
|
|
|
|
''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
The ``unicore32`` guest CPU support is deprecated and will be removed in
|
|
|
|
a future version of QEMU. Support for this CPU was removed from the
|
|
|
|
upstream Linux kernel, and there is no available upstream toolchain
|
|
|
|
to build binaries for it.
|
|
|
|
|
2020-09-22 15:14:15 +08:00
|
|
|
``Icelake-Client`` CPU Model (since 5.2.0)
|
|
|
|
''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
``Icelake-Client`` CPU Models are deprecated. Use ``Icelake-Server`` CPU
|
|
|
|
Models instead.
|
|
|
|
|
2020-11-02 18:30:30 +08:00
|
|
|
MIPS ``I7200`` CPU Model (since 5.2)
|
|
|
|
''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
The ``I7200`` guest CPU relies on the nanoMIPS ISA, which is deprecated
|
|
|
|
(the ISA has never been upstreamed to a compiler toolchain). Therefore
|
|
|
|
this CPU is also deprecated.
|
|
|
|
|
2020-02-28 23:36:04 +08:00
|
|
|
System emulator machines
|
|
|
|
------------------------
|
|
|
|
|
2020-11-21 01:39:50 +08:00
|
|
|
Raspberry Pi ``raspi2`` and ``raspi3`` machines (since 5.2)
|
|
|
|
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
The Raspberry Pi machines come in various models (A, A+, B, B+). To be able
|
|
|
|
to distinguish which model QEMU is implementing, the ``raspi2`` and ``raspi3``
|
|
|
|
machines have been renamed ``raspi2b`` and ``raspi3b``.
|
|
|
|
|
2020-02-28 23:36:04 +08:00
|
|
|
Device options
|
|
|
|
--------------
|
|
|
|
|
|
|
|
Emulated device options
|
|
|
|
'''''''''''''''''''''''
|
|
|
|
|
|
|
|
``-device virtio-blk,scsi=on|off`` (since 5.0.0)
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
|
|
|
The virtio-blk SCSI passthrough feature is a legacy VIRTIO feature. VIRTIO 1.0
|
|
|
|
and later do not support it because the virtio-scsi device was introduced for
|
|
|
|
full SCSI support. Use virtio-scsi instead when SCSI passthrough is required.
|
|
|
|
|
|
|
|
Note this also applies to ``-device virtio-blk-pci,scsi=on|off``, which is an
|
|
|
|
alias.
|
|
|
|
|
|
|
|
Block device options
|
|
|
|
''''''''''''''''''''
|
|
|
|
|
|
|
|
``"backing": ""`` (since 2.12.0)
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
|
|
|
In order to prevent QEMU from automatically opening an image's backing
|
|
|
|
chain, use ``"backing": null`` instead.
|
|
|
|
|
|
|
|
``rbd`` keyvalue pair encoded filenames: ``""`` (since 3.1.0)
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
|
|
|
Options for ``rbd`` should be specified according to its runtime options,
|
|
|
|
like other block drivers. Legacy parsing of keyvalue pair encoded
|
|
|
|
filenames is useful to open images with the old format for backing files;
|
|
|
|
These image files should be updated to use the current format.
|
|
|
|
|
|
|
|
Example of legacy encoding::
|
|
|
|
|
|
|
|
json:{"file.driver":"rbd", "file.filename":"rbd:rbd/name"}
|
|
|
|
|
|
|
|
The above, converted to the current supported format::
|
|
|
|
|
|
|
|
json:{"file.driver":"rbd", "file.pool":"rbd", "file.image":"name"}
|
|
|
|
|
2020-10-02 19:32:43 +08:00
|
|
|
``sheepdog`` driver (since 5.2.0)
|
|
|
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
|
|
|
|
The ``sheepdog`` block device driver is deprecated. The corresponding upstream
|
|
|
|
server project is no longer actively maintained. Users are recommended to switch
|
|
|
|
to an alternative distributed block device driver such as RBD. The
|
|
|
|
``qemu-img convert`` command can be used to liberate existing data by moving
|
|
|
|
it out of sheepdog volumes into an alternative storage backend.
|
|
|
|
|
2020-07-03 23:59:46 +08:00
|
|
|
linux-user mode CPUs
|
|
|
|
--------------------
|
|
|
|
|
2020-09-09 19:27:36 +08:00
|
|
|
``ppc64abi32`` CPUs (since 5.2.0)
|
|
|
|
'''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
The ``ppc64abi32`` architecture has a number of issues which regularly
|
|
|
|
trip up our CI testing and is suspected to be quite broken. For that
|
|
|
|
reason the maintainers strongly suspect no one actually uses it.
|
|
|
|
|
2020-11-02 18:30:30 +08:00
|
|
|
MIPS ``I7200`` CPU (since 5.2)
|
|
|
|
''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
The ``I7200`` guest CPU relies on the nanoMIPS ISA, which is deprecated
|
|
|
|
(the ISA has never been upstreamed to a compiler toolchain). Therefore
|
|
|
|
this CPU is also deprecated.
|
|
|
|
|
2020-02-28 23:36:04 +08:00
|
|
|
Related binaries
|
|
|
|
----------------
|
|
|
|
|
qcow2: Deprecate use of qemu-img amend to change backing file
The use of 'qemu-img amend' to change qcow2 backing files is not
tested very well. In particular, our implementation has a bug where
if a new backing file is provided without a format, then the prior
format is blindly reused, even if this results in data corruption, but
this is not caught by iotests.
There are also situations where amending other options needs access to
the original backing file (for example, on a downgrade to a v2 image,
knowing whether a v3 zero cluster must be allocated or may be left
unallocated depends on knowing whether the backing file already reads
as zero), but the command line does not have a nice way to tell us
both the backing file to use for opening the image as well as the
backing file to install after the operation is complete.
Even if we do allow changing the backing file, it is redundant with
the existing ability to change backing files via 'qemu-img rebase -u'.
It is time to deprecate this support (leaving the existing behavior
intact, even if it is buggy), and at a point in the future, require
the use of only 'qemu-img rebase' for adjusting backing chain
relations, saving 'qemu-img amend' for changes unrelated to the
backing chain.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200706203954.341758-8-eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-07-07 04:39:51 +08:00
|
|
|
qemu-img amend to adjust backing file (since 5.1)
|
|
|
|
'''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
The use of ``qemu-img amend`` to modify the name or format of a qcow2
|
|
|
|
backing image is deprecated; this functionality was never fully
|
|
|
|
documented or tested, and interferes with other amend operations that
|
|
|
|
need access to the original backing image (such as deciding whether a
|
|
|
|
v3 zero cluster may be left unallocated when converting to a v2
|
|
|
|
image). Rather, any changes to the backing chain should be performed
|
|
|
|
with ``qemu-img rebase -u`` either before or after the remaining
|
|
|
|
changes being performed by amend, as appropriate.
|
|
|
|
|
qemu-img: Deprecate use of -b without -F
Creating an image that requires format probing of the backing image is
potentially unsafe (we've had several CVEs over the years based on
probes leaking information to the guest on a subsequent boot, although
these days tools like libvirt are aware of the issue enough to prevent
the worst effects). For example, if our probing algorithm ever
changes, or if other tools like libvirt determine a different probe
result than we do, then subsequent use of that backing file under a
different format will present corrupted data to the guest.
Fortunately, the worst effects occur only when the backing image is
originally raw, and we at least prevent commit into a probed raw
backing file that would change its probed type.
Still, it is worth starting a deprecation clock so that future
qemu-img can refuse to create backing chains that would rely on
probing, to encourage clients to avoid unsafe practices. Most
warnings are intentionally emitted from bdrv_img_create() in the block
layer, but qemu-img convert uses bdrv_create() which cannot emit its
own warning without causing spurious warnings on other code paths. In
the end, all command-line image creation or backing file rewriting now
performs a check.
Furthermore, if we probe a backing file as non-raw, then it is safe to
explicitly record that result (rather than relying on future probes);
only where we probe a raw image do we care about further warnings to
the user when using such an image (for example, commits into a
probed-raw backing file are prevented), to help them improve their
tooling. But whether or not we make the probe results explicit, we
still warn the user to remind them to upgrade their workflow to supply
-F always.
iotest 114 specifically wants to create an unsafe image for later
amendment rather than defaulting to our new default of recording a
probed format, so it needs an update. While touching it, expand it to
cover all of the various warnings enabled by this patch. iotest 301
also shows a change to qcow messages.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200706203954.341758-11-eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-07-07 04:39:54 +08:00
|
|
|
qemu-img backing file without format (since 5.1)
|
|
|
|
''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
The use of ``qemu-img create``, ``qemu-img rebase``, or ``qemu-img
|
|
|
|
convert`` to create or modify an image that depends on a backing file
|
|
|
|
now recommends that an explicit backing format be provided. This is
|
|
|
|
for safety: if QEMU probes a different format than what you thought,
|
|
|
|
the data presented to the guest will be corrupt; similarly, presenting
|
|
|
|
a raw image to a guest allows a potential security exploit if a future
|
|
|
|
probe sees a non-raw image based on guest writes.
|
|
|
|
|
|
|
|
To avoid the warning message, or even future refusal to create an
|
|
|
|
unsafe image, you must pass ``-o backing_fmt=`` (or the shorthand
|
|
|
|
``-F`` during create) to specify the intended backing format. You may
|
|
|
|
use ``qemu-img rebase -u`` to retroactively add a backing format to an
|
|
|
|
existing image. However, be aware that there are already potential
|
|
|
|
security risks to blindly using ``qemu-img info`` to probe the format
|
|
|
|
of an untrusted backing image, when deciding what format to add into
|
|
|
|
an existing image.
|
|
|
|
|
2020-02-28 23:36:04 +08:00
|
|
|
Backwards compatibility
|
|
|
|
-----------------------
|
|
|
|
|
|
|
|
Runnability guarantee of CPU models (since 4.1.0)
|
|
|
|
'''''''''''''''''''''''''''''''''''''''''''''''''
|
|
|
|
|
|
|
|
Previous versions of QEMU never changed existing CPU models in
|
|
|
|
ways that introduced additional host software or hardware
|
|
|
|
requirements to the VM. This allowed management software to
|
|
|
|
safely change the machine type of an existing VM without
|
|
|
|
introducing new requirements ("runnability guarantee"). This
|
|
|
|
prevented CPU models from being updated to include CPU
|
|
|
|
vulnerability mitigations, leaving guests vulnerable in the
|
|
|
|
default configuration.
|
|
|
|
|
|
|
|
The CPU model runnability guarantee won't apply anymore to
|
|
|
|
existing CPU models. Management software that needs runnability
|
2020-11-18 03:34:48 +08:00
|
|
|
guarantees must resolve the CPU model aliases using the
|
2020-02-28 23:36:04 +08:00
|
|
|
``alias-of`` field returned by the ``query-cpu-definitions`` QMP
|
|
|
|
command.
|
|
|
|
|
|
|
|
While those guarantees are kept, the return value of
|
|
|
|
``query-cpu-definitions`` will have existing CPU model aliases
|
|
|
|
point to a version that doesn't break runnability guarantees
|
|
|
|
(specifically, version 1 of those CPU models). In future QEMU
|
|
|
|
versions, aliases will point to newer CPU model versions
|
|
|
|
depending on the machine type, so management software must
|
|
|
|
resolve CPU model aliases before starting a virtual machine.
|
|
|
|
|
2020-11-02 18:30:30 +08:00
|
|
|
Guest Emulator ISAs
|
|
|
|
-------------------
|
|
|
|
|
|
|
|
nanoMIPS ISA
|
|
|
|
''''''''''''
|
|
|
|
|
|
|
|
The ``nanoMIPS`` ISA has never been upstreamed to any compiler toolchain.
|
|
|
|
As it is hard to generate binaries for it, declare it deprecated.
|