5 files changed, 593 insertions, 271 deletions
diff --git a/meta/packages/qemu/files/31_syscalls.patch b/meta/packages/qemu/files/31_syscalls.patch
index e7a1b338f3..3878079f19 100644
--- a/meta/packages/qemu/files/31_syscalls.patch
+++ b/meta/packages/qemu/files/31_syscalls.patch
@@ -47,16 +47,3 @@ Index: linux-user/syscall.c
 #endif
 #ifdef TARGET_NR_setxattr
     case TARGET_NR_setxattr:
-Index: Makefile.target
-===================================================================
--- Makefile.target.orig        2007-06-13 11:51:52.000000000 +0100
-+++ Makefile.target     2007-06-13 11:51:54.000000000 +0100
-@@ -215,7 +215,7 @@ OP_LDFLAGS+=$(OS_LDFLAGS) $(ARCH_LDFLAGS
- #########################################################
- 
- CPPFLAGS+=-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-LIBS+=-lm
-+LIBS+=-lm -lrt
- ifndef CONFIG_USER_ONLY
- LIBS+=-lz
- endif
diff --git a/meta/packages/qemu/files/fix_segfault.patch b/meta/packages/qemu/files/fix_segfault.patch
new file mode 100644
index 0000000000..976c75cd60
--- /dev/null
+++ b/meta/packages/qemu/files/fix_segfault.patch
@@ -0,0 +1,46 @@
+Index: qemu/Makefile.target
+===================================================================
+--- qemu.orig/Makefile.target   2007-06-29 10:57:58.000000000 +0000
+++ qemu/Makefile.target        2007-06-29 10:58:01.000000000 +0000
+@@ -241,7 +241,6 @@
+ ifdef CONFIG_LINUX_USER
+ OBJS= main.o syscall.o mmap.o signal.o path.o osdep.o thunk.o \
+       elfload.o linuxload.o
+-LIBS+= $(AIOLIBS)
+ ifdef TARGET_HAS_BFLT
+ OBJS+= flatload.o
+ endif
+Index: qemu/linux-user/syscall.c
+===================================================================
+--- qemu.orig/linux-user/syscall.c      2007-06-29 10:58:01.000000000 +0000
+++ qemu/linux-user/syscall.c   2007-06-29 10:58:30.000000000 +0000
+@@ -4872,29 +4872,6 @@
+            goto unimplemented_nowarn;
+ #endif
+ 
+-#ifdef TARGET_NR_clock_gettime
+-    case TARGET_NR_clock_gettime:
+-    {
+-        struct timespec ts;
+-        ret = get_errno(clock_gettime(arg1, &ts));
+-        if (!is_error(ret)) {
+-            host_to_target_timespec(arg2, &ts);
+-        }
+-        break;
+-    }
+-#endif
+-#ifdef TARGET_NR_clock_getres
+-    case TARGET_NR_clock_getres:
+-    {
+-        struct timespec ts;
+-        ret = get_errno(clock_getres(arg1, &ts));
+-        if (!is_error(ret)) {
+-            host_to_target_timespec(arg2, &ts);
+-        }
+-        break;
+-    }
+-#endif
+-
+     default:
+     unimplemented:
+         gemu_log("qemu: Unsupported syscall: %d\n", num);
diff --git a/meta/packages/qemu/files/qemu-0.9.0-nptl-update.patch b/meta/packages/qemu/files/qemu-0.9.0-nptl-update.patch
new file mode 100644
index 0000000000..869acba2cf
--- /dev/null
+++ b/meta/packages/qemu/files/qemu-0.9.0-nptl-update.patch
@@ -0,0 +1,294 @@
+Index: qemu/linux-user/main.c
+===================================================================
+--- qemu.orig/linux-user/main.c 2007-06-29 10:47:58.000000000 +0000
+++ qemu/linux-user/main.c      2007-06-29 10:47:58.000000000 +0000
+@@ -156,7 +156,7 @@
+     p[1] = tswapl(e2);
+ }
+ 
+-uint64_t gdt_table[6];
+uint64_t gdt_table[9];
+ uint64_t idt_table[256];
+ 
+ /* only dpl matters as we do only user space emulation */
+@@ -1768,7 +1768,11 @@
+     int optind;
+     const char *r;
+     int gdbstub_port = 0;
+-    
+    char *assume_kernel = getenv("QEMU_ASSUME_KERNEL");
+
+    if (assume_kernel)
+       setenv("LD_ASSUME_KERNEL", assume_kernel, 1);
+
+     if (argc <= 1)
+         usage();
+ 
+Index: qemu/linux-user/syscall.c
+===================================================================
+--- qemu.orig/linux-user/syscall.c      2007-06-29 10:47:58.000000000 +0000
+++ qemu/linux-user/syscall.c   2007-06-29 10:53:44.000000000 +0000
+@@ -60,6 +60,7 @@
+ #define tchars host_tchars /* same as target */
+ #define ltchars host_ltchars /* same as target */
+ 
+#include <linux/futex.h>
+ #include <linux/termios.h>
+ #include <linux/unistd.h>
+ #include <linux/utsname.h>
+@@ -2122,6 +2123,80 @@
+     return ret;
+ }
+ 
+int do_set_thread_area(CPUX86State *env, target_ulong ptr)
+{
+    uint64_t *gdt_table = g2h(env->gdt.base);
+    struct target_modify_ldt_ldt_s ldt_info;
+    struct target_modify_ldt_ldt_s *target_ldt_info;
+    int seg_32bit, contents, read_exec_only, limit_in_pages;
+    int seg_not_present, useable;
+    uint32_t *lp, entry_1, entry_2;
+    int i;
+
+    lock_user_struct(target_ldt_info, ptr, 1);
+    ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
+    ldt_info.base_addr = tswapl(target_ldt_info->base_addr);
+    ldt_info.limit = tswap32(target_ldt_info->limit);
+    ldt_info.flags = tswap32(target_ldt_info->flags);
+    if (ldt_info.entry_number == -1) {
+           for (i=6; i<8; i++)
+                   if (gdt_table[i] == 0) {
+                           ldt_info.entry_number = i;
+                           target_ldt_info->entry_number = tswap32(i);
+                           break;
+                   }
+    }
+    unlock_user_struct(target_ldt_info, ptr, 0);
+    
+    if (ldt_info.entry_number < 6 || ldt_info.entry_number > 8)
+           return -EINVAL;
+    seg_32bit = ldt_info.flags & 1;
+    contents = (ldt_info.flags >> 1) & 3;
+    read_exec_only = (ldt_info.flags >> 3) & 1;
+    limit_in_pages = (ldt_info.flags >> 4) & 1;
+    seg_not_present = (ldt_info.flags >> 5) & 1;
+    useable = (ldt_info.flags >> 6) & 1;
+
+    if (contents == 3) {
+        if (seg_not_present == 0)
+            return -EINVAL;
+    }
+
+    /* NOTE: same code as Linux kernel */
+    /* Allow LDTs to be cleared by the user. */
+    if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
+        if ((contents == 0             &&
+             read_exec_only == 1       &&
+             seg_32bit == 0            &&
+             limit_in_pages == 0       &&
+             seg_not_present == 1      &&
+             useable == 0 )) {
+            entry_1 = 0;
+            entry_2 = 0;
+            goto install;
+        }
+    }
+    
+    entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
+        (ldt_info.limit & 0x0ffff);
+    entry_2 = (ldt_info.base_addr & 0xff000000) |
+        ((ldt_info.base_addr & 0x00ff0000) >> 16) |
+        (ldt_info.limit & 0xf0000) |
+        ((read_exec_only ^ 1) << 9) |
+        (contents << 10) |
+        ((seg_not_present ^ 1) << 15) |
+        (seg_32bit << 22) |
+        (limit_in_pages << 23) |
+       (useable << 20) |
+       0x7000;
+
+    /* Install the new entry ...  */
+install:
+    lp = (uint32_t *)(gdt_table + ldt_info.entry_number);
+    lp[0] = tswap32(entry_1);
+    lp[1] = tswap32(entry_2);
+    return 0;
+}
+ #endif /* defined(TARGET_I386) */
+ 
+ /* this stack is the equivalent of the kernel stack associated with a
+@@ -2154,15 +2229,20 @@
+     TaskState *ts;
+     uint8_t *new_stack;
+     CPUState *new_env;
+#if defined(TARGET_I386)
+       uint64_t *new_gdt_table;
+#endif
+ #ifdef USE_NPTL
+     unsigned int nptl_flags;
+ 
+     if (flags & CLONE_PARENT_SETTID)
+         *parent_tidptr = gettid();
+ #endif
+-    
+
+     if (flags & CLONE_VM) {
+         ts = malloc(sizeof(TaskState) + NEW_STACK_SIZE);
+               if (!ts)
+                       return -ENOMEM;
+         memset(ts, 0, sizeof(TaskState));
+         new_stack = ts->stack;
+         ts->used = 1;
+@@ -2174,6 +2254,29 @@
+ #if defined(TARGET_I386)
+         if (!newsp)
+             newsp = env->regs[R_ESP];
+       new_gdt_table = malloc(9 * 8);
+       if (!new_gdt_table) {
+               free(new_env);
+               return -ENOMEM;
+       }
+       /* Copy main GDT table from parent, but clear TLS entries */
+       memcpy(new_gdt_table, g2h(env->gdt.base), 6 * 8);
+       memset(&new_gdt_table[6], 0, 3 * 8); 
+       new_env->gdt.base = h2g(new_gdt_table);
+       if (flags & 0x00080000 /* CLONE_SETTLS */) {
+               ret = do_set_thread_area(new_env, new_env->regs[R_ESI]);
+               if (ret) {
+                       free(new_gdt_table);
+                       free(new_env);
+                       return ret;
+               }
+       }
+       cpu_x86_load_seg(env, R_CS, new_env->regs[R_CS]);
+       cpu_x86_load_seg(env, R_DS, new_env->regs[R_DS]);
+       cpu_x86_load_seg(env, R_ES, new_env->regs[R_ES]);
+       cpu_x86_load_seg(env, R_SS, new_env->regs[R_SS]);
+       cpu_x86_load_seg(env, R_FS, new_env->regs[R_FS]);
+       cpu_x86_load_seg(env, R_GS, new_env->regs[R_GS]);
+         new_env->regs[R_ESP] = newsp;
+         new_env->regs[R_EAX] = 0;
+ #elif defined(TARGET_ARM)
+@@ -2517,6 +2620,68 @@
+     unlock_user_struct(target_ts, target_addr, 1);
+ }
+ 
+static long do_futex(target_ulong uaddr, int op, uint32_t val,
+                    target_ulong utime, target_ulong uaddr2,
+                    uint32_t val3)
+{
+       struct timespec host_utime;
+       unsigned long val2 = utime;
+
+       if (utime && (op == FUTEX_WAIT || op == FUTEX_LOCK_PI)) {
+               target_to_host_timespec(&host_utime, utime);
+               val2 = (unsigned long)&host_utime;
+       }
+ 
+#ifdef BSWAP_NEEDED
+       switch(op) {
+       case FUTEX_CMP_REQUEUE:
+               val3 = tswap32(val3);
+       case FUTEX_REQUEUE:
+               val2 = tswap32(val2);
+       case FUTEX_WAIT:
+       case FUTEX_WAKE:
+               val = tswap32(val);
+       case FUTEX_LOCK_PI: /* This one's icky, but comes out OK */
+       case FUTEX_UNLOCK_PI:
+               break;
+       default: 
+               gemu_log("qemu: Unsupported futex op %d\n", op);
+               return -ENOSYS;
+       } 
+#if 0 /* No, it's worse than this */
+       if (op == FUTEX_WAKE_OP) {
+               /* Need to munge the secondary operation (val3) */
+               val3 = tswap32(val3);
+               int op2 = (val3 >> 28) & 7;
+               int cmp = (val3 >> 24) & 15;
+               int oparg = (val3 << 8) >> 20;
+               int cmparg = (val3 << 20) >> 20;
+               int shift = val3 & (FUTEX_OP_OPARG_SHIFT << 28);
+
+               if (shift)
+                   oparg = (oparg & 7) + 24 - (oparg & 24);
+               else oparg = 
+               if (op2 == FUTEX_OP_ADD) {
+                       gemu_log("qemu: Unsupported wrong-endian FUTEX_OP_ADD\n");
+                       return -ENOSYS;
+               }
+               if (cmparg == FUTEX_OP_CMP_LT || cmparg == FUTEX_OP_CMP_GE ||
+                   cmparg == FUTEX_OP_CMP_LE || cmparg == FUTEX_OP_CMP_GT) {
+                       gemu_log("qemu: Unsupported wrong-endian futex cmparg %d\n", cmparg);
+                       return -ENOSYS;
+               }
+               val3 = shift | (op2<<28) | (cmp<<24) | (oparg<<12) | cmparg;
+       }
+#endif
+#endif
+       return syscall(__NR_futex, g2h(uaddr), op, val, val2, g2h(uaddr2), val3);
+}
+
+int do_set_tid_address(target_ulong tidptr)
+{
+       return syscall(__NR_set_tid_address, g2h(tidptr));
+}
+
+ long do_syscall(void *cpu_env, int num, long arg1, long arg2, long arg3, 
+                 long arg4, long arg5, long arg6)
+ {
+@@ -2534,7 +2699,7 @@
+         _mcleanup();
+ #endif
+         gdb_exit(cpu_env, arg1);
+-        /* XXX: should free thread stack and CPU env */
+        /* XXX: should free thread stack, GDT and CPU env */
+         _exit(arg1);
+         ret = 0; /* avoid warning */
+         break;
+@@ -4642,6 +4807,9 @@
+       ((CPUMIPSState *) cpu_env)->tls_value = arg1;
+       ret = 0;
+       break;
+#elif TARGET_i386
+         ret = get_errno(do_set_thread_area(cpu_env, arg1));
+         break;
+ #else
+       goto unimplemented_nowarn;
+ #endif
+@@ -4655,6 +4823,21 @@
+         goto unimplemented_nowarn;
+ #endif
+ 
+#ifdef TARGET_NR_futex
+    case TARGET_NR_futex:
+       ret = get_errno(do_futex(arg1, arg2, arg3, arg4, arg5, arg6));
+       break;
+#endif
+#ifdef TARGET_NR_set_tid_address
+    case TARGET_NR_set_tid_address:
+        ret = get_errno(do_set_tid_address(arg1));
+       break;
+#endif
+#ifdef TARGET_NR_set_robust_list
+    case TARGET_NR_set_robust_list:
+           goto unimplemented_nowarn;
+#endif
+
+ #ifdef TARGET_NR_clock_gettime
+     case TARGET_NR_clock_gettime:
+     {
+@@ -4678,12 +4861,6 @@
+     }
+ #endif
+ 
+-#if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
+-    case TARGET_NR_set_tid_address:
+-      ret = get_errno(set_tid_address((int *) arg1));
+-      break;
+-#endif
+-
+     default:
+     unimplemented:
+         gemu_log("qemu: Unsupported syscall: %d\n", num);
diff --git a/meta/packages/qemu/files/94-oh-arm-nptl.patch b/meta/packages/qemu/files/qemu-0.9.0-nptl.patch
index 37d7171983..fc7b0cfa4b 100644
--- a/meta/packages/qemu/files/94-oh-arm-nptl.patch
+++ b/meta/packages/qemu/files/qemu-0.9.0-nptl.patch
@@ -1,22 +1,24 @@
---
+These are Paul Brook's patches to QEMU-0.8.2 to enable the running of single
- configure                |   29 ++++++
+ARM binaries under QEMU's user-emulation mode. Without them, QEMU-0.8.1
- exec-all.h               |  165 --------------------------------------
+immediately dies saying:
- linux-user/arm/syscall.h |    4 
+        Error: f0005
- linux-user/main.c        |   94 ++++++++++++++++++---
+        qemu: uncaught target signal 6 (Aborted) - exiting
- linux-user/qemu.h        |    3 
+while qemu-0.8.2 dies saying:
- linux-user/syscall.c     |   90 ++++++++++++++++++--
+        qemu: Unsupported syscall: 983045
- qemu_spinlock.h          |  204 +++++++++++++++++++++++++++++++++++++++++++++++
+        cannot set up thread-local storage: unknown error
- target-arm/cpu.h         |   19 ++++
- target-arm/exec.h        |    2 
+This file is a rediffing of the patches visible at
- target-arm/op.c          |    6 +
+https://nowt.dyndns.org/patch.qemu_nptl on 27 Sept 2006
- target-arm/translate.c   |   10 ++
+which "patch" fails to apply automatically.
- 11 files changed, 437 insertions(+), 189 deletions(-)
+See also http://lists.gnu.org/archive/html/qemu-devel/2006-09/msg00194.html
+        Martin Guy, 27 Sept 2006
 Index: qemu/configure
 ===================================================================
--- qemu.orig/configure 2007-06-13 11:51:56.000000000 +0100
+--- qemu.orig/configure 2007-06-29 10:47:39.000000000 +0000
-+++ qemu/configure      2007-06-13 11:51:57.000000000 +0100
+++ qemu/configure      2007-06-29 10:47:58.000000000 +0000
-@@ -101,6 +101,7 @@ linux_user="no"
+@@ -101,6 +101,7 @@
 darwin_user="no"
 build_docs="no"
 uname_release=""
@@ -24,7 +26,7 @@ Index: qemu/configure
 
 # OS specific
 targetos=`uname -s`
-@@ -287,6 +288,8 @@ for opt do
+@@ -281,6 +282,8 @@
         *)     echo "undefined SPARC architecture. Exiting";exit 1;;
       esac
   ;;
@@ -33,7 +35,15 @@ Index: qemu/configure
   esac
 done
 
-@@ -530,6 +533,23 @@ int main(void) {
+@@ -355,6 +358,7 @@
+ echo "  --disable-linux-user     disable all linux usermode emulation targets"
+ echo "  --enable-darwin-user     enable all darwin usermode emulation targets"
+ echo "  --disable-darwin-user    disable all darwin usermode emulation targets"
+echo "  --disable-nptl           disable usermode NPTL guest support"
+ echo "  --fmod-lib               path to FMOD library"
+ echo "  --fmod-inc               path to FMOD includes"
+ echo "  --enable-uname-release=R Return R for uname -r in usermode emulation"
+@@ -524,6 +528,23 @@
 }
 EOF
 
@@ -57,15 +67,15 @@ Index: qemu/configure
 ##########################################
 # SDL probe
 
-@@ -681,6 +701,7 @@ if test -n "$sparc_cpu"; then
+@@ -678,6 +699,7 @@
-     echo "Target Sparc Arch $sparc_cpu"
- fi
- echo "kqemu support     $kqemu"
-+echo "NPTL support      $nptl"
 echo "Documentation     $build_docs"
 [ ! -z "$uname_release" ] && \
 echo "uname -r          $uname_release"
-@@ -1063,6 +1084,14 @@ if test "$target_user_only" = "no"; then
+echo "NPTL support      $nptl"
+ 
+ if test $sdl_too_old = "yes"; then
+ echo "-> Your SDL version is too old - please upgrade to have SDL support"
+@@ -1057,6 +1079,14 @@
             echo "SDL_CFLAGS=`$sdl_config --cflags`" >> $config_mak
         fi
     fi
@@ -82,9 +92,9 @@ Index: qemu/configure
 if test "$cocoa" = "yes" ; then
 Index: qemu/exec-all.h
 ===================================================================
--- qemu.orig/exec-all.h        2007-06-13 11:48:22.000000000 +0100
+--- qemu.orig/exec-all.h        2007-06-29 10:47:39.000000000 +0000
-+++ qemu/exec-all.h     2007-06-13 11:51:57.000000000 +0100
+++ qemu/exec-all.h     2007-06-29 10:47:58.000000000 +0000
-@@ -360,170 +360,7 @@ extern CPUWriteMemoryFunc *io_mem_write[
+@@ -360,170 +360,7 @@
 extern CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
 extern void *io_mem_opaque[IO_MEM_NB_ENTRIES];
 
@@ -258,9 +268,9 @@ Index: qemu/exec-all.h
 
 Index: qemu/linux-user/arm/syscall.h
 ===================================================================
--- qemu.orig/linux-user/arm/syscall.h  2007-06-13 11:48:22.000000000 +0100
+--- qemu.orig/linux-user/arm/syscall.h  2007-06-29 10:47:39.000000000 +0000
-+++ qemu/linux-user/arm/syscall.h       2007-06-13 11:51:57.000000000 +0100
+++ qemu/linux-user/arm/syscall.h       2007-06-29 10:47:58.000000000 +0000
-@@ -28,7 +28,9 @@ struct target_pt_regs {
+@@ -28,7 +28,9 @@
 #define ARM_SYSCALL_BASE       0x900000
 #define ARM_THUMB_SYSCALL      0
 
@@ -273,9 +283,9 @@ Index: qemu/linux-user/arm/syscall.h
 #define ARM_NR_thumb_semihosting  0xAB
 Index: qemu/linux-user/main.c
 ===================================================================
--- qemu.orig/linux-user/main.c 2007-06-13 11:51:55.000000000 +0100
+--- qemu.orig/linux-user/main.c 2007-06-29 10:47:39.000000000 +0000
-+++ qemu/linux-user/main.c      2007-06-13 11:51:57.000000000 +0100
+++ qemu/linux-user/main.c      2007-06-29 10:53:47.000000000 +0000
-@@ -325,6 +325,50 @@ static void arm_cache_flush(target_ulong
+@@ -325,6 +325,50 @@
     }
 }
 
@@ -326,7 +336,7 @@ Index: qemu/linux-user/main.c
 void cpu_loop(CPUARMState *env)
 {
     int trapnr;
-@@ -430,10 +474,8 @@ void cpu_loop(CPUARMState *env)
+@@ -381,10 +425,8 @@
                     }
                 }
 
@@ -339,7 +349,7 @@ Index: qemu/linux-user/main.c
                     env->regs[0] = do_arm_semihosting (env);
                 } else if (n == 0 || n >= ARM_SYSCALL_BASE
                            || (env->thumb && n == ARM_THUMB_SYSCALL)) {
-@@ -444,14 +486,34 @@ void cpu_loop(CPUARMState *env)
+@@ -395,14 +437,34 @@
                         n -= ARM_SYSCALL_BASE;
                         env->eabi = 0;
                     }
@@ -382,7 +392,7 @@ Index: qemu/linux-user/main.c
                 } else {
                     goto error;
                 }
-@@ -490,6 +552,10 @@ void cpu_loop(CPUARMState *env)
+@@ -441,6 +503,10 @@
                   }
             }
             break;
@@ -393,7 +403,7 @@ Index: qemu/linux-user/main.c
         default:
         error:
             fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n", 
-@@ -2096,6 +2162,10 @@ int main(int argc, char **argv)
+@@ -2047,6 +2113,10 @@
     ts->heap_base = info->brk;
     /* This will be filled in on the first SYS_HEAPINFO call.  */
     ts->heap_limit = 0;
@@ -406,23 +416,23 @@ Index: qemu/linux-user/main.c
     if (gdbstub_port) {
 Index: qemu/linux-user/qemu.h
 ===================================================================
--- qemu.orig/linux-user/qemu.h 2007-06-13 11:48:22.000000000 +0100
+--- qemu.orig/linux-user/qemu.h 2007-06-29 10:47:39.000000000 +0000
-+++ qemu/linux-user/qemu.h      2007-06-13 11:51:57.000000000 +0100
+++ qemu/linux-user/qemu.h      2007-06-29 10:47:58.000000000 +0000
-@@ -81,6 +81,9 @@ typedef struct TaskState {
+@@ -80,6 +80,9 @@
+     uint32_t heap_base;
     uint32_t heap_limit;
 #endif
-     int used; /* non zero if used */
 +#ifdef USE_NPTL
 +    uint32_t *child_tidptr;
 +#endif
+     int used; /* non zero if used */
     struct image_info *info;
     uint8_t stack[0];
- } __attribute__((aligned(16))) TaskState;
 Index: qemu/linux-user/syscall.c
 ===================================================================
--- qemu.orig/linux-user/syscall.c      2007-06-13 11:51:55.000000000 +0100
+--- qemu.orig/linux-user/syscall.c      2007-06-29 10:47:39.000000000 +0000
-+++ qemu/linux-user/syscall.c   2007-06-13 11:51:57.000000000 +0100
+++ qemu/linux-user/syscall.c   2007-06-29 10:53:47.000000000 +0000
-@@ -71,9 +71,18 @@
+@@ -70,9 +70,18 @@
 #include <linux/kd.h>
 
 #include "qemu.h"
@@ -441,7 +451,7 @@ Index: qemu/linux-user/syscall.c
 #if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_SPARC) \
     || defined(TARGET_M68K) || defined(TARGET_SH4)
 /* 16 bit uid wrappers emulation */
-@@ -2121,20 +2130,38 @@ int do_modify_ldt(CPUX86State *env, int 
+@@ -2119,20 +2128,38 @@
    thread/process */
 #define NEW_STACK_SIZE 8192
 
@@ -481,72 +491,76 @@ Index: qemu/linux-user/syscall.c
     
     if (flags & CLONE_VM) {
         ts = malloc(sizeof(TaskState) + NEW_STACK_SIZE);
-@@ -2197,16 +2224,60 @@ int do_fork(CPUState *env, unsigned int 
+@@ -2199,16 +2226,67 @@
 #error unsupported target CPU
 #endif
         new_env->opaque = ts;
 +#ifdef USE_NPTL
-+     nptl_flags = flags;
+        nptl_flags = flags;
-+     flags &= ~CLONE_NPTL_FLAGS2;
+        flags &= ~CLONE_NPTL_FLAGS2;
-+     if (nptl_flags & CLONE_CHILD_CLEARTID) {
+
-+          ts->child_tidptr = child_tidptr;
+        if (nptl_flags & CLONE_CHILD_CLEARTID) {
-+     }
+            ts->child_tidptr = child_tidptr;
-+     if (nptl_flags & CLONE_SETTLS)
+        }
-+         cpu_set_tls (new_env, newtls);
+
-+     /* Grab the global cpu lock so that the thread setup appears
+        if (nptl_flags & CLONE_SETTLS)
-+        atomic.  */
+            cpu_set_tls (new_env, newtls);
-+     if (nptl_flags & CLONE_CHILD_SETTID)
+
-+         spin_lock(&nptl_lock);
+        /* Grab the global cpu lock so that the thread setup appears
+           atomic.  */
+        if (nptl_flags & CLONE_CHILD_SETTID)
+            spin_lock(&nptl_lock);
+
 +#else
-+     if (flags & CLONE_NPTL_FLAGS2)
+        if (flags & CLONE_NPTL_FLAGS2)
-+         return -EINVAL;
+            return -EINVAL;
 +#endif
 +
+        if (CLONE_VFORK & flags)
+               flags ^= CLONE_VM;
 #ifdef __ia64__
         ret = __clone2(clone_func, new_stack + NEW_STACK_SIZE, flags, new_env);
 #else
        ret = clone(clone_func, new_stack + NEW_STACK_SIZE, flags, new_env);
 #endif
 +#ifdef USE_NPTL
-+     if (ret != -1) {
+        if (ret != -1) {
-+         if (nptl_flags & CLONE_CHILD_SETTID)
+            if (nptl_flags & CLONE_CHILD_SETTID)
-+             *child_tidptr = ret;
+                *child_tidptr = ret;
-+     }
+        }
-+     /* Allow the child to continue.  */
+
-+     if (nptl_flags & CLONE_CHILD_SETTID)
+        /* Allow the child to continue.  */
-+         spin_unlock(&nptl_lock);
+        if (nptl_flags & CLONE_CHILD_SETTID)
+            spin_unlock(&nptl_lock);
 +#endif
     } else {
-        /* if no CLONE_VM, we consider it is a fork */
+         /* if no CLONE_VM, we consider it is a fork */
 -        if ((flags & ~CSIGNAL) != 0)
-            return -EINVAL;
+        if ((flags & ~(CSIGNAL | CLONE_NPTL_FLAGS2)) != 0)
-        ret = fork();
+             return -EINVAL;
-+    /* if no CLONE_VM, we consider it is a fork */
+         ret = fork();
-+    if ((flags & ~(CSIGNAL | CLONE_NPTL_FLAGS2)) != 0)
-+          return -EINVAL;
-+      ret = fork();
 +#ifdef USE_NPTL
-+     /* There is a race condition here.  The parent process could
+        /* There is a race condition here.  The parent process could
-+        theoretically read the TID in the child process before the child
+           theoretically read the TID in the child process before the child
-+        tid is set.  This would require using either ptrace
+           tid is set.  This would require using either ptrace
-+        (not implemented) or having *_tidptr to point at a shared memory
+           (not implemented) or having *_tidptr to point at a shared memory
-+        mapping.  We can't repeat the spinlock hack used above because
+           mapping.  We can't repeat the spinlock hack used above because
-+        the child process gets its own copy of the lock.  */
+           the child process gets its own copy of the lock.  */
-+     if (ret == 0) {
+        if (ret == 0) {
-+         /* Child Process.  */
+            /* Child Process.  */
-+         if (flags & CLONE_CHILD_SETTID)
+            if (flags & CLONE_CHILD_SETTID)
-+             *child_tidptr = gettid();
+                *child_tidptr = gettid();
-+         ts = (TaskState *)env->opaque;
+            ts = (TaskState *)env->opaque;
-+         if (flags & CLONE_CHILD_CLEARTID)
+            if (flags & CLONE_CHILD_CLEARTID)
-+             ts->child_tidptr = child_tidptr;
+                ts->child_tidptr = child_tidptr;
-+         if (flags & CLONE_SETTLS)
+            if (flags & CLONE_SETTLS)
-+             cpu_set_tls (env, newtls);
+                cpu_set_tls (env, newtls);
-+     }
+        }
 +#endif
     }
     return ret;
 }
-@@ -2483,7 +2554,7 @@ long do_syscall(void *cpu_env, int num, 
+@@ -2485,7 +2563,7 @@
         ret = do_brk(arg1);
         break;
     case TARGET_NR_fork:
@@ -555,7 +569,7 @@ Index: qemu/linux-user/syscall.c
         break;
 #ifdef TARGET_NR_waitpid
     case TARGET_NR_waitpid:
-@@ -3648,7 +3719,8 @@ long do_syscall(void *cpu_env, int num, 
+@@ -3649,7 +3727,8 @@
         ret = get_errno(fsync(arg1));
         break;
     case TARGET_NR_clone:
@@ -565,7 +579,7 @@ Index: qemu/linux-user/syscall.c
         break;
 #ifdef __NR_exit_group
         /* new thread calls */
-@@ -4062,7 +4134,8 @@ long do_syscall(void *cpu_env, int num, 
+@@ -4037,7 +4116,8 @@
 #endif
 #ifdef TARGET_NR_vfork
     case TARGET_NR_vfork:
@@ -575,129 +589,20 @@ Index: qemu/linux-user/syscall.c
         break;
 #endif
 #ifdef TARGET_NR_ugetrlimit
-@@ -4660,4 +4733,3 @@ long do_syscall(void *cpu_env, int num, 
+@@ -4619,4 +4699,3 @@
 #endif
     return ret;
 }
 -
-Index: qemu/target-arm/cpu.h
-===================================================================
--- qemu.orig/target-arm/cpu.h  2007-06-13 11:48:22.000000000 +0100
-+++ qemu/target-arm/cpu.h       2007-06-13 11:51:57.000000000 +0100
-@@ -37,6 +37,9 @@
- #define EXCP_IRQ             5
- #define EXCP_FIQ             6
- #define EXCP_BKPT            7
-+#define EXCP_KERNEL_TRAP     8   /* Jumped to kernel code page.  */
-+
-+
- 
- typedef void ARMWriteCPFunc(void *opaque, int cp_info,
-                             int srcreg, int operand, uint32_t value);
-@@ -97,6 +100,7 @@ typedef struct CPUARMState {
-         uint32_t c9_data;
-         uint32_t c13_fcse; /* FCSE PID.  */
-         uint32_t c13_context; /* Context ID.  */
-+        uint32_t c13_tls; /* Paul Brook told me to just add this ;)  */
-         uint32_t c15_cpar; /* XScale Coprocessor Access Register */
-     } cp15;
- 
-@@ -169,6 +173,15 @@ void switch_mode(CPUARMState *, int);
- int cpu_arm_signal_handler(int host_signum, void *pinfo, 
-                            void *puc);
- 
-+void cpu_lock(void);
-+void cpu_unlock(void);
-+#if defined(USE_NPTL)
-+static inline void cpu_set_tls(CPUARMState *env, void *newtls)
-+{
-+  env->cp15.c13_tls = (uint32_t)newtls;
-+}
-+#endif
-+
- #define CPSR_M (0x1f)
- #define CPSR_T (1 << 5)
- #define CPSR_F (1 << 6)
-@@ -180,7 +193,11 @@ int cpu_arm_signal_handler(int host_sign
- #define CPSR_J (1 << 24)
- #define CPSR_IT_0_1 (3 << 25)
- #define CPSR_Q (1 << 27)
-#define CPSR_NZCV (0xf << 28)
-+#define CPSR_V (1 << 28)
-+#define CPSR_C (1 << 29)
-+#define CPSR_Z (1 << 30)
-+#define CPSR_N (1 << 31)
-+#define CPSR_NZCV (CPSR_N | CPSR_Z | CPSR_C | CPSR_V)
- 
- #define CACHED_CPSR_BITS (CPSR_T | CPSR_Q | CPSR_NZCV)
- /* Return the current CPSR value.  */
-Index: qemu/target-arm/exec.h
-===================================================================
--- qemu.orig/target-arm/exec.h 2007-06-13 11:48:22.000000000 +0100
-+++ qemu/target-arm/exec.h      2007-06-13 11:51:57.000000000 +0100
-@@ -68,8 +68,6 @@ static inline int cpu_halted(CPUState *e
- 
- /* In op_helper.c */
- 
-void cpu_lock(void);
-void cpu_unlock(void);
- void helper_set_cp(CPUState *, uint32_t, uint32_t);
- uint32_t helper_get_cp(CPUState *, uint32_t);
- void helper_set_cp15(CPUState *, uint32_t, uint32_t);
-Index: qemu/target-arm/op.c
-===================================================================
--- qemu.orig/target-arm/op.c   2007-06-13 11:48:22.000000000 +0100
-+++ qemu/target-arm/op.c        2007-06-13 11:51:57.000000000 +0100
-@@ -891,6 +891,12 @@ void OPPROTO op_bkpt(void)
-     cpu_loop_exit();
- }
- 
-+void OPPROTO op_kernel_trap(void)
-+{
-+    env->exception_index = EXCP_KERNEL_TRAP;
-+    cpu_loop_exit();
-+}
-+
- /* VFP support.  We follow the convention used for VFP instrunctions:
-    Single precition routines have a "s" suffix, double precision a
-    "d" suffix.  */
-Index: qemu/target-arm/translate.c
-===================================================================
--- qemu.orig/target-arm/translate.c    2007-06-13 11:48:22.000000000 +0100
-+++ qemu/target-arm/translate.c 2007-06-13 11:51:57.000000000 +0100
-@@ -3513,6 +3513,7 @@ undef:
-     s->is_jmp = DISAS_JUMP;
- }
- 
-+
- /* generate intermediate code in gen_opc_buf and gen_opparam_buf for
-    basic block 'tb'. If search_pc is TRUE, also generate PC
-    information for each intermediate instruction. */
-@@ -3548,6 +3549,15 @@ static inline int gen_intermediate_code_
-     nb_gen_labels = 0;
-     lj = -1;
-     do {
-+#ifdef CONFIG_USER_ONLY
-+        /* Intercept jump to the magic kernel page.  */
-+        if (dc->pc > 0xffff0000) {
-+            gen_op_kernel_trap();
-+            dc->is_jmp = DISAS_UPDATE;
-+            break;
-+        }
-+#endif
-+
-         if (env->nb_breakpoints > 0) {
-             for(j = 0; j < env->nb_breakpoints; j++) {
-                 if (env->breakpoints[j] == dc->pc) {
 Index: qemu/qemu_spinlock.h
 ===================================================================
 --- /dev/null   1970-01-01 00:00:00.000000000 +0000
-+++ qemu/qemu_spinlock.h        2007-06-13 11:51:57.000000000 +0100
+++ qemu/qemu_spinlock.h        2007-06-29 10:47:58.000000000 +0000
-@@ -0,0 +1,204 @@
+@@ -0,0 +1,181 @@
 +/*
-+ * internal execution defines for qemu
+ * Atomic operation helper include
-+ *
+ * 
-+ *  Copyright (c) 2003 Fabrice Bellard
+ *  Copyright (c) 2005 Fabrice Bellard
 + *
 + * This library is free software; you can redistribute it and/or
 + * modify it under the terms of the GNU Lesser General Public
@@ -713,9 +618,8 @@ Index: qemu/qemu_spinlock.h
 + * License along with this library; if not, write to the Free Software
 + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 + */
-+
+#ifndef QEMU_SPINLOCK_H
-+#ifndef _QEMU_SPINLOCK_H
+#define QEMU_SPINLOCK_H
-+#define _QEMU_SPINLOCK_H
 +
 +#ifdef __powerpc__
 +static inline int testandset (int *p)
@@ -739,7 +643,7 @@ Index: qemu/qemu_spinlock.h
 +static inline int testandset (int *p)
 +{
 +    long int readval = 0;
-+
+    
 +    __asm__ __volatile__ ("lock; cmpxchgl %2, %0"
 +                          : "+m" (*p), "+a" (readval)
 +                          : "r" (1)
@@ -752,7 +656,7 @@ Index: qemu/qemu_spinlock.h
 +static inline int testandset (int *p)
 +{
 +    long int readval = 0;
-+
+    
 +    __asm__ __volatile__ ("lock; cmpxchgl %2, %0"
 +                          : "+m" (*p), "+a" (readval)
 +                          : "r" (1)
@@ -767,10 +671,10 @@ Index: qemu/qemu_spinlock.h
 +    int ret;
 +
 +    __asm__ __volatile__ ("0: cs    %0,%1,0(%2)\n"
-+                         "   jl    0b"
+                         "   jl    0b"
-+                         : "=&d" (ret)
+                         : "=&d" (ret)
-+                         : "r" (1), "a" (p), "0" (*p)
+                         : "r" (1), "a" (p), "0" (*p) 
-+                         : "cc", "memory" );
+                         : "cc", "memory" );
 +    return ret;
 +}
 +#endif
@@ -781,15 +685,15 @@ Index: qemu/qemu_spinlock.h
 +    int ret;
 +    unsigned long one;
 +
-+    __asm__ __volatile__ ("0:  mov 1,%2\n"
+    __asm__ __volatile__ ("0:  mov 1,%2\n"
-+                         "     ldl_l %0,%1\n"
+                         "     ldl_l %0,%1\n"
-+                         "     stl_c %2,%1\n"
+                         "     stl_c %2,%1\n"
-+                         "     beq %2,1f\n"
+                         "     beq %2,1f\n"
-+                         ".subsection 2\n"
+                         ".subsection 2\n"
-+                         "1:   br 0b\n"
+                         "1:   br 0b\n"
-+                         ".previous"
+                         ".previous"
-+                         : "=r" (ret), "=m" (*p), "=r" (one)
+                         : "=r" (ret), "=m" (*p), "=r" (one)
-+                         : "m" (*p));
+                         : "m" (*p));
 +    return ret;
 +}
 +#endif
@@ -797,14 +701,14 @@ Index: qemu/qemu_spinlock.h
 +#ifdef __sparc__
 +static inline int testandset (int *p)
 +{
-+       int ret;
+       int ret;
 +
-+       __asm__ __volatile__("ldstub    [%1], %0"
+       __asm__ __volatile__("ldstub    [%1], %0"
-+                            : "=r" (ret)
+                            : "=r" (ret)
-+                            : "r" (p)
+                            : "r" (p)
-+                            : "memory");
+                            : "memory");
 +
-+       return (ret ? 1 : 0);
+       return (ret ? 1 : 0);
 +}
 +#endif
 +
@@ -815,7 +719,7 @@ Index: qemu/qemu_spinlock.h
 +    __asm__ __volatile__("swp %0, %1, [%2]"
 +                         : "=r"(ret)
 +                         : "0"(1), "r"(spinlock));
-+
+    
 +    return ret;
 +}
 +#endif
@@ -841,28 +745,6 @@ Index: qemu/qemu_spinlock.h
 +}
 +#endif
 +
-+#ifdef __mips__
-+static inline int testandset (int *p)
-+{
-+    int ret;
-+
-+    __asm__ __volatile__ (
-+       "       .set push               \n"
-+       "       .set noat               \n"
-+       "       .set mips2              \n"
-+       "1:     li      $1, 1           \n"
-+       "       ll      %0, %1          \n"
-+       "       sc      $1, %1          \n"
-+       "       beqz    $1, 1b          \n"
-+       "       .set pop                "
-+       : "=r" (ret), "+R" (*p)
-+       :
-+       : "memory");
-+
-+    return ret;
-+}
-+#endif
-+
 +typedef int spinlock_t;
 +
 +#define SPIN_LOCK_UNLOCKED 0
@@ -897,4 +779,114 @@ Index: qemu/qemu_spinlock.h
 +}
 +#endif
 +
-+#endif /* ! _QEMU_SPINLOCK_H */
+#endif
+Index: qemu/target-arm/cpu.h
+===================================================================
+--- qemu.orig/target-arm/cpu.h  2007-06-29 10:47:39.000000000 +0000
+++ qemu/target-arm/cpu.h       2007-06-29 10:47:58.000000000 +0000
+@@ -37,6 +37,7 @@
+ #define EXCP_IRQ             5
+ #define EXCP_FIQ             6
+ #define EXCP_BKPT            7
+#define EXCP_KERNEL_TRAP     8   /* Jumped to kernel code page.  */
+ 
+ typedef void ARMWriteCPFunc(void *opaque, int cp_info,
+                             int srcreg, int operand, uint32_t value);
+@@ -97,6 +98,7 @@
+         uint32_t c9_data;
+         uint32_t c13_fcse; /* FCSE PID.  */
+         uint32_t c13_context; /* Context ID.  */
+        uint32_t c13_tls; /* Context ID.  */
+         uint32_t c15_cpar; /* XScale Coprocessor Access Register */
+     } cp15;
+ 
+@@ -169,6 +171,15 @@
+ int cpu_arm_signal_handler(int host_signum, void *pinfo, 
+                            void *puc);
+ 
+void cpu_lock(void);
+void cpu_unlock(void);
+#if defined(USE_NPTL)
+static inline void cpu_set_tls(CPUARMState *env, void *newtls)
+{
+  env->cp15.c13_tls = (uint32_t)(long)newtls;
+}
+#endif
+
+ #define CPSR_M (0x1f)
+ #define CPSR_T (1 << 5)
+ #define CPSR_F (1 << 6)
+@@ -180,7 +191,11 @@
+ #define CPSR_J (1 << 24)
+ #define CPSR_IT_0_1 (3 << 25)
+ #define CPSR_Q (1 << 27)
+-#define CPSR_NZCV (0xf << 28)
+#define CPSR_V (1 << 28)
+#define CPSR_C (1 << 29)
+#define CPSR_Z (1 << 30)
+#define CPSR_N (1 << 31)
+#define CPSR_NZCV (CPSR_N | CPSR_Z | CPSR_C | CPSR_V)
+ 
+ #define CACHED_CPSR_BITS (CPSR_T | CPSR_Q | CPSR_NZCV)
+ /* Return the current CPSR value.  */
+Index: qemu/target-arm/exec.h
+===================================================================
+--- qemu.orig/target-arm/exec.h 2007-06-29 10:47:39.000000000 +0000
+++ qemu/target-arm/exec.h      2007-06-29 10:47:58.000000000 +0000
+@@ -68,8 +68,6 @@
+ 
+ /* In op_helper.c */
+ 
+-void cpu_lock(void);
+-void cpu_unlock(void);
+ void helper_set_cp(CPUState *, uint32_t, uint32_t);
+ uint32_t helper_get_cp(CPUState *, uint32_t);
+ void helper_set_cp15(CPUState *, uint32_t, uint32_t);
+Index: qemu/target-arm/op.c
+===================================================================
+--- qemu.orig/target-arm/op.c   2007-06-29 10:47:39.000000000 +0000
+++ qemu/target-arm/op.c        2007-06-29 10:47:58.000000000 +0000
+@@ -891,6 +891,12 @@
+     cpu_loop_exit();
+ }
+ 
+void OPPROTO op_kernel_trap(void)
+{
+    env->exception_index = EXCP_KERNEL_TRAP;
+    cpu_loop_exit();
+}
+
+ /* VFP support.  We follow the convention used for VFP instrunctions:
+    Single precition routines have a "s" suffix, double precision a
+    "d" suffix.  */
+Index: qemu/target-arm/op_mem.h
+===================================================================
+--- qemu.orig/target-arm/op_mem.h       2007-06-29 10:47:39.000000000 +0000
+++ qemu/target-arm/op_mem.h    2007-06-29 10:47:58.000000000 +0000
+@@ -1,5 +1,6 @@
+ /* ARM memory operations.  */
+ 
+void helper_ld(uint32_t);
+ /* Load from address T1 into T0.  */
+ #define MEM_LD_OP(name) \
+ void OPPROTO glue(op_ld##name,MEMSUFFIX)(void) \
+Index: qemu/target-arm/translate.c
+===================================================================
+--- qemu.orig/target-arm/translate.c    2007-06-29 10:47:39.000000000 +0000
+++ qemu/target-arm/translate.c 2007-06-29 10:47:58.000000000 +0000
+@@ -3548,6 +3548,15 @@
+     nb_gen_labels = 0;
+     lj = -1;
+     do {
+#ifdef CONFIG_USER_ONLY
+        /* Intercept jump to the magic kernel page.  */
+        if (dc->pc > 0xffff0000) {
+            gen_op_kernel_trap();
+            dc->is_jmp = DISAS_UPDATE;
+            break;
+        }
+#endif
+
+         if (env->nb_breakpoints > 0) {
+             for(j = 0; j < env->nb_breakpoints; j++) {
+                 if (env->breakpoints[j] == dc->pc) {
diff --git a/meta/packages/qemu/qemu_cvs.bb b/meta/packages/qemu/qemu_cvs.bb
index 4148a4835c..3392b8804e 100644
--- a/meta/packages/qemu/qemu_cvs.bb
+++ b/meta/packages/qemu/qemu_cvs.bb
@@ -1,7 +1,7 @@
 LICENSE = "GPL"
 DEPENDS = "zlib"
 PV = "0.9.0+cvs${SRCDATE}"
-PR = "r0"
+PR = "r1"
 FILESDIR = "${WORKDIR}"
@@ -29,7 +29,9 @@ SRC_URI = "\
    file://66_tls_ld.patch;patch=1;pnum=0 \
    file://91-oh-sdl-cursor.patch;patch=1;pnum=0 \
    file://93-oh-pl110-rgb.patch;patch=1;pnum=0 \
-    file://94-oh-arm-nptl.patch;patch=1;pnum=1"
+    file://qemu-0.9.0-nptl.patch;patch=1 \
+    file://qemu-0.9.0-nptl-update.patch;patch=1 \
+    file://fix_segfault.patch;patch=1"
 #    svn://svn.o-hand.com/repos/misc/trunk/qemu-packaging/qemu;module=debian;proto=http;srcdate=20070119 \
 #    file://debian/patches/21_net_soopts.patch;patch=1;pnum=0 \
@@ -43,6 +45,7 @@ SRC_URI = "\
 S = "${WORKDIR}/qemu"
 #EXTRA_OECONF = "--disable-sdl"
+#EXTRA_OECONF = "--disable-gfx-check --target-list=arm-linux-user"
 EXTRA_OECONF = "--disable-gfx-check"
 inherit autotools