Upstream: integrate various misc. minor changes

Change-Id: I7d3eca1350f980d93f9f3198fa5250fb776de729
diff --git a/alpha.ld b/alpha.ld
index 0975443..906d76b 100644
--- a/alpha.ld
+++ b/alpha.ld
@@ -2,7 +2,6 @@
 	      "elf64-alpha")
 OUTPUT_ARCH(alpha)
 ENTRY(__start)
-SEARCH_DIR(/lib); SEARCH_DIR(/usr/lib); SEARCH_DIR(/usr/local/lib); SEARCH_DIR(/usr/alpha-unknown-linux-gnu/lib);
 SECTIONS
 {
   /* Read-only sections, merged into text segment: */
diff --git a/arm.ld b/arm.ld
index 93285d6..12b3edb 100644
--- a/arm.ld
+++ b/arm.ld
@@ -2,7 +2,6 @@
 	      "elf32-littlearm")
 OUTPUT_ARCH(arm)
 ENTRY(_start)
-SEARCH_DIR(/lib); SEARCH_DIR(/usr/lib); SEARCH_DIR(/usr/local/lib); SEARCH_DIR(/usr/alpha-unknown-linux-gnu/lib);
 SECTIONS
 {
   /* Read-only sections, merged into text segment: */
diff --git a/cache-utils.c b/cache-utils.c
index 45d62c9..8bbd680 100644
--- a/cache-utils.c
+++ b/cache-utils.c
@@ -57,6 +57,27 @@
 }
 #endif
 
+#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/sysctl.h>
+
+static void ppc_init_cacheline_sizes(void)
+{
+    size_t len = 4;
+    unsigned cacheline;
+
+    if (sysctlbyname ("machdep.cacheline_size", &cacheline, &len, NULL, 0)) {
+        fprintf(stderr, "sysctlbyname machdep.cacheline_size failed: %s\n",
+                strerror(errno));
+        exit(1);
+    }
+
+    qemu_cache_conf.dcache_bsize = cacheline;
+    qemu_cache_conf.icache_bsize = cacheline;
+}
+#endif    
+
 #ifdef __linux__
 void qemu_cache_utils_init(char **envp)
 {
diff --git a/cpu-all.h b/cpu-all.h
index 57b69f8..1ccc9a8 100644
--- a/cpu-all.h
+++ b/cpu-all.h
@@ -915,6 +915,8 @@
 
 void qemu_unregister_coalesced_mmio(target_phys_addr_t addr, ram_addr_t size);
 
+void qemu_flush_coalesced_mmio_buffer(void);
+
 /*******************************************/
 /* host CPU ticks (if available) */
 
diff --git a/cpu-defs.h b/cpu-defs.h
index 2907f45..c96b9ae 100644
--- a/cpu-defs.h
+++ b/cpu-defs.h
@@ -14,8 +14,7 @@
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA  02110-1301 USA
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  */
 #ifndef CPU_DEFS_H
 #define CPU_DEFS_H
@@ -200,6 +199,7 @@
     const char *cpu_model_str;                                          \
     struct KVMState *kvm_state;                                         \
     struct kvm_run *kvm_run;                                            \
-    int kvm_fd;
+    int kvm_fd;                                                         \
+    int kvm_vcpu_dirty;
 
 #endif
diff --git a/curses.c b/curses.c
index 8aae818..3ce12b9 100644
--- a/curses.c
+++ b/curses.c
@@ -158,7 +158,7 @@
 
 #include "curses_keys.h"
 
-static kbd_layout_t *kbd_layout = 0;
+static kbd_layout_t *kbd_layout = NULL;
 static int keycode2keysym[CURSES_KEYS];
 
 static void curses_refresh(DisplayState *ds)
@@ -368,7 +368,4 @@
     ds->surface = qemu_create_displaysurface_from(640, 400, 0, 0, (uint8_t*) screen);
 
     invalidate = 1;
-
-    /* Standard VGA initial text mode dimensions */
-    curses_resize(ds);
 }
diff --git a/curses_keys.h b/curses_keys.h
index 4c6f3db..a6e41cf 100644
--- a/curses_keys.h
+++ b/curses_keys.h
@@ -479,5 +479,5 @@
     { "F20", 0x11c },
     { "Escape", 27 },
 
-    { 0, 0 },
+    { NULL, 0 },
 };
diff --git a/cutils.c b/cutils.c
index 0623cf7..ffe5c71 100644
--- a/cutils.c
+++ b/cutils.c
@@ -83,6 +83,19 @@
     return 1;
 }
 
+/* XXX: use host strnlen if available ? */
+int qemu_strnlen(const char *s, int max_len)
+{
+    int i;
+
+    for(i = 0; i < max_len; i++) {
+        if (s[i] == '\0') {
+            break;
+        }
+    }
+    return i;
+}
+
 time_t mktimegm(struct tm *tm)
 {
     time_t t;
@@ -138,6 +151,31 @@
     ++qiov->niov;
 }
 
+/*
+ * Copies iovecs from src to the end dst until src is completely copied or the
+ * total size of the copied iovec reaches size. The size of the last copied
+ * iovec is changed in order to fit the specified total size if it isn't a
+ * perfect fit already.
+ */
+void qemu_iovec_concat(QEMUIOVector *dst, QEMUIOVector *src, size_t size)
+{
+    int i;
+    size_t done;
+
+    assert(dst->nalloc != -1);
+
+    done = 0;
+    for (i = 0; (i < src->niov) && (done != size); i++) {
+        if (done + src->iov[i].iov_len > size) {
+            qemu_iovec_add(dst, src->iov[i].iov_base, size - done);
+            break;
+        } else {
+            qemu_iovec_add(dst, src->iov[i].iov_base, src->iov[i].iov_len);
+        }
+        done += src->iov[i].iov_len;
+    }
+}
+
 void qemu_iovec_destroy(QEMUIOVector *qiov)
 {
     assert(qiov->nalloc != -1);
diff --git a/def-helper.h b/def-helper.h
index d57ea4d..8a88c5b 100644
--- a/def-helper.h
+++ b/def-helper.h
@@ -60,13 +60,13 @@
 #define dh_retvar_decl0_void void
 #define dh_retvar_decl0_i32 TCGv_i32 retval
 #define dh_retvar_decl0_i64 TCGv_i64 retval
-#define dh_retvar_decl0_ptr TCGv_iptr retval
+#define dh_retvar_decl0_ptr TCGv_ptr retval
 #define dh_retvar_decl0(t) glue(dh_retvar_decl0_, dh_alias(t))
 
 #define dh_retvar_decl_void
 #define dh_retvar_decl_i32 TCGv_i32 retval,
 #define dh_retvar_decl_i64 TCGv_i64 retval,
-#define dh_retvar_decl_ptr TCGv_iptr retval,
+#define dh_retvar_decl_ptr TCGv_ptr retval,
 #define dh_retvar_decl(t) glue(dh_retvar_decl_, dh_alias(t))
 
 #define dh_retvar_void TCG_CALL_DUMMY_ARG
diff --git a/device_tree.c b/device_tree.c
index cc91606..426a631 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -22,6 +22,7 @@
 #include "qemu-common.h"
 #include "sysemu.h"
 #include "device_tree.h"
+#include "hw/loader.h"
 
 #include <libfdt.h>
 
diff --git a/dis-asm.h b/dis-asm.h
index 251c490..5f6f06c 100644
--- a/dis-asm.h
+++ b/dis-asm.h
@@ -10,11 +10,11 @@
 #define DIS_ASM_H
 
 #include <stdlib.h>
+#include <stdbool.h>
 #include <stdio.h>
 #include <string.h>
 #include <inttypes.h>
 
-#define PARAMS(x) x
 typedef void *PTR;
 typedef uint64_t bfd_vma;
 typedef int64_t bfd_signed_vma;
@@ -234,7 +234,7 @@
     } udata;
 } asymbol;
 
-typedef int (*fprintf_ftype) PARAMS((FILE*, const char*, ...));
+typedef int (*fprintf_ftype) (FILE*, const char*, ...);
 
 enum dis_insn_type {
   dis_noninsn,			/* Not a valid instruction */
@@ -296,19 +296,19 @@
      INFO is a pointer to this struct.
      Returns an errno value or 0 for success.  */
   int (*read_memory_func)
-    PARAMS ((bfd_vma memaddr, bfd_byte *myaddr, int length,
-	     struct disassemble_info *info));
+    (bfd_vma memaddr, bfd_byte *myaddr, int length,
+	     struct disassemble_info *info);
 
   /* Function which should be called if we get an error that we can't
      recover from.  STATUS is the errno value from read_memory_func and
      MEMADDR is the address that we were trying to read.  INFO is a
      pointer to this struct.  */
   void (*memory_error_func)
-    PARAMS ((int status, bfd_vma memaddr, struct disassemble_info *info));
+    (int status, bfd_vma memaddr, struct disassemble_info *info);
 
   /* Function called to print ADDR.  */
   void (*print_address_func)
-    PARAMS ((bfd_vma addr, struct disassemble_info *info));
+    (bfd_vma addr, struct disassemble_info *info);
 
   /* Function called to determine if there is a symbol at the given ADDR.
      If there is, the function returns 1, otherwise it returns 0.
@@ -318,7 +318,7 @@
      address, (normally because there is a symbol associated with
      that address), but sometimes we want to mask out the overlay bits.  */
   int (* symbol_at_address_func)
-    PARAMS ((bfd_vma addr, struct disassemble_info * info));
+    (bfd_vma addr, struct disassemble_info * info);
 
   /* These are for buffer_read_memory.  */
   bfd_byte *buffer;
@@ -363,49 +363,48 @@
 
 /* Standard disassemblers.  Disassemble one instruction at the given
    target address.  Return number of bytes processed.  */
-typedef int (*disassembler_ftype)
-     PARAMS((bfd_vma, disassemble_info *));
+typedef int (*disassembler_ftype) (bfd_vma, disassemble_info *);
 
-extern int print_insn_big_mips		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_little_mips	PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_i386		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_m68k		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_z8001		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_z8002		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_h8300		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_h8300h		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_h8300s		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_h8500		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_alpha		PARAMS ((bfd_vma, disassemble_info*));
-extern disassembler_ftype arc_get_disassembler PARAMS ((int, int));
-extern int print_insn_arm		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_sparc		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_big_a29k		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_little_a29k	PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_i960		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_sh		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_shl		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_hppa		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_m32r		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_m88k		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_mn10200		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_mn10300		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_ns32k		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_big_powerpc	PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_little_powerpc	PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_rs6000		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_w65		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_d10v		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_v850		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_tic30		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_ppc		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_s390		PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_crisv32           PARAMS ((bfd_vma, disassemble_info*));
-extern int print_insn_microblaze        PARAMS ((bfd_vma, disassemble_info*));
+extern int print_insn_big_mips		(bfd_vma, disassemble_info*);
+extern int print_insn_little_mips	(bfd_vma, disassemble_info*);
+extern int print_insn_i386		(bfd_vma, disassemble_info*);
+extern int print_insn_m68k		(bfd_vma, disassemble_info*);
+extern int print_insn_z8001		(bfd_vma, disassemble_info*);
+extern int print_insn_z8002		(bfd_vma, disassemble_info*);
+extern int print_insn_h8300		(bfd_vma, disassemble_info*);
+extern int print_insn_h8300h		(bfd_vma, disassemble_info*);
+extern int print_insn_h8300s		(bfd_vma, disassemble_info*);
+extern int print_insn_h8500		(bfd_vma, disassemble_info*);
+extern int print_insn_alpha		(bfd_vma, disassemble_info*);
+extern disassembler_ftype arc_get_disassembler (int, int);
+extern int print_insn_arm		(bfd_vma, disassemble_info*);
+extern int print_insn_sparc		(bfd_vma, disassemble_info*);
+extern int print_insn_big_a29k		(bfd_vma, disassemble_info*);
+extern int print_insn_little_a29k	(bfd_vma, disassemble_info*);
+extern int print_insn_i960		(bfd_vma, disassemble_info*);
+extern int print_insn_sh		(bfd_vma, disassemble_info*);
+extern int print_insn_shl		(bfd_vma, disassemble_info*);
+extern int print_insn_hppa		(bfd_vma, disassemble_info*);
+extern int print_insn_m32r		(bfd_vma, disassemble_info*);
+extern int print_insn_m88k		(bfd_vma, disassemble_info*);
+extern int print_insn_mn10200		(bfd_vma, disassemble_info*);
+extern int print_insn_mn10300		(bfd_vma, disassemble_info*);
+extern int print_insn_ns32k		(bfd_vma, disassemble_info*);
+extern int print_insn_big_powerpc	(bfd_vma, disassemble_info*);
+extern int print_insn_little_powerpc	(bfd_vma, disassemble_info*);
+extern int print_insn_rs6000		(bfd_vma, disassemble_info*);
+extern int print_insn_w65		(bfd_vma, disassemble_info*);
+extern int print_insn_d10v		(bfd_vma, disassemble_info*);
+extern int print_insn_v850		(bfd_vma, disassemble_info*);
+extern int print_insn_tic30		(bfd_vma, disassemble_info*);
+extern int print_insn_ppc		(bfd_vma, disassemble_info*);
+extern int print_insn_s390		(bfd_vma, disassemble_info*);
+extern int print_insn_crisv32           (bfd_vma, disassemble_info*);
+extern int print_insn_microblaze        (bfd_vma, disassemble_info*);
 
 #if 0
 /* Fetch the disassembler for a given BFD, if that support is available.  */
-extern disassembler_ftype disassembler	PARAMS ((bfd *));
+extern disassembler_ftype disassembler	(bfd *);
 #endif
 
 
@@ -415,22 +414,20 @@
 /* Here is a function which callers may wish to use for read_memory_func.
    It gets bytes from a buffer.  */
 extern int buffer_read_memory
-  PARAMS ((bfd_vma, bfd_byte *, int, struct disassemble_info *));
+  (bfd_vma, bfd_byte *, int, struct disassemble_info *);
 
 /* This function goes with buffer_read_memory.
    It prints a message using info->fprintf_func and info->stream.  */
-extern void perror_memory PARAMS ((int, bfd_vma, struct disassemble_info *));
+extern void perror_memory (int, bfd_vma, struct disassemble_info *);
 
 
 /* Just print the address in hex.  This is included for completeness even
    though both GDB and objdump provide their own (to print symbolic
    addresses).  */
-extern void generic_print_address
-  PARAMS ((bfd_vma, struct disassemble_info *));
+extern void generic_print_address (bfd_vma, struct disassemble_info *);
 
 /* Always true.  */
-extern int generic_symbol_at_address
-  PARAMS ((bfd_vma, struct disassemble_info *));
+extern int generic_symbol_at_address (bfd_vma, struct disassemble_info *);
 
 /* Macro to initialize a disassemble_info struct.  This should be called
    by all applications creating such a struct.  */
@@ -475,7 +472,6 @@
 bfd_vma bfd_getb32 (const bfd_byte *addr);
 bfd_vma bfd_getl16 (const bfd_byte *addr);
 bfd_vma bfd_getb16 (const bfd_byte *addr);
-typedef enum bfd_boolean {false, true} boolean;
-typedef boolean bfd_boolean;
+typedef bool bfd_boolean;
 
 #endif /* ! defined (DIS_ASM_H) */
diff --git a/disas.h b/disas.h
index 0789b57..f63462c 100644
--- a/disas.h
+++ b/disas.h
@@ -20,7 +20,7 @@
 struct elf32_sym;
 struct elf64_sym;
 
-typedef const char *(*lookup_symbol_t)(struct syminfo *s, target_ulong orig_addr);
+typedef const char *(*lookup_symbol_t)(struct syminfo *s, target_phys_addr_t orig_addr);
 
 struct syminfo {
     lookup_symbol_t lookup_symbol;
diff --git a/elf.h b/elf.h
index 11674d7..c84c8ab 100644
--- a/elf.h
+++ b/elf.h
@@ -243,6 +243,8 @@
 #define R_386_GOTOFF	9
 #define R_386_GOTPC	10
 #define R_386_NUM	11
+/* Not a dynamic reloc, so not included in R_386_NUM.  Used in TCG.  */
+#define R_386_PC8	23
 
 #define R_MIPS_NONE		0
 #define R_MIPS_16		1
diff --git a/gdbstub.c b/gdbstub.c
index 92a353e..0235720 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -14,8 +14,7 @@
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA  02110-1301 USA
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  */
 #include "config.h"
 #include "qemu-common.h"
diff --git a/gen-icount.h b/gen-icount.h
index d4524d6..3268f72 100644
--- a/gen-icount.h
+++ b/gen-icount.h
@@ -11,14 +11,7 @@
         return;
 
     icount_label = gen_new_label();
-    /* FIXME: This generates lousy code.  We can't use tcg_new_temp because
-       count needs to live over the conditional branch.  To workaround this
-       we allow the target to supply a convenient register temporary.  */
-#ifndef ICOUNT_TEMP
     count = tcg_temp_local_new_i32();
-#else
-    count = ICOUNT_TEMP;
-#endif
     tcg_gen_ld_i32(count, cpu_env, offsetof(CPUState, icount_decr.u32));
     /* This is a horrid hack to allow fixing up the value later.  */
     icount_arg = gen_opparam_ptr + 1;
@@ -26,9 +19,7 @@
 
     tcg_gen_brcondi_i32(TCG_COND_LT, count, 0, icount_label);
     tcg_gen_st16_i32(count, cpu_env, offsetof(CPUState, icount_decr.u16.low));
-#ifndef ICOUNT_TEMP
     tcg_temp_free_i32(count);
-#endif
 }
 
 static void gen_icount_end(TranslationBlock *tb, int num_insns)
@@ -40,7 +31,7 @@
     }
 }
 
-static void inline gen_io_start(void)
+static inline void gen_io_start(void)
 {
     TCGv_i32 tmp = tcg_const_i32(1);
     tcg_gen_st_i32(tmp, cpu_env, offsetof(CPUState, can_do_io));
diff --git a/host-utils.h b/host-utils.h
index 5848c64..0ddc176 100644
--- a/host-utils.h
+++ b/host-utils.h
@@ -28,7 +28,7 @@
 #if defined(__x86_64__)
 #define __HAVE_FAST_MULU64__
 static inline void mulu64(uint64_t *plow, uint64_t *phigh,
-                                  uint64_t a, uint64_t b)
+                          uint64_t a, uint64_t b)
 {
     __asm__ ("mul %0\n\t"
              : "=d" (*phigh), "=a" (*plow)
@@ -36,7 +36,7 @@
 }
 #define __HAVE_FAST_MULS64__
 static inline void muls64(uint64_t *plow, uint64_t *phigh,
-                                  int64_t a, int64_t b)
+                          int64_t a, int64_t b)
 {
     __asm__ ("imul %0\n\t"
              : "=d" (*phigh), "=a" (*plow)
diff --git a/i386.ld b/i386.ld
index f2dafec..f8df7bf 100644
--- a/i386.ld
+++ b/i386.ld
@@ -39,8 +39,20 @@
   .rela.fini     : { *(.rela.fini)	}
   .rel.bss       : { *(.rel.bss)		}
   .rela.bss      : { *(.rela.bss)		}
-  .rel.plt       : { *(.rel.plt)		}
-  .rela.plt      : { *(.rela.plt)		}
+  .rel.plt      :
+  {
+    *(.rel.plt)
+    PROVIDE_HIDDEN (__rel_iplt_start = .);
+    *(.rel.iplt)
+    PROVIDE_HIDDEN (__rel_iplt_end = .);
+  }
+  .rela.plt       :
+  {
+    *(.rela.plt)
+    PROVIDE_HIDDEN (__rela_iplt_start = .);
+    *(.rela.iplt)
+    PROVIDE_HIDDEN (__rela_iplt_end = .);
+  }
   .init          : { *(.init)	} =0x47ff041f
   .text      :
   {
diff --git a/json-lexer.c b/json-lexer.c
index 53697c5..9d64920 100644
--- a/json-lexer.c
+++ b/json-lexer.c
@@ -54,6 +54,9 @@
     IN_ESCAPE,
     IN_ESCAPE_L,
     IN_ESCAPE_LL,
+    IN_ESCAPE_I,
+    IN_ESCAPE_I6,
+    IN_ESCAPE_I64,
     IN_ESCAPE_DONE,
     IN_WHITESPACE,
     IN_OPERATOR_DONE,
@@ -223,6 +226,18 @@
         ['l'] = IN_ESCAPE_LL,
     },
 
+    [IN_ESCAPE_I64] = {
+        ['d'] = IN_ESCAPE_DONE,
+    },
+
+    [IN_ESCAPE_I6] = {
+        ['4'] = IN_ESCAPE_I64,
+    },
+
+    [IN_ESCAPE_I] = {
+        ['6'] = IN_ESCAPE_I6,
+    },
+
     [IN_ESCAPE] = {
         ['d'] = IN_ESCAPE_DONE,
         ['i'] = IN_ESCAPE_DONE,
@@ -230,6 +245,7 @@
         ['s'] = IN_ESCAPE_DONE,
         ['f'] = IN_ESCAPE_DONE,
         ['l'] = IN_ESCAPE_L,
+        ['I'] = IN_ESCAPE_I,
     },
 
     /* top level rule */
diff --git a/json-parser.c b/json-parser.c
index e04932f..f3debcb 100644
--- a/json-parser.c
+++ b/json-parser.c
@@ -474,7 +474,8 @@
         obj = QOBJECT(qint_from_int(va_arg(*ap, int)));
     } else if (token_is_escape(token, "%ld")) {
         obj = QOBJECT(qint_from_int(va_arg(*ap, long)));
-    } else if (token_is_escape(token, "%lld")) {
+    } else if (token_is_escape(token, "%lld") ||
+               token_is_escape(token, "%I64d")) {
         obj = QOBJECT(qint_from_int(va_arg(*ap, long long)));
     } else if (token_is_escape(token, "%s")) {
         obj = QOBJECT(qstring_from_str(va_arg(*ap, const char *)));
diff --git a/qdict.c b/qdict.c
index c6a5a42..7d1469d 100644
--- a/qdict.c
+++ b/qdict.c
@@ -11,6 +11,7 @@
  */
 
 #include "qint.h"
+#include "qfloat.h"
 #include "qdict.h"
 #include "qbool.h"
 #include "qstring.h"
@@ -175,6 +176,29 @@
 }
 
 /**
+ * qdict_get_double(): Get an number mapped by 'key'
+ *
+ * This function assumes that 'key' exists and it stores a
+ * QFloat or QInt object.
+ *
+ * Return number mapped by 'key'.
+ */
+double qdict_get_double(const QDict *qdict, const char *key)
+{
+    QObject *obj = qdict_get(qdict, key);
+
+    assert(obj);
+    switch (qobject_type(obj)) {
+    case QTYPE_QFLOAT:
+        return qfloat_get_double(qobject_to_qfloat(obj));
+    case QTYPE_QINT:
+        return qint_get_int(qobject_to_qint(obj));
+    default:
+        assert(0);
+    }
+}
+
+/**
  * qdict_get_int(): Get an integer mapped by 'key'
  *
  * This function assumes that 'key' exists and it stores a
diff --git a/qdict.h b/qdict.h
index 2eaf6d5..579dcdd 100644
--- a/qdict.h
+++ b/qdict.h
@@ -37,6 +37,7 @@
         qdict_put_obj(qdict, key, QOBJECT(obj))
 
 /* High level helpers */
+double qdict_get_double(const QDict *qdict, const char *key);
 int64_t qdict_get_int(const QDict *qdict, const char *key);
 int qdict_get_bool(const QDict *qdict, const char *key);
 QList *qdict_get_qlist(const QDict *qdict, const char *key);
diff --git a/qemu-option.c b/qemu-option.c
index 738e5b6..6a5d2ef 100644
--- a/qemu-option.c
+++ b/qemu-option.c
@@ -470,7 +470,7 @@
     const char   *name;
     const char   *str;
 
-    QemuOptDesc  *desc;
+    const QemuOptDesc *desc;
     union {
         int      boolean;
         uint64_t uint;
@@ -565,7 +565,7 @@
 int qemu_opt_set(QemuOpts *opts, const char *name, const char *value)
 {
     QemuOpt *opt;
-    QemuOptDesc *desc = opts->list->desc;
+    const QemuOptDesc *desc = opts->list->desc;
     int i;
 
     for (i = 0; desc[i].name != NULL; i++) {
@@ -777,7 +777,7 @@
 /* Validate parsed opts against descriptions where no
  * descriptions were provided in the QemuOptsList.
  */
-int qemu_opts_validate(QemuOpts *opts, QemuOptDesc *desc)
+int qemu_opts_validate(QemuOpts *opts, const QemuOptDesc *desc)
 {
     QemuOpt *opt;
 
@@ -814,7 +814,7 @@
     int rc = 0;
 
     QTAILQ_FOREACH(opts, &list->head, next) {
-        rc = func(opts, opaque);
+        rc |= func(opts, opaque);
         if (abort_on_failure  &&  rc != 0)
             break;
     }
diff --git a/qemu-option.h b/qemu-option.h
index 666b666..f3f1de7 100644
--- a/qemu-option.h
+++ b/qemu-option.h
@@ -115,7 +115,7 @@
                   const char *name, const char *value);
 const char *qemu_opts_id(QemuOpts *opts);
 void qemu_opts_del(QemuOpts *opts);
-int qemu_opts_validate(QemuOpts *opts, QemuOptDesc *desc);
+int qemu_opts_validate(QemuOpts *opts, const QemuOptDesc *desc);
 int qemu_opts_do_parse(QemuOpts *opts, const char *params, const char *firstname);
 QemuOpts *qemu_opts_parse(QemuOptsList *list, const char *params, const char *firstname);
 
diff --git a/qerror.c b/qerror.c
index 6c2aba0..2f657f4 100644
--- a/qerror.c
+++ b/qerror.c
@@ -81,10 +81,6 @@
         .desc      = "Invalid block format %(name)",
     },
     {
-        .error_fmt = QERR_INVALID_CPU_INDEX,
-        .desc      = "Invalid CPU index",
-    },
-    {
         .error_fmt = QERR_INVALID_PARAMETER,
         .desc      = "Invalid parameter %(name)",
     },
diff --git a/qerror.h b/qerror.h
index 57c5b97..ee59615 100644
--- a/qerror.h
+++ b/qerror.h
@@ -70,9 +70,6 @@
 #define QERR_INVALID_BLOCK_FORMAT \
     "{ 'class': 'InvalidBlockFormat', 'data': { 'name': %s } }"
 
-#define QERR_INVALID_CPU_INDEX \
-    "{ 'class': 'InvalidCPUIndex', 'data': {} }"
-
 #define QERR_INVALID_PARAMETER \
     "{ 'class': 'InvalidParameter', 'data': { 'name': %s } }"
 
diff --git a/qjson.c b/qjson.c
index 9ad8a91..483c667 100644
--- a/qjson.c
+++ b/qjson.c
@@ -53,6 +53,10 @@
     return qobject_from_jsonv(string, NULL);
 }
 
+/*
+ * IMPORTANT: This function aborts on error, thus it must not
+ * be used with untrusted arguments.
+ */
 QObject *qobject_from_jsonf(const char *string, ...)
 {
     QObject *obj;
@@ -62,6 +66,7 @@
     obj = qobject_from_jsonv(string, &ap);
     va_end(ap);
 
+    assert(obj != NULL);
     return obj;
 }
 
diff --git a/readline.c b/readline.c
index 7834af0..92f9cd1 100644
--- a/readline.c
+++ b/readline.c
@@ -28,6 +28,7 @@
 #define IS_ESC  1
 #define IS_CSI  2
 
+#undef printf
 #define printf do_not_use_printf
 
 void readline_show_prompt(ReadLineState *rs)
diff --git a/x86_64.ld b/x86_64.ld
index 24ea77d..46d8d4d 100644
--- a/x86_64.ld
+++ b/x86_64.ld
@@ -35,8 +35,20 @@
   .rela.got       : { *(.rela.got) }
   .rel.bss        : { *(.rel.bss .rel.bss.* .rel.gnu.linkonce.b.*) }
   .rela.bss       : { *(.rela.bss .rela.bss.* .rela.gnu.linkonce.b.*) }
-  .rel.plt        : { *(.rel.plt) }
-  .rela.plt       : { *(.rela.plt) }
+  .rel.plt      :
+  {
+    *(.rel.plt)
+    PROVIDE_HIDDEN (__rel_iplt_start = .);
+    *(.rel.iplt)
+    PROVIDE_HIDDEN (__rel_iplt_end = .);
+  }
+  .rela.plt       :
+  {
+    *(.rela.plt)
+    PROVIDE_HIDDEN (__rela_iplt_start = .);
+    *(.rela.iplt)
+    PROVIDE_HIDDEN (__rela_iplt_end = .);
+  }
   .init           :
   {
     KEEP (*(.init))