Qemu

From Segfault
Jump to: navigation, search

From qemu-user:

 QEMU is a fast processor emulator: currently the package supports
 ARM, CRIS, i386, M68k (ColdFire), MicroBlaze, MIPS, PowerPC, SH4,
 SPARC and x86-64 emulation. By using dynamic translation it achieves
 reasonable speed while being easy to port on new host CPUs.

Installation

Linux

sudo apt-get install pkg-config libglib2.0-dev
wget http://wiki.qemu-project.org/download/qemu-1.4.0.tar.bz2{,.sig}

gpg --recv-keys 7C18C076
gpg --verify qemu*.sig

Or, via Git:

git clone git://git.qemu-project.org/qemu.git qemu-git

Build with:

./configure --prefix=/opt/qemu
make
sudo make install

MacOS X

With MacPorts installed:

port install qemu

Network setup

To have a real network adapter within the Qemu guest, we need to create a bridge adapter on the host.[1][2]. For this we will need a tap driver and some configuration to get this going.

The tap driver borrowed from the Tunnelblick project:

$ curl -LO https://sourceforge.net/projects/tunnelblick/files/All%20files/Tunnelblick_3.4.1_r3054.dmg
$ shasum Tunnelblick_3.4.1_r3054.dmg | grep a43c2a82168fcd8249d66e46db460f634f7dce8c
a43c2a82168fcd8249d66e46db460f634f7dce8c  Tunnelblick_3.4.1_r3054.dmg

$ hdiutil attach Tunnelblick_3.4.1_r3054.dmg 
/dev/disk2         GUID_partition_scheme           
/dev/disk2s1       Apple_HFS                  /Volumes/Tunnelblick

Copy the kernel modules to the system and load it:

$ sudo cp -r /Volumes/Tunnelblick/Tunnelblick.app/Contents/Resources/{tap,tun}-signed.kext /Library/Extensions/
$ hdiutil detach /Volumes/Tunnelblick

$ sudo kextload /Library/Extensions/tap-signed.kext
$ kextstat | grep tap
133    0 0xffffff7f82689000 0x6000     0x6000     net.tunnelblick.tap (1.0) <7 5 4 1>

If we ever want to unload it:

$ sudo kextunload -b net.tunnelblick.tap

We need a network script that Qemu will use to start/top the interface:

$ sudo ln -s /usr/local/sbin/qemu-tap /etc/qemu-ifup
$ sudo ln -s /usr/local/sbin/qemu-tap /etc/qemu-ifdown

FIXME: Rats, ipfw is gone now[3], pf will be needed to create those rules in the network script!

The script assumes that en1 is the wireless inteface to be bridged. With all that in place, let's try this:

$ qemu-img create -f qcow2 netbsd1.img 1024
$ qemu-system-i386 -cpu Penryn -smp cpus=2 -boot order=cd -m size=1024 -drive file=netbsd1.img \
        -cdrom /mnt/nfs/NetBSD-6.1-i386.iso -net nic \
        -net tap,ifname=tap0,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown

Note: /etc/qemu-ifup and /etc/qemu-ifdown are default names and we could have just omitted them in this example.

Usage

Create a disk and boot an i386 system on MacOS X:

qemu-img create -f qcow2 disk0.img 1024
qemu-system-i386 -cpu Penryn -smp cpus=2 -boot order=cd -m size=512 \
       -drive file=disk0.img -cdrom /mnt/nfs/debian.iso -net nic model=virtio

qemu-user

This package provides the user mode emulation binaries. In this mode QEMU can launch Linux processes compiled for one CPU on another CPU.

 $ uname -srm
 Linux 2.6.38+ ppc
 sudo apt-get install qemu-user
 mkdir -p i386/{bin,lib,usr/lib,usr/bin}
 
 for f in ld-linux.so.2 libacl.so.1 libattr.so.1 libc.so.6 libdl.so.2 \
          libpthread.so.0 librt.so.1 libselinux.so.1 libz.so.1; do
    scp alice-i386:/lib/"$f" i386/lib
 done
 scp alice-i386:/bin/ls i386/bin
 $ qemu-i386 -L `pwd`/i386/ i386/bin/ls -l /tmp
 qemu: Unsupported syscall: 240
 total 0
 drwxr-x--- 2 1000 1000  40 Apr 11 11:03 bar
 drwxr-x--- 2 1000 1000  40 Apr 10 11:03 foo
  • /usr/include/asm/unistd.h (powerpc) lists syscall 240 as __NR_timer_create.
  • /usr/include/asm/unistd_32.h (i386) lists syscall 240 as __NR_futex

References