OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/qemu?expand=0&rev=8

2007-06-14 14:22:02 +00:00 · 2007-06-14 14:22:02 +00:00 · 9d2c959701
commit 9d2c959701
parent 7b918b9851
20 changed files with 11773 additions and 24 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -21,3 +21,6 @@
 *.xz filter=lfs diff=lfs merge=lfs -text
 *.zip filter=lfs diff=lfs merge=lfs -text
 *.zst filter=lfs diff=lfs merge=lfs -text
+## Specific LFS patterns
+kvm_bios.bin filter=lfs diff=lfs merge=lfs -text
+zx-rom.bin filter=lfs diff=lfs merge=lfs -text
--- a/COPYING.zx-rom
+++ b/COPYING.zx-rom
@ -0,0 +1,4 @@
+Amstrad have kindly given their permission for the redistribution of their
+copyrighted material but retain that copyright.
+
+http://www.worldofspectrum.org/permits/amstrad-roms.txt
--- a/kvm_bios.bin
+++ b/kvm_bios.bin
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fd82361665a1e5a7fd3bb5f6bc56c145d0f094a09d5f7d059a7a40632043d87a
+size 131072
--- a/qemu-0.9.0-fix-cpus-chaining.patch
+++ b/qemu-0.9.0-fix-cpus-chaining.patch
@ -0,0 +1,46 @@
+From gbeauchesne@mandriva.com Tue Mar 13 17:01:17 2007
+Date: Tue, 20 Feb 2007 01:44:37 +0100 (CET)
+From: Gwenole Beauchesne <gbeauchesne@mandriva.com>
+Reply-To: qemu-devel@nongnu.org
+To: qemu-devel@nongnu.org
+Subject: [Qemu-devel] [PATCH] Fix CPU chaining in linux-user emulation
+
+Hi,
+
+This patch fixes chaining of CPU instances. It was simply trashed with the
+memcpy() thus causing problems in threaded programs (N > 2): an infinite
+loop in next cpu_init().
+
+================================================================================
+--- qemu-0.9.0/cpu-all.h
+++ qemu-0.9.0/cpu-all.h
+@@ -760,6 +760,8 @@
+ 
+ #endif /* SINGLE_CPU_DEFINES */
+ 
+CPUState *cpu_copy(CPUState *env);
+
+ void cpu_dump_state(CPUState *env, FILE *f, 
+                     int (*cpu_fprintf)(FILE *f, const char *fmt, ...),
+                     int flags);
+--- qemu-0.9.0/exec.c
+++ qemu-0.9.0/exec.c
+@@ -1221,6 +1221,18 @@
+     abort();
+ }
+ 
+CPUState *cpu_copy(CPUState *env)
+{
+    CPUState *new_env = cpu_init();
+    /* preserve chaining and index */
+    CPUState *next_cpu = new_env->next_cpu;
+    int cpu_index = new_env->cpu_index;
+    memcpy(new_env, env, sizeof(CPUState));
+    new_env->next_cpu = next_cpu;
+    new_env->cpu_index = cpu_index;
+    return new_env;
+}
+
+ #if !defined(CONFIG_USER_ONLY)
+ 
+ /* NOTE: if flush_global is true, also flush global entries (not
--- a/qemu-0.9.0-fix-x86-fprem.patch
+++ b/qemu-0.9.0-fix-x86-fprem.patch
@ -0,0 +1,151 @@
+From jseward@acm.org Tue Mar 27 18:05:53 2007
+Date: Sat, 17 Mar 2007 17:35:38 +0000
+From: Julian Seward <jseward@acm.org>
+Reply-To: qemu-devel@nongnu.org
+To: qemu-devel@nongnu.org
+Subject: [Qemu-devel] [PATCH] Fix guest x86/amd64 helper_fprem/helper_fprem1
+
+
+The helpers for x86/amd64 fprem and fprem1 in target-i386/helper.c are
+significantly borked and, for example, cause konqueror in RedHat8 (x86
+guest) to go into an infinite loop when displaying http://news.bbc.co.uk.
+
+helper_fprem has the following borkage:
+- various Inf/Nan/zero inputs not handled correctly
+- incorrect rounding when converting negative 'dblq' to 'q'
+- incorrect order of assignment to C bits (0,3,1 not 0,1,3)
+
+helper_fprem1 has those problems and is also incorrect about the points
+at which its rounding needs to differ from that of helper_fprem.
+
+Patch below fixes all these.  It brings the fprem and fprem1 behaviour 
+very much closer to the hardware -- not identical, but close.  Some
+0.0 results should really be -0.0 and there may still be other differences.
+
+Anyway konquerer no longer loops with the patch applied.
+
+--- qemu-0.9.0/target-i386/helper.c.fix-x86-fprem	2007-03-27 13:48:10.000000000 -0400
+++ qemu-0.9.0/target-i386/helper.c	2007-03-27 14:03:06.000000000 -0400
+@@ -3124,30 +3124,51 @@ void helper_fprem1(void)
+     CPU86_LDouble dblq, fpsrcop, fptemp;
+     CPU86_LDoubleU fpsrcop1, fptemp1;
+     int expdif;
+-    int q;
+    signed long long int q;
+
+    if (isinf(ST0) || isnan(ST0) || isnan(ST1) || (ST1 == 0.0)) {
+       ST0 = 0.0 / 0.0; /* NaN */
+       env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
+       return;
+    }
+ 
+     fpsrcop = ST0;
+     fptemp = ST1;
+     fpsrcop1.d = fpsrcop;
+     fptemp1.d = fptemp;
+     expdif = EXPD(fpsrcop1) - EXPD(fptemp1);
+
+    if (expdif < 0) {
+        /* optimisation? taken from the AMD docs */
+        env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
+        /* ST0 is unchanged */
+	return;
+    }
+
+     if (expdif < 53) {
+         dblq = fpsrcop / fptemp;
+-        dblq = (dblq < 0.0)? ceil(dblq): floor(dblq);
+	/* round dblq towards nearest integer */
+        dblq = rint(dblq);
+         ST0 = fpsrcop - fptemp*dblq;
+-        q = (int)dblq; /* cutting off top bits is assumed here */
+
+	/* convert dblq to q by truncating towards zero */
+	if (dblq < 0.0)
+           q = (signed long long int)(-dblq);
+        else
+           q = (signed long long int)dblq;
+
+         env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
+-				/* (C0,C1,C3) <-- (q2,q1,q0) */
+-        env->fpus |= (q&0x4) << 6; /* (C0) <-- q2 */
+-        env->fpus |= (q&0x2) << 8; /* (C1) <-- q1 */
+-        env->fpus |= (q&0x1) << 14; /* (C3) <-- q0 */
+                                /* (C0,C3,C1) <-- (q2,q1,q0) */
+        env->fpus |= (q&0x4) << (8-2);  /* (C0) <-- q2 */
+        env->fpus |= (q&0x2) << (14-1); /* (C3) <-- q1 */
+        env->fpus |= (q&0x1) << (9-0);  /* (C1) <-- q0 */
+     } else {
+         env->fpus |= 0x400;  /* C2 <-- 1 */
+         fptemp = pow(2.0, expdif-50);
+         fpsrcop = (ST0 / ST1) / fptemp;
+-        /* fpsrcop = integer obtained by rounding to the nearest */
+-        fpsrcop = (fpsrcop-floor(fpsrcop) < ceil(fpsrcop)-fpsrcop)?
+-            floor(fpsrcop): ceil(fpsrcop);
+        /* fpsrcop = integer obtained by chopping */
+        fpsrcop = (fpsrcop < 0.0)?
+            -(floor(fabs(fpsrcop))): floor(fpsrcop);
+         ST0 -= (ST1 * fpsrcop * fptemp);
+     }
+ }
+@@ -3157,26 +3178,48 @@ void helper_fprem(void)
+     CPU86_LDouble dblq, fpsrcop, fptemp;
+     CPU86_LDoubleU fpsrcop1, fptemp1;
+     int expdif;
+-    int q;
+-    
+-    fpsrcop = ST0;
+-    fptemp = ST1;
+    signed long long int q;
+
+    if (isinf(ST0) || isnan(ST0) || isnan(ST1) || (ST1 == 0.0)) {
+       ST0 = 0.0 / 0.0; /* NaN */
+       env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
+       return;
+    }
+
+    fpsrcop = (CPU86_LDouble)ST0;
+    fptemp = (CPU86_LDouble)ST1;
+     fpsrcop1.d = fpsrcop;
+     fptemp1.d = fptemp;
+     expdif = EXPD(fpsrcop1) - EXPD(fptemp1);
+
+    if (expdif < 0) {
+        /* optimisation? taken from the AMD docs */
+        env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
+	/* ST0 is unchanged */
+        return;
+    }
+
+     if ( expdif < 53 ) {
+-        dblq = fpsrcop / fptemp;
+        dblq = fpsrcop/*ST0*/ / fptemp/*ST1*/;
+	/* round dblq towards zero */
+         dblq = (dblq < 0.0)? ceil(dblq): floor(dblq);
+-        ST0 = fpsrcop - fptemp*dblq;
+-        q = (int)dblq; /* cutting off top bits is assumed here */
+        ST0 = fpsrcop/*ST0*/ - fptemp*dblq;
+
+	/* convert dblq to q by truncating towards zero */
+	if (dblq < 0.0)
+           q = (signed long long int)(-dblq);
+        else
+           q = (signed long long int)dblq;
+
+         env->fpus &= (~0x4700); /* (C3,C2,C1,C0) <-- 0000 */
+-				/* (C0,C1,C3) <-- (q2,q1,q0) */
+-        env->fpus |= (q&0x4) << 6; /* (C0) <-- q2 */
+-        env->fpus |= (q&0x2) << 8; /* (C1) <-- q1 */
+-        env->fpus |= (q&0x1) << 14; /* (C3) <-- q0 */
+                                /* (C0,C3,C1) <-- (q2,q1,q0) */
+        env->fpus |= (q&0x4) << (8-2);  /* (C0) <-- q2 */
+        env->fpus |= (q&0x2) << (14-1); /* (C3) <-- q1 */
+        env->fpus |= (q&0x1) << (9-0);  /* (C1) <-- q0 */
+     } else {
+        int N = 32 + (expdif % 32); /* as per AMD docs */
+         env->fpus |= 0x400;  /* C2 <-- 1 */
+-        fptemp = pow(2.0, expdif-50);
+        fptemp = pow(2.0, (double)(expdif-N));
+         fpsrcop = (ST0 / ST1) / fptemp;
+         /* fpsrcop = integer obtained by chopping */
+         fpsrcop = (fpsrcop < 0.0)?
--- a/qemu-0.9.0-futex.patch
+++ b/qemu-0.9.0-futex.patch
@ -0,0 +1,114 @@
+Index: qemu-0.9.0/linux-user/syscall.c
+===================================================================
+--- qemu-0.9.0.orig/linux-user/syscall.c
+++ qemu-0.9.0/linux-user/syscall.c
+@@ -2127,11 +2127,40 @@ static inline void host_to_target_timesp
+     unlock_user_struct(target_ts, target_addr, 1);
+ }
+ 
+#ifdef BSWAP_NEEDED
+static int futex_op(int oldval, int op, int oparg)
+{
+	int retval = oparg;
+	switch(op) {
+	    case FUTEX_OP_SET: break;
+	    case FUTEX_OP_ADD: retval += oparg; break;
+	    case FUTEX_OP_OR: retval |= oparg; break;
+	    case FUTEX_OP_ANDN: retval &= oparg; break;
+	    case FUTEX_OP_XOR: retval ^= oparg; break;
+	}
+	return retval;
+}
+
+static int futex_cmp(int oldval, int cmp, int cmparg)
+{
+	switch(cmp) {
+	    case FUTEX_OP_CMP_EQ: return oldval == cmparg;
+	    case FUTEX_OP_CMP_NE: return oldval != cmparg;
+	    case FUTEX_OP_CMP_LT: return oldval <  cmparg;
+	    case FUTEX_OP_CMP_LE: return oldval <= cmparg;
+	    case FUTEX_OP_CMP_GT: return oldval >  cmparg;
+	    case FUTEX_OP_CMP_GE: return oldval >= cmparg;
+	}
+	return -1;
+}
+#endif
+
+ static long do_futex(target_ulong uaddr, int op, uint32_t val,
+                     target_ulong utime, target_ulong uaddr2,
+                     uint32_t val3)
+ {
+        struct timespec host_utime;
+        unsigned long val2 = utime;
+       long retval;
+ 
+        if (utime && (op == FUTEX_WAIT || op == FUTEX_LOCK_PI)) {
+@@ -2141,6 +2170,7 @@ static long do_futex(target_ulong uaddr,
+        }
+  
+ #ifdef BSWAP_NEEDED
+//       if( op == FUTEX_WAKE_OP ) { gemu_log("FUTEX_WAKE_OP -> FUTEX_WAKE\n"); op = FUTEX_WAKE; sleep(1); }
+        switch(op) {
+        case FUTEX_CMP_REQUEUE:
+                val3 = tswap32(val3);
+@@ -2148,41 +2178,40 @@ static long do_futex(target_ulong uaddr,
+                val2 = tswap32(val2);
+        case FUTEX_WAIT:
+        case FUTEX_WAKE:
+       case FUTEX_WAKE_OP:
+                val = tswap32(val);
+        case FUTEX_LOCK_PI: /* This one's icky, but comes out OK */
+        case FUTEX_UNLOCK_PI:
+                break;
+        default: 
+                gemu_log("qemu: Unsupported futex op %d\n", op);
+               spin_unlock(&mmap_lock);
+                return -ENOSYS;
+        } 
+-#if 0 /* No, it's worse than this */
+        if (op == FUTEX_WAKE_OP) {
+                /* Need to munge the secondary operation (val3) */
+                val3 = tswap32(val3);
+-               int op2 = (val3 >> 28) & 7;
+-               int cmp = (val3 >> 24) & 15;
+-               int oparg = (val3 << 8) >> 20;
+-               int cmparg = (val3 << 20) >> 20;
+               int op2 = (val3 >> 28) & 0xf;
+               int cmp = (val3 >> 24) & 0xf;
+               int oparg = (val3 >> 12) & 0xfff;
+               int cmparg = val3 & 0xfff;
+                int shift = val3 & (FUTEX_OP_OPARG_SHIFT << 28);
+-
+	       int oldval = tget32(uaddr2);
+                if (shift)
+-                   oparg = (oparg & 7) + 24 - (oparg & 24);
+-               else oparg = 
+-               if (op2 == FUTEX_OP_ADD) {
+-                       gemu_log("qemu: Unsupported wrong-endian FUTEX_OP_ADD\n");
+-                       return -ENOSYS;
+-               }
+-               if (cmparg == FUTEX_OP_CMP_LT || cmparg == FUTEX_OP_CMP_GE ||
+-                   cmparg == FUTEX_OP_CMP_LE || cmparg == FUTEX_OP_CMP_GT) {
+-                       gemu_log("qemu: Unsupported wrong-endian futex cmparg %d\n", cmparg);
+-                       return -ENOSYS;
+-               }
+-               val3 = shift | (op2<<28) | (cmp<<24) | (oparg<<12) | cmparg;
+                   oparg = 1 << oparg;
+		   
+	       tput32(uaddr2,futex_op(oldval, op2, oparg));
+	       retval = syscall(__NR_futex, g2h(uaddr), FUTEX_WAKE, val, 0, 0, 0);
+	       if(futex_cmp(oldval, cmp, cmparg)) {
+	           retval = syscall(__NR_futex, g2h(uaddr2), FUTEX_WAKE, val2, 0, 0, 0);
+	       }
+       } else {
+	       retval = syscall(__NR_futex, g2h(uaddr), op, val, val2, g2h(uaddr2), val3);
+        }
+-#endif
+#else
+       retval = syscall(__NR_futex, g2h(uaddr), op, val, val2, g2h(uaddr2), val3);
+ #endif
+-       return syscall(__NR_futex, g2h(uaddr), op, val, val2, g2h(uaddr2), val3);
+       return retval;
+ }
+ 
+ int do_set_tid_address(target_ulong tidptr)
--- a/qemu-0.9.0-kernel-option-vga.patch
+++ b/qemu-0.9.0-kernel-option-vga.patch
@ -0,0 +1,36 @@
+--- qemu-0.9.0/hw/pc.c.kernel-option-vga	2007-02-13 14:41:12.000000000 +0100
+++ qemu-0.9.0/hw/pc.c	2007-02-14 17:01:57.000000000 +0100
+@@ -567,6 +567,7 @@ static void pc_init1(int ram_size, int v
+     if (linux_boot) {
+         uint8_t bootsect[512];
+         uint8_t old_bootsect[512];
+        char *vmode;
+ 
+         if (bs_table[0] == NULL) {
+             fprintf(stderr, "A disk image must be given for 'hda' when booting a Linux kernel\n");
+@@ -618,6 +619,25 @@ static void pc_init1(int ram_size, int v
+                 KERNEL_CMDLINE_ADDR - KERNEL_PARAMS_ADDR);
+         /* loader type */
+         stw_raw(phys_ram_base + KERNEL_PARAMS_ADDR + 0x210, 0x01);
+
+        /* handle vga= parameter */
+        vmode = strstr(kernel_cmdline, "vga=");
+        if (vmode) {
+            char *space;
+            unsigned int video_mode;
+            /* skip "vga=" */
+            vmode += 4;
+            if (!strncmp(vmode, "normal", 6)) {
+                video_mode = 0xffff;
+            } else if (!strncmp(vmode, "ext", 3)) {
+                video_mode = 0xfffe;
+            } else if (!strncmp(vmode, "ask", 3)) {
+                video_mode = 0xfffd;
+            } else {
+                video_mode = strtol(vmode, NULL, 0);
+            }
+            stw_raw(phys_ram_base + KERNEL_PARAMS_ADDR + 0x1fa, video_mode);
+        }
+     }
+ 
+     if (pci_enabled) {
--- a/qemu-0.9.0-kvm-bios.patch
+++ b/qemu-0.9.0-kvm-bios.patch
@ -0,0 +1,55 @@
+2007-03-14  Gwenole Beauchesne  <gbeauchesne@mandriva.com>
+
+	* hw/pc.c (pc_init1): Use the KVM specific BIOS for now.
+
+================================================================================
+--- qemu-0.9.0/Makefile
+++ qemu-0.9.0/Makefile
+@@ -77,7 +77,7 @@
+ 	mkdir -p "$(DESTDIR)$(bindir)"
+ 	$(INSTALL) -m 755 -s $(TOOLS) "$(DESTDIR)$(bindir)"
+ 	mkdir -p "$(DESTDIR)$(datadir)"
+-	for x in bios.bin vgabios.bin vgabios-cirrus.bin ppc_rom.bin \
+	for x in bios.bin kvm_bios.bin vgabios.bin vgabios-cirrus.bin ppc_rom.bin \
+ 		video.x openbios-sparc32 linux_boot.bin pxe-ne2k_pci.bin \
+ 		pxe-rtl8139.bin pxe-pcnet.bin; do \
+ 		$(INSTALL) -m 644 $(SRC_PATH)/pc-bios/$$x "$(DESTDIR)$(datadir)"; \
+@@ -157,6 +157,7 @@
+         $(bindir)/qemu-mipsel \
+         $(bindir)/qemu-img \
+ 	$(datadir)/bios.bin \
+	$(datadir)/kvm_bios.bin \
+ 	$(datadir)/vgabios.bin \
+ 	$(datadir)/vgabios-cirrus.bin \
+ 	$(datadir)/ppc_rom.bin \
+--- qemu-0.9.0/hw/pc.c
+++ qemu-0.9.0/hw/pc.c
+@@ -27,6 +27,7 @@
+ //#define DEBUG_BIOS
+ 
+ #define BIOS_FILENAME "bios.bin"
+#define KVM_BIOS_FILENAME "kvm_bios.bin"
+ #define VGABIOS_FILENAME "vgabios.bin"
+ #define VGABIOS_CIRRUS_FILENAME "vgabios-cirrus.bin"
+ #define LINUX_BOOT_FILENAME "linux_boot.bin"
+@@ -460,6 +461,7 @@
+     int piix3_devfn = -1;
+     CPUState *env;
+     NICInfo *nd;
+    const char *bios_filename = BIOS_FILENAME;
+ 
+     linux_boot = (kernel_filename != NULL);
+ 
+@@ -486,7 +488,11 @@
+     bios_offset = ram_size + vga_ram_size;
+     vga_bios_offset = bios_offset + 256 * 1024;
+ 
+-    snprintf(buf, sizeof(buf), "%s/%s", bios_dir, BIOS_FILENAME);
+#ifdef USE_KVM
+    if (kvm_allowed)
+        bios_filename = KVM_BIOS_FILENAME;
+#endif
+    snprintf(buf, sizeof(buf), "%s/%s", bios_dir, bios_filename);
+     bios_size = get_image_size(buf);
+     if (bios_size <= 0 || 
+         (bios_size % 65536) != 0 ||
--- a/qemu-0.9.0-kvm-kqemu-window-caption.patch
+++ b/qemu-0.9.0-kvm-kqemu-window-caption.patch
@ -0,0 +1,37 @@
+2007-03-14  Gwenole Beauchesne  <gbeauchesne@mandriva.com>
+
+	* sdl.c (sdl_update_caption): Report KQEMU accelerator accordingly
+	in the SDL window.
+
+--- qemu-0.9.0/sdl.c.kvm-kqemu-window-caption	2007-03-14 17:59:05.000000000 +0100
+++ qemu-0.9.0/sdl.c	2007-03-14 18:02:55.000000000 +0100
+@@ -212,13 +212,27 @@ static void sdl_process_key(SDL_Keyboard
+ 
+ static void sdl_update_caption(void)
+ {
+    int accl_mode = 0; /* 1=kqemu, 2=kvm */
+     char buf[1024];
+     strcpy(buf, "QEMU");
+-#if USE_KVM
+#ifdef USE_KQEMU
+    if (kqemu_allowed) {
+        accl_mode = 1;
+    }
+#endif
+#ifdef USE_KVM
+     if (kvm_allowed) {
+-        strcat(buf, "/KVM");
+        accl_mode = 2;
+     }
+ #endif
+    switch (accl_mode) {
+    case 1:
+        strcat(buf, "/KQEMU");
+        break;
+    case 2:
+        strcat(buf, "/KVM");
+        break;
+    }
+     if (!vm_running) {
+         strcat(buf, " [Stopped]");
+     }
--- a/qemu-0.9.0-kvm.patch
+++ b/qemu-0.9.0-kvm.patch
--- a/qemu-0.9.0-migration.patch
+++ b/qemu-0.9.0-migration.patch
--- a/qemu-0.9.0-mmap.patch
+++ b/qemu-0.9.0-mmap.patch
@ -24,22 +24,6 @@ Index: qemu-0.9.0/linux-user/syscall.c
     if (is_error(mapped_addr)) {
 	return mapped_addr;
     } else {
-@@ -2133,6 +2133,7 @@ static long do_futex(target_ulong uaddr,
-        struct timespec host_utime;
-        unsigned long val2 = utime;
- 
-+       spin_lock(&mmap_lock);
-        if (utime && (op == FUTEX_WAIT || op == FUTEX_LOCK_PI)) {
-                target_to_host_timespec(&host_utime, utime);
-                val2 = (unsigned long)&host_utime;
-@@ -2230,6 +2265,7 @@ static long do_futex(target_ulong uaddr,
-        }
- #endif
- #endif
-+       spin_unlock(&mmap_lock);
-        return syscall(__NR_futex, g2h(uaddr), op, val, val2, g2h(uaddr2), val3);
- }
- 
@@ -2985,15 +3021,19 @@ long do_syscall(void *cpu_env, int num, 
             v5 = tswapl(v[4]);
             v6 = tswapl(v[5]);
--- a/qemu-0.9.0-mmap.x86_64.patch
+++ b/qemu-0.9.0-mmap.x86_64.patch
@ -0,0 +1,33 @@
+Index: qemu-0.9.0/linux-user/mmap.c
+===================================================================
+--- qemu-0.9.0.orig/linux-user/mmap.c
+++ qemu-0.9.0/linux-user/mmap.c
+@@ -162,7 +162,7 @@ long target_mmap(target_ulong start, tar
+ {
+     target_ulong ret, end, real_start, real_end, retaddr, host_offset, host_len;
+     long host_start;
+-#if defined(__alpha__) || defined(__sparc__) || defined(__x86_64__) || \
+#if defined(__alpha__) || defined(__sparc__) || \
+     defined(__ia64)
+     static target_ulong last_start = 0x40000000;
+ #elif defined(__CYGWIN__)
+@@ -170,6 +170,10 @@ long target_mmap(target_ulong start, tar
+     static target_ulong last_start = 0x18000000;
+ #endif
+ 
+#if defined(__x86_64__)
+    flags |= MAP_32BIT;
+#endif
+
+ #ifdef DEBUG_MMAP
+     {
+         printf("mmap: start=0x%lx len=0x%lx prot=%c%c%c flags=",
+@@ -207,7 +211,7 @@ long target_mmap(target_ulong start, tar
+     real_start = start & qemu_host_page_mask;
+ 
+     if (!(flags & MAP_FIXED)) {
+-#if defined(__alpha__) || defined(__sparc__) || defined(__x86_64__) || \
+#if defined(__alpha__) || defined(__sparc__) || \
+     defined(__ia64) || defined(__CYGWIN__)
+         /* tell the kenel to search at the same place as i386 */
+         if (real_start == 0) {
--- a/qemu-0.9.0-nptl.patch
+++ b/qemu-0.9.0-nptl.patch
@ -126,7 +126,7 @@ Index: qemu-0.9.0/linux-user/syscall.c
 #endif /* defined(TARGET_I386) */
 
 /* this stack is the equivalent of the kernel stack associated with a
-@@ -1710,9 +1787,14 @@ int do_fork(CPUState *env, unsigned int 
+@@ -1710,9 +1787,13 @@ int do_fork(CPUState *env, unsigned int 
     TaskState *ts;
     uint8_t *new_stack;
     CPUState *new_env;
@ -134,7 +134,6 @@ Index: qemu-0.9.0/linux-user/syscall.c
 +#if defined(TARGET_I386)
 +    uint64_t *new_gdt_table;
 +#endif
-+    printf("qemu fork\n");
     if (flags & CLONE_VM) {
         ts = malloc(sizeof(TaskState) + NEW_STACK_SIZE);
 +       if (!ts)
--- a/qemu-0.9.0-sched.patch
+++ b/qemu-0.9.0-sched.patch
@ -0,0 +1,32 @@
+Index: qemu-0.9.0/linux-user/syscall.c
+===================================================================
+--- qemu-0.9.0.orig/linux-user/syscall.c
+++ qemu-0.9.0/linux-user/syscall.c
+@@ -147,6 +147,7 @@ type name (type1 arg1,type2 arg2,type3 a
+ #define __NR_sys_fadvise64 __NR_fadvise64
+ #define __NR_sys_tgkill __NR_tgkill
+ #define __NR_sys_clone __NR_clone
+#define __NR_sys_sched_getaffinity __NR_sched_getaffinity
+ 
+ #if defined(__alpha__) || defined (__ia64__) || defined(__x86_64__)
+ #define __NR__llseek __NR_lseek
+@@ -170,6 +171,7 @@ _syscall3(int,sys_syslog,int,type,char*,
+ _syscall4(int,sys_fadvise64,int,fd,loff_t,offset,loff_t,len,int,advice)
+ _syscall3(int,sys_tgkill,int,tgid,int,pid,int,sig)
+ _syscall5(int,sys_clone, int, flags, void *, child_stack, int *, parent_tidptr, struct user_desc *, newtls, int *, child_tidptr)
+_syscall3(int,sys_sched_getaffinity,pid_t,pid,unsigned int,cpusetsize,void*,mask)
+ #ifdef __NR_exit_group
+ _syscall1(int,exit_group,int,error_code)
+ #endif
+@@ -4248,6 +4250,11 @@ long do_syscall(void *cpu_env, int num, 
+ 	ret = get_errno(sys_tgkill((int)arg1, (int)arg2, (int)arg3));
+ 	break;
+ #endif
+#ifdef TARGET_NR_sched_getaffinity
+    case TARGET_NR_sched_getaffinity:
+	ret = get_errno(sys_sched_getaffinity((pid_t)arg1, (unsigned int)arg2, (void*)arg3));
+	break;
+#endif
+     default:
+     unimplemented:
+         gemu_log("qemu: Unsupported syscall: %d\n", num);
--- a/qemu-0.9.0-x86_64-opts.patch
+++ b/qemu-0.9.0-x86_64-opts.patch
@ -0,0 +1,79 @@
+2007-03-13  Gwenole Beauchesne  <gbeauchesne@mandriva.com>
+
+	* dyngen-exec.h (AREG4, AREG5): Temporarily disable for KVM support.
+
+2007-02-03  Gwenole Beauchesne  <gbeauchesne@mandriva.com>
+
+	* dyngen-exec.h (AREG4, AREG5): Enable when building with GCC4.
+
+2005-06-04  Gwenole Beauchesne  <gbeauchesne@mandriva.com>
+
+	* Add direct jump support to x86-64.
+
+================================================================================
+--- qemu-0.9.0/dyngen-exec.h
+++ qemu-0.9.0/dyngen-exec.h
+@@ -95,8 +95,11 @@
+ #define AREG1 "rbx"
+ #define AREG2 "r12"
+ #define AREG3 "r13"
+-//#define AREG4 "r14"
+-//#define AREG5 "r15"
+#if __GNUC__ >= 4 && ! USE_KVM
+/* XXX: earlier GCC crashes */
+#define AREG4 "r14"
+#define AREG5 "r15"
+#endif
+ #endif
+ #ifdef __powerpc__
+ #define AREG0 "r27"
+--- qemu-0.9.0/dyngen.c
+++ qemu-0.9.0/dyngen.c
+@@ -2614,6 +2614,17 @@
+                 if (rel->r_offset >= start_offset &&
+ 		    rel->r_offset < start_offset + copy_size) {
+                     sym_name = strtab + symtab[ELFW(R_SYM)(rel->r_info)].st_name;
+                    if (strstart(sym_name, "__op_jmp", &p)) {
+                        int n;
+                        n = strtol(p, NULL, 10);
+                        /* __op_jmp relocations are done at
+                           runtime to do translated block
+                           chaining: the offset of the instruction
+                           needs to be stored */
+                        fprintf(outfile, "    jmp_offsets[%d] = %d + (gen_code_ptr - gen_code_buf);\n",
+                                n, rel->r_offset - start_offset);
+                        continue;
+                    }
+                     get_reloc_expr(name, sizeof(name), sym_name);
+                     type = ELF32_R_TYPE(rel->r_info);
+                     addend = rel->r_addend;
+--- qemu-0.9.0/exec-all.h
+++ qemu-0.9.0/exec-all.h
+@@ -159,6 +159,9 @@
+ #if defined(__i386__) && !defined(_WIN32)
+ #define USE_DIRECT_JUMP
+ #endif
+#if defined(__x86_64__)
+#define USE_DIRECT_JUMP
+#endif
+ 
+ typedef struct TranslationBlock {
+     target_ulong pc;   /* simulated PC corresponding to this block (EIP + CS base) */
+@@ -245,7 +248,7 @@
+     asm volatile ("sync" : : : "memory");
+     asm volatile ("isync" : : : "memory");
+ }
+-#elif defined(__i386__)
+#elif defined(__i386__) || defined(__x86_64__)
+ static inline void tb_set_jmp_target1(unsigned long jmp_addr, unsigned long addr)
+ {
+     /* patch the branch destination */
+@@ -324,7 +327,7 @@
+ 		  "1:\n");\
+ } while (0)
+ 
+-#elif defined(__i386__) && defined(USE_DIRECT_JUMP)
+#elif (defined(__i386__) || defined(__x86_64__)) && defined(USE_DIRECT_JUMP)
+ 
+ /* we patch the jump instruction directly.  Use sti in place of the actual
+    jmp instruction so that dyngen can patch in the correct result.  */
--- a/qemu-z80.diff
+++ b/qemu-z80.diff
--- a/qemu.changes
+++ b/qemu.changes
@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Wed Jun 13 22:31:34 CEST 2007 - agraf@suse.de
+
+- made flash player 9 work on ppc
+- fixed FUTEX_WAKE_OP on machines where endianness differs
+- made mmap on x86_64 use the MAP_32BIT flag
+- removed a useless spin_lock
+- removed an annoying debug message for forking
+- implemented sched_getaffinity syscall
+- fixed configure call so it takes gcc3 again
+
+-------------------------------------------------------------------
+Wed Jun 13 15:01:44 CEST 2007 - uli@suse.de
+
+- support "vga=" parameter (Pascal Terjan)
+- direct jump support for x86-64 (Gwenole Beauchesne)
+- fix chaining of CPU instances (Gwenole Beauchesne)
+- live migration support (Anthony Liguori)
+- fix fprem/fprem1 insns (Julian Seward)
+- KVM support
+- Z80/ZX Spectrum emulation (Stuart Brady)
+- GCC4 support postponed (breaks x86-64 on i386)
+
 -------------------------------------------------------------------
 Mon Jun 11 16:12:00 CEST 2007 - agraf@suse.de

--- a/qemu.spec
+++ b/qemu.spec
@ -11,14 +11,17 @@
 # norootforbuild

 Name:           qemu
-BuildRequires:  SDL-devel bison
+BuildRequires:  SDL-devel bison e2fsprogs-devel
 URL:            http://fabrice.bellard.free.fr/qemu/
 License:        BSD License and BSD-like, GNU General Public License (GPL)
 Group:          System/Emulators/Other
 Summary:        Universal CPU emulator
 Version:        0.9.0
-Release:        33
+Release:        35
 Source:         %name-%version.tar.bz2
+#Patch400: qemu-0.7.0-gcc4-dot-syms.patch
+#Patch401: qemu-0.8.0-gcc4-hacks.patch
+#Patch402: qemu-0.8.3-gcc4.patch
 Patch1:         qemu-0.7.0-binfmt.patch
 Patch5:         qemu-0.7.0-sigaltstackhack.patch
 Patch6:         qemu-0.7.0-amd64.patch
@ -39,6 +42,21 @@ Patch27:        qemu-0.9.0-strace.patch
 Patch28:        qemu-0.9.0-mmap.patch
 Patch29:        qemu-0.9.0-alt-path.patch
 Patch30:        qemu-0.9.0-nonetlink.patch
+Patch31:        qemu-0.9.0-kernel-option-vga.patch
+Patch32:        qemu-0.9.0-x86_64-opts.patch
+Patch33:        qemu-0.9.0-fix-cpus-chaining.patch
+Patch34:        qemu-0.9.0-migration.patch
+Patch36:        qemu-0.9.0-fix-x86-fprem.patch
+Patch37:        qemu-0.9.0-kvm.patch
+Patch38:        qemu-0.9.0-kvm-bios.patch
+Patch39:        qemu-0.9.0-kvm-kqemu-window-caption.patch
+Patch40:        qemu-z80.diff
+Patch41:        qemu-0.9.0-sched.patch
+Patch42:        qemu-0.9.0-mmap.x86_64.patch
+Patch43:        qemu-0.9.0-futex.patch
+Source200:      kvm_bios.bin
+Source201:      zx-rom.bin
+Source202:      COPYING.zx-rom
 # GCC 3 sources/patches
 Source601:      gcc-3.3.5.tar.bz2
 Patch600:       gcc-gcc-3.3.5-hammer.patch.bz2
@ -95,6 +113,9 @@ Authors:

 %prep
 %setup -q -a601
+#%patch400 -p1
+#%patch401 -p1
+#%patch402 -p1
 %patch1
 %patch5
 %patch6
@ -115,6 +136,20 @@ Authors:
 %patch28 -p1
 %patch29 -p1
 %patch30 -p1
+%patch31 -p1
+%patch32 -p1
+%patch33 -p1
+%patch34 -p1
+%patch36 -p1
+%patch37 -p1
+%patch38 -p1
+%patch39 -p1
+%patch40 -p1
+%patch41 -p1
+%patch42 -p1
+%patch43 -p1
+cp -p %SOURCE200 pc-bios/
+cp -p %SOURCE202 .
 cd gcc-3.3.5
 %patch600
 %patch601
@ -154,6 +189,7 @@ cd ..
 QEMU_OPT_FLAGS="$RPM_OPT_FLAGS"
 %define gcc33tmp /tmp/gcc33
 %define qemucc %{gcc33tmp}/bin/gcc
+# fix opt flags for gcc3
 %ifarch %ix86
 QEMU_OPT_FLAGS="${RPM_OPT_FLAGS/-mtune=/-mcpu=}"
 %endif
@ -180,7 +216,7 @@ target_list_kqemu="x86_64-softmmu"
 target_list_kqemu="i386-softmmu"
 %endif
 # targets for all platforms
-target_list="ppc-softmmu sparc-softmmu mips-softmmu mipsel-softmmu arm-softmmu"
+target_list="ppc-softmmu sparc-softmmu mips-softmmu mipsel-softmmu arm-softmmu z80-softmmu"
 # AMD64 -> i386 without kqemu
 # x86 -> AMD64 without kqemu
 # others -> both without kqemu
@ -250,10 +286,10 @@ make %{?jobs:-j%{jobs}}
 %install
 install -d -m 755 $RPM_BUILD_ROOT/usr/bin
 %ifnarch alpha
-install -m 755 */qemu */qemu-* $RPM_BUILD_ROOT/usr/bin
+install -m 755 */qemu $RPM_BUILD_ROOT/usr/bin
 ln -sf qemu $RPM_BUILD_ROOT/usr/bin/qemu-system-i386
 %endif
-install -m 755 */qemu-* $RPM_BUILD_ROOT/usr/bin
+install -m 755 */qemu-*[^.]? $RPM_BUILD_ROOT/usr/bin
 install -d -m 755 $RPM_BUILD_ROOT/%{_mandir}/man1
 install -m 644 qemu.1 $RPM_BUILD_ROOT/%{_mandir}/man1
 install -d -m 755 $RPM_BUILD_ROOT/usr/share/qemu
@ -269,6 +305,7 @@ ln -sf ../../../emul/ia32-linux $RPM_BUILD_ROOT/usr/share/qemu/qemu-i386
 %ifnarch ia64
 mkdir -p $RPM_BUILD_ROOT/emul/ia32-linux
 %endif
+install -m 644 %SOURCE201 $RPM_BUILD_ROOT/usr/share/qemu/

 %clean
 rm -rf ${RPM_BUILD_ROOT}
@ -276,7 +313,7 @@ rm -rf %{gcc33tmp}

 %files
 %defattr(-, root, root)
-%doc COPYING COPYING.LIB Changelog README TODO VERSION qemu-doc.html
+%doc COPYING COPYING.LIB Changelog README TODO VERSION qemu-doc.html COPYING.zx-rom
 %ifnarch alpha
 /usr/bin/qemu
 %endif
@ -289,6 +326,23 @@ rm -rf %{gcc33tmp}
 %endif

 %changelog
+* Wed Jun 13 2007 - agraf@suse.de
+- made flash player 9 work on ppc
+- fixed FUTEX_WAKE_OP on machines where endianness differs
+- made mmap on x86_64 use the MAP_32BIT flag
+- removed a useless spin_lock
+- removed an annoying debug message for forking
+- implemented sched_getaffinity syscall
+- fixed configure call so it takes gcc3 again
+* Wed Jun 13 2007 - uli@suse.de
+- support "vga=" parameter (Pascal Terjan)
+- direct jump support for x86-64 (Gwenole Beauchesne)
+- fix chaining of CPU instances (Gwenole Beauchesne)
+- live migration support (Anthony Liguori)
+- fix fprem/fprem1 insns (Julian Seward)
+- KVM support
+- Z80/ZX Spectrum emulation (Stuart Brady)
+- GCC4 support postponed (breaks x86-64 on i386)
 * Mon Jun 11 2007 - agraf@suse.de
 - implemented TLS support on i386 so qemu-user can be used to run
  with current libc versions (partly done by David Woodhouse,
--- a/zx-rom.bin
+++ b/zx-rom.bin
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d55daa439b673b0e3f5897f99ac37ecb45f974d1862b4dadb85dec34af99cb42
+size 16384