These changes are the raw update to qemu-2.6.

Collission happened in the following patches:

migration: do cleanup operation after completion(738df5b9)
Bug fix.(1750c932f86)
kvmclock: add a new function to update env->tsc.(b52baab2)

The code provided by the patches was already in the upstreamed
version.

Change-Id: I3cc11841a6a76ae20887b2e245710199e1ea7f9a
Signed-off-by: José Pekkarinen <jose.pekkarinen@nokia.com>

2 files changed, 14 insertions, 0 deletions

diff --git a/qemu/roms/openbios/libopenbios/bindings.c b/qemu/roms/openbios/libopenbios/bindings.c
index 5323421f5..4f7a99379 100644
--- a/qemu/roms/openbios/libopenbios/bindings.c
+++ b/qemu/roms/openbios/libopenbios/bindings.c
@@ -366,6 +366,14 @@ find_dev( const char *path )
 	return ret;
 }
 
+char *
+get_path_from_ph( phandle_t ph )
+{
+	PUSH(ph);
+	fword("get-package-path");
+	return pop_fstr_copy();
+}
+
 phandle_t
 dt_iter_begin( void )
 {
diff --git a/qemu/roms/openbios/libopenbios/bootinfo_load.c b/qemu/roms/openbios/libopenbios/bootinfo_load.c
index fa9e36bd4..f33678185 100644
--- a/qemu/roms/openbios/libopenbios/bootinfo_load.c
+++ b/qemu/roms/openbios/libopenbios/bootinfo_load.c
@@ -161,6 +161,12 @@ bootinfo_init_program(void)
 	feval("load-size");
 	size = POP();
 
+	/* Some bootinfo scripts contain a binary payload after the
+	   NULL-terminated Forth string such as OS 9. Restrict our
+	   size to just the Forth section, otherwise we end up trying
+	   to allocate memory for the entire binary which might fail. */
+	size = strnlen(base, size);
+
 	bootscript = malloc(size);
 	if (bootscript == NULL) {
 		DPRINTF("Can't malloc %d bytes\n", size);