Merge tag 'stable_0_10_0.branchpoint'

Conflicts:

	Makefile.target
	block-bochs.c
	block-cloop.c
	block-parallels.c
	block.c
	console.c
	console.h
	hw/ide.c
	hw/pc.c
	hw/pci.c
	hw/pci.h
	hw/usb-hid.c
	hw/vga.c
	loader.c
	net.h
	posix-aio-compat.c
	vl.c
	vnc.c

diff --cc Makefile.target
index d2023d515adec1a0f61105166a4fee8ab707e3e6,f33f7621f7ec23dace5ff36f15bbddf7d8632cad..7cfb4938928bf6521d5acd00f80029fb38b0860a
--- 1/Makefile.target
--- 2/Makefile.target
+++ b/Makefile.target
@@@ -577,16 -574,17 +577,20 @@@ OBJS += pcnet.
  OBJS += rtl8139.o
  OBJS += e1000.o
  
+ # Serial mouse
+ OBJS += msmouse.o
+ 
  ifeq ($(TARGET_BASE_ARCH), i386)
  # Hardware support
 -OBJS+= ide.o pckbd.o ps2.o vga.o $(SOUND_HW) dma.o
 -OBJS+= fdc.o mc146818rtc.o serial.o i8259.o i8254.o pcspk.o pc.o
 +ifdef CONFIG_AUDIO
 +OBJS+= $(SOUND_HW) pcspk.o
 +CPPFLAGS += -DHAS_AUDIO -DHAS_AUDIO_CHOICE
 +endif
 +OBJS+= ide.o pckbd.o ps2.o vga.o dma.o
 +OBJS+= fdc.o mc146818rtc.o serial.o i8259.o i8254.o pc.o
  OBJS+= cirrus_vga.o apic.o parallel.o acpi.o piix_pci.o
  OBJS+= usb-uhci.o vmmouse.o vmport.o vmware_vga.o hpet.o
 -CPPFLAGS += -DHAS_AUDIO -DHAS_AUDIO_CHOICE
+ OBJS += device-hotplug.o pci-hotplug.o
  endif
  ifeq ($(TARGET_BASE_ARCH), ppc)
  CPPFLAGS += -DHAS_AUDIO -DHAS_AUDIO_CHOICE

diff --cc aio.c
Simple merge

diff --cc block-bochs.c
index ce4480ef4246925612c8319551b993bbb299de09,593cf697c1ad550e04e67a4ee271555916ee32e1..ff231910df7d4d7311e7887e1353caa3a9e01fd0
--- 1/block-bochs.c
--- 2/block-bochs.c
+++ b/block-bochs.c
@@@ -149,9 -149,7 +149,9 @@@ static int bochs_open(BlockDriverState 
  
      s->catalog_size = le32_to_cpu(bochs.extra.redolog.catalog);
      s->catalog_bitmap = qemu_malloc(s->catalog_size * 4);
-     if (qemu_read(s->fd, s->catalog_bitmap, s->catalog_size * 4) !=
 +    if (!s->catalog_bitmap)
 +      goto fail;
+     if (read(s->fd, s->catalog_bitmap, s->catalog_size * 4) !=
        s->catalog_size * 4)
        goto fail;
      for (i = 0; i < s->catalog_size; i++)

diff --cc block-cloop.c
index 670ffae612cb27abf5a3b402324ab193942d98c2,6985084bae72ee67b72376858fafff5699662778..d63fac24c1c946cf1a4c8ae81a512aef83f77d94
--- 1/block-cloop.c
--- 2/block-cloop.c
+++ b/block-cloop.c
@@@ -75,9 -75,8 +75,9 @@@ cloop_close
  
      /* read offsets */
      offsets_size=s->n_blocks*sizeof(uint64_t);
 -    s->offsets=(uint64_t*)qemu_malloc(offsets_size);
 +    if(!(s->offsets=(uint64_t*)malloc(offsets_size)))
 +      goto cloop_close;
-     if(qemu_read_ok(s->fd,s->offsets,offsets_size)<0)
+     if(read(s->fd,s->offsets,offsets_size)<offsets_size)
        goto cloop_close;
      for(i=0;i<s->n_blocks;i++) {
        s->offsets[i]=be64_to_cpu(s->offsets[i]);

diff --cc block-dmg.c
Simple merge

diff --cc block-parallels.c
index bc41f8bf4f3198bb485217f60fd2b6d82bbe7830,8a8ec63da6177402ab3ecf2f543505787db19ac9..60e396418bfb849fa64824825a900052448566b2
--- 1/block-parallels.c
--- 2/block-parallels.c
+++ b/block-parallels.c
@@@ -101,9 -101,8 +101,10 @@@ static int parallels_open(BlockDriverSt
  
      s->catalog_size = le32_to_cpu(ph.catalog_entries);
      s->catalog_bitmap = qemu_malloc(s->catalog_size * 4);
-     if (qemu_read_ok(s->fd, s->catalog_bitmap, s->catalog_size * 4) < 0)
 +    if (!s->catalog_bitmap)
 +      goto fail;
+     if (read(s->fd, s->catalog_bitmap, s->catalog_size * 4) !=
+       s->catalog_size * 4)
        goto fail;
      for (i = 0; i < s->catalog_size; i++)
        le32_to_cpus(&s->catalog_bitmap[i]);

diff --cc block-qcow.c
Simple merge

diff --cc block-qcow2.c
Simple merge

diff --cc block-raw-posix.c
index e8c10c1c6c96bd10fe6bfb0e8fa6bc7d15019f20,85ca70494676ccedf287e16956483df41937c150..9a02d4f311d02477dc180a5931a83eeb3c112376
--- 1/block-raw-posix.c
--- 2/block-raw-posix.c
+++ b/block-raw-posix.c
@@@ -538,15 -533,7 +538,13 @@@ static int posix_aio_init(void
          return 0;
  
      s = qemu_malloc(sizeof(PosixAioState));
-     if (s == NULL)
-         return -ENOMEM;
  
 +    /* under some circumstances on Centos 4.3 (at least)
 +     * SIGUSR2 is mistakenly blocked, which breaks badly */
 +    sigemptyset(&enable);
 +    sigaddset(&enable,SIGUSR2);
 +    sigprocmask(SIG_UNBLOCK,&enable,0);
 +    
      sigfillset(&act.sa_mask);
      act.sa_flags = 0; /* do not restart syscalls to interrupt select() */
      act.sa_handler = aio_signal_handler;

diff --cc block-vmdk.c
index 25f8763c54505a5e9391b66883e6574450629d74,71d7504bdaeb443c07bfc60dd4bfa3c95d730bbc..b087a40a36499be7900e7dd268becc273b98278e
--- 1/block-vmdk.c
--- 2/block-vmdk.c
+++ b/block-vmdk.c
@@@ -276,11 -276,9 +276,9 @@@ static int vmdk_snapshot_create(const c
  
      /* write RGD */
      rgd_buf = qemu_malloc(gd_size);
-     if (!rgd_buf)
-         goto fail;
      if (lseek(p_fd, rgd_offset, SEEK_SET) == -1)
          goto fail_rgd;
 -    if (read(p_fd, rgd_buf, gd_size) != gd_size)
 +    if (qemu_read_ok(p_fd, rgd_buf, gd_size) < 0)
          goto fail_rgd;
      if (lseek(snp_fd, rgd_offset, SEEK_SET) == -1)
          goto fail_rgd;
@@@ -290,11 -288,9 +288,9 @@@
  
      /* write GD */
      gd_buf = qemu_malloc(gd_size);
-     if (!gd_buf)
-         goto fail_rgd;
      if (lseek(p_fd, gd_offset, SEEK_SET) == -1)
          goto fail_gd;
 -    if (read(p_fd, gd_buf, gd_size) != gd_size)
 +    if (qemu_read_ok(p_fd, gd_buf, gd_size) < 0)
          goto fail_gd;
      if (lseek(snp_fd, gd_offset, SEEK_SET) == -1)
          goto fail_gd;

diff --cc block-vpc.c
Simple merge

diff --cc block-vvfat.c
Simple merge

diff --cc block.c
index f59ac6f49c866d670ae69b9021cbcf98ed1862ae,7c744c7409775ccb77d2f833d2dd48b1acfee47c..c6f9c4d7f6d9e2aa0c567da3266ad1806da2ddf4
--- 1/block.c
--- 2/block.c
+++ b/block.c
@@@ -584,9 -561,9 +585,11 @@@ int bdrv_read(BlockDriverState *bs, int
  
      if (!drv)
          return -ENOMEDIUM;
+     if (bdrv_check_request(bs, sector_num, nb_sectors))
+         return -EIO;
  
-     if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors))
-       return -EDOM;
++    if (bdrv_check_request(bs, sector_num, nb_sectors))
++      return -EIO;
      if (drv->bdrv_pread) {
          int ret, len;
          len = nb_sectors * 512;
@@@ -1181,8 -1154,6 +1187,8 @@@ int bdrv_write_compressed(BlockDriverSt
      BlockDriver *drv = bs->drv;
      if (!drv)
          return -ENOMEDIUM;
-     if (bdrv_rw_badreq_sectors(bs, sector_num, nb_sectors))
-       return -EDOM;
++    if (bdrv_check_request(bs, sector_num, nb_sectors))
++      return -EIO;
      if (!drv->bdrv_write_compressed)
          return -ENOTSUP;
      return drv->bdrv_write_compressed(bs, sector_num, buf, nb_sectors);

diff --cc block.h
Simple merge

diff --cc block_int.h
Simple merge

diff --cc configure
Simple merge

diff --cc console.c
index 882ec691cdd1c796a1005f738c969be585366d67,3f2794e16db4e94e8fc9017041b33c286f383632..66b154b24031be3c5af08c0182d328ea1d2e89a2
--- 1/console.c
--- 2/console.c
+++ b/console.c
@@@ -1245,10 -1277,7 +1242,8 @@@ DisplayState *graphic_console_init(vga_
      DisplayState *ds;
  
      ds = (DisplayState *) qemu_mallocz(sizeof(DisplayState));
-     if (ds == NULL)
-         return NULL;
 -    ds->surface = qemu_create_displaysurface(640, 480, 32, 640 * 4);
 +    ds->allocator = &default_allocator; 
 +    ds->surface = qemu_create_displaysurface(ds, 640, 480, 32, 640 * 4);
  
      s = new_console(ds, GRAPHIC_CONSOLE);
      if (s == NULL) {
@@@ -1525,13 -1552,9 +1518,9 @@@ PixelFormat qemu_default_pixelformat(in
      return pf;
  }
  
 -DisplaySurface* qemu_create_displaysurface(int width, int height, int bpp, int linesize)
 +DisplaySurface* defaultallocator_create_displaysurface(int width, int height, int bpp, int linesize)
  {
      DisplaySurface *surface = (DisplaySurface*) qemu_mallocz(sizeof(DisplaySurface));
-     if (surface == NULL) {
-         fprintf(stderr, "defaultallocator_create_displaysurface: malloc failed\n");
-         exit(1);
-     }
  
      surface->width = width;
      surface->height = height;

diff --cc console.h
Simple merge

diff --cc cpu-all.h
Simple merge

diff --cc curses.c
Simple merge

diff --cc cutils.c
Simple merge

diff --cc exec-all.h
Simple merge

diff --cc hw/boards.h
Simple merge

diff --cc hw/cirrus_vga.c
Simple merge

diff --cc hw/eepro100.c
Simple merge

diff --cc hw/ide.c
index febc87ed66f1302f882603de0679facb9ab4ece1,6ad1d081a6d41e6e3ce2ef3a5c1da23d8464734b..e8d676e8617ee73bf58f59c159eb6e8a146e7f7c
--- 1/hw/ide.c
--- 2/hw/ide.c
+++ b/hw/ide.c
@@@ -3751,9 -3380,11 +3728,13 @@@ void pci_piix3_ide_init(PCIBus *bus, Bl
      ide_init_ioport(&d->ide_if[0], 0x1f0, 0x3f6);
      ide_init_ioport(&d->ide_if[2], 0x170, 0x376);
  
 -    register_savevm("ide", 0, 2, pci_ide_save, pci_ide_load, d);
 +    buffered_pio_init();
 +
+     for (i = 0; i < 4; i++)
+         if (hd_table[i])
+             hd_table[i]->private = &d->dev;
+ 
 +    register_savevm("ide", 0, 3, pci_ide_save, pci_ide_load, d);
  }
  
  /* hd_table must contain 4 block drivers */

diff --cc hw/iommu.c
Simple merge

diff --cc hw/lsi53c895a.c
Simple merge

diff --cc hw/mc146818rtc.c
Simple merge

diff --cc hw/ne2000.c
Simple merge

diff --cc hw/pc.c
index 878069de6923713fb51242bd01309c8ed1bcdf63,38493907020b22685886dd6e965da7ffcd6c8227..5b59dfaf8223f5f07e4138728b676f68612e8094
--- 1/hw/pc.c
--- 2/hw/pc.c
+++ b/hw/pc.c
@@@ -57,10 -54,9 +58,13 @@@
  
  #define MAX_IDE_BUS 2
  
 +#ifdef HAS_TPM
 +void tpm_tis_init(SetIRQFunc *set_irq, void *opaque, int irq);
 +#endif
 +
+ extern uint8_t *acpi_tables;
+ extern size_t acpi_tables_len;
+ 
  static fdctrl_t *floppy_controller;
  static RTCState *rtc_state;
  static PITState *pit;

diff --cc hw/pc.h
index 0f7044aa94e6c0960e03eadc444b5c889e9e9688,5578b3a936f6501db6aa35c48de48dd5e409eecb..8b71d48afdb1ec32b82e9a5390ef40adbbd52b22
--- 1/hw/pc.h
--- 2/hw/pc.h
+++ b/hw/pc.h
@@@ -102,10 -102,8 +102,11 @@@ i2c_bus *piix4_pm_init(PCIBus *bus, in
                         qemu_irq sci_irq);
  void piix4_smbus_register_device(SMBusDevice *dev, uint8_t addr);
  void acpi_bios_init(void);
+ int acpi_table_add(const char *table_desc);
  
 +void acpi_php_add(int);
 +void acpi_php_del(int);
 +
  /* hpet.c */
  extern int no_hpet;
  

diff --cc hw/pci.c
index 62298d10e8c2e40a2986b0c5e12d35fdab92b3a5,97918a378b62a25a32f3ed6b680590966a6957c6..9b24e546d664ffd7a0815257497cdc6ba25332f4
--- 1/hw/pci.c
--- 2/hw/pci.c
+++ b/hw/pci.c
@@@ -26,10 -26,8 +26,11 @@@
  #include "console.h"
  #include "net.h"
  #include "virtio-net.h"
+ #include "sysemu.h"
  
 +#include "exec-all.h"
 +#include "qemu-xen.h"
 +
  //#define DEBUG_PCI
  
  struct PCIBus {
@@@ -56,10 -54,22 +57,10 @@@ static void pci_set_irq(void *opaque, i
  target_phys_addr_t pci_mem_base;
  static uint16_t pci_default_sub_vendor_id = PCI_SUBVENDOR_ID_REDHAT_QUMRANET;
  static uint16_t pci_default_sub_device_id = PCI_SUBDEVICE_ID_QEMU;
 -static int pci_irq_index;
  static PCIBus *first_bus;
  
- static int pcibus_load(QEMUFile *f, void *opaque, int version_id)
 -static void pcibus_save(QEMUFile *f, void *opaque)
 -{
 -    PCIBus *bus = (PCIBus *)opaque;
 -    int i;
 -
 -    qemu_put_be32(f, bus->nirq);
 -    for (i = 0; i < bus->nirq; i++)
 -        qemu_put_be32(f, bus->irq_count[i]);
 -}
 -
+ static int  pcibus_load(QEMUFile *f, void *opaque, int version_id)
  {
 -    PCIBus *bus = (PCIBus *)opaque;
      int i, nirq;
  
      if (version_id != 1)
@@@ -184,14 -273,50 +254,60 @@@ PCIDevice *pci_register_device(PCIBus *
      return pci_dev;
  }
  
- void pci_register_io_region(PCIDevice *pci_dev, int region_num, 
-                             uint32_t size, int type, 
++int pci_devfn_in_use(PCIBus *bus, int devfn)
++{
++        return bus->devices[devfn] ? 1 : 0;
++}
++
 +void pci_hide_device(PCIDevice *pci_dev)
 +{
 +    PCIBus *bus = pci_dev->bus;
 +    bus->devices[pci_dev->devfn] = NULL;
 +}
 +
 -    pci_irq_index--;
+ static target_phys_addr_t pci_to_cpu_addr(target_phys_addr_t addr)
+ {
+     return addr + pci_mem_base;
+ }
+ 
+ static void pci_unregister_io_regions(PCIDevice *pci_dev)
+ {
+     PCIIORegion *r;
+     int i;
+ 
+     for(i = 0; i < PCI_NUM_REGIONS; i++) {
+         r = &pci_dev->io_regions[i];
+         if (!r->size || r->addr == -1)
+             continue;
+         if (r->type == PCI_ADDRESS_SPACE_IO) {
+             isa_unassign_ioport(r->addr, r->size);
+         } else {
+             cpu_register_physical_memory(pci_to_cpu_addr(r->addr),
+                                                      r->size,
+                                                      IO_MEM_UNASSIGNED);
+         }
+     }
+ }
+ 
+ int pci_unregister_device(PCIDevice *pci_dev)
+ {
+     int ret = 0;
+ 
+     if (pci_dev->unregister)
+         ret = pci_dev->unregister(pci_dev);
+     if (ret)
+         return ret;
+ 
+     pci_unregister_io_regions(pci_dev);
+ 
+     qemu_free_irqs(pci_dev->irq);
+     pci_dev->bus->devices[pci_dev->devfn] = NULL;
+     qemu_free(pci_dev);
+     return 0;
+ }
+ 
+ void pci_register_io_region(PCIDevice *pci_dev, int region_num,
+                             uint32_t size, int type,
                              PCIMapIORegionFunc *map_func)
  {
      PCIIORegion *r;
@@@ -679,50 -807,16 +798,56 @@@ PCIDevice *pci_nic_init(PCIBus *bus, NI
      qemu_check_nic_model_list(nd, pci_nic_models, default_model);
  
      for (i = 0; pci_nic_models[i]; i++)
-         if (strcmp(nd->model, pci_nic_models[i]) == 0)
-             pci_nic_init_fns[i](bus, nd, devfn);
+         if (strcmp(nd->model, pci_nic_models[i]) == 0) {
+             pci_dev = pci_nic_init_fns[i](bus, nd, devfn);
+             if (pci_dev)
+                 nd->private = pci_dev;
+             return pci_dev;
+         }
+ 
+     return NULL;
  }
  
 +void pci_unplug_netifs(void)
 +{
 +    PCIBus *bus;
 +    PCIDevice *dev;
 +    PCIIORegion *region;
 +    int x;
 +    int i;
 +
 +    /* We only support one PCI bus */
 +    for (bus = first_bus; bus; bus = NULL) {
 +       for (x = 0; x < 256; x++) {
 +           dev = bus->devices[x];
 +           if (dev &&
 +               dev->config[0xa] == 0 &&
 +               dev->config[0xb] == 2) {
 +               /* Found a netif.  Remove it from the bus.  Note that
 +                  we don't free it here, since there could still be
 +                  references to it floating around.  There are only
 +                  ever one or two structures leaked, and it's not
 +                  worth finding them all. */
 +               bus->devices[x] = NULL;
 +               for (i = 0; i < PCI_NUM_REGIONS; i++) {
 +                   region = &dev->io_regions[i];
 +                   if (region->addr == (uint32_t)-1 ||
 +                       region->size == 0)
 +                       continue;
 +                   fprintf(logfile, "region type %d at [%x,%x).\n",
 +                           region->type, region->addr,
 +                           region->addr+region->size);
 +                   if (region->type == PCI_ADDRESS_SPACE_IO) {
 +                       isa_unassign_ioport(region->addr, region->size);
 +                   } else if (region->type == PCI_ADDRESS_SPACE_MEM) {
 +                       unregister_iomem(region->addr);
 +                   }
 +               }
 +           }
 +       }
 +    }
 +}
 +
  typedef struct {
      PCIDevice dev;
      PCIBus *bus;

diff --cc hw/pci.h
index a48ac30960166e75f455fbb8e9e52ad9b15127c1,56381e8a7520a14f69c27126eb40eaaee1cd8a80..ee13a3683c7118be04464e9056ab1715366a28f4
--- 1/hw/pci.h
--- 2/hw/pci.h
+++ b/hw/pci.h
@@@ -185,6 -197,9 +197,7 @@@ struct PCIDevice 
      /* do not access the following fields */
      PCIConfigReadFunc *config_read;
      PCIConfigWriteFunc *config_write;
 -    /* ??? This is a PC-specific hack, and should be removed.  */
 -    int irq_index;
+     PCIUnregisterFunc *unregister;
  
      /* IRQ objects for the INTA-INTD pins.  */
      qemu_irq *irq;
@@@ -203,9 -212,8 +216,10 @@@ PCIDevice *pci_register_device(PCIBus *
                                 int instance_size, int devfn,
                                 PCIConfigReadFunc *config_read,
                                 PCIConfigWriteFunc *config_write);
+ int pci_unregister_device(PCIDevice *pci_dev);
  
 +void pci_hide_device(PCIDevice *pci_dev);
 +
  void pci_register_io_region(PCIDevice *pci_dev, int region_num,
                              uint32_t size, int type,
                              PCIMapIORegionFunc *map_func);

diff --cc hw/pcnet.c
Simple merge

diff --cc hw/rtl8139.c
Simple merge

diff --cc hw/serial.c
Simple merge

diff --cc hw/sun4u.c
Simple merge

diff --cc hw/usb-hid.c
Simple merge

diff --cc keymaps.c
Simple merge

diff --cc loader.c
index 519da52128ff88a289bcad4e7cfbb8bb8042cedd,71b9ba785289c5450f6a4c0a5913b54d95dcd35e..7339a6aa1d18b14bcfeaf877b75cbb865ec1f42a
--- 1/loader.c
--- 2/loader.c
+++ b/loader.c
@@@ -267,9 -266,7 +267,7 @@@ static void *load_at(int fd, int offset
      if (lseek(fd, offset, SEEK_SET) < 0)
          return NULL;
      ptr = qemu_malloc(size);
-     if (!ptr)
-         return NULL;
 -    if (read(fd, ptr, size) != size) {
 +    if (qemu_read_ok(fd, ptr, size) < 0) {
          qemu_free(ptr);
          return NULL;
      }
@@@ -506,10 -503,8 +504,8 @@@ int load_uimage(const char *filename, t
  
      *ep = hdr->ih_ep;
      data = qemu_malloc(hdr->ih_size);
-     if (!data)
-         goto out;
  
 -    if (read(fd, data, hdr->ih_size) != hdr->ih_size) {
 +    if (qemu_read_ok(fd, data, hdr->ih_size) < 0) {
          fprintf(stderr, "Error reading file\n");
          goto out;
      }

diff --cc migration-exec.c
index 220df0b4f0df4b62cfb2bf1d99134231cee7ebc3,6ed322a9894df8de6fd807ca7058f44c19e5fe11..0df7796b4a15359939c6f8644eba65d916a24c12
--- 1/migration-exec.c
--- 2/migration-exec.c
+++ b/migration-exec.c
@@@ -60,16 -60,7 +60,12 @@@ MigrationState *exec_start_outgoing_mig
      FdMigrationState *s;
      FILE *f;
  
 +#ifdef CONFIG_STUBDOM
 +    dprintf("stubdom migration? no popen!");
 +    return 0;
 +#else
 +
      s = qemu_mallocz(sizeof(*s));
-     if (s == NULL) {
-         dprintf("Unable to allocate FdMigrationState\n");
-         goto err;
-     }
  
      f = popen(command, "w");
      if (f == NULL) {
@@@ -114,9 -105,7 +110,8 @@@ err_after_open
      pclose(f);
  err_after_alloc:
      qemu_free(s);
- err:
      return NULL;
 +#endif /*!CONFIG_STUBDOM*/
  }
  
  int exec_start_incoming_migration(const char *command)

diff --cc migration-tcp.c
Simple merge

diff --cc monitor.c
Simple merge

diff --cc net.c
index 9c4847b50dadb2185f005ad9193d32f7aaa62e00,522df03ad4558d010f76b25dd1b76af551a0ef6c..fc27dcdc07d92682e4fef47312f894ddcf8cca5d
--- 1/net.c
--- 2/net.c
+++ b/net.c
@@@ -734,16 -756,10 +762,14 @@@ static TAPState *net_tap_fd_init(VLANSt
      TAPState *s;
  
      s = qemu_mallocz(sizeof(TAPState));
-     if (!s)
-         return NULL;
      s->fd = fd;
      s->vc = qemu_new_vlan_client(vlan, model, name, tap_receive, NULL, s);
 +    s->next = head_net_tap;
 +    head_net_tap = s;
 +#ifndef CONFIG_STUBDOM
  #ifdef HAVE_IOVEC
      s->vc->fd_readv = tap_receive_iov;
 +#endif
  #endif
      qemu_set_fd_handler(s->fd, tap_send, NULL, s);
      snprintf(s->vc->info_str, sizeof(s->vc->info_str), "fd=%d", fd);

diff --cc net.h
index 271b94f20a243d168269a1bef20127f559ea7007,03c7f1831d043c985b206278da2547bcd22bd410..bc749d9f50f1c2e51b302eb6902205a324fdbd32
--- 1/net.h
--- 2/net.h
+++ b/net.h
@@@ -98,12 -102,11 +102,14 @@@ void net_slirp_redir(const char *redir_
  void net_cleanup(void);
  int slirp_is_inited(void);
  void net_client_check(void);
 +void net_tap_shutdown_all(void);
+ void net_host_device_add(const char *device, const char *opts);
+ void net_host_device_remove(int vlan_id, const char *device);
  
 +#ifndef DEFAULT_NETWORK_SCRIPT
  #define DEFAULT_NETWORK_SCRIPT "/etc/qemu-ifup"
  #define DEFAULT_NETWORK_DOWN_SCRIPT "/etc/qemu-ifdown"
 +#endif
  #ifdef __sun__
  #define SMBD_COMMAND "/usr/sfw/sbin/smbd"
  #else

diff --cc posix-aio-compat.c
index a394d93685dbe9088df14e0c44c33885c6d677ea,6b547f41fd96fd1694735be814270b852ad18b41..fa57e9b7a8c315673fb0e167409d5cb6597cdf69
--- 1/posix-aio-compat.c
--- 2/posix-aio-compat.c
+++ b/posix-aio-compat.c
@@@ -14,14 -14,12 +14,17 @@@
  #include <pthread.h>
  #include <unistd.h>
  #include <errno.h>
- #include <sys/time.h>
 +#include <assert.h>
+ #include <time.h>
+ #include <string.h>
+ #include <stdlib.h>
+ #include <stdio.h>
  #include "osdep.h"
  
 +#include "qemu-common.h"
 +
 +#ifndef CONFIG_STUBDOM
 +
  #include "posix-aio-compat.h"
  
  static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
@@@ -126,12 -178,12 +177,12 @@@ int qemu_paio_init(struct qemu_paioini
      return 0;
  }
  
 -static int qemu_paio_submit(struct qemu_paiocb *aiocb, int is_write)
 +static int qemu_paio_submit(struct qemu_paiocb *aiocb, qemu_paio_function fn)
  {
 -    aiocb->is_write = is_write;
 +    aiocb->function = fn;
      aiocb->ret = -EINPROGRESS;
      aiocb->active = 0;
-     pthread_mutex_lock(&lock);
+     mutex_lock(&lock);
      if (idle_threads == 0 && cur_threads < max_threads)
          spawn_thread();
      TAILQ_INSERT_TAIL(&request_list, aiocb, node);

diff --cc qemu-char.c
index b1d81f5965f9acb7b8ab1289c2c672fa67b28c86,7cdeffd61e8bd9559ab3f3a58f9061a6614d301c..c1407717130e6119b15b518e2f2942fe925b6074
--- 1/qemu-char.c
--- 2/qemu-char.c
+++ b/qemu-char.c
@@@ -555,17 -568,8 +548,11 @@@ static CharDriverState *qemu_chr_open_f
      CharDriverState *chr;
      FDCharDriver *s;
  
 +    socket_set_nonblock(fd_in);
 +    socket_set_nonblock(fd_out);
 +
      chr = qemu_mallocz(sizeof(CharDriverState));
-     if (!chr)
-         return NULL;
      s = qemu_mallocz(sizeof(FDCharDriver));
-     if (!s) {
-         free(chr);
-         return NULL;
-     }
      s->fd_in = fd_in;
      s->fd_out = fd_out;
      chr->opaque = s;

diff --cc qemu-common.h
Simple merge

diff --cc savevm.c
Simple merge

diff --cc sdl.c
index e9256732c4189db7bc528e0e649b255a09aa8621,c685b81f6fb4b87596f363e9384ff39f0a320143..4c676c043d7a8d1379a5099e906b2344f71fef11
--- 1/sdl.c
--- 2/sdl.c
+++ b/sdl.c
@@@ -685,15 -690,8 +739,13 @@@ void sdl_display_init(DisplayState *ds
          fprintf(stderr, "Could not initialize SDL - exiting\n");
          exit(1);
      }
 +#ifndef _WIN32
 +    /* NOTE: we still want Ctrl-C to work, so we undo the SDL redirections */
 +    signal(SIGINT, SIG_DFL);
 +    signal(SIGQUIT, SIG_DFL);
 +#endif
  
      dcl = qemu_mallocz(sizeof(DisplayChangeListener));
-     if (!dcl)
-         exit(1);
      dcl->dpy_update = sdl_update;
      dcl->dpy_resize = sdl_resize;
      dcl->dpy_refresh = sdl_refresh;

diff --cc sysemu.h
Simple merge

diff --cc usb-linux.c
Simple merge

diff --cc vl.c
index 61544498d642328d8f97c07e2a3f0c27f3cfa61f,d3863c493b7f024d9f09a463293e8b26ab6523f2..40b3b6eb7a86535498eb3a2c7388ae8b1d90088d
--- 1/vl.c
--- 2/vl.c
+++ b/vl.c
@@@ -2578,11 -2593,9 +2633,11 @@@ int drive_init(struct drive_opt *arg, i
      case IF_MTD:
      case IF_VIRTIO:
          break;
 +    case IF_BLKTAP:
 +        abort();
      }
      if (!file[0])
-         return 0;
+         return -2;
      bdrv_flags = 0;
      if (snapshot) {
          bdrv_flags |= BDRV_O_SNAPSHOT;
@@@ -4104,14 -4076,11 +4154,18 @@@ static void help(int exitcode
  #endif
             "-tb-size n      set TB size\n"
             "-incoming p     prepare for incoming migration, listen on port p\n"
+ #ifndef _WIN32
+            "-chroot dir     Chroot to dir just before starting the VM.\n"
+            "-runas user     Change to user id user just before starting the VM.\n"
+ #endif
             "\n"
 +         "Options specific to the Xen version:\n"
 +           "-videoram       set amount of memory available to virtual video adapter\n"
 +         "-direct-pci s   specify pci passthrough, with configuration string s\n"
 +           "-pciemulation       name:vendorid:deviceid:command:status:revision:classcode:headertype:subvendorid:subsystemid:interruputline:interruputpin\n"
 +           "-vncunused      bind the VNC server to an unused port\n"
 +           "-std-vga        alias for -vga std\n"
 +         "\n"
             "During emulation, the following keys are useful:\n"
             "ctrl-alt-f      toggle full screen\n"
             "ctrl-alt-n      switch to virtual console 'n'\n"
@@@ -4699,36 -4641,12 +4759,40 @@@ int main(int argc, char **argv, char **
      const char *pid_file = NULL;
      int autostart;
      const char *incoming = NULL;
+     int fd = 0;
+     struct passwd *pwd = NULL;
+     const char *chroot_dir = NULL;
+     const char *run_as = NULL;
  
      qemu_cache_utils_init(envp);
 +    logfile = stderr; /* initial value */
 +
 +#if !defined(__sun__) && !defined(CONFIG_STUBDOM)
 +    struct rlimit rl;
 +    /* Maximise rlimits. Needed where default constraints are tight (*BSD). */
 +    if (getrlimit(RLIMIT_STACK, &rl) != 0) {
 +       perror("getrlimit(RLIMIT_STACK)");
 +       exit(1);
 +    }
 +    rl.rlim_cur = rl.rlim_max;
 +    if (setrlimit(RLIMIT_STACK, &rl) != 0)
 +       perror("setrlimit(RLIMIT_STACK)");
 +    if (getrlimit(RLIMIT_DATA, &rl) != 0) {
 +       perror("getrlimit(RLIMIT_DATA)");
 +       exit(1);
 +    }
 +    rl.rlim_cur = rl.rlim_max;
 +    if (setrlimit(RLIMIT_DATA, &rl) != 0)
 +       perror("setrlimit(RLIMIT_DATA)");
 +    rl.rlim_cur = RLIM_INFINITY;
 +    rl.rlim_max = RLIM_INFINITY;
 +    if (setrlimit(RLIMIT_RSS, &rl) != 0)
 +       perror("setrlimit(RLIMIT_RSS)");
 +    rl.rlim_cur = RLIM_INFINITY;
 +    rl.rlim_max = RLIM_INFINITY;
 +    if (setrlimit(RLIMIT_MEMLOCK, &rl) != 0)
 +       perror("setrlimit(RLIMIT_MEMLOCK)");
 +#endif
  
      LIST_INIT (&vm_change_state_head);
  #ifndef _WIN32
@@@ -5783,13 -5618,11 +5856,15 @@@
          }
      }
  
 +    if (strlen(direct_pci_str) > 0)
 +        direct_pci = direct_pci_str;
 +
      machine->init(ram_size, vga_ram_size, boot_devices,
 -                  kernel_filename, kernel_cmdline, initrd_filename, cpu_model);
 +                  kernel_filename, kernel_cmdline, initrd_filename, cpu_model,
 +                direct_pci);
  
+     current_machine = machine;
+ 
      /* Set KVM's vcpu state to qemu's initial CPUState. */
      if (kvm_enabled()) {
          int ret;

diff --cc vnc_keysym.h
Simple merge