Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 6 Jul 2008 21:44:08 +0200
From:      Juergen Lock <nox@jelal.kn-bremen.de>
To:        freebsd-emulation@FreeBSD.org, freebsd-ports@FreeBSD.org
Subject:   Re: please test experimental qemu-devel-20080620 snapshot and kqemu-1.4.0pre1 update!
Message-ID:  <20080706194408.GA23575@saturn.kn-bremen.de>
In-Reply-To: <20080622221933.GA12209@saturn.kn-bremen.de>
References:  <20080620211216.GA75382@saturn.kn-bremen.de> <20080622221933.GA12209@saturn.kn-bremen.de>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 23, 2008 at 12:19:33AM +0200, Juergen Lock wrote:
> On Fri, Jun 20, 2008 at 11:12:16PM +0200, Juergen Lock wrote:
> > Hi!
> > 
> >  I've been playing with a qemu-devel update again recently (which also
> > includes a kqemu api change, therefore I have a new kqemu-kmod-devel
> > port too), and these are the main news:
> > 
> > - Many targets including x86 have been converted from dyngen to tcg
> > completely, which should allow building them with newer gcc versions;
> > I've added an ALL_TARGETS knob that can be turned off if you only need
> > these targets, that avoids building the gcc34 port if you're on 7.0 or
> > later.  Here is the list out of the CONFIGURE_ARGS:
> > 	i386-softmmu,sparc-softmmu,x86_64-softmmu,mips-softmmu,mipsel-softmmu,mips64-softmmu,mips64el-softmmu,arm-softmmu,m68k-softmmu
> > (I only tested i386 and x86_64 a little bit.  This knob also needs testing
> > on 7.0 and later i386 hosts.)
> > - kqemu now also works for i386-softmmu on amd64 hosts, i.e. you no longer
> > need to use qemu-system-x86_64 there if you want kqemu.
> > - And of course the usual round of bugfixes and optimizations, etc.
> > 
> >  The tcg conversions can cause regressions tho, and indeed I found
> > that 7.0-RELEASE-amd64-livefs.iso causes qemu-system-x86_64 to crash on
> > i386 hosts, it'd be interesting if you can find more.  (I'll post a seperate
> > message with details about that crash on the qemu list, and probably won't
> > commit this version because of that.)
> > 
> >  I didn't inline the update and kqemu port this time since its two files,
> > just fetch them from:
> > 	http://people.freebsd.org/~nox/qemu/kqemu-kmod-devel.shar
> > and
> > 	http://people.freebsd.org/~nox/qemu/qemu-devel-20080620.patch
> 
> Ok, kqemu-kmod-devel has now been repocopied from kqemu-kmod and I have
> just updated it to the new version, and I also added D_NEEDMINOR to both
> ports so they now should also be back to working order on -current (untested.)
> 
>  So what this means is now you can use the new kqemu-kmod-devel port from cvs
> instead of the shar for this qemu-devel update patch.

OK I have been hunting tcg regessions over the last few days and can now
report that at least those amd64 guests that I tested are now (mostly)
back to working order on i386 hosts (see
	http://people.freebsd.org/~nox/qemu/fix-cvtsi2ssq-etc.mail.txt
and the previos qemu list posts linked from there if you are interested
in the gory details.)

 On another note, and this might interest some people here more, 32 bit
qemu on amd64 hosts with kqemu seems to now work almost(?) like as on i386
hosts, at least I got a report of xp sp2 even working with -kernel-kqemu
there... :)

 Here comes the current version of the qemu-devel port update, which I'll
probably commit in the course of next week assuming I get no new bugreports
(or negative comments about my tcg fixes from the qemu folks.) - also at:
	http://people.freebsd.org/~nox/qemu/qemu-devel-20080620-2nd.patch

Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/Makefile,v
retrieving revision 1.92
diff -u -p -r1.92 Makefile
--- Makefile	6 Jun 2008 13:27:04 -0000	1.92
+++ Makefile	20 Jun 2008 20:04:20 -0000
@@ -6,17 +6,14 @@
 #
 
 PORTNAME=	qemu
-PORTVERSION=	0.9.1s.20080302
-PORTREVISION=	9
+PORTVERSION=	0.9.1s.20080620
 CATEGORIES=	emulators
-MASTER_SITES=	http://qemu.org/:release \
+MASTER_SITES=	http://bellard.org/qemu/:release \
 		http://qemu-forum.ipi.fi/qemu-snapshots/:snapshot \
 		http://people.fruitsalad.org/nox/qemu/:snapshot \
-		http://www.volny.cz/xnavara/qemu/:snapshot \
-		http://people.brandeis.edu/~jcoiner/qemu_idedma/:idedma \
-		http://people.freebsd.org/~maho/qemu/:misc
+		${MASTER_SITE_LOCAL}:snapshot
 PKGNAMESUFFIX=	-devel
-DISTNAME=	${PORTNAME}-snapshot-2008-03-02_05
+DISTNAME=	${PORTNAME}-snapshot-2008-06-20_19
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}:snapshot
 DIST_SUBDIR=	qemu
 EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
@@ -28,7 +25,6 @@ HAS_CONFIGURE=	yes
 USE_BZIP2=	yes
 USE_GMAKE=	yes
 USE_PERL5=	yes
-USE_GCC=	3.4
 PATCH_STRIP=	-lp1
 MAKE_ENV+=	BSD_MAKE="${MAKE}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}"
 MAN1=		qemu.1 qemu-img.1
@@ -40,10 +36,19 @@ OPTIONS=	KQEMU "Build with (alpha!) acce
 		SAMBA "samba dependency (for -smb)" Off \
 		SDL "SDL/X dependency (graphical output)" On \
 		GNUTLS "gnutls dependency (vnc encryption)" On \
-		CDROM_DMA "IDE CDROM DMA" On
+		CDROM_DMA "IDE CDROM DMA" On \
+		ALL_TARGETS "Also build dyngen targets (requires gcc34)" On
 
 .include <bsd.port.pre.mk>
 
+.if defined(WITHOUT_ALL_TARGETS)
+CONFIGURE_ARGS+=	--disable-gcc-check --target-list=i386-softmmu,sparc-softmmu,x86_64-softmmu,mips-softmmu,mipsel-softmmu,mips64-softmmu,mips64el-softmmu,arm-softmmu,m68k-softmmu
+PLIST_SUB+=    DYNGEN="@comment "
+.else
+USE_GCC=	3.4
+PLIST_SUB+=    DYNGEN=""
+.endif
+
 .if ${OSVERSION} < 600000
 # 5.x base gcc segfaults in target-mips/op_mem.c
 BUILD_DEPENDS+=	gcc34:${PORTSDIR}/lang/gcc34
@@ -66,16 +71,12 @@ CONFIGURE_ARGS+=	--disable-vnc-tls
 LIB_DEPENDS+=	gnutls:${PORTSDIR}/security/gnutls
 .endif
 
-.if defined (WITH_HACKS_CIRRUS) || defined (WITH_HACKS)
-DISTFILES+=	patch3_cirrus:misc
-.endif
-
 .if defined(WITH_SAMBA)
 RUN_DEPENDS+=	${LOCALBASE}/sbin/smbd:${PORTSDIR}/net/samba3
 .endif
 
 .if defined(WITH_KQEMU)
-BUILD_DEPENDS+=	kqemu-kmod>=1.3.0pre5:${PORTSDIR}/emulators/kqemu-kmod
+BUILD_DEPENDS+=	kqemu-kmod-devel>=1.4.0pre1:${PORTSDIR}/emulators/kqemu-kmod-devel
 .else
 CONFIGURE_ARGS+=	--disable-kqemu
 .endif
Index: distinfo
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/distinfo,v
retrieving revision 1.49
diff -u -p -r1.49 distinfo
--- distinfo	11 Mar 2008 23:34:13 -0000	1.49
+++ distinfo	20 Jun 2008 17:23:17 -0000
@@ -1,3 +1,3 @@
-MD5 (qemu/qemu-snapshot-2008-03-02_05.tar.bz2) = 832923647bb52f1f0408a707e98479ca
-SHA256 (qemu/qemu-snapshot-2008-03-02_05.tar.bz2) = d4159530d7f6b7261a16346b013f303cfa703403e749ca49ce003ef61d7eaff1
-SIZE (qemu/qemu-snapshot-2008-03-02_05.tar.bz2) = 2394602
+MD5 (qemu/qemu-snapshot-2008-06-20_19.tar.bz2) = 7201553586b59e400664b2f9ae0b17a1
+SHA256 (qemu/qemu-snapshot-2008-06-20_19.tar.bz2) = e9a3654976b923c471f572961f244f2758d15a367cfc1b32054aa2cd4391cace
+SIZE (qemu/qemu-snapshot-2008-06-20_19.tar.bz2) = 2629290
Index: pkg-message
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/pkg-message,v
retrieving revision 1.27
diff -u -p -r1.27 pkg-message
--- pkg-message	17 May 2008 18:53:43 -0000	1.27
+++ pkg-message	6 Jul 2008 18:55:50 -0000
@@ -88,14 +88,6 @@ to /etc/rc.conf
 (revision 1.25 of /usr/ports/emulators/kqemu-kmod/Makefile), so if your
 host is such you might want to make sure your kqemu-kmod port is new enough.
 (and don't forget to reload it...)
-- also remember that on amd64 you need to run the amd64 (x86_64) system
-emulation if you want to use kqemu, i.e. run qemu-system-x86_64 instead of
-qemu (the latter only emulates a 32 bit system.)  Unfortunately there can
-still be guests that don't run correctly in the amd64 emulation even when
-they do run in the 32 bit one, the same is true about kqemu and -kernel-kqemu
-on amd64 - not much you can do about that other than help debugging (k)qemu's
-amd64 emulation... (well or falling back to unaccellerated, possibly 32 bit
-qemu/leaving out -kernel-kqemu if its that what's causing the problems.)
 - qemu's network boot roms (-boot n) have a bug when bootfiles sizes are a
 multiple of blksize, if this affects you (like with FreeBSD's /boot/pxeboot)
 you can do like
@@ -107,6 +99,15 @@ extracted out of
 	ftp://ftp.freebsd.org/pub/FreeBSD/snapshots/200805/7.0-STABLE-200805-i386-bootonly.iso
 and placed it here:
 	http://people.freebsd.org/~nox/qemu/pxeboot-qemu
+- if you use slirp and want to nfs mount stuff into the guest and you are
+not running qemu as root, then mountd on the exporting box needs to be run
+with -n in order to accept requests from ports >= 1024.
+- unfortunately there can still be guests that don't run correctly with
+kqemu and -kernel-kqemu especially on amd64 - not much you can do about that
+other than help debugging (k)qemu... (well or falling back to unaccellerated
+qemu/leaving out -kernel-kqemu if its that what's causing the problems.
+note however that kqemu now can also be used with the 32 bit qemu even
+on amd64 hosts as of the 20080620 update.)
 - qemu now uses aio at least for ide dma, so if you get `Invalid system call'
 crashes that is because aio is not (kld)loaded.
 - The default configuration location (qemu-ifup script etc.) has been
Index: pkg-plist
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/pkg-plist,v
retrieving revision 1.24
diff -u -p -r1.24 pkg-plist
--- pkg-plist	3 Apr 2008 20:18:40 -0000	1.24
+++ pkg-plist	20 Jun 2008 18:34:31 -0000
@@ -1,17 +1,17 @@
 bin/qemu
 bin/qemu-img
 bin/qemu-system-arm
-bin/qemu-system-cris
+%%DYNGEN%%bin/qemu-system-cris
 bin/qemu-system-m68k
 bin/qemu-system-mips
 bin/qemu-system-mips64
 bin/qemu-system-mips64el
 bin/qemu-system-mipsel
-bin/qemu-system-ppc
-bin/qemu-system-ppc64
-bin/qemu-system-ppcemb
-bin/qemu-system-sh4
-bin/qemu-system-sh4eb
+%%DYNGEN%%bin/qemu-system-ppc
+%%DYNGEN%%bin/qemu-system-ppc64
+%%DYNGEN%%bin/qemu-system-ppcemb
+%%DYNGEN%%bin/qemu-system-sh4
+%%DYNGEN%%bin/qemu-system-sh4eb
 bin/qemu-system-sparc
 bin/qemu-system-x86_64
 @unexec if cmp -s %D/etc/qemu-ifup.sample %D/etc/qemu-ifup; then rm -f %D/etc/qemu-ifup; fi
@@ -28,6 +28,7 @@ etc/qemu-ifdown.sample
 %%DATADIR%%/vgabios-cirrus.bin
 %%DATADIR%%/ppc_rom.bin
 %%DATADIR%%/openbios-sparc32
+%%DATADIR%%/openbios-sparc64
 %%DATADIR%%/video.x
 %%DATADIR%%/pxe-ne2k_pci.bin
 %%DATADIR%%/pxe-rtl8139.bin
Index: files/patch-90_security
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/files/patch-90_security,v
retrieving revision 1.4
diff -u -p -r1.4 patch-90_security
--- files/patch-90_security	11 Mar 2008 23:34:13 -0000	1.4
+++ files/patch-90_security	20 Jun 2008 19:45:28 -0000
@@ -1,148 +1,3 @@
-Index: qemu-0.8.2/hw/cirrus_vga.c
-@@ -217,6 +217,20 @@
- #define CIRRUS_HOOK_NOT_HANDLED 0
- #define CIRRUS_HOOK_HANDLED 1
- 
-+#define BLTUNSAFE(s) \
-+    ( \
-+        ( /* check dst is within bounds */ \
-+            (s)->cirrus_blt_height * (s)->cirrus_blt_dstpitch \
-+                + ((s)->cirrus_blt_dstaddr & (s)->cirrus_addr_mask) > \
-+                    (s)->vram_size \
-+        ) || \
-+        ( /* check src is within bounds */ \
-+            (s)->cirrus_blt_height * (s)->cirrus_blt_srcpitch \
-+                + ((s)->cirrus_blt_srcaddr & (s)->cirrus_addr_mask) > \
-+                    (s)->vram_size \
-+        ) \
-+    )
-+
- struct CirrusVGAState;
- typedef void (*cirrus_bitblt_rop_t) (struct CirrusVGAState *s,
-                                      uint8_t * dst, const uint8_t * src,
-@@ -636,7 +650,7 @@
- 
-     for (y = 0; y < lines; y++) {
- 	off_cur = off_begin;
--	off_cur_end = off_cur + bytesperline;
-+	off_cur_end = (off_cur + bytesperline) & s->cirrus_addr_mask;
- 	off_cur &= TARGET_PAGE_MASK;
- 	while (off_cur < off_cur_end) {
- 	    cpu_physical_memory_set_dirty(s->vram_offset + off_cur);
-@@ -651,7 +665,11 @@
- {
-     uint8_t *dst;
- 
--    dst = s->vram_ptr + s->cirrus_blt_dstaddr;
-+    dst = s->vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask);
-+ 
-+    if (BLTUNSAFE(s))
-+        return 0;
-+
-     (*s->cirrus_rop) (s, dst, src,
-                       s->cirrus_blt_dstpitch, 0, 
-                       s->cirrus_blt_width, s->cirrus_blt_height);
-@@ -667,8 +685,11 @@
- {
-     cirrus_fill_t rop_func;
- 
-+    if (BLTUNSAFE(s))
-+        return 0;
-+
-     rop_func = cirrus_fill[rop_to_index[blt_rop]][s->cirrus_blt_pixelwidth - 1];
--    rop_func(s, s->vram_ptr + s->cirrus_blt_dstaddr, 
-+    rop_func(s, s->vram_ptr + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), 
-              s->cirrus_blt_dstpitch,
-              s->cirrus_blt_width, s->cirrus_blt_height);
-     cirrus_invalidate_region(s, s->cirrus_blt_dstaddr,
-@@ -687,8 +708,8 @@
- static int cirrus_bitblt_videotovideo_patterncopy(CirrusVGAState * s)
- {
-     return cirrus_bitblt_common_patterncopy(s,
--					    s->vram_ptr + 
--                                            (s->cirrus_blt_srcaddr & ~7));
-+					    s->vram_ptr + ((s->cirrus_blt_srcaddr & ~7) & 
-+                        s->cirrus_addr_mask));
- }
- 
- static void cirrus_do_copy(CirrusVGAState *s, int dst, int src, int w, int h)
-@@ -738,8 +759,10 @@
-     if (notify)
- 	vga_hw_update();
- 
--    (*s->cirrus_rop) (s, s->vram_ptr + s->cirrus_blt_dstaddr,
--		      s->vram_ptr + s->cirrus_blt_srcaddr,
-+    (*s->cirrus_rop) (s, s->vram_ptr + 
-+                (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
-+		      s->vram_ptr + 
-+                (s->cirrus_blt_srcaddr & s->cirrus_addr_mask),
- 		      s->cirrus_blt_dstpitch, s->cirrus_blt_srcpitch,
- 		      s->cirrus_blt_width, s->cirrus_blt_height);
- 
-@@ -765,8 +788,14 @@
- 		       s->cirrus_blt_srcaddr - s->start_addr,
- 		       s->cirrus_blt_width, s->cirrus_blt_height);
-     } else {
--	(*s->cirrus_rop) (s, s->vram_ptr + s->cirrus_blt_dstaddr,
--			  s->vram_ptr + s->cirrus_blt_srcaddr,
-+
-+    if (BLTUNSAFE(s))
-+        return 0;
-+
-+	(*s->cirrus_rop) (s, s->vram_ptr + 
-+                (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
-+			  s->vram_ptr + 
-+                (s->cirrus_blt_srcaddr & s->cirrus_addr_mask),
- 			  s->cirrus_blt_dstpitch, s->cirrus_blt_srcpitch,
- 			  s->cirrus_blt_width, s->cirrus_blt_height);
- 
-@@ -798,8 +827,9 @@
-         } else {
-             /* at least one scan line */
-             do {
--                (*s->cirrus_rop)(s, s->vram_ptr + s->cirrus_blt_dstaddr,
--                                 s->cirrus_bltbuf, 0, 0, s->cirrus_blt_width, 1);
-+                (*s->cirrus_rop)(s, s->vram_ptr + 
-+                    (s->cirrus_blt_dstaddr & s->cirrus_addr_mask),
-+                        s->cirrus_bltbuf, 0, 0, s->cirrus_blt_width, 1);
-                 cirrus_invalidate_region(s, s->cirrus_blt_dstaddr, 0,
-                                          s->cirrus_blt_width, 1);
-                 s->cirrus_blt_dstaddr += s->cirrus_blt_dstpitch;
-@@ -1917,7 +1947,7 @@
-     unsigned val = mem_value;
-     uint8_t *dst;
- 
--    dst = s->vram_ptr + offset;
-+    dst = s->vram_ptr + (offset &= s->cirrus_addr_mask);
-     for (x = 0; x < 8; x++) {
- 	if (val & 0x80) {
- 	    *dst = s->cirrus_shadow_gr1;
-@@ -1940,7 +1970,7 @@
-     unsigned val = mem_value;
-     uint8_t *dst;
- 
--    dst = s->vram_ptr + offset;
-+    dst = s->vram_ptr + (offset &= s->cirrus_addr_mask);
-     for (x = 0; x < 8; x++) {
- 	if (val & 0x80) {
- 	    *dst = s->cirrus_shadow_gr1;
-Index: qemu-0.8.2/hw/cirrus_vga_rop.h
-===================================================================
---- qemu-0.8.2.orig/hw/cirrus_vga_rop.h	2006-07-22 20:23:34.000000000 +0300
-+++ qemu-0.8.2/hw/cirrus_vga_rop.h	2007-04-20 06:05:59.000000000 +0300
-@@ -31,6 +31,12 @@ glue(cirrus_bitblt_rop_fwd_, ROP_NAME)(C
-     int x,y;
-     dstpitch -= bltwidth;
-     srcpitch -= bltwidth;
-+
-+    if (dstpitch < 0 || srcpitch < 0) {
-+        /* is 0 valid? srcpitch == 0 could be useful */
-+        return;
-+    }
-+
-     for (y = 0; y < bltheight; y++) {
-         for (x = 0; x < bltwidth; x++) {
-             ROP_OP(*dst, *src);
 Index: qemu-0.8.2/hw/dma.c
 ===================================================================
 --- qemu-0.8.2.orig/hw/dma.c	2006-07-22 20:23:34.000000000 +0300
@@ -162,21 +17,27 @@ Index: qemu-0.8.2/hw/dma.c
      ldebug ("dma_pos %d size %d\n", n, (r->base[COUNT] + 1) << ncont);
  }
  
-Index: qemu-0.8.2/hw/fdc.c
-@@ -1247,7 +1247,12 @@
-             len = fdctrl->data_len - fdctrl->data_pos;
-             if (len > FD_SECTOR_LEN)
-                 len = FD_SECTOR_LEN;
--            bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1);
-+            if (cur_drv->bs) {
-+                bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1);
-+            } else {
-+                FLOPPY_ERROR("can't read data from drive\n");
-+                return 0;
-+           }
-         }
-     }
-     retval = fdctrl->fifo[pos];
+Index: qemu/hw/fdc.c
+@@ -1322,7 +1322,8 @@
+                                    fd_sector(cur_drv));
+                     return 0;
+                 }
+-            if (bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
++            if (cur_drv->bs == NULL ||
++                bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
+                 FLOPPY_DPRINTF("error getting sector %d\n",
+                                fd_sector(cur_drv));
+                 /* Sure, image size is too small... */
+@@ -1776,7 +1777,8 @@
+         if (pos == FD_SECTOR_LEN - 1 ||
+             fdctrl->data_pos == fdctrl->data_len) {
+             cur_drv = get_cur_drv(fdctrl);
+-            if (bdrv_write(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
++            if (cur_drv->bs == NULL ||
++                bdrv_write(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
+                 FLOPPY_ERROR("writing sector %d\n", fd_sector(cur_drv));
+                 return;
+             }
 Index: qemu-0.8.2/hw/pc.c
 ===================================================================
 --- qemu-0.8.2.orig/hw/pc.c	2007-04-20 06:05:58.000000000 +0300
Index: files/patch-CVE-2008-2004
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/files/patch-CVE-2008-2004,v
retrieving revision 1.1
diff -u -p -r1.1 patch-CVE-2008-2004
--- files/patch-CVE-2008-2004	8 May 2008 20:45:10 -0000	1.1
+++ files/patch-CVE-2008-2004	20 Jun 2008 19:45:28 -0000
@@ -1,60 +0,0 @@
-Index: qemu/vl.c
-===================================================================
---- vl.c	(revision 4276)
-+++ vl.c	(revision 4277)
-@@ -4961,6 +4961,7 @@
-     int bus_id, unit_id;
-     int cyls, heads, secs, translation;
-     BlockDriverState *bdrv;
-+    BlockDriver *drv = NULL;
-     int max_devs;
-     int index;
-     int cache;
-@@ -4968,7 +4969,7 @@
-     char *str = arg->opt;
-     char *params[] = { "bus", "unit", "if", "index", "cyls", "heads",
-                        "secs", "trans", "media", "snapshot", "file",
--                       "cache", NULL };
-+                       "cache", "format", NULL };
- 
-     if (check_params(buf, sizeof(buf), params, str) < 0) {
-          fprintf(stderr, "qemu: unknown parameter '%s' in '%s'\n",
-@@ -5136,6 +5137,14 @@
-         }
-     }
- 
-+    if (get_param_value(buf, sizeof(buf), "format", str)) {
-+        drv = bdrv_find_format(buf);
-+        if (!drv) {
-+            fprintf(stderr, "qemu: '%s' invalid format\n", buf);
-+            return -1;
-+        }
-+    }
-+
-     if (arg->file == NULL)
-         get_param_value(file, sizeof(file), "file", str);
-     else
-@@ -5238,7 +5247,7 @@
-         bdrv_flags |= BDRV_O_SNAPSHOT;
-     if (!cache)
-         bdrv_flags |= BDRV_O_DIRECT;
--    if (bdrv_open(bdrv, file, bdrv_flags) < 0 || qemu_key_check(bdrv, file)) {
-+    if (bdrv_open2(bdrv, file, bdrv_flags, drv) < 0 || qemu_key_check(bdrv, file)) {
-         fprintf(stderr, "qemu: could not open disk image %s\n",
-                         file);
-         return -1;
-Index: qemu/qemu-doc.texi
-===================================================================
---- qemu-doc.texi	(revision 4276)
-+++ qemu-doc.texi	(revision 4277)
-@@ -261,6 +261,10 @@
- @var{snapshot} is "on" or "off" and allows to enable snapshot for given drive (see @option{-snapshot}).
- @item cache=@var{cache}
- @var{cache} is "on" or "off" and allows to disable host cache to access data.
-+@item format=@var{format}
-+Specify which disk @var{format} will be used rather than detecting
-+the format.  Can be used to specifiy format=raw to avoid interpreting
-+an untrusted format header.
- @end table
- 
- Instead of @option{-cdrom} you can use:
Index: files/patch-Makefile
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/files/patch-Makefile,v
retrieving revision 1.5
diff -u -p -r1.5 patch-Makefile
--- files/patch-Makefile	25 Mar 2007 16:33:01 -0000	1.5
+++ files/patch-Makefile	20 Jun 2008 19:45:28 -0000
@@ -1,17 +1,17 @@
 Index: qemu/Makefile
-@@ -19,7 +19,11 @@
- BASE_LDFLAGS += -static
+@@ -17,7 +17,11 @@
+ LDFLAGS += -static
  endif
  ifdef BUILD_DOCS
 +ifdef NOPORTDOCS
-+DOCS=qemu.1 qemu-img.1
++DOCS=qemu.1 qemu-img.1 qemu-nbd.8
 +else
- DOCS=qemu-doc.html qemu-tech.html qemu.1 qemu-img.1
+ DOCS=qemu-doc.html qemu-tech.html qemu.1 qemu-img.1 qemu-nbd.8
 +endif
  else
  DOCS=
  endif
-@@ -60,8 +64,10 @@
+@@ -203,13 +211,13 @@
  common  de-ch  es     fo  fr-ca  hu     ja  mk  nl-be      pt  sl     tr
  
  install-doc: $(DOCS)
@@ -22,3 +22,8 @@ Index: qemu/Makefile
  ifndef CONFIG_WIN32
  	mkdir -p "$(DESTDIR)$(mandir)/man1"
  	$(INSTALL) qemu.1 qemu-img.1 "$(DESTDIR)$(mandir)/man1"
+-	mkdir -p "$(DESTDIR)$(mandir)/man8"
+-	$(INSTALL) qemu-nbd.8 "$(DESTDIR)$(mandir)/man8"
+ endif
+ 
+ install: all $(if $(BUILD_DOCS),install-doc)
Index: files/patch-cpu-exec.c
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/files/patch-cpu-exec.c,v
retrieving revision 1.4
diff -u -p -r1.4 patch-cpu-exec.c
--- files/patch-cpu-exec.c	11 Mar 2008 23:34:13 -0000	1.4
+++ files/patch-cpu-exec.c	20 Jun 2008 19:45:28 -0000
@@ -1,29 +1,27 @@
---- qemu.orig/cpu-exec.c	Mon Jan 14 11:11:02 2008
-+++ qemu/cpu-exec.c	Thu Jan 17 23:03:00 2008
-@@ -449,16 +449,18 @@ int cpu_exec(CPUState *env1)
-                         (env->eflags & IF_MASK || env->hflags & HF_HIF_MASK) &&
-                         !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
-                         int intno;
--                        svm_check_intercept(SVM_EXIT_INTR);
-                         env->interrupt_request &= ~(CPU_INTERRUPT_HARD | CPU_INTERRUPT_VIRQ);
-                         intno = cpu_get_pic_interrupt(env);
--                        if (loglevel & CPU_LOG_TB_IN_ASM) {
--                            fprintf(logfile, "Servicing hardware INT=0x%02x\n", intno);
--                        }
--                        do_interrupt(intno, 0, 0, 0, 1);
--                        /* ensure that no TB jump will be modified as
--                           the program flow was changed */
--                        BREAK_CHAIN;
-+	                     if(intno>=0) {
-+                            svm_check_intercept(SVM_EXIT_INTR);
-+                            if (loglevel & CPU_LOG_TB_IN_ASM) {
-+                                fprintf(logfile, "Servicing hardware INT=0x%02x\n", intno);
-+                            }
-+                            do_interrupt(intno, 0, 0, 0, 1);
-+                           /* ensure that no TB jump will be modified as
-+                              the program flow was changed */
-+                            BREAK_CHAIN;
-+                        }
+Index: qemu/cpu-exec.c
+@@ -394,16 +394,18 @@
+                                      (env->eflags & IF_MASK && 
+                                       !(env->hflags & HF_INHIBIT_IRQ_MASK))))) {
+                             int intno;
+-                            svm_check_intercept(SVM_EXIT_INTR);
+                             env->interrupt_request &= ~(CPU_INTERRUPT_HARD | CPU_INTERRUPT_VIRQ);
+                             intno = cpu_get_pic_interrupt(env);
+-                            if (loglevel & CPU_LOG_TB_IN_ASM) {
+-                                fprintf(logfile, "Servicing hardware INT=0x%02x\n", intno);
++                            if (intno>=0) {
++                                svm_check_intercept(SVM_EXIT_INTR);
++                                if (loglevel & CPU_LOG_TB_IN_ASM) {
++                                    fprintf(logfile, "Servicing hardware INT=0x%02x\n", intno);
++                                }
++                                do_interrupt(intno, 0, 0, 0, 1);
++                                /* ensure that no TB jump will be modified as
++                                   the program flow was changed */
++                                next_tb = 0;
+                             }
+-                            do_interrupt(intno, 0, 0, 0, 1);
+-                            /* ensure that no TB jump will be modified as
+-                               the program flow was changed */
+-                            next_tb = 0;
  #if !defined(CONFIG_USER_ONLY)
-                     } else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
-                         (env->eflags & IF_MASK) && !(env->hflags & HF_INHIBIT_IRQ_MASK)) {
+                         } else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
+                                    (env->eflags & IF_MASK) && 
Index: files/patch-curses_keys.h
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/files/patch-curses_keys.h,v
retrieving revision 1.1
diff -u -p -r1.1 patch-curses_keys.h
--- files/patch-curses_keys.h	21 Mar 2008 22:20:07 -0000	1.1
+++ files/patch-curses_keys.h	20 Jun 2008 19:45:28 -0000
@@ -1,17 +0,0 @@
-Index: qemu/curses_keys.h
-===================================================================
-RCS file: /sources/qemu/qemu/curses_keys.h,v
-retrieving revision 1.1
-retrieving revision 1.2
-diff -u -p -r1.1 -r1.2
---- curses_keys.h	10 Feb 2008 16:33:13 -0000	1.1
-+++ curses_keys.h	18 Mar 2008 06:55:27 -0000	1.2
-@@ -198,7 +198,7 @@ int curses2keycode[CURSES_KEYS] = {
- 
-     [0x001] = 30 | CNTRL, /* Control + a */
-     [0x013] = 31 | CNTRL, /* Control + s */
--    [0x014] = 32 | CNTRL, /* Control + d */
-+    [0x004] = 32 | CNTRL, /* Control + d */
-     [0x006] = 33 | CNTRL, /* Control + f */
-     [0x007] = 34 | CNTRL, /* Control + g */
-     [0x008] = 35 | CNTRL, /* Control + h */
Index: files/patch-fbsd
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/files/patch-fbsd,v
retrieving revision 1.11
diff -u -p -r1.11 patch-fbsd
--- files/patch-fbsd	11 Mar 2008 23:34:13 -0000	1.11
+++ files/patch-fbsd	20 Jun 2008 19:45:28 -0000
@@ -20,14 +20,14 @@ Index: qemu/Makefile
  	rm -f *.o *.a $(TOOLS) dyngen$(EXESUF) TAGS *.pod *~ */*~
  	$(MAKE) -C tests clean
 Index: qemu/Makefile.target
-@@ -649,8 +649,8 @@
+@@ -651,8 +651,8 @@
  main.o: CFLAGS+=-p
  endif
  
 -$(QEMU_PROG): $(OBJS) ../libqemu_common.a libqemu.a
--	$(CC) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(COCOA_LIBS) $(CURSES_LIBS)
+-	$(CC) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(COCOA_LIBS) $(CURSES_LIBS) $(BRLAPI_LIBS)
 +$(QEMU_PROG): $(OBJS) ../libqemu_common.a libqemu.a ../bsd/libmath.a
-+	$(CC) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(COCOA_LIBS) $(CURSES_LIBS) ../bsd/libmath.a
++	$(CC) $(LDFLAGS) -o $@ $^ $(LIBS) $(SDL_LIBS) $(COCOA_LIBS) $(CURSES_LIBS) $(BRLAPI_LIBS) ../bsd/libmath.a
  
  endif # !CONFIG_USER_ONLY
  
Index: files/patch-hw-e1000.c
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/files/patch-hw-e1000.c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-hw-e1000.c
--- files/patch-hw-e1000.c	12 Mar 2008 20:01:31 -0000	1.1
+++ files/patch-hw-e1000.c	20 Jun 2008 19:45:28 -0000
@@ -1,17 +0,0 @@
-Index: qemu/hw/e1000.c
-===================================================================
-RCS file: /sources/qemu/qemu/hw/e1000.c,v
-retrieving revision 1.3
-retrieving revision 1.4
-diff -u -p -r1.3 -r1.4
---- hw/e1000.c	10 Feb 2008 13:34:48 -0000	1.3
-+++ hw/e1000.c	10 Mar 2008 00:02:10 -0000	1.4
-@@ -50,7 +50,7 @@ static int debugflags = DBGBIT(TXERR) | 
- #endif
- 
- #define IOPORT_SIZE       0x40
--#define PNPMMIO_SIZE      0x60000
-+#define PNPMMIO_SIZE      0x20000
- 
- /*
-  * HW models:
Index: files/patch-libmath2
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/files/patch-libmath2,v
retrieving revision 1.2
diff -u -p -r1.2 patch-libmath2
--- files/patch-libmath2	10 Mar 2007 17:03:05 -0000	1.2
+++ files/patch-libmath2	20 Jun 2008 19:45:28 -0000
@@ -55,13 +55,3 @@ Index: qemu/bsd/amd64/s_ldexpl.c
 +}
 +
 +weak_alias(__ldexpl,ldexpl)
-Index: qemu/target-i386/helper.c
-@@ -2886,6 +2886,8 @@
-     ST0 = floatx_round_to_int(ST0, &env->fp_status);
- }
- 
-+long double	ldexpl(long double, int);
-+
- void helper_fscale(void)
- {
-     ST0 = ldexp (ST0, (int)(ST1)); 
Index: files/patch-osdep.c
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/files/patch-osdep.c,v
retrieving revision 1.3
diff -u -p -r1.3 patch-osdep.c
--- files/patch-osdep.c	10 Mar 2007 17:03:05 -0000	1.3
+++ files/patch-osdep.c	20 Jun 2008 19:45:28 -0000
@@ -1,5 +1,5 @@
 Index: qemu/osdep.c
-@@ -79,7 +79,9 @@
+@@ -68,7 +68,9 @@
  
  #if defined(USE_KQEMU)
  
@@ -9,7 +9,7 @@ Index: qemu/osdep.c
  #include <sys/mman.h>
  #include <fcntl.h>
  
-@@ -90,6 +92,7 @@
+@@ -79,6 +81,7 @@
      const char *tmpdir;
      char phys_ram_file[1024];
      void *ptr;
@@ -17,7 +17,7 @@ Index: qemu/osdep.c
  #ifdef HOST_SOLARIS
      struct statvfs stfs;
  #else
-@@ -151,12 +154,20 @@
+@@ -138,7 +141,9 @@
          }
          unlink(phys_ram_file);
      }
@@ -25,16 +25,19 @@ Index: qemu/osdep.c
      size = (size + 4095) & ~4095;
 +#ifndef __FreeBSD__
      ftruncate(phys_ram_fd, phys_ram_size + size);
-     ptr = mmap(NULL, 
-                size, 
-                PROT_WRITE | PROT_READ, MAP_SHARED, 
-                phys_ram_fd, phys_ram_size);
-+#else
-+    ptr = mmap(NULL, 
-+               size, 
-+               PROT_WRITE | PROT_READ, MAP_PRIVATE|MAP_ANON, 
-+               -1, 0);
-+#endif
-     if (ptr == MAP_FAILED) {
+     ptr = mmap(NULL,
+                size,
+@@ -148,6 +153,13 @@
          fprintf(stderr, "Could not map physical memory\n");
          exit(1);
+     }
++#else
++    ptr = malloc(size);
++    if (ptr == NULL) {
++        fprintf(stderr, "Could not allocate physical memory\n");
++        exit(1);
++    }
++#endif
+     phys_ram_size += size;
+     return ptr;
+ }
Index: files/patch-qemu-img.texi
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/files/patch-qemu-img.texi,v
retrieving revision 1.3
diff -u -p -r1.3 patch-qemu-img.texi
--- files/patch-qemu-img.texi	11 Mar 2008 23:34:14 -0000	1.3
+++ files/patch-qemu-img.texi	20 Jun 2008 19:45:28 -0000
@@ -1,19 +0,0 @@
-Index: qemu/qemu-img.texi
-@@ -10,7 +10,7 @@
- @table @option
- @item create [-e] [-6] [-b @var{base_image}] [-f @var{fmt}] @var{filename} [@var{size}]
- @item commit [-f @var{fmt}] @var{filename}
--@item convert [-c] [-e] [-6] [-f @var{fmt}] @var{filename} [-O @var{output_fmt}] @var{output_filename}
-+@item convert [-c] [-e] [-6] [-f @var{fmt}] [-O @var{output_fmt}] @var{filename} @var{output_filename}
- @item info [-f @var{fmt}] @var{filename}
- @end table
- 
-@@ -83,7 +83,7 @@
- 
- Commit the changes recorded in @var{filename} in its base image.
- 
--@item convert [-c] [-e] [-f @var{fmt}] @var{filename} [-O @var{output_fmt}] @var{output_filename}
-+@item convert [-c] [-e] [-f @var{fmt}] [-O @var{output_fmt}] @var{filename} @var{output_filename}
- 
- Convert the disk image @var{filename} to disk image @var{output_filename}
- using format @var{output_fmt}. It can be optionnaly encrypted
Index: files/patch-tcg-tcg-op.h
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/files/patch-tcg-tcg-op.h,v
retrieving revision 1.1
diff -u -p -r1.1 patch-tcg-tcg-op.h
--- files/patch-tcg-tcg-op.h	12 Mar 2008 20:01:31 -0000	1.1
+++ files/patch-tcg-tcg-op.h	20 Jun 2008 19:45:28 -0000
@@ -1,19 +0,0 @@
-Index: qemu/tcg/tcg-op.h
-@@ -1172,7 +1172,7 @@
-     tcg_gen_op3i(INDEX_op_qemu_ld8s, ret, addr, mem_index);
- #else
-     tcg_gen_op4i(INDEX_op_qemu_ld8s, ret, addr, TCGV_HIGH(addr), mem_index);
--    tcg_gen_ext8s_i32(TCGV_HIGH(ret), ret);
-+    tcg_gen_sari_i32(TCGV_HIGH(ret), ret, 31);
- #endif
- }
- 
-@@ -1192,7 +1192,7 @@
-     tcg_gen_op3i(INDEX_op_qemu_ld16s, ret, addr, mem_index);
- #else
-     tcg_gen_op4i(INDEX_op_qemu_ld16s, ret, addr, TCGV_HIGH(addr), mem_index);
--    tcg_gen_ext16s_i32(TCGV_HIGH(ret), ret);
-+    tcg_gen_sari_i32(TCGV_HIGH(ret), ret, 31);
- #endif
- }
- 
Index: files/patch-vl.c
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/files/patch-vl.c,v
retrieving revision 1.10
diff -u -p -r1.10 patch-vl.c
--- files/patch-vl.c	21 Mar 2008 17:31:52 -0000	1.10
+++ files/patch-vl.c	20 Jun 2008 19:45:28 -0000
@@ -7,23 +7,15 @@ Index: qemu/vl.c
  
  #else
  CharDriverState *qemu_chr_open_pty(void)
-@@ -1771,14 +1771,14 @@
-     return chr;
+@@ -2334,7 +2334,7 @@
  }
+ #endif
  
 -#if defined(__linux__) || defined(__sun__)
 +#if defined(__linux__) || defined(__sun__) || defined(__FreeBSD__)
  static CharDriverState *qemu_chr_open_pty(void)
  {
      struct termios tty;
-     char slave_name[1024];
-     int master_fd, slave_fd;
-  
--#if defined(__linux__)
-+#if defined(__linux__) || defined(__FreeBSD__)
-     /* Not satisfying */
-     if (openpty(&master_fd, &slave_fd, slave_name, NULL, NULL) < 0) {
-         return NULL;
 @@ -3036,7 +3036,7 @@
          return qemu_chr_open_pp(filename);
      } else 
Index: files/patch-vl.c-nographic
===================================================================
RCS file: /home/pcvs/ports/emulators/qemu-devel/files/patch-vl.c-nographic,v
retrieving revision 1.3
diff -u -p -r1.3 patch-vl.c-nographic
--- files/patch-vl.c-nographic	10 Mar 2007 17:15:07 -0000	1.3
+++ files/patch-vl.c-nographic	20 Jun 2008 19:45:28 -0000
@@ -1,9 +0,0 @@
-Index: qemu/vl.c
-@@ -7131,6 +7131,7 @@
-             case QEMU_OPTION_nographic:
-                 pstrcpy(serial_devices[0], sizeof(serial_devices[0]), "stdio");
-                 pstrcpy(monitor_device, sizeof(monitor_device), "stdio");
-+                pstrcpy(parallel_devices[0], sizeof(parallel_devices[0]), "null");
-                 nographic = 1;
-                 break;
-             case QEMU_OPTION_kernel:
Index: files/patch-exec.c
@@ -0,0 +1,30 @@
+Index: qemu/exec.c
+@@ -405,6 +405,28 @@
+             exit(1);
+         }
+     }
++#elif defined(__FreeBSD__)
++    {
++        int flags;
++        void *addr = NULL;
++        flags = MAP_PRIVATE | MAP_ANONYMOUS;
++#if defined(__x86_64__)
++        /* FreeBSD doesn't have MAP_32BIT, use MAP_FIXED and assume
++         * 0x40000000 is free */
++        flags |= MAP_FIXED;
++        addr = (void *)0x40000000;
++        /* Cannot map more than that */
++        if (code_gen_buffer_size > (800 * 1024 * 1024))
++            code_gen_buffer_size = (800 * 1024 * 1024);
++#endif
++        code_gen_buffer = mmap(addr, code_gen_buffer_size,
++                               PROT_WRITE | PROT_READ | PROT_EXEC, 
++                               flags, -1, 0);
++        if (code_gen_buffer == MAP_FAILED) {
++            fprintf(stderr, "Could not allocate dynamic translator buffer\n");
++            exit(1);
++        }
++    }
+ #else
+     code_gen_buffer = qemu_malloc(code_gen_buffer_size);
+     if (!code_gen_buffer) {
Index: files/patch-exec-all.h
@@ -0,0 +1,10 @@
+Index: qemu/exec-all.h
+@@ -30,7 +30,7 @@
+ struct TranslationBlock;
+ 
+ /* XXX: make safe guess about sizes */
+-#define MAX_OP_PER_INSTR 64
++#define MAX_OP_PER_INSTR 128 /* 64 */
+ /* A Call op needs up to 6 + 2N parameters (N = number of arguments).  */
+ #define MAX_OPC_PARAM 10
+ #define OPC_BUF_SIZE 512
Index: files/patch-tcg-i386-tcg-target.c
@@ -0,0 +1,54 @@
+Index: qemu/tcg/i386/tcg-target.c
+@@ -359,25 +359,36 @@
+         break;
+     case TCG_COND_LT:
+         tcg_out_brcond(s, TCG_COND_LT, args[1], args[3], const_args[3], args[5]);
++        if (const_args[2] && !args[2])
++            /* test r,r - carry can never be set */
++            break;
+         tcg_out_jxx(s, JCC_JNE, label_next);
+-        tcg_out_brcond(s, TCG_COND_LT, args[0], args[2], const_args[2], args[5]);
++        tcg_out_brcond(s, TCG_COND_LTU, args[0], args[2], const_args[2], args[5]);
+         break;
+     case TCG_COND_LE:
+         tcg_out_brcond(s, TCG_COND_LT, args[1], args[3], const_args[3], args[5]);
+         tcg_out_jxx(s, JCC_JNE, label_next);
+-        tcg_out_brcond(s, TCG_COND_LE, args[0], args[2], const_args[2], args[5]);
++        tcg_out_brcond(s, TCG_COND_LEU, args[0], args[2], const_args[2], args[5]);
+         break;
+     case TCG_COND_GT:
+         tcg_out_brcond(s, TCG_COND_GT, args[1], args[3], const_args[3], args[5]);
+         tcg_out_jxx(s, JCC_JNE, label_next);
+-        tcg_out_brcond(s, TCG_COND_GT, args[0], args[2], const_args[2], args[5]);
++        tcg_out_brcond(s, TCG_COND_GTU, args[0], args[2], const_args[2], args[5]);
+         break;
+     case TCG_COND_GE:
++        if (const_args[2] && !args[2]) {
++            /* test r,r - carry can never be set */
++            tcg_out_brcond(s, TCG_COND_GE, args[1], args[3], const_args[3], args[5]);
++            break;
++        }
+         tcg_out_brcond(s, TCG_COND_GT, args[1], args[3], const_args[3], args[5]);
+         tcg_out_jxx(s, JCC_JNE, label_next);
+-        tcg_out_brcond(s, TCG_COND_GE, args[0], args[2], const_args[2], args[5]);
++        tcg_out_brcond(s, TCG_COND_GEU, args[0], args[2], const_args[2], args[5]);
+         break;
+     case TCG_COND_LTU:
++        if (const_args[2] && !args[2])
++            /* test r,r - carry can never be set */
++            break;
+         tcg_out_brcond(s, TCG_COND_LTU, args[1], args[3], const_args[3], args[5]);
+         tcg_out_jxx(s, JCC_JNE, label_next);
+         tcg_out_brcond(s, TCG_COND_LTU, args[0], args[2], const_args[2], args[5]);
+@@ -393,6 +404,11 @@
+         tcg_out_brcond(s, TCG_COND_GTU, args[0], args[2], const_args[2], args[5]);
+         break;
+     case TCG_COND_GEU:
++        if (const_args[2] && !args[2]) {
++            /* test r,r - carry can never be set */
++            tcg_out_jxx(s, JCC_JMP, args[5]);
++            break;
++        }
+         tcg_out_brcond(s, TCG_COND_GTU, args[1], args[3], const_args[3], args[5]);
+         tcg_out_jxx(s, JCC_JNE, label_next);
+         tcg_out_brcond(s, TCG_COND_GEU, args[0], args[2], const_args[2], args[5]);
Index: files/patch-target-i386-translate.c
@@ -0,0 +1,16 @@
+Index: qemu/target-i386/translate.c
+@@ -3330,8 +3330,12 @@
+             op1_offset = offsetof(CPUX86State,xmm_regs[reg]);
+             tcg_gen_addi_ptr(cpu_ptr0, cpu_env, op1_offset);
+             sse_op2 = sse_op_table3[(s->dflag == 2) * 2 + ((b >> 8) - 2)];
+-            tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
+-            tcg_gen_helper_0_2(sse_op2, cpu_ptr0, cpu_tmp2_i32);
++            if (ot == OT_LONG) {
++                tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_T[0]);
++                tcg_gen_helper_0_2(sse_op2, cpu_ptr0, cpu_tmp2_i32);
++            } else {
++                tcg_gen_helper_0_2(sse_op2, cpu_ptr0, cpu_T[0]);
++            }
+             break;
+         case 0x02c: /* cvttps2pi */
+         case 0x12c: /* cvttpd2pi */



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080706194408.GA23575>