Launch of the new version of the project QEMU 6.0 in which more than 3300 changes from 268 developers were made in preparation and whose changes include driver improvements, support for new platforms and experimental options.
For those unfamiliar with QEMU, you should know that it is software that allows you to run a compiled program for a hardware platform on a system with a completely different architecture, for example, to run an ARM application on an x86 compatible PC.
In virtualization mode in QEMU, performance of code execution in sandbox environment is close to hardware system due to direct execution of instructions on CPU and use of Xen hypervisor or KVM module.
Main novelties of QEMU 6.0
In this new version of Qemu 6.0 NVMe driver emulator now complies with NVMe 1.4 specification and includes experimental support for zoned namespaces, multipath I / O, and end-to-end storage encryption.
ARM emulator adds support for ARMv8.1-M 'Helium' architecture and Cortex-M55 processors, as well as ARMv8.4 TTST, SEL2, and DIT extended instructions. Support for ARM mps3-an524 and mps3-an547 boards was also added. Additional device emulation is implemented for xlnx-zynqmp, xlnx-versal, sbsa-ref, npcm7xx, and sabrelite boards.
For ARM in user environment and system level emulation modes, ARMv8.5 MTE extension support is implemented (MemTag, Memory Tagging Extension), which allows you to bind tags to each memory mapping operation and organize a pointer check when accessing memory, which must be associated with the correct tag. The extension can be used to block the exploitation of vulnerabilities caused by accessing already freed memory blocks, buffer overflows, preinitialization calls, and use outside the current context.
68k emulator adds support for a new type of "virt" emulated machine using virtio devices to optimize performance, while the x86 architecture emulator adds the ability to use AMD SEV-ES technology (secure encrypted virtualization) to encrypt the processor registers used in the guest system, making the contents of the registers inaccessible to the host environment if the guest system does not explicitly grant access to them.
Also in Qemu 6.0 experimental options added "-Machine x-remote" and "-device x-pci-proxy-dev" to move device emulation to external processes. In this mode, only lsi53c895 SCSI adapter emulation is currently supported.
As well as a new FUSE module for exporting block devices, allowing you to mount a portion of the state of any block device used in the guest. Export is done using the block-export-add QMP command or using the "–export" option in the qemu-storage-daemon utility.
On the other hand, it is mentioned that Virtualofs addresses the vulnerabilities:
- CVE-2020-35517 - Allows access to the host environment from the guest system by creating a special device file on the guest system by a privileged user in a directory shared with the host environment.
- CVE-2021-20263 - Caused by a bug in handling extended attributes in the 'xattrmap' option, and may cause write permissions and privilege escalation within the guest to be ignored.
Of the other changes that stand out in this new version:
- Added experimental support for creating snapshots of RAM content.
- Added support for emulating Qualcomm Hexagon processors with DSP.
- The classic code generator TCG (Tiny Code Generator) is compatible with macOS host environments on systems with the new Apple M1 ARM chip.
- The RISC-V emulator for Microchip PolarFire boards supports QSPI NOR flash.
- The Tricore emulator now supports a new model of TriBoard boards that emulate the Infineon TC27x SoC.
- The ACPI emulator offers the ability to name network adapters on guest systems, regardless of the order of connection to the PCI bus.
- Virtiofs adds support for the FUSE_KILLPRIV_V2 option to improve guest performance.
- VNC adds support for cursor transparency and support for scaling screen resolution in virtio-vga based on window size.
- QMP (QEMU Machine Protocol) adds support for asynchronous parallel access when performing backup tasks.
- The USB emulator has added the ability to save the traffic generated when working with USB devices in a separate pcap file for later inspection in Wireshark.
- New QMP load-snapshot, save-snapshot and delete-snapshot commands have been added to manage qcow2 snapshots.
Finally, if you want to know more about it, you can check the details In the following link.