summaryrefslogtreecommitdiff
path: root/packages/qemu/files
diff options
context:
space:
mode:
authorMarcin Juszkiewicz <hrw@openembedded.org>2007-08-22 16:58:07 +0000
committerMarcin Juszkiewicz <hrw@openembedded.org>2007-08-22 16:58:07 +0000
commit84a3b541b14fb54cb19d5144bc5be156b7f87721 (patch)
treee2ed34977d20c8b355230c49bace94c12b22bc0d /packages/qemu/files
parent81149649bc483149f0a959de43415cb4ff7aa0ba (diff)
qemu: added 20070613 version from Poky - this works on 32 and 64 bit machines
Diffstat (limited to 'packages/qemu/files')
-rw-r--r--packages/qemu/files/02_snapshot_use_tmpdir.patch23
-rw-r--r--packages/qemu/files/03_machines_list_no_error.patch18
-rw-r--r--packages/qemu/files/04_do_not_print_rtc_freq_if_ok.patch25
-rw-r--r--packages/qemu/files/05_non-fatal_if_linux_hd_missing.patch17
-rw-r--r--packages/qemu/files/06_exit_segfault.patch45
-rw-r--r--packages/qemu/files/10_signal_jobs.patch26
-rw-r--r--packages/qemu/files/11_signal_sigaction.patch21
-rw-r--r--packages/qemu/files/12_signal_powerpc_support.patch401
-rw-r--r--packages/qemu/files/22_net_tuntap_stall.patch18
-rw-r--r--packages/qemu/files/30_syscall_ipc.patch34
-rw-r--r--packages/qemu/files/31_syscalls.patch49
-rw-r--r--packages/qemu/files/32_syscall_sysctl.patch56
-rw-r--r--packages/qemu/files/33_syscall_ppc_clone.patch22
-rw-r--r--packages/qemu/files/39_syscall_fadvise64.patch21
-rw-r--r--packages/qemu/files/41_arm_fpa_sigfpe.patch105
-rw-r--r--packages/qemu/files/52_ne2000_return.patch17
-rw-r--r--packages/qemu/files/61_safe_64bit_int.patch27
-rw-r--r--packages/qemu/files/63_sparc_build.patch18
-rw-r--r--packages/qemu/files/64_ppc_asm_constraints.patch18
-rw-r--r--packages/qemu/files/65_kfreebsd.patch44
-rw-r--r--packages/qemu/files/66_tls_ld.patch55
-rw-r--r--packages/qemu/files/91-oh-sdl-cursor.patch18
-rw-r--r--packages/qemu/files/93-oh-pl110-rgb.patch223
-rw-r--r--packages/qemu/files/fix_segfault.patch46
-rw-r--r--packages/qemu/files/qemu-0.9.0-nptl-update.patch294
-rw-r--r--packages/qemu/files/qemu-0.9.0-nptl.patch892
-rw-r--r--packages/qemu/files/qemu-amd64-32b-mapping-0.9.0.patch31
-rw-r--r--packages/qemu/files/workaround_bad_futex_headers.patch25
28 files changed, 2589 insertions, 0 deletions
diff --git a/packages/qemu/files/02_snapshot_use_tmpdir.patch b/packages/qemu/files/02_snapshot_use_tmpdir.patch
new file mode 100644
index 0000000000..bd955b6db3
--- /dev/null
+++ b/packages/qemu/files/02_snapshot_use_tmpdir.patch
@@ -0,0 +1,23 @@
+#DPATCHLEVEL=0
+---
+# block.c | 6 +++++-
+# 1 file changed, 5 insertions(+), 1 deletion(-)
+#
+Index: block.c
+===================================================================
+--- block.c.orig 2007-06-13 11:51:52.000000000 +0100
++++ block.c 2007-06-13 11:51:53.000000000 +0100
+@@ -188,8 +188,12 @@ void get_tmp_filename(char *filename, in
+ void get_tmp_filename(char *filename, int size)
+ {
+ int fd;
++ char *tmpdir;
+ /* XXX: race condition possible */
+- pstrcpy(filename, size, "/tmp/vl.XXXXXX");
++ tmpdir = getenv("TMPDIR");
++ if (!tmpdir)
++ tmpdir = "/tmp";
++ snprintf(filename, size, "%s/vl.XXXXXX", tmpdir);
+ fd = mkstemp(filename);
+ close(fd);
+ }
diff --git a/packages/qemu/files/03_machines_list_no_error.patch b/packages/qemu/files/03_machines_list_no_error.patch
new file mode 100644
index 0000000000..73f31550fe
--- /dev/null
+++ b/packages/qemu/files/03_machines_list_no_error.patch
@@ -0,0 +1,18 @@
+#DPATCHLEVEL=0
+---
+# vl.c | 2 +-
+# 1 file changed, 1 insertion(+), 1 deletion(-)
+#
+Index: vl.c
+===================================================================
+--- vl.c.orig 2007-06-13 11:51:52.000000000 +0100
++++ vl.c 2007-06-13 11:52:24.000000000 +0100
+@@ -7242,7 +7242,7 @@ int main(int argc, char **argv)
+ m->name, m->desc,
+ m == first_machine ? " (default)" : "");
+ }
+- exit(1);
++ exit(strcmp(optarg, "?"));
+ }
+ break;
+ case QEMU_OPTION_cpu:
diff --git a/packages/qemu/files/04_do_not_print_rtc_freq_if_ok.patch b/packages/qemu/files/04_do_not_print_rtc_freq_if_ok.patch
new file mode 100644
index 0000000000..1575cbce63
--- /dev/null
+++ b/packages/qemu/files/04_do_not_print_rtc_freq_if_ok.patch
@@ -0,0 +1,25 @@
+#DPATCHLEVEL=1
+---
+# vl.c | 6 +++++-
+# 1 file changed, 5 insertions(+), 1 deletion(-)
+#
+Index: qemu/vl.c
+===================================================================
+--- qemu.orig/vl.c 2007-06-13 11:51:53.000000000 +0100
++++ qemu/vl.c 2007-06-13 11:52:19.000000000 +0100
+@@ -1026,10 +1026,14 @@ static int rtc_fd;
+
+ static int start_rtc_timer(void)
+ {
++ unsigned long current_rtc_freq = 0;
++
+ rtc_fd = open("/dev/rtc", O_RDONLY);
+ if (rtc_fd < 0)
+ return -1;
+- if (ioctl(rtc_fd, RTC_IRQP_SET, RTC_FREQ) < 0) {
++ ioctl(rtc_fd, RTC_IRQP_READ, &current_rtc_freq);
++ if (current_rtc_freq != RTC_FREQ &&
++ ioctl(rtc_fd, RTC_IRQP_SET, RTC_FREQ) < 0) {
+ fprintf(stderr, "Could not configure '/dev/rtc' to have a 1024 Hz timer. This is not a fatal\n"
+ "error, but for better emulation accuracy either use a 2.6 host Linux kernel or\n"
+ "type 'echo 1024 > /proc/sys/dev/rtc/max-user-freq' as root.\n");
diff --git a/packages/qemu/files/05_non-fatal_if_linux_hd_missing.patch b/packages/qemu/files/05_non-fatal_if_linux_hd_missing.patch
new file mode 100644
index 0000000000..b7c4732f24
--- /dev/null
+++ b/packages/qemu/files/05_non-fatal_if_linux_hd_missing.patch
@@ -0,0 +1,17 @@
+#DPATCHLEVEL=1
+---
+# hw/pc.c | 1 -
+# 1 file changed, 1 deletion(-)
+#
+Index: qemu/hw/pc.c
+===================================================================
+--- qemu.orig/hw/pc.c 2007-06-13 11:51:52.000000000 +0100
++++ qemu/hw/pc.c 2007-06-13 11:51:53.000000000 +0100
+@@ -355,7 +355,6 @@ static void generate_bootsect(uint32_t g
+ if (bs_table[0] == NULL) {
+ fprintf(stderr, "A disk image must be given for 'hda' when booting "
+ "a Linux kernel\n");
+- exit(1);
+ }
+
+ memset(bootsect, 0, sizeof(bootsect));
diff --git a/packages/qemu/files/06_exit_segfault.patch b/packages/qemu/files/06_exit_segfault.patch
new file mode 100644
index 0000000000..447c3550b8
--- /dev/null
+++ b/packages/qemu/files/06_exit_segfault.patch
@@ -0,0 +1,45 @@
+#DPATCHLEVEL=0
+---
+# linux-user/main.c | 8 ++++----
+# 1 file changed, 4 insertions(+), 4 deletions(-)
+#
+Index: linux-user/main.c
+===================================================================
+--- linux-user/main.c.orig 2007-06-13 11:51:52.000000000 +0100
++++ linux-user/main.c 2007-06-13 11:52:16.000000000 +0100
+@@ -642,7 +642,7 @@ void cpu_loop (CPUSPARCState *env)
+ default:
+ printf ("Unhandled trap: 0x%x\n", trapnr);
+ cpu_dump_state(env, stderr, fprintf, 0);
+- exit (1);
++ _exit (1);
+ }
+ process_pending_signals (env);
+ }
+@@ -1471,7 +1471,7 @@ void cpu_loop (CPUState *env)
+ default:
+ printf ("Unhandled trap: 0x%x\n", trapnr);
+ cpu_dump_state(env, stderr, fprintf, 0);
+- exit (1);
++ _exit (1);
+ }
+ process_pending_signals (env);
+ }
+@@ -1735,7 +1735,7 @@ int main(int argc, char **argv)
+ for(item = cpu_log_items; item->mask != 0; item++) {
+ printf("%-10s %s\n", item->name, item->help);
+ }
+- exit(1);
++ _exit(1);
+ }
+ cpu_set_log(mask);
+ } else if (!strcmp(r, "s")) {
+@@ -1754,7 +1754,7 @@ int main(int argc, char **argv)
+ if (qemu_host_page_size == 0 ||
+ (qemu_host_page_size & (qemu_host_page_size - 1)) != 0) {
+ fprintf(stderr, "page size must be a power of two\n");
+- exit(1);
++ _exit(1);
+ }
+ } else if (!strcmp(r, "g")) {
+ gdbstub_port = atoi(argv[optind++]);
diff --git a/packages/qemu/files/10_signal_jobs.patch b/packages/qemu/files/10_signal_jobs.patch
new file mode 100644
index 0000000000..794a538676
--- /dev/null
+++ b/packages/qemu/files/10_signal_jobs.patch
@@ -0,0 +1,26 @@
+#DPATCHLEVEL=0
+---
+# linux-user/signal.c | 7 ++++++-
+# 1 file changed, 6 insertions(+), 1 deletion(-)
+#
+Index: linux-user/signal.c
+===================================================================
+--- linux-user/signal.c.orig 2007-06-13 11:51:52.000000000 +0100
++++ linux-user/signal.c 2007-06-13 11:52:21.000000000 +0100
+@@ -341,10 +341,15 @@ int queue_signal(int sig, target_siginfo
+ k = &sigact_table[sig - 1];
+ handler = k->sa._sa_handler;
+ if (handler == TARGET_SIG_DFL) {
++ if (sig == TARGET_SIGTSTP || sig == TARGET_SIGTTIN || sig == TARGET_SIGTTOU) {
++ kill(getpid(),SIGSTOP);
++ return 0;
++ } else
+ /* default handler : ignore some signal. The other are fatal */
+ if (sig != TARGET_SIGCHLD &&
+ sig != TARGET_SIGURG &&
+- sig != TARGET_SIGWINCH) {
++ sig != TARGET_SIGWINCH &&
++ sig != TARGET_SIGCONT) {
+ force_sig(sig);
+ } else {
+ return 0; /* indicate ignored */
diff --git a/packages/qemu/files/11_signal_sigaction.patch b/packages/qemu/files/11_signal_sigaction.patch
new file mode 100644
index 0000000000..5446efc562
--- /dev/null
+++ b/packages/qemu/files/11_signal_sigaction.patch
@@ -0,0 +1,21 @@
+#DPATCHLEVEL=0
+---
+# linux-user/signal.c | 5 +++++
+# 1 file changed, 5 insertions(+)
+#
+Index: linux-user/signal.c
+===================================================================
+--- linux-user/signal.c.orig 2007-06-13 11:51:54.000000000 +0100
++++ linux-user/signal.c 2007-06-13 11:52:20.000000000 +0100
+@@ -429,6 +429,11 @@ int do_sigaction(int sig, const struct t
+
+ if (sig < 1 || sig > TARGET_NSIG || sig == SIGKILL || sig == SIGSTOP)
+ return -EINVAL;
++
++ /* no point doing the stuff as those are not allowed for sigaction */
++ if ((sig == TARGET_SIGKILL) || (sig == TARGET_SIGSTOP))
++ return -EINVAL;
++
+ k = &sigact_table[sig - 1];
+ #if defined(DEBUG_SIGNAL)
+ fprintf(stderr, "sigaction sig=%d act=0x%08x, oact=0x%08x\n",
diff --git a/packages/qemu/files/12_signal_powerpc_support.patch b/packages/qemu/files/12_signal_powerpc_support.patch
new file mode 100644
index 0000000000..d8d4198784
--- /dev/null
+++ b/packages/qemu/files/12_signal_powerpc_support.patch
@@ -0,0 +1,401 @@
+#DPATCHLEVEL=1
+---
+# linux-user/signal.c | 371 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+# 1 file changed, 371 insertions(+)
+#
+Index: qemu/linux-user/signal.c
+===================================================================
+--- qemu.orig/linux-user/signal.c 2007-06-13 11:51:54.000000000 +0100
++++ qemu/linux-user/signal.c 2007-06-13 11:51:54.000000000 +0100
+@@ -2,6 +2,7 @@
+ * Emulation of Linux signals
+ *
+ * Copyright (c) 2003 Fabrice Bellard
++ * Copyright (c) 2005 Josh Triplett <josh@psas.pdx.edu>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -16,6 +17,12 @@
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++ *
++ * Various portions adapted from the Linux kernel:
++ * Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
++ * Derived from "arch/i386/kernel/signal.c"
++ * Copyright (C) 1991, 1992 Linus Torvalds
++ * 1997-11-28 Modified for POSIX.1b signals by Richard Henderson
+ */
+ #include <stdlib.h>
+ #include <stdio.h>
+@@ -1964,6 +1971,370 @@ long do_rt_sigreturn(CPUState *env)
+ return -ENOSYS;
+ }
+
++#elif defined(TARGET_PPC)
++/* Adapted from the Linux kernel:
++ * arch/ppc/kernel/signal.c
++ * include/asm-ppc/elf.h
++ * include/asm-ppc/ptrace.h
++ * include/asm-ppc/sigcontext.h
++ * include/asm-ppc/ucontext.h
++ */
++
++/*
++ * When we have signals to deliver, we set up on the
++ * user stack, going down from the original stack pointer:
++ * a sigregs struct
++ * a sigcontext struct
++ * a gap of __SIGNAL_FRAMESIZE bytes
++ *
++ * Each of these things must be a multiple of 16 bytes in size.
++ *
++ */
++
++#define TARGET_ELF_NGREG 48 /* includes nip, msr, lr, etc. */
++#define TARGET_ELF_NFPREG 33 /* includes fpscr */
++#define TARGET_ELF_NVRREG 33 /* includes vscr */
++
++/* General registers */
++typedef unsigned long target_elf_greg_t;
++typedef target_elf_greg_t target_elf_gregset_t[TARGET_ELF_NGREG];
++
++/* Floating point registers */
++typedef double target_elf_fpreg_t;
++typedef target_elf_fpreg_t target_elf_fpregset_t[TARGET_ELF_NFPREG];
++
++/* Altivec registers */
++/* FIXME: Altivec not supported yet. */
++/* typedef __vector128 elf_vrreg_t; */
++typedef uint64_t target_elf_vrreg_t[2];
++typedef target_elf_vrreg_t target_elf_vrregset_t[TARGET_ELF_NVRREG];
++
++struct target_mcontext {
++ target_elf_gregset_t mc_gregs;
++ target_elf_fpregset_t mc_fregs;
++ /* The kernel calls this mc_pad, but does #define tramp mc_pad */
++ target_ulong tramp[2];
++ target_elf_vrregset_t mc_vregs __attribute__((__aligned__(16)));
++};
++
++struct target_sigregs {
++ struct target_mcontext mctx; /* all the register values */
++ /* Programs using the rs6000/xcoff abi can save up to 19 gp regs
++ and 18 fp regs below sp before decrementing it. */
++ int abigap[56];
++};
++
++struct target_sigcontext {
++ target_ulong _unused[4];
++ uint32_t signal;
++ target_ulong handler;
++ target_ulong oldmask;
++ struct target_pt_regs *regs;
++};
++
++#define __SIGNAL_FRAMESIZE 64
++
++static int
++save_user_regs(CPUState *env, struct target_mcontext *frame, int sigret)
++{
++ /* save general and floating-point registers */
++#if 0 /* FIXME: handle floating-point, Altivec, SPE */
++ CHECK_FULL_REGS(regs);
++ preempt_disable();
++ if (regs->msr & MSR_FP)
++ giveup_fpu(current);
++#ifdef CONFIG_ALTIVEC
++ if (current->thread.used_vr && (regs->msr & MSR_VEC))
++ giveup_altivec(current);
++#endif /* CONFIG_ALTIVEC */
++#ifdef CONFIG_SPE
++ if (current->thread.used_spe && (regs->msr & MSR_SPE))
++ giveup_spe(current);
++#endif /* CONFIG_ALTIVEC */
++ preempt_enable();
++#endif /* 0 */
++
++ /* Note: this needs to be in the same order as target_pt_regs */
++ if(!memcpy(&frame->mc_gregs, env->gpr,
++ 32*sizeof(target_elf_greg_t))
++ || __put_user(env->nip, &frame->mc_gregs[32])
++ || __put_user(do_load_msr(env), &frame->mc_gregs[33])
++ /* FIXME: || __put_user(orig_gpr3, &frame->mc_gregs[34]) */
++ || __put_user(env->ctr, &frame->mc_gregs[35])
++ || __put_user(env->lr, &frame->mc_gregs[36])
++ || __put_user(do_load_xer(env), &frame->mc_gregs[37])
++ || __put_user(do_load_cr(env), &frame->mc_gregs[38])
++ || __put_user(env->spr[SPR_MQ], &frame->mc_gregs[39])
++ /* FIXME: || __put_user(trap, &frame->mc_gregs[40]) */
++ || __put_user(env->spr[SPR_DAR], &frame->mc_gregs[41])
++ || __put_user(env->spr[SPR_DSISR], &frame->mc_gregs[42])
++ /* FIXME: || __put_user(result, &frame->mc_gregs[43]) */)
++ return 1;
++
++ if(!memcpy(&frame->mc_fregs, env->fpr,
++ 32*sizeof(target_elf_fpreg_t))
++ || __put_user(do_load_fpscr(env), &frame->mc_fregs[32]))
++
++ do_store_fpscr(env, 0, 0xFF); /* turn off all fp exceptions */
++
++#if 0 /* FIXME: handle Altivec, SPE */
++#ifdef CONFIG_ALTIVEC
++ /* save altivec registers */
++ if (current->thread.used_vr) {
++ if (!memcpy(&frame->mc_vregs, current->thread.vr,
++ ELF_NVRREG * sizeof(vector128)))
++ return 1;
++ /* set MSR_VEC in the saved MSR value to indicate that
++ frame->mc_vregs contains valid data */
++ if (__put_user(regs->msr | MSR_VEC, &frame->mc_gregs[PT_MSR]))
++ return 1;
++ }
++ /* else assert((regs->msr & MSR_VEC) == 0) */
++
++ /* We always copy to/from vrsave, it's 0 if we don't have or don't
++ * use altivec. Since VSCR only contains 32 bits saved in the least
++ * significant bits of a vector, we "cheat" and stuff VRSAVE in the
++ * most significant bits of that same vector. --BenH
++ */
++ if (__put_user(current->thread.vrsave, (u32 __user *)&frame->mc_vregs[32]))
++ return 1;
++#endif /* CONFIG_ALTIVEC */
++
++#ifdef CONFIG_SPE
++ /* save spe registers */
++ if (current->thread.used_spe) {
++ if (!memcpy(&frame->mc_vregs, current->thread.evr,
++ ELF_NEVRREG * sizeof(u32)))
++ return 1;
++ /* set MSR_SPE in the saved MSR value to indicate that
++ frame->mc_vregs contains valid data */
++ if (__put_user(regs->msr | MSR_SPE, &frame->mc_gregs[PT_MSR]))
++ return 1;
++ }
++ /* else assert((regs->msr & MSR_SPE) == 0) */
++
++ /* We always copy to/from spefscr */
++ if (__put_user(current->thread.spefscr, (u32 *)&frame->mc_vregs + ELF_NEVRREG))
++ return 1;
++#endif /* CONFIG_SPE */
++#endif /* 0 */
++
++ if (sigret) {
++ /* Set up the sigreturn trampoline: li r0,sigret; sc */
++ if (__put_user(0x38000000UL + sigret, &frame->tramp[0])
++ || __put_user(0x44000002UL, &frame->tramp[1]))
++ return 1;
++#if 0
++ flush_icache_range((unsigned long) &frame->tramp[0],
++ (unsigned long) &frame->tramp[2]);
++#endif
++ }
++
++ return 0;
++}
++
++static int
++restore_user_regs(CPUState *env, struct target_mcontext *sr, int sig)
++{
++ target_ulong save_r2 = 0;
++ target_ulong saved_xer;
++ target_ulong saved_cr;
++ double saved_fpscr;
++
++#if 0 /* FIXME: handle Altivec, SPE */
++#if defined(CONFIG_ALTIVEC) || defined(CONFIG_SPE)
++ unsigned long msr;
++#endif
++#endif /* 0 */
++
++ /* backup/restore the TLS as we don't want it to be modified */
++ if (!sig)
++ save_r2 = env->gpr[2];
++
++ /* Copy all registers except MSR */
++ /* Note: this needs to be in the same order as target_pt_regs */
++ if(!memcpy(env->gpr, &sr->mc_gregs,
++ 32*sizeof(target_elf_greg_t))
++ || __get_user(env->nip, &sr->mc_gregs[32])
++ /* FIXME: || __get_user(orig_gpr3, &sr->mc_gregs[34]) */
++ || __get_user(env->ctr, &sr->mc_gregs[35])
++ || __get_user(env->lr, &sr->mc_gregs[36])
++ || __get_user(saved_xer, &sr->mc_gregs[37])
++ || __get_user(saved_cr, &sr->mc_gregs[38])
++ || __get_user(env->spr[SPR_MQ], &sr->mc_gregs[39])
++ /* FIXME: || __get_user(trap, &sr->mc_gregs[40]) */
++ || __get_user(env->spr[SPR_DAR], &sr->mc_gregs[41])
++ || __get_user(env->spr[SPR_DSISR], &sr->mc_gregs[42])
++ /* FIXME: || __get_user(result, &sr->mc_gregs[43]) */)
++ return 1;
++ do_store_xer(env, saved_xer);
++ do_store_cr(env, saved_cr, 0xFF);
++
++ if (!sig)
++ env->gpr[2] = save_r2;
++
++ /* The kernel delays restoring the floating-point registers until the
++ * thread uses floating-point again. For simplicity, just restore the
++ * registers now. */
++ if(!memcpy(env->fpr, &sr->mc_fregs,
++ 32*sizeof(target_elf_fpreg_t))
++ || __get_user(saved_fpscr, &sr->mc_fregs[32]))
++ return 1;
++ do_store_fpscr(env, saved_fpscr, 0xFF);
++
++#if 0 /* FIXME: handle Altivec, SPE */
++#ifdef CONFIG_ALTIVEC
++ /* force the process to reload the altivec registers from
++ current->thread when it next does altivec instructions */
++ regs->msr &= ~MSR_VEC;
++ if (!__get_user(msr, &sr->mc_gregs[PT_MSR]) && (msr & MSR_VEC) != 0) {
++ /* restore altivec registers from the stack */
++ if (!memcpy(current->thread.vr, &sr->mc_vregs,
++ sizeof(sr->mc_vregs)))
++ return 1;
++ } else if (current->thread.used_vr)
++ memset(&current->thread.vr, 0, ELF_NVRREG * sizeof(vector128));
++
++ /* Always get VRSAVE back */
++ if (__get_user(current->thread.vrsave, (u32 __user *)&sr->mc_vregs[32]))
++ return 1;
++#endif /* CONFIG_ALTIVEC */
++
++#ifdef CONFIG_SPE
++ /* force the process to reload the spe registers from
++ current->thread when it next does spe instructions */
++ regs->msr &= ~MSR_SPE;
++ if (!__get_user(msr, &sr->mc_gregs[PT_MSR]) && (msr & MSR_SPE) != 0) {
++ /* restore spe registers from the stack */
++ if (!memcpy(current->thread.evr, &sr->mc_vregs,
++ ELF_NEVRREG * sizeof(u32)))
++ return 1;
++ } else if (current->thread.used_spe)
++ memset(&current->thread.evr, 0, ELF_NEVRREG * sizeof(u32));
++
++ /* Always get SPEFSCR back */
++ if (__get_user(current->thread.spefscr, (u32 *)&sr->mc_vregs + ELF_NEVRREG))
++ return 1;
++#endif /* CONFIG_SPE */
++#endif /* 0 */
++
++#if 0 /* FIXME: handle floating-point, Altivec, SPE */
++#ifndef CONFIG_SMP
++ preempt_disable();
++ if (last_task_used_math == current)
++ last_task_used_math = NULL;
++ if (last_task_used_altivec == current)
++ last_task_used_altivec = NULL;
++ if (last_task_used_spe == current)
++ last_task_used_spe = NULL;
++ preempt_enable();
++#endif
++#endif /* 0 */
++ return 0;
++}
++
++static void setup_frame(int sig, struct emulated_sigaction *ka,
++ target_sigset_t *oldset, CPUState *env)
++{
++ struct target_sigcontext *sc;
++ struct target_sigregs *frame;
++ target_ulong origsp = env->gpr[1];
++ target_ulong newsp = origsp;
++
++ /* Set up Signal Frame */
++ newsp -= sizeof(struct target_sigregs);
++ frame = (struct target_sigregs *) newsp;
++
++ /* Put a sigcontext on the stack */
++ newsp -= sizeof(*sc);
++ sc = (struct target_sigcontext *) newsp;
++
++ /* create a stack frame for the caller of the handler */
++ newsp -= __SIGNAL_FRAMESIZE;
++
++ if (!access_ok(VERIFY_WRITE, (void *) newsp, origsp - newsp))
++ goto badframe;
++
++#if TARGET_NSIG != 64
++#error "Please adjust handle_signal()"
++#endif
++ if (__put_user((target_ulong) ka->sa._sa_handler, &sc->handler)
++ || __put_user(oldset->sig[0], &sc->oldmask)
++ || __put_user(oldset->sig[1], &sc->_unused[3])
++ || __put_user(frame, (target_ulong *)&sc->regs)
++ || __put_user(sig, &sc->signal))
++ goto badframe;
++
++ if (save_user_regs(env, &frame->mctx, TARGET_NR_sigreturn))
++ goto badframe;
++
++ if (put_user(env->gpr[1], (unsigned long *)newsp))
++ goto badframe;
++ env->gpr[1] = newsp;
++ env->gpr[3] = sig;
++ env->gpr[4] = (unsigned long) sc;
++ env->nip = (unsigned long) ka->sa._sa_handler;
++ env->lr = (unsigned long) frame->mctx.tramp;
++ /* FIXME: env->trap = 0; */
++
++ return;
++
++badframe:
++#ifdef DEBUG_SIGNAL
++ fprintf(stderr,
++ "badframe in handle_signal, frame=%p newsp=%lx\n",
++ frame, newsp);
++#endif
++ force_sig(TARGET_SIGSEGV);
++}
++
++static void setup_rt_frame(int sig, struct emulated_sigaction *ka,
++ target_siginfo_t *info,
++ target_sigset_t *set, CPUState *env)
++{
++ fprintf(stderr, "setup_rt_frame: not implemented\n");
++}
++
++long do_sigreturn(CPUState *env)
++{
++ struct target_sigcontext *sc;
++ struct target_sigcontext sigctx;
++ struct target_mcontext *sr;
++ target_sigset_t set;
++ sigset_t host_set;
++
++ /* Always make any pending restarted system calls return -EINTR */
++#if 0 /* FIXME */
++ current_thread_info()->restart_block.fn = do_no_restart_syscall;
++#endif
++
++ sc = (struct target_sigcontext *)(env->gpr[1] + __SIGNAL_FRAMESIZE);
++ if (!memcpy(&sigctx, sc, sizeof(sigctx)))
++ goto badframe;
++
++ set.sig[0] = sigctx.oldmask;
++ set.sig[1] = sigctx._unused[3];
++ target_to_host_sigset_internal(&host_set, &set);
++ sigprocmask(SIG_SETMASK, &host_set, NULL);
++
++ sr = (struct target_mcontext *) tswapl((target_ulong)sigctx.regs);
++ if (!access_ok(VERIFY_READ, sr, sizeof(*sr))
++ || restore_user_regs(env, sr, 1))
++ goto badframe;
++
++ return 0;
++
++badframe:
++ force_sig(TARGET_SIGSEGV);
++ return 0;
++}
++
++long do_rt_sigreturn(CPUState *env)
++{
++ fprintf(stderr, "do_rt_sigreturn: not implemented\n");
++ return -ENOSYS;
++}
++
+ #else
+
+ static void setup_frame(int sig, struct emulated_sigaction *ka,
diff --git a/packages/qemu/files/22_net_tuntap_stall.patch b/packages/qemu/files/22_net_tuntap_stall.patch
new file mode 100644
index 0000000000..e9b31dfe40
--- /dev/null
+++ b/packages/qemu/files/22_net_tuntap_stall.patch
@@ -0,0 +1,18 @@
+#DPATCHLEVEL=0
+---
+# vl.c | 2 +-
+# 1 file changed, 1 insertion(+), 1 deletion(-)
+#
+Index: vl.c
+===================================================================
+--- vl.c.orig 2007-06-13 11:51:53.000000000 +0100
++++ vl.c 2007-06-13 11:52:10.000000000 +0100
+@@ -3617,7 +3617,7 @@ static int tap_open(char *ifname, int if
+ return -1;
+ }
+ memset(&ifr, 0, sizeof(ifr));
+- ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
++ ifr.ifr_flags = IFF_TAP | IFF_NO_PI | IFF_ONE_QUEUE;
+ if (ifname[0] != '\0')
+ pstrcpy(ifr.ifr_name, IFNAMSIZ, ifname);
+ else
diff --git a/packages/qemu/files/30_syscall_ipc.patch b/packages/qemu/files/30_syscall_ipc.patch
new file mode 100644
index 0000000000..3dc58102ad
--- /dev/null
+++ b/packages/qemu/files/30_syscall_ipc.patch
@@ -0,0 +1,34 @@
+#DPATCHLEVEL=0
+---
+# linux-user/syscall.c | 7 +++++--
+# 1 file changed, 5 insertions(+), 2 deletions(-)
+#
+Index: linux-user/syscall.c
+===================================================================
+--- linux-user/syscall.c.orig 2007-04-18 13:25:40.000000000 +0100
++++ linux-user/syscall.c 2007-04-18 13:37:27.000000000 +0100
+@@ -43,7 +43,10 @@
+ #include <sys/poll.h>
+ #include <sys/times.h>
+ #include <sys/shm.h>
++#include <sys/ipc.h>
+ #include <sys/sem.h>
++#include <sys/shm.h>
++#include <sys/msg.h>
+ #include <sys/statfs.h>
+ #include <utime.h>
+ #include <sys/sysinfo.h>
+@@ -1240,11 +1243,11 @@ static long do_ipc(long call, long first
+ ret = get_errno(shmctl(first, second, NULL));
+ break;
+ default:
+- goto unimplemented;
++ ret = get_errno(shmctl(first, second, (struct shmid_ds *) ptr));
++ break;
+ }
+ break;
+ default:
+- unimplemented:
+ gemu_log("Unsupported ipc call: %ld (version %d)\n", call, version);
+ ret = -ENOSYS;
+ break;
diff --git a/packages/qemu/files/31_syscalls.patch b/packages/qemu/files/31_syscalls.patch
new file mode 100644
index 0000000000..3878079f19
--- /dev/null
+++ b/packages/qemu/files/31_syscalls.patch
@@ -0,0 +1,49 @@
+#DPATCHLEVEL=0
+---
+# Makefile.target | 2 +-
+# linux-user/syscall.c | 11 ++++++++---
+# 2 files changed, 9 insertions(+), 4 deletions(-)
+#
+Index: linux-user/syscall.c
+===================================================================
+--- linux-user/syscall.c.orig 2007-06-13 11:51:52.000000000 +0100
++++ linux-user/syscall.c 2007-06-13 11:52:18.000000000 +0100
+@@ -180,6 +180,7 @@ extern int getresuid(uid_t *, uid_t *, u
+ extern int setresgid(gid_t, gid_t, gid_t);
+ extern int getresgid(gid_t *, gid_t *, gid_t *);
+ extern int setgroups(int, gid_t *);
++extern int uselib(const char*);
+
+ /*
+ * This list is the union of errno values overidden in asm-<arch>/errno.h
+@@ -3215,7 +3216,8 @@ long do_syscall(void *cpu_env, int num,
+ break;
+ #ifdef TARGET_NR_uselib
+ case TARGET_NR_uselib:
+- goto unimplemented;
++ ret = get_errno(uselib(path((const char*)arg1)));
++ break;
+ #endif
+ #ifdef TARGET_NR_swapon
+ case TARGET_NR_swapon:
+@@ -4405,7 +4407,9 @@ long do_syscall(void *cpu_env, int num,
+ goto unimplemented;
+ #ifdef TARGET_NR_mincore
+ case TARGET_NR_mincore:
+- goto unimplemented;
++ page_unprotect_range((void*)arg3, ((size_t)arg2 + TARGET_PAGE_SIZE - 1) / TARGET_PAGE_SIZE);
++ ret = get_errno(mincore((void*)arg1, (size_t)arg2, (unsigned char*)arg3));
++ break;
+ #endif
+ #ifdef TARGET_NR_madvise
+ case TARGET_NR_madvise:
+@@ -4539,7 +4543,8 @@ long do_syscall(void *cpu_env, int num,
+ break;
+ #ifdef TARGET_NR_readahead
+ case TARGET_NR_readahead:
+- goto unimplemented;
++ ret = get_errno(readahead((int)arg1, (off64_t)arg2, (size_t)arg3));
++ break;
+ #endif
+ #ifdef TARGET_NR_setxattr
+ case TARGET_NR_setxattr:
diff --git a/packages/qemu/files/32_syscall_sysctl.patch b/packages/qemu/files/32_syscall_sysctl.patch
new file mode 100644
index 0000000000..d175cf96ba
--- /dev/null
+++ b/packages/qemu/files/32_syscall_sysctl.patch
@@ -0,0 +1,56 @@
+#DPATCHLEVEL=0
+---
+# linux-user/syscall.c | 33 ++++++++++++++++++++++++++++++---
+# 1 file changed, 30 insertions(+), 3 deletions(-)
+#
+Index: linux-user/syscall.c
+===================================================================
+--- linux-user/syscall.c.orig 2007-06-13 11:51:54.000000000 +0100
++++ linux-user/syscall.c 2007-06-13 11:52:17.000000000 +0100
+@@ -52,6 +52,7 @@
+ //#include <sys/user.h>
+ #include <netinet/ip.h>
+ #include <netinet/tcp.h>
++#include <sys/sysctl.h>
+
+ #define termios host_termios
+ #define winsize host_winsize
+@@ -3912,9 +3913,35 @@ long do_syscall(void *cpu_env, int num,
+ break;
+ #endif
+ case TARGET_NR__sysctl:
+- /* We don't implement this, but ENODIR is always a safe
+- return value. */
+- return -ENOTDIR;
++ {
++ struct __sysctl_args *args = (struct __sysctl_args *) arg1;
++ int *name_target, *name, nlen, *oldlenp, oldlen, newlen, i;
++ void *oldval, *newval;
++
++ name_target = (int *) tswapl((long) args->name);
++ nlen = tswapl(args->nlen);
++ oldval = (void *) tswapl((long) args->oldval);
++ oldlenp = (int *) tswapl((long) args->oldlenp);
++ oldlen = tswapl(*oldlenp);
++ newval = (void *) tswapl((long) args->newval);
++ newlen = tswapl(args->newlen);
++
++ name = alloca(nlen * sizeof (int));
++ for (i = 0; i < nlen; i++)
++ name[i] = tswapl(name_target[i]);
++
++ if (nlen == 2 && name[0] == CTL_KERN && name[1] == KERN_VERSION) {
++ ret = get_errno(
++ sysctl(name, nlen, oldval, &oldlen, newval, newlen));
++ if (!is_error(ret)) {
++ *oldlenp = tswapl(oldlen);
++ }
++ } else {
++ gemu_log("qemu: Unsupported sysctl name\n");
++ ret = -ENOSYS;
++ }
++ }
++ break;
+ case TARGET_NR_sched_setparam:
+ {
+ struct sched_param *target_schp;
diff --git a/packages/qemu/files/33_syscall_ppc_clone.patch b/packages/qemu/files/33_syscall_ppc_clone.patch
new file mode 100644
index 0000000000..a71f8b1944
--- /dev/null
+++ b/packages/qemu/files/33_syscall_ppc_clone.patch
@@ -0,0 +1,22 @@
+#DPATCHLEVEL=0
+---
+# linux-user/syscall.c | 6 +-----
+# 1 file changed, 1 insertion(+), 5 deletions(-)
+#
+Index: linux-user/syscall.c
+===================================================================
+--- linux-user/syscall.c.orig 2007-06-13 11:51:54.000000000 +0100
++++ linux-user/syscall.c 2007-06-13 11:52:17.000000000 +0100
+@@ -2177,11 +2177,7 @@ int do_fork(CPUState *env, unsigned int
+ if (!newsp)
+ newsp = env->gpr[1];
+ new_env->gpr[1] = newsp;
+- {
+- int i;
+- for (i = 7; i < 32; i++)
+- new_env->gpr[i] = 0;
+- }
++ new_env->gpr[3] = 0;
+ #elif defined(TARGET_SH4)
+ if (!newsp)
+ newsp = env->gregs[15];
diff --git a/packages/qemu/files/39_syscall_fadvise64.patch b/packages/qemu/files/39_syscall_fadvise64.patch
new file mode 100644
index 0000000000..0a7f4c48dd
--- /dev/null
+++ b/packages/qemu/files/39_syscall_fadvise64.patch
@@ -0,0 +1,21 @@
+---
+ linux-user/syscall.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+Index: linux-user/syscall.c
+===================================================================
+--- linux-user/syscall.c.orig 2007-06-13 11:51:55.000000000 +0100
++++ linux-user/syscall.c 2007-06-13 11:52:13.000000000 +0100
+@@ -4434,6 +4434,12 @@ long do_syscall(void *cpu_env, int num,
+ ret = get_errno(mincore((void*)arg1, (size_t)arg2, (unsigned char*)arg3));
+ break;
+ #endif
++#ifdef TARGET_NR_fadvise64_64
++ case TARGET_NR_fadvise64_64:
++ /* Just return success */
++ ret = get_errno(0);
++ break;
++#endif
+ #ifdef TARGET_NR_madvise
+ case TARGET_NR_madvise:
+ /* A straight passthrough may not be safe because qemu sometimes
diff --git a/packages/qemu/files/41_arm_fpa_sigfpe.patch b/packages/qemu/files/41_arm_fpa_sigfpe.patch
new file mode 100644
index 0000000000..d579dbc66e
--- /dev/null
+++ b/packages/qemu/files/41_arm_fpa_sigfpe.patch
@@ -0,0 +1,105 @@
+#DPATCHLEVEL=0
+---
+# linux-user/main.c | 53 +++++++++++++++++++++++++++++++++++++++++++++--
+# target-arm/nwfpe/fpa11.c | 7 ++++++
+# 2 files changed, 58 insertions(+), 2 deletions(-)
+#
+Index: linux-user/main.c
+===================================================================
+--- linux-user/main.c.orig 2007-06-13 11:51:53.000000000 +0100
++++ linux-user/main.c 2007-06-13 11:52:07.000000000 +0100
+@@ -339,18 +339,67 @@ void cpu_loop(CPUARMState *env)
+ {
+ TaskState *ts = env->opaque;
+ uint32_t opcode;
++ int rc;
+
+ /* we handle the FPU emulation here, as Linux */
+ /* we get the opcode */
+ opcode = tget32(env->regs[15]);
+
+- if (EmulateAll(opcode, &ts->fpa, env) == 0) {
++ rc = EmulateAll(opcode, &ts->fpa, env);
++ if (rc == 0) { /* illegal instruction */
+ info.si_signo = SIGILL;
+ info.si_errno = 0;
+ info.si_code = TARGET_ILL_ILLOPN;
+ info._sifields._sigfault._addr = env->regs[15];
+ queue_signal(info.si_signo, &info);
+- } else {
++ } else if (rc < 0) { /* FP exception */
++ int arm_fpe=0;
++
++ /* translate softfloat flags to FPSR flags */
++ if (-rc & float_flag_invalid)
++ arm_fpe |= BIT_IOC;
++ if (-rc & float_flag_divbyzero)
++ arm_fpe |= BIT_DZC;
++ if (-rc & float_flag_overflow)
++ arm_fpe |= BIT_OFC;
++ if (-rc & float_flag_underflow)
++ arm_fpe |= BIT_UFC;
++ if (-rc & float_flag_inexact)
++ arm_fpe |= BIT_IXC;
++
++ FPSR fpsr = ts->fpa.fpsr;
++ //printf("fpsr 0x%x, arm_fpe 0x%x\n",fpsr,arm_fpe);
++
++ if (fpsr & (arm_fpe << 16)) { /* exception enabled? */
++ info.si_signo = SIGFPE;
++ info.si_errno = 0;
++
++ /* ordered by priority, least first */
++ if (arm_fpe & BIT_IXC) info.si_code = TARGET_FPE_FLTRES;
++ if (arm_fpe & BIT_UFC) info.si_code = TARGET_FPE_FLTUND;
++ if (arm_fpe & BIT_OFC) info.si_code = TARGET_FPE_FLTOVF;
++ if (arm_fpe & BIT_DZC) info.si_code = TARGET_FPE_FLTDIV;
++ if (arm_fpe & BIT_IOC) info.si_code = TARGET_FPE_FLTINV;
++
++ info._sifields._sigfault._addr = env->regs[15];
++ queue_signal(info.si_signo, &info);
++ } else {
++ env->regs[15] += 4;
++ }
++
++ /* accumulate unenabled exceptions */
++ if ((!(fpsr & BIT_IXE)) && (arm_fpe & BIT_IXC))
++ fpsr |= BIT_IXC;
++ if ((!(fpsr & BIT_UFE)) && (arm_fpe & BIT_UFC))
++ fpsr |= BIT_UFC;
++ if ((!(fpsr & BIT_OFE)) && (arm_fpe & BIT_OFC))
++ fpsr |= BIT_OFC;
++ if ((!(fpsr & BIT_DZE)) && (arm_fpe & BIT_DZC))
++ fpsr |= BIT_DZC;
++ if ((!(fpsr & BIT_IOE)) && (arm_fpe & BIT_IOC))
++ fpsr |= BIT_IOC;
++ ts->fpa.fpsr=fpsr;
++ } else { /* everything OK */
+ /* increment PC */
+ env->regs[15] += 4;
+ }
+Index: target-arm/nwfpe/fpa11.c
+===================================================================
+--- target-arm/nwfpe/fpa11.c.orig 2007-06-13 11:51:52.000000000 +0100
++++ target-arm/nwfpe/fpa11.c 2007-06-13 11:51:55.000000000 +0100
+@@ -162,6 +162,8 @@ unsigned int EmulateAll(unsigned int opc
+ fpa11->initflag = 1;
+ }
+
++ set_float_exception_flags(0, &fpa11->fp_status);
++
+ if (TEST_OPCODE(opcode,MASK_CPRT))
+ {
+ //fprintf(stderr,"emulating CPRT\n");
+@@ -191,6 +193,11 @@ unsigned int EmulateAll(unsigned int opc
+ }
+
+ // restore_flags(flags);
++ if(nRc == 1 && get_float_exception_flags(&fpa11->fp_status))
++ {
++ //printf("fef 0x%x\n",float_exception_flags);
++ nRc=-get_float_exception_flags(&fpa11->fp_status);
++ }
+
+ //printf("returning %d\n",nRc);
+ return(nRc);
diff --git a/packages/qemu/files/52_ne2000_return.patch b/packages/qemu/files/52_ne2000_return.patch
new file mode 100644
index 0000000000..f0316c8042
--- /dev/null
+++ b/packages/qemu/files/52_ne2000_return.patch
@@ -0,0 +1,17 @@
+---
+ hw/ne2000.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: qemu/hw/ne2000.c
+===================================================================
+--- qemu.orig/hw/ne2000.c 2007-06-13 11:51:52.000000000 +0100
++++ qemu/hw/ne2000.c 2007-06-13 11:51:55.000000000 +0100
+@@ -214,7 +214,7 @@ static int ne2000_can_receive(void *opaq
+ NE2000State *s = opaque;
+
+ if (s->cmd & E8390_STOP)
+- return 1;
++ return 0;
+ return !ne2000_buffer_full(s);
+ }
+
diff --git a/packages/qemu/files/61_safe_64bit_int.patch b/packages/qemu/files/61_safe_64bit_int.patch
new file mode 100644
index 0000000000..553e57623e
--- /dev/null
+++ b/packages/qemu/files/61_safe_64bit_int.patch
@@ -0,0 +1,27 @@
+#DPATCHLEVEL=0
+---
+# dyngen-exec.h | 4 ++--
+# 1 file changed, 2 insertions(+), 2 deletions(-)
+#
+Index: dyngen-exec.h
+===================================================================
+--- dyngen-exec.h.orig 2007-06-13 11:48:22.000000000 +0100
++++ dyngen-exec.h 2007-06-13 11:51:55.000000000 +0100
+@@ -38,7 +38,7 @@ typedef unsigned int uint32_t;
+ // Linux/Sparc64 defines uint64_t
+ #if !(defined (__sparc_v9__) && defined(__linux__))
+ /* XXX may be done for all 64 bits targets ? */
+-#if defined (__x86_64__) || defined(__ia64)
++#if defined (__x86_64__) || defined(__ia64) || defined(__alpha__) || defined(__sparc__)
+ typedef unsigned long uint64_t;
+ #else
+ typedef unsigned long long uint64_t;
+@@ -55,7 +55,7 @@ typedef signed short int16_t;
+ typedef signed int int32_t;
+ // Linux/Sparc64 defines int64_t
+ #if !(defined (__sparc_v9__) && defined(__linux__))
+-#if defined (__x86_64__) || defined(__ia64)
++#if defined (__x86_64__) || defined(__ia64) || defined(__alpha__) || defined(__sparc__)
+ typedef signed long int64_t;
+ #else
+ typedef signed long long int64_t;
diff --git a/packages/qemu/files/63_sparc_build.patch b/packages/qemu/files/63_sparc_build.patch
new file mode 100644
index 0000000000..32a6bc0ee0
--- /dev/null
+++ b/packages/qemu/files/63_sparc_build.patch
@@ -0,0 +1,18 @@
+#DPATCHLEVEL=0
+---
+# sparc.ld | 2 +-
+# 1 file changed, 1 insertion(+), 1 deletion(-)
+#
+Index: sparc.ld
+===================================================================
+--- sparc.ld.orig 2007-06-13 11:48:22.000000000 +0100
++++ sparc.ld 2007-06-13 11:51:56.000000000 +0100
+@@ -6,7 +6,7 @@ ENTRY(_start)
+ SECTIONS
+ {
+ /* Read-only sections, merged into text segment: */
+- . = 0x60000000 + SIZEOF_HEADERS;
++ . = 0x60000000 + 0x400;
+ .interp : { *(.interp) }
+ .hash : { *(.hash) }
+ .dynsym : { *(.dynsym) }
diff --git a/packages/qemu/files/64_ppc_asm_constraints.patch b/packages/qemu/files/64_ppc_asm_constraints.patch
new file mode 100644
index 0000000000..e4858b79d7
--- /dev/null
+++ b/packages/qemu/files/64_ppc_asm_constraints.patch
@@ -0,0 +1,18 @@
+#DPATCHLEVEL=1
+---
+# cpu-all.h | 2 +-
+# 1 file changed, 1 insertion(+), 1 deletion(-)
+#
+Index: qemu/cpu-all.h
+===================================================================
+--- qemu.orig/cpu-all.h 2007-06-13 11:48:22.000000000 +0100
++++ qemu/cpu-all.h 2007-06-13 11:51:56.000000000 +0100
+@@ -250,7 +250,7 @@ static inline void stw_le_p(void *ptr, i
+ static inline void stl_le_p(void *ptr, int v)
+ {
+ #ifdef __powerpc__
+- __asm__ __volatile__ ("stwbrx %1,0,%2" : "=m" (*(uint32_t *)ptr) : "r" (v), "r" (ptr));
++ __asm__ __volatile__ ("stwbrx %0,0,%1" : : "r" (v), "r" (ptr) : "memory");
+ #else
+ uint8_t *p = ptr;
+ p[0] = v;
diff --git a/packages/qemu/files/65_kfreebsd.patch b/packages/qemu/files/65_kfreebsd.patch
new file mode 100644
index 0000000000..ea060811a1
--- /dev/null
+++ b/packages/qemu/files/65_kfreebsd.patch
@@ -0,0 +1,44 @@
+---
+ configure | 6 ++++++
+ vl.c | 4 +++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+Index: configure
+===================================================================
+--- configure.orig 2007-06-13 11:48:22.000000000 +0100
++++ configure 2007-06-13 11:52:07.000000000 +0100
+@@ -112,6 +112,12 @@ OS_CFLAGS="-mno-cygwin"
+ MINGW32*)
+ mingw32="yes"
+ ;;
++GNU/kFreeBSD)
++oss="yes"
++if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
++ kqemu="yes"
++fi
++;;
+ FreeBSD)
+ bsd="yes"
+ oss="yes"
+Index: vl.c
+===================================================================
+--- vl.c.orig 2007-06-13 11:51:54.000000000 +0100
++++ vl.c 2007-06-13 11:51:56.000000000 +0100
+@@ -47,6 +47,8 @@
+ #ifndef __APPLE__
+ #include <libutil.h>
+ #endif
++#elif defined (__GLIBC__) && defined (__FreeBSD_kernel__)
++#include <freebsd/stdlib.h>
+ #else
+ #ifndef __sun__
+ #include <linux/if.h>
+@@ -3454,7 +3456,7 @@ static TAPState *net_tap_fd_init(VLANSta
+ return s;
+ }
+
+-#ifdef _BSD
++#if defined (_BSD) || defined (__FreeBSD_kernel__)
+ static int tap_open(char *ifname, int ifname_size)
+ {
+ int fd;
diff --git a/packages/qemu/files/66_tls_ld.patch b/packages/qemu/files/66_tls_ld.patch
new file mode 100644
index 0000000000..54e02eff8b
--- /dev/null
+++ b/packages/qemu/files/66_tls_ld.patch
@@ -0,0 +1,55 @@
+---
+ arm.ld | 7 +++++++
+ i386.ld | 7 +++++++
+ 2 files changed, 14 insertions(+)
+
+Index: arm.ld
+===================================================================
+--- arm.ld.orig 2007-06-13 11:48:22.000000000 +0100
++++ arm.ld 2007-06-13 11:51:56.000000000 +0100
+@@ -26,6 +26,10 @@ SECTIONS
+ { *(.rel.rodata) *(.rel.gnu.linkonce.r*) }
+ .rela.rodata :
+ { *(.rela.rodata) *(.rela.gnu.linkonce.r*) }
++ .rel.tdata : { *(.rel.tdata .rel.tdata.* .rel.gnu.linkonce.td.*) }
++ .rela.tdata : { *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*) }
++ .rel.tbss : { *(.rel.tbss .rel.tbss.* .rel.gnu.linkonce.tb.*) }
++ .rela.tbss : { *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*) }
+ .rel.got : { *(.rel.got) }
+ .rela.got : { *(.rela.got) }
+ .rel.ctors : { *(.rel.ctors) }
+@@ -58,6 +62,9 @@ SECTIONS
+ .ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) }
+ __exidx_end = .;
+ .reginfo : { *(.reginfo) }
++ /* Thread Local Storage sections */
++ .tdata : { *(.tdata .tdata.* .gnu.linkonce.td.*) }
++ .tbss : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) }
+ /* Adjust the address for the data segment. We want to adjust up to
+ the same address within the page on the next page up. */
+ . = ALIGN(0x100000) + (. & (0x100000 - 1));
+Index: i386.ld
+===================================================================
+--- i386.ld.orig 2007-06-13 11:48:22.000000000 +0100
++++ i386.ld 2007-06-13 11:51:56.000000000 +0100
+@@ -28,6 +28,10 @@ SECTIONS
+ { *(.rel.rodata) *(.rel.gnu.linkonce.r*) }
+ .rela.rodata :
+ { *(.rela.rodata) *(.rela.gnu.linkonce.r*) }
++ .rel.tdata : { *(.rel.tdata .rel.tdata.* .rel.gnu.linkonce.td.*) }
++ .rela.tdata : { *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*) }
++ .rel.tbss : { *(.rel.tbss .rel.tbss.* .rel.gnu.linkonce.tb.*) }
++ .rela.tbss : { *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*) }
+ .rel.got : { *(.rel.got) }
+ .rela.got : { *(.rela.got) }
+ .rel.ctors : { *(.rel.ctors) }
+@@ -53,6 +57,9 @@ SECTIONS
+ _etext = .;
+ PROVIDE (etext = .);
+ .fini : { *(.fini) } =0x47ff041f
++ /* Thread Local Storage sections */
++ .tdata : { *(.tdata .tdata.* .gnu.linkonce.td.*) }
++ .tbss : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) }
+ . = ALIGN(32 / 8);
+ PROVIDE (__preinit_array_start = .);
+ .preinit_array : { *(.preinit_array) }
diff --git a/packages/qemu/files/91-oh-sdl-cursor.patch b/packages/qemu/files/91-oh-sdl-cursor.patch
new file mode 100644
index 0000000000..5280a5bd4a
--- /dev/null
+++ b/packages/qemu/files/91-oh-sdl-cursor.patch
@@ -0,0 +1,18 @@
+=== modified file 'sdl.c'
+---
+ sdl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: sdl.c
+===================================================================
+--- sdl.c.orig 2007-06-13 11:48:22.000000000 +0100
++++ sdl.c 2007-06-13 11:51:56.000000000 +0100
+@@ -241,7 +241,7 @@ static void sdl_hide_cursor(void)
+
+ if (kbd_mouse_is_absolute()) {
+ SDL_ShowCursor(1);
+- SDL_SetCursor(sdl_cursor_hidden);
++ /* SDL_SetCursor(sdl_cursor_hidden); */
+ } else {
+ SDL_ShowCursor(0);
+ }
diff --git a/packages/qemu/files/93-oh-pl110-rgb.patch b/packages/qemu/files/93-oh-pl110-rgb.patch
new file mode 100644
index 0000000000..4911ac131f
--- /dev/null
+++ b/packages/qemu/files/93-oh-pl110-rgb.patch
@@ -0,0 +1,223 @@
+=== modified file 'hw/pl110.c'
+---
+ hw/pl110.c | 13 ++++--
+ hw/pl110_template.h | 107 ++++++++++++++++++++++++++++++++++++----------------
+ 2 files changed, 86 insertions(+), 34 deletions(-)
+
+Index: hw/pl110.c
+===================================================================
+--- hw/pl110.c.orig 2007-06-13 11:48:22.000000000 +0100
++++ hw/pl110.c 2007-06-13 11:51:57.000000000 +0100
+@@ -10,6 +10,7 @@
+ #include "vl.h"
+
+ #define PL110_CR_EN 0x001
++#define PL110_CR_BGR 0x100
+ #define PL110_CR_BEBO 0x200
+ #define PL110_CR_BEPO 0x400
+ #define PL110_CR_PWR 0x800
+@@ -114,6 +115,7 @@ static void pl110_update_display(void *o
+ int first, last = 0;
+ int dirty, new_dirty;
+ int i;
++ int bpp_offset;
+
+ if (!pl110_enabled(s))
+ return;
+@@ -145,12 +147,17 @@ static void pl110_update_display(void *o
+ fprintf(stderr, "pl110: Bad color depth\n");
+ exit(1);
+ }
++ if (s->cr & PL110_CR_BGR)
++ bpp_offset = 0;
++ else
++ bpp_offset = 18;
++
+ if (s->cr & PL110_CR_BEBO)
+- fn = fntable[s->bpp + 6];
++ fn = fntable[s->bpp + 6 + bpp_offset];
+ else if (s->cr & PL110_CR_BEPO)
+- fn = fntable[s->bpp + 12];
++ fn = fntable[s->bpp + 12 + bpp_offset];
+ else
+- fn = fntable[s->bpp];
++ fn = fntable[s->bpp + bpp_offset];
+
+ src_width = s->cols;
+ switch (s->bpp) {
+Index: hw/pl110_template.h
+===================================================================
+--- hw/pl110_template.h.orig 2007-06-13 11:48:22.000000000 +0100
++++ hw/pl110_template.h 2007-06-13 11:51:57.000000000 +0100
+@@ -24,6 +24,16 @@
+ #error unknown bit depth
+ #endif
+
++#undef RGB
++#define BORDER bgr
++#define ORDER 0
++#include "pl110_template.h"
++#define ORDER 1
++#include "pl110_template.h"
++#define ORDER 2
++#include "pl110_template.h"
++#define RGB
++#define BORDER rgb
+ #define ORDER 0
+ #include "pl110_template.h"
+ #define ORDER 1
+@@ -33,26 +43,47 @@
+
+ static drawfn glue(pl110_draw_fn_,BITS)[18] =
+ {
+- glue(pl110_draw_line1_lblp,BITS),
+- glue(pl110_draw_line2_lblp,BITS),
+- glue(pl110_draw_line4_lblp,BITS),
+- glue(pl110_draw_line8_lblp,BITS),
+- glue(pl110_draw_line16_lblp,BITS),
+- glue(pl110_draw_line32_lblp,BITS),
++ glue(pl110_draw_line1_lblp_bgr,BITS),
++ glue(pl110_draw_line2_lblp_bgr,BITS),
++ glue(pl110_draw_line4_lblp_bgr,BITS),
++ glue(pl110_draw_line8_lblp_bgr,BITS),
++ glue(pl110_draw_line16_lblp_bgr,BITS),
++ glue(pl110_draw_line32_lblp_bgr,BITS),
+
+- glue(pl110_draw_line1_bbbp,BITS),
+- glue(pl110_draw_line2_bbbp,BITS),
+- glue(pl110_draw_line4_bbbp,BITS),
+- glue(pl110_draw_line8_bbbp,BITS),
+- glue(pl110_draw_line16_bbbp,BITS),
+- glue(pl110_draw_line32_bbbp,BITS),
++ glue(pl110_draw_line1_bbbp_bgr,BITS),
++ glue(pl110_draw_line2_bbbp_bgr,BITS),
++ glue(pl110_draw_line4_bbbp_bgr,BITS),
++ glue(pl110_draw_line8_bbbp_bgr,BITS),
++ glue(pl110_draw_line16_bbbp_bgr,BITS),
++ glue(pl110_draw_line32_bbbp_bgr,BITS),
+
+- glue(pl110_draw_line1_lbbp,BITS),
+- glue(pl110_draw_line2_lbbp,BITS),
+- glue(pl110_draw_line4_lbbp,BITS),
+- glue(pl110_draw_line8_lbbp,BITS),
+- glue(pl110_draw_line16_lbbp,BITS),
+- glue(pl110_draw_line32_lbbp,BITS)
++ glue(pl110_draw_line1_lbbp_bgr,BITS),
++ glue(pl110_draw_line2_lbbp_bgr,BITS),
++ glue(pl110_draw_line4_lbbp_bgr,BITS),
++ glue(pl110_draw_line8_lbbp_bgr,BITS),
++ glue(pl110_draw_line16_lbbp_bgr,BITS),
++ glue(pl110_draw_line32_lbbp_bgr,BITS),
++
++ glue(pl110_draw_line1_lblp_rgb,BITS),
++ glue(pl110_draw_line2_lblp_rgb,BITS),
++ glue(pl110_draw_line4_lblp_rgb,BITS),
++ glue(pl110_draw_line8_lblp_rgb,BITS),
++ glue(pl110_draw_line16_lblp_rgb,BITS),
++ glue(pl110_draw_line32_lblp_rgb,BITS),
++
++ glue(pl110_draw_line1_bbbp_rgb,BITS),
++ glue(pl110_draw_line2_bbbp_rgb,BITS),
++ glue(pl110_draw_line4_bbbp_rgb,BITS),
++ glue(pl110_draw_line8_bbbp_rgb,BITS),
++ glue(pl110_draw_line16_bbbp_rgb,BITS),
++ glue(pl110_draw_line32_bbbp_rgb,BITS),
++
++ glue(pl110_draw_line1_lbbp_rgb,BITS),
++ glue(pl110_draw_line2_lbbp_rgb,BITS),
++ glue(pl110_draw_line4_lbbp_rgb,BITS),
++ glue(pl110_draw_line8_lbbp_rgb,BITS),
++ glue(pl110_draw_line16_lbbp_rgb,BITS),
++ glue(pl110_draw_line32_lbbp_rgb,BITS),
+ };
+
+ #undef BITS
+@@ -61,18 +92,18 @@ static drawfn glue(pl110_draw_fn_,BITS)[
+ #else
+
+ #if ORDER == 0
+-#define NAME glue(lblp, BITS)
++#define NAME glue(glue(lblp_, BORDER), BITS)
+ #ifdef WORDS_BIGENDIAN
+ #define SWAP_WORDS 1
+ #endif
+ #elif ORDER == 1
+-#define NAME glue(bbbp, BITS)
++#define NAME glue(glue(bbbp_, BORDER), BITS)
+ #ifndef WORDS_BIGENDIAN
+ #define SWAP_WORDS 1
+ #endif
+ #else
+ #define SWAP_PIXELS 1
+-#define NAME glue(lbbp, BITS)
++#define NAME glue(glue(lbbp_, BORDER), BITS)
+ #ifdef WORDS_BIGENDIAN
+ #define SWAP_WORDS 1
+ #endif
+@@ -195,27 +226,34 @@ static void glue(pl110_draw_line16_,NAME
+ #ifdef SWAP_WORDS
+ data = bswap32(data);
+ #endif
++#ifdef RGB
++#define LSB r
++#define MSB b
++#else
++#define LSB b
++#define MSB r
++#endif
+ #if 0
+- r = data & 0x1f;
++ LSB = data & 0x1f;
+ data >>= 5;
+ g = data & 0x3f;
+ data >>= 6;
+- b = data & 0x1f;
++ MSB = data & 0x1f;
+ data >>= 5;
+ #else
+- r = (data & 0x1f) << 3;
++ LSB = (data & 0x1f) << 3;
+ data >>= 5;
+ g = (data & 0x3f) << 2;
+ data >>= 6;
+- b = (data & 0x1f) << 3;
++ MSB = (data & 0x1f) << 3;
+ data >>= 5;
+ #endif
+ COPY_PIXEL(d, glue(rgb_to_pixel,BITS)(r, g, b));
+- r = (data & 0x1f) << 3;
++ LSB = (data & 0x1f) << 3;
+ data >>= 5;
+ g = (data & 0x3f) << 2;
+ data >>= 6;
+- b = (data & 0x1f) << 3;
++ MSB = (data & 0x1f) << 3;
+ data >>= 5;
+ COPY_PIXEL(d, glue(rgb_to_pixel,BITS)(r, g, b));
+ width -= 2;
+@@ -229,14 +267,21 @@ static void glue(pl110_draw_line32_,NAME
+ unsigned int r, g, b;
+ while (width > 0) {
+ data = *(uint32_t *)src;
++#ifdef RGB
++#define LSB r
++#define MSB b
++#else
++#define LSB b
++#define MSB r
++#endif
+ #ifdef SWAP_WORDS
+- r = data & 0xff;
++ LSB = data & 0xff;
+ g = (data >> 8) & 0xff;
+- b = (data >> 16) & 0xff;
++ MSB = (data >> 16) & 0xff;
+ #else
+- r = (data >> 24) & 0xff;
++ LSB = (data >> 24) & 0xff;
+ g = (data >> 16) & 0xff;
+- b = (data >> 8) & 0xff;
++ MSB = (data >> 8) & 0xff;
+ #endif
+ COPY_PIXEL(d, glue(rgb_to_pixel,BITS)(r, g, b));
+ width--;
diff --git a/packages/qemu/files/fix_segfault.patch b/packages/qemu/files/fix_segfault.patch
new file mode 100644
index 0000000000..976c75cd60
--- /dev/null
+++ b/packages/qemu/files/fix_segfault.patch
@@ -0,0 +1,46 @@
+Index: qemu/Makefile.target
+===================================================================
+--- qemu.orig/Makefile.target 2007-06-29 10:57:58.000000000 +0000
++++ qemu/Makefile.target 2007-06-29 10:58:01.000000000 +0000
+@@ -241,7 +241,6 @@
+ ifdef CONFIG_LINUX_USER
+ OBJS= main.o syscall.o mmap.o signal.o path.o osdep.o thunk.o \
+ elfload.o linuxload.o
+-LIBS+= $(AIOLIBS)
+ ifdef TARGET_HAS_BFLT
+ OBJS+= flatload.o
+ endif
+Index: qemu/linux-user/syscall.c
+===================================================================
+--- qemu.orig/linux-user/syscall.c 2007-06-29 10:58:01.000000000 +0000
++++ qemu/linux-user/syscall.c 2007-06-29 10:58:30.000000000 +0000
+@@ -4872,29 +4872,6 @@
+ goto unimplemented_nowarn;
+ #endif
+
+-#ifdef TARGET_NR_clock_gettime
+- case TARGET_NR_clock_gettime:
+- {
+- struct timespec ts;
+- ret = get_errno(clock_gettime(arg1, &ts));
+- if (!is_error(ret)) {
+- host_to_target_timespec(arg2, &ts);
+- }
+- break;
+- }
+-#endif
+-#ifdef TARGET_NR_clock_getres
+- case TARGET_NR_clock_getres:
+- {
+- struct timespec ts;
+- ret = get_errno(clock_getres(arg1, &ts));
+- if (!is_error(ret)) {
+- host_to_target_timespec(arg2, &ts);
+- }
+- break;
+- }
+-#endif
+-
+ default:
+ unimplemented:
+ gemu_log("qemu: Unsupported syscall: %d\n", num);
diff --git a/packages/qemu/files/qemu-0.9.0-nptl-update.patch b/packages/qemu/files/qemu-0.9.0-nptl-update.patch
new file mode 100644
index 0000000000..869acba2cf
--- /dev/null
+++ b/packages/qemu/files/qemu-0.9.0-nptl-update.patch
@@ -0,0 +1,294 @@
+Index: qemu/linux-user/main.c
+===================================================================
+--- qemu.orig/linux-user/main.c 2007-06-29 10:47:58.000000000 +0000
++++ qemu/linux-user/main.c 2007-06-29 10:47:58.000000000 +0000
+@@ -156,7 +156,7 @@
+ p[1] = tswapl(e2);
+ }
+
+-uint64_t gdt_table[6];
++uint64_t gdt_table[9];
+ uint64_t idt_table[256];
+
+ /* only dpl matters as we do only user space emulation */
+@@ -1768,7 +1768,11 @@
+ int optind;
+ const char *r;
+ int gdbstub_port = 0;
+-
++ char *assume_kernel = getenv("QEMU_ASSUME_KERNEL");
++
++ if (assume_kernel)
++ setenv("LD_ASSUME_KERNEL", assume_kernel, 1);
++
+ if (argc <= 1)
+ usage();
+
+Index: qemu/linux-user/syscall.c
+===================================================================
+--- qemu.orig/linux-user/syscall.c 2007-06-29 10:47:58.000000000 +0000
++++ qemu/linux-user/syscall.c 2007-06-29 10:53:44.000000000 +0000
+@@ -60,6 +60,7 @@
+ #define tchars host_tchars /* same as target */
+ #define ltchars host_ltchars /* same as target */
+
++#include <linux/futex.h>
+ #include <linux/termios.h>
+ #include <linux/unistd.h>
+ #include <linux/utsname.h>
+@@ -2122,6 +2123,80 @@
+ return ret;
+ }
+
++int do_set_thread_area(CPUX86State *env, target_ulong ptr)
++{
++ uint64_t *gdt_table = g2h(env->gdt.base);
++ struct target_modify_ldt_ldt_s ldt_info;
++ struct target_modify_ldt_ldt_s *target_ldt_info;
++ int seg_32bit, contents, read_exec_only, limit_in_pages;
++ int seg_not_present, useable;
++ uint32_t *lp, entry_1, entry_2;
++ int i;
++
++ lock_user_struct(target_ldt_info, ptr, 1);
++ ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
++ ldt_info.base_addr = tswapl(target_ldt_info->base_addr);
++ ldt_info.limit = tswap32(target_ldt_info->limit);
++ ldt_info.flags = tswap32(target_ldt_info->flags);
++ if (ldt_info.entry_number == -1) {
++ for (i=6; i<8; i++)
++ if (gdt_table[i] == 0) {
++ ldt_info.entry_number = i;
++ target_ldt_info->entry_number = tswap32(i);
++ break;
++ }
++ }
++ unlock_user_struct(target_ldt_info, ptr, 0);
++
++ if (ldt_info.entry_number < 6 || ldt_info.entry_number > 8)
++ return -EINVAL;
++ seg_32bit = ldt_info.flags & 1;
++ contents = (ldt_info.flags >> 1) & 3;
++ read_exec_only = (ldt_info.flags >> 3) & 1;
++ limit_in_pages = (ldt_info.flags >> 4) & 1;
++ seg_not_present = (ldt_info.flags >> 5) & 1;
++ useable = (ldt_info.flags >> 6) & 1;
++
++ if (contents == 3) {
++ if (seg_not_present == 0)
++ return -EINVAL;
++ }
++
++ /* NOTE: same code as Linux kernel */
++ /* Allow LDTs to be cleared by the user. */
++ if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
++ if ((contents == 0 &&
++ read_exec_only == 1 &&
++ seg_32bit == 0 &&
++ limit_in_pages == 0 &&
++ seg_not_present == 1 &&
++ useable == 0 )) {
++ entry_1 = 0;
++ entry_2 = 0;
++ goto install;
++ }
++ }
++
++ entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
++ (ldt_info.limit & 0x0ffff);
++ entry_2 = (ldt_info.base_addr & 0xff000000) |
++ ((ldt_info.base_addr & 0x00ff0000) >> 16) |
++ (ldt_info.limit & 0xf0000) |
++ ((read_exec_only ^ 1) << 9) |
++ (contents << 10) |
++ ((seg_not_present ^ 1) << 15) |
++ (seg_32bit << 22) |
++ (limit_in_pages << 23) |
++ (useable << 20) |
++ 0x7000;
++
++ /* Install the new entry ... */
++install:
++ lp = (uint32_t *)(gdt_table + ldt_info.entry_number);
++ lp[0] = tswap32(entry_1);
++ lp[1] = tswap32(entry_2);
++ return 0;
++}
+ #endif /* defined(TARGET_I386) */
+
+ /* this stack is the equivalent of the kernel stack associated with a
+@@ -2154,15 +2229,20 @@
+ TaskState *ts;
+ uint8_t *new_stack;
+ CPUState *new_env;
++#if defined(TARGET_I386)
++ uint64_t *new_gdt_table;
++#endif
+ #ifdef USE_NPTL
+ unsigned int nptl_flags;
+
+ if (flags & CLONE_PARENT_SETTID)
+ *parent_tidptr = gettid();
+ #endif
+-
++
+ if (flags & CLONE_VM) {
+ ts = malloc(sizeof(TaskState) + NEW_STACK_SIZE);
++ if (!ts)
++ return -ENOMEM;
+ memset(ts, 0, sizeof(TaskState));
+ new_stack = ts->stack;
+ ts->used = 1;
+@@ -2174,6 +2254,29 @@
+ #if defined(TARGET_I386)
+ if (!newsp)
+ newsp = env->regs[R_ESP];
++ new_gdt_table = malloc(9 * 8);
++ if (!new_gdt_table) {
++ free(new_env);
++ return -ENOMEM;
++ }
++ /* Copy main GDT table from parent, but clear TLS entries */
++ memcpy(new_gdt_table, g2h(env->gdt.base), 6 * 8);
++ memset(&new_gdt_table[6], 0, 3 * 8);
++ new_env->gdt.base = h2g(new_gdt_table);
++ if (flags & 0x00080000 /* CLONE_SETTLS */) {
++ ret = do_set_thread_area(new_env, new_env->regs[R_ESI]);
++ if (ret) {
++ free(new_gdt_table);
++ free(new_env);
++ return ret;
++ }
++ }
++ cpu_x86_load_seg(env, R_CS, new_env->regs[R_CS]);
++ cpu_x86_load_seg(env, R_DS, new_env->regs[R_DS]);
++ cpu_x86_load_seg(env, R_ES, new_env->regs[R_ES]);
++ cpu_x86_load_seg(env, R_SS, new_env->regs[R_SS]);
++ cpu_x86_load_seg(env, R_FS, new_env->regs[R_FS]);
++ cpu_x86_load_seg(env, R_GS, new_env->regs[R_GS]);
+ new_env->regs[R_ESP] = newsp;
+ new_env->regs[R_EAX] = 0;
+ #elif defined(TARGET_ARM)
+@@ -2517,6 +2620,68 @@
+ unlock_user_struct(target_ts, target_addr, 1);
+ }
+
++static long do_futex(target_ulong uaddr, int op, uint32_t val,
++ target_ulong utime, target_ulong uaddr2,
++ uint32_t val3)
++{
++ struct timespec host_utime;
++ unsigned long val2 = utime;
++
++ if (utime && (op == FUTEX_WAIT || op == FUTEX_LOCK_PI)) {
++ target_to_host_timespec(&host_utime, utime);
++ val2 = (unsigned long)&host_utime;
++ }
++
++#ifdef BSWAP_NEEDED
++ switch(op) {
++ case FUTEX_CMP_REQUEUE:
++ val3 = tswap32(val3);
++ case FUTEX_REQUEUE:
++ val2 = tswap32(val2);
++ case FUTEX_WAIT:
++ case FUTEX_WAKE:
++ val = tswap32(val);
++ case FUTEX_LOCK_PI: /* This one's icky, but comes out OK */
++ case FUTEX_UNLOCK_PI:
++ break;
++ default:
++ gemu_log("qemu: Unsupported futex op %d\n", op);
++ return -ENOSYS;
++ }
++#if 0 /* No, it's worse than this */
++ if (op == FUTEX_WAKE_OP) {
++ /* Need to munge the secondary operation (val3) */
++ val3 = tswap32(val3);
++ int op2 = (val3 >> 28) & 7;
++ int cmp = (val3 >> 24) & 15;
++ int oparg = (val3 << 8) >> 20;
++ int cmparg = (val3 << 20) >> 20;
++ int shift = val3 & (FUTEX_OP_OPARG_SHIFT << 28);
++
++ if (shift)
++ oparg = (oparg & 7) + 24 - (oparg & 24);
++ else oparg =
++ if (op2 == FUTEX_OP_ADD) {
++ gemu_log("qemu: Unsupported wrong-endian FUTEX_OP_ADD\n");
++ return -ENOSYS;
++ }
++ if (cmparg == FUTEX_OP_CMP_LT || cmparg == FUTEX_OP_CMP_GE ||
++ cmparg == FUTEX_OP_CMP_LE || cmparg == FUTEX_OP_CMP_GT) {
++ gemu_log("qemu: Unsupported wrong-endian futex cmparg %d\n", cmparg);
++ return -ENOSYS;
++ }
++ val3 = shift | (op2<<28) | (cmp<<24) | (oparg<<12) | cmparg;
++ }
++#endif
++#endif
++ return syscall(__NR_futex, g2h(uaddr), op, val, val2, g2h(uaddr2), val3);
++}
++
++int do_set_tid_address(target_ulong tidptr)
++{
++ return syscall(__NR_set_tid_address, g2h(tidptr));
++}
++
+ long do_syscall(void *cpu_env, int num, long arg1, long arg2, long arg3,
+ long arg4, long arg5, long arg6)
+ {
+@@ -2534,7 +2699,7 @@
+ _mcleanup();
+ #endif
+ gdb_exit(cpu_env, arg1);
+- /* XXX: should free thread stack and CPU env */
++ /* XXX: should free thread stack, GDT and CPU env */
+ _exit(arg1);
+ ret = 0; /* avoid warning */
+ break;
+@@ -4642,6 +4807,9 @@
+ ((CPUMIPSState *) cpu_env)->tls_value = arg1;
+ ret = 0;
+ break;
++#elif TARGET_i386
++ ret = get_errno(do_set_thread_area(cpu_env, arg1));
++ break;
+ #else
+ goto unimplemented_nowarn;
+ #endif
+@@ -4655,6 +4823,21 @@
+ goto unimplemented_nowarn;
+ #endif
+
++#ifdef TARGET_NR_futex
++ case TARGET_NR_futex:
++ ret = get_errno(do_futex(arg1, arg2, arg3, arg4, arg5, arg6));
++ break;
++#endif
++#ifdef TARGET_NR_set_tid_address
++ case TARGET_NR_set_tid_address:
++ ret = get_errno(do_set_tid_address(arg1));
++ break;
++#endif
++#ifdef TARGET_NR_set_robust_list
++ case TARGET_NR_set_robust_list:
++ goto unimplemented_nowarn;
++#endif
++
+ #ifdef TARGET_NR_clock_gettime
+ case TARGET_NR_clock_gettime:
+ {
+@@ -4678,12 +4861,6 @@
+ }
+ #endif
+
+-#if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
+- case TARGET_NR_set_tid_address:
+- ret = get_errno(set_tid_address((int *) arg1));
+- break;
+-#endif
+-
+ default:
+ unimplemented:
+ gemu_log("qemu: Unsupported syscall: %d\n", num);
diff --git a/packages/qemu/files/qemu-0.9.0-nptl.patch b/packages/qemu/files/qemu-0.9.0-nptl.patch
new file mode 100644
index 0000000000..fc7b0cfa4b
--- /dev/null
+++ b/packages/qemu/files/qemu-0.9.0-nptl.patch
@@ -0,0 +1,892 @@
+These are Paul Brook's patches to QEMU-0.8.2 to enable the running of single
+ARM binaries under QEMU's user-emulation mode. Without them, QEMU-0.8.1
+immediately dies saying:
+ Error: f0005
+ qemu: uncaught target signal 6 (Aborted) - exiting
+while qemu-0.8.2 dies saying:
+ qemu: Unsupported syscall: 983045
+ cannot set up thread-local storage: unknown error
+
+This file is a rediffing of the patches visible at
+https://nowt.dyndns.org/patch.qemu_nptl on 27 Sept 2006
+which "patch" fails to apply automatically.
+See also http://lists.gnu.org/archive/html/qemu-devel/2006-09/msg00194.html
+
+ Martin Guy, 27 Sept 2006
+
+Index: qemu/configure
+===================================================================
+--- qemu.orig/configure 2007-06-29 10:47:39.000000000 +0000
++++ qemu/configure 2007-06-29 10:47:58.000000000 +0000
+@@ -101,6 +101,7 @@
+ darwin_user="no"
+ build_docs="no"
+ uname_release=""
++nptl="yes"
+
+ # OS specific
+ targetos=`uname -s`
+@@ -281,6 +282,8 @@
+ *) echo "undefined SPARC architecture. Exiting";exit 1;;
+ esac
+ ;;
++ --disable-nptl) nptl="no"
++ ;;
+ esac
+ done
+
+@@ -355,6 +358,7 @@
+ echo " --disable-linux-user disable all linux usermode emulation targets"
+ echo " --enable-darwin-user enable all darwin usermode emulation targets"
+ echo " --disable-darwin-user disable all darwin usermode emulation targets"
++echo " --disable-nptl disable usermode NPTL guest support"
+ echo " --fmod-lib path to FMOD library"
+ echo " --fmod-inc path to FMOD includes"
+ echo " --enable-uname-release=R Return R for uname -r in usermode emulation"
+@@ -524,6 +528,23 @@
+ }
+ EOF
+
++# check NPTL support
++cat > $TMPC <<EOF
++#include <sched.h>
++void foo()
++{
++#ifndef CLONE_SETTLS
++#error bork
++#endif
++}
++EOF
++
++if $cc -c -o $TMPO $TMPC 2> /dev/null ; then
++ :
++else
++ nptl="no"
++fi
++
+ ##########################################
+ # SDL probe
+
+@@ -678,6 +699,7 @@
+ echo "Documentation $build_docs"
+ [ ! -z "$uname_release" ] && \
+ echo "uname -r $uname_release"
++echo "NPTL support $nptl"
+
+ if test $sdl_too_old = "yes"; then
+ echo "-> Your SDL version is too old - please upgrade to have SDL support"
+@@ -1057,6 +1079,14 @@
+ echo "SDL_CFLAGS=`$sdl_config --cflags`" >> $config_mak
+ fi
+ fi
++else
++ if test "$nptl" = "yes" ; then
++ case "$target_cpu" in
++ arm | armeb)
++ echo "#define USE_NPTL 1" >> $config_h
++ ;;
++ esac
++ fi
+ fi
+
+ if test "$cocoa" = "yes" ; then
+Index: qemu/exec-all.h
+===================================================================
+--- qemu.orig/exec-all.h 2007-06-29 10:47:39.000000000 +0000
++++ qemu/exec-all.h 2007-06-29 10:47:58.000000000 +0000
+@@ -360,170 +360,7 @@
+ extern CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
+ extern void *io_mem_opaque[IO_MEM_NB_ENTRIES];
+
+-#if defined(__powerpc__)
+-static inline int testandset (int *p)
+-{
+- int ret;
+- __asm__ __volatile__ (
+- "0: lwarx %0,0,%1\n"
+- " xor. %0,%3,%0\n"
+- " bne 1f\n"
+- " stwcx. %2,0,%1\n"
+- " bne- 0b\n"
+- "1: "
+- : "=&r" (ret)
+- : "r" (p), "r" (1), "r" (0)
+- : "cr0", "memory");
+- return ret;
+-}
+-#elif defined(__i386__)
+-static inline int testandset (int *p)
+-{
+- long int readval = 0;
+-
+- __asm__ __volatile__ ("lock; cmpxchgl %2, %0"
+- : "+m" (*p), "+a" (readval)
+- : "r" (1)
+- : "cc");
+- return readval;
+-}
+-#elif defined(__x86_64__)
+-static inline int testandset (int *p)
+-{
+- long int readval = 0;
+-
+- __asm__ __volatile__ ("lock; cmpxchgl %2, %0"
+- : "+m" (*p), "+a" (readval)
+- : "r" (1)
+- : "cc");
+- return readval;
+-}
+-#elif defined(__s390__)
+-static inline int testandset (int *p)
+-{
+- int ret;
+-
+- __asm__ __volatile__ ("0: cs %0,%1,0(%2)\n"
+- " jl 0b"
+- : "=&d" (ret)
+- : "r" (1), "a" (p), "0" (*p)
+- : "cc", "memory" );
+- return ret;
+-}
+-#elif defined(__alpha__)
+-static inline int testandset (int *p)
+-{
+- int ret;
+- unsigned long one;
+-
+- __asm__ __volatile__ ("0: mov 1,%2\n"
+- " ldl_l %0,%1\n"
+- " stl_c %2,%1\n"
+- " beq %2,1f\n"
+- ".subsection 2\n"
+- "1: br 0b\n"
+- ".previous"
+- : "=r" (ret), "=m" (*p), "=r" (one)
+- : "m" (*p));
+- return ret;
+-}
+-#elif defined(__sparc__)
+-static inline int testandset (int *p)
+-{
+- int ret;
+-
+- __asm__ __volatile__("ldstub [%1], %0"
+- : "=r" (ret)
+- : "r" (p)
+- : "memory");
+-
+- return (ret ? 1 : 0);
+-}
+-#elif defined(__arm__)
+-static inline int testandset (int *spinlock)
+-{
+- register unsigned int ret;
+- __asm__ __volatile__("swp %0, %1, [%2]"
+- : "=r"(ret)
+- : "0"(1), "r"(spinlock));
+-
+- return ret;
+-}
+-#elif defined(__mc68000)
+-static inline int testandset (int *p)
+-{
+- char ret;
+- __asm__ __volatile__("tas %1; sne %0"
+- : "=r" (ret)
+- : "m" (p)
+- : "cc","memory");
+- return ret;
+-}
+-#elif defined(__ia64)
+-
+-#include <ia64intrin.h>
+-
+-static inline int testandset (int *p)
+-{
+- return __sync_lock_test_and_set (p, 1);
+-}
+-#elif defined(__mips__)
+-static inline int testandset (int *p)
+-{
+- int ret;
+-
+- __asm__ __volatile__ (
+- " .set push \n"
+- " .set noat \n"
+- " .set mips2 \n"
+- "1: li $1, 1 \n"
+- " ll %0, %1 \n"
+- " sc $1, %1 \n"
+- " beqz $1, 1b \n"
+- " .set pop "
+- : "=r" (ret), "+R" (*p)
+- :
+- : "memory");
+-
+- return ret;
+-}
+-#else
+-#error unimplemented CPU support
+-#endif
+-
+-typedef int spinlock_t;
+-
+-#define SPIN_LOCK_UNLOCKED 0
+-
+-#if defined(CONFIG_USER_ONLY)
+-static inline void spin_lock(spinlock_t *lock)
+-{
+- while (testandset(lock));
+-}
+-
+-static inline void spin_unlock(spinlock_t *lock)
+-{
+- *lock = 0;
+-}
+-
+-static inline int spin_trylock(spinlock_t *lock)
+-{
+- return !testandset(lock);
+-}
+-#else
+-static inline void spin_lock(spinlock_t *lock)
+-{
+-}
+-
+-static inline void spin_unlock(spinlock_t *lock)
+-{
+-}
+-
+-static inline int spin_trylock(spinlock_t *lock)
+-{
+- return 1;
+-}
+-#endif
++#include "qemu_spinlock.h"
+
+ extern spinlock_t tb_lock;
+
+Index: qemu/linux-user/arm/syscall.h
+===================================================================
+--- qemu.orig/linux-user/arm/syscall.h 2007-06-29 10:47:39.000000000 +0000
++++ qemu/linux-user/arm/syscall.h 2007-06-29 10:47:58.000000000 +0000
+@@ -28,7 +28,9 @@
+ #define ARM_SYSCALL_BASE 0x900000
+ #define ARM_THUMB_SYSCALL 0
+
+-#define ARM_NR_cacheflush (ARM_SYSCALL_BASE + 0xf0000 + 2)
++#define ARM_NR_BASE 0xf0000
++#define ARM_NR_cacheflush (ARM_NR_BASE + 2)
++#define ARM_NR_set_tls (ARM_NR_BASE + 5)
+
+ #define ARM_NR_semihosting 0x123456
+ #define ARM_NR_thumb_semihosting 0xAB
+Index: qemu/linux-user/main.c
+===================================================================
+--- qemu.orig/linux-user/main.c 2007-06-29 10:47:39.000000000 +0000
++++ qemu/linux-user/main.c 2007-06-29 10:53:47.000000000 +0000
+@@ -325,6 +325,50 @@
+ }
+ }
+
++/* Handle a jump to the kernel code page. */
++static int
++do_kernel_trap(CPUARMState *env)
++{
++ uint32_t addr;
++ uint32_t *ptr;
++ uint32_t cpsr;
++
++ switch (env->regs[15]) {
++ case 0xffff0fc0: /* __kernel_cmpxchg */
++ /* XXX: This only works between threads, not between processes.
++ Use native atomic operations. */
++ /* ??? This probably breaks horribly if the access segfaults. */
++ cpu_lock();
++ ptr = (uint32_t *)env->regs[2];
++ cpsr = cpsr_read(env);
++ if (*ptr == env->regs[0]) {
++ *ptr = env->regs[1];
++ env->regs[0] = 0;
++ cpsr |= CPSR_C;
++ } else {
++ env->regs[0] = -1;
++ cpsr &= ~CPSR_C;
++ }
++ cpsr_write(env, cpsr, CPSR_C);
++ cpu_unlock();
++ break;
++ case 0xffff0fe0: /* __kernel_get_tls */
++ env->regs[0] = env->cp15.c13_tls;
++ break;
++ default:
++ return 1;
++ }
++ /* Jump back to the caller. */
++ addr = env->regs[14];
++ if (addr & 1) {
++ env->thumb = 1;
++ addr &= ~1;
++ }
++ env->regs[15] = addr;
++
++ return 0;
++}
++
+ void cpu_loop(CPUARMState *env)
+ {
+ int trapnr;
+@@ -381,10 +425,8 @@
+ }
+ }
+
+- if (n == ARM_NR_cacheflush) {
+- arm_cache_flush(env->regs[0], env->regs[1]);
+- } else if (n == ARM_NR_semihosting
+- || n == ARM_NR_thumb_semihosting) {
++ if (n == ARM_NR_semihosting
++ || n == ARM_NR_thumb_semihosting) {
+ env->regs[0] = do_arm_semihosting (env);
+ } else if (n == 0 || n >= ARM_SYSCALL_BASE
+ || (env->thumb && n == ARM_THUMB_SYSCALL)) {
+@@ -395,14 +437,34 @@
+ n -= ARM_SYSCALL_BASE;
+ env->eabi = 0;
+ }
+- env->regs[0] = do_syscall(env,
+- n,
+- env->regs[0],
+- env->regs[1],
+- env->regs[2],
+- env->regs[3],
+- env->regs[4],
+- env->regs[5]);
++ if ( n > ARM_NR_BASE) {
++ switch (n)
++ {
++ case ARM_NR_cacheflush:
++ arm_cache_flush(env->regs[0], env->regs[1]);
++ break;
++#ifdef USE_NPTL
++ case ARM_NR_set_tls:
++ cpu_set_tls(env, env->regs[0]);
++ env->regs[0] = 0;
++ break;
++#endif
++ default:
++ printf ("Error: Bad syscall: %x\n", n);
++ goto error;
++ }
++ }
++ else
++ {
++ env->regs[0] = do_syscall(env,
++ n,
++ env->regs[0],
++ env->regs[1],
++ env->regs[2],
++ env->regs[3],
++ env->regs[4],
++ env->regs[5]);
++ }
+ } else {
+ goto error;
+ }
+@@ -441,6 +503,10 @@
+ }
+ }
+ break;
++ case EXCP_KERNEL_TRAP:
++ if (do_kernel_trap(env))
++ goto error;
++ break;
+ default:
+ error:
+ fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
+@@ -2047,6 +2113,10 @@
+ ts->heap_base = info->brk;
+ /* This will be filled in on the first SYS_HEAPINFO call. */
+ ts->heap_limit = 0;
++ /* Register the magic kernel code page. The cpu will generate a
++ special exception when it tries to execute code here. We can't
++ put real code here because it may be in use by the host kernel. */
++ page_set_flags(0xffff0000, 0xffff0fff, 0);
+ #endif
+
+ if (gdbstub_port) {
+Index: qemu/linux-user/qemu.h
+===================================================================
+--- qemu.orig/linux-user/qemu.h 2007-06-29 10:47:39.000000000 +0000
++++ qemu/linux-user/qemu.h 2007-06-29 10:47:58.000000000 +0000
+@@ -80,6 +80,9 @@
+ uint32_t heap_base;
+ uint32_t heap_limit;
+ #endif
++#ifdef USE_NPTL
++ uint32_t *child_tidptr;
++#endif
+ int used; /* non zero if used */
+ struct image_info *info;
+ uint8_t stack[0];
+Index: qemu/linux-user/syscall.c
+===================================================================
+--- qemu.orig/linux-user/syscall.c 2007-06-29 10:47:39.000000000 +0000
++++ qemu/linux-user/syscall.c 2007-06-29 10:53:47.000000000 +0000
+@@ -70,9 +70,18 @@
+ #include <linux/kd.h>
+
+ #include "qemu.h"
++#include "qemu_spinlock.h"
+
+ //#define DEBUG
+
++#ifdef USE_NPTL
++#define CLONE_NPTL_FLAGS2 (CLONE_SETTLS | \
++ CLONE_PARENT_SETTID | CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)
++#else
++/* XXX: Hardcode the above values. */
++#define CLONE_NPTL_FLAGS2 0
++#endif
++
+ #if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_SPARC) \
+ || defined(TARGET_M68K) || defined(TARGET_SH4)
+ /* 16 bit uid wrappers emulation */
+@@ -2119,20 +2128,38 @@
+ thread/process */
+ #define NEW_STACK_SIZE 8192
+
++#ifdef USE_NPTL
++static spinlock_t nptl_lock = SPIN_LOCK_UNLOCKED;
++#endif
++
+ static int clone_func(void *arg)
+ {
+ CPUState *env = arg;
++#ifdef HAVE_NPTL
++ /* Wait until the parent has finshed initializing the tls state. */
++ while (!spin_trylock(&nptl_lock))
++ usleep(1);
++ spin_unlock(&nptl_lock);
++#endif
+ cpu_loop(env);
+ /* never exits */
+ return 0;
+ }
+
+-int do_fork(CPUState *env, unsigned int flags, unsigned long newsp)
++int do_fork(CPUState *env, unsigned int flags, unsigned long newsp,
++ uint32_t *parent_tidptr, void *newtls,
++ uint32_t *child_tidptr)
+ {
+ int ret;
+ TaskState *ts;
+ uint8_t *new_stack;
+ CPUState *new_env;
++#ifdef USE_NPTL
++ unsigned int nptl_flags;
++
++ if (flags & CLONE_PARENT_SETTID)
++ *parent_tidptr = gettid();
++#endif
+
+ if (flags & CLONE_VM) {
+ ts = malloc(sizeof(TaskState) + NEW_STACK_SIZE);
+@@ -2199,16 +2226,67 @@
+ #error unsupported target CPU
+ #endif
+ new_env->opaque = ts;
++#ifdef USE_NPTL
++ nptl_flags = flags;
++ flags &= ~CLONE_NPTL_FLAGS2;
++
++ if (nptl_flags & CLONE_CHILD_CLEARTID) {
++ ts->child_tidptr = child_tidptr;
++ }
++
++ if (nptl_flags & CLONE_SETTLS)
++ cpu_set_tls (new_env, newtls);
++
++ /* Grab the global cpu lock so that the thread setup appears
++ atomic. */
++ if (nptl_flags & CLONE_CHILD_SETTID)
++ spin_lock(&nptl_lock);
++
++#else
++ if (flags & CLONE_NPTL_FLAGS2)
++ return -EINVAL;
++#endif
++
++ if (CLONE_VFORK & flags)
++ flags ^= CLONE_VM;
+ #ifdef __ia64__
+ ret = __clone2(clone_func, new_stack + NEW_STACK_SIZE, flags, new_env);
+ #else
+ ret = clone(clone_func, new_stack + NEW_STACK_SIZE, flags, new_env);
+ #endif
++#ifdef USE_NPTL
++ if (ret != -1) {
++ if (nptl_flags & CLONE_CHILD_SETTID)
++ *child_tidptr = ret;
++ }
++
++ /* Allow the child to continue. */
++ if (nptl_flags & CLONE_CHILD_SETTID)
++ spin_unlock(&nptl_lock);
++#endif
+ } else {
+ /* if no CLONE_VM, we consider it is a fork */
+- if ((flags & ~CSIGNAL) != 0)
++ if ((flags & ~(CSIGNAL | CLONE_NPTL_FLAGS2)) != 0)
+ return -EINVAL;
+ ret = fork();
++#ifdef USE_NPTL
++ /* There is a race condition here. The parent process could
++ theoretically read the TID in the child process before the child
++ tid is set. This would require using either ptrace
++ (not implemented) or having *_tidptr to point at a shared memory
++ mapping. We can't repeat the spinlock hack used above because
++ the child process gets its own copy of the lock. */
++ if (ret == 0) {
++ /* Child Process. */
++ if (flags & CLONE_CHILD_SETTID)
++ *child_tidptr = gettid();
++ ts = (TaskState *)env->opaque;
++ if (flags & CLONE_CHILD_CLEARTID)
++ ts->child_tidptr = child_tidptr;
++ if (flags & CLONE_SETTLS)
++ cpu_set_tls (env, newtls);
++ }
++#endif
+ }
+ return ret;
+ }
+@@ -2485,7 +2563,7 @@
+ ret = do_brk(arg1);
+ break;
+ case TARGET_NR_fork:
+- ret = get_errno(do_fork(cpu_env, SIGCHLD, 0));
++ ret = get_errno(do_fork(cpu_env, SIGCHLD, 0, NULL, NULL, NULL));
+ break;
+ #ifdef TARGET_NR_waitpid
+ case TARGET_NR_waitpid:
+@@ -3649,7 +3727,8 @@
+ ret = get_errno(fsync(arg1));
+ break;
+ case TARGET_NR_clone:
+- ret = get_errno(do_fork(cpu_env, arg1, arg2));
++ ret = get_errno(do_fork(cpu_env, arg1, arg2, (uint32_t *)arg3,
++ (void *)arg4, (uint32_t *)arg5));
+ break;
+ #ifdef __NR_exit_group
+ /* new thread calls */
+@@ -4037,7 +4116,8 @@
+ #endif
+ #ifdef TARGET_NR_vfork
+ case TARGET_NR_vfork:
+- ret = get_errno(do_fork(cpu_env, CLONE_VFORK | CLONE_VM | SIGCHLD, 0));
++ ret = get_errno(do_fork(cpu_env, CLONE_VFORK | CLONE_VM | SIGCHLD, 0,
++ NULL, NULL, NULL));
+ break;
+ #endif
+ #ifdef TARGET_NR_ugetrlimit
+@@ -4619,4 +4699,3 @@
+ #endif
+ return ret;
+ }
+-
+Index: qemu/qemu_spinlock.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ qemu/qemu_spinlock.h 2007-06-29 10:47:58.000000000 +0000
+@@ -0,0 +1,181 @@
++/*
++ * Atomic operation helper include
++ *
++ * Copyright (c) 2005 Fabrice Bellard
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++ */
++#ifndef QEMU_SPINLOCK_H
++#define QEMU_SPINLOCK_H
++
++#ifdef __powerpc__
++static inline int testandset (int *p)
++{
++ int ret;
++ __asm__ __volatile__ (
++ "0: lwarx %0,0,%1\n"
++ " xor. %0,%3,%0\n"
++ " bne 1f\n"
++ " stwcx. %2,0,%1\n"
++ " bne- 0b\n"
++ "1: "
++ : "=&r" (ret)
++ : "r" (p), "r" (1), "r" (0)
++ : "cr0", "memory");
++ return ret;
++}
++#endif
++
++#ifdef __i386__
++static inline int testandset (int *p)
++{
++ long int readval = 0;
++
++ __asm__ __volatile__ ("lock; cmpxchgl %2, %0"
++ : "+m" (*p), "+a" (readval)
++ : "r" (1)
++ : "cc");
++ return readval;
++}
++#endif
++
++#ifdef __x86_64__
++static inline int testandset (int *p)
++{
++ long int readval = 0;
++
++ __asm__ __volatile__ ("lock; cmpxchgl %2, %0"
++ : "+m" (*p), "+a" (readval)
++ : "r" (1)
++ : "cc");
++ return readval;
++}
++#endif
++
++#ifdef __s390__
++static inline int testandset (int *p)
++{
++ int ret;
++
++ __asm__ __volatile__ ("0: cs %0,%1,0(%2)\n"
++ " jl 0b"
++ : "=&d" (ret)
++ : "r" (1), "a" (p), "0" (*p)
++ : "cc", "memory" );
++ return ret;
++}
++#endif
++
++#ifdef __alpha__
++static inline int testandset (int *p)
++{
++ int ret;
++ unsigned long one;
++
++ __asm__ __volatile__ ("0: mov 1,%2\n"
++ " ldl_l %0,%1\n"
++ " stl_c %2,%1\n"
++ " beq %2,1f\n"
++ ".subsection 2\n"
++ "1: br 0b\n"
++ ".previous"
++ : "=r" (ret), "=m" (*p), "=r" (one)
++ : "m" (*p));
++ return ret;
++}
++#endif
++
++#ifdef __sparc__
++static inline int testandset (int *p)
++{
++ int ret;
++
++ __asm__ __volatile__("ldstub [%1], %0"
++ : "=r" (ret)
++ : "r" (p)
++ : "memory");
++
++ return (ret ? 1 : 0);
++}
++#endif
++
++#ifdef __arm__
++static inline int testandset (int *spinlock)
++{
++ register unsigned int ret;
++ __asm__ __volatile__("swp %0, %1, [%2]"
++ : "=r"(ret)
++ : "0"(1), "r"(spinlock));
++
++ return ret;
++}
++#endif
++
++#ifdef __mc68000
++static inline int testandset (int *p)
++{
++ char ret;
++ __asm__ __volatile__("tas %1; sne %0"
++ : "=r" (ret)
++ : "m" (p)
++ : "cc","memory");
++ return ret;
++}
++#endif
++
++#ifdef __ia64
++#include <ia64intrin.h>
++
++static inline int testandset (int *p)
++{
++ return __sync_lock_test_and_set (p, 1);
++}
++#endif
++
++typedef int spinlock_t;
++
++#define SPIN_LOCK_UNLOCKED 0
++
++#if defined(CONFIG_USER_ONLY)
++static inline void spin_lock(spinlock_t *lock)
++{
++ while (testandset(lock));
++}
++
++static inline void spin_unlock(spinlock_t *lock)
++{
++ *lock = 0;
++}
++
++static inline int spin_trylock(spinlock_t *lock)
++{
++ return !testandset(lock);
++}
++#else
++static inline void spin_lock(spinlock_t *lock)
++{
++}
++
++static inline void spin_unlock(spinlock_t *lock)
++{
++}
++
++static inline int spin_trylock(spinlock_t *lock)
++{
++ return 1;
++}
++#endif
++
++#endif
+Index: qemu/target-arm/cpu.h
+===================================================================
+--- qemu.orig/target-arm/cpu.h 2007-06-29 10:47:39.000000000 +0000
++++ qemu/target-arm/cpu.h 2007-06-29 10:47:58.000000000 +0000
+@@ -37,6 +37,7 @@
+ #define EXCP_IRQ 5
+ #define EXCP_FIQ 6
+ #define EXCP_BKPT 7
++#define EXCP_KERNEL_TRAP 8 /* Jumped to kernel code page. */
+
+ typedef void ARMWriteCPFunc(void *opaque, int cp_info,
+ int srcreg, int operand, uint32_t value);
+@@ -97,6 +98,7 @@
+ uint32_t c9_data;
+ uint32_t c13_fcse; /* FCSE PID. */
+ uint32_t c13_context; /* Context ID. */
++ uint32_t c13_tls; /* Context ID. */
+ uint32_t c15_cpar; /* XScale Coprocessor Access Register */
+ } cp15;
+
+@@ -169,6 +171,15 @@
+ int cpu_arm_signal_handler(int host_signum, void *pinfo,
+ void *puc);
+
++void cpu_lock(void);
++void cpu_unlock(void);
++#if defined(USE_NPTL)
++static inline void cpu_set_tls(CPUARMState *env, void *newtls)
++{
++ env->cp15.c13_tls = (uint32_t)(long)newtls;
++}
++#endif
++
+ #define CPSR_M (0x1f)
+ #define CPSR_T (1 << 5)
+ #define CPSR_F (1 << 6)
+@@ -180,7 +191,11 @@
+ #define CPSR_J (1 << 24)
+ #define CPSR_IT_0_1 (3 << 25)
+ #define CPSR_Q (1 << 27)
+-#define CPSR_NZCV (0xf << 28)
++#define CPSR_V (1 << 28)
++#define CPSR_C (1 << 29)
++#define CPSR_Z (1 << 30)
++#define CPSR_N (1 << 31)
++#define CPSR_NZCV (CPSR_N | CPSR_Z | CPSR_C | CPSR_V)
+
+ #define CACHED_CPSR_BITS (CPSR_T | CPSR_Q | CPSR_NZCV)
+ /* Return the current CPSR value. */
+Index: qemu/target-arm/exec.h
+===================================================================
+--- qemu.orig/target-arm/exec.h 2007-06-29 10:47:39.000000000 +0000
++++ qemu/target-arm/exec.h 2007-06-29 10:47:58.000000000 +0000
+@@ -68,8 +68,6 @@
+
+ /* In op_helper.c */
+
+-void cpu_lock(void);
+-void cpu_unlock(void);
+ void helper_set_cp(CPUState *, uint32_t, uint32_t);
+ uint32_t helper_get_cp(CPUState *, uint32_t);
+ void helper_set_cp15(CPUState *, uint32_t, uint32_t);
+Index: qemu/target-arm/op.c
+===================================================================
+--- qemu.orig/target-arm/op.c 2007-06-29 10:47:39.000000000 +0000
++++ qemu/target-arm/op.c 2007-06-29 10:47:58.000000000 +0000
+@@ -891,6 +891,12 @@
+ cpu_loop_exit();
+ }
+
++void OPPROTO op_kernel_trap(void)
++{
++ env->exception_index = EXCP_KERNEL_TRAP;
++ cpu_loop_exit();
++}
++
+ /* VFP support. We follow the convention used for VFP instrunctions:
+ Single precition routines have a "s" suffix, double precision a
+ "d" suffix. */
+Index: qemu/target-arm/op_mem.h
+===================================================================
+--- qemu.orig/target-arm/op_mem.h 2007-06-29 10:47:39.000000000 +0000
++++ qemu/target-arm/op_mem.h 2007-06-29 10:47:58.000000000 +0000
+@@ -1,5 +1,6 @@
+ /* ARM memory operations. */
+
++void helper_ld(uint32_t);
+ /* Load from address T1 into T0. */
+ #define MEM_LD_OP(name) \
+ void OPPROTO glue(op_ld##name,MEMSUFFIX)(void) \
+Index: qemu/target-arm/translate.c
+===================================================================
+--- qemu.orig/target-arm/translate.c 2007-06-29 10:47:39.000000000 +0000
++++ qemu/target-arm/translate.c 2007-06-29 10:47:58.000000000 +0000
+@@ -3548,6 +3548,15 @@
+ nb_gen_labels = 0;
+ lj = -1;
+ do {
++#ifdef CONFIG_USER_ONLY
++ /* Intercept jump to the magic kernel page. */
++ if (dc->pc > 0xffff0000) {
++ gen_op_kernel_trap();
++ dc->is_jmp = DISAS_UPDATE;
++ break;
++ }
++#endif
++
+ if (env->nb_breakpoints > 0) {
+ for(j = 0; j < env->nb_breakpoints; j++) {
+ if (env->breakpoints[j] == dc->pc) {
diff --git a/packages/qemu/files/qemu-amd64-32b-mapping-0.9.0.patch b/packages/qemu/files/qemu-amd64-32b-mapping-0.9.0.patch
new file mode 100644
index 0000000000..d9303e3464
--- /dev/null
+++ b/packages/qemu/files/qemu-amd64-32b-mapping-0.9.0.patch
@@ -0,0 +1,31 @@
+--- qemu.orig/linux-user/mmap.c
++++ qemu/linux-user/mmap.c
+@@ -29,6 +29,10 @@
+
+ //#define DEBUG_MMAP
+
++#ifndef MAP_32BIT
++#define MAP_32BIT 0
++#endif
++
+ /* NOTE: all the constants are the HOST ones, but addresses are target. */
+ int target_mprotect(target_ulong start, target_ulong len, int prot)
+ {
+@@ -234,7 +238,7 @@
+ host_offset = offset & qemu_host_page_mask;
+ host_len = len + offset - host_offset;
+ host_start = (long)mmap(real_start ? g2h(real_start) : NULL,
+- host_len, prot, flags, fd, host_offset);
++ host_len, prot, (flags | MAP_32BIT), fd, host_offset);
+ if (host_start == -1)
+ return host_start;
+ /* update start so that it points to the file position at 'offset' */
+@@ -388,7 +392,7 @@
+ int prot;
+
+ /* XXX: use 5 args syscall */
+- new_addr = (long)mremap(g2h(old_addr), old_size, new_size, flags);
++ new_addr = (long)mremap(g2h(old_addr), old_size, new_size, (flags | MAP_32BIT));
+ if (new_addr == -1)
+ return new_addr;
+ new_addr = h2g(new_addr);
diff --git a/packages/qemu/files/workaround_bad_futex_headers.patch b/packages/qemu/files/workaround_bad_futex_headers.patch
new file mode 100644
index 0000000000..cc122ebdba
--- /dev/null
+++ b/packages/qemu/files/workaround_bad_futex_headers.patch
@@ -0,0 +1,25 @@
+---
+ linux-user/syscall.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+Index: qemu/linux-user/syscall.c
+===================================================================
+--- qemu.orig/linux-user/syscall.c 2007-08-09 20:28:06.000000000 +0100
++++ qemu/linux-user/syscall.c 2007-08-09 20:28:41.000000000 +0100
+@@ -61,7 +61,15 @@
+ #define tchars host_tchars /* same as target */
+ #define ltchars host_ltchars /* same as target */
+
+-#include <linux/futex.h>
++#define FUTEX_WAIT 0
++#define FUTEX_WAKE 1
++#define FUTEX_FD 2
++#define FUTEX_REQUEUE 3
++#define FUTEX_CMP_REQUEUE 4
++#define FUTEX_WAKE_OP 5
++#define FUTEX_LOCK_PI 6
++#define FUTEX_UNLOCK_PI 7
++
+ #include <linux/termios.h>
+ #include <linux/unistd.h>
+ #include <linux/utsname.h>