meta-xilinx: subtree update:eb4ba06eb1..96f122efe4
Mark Hatle (4):
meta-xilinx-standalone: Prevent user error, when meta-microblaze is required
meta-microblaze gdb: Backport gdb 9.2 from master YP, and lock down version
qemu-xilinx: lock down on YP 5.1.0 integration
newlib/libgloss: YP has moved to version 4.1.0, adjust accordingly
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: Ied7be0ecf17a377bbbf1366d1961bb77c68bf2d4
diff --git a/meta-xilinx/meta-microblaze/conf/layer.conf b/meta-xilinx/meta-microblaze/conf/layer.conf
index e4e4d90..794e107 100644
--- a/meta-xilinx/meta-microblaze/conf/layer.conf
+++ b/meta-xilinx/meta-microblaze/conf/layer.conf
@@ -12,3 +12,6 @@
LAYERDEPENDS_xilinx-microblaze = "core"
LAYERSERIES_COMPAT_xilinx-microblaze = "dunfell gatesgarth"
+
+# Until we've moved to a newer version, we need to stick on 9.2
+GDBVERSION_microblaze = "9.2"
diff --git a/meta-xilinx/meta-microblaze/recipes-core/newlib/libgloss_3.3.%.bbappend b/meta-xilinx/meta-microblaze/recipes-core/newlib/libgloss_4.1.%.bbappend
similarity index 100%
rename from meta-xilinx/meta-microblaze/recipes-core/newlib/libgloss_3.3.%.bbappend
rename to meta-xilinx/meta-microblaze/recipes-core/newlib/libgloss_4.1.%.bbappend
diff --git a/meta-xilinx/meta-microblaze/recipes-core/newlib/newlib_3.3.%.bbappend b/meta-xilinx/meta-microblaze/recipes-core/newlib/newlib_4.1.%.bbappend
similarity index 100%
rename from meta-xilinx/meta-microblaze/recipes-core/newlib/newlib_3.3.%.bbappend
rename to meta-xilinx/meta-microblaze/recipes-core/newlib/newlib_4.1.%.bbappend
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-9.2.inc b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-9.2.inc
new file mode 100644
index 0000000..017b61e
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-9.2.inc
@@ -0,0 +1,21 @@
+LICENSE = "GPLv2 & GPLv3 & LGPLv2 & LGPLv3"
+LIC_FILES_CHKSUM = "file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552 \
+ file://COPYING3;md5=d32239bcb673463ab874e80d47fae504 \
+ file://COPYING3.LIB;md5=6a6a8e020838b23406c81b19c1d46df6 \
+ file://COPYING.LIB;md5=9f604d8a4f8e74f4f5140845a21b6674"
+
+SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \
+ file://0001-make-man-install-relative-to-DESTDIR.patch \
+ file://0002-mips-linux-nat-Define-_ABIO32-if-not-defined.patch \
+ file://0003-ppc-ptrace-Define-pt_regs-uapi_pt_regs-on-GLIBC-syst.patch \
+ file://0004-Add-support-for-Renesas-SH-sh4-architecture.patch \
+ file://0005-Dont-disable-libreadline.a-when-using-disable-static.patch \
+ file://0006-use-asm-sgidefs.h.patch \
+ file://0007-Use-exorted-definitions-of-SIGRTMIN.patch \
+ file://0008-Change-order-of-CFLAGS.patch \
+ file://0009-resolve-restrict-keyword-conflict.patch \
+ file://0010-Fix-invalid-sigprocmask-call.patch \
+ file://0011-gdbserver-ctrl-c-handling.patch \
+ "
+SRC_URI[md5sum] = "db95524e554870209ab7d9f8fd8dc557"
+SRC_URI[sha256sum] = "360cd7ae79b776988e89d8f9a01c985d0b1fa21c767a4295e5f88cb49175c555"
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-common.inc b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-common.inc
new file mode 100644
index 0000000..08f615a
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-common.inc
@@ -0,0 +1,62 @@
+SUMMARY = "GNU debugger"
+HOMEPAGE = "http://www.gnu.org/software/gdb/"
+SECTION = "devel"
+DEPENDS = "expat zlib ncurses virtual/libiconv ${LTTNGUST} bison-native"
+
+LTTNGUST = "lttng-ust"
+LTTNGUST_arc = ""
+LTTNGUST_aarch64 = ""
+LTTNGUST_mipsarch = ""
+LTTNGUST_sh4 = ""
+
+inherit autotools texinfo
+
+UPSTREAM_CHECK_GITTAGREGEX = "gdb\-(?P<pver>.+)\-release"
+
+B = "${WORKDIR}/build-${TARGET_SYS}"
+
+EXTRA_OEMAKE = "'SUBDIRS=intl mmalloc libiberty opcodes bfd sim gdb etc utils'"
+
+EXPAT = "--with-expat --with-libexpat-prefix=${STAGING_DIR_HOST}"
+
+EXTRA_OECONF = "--disable-gdbtk --disable-x --disable-werror \
+ --with-curses --disable-multilib --disable-sim \
+ --without-lzma --without-guile \
+ ${GDBPROPREFIX} ${EXPAT} \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'multiarch', '--enable-64-bit-bfd', '', d)} \
+ --disable-rpath \
+ --disable-gas --disable-binutils \
+ --disable-ld --disable-gold \
+ --disable-gprof \
+"
+
+PACKAGECONFIG ??= "readline"
+# Use --without-system-readline to compile with readline 5.
+PACKAGECONFIG[readline] = "--with-system-readline,--without-system-readline,readline"
+PACKAGECONFIG[python] = "--with-python=${WORKDIR}/python,--without-python,python3,python3 python3-codecs"
+PACKAGECONFIG[babeltrace] = "--with-babeltrace,--without-babeltrace,babeltrace"
+# ncurses is already a hard DEPENDS, but would be added here if it weren't
+PACKAGECONFIG[tui] = "--enable-tui,--disable-tui"
+
+GDBPROPREFIX = "--program-prefix=''"
+
+do_configure () {
+ # override this function to avoid the autoconf/automake/aclocal/autoheader
+ # calls for now
+ (cd ${S} && gnu-configize) || die "failure in running gnu-configize"
+ oe_runconf
+}
+
+# we don't want gdb to provide bfd/iberty/opcodes, which instead will override the
+# right bits installed by binutils. Same for bfd.info -- also from binutils.
+do_install_append() {
+ rm -rf ${D}${libdir}
+ rm -rf ${D}${includedir}
+ rm -rf ${D}${datadir}/locale
+ rm -f ${D}${infodir}/bfd.info
+}
+
+RRECOMMENDS_gdb_append_linux = " glibc-thread-db "
+RRECOMMENDS_gdb_append_linux-gnueabi = " glibc-thread-db "
+RRECOMMENDS_gdbserver_append_linux = " glibc-thread-db "
+RRECOMMENDS_gdbserver_append_linux-gnueabi = " glibc-thread-db "
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-cross-canadian.inc b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-cross-canadian.inc
new file mode 100644
index 0000000..c9daf25
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-cross-canadian.inc
@@ -0,0 +1,42 @@
+inherit cross-canadian
+inherit python3-dir
+
+SUMMARY = "GNU debugger (cross-canadian gdb for ${TARGET_ARCH} target)"
+PN = "gdb-cross-canadian-${TRANSLATED_TARGET_ARCH}"
+BPN = "gdb"
+
+DEPENDS = "nativesdk-ncurses nativesdk-expat nativesdk-gettext \
+ virtual/${HOST_PREFIX}gcc-crosssdk virtual/${HOST_PREFIX}binutils-crosssdk virtual/nativesdk-libc"
+
+GDBPROPREFIX = "--program-prefix='${TARGET_PREFIX}'"
+
+# Overrides PACKAGECONFIG variables in gdb-common.inc
+PACKAGECONFIG ??= "python readline"
+PACKAGECONFIG[python] = "--with-python=${WORKDIR}/python,--without-python,nativesdk-python3, \
+ nativesdk-python3-core \
+ nativesdk-python3-codecs nativesdk-python3-netclient \
+ "
+PACKAGECONFIG[readline] = "--with-system-readline,--without-system-readline,nativesdk-readline"
+
+SSTATE_DUPWHITELIST += "${STAGING_DATADIR}/gdb"
+
+do_configure_prepend() {
+cat > ${WORKDIR}/python << EOF
+#! /bin/sh
+case "\$2" in
+ --includes) echo "-I${STAGING_INCDIR}/${PYTHON_DIR}${PYTHON_ABI}/" ;;
+ --ldflags) echo "-Wl,-rpath-link,${STAGING_LIBDIR}/.. -Wl,-rpath,${libdir}/.. -lpthread -ldl -lutil -lm -lpython${PYTHON_BASEVERSION}${PYTHON_ABI}" ;;
+ --exec-prefix) echo "${exec_prefix}" ;;
+ *) exit 1 ;;
+esac
+exit 0
+EOF
+ chmod +x ${WORKDIR}/python
+}
+
+# we don't want gdb to provide bfd/iberty/opcodes, which instead will override the
+# right bits installed by binutils.
+do_install_append() {
+ rm -rf ${D}${exec_prefix}/lib
+ cross_canadian_bindirlinks
+}
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-cross-canadian_9.2.bb b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-cross-canadian_9.2.bb
new file mode 100644
index 0000000..3010359
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-cross-canadian_9.2.bb
@@ -0,0 +1,3 @@
+require gdb-common.inc
+require gdb-cross-canadian.inc
+require gdb-${PV}.inc
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-cross.inc b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-cross.inc
new file mode 100644
index 0000000..ebe329f
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-cross.inc
@@ -0,0 +1,30 @@
+require gdb-common.inc
+
+DEPENDS = "expat-native ncurses-native flex-native bison-native"
+
+inherit python3native
+
+# Overrides PACKAGECONFIG variables in gdb-common.inc
+PACKAGECONFIG ??= "python readline"
+PACKAGECONFIG[python] = "--with-python=${PYTHON},--without-python,python3-native"
+PACKAGECONFIG[readline] = "--with-system-readline,--without-system-readline,readline-native"
+
+do_compile_prepend() {
+ export STAGING_LIBDIR="${STAGING_LIBDIR_NATIVE}"
+ export STAGING_INCDIR="${STAGING_INCDIR_NATIVE}"
+}
+
+#EXTRA_OEMAKE += "LDFLAGS='${BUILD_LDFLAGS}'"
+
+GDBPROPREFIX = ""
+
+PN = "gdb-cross-${TARGET_ARCH}"
+BPN = "gdb"
+
+# Ignore how TARGET_ARCH is computed.
+TARGET_ARCH[vardepvalue] = "${TARGET_ARCH}"
+
+inherit cross
+inherit gettext
+
+datadir .= "/gdb-${TARGET_SYS}${TARGET_VENDOR}-${TARGET_OS}"
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-cross_9.2.bb b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-cross_9.2.bb
new file mode 100644
index 0000000..50cf159
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb-cross_9.2.bb
@@ -0,0 +1,2 @@
+require gdb-cross.inc
+require gdb-${PV}.inc
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb.inc b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb.inc
new file mode 100644
index 0000000..249e24d
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb.inc
@@ -0,0 +1,14 @@
+require gdb-common.inc
+
+inherit gettext
+
+#LDFLAGS_append = " -s"
+#export CFLAGS_append=" -L${STAGING_LIBDIR}"
+
+# cross-canadian must not see this
+PACKAGES =+ "gdbserver"
+FILES_gdbserver = "${bindir}/gdbserver"
+
+ALLOW_EMPTY_gdbserver_riscv64 = "1"
+ALLOW_EMPTY_gdbserver_riscv32 = "1"
+
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0001-make-man-install-relative-to-DESTDIR.patch b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0001-make-man-install-relative-to-DESTDIR.patch
new file mode 100644
index 0000000..82287ea
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0001-make-man-install-relative-to-DESTDIR.patch
@@ -0,0 +1,25 @@
+From 036f8e1d387f65e52cb021dbb1bd28e8b75cf017 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 2 Mar 2015 02:27:55 +0000
+Subject: [PATCH] make man install relative to DESTDIR
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ sim/common/Makefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sim/common/Makefile.in b/sim/common/Makefile.in
+index c6de14122c..c4b1214946 100644
+--- a/sim/common/Makefile.in
++++ b/sim/common/Makefile.in
+@@ -35,7 +35,7 @@ tooldir = $(libdir)/$(target_alias)
+ datarootdir = @datarootdir@
+ datadir = @datadir@
+ mandir = @mandir@
+-man1dir = $(mandir)/man1
++man1dir = $(DESTDIR)$(mandir)/man1
+ infodir = @infodir@
+ includedir = @includedir@
+
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0002-mips-linux-nat-Define-_ABIO32-if-not-defined.patch b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0002-mips-linux-nat-Define-_ABIO32-if-not-defined.patch
new file mode 100644
index 0000000..6067caf
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0002-mips-linux-nat-Define-_ABIO32-if-not-defined.patch
@@ -0,0 +1,32 @@
+From 6bff2862f9597f324a9385eb2f828e838e51a8a1 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Wed, 23 Mar 2016 06:30:09 +0000
+Subject: [PATCH] mips-linux-nat: Define _ABIO32 if not defined
+
+This helps building gdb on mips64 on musl, since
+musl does not provide sgidefs.h this define is
+only defined when GCC is using o32 ABI, in that
+case gcc emits it as built-in define and hence
+it works ok for mips32
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ gdb/mips-linux-nat.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/gdb/mips-linux-nat.c b/gdb/mips-linux-nat.c
+index 104c972f24..7f575b3363 100644
+--- a/gdb/mips-linux-nat.c
++++ b/gdb/mips-linux-nat.c
+@@ -41,6 +41,10 @@
+ #ifndef PTRACE_GET_THREAD_AREA
+ #define PTRACE_GET_THREAD_AREA 25
+ #endif
++/* musl does not define and relies on compiler built-in macros for it */
++#ifndef _ABIO32
++#define _ABIO32 1
++#endif
+
+ class mips_linux_nat_target final : public linux_nat_trad_target
+ {
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0003-ppc-ptrace-Define-pt_regs-uapi_pt_regs-on-GLIBC-syst.patch b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0003-ppc-ptrace-Define-pt_regs-uapi_pt_regs-on-GLIBC-syst.patch
new file mode 100644
index 0000000..c4bab7b
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0003-ppc-ptrace-Define-pt_regs-uapi_pt_regs-on-GLIBC-syst.patch
@@ -0,0 +1,49 @@
+From d5817bcf2f7313699bfa85b41220d862db327664 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 30 Apr 2016 18:32:14 -0700
+Subject: [PATCH] ppc/ptrace: Define pt_regs uapi_pt_regs on !GLIBC systems
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ gdb/gdbserver/linux-ppc-low.c | 6 ++++++
+ gdb/nat/ppc-linux.h | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/gdb/gdbserver/linux-ppc-low.c b/gdb/gdbserver/linux-ppc-low.c
+index 5d8d67bec2..ffcf65ab58 100644
+--- a/gdb/gdbserver/linux-ppc-low.c
++++ b/gdb/gdbserver/linux-ppc-low.c
+@@ -23,7 +23,13 @@
+ #include "elf/common.h"
+ #include <sys/uio.h>
+ #include <elf.h>
++#if !defined(__GLIBC__)
++# define pt_regs uapi_pt_regs
++#endif
+ #include <asm/ptrace.h>
++#if !defined(__GLIBC__)
++# undef pt_regs
++#endif
+
+ #include "arch/ppc-linux-common.h"
+ #include "arch/ppc-linux-tdesc.h"
+diff --git a/gdb/nat/ppc-linux.h b/gdb/nat/ppc-linux.h
+index d937a65b69..1fd54b4a0e 100644
+--- a/gdb/nat/ppc-linux.h
++++ b/gdb/nat/ppc-linux.h
+@@ -18,7 +18,13 @@
+ #ifndef NAT_PPC_LINUX_H
+ #define NAT_PPC_LINUX_H
+
++#if !defined(__GLIBC__)
++# define pt_regs uapi_pt_regs
++#endif
+ #include <asm/ptrace.h>
++#if !defined(__GLIBC__)
++# undef pt_regs
++#endif
+ #include <asm/cputable.h>
+
+ /* This sometimes isn't defined. */
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0004-Add-support-for-Renesas-SH-sh4-architecture.patch b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0004-Add-support-for-Renesas-SH-sh4-architecture.patch
new file mode 100644
index 0000000..fd165d4
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0004-Add-support-for-Renesas-SH-sh4-architecture.patch
@@ -0,0 +1,911 @@
+From 505f10a0ea1a8bba0584859d9a348bb779593ec2 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 2 Mar 2015 02:31:12 +0000
+Subject: [PATCH] Add support for Renesas SH (sh4) architecture.
+
+gdb (7.4-1~cvs20111117.2) experimental; urgency=low
+ .
+ * Add Renesas SH (sh4) support (Closes: #576242)
+ - Thanks Nobuhiro Iwamatsu, Takashi Yoshii.
+Author: Hector Oron <zumbi@debian.org>
+Bug-Debian: http://bugs.debian.org/576242
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ gdb/Makefile.in | 2 +
+ gdb/configure.host | 1 +
+ gdb/sh-linux-tdep.c | 519 +++++++++++++++++++++++++++
+ gdb/sh-tdep.c | 53 ++-
+ gdb/sh-tdep.h | 49 +++
+ gdb/testsuite/gdb.asm/asm-source.exp | 5 +
+ gdb/testsuite/gdb.asm/sh.inc | 3 +-
+ gdb/testsuite/gdb.base/annota1.c | 3 +
+ gdb/testsuite/gdb.base/annota3.c | 4 +
+ gdb/testsuite/gdb.base/sigall.c | 3 +
+ gdb/testsuite/gdb.base/signals.c | 4 +
+ 11 files changed, 617 insertions(+), 29 deletions(-)
+
+diff --git a/gdb/Makefile.in b/gdb/Makefile.in
+index c3e074b21f..42dd7af59c 100644
+--- a/gdb/Makefile.in
++++ b/gdb/Makefile.in
+@@ -2317,6 +2317,8 @@ ALLDEPFILES = \
+ sh-nbsd-nat.c \
+ sh-nbsd-tdep.c \
+ sh-tdep.c \
++ sh-linux-tdep.c \
++ sh-linux-nat.c \
+ sol2-tdep.c \
+ solib-aix.c \
+ solib-svr4.c \
+diff --git a/gdb/configure.host b/gdb/configure.host
+index ce52823729..5b5173a71a 100644
+--- a/gdb/configure.host
++++ b/gdb/configure.host
+@@ -148,6 +148,7 @@ riscv*-*-linux*) gdb_host=linux ;;
+
+ s390*-*-linux*) gdb_host=linux ;;
+
++sh*-*-linux*) gdb_host=linux ;;
+ sh*-*-netbsdelf* | sh*-*-knetbsd*-gnu)
+ gdb_host=nbsd ;;
+ sh*-*-openbsd*) gdb_host=nbsd ;;
+diff --git a/gdb/sh-linux-tdep.c b/gdb/sh-linux-tdep.c
+index 13c10eeeda..1d0d583a64 100644
+--- a/gdb/sh-linux-tdep.c
++++ b/gdb/sh-linux-tdep.c
+@@ -18,14 +18,37 @@
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+ #include "defs.h"
++#include "gdbcore.h"
++#include "frame.h"
++#include "frame-base.h"
++#include "frame-unwind.h"
++#include "dwarf2-frame.h"
++#include "value.h"
++#include "regcache.h"
++#include "inferior.h"
+ #include "osabi.h"
+
++#include "reggroups.h"
++#include "arch-utils.h"
++#include "floatformat.h"
+ #include "solib-svr4.h"
+ #include "symtab.h"
++#include "gdb_string.h"
++#include "command.h"
++#include "gdb_assert.h"
+
+ #include "trad-frame.h"
+ #include "tramp-frame.h"
+
++#include <sys/ptrace.h>
++#include <sys/types.h>
++#include <sys/param.h>
++#include <sys/user.h>
++#include <sys/syscall.h>
++
++#include <asm/ptrace.h>
++
++#include "regset.h"
+ #include "glibc-tdep.h"
+ #include "sh-tdep.h"
+ #include "linux-tdep.h"
+@@ -181,9 +204,505 @@ static struct tramp_frame sh_linux_rt_sigreturn_tramp_frame = {
+ sh_linux_rt_sigreturn_init
+ };
+
++/* Recognizing signal handler frames. */
++
++/* GNU/Linux has two flavors of signals. Normal signal handlers, and
++ "realtime" (RT) signals. The RT signals can provide additional
++ information to the signal handler if the SA_SIGINFO flag is set
++ when establishing a signal handler using `sigaction'. It is not
++ unlikely that future versions of GNU/Linux will support SA_SIGINFO
++ for normal signals too. */
++
++/* When the SH Linux kernel calls a signal handler and the
++ SA_RESTORER flag isn't set, the return address points to a bit of
++ code on the stack. This function returns whether the PC appears to
++ be within this bit of code.
++
++ The instruction sequence for normal signals is
++ mov.w 1f,r3
++ trapa #16
++ or r0, r0
++ or r0, r0
++ or r0, r0
++ or r0, r0
++ or r0, r0
++ 1: .word __NR_sigreturn
++ or 0x9305 0xc310 0x200b 0x200b 0x200b 0x200b 0x200b 0x0077.
++
++ Checking for the code sequence should be somewhat reliable, because
++ the effect is to call the system call sigreturn. This is unlikely
++ to occur anywhere other than a signal trampoline.
++
++ It kind of sucks that we have to read memory from the process in
++ order to identify a signal trampoline, but there doesn't seem to be
++ any other way. The PC_IN_SIGTRAMP macro in tm-linux.h arranges to
++ only call us if no function name could be identified, which should
++ be the case since the code is on the stack.
++
++ Detection of signal trampolines for handlers that set the
++ SA_RESTORER flag is in general not possible. Unfortunately this is
++ what the GNU C Library has been doing for quite some time now.
++ However, as of version 2.1.2, the GNU C Library uses signal
++ trampolines (named __restore and __restore_rt) that are identical
++ to the ones used by the kernel. Therefore, these trampolines are
++ supported too. */
++
++#define MOVW(n) (0x9300|((n)-2)) /* Move mem word at PC+n to R3 */
++#define TRAP16 0xc310 /* Syscall w/no args (NR in R3) */
++#define OR_R0_R0 0x200b /* or r0,r0 (insert to avoid hardware bug) */
++
++#define LINUX_SIGTRAMP_INSN0 MOVW(7) /* Move mem word at PC+7 to R3 */
++#define LINUX_SIGTRAMP_INSN1 TRAP16 /* Syscall w/no args (NR in R3) */
++#define LINUX_SIGTRAMP_INSN2 OR_R0_R0 /* or r0,r0 (insert to avoid hardware bug) */
++
++static const unsigned short linux_sigtramp_code[] =
++{
++ LINUX_SIGTRAMP_INSN0,
++ LINUX_SIGTRAMP_INSN1,
++ LINUX_SIGTRAMP_INSN2,
++ LINUX_SIGTRAMP_INSN2,
++ LINUX_SIGTRAMP_INSN2,
++ LINUX_SIGTRAMP_INSN2,
++ LINUX_SIGTRAMP_INSN2,
++ __NR_sigreturn
++};
++
++#define LINUX_SIGTRAMP_LEN (sizeof linux_sigtramp_code)
++
++/* If PC is in a sigtramp routine, return the address of the start of
++ the routine. Otherwise, return 0. */
++
++static CORE_ADDR
++sh_linux_sigtramp_start (struct frame_info *next_frame)
++{
++ CORE_ADDR pc = get_frame_pc (next_frame);
++ gdb_byte buf[LINUX_SIGTRAMP_LEN];
++
++ /* We only recognize a signal trampoline if PC is at the start of
++ one of the three instructions. We optimize for finding the PC at
++ the start, as will be the case when the trampoline is not the
++ first frame on the stack. We assume that in the case where the
++ PC is not at the start of the instruction sequence, there will be
++ a few trailing readable bytes on the stack. */
++
++ if (!safe_frame_unwind_memory (next_frame, pc, buf, LINUX_SIGTRAMP_LEN))
++ return 0;
++
++ if (buf[0] != LINUX_SIGTRAMP_INSN0)
++ {
++ if (buf[0] != LINUX_SIGTRAMP_INSN1)
++ return 0;
++
++ pc -= 2;
++
++ if (!safe_frame_unwind_memory (next_frame, pc, buf, LINUX_SIGTRAMP_LEN))
++ return 0;
++ }
++
++ if (memcmp (buf, linux_sigtramp_code, LINUX_SIGTRAMP_LEN) != 0)
++ return 0;
++
++ return pc;
++}
++
++/* This function does the same for RT signals. Here the instruction
++ sequence is
++ mov.w 1f,r3
++ trapa #16
++ or r0, r0
++ or r0, r0
++ or r0, r0
++ or r0, r0
++ or r0, r0
++ 1: .word __NR_rt_sigreturn
++ or 0x9305 0xc310 0x200b 0x200b 0x200b 0x200b 0x200b 0x00ad.
++
++ The effect is to call the system call rt_sigreturn. */
++
++#define LINUX_RT_SIGTRAMP_INSN0 MOVW(7) /* Move mem word at PC+7 to R3 */
++#define LINUX_RT_SIGTRAMP_INSN1 TRAP16 /* Syscall w/no args (NR in R3) */
++#define LINUX_RT_SIGTRAMP_INSN2 OR_R0_R0 /* or r0,r0 (insert to avoid hardware bug) */
++
++static const unsigned short linux_rt_sigtramp_code[] =
++{
++ LINUX_RT_SIGTRAMP_INSN0,
++ LINUX_RT_SIGTRAMP_INSN1,
++ LINUX_RT_SIGTRAMP_INSN2,
++ LINUX_RT_SIGTRAMP_INSN2,
++ LINUX_RT_SIGTRAMP_INSN2,
++ LINUX_RT_SIGTRAMP_INSN2,
++ LINUX_RT_SIGTRAMP_INSN2,
++ __NR_rt_sigreturn
++};
++
++#define LINUX_RT_SIGTRAMP_LEN (sizeof linux_rt_sigtramp_code)
++
++/* If PC is in a RT sigtramp routine, return the address of the start
++ of the routine. Otherwise, return 0. */
++
++static CORE_ADDR
++sh_linux_rt_sigtramp_start (struct frame_info *next_frame)
++{
++ CORE_ADDR pc = get_frame_pc (next_frame);
++ gdb_byte buf[LINUX_RT_SIGTRAMP_LEN];
++
++ /* We only recognize a signal trampoline if PC is at the start of
++ one of the two instructions. We optimize for finding the PC at
++ the start, as will be the case when the trampoline is not the
++ first frame on the stack. We assume that in the case where the
++ PC is not at the start of the instruction sequence, there will be
++ a few trailing readable bytes on the stack. */
++
++ if (!safe_frame_unwind_memory (next_frame, pc, buf, LINUX_RT_SIGTRAMP_LEN))
++ return 0;
++
++ if (buf[0] != LINUX_RT_SIGTRAMP_INSN0)
++ {
++ if (buf[0] != LINUX_RT_SIGTRAMP_INSN1)
++ return 0;
++
++ pc -= 2;
++
++ if (!safe_frame_unwind_memory (next_frame, pc, buf,
++ LINUX_RT_SIGTRAMP_LEN))
++ return 0;
++ }
++
++ if (memcmp (buf, linux_rt_sigtramp_code, LINUX_RT_SIGTRAMP_LEN) != 0)
++ return 0;
++
++ return pc;
++}
++
++/* Return whether PC is in a GNU/Linux sigtramp routine. */
++
++static int
++sh_linux_sigtramp_p (struct frame_info *this_frame)
++{
++ CORE_ADDR pc = get_frame_pc (this_frame);
++ char *name;
++
++ find_pc_partial_function (pc, &name, NULL, NULL);
++
++ /* If we have NAME, we can optimize the search. The trampolines are
++ named __restore and __restore_rt. However, they aren't dynamically
++ exported from the shared C library, so the trampoline may appear to
++ be part of the preceding function. This should always be sigaction,
++ __sigaction, or __libc_sigaction (all aliases to the same function). */
++ if (name == NULL || strstr (name, "sigaction") != NULL)
++ return (sh_linux_sigtramp_start (this_frame) != 0
++ || sh_linux_rt_sigtramp_start (this_frame) != 0);
++
++ return (strcmp ("__restore", name) == 0
++ || strcmp ("__restore_rt", name) == 0);
++}
++
++/* Offset to struct sigcontext in ucontext, from <asm/ucontext.h>. */
++#define SH_LINUX_UCONTEXT_SIGCONTEXT_OFFSET 12
++
++
++/* Assuming NEXT_FRAME is a frame following a GNU/Linux sigtramp
++ routine, return the address of the associated sigcontext structure. */
++
++static CORE_ADDR
++sh_linux_sigcontext_addr (struct frame_info *this_frame)
++{
++ CORE_ADDR pc;
++ CORE_ADDR sp;
++
++ sp = get_frame_register_unsigned (this_frame, SP_REGNUM);
++
++ pc = sh_linux_sigtramp_start (this_frame);
++ if (pc)
++ {
++ return sp;
++ }
++
++ pc = sh_linux_rt_sigtramp_start (this_frame);
++ if (pc)
++ {
++ CORE_ADDR ucontext_addr;
++
++ /* The sigcontext structure is part of the user context. A
++ pointer to the user context is passed as the third argument
++ to the signal handler. */
++ ucontext_addr = get_frame_register_unsigned (this_frame, ARG0_REGNUM+2);
++ return ucontext_addr + SH_LINUX_UCONTEXT_SIGCONTEXT_OFFSET;
++ }
++
++ error ("Couldn't recognize signal trampoline.");
++ return 0;
++}
++
++/* Signal trampolines. */
++extern struct sh_frame_cache *sh_alloc_frame_cache (void);
++
++static struct sh_frame_cache *
++sh_linux_sigtramp_frame_cache (struct frame_info *this_frame, void **this_cache)
++{
++ struct sh_frame_cache *cache;
++ struct gdbarch_tdep *tdep = gdbarch_tdep (get_current_arch ());
++ CORE_ADDR sigcontext_addr;
++
++ if (*this_cache)
++ return *this_cache;
++
++ cache = sh_alloc_frame_cache ();
++
++ cache->base = get_frame_register_unsigned (this_frame, SP_REGNUM);
++ sigcontext_addr = tdep->sigcontext_addr (this_frame);
++ if (tdep->sc_reg_offset)
++ {
++ int i;
++
++ gdb_assert (tdep->sc_num_regs <= SH_NUM_REGS);
++
++ for (i = 0; i < tdep->sc_num_regs; i++)
++ if (tdep->sc_reg_offset[i] != -1)
++ cache->saved_regs[i] = sigcontext_addr + tdep->sc_reg_offset[i];
++ }
++
++ *this_cache = cache;
++ return cache;
++}
++
++static void
++sh_linux_sigtramp_frame_this_id (struct frame_info *this_frame, void **this_cache,
++ struct frame_id *this_id)
++{
++ struct sh_frame_cache *cache =
++ sh_linux_sigtramp_frame_cache (this_frame, this_cache);
++
++ (*this_id) = frame_id_build (cache->base + 64, cache->pc);
++}
++
++extern struct value * sh_frame_prev_register ();
++static struct value *
++sh_linux_sigtramp_frame_prev_register (struct frame_info *this_frame,
++ void **this_cache, int regnum)
++{
++ sh_linux_sigtramp_frame_cache (this_frame, this_cache);
++
++ return sh_frame_prev_register (this_frame, this_cache, regnum);
++}
++
++static int
++sh_linux_sigtramp_frame_sniffer (const struct frame_unwind *self,
++ struct frame_info *this_frame,
++ void **this_prologue_cache)
++{
++ struct gdbarch_tdep *tdep = gdbarch_tdep (get_frame_arch (this_frame));
++
++ /* We shouldn't even bother if we don't have a sigcontext_addr
++ handler. */
++ if (tdep->sigcontext_addr == NULL)
++ return 0;
++
++ if (tdep->sigtramp_p != NULL)
++ {
++ if (tdep->sigtramp_p (this_frame))
++ return 1;
++ }
++
++ return 0;
++}
++
++static const struct frame_unwind sh_linux_sigtramp_frame_unwind =
++{
++ SIGTRAMP_FRAME,
++ sh_linux_sigtramp_frame_this_id,
++ sh_linux_sigtramp_frame_prev_register,
++ NULL,
++ sh_linux_sigtramp_frame_sniffer
++};
++
++/* Supply register REGNUM from the buffer specified by GREGS and LEN
++ in the general-purpose register set REGSET to register cache
++ REGCACHE. If REGNUM is -1, do this for all registers in REGSET. */
++
++void
++sh_supply_gregset (const struct regset *regset, struct regcache *regcache,
++ int regnum, const void *gregs, size_t len)
++{
++ const struct gdbarch_tdep *tdep = gdbarch_tdep (regset->arch);
++ const char *regs = gregs;
++ int i;
++
++ gdb_assert (len == tdep->sizeof_gregset);
++
++ for (i = 0; i < tdep->gregset_num_regs; i++)
++ {
++ if ((regnum == i || regnum == -1)
++ && tdep->gregset_reg_offset[i] != -1)
++ regcache_raw_supply (regcache, i, regs + tdep->gregset_reg_offset[i]);
++ }
++}
++
++/* Collect register REGNUM from the register cache REGCACHE and store
++ it in the buffer specified by GREGS and LEN as described by the
++ general-purpose register set REGSET. If REGNUM is -1, do this for
++ all registers in REGSET. */
++
++void
++sh_collect_gregset (const struct regset *regset,
++ const struct regcache *regcache,
++ int regnum, void *gregs, size_t len)
++{
++ const struct gdbarch_tdep *tdep = gdbarch_tdep (regset->arch);
++ char *regs = gregs;
++ int i;
++
++ gdb_assert (len == tdep->sizeof_gregset);
++
++ for (i = 0; i < tdep->gregset_num_regs; i++)
++ {
++ if ((regnum == i || regnum == -1)
++ && tdep->gregset_reg_offset[i] != -1)
++ regcache_raw_collect (regcache, i, regs + tdep->gregset_reg_offset[i]);
++ }
++}
++
++/* Supply register REGNUM from the buffer specified by FPREGS and LEN
++ in the floating-point register set REGSET to register cache
++ REGCACHE. If REGNUM is -1, do this for all registers in REGSET. */
++
++static void
++sh_supply_fpregset (const struct regset *regset, struct regcache *regcache,
++ int regnum, const void *fpregs, size_t len)
++{
++ const struct gdbarch_tdep *tdep = gdbarch_tdep (regset->arch);
++ const char *regs = fpregs;
++ int i;
++
++ gdb_assert (len == tdep->sizeof_fpregset);
++ for (i = 0; i < 16; i++)
++ {
++ if (regnum == i+25 || regnum == -1)
++ regcache_raw_supply (regcache, i+25, regs + i*4);
++ }
++ if (regnum == FPSCR_REGNUM || regnum == -1)
++ regcache_raw_supply (regcache, FPSCR_REGNUM, regs + 32*4);
++ if (regnum == FPUL_REGNUM || regnum == -1)
++ regcache_raw_supply (regcache, FPUL_REGNUM, regs + 33*4);
++}
++
++/* Collect register REGNUM from the register cache REGCACHE and store
++ it in the buffer specified by FPREGS and LEN as described by the
++ floating-point register set REGSET. If REGNUM is -1, do this for
++ all registers in REGSET. */
++
++static void
++sh_collect_fpregset (const struct regset *regset,
++ const struct regcache *regcache,
++ int regnum, void *fpregs, size_t len)
++{
++ const struct gdbarch_tdep *tdep = gdbarch_tdep (regset->arch);
++ char *regs = fpregs;
++ int i;
++
++ gdb_assert (len == tdep->sizeof_fpregset);
++ for (i = 0; i < 16; i++)
++ {
++ if (regnum == i+25 || regnum == -1)
++ regcache_raw_collect (regcache, i+25, regs + i*4);
++ }
++ if (regnum == FPSCR_REGNUM || regnum == -1)
++ regcache_raw_collect (regcache, FPSCR_REGNUM, regs + 32*4);
++ if (regnum == FPUL_REGNUM || regnum == -1)
++ regcache_raw_collect (regcache, FPUL_REGNUM, regs + 33*4);
++}
++
++/* Return the appropriate register set for the core section identified
++ by SECT_NAME and SECT_SIZE. */
++
++const struct regset *
++sh_linux_regset_from_core_section (struct gdbarch *gdbarch,
++ const char *sect_name, size_t sect_size)
++{
++ struct gdbarch_tdep *tdep = gdbarch_tdep (gdbarch);
++
++ if (strcmp (sect_name, ".reg") == 0 && sect_size == tdep->sizeof_gregset)
++ {
++ if (tdep->gregset == NULL)
++ tdep->gregset = regset_alloc (gdbarch, sh_supply_gregset,
++ sh_collect_gregset);
++ return tdep->gregset;
++ }
++
++ if ((strcmp (sect_name, ".reg2") == 0 && sect_size == tdep->sizeof_fpregset))
++ {
++ if (tdep->fpregset == NULL)
++ tdep->fpregset = regset_alloc (gdbarch, sh_supply_fpregset,
++ sh_collect_fpregset);
++ return tdep->fpregset;
++ }
++
++ return NULL;
++}
++
++/* The register sets used in GNU/Linux ELF core-dumps are identical to
++ the register sets in `struct user' that are used for a.out
++ core-dumps. These are also used by ptrace(2). The corresponding
++ types are `elf_gregset_t' for the general-purpose registers (with
++ `elf_greg_t' the type of a single GP register) and `elf_fpregset_t'
++ for the floating-point registers.
++
++ Those types used to be available under the names `gregset_t' and
++ `fpregset_t' too, and GDB used those names in the past. But those
++ names are now used for the register sets used in the `mcontext_t'
++ type, which have a different size and layout. */
++
++/* Mapping between the general-purpose registers in `struct user'
++ format and GDB's register cache layout. */
++
++/* From <sys/reg.h>. */
++static int sh_linux_gregset_reg_offset[] =
++{
++ 0, 4, 8, 12, 16, 20, 24, 28,
++ 32, 36, 40, 44, 48, 52, 56, 60,
++
++ REG_PC*4, REG_PR*4, REG_GBR*4, -1,
++ REG_MACH*4, REG_MACL*4, REG_SR*4,
++};
++
++/* Mapping between the general-purpose registers in `struct
++ sigcontext' format and GDB's register cache layout. */
++
++/* From <asm/sigcontext.h>. */
++static int sh_linux_sc_reg_offset[] =
++{
++ 4, 8, 12, 16, 20, 24, 28, 32,
++ 36, 40, 44, 48, 52, 56, 60, 64,
++ 68, 72, 80, -1,
++ 84, 88, 76
++};
++
+ static void
+ sh_linux_init_abi (struct gdbarch_info info, struct gdbarch *gdbarch)
+ {
++ struct gdbarch_tdep *tdep = gdbarch_tdep (gdbarch);
++ bfd abfd;
++
++ tdep->gregset_reg_offset = sh_linux_gregset_reg_offset;
++ tdep->gregset_num_regs = ARRAY_SIZE (sh_linux_gregset_reg_offset);
++ tdep->sizeof_gregset = 23 * 4;
++
++ tdep->jb_pc_offset = 32; /* From <bits/setjmp.h>. */
++
++ tdep->sigtramp_p = sh_linux_sigtramp_p;
++ tdep->sigcontext_addr = sh_linux_sigcontext_addr;
++ tdep->sc_reg_offset = sh_linux_sc_reg_offset;
++ tdep->sc_num_regs = ARRAY_SIZE (sh_linux_sc_reg_offset);
++
++ frame_unwind_append_unwinder(gdbarch, &sh_linux_sigtramp_frame_unwind);
++
++ /* If we have a register mapping, enable the generic core file
++ support, unless it has already been enabled. */
++ if (tdep->gregset_reg_offset
++ && !gdbarch_regset_from_core_section_p (gdbarch))
++ set_gdbarch_regset_from_core_section (gdbarch,
++ sh_linux_regset_from_core_section);
++
+ linux_init_abi (info, gdbarch);
+
+ /* GNU/Linux uses SVR4-style shared libraries. */
+diff --git a/gdb/sh-tdep.c b/gdb/sh-tdep.c
+index e3aee0ac28..5958cf3688 100644
+--- a/gdb/sh-tdep.c
++++ b/gdb/sh-tdep.c
+@@ -21,6 +21,9 @@
+ sac@cygnus.com. */
+
+ #include "defs.h"
++#include "arch-utils.h"
++#include "command.h"
++#include "dummy-frame.h"
+ #include "frame.h"
+ #include "frame-base.h"
+ #include "frame-unwind.h"
+@@ -66,23 +69,6 @@ static const char *const sh_cc_enum[] = {
+
+ static const char *sh_active_calling_convention = sh_cc_gcc;
+
+-#define SH_NUM_REGS 67
+-
+-struct sh_frame_cache
+-{
+- /* Base address. */
+- CORE_ADDR base;
+- LONGEST sp_offset;
+- CORE_ADDR pc;
+-
+- /* Flag showing that a frame has been created in the prologue code. */
+- int uses_fp;
+-
+- /* Saved registers. */
+- CORE_ADDR saved_regs[SH_NUM_REGS];
+- CORE_ADDR saved_sp;
+-};
+-
+ static int
+ sh_is_renesas_calling_convention (struct type *func_type)
+ {
+@@ -1050,7 +1036,7 @@ sh_treat_as_flt_p (struct type *type)
+ return 0;
+ /* Otherwise if the type of that member is float, the whole type is
+ treated as float. */
+- if (TYPE_CODE (TYPE_FIELD_TYPE (type, 0)) == TYPE_CODE_FLT)
++ if (TYPE_CODE (check_typedef (TYPE_FIELD_TYPE (type, 0))) == TYPE_CODE_FLT)
+ return 1;
+ /* Otherwise it's not treated as float. */
+ return 0;
+@@ -1100,7 +1086,7 @@ sh_push_dummy_call_fpu (struct gdbarch *gdbarch,
+ in four registers available. Loop thru args from first to last. */
+ for (argnum = 0; argnum < nargs; argnum++)
+ {
+- type = value_type (args[argnum]);
++ type = check_typedef (value_type (args[argnum]));
+ len = TYPE_LENGTH (type);
+ val = sh_justify_value_in_reg (gdbarch, args[argnum], len);
+
+@@ -1835,7 +1821,7 @@ sh_dwarf2_frame_init_reg (struct gdbarch *gdbarch, int regnum,
+ reg->how = DWARF2_FRAME_REG_UNDEFINED;
+ }
+
+-static struct sh_frame_cache *
++struct sh_frame_cache *
+ sh_alloc_frame_cache (void)
+ {
+ struct sh_frame_cache *cache;
+@@ -1862,7 +1848,7 @@ sh_alloc_frame_cache (void)
+ return cache;
+ }
+
+-static struct sh_frame_cache *
++struct sh_frame_cache *
+ sh_frame_cache (struct frame_info *this_frame, void **this_cache)
+ {
+ struct gdbarch *gdbarch = get_frame_arch (this_frame);
+@@ -1929,9 +1915,9 @@ sh_frame_cache (struct frame_info *this_frame, void **this_cache)
+ return cache;
+ }
+
+-static struct value *
+-sh_frame_prev_register (struct frame_info *this_frame,
+- void **this_cache, int regnum)
++struct value *
++sh_frame_prev_register (struct frame_info *this_frame, void **this_cache,
++ int regnum)
+ {
+ struct gdbarch *gdbarch = get_frame_arch (this_frame);
+ struct sh_frame_cache *cache = sh_frame_cache (this_frame, this_cache);
+@@ -1945,7 +1931,7 @@ sh_frame_prev_register (struct frame_info *this_frame,
+ the current frame. Frob regnum so that we pull the value from
+ the correct place. */
+ if (regnum == gdbarch_pc_regnum (gdbarch))
+- regnum = PR_REGNUM;
++ regnum = PR_REGNUM; /* XXX: really? */
+
+ if (regnum < SH_NUM_REGS && cache->saved_regs[regnum] != -1)
+ return frame_unwind_got_memory (this_frame, regnum,
+@@ -2234,8 +2220,8 @@ sh_return_in_first_hidden_param_p (struct gdbarch *gdbarch,
+ static struct gdbarch *
+ sh_gdbarch_init (struct gdbarch_info info, struct gdbarch_list *arches)
+ {
+- struct gdbarch *gdbarch;
+ struct gdbarch_tdep *tdep;
++ struct gdbarch *gdbarch;
+
+ /* If there is already a candidate, use it. */
+ arches = gdbarch_list_lookup_by_info (arches, &info);
+@@ -2247,6 +2233,18 @@ sh_gdbarch_init (struct gdbarch_info info, struct gdbarch_list *arches)
+ tdep = XCNEW (struct gdbarch_tdep);
+ gdbarch = gdbarch_alloc (&info, tdep);
+
++ /* General-purpose registers. */
++ tdep->gregset = NULL;
++ tdep->gregset_reg_offset = NULL;
++ tdep->gregset_num_regs = 23;
++ tdep->sizeof_gregset = 0;
++
++ /* Floating-point registers. */
++ tdep->fpregset = NULL;
++ tdep->sizeof_fpregset = 34*4;
++
++ tdep->jb_pc_offset = -1;
++
+ set_gdbarch_short_bit (gdbarch, 2 * TARGET_CHAR_BIT);
+ set_gdbarch_int_bit (gdbarch, 4 * TARGET_CHAR_BIT);
+ set_gdbarch_long_bit (gdbarch, 4 * TARGET_CHAR_BIT);
+@@ -2398,10 +2396,11 @@ sh_gdbarch_init (struct gdbarch_info info, struct gdbarch_list *arches)
+ break;
+ }
+
++ dwarf2_append_unwinders (gdbarch);
++
+ /* Hook in ABI-specific overrides, if they have been registered. */
+ gdbarch_init_osabi (info, gdbarch);
+
+- dwarf2_append_unwinders (gdbarch);
+ frame_unwind_append_unwinder (gdbarch, &sh_stub_unwind);
+ frame_unwind_append_unwinder (gdbarch, &sh_frame_unwind);
+
+diff --git a/gdb/sh-tdep.h b/gdb/sh-tdep.h
+index 76e2e76e39..2710f63010 100644
+--- a/gdb/sh-tdep.h
++++ b/gdb/sh-tdep.h
+@@ -21,6 +21,12 @@
+
+ /* Contributed by Steve Chamberlain sac@cygnus.com. */
+
++struct frame_info;
++struct gdbarch;
++struct reggroup;
++struct regset;
++struct regcache;
++
+ /* Registers for all SH variants. Used also by sh3-rom.c. */
+ enum
+ {
+@@ -29,6 +35,7 @@ enum
+ ARG0_REGNUM = 4,
+ ARGLAST_REGNUM = 7,
+ FP_REGNUM = 14,
++ SP_REGNUM = 15,
+ PC_REGNUM = 16,
+ PR_REGNUM = 17,
+ GBR_REGNUM = 18,
+@@ -81,6 +88,24 @@ enum
+ FV0_REGNUM = 76,
+ FV_LAST_REGNUM = 79
+ };
++#define SH_NUM_REGS 67
++
++struct sh_frame_cache
++{
++ /* Base address. */
++ CORE_ADDR base;
++ LONGEST sp_offset;
++ CORE_ADDR pc;
++
++ /* Flag showing that a frame has been created in the prologue code. */
++ int uses_fp;
++
++ /* Saved registers. */
++ CORE_ADDR saved_regs[SH_NUM_REGS];
++ CORE_ADDR saved_sp;
++};
++
++extern struct sh_frame_cache *sh_frame_cache (struct frame_info *next_frame, void **this_cache);
+
+ /* This structure describes a register in a core-file. */
+ struct sh_corefile_regmap
+@@ -89,8 +114,32 @@ struct sh_corefile_regmap
+ unsigned int offset;
+ };
+
++/* sh architecture specific information. */
+ struct gdbarch_tdep
+ {
++ /* General-purpose registers. */
++ struct regset *gregset;
++ int *gregset_reg_offset;
++ int gregset_num_regs;
++ size_t sizeof_gregset;
++
++ /* Floating-point registers. */
++ struct regset *fpregset;
++ size_t sizeof_fpregset;
++
++ /* Offset of saved PC in jmp_buf. */
++ int jb_pc_offset;
++
++ /* Detect sigtramp. */
++ int (*sigtramp_p) (struct frame_info *);
++
++ /* Get address of sigcontext for sigtramp. */
++ CORE_ADDR (*sigcontext_addr) (struct frame_info *);
++
++ /* Offset of registers in `struct sigcontext'. */
++ int *sc_reg_offset;
++ int sc_num_regs;
++
+ /* Non-NULL when debugging from a core file. Provides the offset
+ where each general-purpose register is stored inside the associated
+ core file section. */
+diff --git a/gdb/testsuite/gdb.asm/asm-source.exp b/gdb/testsuite/gdb.asm/asm-source.exp
+index 4914498f98..6e25cbed18 100644
+--- a/gdb/testsuite/gdb.asm/asm-source.exp
++++ b/gdb/testsuite/gdb.asm/asm-source.exp
+@@ -116,6 +116,11 @@ switch -glob -- [istarget] {
+ append link-flags " -m elf32ppc"
+ }
+ }
++ "sh*-linux*" {
++ set asm-arch sh-linux
++ set asm-flags "-I${srcdir}/${subdir} -I${objdir}/${subdir}"
++ set debug-flags "-gdwarf-2"
++ }
+ "sh*-*-*" {
+ set asm-arch sh
+ set debug-flags "-gdwarf-2"
+diff --git a/gdb/testsuite/gdb.asm/sh.inc b/gdb/testsuite/gdb.asm/sh.inc
+index a4a5fc545e..89efed7795 100644
+--- a/gdb/testsuite/gdb.asm/sh.inc
++++ b/gdb/testsuite/gdb.asm/sh.inc
+@@ -40,9 +40,8 @@
+ mov.l .Lconst\@,r1
+ bra .Lafterconst\@
+ nop
+- nop
+-.Lconst\@:
+ .align 2
++.Lconst\@:
+ .long \subr
+ .align 1
+ .Lafterconst\@:
+diff --git a/gdb/testsuite/gdb.base/annota1.c b/gdb/testsuite/gdb.base/annota1.c
+index 424e1b8327..0de2e7b633 100644
+--- a/gdb/testsuite/gdb.base/annota1.c
++++ b/gdb/testsuite/gdb.base/annota1.c
+@@ -1,6 +1,9 @@
+ #include <stdio.h>
+ #include <signal.h>
+
++#ifdef __sh__
++#define signal(a,b) /* Signals not supported on this target - make them go away */
++#endif
+
+ void
+ handle_USR1 (int sig)
+diff --git a/gdb/testsuite/gdb.base/annota3.c b/gdb/testsuite/gdb.base/annota3.c
+index 424e1b8327..952aaf218a 100644
+--- a/gdb/testsuite/gdb.base/annota3.c
++++ b/gdb/testsuite/gdb.base/annota3.c
+@@ -1,6 +1,10 @@
+ #include <stdio.h>
+ #include <signal.h>
+
++#ifdef __sh__
++#define signal(a,b) /* Signals not supported on this target - make them go away */
++#endif
++
+
+ void
+ handle_USR1 (int sig)
+diff --git a/gdb/testsuite/gdb.base/sigall.c b/gdb/testsuite/gdb.base/sigall.c
+index 81f3b08d6b..1574b2d6cb 100644
+--- a/gdb/testsuite/gdb.base/sigall.c
++++ b/gdb/testsuite/gdb.base/sigall.c
+@@ -1,6 +1,9 @@
+ #include <signal.h>
+ #include <unistd.h>
+
++#ifdef __sh__
++#define signal(a,b) /* Signals not supported on this target - make them go away */
++#endif
+
+ /* Signal handlers, we set breakpoints in them to make sure that the
+ signals really get delivered. */
+diff --git a/gdb/testsuite/gdb.base/signals.c b/gdb/testsuite/gdb.base/signals.c
+index 756606880f..1205a9bc9c 100644
+--- a/gdb/testsuite/gdb.base/signals.c
++++ b/gdb/testsuite/gdb.base/signals.c
+@@ -3,6 +3,10 @@
+ #include <signal.h>
+ #include <unistd.h>
+
++#ifdef __sh__
++#define signal(a,b) /* Signals not supported on this target - make them go away */
++#define alarm(a) /* Ditto for alarm() */
++#endif
+
+ static int count = 0;
+
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0005-Dont-disable-libreadline.a-when-using-disable-static.patch b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0005-Dont-disable-libreadline.a-when-using-disable-static.patch
new file mode 100644
index 0000000..d0360da
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0005-Dont-disable-libreadline.a-when-using-disable-static.patch
@@ -0,0 +1,47 @@
+From d132f21d89157e980574da7d0c949f6dd17df8c3 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 30 Apr 2016 15:25:03 -0700
+Subject: [PATCH] Dont disable libreadline.a when using --disable-static
+
+If gdb is configured with --disable-static then this is dutifully passed to
+readline which then disables libreadline.a, which causes a problem when gdb
+tries to link against that.
+
+To ensure that readline always builds static libraries, pass --enable-static to
+the sub-configure.
+
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ Makefile.def | 3 ++-
+ Makefile.in | 2 +-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.def b/Makefile.def
+index 311feb9de3..24c0685d48 100644
+--- a/Makefile.def
++++ b/Makefile.def
+@@ -105,7 +105,8 @@ host_modules= { module= libiconv;
+ missing= install-html;
+ missing= install-info; };
+ host_modules= { module= m4; };
+-host_modules= { module= readline; };
++host_modules= { module= readline;
++ extra_configure_flags='--enable-static';};
+ host_modules= { module= sid; };
+ host_modules= { module= sim; };
+ host_modules= { module= texinfo; no_install= true; };
+diff --git a/Makefile.in b/Makefile.in
+index 1aabf6ede4..d957efde81 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -25510,7 +25510,7 @@ configure-readline:
+ $$s/$$module_srcdir/configure \
+ --srcdir=$${topdir}/$$module_srcdir \
+ $(HOST_CONFIGARGS) --build=${build_alias} --host=${host_alias} \
+- --target=${target_alias} \
++ --target=${target_alias} --enable-static \
+ || exit 1
+ @endif readline
+
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0006-use-asm-sgidefs.h.patch b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0006-use-asm-sgidefs.h.patch
new file mode 100644
index 0000000..d222d01
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0006-use-asm-sgidefs.h.patch
@@ -0,0 +1,33 @@
+From 329e5bf29e934ba99622372a9660865864bb0298 Mon Sep 17 00:00:00 2001
+From: Andre McCurdy <amccurdy@gmail.com>
+Date: Sat, 30 Apr 2016 15:29:06 -0700
+Subject: [PATCH] use <asm/sgidefs.h>
+
+Build fix for MIPS with musl libc
+
+The MIPS specific header <sgidefs.h> is provided by glibc and uclibc
+but not by musl. Regardless of the libc, the kernel headers provide
+<asm/sgidefs.h> which provides the same definitions, so use that
+instead.
+
+Upstream-Status: Pending
+
+Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ gdb/mips-linux-nat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdb/mips-linux-nat.c b/gdb/mips-linux-nat.c
+index 7f575b3363..dc93a64a93 100644
+--- a/gdb/mips-linux-nat.c
++++ b/gdb/mips-linux-nat.c
+@@ -31,7 +31,7 @@
+ #include "gdb_proc_service.h"
+ #include "gregset.h"
+
+-#include <sgidefs.h>
++#include <asm/sgidefs.h>
+ #include "nat/gdb_ptrace.h"
+ #include <asm/ptrace.h>
+ #include "inf-ptrace.h"
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0007-Use-exorted-definitions-of-SIGRTMIN.patch b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0007-Use-exorted-definitions-of-SIGRTMIN.patch
new file mode 100644
index 0000000..0989661
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0007-Use-exorted-definitions-of-SIGRTMIN.patch
@@ -0,0 +1,47 @@
+From 782bb2ab9b104dad4bbaed1d9ac769ce7e5b9f4d Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 30 Apr 2016 15:31:40 -0700
+Subject: [PATCH] Use exorted definitions of SIGRTMIN
+
+Define W_STOPCODE if not defined already
+
+__SIGRTMIN is internal to glibc and other libcs e.g. musl
+may not provide them
+
+Fixes
+https://sourceware.org/bugzilla/show_bug.cgi?id=13012
+
+Upstream-Status: Submitted
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ gdb/linux-nat.c | 4 ++--
+ gdb/nat/linux-nat.h | 4 ++++
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/gdb/linux-nat.c b/gdb/linux-nat.c
+index 4484fa5c87..3bb0ee7a49 100644
+--- a/gdb/linux-nat.c
++++ b/gdb/linux-nat.c
+@@ -4588,6 +4588,6 @@ lin_thread_get_thread_signals (sigset_t *set)
+ /* NPTL reserves the first two RT signals, but does not provide any
+ way for the debugger to query the signal numbers - fortunately
+ they don't change. */
+- sigaddset (set, __SIGRTMIN);
+- sigaddset (set, __SIGRTMIN + 1);
++ sigaddset (set, SIGRTMIN);
++ sigaddset (set, SIGRTMIN + 1);
+ }
+diff --git a/gdb/nat/linux-nat.h b/gdb/nat/linux-nat.h
+index 44dcbb7758..975d7276f6 100644
+--- a/gdb/nat/linux-nat.h
++++ b/gdb/nat/linux-nat.h
+@@ -91,4 +91,8 @@ extern void linux_stop_lwp (struct lwp_info *lwp);
+
+ extern int lwp_is_stepping (struct lwp_info *lwp);
+
++#ifndef W_STOPCODE
++#define W_STOPCODE(sig) ((sig) << 8 | 0x7f)
++#endif
++
+ #endif /* NAT_LINUX_NAT_H */
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0008-Change-order-of-CFLAGS.patch b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0008-Change-order-of-CFLAGS.patch
new file mode 100644
index 0000000..18168c6
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0008-Change-order-of-CFLAGS.patch
@@ -0,0 +1,27 @@
+From 40c9c174590ce6fdc873b453285249fe957f376d Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 30 Apr 2016 15:35:39 -0700
+Subject: [PATCH] Change order of CFLAGS
+
+Lets us override Werror if need be
+
+Upstream-Status: Inappropriate
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ gdb/gdbserver/Makefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdb/gdbserver/Makefile.in b/gdb/gdbserver/Makefile.in
+index 16a9f2fd38..b9c8cd9c41 100644
+--- a/gdb/gdbserver/Makefile.in
++++ b/gdb/gdbserver/Makefile.in
+@@ -146,7 +146,7 @@ PTHREAD_LIBS = @PTHREAD_LIBS@
+ INTERNAL_CFLAGS_BASE = ${CXXFLAGS} ${GLOBAL_CFLAGS} \
+ ${PROFILE_CFLAGS} ${INCLUDE_CFLAGS} ${CPPFLAGS} $(PTHREAD_CFLAGS)
+ INTERNAL_WARN_CFLAGS = ${INTERNAL_CFLAGS_BASE} $(WARN_CFLAGS)
+-INTERNAL_CFLAGS = ${INTERNAL_WARN_CFLAGS} $(WERROR_CFLAGS) -DGDBSERVER
++INTERNAL_CFLAGS = ${INTERNAL_WARN_CFLAGS} $(WERROR_CFLAGS) ${COMPILER_CFLAGS} -DGDBSERVER
+
+ # LDFLAGS is specifically reserved for setting from the command line
+ # when running make.
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0009-resolve-restrict-keyword-conflict.patch b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0009-resolve-restrict-keyword-conflict.patch
new file mode 100644
index 0000000..8f15c49
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0009-resolve-restrict-keyword-conflict.patch
@@ -0,0 +1,45 @@
+From 5b69a98f6bb7363a1f79f29bac2b25b7df6d2fdd Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 10 May 2016 08:47:05 -0700
+Subject: [PATCH] resolve restrict keyword conflict
+
+GCC detects that we call 'restrict' as param name in function
+signatures and complains since both params are called 'restrict'
+therefore we use __restrict to denote the C99 keywork
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ gnulib/import/sys_time.in.h | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/gnulib/import/sys_time.in.h b/gnulib/import/sys_time.in.h
+index d535a6a48b..7c34d5a1aa 100644
+--- a/gnulib/import/sys_time.in.h
++++ b/gnulib/import/sys_time.in.h
+@@ -93,20 +93,20 @@ struct timeval
+ # define gettimeofday rpl_gettimeofday
+ # endif
+ _GL_FUNCDECL_RPL (gettimeofday, int,
+- (struct timeval *restrict, void *restrict)
++ (struct timeval *__restrict, void *__restrict)
+ _GL_ARG_NONNULL ((1)));
+ _GL_CXXALIAS_RPL (gettimeofday, int,
+- (struct timeval *restrict, void *restrict));
++ (struct timeval *__restrict, void *__restrict));
+ # else
+ # if !@HAVE_GETTIMEOFDAY@
+ _GL_FUNCDECL_SYS (gettimeofday, int,
+- (struct timeval *restrict, void *restrict)
++ (struct timeval *__restrict, void *__restrict)
+ _GL_ARG_NONNULL ((1)));
+ # endif
+ /* Need to cast, because on glibc systems, by default, the second argument is
+ struct timezone *. */
+ _GL_CXXALIAS_SYS_CAST (gettimeofday, int,
+- (struct timeval *restrict, void *restrict));
++ (struct timeval *__restrict, void *__restrict));
+ # endif
+ _GL_CXXALIASWARN (gettimeofday);
+ # if defined __cplusplus && defined GNULIB_NAMESPACE
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0010-Fix-invalid-sigprocmask-call.patch b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0010-Fix-invalid-sigprocmask-call.patch
new file mode 100644
index 0000000..5209c00
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0010-Fix-invalid-sigprocmask-call.patch
@@ -0,0 +1,46 @@
+From bc1f01ff5e524f7777083024bce348a9b0017a7a Mon Sep 17 00:00:00 2001
+From: Yousong Zhou <yszhou4tech@gmail.com>
+Date: Fri, 24 Mar 2017 10:36:03 +0800
+Subject: [PATCH] Fix invalid sigprocmask call
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The POSIX document says
+
+ The pthread_sigmask() and sigprocmask() functions shall fail if:
+
+ [EINVAL]
+ The value of the how argument is not equal to one of the defined values.
+
+and this is how musl-libc is currently doing. Fix the call to be safe
+and correct
+
+ [1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/pthread_sigmask.html
+
+gdb/ChangeLog:
+2017-03-24 Yousong Zhou <yszhou4tech@gmail.com>
+
+ * common/signals-state-save-restore.c (save_original_signals_state):
+ Fix invalid sigprocmask call.
+
+Upstream-Status: Pending [not author, cherry-picked from LEDE https://bugs.lede-project.org/index.php?do=details&task_id=637&openedfrom=-1%2Bweek]
+Signed-off-by: André Draszik <adraszik@tycoint.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ gdb/gdbsupport/signals-state-save-restore.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdb/gdbsupport/signals-state-save-restore.c b/gdb/gdbsupport/signals-state-save-restore.c
+index c292d498da..af9dcaeb08 100644
+--- a/gdb/gdbsupport/signals-state-save-restore.c
++++ b/gdb/gdbsupport/signals-state-save-restore.c
+@@ -38,7 +38,7 @@ save_original_signals_state (bool quiet)
+ int i;
+ int res;
+
+- res = gdb_sigmask (0, NULL, &original_signal_mask);
++ res = gdb_sigmask (SIG_BLOCK, NULL, &original_signal_mask);
+ if (res == -1)
+ perror_with_name (("sigprocmask"));
+
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0011-gdbserver-ctrl-c-handling.patch b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0011-gdbserver-ctrl-c-handling.patch
new file mode 100644
index 0000000..eedd94c
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb/0011-gdbserver-ctrl-c-handling.patch
@@ -0,0 +1,39 @@
+From 3d6700d38153a0ec8e0800de703a5089a8cd3d2d Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 29 Nov 2018 18:00:23 -0800
+Subject: [PATCH] gdbserver ctrl-c handling
+
+This problem was created by the upstream commit 78708b7c8c
+After applying the commit, it will send SIGINT to the process
+group(-signal_pid).
+But if we use gdbserver send SIGINT, and the attached process is not a
+process
+group leader, then the "kill (-signal_pid, SIGINT)" returns error and
+fails to
+interrupt the attached process.
+
+Upstream-Status: Submitted
+[https://sourceware.org/bugzilla/show_bug.cgi?id=18945]
+
+Author: Josh Gao
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ gdb/gdbserver/linux-low.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/gdb/gdbserver/linux-low.c b/gdb/gdbserver/linux-low.c
+index 4255795ea6..762f8bafb6 100644
+--- a/gdb/gdbserver/linux-low.c
++++ b/gdb/gdbserver/linux-low.c
+@@ -5904,9 +5904,7 @@ linux_look_up_symbols (void)
+ static void
+ linux_request_interrupt (void)
+ {
+- /* Send a SIGINT to the process group. This acts just like the user
+- typed a ^C on the controlling terminal. */
+- kill (-signal_pid, SIGINT);
++ kill (signal_pid, SIGINT);
+ }
+
+ /* Copy LEN bytes from inferior's auxiliary vector starting at OFFSET
diff --git a/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb_9.2.bb b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb_9.2.bb
new file mode 100644
index 0000000..d70757a
--- /dev/null
+++ b/meta-xilinx/meta-microblaze/recipes-devtools/gdb/gdb_9.2.bb
@@ -0,0 +1,28 @@
+require gdb.inc
+require gdb-${PV}.inc
+
+inherit python3-dir
+
+EXTRA_OEMAKE_append_libc-musl = "\
+ gt_cv_func_gnugettext1_libc=yes \
+ gt_cv_func_gnugettext2_libc=yes \
+ gl_cv_func_working_strerror=yes \
+ gl_cv_func_strerror_0_works=yes \
+ gl_cv_func_gettimeofday_clobber=no \
+ "
+
+do_configure_prepend() {
+ if [ "${@bb.utils.filter('PACKAGECONFIG', 'python', d)}" ]; then
+ cat > ${WORKDIR}/python << EOF
+#!/bin/sh
+case "\$2" in
+ --includes) echo "-I${STAGING_INCDIR}/${PYTHON_DIR}${PYTHON_ABI}/" ;;
+ --ldflags) echo "-Wl,-rpath-link,${STAGING_LIBDIR}/.. -Wl,-rpath,${libdir}/.. -lpthread -ldl -lutil -lm -lpython${PYTHON_BASEVERSION}${PYTHON_ABI}" ;;
+ --exec-prefix) echo "${exec_prefix}" ;;
+ *) exit 1 ;;
+esac
+exit 0
+EOF
+ chmod +x ${WORKDIR}/python
+ fi
+}
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu-native.inc b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu-native.inc
new file mode 100644
index 0000000..aa5c9b9
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu-native.inc
@@ -0,0 +1,11 @@
+inherit native
+
+require qemu.inc
+
+EXTRA_OEMAKE_append = " LD='${LD}' AR='${AR}' OBJCOPY='${OBJCOPY}' LDFLAGS='${LDFLAGS}'"
+
+LDFLAGS_append = " -fuse-ld=bfd"
+
+do_install_append() {
+ ${@bb.utils.contains('PACKAGECONFIG', 'gtk+', 'make_qemu_wrapper', '', d)}
+}
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu-targets.inc b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu-targets.inc
new file mode 100644
index 0000000..24f9a03
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu-targets.inc
@@ -0,0 +1,28 @@
+# possible arch values are:
+# aarch64 arm armeb alpha cris i386 x86_64 m68k microblaze
+# mips mipsel mips64 mips64el ppc ppc64 ppc64abi32 ppcemb
+# riscv32 riscv64 sparc sparc32 sparc32plus
+
+def get_qemu_target_list(d):
+ import bb
+ archs = d.getVar('QEMU_TARGETS').split()
+ tos = d.getVar('HOST_OS')
+ softmmuonly = ""
+ for arch in ['ppcemb', 'lm32']:
+ if arch in archs:
+ softmmuonly += arch + "-softmmu,"
+ archs.remove(arch)
+ linuxuseronly = ""
+ for arch in ['armeb', 'alpha', 'ppc64abi32', 'ppc64le', 'sparc32plus', 'aarch64_be']:
+ if arch in archs:
+ linuxuseronly += arch + "-linux-user,"
+ archs.remove(arch)
+ if 'linux' not in tos:
+ return softmmuonly + ''.join([arch + "-softmmu" + "," for arch in archs]).rstrip(',')
+ return softmmuonly + linuxuseronly + ''.join([arch + "-linux-user" + "," + arch + "-softmmu" + "," for arch in archs]).rstrip(',')
+
+def get_qemu_usermode_target_list(d):
+ return ",".join(filter(lambda i: "-linux-user" in i, get_qemu_target_list(d).split(',')))
+
+def get_qemu_system_target_list(d):
+ return ",".join(filter(lambda i: "-linux-user" not in i, get_qemu_target_list(d).split(',')))
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx-native.inc b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx-native.inc
index a1dc5d6..d8f06c7 100644
--- a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx-native.inc
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx-native.inc
@@ -1,4 +1,4 @@
-require recipes-devtools/qemu/qemu-native.inc
+require qemu-native.inc
require qemu-xilinx.inc
DEPENDS = "glib-2.0-native zlib-native"
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx_2020.2.bb b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx_2020.2.bb
index 09f431e..fd1904a 100644
--- a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx_2020.2.bb
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu-xilinx_2020.2.bb
@@ -1,4 +1,4 @@
-require recipes-devtools/qemu/qemu.inc
+require qemu.inc
require qemu-xilinx.inc
BBCLASSEXTEND = "nativesdk"
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu.inc b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu.inc
new file mode 100644
index 0000000..4864d7e
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu.inc
@@ -0,0 +1,197 @@
+SUMMARY = "Fast open source processor emulator"
+DESCRIPTION = "QEMU is a hosted virtual machine monitor: it emulates the \
+machine's processor through dynamic binary translation and provides a set \
+of different hardware and device models for the machine, enabling it to run \
+a variety of guest operating systems"
+HOMEPAGE = "http://qemu.org"
+LICENSE = "GPLv2 & LGPLv2.1"
+
+RDEPENDS_${PN}-ptest = "bash make"
+
+require qemu-targets.inc
+inherit pkgconfig ptest
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=441c28d2cf86e15a37fa47e15a72fbac \
+ file://COPYING.LIB;endline=24;md5=8c5efda6cf1e1b03dcfd0e6c0d271c7f"
+
+SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
+ file://powerpc_rom.bin \
+ file://run-ptest \
+ file://0001-qemu-Add-missing-wacom-HID-descriptor.patch \
+ file://0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch \
+ file://0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch \
+ file://0004-qemu-disable-Valgrind.patch \
+ file://0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch \
+ file://0006-chardev-connect-socket-to-a-spawned-command.patch \
+ file://0007-apic-fixup-fallthrough-to-PIC.patch \
+ file://0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
+ file://0009-Fix-webkitgtk-builds.patch \
+ file://0010-configure-Add-pkg-config-handling-for-libgcrypt.patch \
+ file://0001-Add-enable-disable-udev.patch \
+ file://0001-qemu-Do-not-include-file-if-not-exists.patch \
+ file://find_datadir.patch \
+ file://usb-fix-setup_len-init.patch \
+ file://0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch \
+ file://CVE-2020-24352.patch \
+ file://CVE-2020-29129-CVE-2020-29130.patch \
+ file://CVE-2020-25624.patch \
+ file://CVE-2020-25723.patch \
+ file://CVE-2020-28916.patch \
+ "
+UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
+
+SRC_URI[sha256sum] = "c9174eb5933d9eb5e61f541cd6d1184cd3118dfe4c5c4955bc1bdc4d390fa4e5"
+
+COMPATIBLE_HOST_mipsarchn32 = "null"
+COMPATIBLE_HOST_mipsarchn64 = "null"
+
+# Per https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg03873.html
+# upstream states qemu doesn't work without optimization
+DEBUG_BUILD = "0"
+
+do_install_append() {
+ # Prevent QA warnings about installed ${localstatedir}/run
+ if [ -d ${D}${localstatedir}/run ]; then rmdir ${D}${localstatedir}/run; fi
+}
+
+do_compile_ptest() {
+ make buildtest-TESTS
+}
+
+do_install_ptest() {
+ cp -rL ${B}/tests ${D}${PTEST_PATH}
+ find ${D}${PTEST_PATH}/tests -type f -name "*.[Sshcod]" | xargs -i rm -rf {}
+
+ cp ${S}/tests/Makefile.include ${D}${PTEST_PATH}/tests
+ # Don't check the file genreated by configure
+ sed -i -e '/wildcard config-host.mak/d' \
+ -e '$ {/endif/d}' ${D}${PTEST_PATH}/tests/Makefile.include
+ sed -i -e 's,${HOSTTOOLS_DIR}/python3,${bindir}/python3,' \
+ ${D}/${PTEST_PATH}/tests/qemu-iotests/common.env
+ sed -i -e "1s,#!/usr/bin/bash,#!${base_bindir}/bash," ${D}${PTEST_PATH}/tests/data/acpi/disassemle-aml.sh
+}
+
+# QEMU_TARGETS is overridable variable
+QEMU_TARGETS ?= "arm aarch64 i386 mips mipsel mips64 mips64el ppc ppc64 ppc64le riscv32 riscv64 sh4 x86_64"
+
+EXTRA_OECONF = " \
+ --prefix=${prefix} \
+ --bindir=${bindir} \
+ --includedir=${includedir} \
+ --libdir=${libdir} \
+ --mandir=${mandir} \
+ --datadir=${datadir} \
+ --docdir=${docdir}/${BPN} \
+ --sysconfdir=${sysconfdir} \
+ --libexecdir=${libexecdir} \
+ --localstatedir=${localstatedir} \
+ --with-confsuffix=/${BPN} \
+ --disable-strip \
+ --disable-werror \
+ --extra-cflags='${CFLAGS}' \
+ --extra-ldflags='${LDFLAGS}' \
+ --with-git=/bin/false \
+ --disable-git-update \
+ ${PACKAGECONFIG_CONFARGS} \
+ "
+
+export LIBTOOL="${HOST_SYS}-libtool"
+
+B = "${WORKDIR}/build"
+
+EXTRA_OECONF_append = " --python=${HOSTTOOLS_DIR}/python3"
+
+do_configure_prepend_class-native() {
+ # Append build host pkg-config paths for native target since the host may provide sdl
+ BHOST_PKGCONFIG_PATH=$(PATH=/usr/bin:/bin pkg-config --variable pc_path pkg-config || echo "")
+ if [ ! -z "$BHOST_PKGCONFIG_PATH" ]; then
+ export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:$BHOST_PKGCONFIG_PATH
+ fi
+}
+
+do_configure() {
+ ${S}/configure ${EXTRA_OECONF}
+}
+do_configure[cleandirs] += "${B}"
+
+do_install () {
+ export STRIP=""
+ oe_runmake 'DESTDIR=${D}' install
+}
+
+# The following fragment will create a wrapper for qemu-mips user emulation
+# binary in order to work around a segmentation fault issue. Basically, by
+# default, the reserved virtual address space for 32-on-64 bit is set to 4GB.
+# This will trigger a MMU access fault in the virtual CPU. With this change,
+# the qemu-mips works fine.
+# IMPORTANT: This piece needs to be removed once the root cause is fixed!
+do_install_append() {
+ if [ -e "${D}/${bindir}/qemu-mips" ]; then
+ create_wrapper ${D}/${bindir}/qemu-mips \
+ QEMU_RESERVED_VA=0x0
+ fi
+}
+# END of qemu-mips workaround
+
+make_qemu_wrapper() {
+ gdk_pixbuf_module_file=`pkg-config --variable=gdk_pixbuf_cache_file gdk-pixbuf-2.0`
+
+ for tool in `ls ${D}${bindir}/qemu-system-*`; do
+ create_wrapper $tool \
+ GDK_PIXBUF_MODULE_FILE=$gdk_pixbuf_module_file \
+ FONTCONFIG_PATH=/etc/fonts \
+ GTK_THEME=Adwaita
+ done
+}
+
+# Disable kvm/virgl/mesa on targets that do not support it
+PACKAGECONFIG_remove_darwin = "kvm virglrenderer glx gtk+"
+PACKAGECONFIG_remove_mingw32 = "kvm virglrenderer glx gtk+"
+
+PACKAGECONFIG[sdl] = "--enable-sdl,--disable-sdl,libsdl2"
+PACKAGECONFIG[virtfs] = "--enable-virtfs --enable-attr --enable-cap-ng,--disable-virtfs,libcap-ng attr,"
+PACKAGECONFIG[aio] = "--enable-linux-aio,--disable-linux-aio,libaio,"
+PACKAGECONFIG[xfs] = "--enable-xfsctl,--disable-xfsctl,xfsprogs,"
+PACKAGECONFIG[xen] = "--enable-xen,--disable-xen,xen-tools,xen-tools-libxenstore xen-tools-libxenctrl xen-tools-libxenguest"
+PACKAGECONFIG[vnc-sasl] = "--enable-vnc --enable-vnc-sasl,--disable-vnc-sasl,cyrus-sasl,"
+PACKAGECONFIG[vnc-jpeg] = "--enable-vnc --enable-vnc-jpeg,--disable-vnc-jpeg,jpeg,"
+PACKAGECONFIG[vnc-png] = "--enable-vnc --enable-vnc-png,--disable-vnc-png,libpng,"
+PACKAGECONFIG[libcurl] = "--enable-curl,--disable-curl,curl,"
+PACKAGECONFIG[nss] = "--enable-smartcard,--disable-smartcard,nss,"
+PACKAGECONFIG[curses] = "--enable-curses,--disable-curses,ncurses,"
+PACKAGECONFIG[gtk+] = "--enable-gtk,--disable-gtk,gtk+3 gettext-native"
+PACKAGECONFIG[vte] = "--enable-vte,--disable-vte,vte gettext-native"
+PACKAGECONFIG[libcap-ng] = "--enable-cap-ng,--disable-cap-ng,libcap-ng,"
+PACKAGECONFIG[ssh] = "--enable-libssh,--disable-libssh,libssh,"
+PACKAGECONFIG[gcrypt] = "--enable-gcrypt,--disable-gcrypt,libgcrypt,"
+PACKAGECONFIG[nettle] = "--enable-nettle,--disable-nettle,nettle"
+PACKAGECONFIG[libusb] = "--enable-libusb,--disable-libusb,libusb1"
+PACKAGECONFIG[fdt] = "--enable-fdt,--disable-fdt,dtc"
+PACKAGECONFIG[alsa] = "--audio-drv-list='oss alsa',,alsa-lib"
+PACKAGECONFIG[glx] = "--enable-opengl,--disable-opengl,virtual/libgl"
+PACKAGECONFIG[lzo] = "--enable-lzo,--disable-lzo,lzo"
+PACKAGECONFIG[numa] = "--enable-numa,--disable-numa,numactl"
+PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls"
+PACKAGECONFIG[bzip2] = "--enable-bzip2,--disable-bzip2,bzip2"
+PACKAGECONFIG[libiscsi] = "--enable-libiscsi,--disable-libiscsi"
+PACKAGECONFIG[kvm] = "--enable-kvm,--disable-kvm"
+PACKAGECONFIG[virglrenderer] = "--enable-virglrenderer,--disable-virglrenderer,virglrenderer"
+# spice will be in meta-networking layer
+PACKAGECONFIG[spice] = "--enable-spice,--disable-spice,spice"
+# usbredir will be in meta-networking layer
+PACKAGECONFIG[usb-redir] = "--enable-usb-redir,--disable-usb-redir,usbredir"
+PACKAGECONFIG[snappy] = "--enable-snappy,--disable-snappy,snappy"
+PACKAGECONFIG[glusterfs] = "--enable-glusterfs,--disable-glusterfs,glusterfs"
+PACKAGECONFIG[xkbcommon] = "--enable-xkbcommon,--disable-xkbcommon,libxkbcommon"
+PACKAGECONFIG[libudev] = "--enable-libudev,--disable-libudev,eudev"
+PACKAGECONFIG[libxml2] = "--enable-libxml2,--disable-libxml2,libxml2"
+PACKAGECONFIG[attr] = "--enable-attr,--disable-attr,attr,"
+PACKAGECONFIG[rbd] = "--enable-rbd,--disable-rbd,ceph,ceph"
+PACKAGECONFIG[vhost] = "--enable-vhost-net,--disable-vhost-net,,"
+PACKAGECONFIG[ust] = "--enable-trace-backend=ust,--enable-trace-backend=nop,lttng-ust,"
+PACKAGECONFIG[pie] = "--enable-pie,--disable-pie,,"
+PACKAGECONFIG[seccomp] = "--enable-seccomp,--disable-seccomp,libseccomp"
+
+INSANE_SKIP_${PN} = "arch"
+
+FILES_${PN} += "${datadir}/icons"
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch
new file mode 100644
index 0000000..1304ee3
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-Add-enable-disable-udev.patch
@@ -0,0 +1,29 @@
+From b921e5204030845dc7c9d16d5f66d965e8d05367 Mon Sep 17 00:00:00 2001
+From: Jeremy Puhlman <jpuhlman@mvista.com>
+Date: Thu, 19 Mar 2020 11:54:26 -0700
+Subject: [PATCH] Add enable/disable libudev
+
+Upstream-Status: Pending
+Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
+
+[update patch context]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ configure | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+Index: qemu-5.1.0/configure
+===================================================================
+--- qemu-5.1.0.orig/configure
++++ qemu-5.1.0/configure
+@@ -1640,6 +1640,10 @@ for opt do
+ ;;
+ --disable-libdaxctl) libdaxctl=no
+ ;;
++ --enable-libudev) libudev="yes"
++ ;;
++ --disable-libudev) libudev="no"
++ ;;
+ *)
+ echo "ERROR: unknown option $opt"
+ echo "Try '$0 --help' for more information"
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
new file mode 100644
index 0000000..46c9da0
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-qemu-Add-missing-wacom-HID-descriptor.patch
@@ -0,0 +1,141 @@
+From 883feb43129dc39b491e492c7ccfe89aefe53c44 Mon Sep 17 00:00:00 2001
+From: Richard Purdie <richard.purdie@linuxfoundation.org>
+Date: Thu, 27 Nov 2014 14:04:29 +0000
+Subject: [PATCH] qemu: Add missing wacom HID descriptor
+
+The USB wacom device is missing a HID descriptor which causes it
+to fail to operate with recent kernels (e.g. 3.17).
+
+This patch adds a HID desriptor to the device, based upon one from
+real wcom device.
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Upstream-Status: Submitted
+2014/11/27
+
+[update patch context]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ hw/usb/dev-wacom.c | 94 +++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 93 insertions(+), 1 deletion(-)
+
+Index: qemu-5.1.0/hw/usb/dev-wacom.c
+===================================================================
+--- qemu-5.1.0.orig/hw/usb/dev-wacom.c
++++ qemu-5.1.0/hw/usb/dev-wacom.c
+@@ -74,6 +74,89 @@ static const USBDescStrings desc_strings
+ [STR_SERIALNUMBER] = "1",
+ };
+
++static const uint8_t qemu_tablet_hid_report_descriptor[] = {
++ 0x05, 0x01, /* Usage Page (Generic Desktop) */
++ 0x09, 0x02, /* Usage (Mouse) */
++ 0xa1, 0x01, /* Collection (Application) */
++ 0x85, 0x01, /* Report ID (1) */
++ 0x09, 0x01, /* Usage (Pointer) */
++ 0xa1, 0x00, /* Collection (Physical) */
++ 0x05, 0x09, /* Usage Page (Button) */
++ 0x19, 0x01, /* Usage Minimum (1) */
++ 0x29, 0x05, /* Usage Maximum (5) */
++ 0x15, 0x00, /* Logical Minimum (0) */
++ 0x25, 0x01, /* Logical Maximum (1) */
++ 0x95, 0x05, /* Report Count (5) */
++ 0x75, 0x01, /* Report Size (1) */
++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
++ 0x95, 0x01, /* Report Count (1) */
++ 0x75, 0x03, /* Report Size (3) */
++ 0x81, 0x01, /* Input (Constant) */
++ 0x05, 0x01, /* Usage Page (Generic Desktop) */
++ 0x09, 0x30, /* Usage (X) */
++ 0x09, 0x31, /* Usage (Y) */
++ 0x15, 0x81, /* Logical Minimum (-127) */
++ 0x25, 0x7f, /* Logical Maximum (127) */
++ 0x75, 0x08, /* Report Size (8) */
++ 0x95, 0x02, /* Report Count (2) */
++ 0x81, 0x06, /* Input (Data, Variable, Relative) */
++ 0xc0, /* End Collection */
++ 0xc0, /* End Collection */
++ 0x05, 0x0d, /* Usage Page (Digitizer) */
++ 0x09, 0x01, /* Usage (Digitizer) */
++ 0xa1, 0x01, /* Collection (Application) */
++ 0x85, 0x02, /* Report ID (2) */
++ 0xa1, 0x00, /* Collection (Physical) */
++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */
++ 0x09, 0x01, /* Usage (Digitizer) */
++ 0x15, 0x00, /* Logical Minimum (0) */
++ 0x26, 0xff, 0x00, /* Logical Maximum (255) */
++ 0x75, 0x08, /* Report Size (8) */
++ 0x95, 0x08, /* Report Count (8) */
++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
++ 0xc0, /* End Collection */
++ 0x09, 0x01, /* Usage (Digitizer) */
++ 0x85, 0x02, /* Report ID (2) */
++ 0x95, 0x01, /* Report Count (1) */
++ 0xb1, 0x02, /* FEATURE (2) */
++ 0xc0, /* End Collection */
++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */
++ 0x09, 0x01, /* Usage (Digitizer) */
++ 0xa1, 0x01, /* Collection (Application) */
++ 0x85, 0x02, /* Report ID (2) */
++ 0x05, 0x0d, /* Usage Page (Digitizer) */
++ 0x09, 0x22, /* Usage (Finger) */
++ 0xa1, 0x00, /* Collection (Physical) */
++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */
++ 0x09, 0x01, /* Usage (Digitizer) */
++ 0x15, 0x00, /* Logical Minimum (0) */
++ 0x26, 0xff, 0x00, /* Logical Maximum */
++ 0x75, 0x08, /* Report Size (8) */
++ 0x95, 0x02, /* Report Count (2) */
++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
++ 0x05, 0x01, /* Usage Page (Generic Desktop) */
++ 0x09, 0x30, /* Usage (X) */
++ 0x35, 0x00, /* Physical Minimum */
++ 0x46, 0xe0, 0x2e, /* Physical Maximum */
++ 0x26, 0xe0, 0x01, /* Logical Maximum */
++ 0x75, 0x10, /* Report Size (16) */
++ 0x95, 0x01, /* Report Count (1) */
++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
++ 0x09, 0x31, /* Usage (Y) */
++ 0x46, 0x40, 0x1f, /* Physical Maximum */
++ 0x26, 0x40, 0x01, /* Logical Maximum */
++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
++ 0x06, 0x00, 0xff, /* Usage Page (Vendor 0xff00) */
++ 0x09, 0x01, /* Usage (Digitizer) */
++ 0x26, 0xff, 0x00, /* Logical Maximum */
++ 0x75, 0x08, /* Report Size (8) */
++ 0x95, 0x0d, /* Report Count (13) */
++ 0x81, 0x02, /* Input (Data, Variable, Absolute) */
++ 0xc0, /* End Collection */
++ 0xc0, /* End Collection */
++};
++
++
+ static const USBDescIface desc_iface_wacom = {
+ .bInterfaceNumber = 0,
+ .bNumEndpoints = 1,
+@@ -91,7 +174,7 @@ static const USBDescIface desc_iface_wac
+ 0x00, /* u8 country_code */
+ 0x01, /* u8 num_descriptors */
+ 0x22, /* u8 type: Report */
+- 0x6e, 0, /* u16 len */
++ sizeof(qemu_tablet_hid_report_descriptor), 0, /* u16 len */
+ },
+ },
+ },
+@@ -271,6 +354,15 @@ static void usb_wacom_handle_control(USB
+ }
+
+ switch (request) {
++ case InterfaceRequest | USB_REQ_GET_DESCRIPTOR:
++ switch (value >> 8) {
++ case 0x22:
++ memcpy(data, qemu_tablet_hid_report_descriptor,
++ sizeof(qemu_tablet_hid_report_descriptor));
++ p->actual_length = sizeof(qemu_tablet_hid_report_descriptor);
++ break;
++ }
++ break;
+ case WACOM_SET_REPORT:
+ if (s->mouse_grabbed) {
+ qemu_remove_mouse_event_handler(s->eh_entry);
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch
new file mode 100644
index 0000000..d6c0f9e
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-qemu-Do-not-include-file-if-not-exists.patch
@@ -0,0 +1,31 @@
+From 34247f83095f8cdcdc1f9d7f0c6ffbd46b25d979 Mon Sep 17 00:00:00 2001
+From: Oleksiy Obitotskyy <oobitots@cisco.com>
+Date: Wed, 25 Mar 2020 21:21:35 +0200
+Subject: [PATCH] qemu: Do not include file if not exists
+
+Script configure checks for if_alg.h and check failed but
+if_alg.h still included.
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2020-03/msg07188.html]
+Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com>
+
+[update patch context]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ linux-user/syscall.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+Index: qemu-5.1.0/linux-user/syscall.c
+===================================================================
+--- qemu-5.1.0.orig/linux-user/syscall.c
++++ qemu-5.1.0/linux-user/syscall.c
+@@ -109,7 +109,9 @@
+ #include <linux/blkpg.h>
+ #include <netpacket/packet.h>
+ #include <linux/netlink.h>
++#if defined(CONFIG_AF_ALG)
+ #include <linux/if_alg.h>
++#endif
+ #include <linux/rtc.h>
+ #include <sound/asound.h>
+ #ifdef HAVE_DRM_H
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch
new file mode 100644
index 0000000..5227b7c
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0001-target-mips-Increase-number-of-TLB-entries-on-the-34.patch
@@ -0,0 +1,59 @@
+From 68fa519a6cb455005317bd61f95214b58b2f1e69 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
+Date: Fri, 16 Oct 2020 15:20:37 +0200
+Subject: [PATCH] target/mips: Increase number of TLB entries on the 34Kf core
+ (16 -> 64)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Per "MIPS32 34K Processor Core Family Software User's Manual,
+Revision 01.13" page 8 in "Joint TLB (JTLB)" section:
+
+ "The JTLB is a fully associative TLB cache containing 16, 32,
+ or 64-dual-entries mapping up to 128 virtual pages to their
+ corresponding physical addresses."
+
+There is no particular reason to restrict the 34Kf core model to
+16 TLB entries, so raise its config to 64.
+
+This is helpful for other projects, in particular the Yocto Project:
+
+ Yocto Project uses qemu-system-mips 34Kf cpu model, to run 32bit
+ MIPS CI loop. It was observed that in this case CI test execution
+ time was almost twice longer than 64bit MIPS variant that runs
+ under MIPS64R2-generic model. It was investigated and concluded
+ that the difference in number of TLBs 16 in 34Kf case vs 64 in
+ MIPS64R2-generic is responsible for most of CI real time execution
+ difference. Because with 16 TLBs linux user-land trashes TLB more
+ and it needs to execute more instructions in TLB refill handler
+ calls, as result it runs much longer.
+
+(https://lists.gnu.org/archive/html/qemu-devel/2020-10/msg03428.html)
+
+Buglink: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13992
+Reported-by: Victor Kamensky <kamensky@cisco.com>
+Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Message-Id: <20201016133317.553068-1-f4bug@amsat.org>
+
+Upstream-Status: Backport [https://github.com/qemu/qemu/commit/68fa519a6cb455005317bd61f95214b58b2f1e69]
+Signed-off-by: Victor Kamensky <kamensky@cisco.com>
+
+---
+ target/mips/translate_init.c.inc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: qemu-5.1.0/target/mips/translate_init.inc.c
+===================================================================
+--- qemu-5.1.0.orig/target/mips/translate_init.inc.c
++++ qemu-5.1.0/target/mips/translate_init.inc.c
+@@ -254,7 +254,7 @@ const mips_def_t mips_defs[] =
+ .CP0_PRid = 0x00019500,
+ .CP0_Config0 = MIPS_CONFIG0 | (0x1 << CP0C0_AR) |
+ (MMU_TYPE_R4000 << CP0C0_MT),
+- .CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (15 << CP0C1_MMU) |
++ .CP0_Config1 = MIPS_CONFIG1 | (1 << CP0C1_FP) | (63 << CP0C1_MMU) |
+ (0 << CP0C1_IS) | (3 << CP0C1_IL) | (1 << CP0C1_IA) |
+ (0 << CP0C1_DS) | (3 << CP0C1_DL) | (1 << CP0C1_DA) |
+ (1 << CP0C1_CA),
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
new file mode 100644
index 0000000..f379948
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0002-Add-subpackage-ptest-which-runs-all-unit-test-cases-.patch
@@ -0,0 +1,35 @@
+From 5da6cef7761157a003e7ebde74fb3cf90ab396d9 Mon Sep 17 00:00:00 2001
+From: Juro Bystricky <juro.bystricky@intel.com>
+Date: Thu, 31 Aug 2017 11:06:56 -0700
+Subject: [PATCH] Add subpackage -ptest which runs all unit test cases for
+ qemu.
+
+Upstream-Status: Pending
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
+
+[update patch context]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ tests/Makefile.include | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+Index: qemu-5.1.0/tests/Makefile.include
+===================================================================
+--- qemu-5.1.0.orig/tests/Makefile.include
++++ qemu-5.1.0/tests/Makefile.include
+@@ -982,4 +982,12 @@ all: $(QEMU_IOTESTS_HELPERS-y)
+ -include $(wildcard tests/qtest/*.d)
+ -include $(wildcard tests/qtest/libqos/*.d)
+
++buildtest-TESTS: $(check-unit-y)
++
++runtest-TESTS:
++ for f in $(check-unit-y); do \
++ nf=$$(echo $$f | sed 's/tests\//\.\//g'); \
++ $$nf; \
++ done
++
+ endif
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
new file mode 100644
index 0000000..33cef42
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0003-qemu-Add-addition-environment-space-to-boot-loader-q.patch
@@ -0,0 +1,33 @@
+From ce1eceab2350d27960ec254650717085f6a11c9a Mon Sep 17 00:00:00 2001
+From: Jason Wessel <jason.wessel@windriver.com>
+Date: Fri, 28 Mar 2014 17:42:43 +0800
+Subject: [PATCH] qemu: Add addition environment space to boot loader
+ qemu-system-mips
+
+Upstream-Status: Inappropriate - OE uses deep paths
+
+If you create a project with very long directory names like 128 characters
+deep and use NFS, the kernel arguments will be truncated. The kernel will
+accept longer strings such as 1024 bytes, but the qemu boot loader defaulted
+to only 256 bytes. This patch expands the limit.
+
+Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+
+---
+ hw/mips/malta.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: qemu-5.1.0/hw/mips/malta.c
+===================================================================
+--- qemu-5.1.0.orig/hw/mips/malta.c
++++ qemu-5.1.0/hw/mips/malta.c
+@@ -59,7 +59,7 @@
+
+ #define ENVP_ADDR 0x80002000l
+ #define ENVP_NB_ENTRIES 16
+-#define ENVP_ENTRY_SIZE 256
++#define ENVP_ENTRY_SIZE 1024
+
+ /* Hardware addresses */
+ #define FLASH_ADDRESS 0x1e000000ULL
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
new file mode 100644
index 0000000..71f537f
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0004-qemu-disable-Valgrind.patch
@@ -0,0 +1,34 @@
+From 4127296bb1046cdf73994ba69dc913d8c02fd74f Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Tue, 20 Oct 2015 22:19:08 +0100
+Subject: [PATCH] qemu: disable Valgrind
+
+There isn't an option to enable or disable valgrind support, so disable it to avoid non-deterministic builds.
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+---
+ configure | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+Index: qemu-5.1.0/configure
+===================================================================
+--- qemu-5.1.0.orig/configure
++++ qemu-5.1.0/configure
+@@ -5751,15 +5751,6 @@ fi
+ # check if we have valgrind/valgrind.h
+
+ valgrind_h=no
+-cat > $TMPC << EOF
+-#include <valgrind/valgrind.h>
+-int main(void) {
+- return 0;
+-}
+-EOF
+-if compile_prog "" "" ; then
+- valgrind_h=yes
+-fi
+
+ ########################################
+ # check if environ is declared
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
new file mode 100644
index 0000000..02ebbee
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0005-qemu-native-set-ld.bfd-fix-cflags-and-set-some-envir.patch
@@ -0,0 +1,28 @@
+From 230fe5804099bdca0c9e4cae7280c9fc513cb7f5 Mon Sep 17 00:00:00 2001
+From: Stephen Arnold <sarnold@vctlabs.com>
+Date: Sun, 12 Jun 2016 18:09:56 -0700
+Subject: [PATCH] qemu-native: set ld.bfd, fix cflags, and set some environment
+
+Upstream-Status: Pending
+
+[update patch context]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ configure | 4 ----
+ 1 file changed, 4 deletions(-)
+
+Index: qemu-5.1.0/configure
+===================================================================
+--- qemu-5.1.0.orig/configure
++++ qemu-5.1.0/configure
+@@ -6515,10 +6515,6 @@ write_c_skeleton
+ if test "$gcov" = "yes" ; then
+ QEMU_CFLAGS="-fprofile-arcs -ftest-coverage -g $QEMU_CFLAGS"
+ QEMU_LDFLAGS="-fprofile-arcs -ftest-coverage $QEMU_LDFLAGS"
+-elif test "$fortify_source" = "yes" ; then
+- CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
+-elif test "$debug" = "no"; then
+- CFLAGS="-O2 $CFLAGS"
+ fi
+
+ if test "$have_asan" = "yes"; then
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch
new file mode 100644
index 0000000..98fd5e9
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0006-chardev-connect-socket-to-a-spawned-command.patch
@@ -0,0 +1,241 @@
+From bcc63f775e265df69963a4ad7805b8678ace68f0 Mon Sep 17 00:00:00 2001
+From: Alistair Francis <alistair.francis@xilinx.com>
+Date: Thu, 21 Dec 2017 11:35:16 -0800
+Subject: [PATCH] chardev: connect socket to a spawned command
+
+The command is started in a shell (sh -c) with stdin connect to QEMU
+via a Unix domain stream socket. QEMU then exchanges data via its own
+end of the socket, just like it normally does.
+
+"-chardev socket" supports some ways of connecting via protocols like
+telnet, but that is only a subset of the functionality supported by
+tools socat. To use socat instead, for example to connect via a socks
+proxy, use:
+
+ -chardev 'socket,id=socat,cmd=exec socat FD:0 SOCKS4A:socks-proxy.localdomain:example.com:9999,,socksuser=nobody' \
+ -device usb-serial,chardev=socat
+
+Beware that commas in the command must be escaped as double commas.
+
+Or interactively in the console:
+ (qemu) chardev-add socket,id=cat,cmd=cat
+ (qemu) device_add usb-serial,chardev=cat
+ ^ac
+ # cat >/dev/ttyUSB0
+ hello
+ hello
+
+Another usage is starting swtpm from inside QEMU. swtpm will
+automatically shut down once it looses the connection to the parent
+QEMU, so there is no risk of lingering processes:
+
+ -chardev 'socket,id=chrtpm0,cmd=exec swtpm socket --terminate --ctrl type=unixio,,clientfd=0 --tpmstate dir=... --log file=swtpm.log' \
+ -tpmdev emulator,id=tpm0,chardev=chrtpm0 \
+ -device tpm-tis,tpmdev=tpm0
+
+The patch was discussed upstream, but QEMU developers believe that the
+code calling QEMU should be responsible for managing additional
+processes. In OE-core, that would imply enhancing runqemu and
+oeqa. This patch is a simpler solution.
+
+Because it is not going upstream, the patch was written so that it is
+as simple as possible.
+
+Upstream-Status: Inappropriate [embedded specific]
+
+Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
+
+---
+ chardev/char-socket.c | 101 ++++++++++++++++++++++++++++++++++++++++++
+ chardev/char.c | 3 ++
+ qapi/char.json | 5 +++
+ 3 files changed, 109 insertions(+)
+
+Index: qemu-5.1.0/chardev/char-socket.c
+===================================================================
+--- qemu-5.1.0.orig/chardev/char-socket.c
++++ qemu-5.1.0/chardev/char-socket.c
+@@ -1292,6 +1292,67 @@ static bool qmp_chardev_validate_socket(
+ return true;
+ }
+
++#ifndef _WIN32
++static void chardev_open_socket_cmd(Chardev *chr,
++ const char *cmd,
++ Error **errp)
++{
++ int fds[2] = { -1, -1 };
++ QIOChannelSocket *sioc = NULL;
++ pid_t pid = -1;
++ const char *argv[] = { "/bin/sh", "-c", cmd, NULL };
++
++ /*
++ * We need a Unix domain socket for commands like swtpm and a single
++ * connection, therefore we cannot use qio_channel_command_new_spawn()
++ * without patching it first. Duplicating the functionality is easier.
++ */
++ if (socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0, fds)) {
++ error_setg_errno(errp, errno, "Error creating socketpair(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC)");
++ goto error;
++ }
++
++ pid = qemu_fork(errp);
++ if (pid < 0) {
++ goto error;
++ }
++
++ if (!pid) {
++ /* child */
++ dup2(fds[1], STDIN_FILENO);
++ execv(argv[0], (char * const *)argv);
++ _exit(1);
++ }
++
++ /*
++ * Hand over our end of the socket pair to the qio channel.
++ *
++ * We don't reap the child because it is expected to keep
++ * running. We also don't support the "reconnect" option for the
++ * same reason.
++ */
++ sioc = qio_channel_socket_new_fd(fds[0], errp);
++ if (!sioc) {
++ goto error;
++ }
++ fds[0] = -1;
++
++ g_free(chr->filename);
++ chr->filename = g_strdup_printf("cmd:%s", cmd);
++ tcp_chr_new_client(chr, sioc);
++
++ error:
++ if (fds[0] >= 0) {
++ close(fds[0]);
++ }
++ if (fds[1] >= 0) {
++ close(fds[1]);
++ }
++ if (sioc) {
++ object_unref(OBJECT(sioc));
++ }
++}
++#endif
+
+ static void qmp_chardev_open_socket(Chardev *chr,
+ ChardevBackend *backend,
+@@ -1300,6 +1361,9 @@ static void qmp_chardev_open_socket(Char
+ {
+ SocketChardev *s = SOCKET_CHARDEV(chr);
+ ChardevSocket *sock = backend->u.socket.data;
++#ifndef _WIN32
++ const char *cmd = sock->cmd;
++#endif
+ bool do_nodelay = sock->has_nodelay ? sock->nodelay : false;
+ bool is_listen = sock->has_server ? sock->server : true;
+ bool is_telnet = sock->has_telnet ? sock->telnet : false;
+@@ -1365,6 +1429,14 @@ static void qmp_chardev_open_socket(Char
+
+ update_disconnected_filename(s);
+
++#ifndef _WIN32
++ if (cmd) {
++ chardev_open_socket_cmd(chr, cmd, errp);
++
++ /* everything ready (or failed permanently) before we return */
++ *be_opened = true;
++ } else
++#endif
+ if (s->is_listen) {
+ if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270,
+ is_waitconnect, errp) < 0) {
+@@ -1384,11 +1456,27 @@ static void qemu_chr_parse_socket(QemuOp
+ const char *host = qemu_opt_get(opts, "host");
+ const char *port = qemu_opt_get(opts, "port");
+ const char *fd = qemu_opt_get(opts, "fd");
++#ifndef _WIN32
++ const char *cmd = qemu_opt_get(opts, "cmd");
++#endif
+ bool tight = qemu_opt_get_bool(opts, "tight", true);
+ bool abstract = qemu_opt_get_bool(opts, "abstract", false);
+ SocketAddressLegacy *addr;
+ ChardevSocket *sock;
+
++#ifndef _WIN32
++ if (cmd) {
++ /*
++ * Here we have to ensure that no options are set which are incompatible with
++ * spawning a command, otherwise unmodified code that doesn't know about
++ * command spawning (like socket_reconnect_timeout()) might get called.
++ */
++ if (path || sock->server || sock->has_telnet || sock->has_tn3270 || sock->reconnect || host || port || sock->tls_creds) {
++ error_setg(errp, "chardev: socket: cmd does not support any additional options");
++ return;
++ }
++ } else
++#endif
+ if ((!!path + !!fd + !!host) != 1) {
+ error_setg(errp,
+ "Exactly one of 'path', 'fd' or 'host' required");
+@@ -1431,12 +1519,24 @@ static void qemu_chr_parse_socket(QemuOp
+ sock->has_tls_authz = qemu_opt_get(opts, "tls-authz");
+ sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz"));
+
+- addr = g_new0(SocketAddressLegacy, 1);
++#ifndef _WIN32
++ sock->cmd = g_strdup(cmd);
++#endif
++
++ addr = g_new0(SocketAddressLegacy, 1);
++#ifndef _WIN32
++ if (path || cmd) {
++#else
+ if (path) {
++#endif
+ UnixSocketAddress *q_unix;
+ addr->type = SOCKET_ADDRESS_LEGACY_KIND_UNIX;
+ q_unix = addr->u.q_unix.data = g_new0(UnixSocketAddress, 1);
++#ifndef _WIN32
++ q_unix->path = cmd ? g_strdup_printf("cmd:%s", cmd) : g_strdup(path);
++#else
+ q_unix->path = g_strdup(path);
++#endif
+ q_unix->tight = tight;
+ q_unix->abstract = abstract;
+ } else if (host) {
+Index: qemu-5.1.0/chardev/char.c
+===================================================================
+--- qemu-5.1.0.orig/chardev/char.c
++++ qemu-5.1.0/chardev/char.c
+@@ -826,6 +826,9 @@ QemuOptsList qemu_chardev_opts = {
+ .name = "path",
+ .type = QEMU_OPT_STRING,
+ },{
++ .name = "cmd",
++ .type = QEMU_OPT_STRING,
++ },{
+ .name = "host",
+ .type = QEMU_OPT_STRING,
+ },{
+Index: qemu-5.1.0/qapi/char.json
+===================================================================
+--- qemu-5.1.0.orig/qapi/char.json
++++ qemu-5.1.0/qapi/char.json
+@@ -250,6 +250,10 @@
+ #
+ # @addr: socket address to listen on (server=true)
+ # or connect to (server=false)
++# @cmd: command to run via "sh -c" with stdin as one end of
++# a AF_UNIX SOCK_DSTREAM socket pair. The other end
++# is used by the chardev. Either an addr or a cmd can
++# be specified, but not both.
+ # @tls-creds: the ID of the TLS credentials object (since 2.6)
+ # @tls-authz: the ID of the QAuthZ authorization object against which
+ # the client's x509 distinguished name will be validated. This
+@@ -276,6 +280,7 @@
+ ##
+ { 'struct': 'ChardevSocket',
+ 'data': { 'addr': 'SocketAddressLegacy',
++ '*cmd': 'str',
+ '*tls-creds': 'str',
+ '*tls-authz' : 'str',
+ '*server': 'bool',
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch
new file mode 100644
index 0000000..034ac57
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0007-apic-fixup-fallthrough-to-PIC.patch
@@ -0,0 +1,44 @@
+From a59a98d100123030a4145e7efe3b8a001920a9f1 Mon Sep 17 00:00:00 2001
+From: Mark Asselstine <mark.asselstine@windriver.com>
+Date: Tue, 26 Feb 2013 11:43:28 -0500
+Subject: [PATCH] apic: fixup fallthrough to PIC
+
+Commit 0e21e12bb311c4c1095d0269dc2ef81196ccb60a [Don't route PIC
+interrupts through the local APIC if the local APIC config says so.]
+missed a check to ensure the local APIC is enabled. Since if the local
+APIC is disabled it doesn't matter what the local APIC config says.
+
+If this check isn't done and the guest has disabled the local APIC the
+guest will receive a general protection fault, similar to what is seen
+here:
+
+https://lists.gnu.org/archive/html/qemu-devel/2012-12/msg02304.html
+
+The GPF is caused by an attempt to service interrupt 0xffffffff. This
+comes about since cpu_get_pic_interrupt() calls apic_accept_pic_intr()
+(with the local APIC disabled apic_get_interrupt() returns -1).
+apic_accept_pic_intr() returns 0 and thus the interrupt number which
+is returned from cpu_get_pic_interrupt(), and which is attempted to be
+serviced, is -1.
+
+Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg00878.html]
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+
+---
+ hw/intc/apic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: qemu-5.1.0/hw/intc/apic.c
+===================================================================
+--- qemu-5.1.0.orig/hw/intc/apic.c
++++ qemu-5.1.0/hw/intc/apic.c
+@@ -603,7 +603,7 @@ int apic_accept_pic_intr(DeviceState *de
+ APICCommonState *s = APIC(dev);
+ uint32_t lvt0;
+
+- if (!s)
++ if (!s || !(s->spurious_vec & APIC_SV_ENABLE))
+ return -1;
+
+ lvt0 = s->lvt[APIC_LVT_LINT0];
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
new file mode 100644
index 0000000..d20f04e
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch
@@ -0,0 +1,33 @@
+From cf8c9aac5243f506a1a3e8e284414f311cde04f5 Mon Sep 17 00:00:00 2001
+From: Alistair Francis <alistair.francis@xilinx.com>
+Date: Wed, 17 Jan 2018 10:51:49 -0800
+Subject: [PATCH] linux-user: Fix webkitgtk hangs on 32-bit x86 target
+
+Since commit "linux-user: Tidy and enforce reserved_va initialization"
+(18e80c55bb6ec17c05ec0ba717ec83933c2bfc07) the Yocto webkitgtk build
+hangs when cross compiling for 32-bit x86 on a 64-bit x86 machine using
+musl.
+
+To fix the issue reduce the MAX_RESERVED_VA macro to be a closer match
+to what it was before the problematic commit.
+
+Upstream-Status: Submitted http://lists.gnu.org/archive/html/qemu-devel/2018-01/msg04185.html
+Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
+
+---
+ linux-user/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: qemu-5.1.0/linux-user/main.c
+===================================================================
+--- qemu-5.1.0.orig/linux-user/main.c
++++ qemu-5.1.0/linux-user/main.c
+@@ -92,7 +92,7 @@ static int last_log_mask;
+ (TARGET_LONG_BITS == 32 || defined(TARGET_ABI32))
+ /* There are a number of places where we assign reserved_va to a variable
+ of type abi_ulong and expect it to fit. Avoid the last page. */
+-# define MAX_RESERVED_VA(CPU) (0xfffffffful & TARGET_PAGE_MASK)
++# define MAX_RESERVED_VA(CPU) (0x7ffffffful & TARGET_PAGE_MASK)
+ # else
+ # define MAX_RESERVED_VA(CPU) (1ul << TARGET_VIRT_ADDR_SPACE_BITS)
+ # endif
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch
new file mode 100644
index 0000000..f2a4498
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0009-Fix-webkitgtk-builds.patch
@@ -0,0 +1,137 @@
+From 815c97ba0de02da9dace3fcfcbdf9b20e029f0d7 Mon Sep 17 00:00:00 2001
+From: Martin Jansa <martin.jansa@lge.com>
+Date: Fri, 1 Jun 2018 08:41:07 +0000
+Subject: [PATCH] Fix webkitgtk builds
+
+This is a partial revert of "linux-user: fix mmap/munmap/mprotect/mremap/shmat".
+
+This patch fixes qemu-i386 hangs during gobject-introspection in webkitgtk build
+when musl is used on qemux86. This is the same issue that
+0008-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch was
+fixing in the 2.11 release.
+
+This patch also fixes a build failure when building webkitgtk for
+qemumips. A QEMU assert is seen while building webkitgtk:
+page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
+
+This reverts commit ebf9a3630c911d0cfc9c20f7cafe9ba4f88cf583.
+
+Upstream-Status: Pending
+Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
+
+[update patch context]
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ include/exec/cpu-all.h | 6 +-----
+ include/exec/cpu_ldst.h | 5 ++++-
+ linux-user/mmap.c | 17 ++++-------------
+ linux-user/syscall.c | 5 +----
+ 4 files changed, 10 insertions(+), 23 deletions(-)
+
+Index: qemu-5.1.0/include/exec/cpu-all.h
+===================================================================
+--- qemu-5.1.0.orig/include/exec/cpu-all.h
++++ qemu-5.1.0/include/exec/cpu-all.h
+@@ -176,11 +176,8 @@ extern unsigned long reserved_va;
+ * avoid setting bits at the top of guest addresses that might need
+ * to be used for tags.
+ */
+-#define GUEST_ADDR_MAX_ \
+- ((MIN_CONST(TARGET_VIRT_ADDR_SPACE_BITS, TARGET_ABI_BITS) <= 32) ? \
+- UINT32_MAX : ~0ul)
+-#define GUEST_ADDR_MAX (reserved_va ? reserved_va - 1 : GUEST_ADDR_MAX_)
+-
++#define GUEST_ADDR_MAX (reserved_va ? reserved_va : \
++ (1ul << TARGET_VIRT_ADDR_SPACE_BITS) - 1)
+ #else
+
+ #include "exec/hwaddr.h"
+Index: qemu-5.1.0/include/exec/cpu_ldst.h
+===================================================================
+--- qemu-5.1.0.orig/include/exec/cpu_ldst.h
++++ qemu-5.1.0/include/exec/cpu_ldst.h
+@@ -75,7 +75,10 @@ typedef uint64_t abi_ptr;
+ #if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS
+ #define guest_addr_valid(x) (1)
+ #else
+-#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX)
++#define guest_addr_valid(x) ({ \
++ ((x) < (1ul << TARGET_VIRT_ADDR_SPACE_BITS)) && \
++ (!reserved_va || ((x) < reserved_va)); \
++})
+ #endif
+ #define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base)
+
+Index: qemu-5.1.0/linux-user/mmap.c
+===================================================================
+--- qemu-5.1.0.orig/linux-user/mmap.c
++++ qemu-5.1.0/linux-user/mmap.c
+@@ -71,7 +71,7 @@ int target_mprotect(abi_ulong start, abi
+ return -TARGET_EINVAL;
+ len = TARGET_PAGE_ALIGN(len);
+ end = start + len;
+- if (!guest_range_valid(start, len)) {
++ if (end < start) {
+ return -TARGET_ENOMEM;
+ }
+ prot &= PROT_READ | PROT_WRITE | PROT_EXEC;
+@@ -467,8 +467,8 @@ abi_long target_mmap(abi_ulong start, ab
+ * It can fail only on 64-bit host with 32-bit target.
+ * On any other target/host host mmap() handles this error correctly.
+ */
+- if (end < start || !guest_range_valid(start, len)) {
+- errno = ENOMEM;
++ if (end < start || ((unsigned long)start + len - 1 > (abi_ulong) -1)) {
++ errno = EINVAL;
+ goto fail;
+ }
+
+@@ -604,10 +604,8 @@ int target_munmap(abi_ulong start, abi_u
+ if (start & ~TARGET_PAGE_MASK)
+ return -TARGET_EINVAL;
+ len = TARGET_PAGE_ALIGN(len);
+- if (len == 0 || !guest_range_valid(start, len)) {
++ if (len == 0)
+ return -TARGET_EINVAL;
+- }
+-
+ mmap_lock();
+ end = start + len;
+ real_start = start & qemu_host_page_mask;
+@@ -662,13 +660,6 @@ abi_long target_mremap(abi_ulong old_add
+ int prot;
+ void *host_addr;
+
+- if (!guest_range_valid(old_addr, old_size) ||
+- ((flags & MREMAP_FIXED) &&
+- !guest_range_valid(new_addr, new_size))) {
+- errno = ENOMEM;
+- return -1;
+- }
+-
+ mmap_lock();
+
+ if (flags & MREMAP_FIXED) {
+Index: qemu-5.1.0/linux-user/syscall.c
+===================================================================
+--- qemu-5.1.0.orig/linux-user/syscall.c
++++ qemu-5.1.0/linux-user/syscall.c
+@@ -4336,9 +4336,6 @@ static inline abi_ulong do_shmat(CPUArch
+ return -TARGET_EINVAL;
+ }
+ }
+- if (!guest_range_valid(shmaddr, shm_info.shm_segsz)) {
+- return -TARGET_EINVAL;
+- }
+
+ mmap_lock();
+
+@@ -7376,7 +7373,7 @@ static int open_self_maps(void *cpu_env,
+ const char *path;
+
+ max = h2g_valid(max - 1) ?
+- max : (uintptr_t) g2h(GUEST_ADDR_MAX) + 1;
++ max : (uintptr_t) g2h(GUEST_ADDR_MAX);
+
+ if (page_check_range(h2g(min), max - min, flags) == -1) {
+ continue;
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch
new file mode 100644
index 0000000..d7e3fff
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/0010-configure-Add-pkg-config-handling-for-libgcrypt.patch
@@ -0,0 +1,91 @@
+From c207607cdf3996ad9783c3bffbcd3d65e74c0158 Mon Sep 17 00:00:00 2001
+From: He Zhe <zhe.he@windriver.com>
+Date: Wed, 28 Aug 2019 19:56:28 +0800
+Subject: [PATCH] configure: Add pkg-config handling for libgcrypt
+
+libgcrypt may also be controlled by pkg-config, this patch adds pkg-config
+handling for libgcrypt.
+
+Upstream-Status: Denied [https://lists.nongnu.org/archive/html/qemu-devel/2019-08/msg06333.html]
+
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+
+---
+ configure | 48 ++++++++++++++++++++++++++++++++++++++++--------
+ 1 file changed, 40 insertions(+), 8 deletions(-)
+
+Index: qemu-5.1.0/configure
+===================================================================
+--- qemu-5.1.0.orig/configure
++++ qemu-5.1.0/configure
+@@ -3084,6 +3084,30 @@ has_libgcrypt() {
+ return 0
+ }
+
++has_libgcrypt_pkgconfig() {
++ if ! has $pkg_config ; then
++ return 1
++ fi
++
++ if ! $pkg_config --list-all | grep libgcrypt > /dev/null 2>&1 ; then
++ return 1
++ fi
++
++ if test -n "$cross_prefix" ; then
++ host=$($pkg_config --variable=host libgcrypt)
++ if test "${host%-gnu}-" != "${cross_prefix%-gnu}" ; then
++ print_error "host($host) does not match cross_prefix($cross_prefix)"
++ return 1
++ fi
++ fi
++
++ if ! $pkg_config --atleast-version=1.5.0 libgcrypt ; then
++ print_error "libgcrypt version is $($pkg_config --modversion libgcrypt)"
++ return 1
++ fi
++
++ return 0
++}
+
+ if test "$nettle" != "no"; then
+ pass="no"
+@@ -3124,7 +3148,14 @@ fi
+
+ if test "$gcrypt" != "no"; then
+ pass="no"
+- if has_libgcrypt; then
++ if has_libgcrypt_pkgconfig; then
++ gcrypt_cflags=$($pkg_config --cflags libgcrypt)
++ if test "$static" = "yes" ; then
++ gcrypt_libs=$($pkg_config --libs --static libgcrypt)
++ else
++ gcrypt_libs=$($pkg_config --libs libgcrypt)
++ fi
++ elif has_libgcrypt; then
+ gcrypt_cflags=$(libgcrypt-config --cflags)
+ gcrypt_libs=$(libgcrypt-config --libs)
+ # Debian has removed -lgpg-error from libgcrypt-config
+@@ -3134,15 +3165,16 @@ if test "$gcrypt" != "no"; then
+ then
+ gcrypt_libs="$gcrypt_libs -lgpg-error"
+ fi
++ fi
+
+- # Link test to make sure the given libraries work (e.g for static).
+- write_c_skeleton
+- if compile_prog "" "$gcrypt_libs" ; then
+- LIBS="$gcrypt_libs $LIBS"
+- QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags"
+- pass="yes"
+- fi
++ # Link test to make sure the given libraries work (e.g for static).
++ write_c_skeleton
++ if compile_prog "" "$gcrypt_libs" ; then
++ LIBS="$gcrypt_libs $LIBS"
++ QEMU_CFLAGS="$QEMU_CFLAGS $gcrypt_cflags"
++ pass="yes"
+ fi
++
+ if test "$pass" = "yes"; then
+ gcrypt="yes"
+ cat > $TMPC << EOF
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-24352.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-24352.patch
new file mode 100644
index 0000000..861ff6c
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-24352.patch
@@ -0,0 +1,52 @@
+From ca1f9cbfdce4d63b10d57de80fef89a89d92a540 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 21 Oct 2020 16:08:18 +0530
+Subject: [PATCH 1/1] ati: check x y display parameter values
+
+The source and destination x,y display parameters in ati_2d_blt()
+may run off the vga limits if either of s->regs.[src|dst]_[xy] is
+zero. Check the parameter values to avoid potential crash.
+
+Reported-by: Gaoning Pan <pgn@zju.edu.cn>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 20201021103818.1704030-1-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Upstream-Status: Backport [ https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ca1f9cbfdce4d63b10d57de80fef89a89d92a540;hp=2ddafce7f797082ad216657c830afd4546f16e37 ]
+CVE: CVE-2020-24352
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ hw/display/ati_2d.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c
+index 23a8ae0..4dc10ea 100644
+--- a/hw/display/ati_2d.c
++++ b/hw/display/ati_2d.c
+@@ -75,8 +75,9 @@ void ati_2d_blt(ATIVGAState *s)
+ dst_stride *= bpp;
+ }
+ uint8_t *end = s->vga.vram_ptr + s->vga.vram_size;
+- if (dst_bits >= end || dst_bits + dst_x + (dst_y + s->regs.dst_height) *
+- dst_stride >= end) {
++ if (dst_x > 0x3fff || dst_y > 0x3fff || dst_bits >= end
++ || dst_bits + dst_x
++ + (dst_y + s->regs.dst_height) * dst_stride >= end) {
+ qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n");
+ return;
+ }
+@@ -107,8 +108,9 @@ void ati_2d_blt(ATIVGAState *s)
+ src_bits += s->regs.crtc_offset & 0x07ffffff;
+ src_stride *= bpp;
+ }
+- if (src_bits >= end || src_bits + src_x +
+- (src_y + s->regs.dst_height) * src_stride >= end) {
++ if (src_x > 0x3fff || src_y > 0x3fff || src_bits >= end
++ || src_bits + src_x
++ + (src_y + s->regs.dst_height) * src_stride >= end) {
+ qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n");
+ return;
+ }
+--
+1.8.3.1
+
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-25624.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-25624.patch
new file mode 100644
index 0000000..7631bab
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-25624.patch
@@ -0,0 +1,101 @@
+From 1328fe0c32d5474604105b8105310e944976b058 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Tue, 15 Sep 2020 23:52:58 +0530
+Subject: [PATCH] hw: usb: hcd-ohci: check len and frame_number variables
+
+While servicing the OHCI transfer descriptors(TD), OHCI host
+controller derives variables 'start_addr', 'end_addr', 'len'
+etc. from values supplied by the host controller driver.
+Host controller driver may supply values such that using
+above variables leads to out-of-bounds access issues.
+Add checks to avoid them.
+
+AddressSanitizer: stack-buffer-overflow on address 0x7ffd53af76a0
+ READ of size 2 at 0x7ffd53af76a0 thread T0
+ #0 ohci_service_iso_td ../hw/usb/hcd-ohci.c:734
+ #1 ohci_service_ed_list ../hw/usb/hcd-ohci.c:1180
+ #2 ohci_process_lists ../hw/usb/hcd-ohci.c:1214
+ #3 ohci_frame_boundary ../hw/usb/hcd-ohci.c:1257
+ #4 timerlist_run_timers ../util/qemu-timer.c:572
+ #5 qemu_clock_run_timers ../util/qemu-timer.c:586
+ #6 qemu_clock_run_all_timers ../util/qemu-timer.c:672
+ #7 main_loop_wait ../util/main-loop.c:527
+ #8 qemu_main_loop ../softmmu/vl.c:1676
+ #9 main ../softmmu/main.c:50
+
+Reported-by: Gaoning Pan <pgn@zju.edu.cn>
+Reported-by: Yongkang Jia <j_kangel@163.com>
+Reported-by: Yi Ren <yunye.ry@alibaba-inc.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-id: 20200915182259.68522-2-ppandit@redhat.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-25624
+[https://git.qemu.org/?p=qemu.git;a=commit;h=1328fe0c32d5474604105b8105310e944976b058]
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ hw/usb/hcd-ohci.c | 24 ++++++++++++++++++++++--
+ 1 file changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
+index 1e6e85e..9dc5910 100644
+--- a/hw/usb/hcd-ohci.c
++++ b/hw/usb/hcd-ohci.c
+@@ -731,7 +731,11 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
+ }
+
+ start_offset = iso_td.offset[relative_frame_number];
+- next_offset = iso_td.offset[relative_frame_number + 1];
++ if (relative_frame_number < frame_count) {
++ next_offset = iso_td.offset[relative_frame_number + 1];
++ } else {
++ next_offset = iso_td.be;
++ }
+
+ if (!(OHCI_BM(start_offset, TD_PSW_CC) & 0xe) ||
+ ((relative_frame_number < frame_count) &&
+@@ -764,7 +768,12 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
+ }
+ } else {
+ /* Last packet in the ISO TD */
+- end_addr = iso_td.be;
++ end_addr = next_offset;
++ }
++
++ if (start_addr > end_addr) {
++ trace_usb_ohci_iso_td_bad_cc_overrun(start_addr, end_addr);
++ return 1;
+ }
+
+ if ((start_addr & OHCI_PAGE_MASK) != (end_addr & OHCI_PAGE_MASK)) {
+@@ -773,6 +782,9 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed,
+ } else {
+ len = end_addr - start_addr + 1;
+ }
++ if (len > sizeof(ohci->usb_buf)) {
++ len = sizeof(ohci->usb_buf);
++ }
+
+ if (len && dir != OHCI_TD_DIR_IN) {
+ if (ohci_copy_iso_td(ohci, start_addr, end_addr, ohci->usb_buf, len,
+@@ -975,8 +987,16 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed)
+ if ((td.cbp & 0xfffff000) != (td.be & 0xfffff000)) {
+ len = (td.be & 0xfff) + 0x1001 - (td.cbp & 0xfff);
+ } else {
++ if (td.cbp > td.be) {
++ trace_usb_ohci_iso_td_bad_cc_overrun(td.cbp, td.be);
++ ohci_die(ohci);
++ return 1;
++ }
+ len = (td.be - td.cbp) + 1;
+ }
++ if (len > sizeof(ohci->usb_buf)) {
++ len = sizeof(ohci->usb_buf);
++ }
+
+ pktlen = len;
+ if (len && dir != OHCI_TD_DIR_IN) {
+--
+2.17.1
+
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-25723.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-25723.patch
new file mode 100644
index 0000000..90b3a2f
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-25723.patch
@@ -0,0 +1,51 @@
+From 2fdb42d840400d58f2e706ecca82c142b97bcbd6 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@163.com>
+Date: Wed, 12 Aug 2020 09:17:27 -0700
+Subject: [PATCH] hw: ehci: check return value of 'usb_packet_map'
+
+If 'usb_packet_map' fails, we should stop to process the usb
+request.
+
+Signed-off-by: Li Qiang <liq3ea@163.com>
+Message-Id: <20200812161727.29412-1-liq3ea@163.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-25723
+[https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6]
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ hw/usb/hcd-ehci.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
+index 1495e8f..1fbb02a 100644
+--- a/hw/usb/hcd-ehci.c
++++ b/hw/usb/hcd-ehci.c
+@@ -1373,7 +1373,10 @@ static int ehci_execute(EHCIPacket *p, const char *action)
+ spd = (p->pid == USB_TOKEN_IN && NLPTR_TBIT(p->qtd.altnext) == 0);
+ usb_packet_setup(&p->packet, p->pid, ep, 0, p->qtdaddr, spd,
+ (p->qtd.token & QTD_TOKEN_IOC) != 0);
+- usb_packet_map(&p->packet, &p->sgl);
++ if (usb_packet_map(&p->packet, &p->sgl)) {
++ qemu_sglist_destroy(&p->sgl);
++ return -1;
++ }
+ p->async = EHCI_ASYNC_INITIALIZED;
+ }
+
+@@ -1452,7 +1455,10 @@ static int ehci_process_itd(EHCIState *ehci,
+ if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) {
+ usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false,
+ (itd->transact[i] & ITD_XACT_IOC) != 0);
+- usb_packet_map(&ehci->ipacket, &ehci->isgl);
++ if (usb_packet_map(&ehci->ipacket, &ehci->isgl)) {
++ qemu_sglist_destroy(&ehci->isgl);
++ return -1;
++ }
+ usb_handle_packet(dev, &ehci->ipacket);
+ usb_packet_unmap(&ehci->ipacket, &ehci->isgl);
+ } else {
+--
+2.17.1
+
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-28916.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-28916.patch
new file mode 100644
index 0000000..5212196
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-28916.patch
@@ -0,0 +1,49 @@
+From c2cb511634012344e3d0fe49a037a33b12d8a98a Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 11 Nov 2020 18:36:36 +0530
+Subject: [PATCH] hw/net/e1000e: advance desc_offset in case of null
+descriptor
+
+While receiving packets via e1000e_write_packet_to_guest() routine,
+'desc_offset' is advanced only when RX descriptor is processed. And
+RX descriptor is not processed if it has NULL buffer address.
+This may lead to an infinite loop condition. Increament 'desc_offset'
+to process next descriptor in the ring to avoid infinite loop.
+
+Reported-by: Cheol-woo Myung <330cjfdn@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-28916
+[https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a]
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ hw/net/e1000e_core.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c
+index bcd186c..d3e3cdc 100644
+--- a/hw/net/e1000e_core.c
++++ b/hw/net/e1000e_core.c
+@@ -1596,13 +1596,13 @@ e1000e_write_packet_to_guest(E1000ECore *core, struct NetRxPkt *pkt,
+ (const char *) &fcs_pad, e1000x_fcs_len(core->mac));
+ }
+ }
+- desc_offset += desc_size;
+- if (desc_offset >= total_size) {
+- is_last = true;
+- }
+ } else { /* as per intel docs; skip descriptors with null buf addr */
+ trace_e1000e_rx_null_descriptor();
+ }
++ desc_offset += desc_size;
++ if (desc_offset >= total_size) {
++ is_last = true;
++ }
+
+ e1000e_write_rx_descr(core, desc, is_last ? core->rx_pkt : NULL,
+ rss_info, do_ps ? ps_hdr_len : 0, &bastate.written);
+--
+2.17.1
+
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch
new file mode 100644
index 0000000..e5829f6
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/CVE-2020-29129-CVE-2020-29130.patch
@@ -0,0 +1,64 @@
+From 2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Thu, 26 Nov 2020 19:27:06 +0530
+Subject: [PATCH] slirp: check pkt_len before reading protocol header
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+While processing ARP/NCSI packets in 'arp_input' or 'ncsi_input'
+routines, ensure that pkt_len is large enough to accommodate the
+respective protocol headers, lest it should do an OOB access.
+Add check to avoid it.
+
+CVE-2020-29129 CVE-2020-29130
+ QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets
+ -> https://www.openwall.com/lists/oss-security/2020/11/27/1
+
+Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-Id: <20201126135706.273950-1-ppandit@redhat.com>
+Reviewed-by: Marc-Andrà Lureau <marcandre.lureau@redhat.com>
+
+Upstream-Status: Backport
+CVE: CVE-2020-29129 CVE-2020-29130
+[https://git.qemu.org/?p=libslirp.git;a=commit;h=2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f]
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ slirp/src/ncsi.c | 4 ++++
+ slirp/src/slirp.c | 4 ++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/slirp/src/ncsi.c b/slirp/src/ncsi.c
+index 3c1dfef..75dcc08 100644
+--- a/slirp/src/ncsi.c
++++ b/slirp/src/ncsi.c
+@@ -148,6 +148,10 @@ void ncsi_input(Slirp *slirp, const uint8_t *pkt, int pkt_len)
+ uint32_t checksum;
+ uint32_t *pchecksum;
+
++ if (pkt_len < ETH_HLEN + sizeof(struct ncsi_pkt_hdr)) {
++ return; /* packet too short */
++ }
++
+ memset(ncsi_reply, 0, sizeof(ncsi_reply));
+
+ memset(reh->h_dest, 0xff, ETH_ALEN);
+diff --git a/slirp/src/slirp.c b/slirp/src/slirp.c
+index dba7c98..9be58e2 100644
+--- a/slirp/src/slirp.c
++++ b/slirp/src/slirp.c
+@@ -756,6 +756,10 @@ static void arp_input(Slirp *slirp, const uint8_t *pkt, int pkt_len)
+ return;
+ }
+
++ if (pkt_len < ETH_HLEN + sizeof(struct slirp_arphdr)) {
++ return; /* packet too short */
++ }
++
+ ar_op = ntohs(ah->ar_op);
+ switch (ar_op) {
+ case ARPOP_REQUEST:
+--
+2.17.1
+
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/find_datadir.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/find_datadir.patch
new file mode 100644
index 0000000..9a4c112
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/find_datadir.patch
@@ -0,0 +1,39 @@
+qemu: search for datadir as in version 4.2
+
+os_find_datadir() was changed after the 4.2 release. We need to check for
+../share/qemu relative to the executable because that is where the runqemu
+configuration assumes it will be.
+
+Upstream-Status: Submitted [qemu-devel@nongnu.org]
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+
+Index: qemu-5.1.0/os-posix.c
+===================================================================
+--- qemu-5.1.0.orig/os-posix.c
++++ qemu-5.1.0/os-posix.c
+@@ -82,8 +82,9 @@ void os_setup_signal_handling(void)
+
+ /*
+ * Find a likely location for support files using the location of the binary.
++ * Typically, this would be "$bindir/../share/qemu".
+ * When running from the build tree this will be "$bindir/../pc-bios".
+- * Otherwise, this is CONFIG_QEMU_DATADIR.
++ * Otherwise, this is CONFIG_QEMU_DATADIR as constructed by configure.
+ *
+ * The caller must use g_free() to free the returned data when it is
+ * no longer required.
+@@ -96,6 +97,12 @@ char *os_find_datadir(void)
+ exec_dir = qemu_get_exec_dir();
+ g_return_val_if_fail(exec_dir != NULL, NULL);
+
++ dir = g_build_filename(exec_dir, "..", "share", "qemu", NULL);
++ if (g_file_test(dir, G_FILE_TEST_IS_DIR)) {
++ return g_steal_pointer(&dir);
++ }
++ g_free(dir); /* no autofree this time */
++
+ dir = g_build_filename(exec_dir, "..", "pc-bios", NULL);
+ if (g_file_test(dir, G_FILE_TEST_IS_DIR)) {
+ return g_steal_pointer(&dir);
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/powerpc_rom.bin b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/powerpc_rom.bin
new file mode 100644
index 0000000..c404429
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/powerpc_rom.bin
Binary files differ
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/run-ptest b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/run-ptest
new file mode 100644
index 0000000..b25a792
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/run-ptest
@@ -0,0 +1,10 @@
+#!/bin/sh
+#
+#This script is used to run qemu test suites
+#
+
+ptestdir=$(dirname "$(readlink -f "$0")")
+export SRC_PATH=$ptestdir
+
+cd $ptestdir/tests
+make -f Makefile.include -k runtest-TESTS | sed '/^ok /s/ok /PASS: /g'
diff --git a/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch
new file mode 100644
index 0000000..92801da
--- /dev/null
+++ b/meta-xilinx/meta-xilinx-bsp/recipes-devtools/qemu/qemu/usb-fix-setup_len-init.patch
@@ -0,0 +1,89 @@
+CVE: CVE-2020-14364
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From b946434f2659a182afc17e155be6791ebfb302eb Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 25 Aug 2020 07:36:36 +0200
+Subject: [PATCH] usb: fix setup_len init (CVE-2020-14364)
+
+Store calculated setup_len in a local variable, verify it, and only
+write it to the struct (USBDevice->setup_len) in case it passed the
+sanity checks.
+
+This prevents other code (do_token_{in,out} functions specifically)
+from working with invalid USBDevice->setup_len values and overrunning
+the USBDevice->setup_buf[] buffer.
+
+Fixes: CVE-2020-14364
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Tested-by: Gonglei <arei.gonglei@huawei.com>
+Reviewed-by: Li Qiang <liq3ea@gmail.com>
+Message-id: 20200825053636.29648-1-kraxel@redhat.com
+---
+ hw/usb/core.c | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/hw/usb/core.c b/hw/usb/core.c
+index 5abd128b6bc..5234dcc73fe 100644
+--- a/hw/usb/core.c
++++ b/hw/usb/core.c
+@@ -129,6 +129,7 @@ void usb_wakeup(USBEndpoint *ep, unsigned int stream)
+ static void do_token_setup(USBDevice *s, USBPacket *p)
+ {
+ int request, value, index;
++ unsigned int setup_len;
+
+ if (p->iov.size != 8) {
+ p->status = USB_RET_STALL;
+@@ -138,14 +139,15 @@ static void do_token_setup(USBDevice *s, USBPacket *p)
+ usb_packet_copy(p, s->setup_buf, p->iov.size);
+ s->setup_index = 0;
+ p->actual_length = 0;
+- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
+- if (s->setup_len > sizeof(s->data_buf)) {
++ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
++ if (setup_len > sizeof(s->data_buf)) {
+ fprintf(stderr,
+ "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n",
+- s->setup_len, sizeof(s->data_buf));
++ setup_len, sizeof(s->data_buf));
+ p->status = USB_RET_STALL;
+ return;
+ }
++ s->setup_len = setup_len;
+
+ request = (s->setup_buf[0] << 8) | s->setup_buf[1];
+ value = (s->setup_buf[3] << 8) | s->setup_buf[2];
+@@ -259,26 +261,28 @@ static void do_token_out(USBDevice *s, USBPacket *p)
+ static void do_parameter(USBDevice *s, USBPacket *p)
+ {
+ int i, request, value, index;
++ unsigned int setup_len;
+
+ for (i = 0; i < 8; i++) {
+ s->setup_buf[i] = p->parameter >> (i*8);
+ }
+
+ s->setup_state = SETUP_STATE_PARAM;
+- s->setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
+ s->setup_index = 0;
+
+ request = (s->setup_buf[0] << 8) | s->setup_buf[1];
+ value = (s->setup_buf[3] << 8) | s->setup_buf[2];
+ index = (s->setup_buf[5] << 8) | s->setup_buf[4];
+
+- if (s->setup_len > sizeof(s->data_buf)) {
++ setup_len = (s->setup_buf[7] << 8) | s->setup_buf[6];
++ if (setup_len > sizeof(s->data_buf)) {
+ fprintf(stderr,
+ "usb_generic_handle_packet: ctrl buffer too small (%d > %zu)\n",
+- s->setup_len, sizeof(s->data_buf));
++ setup_len, sizeof(s->data_buf));
+ p->status = USB_RET_STALL;
+ return;
+ }
++ s->setup_len = setup_len;
+
+ if (p->pid == USB_TOKEN_OUT) {
+ usb_packet_copy(p, s->data_buf, s->setup_len);
diff --git a/meta-xilinx/meta-xilinx-standalone/conf/layer.conf b/meta-xilinx/meta-xilinx-standalone/conf/layer.conf
index cef1039..de1acee 100644
--- a/meta-xilinx/meta-xilinx-standalone/conf/layer.conf
+++ b/meta-xilinx/meta-xilinx-standalone/conf/layer.conf
@@ -13,6 +13,7 @@
BBFILE_PRIORITY_xilinx-standalone = "7"
LAYERDEPENDS_xilinx-standalone = "core xilinx"
+LAYERRECOMMENDS_xilinx-standalone = "xilinx-microblaze"
LAYERSERIES_COMPAT_xilinx-standalone = "dunfell gatesgarth"
XILINX_RELEASE_VERSION = "v2020.2"
diff --git a/meta-xilinx/meta-xilinx-standalone/recipes-core/newlib/libgloss_3.%.bbappend b/meta-xilinx/meta-xilinx-standalone/recipes-core/newlib/libgloss_4.%.bbappend
similarity index 100%
rename from meta-xilinx/meta-xilinx-standalone/recipes-core/newlib/libgloss_3.%.bbappend
rename to meta-xilinx/meta-xilinx-standalone/recipes-core/newlib/libgloss_4.%.bbappend
diff --git a/meta-xilinx/meta-xilinx-standalone/recipes-core/newlib/newlib_3.%.bbappend b/meta-xilinx/meta-xilinx-standalone/recipes-core/newlib/newlib_4.%.bbappend
similarity index 100%
rename from meta-xilinx/meta-xilinx-standalone/recipes-core/newlib/newlib_3.%.bbappend
rename to meta-xilinx/meta-xilinx-standalone/recipes-core/newlib/newlib_4.%.bbappend
diff --git a/meta-xilinx/meta-xilinx-standalone/recipes-devtools/gcc/gcc-source_10.%.bbappend b/meta-xilinx/meta-xilinx-standalone/recipes-devtools/gcc/gcc-source_10.%.bbappend
index e187670..d3abc61 100644
--- a/meta-xilinx/meta-xilinx-standalone/recipes-devtools/gcc/gcc-source_10.%.bbappend
+++ b/meta-xilinx/meta-xilinx-standalone/recipes-devtools/gcc/gcc-source_10.%.bbappend
@@ -5,3 +5,11 @@
SRC_URI_append_microblaze_xilinx-standalone = " \
file://additional-microblaze-multilibs.patch \
"
+
+CHECK_FOR_MICROBLAZE_microblaze = "1"
+
+python() {
+ if d.getVar('CHECK_FOR_MICROBLAZE') == '1':
+ if 'xilinx-microblaze' not in d.getVar('BBFILE_COLLECTIONS').split():
+ bb.fatal('You must include the meta-microblaze layer to build for this configuration.')
+}