Project Home
Project Home
Discussion Forums
Project Information
Project Info
wiki1337: QEMUAndNeutrino (Version 9)

QEMU as a Test Target #

Introduction #

QEMU is a portable open source emulator for x86, MIPS, ARM, PPC, and Sparc. For the purposes of QNX, this makes a handy tool for quick tests and debugging. Some supported features are snapshots, basic networking, and gdb integration. Eventually, it should be possible to debug the kernel much like you can do with VMware, but for all architectures supported by QNX except for SuperHitachi. The port is still a work in progress, and experimental, but most major problems have been worked out.

Advantages over a virtual machine like VMWare is that QEMU has a Neutrino port, and can emulate many targets. There are advantages to using Neutrino as a development platform rather than cross-development, and QEMU is currently the only emulator that runs on Neutrino. QEMU can be used when a test machine is not available or practical, or for running dangerous tests that may lock the system or alter important files. The snapshot feature is extremely useful for this. A system can be restored to a previous state quickly, or saved after boot for a fast startup.


Completed Work#

  • modified source to compile on Neutrino
    • thanks to Colin Burgess for the initial work on this
  • edited makefiles to install qemu without the standard “install” utility
  • fixed enter key problem in QEMU monitor
  • figured out how to enable user mode networking.
  • fixed serious problems with filesystem accesses
    • Actually stable now, and qcow2 images work, with snapshots - YAY!

Remaining Work, in order of usefulness#

  • write a TAP interface or similar for QNX allowing full networking
    • currently, you cannot ping or telnet the outside world, but browsing works
    • qconn will likely not work without it
  • solve problem with QNX installer that reads all partition sizes as 0
  • make some custom build files to have better hardware detection, and avoid having to manually start drivers
  • set up images for each architecture, and possibly snapshots for instant running.
  • Speed up disk accesses. Using growable formats is fairly slow.
  • add support for audio devices and possibly other peripherals
  • implement speed-up code for x86 target, similar to kQEMU

Installing Qemu on Neutrino #

Step 1: Download the source #

Visit the qemu website and download the source code for version 0.9.0. Extract this to a build directory on a Neutrino machine.

Step 2: Apply the patch for QNX #

Download the latest QNX Patch, QEMUAndNeutrino/qemu-sep06.diff, and apply it to the existing source (only tested using Linux):
patch < qemu-0.9.0-qnx.patch 

Step 3: Install SDL support. #

3rd party support has been written for SDL, which Qemu relies on. Get it from the third party repository CD and use the installer in Photon. It is very important that you use the correct version. Using SDL for Neutrino 6.2.1 on 6.3.x will cause conflicts, and Qemu will not work.

Step 4: GCC version #

Qemu was built with GCC 3.4, and will not compile with gcc 2.x.x or 4.x, but works great with version 3.3.5 Just change the default gcc with a symlink. As root, do:
ln -s /usr/qnx630/host/qnx6/x86/usr/bin/ntox86-gcc-3.3.5 /usr/qnx630/host/qnx6/x86/usr/bin/gcc 
This shouldn't affect the usual Momentics build environment, because that uses qcc.

Step 5: Configure, Make, Install #

You can now type ./configure from the Qemu source directory, and it should see the SDL support, set everything up, and tell you if you did anything wrong. Type make, and qemu will compile. Do a "make install" as root to install it on your machine.

Running Qemu #

To install Neutrino fresh, we have to make an image file for a virtual hard drive. Use the qemu-img utility like:

qemu-img create -f raw my-image.img 1G
Where the -f flag sets the image type - raw for basic, qcow2 for a more versatile, but slower type, or one of several others. We also specified the image name and size. You could also set the size in Mb, by using M rather than G. For some reason, if you try to install Neutrino from a cd directly, the partitioner sees all empty partitions as 0 in size, and will not work. We can install using an ISO image though. To boot with a virtual disk, and a cdrom, invoke QEMU from a terminal in Photon like:
qemu -hda my-image.img -cdrom <image file | /dev/cd0> -boot d -k en-us
The boot flag tells QEMU to boot from the cd rom, and the -k flag sets the keyboard layout. This is required on Neutrino in order for the keyboard to function properly.

Once installed, you can boot from the virtual hard drive by invoking as:

qemu -hda my-image.img -k en-us
In either case, you'll notice warnings about pci-bios during boot. This will likely be solved in the future by making custom build files for QEMU.


By default, QEMU starts with an NE2000 NIC, and usermode networking, and we shouldn't need to change these options. Once QEMU is up and running and you can type in a terminal, type:

pci-bios waitfor /dev/pci
io-net -dne2000 -ptcpip

If it worked, you should see your IP as something like You should also be able to ping and telnet the host machine at If this didn't work, try slaying io-net and restarting it again. These steps will hopefully be unnecessary in the future, once there are proper build files for Neutrino on QEMU.

QEMU Monitor#

QEMU contains a monitor for things like pausing, taking snapshots, resetting, and changing devices on the fly. To get to the monitor, press <cntl><alt>2.


In Photon <cntl><alt><1-9> switches workspaces, and doesn't get passed to other applications. We have to disable this by setting an environment variable before Photon starts. From text mode, type: export PHWMOPTS=”-S” and then start photon with “ph”. You should be able to set this in a file like /etc/rc.d/rc.local, although I haven't tested it yet.

Extreme Usefulness#

Instant Start of a Running System#

If you created your virtual system using the qcow2 image format, you can take runtime snapshots. From the monitor, type savevm <snapshot name> to save. You can then perform destructive testing on the virtual system and restore it back using the loadvm command. You can even start the snapshot on QEMU invocation with the flag -loadvm <snapshot name>. By doing this, you can start a system running photon in a few seconds because there is no boot, which is an excellent test tool.

Any kind of disk image can be started with the -snapshot flag. This has a different meaning than the above runtime snapshots. If you do this, the image becomes read-only, and changes are written to a file in /tmp. Typing “commit” in the monitor will then commit these changes.

A more comprehensive guide is available on the qemu website. The documentation there is all relevant for the Neutrino port, except of course for features that are not yet implemented.