diff -ur qemu/arm-semi.c qemu-0.9.0/arm-semi.c
--- qemu/arm-semi.c	2007-02-06 00:01:54.000000000 +0100
+++ qemu-0.9.0/arm-semi.c	2007-07-03 21:52:52.000000000 +0200
@@ -196,7 +196,7 @@
 
 #define ARG(n) tget32(args + (n) * 4)
 #define SET_ARG(n, val) tput32(args + (n) * 4,val)
-uint32_t do_arm_semihosting(CPUState *env)
+int do_arm_semihosting(CPUState *env, uint32_t mask)
 {
     target_ulong args;
     char * s;
diff -ur qemu/linux-user/arm/syscall.h qemu-0.9.0/linux-user/arm/syscall.h
--- qemu/linux-user/arm/syscall.h	2007-02-06 00:01:54.000000000 +0100
+++ qemu-0.9.0/linux-user/arm/syscall.h	2007-07-03 21:54:32.000000000 +0200
@@ -39,4 +39,4 @@
 #define UNAME_MACHINE "armv5tel"
 #endif
 
-uint32_t do_arm_semihosting(CPUState *);
+int do_arm_semihosting(CPUState *, uint32_t);
diff -ur qemu/target-arm/helper.c qemu-0.9.0/target-arm/helper.c
--- qemu/target-arm/helper.c	2007-02-06 00:01:54.000000000 +0100
+++ qemu-0.9.0/target-arm/helper.c	2007-07-21 11:44:15.000000000 +0200
@@ -5,6 +5,8 @@
 #include "cpu.h"
 #include "exec-all.h"
 
+extern int do_arm_semihosting(CPUARMState *env, uint32_t mask);
+
 void cpu_reset(CPUARMState *env)
 {
 #if defined (CONFIG_USER_ONLY)
@@ -184,14 +184,8 @@
             } else {
                 mask = ldl_code(env->regs[15] - 4) & 0xffffff;
             }
-            /* Only intercept calls from privileged modes, to provide some
-               semblance of security.  */
-            if (((mask == 0x123456 && !env->thumb)
-                    || (mask == 0xab && env->thumb))
-                  && (env->uncached_cpsr & CPSR_M) != ARM_CPU_MODE_USR) {
-                env->regs[0] = do_arm_semihosting(env);
-                return;
-            }
+	    if (do_arm_semihosting(env, mask))
+		return;
         }
         new_mode = ARM_CPU_MODE_SVC;
         addr = 0x08;