summaryrefslogtreecommitdiff
path: root/packages/qemu
diff options
context:
space:
mode:
authorMarcin Juszkiewicz <hrw@openembedded.org>2008-10-23 17:40:41 +0200
committerMarcin Juszkiewicz <hrw@openembedded.org>2008-10-23 17:40:41 +0200
commit82b5d4ce1ba5e74f7d700af30d3e4b0a4e2d243e (patch)
tree5392b74e54e22867a4127caaad4ec9890f5b2a14 /packages/qemu
parenta9acdf3130aea04eeb9064530b748dafe9bc4323 (diff)
qemu: added SVN version (from Poky)
Diffstat (limited to 'packages/qemu')
-rw-r--r--packages/qemu/qemu-0.9.1+svn/05_non-fatal_if_linux_hd_missing.patch17
-rw-r--r--packages/qemu/qemu-0.9.1+svn/06_exit_segfault.patch45
-rw-r--r--packages/qemu/qemu-0.9.1+svn/10_signal_jobs.patch26
-rw-r--r--packages/qemu/qemu-0.9.1+svn/11_signal_sigaction.patch21
-rw-r--r--packages/qemu/qemu-0.9.1+svn/22_net_tuntap_stall.patch18
-rw-r--r--packages/qemu/qemu-0.9.1+svn/31_syscalls.patch48
-rw-r--r--packages/qemu/qemu-0.9.1+svn/32_syscall_sysctl.patch55
-rw-r--r--packages/qemu/qemu-0.9.1+svn/33_syscall_ppc_clone.patch22
-rw-r--r--packages/qemu/qemu-0.9.1+svn/39_syscall_fadvise64.patch21
-rw-r--r--packages/qemu/qemu-0.9.1+svn/52_ne2000_return.patch17
-rw-r--r--packages/qemu/qemu-0.9.1+svn/61_safe_64bit_int.patch27
-rw-r--r--packages/qemu/qemu-0.9.1+svn/63_sparc_build.patch18
-rw-r--r--packages/qemu/qemu-0.9.1+svn/64_ppc_asm_constraints.patch18
-rw-r--r--packages/qemu/qemu-0.9.1+svn/65_kfreebsd.patch35
-rw-r--r--packages/qemu/qemu-0.9.1+svn/66_tls_ld.patch55
-rw-r--r--packages/qemu/qemu-0.9.1+svn/91-oh-sdl-cursor.patch18
-rw-r--r--packages/qemu/qemu-0.9.1+svn/configure_symlinkpath_fix.patch28
-rw-r--r--packages/qemu/qemu-0.9.1+svn/fix_brk.patch59
-rw-r--r--packages/qemu/qemu-0.9.1+svn/fix_protection_bits.patch14
-rw-r--r--packages/qemu/qemu-0.9.1+svn/fix_segfault.patch37
-rw-r--r--packages/qemu/qemu-0.9.1+svn/no-strip.patch26
-rw-r--r--packages/qemu/qemu-0.9.1+svn/qemu-0.9.0-nptl.patch1100
-rw-r--r--packages/qemu/qemu-0.9.1+svn/qemu-amd64-32b-mapping-0.9.0.patch37
-rw-r--r--packages/qemu/qemu-0.9.1+svn/qemu-n800-support.patch2381
-rw-r--r--packages/qemu/qemu-0.9.1+svn/revert_arm_tcg.patch.gzbin0 -> 97991 bytes
-rw-r--r--packages/qemu/qemu-0.9.1+svn/series25
-rw-r--r--packages/qemu/qemu-0.9.1+svn/workaround_bad_futex_headers.patch25
-rw-r--r--packages/qemu/qemu-native_svn.bb2
-rw-r--r--packages/qemu/qemu_svn.bb48
29 files changed, 4243 insertions, 0 deletions
diff --git a/packages/qemu/qemu-0.9.1+svn/05_non-fatal_if_linux_hd_missing.patch b/packages/qemu/qemu-0.9.1+svn/05_non-fatal_if_linux_hd_missing.patch
new file mode 100644
index 0000000000..a66737d9ce
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/05_non-fatal_if_linux_hd_missing.patch
@@ -0,0 +1,17 @@
+#DPATCHLEVEL=1
+---
+# hw/pc.c | 1 -
+# 1 file changed, 1 deletion(-)
+#
+Index: trunk/hw/pc.c
+===================================================================
+--- trunk.orig/hw/pc.c 2008-04-24 20:15:46.000000000 +0100
++++ trunk/hw/pc.c 2008-04-24 20:15:49.000000000 +0100
+@@ -399,7 +399,6 @@
+ if (hda == -1) {
+ fprintf(stderr, "A disk image must be given for 'hda' when booting "
+ "a Linux kernel\n");
+- exit(1);
+ }
+
+ memset(bootsect, 0, sizeof(bootsect));
diff --git a/packages/qemu/qemu-0.9.1+svn/06_exit_segfault.patch b/packages/qemu/qemu-0.9.1+svn/06_exit_segfault.patch
new file mode 100644
index 0000000000..bc02d31839
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/06_exit_segfault.patch
@@ -0,0 +1,45 @@
+#DPATCHLEVEL=0
+---
+# linux-user/main.c | 8 ++++----
+# 1 file changed, 4 insertions(+), 4 deletions(-)
+#
+Index: linux-user/main.c
+===================================================================
+--- linux-user/main.c.orig 2008-04-24 20:15:46.000000000 +0100
++++ linux-user/main.c 2008-04-24 20:15:53.000000000 +0100
+@@ -765,7 +765,7 @@
+ default:
+ printf ("Unhandled trap: 0x%x\n", trapnr);
+ cpu_dump_state(env, stderr, fprintf, 0);
+- exit (1);
++ _exit (1);
+ }
+ process_pending_signals (env);
+ }
+@@ -1697,7 +1697,7 @@
+ default:
+ printf ("Unhandled trap: 0x%x\n", trapnr);
+ cpu_dump_state(env, stderr, fprintf, 0);
+- exit (1);
++ _exit (1);
+ }
+ process_pending_signals (env);
+ }
+@@ -2026,7 +2026,7 @@
+ for(item = cpu_log_items; item->mask != 0; item++) {
+ printf("%-10s %s\n", item->name, item->help);
+ }
+- exit(1);
++ _exit(1);
+ }
+ cpu_set_log(mask);
+ } else if (!strcmp(r, "s")) {
+@@ -2045,7 +2045,7 @@
+ if (qemu_host_page_size == 0 ||
+ (qemu_host_page_size & (qemu_host_page_size - 1)) != 0) {
+ fprintf(stderr, "page size must be a power of two\n");
+- exit(1);
++ _exit(1);
+ }
+ } else if (!strcmp(r, "g")) {
+ gdbstub_port = atoi(argv[optind++]);
diff --git a/packages/qemu/qemu-0.9.1+svn/10_signal_jobs.patch b/packages/qemu/qemu-0.9.1+svn/10_signal_jobs.patch
new file mode 100644
index 0000000000..d79482d2f4
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/10_signal_jobs.patch
@@ -0,0 +1,26 @@
+#DPATCHLEVEL=0
+---
+# linux-user/signal.c | 7 ++++++-
+# 1 file changed, 6 insertions(+), 1 deletion(-)
+#
+Index: linux-user/signal.c
+===================================================================
+--- linux-user/signal.c.orig 2008-04-24 20:15:46.000000000 +0100
++++ linux-user/signal.c 2008-04-24 20:15:55.000000000 +0100
+@@ -364,10 +364,15 @@
+ k = &sigact_table[sig - 1];
+ handler = k->sa._sa_handler;
+ if (handler == TARGET_SIG_DFL) {
++ if (sig == TARGET_SIGTSTP || sig == TARGET_SIGTTIN || sig == TARGET_SIGTTOU) {
++ kill(getpid(),SIGSTOP);
++ return 0;
++ } else
+ /* default handler : ignore some signal. The other are fatal */
+ if (sig != TARGET_SIGCHLD &&
+ sig != TARGET_SIGURG &&
+- sig != TARGET_SIGWINCH) {
++ sig != TARGET_SIGWINCH &&
++ sig != TARGET_SIGCONT) {
+ force_sig(sig);
+ } else {
+ return 0; /* indicate ignored */
diff --git a/packages/qemu/qemu-0.9.1+svn/11_signal_sigaction.patch b/packages/qemu/qemu-0.9.1+svn/11_signal_sigaction.patch
new file mode 100644
index 0000000000..cd56541b71
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/11_signal_sigaction.patch
@@ -0,0 +1,21 @@
+#DPATCHLEVEL=0
+---
+# linux-user/signal.c | 5 +++++
+# 1 file changed, 5 insertions(+)
+#
+Index: linux-user/signal.c
+===================================================================
+--- linux-user/signal.c.orig 2008-04-24 20:15:55.000000000 +0100
++++ linux-user/signal.c 2008-04-24 20:15:57.000000000 +0100
+@@ -512,6 +512,11 @@
+
+ if (sig < 1 || sig > TARGET_NSIG || sig == SIGKILL || sig == SIGSTOP)
+ return -EINVAL;
++
++ /* no point doing the stuff as those are not allowed for sigaction */
++ if ((sig == TARGET_SIGKILL) || (sig == TARGET_SIGSTOP))
++ return -EINVAL;
++
+ k = &sigact_table[sig - 1];
+ #if defined(DEBUG_SIGNAL)
+ fprintf(stderr, "sigaction sig=%d act=0x%08x, oact=0x%08x\n",
diff --git a/packages/qemu/qemu-0.9.1+svn/22_net_tuntap_stall.patch b/packages/qemu/qemu-0.9.1+svn/22_net_tuntap_stall.patch
new file mode 100644
index 0000000000..0e1038983b
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/22_net_tuntap_stall.patch
@@ -0,0 +1,18 @@
+#DPATCHLEVEL=0
+---
+# vl.c | 2 +-
+# 1 file changed, 1 insertion(+), 1 deletion(-)
+#
+Index: vl.c
+===================================================================
+--- vl.c.orig 2008-04-24 20:15:46.000000000 +0100
++++ vl.c 2008-04-24 20:15:58.000000000 +0100
+@@ -4155,7 +4155,7 @@
+ return -1;
+ }
+ memset(&ifr, 0, sizeof(ifr));
+- ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
++ ifr.ifr_flags = IFF_TAP | IFF_NO_PI | IFF_ONE_QUEUE;
+ if (ifname[0] != '\0')
+ pstrcpy(ifr.ifr_name, IFNAMSIZ, ifname);
+ else
diff --git a/packages/qemu/qemu-0.9.1+svn/31_syscalls.patch b/packages/qemu/qemu-0.9.1+svn/31_syscalls.patch
new file mode 100644
index 0000000000..15565ae11d
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/31_syscalls.patch
@@ -0,0 +1,48 @@
+#DPATCHLEVEL=0
+---
+# linux-user/syscall.c | 11 ++++++++---
+# 1 file changed, 8 insertions(+), 3 deletions(-)
+#
+Index: linux-user/syscall.c
+===================================================================
+--- linux-user/syscall.c.orig 2008-04-24 20:15:46.000000000 +0100
++++ linux-user/syscall.c 2008-04-24 20:15:59.000000000 +0100
+@@ -250,6 +250,7 @@
+ extern int setresgid(gid_t, gid_t, gid_t);
+ extern int getresgid(gid_t *, gid_t *, gid_t *);
+ extern int setgroups(int, gid_t *);
++extern int uselib(const char*);
+
+ #define ERRNO_TABLE_SIZE 1200
+
+@@ -4041,7 +4042,8 @@
+ #endif
+ #ifdef TARGET_NR_uselib
+ case TARGET_NR_uselib:
+- goto unimplemented;
++ ret = get_errno(uselib(path((const char*)arg1)));
++ break;
+ #endif
+ #ifdef TARGET_NR_swapon
+ case TARGET_NR_swapon:
+@@ -5322,7 +5324,9 @@
+ goto unimplemented;
+ #ifdef TARGET_NR_mincore
+ case TARGET_NR_mincore:
+- goto unimplemented;
++ /*page_unprotect_range((void*)arg3, ((size_t)arg2 + TARGET_PAGE_SIZE - 1) / TARGET_PAGE_SIZE);*/
++ ret = get_errno(mincore((void*)arg1, (size_t)arg2, (unsigned char*)arg3));
++ break;
+ #endif
+ #ifdef TARGET_NR_madvise
+ case TARGET_NR_madvise:
+@@ -5462,7 +5466,8 @@
+ break;
+ #ifdef TARGET_NR_readahead
+ case TARGET_NR_readahead:
+- goto unimplemented;
++ ret = get_errno(readahead((int)arg1, (off64_t)arg2, (size_t)arg3));
++ break;
+ #endif
+ #ifdef TARGET_NR_setxattr
+ case TARGET_NR_setxattr:
diff --git a/packages/qemu/qemu-0.9.1+svn/32_syscall_sysctl.patch b/packages/qemu/qemu-0.9.1+svn/32_syscall_sysctl.patch
new file mode 100644
index 0000000000..d42c44cebc
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/32_syscall_sysctl.patch
@@ -0,0 +1,55 @@
+#DPATCHLEVEL=0
+---
+# linux-user/syscall.c | 32 +++++++++++++++++++++++++++++---
+# 1 file changed, 29 insertions(+), 3 deletions(-)
+#
+Index: linux-user/syscall.c
+===================================================================
+--- linux-user/syscall.c.orig 2008-04-24 20:15:59.000000000 +0100
++++ linux-user/syscall.c 2008-04-24 20:16:01.000000000 +0100
+@@ -52,6 +52,7 @@
+ //#include <sys/user.h>
+ #include <netinet/ip.h>
+ #include <netinet/tcp.h>
++#include <sys/sysctl.h>
+
+ #define termios host_termios
+ #define winsize host_winsize
+@@ -4758,9 +4759,34 @@
+ break;
+ #endif
+ case TARGET_NR__sysctl:
+- /* We don't implement this, but ENOTDIR is always a safe
+- return value. */
+- ret = -TARGET_ENOTDIR;
++ {
++ struct __sysctl_args *args = (struct __sysctl_args *) arg1;
++ int *name_target, *name, nlen, *oldlenp, oldlen, newlen, i;
++ void *oldval, *newval;
++
++ name_target = (int *) tswapl((long) args->name);
++ nlen = tswapl(args->nlen);
++ oldval = (void *) tswapl((long) args->oldval);
++ oldlenp = (int *) tswapl((long) args->oldlenp);
++ oldlen = tswapl(*oldlenp);
++ newval = (void *) tswapl((long) args->newval);
++ newlen = tswapl(args->newlen);
++
++ name = alloca(nlen * sizeof (int));
++ for (i = 0; i < nlen; i++)
++ name[i] = tswapl(name_target[i]);
++
++ if (nlen == 2 && name[0] == CTL_KERN && name[1] == KERN_VERSION) {
++ ret = get_errno(
++ sysctl(name, nlen, oldval, &oldlen, newval, newlen));
++ if (!is_error(ret)) {
++ *oldlenp = tswapl(oldlen);
++ }
++ } else {
++ gemu_log("qemu: Unsupported sysctl name\n");
++ ret = -ENOSYS;
++ }
++ }
+ break;
+ case TARGET_NR_sched_setparam:
+ {
diff --git a/packages/qemu/qemu-0.9.1+svn/33_syscall_ppc_clone.patch b/packages/qemu/qemu-0.9.1+svn/33_syscall_ppc_clone.patch
new file mode 100644
index 0000000000..962f821523
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/33_syscall_ppc_clone.patch
@@ -0,0 +1,22 @@
+#DPATCHLEVEL=0
+---
+# linux-user/syscall.c | 6 +-----
+# 1 file changed, 1 insertion(+), 5 deletions(-)
+#
+Index: linux-user/syscall.c
+===================================================================
+--- linux-user/syscall.c.orig 2008-04-24 20:16:01.000000000 +0100
++++ linux-user/syscall.c 2008-04-24 20:16:02.000000000 +0100
+@@ -2760,11 +2760,7 @@
+ if (!newsp)
+ newsp = env->gpr[1];
+ new_env->gpr[1] = newsp;
+- {
+- int i;
+- for (i = 7; i < 32; i++)
+- new_env->gpr[i] = 0;
+- }
++ new_env->gpr[3] = 0;
+ #elif defined(TARGET_SH4)
+ if (!newsp)
+ newsp = env->gregs[15];
diff --git a/packages/qemu/qemu-0.9.1+svn/39_syscall_fadvise64.patch b/packages/qemu/qemu-0.9.1+svn/39_syscall_fadvise64.patch
new file mode 100644
index 0000000000..845232cfca
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/39_syscall_fadvise64.patch
@@ -0,0 +1,21 @@
+---
+ linux-user/syscall.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+Index: linux-user/syscall.c
+===================================================================
+--- linux-user/syscall.c.orig 2008-04-24 20:16:02.000000000 +0100
++++ linux-user/syscall.c 2008-04-24 20:16:03.000000000 +0100
+@@ -5350,6 +5350,12 @@
+ ret = get_errno(mincore((void*)arg1, (size_t)arg2, (unsigned char*)arg3));
+ break;
+ #endif
++#ifdef TARGET_NR_fadvise64_64
++ case TARGET_NR_fadvise64_64:
++ /* Just return success */
++ ret = get_errno(0);
++ break;
++#endif
+ #ifdef TARGET_NR_madvise
+ case TARGET_NR_madvise:
+ /* A straight passthrough may not be safe because qemu sometimes
diff --git a/packages/qemu/qemu-0.9.1+svn/52_ne2000_return.patch b/packages/qemu/qemu-0.9.1+svn/52_ne2000_return.patch
new file mode 100644
index 0000000000..e364bff731
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/52_ne2000_return.patch
@@ -0,0 +1,17 @@
+---
+ hw/ne2000.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: trunk/hw/ne2000.c
+===================================================================
+--- trunk.orig/hw/ne2000.c 2008-04-24 20:15:46.000000000 +0100
++++ trunk/hw/ne2000.c 2008-04-24 20:16:05.000000000 +0100
+@@ -217,7 +217,7 @@
+ NE2000State *s = opaque;
+
+ if (s->cmd & E8390_STOP)
+- return 1;
++ return 0;
+ return !ne2000_buffer_full(s);
+ }
+
diff --git a/packages/qemu/qemu-0.9.1+svn/61_safe_64bit_int.patch b/packages/qemu/qemu-0.9.1+svn/61_safe_64bit_int.patch
new file mode 100644
index 0000000000..9a67feac6b
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/61_safe_64bit_int.patch
@@ -0,0 +1,27 @@
+#DPATCHLEVEL=0
+---
+# dyngen-exec.h | 4 ++--
+# 1 file changed, 2 insertions(+), 2 deletions(-)
+#
+Index: dyngen-exec.h
+===================================================================
+--- dyngen-exec.h.orig 2008-04-24 20:15:46.000000000 +0100
++++ dyngen-exec.h 2008-04-24 20:16:06.000000000 +0100
+@@ -38,7 +38,7 @@
+ // Linux/Sparc64 defines uint64_t
+ #if !(defined (__sparc_v9__) && defined(__linux__))
+ /* XXX may be done for all 64 bits targets ? */
+-#if defined (__x86_64__) || defined(__ia64) || defined(__s390x__) || defined(__alpha__)
++#if defined (__x86_64__) || defined(__ia64) || defined(__s390x__) || defined(__alpha__) || defined(__sparc__)
+ typedef unsigned long uint64_t;
+ #else
+ typedef unsigned long long uint64_t;
+@@ -55,7 +55,7 @@
+ typedef signed int int32_t;
+ // Linux/Sparc64 defines int64_t
+ #if !(defined (__sparc_v9__) && defined(__linux__))
+-#if defined (__x86_64__) || defined(__ia64) || defined(__s390x__) || defined(__alpha__)
++#if defined (__x86_64__) || defined(__ia64) || defined(__s390x__) || defined(__alpha__) || defined(__sparc__)
+ typedef signed long int64_t;
+ #else
+ typedef signed long long int64_t;
diff --git a/packages/qemu/qemu-0.9.1+svn/63_sparc_build.patch b/packages/qemu/qemu-0.9.1+svn/63_sparc_build.patch
new file mode 100644
index 0000000000..097f55a09e
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/63_sparc_build.patch
@@ -0,0 +1,18 @@
+#DPATCHLEVEL=0
+---
+# sparc.ld | 2 +-
+# 1 file changed, 1 insertion(+), 1 deletion(-)
+#
+Index: sparc.ld
+===================================================================
+--- sparc.ld.orig 2008-04-24 20:15:46.000000000 +0100
++++ sparc.ld 2008-04-24 20:16:07.000000000 +0100
+@@ -6,7 +6,7 @@
+ SECTIONS
+ {
+ /* Read-only sections, merged into text segment: */
+- . = 0x60000000 + SIZEOF_HEADERS;
++ . = 0x60000000 + 0x400;
+ .interp : { *(.interp) }
+ .hash : { *(.hash) }
+ .dynsym : { *(.dynsym) }
diff --git a/packages/qemu/qemu-0.9.1+svn/64_ppc_asm_constraints.patch b/packages/qemu/qemu-0.9.1+svn/64_ppc_asm_constraints.patch
new file mode 100644
index 0000000000..7d19817278
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/64_ppc_asm_constraints.patch
@@ -0,0 +1,18 @@
+#DPATCHLEVEL=1
+---
+# cpu-all.h | 2 +-
+# 1 file changed, 1 insertion(+), 1 deletion(-)
+#
+Index: trunk/cpu-all.h
+===================================================================
+--- trunk.orig/cpu-all.h 2008-04-24 20:15:46.000000000 +0100
++++ trunk/cpu-all.h 2008-04-24 20:16:08.000000000 +0100
+@@ -285,7 +285,7 @@
+ static inline void stl_le_p(void *ptr, int v)
+ {
+ #ifdef __powerpc__
+- __asm__ __volatile__ ("stwbrx %1,0,%2" : "=m" (*(uint32_t *)ptr) : "r" (v), "r" (ptr));
++ __asm__ __volatile__ ("stwbrx %0,0,%1" : : "r" (v), "r" (ptr) : "memory");
+ #else
+ uint8_t *p = ptr;
+ p[0] = v;
diff --git a/packages/qemu/qemu-0.9.1+svn/65_kfreebsd.patch b/packages/qemu/qemu-0.9.1+svn/65_kfreebsd.patch
new file mode 100644
index 0000000000..028e85a878
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/65_kfreebsd.patch
@@ -0,0 +1,35 @@
+---
+ configure | 6 ++++++
+ vl.c | 2 ++
+ 2 files changed, 8 insertions(+)
+
+Index: configure
+===================================================================
+--- configure.orig 2008-04-24 20:15:46.000000000 +0100
++++ configure 2008-04-24 20:16:09.000000000 +0100
+@@ -135,6 +135,12 @@
+ kqemu="yes"
+ fi
+ ;;
++GNU/kFreeBSD)
++oss="yes"
++if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
++ kqemu="yes"
++fi
++;;
+ FreeBSD)
+ bsd="yes"
+ oss="yes"
+Index: vl.c
+===================================================================
+--- vl.c.orig 2008-04-24 20:15:58.000000000 +0100
++++ vl.c 2008-04-24 20:16:09.000000000 +0100
+@@ -97,6 +97,8 @@
+ #include <stropts.h>
+ #endif
+ #endif
++#elif defined (__GLIBC__) && defined (__FreeBSD_kernel__)
++#include <freebsd/stdlib.h>
+ #else
+ #include <winsock2.h>
+ int inet_aton(const char *cp, struct in_addr *ia);
diff --git a/packages/qemu/qemu-0.9.1+svn/66_tls_ld.patch b/packages/qemu/qemu-0.9.1+svn/66_tls_ld.patch
new file mode 100644
index 0000000000..cbd3f873d8
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/66_tls_ld.patch
@@ -0,0 +1,55 @@
+---
+ arm.ld | 7 +++++++
+ i386.ld | 7 +++++++
+ 2 files changed, 14 insertions(+)
+
+Index: arm.ld
+===================================================================
+--- arm.ld.orig 2008-04-24 20:15:45.000000000 +0100
++++ arm.ld 2008-04-24 20:16:11.000000000 +0100
+@@ -26,6 +26,10 @@
+ { *(.rel.rodata) *(.rel.gnu.linkonce.r*) }
+ .rela.rodata :
+ { *(.rela.rodata) *(.rela.gnu.linkonce.r*) }
++ .rel.tdata : { *(.rel.tdata .rel.tdata.* .rel.gnu.linkonce.td.*) }
++ .rela.tdata : { *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*) }
++ .rel.tbss : { *(.rel.tbss .rel.tbss.* .rel.gnu.linkonce.tb.*) }
++ .rela.tbss : { *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*) }
+ .rel.got : { *(.rel.got) }
+ .rela.got : { *(.rela.got) }
+ .rel.ctors : { *(.rel.ctors) }
+@@ -58,6 +62,9 @@
+ .ARM.exidx : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) }
+ __exidx_end = .;
+ .reginfo : { *(.reginfo) }
++ /* Thread Local Storage sections */
++ .tdata : { *(.tdata .tdata.* .gnu.linkonce.td.*) }
++ .tbss : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) }
+ /* Adjust the address for the data segment. We want to adjust up to
+ the same address within the page on the next page up. */
+ . = ALIGN(0x100000) + (. & (0x100000 - 1));
+Index: i386.ld
+===================================================================
+--- i386.ld.orig 2008-04-24 20:15:45.000000000 +0100
++++ i386.ld 2008-04-24 20:16:11.000000000 +0100
+@@ -28,6 +28,10 @@
+ { *(.rel.rodata) *(.rel.gnu.linkonce.r*) }
+ .rela.rodata :
+ { *(.rela.rodata) *(.rela.gnu.linkonce.r*) }
++ .rel.tdata : { *(.rel.tdata .rel.tdata.* .rel.gnu.linkonce.td.*) }
++ .rela.tdata : { *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*) }
++ .rel.tbss : { *(.rel.tbss .rel.tbss.* .rel.gnu.linkonce.tb.*) }
++ .rela.tbss : { *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*) }
+ .rel.got : { *(.rel.got) }
+ .rela.got : { *(.rela.got) }
+ .rel.ctors : { *(.rel.ctors) }
+@@ -53,6 +57,9 @@
+ _etext = .;
+ PROVIDE (etext = .);
+ .fini : { *(.fini) } =0x47ff041f
++ /* Thread Local Storage sections */
++ .tdata : { *(.tdata .tdata.* .gnu.linkonce.td.*) }
++ .tbss : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) }
+ . = ALIGN(32 / 8);
+ PROVIDE (__preinit_array_start = .);
+ .preinit_array : { *(.preinit_array) }
diff --git a/packages/qemu/qemu-0.9.1+svn/91-oh-sdl-cursor.patch b/packages/qemu/qemu-0.9.1+svn/91-oh-sdl-cursor.patch
new file mode 100644
index 0000000000..b3d95a4534
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/91-oh-sdl-cursor.patch
@@ -0,0 +1,18 @@
+=== modified file 'sdl.c'
+---
+ sdl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: sdl.c
+===================================================================
+--- sdl.c.orig 2008-04-24 20:15:45.000000000 +0100
++++ sdl.c 2008-04-24 20:16:12.000000000 +0100
+@@ -247,7 +247,7 @@
+
+ if (kbd_mouse_is_absolute()) {
+ SDL_ShowCursor(1);
+- SDL_SetCursor(sdl_cursor_hidden);
++ /* SDL_SetCursor(sdl_cursor_hidden); */
+ } else {
+ SDL_ShowCursor(0);
+ }
diff --git a/packages/qemu/qemu-0.9.1+svn/configure_symlinkpath_fix.patch b/packages/qemu/qemu-0.9.1+svn/configure_symlinkpath_fix.patch
new file mode 100644
index 0000000000..3ec304a38c
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/configure_symlinkpath_fix.patch
@@ -0,0 +1,28 @@
+Index: qemu-0.9.1/configure
+===================================================================
+--- qemu-0.9.1.orig/configure 2008-01-24 15:33:13.000000000 +0000
++++ qemu-0.9.1/configure 2008-01-24 15:45:50.000000000 +0000
+@@ -209,15 +209,17 @@
+
+ # find source path
+ source_path=`dirname "$0"`
++source_path_used="no"
++workdir=`pwd`
++workdir=`readlink -f $workdir`
+ if [ -z "$source_path" ]; then
+- source_path=`pwd`
++ source_path=$workdir
+ else
+ source_path=`cd "$source_path"; pwd`
+-fi
+-if test "$source_path" = `pwd` ; then
+- source_path_used="no"
+-else
+- source_path_used="yes"
++ source_path=`readlink -f $source_path`
++ if test "$source_path" != "$workdir" ; then
++ source_path_used="yes"
++ fi
+ fi
+
+ werror="no"
diff --git a/packages/qemu/qemu-0.9.1+svn/fix_brk.patch b/packages/qemu/qemu-0.9.1+svn/fix_brk.patch
new file mode 100644
index 0000000000..f15e001dd6
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/fix_brk.patch
@@ -0,0 +1,59 @@
+Index: trunk/linux-user/syscall.c
+===================================================================
+--- trunk.orig/linux-user/syscall.c 2008-04-24 20:16:24.000000000 +0100
++++ trunk/linux-user/syscall.c 2008-04-24 20:16:32.000000000 +0100
+@@ -440,7 +440,7 @@
+ if (!new_brk)
+ return target_brk;
+ if (new_brk < target_original_brk)
+- return -TARGET_ENOMEM;
++ return target_brk;
+
+ brk_page = HOST_PAGE_ALIGN(target_brk);
+
+@@ -455,12 +455,11 @@
+ mapped_addr = get_errno(target_mmap(brk_page, new_alloc_size,
+ PROT_READ|PROT_WRITE,
+ MAP_ANON|MAP_FIXED|MAP_PRIVATE, 0, 0));
+- if (is_error(mapped_addr)) {
+- return mapped_addr;
+- } else {
++
++ if (!is_error(mapped_addr))
+ target_brk = new_brk;
+- return target_brk;
+- }
++
++ return target_brk;
+ }
+
+ static inline abi_long copy_from_user_fdset(fd_set *fds,
+Index: trunk/linux-user/mmap.c
+===================================================================
+--- trunk.orig/linux-user/mmap.c 2008-04-24 20:16:16.000000000 +0100
++++ trunk/linux-user/mmap.c 2008-04-24 20:16:32.000000000 +0100
+@@ -264,6 +264,9 @@
+ host_start += offset - host_offset;
+ start = h2g(host_start);
+ } else {
++ int flg;
++ target_ulong addr;
++
+ if (start & ~TARGET_PAGE_MASK) {
+ errno = EINVAL;
+ return -1;
+@@ -271,6 +274,14 @@
+ end = start + len;
+ real_end = HOST_PAGE_ALIGN(end);
+
++ for(addr = real_start; addr < real_end; addr += TARGET_PAGE_SIZE) {
++ flg = page_get_flags(addr);
++ if( flg & PAGE_RESERVED ) {
++ errno = ENXIO;
++ return -1;
++ }
++ }
++
+ /* worst case: we cannot map the file because the offset is not
+ aligned, so we read it */
+ if (!(flags & MAP_ANONYMOUS) &&
diff --git a/packages/qemu/qemu-0.9.1+svn/fix_protection_bits.patch b/packages/qemu/qemu-0.9.1+svn/fix_protection_bits.patch
new file mode 100644
index 0000000000..ee2b077602
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/fix_protection_bits.patch
@@ -0,0 +1,14 @@
+Index: qemu-0.9.1/linux-user/mmap.c
+===================================================================
+--- qemu-0.9.1.orig/linux-user/mmap.c 2008-04-16 14:10:26.000000000 +0100
++++ qemu-0.9.1/linux-user/mmap.c 2008-04-16 14:10:51.000000000 +0100
+@@ -49,8 +49,7 @@
+ end = start + len;
+ if (end < start)
+ return -EINVAL;
+- if (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC))
+- return -EINVAL;
++ prot = prot & (PROT_READ | PROT_WRITE | PROT_EXEC);
+ if (len == 0)
+ return 0;
+
diff --git a/packages/qemu/qemu-0.9.1+svn/fix_segfault.patch b/packages/qemu/qemu-0.9.1+svn/fix_segfault.patch
new file mode 100644
index 0000000000..224a8b813d
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/fix_segfault.patch
@@ -0,0 +1,37 @@
+---
+ linux-user/syscall.c | 22 ----------------------
+ 1 file changed, 22 deletions(-)
+
+Index: trunk/linux-user/syscall.c
+===================================================================
+--- trunk.orig/linux-user/syscall.c 2008-04-24 20:16:21.000000000 +0100
++++ trunk/linux-user/syscall.c 2008-04-24 20:16:24.000000000 +0100
+@@ -5728,28 +5728,6 @@
+ goto unimplemented_nowarn;
+ #endif
+
+-#ifdef TARGET_NR_clock_gettime
+- case TARGET_NR_clock_gettime:
+- {
+- struct timespec ts;
+- ret = get_errno(clock_gettime(arg1, &ts));
+- if (!is_error(ret)) {
+- host_to_target_timespec(arg2, &ts);
+- }
+- break;
+- }
+-#endif
+-#ifdef TARGET_NR_clock_getres
+- case TARGET_NR_clock_getres:
+- {
+- struct timespec ts;
+- ret = get_errno(clock_getres(arg1, &ts));
+- if (!is_error(ret)) {
+- host_to_target_timespec(arg2, &ts);
+- }
+- break;
+- }
+-#endif
+
+ #if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
+ case TARGET_NR_set_tid_address:
diff --git a/packages/qemu/qemu-0.9.1+svn/no-strip.patch b/packages/qemu/qemu-0.9.1+svn/no-strip.patch
new file mode 100644
index 0000000000..4813dd4e2b
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/no-strip.patch
@@ -0,0 +1,26 @@
+Index: trunk/Makefile
+===================================================================
+--- trunk.orig/Makefile 2008-04-24 20:15:37.000000000 +0100
++++ trunk/Makefile 2008-04-24 20:16:30.000000000 +0100
+@@ -196,7 +196,7 @@
+ install: all $(if $(BUILD_DOCS),install-doc)
+ mkdir -p "$(DESTDIR)$(bindir)"
+ ifneq ($(TOOLS),)
+- $(INSTALL) -m 755 -s $(TOOLS) "$(DESTDIR)$(bindir)"
++ $(INSTALL) -m 755 $(TOOLS) "$(DESTDIR)$(bindir)"
+ endif
+ mkdir -p "$(DESTDIR)$(datadir)"
+ set -e; for x in bios.bin vgabios.bin vgabios-cirrus.bin ppc_rom.bin \
+Index: trunk/Makefile.target
+===================================================================
+--- trunk.orig/Makefile.target 2008-04-24 20:15:37.000000000 +0100
++++ trunk/Makefile.target 2008-04-24 20:16:30.000000000 +0100
+@@ -685,7 +685,7 @@
+
+ install: all
+ ifneq ($(PROGS),)
+- $(INSTALL) -m 755 -s $(PROGS) "$(DESTDIR)$(bindir)"
++ $(INSTALL) -m 755 $(PROGS) "$(DESTDIR)$(bindir)"
+ endif
+
+ # Include automatically generated dependency files
diff --git a/packages/qemu/qemu-0.9.1+svn/qemu-0.9.0-nptl.patch b/packages/qemu/qemu-0.9.1+svn/qemu-0.9.0-nptl.patch
new file mode 100644
index 0000000000..ac68ebf460
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/qemu-0.9.0-nptl.patch
@@ -0,0 +1,1100 @@
+---
+ configure | 25 ++++++
+ exec-all.h | 165 ------------------------------------------
+ linux-user/arm/syscall.h | 4 -
+ linux-user/main.c | 94 +++++++++++++++++++++---
+ linux-user/qemu.h | 3
+ linux-user/syscall.c | 91 ++++++++++++++++++++++-
+ qemu_spinlock.h | 181 +++++++++++++++++++++++++++++++++++++++++++++++
+ target-arm/cpu.h | 10 ++
+ target-arm/op.c | 6 +
+ target-arm/translate.c | 9 ++
+ 10 files changed, 405 insertions(+), 183 deletions(-)
+
+Index: trunk/configure
+===================================================================
+--- trunk.orig/configure 2008-04-24 20:16:52.000000000 +0100
++++ trunk/configure 2008-04-24 20:16:53.000000000 +0100
+@@ -112,6 +112,7 @@
+ build_docs="no"
+ uname_release=""
+ curses="yes"
++nptl="yes"
+
+ # OS specific
+ targetos=`uname -s`
+@@ -339,6 +340,8 @@
+ ;;
+ *) echo "ERROR: unknown option $opt"; show_help="yes"
+ ;;
++ --disable-nptl) nptl="no"
++ ;;
+ esac
+ done
+
+@@ -436,6 +439,7 @@
+ echo " --disable-linux-user disable all linux usermode emulation targets"
+ echo " --enable-darwin-user enable all darwin usermode emulation targets"
+ echo " --disable-darwin-user disable all darwin usermode emulation targets"
++echo " --disable-nptl disable usermode NPTL guest support"
+ echo " --fmod-lib path to FMOD library"
+ echo " --fmod-inc path to FMOD includes"
+ echo " --enable-uname-release=R Return R for uname -r in usermode emulation"
+@@ -647,6 +651,23 @@
+ }
+ EOF
+
++# check NPTL support
++cat > $TMPC <<EOF
++#include <sched.h>
++void foo()
++{
++#ifndef CLONE_SETTLS
++#error bork
++#endif
++}
++EOF
++
++if $cc -c -o $TMPO $TMPC 2> /dev/null ; then
++ :
++else
++ nptl="no"
++fi
++
+ ##########################################
+ # SDL probe
+
+@@ -845,6 +866,7 @@
+ echo "Documentation $build_docs"
+ [ ! -z "$uname_release" ] && \
+ echo "uname -r $uname_release"
++echo "NPTL support $nptl"
+
+ if test $sdl_too_old = "yes"; then
+ echo "-> Your SDL version is too old - please upgrade to have SDL support"
+@@ -1228,6 +1250,9 @@
+ echo "#define TARGET_ARM 1" >> $config_h
+ echo "#define CONFIG_NO_DYNGEN_OP 1" >> $config_h
+ bflt="yes"
++ if test "$nptl" = "yes" ; then
++ echo "#define USE_NPTL 1" >> $config_h
++ fi
+ ;;
+ cris)
+ echo "TARGET_ARCH=cris" >> $config_mak
+Index: trunk/exec-all.h
+===================================================================
+--- trunk.orig/exec-all.h 2008-04-24 20:16:41.000000000 +0100
++++ trunk/exec-all.h 2008-04-24 20:16:53.000000000 +0100
+@@ -303,217 +303,7 @@
+ extern CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
+ extern void *io_mem_opaque[IO_MEM_NB_ENTRIES];
+
+-#if defined(__hppa__)
+-
+-typedef int spinlock_t[4];
+-
+-#define SPIN_LOCK_UNLOCKED { 1, 1, 1, 1 }
+-
+-static inline void resetlock (spinlock_t *p)
+-{
+- (*p)[0] = (*p)[1] = (*p)[2] = (*p)[3] = 1;
+-}
+-
+-#else
+-
+-typedef int spinlock_t;
+-
+-#define SPIN_LOCK_UNLOCKED 0
+-
+-static inline void resetlock (spinlock_t *p)
+-{
+- *p = SPIN_LOCK_UNLOCKED;
+-}
+-
+-#endif
+-
+-#if defined(__powerpc__)
+-static inline int testandset (int *p)
+-{
+- int ret;
+- __asm__ __volatile__ (
+- "0: lwarx %0,0,%1\n"
+- " xor. %0,%3,%0\n"
+- " bne 1f\n"
+- " stwcx. %2,0,%1\n"
+- " bne- 0b\n"
+- "1: "
+- : "=&r" (ret)
+- : "r" (p), "r" (1), "r" (0)
+- : "cr0", "memory");
+- return ret;
+-}
+-#elif defined(__i386__)
+-static inline int testandset (int *p)
+-{
+- long int readval = 0;
+-
+- __asm__ __volatile__ ("lock; cmpxchgl %2, %0"
+- : "+m" (*p), "+a" (readval)
+- : "r" (1)
+- : "cc");
+- return readval;
+-}
+-#elif defined(__x86_64__)
+-static inline int testandset (int *p)
+-{
+- long int readval = 0;
+-
+- __asm__ __volatile__ ("lock; cmpxchgl %2, %0"
+- : "+m" (*p), "+a" (readval)
+- : "r" (1)
+- : "cc");
+- return readval;
+-}
+-#elif defined(__s390__)
+-static inline int testandset (int *p)
+-{
+- int ret;
+-
+- __asm__ __volatile__ ("0: cs %0,%1,0(%2)\n"
+- " jl 0b"
+- : "=&d" (ret)
+- : "r" (1), "a" (p), "0" (*p)
+- : "cc", "memory" );
+- return ret;
+-}
+-#elif defined(__alpha__)
+-static inline int testandset (int *p)
+-{
+- int ret;
+- unsigned long one;
+-
+- __asm__ __volatile__ ("0: mov 1,%2\n"
+- " ldl_l %0,%1\n"
+- " stl_c %2,%1\n"
+- " beq %2,1f\n"
+- ".subsection 2\n"
+- "1: br 0b\n"
+- ".previous"
+- : "=r" (ret), "=m" (*p), "=r" (one)
+- : "m" (*p));
+- return ret;
+-}
+-#elif defined(__sparc__)
+-static inline int testandset (int *p)
+-{
+- int ret;
+-
+- __asm__ __volatile__("ldstub [%1], %0"
+- : "=r" (ret)
+- : "r" (p)
+- : "memory");
+-
+- return (ret ? 1 : 0);
+-}
+-#elif defined(__arm__)
+-static inline int testandset (int *spinlock)
+-{
+- register unsigned int ret;
+- __asm__ __volatile__("swp %0, %1, [%2]"
+- : "=r"(ret)
+- : "0"(1), "r"(spinlock));
+-
+- return ret;
+-}
+-#elif defined(__mc68000)
+-static inline int testandset (int *p)
+-{
+- char ret;
+- __asm__ __volatile__("tas %1; sne %0"
+- : "=r" (ret)
+- : "m" (p)
+- : "cc","memory");
+- return ret;
+-}
+-#elif defined(__hppa__)
+-
+-/* Because malloc only guarantees 8-byte alignment for malloc'd data,
+- and GCC only guarantees 8-byte alignment for stack locals, we can't
+- be assured of 16-byte alignment for atomic lock data even if we
+- specify "__attribute ((aligned(16)))" in the type declaration. So,
+- we use a struct containing an array of four ints for the atomic lock
+- type and dynamically select the 16-byte aligned int from the array
+- for the semaphore. */
+-#define __PA_LDCW_ALIGNMENT 16
+-static inline void *ldcw_align (void *p) {
+- unsigned long a = (unsigned long)p;
+- a = (a + __PA_LDCW_ALIGNMENT - 1) & ~(__PA_LDCW_ALIGNMENT - 1);
+- return (void *)a;
+-}
+-
+-static inline int testandset (spinlock_t *p)
+-{
+- unsigned int ret;
+- p = ldcw_align(p);
+- __asm__ __volatile__("ldcw 0(%1),%0"
+- : "=r" (ret)
+- : "r" (p)
+- : "memory" );
+- return !ret;
+-}
+-
+-#elif defined(__ia64)
+-
+-#include <ia64intrin.h>
+-
+-static inline int testandset (int *p)
+-{
+- return __sync_lock_test_and_set (p, 1);
+-}
+-#elif defined(__mips__)
+-static inline int testandset (int *p)
+-{
+- int ret;
+-
+- __asm__ __volatile__ (
+- " .set push \n"
+- " .set noat \n"
+- " .set mips2 \n"
+- "1: li $1, 1 \n"
+- " ll %0, %1 \n"
+- " sc $1, %1 \n"
+- " beqz $1, 1b \n"
+- " .set pop "
+- : "=r" (ret), "+R" (*p)
+- :
+- : "memory");
+-
+- return ret;
+-}
+-#else
+-#error unimplemented CPU support
+-#endif
+-
+-#if defined(CONFIG_USER_ONLY)
+-static inline void spin_lock(spinlock_t *lock)
+-{
+- while (testandset(lock));
+-}
+-
+-static inline void spin_unlock(spinlock_t *lock)
+-{
+- resetlock(lock);
+-}
+-
+-static inline int spin_trylock(spinlock_t *lock)
+-{
+- return !testandset(lock);
+-}
+-#else
+-static inline void spin_lock(spinlock_t *lock)
+-{
+-}
+-
+-static inline void spin_unlock(spinlock_t *lock)
+-{
+-}
+-
+-static inline int spin_trylock(spinlock_t *lock)
+-{
+- return 1;
+-}
+-#endif
++#include "qemu_spinlock.h"
+
+ extern spinlock_t tb_lock;
+
+Index: trunk/linux-user/arm/syscall.h
+===================================================================
+--- trunk.orig/linux-user/arm/syscall.h 2008-04-24 20:16:41.000000000 +0100
++++ trunk/linux-user/arm/syscall.h 2008-04-24 20:16:53.000000000 +0100
+@@ -28,7 +28,9 @@
+ #define ARM_SYSCALL_BASE 0x900000
+ #define ARM_THUMB_SYSCALL 0
+
+-#define ARM_NR_cacheflush (ARM_SYSCALL_BASE + 0xf0000 + 2)
++#define ARM_NR_BASE 0xf0000
++#define ARM_NR_cacheflush (ARM_NR_BASE + 2)
++#define ARM_NR_set_tls (ARM_NR_BASE + 5)
+
+ #define ARM_NR_semihosting 0x123456
+ #define ARM_NR_thumb_semihosting 0xAB
+Index: trunk/linux-user/main.c
+===================================================================
+--- trunk.orig/linux-user/main.c 2008-04-24 20:16:47.000000000 +0100
++++ trunk/linux-user/main.c 2008-04-24 20:17:38.000000000 +0100
+@@ -365,6 +365,50 @@
+ }
+ }
+
++/* Handle a jump to the kernel code page. */
++static int
++do_kernel_trap(CPUARMState *env)
++{
++ uint32_t addr;
++ uint32_t *ptr;
++ uint32_t cpsr;
++
++ switch (env->regs[15]) {
++ case 0xffff0fc0: /* __kernel_cmpxchg */
++ /* XXX: This only works between threads, not between processes.
++ Use native atomic operations. */
++ /* ??? This probably breaks horribly if the access segfaults. */
++ cpu_lock();
++ ptr = (uint32_t *)env->regs[2];
++ cpsr = cpsr_read(env);
++ if (*ptr == env->regs[0]) {
++ *ptr = env->regs[1];
++ env->regs[0] = 0;
++ cpsr |= CPSR_C;
++ } else {
++ env->regs[0] = -1;
++ cpsr &= ~CPSR_C;
++ }
++ cpsr_write(env, cpsr, CPSR_C);
++ cpu_unlock();
++ break;
++ case 0xffff0fe0: /* __kernel_get_tls */
++ env->regs[0] = env->cp15.c13_tls2;
++ break;
++ default:
++ return 1;
++ }
++ /* Jump back to the caller. */
++ addr = env->regs[14];
++ if (addr & 1) {
++ env->thumb = 1;
++ addr &= ~1;
++ }
++ env->regs[15] = addr;
++
++ return 0;
++}
++
+ void cpu_loop(CPUARMState *env)
+ {
+ int trapnr;
+@@ -475,10 +519,8 @@
+ }
+ }
+
+- if (n == ARM_NR_cacheflush) {
+- arm_cache_flush(env->regs[0], env->regs[1]);
+- } else if (n == ARM_NR_semihosting
+- || n == ARM_NR_thumb_semihosting) {
++ if (n == ARM_NR_semihosting
++ || n == ARM_NR_thumb_semihosting) {
+ env->regs[0] = do_arm_semihosting (env);
+ } else if (n == 0 || n >= ARM_SYSCALL_BASE
+ || (env->thumb && n == ARM_THUMB_SYSCALL)) {
+@@ -489,14 +531,34 @@
+ n -= ARM_SYSCALL_BASE;
+ env->eabi = 0;
+ }
+- env->regs[0] = do_syscall(env,
+- n,
+- env->regs[0],
+- env->regs[1],
+- env->regs[2],
+- env->regs[3],
+- env->regs[4],
+- env->regs[5]);
++ if ( n > ARM_NR_BASE) {
++ switch (n)
++ {
++ case ARM_NR_cacheflush:
++ arm_cache_flush(env->regs[0], env->regs[1]);
++ break;
++#ifdef USE_NPTL
++ case ARM_NR_set_tls:
++ cpu_set_tls(env, env->regs[0]);
++ env->regs[0] = 0;
++ break;
++#endif
++ default:
++ printf ("Error: Bad syscall: %x\n", n);
++ goto error;
++ }
++ }
++ else
++ {
++ env->regs[0] = do_syscall(env,
++ n,
++ env->regs[0],
++ env->regs[1],
++ env->regs[2],
++ env->regs[3],
++ env->regs[4],
++ env->regs[5]);
++ }
+ } else {
+ goto error;
+ }
+@@ -535,6 +597,10 @@
+ }
+ }
+ break;
++ case EXCP_KERNEL_TRAP:
++ if (do_kernel_trap(env))
++ goto error;
++ break;
+ default:
+ error:
+ fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
+@@ -1994,6 +2060,11 @@
+ int drop_ld_preload = 0, environ_count = 0;
+ char **target_environ, **wrk, **dst;
+
++ char *assume_kernel = getenv("QEMU_ASSUME_KERNEL");
++
++ if (assume_kernel)
++ setenv("LD_ASSUME_KERNEL", assume_kernel, 1);
++
+ if (argc <= 1)
+ usage();
+
+@@ -2403,6 +2474,10 @@
+ ts->heap_base = info->brk;
+ /* This will be filled in on the first SYS_HEAPINFO call. */
+ ts->heap_limit = 0;
++ /* Register the magic kernel code page. The cpu will generate a
++ special exception when it tries to execute code here. We can't
++ put real code here because it may be in use by the host kernel. */
++ page_set_flags(0xffff0000, 0xffff0fff, 0);
+ #endif
+
+ if (gdbstub_port) {
+Index: trunk/linux-user/qemu.h
+===================================================================
+--- trunk.orig/linux-user/qemu.h 2008-04-24 20:16:41.000000000 +0100
++++ trunk/linux-user/qemu.h 2008-04-24 20:16:53.000000000 +0100
+@@ -107,6 +107,9 @@
+ uint32_t heap_base;
+ uint32_t heap_limit;
+ #endif
++#ifdef USE_NPTL
++ uint32_t *child_tidptr;
++#endif
+ int used; /* non zero if used */
+ struct image_info *info;
+ uint8_t stack[0];
+Index: trunk/linux-user/syscall.c
+===================================================================
+--- trunk.orig/linux-user/syscall.c 2008-04-24 20:16:50.000000000 +0100
++++ trunk/linux-user/syscall.c 2008-04-24 20:19:52.000000000 +0100
+@@ -61,6 +61,7 @@
+ #define tchars host_tchars /* same as target */
+ #define ltchars host_ltchars /* same as target */
+
++#include <linux/futex.h>
+ #include <linux/termios.h>
+ #include <linux/unistd.h>
+ #include <linux/utsname.h>
+@@ -71,9 +72,18 @@
+ #include <linux/kd.h>
+
+ #include "qemu.h"
++#include "qemu_spinlock.h"
+
+ //#define DEBUG
+
++#ifdef USE_NPTL
++#define CLONE_NPTL_FLAGS2 (CLONE_SETTLS | \
++ CLONE_PARENT_SETTID | CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)
++#else
++/* XXX: Hardcode the above values. */
++#define CLONE_NPTL_FLAGS2 0
++#endif
++
+ #if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_SPARC) \
+ || defined(TARGET_M68K) || defined(TARGET_SH4) || defined(TARGET_CRIS)
+ /* 16 bit uid wrappers emulation */
+@@ -2695,16 +2705,25 @@
+ return 0;
+ }
+ #endif
+-
+ #endif /* defined(TARGET_I386) */
+
+ /* this stack is the equivalent of the kernel stack associated with a
+ thread/process */
+ #define NEW_STACK_SIZE 8192
+
++#ifdef USE_NPTL
++static spinlock_t nptl_lock = SPIN_LOCK_UNLOCKED;
++#endif
++
+ static int clone_func(void *arg)
+ {
+ CPUState *env = arg;
++#ifdef HAVE_NPTL
++ /* Wait until the parent has finshed initializing the tls state. */
++ while (!spin_trylock(&nptl_lock))
++ usleep(1);
++ spin_unlock(&nptl_lock);
++#endif
+ cpu_loop(env);
+ /* never exits */
+ return 0;
+@@ -2712,15 +2731,27 @@
+
+ /* do_fork() Must return host values and target errnos (unlike most
+ do_*() functions). */
+-int do_fork(CPUState *env, unsigned int flags, abi_ulong newsp)
++int do_fork(CPUState *env, unsigned int flags, unsigned long newsp,
++ uint32_t *parent_tidptr, void *newtls,
++ uint32_t *child_tidptr)
+ {
+ int ret;
+ TaskState *ts;
+ uint8_t *new_stack;
+ CPUState *new_env;
++#if defined(TARGET_I386)
++ uint64_t *new_gdt_table;
++#endif
++#ifdef USE_NPTL
++ unsigned int nptl_flags;
+
++ if (flags & CLONE_PARENT_SETTID)
++ *parent_tidptr = gettid();
++#endif
+ if (flags & CLONE_VM) {
+ ts = malloc(sizeof(TaskState) + NEW_STACK_SIZE);
++ if (!ts)
++ return -ENOMEM;
+ memset(ts, 0, sizeof(TaskState));
+ new_stack = ts->stack;
+ ts->used = 1;
+@@ -2732,6 +2763,29 @@
+ #if defined(TARGET_I386)
+ if (!newsp)
+ newsp = env->regs[R_ESP];
++ new_gdt_table = malloc(9 * 8);
++ if (!new_gdt_table) {
++ free(new_env);
++ return -ENOMEM;
++ }
++ /* Copy main GDT table from parent, but clear TLS entries */
++ memcpy(new_gdt_table, g2h(env->gdt.base), 6 * 8);
++ memset(&new_gdt_table[6], 0, 3 * 8);
++ new_env->gdt.base = h2g(new_gdt_table);
++ if (flags & 0x00080000 /* CLONE_SETTLS */) {
++ ret = do_set_thread_area(new_env, new_env->regs[R_ESI]);
++ if (ret) {
++ free(new_gdt_table);
++ free(new_env);
++ return ret;
++ }
++ }
++ cpu_x86_load_seg(env, R_CS, new_env->regs[R_CS]);
++ cpu_x86_load_seg(env, R_DS, new_env->regs[R_DS]);
++ cpu_x86_load_seg(env, R_ES, new_env->regs[R_ES]);
++ cpu_x86_load_seg(env, R_SS, new_env->regs[R_SS]);
++ cpu_x86_load_seg(env, R_FS, new_env->regs[R_FS]);
++ cpu_x86_load_seg(env, R_GS, new_env->regs[R_GS]);
+ new_env->regs[R_ESP] = newsp;
+ new_env->regs[R_EAX] = 0;
+ #elif defined(TARGET_ARM)
+@@ -2784,16 +2838,67 @@
+ #error unsupported target CPU
+ #endif
+ new_env->opaque = ts;
++#ifdef USE_NPTL
++ nptl_flags = flags;
++ flags &= ~CLONE_NPTL_FLAGS2;
++
++ if (nptl_flags & CLONE_CHILD_CLEARTID) {
++ ts->child_tidptr = child_tidptr;
++ }
++
++ if (nptl_flags & CLONE_SETTLS)
++ cpu_set_tls (new_env, newtls);
++
++ /* Grab the global cpu lock so that the thread setup appears
++ atomic. */
++ if (nptl_flags & CLONE_CHILD_SETTID)
++ spin_lock(&nptl_lock);
++
++#else
++ if (flags & CLONE_NPTL_FLAGS2)
++ return -EINVAL;
++#endif
++
++ if (CLONE_VFORK & flags)
++ flags ^= CLONE_VM;
+ #ifdef __ia64__
+ ret = __clone2(clone_func, new_stack + NEW_STACK_SIZE, flags, new_env);
+ #else
+ ret = clone(clone_func, new_stack + NEW_STACK_SIZE, flags, new_env);
+ #endif
++#ifdef USE_NPTL
++ if (ret != -1) {
++ if (nptl_flags & CLONE_CHILD_SETTID)
++ *child_tidptr = ret;
++ }
++
++ /* Allow the child to continue. */
++ if (nptl_flags & CLONE_CHILD_SETTID)
++ spin_unlock(&nptl_lock);
++#endif
+ } else {
+ /* if no CLONE_VM, we consider it is a fork */
+- if ((flags & ~CSIGNAL) != 0)
++ if ((flags & ~(CSIGNAL | CLONE_NPTL_FLAGS2)) != 0)
+ return -EINVAL;
+ ret = fork();
++#ifdef USE_NPTL
++ /* There is a race condition here. The parent process could
++ theoretically read the TID in the child process before the child
++ tid is set. This would require using either ptrace
++ (not implemented) or having *_tidptr to point at a shared memory
++ mapping. We can't repeat the spinlock hack used above because
++ the child process gets its own copy of the lock. */
++ if (ret == 0) {
++ /* Child Process. */
++ if (flags & CLONE_CHILD_SETTID)
++ *child_tidptr = gettid();
++ ts = (TaskState *)env->opaque;
++ if (flags & CLONE_CHILD_CLEARTID)
++ ts->child_tidptr = child_tidptr;
++ if (flags & CLONE_SETTLS)
++ cpu_set_tls (env, newtls);
++ }
++#endif
+ }
+ return ret;
+ }
+@@ -3052,6 +3157,68 @@
+ unlock_user_struct(target_ts, target_addr, 1);
+ }
+
++static long do_futex(target_ulong uaddr, int op, uint32_t val,
++ target_ulong utime, target_ulong uaddr2,
++ uint32_t val3)
++{
++ struct timespec host_utime;
++ unsigned long val2 = utime;
++
++ if (utime && (op == FUTEX_WAIT || op == FUTEX_LOCK_PI)) {
++ target_to_host_timespec(&host_utime, utime);
++ val2 = (unsigned long)&host_utime;
++ }
++
++#ifdef BSWAP_NEEDED
++ switch(op) {
++ case FUTEX_CMP_REQUEUE:
++ val3 = tswap32(val3);
++ case FUTEX_REQUEUE:
++ val2 = tswap32(val2);
++ case FUTEX_WAIT:
++ case FUTEX_WAKE:
++ val = tswap32(val);
++ case FUTEX_LOCK_PI: /* This one's icky, but comes out OK */
++ case FUTEX_UNLOCK_PI:
++ break;
++ default:
++ gemu_log("qemu: Unsupported futex op %d\n", op);
++ return -ENOSYS;
++ }
++#if 0 /* No, it's worse than this */
++ if (op == FUTEX_WAKE_OP) {
++ /* Need to munge the secondary operation (val3) */
++ val3 = tswap32(val3);
++ int op2 = (val3 >> 28) & 7;
++ int cmp = (val3 >> 24) & 15;
++ int oparg = (val3 << 8) >> 20;
++ int cmparg = (val3 << 20) >> 20;
++ int shift = val3 & (FUTEX_OP_OPARG_SHIFT << 28);
++
++ if (shift)
++ oparg = (oparg & 7) + 24 - (oparg & 24);
++ else oparg =
++ if (op2 == FUTEX_OP_ADD) {
++ gemu_log("qemu: Unsupported wrong-endian FUTEX_OP_ADD\n");
++ return -ENOSYS;
++ }
++ if (cmparg == FUTEX_OP_CMP_LT || cmparg == FUTEX_OP_CMP_GE ||
++ cmparg == FUTEX_OP_CMP_LE || cmparg == FUTEX_OP_CMP_GT) {
++ gemu_log("qemu: Unsupported wrong-endian futex cmparg %d\n", cmparg);
++ return -ENOSYS;
++ }
++ val3 = shift | (op2<<28) | (cmp<<24) | (oparg<<12) | cmparg;
++ }
++#endif
++#endif
++ return syscall(__NR_futex, g2h(uaddr), op, val, val2, g2h(uaddr2), val3);
++}
++
++int do_set_tid_address(target_ulong tidptr)
++{
++ return syscall(__NR_set_tid_address, g2h(tidptr));
++}
++
+ /* do_syscall() should always have a single exit point at the end so
+ that actions, such as logging of syscall results, can be performed.
+ All errnos that do_syscall() returns must be -TARGET_<errcode>. */
+@@ -3076,7 +3243,7 @@
+ _mcleanup();
+ #endif
+ gdb_exit(cpu_env, arg1);
+- /* XXX: should free thread stack and CPU env */
++ /* XXX: should free thread stack, GDT and CPU env */
+ _exit(arg1);
+ ret = 0; /* avoid warning */
+ break;
+@@ -3118,7 +3285,7 @@
+ ret = do_brk(arg1);
+ break;
+ case TARGET_NR_fork:
+- ret = get_errno(do_fork(cpu_env, SIGCHLD, 0));
++ ret = get_errno(do_fork(cpu_env, SIGCHLD, 0, NULL, NULL, NULL));
+ break;
+ #ifdef TARGET_NR_waitpid
+ case TARGET_NR_waitpid:
+@@ -4482,7 +4649,8 @@
+ ret = get_errno(fsync(arg1));
+ break;
+ case TARGET_NR_clone:
+- ret = get_errno(do_fork(cpu_env, arg1, arg2));
++ ret = get_errno(do_fork(cpu_env, arg1, arg2, (uint32_t *)arg3,
++ (void *)arg4, (uint32_t *)arg5));
+ break;
+ #ifdef __NR_exit_group
+ /* new thread calls */
+@@ -4943,7 +5111,8 @@
+ #endif
+ #ifdef TARGET_NR_vfork
+ case TARGET_NR_vfork:
+- ret = get_errno(do_fork(cpu_env, CLONE_VFORK | CLONE_VM | SIGCHLD, 0));
++ ret = get_errno(do_fork(cpu_env, CLONE_VFORK | CLONE_VM | SIGCHLD, 0,
++ NULL, NULL, NULL));
+ break;
+ #endif
+ #ifdef TARGET_NR_ugetrlimit
+@@ -5521,6 +5690,9 @@
+ #elif defined(TARGET_I386) && defined(TARGET_ABI32)
+ ret = do_set_thread_area(cpu_env, arg1);
+ break;
++#elif TARGET_i386
++ ret = get_errno(do_set_thread_area(cpu_env, arg1));
++ break;
+ #else
+ goto unimplemented_nowarn;
+ #endif
+@@ -5538,6 +5710,12 @@
+ goto unimplemented_nowarn;
+ #endif
+
++#ifdef TARGET_NR_futex
++ case TARGET_NR_futex:
++ ret = get_errno(do_futex(arg1, arg2, arg3, arg4, arg5, arg6));
++ break;
++#endif
++
+ #ifdef TARGET_NR_clock_gettime
+ case TARGET_NR_clock_gettime:
+ {
+Index: trunk/qemu_spinlock.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ trunk/qemu_spinlock.h 2008-04-24 20:16:53.000000000 +0100
+@@ -0,0 +1,250 @@
++/*
++ * Atomic operation helper include
++ *
++ * Copyright (c) 2005 Fabrice Bellard
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++ */
++#ifndef QEMU_SPINLOCK_H
++#define QEMU_SPINLOCK_H
++
++#ifdef __powerpc__
++static inline int testandset (int *p)
++{
++ int ret;
++ __asm__ __volatile__ (
++ "0: lwarx %0,0,%1\n"
++ " xor. %0,%3,%0\n"
++ " bne 1f\n"
++ " stwcx. %2,0,%1\n"
++ " bne- 0b\n"
++ "1: "
++ : "=&r" (ret)
++ : "r" (p), "r" (1), "r" (0)
++ : "cr0", "memory");
++ return ret;
++}
++#endif
++
++#ifdef __i386__
++static inline int testandset (int *p)
++{
++ long int readval = 0;
++
++ __asm__ __volatile__ ("lock; cmpxchgl %2, %0"
++ : "+m" (*p), "+a" (readval)
++ : "r" (1)
++ : "cc");
++ return readval;
++}
++#endif
++
++#ifdef __x86_64__
++static inline int testandset (int *p)
++{
++ long int readval = 0;
++
++ __asm__ __volatile__ ("lock; cmpxchgl %2, %0"
++ : "+m" (*p), "+a" (readval)
++ : "r" (1)
++ : "cc");
++ return readval;
++}
++#endif
++
++#ifdef __s390__
++static inline int testandset (int *p)
++{
++ int ret;
++
++ __asm__ __volatile__ ("0: cs %0,%1,0(%2)\n"
++ " jl 0b"
++ : "=&d" (ret)
++ : "r" (1), "a" (p), "0" (*p)
++ : "cc", "memory" );
++ return ret;
++}
++#endif
++
++#ifdef __alpha__
++static inline int testandset (int *p)
++{
++ int ret;
++ unsigned long one;
++
++ __asm__ __volatile__ ("0: mov 1,%2\n"
++ " ldl_l %0,%1\n"
++ " stl_c %2,%1\n"
++ " beq %2,1f\n"
++ ".subsection 2\n"
++ "1: br 0b\n"
++ ".previous"
++ : "=r" (ret), "=m" (*p), "=r" (one)
++ : "m" (*p));
++ return ret;
++}
++#endif
++
++#ifdef __sparc__
++static inline int testandset (int *p)
++{
++ int ret;
++
++ __asm__ __volatile__("ldstub [%1], %0"
++ : "=r" (ret)
++ : "r" (p)
++ : "memory");
++
++ return (ret ? 1 : 0);
++}
++#endif
++
++#ifdef __arm__
++static inline int testandset (int *spinlock)
++{
++ register unsigned int ret;
++ __asm__ __volatile__("swp %0, %1, [%2]"
++ : "=r"(ret)
++ : "0"(1), "r"(spinlock));
++
++ return ret;
++}
++#endif
++
++#ifdef __mc68000
++static inline int testandset (int *p)
++{
++ char ret;
++ __asm__ __volatile__("tas %1; sne %0"
++ : "=r" (ret)
++ : "m" (p)
++ : "cc","memory");
++ return ret;
++}
++#endif
++
++#ifdef __hppa__
++/* Because malloc only guarantees 8-byte alignment for malloc'd data,
++ and GCC only guarantees 8-byte alignment for stack locals, we can't
++ be assured of 16-byte alignment for atomic lock data even if we
++ specify "__attribute ((aligned(16)))" in the type declaration. So,
++ we use a struct containing an array of four ints for the atomic lock
++ type and dynamically select the 16-byte aligned int from the array
++ for the semaphore. */
++#define __PA_LDCW_ALIGNMENT 16
++static inline void *ldcw_align (void *p) {
++ unsigned long a = (unsigned long)p;
++ a = (a + __PA_LDCW_ALIGNMENT - 1) & ~(__PA_LDCW_ALIGNMENT - 1);
++ return (void *)a;
++}
++
++static inline int testandset (spinlock_t *p)
++{
++ unsigned int ret;
++ p = ldcw_align(p);
++ __asm__ __volatile__("ldcw 0(%1),%0"
++ : "=r" (ret)
++ : "r" (p)
++ : "memory" );
++ return !ret;
++}
++#endif
++
++#ifdef __ia64
++#include <ia64intrin.h>
++
++static inline int testandset (int *p)
++{
++ return __sync_lock_test_and_set (p, 1);
++}
++#endif
++
++#ifdef __mips__
++static inline int testandset (int *p)
++{
++ int ret;
++
++ __asm__ __volatile__ (
++ " .set push \n"
++ " .set noat \n"
++ " .set mips2 \n"
++ "1: li $1, 1 \n"
++ " ll %0, %1 \n"
++ " sc $1, %1 \n"
++ " beqz $1, 1b \n"
++ " .set pop "
++ : "=r" (ret), "+R" (*p)
++ :
++ : "memory");
++
++ return ret;
++}
++#endif
++
++#if defined(__hppa__)
++
++typedef int spinlock_t[4];
++
++#define SPIN_LOCK_UNLOCKED { 1, 1, 1, 1 }
++
++static inline void resetlock (spinlock_t *p)
++{
++ (*p)[0] = (*p)[1] = (*p)[2] = (*p)[3] = 1;
++}
++
++#else
++
++typedef int spinlock_t;
++
++#define SPIN_LOCK_UNLOCKED 0
++
++static inline void resetlock (spinlock_t *p)
++{
++ *p = SPIN_LOCK_UNLOCKED;
++}
++
++#endif
++
++#if defined(CONFIG_USER_ONLY)
++static inline void spin_lock(spinlock_t *lock)
++{
++ while (testandset(lock));
++}
++
++static inline void spin_unlock(spinlock_t *lock)
++{
++ resetlock(lock);
++}
++
++static inline int spin_trylock(spinlock_t *lock)
++{
++ return !testandset(lock);
++}
++#else
++static inline void spin_lock(spinlock_t *lock)
++{
++}
++
++static inline void spin_unlock(spinlock_t *lock)
++{
++}
++
++static inline int spin_trylock(spinlock_t *lock)
++{
++ return 1;
++}
++#endif
++
++#endif
+Index: trunk/target-arm/cpu.h
+===================================================================
+--- trunk.orig/target-arm/cpu.h 2008-04-24 20:16:41.000000000 +0100
++++ trunk/target-arm/cpu.h 2008-04-24 20:16:53.000000000 +0100
+@@ -38,6 +38,7 @@
+ #define EXCP_FIQ 6
+ #define EXCP_BKPT 7
+ #define EXCP_EXCEPTION_EXIT 8 /* Return from v7M exception. */
++#define EXCP_KERNEL_TRAP 9 /* Jumped to kernel code page. */
+
+ #define ARMV7M_EXCP_RESET 1
+ #define ARMV7M_EXCP_NMI 2
+@@ -218,6 +219,15 @@
+ void cpu_lock(void);
+ void cpu_unlock(void);
+
++void cpu_lock(void);
++void cpu_unlock(void);
++#if defined(USE_NPTL)
++static inline void cpu_set_tls(CPUARMState *env, void *newtls)
++{
++ env->cp15.c13_tls2 = (uint32_t)(long)newtls;
++}
++#endif
++
+ #define CPSR_M (0x1f)
+ #define CPSR_T (1 << 5)
+ #define CPSR_F (1 << 6)
+Index: trunk/target-arm/translate.c
+===================================================================
+--- trunk.orig/target-arm/translate.c 2008-04-24 20:16:41.000000000 +0100
++++ trunk/target-arm/translate.c 2008-04-24 20:16:53.000000000 +0100
+@@ -8606,7 +8606,14 @@
+ gen_exception(EXCP_EXCEPTION_EXIT);
+ }
+ #endif
+-
++#ifdef CONFIG_USER_ONLY
++ /* Intercept jump to the magic kernel page. */
++ if (dc->pc > 0xffff0000) {
++ gen_exception(EXCP_KERNEL_TRAP);
++ dc->is_jmp = DISAS_UPDATE;
++ break;
++ }
++#endif
+ if (env->nb_breakpoints > 0) {
+ for(j = 0; j < env->nb_breakpoints; j++) {
+ if (env->breakpoints[j] == dc->pc) {
diff --git a/packages/qemu/qemu-0.9.1+svn/qemu-amd64-32b-mapping-0.9.0.patch b/packages/qemu/qemu-0.9.1+svn/qemu-amd64-32b-mapping-0.9.0.patch
new file mode 100644
index 0000000000..02f093abb9
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/qemu-amd64-32b-mapping-0.9.0.patch
@@ -0,0 +1,37 @@
+---
+ linux-user/mmap.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+Index: trunk/linux-user/mmap.c
+===================================================================
+--- trunk.orig/linux-user/mmap.c 2008-04-24 20:15:37.000000000 +0100
++++ trunk/linux-user/mmap.c 2008-04-24 20:16:16.000000000 +0100
+@@ -29,6 +29,10 @@
+
+ //#define DEBUG_MMAP
+
++#ifndef MAP_32BIT
++#define MAP_32BIT 0
++#endif
++
+ /* NOTE: all the constants are the HOST ones, but addresses are target. */
+ int target_mprotect(abi_ulong start, abi_ulong len, int prot)
+ {
+@@ -251,7 +255,7 @@
+ especially important if qemu_host_page_size >
+ qemu_real_host_page_size */
+ p = mmap(g2h(mmap_start),
+- host_len, prot, flags | MAP_FIXED, fd, host_offset);
++ host_len, prot, flags | MAP_FIXED | MAP_32BIT, fd, host_offset);
+ if (p == MAP_FAILED)
+ return -1;
+ /* update start so that it points to the file position at 'offset' */
+@@ -406,7 +410,7 @@
+ unsigned long host_addr;
+
+ /* XXX: use 5 args syscall */
+- host_addr = (long)mremap(g2h(old_addr), old_size, new_size, flags);
++ host_addr = (long)mremap(g2h(old_addr), old_size, new_size, flags | MAP_32BIT);
+ if (host_addr == -1)
+ return -1;
+ new_addr = h2g(host_addr);
diff --git a/packages/qemu/qemu-0.9.1+svn/qemu-n800-support.patch b/packages/qemu/qemu-0.9.1+svn/qemu-n800-support.patch
new file mode 100644
index 0000000000..1224fb4cbd
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/qemu-n800-support.patch
@@ -0,0 +1,2381 @@
+diff -urN 4242/cpu-all.h qemu-omap/cpu-all.h
+--- 4242/cpu-all.h 2008-04-24 21:26:19.000000000 +0100
++++ qemu-omap/cpu-all.h 2008-04-23 09:57:55.000000000 +0100
+@@ -816,7 +816,7 @@
+ /* physical memory access */
+ #define TLB_INVALID_MASK (1 << 3)
+ #define IO_MEM_SHIFT 4
+-#define IO_MEM_NB_ENTRIES (1 << (TARGET_PAGE_BITS - IO_MEM_SHIFT))
++#define IO_MEM_NB_ENTRIES (16 << (TARGET_PAGE_BITS - IO_MEM_SHIFT))
+
+ #define IO_MEM_RAM (0 << IO_MEM_SHIFT) /* hardcoded offset */
+ #define IO_MEM_ROM (1 << IO_MEM_SHIFT) /* hardcoded offset */
+diff -urN 4242/exec.c qemu-omap/exec.c
+--- 4242/exec.c 2008-04-24 18:11:49.000000000 +0100
++++ qemu-omap/exec.c 2008-04-23 09:57:55.000000000 +0100
+@@ -1664,7 +1664,7 @@
+ {
+ if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
+ /* IO memory case */
+- address = vaddr | pd;
++ address = vaddr | (pd & ~TARGET_PAGE_MASK);
+ addend = paddr;
+ } else {
+ /* standard memory */
+@@ -1698,7 +1698,9 @@
+ } else {
+ te->addr_read = -1;
+ }
+- if (prot & PAGE_EXEC) {
++ if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
++ te->addr_code = pd;
++ } else if (prot & PAGE_EXEC) {
+ te->addr_code = address;
+ } else {
+ te->addr_code = -1;
+@@ -2493,7 +2495,9 @@
+ if (io_index <= 0) {
+ if (io_mem_nb >= IO_MEM_NB_ENTRIES)
+ return -1;
+- io_index = io_mem_nb++;
++ do io_index = io_mem_nb++;
++ while (((io_index << IO_MEM_SHIFT) & ~TARGET_PAGE_MASK)
++ <= IO_MEM_NOTDIRTY);
+ } else {
+ if (io_index >= IO_MEM_NB_ENTRIES)
+ return -1;
+diff -urN 4242/hw/max7310.c qemu-omap/hw/max7310.c
+--- 4242/hw/max7310.c 2008-04-24 18:11:49.000000000 +0100
++++ qemu-omap/hw/max7310.c 2008-03-02 19:31:55.000000000 +0000
+@@ -134,8 +134,8 @@
+ s->i2c_command_byte = 1;
+ break;
+ case I2C_FINISH:
+- if (s->len == 1)
+ #ifdef VERBOSE
++ if (s->len == 1)
+ printf("%s: message too short (%i bytes)\n", __FUNCTION__, s->len);
+ #endif
+ break;
+diff -urN 4242/hw/ndis.h qemu-omap/hw/ndis.h
+--- 4242/hw/ndis.h 1970-01-01 01:00:00.000000000 +0100
++++ qemu-omap/hw/ndis.h 2008-04-23 09:57:56.000000000 +0100
+@@ -0,0 +1,217 @@
++/*
++ * ndis.h
++ *
++ * ntddndis.h modified by Benedikt Spranger <b.spranger@pengutronix.de>
++ *
++ * Thanks to the cygwin development team,
++ * espacially to Casper S. Hornstrup <chorns@users.sourceforge.net>
++ *
++ * THIS SOFTWARE IS NOT COPYRIGHTED
++ *
++ * This source code is offered for use in the public domain. You may
++ * use, modify or distribute it freely.
++ *
++ * This code is distributed in the hope that it will be useful but
++ * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
++ * DISCLAIMED. This includes but is not limited to warranties of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
++ *
++ */
++
++#ifndef _LINUX_NDIS_H
++#define _LINUX_NDIS_H
++
++
++#define NDIS_STATUS_MULTICAST_FULL 0xC0010009
++#define NDIS_STATUS_MULTICAST_EXISTS 0xC001000A
++#define NDIS_STATUS_MULTICAST_NOT_FOUND 0xC001000B
++
++enum NDIS_DEVICE_POWER_STATE {
++ NdisDeviceStateUnspecified = 0,
++ NdisDeviceStateD0,
++ NdisDeviceStateD1,
++ NdisDeviceStateD2,
++ NdisDeviceStateD3,
++ NdisDeviceStateMaximum
++};
++
++struct NDIS_PM_WAKE_UP_CAPABILITIES {
++ enum NDIS_DEVICE_POWER_STATE MinMagicPacketWakeUp;
++ enum NDIS_DEVICE_POWER_STATE MinPatternWakeUp;
++ enum NDIS_DEVICE_POWER_STATE MinLinkChangeWakeUp;
++};
++
++/* NDIS_PNP_CAPABILITIES.Flags constants */
++#define NDIS_DEVICE_WAKE_UP_ENABLE 0x00000001
++#define NDIS_DEVICE_WAKE_ON_PATTERN_MATCH_ENABLE 0x00000002
++#define NDIS_DEVICE_WAKE_ON_MAGIC_PACKET_ENABLE 0x00000004
++
++struct NDIS_PNP_CAPABILITIES {
++ __le32 Flags;
++ struct NDIS_PM_WAKE_UP_CAPABILITIES WakeUpCapabilities;
++};
++
++struct NDIS_PM_PACKET_PATTERN {
++ __le32 Priority;
++ __le32 Reserved;
++ __le32 MaskSize;
++ __le32 PatternOffset;
++ __le32 PatternSize;
++ __le32 PatternFlags;
++};
++
++
++/* Required Object IDs (OIDs) */
++#define OID_GEN_SUPPORTED_LIST 0x00010101
++#define OID_GEN_HARDWARE_STATUS 0x00010102
++#define OID_GEN_MEDIA_SUPPORTED 0x00010103
++#define OID_GEN_MEDIA_IN_USE 0x00010104
++#define OID_GEN_MAXIMUM_LOOKAHEAD 0x00010105
++#define OID_GEN_MAXIMUM_FRAME_SIZE 0x00010106
++#define OID_GEN_LINK_SPEED 0x00010107
++#define OID_GEN_TRANSMIT_BUFFER_SPACE 0x00010108
++#define OID_GEN_RECEIVE_BUFFER_SPACE 0x00010109
++#define OID_GEN_TRANSMIT_BLOCK_SIZE 0x0001010A
++#define OID_GEN_RECEIVE_BLOCK_SIZE 0x0001010B
++#define OID_GEN_VENDOR_ID 0x0001010C
++#define OID_GEN_VENDOR_DESCRIPTION 0x0001010D
++#define OID_GEN_CURRENT_PACKET_FILTER 0x0001010E
++#define OID_GEN_CURRENT_LOOKAHEAD 0x0001010F
++#define OID_GEN_DRIVER_VERSION 0x00010110
++#define OID_GEN_MAXIMUM_TOTAL_SIZE 0x00010111
++#define OID_GEN_PROTOCOL_OPTIONS 0x00010112
++#define OID_GEN_MAC_OPTIONS 0x00010113
++#define OID_GEN_MEDIA_CONNECT_STATUS 0x00010114
++#define OID_GEN_MAXIMUM_SEND_PACKETS 0x00010115
++#define OID_GEN_VENDOR_DRIVER_VERSION 0x00010116
++#define OID_GEN_SUPPORTED_GUIDS 0x00010117
++#define OID_GEN_NETWORK_LAYER_ADDRESSES 0x00010118
++#define OID_GEN_TRANSPORT_HEADER_OFFSET 0x00010119
++#define OID_GEN_MACHINE_NAME 0x0001021A
++#define OID_GEN_RNDIS_CONFIG_PARAMETER 0x0001021B
++#define OID_GEN_VLAN_ID 0x0001021C
++
++/* Optional OIDs */
++#define OID_GEN_MEDIA_CAPABILITIES 0x00010201
++#define OID_GEN_PHYSICAL_MEDIUM 0x00010202
++
++/* Required statistics OIDs */
++#define OID_GEN_XMIT_OK 0x00020101
++#define OID_GEN_RCV_OK 0x00020102
++#define OID_GEN_XMIT_ERROR 0x00020103
++#define OID_GEN_RCV_ERROR 0x00020104
++#define OID_GEN_RCV_NO_BUFFER 0x00020105
++
++/* Optional statistics OIDs */
++#define OID_GEN_DIRECTED_BYTES_XMIT 0x00020201
++#define OID_GEN_DIRECTED_FRAMES_XMIT 0x00020202
++#define OID_GEN_MULTICAST_BYTES_XMIT 0x00020203
++#define OID_GEN_MULTICAST_FRAMES_XMIT 0x00020204
++#define OID_GEN_BROADCAST_BYTES_XMIT 0x00020205
++#define OID_GEN_BROADCAST_FRAMES_XMIT 0x00020206
++#define OID_GEN_DIRECTED_BYTES_RCV 0x00020207
++#define OID_GEN_DIRECTED_FRAMES_RCV 0x00020208
++#define OID_GEN_MULTICAST_BYTES_RCV 0x00020209
++#define OID_GEN_MULTICAST_FRAMES_RCV 0x0002020A
++#define OID_GEN_BROADCAST_BYTES_RCV 0x0002020B
++#define OID_GEN_BROADCAST_FRAMES_RCV 0x0002020C
++#define OID_GEN_RCV_CRC_ERROR 0x0002020D
++#define OID_GEN_TRANSMIT_QUEUE_LENGTH 0x0002020E
++#define OID_GEN_GET_TIME_CAPS 0x0002020F
++#define OID_GEN_GET_NETCARD_TIME 0x00020210
++#define OID_GEN_NETCARD_LOAD 0x00020211
++#define OID_GEN_DEVICE_PROFILE 0x00020212
++#define OID_GEN_INIT_TIME_MS 0x00020213
++#define OID_GEN_RESET_COUNTS 0x00020214
++#define OID_GEN_MEDIA_SENSE_COUNTS 0x00020215
++#define OID_GEN_FRIENDLY_NAME 0x00020216
++#define OID_GEN_MINIPORT_INFO 0x00020217
++#define OID_GEN_RESET_VERIFY_PARAMETERS 0x00020218
++
++/* IEEE 802.3 (Ethernet) OIDs */
++#define NDIS_802_3_MAC_OPTION_PRIORITY 0x00000001
++
++#define OID_802_3_PERMANENT_ADDRESS 0x01010101
++#define OID_802_3_CURRENT_ADDRESS 0x01010102
++#define OID_802_3_MULTICAST_LIST 0x01010103
++#define OID_802_3_MAXIMUM_LIST_SIZE 0x01010104
++#define OID_802_3_MAC_OPTIONS 0x01010105
++#define OID_802_3_RCV_ERROR_ALIGNMENT 0x01020101
++#define OID_802_3_XMIT_ONE_COLLISION 0x01020102
++#define OID_802_3_XMIT_MORE_COLLISIONS 0x01020103
++#define OID_802_3_XMIT_DEFERRED 0x01020201
++#define OID_802_3_XMIT_MAX_COLLISIONS 0x01020202
++#define OID_802_3_RCV_OVERRUN 0x01020203
++#define OID_802_3_XMIT_UNDERRUN 0x01020204
++#define OID_802_3_XMIT_HEARTBEAT_FAILURE 0x01020205
++#define OID_802_3_XMIT_TIMES_CRS_LOST 0x01020206
++#define OID_802_3_XMIT_LATE_COLLISIONS 0x01020207
++
++/* OID_GEN_MINIPORT_INFO constants */
++#define NDIS_MINIPORT_BUS_MASTER 0x00000001
++#define NDIS_MINIPORT_WDM_DRIVER 0x00000002
++#define NDIS_MINIPORT_SG_LIST 0x00000004
++#define NDIS_MINIPORT_SUPPORTS_MEDIA_QUERY 0x00000008
++#define NDIS_MINIPORT_INDICATES_PACKETS 0x00000010
++#define NDIS_MINIPORT_IGNORE_PACKET_QUEUE 0x00000020
++#define NDIS_MINIPORT_IGNORE_REQUEST_QUEUE 0x00000040
++#define NDIS_MINIPORT_IGNORE_TOKEN_RING_ERRORS 0x00000080
++#define NDIS_MINIPORT_INTERMEDIATE_DRIVER 0x00000100
++#define NDIS_MINIPORT_IS_NDIS_5 0x00000200
++#define NDIS_MINIPORT_IS_CO 0x00000400
++#define NDIS_MINIPORT_DESERIALIZE 0x00000800
++#define NDIS_MINIPORT_REQUIRES_MEDIA_POLLING 0x00001000
++#define NDIS_MINIPORT_SUPPORTS_MEDIA_SENSE 0x00002000
++#define NDIS_MINIPORT_NETBOOT_CARD 0x00004000
++#define NDIS_MINIPORT_PM_SUPPORTED 0x00008000
++#define NDIS_MINIPORT_SUPPORTS_MAC_ADDRESS_OVERWRITE 0x00010000
++#define NDIS_MINIPORT_USES_SAFE_BUFFER_APIS 0x00020000
++#define NDIS_MINIPORT_HIDDEN 0x00040000
++#define NDIS_MINIPORT_SWENUM 0x00080000
++#define NDIS_MINIPORT_SURPRISE_REMOVE_OK 0x00100000
++#define NDIS_MINIPORT_NO_HALT_ON_SUSPEND 0x00200000
++#define NDIS_MINIPORT_HARDWARE_DEVICE 0x00400000
++#define NDIS_MINIPORT_SUPPORTS_CANCEL_SEND_PACKETS 0x00800000
++#define NDIS_MINIPORT_64BITS_DMA 0x01000000
++
++#define NDIS_MEDIUM_802_3 0x00000000
++#define NDIS_MEDIUM_802_5 0x00000001
++#define NDIS_MEDIUM_FDDI 0x00000002
++#define NDIS_MEDIUM_WAN 0x00000003
++#define NDIS_MEDIUM_LOCAL_TALK 0x00000004
++#define NDIS_MEDIUM_DIX 0x00000005
++#define NDIS_MEDIUM_ARCENT_RAW 0x00000006
++#define NDIS_MEDIUM_ARCENT_878_2 0x00000007
++#define NDIS_MEDIUM_ATM 0x00000008
++#define NDIS_MEDIUM_WIRELESS_LAN 0x00000009
++#define NDIS_MEDIUM_IRDA 0x0000000A
++#define NDIS_MEDIUM_BPC 0x0000000B
++#define NDIS_MEDIUM_CO_WAN 0x0000000C
++#define NDIS_MEDIUM_1394 0x0000000D
++
++#define NDIS_PACKET_TYPE_DIRECTED 0x00000001
++#define NDIS_PACKET_TYPE_MULTICAST 0x00000002
++#define NDIS_PACKET_TYPE_ALL_MULTICAST 0x00000004
++#define NDIS_PACKET_TYPE_BROADCAST 0x00000008
++#define NDIS_PACKET_TYPE_SOURCE_ROUTING 0x00000010
++#define NDIS_PACKET_TYPE_PROMISCUOUS 0x00000020
++#define NDIS_PACKET_TYPE_SMT 0x00000040
++#define NDIS_PACKET_TYPE_ALL_LOCAL 0x00000080
++#define NDIS_PACKET_TYPE_GROUP 0x00000100
++#define NDIS_PACKET_TYPE_ALL_FUNCTIONAL 0x00000200
++#define NDIS_PACKET_TYPE_FUNCTIONAL 0x00000400
++#define NDIS_PACKET_TYPE_MAC_FRAME 0x00000800
++
++#define NDIS_MEDIA_STATE_CONNECTED 0x00000000
++#define NDIS_MEDIA_STATE_DISCONNECTED 0x00000001
++
++#define NDIS_MAC_OPTION_COPY_LOOKAHEAD_DATA 0x00000001
++#define NDIS_MAC_OPTION_RECEIVE_SERIALIZED 0x00000002
++#define NDIS_MAC_OPTION_TRANSFERS_NOT_PEND 0x00000004
++#define NDIS_MAC_OPTION_NO_LOOPBACK 0x00000008
++#define NDIS_MAC_OPTION_FULL_DUPLEX 0x00000010
++#define NDIS_MAC_OPTION_EOTX_INDICATION 0x00000020
++#define NDIS_MAC_OPTION_8021P_PRIORITY 0x00000040
++#define NDIS_MAC_OPTION_RESERVED 0x80000000
++
++#endif /* _LINUX_NDIS_H */
+diff -urN 4242/hw/nseries.c qemu-omap/hw/nseries.c
+--- 4242/hw/nseries.c 2008-04-24 18:11:49.000000000 +0100
++++ qemu-omap/hw/nseries.c 2008-04-23 09:57:56.000000000 +0100
+@@ -602,6 +602,37 @@
+ (void *) &config7, sizeof(config7));
+ }
+
++#if 0
++static uint32_t n800_pinout[104] = {
++ 0x080f00d8, 0x00d40808, 0x03080808, 0x080800d0,
++ 0x00dc0808, 0x0b0f0f00, 0x080800b4, 0x00c00808,
++ 0x08080808, 0x180800c4, 0x00b80000, 0x08080808,
++ 0x080800bc, 0x00cc0808, 0x08081818, 0x18180128,
++ 0x01241800, 0x18181818, 0x000000f0, 0x01300000,
++ 0x00001b0b, 0x1b0f0138, 0x00e0181b, 0x1b031b0b,
++ 0x180f0078, 0x00740018, 0x0f0f0f1a, 0x00000080,
++ 0x007c0000, 0x00000000, 0x00000088, 0x00840000,
++ 0x00000000, 0x00000094, 0x00980300, 0x0f180003,
++ 0x0000008c, 0x00900f0f, 0x0f0f1b00, 0x0f00009c,
++ 0x01140000, 0x1b1b0f18, 0x0818013c, 0x01400008,
++ 0x00001818, 0x000b0110, 0x010c1800, 0x0b030b0f,
++ 0x181800f4, 0x00f81818, 0x00000018, 0x000000fc,
++ 0x00401808, 0x00000000, 0x0f1b0030, 0x003c0008,
++ 0x00000000, 0x00000038, 0x00340000, 0x00000000,
++ 0x1a080070, 0x00641a1a, 0x08080808, 0x08080060,
++ 0x005c0808, 0x08080808, 0x08080058, 0x00540808,
++ 0x08080808, 0x0808006c, 0x00680808, 0x08080808,
++ 0x000000a8, 0x00b00000, 0x08080808, 0x000000a0,
++ 0x00a40000, 0x00000000, 0x08ff0050, 0x004c0808,
++ 0xffffffff, 0xffff0048, 0x0044ffff, 0xffffffff,
++ 0x000000ac, 0x01040800, 0x08080b0f, 0x18180100,
++ 0x01081818, 0x0b0b1808, 0x1a0300e4, 0x012c0b1a,
++ 0x02020018, 0x0b000134, 0x011c0800, 0x0b1b1b00,
++ 0x0f0000c8, 0x00ec181b, 0x000f0f02, 0x00180118,
++ 0x01200000, 0x0f0b1b1b, 0x0f0200e8, 0x0000020b,
++};
++#endif
++
+ /* Setup sequence done by the bootloader */
+ static void n800_boot_init(void *opaque)
+ {
+@@ -942,3 +973,71 @@
+ "Nokia N800 aka. RX-34 tablet (OMAP2420)",
+ n800_init,
+ };
++
++#if 0
++/* cx3110x.c */
++#define CY_ARM_INT 0x00
++#define CY_ARM_INT_ENA 0x00
++#define CY_HOST_INT 0x00
++#define CY_HOST_INT_ENA 0x00
++#define CY_HOST_INT_ACK 0x00
++#define CY_GP1_COMM 0x00
++#define CY_GP2_COMM 0x00
++#define CY_DEV_CTRL_STA 0x00
++#define CY_DMA_DATA 0x00 /* 16-bit */
++#define CY_DMA_WR_CTRL 0x00 /* 16-bit */
++#define CY_DMA_WR_LEN 0x00 /* 16-bit */
++#define CY_DMA_WR_BASE 0x00
++#define CY_DMA_RD_CTRL 0x00 /* 16-bit */
++#define CY_DMA_RD_LEN 0x00 /* 16-bit */
++#define CY_DMA_RD_BASE 0x00
++
++HW:
++(spi bus 1.0)
++ tsc2005
++(spi bus 1.1)
++ lcd_mipid
++(spi bus 2.0)
++ cx3110x (WLAN)
++(spi somewhere?)
++ pc2400m (WiMAX)
++(i2c bus 0)
++ TLV320AIC33 (audio codec on i2c)
++ TCM825x (camera on i2c)
++ lp5521 (LED on i2c)
++ tsl2563 (light sensor, hwmon on i2c)
++ lm8323 (keypad on i2c)
++(i2c bus 1)
++ tmp105 (temperature sensor, hwmon on i2c)
++ menelaus (power on i2c)
++
++GPIO 0: out hi
++GPIO 8: in hi
++GPIO 9: out hi
++GPIO 10: out lo
++GPIO 12: out lo
++GPIO 15: out lo
++GPIO 23: out hi
++GPIO 26: in hi, irq-186 rising
++GPIO 53: out lo
++GPIO 58: in hi, irq-218 low wakeup
++GPIO 62: out lo
++GPIO 64: out hi
++GPIO 65: in hi
++GPIO 66: out lo
++GPIO 93: out lo
++GPIO 94: in hi
++GPIO 95: out lo
++GPIO 96: out hi
++GPIO 101: out lo
++GPIO 102: in hi, irq-262 bothedge
++GPIO 106: in hi, irq-266 falling wakeup
++GPIO 107: in hi, irq-267 bothedge
++GPIO 108: in lo, irq-268 rising wakeup
++GPIO 109: in hi, irq-269 falling wakeup
++GPIO 110: in hi, irq-270 bothedge
++GPIO 111: in lo, irq-271 rising
++GPIO 112: out hi
++GPIO 118: out hi
++GPIO 125: in lo, irq-285 rising
++#endif
+diff -urN 4242/hw/omap2.c qemu-omap/hw/omap2.c
+--- 4242/hw/omap2.c 2008-04-24 18:11:49.000000000 +0100
++++ qemu-omap/hw/omap2.c 2008-04-23 09:57:56.000000000 +0100
+@@ -3675,152 +3675,152 @@
+ omap_findclk(s, "dss_l4_iclk"));
+
+ /* All register mappings (includin those not currenlty implemented):
+- * SystemControlMod 48000000 - 48000fff
+- * SystemControlL4 48001000 - 48001fff
+- * 32kHz Timer Mod 48004000 - 48004fff
+- * 32kHz Timer L4 48005000 - 48005fff
+- * PRCM ModA 48008000 - 480087ff
++ * SystemControlMod 48000000 - 48000fff (REV 0x00000010)
++ * SystemControlL4 48001000 - 48001fff (0x00200010, 0x01000200, 0x00000000)
++ * 32kHz Timer Mod 48004000 - 48004fff (REV 0x00000011)
++ * 32kHz Timer L4 48005000 - 48005fff (0x00200010, 0x01000200, 0x00000000)
++ * PRCM ModA 48008000 - 480087ff (REV 0x00000010)
+ * PRCM ModB 48008800 - 48008fff
+- * PRCM L4 48009000 - 48009fff
+- * TEST-BCM Mod 48012000 - 48012fff
+- * TEST-BCM L4 48013000 - 48013fff
+- * TEST-TAP Mod 48014000 - 48014fff
+- * TEST-TAP L4 48015000 - 48015fff
+- * GPIO1 Mod 48018000 - 48018fff
+- * GPIO Top 48019000 - 48019fff
+- * GPIO2 Mod 4801a000 - 4801afff
+- * GPIO L4 4801b000 - 4801bfff
+- * GPIO3 Mod 4801c000 - 4801cfff
+- * GPIO4 Mod 4801e000 - 4801efff
+- * WDTIMER1 Mod 48020000 - 48010fff
++ * PRCM L4 48009000 - 48009fff (0x00200010, 0x00000200, 0x00000000)
++ * TEST-BCM Mod 48012000 - 48012fff (REV 0x00000010)
++ * TEST-BCM L4 48013000 - 48013fff (0x00200010, 0x00000200, 0x00000000)
++ * TEST-TAP Mod 48014000 - 48014fff (REV 0x00000010)
++ * TEST-TAP L4 48015000 - 48015fff (0x00200010, 0x00000200, 0x00000000)
++ * GPIO1 Mod 48018000 - 48018fff (REV 0x00000018)
++ * GPIO Top 48019000 - 48019fff (REV 0x00000011)
++ * GPIO2 Mod 4801a000 - 4801afff (REV 0x00000018)
++ * GPIO L4 4801b000 - 4801bfff (0x00200010, 0x00000200, 0x00000000)
++ * GPIO3 Mod 4801c000 - 4801cfff (REV 0x00000018)
++ * GPIO4 Mod 4801e000 - 4801efff (REV 0x00000018)
++ * WDTIMER1 Mod 48020000 - 48010fff (REV Abort)
+ * WDTIMER Top 48021000 - 48011fff
+- * WDTIMER2 Mod 48022000 - 48012fff
+- * WDTIMER L4 48023000 - 48013fff
+- * WDTIMER3 Mod 48024000 - 48014fff
+- * WDTIMER3 L4 48025000 - 48015fff
+- * WDTIMER4 Mod 48026000 - 48016fff
+- * WDTIMER4 L4 48027000 - 48017fff
+- * GPTIMER1 Mod 48028000 - 48018fff
+- * GPTIMER1 L4 48029000 - 48019fff
+- * GPTIMER2 Mod 4802a000 - 4801afff
+- * GPTIMER2 L4 4802b000 - 4801bfff
++ * WDTIMER2 Mod 48022000 - 48012fff (REV 0x00000011)
++ * WDTIMER L4 48023000 - 48013fff (0x00200010, 0x00000200, 0x00000000)
++ * WDTIMER3 Mod 48024000 - 48014fff (REV 0x00000011)
++ * WDTIMER3 L4 48025000 - 48015fff (0x00200010, 0x00000200, 0x00000000)
++ * WDTIMER4 Mod 48026000 - 48016fff (REV 0x00000011)
++ * WDTIMER4 L4 48027000 - 48017fff (0x00200010, 0x00000200, 0x00000000)
++ * GPTIMER1 Mod 48028000 - 48018fff (REV 0x00000013)
++ * GPTIMER1 L4 48029000 - 48019fff (0x00200010, 0x00000200, 0x00000000)
++ * GPTIMER2 Mod 4802a000 - 4801afff (REV Abort)
++ * GPTIMER2 L4 4802b000 - 4801bfff (0x00200010, 0x00000200, 0x00000000)
+ * L4-Config AP 48040000 - 480407ff
+ * L4-Config IP 48040800 - 48040fff
+ * L4-Config LA 48041000 - 48041fff
+- * ARM11ETB Mod 48048000 - 48049fff
+- * ARM11ETB L4 4804a000 - 4804afff
+- * DISPLAY Top 48050000 - 480503ff
+- * DISPLAY DISPC 48050400 - 480507ff
+- * DISPLAY RFBI 48050800 - 48050bff
+- * DISPLAY VENC 48050c00 - 48050fff
+- * DISPLAY L4 48051000 - 48051fff
+- * CAMERA Top 48052000 - 480523ff
+- * CAMERA core 48052400 - 480527ff
+- * CAMERA DMA 48052800 - 48052bff
+- * CAMERA MMU 48052c00 - 48052fff
+- * CAMERA L4 48053000 - 48053fff
+- * SDMA Mod 48056000 - 48056fff
+- * SDMA L4 48057000 - 48057fff
+- * SSI Top 48058000 - 48058fff
+- * SSI GDD 48059000 - 48059fff
+- * SSI Port1 4805a000 - 4805afff
+- * SSI Port2 4805b000 - 4805bfff
+- * SSI L4 4805c000 - 4805cfff
+- * USB Mod 4805e000 - 480fefff
+- * USB L4 4805f000 - 480fffff
+- * WIN_TRACER1 Mod 48060000 - 48060fff
+- * WIN_TRACER1 L4 48061000 - 48061fff
+- * WIN_TRACER2 Mod 48062000 - 48062fff
+- * WIN_TRACER2 L4 48063000 - 48063fff
+- * WIN_TRACER3 Mod 48064000 - 48064fff
+- * WIN_TRACER3 L4 48065000 - 48065fff
+- * WIN_TRACER4 Top 48066000 - 480660ff
+- * WIN_TRACER4 ETT 48066100 - 480661ff
+- * WIN_TRACER4 WT 48066200 - 480662ff
+- * WIN_TRACER4 L4 48067000 - 48067fff
+- * XTI Mod 48068000 - 48068fff
+- * XTI L4 48069000 - 48069fff
+- * UART1 Mod 4806a000 - 4806afff
+- * UART1 L4 4806b000 - 4806bfff
+- * UART2 Mod 4806c000 - 4806cfff
+- * UART2 L4 4806d000 - 4806dfff
+- * UART3 Mod 4806e000 - 4806efff
+- * UART3 L4 4806f000 - 4806ffff
+- * I2C1 Mod 48070000 - 48070fff
+- * I2C1 L4 48071000 - 48071fff
+- * I2C2 Mod 48072000 - 48072fff
+- * I2C2 L4 48073000 - 48073fff
+- * McBSP1 Mod 48074000 - 48074fff
+- * McBSP1 L4 48075000 - 48075fff
+- * McBSP2 Mod 48076000 - 48076fff
+- * McBSP2 L4 48077000 - 48077fff
+- * GPTIMER3 Mod 48078000 - 48078fff
+- * GPTIMER3 L4 48079000 - 48079fff
+- * GPTIMER4 Mod 4807a000 - 4807afff
+- * GPTIMER4 L4 4807b000 - 4807bfff
+- * GPTIMER5 Mod 4807c000 - 4807cfff
+- * GPTIMER5 L4 4807d000 - 4807dfff
+- * GPTIMER6 Mod 4807e000 - 4807efff
+- * GPTIMER6 L4 4807f000 - 4807ffff
+- * GPTIMER7 Mod 48080000 - 48080fff
+- * GPTIMER7 L4 48081000 - 48081fff
+- * GPTIMER8 Mod 48082000 - 48082fff
+- * GPTIMER8 L4 48083000 - 48083fff
+- * GPTIMER9 Mod 48084000 - 48084fff
+- * GPTIMER9 L4 48085000 - 48085fff
+- * GPTIMER10 Mod 48086000 - 48086fff
+- * GPTIMER10 L4 48087000 - 48087fff
+- * GPTIMER11 Mod 48088000 - 48088fff
+- * GPTIMER11 L4 48089000 - 48089fff
+- * GPTIMER12 Mod 4808a000 - 4808afff
+- * GPTIMER12 L4 4808b000 - 4808bfff
+- * EAC Mod 48090000 - 48090fff
+- * EAC L4 48091000 - 48091fff
+- * FAC Mod 48092000 - 48092fff
+- * FAC L4 48093000 - 48093fff
+- * MAILBOX Mod 48094000 - 48094fff
+- * MAILBOX L4 48095000 - 48095fff
+- * SPI1 Mod 48098000 - 48098fff
+- * SPI1 L4 48099000 - 48099fff
+- * SPI2 Mod 4809a000 - 4809afff
+- * SPI2 L4 4809b000 - 4809bfff
+- * MMC/SDIO Mod 4809c000 - 4809cfff
+- * MMC/SDIO L4 4809d000 - 4809dfff
+- * MS_PRO Mod 4809e000 - 4809efff
+- * MS_PRO L4 4809f000 - 4809ffff
+- * RNG Mod 480a0000 - 480a0fff
+- * RNG L4 480a1000 - 480a1fff
+- * DES3DES Mod 480a2000 - 480a2fff
+- * DES3DES L4 480a3000 - 480a3fff
+- * SHA1MD5 Mod 480a4000 - 480a4fff
+- * SHA1MD5 L4 480a5000 - 480a5fff
+- * AES Mod 480a6000 - 480a6fff
+- * AES L4 480a7000 - 480a7fff
+- * PKA Mod 480a8000 - 480a9fff
+- * PKA L4 480aa000 - 480aafff
+- * MG Mod 480b0000 - 480b0fff
+- * MG L4 480b1000 - 480b1fff
+- * HDQ/1-wire Mod 480b2000 - 480b2fff
+- * HDQ/1-wire L4 480b3000 - 480b3fff
+- * MPU interrupt 480fe000 - 480fefff
+- * IVA RAM 5c000000 - 5c01ffff
+- * IVA ROM 5c020000 - 5c027fff
+- * IMG_BUF_A 5c040000 - 5c040fff
+- * IMG_BUF_B 5c042000 - 5c042fff
+- * VLCDS 5c048000 - 5c0487ff
+- * IMX_COEF 5c049000 - 5c04afff
+- * IMX_CMD 5c051000 - 5c051fff
+- * VLCDQ 5c053000 - 5c0533ff
+- * VLCDH 5c054000 - 5c054fff
+- * SEQ_CMD 5c055000 - 5c055fff
+- * IMX_REG 5c056000 - 5c0560ff
+- * VLCD_REG 5c056100 - 5c0561ff
+- * SEQ_REG 5c056200 - 5c0562ff
+- * IMG_BUF_REG 5c056300 - 5c0563ff
+- * SEQIRQ_REG 5c056400 - 5c0564ff
+- * OCP_REG 5c060000 - 5c060fff
+- * SYSC_REG 5c070000 - 5c070fff
+- * MMU_REG 5d000000 - 5d000fff
++ * ARM11ETB Mod 48048000 - 48049fff (REV 0x00000011)
++ * ARM11ETB L4 4804a000 - 4804afff (0x00200010, 0x00000200, 0x00000000)
++ * DISPLAY Top 48050000 - 480503ff (REV 0x00000003)
++ * DISPLAY DISPC 48050400 - 480507ff (REV 0x00000020)
++ * DISPLAY RFBI 48050800 - 48050bff (REV 0x00000010)
++ * DISPLAY VENC 48050c00 - 48050fff (REV Abort)
++ * DISPLAY L4 48051000 - 48051fff (0x00200010, 0x00000200, 0x00000100)
++ * CAMERA Top 48052000 - 480523ff (REV 0x00000020)
++ * CAMERA core 48052400 - 480527ff (REV 0x00000020)
++ * CAMERA DMA 48052800 - 48052bff (REV 0x00000020)
++ * CAMERA MMU 48052c00 - 48052fff (REV 0x00000010)
++ * CAMERA L4 48053000 - 48053fff (0x00200010, 0x00000200, 0x00000000)
++ * SDMA Mod 48056000 - 48056fff (REV 0x00000020)
++ * SDMA L4 48057000 - 48057fff (0x00200010, 0x00000200, 0x00000000)
++ * SSI Top 48058000 - 48058fff (REV Abort)
++ * SSI GDD 48059000 - 48059fff (REV Abort)
++ * SSI Port1 4805a000 - 4805afff (REV Abort)
++ * SSI Port2 4805b000 - 4805bfff (REV Abort)
++ * SSI L4 4805c000 - 4805cfff (0x00200010, 0x00000200, 0x00000100)
++ * USB Mod 4805e000 - 480fefff (REV Abort)
++ * USB L4 4805f000 - 480fffff (0x00200010, 0x01000200, 0x00000100)
++ * WIN_TRACER1 Mod 48060000 - 48060fff (REV 0x00000020)
++ * WIN_TRACER1 L4 48061000 - 48061fff (0x00200010, 0x00000200, 0x00000000)
++ * WIN_TRACER2 Mod 48062000 - 48062fff (REV 0x00000020)
++ * WIN_TRACER2 L4 48063000 - 48063fff (0x00200010, 0x00000200, 0x00000000)
++ * WIN_TRACER3 Mod 48064000 - 48064fff (REV 0x00000020)
++ * WIN_TRACER3 L4 48065000 - 48065fff (0x00200010, 0x00000200, 0x00000000)
++ * WIN_TRACER4 Top 48066000 - 480660ff (REV 0x00000011)
++ * WIN_TRACER4 ETT 48066100 - 480661ff (REV 0x00000011)
++ * WIN_TRACER4 WT 48066200 - 480662ff (REV 0x00000020)
++ * WIN_TRACER4 L4 48067000 - 48067fff (0x00200010, 0x00000200, 0x00000000)
++ * XTI Mod 48068000 - 48068fff (REV 0x00000010)
++ * XTI L4 48069000 - 48069fff (0x00200010, 0x00000200, 0x00000000)
++ * UART1 Mod 4806a000 - 4806afff (MVR Abort)
++ * UART1 L4 4806b000 - 4806bfff (0x00200010, 0x00000200, 0x00000000)
++ * UART2 Mod 4806c000 - 4806cfff (MVR Abort)
++ * UART2 L4 4806d000 - 4806dfff (0x00200010, 0x00000200, 0x00000000)
++ * UART3 Mod 4806e000 - 4806efff (MVR 0x20)
++ * UART3 L4 4806f000 - 4806ffff (0x00200010, 0x00000200, 0x00000000)
++ * I2C1 Mod 48070000 - 48070fff (REV 0x0034)
++ * I2C1 L4 48071000 - 48071fff (0x00200010, 0x01000200, 0x01000000)
++ * I2C2 Mod 48072000 - 48072fff (REV 0x0034)
++ * I2C2 L4 48073000 - 48073fff (0x00200010, 0x01000200, 0x01000000)
++ * McBSP1 Mod 48074000 - 48074fff (REV Abort)
++ * McBSP1 L4 48075000 - 48075fff (0x00200010, 0x01000200, 0x01000000)
++ * McBSP2 Mod 48076000 - 48076fff (REV Abort)
++ * McBSP2 L4 48077000 - 48077fff (0x00200010, 0x01000200, 0x01000000)
++ * GPTIMER3 Mod 48078000 - 48078fff (REV Abort)
++ * GPTIMER3 L4 48079000 - 48079fff (0x00200010, 0x00000200, 0x00000000)
++ * GPTIMER4 Mod 4807a000 - 4807afff (REV Abort)
++ * GPTIMER4 L4 4807b000 - 4807bfff (0x00200010, 0x00000200, 0x00000000)
++ * GPTIMER5 Mod 4807c000 - 4807cfff (REV Abort)
++ * GPTIMER5 L4 4807d000 - 4807dfff (0x00200010, 0x00000200, 0x00000000)
++ * GPTIMER6 Mod 4807e000 - 4807efff (REV Abort)
++ * GPTIMER6 L4 4807f000 - 4807ffff (0x00200010, 0x00000200, 0x00000000)
++ * GPTIMER7 Mod 48080000 - 48080fff (REV Abort)
++ * GPTIMER7 L4 48081000 - 48081fff (0x00200010, 0x00000200, 0x00000000)
++ * GPTIMER8 Mod 48082000 - 48082fff (REV Abort)
++ * GPTIMER8 L4 48083000 - 48083fff (0x00200010, 0x00000200, 0x00000000)
++ * GPTIMER9 Mod 48084000 - 48084fff (REV Abort)
++ * GPTIMER9 L4 48085000 - 48085fff (0x00200010, 0x00000200, 0x00000000)
++ * GPTIMER10 Mod 48086000 - 48086fff (REV Abort)
++ * GPTIMER10 L4 48087000 - 48087fff (0x00200010, 0x00000200, 0x00000000)
++ * GPTIMER11 Mod 48088000 - 48088fff (REV Abort)
++ * GPTIMER11 L4 48089000 - 48089fff (0x00200010, 0x00000200, 0x00000000)
++ * GPTIMER12 Mod 4808a000 - 4808afff (REV Abort)
++ * GPTIMER12 L4 4808b000 - 4808bfff (0x00200010, 0x00000200, 0x00000000)
++ * EAC Mod 48090000 - 48090fff (REV Abort)
++ * EAC L4 48091000 - 48091fff (0x00200010, 0x00000200, 0x00000000)
++ * FAC Mod 48092000 - 48092fff (REV Abort)
++ * FAC L4 48093000 - 48093fff (0x00200010, 0x00000200, 0x00000000)
++ * MAILBOX Mod 48094000 - 48094fff (REV 0x00000010)
++ * MAILBOX L4 48095000 - 48095fff (0x00200010, 0x00000200, 0x00000000)
++ * SPI1 Mod 48098000 - 48098fff (REV Abort)
++ * SPI1 L4 48099000 - 48099fff (0x00200010, 0x00000200, 0x00000000)
++ * SPI2 Mod 4809a000 - 4809afff (REV Abort)
++ * SPI2 L4 4809b000 - 4809bfff (0x00200010, 0x00000200, 0x00000000)
++ * MMC/SDIO Mod 4809c000 - 4809cfff (REV 0x0044)
++ * MMC/SDIO L4 4809d000 - 4809dfff (0x00200010, 0x01000200, 0x01000000)
++ * MS_PRO Mod 4809e000 - 4809efff (REV Abort)
++ * MS_PRO L4 4809f000 - 4809ffff (0x00200010, 0x01000200, 0x01000000)
++ * RNG Mod 480a0000 - 480a0fff (REV 0xFC066F93?)
++ * RNG L4 480a1000 - 480a1fff (0x00200010, 0x01000200, 0x00000000)
++ * DES3DES Mod 480a2000 - 480a2fff (REV 0x00000000?)
++ * DES3DES L4 480a3000 - 480a3fff (0x00200010, 0x01000200, 0x00000000)
++ * SHA1MD5 Mod 480a4000 - 480a4fff (REV 0x00000000?)
++ * SHA1MD5 L4 480a5000 - 480a5fff (0x00200010, 0x01000200, 0x00000000)
++ * AES Mod 480a6000 - 480a6fff (REV 0x00000000?)
++ * AES L4 480a7000 - 480a7fff (0x00200010, 0x00000200, 0x00000000)
++ * PKA Mod 480a8000 - 480a9fff (REV 0x00000000?)
++ * PKA L4 480aa000 - 480aafff (0x00200010, 0x00000200, 0x00000000)
++ * MG Mod 480b0000 - 480b0fff (REV Abort)
++ * MG L4 480b1000 - 480b1fff (0x00200010, 0x01000200, 0x01000000)
++ * HDQ/1-wire Mod 480b2000 - 480b2fff (REV 0x00000002)
++ * HDQ/1-wire L4 480b3000 - 480b3fff (0x00200010, 0x00000200, 0x00000000)
++ * MPU interrupt 480fe000 - 480fefff (REV 0x00000020)
++ * IVA RAM 5c000000 - 5c01ffff (REV Abort)
++ * IVA ROM 5c020000 - 5c027fff (REV Abort)
++ * IMG_BUF_A 5c040000 - 5c040fff (REV Abort)
++ * IMG_BUF_B 5c042000 - 5c042fff (REV Abort)
++ * VLCDS 5c048000 - 5c0487ff (REV Abort)
++ * IMX_COEF 5c049000 - 5c04afff (REV Abort)
++ * IMX_CMD 5c051000 - 5c051fff (REV Abort)
++ * VLCDQ 5c053000 - 5c0533ff (REV Abort)
++ * VLCDH 5c054000 - 5c054fff (REV Abort)
++ * SEQ_CMD 5c055000 - 5c055fff (REV Abort)
++ * IMX_REG 5c056000 - 5c0560ff (REV Abort)
++ * VLCD_REG 5c056100 - 5c0561ff (REV Abort)
++ * SEQ_REG 5c056200 - 5c0562ff (REV Abort)
++ * IMG_BUF_REG 5c056300 - 5c0563ff (REV Abort)
++ * SEQIRQ_REG 5c056400 - 5c0564ff (REV Abort)
++ * OCP_REG 5c060000 - 5c060fff (REV Abort)
++ * SYSC_REG 5c070000 - 5c070fff (REV Abort)
++ * MMU_REG 5d000000 - 5d000fff (REV Abort)
+ * sDMA R 68000400 - 680005ff
+ * sDMA W 68000600 - 680007ff
+ * Display Control 68000800 - 680009ff
+@@ -3849,9 +3849,9 @@
+ * GPMC (firewall) 68006000 - 680063ff
+ * GPMC (err login) 68006400 - 680067ff
+ * SMS (err login) 68006c00 - 68006fff
+- * SMS registers 68008000 - 68008fff
+- * SDRC registers 68009000 - 68009fff
+- * GPMC registers 6800a000 6800afff
++ * SMS registers 68008000 - 68008fff (REV 0x00000020)
++ * SDRC registers 68009000 - 68009fff (REV 0x00000020)
++ * GPMC registers 6800a000 6800afff (REV 0x00000020)
+ */
+
+ qemu_register_reset(omap2_mpu_reset, s);
+diff -urN 4242/hw/pc.c qemu-omap/hw/pc.c
+--- 4242/hw/pc.c 2008-04-24 21:26:22.000000000 +0100
++++ qemu-omap/hw/pc.c 2008-04-23 09:57:56.000000000 +0100
+@@ -445,6 +445,37 @@
+ bdrv_set_boot_sector(drives_table[hda].bdrv, bootsect, sizeof(bootsect));
+ }
+
++static int load_kernel(const char *filename, uint8_t *addr,
++ uint8_t *real_addr)
++{
++ int fd, size;
++ int setup_sects;
++
++ fd = open(filename, O_RDONLY | O_BINARY);
++ if (fd < 0)
++ return -1;
++
++ /* load 16 bit code */
++ if (read(fd, real_addr, 512) != 512)
++ goto fail;
++ setup_sects = real_addr[0x1F1];
++ if (!setup_sects)
++ setup_sects = 4;
++ if (read(fd, real_addr + 512, setup_sects * 512) !=
++ setup_sects * 512)
++ goto fail;
++
++ /* load 32 bit code */
++ size = read(fd, addr, 16 * 1024 * 1024);
++ if (size < 0)
++ goto fail;
++ close(fd);
++ return size;
++ fail:
++ close(fd);
++ return -1;
++}
++
+ static long get_file_size(FILE *f)
+ {
+ long where, size;
+diff -urN 4242/hw/tusb6010.c qemu-omap/hw/tusb6010.c
+--- 4242/hw/tusb6010.c 2008-04-23 12:18:54.000000000 +0100
++++ qemu-omap/hw/tusb6010.c 2008-04-23 09:57:56.000000000 +0100
+@@ -287,9 +287,6 @@
+ /* TODO: How is this signalled? */
+ }
+
+-extern CPUReadMemoryFunc *musb_read[];
+-extern CPUWriteMemoryFunc *musb_write[];
+-
+ static uint32_t tusb_async_readb(void *opaque, target_phys_addr_t addr)
+ {
+ struct tusb_s *s = (struct tusb_s *) opaque;
+diff -urN 4242/hw/usb.h qemu-omap/hw/usb.h
+--- 4242/hw/usb.h 2008-04-23 12:18:54.000000000 +0100
++++ qemu-omap/hw/usb.h 2008-04-23 09:57:56.000000000 +0100
+@@ -219,6 +219,9 @@
+ /* usb-msd.c */
+ USBDevice *usb_msd_init(const char *filename);
+
++/* usb-net.c */
++USBDevice *usb_net_init(NICInfo *nd);
++
+ /* usb-wacom.c */
+ USBDevice *usb_wacom_init(void);
+
+@@ -254,3 +257,7 @@
+ uint32_t musb_core_intr_get(struct musb_s *s);
+ void musb_core_intr_clear(struct musb_s *s, uint32_t mask);
+ void musb_set_size(struct musb_s *s, int epnum, int size, int is_tx);
++#ifdef NEED_CPU_H
++extern CPUReadMemoryFunc *musb_read[];
++extern CPUWriteMemoryFunc *musb_write[];
++#endif
+diff -urN 4242/hw/usb-hub.c qemu-omap/hw/usb-hub.c
+--- 4242/hw/usb-hub.c 2008-04-23 11:43:37.000000000 +0100
++++ qemu-omap/hw/usb-hub.c 2008-04-23 09:57:56.000000000 +0100
+@@ -146,8 +146,8 @@
+ 0x07, /* u8 ep_bLength; */
+ 0x05, /* u8 ep_bDescriptorType; Endpoint */
+ 0x81, /* u8 ep_bEndpointAddress; IN Endpoint 1 */
+- 0x03, /* u8 ep_bmAttributes; Interrupt */
+- 0x02, 0x00, /* u16 ep_wMaxPacketSize; 1 + (MAX_ROOT_PORTS / 8) */
++ 0x03, /* u8 ep_bmAttributes; Interrupt */
++ 0x02, 0x00, /* u16 ep_wMaxPacketSize; 1 + (MAX_ROOT_PORTS / 8) */
+ 0xff /* u8 ep_bInterval; (255ms -- usb 2.0 spec) */
+ };
+
+diff -urN 4242/hw/usb-net.c qemu-omap/hw/usb-net.c
+--- 4242/hw/usb-net.c 1970-01-01 01:00:00.000000000 +0100
++++ qemu-omap/hw/usb-net.c 2008-04-23 09:57:56.000000000 +0100
+@@ -0,0 +1,1334 @@
++/*
++ * QEMU USB Net devices
++ *
++ * Copyright (c) 2006 Thomas Sailer
++ * based on usb-hid.c Copyright (c) 2005 Fabrice Bellard
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a copy
++ * of this software and associated documentation files (the "Software"), to deal
++ * in the Software without restriction, including without limitation the rights
++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
++ * copies of the Software, and to permit persons to whom the Software is
++ * furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice shall be included in
++ * all copies or substantial portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
++ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
++ * THE SOFTWARE.
++ */
++
++#include "qemu-common.h"
++#include "usb.h"
++#include "net.h"
++#include "../audio/sys-queue.h"
++
++typedef uint32_t __le32;
++#include "ndis.h"
++
++/*#define TRAFFIC_DEBUG*/
++/* Thanks to NetChip Technologies for donating this product ID.
++ * It's for devices with only CDC Ethernet configurations.
++ */
++#define CDC_VENDOR_NUM 0x0525 /* NetChip */
++#define CDC_PRODUCT_NUM 0xa4a1 /* Linux-USB Ethernet Gadget */
++/* For hardware that can talk RNDIS and either of the above protocols,
++ * use this ID ... the windows INF files will know it.
++ */
++#define RNDIS_VENDOR_NUM 0x0525 /* NetChip */
++#define RNDIS_PRODUCT_NUM 0xa4a2 /* Ethernet/RNDIS Gadget */
++
++#define STRING_MANUFACTURER 1
++#define STRING_PRODUCT 2
++#define STRING_ETHADDR 3
++#define STRING_DATA 4
++#define STRING_CONTROL 5
++#define STRING_RNDIS_CONTROL 6
++#define STRING_CDC 7
++#define STRING_SUBSET 8
++#define STRING_RNDIS 9
++#define STRING_SERIALNUMBER 10
++
++#define DEV_CONFIG_VALUE 1 /* cdc or subset */
++#define DEV_RNDIS_CONFIG_VALUE 2 /* rndis; optional */
++
++#define USB_CDC_SUBCLASS_ACM 0x02
++#define USB_CDC_SUBCLASS_ETHERNET 0x06
++
++#define USB_CDC_PROTO_NONE 0
++#define USB_CDC_ACM_PROTO_VENDOR 0xff
++
++#define USB_CDC_HEADER_TYPE 0x00 /* header_desc */
++#define USB_CDC_CALL_MANAGEMENT_TYPE 0x01 /* call_mgmt_descriptor */
++#define USB_CDC_ACM_TYPE 0x02 /* acm_descriptor */
++#define USB_CDC_UNION_TYPE 0x06 /* union_desc */
++#define USB_CDC_ETHERNET_TYPE 0x0f /* ether_desc */
++
++#define USB_DT_CS_INTERFACE 0x24
++#define USB_DT_CS_ENDPOINT 0x25
++
++#define ClassInterfaceRequest \
++ ((USB_DIR_IN|USB_TYPE_CLASS|USB_RECIP_INTERFACE)<<8)
++#define ClassInterfaceOutRequest \
++ ((USB_DIR_OUT|USB_TYPE_CLASS|USB_RECIP_INTERFACE)<<8)
++
++#define USB_CDC_SEND_ENCAPSULATED_COMMAND 0x00
++#define USB_CDC_GET_ENCAPSULATED_RESPONSE 0x01
++#define USB_CDC_REQ_SET_LINE_CODING 0x20
++#define USB_CDC_REQ_GET_LINE_CODING 0x21
++#define USB_CDC_REQ_SET_CONTROL_LINE_STATE 0x22
++#define USB_CDC_REQ_SEND_BREAK 0x23
++#define USB_CDC_SET_ETHERNET_MULTICAST_FILTERS 0x40
++#define USB_CDC_SET_ETHERNET_PM_PATTERN_FILTER 0x41
++#define USB_CDC_GET_ETHERNET_PM_PATTERN_FILTER 0x42
++#define USB_CDC_SET_ETHERNET_PACKET_FILTER 0x43
++#define USB_CDC_GET_ETHERNET_STATISTIC 0x44
++
++#define USB_ENDPOINT_XFER_BULK 2
++#define USB_ENDPOINT_XFER_INT 3
++
++#define LOG2_STATUS_INTERVAL_MSEC 5 /* 1 << 5 == 32 msec */
++#define STATUS_BYTECOUNT 16 /* 8 byte header + data */
++
++#define ETH_FRAME_LEN 1514 /* Max. octets in frame sans FCS */
++
++/*
++ * mostly the same descriptor as the linux gadget rndis driver
++ */
++static const uint8_t qemu_net_dev_descriptor[] = {
++ 0x12, /* u8 bLength; */
++ USB_DT_DEVICE, /* u8 bDescriptorType; Device */
++ 0x00, 0x02, /* u16 bcdUSB; v2.0 */
++ USB_CLASS_COMM, /* u8 bDeviceClass; */
++ 0x00, /* u8 bDeviceSubClass; */
++ 0x00, /* u8 bDeviceProtocol; [ low/full speeds only ] */
++ 0x40, /* u8 bMaxPacketSize0 */
++ RNDIS_VENDOR_NUM & 0xff, RNDIS_VENDOR_NUM >> 8, /* u16 idVendor; */
++ RNDIS_PRODUCT_NUM & 0xff, RNDIS_PRODUCT_NUM >> 8, /* u16 idProduct; */
++ 0x00, 0x00, /* u16 bcdDevice */
++ STRING_MANUFACTURER, /* u8 iManufacturer; */
++ STRING_PRODUCT, /* u8 iProduct; */
++ STRING_SERIALNUMBER, /* u8 iSerialNumber; */
++ 0x02 /* u8 bNumConfigurations; */
++};
++
++static const uint8_t qemu_net_rndis_config_descriptor[] = {
++ /* Configuration Descriptor */
++ 0x09, /* u8 bLength */
++ USB_DT_CONFIG, /* u8 bDescriptorType */
++ 0x43, 0x00, /* le16 wTotalLength */
++ 0x02, /* u8 bNumInterfaces */
++ DEV_RNDIS_CONFIG_VALUE, /* u8 bConfigurationValue */
++ STRING_RNDIS, /* u8 iConfiguration */
++ 0xc0, /* u8 bmAttributes */
++ 0x32, /* u8 bMaxPower */
++ /* RNDIS Control Interface */
++ 0x09, /* u8 bLength */
++ USB_DT_INTERFACE, /* u8 bDescriptorType */
++ 0x00, /* u8 bInterfaceNumber */
++ 0x00, /* u8 bAlternateSetting */
++ 0x01, /* u8 bNumEndpoints */
++ USB_CLASS_COMM, /* u8 bInterfaceClass */
++ USB_CDC_SUBCLASS_ACM, /* u8 bInterfaceSubClass */
++ USB_CDC_ACM_PROTO_VENDOR, /* u8 bInterfaceProtocol */
++ STRING_RNDIS_CONTROL, /* u8 iInterface */
++ /* Header Descriptor */
++ 0x05, /* u8 bLength */
++ USB_DT_CS_INTERFACE, /* u8 bDescriptorType */
++ USB_CDC_HEADER_TYPE, /* u8 bDescriptorSubType */
++ 0x10, 0x01, /* le16 bcdCDC */
++ /* Call Management Descriptor */
++ 0x05, /* u8 bLength */
++ USB_DT_CS_INTERFACE, /* u8 bDescriptorType */
++ USB_CDC_CALL_MANAGEMENT_TYPE, /* u8 bDescriptorSubType */
++ 0x00, /* u8 bmCapabilities */
++ 0x01, /* u8 bDataInterface */
++ /* ACM Descriptor */
++ 0x04, /* u8 bLength */
++ USB_DT_CS_INTERFACE, /* u8 bDescriptorType */
++ USB_CDC_ACM_TYPE, /* u8 bDescriptorSubType */
++ 0x00, /* u8 bmCapabilities */
++ /* Union Descriptor */
++ 0x05, /* u8 bLength */
++ USB_DT_CS_INTERFACE, /* u8 bDescriptorType */
++ USB_CDC_UNION_TYPE, /* u8 bDescriptorSubType */
++ 0x00, /* u8 bMasterInterface0 */
++ 0x01, /* u8 bSlaveInterface0 */
++ /* Status Descriptor */
++ 0x07, /* u8 bLength */
++ USB_DT_ENDPOINT, /* u8 bDescriptorType */
++ USB_DIR_IN | 1, /* u8 bEndpointAddress */
++ USB_ENDPOINT_XFER_INT, /* u8 bmAttributes */
++ STATUS_BYTECOUNT & 0xff, STATUS_BYTECOUNT >> 8, /* le16 wMaxPacketSize */
++ 1 << LOG2_STATUS_INTERVAL_MSEC, /* u8 bInterval */
++ /* RNDIS Data Interface */
++ 0x09, /* u8 bLength */
++ USB_DT_INTERFACE, /* u8 bDescriptorType */
++ 0x01, /* u8 bInterfaceNumber */
++ 0x00, /* u8 bAlternateSetting */
++ 0x02, /* u8 bNumEndpoints */
++ USB_CLASS_CDC_DATA, /* u8 bInterfaceClass */
++ 0x00, /* u8 bInterfaceSubClass */
++ 0x00, /* u8 bInterfaceProtocol */
++ STRING_DATA, /* u8 iInterface */
++ /* Source Endpoint */
++ 0x07, /* u8 bLength */
++ USB_DT_ENDPOINT, /* u8 bDescriptorType */
++ USB_DIR_IN | 2, /* u8 bEndpointAddress */
++ USB_ENDPOINT_XFER_BULK, /* u8 bmAttributes */
++ 0x40, 0x00, /* le16 wMaxPacketSize */
++ 0x00, /* u8 bInterval */
++ /* Sink Endpoint */
++ 0x07, /* u8 bLength */
++ USB_DT_ENDPOINT, /* u8 bDescriptorType */
++ USB_DIR_OUT | 2, /* u8 bEndpointAddress */
++ USB_ENDPOINT_XFER_BULK, /* u8 bmAttributes */
++ 0x40, 0x00, /* le16 wMaxPacketSize */
++ 0x00 /* u8 bInterval */
++};
++
++static const uint8_t qemu_net_cdc_config_descriptor[] = {
++ /* Configuration Descriptor */
++ 0x09, /* u8 bLength */
++ USB_DT_CONFIG, /* u8 bDescriptorType */
++ 0x50, 0x00, /* le16 wTotalLength */
++ 0x02, /* u8 bNumInterfaces */
++ DEV_CONFIG_VALUE, /* u8 bConfigurationValue */
++ STRING_CDC, /* u8 iConfiguration */
++ 0xc0, /* u8 bmAttributes */
++ 0x32, /* u8 bMaxPower */
++ /* CDC Control Interface */
++ 0x09, /* u8 bLength */
++ USB_DT_INTERFACE, /* u8 bDescriptorType */
++ 0x00, /* u8 bInterfaceNumber */
++ 0x00, /* u8 bAlternateSetting */
++ 0x01, /* u8 bNumEndpoints */
++ USB_CLASS_COMM, /* u8 bInterfaceClass */
++ USB_CDC_SUBCLASS_ETHERNET, /* u8 bInterfaceSubClass */
++ USB_CDC_PROTO_NONE, /* u8 bInterfaceProtocol */
++ STRING_CONTROL, /* u8 iInterface */
++ /* Header Descriptor */
++ 0x05, /* u8 bLength */
++ USB_DT_CS_INTERFACE, /* u8 bDescriptorType */
++ USB_CDC_HEADER_TYPE, /* u8 bDescriptorSubType */
++ 0x10, 0x01, /* le16 bcdCDC */
++ /* Union Descriptor */
++ 0x05, /* u8 bLength */
++ USB_DT_CS_INTERFACE, /* u8 bDescriptorType */
++ USB_CDC_UNION_TYPE, /* u8 bDescriptorSubType */
++ 0x00, /* u8 bMasterInterface0 */
++ 0x01, /* u8 bSlaveInterface0 */
++ /* Ethernet Descriptor */
++ 0x0d, /* u8 bLength */
++ USB_DT_CS_INTERFACE, /* u8 bDescriptorType */
++ USB_CDC_ETHERNET_TYPE, /* u8 bDescriptorSubType */
++ STRING_ETHADDR, /* u8 iMACAddress */
++ 0x00, 0x00, 0x00, 0x00, /* le32 bmEthernetStatistics */
++ ETH_FRAME_LEN & 0xff, ETH_FRAME_LEN >> 8, /* le16 wMaxSegmentSize */
++ 0x00, 0x00, /* le16 wNumberMCFilters */
++ 0x00, /* u8 bNumberPowerFilters */
++ /* Status Descriptor */
++ 0x07, /* u8 bLength */
++ USB_DT_ENDPOINT, /* u8 bDescriptorType */
++ USB_DIR_IN | 1, /* u8 bEndpointAddress */
++ USB_ENDPOINT_XFER_INT, /* u8 bmAttributes */
++ STATUS_BYTECOUNT & 0xff, STATUS_BYTECOUNT >> 8, /* le16 wMaxPacketSize */
++ 1 << LOG2_STATUS_INTERVAL_MSEC, /* u8 bInterval */
++ /* CDC Data (nop) Interface */
++ 0x09, /* u8 bLength */
++ USB_DT_INTERFACE, /* u8 bDescriptorType */
++ 0x01, /* u8 bInterfaceNumber */
++ 0x00, /* u8 bAlternateSetting */
++ 0x00, /* u8 bNumEndpoints */
++ USB_CLASS_CDC_DATA, /* u8 bInterfaceClass */
++ 0x00, /* u8 bInterfaceSubClass */
++ 0x00, /* u8 bInterfaceProtocol */
++ 0x00, /* u8 iInterface */
++ /* CDC Data Interface */
++ 0x09, /* u8 bLength */
++ USB_DT_INTERFACE, /* u8 bDescriptorType */
++ 0x01, /* u8 bInterfaceNumber */
++ 0x01, /* u8 bAlternateSetting */
++ 0x02, /* u8 bNumEndpoints */
++ USB_CLASS_CDC_DATA, /* u8 bInterfaceClass */
++ 0x00, /* u8 bInterfaceSubClass */
++ 0x00, /* u8 bInterfaceProtocol */
++ STRING_DATA, /* u8 iInterface */
++ /* Source Endpoint */
++ 0x07, /* u8 bLength */
++ USB_DT_ENDPOINT, /* u8 bDescriptorType */
++ USB_DIR_IN | 2, /* u8 bEndpointAddress */
++ USB_ENDPOINT_XFER_BULK, /* u8 bmAttributes */
++ 0x40, 0x00, /* le16 wMaxPacketSize */
++ 0x00, /* u8 bInterval */
++ /* Sink Endpoint */
++ 0x07, /* u8 bLength */
++ USB_DT_ENDPOINT, /* u8 bDescriptorType */
++ USB_DIR_OUT | 2, /* u8 bEndpointAddress */
++ USB_ENDPOINT_XFER_BULK, /* u8 bmAttributes */
++ 0x40, 0x00, /* le16 wMaxPacketSize */
++ 0x00 /* u8 bInterval */
++};
++
++/*
++ * RNDIS Status
++ */
++
++#define RNDIS_MAXIMUM_FRAME_SIZE 1518
++#define RNDIS_MAX_TOTAL_SIZE 1558
++
++/* Remote NDIS Versions */
++#define RNDIS_MAJOR_VERSION 1
++#define RNDIS_MINOR_VERSION 0
++
++/* Status Values */
++#define RNDIS_STATUS_SUCCESS 0x00000000U /* Success */
++#define RNDIS_STATUS_FAILURE 0xC0000001U /* Unspecified error */
++#define RNDIS_STATUS_INVALID_DATA 0xC0010015U /* Invalid data */
++#define RNDIS_STATUS_NOT_SUPPORTED 0xC00000BBU /* Unsupported request */
++#define RNDIS_STATUS_MEDIA_CONNECT 0x4001000BU /* Device connected */
++#define RNDIS_STATUS_MEDIA_DISCONNECT 0x4001000CU /* Device disconnected */
++
++/* Message Set for Connectionless (802.3) Devices */
++#define REMOTE_NDIS_PACKET_MSG 0x00000001U
++#define REMOTE_NDIS_INITIALIZE_MSG 0x00000002U /* Initialize device */
++#define REMOTE_NDIS_HALT_MSG 0x00000003U
++#define REMOTE_NDIS_QUERY_MSG 0x00000004U
++#define REMOTE_NDIS_SET_MSG 0x00000005U
++#define REMOTE_NDIS_RESET_MSG 0x00000006U
++#define REMOTE_NDIS_INDICATE_STATUS_MSG 0x00000007U
++#define REMOTE_NDIS_KEEPALIVE_MSG 0x00000008U
++
++/* Message completion */
++#define REMOTE_NDIS_INITIALIZE_CMPLT 0x80000002U
++#define REMOTE_NDIS_QUERY_CMPLT 0x80000004U
++#define REMOTE_NDIS_SET_CMPLT 0x80000005U
++#define REMOTE_NDIS_RESET_CMPLT 0x80000006U
++#define REMOTE_NDIS_KEEPALIVE_CMPLT 0x80000008U
++
++/* Device Flags */
++#define RNDIS_DF_CONNECTIONLESS 0x00000001U
++#define RNDIS_DF_CONNECTION_ORIENTED 0x00000002U
++
++#define RNDIS_MEDIUM_802_3 0x00000000U
++
++/* from drivers/net/sk98lin/h/skgepnmi.h */
++#define OID_PNP_CAPABILITIES 0xFD010100
++#define OID_PNP_SET_POWER 0xFD010101
++#define OID_PNP_QUERY_POWER 0xFD010102
++#define OID_PNP_ADD_WAKE_UP_PATTERN 0xFD010103
++#define OID_PNP_REMOVE_WAKE_UP_PATTERN 0xFD010104
++#define OID_PNP_ENABLE_WAKE_UP 0xFD010106
++
++typedef struct rndis_init_msg_type
++{
++ __le32 MessageType;
++ __le32 MessageLength;
++ __le32 RequestID;
++ __le32 MajorVersion;
++ __le32 MinorVersion;
++ __le32 MaxTransferSize;
++} rndis_init_msg_type;
++
++typedef struct rndis_init_cmplt_type
++{
++ __le32 MessageType;
++ __le32 MessageLength;
++ __le32 RequestID;
++ __le32 Status;
++ __le32 MajorVersion;
++ __le32 MinorVersion;
++ __le32 DeviceFlags;
++ __le32 Medium;
++ __le32 MaxPacketsPerTransfer;
++ __le32 MaxTransferSize;
++ __le32 PacketAlignmentFactor;
++ __le32 AFListOffset;
++ __le32 AFListSize;
++} rndis_init_cmplt_type;
++
++typedef struct rndis_halt_msg_type
++{
++ __le32 MessageType;
++ __le32 MessageLength;
++ __le32 RequestID;
++} rndis_halt_msg_type;
++
++typedef struct rndis_query_msg_type
++{
++ __le32 MessageType;
++ __le32 MessageLength;
++ __le32 RequestID;
++ __le32 OID;
++ __le32 InformationBufferLength;
++ __le32 InformationBufferOffset;
++ __le32 DeviceVcHandle;
++} rndis_query_msg_type;
++
++typedef struct rndis_query_cmplt_type
++{
++ __le32 MessageType;
++ __le32 MessageLength;
++ __le32 RequestID;
++ __le32 Status;
++ __le32 InformationBufferLength;
++ __le32 InformationBufferOffset;
++} rndis_query_cmplt_type;
++
++typedef struct rndis_set_msg_type
++{
++ __le32 MessageType;
++ __le32 MessageLength;
++ __le32 RequestID;
++ __le32 OID;
++ __le32 InformationBufferLength;
++ __le32 InformationBufferOffset;
++ __le32 DeviceVcHandle;
++} rndis_set_msg_type;
++
++typedef struct rndis_set_cmplt_type
++{
++ __le32 MessageType;
++ __le32 MessageLength;
++ __le32 RequestID;
++ __le32 Status;
++} rndis_set_cmplt_type;
++
++typedef struct rndis_reset_msg_type
++{
++ __le32 MessageType;
++ __le32 MessageLength;
++ __le32 Reserved;
++} rndis_reset_msg_type;
++
++typedef struct rndis_reset_cmplt_type
++{
++ __le32 MessageType;
++ __le32 MessageLength;
++ __le32 Status;
++ __le32 AddressingReset;
++} rndis_reset_cmplt_type;
++
++typedef struct rndis_indicate_status_msg_type
++{
++ __le32 MessageType;
++ __le32 MessageLength;
++ __le32 Status;
++ __le32 StatusBufferLength;
++ __le32 StatusBufferOffset;
++} rndis_indicate_status_msg_type;
++
++typedef struct rndis_keepalive_msg_type
++{
++ __le32 MessageType;
++ __le32 MessageLength;
++ __le32 RequestID;
++} rndis_keepalive_msg_type;
++
++typedef struct rndis_keepalive_cmplt_type
++{
++ __le32 MessageType;
++ __le32 MessageLength;
++ __le32 RequestID;
++ __le32 Status;
++} rndis_keepalive_cmplt_type;
++
++struct rndis_packet_msg_type
++{
++ __le32 MessageType;
++ __le32 MessageLength;
++ __le32 DataOffset;
++ __le32 DataLength;
++ __le32 OOBDataOffset;
++ __le32 OOBDataLength;
++ __le32 NumOOBDataElements;
++ __le32 PerPacketInfoOffset;
++ __le32 PerPacketInfoLength;
++ __le32 VcHandle;
++ __le32 Reserved;
++};
++
++struct rndis_config_parameter
++{
++ __le32 ParameterNameOffset;
++ __le32 ParameterNameLength;
++ __le32 ParameterType;
++ __le32 ParameterValueOffset;
++ __le32 ParameterValueLength;
++};
++
++/* implementation specific */
++enum rndis_state
++{
++ RNDIS_UNINITIALIZED,
++ RNDIS_INITIALIZED,
++ RNDIS_DATA_INITIALIZED,
++};
++
++static const uint32_t oid_supported_list[] =
++{
++ /* the general stuff */
++ OID_GEN_SUPPORTED_LIST,
++ OID_GEN_HARDWARE_STATUS,
++ OID_GEN_MEDIA_SUPPORTED,
++ OID_GEN_MEDIA_IN_USE,
++ OID_GEN_MAXIMUM_FRAME_SIZE,
++ OID_GEN_LINK_SPEED,
++ OID_GEN_TRANSMIT_BLOCK_SIZE,
++ OID_GEN_RECEIVE_BLOCK_SIZE,
++ OID_GEN_VENDOR_ID,
++ OID_GEN_VENDOR_DESCRIPTION,
++ OID_GEN_VENDOR_DRIVER_VERSION,
++ OID_GEN_CURRENT_PACKET_FILTER,
++ OID_GEN_MAXIMUM_TOTAL_SIZE,
++ OID_GEN_MEDIA_CONNECT_STATUS,
++ OID_GEN_PHYSICAL_MEDIUM,
++ /* the statistical stuff */
++ OID_GEN_XMIT_OK,
++ OID_GEN_RCV_OK,
++ OID_GEN_XMIT_ERROR,
++ OID_GEN_RCV_ERROR,
++ OID_GEN_RCV_NO_BUFFER,
++ /* mandatory 802.3 */
++ /* the general stuff */
++ OID_802_3_PERMANENT_ADDRESS,
++ OID_802_3_CURRENT_ADDRESS,
++ OID_802_3_MULTICAST_LIST,
++ OID_802_3_MAC_OPTIONS,
++ OID_802_3_MAXIMUM_LIST_SIZE,
++
++ /* the statistical stuff */
++ OID_802_3_RCV_ERROR_ALIGNMENT,
++ OID_802_3_XMIT_ONE_COLLISION,
++ OID_802_3_XMIT_MORE_COLLISIONS
++};
++
++struct rndis_response {
++ TAILQ_ENTRY(rndis_response) entries;
++ uint32_t length;
++ uint8_t buf[0];
++};
++
++
++typedef struct USBNetState {
++ USBDevice dev;
++
++ unsigned int rndis;
++ enum rndis_state rndis_state;
++ uint32_t medium;
++ uint32_t speed;
++ uint32_t media_state;
++ uint16_t filter;
++ uint32_t vendorid;
++ uint8_t mac[6];
++
++ unsigned int out_ptr;
++ uint8_t out_buf[2048];
++
++ USBPacket *inpkt;
++ unsigned int in_ptr, in_len;
++ uint8_t in_buf[2048];
++
++ VLANClientState *vc;
++ TAILQ_HEAD(rndis_resp_head, rndis_response) rndis_resp;
++} USBNetState;
++
++
++static int ndis_query(USBNetState *s, uint32_t oid, uint8_t *inbuf, unsigned int inlen, uint8_t *outbuf)
++{
++ switch (oid) {
++ /* general oids (table 4-1) */
++ /* mandatory */
++ case OID_GEN_SUPPORTED_LIST:
++ {
++ unsigned int i, count = sizeof(oid_supported_list) / sizeof(uint32_t);
++ for (i = 0; i < count; i++)
++ ((__le32 *)outbuf)[i] = cpu_to_le32(oid_supported_list[i]);
++ return sizeof(oid_supported_list);
++ }
++
++ /* mandatory */
++ case OID_GEN_HARDWARE_STATUS:
++ *((__le32 *)outbuf) = cpu_to_le32(0);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_MEDIA_SUPPORTED:
++ *((__le32 *)outbuf) = cpu_to_le32(s->medium);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_MEDIA_IN_USE:
++ *((__le32 *)outbuf) = cpu_to_le32(s->medium);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_MAXIMUM_FRAME_SIZE:
++ *((__le32 *)outbuf) = cpu_to_le32(ETH_FRAME_LEN);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_LINK_SPEED:
++ *((__le32 *)outbuf) = cpu_to_le32(s->speed);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_TRANSMIT_BLOCK_SIZE:
++ *((__le32 *)outbuf) = cpu_to_le32(ETH_FRAME_LEN);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_RECEIVE_BLOCK_SIZE:
++ *((__le32 *)outbuf) = cpu_to_le32(ETH_FRAME_LEN);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_VENDOR_ID:
++ *((__le32 *)outbuf) = cpu_to_le32(0x1234);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_VENDOR_DESCRIPTION:
++ strcpy(outbuf, "QEMU USB RNDIS Net");
++ return strlen(outbuf) + 1;
++
++ case OID_GEN_VENDOR_DRIVER_VERSION:
++ *((__le32 *)outbuf) = cpu_to_le32(1);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_CURRENT_PACKET_FILTER:
++ *((__le32 *)outbuf) = cpu_to_le32(s->filter);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_MAXIMUM_TOTAL_SIZE:
++ *((__le32 *)outbuf) = cpu_to_le32(RNDIS_MAX_TOTAL_SIZE);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_MEDIA_CONNECT_STATUS:
++ *((__le32 *)outbuf) = cpu_to_le32(s->media_state);
++ return sizeof(__le32);
++
++ case OID_GEN_PHYSICAL_MEDIUM:
++ *((__le32 *)outbuf) = cpu_to_le32(0);
++ return sizeof(__le32);
++
++ case OID_GEN_MAC_OPTIONS:
++ *((__le32 *)outbuf) = cpu_to_le32(NDIS_MAC_OPTION_RECEIVE_SERIALIZED | NDIS_MAC_OPTION_FULL_DUPLEX);
++ return sizeof(__le32);
++
++ /* statistics OIDs (table 4-2) */
++ /* mandatory */
++ case OID_GEN_XMIT_OK:
++ *((__le32 *)outbuf) = cpu_to_le32(0);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_RCV_OK:
++ *((__le32 *)outbuf) = cpu_to_le32(0);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_XMIT_ERROR:
++ *((__le32 *)outbuf) = cpu_to_le32(0);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_RCV_ERROR:
++ *((__le32 *)outbuf) = cpu_to_le32(0);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_GEN_RCV_NO_BUFFER:
++ *((__le32 *)outbuf) = cpu_to_le32(0);
++ return sizeof(__le32);
++
++ /* ieee802.3 OIDs (table 4-3) */
++ /* mandatory */
++ case OID_802_3_PERMANENT_ADDRESS:
++ memcpy(outbuf, s->mac, 6);
++ return 6;
++
++ /* mandatory */
++ case OID_802_3_CURRENT_ADDRESS:
++ memcpy(outbuf, s->mac, 6);
++ return 6;
++
++ /* mandatory */
++ case OID_802_3_MULTICAST_LIST:
++ *((__le32 *)outbuf) = cpu_to_le32(0xE0000000);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_802_3_MAXIMUM_LIST_SIZE:
++ *((__le32 *)outbuf) = cpu_to_le32(1);
++ return sizeof(__le32);
++
++ case OID_802_3_MAC_OPTIONS:
++ return 0;
++
++ /* ieee802.3 statistics OIDs (table 4-4) */
++ /* mandatory */
++ case OID_802_3_RCV_ERROR_ALIGNMENT:
++ *((__le32 *)outbuf) = cpu_to_le32(0);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_802_3_XMIT_ONE_COLLISION:
++ *((__le32 *)outbuf) = cpu_to_le32(0);
++ return sizeof(__le32);
++
++ /* mandatory */
++ case OID_802_3_XMIT_MORE_COLLISIONS:
++ *((__le32 *)outbuf) = cpu_to_le32(0);
++ return sizeof(__le32);
++
++ default:
++ fprintf(stderr, "usbnet: unknown OID 0x%08x\n", oid);
++ return 0;
++ }
++ return -1;
++}
++
++static int ndis_set(USBNetState *s, uint32_t oid, uint8_t *inbuf, unsigned int inlen)
++{
++ switch (oid) {
++ case OID_GEN_CURRENT_PACKET_FILTER:
++ s->filter = le32_to_cpup((__le32 *)inbuf);
++ if (s->filter) {
++ s->rndis_state = RNDIS_DATA_INITIALIZED;
++ } else {
++ s->rndis_state = RNDIS_INITIALIZED;
++ }
++ return 0;
++
++ case OID_802_3_MULTICAST_LIST:
++ return 0;
++
++ }
++ return -1;
++}
++
++static int rndis_get_response(USBNetState *s, uint8_t *buf)
++{
++ int ret = 0;
++ struct rndis_response *r = s->rndis_resp.tqh_first;
++ if (!r)
++ return ret;
++ TAILQ_REMOVE(&s->rndis_resp, r, entries);
++ ret = r->length;
++ memcpy(buf, r->buf, r->length);
++ qemu_free(r);
++ return ret;
++}
++
++static void *rndis_queue_response(USBNetState *s, unsigned int length)
++{
++ struct rndis_response *r = qemu_mallocz(sizeof(struct rndis_response) + length);
++ if (!r)
++ return NULL;
++ TAILQ_INSERT_TAIL(&s->rndis_resp, r, entries);
++ r->length = length;
++ return &r->buf[0];
++}
++
++static void rndis_clear_responsequeue(USBNetState *s)
++{
++ struct rndis_response *r;
++
++ while ((r = s->rndis_resp.tqh_first)) {
++ TAILQ_REMOVE(&s->rndis_resp, r, entries);
++ qemu_free(r);
++ }
++}
++
++static int rndis_init_response(USBNetState *s, rndis_init_msg_type *buf)
++{
++ rndis_init_cmplt_type *resp = rndis_queue_response(s, sizeof(rndis_init_cmplt_type));
++ if (!resp)
++ return USB_RET_STALL;
++ resp->MessageType = cpu_to_le32(REMOTE_NDIS_INITIALIZE_CMPLT);
++ resp->MessageLength = cpu_to_le32(sizeof(rndis_init_cmplt_type));
++ resp->RequestID = buf->RequestID; /* Still LE in msg buffer */
++ resp->Status = cpu_to_le32(RNDIS_STATUS_SUCCESS);
++ resp->MajorVersion = cpu_to_le32(RNDIS_MAJOR_VERSION);
++ resp->MinorVersion = cpu_to_le32(RNDIS_MINOR_VERSION);
++ resp->DeviceFlags = cpu_to_le32(RNDIS_DF_CONNECTIONLESS);
++ resp->Medium = cpu_to_le32(RNDIS_MEDIUM_802_3);
++ resp->MaxPacketsPerTransfer = cpu_to_le32(1);
++ resp->MaxTransferSize = cpu_to_le32(ETH_FRAME_LEN + sizeof(struct rndis_packet_msg_type) + 22);
++ resp->PacketAlignmentFactor = cpu_to_le32(0);
++ resp->AFListOffset = cpu_to_le32(0);
++ resp->AFListSize = cpu_to_le32(0);
++ return 0;
++}
++
++static int rndis_query_response(USBNetState *s, rndis_query_msg_type *buf, unsigned int length)
++{
++ rndis_query_cmplt_type *resp;
++ uint8_t infobuf[sizeof(oid_supported_list)]; /* oid_supported_list is the largest data reply */
++ uint32_t bufoffs, buflen;
++ int infobuflen;
++ unsigned int resplen;
++ bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
++ buflen = le32_to_cpu(buf->InformationBufferLength);
++ if (bufoffs + buflen > length)
++ return USB_RET_STALL;
++ infobuflen = ndis_query(s, le32_to_cpu(buf->OID), bufoffs + (uint8_t *)buf, buflen, infobuf);
++ resplen = sizeof(rndis_query_cmplt_type) + ((infobuflen < 0) ? 0 : infobuflen);
++ resp = rndis_queue_response(s, resplen);
++ if (!resp)
++ return USB_RET_STALL;
++ resp->MessageType = cpu_to_le32(REMOTE_NDIS_QUERY_CMPLT);
++ resp->RequestID = buf->RequestID; /* Still LE in msg buffer */
++ resp->MessageLength = cpu_to_le32(resplen);
++ if (infobuflen < 0) {
++ /* OID not supported */
++ resp->Status = cpu_to_le32(RNDIS_STATUS_NOT_SUPPORTED);
++ resp->InformationBufferLength = cpu_to_le32(0);
++ resp->InformationBufferOffset = cpu_to_le32(0);
++ return 0;
++ }
++ resp->Status = cpu_to_le32(RNDIS_STATUS_SUCCESS);
++ resp->InformationBufferOffset = cpu_to_le32(infobuflen ? sizeof(rndis_query_cmplt_type) - 8 : 0);
++ resp->InformationBufferLength = cpu_to_le32(infobuflen);
++ memcpy(resp + 1, infobuf, infobuflen);
++ return 0;
++}
++
++static int rndis_set_response(USBNetState *s, rndis_set_msg_type *buf, unsigned int length)
++{
++ rndis_set_cmplt_type *resp = rndis_queue_response(s, sizeof(rndis_set_cmplt_type));
++ uint32_t bufoffs, buflen;
++ if (!resp)
++ return USB_RET_STALL;
++ bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
++ buflen = le32_to_cpu(buf->InformationBufferLength);
++ if (bufoffs + buflen > length)
++ return USB_RET_STALL;
++ int ret = ndis_set(s, le32_to_cpu(buf->OID), bufoffs + (uint8_t *)buf, buflen);
++ resp->MessageType = cpu_to_le32(REMOTE_NDIS_SET_CMPLT);
++ resp->RequestID = buf->RequestID; /* Still LE in msg buffer */
++ resp->MessageLength = cpu_to_le32(sizeof(rndis_set_cmplt_type));
++ if (ret < 0) {
++ /* OID not supported */
++ resp->Status = cpu_to_le32(RNDIS_STATUS_NOT_SUPPORTED);
++ return 0;
++ }
++ resp->Status = cpu_to_le32(RNDIS_STATUS_SUCCESS);
++ return 0;
++}
++
++static int rndis_reset_response(USBNetState *s, rndis_reset_msg_type *buf)
++{
++ rndis_reset_cmplt_type *resp = rndis_queue_response(s, sizeof(rndis_reset_cmplt_type));
++ if (!resp)
++ return USB_RET_STALL;
++ resp->MessageType = cpu_to_le32(REMOTE_NDIS_RESET_CMPLT);
++ resp->MessageLength = cpu_to_le32(sizeof(rndis_reset_cmplt_type));
++ resp->Status = cpu_to_le32(RNDIS_STATUS_SUCCESS);
++ /* resent information */
++ resp->AddressingReset = cpu_to_le32(1);
++ return 0;
++}
++
++static int rndis_keepalive_response(USBNetState *s, rndis_keepalive_msg_type *buf)
++{
++ rndis_keepalive_cmplt_type *resp = rndis_queue_response(s, sizeof(rndis_keepalive_cmplt_type));
++ if (!resp)
++ return USB_RET_STALL;
++ resp->MessageType = cpu_to_le32(REMOTE_NDIS_KEEPALIVE_CMPLT);
++ resp->MessageLength = cpu_to_le32(sizeof(rndis_keepalive_cmplt_type));
++ resp->RequestID = buf->RequestID; /* Still LE in msg buffer */
++ resp->Status = cpu_to_le32(RNDIS_STATUS_SUCCESS);
++ return 0;
++}
++
++static int rndis_parse(USBNetState *s, uint8_t *data, int length)
++{
++ uint32_t MsgType, MsgLength;
++ __le32 *tmp = (__le32 *)data;
++ MsgType = le32_to_cpup(tmp++);
++ MsgLength = le32_to_cpup(tmp++);
++
++ switch (MsgType) {
++ case REMOTE_NDIS_INITIALIZE_MSG:
++ s->rndis_state = RNDIS_INITIALIZED;
++ return rndis_init_response(s, (rndis_init_msg_type *)data);
++
++ case REMOTE_NDIS_HALT_MSG:
++ s->rndis_state = RNDIS_UNINITIALIZED;
++ return 0;
++
++ case REMOTE_NDIS_QUERY_MSG:
++ return rndis_query_response(s, (rndis_query_msg_type *)data, length);
++
++ case REMOTE_NDIS_SET_MSG:
++ return rndis_set_response(s, (rndis_set_msg_type *)data, length);
++
++ case REMOTE_NDIS_RESET_MSG:
++ rndis_clear_responsequeue(s);
++ s->out_ptr = s->in_ptr = s->in_len = 0;
++ return rndis_reset_response(s, (rndis_reset_msg_type *)data);
++
++ case REMOTE_NDIS_KEEPALIVE_MSG:
++ /* For USB: host does this every 5 seconds */
++ return rndis_keepalive_response(s, (rndis_keepalive_msg_type *)data);
++ }
++ return USB_RET_STALL;
++}
++
++static void usb_net_handle_reset(USBDevice *dev)
++{
++}
++
++static int usb_net_handle_control(USBDevice *dev, int request, int value,
++ int index, int length, uint8_t *data)
++{
++ USBNetState *s = (USBNetState *)dev;
++ int ret = 0;
++
++ switch(request) {
++ case DeviceRequest | USB_REQ_GET_STATUS:
++ data[0] = (1 << USB_DEVICE_SELF_POWERED) |
++ (dev->remote_wakeup << USB_DEVICE_REMOTE_WAKEUP);
++ data[1] = 0x00;
++ ret = 2;
++ break;
++
++ case DeviceOutRequest | USB_REQ_CLEAR_FEATURE:
++ if (value == USB_DEVICE_REMOTE_WAKEUP) {
++ dev->remote_wakeup = 0;
++ } else {
++ goto fail;
++ }
++ ret = 0;
++ break;
++
++ case DeviceOutRequest | USB_REQ_SET_FEATURE:
++ if (value == USB_DEVICE_REMOTE_WAKEUP) {
++ dev->remote_wakeup = 1;
++ } else {
++ goto fail;
++ }
++ ret = 0;
++ break;
++
++ case DeviceOutRequest | USB_REQ_SET_ADDRESS:
++ dev->addr = value;
++ ret = 0;
++ break;
++
++ case ClassInterfaceOutRequest | USB_CDC_SEND_ENCAPSULATED_COMMAND:
++ if (!s->rndis || value || index != 0)
++ goto fail;
++#if TRAFFIC_DEBUG
++ {
++ unsigned int i;
++ fprintf(stderr, "SEND_ENCAPSULATED_COMMAND:");
++ for (i = 0; i < length; i++) {
++ if (!(i & 15))
++ fprintf(stderr, "\n%04X:", i);
++ fprintf(stderr, " %02X", data[i]);
++ }
++ fprintf(stderr, "\n\n");
++ }
++#endif
++ ret = rndis_parse(s, data, length);
++ break;
++
++ case ClassInterfaceRequest | USB_CDC_GET_ENCAPSULATED_RESPONSE:
++ if (!s->rndis || value || index != 0)
++ goto fail;
++ ret = rndis_get_response(s, data);
++ if (!ret) {
++ data[0] = 0;
++ ret = 1;
++ }
++#if TRAFFIC_DEBUG
++ {
++ unsigned int i;
++ fprintf(stderr, "GET_ENCAPSULATED_RESPONSE:");
++ for (i = 0; i < ret; i++) {
++ if (!(i & 15))
++ fprintf(stderr, "\n%04X:", i);
++ fprintf(stderr, " %02X", data[i]);
++ }
++ fprintf(stderr, "\n\n");
++ }
++#endif
++ break;
++
++ case DeviceRequest | USB_REQ_GET_DESCRIPTOR:
++ switch(value >> 8) {
++ case USB_DT_DEVICE:
++ ret = sizeof(qemu_net_dev_descriptor);
++ memcpy(data, qemu_net_dev_descriptor, ret);
++ break;
++
++ case USB_DT_CONFIG:
++ switch (value & 0xff) {
++ case 0:
++ ret = sizeof(qemu_net_rndis_config_descriptor);
++ memcpy(data, qemu_net_rndis_config_descriptor,
++ ret);
++ break;
++
++ case 1:
++ ret = sizeof(qemu_net_cdc_config_descriptor);
++ memcpy(data, qemu_net_cdc_config_descriptor,
++ ret);
++ break;
++
++ default:
++ goto fail;
++ }
++ data[2] = ret & 0xff;
++ data[3] = ret >> 8;
++ break;
++
++ case USB_DT_STRING:
++ switch (value & 0xff) {
++ case 0:
++ /* language ids */
++ data[0] = 4;
++ data[1] = 3;
++ data[2] = 0x09;
++ data[3] = 0x04;
++ ret = 4;
++ break;
++
++ case STRING_MANUFACTURER:
++ ret = set_usb_string(data, "QEMU");
++ break;
++
++ case STRING_PRODUCT:
++ ret = set_usb_string(data, "RNDIS/QEMU USB Network Device");
++ break;
++
++ case STRING_ETHADDR:
++ ret = set_usb_string(data, "400102030405");
++ break;
++
++ case STRING_DATA:
++ ret = set_usb_string(data, "QEMU USB Net Data Interface");
++ break;
++
++ case STRING_CONTROL:
++ ret = set_usb_string(data, "QEMU USB Net Control Interface");
++ break;
++
++ case STRING_RNDIS_CONTROL:
++ ret = set_usb_string(data, "QEMU USB Net RNDIS Control Interface");
++ break;
++
++ case STRING_CDC:
++ ret = set_usb_string(data, "QEMU USB Net CDC");
++ break;
++
++ case STRING_SUBSET:
++ ret = set_usb_string(data, "QEMU USB Net Subset");
++ break;
++
++ case STRING_RNDIS:
++ ret = set_usb_string(data, "QEMU USB Net RNDIS");
++ break;
++
++ case STRING_SERIALNUMBER:
++ ret = set_usb_string(data, "1");
++ break;
++
++ default:
++ goto fail;
++ }
++ break;
++
++ default:
++ goto fail;
++ }
++ break;
++
++ case DeviceRequest | USB_REQ_GET_CONFIGURATION:
++ data[0] = s->rndis ? DEV_RNDIS_CONFIG_VALUE : DEV_CONFIG_VALUE;
++ ret = 1;
++ break;
++
++ case DeviceOutRequest | USB_REQ_SET_CONFIGURATION:
++ switch (value & 0xff) {
++ case DEV_CONFIG_VALUE:
++ s->rndis = 0;
++ break;
++
++ case DEV_RNDIS_CONFIG_VALUE:
++ s->rndis = 1;
++ break;
++
++ default:
++ goto fail;
++ }
++ ret = 0;
++ break;
++
++ case DeviceRequest | USB_REQ_GET_INTERFACE:
++ case InterfaceRequest | USB_REQ_GET_INTERFACE:
++ data[0] = 0;
++ ret = 1;
++ break;
++
++ case DeviceOutRequest | USB_REQ_SET_INTERFACE:
++ case InterfaceOutRequest | USB_REQ_SET_INTERFACE:
++ ret = 0;
++ break;
++
++ default:
++ fail:
++ fprintf(stderr, "usbnet: failed control transaction: request 0x%x value 0x%x index 0x%x length 0x%x\n",
++ request, value, index, length);
++ ret = USB_RET_STALL;
++ break;
++ }
++ return ret;
++}
++
++static int usb_net_handle_statusin(USBNetState *s, USBPacket *p)
++{
++ int ret = 8;
++ if (p->len < 8)
++ return USB_RET_STALL;
++ ((__le32 *)p->data)[0] = cpu_to_le32(1);
++ ((__le32 *)p->data)[1] = cpu_to_le32(0);
++ if (!s->rndis_resp.tqh_first)
++ ret = USB_RET_NAK;
++#if DEBUG
++ fprintf(stderr, "usbnet: interrupt poll len %u return %d", p->len, ret);
++ {
++ int i;
++ fprintf(stderr, ":");
++ for (i = 0; i < ret; i++) {
++ if (!(i & 15))
++ fprintf(stderr, "\n%04X:", i);
++ fprintf(stderr, " %02X", p->data[i]);
++ }
++ fprintf(stderr, "\n\n");
++ }
++#endif
++ return ret;
++}
++
++static int usb_net_handle_datain(USBNetState *s, USBPacket *p)
++{
++ int ret = USB_RET_NAK;
++
++ if (s->in_ptr > s->in_len) {
++ s->in_ptr = s->in_len = 0;
++ ret = USB_RET_NAK;
++ return ret;
++ }
++ if (!s->in_len) {
++ ret = USB_RET_NAK;
++ return ret;
++ }
++ ret = s->in_len - s->in_ptr;
++ if (ret > p->len)
++ ret = p->len;
++ memcpy(p->data, &s->in_buf[s->in_ptr], ret);
++ s->in_ptr += ret;
++ if (s->in_ptr >= s->in_len && (s->rndis || (s->in_len & (64-1)) || !ret)) {
++ /* no short packet necessary */
++ s->in_ptr = s->in_len = 0;
++ }
++#if TRAFFIC_DEBUG
++ fprintf(stderr, "usbnet: data in len %u return %d", p->len, ret);
++ {
++ int i;
++ fprintf(stderr, ":");
++ for (i = 0; i < ret; i++) {
++ if (!(i & 15))
++ fprintf(stderr, "\n%04X:", i);
++ fprintf(stderr, " %02X", p->data[i]);
++ }
++ fprintf(stderr, "\n\n");
++ }
++#endif
++ return ret;
++}
++
++static int usb_net_handle_dataout(USBNetState *s, USBPacket *p)
++{
++ int ret = p->len;
++ int sz = sizeof(s->out_buf) - s->out_ptr;
++ struct rndis_packet_msg_type *msg = (struct rndis_packet_msg_type *)s->out_buf;
++ uint32_t len;
++
++#if TRAFFIC_DEBUG
++ fprintf(stderr, "usbnet: data out len %u\n", p->len);
++ {
++ int i;
++ fprintf(stderr, ":");
++ for (i = 0; i < p->len; i++) {
++ if (!(i & 15))
++ fprintf(stderr, "\n%04X:", i);
++ fprintf(stderr, " %02X", p->data[i]);
++ }
++ fprintf(stderr, "\n\n");
++ }
++#endif
++ if (sz > ret)
++ sz = ret;
++ memcpy(&s->out_buf[s->out_ptr], p->data, sz);
++ s->out_ptr += sz;
++ if (!s->rndis) {
++ if (ret < 64) {
++ qemu_send_packet(s->vc, s->out_buf, s->out_ptr);
++ s->out_ptr = 0;
++ }
++ return ret;
++ }
++ len = le32_to_cpu(msg->MessageLength);
++ if (s->out_ptr < 8 || s->out_ptr < len)
++ return ret;
++ if (le32_to_cpu(msg->MessageType) == REMOTE_NDIS_PACKET_MSG) {
++ uint32_t offs = 8 + le32_to_cpu(msg->DataOffset);
++ uint32_t size = le32_to_cpu(msg->DataLength);
++ if (offs + size <= len)
++ qemu_send_packet(s->vc, s->out_buf + offs, size);
++ }
++ s->out_ptr -= len;
++ memmove(s->out_buf, &s->out_buf[len], s->out_ptr);
++ return ret;
++}
++
++static int usb_net_handle_data(USBDevice *dev, USBPacket *p)
++{
++ USBNetState *s = (USBNetState *)dev;
++ int ret = 0;
++
++ switch(p->pid) {
++ case USB_TOKEN_IN:
++ switch (p->devep) {
++ case 1:
++ ret = usb_net_handle_statusin(s, p);
++ break;
++
++ case 2:
++ ret = usb_net_handle_datain(s, p);
++ break;
++
++ default:
++ goto fail;
++ }
++ break;
++
++ case USB_TOKEN_OUT:
++ switch (p->devep) {
++ case 2:
++ ret = usb_net_handle_dataout(s, p);
++ break;
++
++ default:
++ goto fail;
++ }
++ break;
++
++ default:
++ fail:
++ ret = USB_RET_STALL;
++ break;
++ }
++ if (ret == USB_RET_STALL)
++ fprintf(stderr, "usbnet: failed data transaction: pid 0x%x ep 0x%x len 0x%x\n", p->pid, p->devep, p->len);
++ return ret;
++}
++
++static void usbnet_receive(void *opaque, const uint8_t *buf, int size)
++{
++ USBNetState *s = opaque;
++
++ if (s->rndis) {
++ struct rndis_packet_msg_type *msg = (struct rndis_packet_msg_type *)s->in_buf;
++ if (!s->rndis_state == RNDIS_DATA_INITIALIZED)
++ return;
++ if (size + sizeof(struct rndis_packet_msg_type) > sizeof(s->in_buf))
++ return;
++ memset(msg, 0, sizeof(struct rndis_packet_msg_type));
++ msg->MessageType = cpu_to_le32(REMOTE_NDIS_PACKET_MSG);
++ msg->MessageLength = cpu_to_le32(size + sizeof(struct rndis_packet_msg_type));
++ msg->DataOffset = cpu_to_le32(sizeof(struct rndis_packet_msg_type) - 8);
++ msg->DataLength = cpu_to_le32(size);
++ //msg->OOBDataOffset;
++ //msg->OOBDataLength;
++ //msg->NumOOBDataElements;
++ //msg->PerPacketInfoOffset;
++ //msg->PerPacketInfoLength;
++ //msg->VcHandle;
++ //msg->Reserved;
++ memcpy(msg + 1, buf, size);
++ s->in_len = size + sizeof(struct rndis_packet_msg_type);
++ } else {
++ if (size > sizeof(s->in_buf))
++ return;
++ memcpy(s->in_buf, buf, size);
++ s->in_len = size;
++ }
++ s->in_ptr = 0;
++}
++
++static int usbnet_can_receive(void *opaque)
++{
++ USBNetState *s = opaque;
++
++ if (s->rndis && !s->rndis_state == RNDIS_DATA_INITIALIZED)
++ return 1;
++ return !s->in_len;
++}
++
++static void usb_net_handle_destroy(USBDevice *dev)
++{
++ USBNetState *s = (USBNetState *)dev;
++ rndis_clear_responsequeue(s);
++ qemu_free(s);
++}
++
++USBDevice *usb_net_init(NICInfo *nd)
++{
++ USBNetState *s;
++
++ s = qemu_mallocz(sizeof(USBNetState));
++ if (!s)
++ return NULL;
++ s->dev.speed = USB_SPEED_FULL;
++ s->dev.handle_packet = usb_generic_handle_packet;
++
++ s->dev.handle_reset = usb_net_handle_reset;
++ s->dev.handle_control = usb_net_handle_control;
++ s->dev.handle_data = usb_net_handle_data;
++ s->dev.handle_destroy = usb_net_handle_destroy;
++
++ s->rndis = 1;
++ s->rndis_state = RNDIS_UNINITIALIZED;
++ s->medium = NDIS_MEDIUM_802_3;
++ s->speed = 1000000; /* 100MBps, in 100Bps units */
++ s->media_state = NDIS_MEDIA_STATE_CONNECTED;
++ s->filter = 0;
++ s->vendorid = 0x1234;
++ memcpy(s->mac, nd->macaddr, 6);
++ TAILQ_INIT(&s->rndis_resp);
++
++ pstrcpy(s->dev.devname, sizeof(s->dev.devname), "QEMU USB Network Interface");
++ s->vc = qemu_new_vlan_client(nd->vlan, usbnet_receive, usbnet_can_receive, s);
++ snprintf(s->vc->info_str, sizeof(s->vc->info_str),
++ "usbnet macaddr=%02x:%02x:%02x:%02x:%02x:%02x",
++ s->mac[0], s->mac[1], s->mac[2],
++ s->mac[3], s->mac[4], s->mac[5]);
++ fprintf(stderr, "usbnet: initialized mac %02x:%02x:%02x:%02x:%02x:%02x\n",
++ s->mac[0], s->mac[1], s->mac[2],
++ s->mac[3], s->mac[4], s->mac[5]);
++ return (USBDevice *)s;
++}
+diff -urN 4242/Makefile qemu-omap/Makefile
+--- 4242/Makefile 2008-04-24 20:17:05.000000000 +0100
++++ qemu-omap/Makefile 2008-04-23 09:57:55.000000000 +0100
+@@ -55,7 +55,8 @@
+ OBJS+=tmp105.o
+ OBJS+=scsi-disk.o cdrom.o
+ OBJS+=scsi-generic.o
+-OBJS+=usb.o usb-hub.o usb-linux.o usb-hid.o usb-msd.o usb-wacom.o usb-serial.o
++OBJS+=usb.o usb-hub.o usb-linux.o usb-hid.o usb-msd.o usb-net.o
++OBJS+=usb-wacom.o usb-serial.o
+ OBJS+=sd.o ssi-sd.o
+
+ ifdef CONFIG_BRLAPI
+diff -urN 4242/softmmu_template.h qemu-omap/softmmu_template.h
+--- 4242/softmmu_template.h 2008-04-24 18:11:49.000000000 +0100
++++ qemu-omap/softmmu_template.h 2008-04-23 09:57:56.000000000 +0100
+@@ -51,12 +51,15 @@
+ int mmu_idx,
+ void *retaddr);
+ static inline DATA_TYPE glue(io_read, SUFFIX)(target_phys_addr_t physaddr,
+- target_ulong tlb_addr)
++ target_ulong tlb_addr,
++ target_ulong tlb_io)
+ {
+ DATA_TYPE res;
+ int index;
+
+- index = (tlb_addr >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
++ index = (tlb_addr & ~TARGET_PAGE_MASK) >> IO_MEM_SHIFT;
++ if (index > 4)
++ index = (tlb_io >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
+ #if SHIFT <= 2
+ res = io_mem_read[index][SHIFT](io_mem_opaque[index], physaddr);
+ #else
+@@ -95,7 +98,9 @@
+ /* IO access */
+ if ((addr & (DATA_SIZE - 1)) != 0)
+ goto do_unaligned_access;
+- res = glue(io_read, SUFFIX)(physaddr, tlb_addr);
++ res = glue(io_read, SUFFIX)(physaddr, tlb_addr,
++ env->tlb_table[mmu_idx]
++ [index].addr_code);
+ } else if (((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
+ /* slow unaligned access (it spans two pages or IO) */
+ do_unaligned_access:
+@@ -147,7 +152,9 @@
+ /* IO access */
+ if ((addr & (DATA_SIZE - 1)) != 0)
+ goto do_unaligned_access;
+- res = glue(io_read, SUFFIX)(physaddr, tlb_addr);
++ res = glue(io_read, SUFFIX)(physaddr, tlb_addr,
++ env->tlb_table[mmu_idx]
++ [index].addr_code);
+ } else if (((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
+ do_unaligned_access:
+ /* slow unaligned access (it spans two pages) */
+@@ -186,11 +193,14 @@
+ static inline void glue(io_write, SUFFIX)(target_phys_addr_t physaddr,
+ DATA_TYPE val,
+ target_ulong tlb_addr,
+- void *retaddr)
++ void *retaddr,
++ target_ulong tlb_io)
+ {
+ int index;
+
+- index = (tlb_addr >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
++ index = (tlb_addr & ~TARGET_PAGE_MASK) >> IO_MEM_SHIFT;
++ if (index > 4)
++ index = (tlb_io >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
+ env->mem_write_vaddr = tlb_addr;
+ env->mem_write_pc = (unsigned long)retaddr;
+ #if SHIFT <= 2
+@@ -228,7 +238,8 @@
+ if ((addr & (DATA_SIZE - 1)) != 0)
+ goto do_unaligned_access;
+ retaddr = GETPC();
+- glue(io_write, SUFFIX)(physaddr, val, tlb_addr, retaddr);
++ glue(io_write, SUFFIX)(physaddr, val, tlb_addr, retaddr,
++ env->tlb_table[mmu_idx][index].addr_code);
+ } else if (((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
+ do_unaligned_access:
+ retaddr = GETPC();
+@@ -278,7 +289,8 @@
+ /* IO access */
+ if ((addr & (DATA_SIZE - 1)) != 0)
+ goto do_unaligned_access;
+- glue(io_write, SUFFIX)(physaddr, val, tlb_addr, retaddr);
++ glue(io_write, SUFFIX)(physaddr, val, tlb_addr, retaddr,
++ env->tlb_table[mmu_idx][index].addr_code);
+ } else if (((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
+ do_unaligned_access:
+ /* XXX: not efficient, but simple */
+diff -urN 4242/target-i386/cpu.h qemu-omap/target-i386/cpu.h
+--- 4242/target-i386/cpu.h 2008-04-23 12:18:51.000000000 +0100
++++ qemu-omap/target-i386/cpu.h 2008-04-23 09:57:56.000000000 +0100
+@@ -499,7 +499,7 @@
+ SegmentCache idt; /* only base and limit are used */
+
+ target_ulong cr[9]; /* NOTE: cr1, cr5-7 are unused */
+- uint64_t a20_mask;
++ uint32_t a20_mask;
+
+ /* FPU state */
+ unsigned int fpstt; /* top of stack index */
+diff -urN 4242/target-i386/helper2.c qemu-omap/target-i386/helper2.c
+--- 4242/target-i386/helper2.c 2008-04-23 12:18:51.000000000 +0100
++++ qemu-omap/target-i386/helper2.c 2008-04-23 09:57:56.000000000 +0100
+@@ -377,7 +377,7 @@
+ env->hflags |= HF_GIF_MASK;
+
+ cpu_x86_update_cr0(env, 0x60000010);
+- env->a20_mask = ~0x0;
++ env->a20_mask = 0xffffffff;
+ env->smbase = 0x30000;
+
+ env->idt.limit = 0xffff;
+@@ -695,7 +695,7 @@
+ /* when a20 is changed, all the MMU mappings are invalid, so
+ we must flush everything */
+ tlb_flush(env, 1);
+- env->a20_mask = (~0x100000) | (a20_state << 20);
++ env->a20_mask = 0xffefffff | (a20_state << 20);
+ }
+ }
+
+@@ -800,8 +800,7 @@
+
+ #else
+
+-/* Bits 52-62 of a PTE are reserved. Bit 63 is the NX bit. */
+-#define PHYS_ADDR_MASK 0xffffffffff000L
++#define PHYS_ADDR_MASK 0xfffff000
+
+ /* return value:
+ -1 = cannot handle fault
+@@ -813,10 +812,9 @@
+ int is_write1, int mmu_idx, int is_softmmu)
+ {
+ uint64_t ptep, pte;
+- target_ulong pde_addr, pte_addr;
++ uint32_t pdpe_addr, pde_addr, pte_addr;
+ int error_code, is_dirty, prot, page_size, ret, is_write, is_user;
+- target_phys_addr_t paddr;
+- uint32_t page_offset;
++ unsigned long paddr, page_offset;
+ target_ulong vaddr, virt_addr;
+
+ is_user = mmu_idx == MMU_USER_IDX;
+@@ -836,11 +834,12 @@
+
+ if (env->cr[4] & CR4_PAE_MASK) {
+ uint64_t pde, pdpe;
+- target_ulong pdpe_addr;
+
++ /* XXX: we only use 32 bit physical addresses */
+ #ifdef TARGET_X86_64
+ if (env->hflags & HF_LMA_MASK) {
+- uint64_t pml4e_addr, pml4e;
++ uint32_t pml4e_addr;
++ uint64_t pml4e;
+ int32_t sext;
+
+ /* test virtual address sign extension */
+@@ -1102,19 +1101,17 @@
+
+ target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
+ {
+- target_ulong pde_addr, pte_addr;
+- uint64_t pte;
+- target_phys_addr_t paddr;
+- uint32_t page_offset;
+- int page_size;
++ uint32_t pde_addr, pte_addr;
++ uint32_t pde, pte, paddr, page_offset, page_size;
+
+ if (env->cr[4] & CR4_PAE_MASK) {
+- target_ulong pdpe_addr;
+- uint64_t pde, pdpe;
++ uint32_t pdpe_addr, pde_addr, pte_addr;
++ uint32_t pdpe;
+
++ /* XXX: we only use 32 bit physical addresses */
+ #ifdef TARGET_X86_64
+ if (env->hflags & HF_LMA_MASK) {
+- uint64_t pml4e_addr, pml4e;
++ uint32_t pml4e_addr, pml4e;
+ int32_t sext;
+
+ /* test virtual address sign extension */
+@@ -1124,13 +1121,13 @@
+
+ pml4e_addr = ((env->cr[3] & ~0xfff) + (((addr >> 39) & 0x1ff) << 3)) &
+ env->a20_mask;
+- pml4e = ldq_phys(pml4e_addr);
++ pml4e = ldl_phys(pml4e_addr);
+ if (!(pml4e & PG_PRESENT_MASK))
+ return -1;
+
+ pdpe_addr = ((pml4e & ~0xfff) + (((addr >> 30) & 0x1ff) << 3)) &
+ env->a20_mask;
+- pdpe = ldq_phys(pdpe_addr);
++ pdpe = ldl_phys(pdpe_addr);
+ if (!(pdpe & PG_PRESENT_MASK))
+ return -1;
+ } else
+@@ -1138,14 +1135,14 @@
+ {
+ pdpe_addr = ((env->cr[3] & ~0x1f) + ((addr >> 27) & 0x18)) &
+ env->a20_mask;
+- pdpe = ldq_phys(pdpe_addr);
++ pdpe = ldl_phys(pdpe_addr);
+ if (!(pdpe & PG_PRESENT_MASK))
+ return -1;
+ }
+
+ pde_addr = ((pdpe & ~0xfff) + (((addr >> 21) & 0x1ff) << 3)) &
+ env->a20_mask;
+- pde = ldq_phys(pde_addr);
++ pde = ldl_phys(pde_addr);
+ if (!(pde & PG_PRESENT_MASK)) {
+ return -1;
+ }
+@@ -1158,11 +1155,9 @@
+ pte_addr = ((pde & ~0xfff) + (((addr >> 12) & 0x1ff) << 3)) &
+ env->a20_mask;
+ page_size = 4096;
+- pte = ldq_phys(pte_addr);
++ pte = ldl_phys(pte_addr);
+ }
+ } else {
+- uint32_t pde;
+-
+ if (!(env->cr[0] & CR0_PG_MASK)) {
+ pte = addr;
+ page_size = 4096;
+diff -urN 4242/vl.c qemu-omap/vl.c
+--- 4242/vl.c 2008-04-24 21:26:21.000000000 +0100
++++ qemu-omap/vl.c 2008-04-23 09:57:57.000000000 +0100
+@@ -5284,6 +5284,11 @@
+ dev = usb_keyboard_init();
+ } else if (strstart(devname, "disk:", &p)) {
+ dev = usb_msd_init(p);
++ } else if (strstart(devname, "net:", &p)) {
++ unsigned int nr = strtoul(p, NULL, 0);
++ if (nr >= (unsigned int) nb_nics || strcmp(nd_table[nr].model, "usb"))
++ return -1;
++ dev = usb_net_init(&nd_table[nr]);
+ } else if (!strcmp(devname, "wacom-tablet")) {
+ dev = usb_wacom_init();
+ } else if (strstart(devname, "serial:", &p)) {
diff --git a/packages/qemu/qemu-0.9.1+svn/revert_arm_tcg.patch.gz b/packages/qemu/qemu-0.9.1+svn/revert_arm_tcg.patch.gz
new file mode 100644
index 0000000000..eb2a76c167
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/revert_arm_tcg.patch.gz
Binary files differ
diff --git a/packages/qemu/qemu-0.9.1+svn/series b/packages/qemu/qemu-0.9.1+svn/series
new file mode 100644
index 0000000000..fb110340c4
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/series
@@ -0,0 +1,25 @@
+05_non-fatal_if_linux_hd_missing.patch
+06_exit_segfault.patch -p0
+10_signal_jobs.patch -p0
+11_signal_sigaction.patch -p0
+22_net_tuntap_stall.patch -p0
+31_syscalls.patch -p0
+32_syscall_sysctl.patch -p0
+33_syscall_ppc_clone.patch -p0
+39_syscall_fadvise64.patch -p0
+52_ne2000_return.patch
+61_safe_64bit_int.patch -p0
+63_sparc_build.patch -p0
+64_ppc_asm_constraints.patch
+65_kfreebsd.patch -p0
+66_tls_ld.patch -p0
+91-oh-sdl-cursor.patch -p0
+qemu-0.9.0-nptl.patch
+qemu-0.9.0-nptl-update.patch
+qemu-amd64-32b-mapping-0.9.0.patch
+workaround_bad_futex_headers.patch -p1
+fix_segfault.patch
+no-strip.patch
+fix_brk.patch
+fix_protection_bits.patch -p1
+qemu-n800-support.patch -p1
diff --git a/packages/qemu/qemu-0.9.1+svn/workaround_bad_futex_headers.patch b/packages/qemu/qemu-0.9.1+svn/workaround_bad_futex_headers.patch
new file mode 100644
index 0000000000..cc122ebdba
--- /dev/null
+++ b/packages/qemu/qemu-0.9.1+svn/workaround_bad_futex_headers.patch
@@ -0,0 +1,25 @@
+---
+ linux-user/syscall.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+Index: qemu/linux-user/syscall.c
+===================================================================
+--- qemu.orig/linux-user/syscall.c 2007-08-09 20:28:06.000000000 +0100
++++ qemu/linux-user/syscall.c 2007-08-09 20:28:41.000000000 +0100
+@@ -61,7 +61,15 @@
+ #define tchars host_tchars /* same as target */
+ #define ltchars host_ltchars /* same as target */
+
+-#include <linux/futex.h>
++#define FUTEX_WAIT 0
++#define FUTEX_WAKE 1
++#define FUTEX_FD 2
++#define FUTEX_REQUEUE 3
++#define FUTEX_CMP_REQUEUE 4
++#define FUTEX_WAKE_OP 5
++#define FUTEX_LOCK_PI 6
++#define FUTEX_UNLOCK_PI 7
++
+ #include <linux/termios.h>
+ #include <linux/unistd.h>
+ #include <linux/utsname.h>
diff --git a/packages/qemu/qemu-native_svn.bb b/packages/qemu/qemu-native_svn.bb
new file mode 100644
index 0000000000..1e3a4dbbfa
--- /dev/null
+++ b/packages/qemu/qemu-native_svn.bb
@@ -0,0 +1,2 @@
+require qemu_svn.bb
+require qemu-native.inc
diff --git a/packages/qemu/qemu_svn.bb b/packages/qemu/qemu_svn.bb
new file mode 100644
index 0000000000..6e52a1513f
--- /dev/null
+++ b/packages/qemu/qemu_svn.bb
@@ -0,0 +1,48 @@
+LICENSE = "GPL"
+DEPENDS = "zlib"
+PV = "0.9.1+svnr${SRCREV}"
+PR = "r12"
+
+FILESPATH = "${FILE_DIRNAME}/qemu-${PV}/:${FILE_DIRNAME}/qemu-0.9.1+svn/"
+
+SRC_URI = "\
+ svn://svn.savannah.nongnu.org/qemu;module=trunk \
+ file://05_non-fatal_if_linux_hd_missing.patch;patch=1;pnum=1 \
+ file://06_exit_segfault.patch;patch=1;pnum=0 \
+ file://10_signal_jobs.patch;patch=1;pnum=0 \
+ file://11_signal_sigaction.patch;patch=1;pnum=0 \
+ file://22_net_tuntap_stall.patch;patch=1;pnum=0 \
+ file://31_syscalls.patch;patch=1;pnum=0 \
+ file://32_syscall_sysctl.patch;patch=1;pnum=0 \
+ file://33_syscall_ppc_clone.patch;patch=1;pnum=0 \
+ file://39_syscall_fadvise64.patch;patch=1;pnum=0 \
+ file://41_arm_fpa_sigfpe.patch;patch=1;pnum=0;maxrev=4028 \
+ file://52_ne2000_return.patch;patch=1;pnum=1 \
+ file://61_safe_64bit_int.patch;patch=1;pnum=0 \
+ file://63_sparc_build.patch;patch=1;pnum=0 \
+ file://64_ppc_asm_constraints.patch;patch=1;pnum=1 \
+ file://65_kfreebsd.patch;patch=1;pnum=0 \
+ file://66_tls_ld.patch;patch=1;pnum=0 \
+ file://91-oh-sdl-cursor.patch;patch=1;pnum=0 \
+ file://qemu-0.9.0-nptl.patch;patch=1 \
+ file://qemu-0.9.0-nptl-update.patch;patch=1;maxrev=4028 \
+ file://qemu-amd64-32b-mapping-0.9.0.patch;patch=1 \
+ file://workaround_bad_futex_headers.patch;patch=1 \
+ file://fix_segfault.patch;patch=1 \
+ file://no-strip.patch;patch=1 \
+ file://fix_brk.patch;patch=1 \
+ file://fix_protection_bits.patch;patch=1 \
+ file://revert_arm_tcg.patch.gz;patch=1;minrev=4242 \
+ file://qemu-n800-support.patch;patch=1"
+
+S = "${WORKDIR}/trunk"
+
+#EXTRA_OECONF += "--disable-sdl"
+#EXTRA_OECONF += "--target-list=arm-linux-user,arm-softmmu,i386-softmmu"
+EXTRA_OECONF += "--disable-gfx-check"
+
+inherit autotools
+
+do_configure() {
+ ${S}/configure --prefix=${prefix} ${EXTRA_OECONF}
+}