From 484a0352cb7a2a582ac9476cd71c4d029d553f7349487cdcf6c67a5409792cef Mon Sep 17 00:00:00 2001
From: Alexander Graf <null@suse.de>
Date: Mon, 25 Jun 2012 17:40:49 +0000
Subject: [PATCH] - add fix for segv in linux-user (fixes java)

OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=87
---
 ...-linux-user-ARM-Ignore-immediate-val.patch |  3 +-
 ...-use-libexecdir-instead-of-ignoring-.patch |  5 +-
 ...-linux-user-fix-segmentation-fault-p.patch | 56 +++++++++++++++++++
 qemu.changes                                  |  5 ++
 qemu.spec                                     |  2 +
 5 files changed, 66 insertions(+), 5 deletions(-)
 create mode 100644 0024-linux-user-fix-segmentation-fault-p.patch

diff --git a/0019-linux-user-ARM-Ignore-immediate-val.patch b/0019-linux-user-ARM-Ignore-immediate-val.patch
index 052a4b97..2cdbfe5c 100644
--- a/0019-linux-user-ARM-Ignore-immediate-val.patch
+++ b/0019-linux-user-ARM-Ignore-immediate-val.patch
@@ -1,8 +1,7 @@
 From 8cc5120497695e7ea8dde9b096eb6c8cb9b6ac35 Mon Sep 17 00:00:00 2001
 From: Alexander Graf <agraf@suse.de>
 Date: Tue, 29 May 2012 17:28:07 +0200
-Subject: [PATCH] linux-user: ARM: Ignore immediate value for svc in thumb
- mode
+Subject: [PATCH] linux-user: ARM: Ignore immediate value for svc in thumb mode
 
 When running in thumb mode, Linux doesn't evaluate the immediate value
 of the svc instruction, but instead just always assumes the syscall number
diff --git a/0022-use-libexecdir-instead-of-ignoring-.patch b/0022-use-libexecdir-instead-of-ignoring-.patch
index 6ef17ae0..370a6b9f 100644
--- a/0022-use-libexecdir-instead-of-ignoring-.patch
+++ b/0022-use-libexecdir-instead-of-ignoring-.patch
@@ -1,10 +1,9 @@
 From 57fd4d50146ef90693d569ee799f7e9e9d606e05 Mon Sep 17 00:00:00 2001
 From: Michael Tokarev <mjt@tls.msk.ru>
 Date: Thu, 7 Jun 2012 01:11:00 +0400
-Subject: [PATCH] use --libexecdir instead of ignoring it first and
- reinventing it later
+Subject: [PATCH] use --libexecdir instead of ignoring it first and reinventing it later
 MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
+Content-Type: text/plain; charset=utf-8
 Content-Transfer-Encoding: 8bit
 
 Commit 7b93fadf3a38d1ed65ea5536a52efc2772c6e3b8 "Add basic version
diff --git a/0024-linux-user-fix-segmentation-fault-p.patch b/0024-linux-user-fix-segmentation-fault-p.patch
new file mode 100644
index 00000000..9ffb4672
--- /dev/null
+++ b/0024-linux-user-fix-segmentation-fault-p.patch
@@ -0,0 +1,56 @@
+From c42b3aca84c5b1a8be7010e518f526a1798e3790 Mon Sep 17 00:00:00 2001
+From: Alexander Graf <agraf@suse.de>
+Date: Mon, 25 Jun 2012 19:02:32 +0200
+Subject: [PATCH] linux-user: fix segmentation fault passing with g2h(x) != x
+
+When forwarding a segmentation fault into the guest process, we were passing
+the host's address directly into the guest process's signal descriptor.
+
+That obviously confused the guest process, since it didn't know what to make
+of the (usually 32-bit truncated) address. Passing in g2h(address) makes the
+guest process a lot happier.
+
+This fixes java running in arm-linux-user for me.
+
+Signed-off-by: Alexander Graf <agraf@suse.de>
+---
+ user-exec.c |   25 +++++++++++++------------
+ 1 files changed, 13 insertions(+), 12 deletions(-)
+
+diff --git a/user-exec.c b/user-exec.c
+index 36d29b4..83d2d44 100644
+--- a/user-exec.c
++++ b/user-exec.c
+@@ -100,19 +100,20 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned long address,
+     /* Maybe we're still holding the TB fiddling lock? */
+     spin_unlock_safe(&tb_lock);
+ 
+-    /* XXX: locking issue */
+-    if (is_write && h2g_valid(address)
+-        && page_unprotect(h2g(address), pc, puc)) {
+-        return 1;
+-    }
++    if (h2g_valid(address)) {
++        /* XXX: locking issue */
++        if (is_write && page_unprotect(h2g(address), pc, puc)) {
++            return 1;
++        }
+ 
+-    /* see if it is an MMU fault */
+-    ret = cpu_handle_mmu_fault(env, address, is_write, MMU_USER_IDX);
+-    if (ret < 0) {
+-        return 0; /* not an MMU fault */
+-    }
+-    if (ret == 0) {
+-        return 1; /* the MMU fault was handled without causing real CPU fault */
++        /* see if it is an MMU fault */
++        ret = cpu_handle_mmu_fault(env, h2g(address), is_write, MMU_USER_IDX);
++        if (ret < 0) {
++            return 0; /* not an MMU fault */
++        }
++        if (ret == 0) {
++            return 1; /* the MMU fault was handled without causing real CPU fault */
++        }
+     }
+     /* now we have a real cpu fault */
+     tb = tb_find_pc(pc);
diff --git a/qemu.changes b/qemu.changes
index 061e9df3..a4280268 100644
--- a/qemu.changes
+++ b/qemu.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Jun 25 17:40:36 UTC 2012 - agraf@suse.com
+
+- add fix for segv in linux-user (fixes java)
+
 -------------------------------------------------------------------
 Tue Jun 19 16:06:52 UTC 2012 - afaerber@suse.de
 
diff --git a/qemu.spec b/qemu.spec
index f929870b..080d1c46 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -47,6 +47,7 @@ Patch0020:      0020-linux-user-arm-no-tb_flush-on-reset.patch
 Patch0021:      0021-linux-user-fix-multi-threaded-proc-.patch
 Patch0022:      0022-use-libexecdir-instead-of-ignoring-.patch
 Patch0023:      0023-linux-user-Ignore-broken-loop-ioctl.patch
+Patch0024:      0024-linux-user-fix-segmentation-fault-p.patch
 # this is to make lint happy
 Source300:      rpmlintrc
 Source302:      bridge.conf
@@ -164,6 +165,7 @@ run cross-architecture builds.
 %patch0021 -p1
 %patch0022 -p1
 %patch0023 -p1
+%patch0024 -p1
 
 %build
 # build QEMU