28 files changed, 0 insertions, 4213 deletions

diff --git a/meta/packages/qemu/qemu-0.9.1+svn/05_non-fatal_if_linux_hd_missing.patch b/meta/packages/qemu/qemu-0.9.1+svn/05_non-fatal_if_linux_hd_missing.patch
deleted file mode 100644
index a66737d9ce..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/05_non-fatal_if_linux_hd_missing.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-#DPATCHLEVEL=1
----
-# hw/pc.c |    1 -
-# 1 file changed, 1 deletion(-)
-#
-Index: trunk/hw/pc.c
-===================================================================
---- trunk.orig/hw/pc.c  2008-04-24 20:15:46.000000000 +0100
-+++ trunk/hw/pc.c       2008-04-24 20:15:49.000000000 +0100
-@@ -399,7 +399,6 @@
-     if (hda == -1) {
-        fprintf(stderr, "A disk image must be given for 'hda' when booting "
-                "a Linux kernel\n");
--       exit(1);
-     }
- 
-     memset(bootsect, 0, sizeof(bootsect));
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/06_exit_segfault.patch b/meta/packages/qemu/qemu-0.9.1+svn/06_exit_segfault.patch
deleted file mode 100644
index bc02d31839..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/06_exit_segfault.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-#DPATCHLEVEL=0
----
-# linux-user/main.c |    8 ++++----
-# 1 file changed, 4 insertions(+), 4 deletions(-)
-#
-Index: linux-user/main.c
-===================================================================
---- linux-user/main.c.orig      2008-04-24 20:15:46.000000000 +0100
-+++ linux-user/main.c   2008-04-24 20:15:53.000000000 +0100
-@@ -765,7 +765,7 @@
-         default:
-             printf ("Unhandled trap: 0x%x\n", trapnr);
-             cpu_dump_state(env, stderr, fprintf, 0);
--            exit (1);
-+            _exit (1);
-         }
-         process_pending_signals (env);
-     }
-@@ -1697,7 +1697,7 @@
-         default:
-             printf ("Unhandled trap: 0x%x\n", trapnr);
-             cpu_dump_state(env, stderr, fprintf, 0);
--            exit (1);
-+            _exit (1);
-         }
-         process_pending_signals (env);
-     }
-@@ -2026,7 +2026,7 @@
-                 for(item = cpu_log_items; item->mask != 0; item++) {
-                     printf("%-10s %s\n", item->name, item->help);
-                 }
--                exit(1);
-+                _exit(1);
-             }
-             cpu_set_log(mask);
-         } else if (!strcmp(r, "s")) {
-@@ -2045,7 +2045,7 @@
-             if (qemu_host_page_size == 0 ||
-                 (qemu_host_page_size & (qemu_host_page_size - 1)) != 0) {
-                 fprintf(stderr, "page size must be a power of two\n");
--                exit(1);
-+                _exit(1);
-             }
-         } else if (!strcmp(r, "g")) {
-             gdbstub_port = atoi(argv[optind++]);
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/10_signal_jobs.patch b/meta/packages/qemu/qemu-0.9.1+svn/10_signal_jobs.patch
deleted file mode 100644
index d79482d2f4..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/10_signal_jobs.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-#DPATCHLEVEL=0
----
-# linux-user/signal.c |    7 ++++++-
-# 1 file changed, 6 insertions(+), 1 deletion(-)
-#
-Index: linux-user/signal.c
-===================================================================
---- linux-user/signal.c.orig    2008-04-24 20:15:46.000000000 +0100
-+++ linux-user/signal.c 2008-04-24 20:15:55.000000000 +0100
-@@ -364,10 +364,15 @@
-     k = &sigact_table[sig - 1];
-     handler = k->sa._sa_handler;
-     if (handler == TARGET_SIG_DFL) {
-+        if (sig == TARGET_SIGTSTP || sig == TARGET_SIGTTIN || sig == TARGET_SIGTTOU) {
-+            kill(getpid(),SIGSTOP);
-+            return 0;
-+        } else
-         /* default handler : ignore some signal. The other are fatal */
-         if (sig != TARGET_SIGCHLD &&
-             sig != TARGET_SIGURG &&
--            sig != TARGET_SIGWINCH) {
-+            sig != TARGET_SIGWINCH &&
-+            sig != TARGET_SIGCONT) {
-             force_sig(sig);
-         } else {
-             return 0; /* indicate ignored */
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/11_signal_sigaction.patch b/meta/packages/qemu/qemu-0.9.1+svn/11_signal_sigaction.patch
deleted file mode 100644
index cd56541b71..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/11_signal_sigaction.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-#DPATCHLEVEL=0
----
-# linux-user/signal.c |    5 +++++
-# 1 file changed, 5 insertions(+)
-#
-Index: linux-user/signal.c
-===================================================================
---- linux-user/signal.c.orig    2008-04-24 20:15:55.000000000 +0100
-+++ linux-user/signal.c 2008-04-24 20:15:57.000000000 +0100
-@@ -512,6 +512,11 @@
- 
-     if (sig < 1 || sig > TARGET_NSIG || sig == SIGKILL || sig == SIGSTOP)
-         return -EINVAL;
-+
-+    /* no point doing the stuff as those are not allowed for sigaction */
-+    if ((sig == TARGET_SIGKILL) || (sig == TARGET_SIGSTOP))
-+        return -EINVAL;
-+
-     k = &sigact_table[sig - 1];
- #if defined(DEBUG_SIGNAL)
-     fprintf(stderr, "sigaction sig=%d act=0x%08x, oact=0x%08x\n",
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/22_net_tuntap_stall.patch b/meta/packages/qemu/qemu-0.9.1+svn/22_net_tuntap_stall.patch
deleted file mode 100644
index 0e1038983b..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/22_net_tuntap_stall.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-#DPATCHLEVEL=0
----
-# vl.c |    2 +-
-# 1 file changed, 1 insertion(+), 1 deletion(-)
-#
-Index: vl.c
-===================================================================
---- vl.c.orig   2008-04-24 20:15:46.000000000 +0100
-+++ vl.c        2008-04-24 20:15:58.000000000 +0100
-@@ -4155,7 +4155,7 @@
-         return -1;
-     }
-     memset(&ifr, 0, sizeof(ifr));
--    ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
-+    ifr.ifr_flags = IFF_TAP | IFF_NO_PI | IFF_ONE_QUEUE;
-     if (ifname[0] != '\0')
-         pstrcpy(ifr.ifr_name, IFNAMSIZ, ifname);
-     else
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/31_syscalls.patch b/meta/packages/qemu/qemu-0.9.1+svn/31_syscalls.patch
deleted file mode 100644
index 15565ae11d..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/31_syscalls.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-#DPATCHLEVEL=0
----
-# linux-user/syscall.c |   11 ++++++++---
-# 1 file changed, 8 insertions(+), 3 deletions(-)
-#
-Index: linux-user/syscall.c
-===================================================================
---- linux-user/syscall.c.orig   2008-04-24 20:15:46.000000000 +0100
-+++ linux-user/syscall.c        2008-04-24 20:15:59.000000000 +0100
-@@ -250,6 +250,7 @@
- extern int setresgid(gid_t, gid_t, gid_t);
- extern int getresgid(gid_t *, gid_t *, gid_t *);
- extern int setgroups(int, gid_t *);
-+extern int uselib(const char*);
- 
- #define ERRNO_TABLE_SIZE 1200
- 
-@@ -4041,7 +4042,8 @@
- #endif
- #ifdef TARGET_NR_uselib
-     case TARGET_NR_uselib:
--        goto unimplemented;
-+        ret = get_errno(uselib(path((const char*)arg1)));
-+        break;
- #endif
- #ifdef TARGET_NR_swapon
-     case TARGET_NR_swapon:
-@@ -5322,7 +5324,9 @@
-         goto unimplemented;
- #ifdef TARGET_NR_mincore
-     case TARGET_NR_mincore:
--        goto unimplemented;
-+        /*page_unprotect_range((void*)arg3, ((size_t)arg2 + TARGET_PAGE_SIZE - 1) / TARGET_PAGE_SIZE);*/
-+        ret = get_errno(mincore((void*)arg1, (size_t)arg2, (unsigned char*)arg3));
-+        break;
- #endif
- #ifdef TARGET_NR_madvise
-     case TARGET_NR_madvise:
-@@ -5462,7 +5466,8 @@
-         break;
- #ifdef TARGET_NR_readahead
-     case TARGET_NR_readahead:
--        goto unimplemented;
-+        ret = get_errno(readahead((int)arg1, (off64_t)arg2, (size_t)arg3));
-+        break;
- #endif
- #ifdef TARGET_NR_setxattr
-     case TARGET_NR_setxattr:
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/32_syscall_sysctl.patch b/meta/packages/qemu/qemu-0.9.1+svn/32_syscall_sysctl.patch
deleted file mode 100644
index d42c44cebc..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/32_syscall_sysctl.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-#DPATCHLEVEL=0
----
-# linux-user/syscall.c |   32 +++++++++++++++++++++++++++++---
-# 1 file changed, 29 insertions(+), 3 deletions(-)
-#
-Index: linux-user/syscall.c
-===================================================================
---- linux-user/syscall.c.orig   2008-04-24 20:15:59.000000000 +0100
-+++ linux-user/syscall.c        2008-04-24 20:16:01.000000000 +0100
-@@ -52,6 +52,7 @@
- //#include <sys/user.h>
- #include <netinet/ip.h>
- #include <netinet/tcp.h>
-+#include <sys/sysctl.h>
- 
- #define termios host_termios
- #define winsize host_winsize
-@@ -4758,9 +4759,34 @@
-         break;
- #endif
-     case TARGET_NR__sysctl:
--        /* We don't implement this, but ENOTDIR is always a safe
--           return value. */
--        ret = -TARGET_ENOTDIR;
-+        {
-+            struct __sysctl_args *args = (struct __sysctl_args *) arg1;
-+            int *name_target, *name, nlen, *oldlenp, oldlen, newlen, i;
-+            void *oldval, *newval;
-+
-+            name_target = (int *) tswapl((long) args->name);
-+            nlen = tswapl(args->nlen);
-+            oldval = (void *) tswapl((long) args->oldval);
-+            oldlenp = (int *) tswapl((long) args->oldlenp);
-+            oldlen = tswapl(*oldlenp);
-+            newval = (void *) tswapl((long) args->newval);
-+            newlen = tswapl(args->newlen);
-+
-+            name = alloca(nlen * sizeof (int));
-+            for (i = 0; i < nlen; i++)
-+                name[i] = tswapl(name_target[i]);
-+
-+            if (nlen == 2 && name[0] == CTL_KERN && name[1] == KERN_VERSION) {
-+                ret = get_errno(
-+                        sysctl(name, nlen, oldval, &oldlen, newval, newlen));
-+                if (!is_error(ret)) {
-+                    *oldlenp = tswapl(oldlen);
-+                }
-+            } else {
-+                gemu_log("qemu: Unsupported sysctl name\n");
-+                ret = -ENOSYS;
-+            }
-+        }
-         break;
-     case TARGET_NR_sched_setparam:
-         {
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/33_syscall_ppc_clone.patch b/meta/packages/qemu/qemu-0.9.1+svn/33_syscall_ppc_clone.patch
deleted file mode 100644
index 962f821523..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/33_syscall_ppc_clone.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-#DPATCHLEVEL=0
----
-# linux-user/syscall.c |    6 +-----
-# 1 file changed, 1 insertion(+), 5 deletions(-)
-#
-Index: linux-user/syscall.c
-===================================================================
---- linux-user/syscall.c.orig   2008-04-24 20:16:01.000000000 +0100
-+++ linux-user/syscall.c        2008-04-24 20:16:02.000000000 +0100
-@@ -2760,11 +2760,7 @@
-         if (!newsp)
-             newsp = env->gpr[1];
-         new_env->gpr[1] = newsp;
--        {
--            int i;
--            for (i = 7; i < 32; i++)
--                new_env->gpr[i] = 0;
--        }
-+        new_env->gpr[3] = 0;
- #elif defined(TARGET_SH4)
-        if (!newsp)
-          newsp = env->gregs[15];
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/39_syscall_fadvise64.patch b/meta/packages/qemu/qemu-0.9.1+svn/39_syscall_fadvise64.patch
deleted file mode 100644
index 845232cfca..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/39_syscall_fadvise64.patch
+++ /dev/null
@@ -1,21 +0,0 @@
----
- linux-user/syscall.c |    6 ++++++
- 1 file changed, 6 insertions(+)
-
-Index: linux-user/syscall.c
-===================================================================
---- linux-user/syscall.c.orig   2008-04-24 20:16:02.000000000 +0100
-+++ linux-user/syscall.c        2008-04-24 20:16:03.000000000 +0100
-@@ -5350,6 +5350,12 @@
-         ret = get_errno(mincore((void*)arg1, (size_t)arg2, (unsigned char*)arg3));
-         break;
- #endif
-+#ifdef TARGET_NR_fadvise64_64
-+     case TARGET_NR_fadvise64_64:
-+        /* Just return success */
-+        ret = get_errno(0);
-+        break;
-+#endif
- #ifdef TARGET_NR_madvise
-     case TARGET_NR_madvise:
-         /* A straight passthrough may not be safe because qemu sometimes
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/52_ne2000_return.patch b/meta/packages/qemu/qemu-0.9.1+svn/52_ne2000_return.patch
deleted file mode 100644
index e364bff731..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/52_ne2000_return.patch
+++ /dev/null
@@ -1,17 +0,0 @@
----
- hw/ne2000.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: trunk/hw/ne2000.c
-===================================================================
---- trunk.orig/hw/ne2000.c      2008-04-24 20:15:46.000000000 +0100
-+++ trunk/hw/ne2000.c   2008-04-24 20:16:05.000000000 +0100
-@@ -217,7 +217,7 @@
-     NE2000State *s = opaque;
- 
-     if (s->cmd & E8390_STOP)
--        return 1;
-+        return 0;
-     return !ne2000_buffer_full(s);
- }
- 
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/61_safe_64bit_int.patch b/meta/packages/qemu/qemu-0.9.1+svn/61_safe_64bit_int.patch
deleted file mode 100644
index 9a67feac6b..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/61_safe_64bit_int.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-#DPATCHLEVEL=0
----
-# dyngen-exec.h |    4 ++--
-# 1 file changed, 2 insertions(+), 2 deletions(-)
-#
-Index: dyngen-exec.h
-===================================================================
---- dyngen-exec.h.orig  2008-04-24 20:15:46.000000000 +0100
-+++ dyngen-exec.h       2008-04-24 20:16:06.000000000 +0100
-@@ -38,7 +38,7 @@
- // Linux/Sparc64 defines uint64_t
- #if !(defined (__sparc_v9__) && defined(__linux__))
- /* XXX may be done for all 64 bits targets ? */
--#if defined (__x86_64__) || defined(__ia64) || defined(__s390x__) || defined(__alpha__) 
-+#if defined (__x86_64__) || defined(__ia64) || defined(__s390x__) || defined(__alpha__) || defined(__sparc__)
- typedef unsigned long uint64_t;
- #else
- typedef unsigned long long uint64_t;
-@@ -55,7 +55,7 @@
- typedef signed int int32_t;
- // Linux/Sparc64 defines int64_t
- #if !(defined (__sparc_v9__) && defined(__linux__))
--#if defined (__x86_64__) || defined(__ia64) || defined(__s390x__) || defined(__alpha__)
-+#if defined (__x86_64__) || defined(__ia64) || defined(__s390x__) || defined(__alpha__) || defined(__sparc__)
- typedef signed long int64_t;
- #else
- typedef signed long long int64_t;
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/63_sparc_build.patch b/meta/packages/qemu/qemu-0.9.1+svn/63_sparc_build.patch
deleted file mode 100644
index 097f55a09e..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/63_sparc_build.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-#DPATCHLEVEL=0
----
-# sparc.ld |    2 +-
-# 1 file changed, 1 insertion(+), 1 deletion(-)
-#
-Index: sparc.ld
-===================================================================
---- sparc.ld.orig       2008-04-24 20:15:46.000000000 +0100
-+++ sparc.ld    2008-04-24 20:16:07.000000000 +0100
-@@ -6,7 +6,7 @@
- SECTIONS
- {
-   /* Read-only sections, merged into text segment: */
--  . = 0x60000000 + SIZEOF_HEADERS;
-+  . = 0x60000000 + 0x400;
-   .interp     : { *(.interp)    }
-   .hash          : { *(.hash)           }
-   .dynsym        : { *(.dynsym)         }
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/64_ppc_asm_constraints.patch b/meta/packages/qemu/qemu-0.9.1+svn/64_ppc_asm_constraints.patch
deleted file mode 100644
index 7d19817278..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/64_ppc_asm_constraints.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-#DPATCHLEVEL=1
----
-# cpu-all.h |    2 +-
-# 1 file changed, 1 insertion(+), 1 deletion(-)
-#
-Index: trunk/cpu-all.h
-===================================================================
---- trunk.orig/cpu-all.h        2008-04-24 20:15:46.000000000 +0100
-+++ trunk/cpu-all.h     2008-04-24 20:16:08.000000000 +0100
-@@ -285,7 +285,7 @@
- static inline void stl_le_p(void *ptr, int v)
- {
- #ifdef __powerpc__
--    __asm__ __volatile__ ("stwbrx %1,0,%2" : "=m" (*(uint32_t *)ptr) : "r" (v), "r" (ptr));
-+    __asm__ __volatile__ ("stwbrx %0,0,%1" : : "r" (v), "r" (ptr) : "memory");
- #else
-     uint8_t *p = ptr;
-     p[0] = v;
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/65_kfreebsd.patch b/meta/packages/qemu/qemu-0.9.1+svn/65_kfreebsd.patch
deleted file mode 100644
index 028e85a878..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/65_kfreebsd.patch
+++ /dev/null
@@ -1,35 +0,0 @@
----
- configure |    6 ++++++
- vl.c      |    2 ++
- 2 files changed, 8 insertions(+)
-
-Index: configure
-===================================================================
---- configure.orig      2008-04-24 20:15:46.000000000 +0100
-+++ configure   2008-04-24 20:16:09.000000000 +0100
-@@ -135,6 +135,12 @@
-     kqemu="yes"
- fi
- ;;
-+GNU/kFreeBSD)
-+oss="yes"
-+if [ "$cpu" = "i386" -o "$cpu" = "x86_64" ] ; then
-+    kqemu="yes"
-+fi
-+;;
- FreeBSD)
- bsd="yes"
- oss="yes"
-Index: vl.c
-===================================================================
---- vl.c.orig   2008-04-24 20:15:58.000000000 +0100
-+++ vl.c        2008-04-24 20:16:09.000000000 +0100
-@@ -97,6 +97,8 @@
- #include <stropts.h>
- #endif
- #endif
-+#elif defined (__GLIBC__) && defined (__FreeBSD_kernel__)
-+#include <freebsd/stdlib.h>
- #else
- #include <winsock2.h>
- int inet_aton(const char *cp, struct in_addr *ia);
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/66_tls_ld.patch b/meta/packages/qemu/qemu-0.9.1+svn/66_tls_ld.patch
deleted file mode 100644
index cbd3f873d8..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/66_tls_ld.patch
+++ /dev/null
@@ -1,55 +0,0 @@
----
- arm.ld  |    7 +++++++
- i386.ld |    7 +++++++
- 2 files changed, 14 insertions(+)
-
-Index: arm.ld
-===================================================================
---- arm.ld.orig 2008-04-24 20:15:45.000000000 +0100
-+++ arm.ld      2008-04-24 20:16:11.000000000 +0100
-@@ -26,6 +26,10 @@
-     { *(.rel.rodata) *(.rel.gnu.linkonce.r*) }
-   .rela.rodata   :
-     { *(.rela.rodata) *(.rela.gnu.linkonce.r*) }
-+  .rel.tdata     : { *(.rel.tdata .rel.tdata.* .rel.gnu.linkonce.td.*) }
-+  .rela.tdata    : { *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*) }
-+  .rel.tbss      : { *(.rel.tbss .rel.tbss.* .rel.gnu.linkonce.tb.*) }
-+  .rela.tbss     : { *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*) }
-   .rel.got       : { *(.rel.got)               }
-   .rela.got      : { *(.rela.got)              }
-   .rel.ctors     : { *(.rel.ctors)     }
-@@ -58,6 +62,9 @@
-   .ARM.exidx   : { *(.ARM.exidx* .gnu.linkonce.armexidx.*) }
-    __exidx_end = .;
-   .reginfo : { *(.reginfo) }
-+  /* Thread Local Storage sections  */
-+  .tdata         : { *(.tdata .tdata.* .gnu.linkonce.td.*) }
-+  .tbss                  : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) }
-   /* Adjust the address for the data segment.  We want to adjust up to
-      the same address within the page on the next page up.  */
-   . = ALIGN(0x100000) + (. & (0x100000 - 1));
-Index: i386.ld
-===================================================================
---- i386.ld.orig        2008-04-24 20:15:45.000000000 +0100
-+++ i386.ld     2008-04-24 20:16:11.000000000 +0100
-@@ -28,6 +28,10 @@
-     { *(.rel.rodata) *(.rel.gnu.linkonce.r*) }
-   .rela.rodata   :
-     { *(.rela.rodata) *(.rela.gnu.linkonce.r*) }
-+  .rel.tdata     : { *(.rel.tdata .rel.tdata.* .rel.gnu.linkonce.td.*) }
-+  .rela.tdata    : { *(.rela.tdata .rela.tdata.* .rela.gnu.linkonce.td.*) }
-+  .rel.tbss      : { *(.rel.tbss .rel.tbss.* .rel.gnu.linkonce.tb.*) }
-+  .rela.tbss     : { *(.rela.tbss .rela.tbss.* .rela.gnu.linkonce.tb.*) }
-   .rel.got       : { *(.rel.got)               }
-   .rela.got      : { *(.rela.got)              }
-   .rel.ctors     : { *(.rel.ctors)     }
-@@ -53,6 +57,9 @@
-   _etext = .;
-   PROVIDE (etext = .);
-   .fini      : { *(.fini)    } =0x47ff041f
-+  /* Thread Local Storage sections  */
-+  .tdata         : { *(.tdata .tdata.* .gnu.linkonce.td.*) }
-+  .tbss                  : { *(.tbss .tbss.* .gnu.linkonce.tb.*) *(.tcommon) }
-   . = ALIGN(32 / 8);
-   PROVIDE (__preinit_array_start = .);
-   .preinit_array     : { *(.preinit_array) }
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/91-oh-sdl-cursor.patch b/meta/packages/qemu/qemu-0.9.1+svn/91-oh-sdl-cursor.patch
deleted file mode 100644
index b3d95a4534..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/91-oh-sdl-cursor.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-=== modified file 'sdl.c'
----
- sdl.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: sdl.c
-===================================================================
---- sdl.c.orig  2008-04-24 20:15:45.000000000 +0100
-+++ sdl.c       2008-04-24 20:16:12.000000000 +0100
-@@ -247,7 +247,7 @@
- 
-     if (kbd_mouse_is_absolute()) {
-         SDL_ShowCursor(1);
--        SDL_SetCursor(sdl_cursor_hidden);
-+        /* SDL_SetCursor(sdl_cursor_hidden); */
-     } else {
-         SDL_ShowCursor(0);
-     }
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/configure_symlinkpath_fix.patch b/meta/packages/qemu/qemu-0.9.1+svn/configure_symlinkpath_fix.patch
deleted file mode 100644
index 3ec304a38c..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/configure_symlinkpath_fix.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Index: qemu-0.9.1/configure
-===================================================================
---- qemu-0.9.1.orig/configure   2008-01-24 15:33:13.000000000 +0000
-+++ qemu-0.9.1/configure        2008-01-24 15:45:50.000000000 +0000
-@@ -209,15 +209,17 @@
- 
- # find source path
- source_path=`dirname "$0"`
-+source_path_used="no"
-+workdir=`pwd`
-+workdir=`readlink -f $workdir`
- if [ -z "$source_path" ]; then
--    source_path=`pwd`
-+    source_path=$workdir
- else
-     source_path=`cd "$source_path"; pwd`
--fi
--if test "$source_path" = `pwd` ; then
--    source_path_used="no"
--else
--    source_path_used="yes"
-+    source_path=`readlink -f $source_path`
-+    if test "$source_path" != "$workdir" ; then
-+        source_path_used="yes"
-+    fi
- fi
- 
- werror="no"
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/fix-dirent.patch b/meta/packages/qemu/qemu-0.9.1+svn/fix-dirent.patch
deleted file mode 100644
index 9282ac4779..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/fix-dirent.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Index: trunk/linux-user/syscall.c
-===================================================================
---- trunk.orig/linux-user/syscall.c     2008-11-10 10:58:07.000000000 +0000
-+++ trunk/linux-user/syscall.c  2008-11-10 11:00:37.000000000 +0000
-@@ -26,6 +26,7 @@
- #include <errno.h>
- #include <unistd.h>
- #include <fcntl.h>
-+#include <dirent.h>
- #include <time.h>
- #include <sys/types.h>
- #include <sys/ipc.h>
-@@ -76,7 +77,6 @@
- #include <linux/cdrom.h>
- #include <linux/hdreg.h>
- #include <linux/soundcard.h>
--#include <linux/dirent.h>
- #include <linux/kd.h>
- 
- #include "qemu.h"
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/fix_brk.patch b/meta/packages/qemu/qemu-0.9.1+svn/fix_brk.patch
deleted file mode 100644
index f15e001dd6..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/fix_brk.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-Index: trunk/linux-user/syscall.c
-===================================================================
---- trunk.orig/linux-user/syscall.c     2008-04-24 20:16:24.000000000 +0100
-+++ trunk/linux-user/syscall.c  2008-04-24 20:16:32.000000000 +0100
-@@ -440,7 +440,7 @@
-     if (!new_brk)
-         return target_brk;
-     if (new_brk < target_original_brk)
--        return -TARGET_ENOMEM;
-+        return target_brk;
- 
-     brk_page = HOST_PAGE_ALIGN(target_brk);
- 
-@@ -455,12 +455,11 @@
-     mapped_addr = get_errno(target_mmap(brk_page, new_alloc_size,
-                                         PROT_READ|PROT_WRITE,
-                                         MAP_ANON|MAP_FIXED|MAP_PRIVATE, 0, 0));
--    if (is_error(mapped_addr)) {
--       return mapped_addr;
--    } else {
-+
-+    if (!is_error(mapped_addr))
-        target_brk = new_brk;
--       return target_brk;
--    }
-+    
-+    return target_brk;
- }
- 
- static inline abi_long copy_from_user_fdset(fd_set *fds,
-Index: trunk/linux-user/mmap.c
-===================================================================
---- trunk.orig/linux-user/mmap.c        2008-04-24 20:16:16.000000000 +0100
-+++ trunk/linux-user/mmap.c     2008-04-24 20:16:32.000000000 +0100
-@@ -264,6 +264,9 @@
-             host_start += offset - host_offset;
-         start = h2g(host_start);
-     } else {
-+        int flg;
-+        target_ulong addr;
-+
-         if (start & ~TARGET_PAGE_MASK) {
-             errno = EINVAL;
-             return -1;
-@@ -271,6 +274,14 @@
-         end = start + len;
-         real_end = HOST_PAGE_ALIGN(end);
-         
-+        for(addr = real_start; addr < real_end; addr += TARGET_PAGE_SIZE) {
-+            flg = page_get_flags(addr);
-+            if( flg & PAGE_RESERVED ) {
-+                errno = ENXIO;
-+                return -1;
-+            }
-+        }
-+
-         /* worst case: we cannot map the file because the offset is not
-            aligned, so we read it */
-         if (!(flags & MAP_ANONYMOUS) &&
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/fix_protection_bits.patch b/meta/packages/qemu/qemu-0.9.1+svn/fix_protection_bits.patch
deleted file mode 100644
index ee2b077602..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/fix_protection_bits.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-Index: qemu-0.9.1/linux-user/mmap.c
-===================================================================
---- qemu-0.9.1.orig/linux-user/mmap.c   2008-04-16 14:10:26.000000000 +0100
-+++ qemu-0.9.1/linux-user/mmap.c        2008-04-16 14:10:51.000000000 +0100
-@@ -49,8 +49,7 @@
-     end = start + len;
-     if (end < start)
-         return -EINVAL;
--    if (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC))
--        return -EINVAL;
-+    prot = prot & (PROT_READ | PROT_WRITE | PROT_EXEC);
-     if (len == 0)
-         return 0;
- 
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/fix_segfault.patch b/meta/packages/qemu/qemu-0.9.1+svn/fix_segfault.patch
deleted file mode 100644
index 224a8b813d..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/fix_segfault.patch
+++ /dev/null
@@ -1,37 +0,0 @@
----
- linux-user/syscall.c |   22 ----------------------
- 1 file changed, 22 deletions(-)
-
-Index: trunk/linux-user/syscall.c
-===================================================================
---- trunk.orig/linux-user/syscall.c     2008-04-24 20:16:21.000000000 +0100
-+++ trunk/linux-user/syscall.c  2008-04-24 20:16:24.000000000 +0100
-@@ -5728,28 +5728,6 @@
-            goto unimplemented_nowarn;
- #endif
- 
--#ifdef TARGET_NR_clock_gettime
--    case TARGET_NR_clock_gettime:
--    {
--        struct timespec ts;
--        ret = get_errno(clock_gettime(arg1, &ts));
--        if (!is_error(ret)) {
--            host_to_target_timespec(arg2, &ts);
--        }
--        break;
--    }
--#endif
--#ifdef TARGET_NR_clock_getres
--    case TARGET_NR_clock_getres:
--    {
--        struct timespec ts;
--        ret = get_errno(clock_getres(arg1, &ts));
--        if (!is_error(ret)) {
--            host_to_target_timespec(arg2, &ts);
--        }
--        break;
--    }
--#endif
- 
- #if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
-     case TARGET_NR_set_tid_address:
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/no-strip.patch b/meta/packages/qemu/qemu-0.9.1+svn/no-strip.patch
deleted file mode 100644
index 4813dd4e2b..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/no-strip.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Index: trunk/Makefile
-===================================================================
---- trunk.orig/Makefile 2008-04-24 20:15:37.000000000 +0100
-+++ trunk/Makefile      2008-04-24 20:16:30.000000000 +0100
-@@ -196,7 +196,7 @@
- install: all $(if $(BUILD_DOCS),install-doc)
-        mkdir -p "$(DESTDIR)$(bindir)"
- ifneq ($(TOOLS),)
--       $(INSTALL) -m 755 -s $(TOOLS) "$(DESTDIR)$(bindir)"
-+       $(INSTALL) -m 755 $(TOOLS) "$(DESTDIR)$(bindir)"
- endif
-        mkdir -p "$(DESTDIR)$(datadir)"
-        set -e; for x in bios.bin vgabios.bin vgabios-cirrus.bin ppc_rom.bin \
-Index: trunk/Makefile.target
-===================================================================
---- trunk.orig/Makefile.target  2008-04-24 20:15:37.000000000 +0100
-+++ trunk/Makefile.target       2008-04-24 20:16:30.000000000 +0100
-@@ -685,7 +685,7 @@
- 
- install: all
- ifneq ($(PROGS),)
--       $(INSTALL) -m 755 -s $(PROGS) "$(DESTDIR)$(bindir)"
-+       $(INSTALL) -m 755 $(PROGS) "$(DESTDIR)$(bindir)"
- endif
- 
- # Include automatically generated dependency files
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/qemu-0.9.0-nptl.patch b/meta/packages/qemu/qemu-0.9.1+svn/qemu-0.9.0-nptl.patch
deleted file mode 100644
index ac68ebf460..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/qemu-0.9.0-nptl.patch
+++ /dev/null
@@ -1,1100 +0,0 @@
----
- configure                |   25 ++++++
- exec-all.h               |  165 ------------------------------------------
- linux-user/arm/syscall.h |    4 -
- linux-user/main.c        |   94 +++++++++++++++++++++---
- linux-user/qemu.h        |    3 
- linux-user/syscall.c     |   91 ++++++++++++++++++++++-
- qemu_spinlock.h          |  181 +++++++++++++++++++++++++++++++++++++++++++++++
- target-arm/cpu.h         |   10 ++
- target-arm/op.c          |    6 +
- target-arm/translate.c   |    9 ++
- 10 files changed, 405 insertions(+), 183 deletions(-)
-
-Index: trunk/configure
-===================================================================
---- trunk.orig/configure        2008-04-24 20:16:52.000000000 +0100
-+++ trunk/configure     2008-04-24 20:16:53.000000000 +0100
-@@ -112,6 +112,7 @@
- build_docs="no"
- uname_release=""
- curses="yes"
-+nptl="yes"
- 
- # OS specific
- targetos=`uname -s`
-@@ -339,6 +340,8 @@
-   ;;
-   *) echo "ERROR: unknown option $opt"; show_help="yes"
-   ;;
-+  --disable-nptl) nptl="no"
-+  ;;
-   esac
- done
- 
-@@ -436,6 +439,7 @@
- echo "  --disable-linux-user     disable all linux usermode emulation targets"
- echo "  --enable-darwin-user     enable all darwin usermode emulation targets"
- echo "  --disable-darwin-user    disable all darwin usermode emulation targets"
-+echo "  --disable-nptl           disable usermode NPTL guest support"
- echo "  --fmod-lib               path to FMOD library"
- echo "  --fmod-inc               path to FMOD includes"
- echo "  --enable-uname-release=R Return R for uname -r in usermode emulation"
-@@ -647,6 +651,23 @@
- }
- EOF
- 
-+# check NPTL support
-+cat > $TMPC <<EOF
-+#include <sched.h>
-+void foo()
-+{
-+#ifndef CLONE_SETTLS
-+#error bork
-+#endif
-+}
-+EOF
-+
-+if $cc -c -o $TMPO $TMPC 2> /dev/null ; then
-+  :
-+else
-+   nptl="no"
-+fi
-+
- ##########################################
- # SDL probe
- 
-@@ -845,6 +866,7 @@
- echo "Documentation     $build_docs"
- [ ! -z "$uname_release" ] && \
- echo "uname -r          $uname_release"
-+echo "NPTL support      $nptl"
- 
- if test $sdl_too_old = "yes"; then
- echo "-> Your SDL version is too old - please upgrade to have SDL support"
-@@ -1228,6 +1250,9 @@
-     echo "#define TARGET_ARM 1" >> $config_h
-     echo "#define CONFIG_NO_DYNGEN_OP 1" >> $config_h
-     bflt="yes"
-+    if test "$nptl" = "yes" ; then
-+      echo "#define USE_NPTL 1" >> $config_h
-+    fi
-   ;;
-   cris)
-     echo "TARGET_ARCH=cris" >> $config_mak
-Index: trunk/exec-all.h
-===================================================================
---- trunk.orig/exec-all.h       2008-04-24 20:16:41.000000000 +0100
-+++ trunk/exec-all.h    2008-04-24 20:16:53.000000000 +0100
-@@ -303,217 +303,7 @@
- extern CPUReadMemoryFunc *io_mem_read[IO_MEM_NB_ENTRIES][4];
- extern void *io_mem_opaque[IO_MEM_NB_ENTRIES];
- 
--#if defined(__hppa__)
--
--typedef int spinlock_t[4];
--
--#define SPIN_LOCK_UNLOCKED { 1, 1, 1, 1 }
--
--static inline void resetlock (spinlock_t *p)
--{
--    (*p)[0] = (*p)[1] = (*p)[2] = (*p)[3] = 1;
--}
--
--#else
--
--typedef int spinlock_t;
--
--#define SPIN_LOCK_UNLOCKED 0
--
--static inline void resetlock (spinlock_t *p)
--{
--    *p = SPIN_LOCK_UNLOCKED;
--}
--
--#endif
--
--#if defined(__powerpc__)
--static inline int testandset (int *p)
--{
--    int ret;
--    __asm__ __volatile__ (
--                          "0:    lwarx %0,0,%1\n"
--                          "      xor. %0,%3,%0\n"
--                          "      bne 1f\n"
--                          "      stwcx. %2,0,%1\n"
--                          "      bne- 0b\n"
--                          "1:    "
--                          : "=&r" (ret)
--                          : "r" (p), "r" (1), "r" (0)
--                          : "cr0", "memory");
--    return ret;
--}
--#elif defined(__i386__)
--static inline int testandset (int *p)
--{
--    long int readval = 0;
--
--    __asm__ __volatile__ ("lock; cmpxchgl %2, %0"
--                          : "+m" (*p), "+a" (readval)
--                          : "r" (1)
--                          : "cc");
--    return readval;
--}
--#elif defined(__x86_64__)
--static inline int testandset (int *p)
--{
--    long int readval = 0;
--
--    __asm__ __volatile__ ("lock; cmpxchgl %2, %0"
--                          : "+m" (*p), "+a" (readval)
--                          : "r" (1)
--                          : "cc");
--    return readval;
--}
--#elif defined(__s390__)
--static inline int testandset (int *p)
--{
--    int ret;
--
--    __asm__ __volatile__ ("0: cs    %0,%1,0(%2)\n"
--                         "   jl    0b"
--                         : "=&d" (ret)
--                         : "r" (1), "a" (p), "0" (*p)
--                         : "cc", "memory" );
--    return ret;
--}
--#elif defined(__alpha__)
--static inline int testandset (int *p)
--{
--    int ret;
--    unsigned long one;
--
--    __asm__ __volatile__ ("0:  mov 1,%2\n"
--                         "     ldl_l %0,%1\n"
--                         "     stl_c %2,%1\n"
--                         "     beq %2,1f\n"
--                         ".subsection 2\n"
--                         "1:   br 0b\n"
--                         ".previous"
--                         : "=r" (ret), "=m" (*p), "=r" (one)
--                         : "m" (*p));
--    return ret;
--}
--#elif defined(__sparc__)
--static inline int testandset (int *p)
--{
--       int ret;
--
--       __asm__ __volatile__("ldstub    [%1], %0"
--                            : "=r" (ret)
--                            : "r" (p)
--                            : "memory");
--
--       return (ret ? 1 : 0);
--}
--#elif defined(__arm__)
--static inline int testandset (int *spinlock)
--{
--    register unsigned int ret;
--    __asm__ __volatile__("swp %0, %1, [%2]"
--                         : "=r"(ret)
--                         : "0"(1), "r"(spinlock));
--
--    return ret;
--}
--#elif defined(__mc68000)
--static inline int testandset (int *p)
--{
--    char ret;
--    __asm__ __volatile__("tas %1; sne %0"
--                         : "=r" (ret)
--                         : "m" (p)
--                         : "cc","memory");
--    return ret;
--}
--#elif defined(__hppa__)
--
--/* Because malloc only guarantees 8-byte alignment for malloc'd data,
--   and GCC only guarantees 8-byte alignment for stack locals, we can't
--   be assured of 16-byte alignment for atomic lock data even if we
--   specify "__attribute ((aligned(16)))" in the type declaration.  So,
--   we use a struct containing an array of four ints for the atomic lock
--   type and dynamically select the 16-byte aligned int from the array
--   for the semaphore.  */
--#define __PA_LDCW_ALIGNMENT 16
--static inline void *ldcw_align (void *p) {
--    unsigned long a = (unsigned long)p;
--    a = (a + __PA_LDCW_ALIGNMENT - 1) & ~(__PA_LDCW_ALIGNMENT - 1);
--    return (void *)a;
--}
--
--static inline int testandset (spinlock_t *p)
--{
--    unsigned int ret;
--    p = ldcw_align(p);
--    __asm__ __volatile__("ldcw 0(%1),%0"
--                         : "=r" (ret)
--                         : "r" (p)
--                         : "memory" );
--    return !ret;
--}
--
--#elif defined(__ia64)
--
--#include <ia64intrin.h>
--
--static inline int testandset (int *p)
--{
--    return __sync_lock_test_and_set (p, 1);
--}
--#elif defined(__mips__)
--static inline int testandset (int *p)
--{
--    int ret;
--
--    __asm__ __volatile__ (
--       "       .set push               \n"
--       "       .set noat               \n"
--       "       .set mips2              \n"
--       "1:     li      $1, 1           \n"
--       "       ll      %0, %1          \n"
--       "       sc      $1, %1          \n"
--       "       beqz    $1, 1b          \n"
--       "       .set pop                "
--       : "=r" (ret), "+R" (*p)
--       :
--       : "memory");
--
--    return ret;
--}
--#else
--#error unimplemented CPU support
--#endif
--
--#if defined(CONFIG_USER_ONLY)
--static inline void spin_lock(spinlock_t *lock)
--{
--    while (testandset(lock));
--}
--
--static inline void spin_unlock(spinlock_t *lock)
--{
--    resetlock(lock);
--}
--
--static inline int spin_trylock(spinlock_t *lock)
--{
--    return !testandset(lock);
--}
--#else
--static inline void spin_lock(spinlock_t *lock)
--{
--}
--
--static inline void spin_unlock(spinlock_t *lock)
--{
--}
--
--static inline int spin_trylock(spinlock_t *lock)
--{
--    return 1;
--}
--#endif
-+#include "qemu_spinlock.h"
- 
- extern spinlock_t tb_lock;
- 
-Index: trunk/linux-user/arm/syscall.h
-===================================================================
---- trunk.orig/linux-user/arm/syscall.h 2008-04-24 20:16:41.000000000 +0100
-+++ trunk/linux-user/arm/syscall.h      2008-04-24 20:16:53.000000000 +0100
-@@ -28,7 +28,9 @@
- #define ARM_SYSCALL_BASE       0x900000
- #define ARM_THUMB_SYSCALL      0
- 
--#define ARM_NR_cacheflush (ARM_SYSCALL_BASE + 0xf0000 + 2)
-+#define ARM_NR_BASE      0xf0000
-+#define ARM_NR_cacheflush (ARM_NR_BASE + 2)
-+#define ARM_NR_set_tls   (ARM_NR_BASE + 5)
- 
- #define ARM_NR_semihosting       0x123456
- #define ARM_NR_thumb_semihosting  0xAB
-Index: trunk/linux-user/main.c
-===================================================================
---- trunk.orig/linux-user/main.c        2008-04-24 20:16:47.000000000 +0100
-+++ trunk/linux-user/main.c     2008-04-24 20:17:38.000000000 +0100
-@@ -365,6 +365,50 @@
-     }
- }
- 
-+/* Handle a jump to the kernel code page.  */
-+static int
-+do_kernel_trap(CPUARMState *env)
-+{
-+    uint32_t addr;
-+    uint32_t *ptr;
-+    uint32_t cpsr;
-+
-+    switch (env->regs[15]) {
-+    case 0xffff0fc0: /* __kernel_cmpxchg */
-+        /* XXX: This only works between threads, not between processes.
-+           Use native atomic operations.  */
-+        /* ??? This probably breaks horribly if the access segfaults.  */
-+        cpu_lock();
-+        ptr = (uint32_t *)env->regs[2];
-+        cpsr = cpsr_read(env);
-+        if (*ptr == env->regs[0]) {
-+            *ptr = env->regs[1];
-+            env->regs[0] = 0;
-+            cpsr |= CPSR_C;
-+        } else {
-+            env->regs[0] = -1;
-+            cpsr &= ~CPSR_C;
-+        }
-+        cpsr_write(env, cpsr, CPSR_C);
-+        cpu_unlock();
-+        break;
-+    case 0xffff0fe0: /* __kernel_get_tls */
-+        env->regs[0] = env->cp15.c13_tls2;
-+        break;
-+    default:
-+        return 1;
-+    }
-+    /* Jump back to the caller.  */
-+    addr = env->regs[14];
-+    if (addr & 1) {
-+        env->thumb = 1;
-+        addr &= ~1;
-+    }
-+    env->regs[15] = addr;
-+
-+    return 0;
-+}
-+
- void cpu_loop(CPUARMState *env)
- {
-     int trapnr;
-@@ -475,10 +519,8 @@
-                     }
-                 }
- 
--                if (n == ARM_NR_cacheflush) {
--                    arm_cache_flush(env->regs[0], env->regs[1]);
--                } else if (n == ARM_NR_semihosting
--                           || n == ARM_NR_thumb_semihosting) {
-+                if (n == ARM_NR_semihosting
-+                    || n == ARM_NR_thumb_semihosting) {
-                     env->regs[0] = do_arm_semihosting (env);
-                 } else if (n == 0 || n >= ARM_SYSCALL_BASE
-                            || (env->thumb && n == ARM_THUMB_SYSCALL)) {
-@@ -489,14 +531,34 @@
-                         n -= ARM_SYSCALL_BASE;
-                         env->eabi = 0;
-                     }
--                    env->regs[0] = do_syscall(env,
--                                              n,
--                                              env->regs[0],
--                                              env->regs[1],
--                                              env->regs[2],
--                                              env->regs[3],
--                                              env->regs[4],
--                                              env->regs[5]);
-+                    if ( n > ARM_NR_BASE) {
-+                        switch (n)
-+                          {
-+                          case ARM_NR_cacheflush:
-+                              arm_cache_flush(env->regs[0], env->regs[1]);
-+                              break;
-+#ifdef USE_NPTL
-+                          case ARM_NR_set_tls:
-+                              cpu_set_tls(env, env->regs[0]);
-+                              env->regs[0] = 0;
-+                              break;
-+#endif
-+                          default:
-+                              printf ("Error: Bad syscall: %x\n", n);
-+                              goto error;
-+                          }
-+                      }
-+                    else
-+                      {
-+                        env->regs[0] = do_syscall(env,
-+                                                  n,
-+                                                  env->regs[0],
-+                                                  env->regs[1],
-+                                                  env->regs[2],
-+                                                  env->regs[3],
-+                                                  env->regs[4],
-+                                                  env->regs[5]);
-+                      }
-                 } else {
-                     goto error;
-                 }
-@@ -535,6 +597,10 @@
-                   }
-             }
-             break;
-+        case EXCP_KERNEL_TRAP:
-+            if (do_kernel_trap(env))
-+              goto error;
-+            break;
-         default:
-         error:
-             fprintf(stderr, "qemu: unhandled CPU exception 0x%x - aborting\n",
-@@ -1994,6 +2060,11 @@
-     int drop_ld_preload = 0, environ_count = 0;
-     char **target_environ, **wrk, **dst;
- 
-+    char *assume_kernel = getenv("QEMU_ASSUME_KERNEL");
-+
-+    if (assume_kernel)
-+       setenv("LD_ASSUME_KERNEL", assume_kernel, 1);
-+
-     if (argc <= 1)
-         usage();
- 
-@@ -2403,6 +2474,10 @@
-     ts->heap_base = info->brk;
-     /* This will be filled in on the first SYS_HEAPINFO call.  */
-     ts->heap_limit = 0;
-+    /* Register the magic kernel code page.  The cpu will generate a
-+       special exception when it tries to execute code here.  We can't
-+       put real code here because it may be in use by the host kernel.  */
-+    page_set_flags(0xffff0000, 0xffff0fff, 0);
- #endif
- 
-     if (gdbstub_port) {
-Index: trunk/linux-user/qemu.h
-===================================================================
---- trunk.orig/linux-user/qemu.h        2008-04-24 20:16:41.000000000 +0100
-+++ trunk/linux-user/qemu.h     2008-04-24 20:16:53.000000000 +0100
-@@ -107,6 +107,9 @@
-     uint32_t heap_base;
-     uint32_t heap_limit;
- #endif
-+#ifdef USE_NPTL
-+    uint32_t *child_tidptr;
-+#endif
-     int used; /* non zero if used */
-     struct image_info *info;
-     uint8_t stack[0];
-Index: trunk/linux-user/syscall.c
-===================================================================
---- trunk.orig/linux-user/syscall.c     2008-04-24 20:16:50.000000000 +0100
-+++ trunk/linux-user/syscall.c  2008-04-24 20:19:52.000000000 +0100
-@@ -61,6 +61,7 @@
- #define tchars host_tchars /* same as target */
- #define ltchars host_ltchars /* same as target */
- 
-+#include <linux/futex.h>
- #include <linux/termios.h>
- #include <linux/unistd.h>
- #include <linux/utsname.h>
-@@ -71,9 +72,18 @@
- #include <linux/kd.h>
- 
- #include "qemu.h"
-+#include "qemu_spinlock.h"
- 
- //#define DEBUG
- 
-+#ifdef USE_NPTL
-+#define CLONE_NPTL_FLAGS2 (CLONE_SETTLS | \
-+    CLONE_PARENT_SETTID | CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)
-+#else
-+/* XXX: Hardcode the above values.  */
-+#define CLONE_NPTL_FLAGS2 0
-+#endif
-+
- #if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_SPARC) \
-     || defined(TARGET_M68K) || defined(TARGET_SH4) || defined(TARGET_CRIS)
- /* 16 bit uid wrappers emulation */
-@@ -2695,16 +2705,25 @@
-     return 0;
- }
- #endif
--
- #endif /* defined(TARGET_I386) */
- 
- /* this stack is the equivalent of the kernel stack associated with a
-    thread/process */
- #define NEW_STACK_SIZE 8192
- 
-+#ifdef USE_NPTL
-+static spinlock_t nptl_lock = SPIN_LOCK_UNLOCKED;
-+#endif
-+
- static int clone_func(void *arg)
- {
-     CPUState *env = arg;
-+#ifdef HAVE_NPTL
-+    /* Wait until the parent has finshed initializing the tls state.  */
-+    while (!spin_trylock(&nptl_lock))
-+        usleep(1);
-+    spin_unlock(&nptl_lock);
-+#endif
-     cpu_loop(env);
-     /* never exits */
-     return 0;
-@@ -2712,15 +2731,27 @@
- 
- /* do_fork() Must return host values and target errnos (unlike most
-    do_*() functions). */
--int do_fork(CPUState *env, unsigned int flags, abi_ulong newsp)
-+int do_fork(CPUState *env, unsigned int flags, unsigned long newsp,
-+            uint32_t *parent_tidptr, void *newtls,
-+            uint32_t *child_tidptr)
- {
-     int ret;
-     TaskState *ts;
-     uint8_t *new_stack;
-     CPUState *new_env;
-+#if defined(TARGET_I386)
-+     uint64_t *new_gdt_table;
-+#endif
-+#ifdef USE_NPTL
-+    unsigned int nptl_flags;
- 
-+    if (flags & CLONE_PARENT_SETTID)
-+        *parent_tidptr = gettid();
-+#endif
-     if (flags & CLONE_VM) {
-         ts = malloc(sizeof(TaskState) + NEW_STACK_SIZE);
-+        if (!ts)
-+          return -ENOMEM;
-         memset(ts, 0, sizeof(TaskState));
-         new_stack = ts->stack;
-         ts->used = 1;
-@@ -2732,6 +2763,29 @@
- #if defined(TARGET_I386)
-         if (!newsp)
-             newsp = env->regs[R_ESP];
-+       new_gdt_table = malloc(9 * 8);
-+       if (!new_gdt_table) {
-+               free(new_env);
-+               return -ENOMEM;
-+       }
-+       /* Copy main GDT table from parent, but clear TLS entries */
-+       memcpy(new_gdt_table, g2h(env->gdt.base), 6 * 8);
-+       memset(&new_gdt_table[6], 0, 3 * 8); 
-+       new_env->gdt.base = h2g(new_gdt_table);
-+       if (flags & 0x00080000 /* CLONE_SETTLS */) {
-+               ret = do_set_thread_area(new_env, new_env->regs[R_ESI]);
-+               if (ret) {
-+                       free(new_gdt_table);
-+                       free(new_env);
-+                       return ret;
-+               }
-+       }
-+       cpu_x86_load_seg(env, R_CS, new_env->regs[R_CS]);
-+       cpu_x86_load_seg(env, R_DS, new_env->regs[R_DS]);
-+       cpu_x86_load_seg(env, R_ES, new_env->regs[R_ES]);
-+       cpu_x86_load_seg(env, R_SS, new_env->regs[R_SS]);
-+       cpu_x86_load_seg(env, R_FS, new_env->regs[R_FS]);
-+       cpu_x86_load_seg(env, R_GS, new_env->regs[R_GS]);
-         new_env->regs[R_ESP] = newsp;
-         new_env->regs[R_EAX] = 0;
- #elif defined(TARGET_ARM)
-@@ -2784,16 +2838,67 @@
- #error unsupported target CPU
- #endif
-         new_env->opaque = ts;
-+#ifdef USE_NPTL
-+        nptl_flags = flags;
-+        flags &= ~CLONE_NPTL_FLAGS2;
-+
-+        if (nptl_flags & CLONE_CHILD_CLEARTID) {
-+            ts->child_tidptr = child_tidptr;
-+        }
-+
-+        if (nptl_flags & CLONE_SETTLS)
-+            cpu_set_tls (new_env, newtls);
-+
-+        /* Grab the global cpu lock so that the thread setup appears
-+           atomic.  */
-+        if (nptl_flags & CLONE_CHILD_SETTID)
-+            spin_lock(&nptl_lock);
-+
-+#else
-+        if (flags & CLONE_NPTL_FLAGS2)
-+            return -EINVAL;
-+#endif
-+
-+        if (CLONE_VFORK & flags)
-+               flags ^= CLONE_VM;
- #ifdef __ia64__
-         ret = __clone2(clone_func, new_stack + NEW_STACK_SIZE, flags, new_env);
- #else
-        ret = clone(clone_func, new_stack + NEW_STACK_SIZE, flags, new_env);
- #endif
-+#ifdef USE_NPTL
-+        if (ret != -1) {
-+            if (nptl_flags & CLONE_CHILD_SETTID)
-+                *child_tidptr = ret;
-+        }
-+
-+        /* Allow the child to continue.  */
-+        if (nptl_flags & CLONE_CHILD_SETTID)
-+            spin_unlock(&nptl_lock);
-+#endif
-     } else {
-         /* if no CLONE_VM, we consider it is a fork */
--        if ((flags & ~CSIGNAL) != 0)
-+        if ((flags & ~(CSIGNAL | CLONE_NPTL_FLAGS2)) != 0)
-             return -EINVAL;
-         ret = fork();
-+#ifdef USE_NPTL
-+        /* There is a race condition here.  The parent process could
-+           theoretically read the TID in the child process before the child
-+           tid is set.  This would require using either ptrace
-+           (not implemented) or having *_tidptr to point at a shared memory
-+           mapping.  We can't repeat the spinlock hack used above because
-+           the child process gets its own copy of the lock.  */
-+        if (ret == 0) {
-+            /* Child Process.  */
-+            if (flags & CLONE_CHILD_SETTID)
-+                *child_tidptr = gettid();
-+            ts = (TaskState *)env->opaque;
-+            if (flags & CLONE_CHILD_CLEARTID)
-+                ts->child_tidptr = child_tidptr;
-+            if (flags & CLONE_SETTLS)
-+                cpu_set_tls (env, newtls);
-+        }
-+#endif
-     }
-     return ret;
- }
-@@ -3052,6 +3157,68 @@
-     unlock_user_struct(target_ts, target_addr, 1);
- }
- 
-+static long do_futex(target_ulong uaddr, int op, uint32_t val,
-+                    target_ulong utime, target_ulong uaddr2,
-+                    uint32_t val3)
-+{
-+       struct timespec host_utime;
-+       unsigned long val2 = utime;
-+
-+       if (utime && (op == FUTEX_WAIT || op == FUTEX_LOCK_PI)) {
-+               target_to_host_timespec(&host_utime, utime);
-+               val2 = (unsigned long)&host_utime;
-+       }
-+ 
-+#ifdef BSWAP_NEEDED
-+       switch(op) {
-+       case FUTEX_CMP_REQUEUE:
-+               val3 = tswap32(val3);
-+       case FUTEX_REQUEUE:
-+               val2 = tswap32(val2);
-+       case FUTEX_WAIT:
-+       case FUTEX_WAKE:
-+               val = tswap32(val);
-+       case FUTEX_LOCK_PI: /* This one's icky, but comes out OK */
-+       case FUTEX_UNLOCK_PI:
-+               break;
-+       default: 
-+               gemu_log("qemu: Unsupported futex op %d\n", op);
-+               return -ENOSYS;
-+       } 
-+#if 0 /* No, it's worse than this */
-+       if (op == FUTEX_WAKE_OP) {
-+               /* Need to munge the secondary operation (val3) */
-+               val3 = tswap32(val3);
-+               int op2 = (val3 >> 28) & 7;
-+               int cmp = (val3 >> 24) & 15;
-+               int oparg = (val3 << 8) >> 20;
-+               int cmparg = (val3 << 20) >> 20;
-+               int shift = val3 & (FUTEX_OP_OPARG_SHIFT << 28);
-+
-+               if (shift)
-+                   oparg = (oparg & 7) + 24 - (oparg & 24);
-+               else oparg = 
-+               if (op2 == FUTEX_OP_ADD) {
-+                       gemu_log("qemu: Unsupported wrong-endian FUTEX_OP_ADD\n");
-+                       return -ENOSYS;
-+               }
-+               if (cmparg == FUTEX_OP_CMP_LT || cmparg == FUTEX_OP_CMP_GE ||
-+                   cmparg == FUTEX_OP_CMP_LE || cmparg == FUTEX_OP_CMP_GT) {
-+                       gemu_log("qemu: Unsupported wrong-endian futex cmparg %d\n", cmparg);
-+                       return -ENOSYS;
-+               }
-+               val3 = shift | (op2<<28) | (cmp<<24) | (oparg<<12) | cmparg;
-+       }
-+#endif
-+#endif
-+       return syscall(__NR_futex, g2h(uaddr), op, val, val2, g2h(uaddr2), val3);
-+}
-+
-+int do_set_tid_address(target_ulong tidptr)
-+{
-+       return syscall(__NR_set_tid_address, g2h(tidptr));
-+}
-+
- /* do_syscall() should always have a single exit point at the end so
-    that actions, such as logging of syscall results, can be performed.
-    All errnos that do_syscall() returns must be -TARGET_<errcode>. */
-@@ -3076,7 +3243,7 @@
-         _mcleanup();
- #endif
-         gdb_exit(cpu_env, arg1);
--        /* XXX: should free thread stack and CPU env */
-+        /* XXX: should free thread stack, GDT and CPU env */
-         _exit(arg1);
-         ret = 0; /* avoid warning */
-         break;
-@@ -3118,7 +3285,7 @@
-         ret = do_brk(arg1);
-         break;
-     case TARGET_NR_fork:
--        ret = get_errno(do_fork(cpu_env, SIGCHLD, 0));
-+        ret = get_errno(do_fork(cpu_env, SIGCHLD, 0, NULL, NULL, NULL));
-         break;
- #ifdef TARGET_NR_waitpid
-     case TARGET_NR_waitpid:
-@@ -4482,7 +4649,8 @@
-         ret = get_errno(fsync(arg1));
-         break;
-     case TARGET_NR_clone:
--        ret = get_errno(do_fork(cpu_env, arg1, arg2));
-+        ret = get_errno(do_fork(cpu_env, arg1, arg2, (uint32_t *)arg3,
-+                        (void *)arg4, (uint32_t *)arg5));
-         break;
- #ifdef __NR_exit_group
-         /* new thread calls */
-@@ -4943,7 +5111,8 @@
- #endif
- #ifdef TARGET_NR_vfork
-     case TARGET_NR_vfork:
--        ret = get_errno(do_fork(cpu_env, CLONE_VFORK | CLONE_VM | SIGCHLD, 0));
-+        ret = get_errno(do_fork(cpu_env, CLONE_VFORK | CLONE_VM | SIGCHLD, 0,
-+                                NULL, NULL, NULL));
-         break;
- #endif
- #ifdef TARGET_NR_ugetrlimit
-@@ -5521,6 +5690,9 @@
- #elif defined(TARGET_I386) && defined(TARGET_ABI32)
-       ret = do_set_thread_area(cpu_env, arg1);
-       break;
-+#elif TARGET_i386
-+         ret = get_errno(do_set_thread_area(cpu_env, arg1));
-+         break;
- #else
-       goto unimplemented_nowarn;
- #endif
-@@ -5538,6 +5710,12 @@
-         goto unimplemented_nowarn;
- #endif
- 
-+#ifdef TARGET_NR_futex
-+    case TARGET_NR_futex:
-+       ret = get_errno(do_futex(arg1, arg2, arg3, arg4, arg5, arg6));
-+       break;
-+#endif
-+
- #ifdef TARGET_NR_clock_gettime
-     case TARGET_NR_clock_gettime:
-     {
-Index: trunk/qemu_spinlock.h
-===================================================================
---- /dev/null   1970-01-01 00:00:00.000000000 +0000
-+++ trunk/qemu_spinlock.h       2008-04-24 20:16:53.000000000 +0100
-@@ -0,0 +1,250 @@
-+/*
-+ * Atomic operation helper include
-+ *
-+ *  Copyright (c) 2005 Fabrice Bellard
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public
-+ * License along with this library; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-+ */
-+#ifndef QEMU_SPINLOCK_H
-+#define QEMU_SPINLOCK_H
-+
-+#ifdef __powerpc__
-+static inline int testandset (int *p)
-+{
-+    int ret;
-+    __asm__ __volatile__ (
-+                          "0:    lwarx %0,0,%1\n"
-+                          "      xor. %0,%3,%0\n"
-+                          "      bne 1f\n"
-+                          "      stwcx. %2,0,%1\n"
-+                          "      bne- 0b\n"
-+                          "1:    "
-+                          : "=&r" (ret)
-+                          : "r" (p), "r" (1), "r" (0)
-+                          : "cr0", "memory");
-+    return ret;
-+}
-+#endif
-+
-+#ifdef __i386__
-+static inline int testandset (int *p)
-+{
-+    long int readval = 0;
-+
-+    __asm__ __volatile__ ("lock; cmpxchgl %2, %0"
-+                          : "+m" (*p), "+a" (readval)
-+                          : "r" (1)
-+                          : "cc");
-+    return readval;
-+}
-+#endif
-+
-+#ifdef __x86_64__
-+static inline int testandset (int *p)
-+{
-+    long int readval = 0;
-+
-+    __asm__ __volatile__ ("lock; cmpxchgl %2, %0"
-+                          : "+m" (*p), "+a" (readval)
-+                          : "r" (1)
-+                          : "cc");
-+    return readval;
-+}
-+#endif
-+
-+#ifdef __s390__
-+static inline int testandset (int *p)
-+{
-+    int ret;
-+
-+    __asm__ __volatile__ ("0: cs    %0,%1,0(%2)\n"
-+                         "   jl    0b"
-+                         : "=&d" (ret)
-+                         : "r" (1), "a" (p), "0" (*p)
-+                         : "cc", "memory" );
-+    return ret;
-+}
-+#endif
-+
-+#ifdef __alpha__
-+static inline int testandset (int *p)
-+{
-+    int ret;
-+    unsigned long one;
-+
-+    __asm__ __volatile__ ("0:  mov 1,%2\n"
-+                         "     ldl_l %0,%1\n"
-+                         "     stl_c %2,%1\n"
-+                         "     beq %2,1f\n"
-+                         ".subsection 2\n"
-+                         "1:   br 0b\n"
-+                         ".previous"
-+                         : "=r" (ret), "=m" (*p), "=r" (one)
-+                         : "m" (*p));
-+    return ret;
-+}
-+#endif
-+
-+#ifdef __sparc__
-+static inline int testandset (int *p)
-+{
-+       int ret;
-+
-+       __asm__ __volatile__("ldstub    [%1], %0"
-+                            : "=r" (ret)
-+                            : "r" (p)
-+                            : "memory");
-+
-+       return (ret ? 1 : 0);
-+}
-+#endif
-+
-+#ifdef __arm__
-+static inline int testandset (int *spinlock)
-+{
-+    register unsigned int ret;
-+    __asm__ __volatile__("swp %0, %1, [%2]"
-+                         : "=r"(ret)
-+                         : "0"(1), "r"(spinlock));
-+
-+    return ret;
-+}
-+#endif
-+
-+#ifdef __mc68000
-+static inline int testandset (int *p)
-+{
-+    char ret;
-+    __asm__ __volatile__("tas %1; sne %0"
-+                         : "=r" (ret)
-+                         : "m" (p)
-+                         : "cc","memory");
-+    return ret;
-+}
-+#endif
-+
-+#ifdef __hppa__
-+/* Because malloc only guarantees 8-byte alignment for malloc'd data,
-+   and GCC only guarantees 8-byte alignment for stack locals, we can't
-+   be assured of 16-byte alignment for atomic lock data even if we
-+   specify "__attribute ((aligned(16)))" in the type declaration.  So,
-+   we use a struct containing an array of four ints for the atomic lock
-+   type and dynamically select the 16-byte aligned int from the array
-+   for the semaphore.  */
-+#define __PA_LDCW_ALIGNMENT 16
-+static inline void *ldcw_align (void *p) {
-+    unsigned long a = (unsigned long)p;
-+    a = (a + __PA_LDCW_ALIGNMENT - 1) & ~(__PA_LDCW_ALIGNMENT - 1);
-+    return (void *)a;
-+}
-+
-+static inline int testandset (spinlock_t *p)
-+{
-+    unsigned int ret;
-+    p = ldcw_align(p);
-+    __asm__ __volatile__("ldcw 0(%1),%0"
-+                         : "=r" (ret)
-+                         : "r" (p)
-+                         : "memory" );
-+    return !ret;
-+}
-+#endif
-+
-+#ifdef __ia64
-+#include <ia64intrin.h>
-+
-+static inline int testandset (int *p)
-+{
-+    return __sync_lock_test_and_set (p, 1);
-+}
-+#endif
-+
-+#ifdef __mips__
-+static inline int testandset (int *p)
-+{
-+    int ret;
-+
-+    __asm__ __volatile__ (
-+       "       .set push               \n"
-+       "       .set noat               \n"
-+       "       .set mips2              \n"
-+       "1:     li      $1, 1           \n"
-+       "       ll      %0, %1          \n"
-+       "       sc      $1, %1          \n"
-+       "       beqz    $1, 1b          \n"
-+       "       .set pop                "
-+       : "=r" (ret), "+R" (*p)
-+       :
-+       : "memory");
-+
-+    return ret;
-+}
-+#endif
-+
-+#if defined(__hppa__)
-+
-+typedef int spinlock_t[4];
-+
-+#define SPIN_LOCK_UNLOCKED { 1, 1, 1, 1 }
-+
-+static inline void resetlock (spinlock_t *p)
-+{
-+    (*p)[0] = (*p)[1] = (*p)[2] = (*p)[3] = 1;
-+}
-+
-+#else
-+
-+typedef int spinlock_t;
-+
-+#define SPIN_LOCK_UNLOCKED 0
-+
-+static inline void resetlock (spinlock_t *p)
-+{
-+    *p = SPIN_LOCK_UNLOCKED;
-+}
-+
-+#endif
-+
-+#if defined(CONFIG_USER_ONLY)
-+static inline void spin_lock(spinlock_t *lock)
-+{
-+    while (testandset(lock));
-+}
-+
-+static inline void spin_unlock(spinlock_t *lock)
-+{
-+    resetlock(lock);
-+}
-+
-+static inline int spin_trylock(spinlock_t *lock)
-+{
-+    return !testandset(lock);
-+}
-+#else
-+static inline void spin_lock(spinlock_t *lock)
-+{
-+}
-+
-+static inline void spin_unlock(spinlock_t *lock)
-+{
-+}
-+
-+static inline int spin_trylock(spinlock_t *lock)
-+{
-+    return 1;
-+}
-+#endif
-+
-+#endif
-Index: trunk/target-arm/cpu.h
-===================================================================
---- trunk.orig/target-arm/cpu.h 2008-04-24 20:16:41.000000000 +0100
-+++ trunk/target-arm/cpu.h      2008-04-24 20:16:53.000000000 +0100
-@@ -38,6 +38,7 @@
- #define EXCP_FIQ             6
- #define EXCP_BKPT            7
- #define EXCP_EXCEPTION_EXIT  8   /* Return from v7M exception.  */
-+#define EXCP_KERNEL_TRAP     9   /* Jumped to kernel code page.  */
- 
- #define ARMV7M_EXCP_RESET   1
- #define ARMV7M_EXCP_NMI     2
-@@ -218,6 +219,15 @@
- void cpu_lock(void);
- void cpu_unlock(void);
- 
-+void cpu_lock(void);
-+void cpu_unlock(void);
-+#if defined(USE_NPTL)
-+static inline void cpu_set_tls(CPUARMState *env, void *newtls)
-+{
-+  env->cp15.c13_tls2 = (uint32_t)(long)newtls;
-+}
-+#endif
-+
- #define CPSR_M (0x1f)
- #define CPSR_T (1 << 5)
- #define CPSR_F (1 << 6)
-Index: trunk/target-arm/translate.c
-===================================================================
---- trunk.orig/target-arm/translate.c   2008-04-24 20:16:41.000000000 +0100
-+++ trunk/target-arm/translate.c        2008-04-24 20:16:53.000000000 +0100
-@@ -8606,7 +8606,14 @@
-             gen_exception(EXCP_EXCEPTION_EXIT);
-         }
- #endif
--
-+#ifdef CONFIG_USER_ONLY
-+        /* Intercept jump to the magic kernel page.  */
-+        if (dc->pc > 0xffff0000) {
-+            gen_exception(EXCP_KERNEL_TRAP);
-+            dc->is_jmp = DISAS_UPDATE;
-+            break;
-+        }
-+#endif
-         if (env->nb_breakpoints > 0) {
-             for(j = 0; j < env->nb_breakpoints; j++) {
-                 if (env->breakpoints[j] == dc->pc) {
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/qemu-amd64-32b-mapping-0.9.0.patch b/meta/packages/qemu/qemu-0.9.1+svn/qemu-amd64-32b-mapping-0.9.0.patch
deleted file mode 100644
index 02f093abb9..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/qemu-amd64-32b-mapping-0.9.0.patch
+++ /dev/null
@@ -1,37 +0,0 @@
----
- linux-user/mmap.c |    8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-Index: trunk/linux-user/mmap.c
-===================================================================
---- trunk.orig/linux-user/mmap.c        2008-04-24 20:15:37.000000000 +0100
-+++ trunk/linux-user/mmap.c     2008-04-24 20:16:16.000000000 +0100
-@@ -29,6 +29,10 @@
- 
- //#define DEBUG_MMAP
- 
-+#ifndef MAP_32BIT
-+#define MAP_32BIT 0
-+#endif
-+
- /* NOTE: all the constants are the HOST ones, but addresses are target. */
- int target_mprotect(abi_ulong start, abi_ulong len, int prot)
- {
-@@ -251,7 +255,7 @@
-            especially important if qemu_host_page_size >
-            qemu_real_host_page_size */
-         p = mmap(g2h(mmap_start),
--                 host_len, prot, flags | MAP_FIXED, fd, host_offset);
-+                 host_len, prot, flags | MAP_FIXED | MAP_32BIT, fd, host_offset);
-         if (p == MAP_FAILED)
-             return -1;
-         /* update start so that it points to the file position at 'offset' */
-@@ -406,7 +410,7 @@
-     unsigned long host_addr;
- 
-     /* XXX: use 5 args syscall */
--    host_addr = (long)mremap(g2h(old_addr), old_size, new_size, flags);
-+    host_addr = (long)mremap(g2h(old_addr), old_size, new_size, flags | MAP_32BIT);
-     if (host_addr == -1)
-         return -1;
-     new_addr = h2g(host_addr);
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/qemu-n800-support.patch b/meta/packages/qemu/qemu-0.9.1+svn/qemu-n800-support.patch
deleted file mode 100644
index 1224fb4cbd..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/qemu-n800-support.patch
+++ /dev/null
@@ -1,2381 +0,0 @@
-diff -urN 4242/cpu-all.h qemu-omap/cpu-all.h
---- 4242/cpu-all.h      2008-04-24 21:26:19.000000000 +0100
-+++ qemu-omap/cpu-all.h 2008-04-23 09:57:55.000000000 +0100
-@@ -816,7 +816,7 @@
- /* physical memory access */
- #define TLB_INVALID_MASK   (1 << 3)
- #define IO_MEM_SHIFT       4
--#define IO_MEM_NB_ENTRIES  (1 << (TARGET_PAGE_BITS  - IO_MEM_SHIFT))
-+#define IO_MEM_NB_ENTRIES  (16 << (TARGET_PAGE_BITS  - IO_MEM_SHIFT))
- 
- #define IO_MEM_RAM         (0 << IO_MEM_SHIFT) /* hardcoded offset */
- #define IO_MEM_ROM         (1 << IO_MEM_SHIFT) /* hardcoded offset */
-diff -urN 4242/exec.c qemu-omap/exec.c
---- 4242/exec.c 2008-04-24 18:11:49.000000000 +0100
-+++ qemu-omap/exec.c    2008-04-23 09:57:55.000000000 +0100
-@@ -1664,7 +1664,7 @@
-     {
-         if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
-             /* IO memory case */
--            address = vaddr | pd;
-+            address = vaddr | (pd & ~TARGET_PAGE_MASK);
-             addend = paddr;
-         } else {
-             /* standard memory */
-@@ -1698,7 +1698,9 @@
-         } else {
-             te->addr_read = -1;
-         }
--        if (prot & PAGE_EXEC) {
-+        if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM && !(pd & IO_MEM_ROMD)) {
-+            te->addr_code = pd;
-+        } else if (prot & PAGE_EXEC) {
-             te->addr_code = address;
-         } else {
-             te->addr_code = -1;
-@@ -2493,7 +2495,9 @@
-     if (io_index <= 0) {
-         if (io_mem_nb >= IO_MEM_NB_ENTRIES)
-             return -1;
--        io_index = io_mem_nb++;
-+        do io_index = io_mem_nb++;
-+        while (((io_index << IO_MEM_SHIFT) & ~TARGET_PAGE_MASK)
-+               <= IO_MEM_NOTDIRTY);
-     } else {
-         if (io_index >= IO_MEM_NB_ENTRIES)
-             return -1;
-diff -urN 4242/hw/max7310.c qemu-omap/hw/max7310.c
---- 4242/hw/max7310.c   2008-04-24 18:11:49.000000000 +0100
-+++ qemu-omap/hw/max7310.c      2008-03-02 19:31:55.000000000 +0000
-@@ -134,8 +134,8 @@
-         s->i2c_command_byte = 1;
-         break;
-     case I2C_FINISH:
--        if (s->len == 1)
- #ifdef VERBOSE
-+        if (s->len == 1)
-             printf("%s: message too short (%i bytes)\n", __FUNCTION__, s->len);
- #endif
-         break;
-diff -urN 4242/hw/ndis.h qemu-omap/hw/ndis.h
---- 4242/hw/ndis.h      1970-01-01 01:00:00.000000000 +0100
-+++ qemu-omap/hw/ndis.h 2008-04-23 09:57:56.000000000 +0100
-@@ -0,0 +1,217 @@
-+/*
-+ * ndis.h 
-+ * 
-+ * ntddndis.h modified by Benedikt Spranger <b.spranger@pengutronix.de>
-+ * 
-+ * Thanks to the cygwin development team, 
-+ * espacially to Casper S. Hornstrup <chorns@users.sourceforge.net>
-+ * 
-+ * THIS SOFTWARE IS NOT COPYRIGHTED
-+ *
-+ * This source code is offered for use in the public domain. You may
-+ * use, modify or distribute it freely.
-+ *
-+ * This code is distributed in the hope that it will be useful but
-+ * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
-+ * DISCLAIMED. This includes but is not limited to warranties of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-+ *
-+ */
-+
-+#ifndef _LINUX_NDIS_H
-+#define _LINUX_NDIS_H
-+
-+
-+#define NDIS_STATUS_MULTICAST_FULL       0xC0010009
-+#define NDIS_STATUS_MULTICAST_EXISTS      0xC001000A
-+#define NDIS_STATUS_MULTICAST_NOT_FOUND   0xC001000B
-+
-+enum NDIS_DEVICE_POWER_STATE {
-+       NdisDeviceStateUnspecified = 0,
-+       NdisDeviceStateD0,
-+       NdisDeviceStateD1,
-+       NdisDeviceStateD2,
-+       NdisDeviceStateD3,
-+       NdisDeviceStateMaximum
-+};
-+
-+struct NDIS_PM_WAKE_UP_CAPABILITIES {
-+       enum NDIS_DEVICE_POWER_STATE  MinMagicPacketWakeUp;
-+       enum NDIS_DEVICE_POWER_STATE  MinPatternWakeUp;
-+       enum NDIS_DEVICE_POWER_STATE  MinLinkChangeWakeUp;
-+};
-+
-+/* NDIS_PNP_CAPABILITIES.Flags constants */
-+#define NDIS_DEVICE_WAKE_UP_ENABLE                0x00000001
-+#define NDIS_DEVICE_WAKE_ON_PATTERN_MATCH_ENABLE  0x00000002
-+#define NDIS_DEVICE_WAKE_ON_MAGIC_PACKET_ENABLE   0x00000004
-+
-+struct NDIS_PNP_CAPABILITIES {
-+       __le32                                  Flags;
-+       struct NDIS_PM_WAKE_UP_CAPABILITIES     WakeUpCapabilities;
-+};
-+
-+struct NDIS_PM_PACKET_PATTERN {
-+       __le32  Priority;
-+       __le32  Reserved;
-+       __le32  MaskSize;
-+       __le32  PatternOffset;
-+       __le32  PatternSize;
-+       __le32  PatternFlags;
-+};
-+
-+
-+/* Required Object IDs (OIDs) */
-+#define OID_GEN_SUPPORTED_LIST            0x00010101
-+#define OID_GEN_HARDWARE_STATUS           0x00010102
-+#define OID_GEN_MEDIA_SUPPORTED           0x00010103
-+#define OID_GEN_MEDIA_IN_USE              0x00010104
-+#define OID_GEN_MAXIMUM_LOOKAHEAD         0x00010105
-+#define OID_GEN_MAXIMUM_FRAME_SIZE        0x00010106
-+#define OID_GEN_LINK_SPEED                0x00010107
-+#define OID_GEN_TRANSMIT_BUFFER_SPACE     0x00010108
-+#define OID_GEN_RECEIVE_BUFFER_SPACE      0x00010109
-+#define OID_GEN_TRANSMIT_BLOCK_SIZE       0x0001010A
-+#define OID_GEN_RECEIVE_BLOCK_SIZE        0x0001010B
-+#define OID_GEN_VENDOR_ID                 0x0001010C
-+#define OID_GEN_VENDOR_DESCRIPTION        0x0001010D
-+#define OID_GEN_CURRENT_PACKET_FILTER     0x0001010E
-+#define OID_GEN_CURRENT_LOOKAHEAD         0x0001010F
-+#define OID_GEN_DRIVER_VERSION            0x00010110
-+#define OID_GEN_MAXIMUM_TOTAL_SIZE        0x00010111
-+#define OID_GEN_PROTOCOL_OPTIONS          0x00010112
-+#define OID_GEN_MAC_OPTIONS               0x00010113
-+#define OID_GEN_MEDIA_CONNECT_STATUS      0x00010114
-+#define OID_GEN_MAXIMUM_SEND_PACKETS      0x00010115
-+#define OID_GEN_VENDOR_DRIVER_VERSION     0x00010116
-+#define OID_GEN_SUPPORTED_GUIDS           0x00010117
-+#define OID_GEN_NETWORK_LAYER_ADDRESSES   0x00010118
-+#define OID_GEN_TRANSPORT_HEADER_OFFSET   0x00010119
-+#define OID_GEN_MACHINE_NAME              0x0001021A
-+#define OID_GEN_RNDIS_CONFIG_PARAMETER    0x0001021B
-+#define OID_GEN_VLAN_ID                   0x0001021C
-+
-+/* Optional OIDs */
-+#define OID_GEN_MEDIA_CAPABILITIES        0x00010201
-+#define OID_GEN_PHYSICAL_MEDIUM           0x00010202
-+
-+/* Required statistics OIDs */
-+#define OID_GEN_XMIT_OK                   0x00020101
-+#define OID_GEN_RCV_OK                    0x00020102
-+#define OID_GEN_XMIT_ERROR                0x00020103
-+#define OID_GEN_RCV_ERROR                 0x00020104
-+#define OID_GEN_RCV_NO_BUFFER             0x00020105
-+
-+/* Optional statistics OIDs */
-+#define OID_GEN_DIRECTED_BYTES_XMIT       0x00020201
-+#define OID_GEN_DIRECTED_FRAMES_XMIT      0x00020202
-+#define OID_GEN_MULTICAST_BYTES_XMIT      0x00020203
-+#define OID_GEN_MULTICAST_FRAMES_XMIT     0x00020204
-+#define OID_GEN_BROADCAST_BYTES_XMIT      0x00020205
-+#define OID_GEN_BROADCAST_FRAMES_XMIT     0x00020206
-+#define OID_GEN_DIRECTED_BYTES_RCV        0x00020207
-+#define OID_GEN_DIRECTED_FRAMES_RCV       0x00020208
-+#define OID_GEN_MULTICAST_BYTES_RCV       0x00020209
-+#define OID_GEN_MULTICAST_FRAMES_RCV      0x0002020A
-+#define OID_GEN_BROADCAST_BYTES_RCV       0x0002020B
-+#define OID_GEN_BROADCAST_FRAMES_RCV      0x0002020C
-+#define OID_GEN_RCV_CRC_ERROR             0x0002020D
-+#define OID_GEN_TRANSMIT_QUEUE_LENGTH     0x0002020E
-+#define OID_GEN_GET_TIME_CAPS             0x0002020F
-+#define OID_GEN_GET_NETCARD_TIME          0x00020210
-+#define OID_GEN_NETCARD_LOAD              0x00020211
-+#define OID_GEN_DEVICE_PROFILE            0x00020212
-+#define OID_GEN_INIT_TIME_MS              0x00020213
-+#define OID_GEN_RESET_COUNTS              0x00020214
-+#define OID_GEN_MEDIA_SENSE_COUNTS        0x00020215
-+#define OID_GEN_FRIENDLY_NAME             0x00020216
-+#define OID_GEN_MINIPORT_INFO             0x00020217
-+#define OID_GEN_RESET_VERIFY_PARAMETERS   0x00020218
-+
-+/* IEEE 802.3 (Ethernet) OIDs */
-+#define NDIS_802_3_MAC_OPTION_PRIORITY    0x00000001
-+
-+#define OID_802_3_PERMANENT_ADDRESS       0x01010101
-+#define OID_802_3_CURRENT_ADDRESS         0x01010102
-+#define OID_802_3_MULTICAST_LIST          0x01010103
-+#define OID_802_3_MAXIMUM_LIST_SIZE       0x01010104
-+#define OID_802_3_MAC_OPTIONS             0x01010105
-+#define OID_802_3_RCV_ERROR_ALIGNMENT     0x01020101
-+#define OID_802_3_XMIT_ONE_COLLISION      0x01020102
-+#define OID_802_3_XMIT_MORE_COLLISIONS    0x01020103
-+#define OID_802_3_XMIT_DEFERRED           0x01020201
-+#define OID_802_3_XMIT_MAX_COLLISIONS     0x01020202
-+#define OID_802_3_RCV_OVERRUN             0x01020203
-+#define OID_802_3_XMIT_UNDERRUN           0x01020204
-+#define OID_802_3_XMIT_HEARTBEAT_FAILURE  0x01020205
-+#define OID_802_3_XMIT_TIMES_CRS_LOST     0x01020206
-+#define OID_802_3_XMIT_LATE_COLLISIONS    0x01020207
-+
-+/* OID_GEN_MINIPORT_INFO constants */
-+#define NDIS_MINIPORT_BUS_MASTER                      0x00000001
-+#define NDIS_MINIPORT_WDM_DRIVER                      0x00000002
-+#define NDIS_MINIPORT_SG_LIST                         0x00000004
-+#define NDIS_MINIPORT_SUPPORTS_MEDIA_QUERY            0x00000008
-+#define NDIS_MINIPORT_INDICATES_PACKETS               0x00000010
-+#define NDIS_MINIPORT_IGNORE_PACKET_QUEUE             0x00000020
-+#define NDIS_MINIPORT_IGNORE_REQUEST_QUEUE            0x00000040
-+#define NDIS_MINIPORT_IGNORE_TOKEN_RING_ERRORS        0x00000080
-+#define NDIS_MINIPORT_INTERMEDIATE_DRIVER             0x00000100
-+#define NDIS_MINIPORT_IS_NDIS_5                       0x00000200
-+#define NDIS_MINIPORT_IS_CO                           0x00000400
-+#define NDIS_MINIPORT_DESERIALIZE                     0x00000800
-+#define NDIS_MINIPORT_REQUIRES_MEDIA_POLLING          0x00001000
-+#define NDIS_MINIPORT_SUPPORTS_MEDIA_SENSE            0x00002000
-+#define NDIS_MINIPORT_NETBOOT_CARD                    0x00004000
-+#define NDIS_MINIPORT_PM_SUPPORTED                    0x00008000
-+#define NDIS_MINIPORT_SUPPORTS_MAC_ADDRESS_OVERWRITE  0x00010000
-+#define NDIS_MINIPORT_USES_SAFE_BUFFER_APIS           0x00020000
-+#define NDIS_MINIPORT_HIDDEN                          0x00040000
-+#define NDIS_MINIPORT_SWENUM                          0x00080000
-+#define NDIS_MINIPORT_SURPRISE_REMOVE_OK              0x00100000
-+#define NDIS_MINIPORT_NO_HALT_ON_SUSPEND              0x00200000
-+#define NDIS_MINIPORT_HARDWARE_DEVICE                 0x00400000
-+#define NDIS_MINIPORT_SUPPORTS_CANCEL_SEND_PACKETS    0x00800000
-+#define NDIS_MINIPORT_64BITS_DMA                      0x01000000
-+
-+#define NDIS_MEDIUM_802_3              0x00000000
-+#define NDIS_MEDIUM_802_5              0x00000001
-+#define NDIS_MEDIUM_FDDI               0x00000002
-+#define NDIS_MEDIUM_WAN                        0x00000003
-+#define NDIS_MEDIUM_LOCAL_TALK         0x00000004
-+#define NDIS_MEDIUM_DIX                        0x00000005
-+#define NDIS_MEDIUM_ARCENT_RAW         0x00000006
-+#define NDIS_MEDIUM_ARCENT_878_2       0x00000007
-+#define NDIS_MEDIUM_ATM                        0x00000008
-+#define NDIS_MEDIUM_WIRELESS_LAN       0x00000009
-+#define NDIS_MEDIUM_IRDA               0x0000000A
-+#define NDIS_MEDIUM_BPC                        0x0000000B
-+#define NDIS_MEDIUM_CO_WAN             0x0000000C
-+#define NDIS_MEDIUM_1394               0x0000000D
-+
-+#define NDIS_PACKET_TYPE_DIRECTED      0x00000001
-+#define NDIS_PACKET_TYPE_MULTICAST     0x00000002
-+#define NDIS_PACKET_TYPE_ALL_MULTICAST 0x00000004
-+#define NDIS_PACKET_TYPE_BROADCAST     0x00000008
-+#define NDIS_PACKET_TYPE_SOURCE_ROUTING        0x00000010
-+#define NDIS_PACKET_TYPE_PROMISCUOUS   0x00000020
-+#define NDIS_PACKET_TYPE_SMT           0x00000040
-+#define NDIS_PACKET_TYPE_ALL_LOCAL     0x00000080
-+#define NDIS_PACKET_TYPE_GROUP         0x00000100
-+#define NDIS_PACKET_TYPE_ALL_FUNCTIONAL        0x00000200
-+#define NDIS_PACKET_TYPE_FUNCTIONAL    0x00000400
-+#define NDIS_PACKET_TYPE_MAC_FRAME     0x00000800
-+
-+#define NDIS_MEDIA_STATE_CONNECTED     0x00000000
-+#define NDIS_MEDIA_STATE_DISCONNECTED  0x00000001
-+
-+#define NDIS_MAC_OPTION_COPY_LOOKAHEAD_DATA     0x00000001
-+#define NDIS_MAC_OPTION_RECEIVE_SERIALIZED      0x00000002
-+#define NDIS_MAC_OPTION_TRANSFERS_NOT_PEND      0x00000004
-+#define NDIS_MAC_OPTION_NO_LOOPBACK             0x00000008
-+#define NDIS_MAC_OPTION_FULL_DUPLEX             0x00000010
-+#define NDIS_MAC_OPTION_EOTX_INDICATION         0x00000020
-+#define NDIS_MAC_OPTION_8021P_PRIORITY          0x00000040
-+#define NDIS_MAC_OPTION_RESERVED                0x80000000
-+
-+#endif /* _LINUX_NDIS_H */
-diff -urN 4242/hw/nseries.c qemu-omap/hw/nseries.c
---- 4242/hw/nseries.c   2008-04-24 18:11:49.000000000 +0100
-+++ qemu-omap/hw/nseries.c      2008-04-23 09:57:56.000000000 +0100
-@@ -602,6 +602,37 @@
-                     (void *) &config7, sizeof(config7));
- }
- 
-+#if 0
-+static uint32_t n800_pinout[104] = {
-+    0x080f00d8, 0x00d40808, 0x03080808, 0x080800d0,
-+    0x00dc0808, 0x0b0f0f00, 0x080800b4, 0x00c00808,
-+    0x08080808, 0x180800c4, 0x00b80000, 0x08080808,
-+    0x080800bc, 0x00cc0808, 0x08081818, 0x18180128,
-+    0x01241800, 0x18181818, 0x000000f0, 0x01300000,
-+    0x00001b0b, 0x1b0f0138, 0x00e0181b, 0x1b031b0b,
-+    0x180f0078, 0x00740018, 0x0f0f0f1a, 0x00000080,
-+    0x007c0000, 0x00000000, 0x00000088, 0x00840000,
-+    0x00000000, 0x00000094, 0x00980300, 0x0f180003,
-+    0x0000008c, 0x00900f0f, 0x0f0f1b00, 0x0f00009c,
-+    0x01140000, 0x1b1b0f18, 0x0818013c, 0x01400008,
-+    0x00001818, 0x000b0110, 0x010c1800, 0x0b030b0f,
-+    0x181800f4, 0x00f81818, 0x00000018, 0x000000fc,
-+    0x00401808, 0x00000000, 0x0f1b0030, 0x003c0008,
-+    0x00000000, 0x00000038, 0x00340000, 0x00000000,
-+    0x1a080070, 0x00641a1a, 0x08080808, 0x08080060,
-+    0x005c0808, 0x08080808, 0x08080058, 0x00540808,
-+    0x08080808, 0x0808006c, 0x00680808, 0x08080808,
-+    0x000000a8, 0x00b00000, 0x08080808, 0x000000a0,
-+    0x00a40000, 0x00000000, 0x08ff0050, 0x004c0808,
-+    0xffffffff, 0xffff0048, 0x0044ffff, 0xffffffff,
-+    0x000000ac, 0x01040800, 0x08080b0f, 0x18180100,
-+    0x01081818, 0x0b0b1808, 0x1a0300e4, 0x012c0b1a,
-+    0x02020018, 0x0b000134, 0x011c0800, 0x0b1b1b00,
-+    0x0f0000c8, 0x00ec181b, 0x000f0f02, 0x00180118,
-+    0x01200000, 0x0f0b1b1b, 0x0f0200e8, 0x0000020b,
-+};
-+#endif
-+
- /* Setup sequence done by the bootloader */
- static void n800_boot_init(void *opaque)
- {
-@@ -942,3 +973,71 @@
-     "Nokia N800 aka. RX-34 tablet (OMAP2420)",
-     n800_init,
- };
-+
-+#if 0
-+/* cx3110x.c */
-+#define CY_ARM_INT             0x00
-+#define CY_ARM_INT_ENA         0x00
-+#define CY_HOST_INT            0x00
-+#define CY_HOST_INT_ENA                0x00
-+#define CY_HOST_INT_ACK                0x00
-+#define CY_GP1_COMM            0x00
-+#define CY_GP2_COMM            0x00
-+#define CY_DEV_CTRL_STA                0x00
-+#define CY_DMA_DATA            0x00    /* 16-bit */
-+#define CY_DMA_WR_CTRL         0x00    /* 16-bit */
-+#define CY_DMA_WR_LEN          0x00    /* 16-bit */
-+#define CY_DMA_WR_BASE         0x00
-+#define CY_DMA_RD_CTRL         0x00    /* 16-bit */
-+#define CY_DMA_RD_LEN          0x00    /* 16-bit */
-+#define CY_DMA_RD_BASE         0x00
-+
-+HW:
-+(spi bus 1.0)
-+  tsc2005
-+(spi bus 1.1)
-+  lcd_mipid
-+(spi bus 2.0)
-+  cx3110x (WLAN)
-+(spi somewhere?)
-+  pc2400m (WiMAX)
-+(i2c bus 0)
-+  TLV320AIC33 (audio codec on i2c)
-+  TCM825x (camera on i2c)
-+  lp5521 (LED on i2c)
-+  tsl2563 (light sensor, hwmon on i2c)
-+  lm8323 (keypad on i2c)
-+(i2c bus 1)
-+  tmp105 (temperature sensor, hwmon on i2c)
-+  menelaus (power on i2c)
-+
-+GPIO   0: out hi
-+GPIO   8: in  hi
-+GPIO   9: out hi
-+GPIO  10: out lo
-+GPIO  12: out lo
-+GPIO  15: out lo
-+GPIO  23: out hi
-+GPIO  26: in  hi, irq-186 rising
-+GPIO  53: out lo
-+GPIO  58: in  hi, irq-218 low wakeup
-+GPIO  62: out lo
-+GPIO  64: out hi
-+GPIO  65: in  hi
-+GPIO  66: out lo
-+GPIO  93: out lo
-+GPIO  94: in  hi
-+GPIO  95: out lo
-+GPIO  96: out hi
-+GPIO 101: out lo
-+GPIO 102: in  hi, irq-262 bothedge
-+GPIO 106: in  hi, irq-266 falling wakeup
-+GPIO 107: in  hi, irq-267 bothedge
-+GPIO 108: in  lo, irq-268 rising wakeup
-+GPIO 109: in  hi, irq-269 falling wakeup
-+GPIO 110: in  hi, irq-270 bothedge
-+GPIO 111: in  lo, irq-271 rising
-+GPIO 112: out hi
-+GPIO 118: out hi
-+GPIO 125: in  lo, irq-285 rising
-+#endif
-diff -urN 4242/hw/omap2.c qemu-omap/hw/omap2.c
---- 4242/hw/omap2.c     2008-04-24 18:11:49.000000000 +0100
-+++ qemu-omap/hw/omap2.c        2008-04-23 09:57:56.000000000 +0100
-@@ -3675,152 +3675,152 @@
-                     omap_findclk(s, "dss_l4_iclk"));
- 
-     /* All register mappings (includin those not currenlty implemented):
--     * SystemControlMod        48000000 - 48000fff
--     * SystemControlL4 48001000 - 48001fff
--     * 32kHz Timer Mod 48004000 - 48004fff
--     * 32kHz Timer L4  48005000 - 48005fff
--     * PRCM ModA       48008000 - 480087ff
-+     * SystemControlMod        48000000 - 48000fff (REV 0x00000010)
-+     * SystemControlL4 48001000 - 48001fff (0x00200010, 0x01000200, 0x00000000)
-+     * 32kHz Timer Mod 48004000 - 48004fff (REV 0x00000011)
-+     * 32kHz Timer L4  48005000 - 48005fff (0x00200010, 0x01000200, 0x00000000)
-+     * PRCM ModA       48008000 - 480087ff (REV 0x00000010)
-      * PRCM ModB       48008800 - 48008fff
--     * PRCM L4         48009000 - 48009fff
--     * TEST-BCM Mod    48012000 - 48012fff
--     * TEST-BCM L4     48013000 - 48013fff
--     * TEST-TAP Mod    48014000 - 48014fff
--     * TEST-TAP L4     48015000 - 48015fff
--     * GPIO1 Mod       48018000 - 48018fff
--     * GPIO Top                48019000 - 48019fff
--     * GPIO2 Mod       4801a000 - 4801afff
--     * GPIO L4         4801b000 - 4801bfff
--     * GPIO3 Mod       4801c000 - 4801cfff
--     * GPIO4 Mod       4801e000 - 4801efff
--     * WDTIMER1 Mod    48020000 - 48010fff
-+     * PRCM L4         48009000 - 48009fff (0x00200010, 0x00000200, 0x00000000)
-+     * TEST-BCM Mod    48012000 - 48012fff (REV 0x00000010)
-+     * TEST-BCM L4     48013000 - 48013fff (0x00200010, 0x00000200, 0x00000000)
-+     * TEST-TAP Mod    48014000 - 48014fff (REV 0x00000010)
-+     * TEST-TAP L4     48015000 - 48015fff (0x00200010, 0x00000200, 0x00000000)
-+     * GPIO1 Mod       48018000 - 48018fff (REV 0x00000018)
-+     * GPIO Top                48019000 - 48019fff (REV 0x00000011)
-+     * GPIO2 Mod       4801a000 - 4801afff (REV 0x00000018)
-+     * GPIO L4         4801b000 - 4801bfff (0x00200010, 0x00000200, 0x00000000)
-+     * GPIO3 Mod       4801c000 - 4801cfff (REV 0x00000018)
-+     * GPIO4 Mod       4801e000 - 4801efff (REV 0x00000018)
-+     * WDTIMER1 Mod    48020000 - 48010fff (REV Abort)
-      * WDTIMER Top     48021000 - 48011fff
--     * WDTIMER2 Mod    48022000 - 48012fff
--     * WDTIMER L4      48023000 - 48013fff
--     * WDTIMER3 Mod    48024000 - 48014fff
--     * WDTIMER3 L4     48025000 - 48015fff
--     * WDTIMER4 Mod    48026000 - 48016fff
--     * WDTIMER4 L4     48027000 - 48017fff
--     * GPTIMER1 Mod    48028000 - 48018fff
--     * GPTIMER1 L4     48029000 - 48019fff
--     * GPTIMER2 Mod    4802a000 - 4801afff
--     * GPTIMER2 L4     4802b000 - 4801bfff
-+     * WDTIMER2 Mod    48022000 - 48012fff (REV 0x00000011)
-+     * WDTIMER L4      48023000 - 48013fff (0x00200010, 0x00000200, 0x00000000)
-+     * WDTIMER3 Mod    48024000 - 48014fff (REV 0x00000011)
-+     * WDTIMER3 L4     48025000 - 48015fff (0x00200010, 0x00000200, 0x00000000)
-+     * WDTIMER4 Mod    48026000 - 48016fff (REV 0x00000011)
-+     * WDTIMER4 L4     48027000 - 48017fff (0x00200010, 0x00000200, 0x00000000)
-+     * GPTIMER1 Mod    48028000 - 48018fff (REV 0x00000013)
-+     * GPTIMER1 L4     48029000 - 48019fff (0x00200010, 0x00000200, 0x00000000)
-+     * GPTIMER2 Mod    4802a000 - 4801afff (REV Abort)
-+     * GPTIMER2 L4     4802b000 - 4801bfff (0x00200010, 0x00000200, 0x00000000)
-      * L4-Config AP    48040000 - 480407ff
-      * L4-Config IP    48040800 - 48040fff
-      * L4-Config LA    48041000 - 48041fff
--     * ARM11ETB Mod    48048000 - 48049fff
--     * ARM11ETB L4     4804a000 - 4804afff
--     * DISPLAY Top     48050000 - 480503ff
--     * DISPLAY DISPC   48050400 - 480507ff
--     * DISPLAY RFBI    48050800 - 48050bff
--     * DISPLAY VENC    48050c00 - 48050fff
--     * DISPLAY L4      48051000 - 48051fff
--     * CAMERA Top      48052000 - 480523ff
--     * CAMERA core     48052400 - 480527ff
--     * CAMERA DMA      48052800 - 48052bff
--     * CAMERA MMU      48052c00 - 48052fff
--     * CAMERA L4       48053000 - 48053fff
--     * SDMA Mod                48056000 - 48056fff
--     * SDMA L4         48057000 - 48057fff
--     * SSI Top         48058000 - 48058fff
--     * SSI GDD         48059000 - 48059fff
--     * SSI Port1       4805a000 - 4805afff
--     * SSI Port2       4805b000 - 4805bfff
--     * SSI L4          4805c000 - 4805cfff
--     * USB Mod         4805e000 - 480fefff
--     * USB L4          4805f000 - 480fffff
--     * WIN_TRACER1 Mod 48060000 - 48060fff
--     * WIN_TRACER1 L4  48061000 - 48061fff
--     * WIN_TRACER2 Mod 48062000 - 48062fff
--     * WIN_TRACER2 L4  48063000 - 48063fff
--     * WIN_TRACER3 Mod 48064000 - 48064fff
--     * WIN_TRACER3 L4  48065000 - 48065fff
--     * WIN_TRACER4 Top 48066000 - 480660ff
--     * WIN_TRACER4 ETT 48066100 - 480661ff
--     * WIN_TRACER4 WT  48066200 - 480662ff
--     * WIN_TRACER4 L4  48067000 - 48067fff
--     * XTI Mod         48068000 - 48068fff
--     * XTI L4          48069000 - 48069fff
--     * UART1 Mod       4806a000 - 4806afff
--     * UART1 L4                4806b000 - 4806bfff
--     * UART2 Mod       4806c000 - 4806cfff
--     * UART2 L4                4806d000 - 4806dfff
--     * UART3 Mod       4806e000 - 4806efff
--     * UART3 L4                4806f000 - 4806ffff
--     * I2C1 Mod                48070000 - 48070fff
--     * I2C1 L4         48071000 - 48071fff
--     * I2C2 Mod                48072000 - 48072fff
--     * I2C2 L4         48073000 - 48073fff
--     * McBSP1 Mod      48074000 - 48074fff
--     * McBSP1 L4       48075000 - 48075fff
--     * McBSP2 Mod      48076000 - 48076fff
--     * McBSP2 L4       48077000 - 48077fff
--     * GPTIMER3 Mod    48078000 - 48078fff
--     * GPTIMER3 L4     48079000 - 48079fff
--     * GPTIMER4 Mod    4807a000 - 4807afff
--     * GPTIMER4 L4     4807b000 - 4807bfff
--     * GPTIMER5 Mod    4807c000 - 4807cfff
--     * GPTIMER5 L4     4807d000 - 4807dfff
--     * GPTIMER6 Mod    4807e000 - 4807efff
--     * GPTIMER6 L4     4807f000 - 4807ffff
--     * GPTIMER7 Mod    48080000 - 48080fff
--     * GPTIMER7 L4     48081000 - 48081fff
--     * GPTIMER8 Mod    48082000 - 48082fff
--     * GPTIMER8 L4     48083000 - 48083fff
--     * GPTIMER9 Mod    48084000 - 48084fff
--     * GPTIMER9 L4     48085000 - 48085fff
--     * GPTIMER10 Mod   48086000 - 48086fff
--     * GPTIMER10 L4    48087000 - 48087fff
--     * GPTIMER11 Mod   48088000 - 48088fff
--     * GPTIMER11 L4    48089000 - 48089fff
--     * GPTIMER12 Mod   4808a000 - 4808afff
--     * GPTIMER12 L4    4808b000 - 4808bfff
--     * EAC Mod         48090000 - 48090fff
--     * EAC L4          48091000 - 48091fff
--     * FAC Mod         48092000 - 48092fff
--     * FAC L4          48093000 - 48093fff
--     * MAILBOX Mod     48094000 - 48094fff
--     * MAILBOX L4      48095000 - 48095fff
--     * SPI1 Mod                48098000 - 48098fff
--     * SPI1 L4         48099000 - 48099fff
--     * SPI2 Mod                4809a000 - 4809afff
--     * SPI2 L4         4809b000 - 4809bfff
--     * MMC/SDIO Mod    4809c000 - 4809cfff
--     * MMC/SDIO L4     4809d000 - 4809dfff
--     * MS_PRO Mod      4809e000 - 4809efff
--     * MS_PRO L4       4809f000 - 4809ffff
--     * RNG Mod         480a0000 - 480a0fff
--     * RNG L4          480a1000 - 480a1fff
--     * DES3DES Mod     480a2000 - 480a2fff
--     * DES3DES L4      480a3000 - 480a3fff
--     * SHA1MD5 Mod     480a4000 - 480a4fff
--     * SHA1MD5 L4      480a5000 - 480a5fff
--     * AES Mod         480a6000 - 480a6fff
--     * AES L4          480a7000 - 480a7fff
--     * PKA Mod         480a8000 - 480a9fff
--     * PKA L4          480aa000 - 480aafff
--     * MG Mod          480b0000 - 480b0fff
--     * MG L4           480b1000 - 480b1fff
--     * HDQ/1-wire Mod  480b2000 - 480b2fff
--     * HDQ/1-wire L4   480b3000 - 480b3fff
--     * MPU interrupt   480fe000 - 480fefff
--     * IVA RAM         5c000000 - 5c01ffff
--     * IVA ROM         5c020000 - 5c027fff
--     * IMG_BUF_A       5c040000 - 5c040fff
--     * IMG_BUF_B       5c042000 - 5c042fff
--     * VLCDS           5c048000 - 5c0487ff
--     * IMX_COEF                5c049000 - 5c04afff
--     * IMX_CMD         5c051000 - 5c051fff
--     * VLCDQ           5c053000 - 5c0533ff
--     * VLCDH           5c054000 - 5c054fff
--     * SEQ_CMD         5c055000 - 5c055fff
--     * IMX_REG         5c056000 - 5c0560ff
--     * VLCD_REG                5c056100 - 5c0561ff
--     * SEQ_REG         5c056200 - 5c0562ff
--     * IMG_BUF_REG     5c056300 - 5c0563ff
--     * SEQIRQ_REG      5c056400 - 5c0564ff
--     * OCP_REG         5c060000 - 5c060fff
--     * SYSC_REG                5c070000 - 5c070fff
--     * MMU_REG         5d000000 - 5d000fff
-+     * ARM11ETB Mod    48048000 - 48049fff (REV 0x00000011)
-+     * ARM11ETB L4     4804a000 - 4804afff (0x00200010, 0x00000200, 0x00000000)
-+     * DISPLAY Top     48050000 - 480503ff (REV 0x00000003)
-+     * DISPLAY DISPC   48050400 - 480507ff (REV 0x00000020)
-+     * DISPLAY RFBI    48050800 - 48050bff (REV 0x00000010)
-+     * DISPLAY VENC    48050c00 - 48050fff (REV Abort)
-+     * DISPLAY L4      48051000 - 48051fff (0x00200010, 0x00000200, 0x00000100)
-+     * CAMERA Top      48052000 - 480523ff (REV 0x00000020)
-+     * CAMERA core     48052400 - 480527ff (REV 0x00000020)
-+     * CAMERA DMA      48052800 - 48052bff (REV 0x00000020)
-+     * CAMERA MMU      48052c00 - 48052fff (REV 0x00000010)
-+     * CAMERA L4       48053000 - 48053fff (0x00200010, 0x00000200, 0x00000000)
-+     * SDMA Mod                48056000 - 48056fff (REV 0x00000020)
-+     * SDMA L4         48057000 - 48057fff (0x00200010, 0x00000200, 0x00000000)
-+     * SSI Top         48058000 - 48058fff (REV Abort)
-+     * SSI GDD         48059000 - 48059fff (REV Abort)
-+     * SSI Port1       4805a000 - 4805afff (REV Abort)
-+     * SSI Port2       4805b000 - 4805bfff (REV Abort)
-+     * SSI L4          4805c000 - 4805cfff (0x00200010, 0x00000200, 0x00000100)
-+     * USB Mod         4805e000 - 480fefff (REV Abort)
-+     * USB L4          4805f000 - 480fffff (0x00200010, 0x01000200, 0x00000100)
-+     * WIN_TRACER1 Mod 48060000 - 48060fff (REV 0x00000020)
-+     * WIN_TRACER1 L4  48061000 - 48061fff (0x00200010, 0x00000200, 0x00000000)
-+     * WIN_TRACER2 Mod 48062000 - 48062fff (REV 0x00000020)
-+     * WIN_TRACER2 L4  48063000 - 48063fff (0x00200010, 0x00000200, 0x00000000)
-+     * WIN_TRACER3 Mod 48064000 - 48064fff (REV 0x00000020)
-+     * WIN_TRACER3 L4  48065000 - 48065fff (0x00200010, 0x00000200, 0x00000000)
-+     * WIN_TRACER4 Top 48066000 - 480660ff (REV 0x00000011)
-+     * WIN_TRACER4 ETT 48066100 - 480661ff (REV 0x00000011)
-+     * WIN_TRACER4 WT  48066200 - 480662ff (REV 0x00000020)
-+     * WIN_TRACER4 L4  48067000 - 48067fff (0x00200010, 0x00000200, 0x00000000)
-+     * XTI Mod         48068000 - 48068fff (REV 0x00000010)
-+     * XTI L4          48069000 - 48069fff (0x00200010, 0x00000200, 0x00000000)
-+     * UART1 Mod       4806a000 - 4806afff (MVR Abort)
-+     * UART1 L4                4806b000 - 4806bfff (0x00200010, 0x00000200, 0x00000000)
-+     * UART2 Mod       4806c000 - 4806cfff (MVR Abort)
-+     * UART2 L4                4806d000 - 4806dfff (0x00200010, 0x00000200, 0x00000000)
-+     * UART3 Mod       4806e000 - 4806efff (MVR 0x20)
-+     * UART3 L4                4806f000 - 4806ffff (0x00200010, 0x00000200, 0x00000000)
-+     * I2C1 Mod                48070000 - 48070fff (REV 0x0034)
-+     * I2C1 L4         48071000 - 48071fff (0x00200010, 0x01000200, 0x01000000)
-+     * I2C2 Mod                48072000 - 48072fff (REV 0x0034)
-+     * I2C2 L4         48073000 - 48073fff (0x00200010, 0x01000200, 0x01000000)
-+     * McBSP1 Mod      48074000 - 48074fff (REV Abort)
-+     * McBSP1 L4       48075000 - 48075fff (0x00200010, 0x01000200, 0x01000000)
-+     * McBSP2 Mod      48076000 - 48076fff (REV Abort)
-+     * McBSP2 L4       48077000 - 48077fff (0x00200010, 0x01000200, 0x01000000)
-+     * GPTIMER3 Mod    48078000 - 48078fff (REV Abort)
-+     * GPTIMER3 L4     48079000 - 48079fff (0x00200010, 0x00000200, 0x00000000)
-+     * GPTIMER4 Mod    4807a000 - 4807afff (REV Abort)
-+     * GPTIMER4 L4     4807b000 - 4807bfff (0x00200010, 0x00000200, 0x00000000)
-+     * GPTIMER5 Mod    4807c000 - 4807cfff (REV Abort)
-+     * GPTIMER5 L4     4807d000 - 4807dfff (0x00200010, 0x00000200, 0x00000000)
-+     * GPTIMER6 Mod    4807e000 - 4807efff (REV Abort)
-+     * GPTIMER6 L4     4807f000 - 4807ffff (0x00200010, 0x00000200, 0x00000000)
-+     * GPTIMER7 Mod    48080000 - 48080fff (REV Abort)
-+     * GPTIMER7 L4     48081000 - 48081fff (0x00200010, 0x00000200, 0x00000000)
-+     * GPTIMER8 Mod    48082000 - 48082fff (REV Abort)
-+     * GPTIMER8 L4     48083000 - 48083fff (0x00200010, 0x00000200, 0x00000000)
-+     * GPTIMER9 Mod    48084000 - 48084fff (REV Abort)
-+     * GPTIMER9 L4     48085000 - 48085fff (0x00200010, 0x00000200, 0x00000000)
-+     * GPTIMER10 Mod   48086000 - 48086fff (REV Abort)
-+     * GPTIMER10 L4    48087000 - 48087fff (0x00200010, 0x00000200, 0x00000000)
-+     * GPTIMER11 Mod   48088000 - 48088fff (REV Abort)
-+     * GPTIMER11 L4    48089000 - 48089fff (0x00200010, 0x00000200, 0x00000000)
-+     * GPTIMER12 Mod   4808a000 - 4808afff (REV Abort)
-+     * GPTIMER12 L4    4808b000 - 4808bfff (0x00200010, 0x00000200, 0x00000000)
-+     * EAC Mod         48090000 - 48090fff (REV Abort)
-+     * EAC L4          48091000 - 48091fff (0x00200010, 0x00000200, 0x00000000)
-+     * FAC Mod         48092000 - 48092fff (REV Abort)
-+     * FAC L4          48093000 - 48093fff (0x00200010, 0x00000200, 0x00000000)
-+     * MAILBOX Mod     48094000 - 48094fff (REV 0x00000010)
-+     * MAILBOX L4      48095000 - 48095fff (0x00200010, 0x00000200, 0x00000000)
-+     * SPI1 Mod                48098000 - 48098fff (REV Abort)
-+     * SPI1 L4         48099000 - 48099fff (0x00200010, 0x00000200, 0x00000000)
-+     * SPI2 Mod                4809a000 - 4809afff (REV Abort)
-+     * SPI2 L4         4809b000 - 4809bfff (0x00200010, 0x00000200, 0x00000000)
-+     * MMC/SDIO Mod    4809c000 - 4809cfff (REV 0x0044)
-+     * MMC/SDIO L4     4809d000 - 4809dfff (0x00200010, 0x01000200, 0x01000000)
-+     * MS_PRO Mod      4809e000 - 4809efff (REV Abort)
-+     * MS_PRO L4       4809f000 - 4809ffff (0x00200010, 0x01000200, 0x01000000)
-+     * RNG Mod         480a0000 - 480a0fff (REV 0xFC066F93?)
-+     * RNG L4          480a1000 - 480a1fff (0x00200010, 0x01000200, 0x00000000)
-+     * DES3DES Mod     480a2000 - 480a2fff (REV 0x00000000?)
-+     * DES3DES L4      480a3000 - 480a3fff (0x00200010, 0x01000200, 0x00000000)
-+     * SHA1MD5 Mod     480a4000 - 480a4fff (REV 0x00000000?)
-+     * SHA1MD5 L4      480a5000 - 480a5fff (0x00200010, 0x01000200, 0x00000000)
-+     * AES Mod         480a6000 - 480a6fff (REV 0x00000000?)
-+     * AES L4          480a7000 - 480a7fff (0x00200010, 0x00000200, 0x00000000)
-+     * PKA Mod         480a8000 - 480a9fff (REV 0x00000000?)
-+     * PKA L4          480aa000 - 480aafff (0x00200010, 0x00000200, 0x00000000)
-+     * MG Mod          480b0000 - 480b0fff (REV Abort)
-+     * MG L4           480b1000 - 480b1fff (0x00200010, 0x01000200, 0x01000000)
-+     * HDQ/1-wire Mod  480b2000 - 480b2fff (REV 0x00000002)
-+     * HDQ/1-wire L4   480b3000 - 480b3fff (0x00200010, 0x00000200, 0x00000000)
-+     * MPU interrupt   480fe000 - 480fefff (REV 0x00000020)
-+     * IVA RAM         5c000000 - 5c01ffff (REV Abort)
-+     * IVA ROM         5c020000 - 5c027fff (REV Abort)
-+     * IMG_BUF_A       5c040000 - 5c040fff (REV Abort)
-+     * IMG_BUF_B       5c042000 - 5c042fff (REV Abort)
-+     * VLCDS           5c048000 - 5c0487ff (REV Abort)
-+     * IMX_COEF                5c049000 - 5c04afff (REV Abort)
-+     * IMX_CMD         5c051000 - 5c051fff (REV Abort)
-+     * VLCDQ           5c053000 - 5c0533ff (REV Abort)
-+     * VLCDH           5c054000 - 5c054fff (REV Abort)
-+     * SEQ_CMD         5c055000 - 5c055fff (REV Abort)
-+     * IMX_REG         5c056000 - 5c0560ff (REV Abort)
-+     * VLCD_REG                5c056100 - 5c0561ff (REV Abort)
-+     * SEQ_REG         5c056200 - 5c0562ff (REV Abort)
-+     * IMG_BUF_REG     5c056300 - 5c0563ff (REV Abort)
-+     * SEQIRQ_REG      5c056400 - 5c0564ff (REV Abort)
-+     * OCP_REG         5c060000 - 5c060fff (REV Abort)
-+     * SYSC_REG                5c070000 - 5c070fff (REV Abort)
-+     * MMU_REG         5d000000 - 5d000fff (REV Abort)
-      * sDMA R          68000400 - 680005ff
-      * sDMA W          68000600 - 680007ff
-      * Display Control 68000800 - 680009ff
-@@ -3849,9 +3849,9 @@
-      * GPMC (firewall) 68006000 - 680063ff
-      * GPMC (err login)        68006400 - 680067ff
-      * SMS (err login) 68006c00 - 68006fff
--     * SMS registers   68008000 - 68008fff
--     * SDRC registers  68009000 - 68009fff
--     * GPMC registers  6800a000   6800afff
-+     * SMS registers   68008000 - 68008fff (REV 0x00000020)
-+     * SDRC registers  68009000 - 68009fff (REV 0x00000020)
-+     * GPMC registers  6800a000   6800afff (REV 0x00000020)
-      */
- 
-     qemu_register_reset(omap2_mpu_reset, s);
-diff -urN 4242/hw/pc.c qemu-omap/hw/pc.c
---- 4242/hw/pc.c        2008-04-24 21:26:22.000000000 +0100
-+++ qemu-omap/hw/pc.c   2008-04-23 09:57:56.000000000 +0100
-@@ -445,6 +445,37 @@
-     bdrv_set_boot_sector(drives_table[hda].bdrv, bootsect, sizeof(bootsect));
- }
- 
-+static int load_kernel(const char *filename, uint8_t *addr,
-+                       uint8_t *real_addr)
-+{
-+    int fd, size;
-+    int setup_sects;
-+
-+    fd = open(filename, O_RDONLY | O_BINARY);
-+    if (fd < 0)
-+        return -1;
-+
-+    /* load 16 bit code */
-+    if (read(fd, real_addr, 512) != 512)
-+        goto fail;
-+    setup_sects = real_addr[0x1F1];
-+    if (!setup_sects)
-+        setup_sects = 4;
-+    if (read(fd, real_addr + 512, setup_sects * 512) !=
-+        setup_sects * 512)
-+        goto fail;
-+
-+    /* load 32 bit code */
-+    size = read(fd, addr, 16 * 1024 * 1024);
-+    if (size < 0)
-+        goto fail;
-+    close(fd);
-+    return size;
-+ fail:
-+    close(fd);
-+    return -1;
-+}
-+
- static long get_file_size(FILE *f)
- {
-     long where, size;
-diff -urN 4242/hw/tusb6010.c qemu-omap/hw/tusb6010.c
---- 4242/hw/tusb6010.c  2008-04-23 12:18:54.000000000 +0100
-+++ qemu-omap/hw/tusb6010.c     2008-04-23 09:57:56.000000000 +0100
-@@ -287,9 +287,6 @@
-     /* TODO: How is this signalled?  */
- }
- 
--extern CPUReadMemoryFunc *musb_read[];
--extern CPUWriteMemoryFunc *musb_write[];
--
- static uint32_t tusb_async_readb(void *opaque, target_phys_addr_t addr)
- {
-     struct tusb_s *s = (struct tusb_s *) opaque;
-diff -urN 4242/hw/usb.h qemu-omap/hw/usb.h
---- 4242/hw/usb.h       2008-04-23 12:18:54.000000000 +0100
-+++ qemu-omap/hw/usb.h  2008-04-23 09:57:56.000000000 +0100
-@@ -219,6 +219,9 @@
- /* usb-msd.c */
- USBDevice *usb_msd_init(const char *filename);
- 
-+/* usb-net.c */
-+USBDevice *usb_net_init(NICInfo *nd);
-+
- /* usb-wacom.c */
- USBDevice *usb_wacom_init(void);
- 
-@@ -254,3 +257,7 @@
- uint32_t musb_core_intr_get(struct musb_s *s);
- void musb_core_intr_clear(struct musb_s *s, uint32_t mask);
- void musb_set_size(struct musb_s *s, int epnum, int size, int is_tx);
-+#ifdef NEED_CPU_H
-+extern CPUReadMemoryFunc *musb_read[];
-+extern CPUWriteMemoryFunc *musb_write[];
-+#endif
-diff -urN 4242/hw/usb-hub.c qemu-omap/hw/usb-hub.c
---- 4242/hw/usb-hub.c   2008-04-23 11:43:37.000000000 +0100
-+++ qemu-omap/hw/usb-hub.c      2008-04-23 09:57:56.000000000 +0100
-@@ -146,8 +146,8 @@
-        0x07,       /*  u8  ep_bLength; */
-        0x05,       /*  u8  ep_bDescriptorType; Endpoint */
-        0x81,       /*  u8  ep_bEndpointAddress; IN Endpoint 1 */
--       0x03,       /*  u8  ep_bmAttributes; Interrupt */
--       0x02, 0x00, /*  u16 ep_wMaxPacketSize; 1 + (MAX_ROOT_PORTS / 8) */
-+       0x03,       /*  u8  ep_bmAttributes; Interrupt */
-+       0x02, 0x00, /*  u16 ep_wMaxPacketSize; 1 + (MAX_ROOT_PORTS / 8) */
-        0xff        /*  u8  ep_bInterval; (255ms -- usb 2.0 spec) */
- };
- 
-diff -urN 4242/hw/usb-net.c qemu-omap/hw/usb-net.c
---- 4242/hw/usb-net.c   1970-01-01 01:00:00.000000000 +0100
-+++ qemu-omap/hw/usb-net.c      2008-04-23 09:57:56.000000000 +0100
-@@ -0,0 +1,1334 @@
-+/*
-+ * QEMU USB Net devices
-+ * 
-+ * Copyright (c) 2006 Thomas Sailer
-+ * based on usb-hid.c Copyright (c) 2005 Fabrice Bellard
-+ * 
-+ * Permission is hereby granted, free of charge, to any person obtaining a copy
-+ * of this software and associated documentation files (the "Software"), to deal
-+ * in the Software without restriction, including without limitation the rights
-+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-+ * copies of the Software, and to permit persons to whom the Software is
-+ * furnished to do so, subject to the following conditions:
-+ *
-+ * The above copyright notice and this permission notice shall be included in
-+ * all copies or substantial portions of the Software.
-+ *
-+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-+ * THE SOFTWARE.
-+ */
-+
-+#include "qemu-common.h"
-+#include "usb.h"
-+#include "net.h"
-+#include "../audio/sys-queue.h"
-+
-+typedef uint32_t __le32;
-+#include "ndis.h"
-+
-+/*#define TRAFFIC_DEBUG*/
-+/* Thanks to NetChip Technologies for donating this product ID.
-+ * It's for devices with only CDC Ethernet configurations.
-+ */
-+#define CDC_VENDOR_NUM          0x0525  /* NetChip */
-+#define CDC_PRODUCT_NUM         0xa4a1  /* Linux-USB Ethernet Gadget */
-+/* For hardware that can talk RNDIS and either of the above protocols,
-+ * use this ID ... the windows INF files will know it.
-+ */
-+#define RNDIS_VENDOR_NUM        0x0525  /* NetChip */
-+#define RNDIS_PRODUCT_NUM       0xa4a2  /* Ethernet/RNDIS Gadget */
-+
-+#define STRING_MANUFACTURER             1
-+#define STRING_PRODUCT                  2
-+#define STRING_ETHADDR                  3
-+#define STRING_DATA                     4
-+#define STRING_CONTROL                  5
-+#define STRING_RNDIS_CONTROL            6
-+#define STRING_CDC                      7
-+#define STRING_SUBSET                   8
-+#define STRING_RNDIS                    9
-+#define STRING_SERIALNUMBER             10
-+
-+#define DEV_CONFIG_VALUE        1       /* cdc or subset */
-+#define DEV_RNDIS_CONFIG_VALUE  2       /* rndis; optional */
-+
-+#define USB_CDC_SUBCLASS_ACM                    0x02
-+#define USB_CDC_SUBCLASS_ETHERNET               0x06
-+
-+#define USB_CDC_PROTO_NONE                      0
-+#define USB_CDC_ACM_PROTO_VENDOR                0xff
-+
-+#define USB_CDC_HEADER_TYPE             0x00            /* header_desc */
-+#define USB_CDC_CALL_MANAGEMENT_TYPE    0x01            /* call_mgmt_descriptor */
-+#define USB_CDC_ACM_TYPE                0x02            /* acm_descriptor */
-+#define USB_CDC_UNION_TYPE              0x06            /* union_desc */
-+#define USB_CDC_ETHERNET_TYPE           0x0f            /* ether_desc */
-+
-+#define USB_DT_CS_INTERFACE             0x24
-+#define USB_DT_CS_ENDPOINT              0x25
-+
-+#define ClassInterfaceRequest \
-+        ((USB_DIR_IN|USB_TYPE_CLASS|USB_RECIP_INTERFACE)<<8)
-+#define ClassInterfaceOutRequest \
-+        ((USB_DIR_OUT|USB_TYPE_CLASS|USB_RECIP_INTERFACE)<<8)
-+
-+#define USB_CDC_SEND_ENCAPSULATED_COMMAND       0x00
-+#define USB_CDC_GET_ENCAPSULATED_RESPONSE       0x01
-+#define USB_CDC_REQ_SET_LINE_CODING             0x20
-+#define USB_CDC_REQ_GET_LINE_CODING             0x21
-+#define USB_CDC_REQ_SET_CONTROL_LINE_STATE      0x22
-+#define USB_CDC_REQ_SEND_BREAK                  0x23
-+#define USB_CDC_SET_ETHERNET_MULTICAST_FILTERS  0x40
-+#define USB_CDC_SET_ETHERNET_PM_PATTERN_FILTER  0x41
-+#define USB_CDC_GET_ETHERNET_PM_PATTERN_FILTER  0x42
-+#define USB_CDC_SET_ETHERNET_PACKET_FILTER      0x43
-+#define USB_CDC_GET_ETHERNET_STATISTIC          0x44
-+
-+#define USB_ENDPOINT_XFER_BULK          2
-+#define USB_ENDPOINT_XFER_INT           3
-+
-+#define LOG2_STATUS_INTERVAL_MSEC       5       /* 1 << 5 == 32 msec */
-+#define STATUS_BYTECOUNT                16      /* 8 byte header + data */
-+
-+#define ETH_FRAME_LEN                   1514    /* Max. octets in frame sans FCS */
-+
-+/*
-+ * mostly the same descriptor as the linux gadget rndis driver
-+ */
-+static const uint8_t qemu_net_dev_descriptor[] = {
-+       0x12,                /*  u8 bLength; */
-+       USB_DT_DEVICE,       /*  u8 bDescriptorType; Device */
-+       0x00, 0x02,          /*  u16 bcdUSB; v2.0 */
-+       USB_CLASS_COMM,      /*  u8  bDeviceClass; */
-+       0x00,                /*  u8  bDeviceSubClass; */
-+       0x00,                /*  u8  bDeviceProtocol; [ low/full speeds only ] */
-+       0x40,                /*  u8  bMaxPacketSize0 */
-+       RNDIS_VENDOR_NUM & 0xff, RNDIS_VENDOR_NUM >> 8,   /*  u16 idVendor; */
-+       RNDIS_PRODUCT_NUM & 0xff, RNDIS_PRODUCT_NUM >> 8, /*  u16 idProduct; */
-+       0x00, 0x00,          /*  u16 bcdDevice */
-+       STRING_MANUFACTURER, /*  u8  iManufacturer; */
-+       STRING_PRODUCT,      /*  u8  iProduct; */
-+       STRING_SERIALNUMBER, /*  u8  iSerialNumber; */
-+       0x02                 /*  u8  bNumConfigurations; */
-+};
-+
-+static const uint8_t qemu_net_rndis_config_descriptor[] = {
-+       /* Configuration Descriptor */
-+       0x09,                /*  u8  bLength */
-+       USB_DT_CONFIG,       /*  u8  bDescriptorType */
-+        0x43, 0x00,          /*  le16 wTotalLength */
-+        0x02,                /*  u8  bNumInterfaces */
-+        DEV_RNDIS_CONFIG_VALUE, /*  u8  bConfigurationValue */
-+        STRING_RNDIS,        /*  u8  iConfiguration */
-+        0xc0,                /*  u8  bmAttributes */
-+        0x32,                /*  u8  bMaxPower */
-+       /* RNDIS Control Interface */
-+        0x09,                /*  u8  bLength */
-+        USB_DT_INTERFACE,    /*  u8  bDescriptorType */
-+        0x00,                /*  u8  bInterfaceNumber */
-+        0x00,                /*  u8  bAlternateSetting */
-+        0x01,                /*  u8  bNumEndpoints */
-+        USB_CLASS_COMM,           /*  u8  bInterfaceClass */
-+        USB_CDC_SUBCLASS_ACM,     /*  u8  bInterfaceSubClass */
-+        USB_CDC_ACM_PROTO_VENDOR, /*  u8  bInterfaceProtocol */
-+        STRING_RNDIS_CONTROL,     /*  u8  iInterface */
-+       /* Header Descriptor */
-+        0x05,                /*  u8    bLength */
-+        USB_DT_CS_INTERFACE, /*  u8    bDescriptorType */
-+        USB_CDC_HEADER_TYPE, /*  u8    bDescriptorSubType */
-+        0x10, 0x01,          /*  le16  bcdCDC */
-+       /* Call Management Descriptor */
-+        0x05,                /*  u8    bLength */
-+        USB_DT_CS_INTERFACE, /*  u8    bDescriptorType */
-+        USB_CDC_CALL_MANAGEMENT_TYPE, /*  u8    bDescriptorSubType */
-+        0x00,                /*  u8    bmCapabilities */
-+        0x01,                /*  u8    bDataInterface */
-+       /* ACM Descriptor */
-+        0x04,                /*  u8    bLength */
-+        USB_DT_CS_INTERFACE, /*  u8    bDescriptorType */
-+        USB_CDC_ACM_TYPE,    /*  u8    bDescriptorSubType */
-+        0x00,                /*  u8    bmCapabilities */
-+       /* Union Descriptor */
-+        0x05,                /*  u8    bLength */
-+        USB_DT_CS_INTERFACE, /*  u8    bDescriptorType */
-+        USB_CDC_UNION_TYPE,  /*  u8    bDescriptorSubType */
-+        0x00,                /*  u8    bMasterInterface0 */
-+        0x01,                /*  u8    bSlaveInterface0 */
-+       /* Status Descriptor */
-+        0x07,                /*  u8  bLength */
-+        USB_DT_ENDPOINT,     /*  u8  bDescriptorType */
-+        USB_DIR_IN | 1,      /*  u8  bEndpointAddress */
-+        USB_ENDPOINT_XFER_INT, /*  u8  bmAttributes */
-+        STATUS_BYTECOUNT & 0xff, STATUS_BYTECOUNT >> 8, /*  le16 wMaxPacketSize */
-+        1 << LOG2_STATUS_INTERVAL_MSEC, /*  u8  bInterval */
-+       /* RNDIS Data Interface */
-+        0x09,                /*  u8  bLength */
-+        USB_DT_INTERFACE,    /*  u8  bDescriptorType */
-+        0x01,                /*  u8  bInterfaceNumber */
-+        0x00,                /*  u8  bAlternateSetting */
-+        0x02,                /*  u8  bNumEndpoints */
-+        USB_CLASS_CDC_DATA,  /*  u8  bInterfaceClass */
-+        0x00,                /*  u8  bInterfaceSubClass */
-+        0x00,                /*  u8  bInterfaceProtocol */
-+        STRING_DATA,         /*  u8  iInterface */
-+       /* Source Endpoint */
-+        0x07,                /*  u8  bLength */
-+        USB_DT_ENDPOINT,     /*  u8  bDescriptorType */
-+        USB_DIR_IN | 2,      /*  u8  bEndpointAddress */
-+        USB_ENDPOINT_XFER_BULK, /*  u8  bmAttributes */
-+        0x40, 0x00,          /*  le16 wMaxPacketSize */
-+        0x00,                /*  u8  bInterval */
-+       /* Sink Endpoint */
-+        0x07,                /*  u8  bLength */
-+        USB_DT_ENDPOINT,     /*  u8  bDescriptorType */
-+        USB_DIR_OUT | 2,     /*  u8  bEndpointAddress */
-+        USB_ENDPOINT_XFER_BULK, /*  u8  bmAttributes */
-+        0x40, 0x00,          /*  le16 wMaxPacketSize */
-+        0x00                 /*  u8  bInterval */
-+};
-+
-+static const uint8_t qemu_net_cdc_config_descriptor[] = {
-+       /* Configuration Descriptor */
-+       0x09,                /*  u8  bLength */
-+       USB_DT_CONFIG,       /*  u8  bDescriptorType */
-+        0x50, 0x00,          /*  le16 wTotalLength */
-+        0x02,                /*  u8  bNumInterfaces */
-+        DEV_CONFIG_VALUE,    /*  u8  bConfigurationValue */
-+        STRING_CDC,          /*  u8  iConfiguration */
-+        0xc0,                /*  u8  bmAttributes */
-+        0x32,                /*  u8  bMaxPower */
-+       /* CDC Control Interface */
-+        0x09,                /*  u8  bLength */
-+        USB_DT_INTERFACE,    /*  u8  bDescriptorType */
-+        0x00,                /*  u8  bInterfaceNumber */
-+        0x00,                /*  u8  bAlternateSetting */
-+        0x01,                /*  u8  bNumEndpoints */
-+        USB_CLASS_COMM,            /*  u8  bInterfaceClass */
-+        USB_CDC_SUBCLASS_ETHERNET, /*  u8  bInterfaceSubClass */
-+        USB_CDC_PROTO_NONE,        /*  u8  bInterfaceProtocol */
-+        STRING_CONTROL,            /*  u8  iInterface */
-+       /* Header Descriptor */
-+        0x05,                /*  u8    bLength */
-+        USB_DT_CS_INTERFACE, /*  u8    bDescriptorType */
-+        USB_CDC_HEADER_TYPE, /*  u8    bDescriptorSubType */
-+        0x10, 0x01,          /*  le16  bcdCDC */
-+       /* Union Descriptor */
-+        0x05,                /*  u8    bLength */
-+        USB_DT_CS_INTERFACE, /*  u8    bDescriptorType */
-+        USB_CDC_UNION_TYPE,  /*  u8    bDescriptorSubType */
-+        0x00,                /*  u8    bMasterInterface0 */
-+        0x01,                /*  u8    bSlaveInterface0 */
-+       /* Ethernet Descriptor */
-+        0x0d,                /*  u8    bLength */
-+        USB_DT_CS_INTERFACE, /*  u8    bDescriptorType */
-+        USB_CDC_ETHERNET_TYPE,  /*  u8    bDescriptorSubType */
-+        STRING_ETHADDR,         /*  u8    iMACAddress */
-+        0x00, 0x00, 0x00, 0x00, /*  le32  bmEthernetStatistics */
-+        ETH_FRAME_LEN & 0xff, ETH_FRAME_LEN >> 8, /*  le16  wMaxSegmentSize */
-+        0x00, 0x00,          /*  le16  wNumberMCFilters */
-+        0x00,                /*  u8    bNumberPowerFilters */
-+       /* Status Descriptor */
-+        0x07,                /*  u8  bLength */
-+        USB_DT_ENDPOINT,     /*  u8  bDescriptorType */
-+        USB_DIR_IN | 1,      /*  u8  bEndpointAddress */
-+        USB_ENDPOINT_XFER_INT, /*  u8  bmAttributes */
-+        STATUS_BYTECOUNT & 0xff, STATUS_BYTECOUNT >> 8, /*  le16 wMaxPacketSize */
-+        1 << LOG2_STATUS_INTERVAL_MSEC, /*  u8  bInterval */
-+       /* CDC Data (nop) Interface */
-+        0x09,                /*  u8  bLength */
-+        USB_DT_INTERFACE,    /*  u8  bDescriptorType */
-+        0x01,                /*  u8  bInterfaceNumber */
-+        0x00,                /*  u8  bAlternateSetting */
-+        0x00,                /*  u8  bNumEndpoints */
-+        USB_CLASS_CDC_DATA,  /*  u8  bInterfaceClass */
-+        0x00,                /*  u8  bInterfaceSubClass */
-+        0x00,                /*  u8  bInterfaceProtocol */
-+        0x00,                /*  u8  iInterface */
-+       /* CDC Data Interface */
-+        0x09,                /*  u8  bLength */
-+        USB_DT_INTERFACE,    /*  u8  bDescriptorType */
-+        0x01,                /*  u8  bInterfaceNumber */
-+        0x01,                /*  u8  bAlternateSetting */
-+        0x02,                /*  u8  bNumEndpoints */
-+        USB_CLASS_CDC_DATA,  /*  u8  bInterfaceClass */
-+        0x00,                /*  u8  bInterfaceSubClass */
-+        0x00,                /*  u8  bInterfaceProtocol */
-+        STRING_DATA,         /*  u8  iInterface */
-+       /* Source Endpoint */
-+        0x07,                /*  u8  bLength */
-+        USB_DT_ENDPOINT,     /*  u8  bDescriptorType */
-+        USB_DIR_IN | 2,      /*  u8  bEndpointAddress */
-+        USB_ENDPOINT_XFER_BULK, /*  u8  bmAttributes */
-+        0x40, 0x00,          /*  le16 wMaxPacketSize */
-+        0x00,                /*  u8  bInterval */
-+       /* Sink Endpoint */
-+        0x07,                /*  u8  bLength */
-+        USB_DT_ENDPOINT,     /*  u8  bDescriptorType */
-+        USB_DIR_OUT | 2,     /*  u8  bEndpointAddress */
-+        USB_ENDPOINT_XFER_BULK, /*  u8  bmAttributes */
-+        0x40, 0x00,          /*  le16 wMaxPacketSize */
-+        0x00                 /*  u8  bInterval */
-+};
-+
-+/*
-+ * RNDIS Status
-+ */
-+
-+#define RNDIS_MAXIMUM_FRAME_SIZE        1518
-+#define RNDIS_MAX_TOTAL_SIZE            1558
-+
-+/* Remote NDIS Versions */
-+#define RNDIS_MAJOR_VERSION             1
-+#define RNDIS_MINOR_VERSION             0
-+
-+/* Status Values */
-+#define RNDIS_STATUS_SUCCESS            0x00000000U     /* Success           */
-+#define RNDIS_STATUS_FAILURE            0xC0000001U     /* Unspecified error */
-+#define RNDIS_STATUS_INVALID_DATA       0xC0010015U     /* Invalid data      */
-+#define RNDIS_STATUS_NOT_SUPPORTED      0xC00000BBU     /* Unsupported request */
-+#define RNDIS_STATUS_MEDIA_CONNECT      0x4001000BU     /* Device connected  */
-+#define RNDIS_STATUS_MEDIA_DISCONNECT   0x4001000CU     /* Device disconnected */
-+
-+/* Message Set for Connectionless (802.3) Devices */
-+#define REMOTE_NDIS_PACKET_MSG          0x00000001U
-+#define REMOTE_NDIS_INITIALIZE_MSG      0x00000002U     /* Initialize device */
-+#define REMOTE_NDIS_HALT_MSG            0x00000003U
-+#define REMOTE_NDIS_QUERY_MSG           0x00000004U
-+#define REMOTE_NDIS_SET_MSG             0x00000005U
-+#define REMOTE_NDIS_RESET_MSG           0x00000006U
-+#define REMOTE_NDIS_INDICATE_STATUS_MSG 0x00000007U
-+#define REMOTE_NDIS_KEEPALIVE_MSG       0x00000008U
-+
-+/* Message completion */
-+#define REMOTE_NDIS_INITIALIZE_CMPLT    0x80000002U
-+#define REMOTE_NDIS_QUERY_CMPLT         0x80000004U
-+#define REMOTE_NDIS_SET_CMPLT           0x80000005U
-+#define REMOTE_NDIS_RESET_CMPLT         0x80000006U
-+#define REMOTE_NDIS_KEEPALIVE_CMPLT     0x80000008U
-+
-+/* Device Flags */
-+#define RNDIS_DF_CONNECTIONLESS         0x00000001U
-+#define RNDIS_DF_CONNECTION_ORIENTED    0x00000002U
-+
-+#define RNDIS_MEDIUM_802_3              0x00000000U
-+
-+/* from drivers/net/sk98lin/h/skgepnmi.h */
-+#define OID_PNP_CAPABILITIES                    0xFD010100
-+#define OID_PNP_SET_POWER                       0xFD010101
-+#define OID_PNP_QUERY_POWER                     0xFD010102
-+#define OID_PNP_ADD_WAKE_UP_PATTERN             0xFD010103
-+#define OID_PNP_REMOVE_WAKE_UP_PATTERN          0xFD010104
-+#define OID_PNP_ENABLE_WAKE_UP                  0xFD010106
-+
-+typedef struct rndis_init_msg_type
-+{
-+        __le32  MessageType;
-+        __le32  MessageLength;
-+        __le32  RequestID;
-+        __le32  MajorVersion;
-+        __le32  MinorVersion;
-+        __le32  MaxTransferSize;
-+} rndis_init_msg_type;
-+
-+typedef struct rndis_init_cmplt_type
-+{
-+        __le32  MessageType;
-+        __le32  MessageLength;
-+        __le32  RequestID;
-+        __le32  Status;
-+        __le32  MajorVersion;
-+        __le32  MinorVersion;
-+        __le32  DeviceFlags;
-+        __le32  Medium;
-+        __le32  MaxPacketsPerTransfer;
-+        __le32  MaxTransferSize;
-+        __le32  PacketAlignmentFactor;
-+        __le32  AFListOffset;
-+        __le32  AFListSize;
-+} rndis_init_cmplt_type;
-+
-+typedef struct rndis_halt_msg_type
-+{
-+        __le32  MessageType;
-+        __le32  MessageLength;
-+        __le32  RequestID;
-+} rndis_halt_msg_type;
-+
-+typedef struct rndis_query_msg_type
-+{
-+        __le32  MessageType;
-+        __le32  MessageLength;
-+        __le32  RequestID;
-+        __le32  OID;
-+        __le32  InformationBufferLength;
-+        __le32  InformationBufferOffset;
-+        __le32  DeviceVcHandle;
-+} rndis_query_msg_type;
-+
-+typedef struct rndis_query_cmplt_type
-+{
-+        __le32  MessageType;
-+        __le32  MessageLength;
-+        __le32  RequestID;
-+        __le32  Status;
-+        __le32  InformationBufferLength;
-+        __le32  InformationBufferOffset;
-+} rndis_query_cmplt_type;
-+
-+typedef struct rndis_set_msg_type
-+{
-+        __le32  MessageType;
-+        __le32  MessageLength;
-+        __le32  RequestID;
-+        __le32  OID;
-+        __le32  InformationBufferLength;
-+        __le32  InformationBufferOffset;
-+        __le32  DeviceVcHandle;
-+} rndis_set_msg_type;
-+
-+typedef struct rndis_set_cmplt_type
-+{
-+        __le32  MessageType;
-+        __le32  MessageLength;
-+        __le32  RequestID;
-+        __le32  Status;
-+} rndis_set_cmplt_type;
-+
-+typedef struct rndis_reset_msg_type
-+{
-+        __le32  MessageType;
-+        __le32  MessageLength;
-+        __le32  Reserved;
-+} rndis_reset_msg_type;
-+
-+typedef struct rndis_reset_cmplt_type
-+{
-+        __le32  MessageType;
-+        __le32  MessageLength;
-+        __le32  Status;
-+        __le32  AddressingReset;
-+} rndis_reset_cmplt_type;
-+
-+typedef struct rndis_indicate_status_msg_type
-+{
-+        __le32  MessageType;
-+        __le32  MessageLength;
-+        __le32  Status;
-+        __le32  StatusBufferLength;
-+        __le32  StatusBufferOffset;
-+} rndis_indicate_status_msg_type;
-+
-+typedef struct rndis_keepalive_msg_type
-+{
-+        __le32  MessageType;
-+        __le32  MessageLength;
-+        __le32  RequestID;
-+} rndis_keepalive_msg_type;
-+
-+typedef struct rndis_keepalive_cmplt_type
-+{
-+        __le32  MessageType;
-+        __le32  MessageLength;
-+        __le32  RequestID;
-+        __le32  Status;
-+} rndis_keepalive_cmplt_type;
-+
-+struct rndis_packet_msg_type
-+{
-+        __le32  MessageType;
-+        __le32  MessageLength;
-+        __le32  DataOffset;
-+        __le32  DataLength;
-+        __le32  OOBDataOffset;
-+        __le32  OOBDataLength;
-+        __le32  NumOOBDataElements;
-+        __le32  PerPacketInfoOffset;
-+        __le32  PerPacketInfoLength;
-+        __le32  VcHandle;
-+        __le32  Reserved;
-+};
-+
-+struct rndis_config_parameter
-+{
-+        __le32  ParameterNameOffset;
-+        __le32  ParameterNameLength;
-+        __le32  ParameterType;
-+        __le32  ParameterValueOffset;
-+        __le32  ParameterValueLength;
-+};
-+
-+/* implementation specific */
-+enum rndis_state
-+{
-+        RNDIS_UNINITIALIZED,
-+        RNDIS_INITIALIZED,
-+        RNDIS_DATA_INITIALIZED,
-+};
-+
-+static const uint32_t oid_supported_list[] =
-+{
-+        /* the general stuff */
-+        OID_GEN_SUPPORTED_LIST,
-+        OID_GEN_HARDWARE_STATUS,
-+        OID_GEN_MEDIA_SUPPORTED,
-+        OID_GEN_MEDIA_IN_USE,
-+        OID_GEN_MAXIMUM_FRAME_SIZE,
-+        OID_GEN_LINK_SPEED,
-+        OID_GEN_TRANSMIT_BLOCK_SIZE,
-+        OID_GEN_RECEIVE_BLOCK_SIZE,
-+        OID_GEN_VENDOR_ID,
-+        OID_GEN_VENDOR_DESCRIPTION,
-+        OID_GEN_VENDOR_DRIVER_VERSION,
-+        OID_GEN_CURRENT_PACKET_FILTER,
-+        OID_GEN_MAXIMUM_TOTAL_SIZE,
-+        OID_GEN_MEDIA_CONNECT_STATUS,
-+        OID_GEN_PHYSICAL_MEDIUM,
-+        /* the statistical stuff */
-+        OID_GEN_XMIT_OK,
-+        OID_GEN_RCV_OK,
-+        OID_GEN_XMIT_ERROR,
-+        OID_GEN_RCV_ERROR,
-+        OID_GEN_RCV_NO_BUFFER,
-+        /* mandatory 802.3 */
-+        /* the general stuff */
-+        OID_802_3_PERMANENT_ADDRESS,
-+        OID_802_3_CURRENT_ADDRESS,
-+        OID_802_3_MULTICAST_LIST,
-+        OID_802_3_MAC_OPTIONS,
-+        OID_802_3_MAXIMUM_LIST_SIZE,
-+
-+        /* the statistical stuff */
-+        OID_802_3_RCV_ERROR_ALIGNMENT,
-+        OID_802_3_XMIT_ONE_COLLISION,
-+        OID_802_3_XMIT_MORE_COLLISIONS
-+};
-+
-+struct rndis_response {
-+       TAILQ_ENTRY(rndis_response) entries;
-+       uint32_t length;
-+       uint8_t buf[0];
-+};
-+
-+
-+typedef struct USBNetState {
-+       USBDevice dev;
-+
-+       unsigned int rndis;
-+       enum rndis_state rndis_state;
-+        uint32_t medium;
-+        uint32_t speed;
-+        uint32_t media_state;
-+       uint16_t filter;
-+               uint32_t vendorid;
-+       uint8_t mac[6];
-+
-+       unsigned int out_ptr;
-+       uint8_t out_buf[2048];
-+
-+       USBPacket *inpkt;
-+       unsigned int in_ptr, in_len;
-+       uint8_t in_buf[2048];   
-+
-+       VLANClientState *vc;
-+       TAILQ_HEAD(rndis_resp_head, rndis_response) rndis_resp;
-+} USBNetState;
-+
-+
-+static int ndis_query(USBNetState *s, uint32_t oid, uint8_t *inbuf, unsigned int inlen, uint8_t *outbuf)
-+{
-+       switch (oid) {
-+        /* general oids (table 4-1) */
-+        /* mandatory */
-+        case OID_GEN_SUPPORTED_LIST:
-+       {
-+                unsigned int i, count = sizeof(oid_supported_list) / sizeof(uint32_t);
-+                for (i = 0; i < count; i++)
-+                        ((__le32 *)outbuf)[i] = cpu_to_le32(oid_supported_list[i]);
-+                return sizeof(oid_supported_list);
-+       }
-+
-+        /* mandatory */
-+       case OID_GEN_HARDWARE_STATUS:
-+               *((__le32 *)outbuf) = cpu_to_le32(0);
-+               return sizeof(__le32);
-+               
-+        /* mandatory */
-+        case OID_GEN_MEDIA_SUPPORTED:
-+               *((__le32 *)outbuf) = cpu_to_le32(s->medium);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_GEN_MEDIA_IN_USE:
-+               *((__le32 *)outbuf) = cpu_to_le32(s->medium);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_GEN_MAXIMUM_FRAME_SIZE:
-+               *((__le32 *)outbuf) = cpu_to_le32(ETH_FRAME_LEN);
-+               return sizeof(__le32);
-+               
-+        /* mandatory */
-+        case OID_GEN_LINK_SPEED:
-+               *((__le32 *)outbuf) = cpu_to_le32(s->speed);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_GEN_TRANSMIT_BLOCK_SIZE:
-+               *((__le32 *)outbuf) = cpu_to_le32(ETH_FRAME_LEN);
-+               return sizeof(__le32);
-+               
-+        /* mandatory */
-+        case OID_GEN_RECEIVE_BLOCK_SIZE:
-+               *((__le32 *)outbuf) = cpu_to_le32(ETH_FRAME_LEN);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_GEN_VENDOR_ID:
-+               *((__le32 *)outbuf) = cpu_to_le32(0x1234);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_GEN_VENDOR_DESCRIPTION:
-+               strcpy(outbuf, "QEMU USB RNDIS Net");
-+               return strlen(outbuf) + 1;
-+
-+       case OID_GEN_VENDOR_DRIVER_VERSION:
-+               *((__le32 *)outbuf) = cpu_to_le32(1);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_GEN_CURRENT_PACKET_FILTER:
-+               *((__le32 *)outbuf) = cpu_to_le32(s->filter);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_GEN_MAXIMUM_TOTAL_SIZE:
-+               *((__le32 *)outbuf) = cpu_to_le32(RNDIS_MAX_TOTAL_SIZE);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_GEN_MEDIA_CONNECT_STATUS:
-+               *((__le32 *)outbuf) = cpu_to_le32(s->media_state);
-+               return sizeof(__le32);
-+
-+        case OID_GEN_PHYSICAL_MEDIUM:
-+               *((__le32 *)outbuf) = cpu_to_le32(0);
-+               return sizeof(__le32);
-+
-+        case OID_GEN_MAC_OPTIONS:
-+               *((__le32 *)outbuf) = cpu_to_le32(NDIS_MAC_OPTION_RECEIVE_SERIALIZED | NDIS_MAC_OPTION_FULL_DUPLEX);
-+               return sizeof(__le32);
-+
-+        /* statistics OIDs (table 4-2) */
-+        /* mandatory */
-+        case OID_GEN_XMIT_OK:
-+               *((__le32 *)outbuf) = cpu_to_le32(0);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_GEN_RCV_OK:
-+               *((__le32 *)outbuf) = cpu_to_le32(0);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_GEN_XMIT_ERROR:
-+               *((__le32 *)outbuf) = cpu_to_le32(0);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_GEN_RCV_ERROR:
-+               *((__le32 *)outbuf) = cpu_to_le32(0);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_GEN_RCV_NO_BUFFER:
-+               *((__le32 *)outbuf) = cpu_to_le32(0);
-+               return sizeof(__le32);
-+
-+        /* ieee802.3 OIDs (table 4-3) */
-+        /* mandatory */
-+        case OID_802_3_PERMANENT_ADDRESS:
-+               memcpy(outbuf, s->mac, 6);
-+               return 6;
-+
-+        /* mandatory */
-+        case OID_802_3_CURRENT_ADDRESS:
-+               memcpy(outbuf, s->mac, 6);
-+               return 6;
-+
-+        /* mandatory */
-+        case OID_802_3_MULTICAST_LIST:
-+               *((__le32 *)outbuf) = cpu_to_le32(0xE0000000);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_802_3_MAXIMUM_LIST_SIZE:
-+               *((__le32 *)outbuf) = cpu_to_le32(1);
-+               return sizeof(__le32);
-+
-+        case OID_802_3_MAC_OPTIONS:
-+               return 0;
-+
-+        /* ieee802.3 statistics OIDs (table 4-4) */
-+        /* mandatory */
-+        case OID_802_3_RCV_ERROR_ALIGNMENT:
-+               *((__le32 *)outbuf) = cpu_to_le32(0);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_802_3_XMIT_ONE_COLLISION:
-+               *((__le32 *)outbuf) = cpu_to_le32(0);
-+               return sizeof(__le32);
-+
-+        /* mandatory */
-+        case OID_802_3_XMIT_MORE_COLLISIONS:
-+               *((__le32 *)outbuf) = cpu_to_le32(0);
-+               return sizeof(__le32);
-+
-+       default:
-+               fprintf(stderr, "usbnet: unknown OID 0x%08x\n", oid);
-+               return 0;
-+       }
-+       return -1;
-+}
-+
-+static int ndis_set(USBNetState *s, uint32_t oid, uint8_t *inbuf, unsigned int inlen)
-+{
-+       switch (oid) {
-+        case OID_GEN_CURRENT_PACKET_FILTER:
-+               s->filter = le32_to_cpup((__le32 *)inbuf);
-+               if (s->filter) {
-+                       s->rndis_state = RNDIS_DATA_INITIALIZED;
-+               } else {
-+                       s->rndis_state = RNDIS_INITIALIZED;
-+               }
-+               return 0;
-+
-+        case OID_802_3_MULTICAST_LIST:
-+               return 0;
-+
-+       }
-+       return -1;
-+}
-+
-+static int rndis_get_response(USBNetState *s, uint8_t *buf)
-+{
-+       int ret = 0;
-+       struct rndis_response *r = s->rndis_resp.tqh_first;
-+       if (!r)
-+               return ret;
-+       TAILQ_REMOVE(&s->rndis_resp, r, entries);
-+       ret = r->length;
-+       memcpy(buf, r->buf, r->length);
-+       qemu_free(r);
-+       return ret;
-+}
-+
-+static void *rndis_queue_response(USBNetState *s, unsigned int length)
-+{
-+       struct rndis_response *r = qemu_mallocz(sizeof(struct rndis_response) + length);
-+       if (!r)
-+               return NULL;
-+       TAILQ_INSERT_TAIL(&s->rndis_resp, r, entries);
-+       r->length = length;
-+       return &r->buf[0];
-+}
-+
-+static void rndis_clear_responsequeue(USBNetState *s)
-+{
-+       struct rndis_response *r;
-+       
-+       while ((r = s->rndis_resp.tqh_first)) {
-+               TAILQ_REMOVE(&s->rndis_resp, r, entries);
-+               qemu_free(r);
-+       }
-+}
-+
-+static int rndis_init_response(USBNetState *s, rndis_init_msg_type *buf)
-+{
-+       rndis_init_cmplt_type *resp = rndis_queue_response(s, sizeof(rndis_init_cmplt_type));
-+       if (!resp)
-+               return USB_RET_STALL;
-+       resp->MessageType = cpu_to_le32(REMOTE_NDIS_INITIALIZE_CMPLT);
-+        resp->MessageLength = cpu_to_le32(sizeof(rndis_init_cmplt_type));
-+        resp->RequestID = buf->RequestID; /* Still LE in msg buffer */
-+        resp->Status = cpu_to_le32(RNDIS_STATUS_SUCCESS);
-+        resp->MajorVersion = cpu_to_le32(RNDIS_MAJOR_VERSION);
-+        resp->MinorVersion = cpu_to_le32(RNDIS_MINOR_VERSION);
-+        resp->DeviceFlags = cpu_to_le32(RNDIS_DF_CONNECTIONLESS);
-+        resp->Medium = cpu_to_le32(RNDIS_MEDIUM_802_3);
-+        resp->MaxPacketsPerTransfer = cpu_to_le32(1);
-+        resp->MaxTransferSize = cpu_to_le32(ETH_FRAME_LEN + sizeof(struct rndis_packet_msg_type) + 22);
-+        resp->PacketAlignmentFactor = cpu_to_le32(0);
-+        resp->AFListOffset = cpu_to_le32(0);
-+        resp->AFListSize = cpu_to_le32(0);
-+        return 0;
-+}
-+
-+static int rndis_query_response(USBNetState *s, rndis_query_msg_type *buf, unsigned int length)
-+{
-+        rndis_query_cmplt_type *resp;
-+       uint8_t infobuf[sizeof(oid_supported_list)]; /* oid_supported_list is the largest data reply */
-+       uint32_t bufoffs, buflen;
-+       int infobuflen;
-+       unsigned int resplen;
-+       bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
-+       buflen = le32_to_cpu(buf->InformationBufferLength);
-+       if (bufoffs + buflen > length)
-+               return USB_RET_STALL;
-+       infobuflen = ndis_query(s, le32_to_cpu(buf->OID), bufoffs + (uint8_t *)buf, buflen, infobuf);
-+       resplen = sizeof(rndis_query_cmplt_type) + ((infobuflen < 0) ? 0 : infobuflen);
-+       resp = rndis_queue_response(s, resplen);
-+       if (!resp)
-+               return USB_RET_STALL;
-+        resp->MessageType = cpu_to_le32(REMOTE_NDIS_QUERY_CMPLT);
-+        resp->RequestID = buf->RequestID; /* Still LE in msg buffer */
-+       resp->MessageLength = cpu_to_le32(resplen);
-+       if (infobuflen < 0) {
-+               /* OID not supported */
-+                resp->Status = cpu_to_le32(RNDIS_STATUS_NOT_SUPPORTED);
-+               resp->InformationBufferLength = cpu_to_le32(0);
-+                resp->InformationBufferOffset = cpu_to_le32(0);
-+               return 0;
-+       }
-+       resp->Status = cpu_to_le32(RNDIS_STATUS_SUCCESS);
-+       resp->InformationBufferOffset = cpu_to_le32(infobuflen ? sizeof(rndis_query_cmplt_type) - 8 : 0);
-+       resp->InformationBufferLength = cpu_to_le32(infobuflen);
-+       memcpy(resp + 1, infobuf, infobuflen);
-+       return 0;
-+}
-+
-+static int rndis_set_response(USBNetState *s, rndis_set_msg_type *buf, unsigned int length)
-+{
-+        rndis_set_cmplt_type *resp = rndis_queue_response(s, sizeof(rndis_set_cmplt_type));
-+       uint32_t bufoffs, buflen;
-+       if (!resp)
-+               return USB_RET_STALL;
-+       bufoffs = le32_to_cpu(buf->InformationBufferOffset) + 8;
-+       buflen = le32_to_cpu(buf->InformationBufferLength);
-+       if (bufoffs + buflen > length)
-+               return USB_RET_STALL;
-+       int ret = ndis_set(s, le32_to_cpu(buf->OID), bufoffs + (uint8_t *)buf, buflen);
-+        resp->MessageType = cpu_to_le32(REMOTE_NDIS_SET_CMPLT);
-+        resp->RequestID = buf->RequestID; /* Still LE in msg buffer */
-+       resp->MessageLength = cpu_to_le32(sizeof(rndis_set_cmplt_type));
-+       if (ret < 0) {
-+               /* OID not supported */
-+                resp->Status = cpu_to_le32(RNDIS_STATUS_NOT_SUPPORTED);
-+               return 0;
-+       }
-+       resp->Status = cpu_to_le32(RNDIS_STATUS_SUCCESS);
-+       return 0;
-+}
-+
-+static int rndis_reset_response(USBNetState *s, rndis_reset_msg_type *buf)
-+{
-+        rndis_reset_cmplt_type *resp = rndis_queue_response(s, sizeof(rndis_reset_cmplt_type));
-+       if (!resp)
-+               return USB_RET_STALL;
-+        resp->MessageType = cpu_to_le32(REMOTE_NDIS_RESET_CMPLT);
-+        resp->MessageLength = cpu_to_le32(sizeof(rndis_reset_cmplt_type));
-+        resp->Status = cpu_to_le32(RNDIS_STATUS_SUCCESS);
-+        /* resent information */
-+        resp->AddressingReset = cpu_to_le32(1);
-+       return 0;
-+}
-+
-+static int rndis_keepalive_response(USBNetState *s, rndis_keepalive_msg_type *buf)
-+{
-+        rndis_keepalive_cmplt_type *resp = rndis_queue_response(s, sizeof(rndis_keepalive_cmplt_type));
-+       if (!resp)
-+               return USB_RET_STALL;
-+        resp->MessageType = cpu_to_le32(REMOTE_NDIS_KEEPALIVE_CMPLT);
-+        resp->MessageLength = cpu_to_le32(sizeof(rndis_keepalive_cmplt_type));
-+        resp->RequestID = buf->RequestID; /* Still LE in msg buffer */
-+        resp->Status = cpu_to_le32(RNDIS_STATUS_SUCCESS);
-+       return 0;
-+}
-+
-+static int rndis_parse(USBNetState *s, uint8_t *data, int length)
-+{
-+        uint32_t MsgType, MsgLength;
-+        __le32 *tmp = (__le32 *)data;
-+        MsgType = le32_to_cpup(tmp++);
-+        MsgLength = le32_to_cpup(tmp++);
-+       
-+       switch (MsgType) {
-+       case REMOTE_NDIS_INITIALIZE_MSG:
-+               s->rndis_state = RNDIS_INITIALIZED;
-+               return rndis_init_response(s, (rndis_init_msg_type *)data);
-+
-+        case REMOTE_NDIS_HALT_MSG:
-+               s->rndis_state = RNDIS_UNINITIALIZED;
-+                return 0;
-+
-+       case REMOTE_NDIS_QUERY_MSG:
-+                return rndis_query_response(s, (rndis_query_msg_type *)data, length);
-+
-+        case REMOTE_NDIS_SET_MSG:
-+                return rndis_set_response(s, (rndis_set_msg_type *)data, length);
-+
-+        case REMOTE_NDIS_RESET_MSG:
-+               rndis_clear_responsequeue(s);
-+               s->out_ptr = s->in_ptr = s->in_len = 0;
-+                return rndis_reset_response(s, (rndis_reset_msg_type *)data);
-+
-+        case REMOTE_NDIS_KEEPALIVE_MSG:
-+                /* For USB: host does this every 5 seconds */
-+                return rndis_keepalive_response(s, (rndis_keepalive_msg_type *)data);  
-+       }
-+       return USB_RET_STALL;
-+}
-+
-+static void usb_net_handle_reset(USBDevice *dev)
-+{
-+}
-+
-+static int usb_net_handle_control(USBDevice *dev, int request, int value,
-+                                  int index, int length, uint8_t *data)
-+{
-+       USBNetState *s = (USBNetState *)dev;
-+       int ret = 0;
-+
-+       switch(request) {
-+       case DeviceRequest | USB_REQ_GET_STATUS:
-+               data[0] = (1 << USB_DEVICE_SELF_POWERED) |
-+                       (dev->remote_wakeup << USB_DEVICE_REMOTE_WAKEUP);
-+               data[1] = 0x00;
-+               ret = 2;
-+               break;
-+
-+       case DeviceOutRequest | USB_REQ_CLEAR_FEATURE:
-+               if (value == USB_DEVICE_REMOTE_WAKEUP) {
-+                       dev->remote_wakeup = 0;
-+               } else {
-+                       goto fail;
-+               }
-+               ret = 0;
-+               break;
-+
-+       case DeviceOutRequest | USB_REQ_SET_FEATURE:
-+               if (value == USB_DEVICE_REMOTE_WAKEUP) {
-+                       dev->remote_wakeup = 1;
-+               } else {
-+                       goto fail;
-+               }
-+               ret = 0;
-+               break;
-+
-+       case DeviceOutRequest | USB_REQ_SET_ADDRESS:
-+               dev->addr = value;
-+               ret = 0;
-+               break;
-+
-+       case ClassInterfaceOutRequest | USB_CDC_SEND_ENCAPSULATED_COMMAND:
-+               if (!s->rndis || value || index != 0)
-+                       goto fail;
-+#if TRAFFIC_DEBUG
-+               {
-+                       unsigned int i;
-+                       fprintf(stderr, "SEND_ENCAPSULATED_COMMAND:");
-+                       for (i = 0; i < length; i++) {
-+                               if (!(i & 15))
-+                                       fprintf(stderr, "\n%04X:", i);
-+                               fprintf(stderr, " %02X", data[i]);
-+                       }
-+                       fprintf(stderr, "\n\n");
-+               }
-+#endif
-+               ret = rndis_parse(s, data, length);
-+               break;
-+
-+       case ClassInterfaceRequest | USB_CDC_GET_ENCAPSULATED_RESPONSE:
-+               if (!s->rndis || value || index != 0)
-+                       goto fail;
-+               ret = rndis_get_response(s, data);
-+               if (!ret) {
-+                       data[0] = 0;
-+                       ret = 1;
-+               }
-+#if TRAFFIC_DEBUG
-+               {
-+                       unsigned int i;
-+                       fprintf(stderr, "GET_ENCAPSULATED_RESPONSE:");
-+                       for (i = 0; i < ret; i++) {
-+                               if (!(i & 15))
-+                                       fprintf(stderr, "\n%04X:", i);
-+                               fprintf(stderr, " %02X", data[i]);
-+                       }
-+                       fprintf(stderr, "\n\n");
-+               }
-+#endif
-+               break;
-+
-+       case DeviceRequest | USB_REQ_GET_DESCRIPTOR:
-+               switch(value >> 8) {
-+               case USB_DT_DEVICE:
-+                       ret = sizeof(qemu_net_dev_descriptor);
-+                       memcpy(data, qemu_net_dev_descriptor, ret);
-+                       break;
-+
-+               case USB_DT_CONFIG:
-+                       switch (value & 0xff) {
-+                       case 0:
-+                               ret = sizeof(qemu_net_rndis_config_descriptor);
-+                               memcpy(data, qemu_net_rndis_config_descriptor,
-+                                               ret);
-+                               break;
-+
-+                       case 1:
-+                               ret = sizeof(qemu_net_cdc_config_descriptor);
-+                               memcpy(data, qemu_net_cdc_config_descriptor,
-+                                               ret);
-+                               break;
-+
-+                       default:
-+                               goto fail;
-+                       }
-+                       data[2] = ret & 0xff;
-+                       data[3] = ret >> 8;
-+                       break;
-+
-+               case USB_DT_STRING:
-+                       switch (value & 0xff) {
-+                       case 0:
-+                               /* language ids */
-+                               data[0] = 4;
-+                               data[1] = 3;
-+                               data[2] = 0x09;
-+                               data[3] = 0x04;
-+                               ret = 4;
-+                               break;
-+                               
-+                       case STRING_MANUFACTURER:
-+                               ret = set_usb_string(data, "QEMU");
-+                               break;
-+
-+                       case STRING_PRODUCT:
-+                               ret = set_usb_string(data, "RNDIS/QEMU USB Network Device");
-+                               break;
-+
-+                       case STRING_ETHADDR:
-+                               ret = set_usb_string(data, "400102030405");
-+                               break;
-+
-+                       case STRING_DATA:
-+                               ret = set_usb_string(data, "QEMU USB Net Data Interface");
-+                               break;
-+
-+                       case STRING_CONTROL:
-+                               ret = set_usb_string(data, "QEMU USB Net Control Interface");
-+                               break;
-+
-+                       case STRING_RNDIS_CONTROL:
-+                               ret = set_usb_string(data, "QEMU USB Net RNDIS Control Interface");
-+                               break;
-+
-+                       case STRING_CDC:
-+                               ret = set_usb_string(data, "QEMU USB Net CDC");
-+                               break;
-+
-+                       case STRING_SUBSET:
-+                               ret = set_usb_string(data, "QEMU USB Net Subset");
-+                               break;
-+
-+                       case STRING_RNDIS:
-+                               ret = set_usb_string(data, "QEMU USB Net RNDIS");
-+                               break;
-+
-+                       case STRING_SERIALNUMBER:
-+                               ret = set_usb_string(data, "1");
-+                               break;
-+
-+                       default:
-+                               goto fail;
-+                       }
-+                       break;
-+
-+               default:
-+                       goto fail;
-+               }
-+               break;
-+
-+       case DeviceRequest | USB_REQ_GET_CONFIGURATION:
-+               data[0] = s->rndis ? DEV_RNDIS_CONFIG_VALUE : DEV_CONFIG_VALUE;
-+               ret = 1;
-+               break;
-+
-+       case DeviceOutRequest | USB_REQ_SET_CONFIGURATION:
-+               switch (value & 0xff) {
-+               case DEV_CONFIG_VALUE:
-+                       s->rndis = 0;
-+                       break;
-+
-+               case DEV_RNDIS_CONFIG_VALUE:
-+                       s->rndis = 1;
-+                       break;
-+
-+               default:
-+                       goto fail;
-+               }
-+               ret = 0;
-+               break;
-+
-+       case DeviceRequest | USB_REQ_GET_INTERFACE:
-+       case InterfaceRequest | USB_REQ_GET_INTERFACE:
-+               data[0] = 0;
-+               ret = 1;
-+               break;
-+
-+       case DeviceOutRequest | USB_REQ_SET_INTERFACE:
-+       case InterfaceOutRequest | USB_REQ_SET_INTERFACE:
-+               ret = 0;
-+               break;
-+
-+       default:
-+       fail:
-+               fprintf(stderr, "usbnet: failed control transaction: request 0x%x value 0x%x index 0x%x length 0x%x\n",
-+                       request, value, index, length);
-+               ret = USB_RET_STALL;
-+               break;
-+       }
-+       return ret;
-+}
-+
-+static int usb_net_handle_statusin(USBNetState *s, USBPacket *p)
-+{
-+       int ret = 8;
-+       if (p->len < 8)
-+               return USB_RET_STALL;
-+       ((__le32 *)p->data)[0] = cpu_to_le32(1);
-+       ((__le32 *)p->data)[1] = cpu_to_le32(0);
-+       if (!s->rndis_resp.tqh_first)
-+               ret = USB_RET_NAK;
-+#if DEBUG
-+       fprintf(stderr, "usbnet: interrupt poll len %u return %d", p->len, ret);
-+       {
-+               int i;
-+               fprintf(stderr, ":");
-+               for (i = 0; i < ret; i++) {
-+                       if (!(i & 15))
-+                               fprintf(stderr, "\n%04X:", i);
-+                       fprintf(stderr, " %02X", p->data[i]);
-+               }
-+               fprintf(stderr, "\n\n");
-+       }
-+#endif
-+       return ret;
-+}
-+
-+static int usb_net_handle_datain(USBNetState *s, USBPacket *p)
-+{
-+       int ret = USB_RET_NAK;
-+
-+       if (s->in_ptr > s->in_len) {
-+               s->in_ptr = s->in_len = 0;
-+               ret = USB_RET_NAK;
-+               return ret;
-+       }
-+       if (!s->in_len) {
-+               ret = USB_RET_NAK;
-+               return ret;
-+       }
-+       ret = s->in_len - s->in_ptr;
-+       if (ret > p->len)
-+               ret = p->len;
-+       memcpy(p->data, &s->in_buf[s->in_ptr], ret);
-+       s->in_ptr += ret;
-+       if (s->in_ptr >= s->in_len && (s->rndis || (s->in_len & (64-1)) || !ret)) {
-+               /* no short packet necessary */
-+               s->in_ptr = s->in_len = 0;
-+       }
-+#if TRAFFIC_DEBUG
-+       fprintf(stderr, "usbnet: data in len %u return %d", p->len, ret);
-+       {
-+               int i;
-+               fprintf(stderr, ":");
-+               for (i = 0; i < ret; i++) {
-+                       if (!(i & 15))
-+                               fprintf(stderr, "\n%04X:", i);
-+                       fprintf(stderr, " %02X", p->data[i]);
-+               }
-+               fprintf(stderr, "\n\n");
-+       }
-+#endif
-+       return ret;
-+}
-+
-+static int usb_net_handle_dataout(USBNetState *s, USBPacket *p)
-+{
-+       int ret = p->len;
-+       int sz = sizeof(s->out_buf) - s->out_ptr;
-+       struct rndis_packet_msg_type *msg = (struct rndis_packet_msg_type *)s->out_buf;
-+       uint32_t len;
-+
-+#if TRAFFIC_DEBUG
-+       fprintf(stderr, "usbnet: data out len %u\n", p->len);
-+       {
-+               int i;
-+               fprintf(stderr, ":");
-+               for (i = 0; i < p->len; i++) {
-+                       if (!(i & 15))
-+                               fprintf(stderr, "\n%04X:", i);
-+                       fprintf(stderr, " %02X", p->data[i]);
-+               }
-+               fprintf(stderr, "\n\n");
-+       }
-+#endif
-+       if (sz > ret)
-+               sz = ret;
-+       memcpy(&s->out_buf[s->out_ptr], p->data, sz);
-+       s->out_ptr += sz;
-+       if (!s->rndis) {
-+               if (ret < 64) {
-+                       qemu_send_packet(s->vc, s->out_buf, s->out_ptr);
-+                       s->out_ptr = 0;
-+               }
-+               return ret;
-+       }
-+       len = le32_to_cpu(msg->MessageLength);
-+       if (s->out_ptr < 8 || s->out_ptr < len)
-+               return ret;
-+       if (le32_to_cpu(msg->MessageType) == REMOTE_NDIS_PACKET_MSG) {
-+               uint32_t offs = 8 + le32_to_cpu(msg->DataOffset);
-+               uint32_t size = le32_to_cpu(msg->DataLength);
-+               if (offs + size <= len)
-+                       qemu_send_packet(s->vc, s->out_buf + offs, size);
-+       }
-+       s->out_ptr -= len;
-+       memmove(s->out_buf, &s->out_buf[len], s->out_ptr);
-+       return ret;
-+}
-+
-+static int usb_net_handle_data(USBDevice *dev, USBPacket *p)
-+{
-+       USBNetState *s = (USBNetState *)dev;
-+       int ret = 0;
-+
-+       switch(p->pid) {
-+       case USB_TOKEN_IN:
-+               switch (p->devep) {
-+               case 1:
-+                       ret = usb_net_handle_statusin(s, p);
-+                       break;
-+
-+               case 2:
-+                       ret = usb_net_handle_datain(s, p);
-+                       break;
-+
-+               default:
-+                       goto fail;
-+               }
-+               break;
-+
-+       case USB_TOKEN_OUT:
-+               switch (p->devep) {
-+               case 2:
-+                       ret = usb_net_handle_dataout(s, p);
-+                       break;
-+
-+               default:
-+                       goto fail;
-+               }
-+               break;
-+
-+       default:
-+       fail:
-+               ret = USB_RET_STALL;
-+               break;
-+       }
-+       if (ret == USB_RET_STALL)
-+               fprintf(stderr, "usbnet: failed data transaction: pid 0x%x ep 0x%x len 0x%x\n", p->pid, p->devep, p->len);
-+       return ret;
-+}
-+
-+static void usbnet_receive(void *opaque, const uint8_t *buf, int size)
-+{
-+       USBNetState *s = opaque;
-+
-+       if (s->rndis) {
-+               struct rndis_packet_msg_type *msg = (struct rndis_packet_msg_type *)s->in_buf;
-+               if (!s->rndis_state == RNDIS_DATA_INITIALIZED)
-+                       return;
-+               if (size + sizeof(struct rndis_packet_msg_type) > sizeof(s->in_buf))
-+                       return;
-+               memset(msg, 0, sizeof(struct rndis_packet_msg_type));
-+               msg->MessageType = cpu_to_le32(REMOTE_NDIS_PACKET_MSG);
-+               msg->MessageLength = cpu_to_le32(size + sizeof(struct rndis_packet_msg_type));
-+               msg->DataOffset = cpu_to_le32(sizeof(struct rndis_packet_msg_type) - 8);
-+               msg->DataLength = cpu_to_le32(size);
-+               //msg->OOBDataOffset;
-+               //msg->OOBDataLength;
-+               //msg->NumOOBDataElements;
-+               //msg->PerPacketInfoOffset;
-+               //msg->PerPacketInfoLength;
-+               //msg->VcHandle;
-+               //msg->Reserved;
-+               memcpy(msg + 1, buf, size);
-+               s->in_len = size + sizeof(struct rndis_packet_msg_type);
-+       } else {
-+               if (size > sizeof(s->in_buf))
-+                       return;
-+               memcpy(s->in_buf, buf, size);
-+               s->in_len = size;
-+       }
-+       s->in_ptr = 0;
-+}
-+
-+static int usbnet_can_receive(void *opaque)
-+{
-+       USBNetState *s = opaque;
-+
-+       if (s->rndis && !s->rndis_state == RNDIS_DATA_INITIALIZED)
-+               return 1;
-+       return !s->in_len;
-+}
-+
-+static void usb_net_handle_destroy(USBDevice *dev)
-+{
-+       USBNetState *s = (USBNetState *)dev;
-+       rndis_clear_responsequeue(s);
-+       qemu_free(s);
-+}
-+
-+USBDevice *usb_net_init(NICInfo *nd)
-+{
-+       USBNetState *s;
-+
-+       s = qemu_mallocz(sizeof(USBNetState));
-+       if (!s)
-+               return NULL;
-+       s->dev.speed = USB_SPEED_FULL;
-+       s->dev.handle_packet = usb_generic_handle_packet;
-+
-+       s->dev.handle_reset = usb_net_handle_reset;
-+       s->dev.handle_control = usb_net_handle_control;
-+       s->dev.handle_data = usb_net_handle_data;
-+       s->dev.handle_destroy = usb_net_handle_destroy;
-+
-+       s->rndis = 1;
-+       s->rndis_state = RNDIS_UNINITIALIZED;
-+        s->medium = NDIS_MEDIUM_802_3;
-+        s->speed = 1000000; /* 100MBps, in 100Bps units */
-+        s->media_state = NDIS_MEDIA_STATE_CONNECTED;
-+       s->filter = 0;
-+        s->vendorid = 0x1234;
-+       memcpy(s->mac, nd->macaddr, 6);
-+       TAILQ_INIT(&s->rndis_resp);
-+
-+       pstrcpy(s->dev.devname, sizeof(s->dev.devname), "QEMU USB Network Interface");
-+       s->vc = qemu_new_vlan_client(nd->vlan, usbnet_receive, usbnet_can_receive, s);
-+       snprintf(s->vc->info_str, sizeof(s->vc->info_str),
-+                "usbnet macaddr=%02x:%02x:%02x:%02x:%02x:%02x",
-+                s->mac[0], s->mac[1], s->mac[2],
-+                s->mac[3], s->mac[4], s->mac[5]);
-+       fprintf(stderr, "usbnet: initialized mac %02x:%02x:%02x:%02x:%02x:%02x\n",
-+               s->mac[0], s->mac[1], s->mac[2],
-+               s->mac[3], s->mac[4], s->mac[5]);
-+       return (USBDevice *)s;
-+}
-diff -urN 4242/Makefile qemu-omap/Makefile
---- 4242/Makefile       2008-04-24 20:17:05.000000000 +0100
-+++ qemu-omap/Makefile  2008-04-23 09:57:55.000000000 +0100
-@@ -55,7 +55,8 @@
- OBJS+=tmp105.o
- OBJS+=scsi-disk.o cdrom.o
- OBJS+=scsi-generic.o
--OBJS+=usb.o usb-hub.o usb-linux.o usb-hid.o usb-msd.o usb-wacom.o usb-serial.o
-+OBJS+=usb.o usb-hub.o usb-linux.o usb-hid.o usb-msd.o usb-net.o
-+OBJS+=usb-wacom.o usb-serial.o
- OBJS+=sd.o ssi-sd.o
- 
- ifdef CONFIG_BRLAPI
-diff -urN 4242/softmmu_template.h qemu-omap/softmmu_template.h
---- 4242/softmmu_template.h     2008-04-24 18:11:49.000000000 +0100
-+++ qemu-omap/softmmu_template.h        2008-04-23 09:57:56.000000000 +0100
-@@ -51,12 +51,15 @@
-                                                         int mmu_idx,
-                                                         void *retaddr);
- static inline DATA_TYPE glue(io_read, SUFFIX)(target_phys_addr_t physaddr,
--                                              target_ulong tlb_addr)
-+                                              target_ulong tlb_addr,
-+                                              target_ulong tlb_io)
- {
-     DATA_TYPE res;
-     int index;
- 
--    index = (tlb_addr >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
-+    index = (tlb_addr & ~TARGET_PAGE_MASK) >> IO_MEM_SHIFT;
-+    if (index > 4)
-+        index = (tlb_io >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
- #if SHIFT <= 2
-     res = io_mem_read[index][SHIFT](io_mem_opaque[index], physaddr);
- #else
-@@ -95,7 +98,9 @@
-             /* IO access */
-             if ((addr & (DATA_SIZE - 1)) != 0)
-                 goto do_unaligned_access;
--            res = glue(io_read, SUFFIX)(physaddr, tlb_addr);
-+            res = glue(io_read, SUFFIX)(physaddr, tlb_addr,
-+                                        env->tlb_table[mmu_idx]
-+                                        [index].addr_code);
-         } else if (((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
-             /* slow unaligned access (it spans two pages or IO) */
-         do_unaligned_access:
-@@ -147,7 +152,9 @@
-             /* IO access */
-             if ((addr & (DATA_SIZE - 1)) != 0)
-                 goto do_unaligned_access;
--            res = glue(io_read, SUFFIX)(physaddr, tlb_addr);
-+            res = glue(io_read, SUFFIX)(physaddr, tlb_addr,
-+                                        env->tlb_table[mmu_idx]
-+                                        [index].addr_code);
-         } else if (((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
-         do_unaligned_access:
-             /* slow unaligned access (it spans two pages) */
-@@ -186,11 +193,14 @@
- static inline void glue(io_write, SUFFIX)(target_phys_addr_t physaddr,
-                                           DATA_TYPE val,
-                                           target_ulong tlb_addr,
--                                          void *retaddr)
-+                                          void *retaddr,
-+                                          target_ulong tlb_io)
- {
-     int index;
- 
--    index = (tlb_addr >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
-+    index = (tlb_addr & ~TARGET_PAGE_MASK) >> IO_MEM_SHIFT;
-+    if (index > 4)
-+        index = (tlb_io >> IO_MEM_SHIFT) & (IO_MEM_NB_ENTRIES - 1);
-     env->mem_write_vaddr = tlb_addr;
-     env->mem_write_pc = (unsigned long)retaddr;
- #if SHIFT <= 2
-@@ -228,7 +238,8 @@
-             if ((addr & (DATA_SIZE - 1)) != 0)
-                 goto do_unaligned_access;
-             retaddr = GETPC();
--            glue(io_write, SUFFIX)(physaddr, val, tlb_addr, retaddr);
-+            glue(io_write, SUFFIX)(physaddr, val, tlb_addr, retaddr,
-+                                   env->tlb_table[mmu_idx][index].addr_code);
-         } else if (((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
-         do_unaligned_access:
-             retaddr = GETPC();
-@@ -278,7 +289,8 @@
-             /* IO access */
-             if ((addr & (DATA_SIZE - 1)) != 0)
-                 goto do_unaligned_access;
--            glue(io_write, SUFFIX)(physaddr, val, tlb_addr, retaddr);
-+            glue(io_write, SUFFIX)(physaddr, val, tlb_addr, retaddr,
-+                                   env->tlb_table[mmu_idx][index].addr_code);
-         } else if (((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1) >= TARGET_PAGE_SIZE) {
-         do_unaligned_access:
-             /* XXX: not efficient, but simple */
-diff -urN 4242/target-i386/cpu.h qemu-omap/target-i386/cpu.h
---- 4242/target-i386/cpu.h      2008-04-23 12:18:51.000000000 +0100
-+++ qemu-omap/target-i386/cpu.h 2008-04-23 09:57:56.000000000 +0100
-@@ -499,7 +499,7 @@
-     SegmentCache idt; /* only base and limit are used */
- 
-     target_ulong cr[9]; /* NOTE: cr1, cr5-7 are unused */
--    uint64_t a20_mask;
-+    uint32_t a20_mask;
- 
-     /* FPU state */
-     unsigned int fpstt; /* top of stack index */
-diff -urN 4242/target-i386/helper2.c qemu-omap/target-i386/helper2.c
---- 4242/target-i386/helper2.c  2008-04-23 12:18:51.000000000 +0100
-+++ qemu-omap/target-i386/helper2.c     2008-04-23 09:57:56.000000000 +0100
-@@ -377,7 +377,7 @@
-     env->hflags |= HF_GIF_MASK;
- 
-     cpu_x86_update_cr0(env, 0x60000010);
--    env->a20_mask = ~0x0;
-+    env->a20_mask = 0xffffffff;
-     env->smbase = 0x30000;
- 
-     env->idt.limit = 0xffff;
-@@ -695,7 +695,7 @@
-         /* when a20 is changed, all the MMU mappings are invalid, so
-            we must flush everything */
-         tlb_flush(env, 1);
--        env->a20_mask = (~0x100000) | (a20_state << 20);
-+        env->a20_mask = 0xffefffff | (a20_state << 20);
-     }
- }
- 
-@@ -800,8 +800,7 @@
- 
- #else
- 
--/* Bits 52-62 of a PTE are reserved. Bit 63 is the NX bit. */
--#define PHYS_ADDR_MASK 0xffffffffff000L
-+#define PHYS_ADDR_MASK 0xfffff000
- 
- /* return value:
-    -1 = cannot handle fault
-@@ -813,10 +812,9 @@
-                              int is_write1, int mmu_idx, int is_softmmu)
- {
-     uint64_t ptep, pte;
--    target_ulong pde_addr, pte_addr;
-+    uint32_t pdpe_addr, pde_addr, pte_addr;
-     int error_code, is_dirty, prot, page_size, ret, is_write, is_user;
--    target_phys_addr_t paddr;
--    uint32_t page_offset;
-+    unsigned long paddr, page_offset;
-     target_ulong vaddr, virt_addr;
- 
-     is_user = mmu_idx == MMU_USER_IDX;
-@@ -836,11 +834,12 @@
- 
-     if (env->cr[4] & CR4_PAE_MASK) {
-         uint64_t pde, pdpe;
--        target_ulong pdpe_addr;
- 
-+        /* XXX: we only use 32 bit physical addresses */
- #ifdef TARGET_X86_64
-         if (env->hflags & HF_LMA_MASK) {
--            uint64_t pml4e_addr, pml4e;
-+            uint32_t pml4e_addr;
-+            uint64_t pml4e;
-             int32_t sext;
- 
-             /* test virtual address sign extension */
-@@ -1102,19 +1101,17 @@
- 
- target_phys_addr_t cpu_get_phys_page_debug(CPUState *env, target_ulong addr)
- {
--    target_ulong pde_addr, pte_addr;
--    uint64_t pte;
--    target_phys_addr_t paddr;
--    uint32_t page_offset;
--    int page_size;
-+    uint32_t pde_addr, pte_addr;
-+    uint32_t pde, pte, paddr, page_offset, page_size;
- 
-     if (env->cr[4] & CR4_PAE_MASK) {
--        target_ulong pdpe_addr;
--        uint64_t pde, pdpe;
-+        uint32_t pdpe_addr, pde_addr, pte_addr;
-+        uint32_t pdpe;
- 
-+        /* XXX: we only use 32 bit physical addresses */
- #ifdef TARGET_X86_64
-         if (env->hflags & HF_LMA_MASK) {
--            uint64_t pml4e_addr, pml4e;
-+            uint32_t pml4e_addr, pml4e;
-             int32_t sext;
- 
-             /* test virtual address sign extension */
-@@ -1124,13 +1121,13 @@
- 
-             pml4e_addr = ((env->cr[3] & ~0xfff) + (((addr >> 39) & 0x1ff) << 3)) &
-                 env->a20_mask;
--            pml4e = ldq_phys(pml4e_addr);
-+            pml4e = ldl_phys(pml4e_addr);
-             if (!(pml4e & PG_PRESENT_MASK))
-                 return -1;
- 
-             pdpe_addr = ((pml4e & ~0xfff) + (((addr >> 30) & 0x1ff) << 3)) &
-                 env->a20_mask;
--            pdpe = ldq_phys(pdpe_addr);
-+            pdpe = ldl_phys(pdpe_addr);
-             if (!(pdpe & PG_PRESENT_MASK))
-                 return -1;
-         } else
-@@ -1138,14 +1135,14 @@
-         {
-             pdpe_addr = ((env->cr[3] & ~0x1f) + ((addr >> 27) & 0x18)) &
-                 env->a20_mask;
--            pdpe = ldq_phys(pdpe_addr);
-+            pdpe = ldl_phys(pdpe_addr);
-             if (!(pdpe & PG_PRESENT_MASK))
-                 return -1;
-         }
- 
-         pde_addr = ((pdpe & ~0xfff) + (((addr >> 21) & 0x1ff) << 3)) &
-             env->a20_mask;
--        pde = ldq_phys(pde_addr);
-+        pde = ldl_phys(pde_addr);
-         if (!(pde & PG_PRESENT_MASK)) {
-             return -1;
-         }
-@@ -1158,11 +1155,9 @@
-             pte_addr = ((pde & ~0xfff) + (((addr >> 12) & 0x1ff) << 3)) &
-                 env->a20_mask;
-             page_size = 4096;
--            pte = ldq_phys(pte_addr);
-+            pte = ldl_phys(pte_addr);
-         }
-     } else {
--        uint32_t pde;
--
-         if (!(env->cr[0] & CR0_PG_MASK)) {
-             pte = addr;
-             page_size = 4096;
-diff -urN 4242/vl.c qemu-omap/vl.c
---- 4242/vl.c   2008-04-24 21:26:21.000000000 +0100
-+++ qemu-omap/vl.c      2008-04-23 09:57:57.000000000 +0100
-@@ -5284,6 +5284,11 @@
-         dev = usb_keyboard_init();
-     } else if (strstart(devname, "disk:", &p)) {
-         dev = usb_msd_init(p);
-+    } else if (strstart(devname, "net:", &p)) {
-+        unsigned int nr = strtoul(p, NULL, 0);
-+        if (nr >= (unsigned int) nb_nics || strcmp(nd_table[nr].model, "usb"))
-+            return -1;
-+        dev = usb_net_init(&nd_table[nr]);
-     } else if (!strcmp(devname, "wacom-tablet")) {
-         dev = usb_wacom_init();
-     } else if (strstart(devname, "serial:", &p)) {
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/revert_arm_tcg.patch.gz b/meta/packages/qemu/qemu-0.9.1+svn/revert_arm_tcg.patch.gz
deleted file mode 100644
index eb2a76c167..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/revert_arm_tcg.patch.gz
+++ /dev/null
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/series b/meta/packages/qemu/qemu-0.9.1+svn/series
deleted file mode 100644
index fb110340c4..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/series
+++ /dev/null
@@ -1,25 +0,0 @@
-05_non-fatal_if_linux_hd_missing.patch 
-06_exit_segfault.patch -p0
-10_signal_jobs.patch -p0
-11_signal_sigaction.patch -p0
-22_net_tuntap_stall.patch -p0
-31_syscalls.patch -p0
-32_syscall_sysctl.patch -p0
-33_syscall_ppc_clone.patch -p0
-39_syscall_fadvise64.patch -p0
-52_ne2000_return.patch 
-61_safe_64bit_int.patch -p0
-63_sparc_build.patch -p0
-64_ppc_asm_constraints.patch 
-65_kfreebsd.patch -p0
-66_tls_ld.patch -p0
-91-oh-sdl-cursor.patch -p0
-qemu-0.9.0-nptl.patch 
-qemu-0.9.0-nptl-update.patch 
-qemu-amd64-32b-mapping-0.9.0.patch 
-workaround_bad_futex_headers.patch -p1
-fix_segfault.patch 
-no-strip.patch 
-fix_brk.patch 
-fix_protection_bits.patch -p1
-qemu-n800-support.patch -p1
diff --git a/meta/packages/qemu/qemu-0.9.1+svn/workaround_bad_futex_headers.patch b/meta/packages/qemu/qemu-0.9.1+svn/workaround_bad_futex_headers.patch
deleted file mode 100644
index cc122ebdba..0000000000
--- a/meta/packages/qemu/qemu-0.9.1+svn/workaround_bad_futex_headers.patch
+++ /dev/null
@@ -1,25 +0,0 @@
----
- linux-user/syscall.c |   10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-Index: qemu/linux-user/syscall.c
-===================================================================
---- qemu.orig/linux-user/syscall.c      2007-08-09 20:28:06.000000000 +0100
-+++ qemu/linux-user/syscall.c   2007-08-09 20:28:41.000000000 +0100
-@@ -61,7 +61,15 @@
- #define tchars host_tchars /* same as target */
- #define ltchars host_ltchars /* same as target */
- 
--#include <linux/futex.h>
-+#define FUTEX_WAIT              0
-+#define FUTEX_WAKE              1
-+#define FUTEX_FD                2
-+#define FUTEX_REQUEUE           3
-+#define FUTEX_CMP_REQUEUE       4
-+#define FUTEX_WAKE_OP           5
-+#define FUTEX_LOCK_PI           6
-+#define FUTEX_UNLOCK_PI         7
-+
- #include <linux/termios.h>
- #include <linux/unistd.h>
- #include <linux/utsname.h>