Series comparison

-[Qemu-devel] [PULL 0/4] Block patches
+[PULL for-7.0 0/2] Block patches
-The following changes since commit f58d9620aa4a514b1227074ff56eefd1334a6225:
+The following changes since commit 15ef89d2a1a7b93845a6b09c2ee8e1979f6eb30b:
-  Merge remote-tracking branch 'remotes/rth/tags/pull-dt-20180326' into staging (2018-03-27 10:27:34 +0100)
+  Update version for v7.0.0-rc1 release (2022-03-22 22:58:44 +0000)
 are available in the Git repository at:
-  git://github.com/stefanha/qemu.git tags/block-pull-request
+  https://gitlab.com/stefanha/qemu.git tags/block-pull-request
-for you to fetch changes up to f5a53faad4bfbf1b86012a13055d2a1a774a42b6:
+for you to fetch changes up to 2539eade4f689eda7e9fe45486f18334bfbafaf0:
-  MAINTAINERS: add include/block/aio-wait.h (2018-03-27 13:05:48 +0100)
+  hw: Fix misleading hexadecimal format (2022-03-24 10:38:42 +0000)
 ----------------------------------------------------------------
 Pull request
 Philippe found cases where the 0x%d format string was used, leading to
 misleading output. The patches look harmless and could save people time, so I
 think it's worth including them in 7.0.
 ----------------------------------------------------------------
-----------------------------------------------------------------
+Philippe Mathieu-Daudé (2):
   block: Fix misleading hexadecimal format
   hw: Fix misleading hexadecimal format
-Stefan Hajnoczi (4):
+ block/parallels-ext.c | 2 +-
-  queue: add QSIMPLEQ_PREPEND()
+ hw/i386/sgx.c         | 2 +-
-  coroutine: avoid co_queue_wakeup recursion
+ hw/i386/trace-events  | 6 +++---
-  coroutine: add test-aio coroutine queue chaining test case
+ hw/misc/trace-events  | 4 ++--
-  MAINTAINERS: add include/block/aio-wait.h
+ hw/scsi/trace-events  | 4 ++--
+files changed, 9 insertions(+), 9 deletions(-)
  MAINTAINERS                  |   1 +
  include/qemu/coroutine_int.h |   1 -
  include/qemu/queue.h         |   8 ++++
  block/io.c                   |   3 +-
  tests/test-aio.c             |  65 ++++++++++++++++++++-----
  util/qemu-coroutine-lock.c   |  34 -------------
  util/qemu-coroutine.c        | 110 +++++++++++++++++++++++--------------------
 files changed, 121 insertions(+), 101 deletions(-)
 --
-.14.3
+.35.1

-[Qemu-devel] [PULL 1/4] queue: add QSIMPLEQ_PREPEND()
+Deleted patch
-QSIMPLEQ_CONCAT(a, b) joins a = a + b.  The new QSIMPLEQ_PREPEND(a, b)
-API joins a = b + a.
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
-Message-id: 20180322152834.12656-2-stefanha@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- include/qemu/queue.h | 8 ++++++++
-file changed, 8 insertions(+)
-diff --git a/include/qemu/queue.h b/include/qemu/queue.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/qemu/queue.h
-+++ b/include/qemu/queue.h
-@@ -XXX,XX +XXX,XX @@ struct {                                                                \
-     }                                                                   \
- } while (/*CONSTCOND*/0)
-+#define QSIMPLEQ_PREPEND(head1, head2) do {                             \
-+    if (!QSIMPLEQ_EMPTY((head2))) {                                     \
-+        *(head2)->sqh_last = (head1)->sqh_first;                        \
-+        (head1)->sqh_first = (head2)->sqh_first;                          \
-+        QSIMPLEQ_INIT((head2));                                         \
-+    }                                                                   \
-+} while (/*CONSTCOND*/0)
-+
- #define QSIMPLEQ_LAST(head, type, field)                                \
-     (QSIMPLEQ_EMPTY((head)) ?                                           \
-         NULL :                                                          \
---
-.14.3

-[Qemu-devel] [PULL 4/4] MAINTAINERS: add include/block/aio-wait.h
+[PULL for-7.0 1/2] block: Fix misleading hexadecimal format
-The include/block/aio-wait.h header file was added by commit
+From: Philippe Mathieu-Daudé <f4bug@amsat.org>
 f3c968c59e1bcda7e177679dc765b59e578f ("block: extract
 AIO_WAIT_WHILE() from BlockDriverState") without updating MAINTAINERS.
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+"0x%u" format is very misleading, replace by "0x%x".
-Reviewed-by: Eric Blake <eblake@redhat.com>
-Message-id: 20180312132204.23683-1-stefanha@redhat.com
+Found running:
   $ git grep -E '0x%[0-9]*([lL]*|" ?PRI)[dDuU]' block/
 Inspired-by: Richard Henderson <richard.henderson@linaro.org>
 Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Reviewed-by: Hanna Reitz <hreitz@redhat.com>
 Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
 Reviewed-by: Denis V. Lunev <den@openvz.org>
 Message-id: 20220323114718.58714-2-philippe.mathieu.daude@gmail.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- MAINTAINERS | 1 +
+ block/parallels-ext.c | 2 +-
-file changed, 1 insertion(+)
+file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/MAINTAINERS b/MAINTAINERS
+diff --git a/block/parallels-ext.c b/block/parallels-ext.c
 index XXXXXXX..XXXXXXX 100644
---- a/MAINTAINERS
+--- a/block/parallels-ext.c
-+++ b/MAINTAINERS
++++ b/block/parallels-ext.c
-@@ -XXX,XX +XXX,XX @@ F: util/aio-*.c
+@@ -XXX,XX +XXX,XX @@ static int parallels_parse_format_extension(BlockDriverState *bs,
- F: block/io.c
+             break;
- F: migration/block*
- F: include/block/aio.h
+         default:
-+F: include/block/aio-wait.h
+-            error_setg(errp, "Unknown feature: 0x%" PRIu64, fh.magic);
- F: scripts/qemugdb/aio.py
++            error_setg(errp, "Unknown feature: 0x%" PRIx64, fh.magic);
- T: git git://github.com/stefanha/qemu.git block
+             goto fail;
          }
 --
-.14.3
+.35.1

-[Qemu-devel] [PULL 2/4] coroutine: avoid co_queue_wakeup recursion
+[PULL for-7.0 2/2] hw: Fix misleading hexadecimal format
-qemu_aio_coroutine_enter() is (indirectly) called recursively when
+From: Philippe Mathieu-Daudé <f4bug@amsat.org>
 processing co_queue_wakeup.  This can lead to stack exhaustion.
-This patch rewrites co_queue_wakeup in an iterative fashion (instead of
+"0x%u" format is very misleading, replace by "0x%x".
 recursive) with bounded memory usage to prevent stack exhaustion.
-qemu_co_queue_run_restart() is inlined into qemu_aio_coroutine_enter()
+Found running:
 and the qemu_coroutine_enter() call is turned into a loop to avoid
 recursion.
-There is one change that is worth mentioning:  Previously, when
+  $ git grep -E '0x%[0-9]*([lL]*|" ?PRI)[dDuU]' hw/
 coroutine A queued coroutine B, qemu_co_queue_run_restart() entered
 coroutine B from coroutine A.  If A was terminating then it would still
 stay alive until B yielded.  After this patch B is entered by A's parent
 so that a A can be deleted immediately if it is terminating.
-It is safe to make this change since B could never interact with A if it
+Inspired-by: Richard Henderson <richard.henderson@linaro.org>
-was terminating anyway.
+Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-id: 20220323114718.58714-3-philippe.mathieu.daude@gmail.com
 Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
 Message-id: 20180322152834.12656-3-stefanha@redhat.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- include/qemu/coroutine_int.h |   1 -
+ hw/i386/sgx.c        | 2 +-
- block/io.c                   |   3 +-
+ hw/i386/trace-events | 6 +++---
- util/qemu-coroutine-lock.c   |  34 -------------
+ hw/misc/trace-events | 4 ++--
- util/qemu-coroutine.c        | 110 +++++++++++++++++++++++--------------------
+ hw/scsi/trace-events | 4 ++--
-files changed, 60 insertions(+), 88 deletions(-)
+files changed, 8 insertions(+), 8 deletions(-)
-diff --git a/include/qemu/coroutine_int.h b/include/qemu/coroutine_int.h
+diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c
 index XXXXXXX..XXXXXXX 100644
---- a/include/qemu/coroutine_int.h
+--- a/hw/i386/sgx.c
-+++ b/include/qemu/coroutine_int.h
++++ b/hw/i386/sgx.c
-@@ -XXX,XX +XXX,XX @@ Coroutine *qemu_coroutine_new(void);
+@@ -XXX,XX +XXX,XX @@ void pc_machine_init_sgx_epc(PCMachineState *pcms)
- void qemu_coroutine_delete(Coroutine *co);
+     }
- CoroutineAction qemu_coroutine_switch(Coroutine *from, Coroutine *to,
-                                       CoroutineAction action);
+     if ((sgx_epc->base + sgx_epc->size) < sgx_epc->base) {
--void coroutine_fn qemu_co_queue_run_restart(Coroutine *co);
+-        error_report("Size of all 'sgx-epc' =0x%"PRIu64" causes EPC to wrap",
++        error_report("Size of all 'sgx-epc' =0x%"PRIx64" causes EPC to wrap",
- #endif
+                      sgx_epc->size);
-diff --git a/block/io.c b/block/io.c
+         exit(EXIT_FAILURE);
      }
 diff --git a/hw/i386/trace-events b/hw/i386/trace-events
 index XXXXXXX..XXXXXXX 100644
---- a/block/io.c
+--- a/hw/i386/trace-events
-+++ b/block/io.c
++++ b/hw/i386/trace-events
-@@ -XXX,XX +XXX,XX @@ static void coroutine_fn bdrv_co_yield_to_drain(BlockDriverState *bs,
+@@ -XXX,XX +XXX,XX @@ vtd_fault_disabled(void) "Fault processing disabled for context entry"
-     BdrvCoDrainData data;
+ vtd_replay_ce_valid(const char *mode, uint8_t bus, uint8_t dev, uint8_t fn, uint16_t domain, uint64_t hi, uint64_t lo) "%s: replay valid context device %02"PRIx8":%02"PRIx8".%02"PRIx8" domain 0x%"PRIx16" hi 0x%"PRIx64" lo 0x%"PRIx64
+ vtd_replay_ce_invalid(uint8_t bus, uint8_t dev, uint8_t fn) "replay invalid context device %02"PRIx8":%02"PRIx8".%02"PRIx8
-     /* Calling bdrv_drain() from a BH ensures the current coroutine yields and
+ vtd_page_walk_level(uint64_t addr, uint32_t level, uint64_t start, uint64_t end) "walk (base=0x%"PRIx64", level=%"PRIu32") iova range 0x%"PRIx64" - 0x%"PRIx64
--     * other coroutines run if they were queued from
+-vtd_page_walk_one(uint16_t domain, uint64_t iova, uint64_t gpa, uint64_t mask, int perm) "domain 0x%"PRIu16" iova 0x%"PRIx64" -> gpa 0x%"PRIx64" mask 0x%"PRIx64" perm %d"
--     * qemu_co_queue_run_restart(). */
++vtd_page_walk_one(uint16_t domain, uint64_t iova, uint64_t gpa, uint64_t mask, int perm) "domain 0x%"PRIx16" iova 0x%"PRIx64" -> gpa 0x%"PRIx64" mask 0x%"PRIx64" perm %d"
-+     * other coroutines run if they were queued by aio_co_enter(). */
+ vtd_page_walk_one_skip_map(uint64_t iova, uint64_t mask, uint64_t translated) "iova 0x%"PRIx64" mask 0x%"PRIx64" translated 0x%"PRIx64
+ vtd_page_walk_one_skip_unmap(uint64_t iova, uint64_t mask) "iova 0x%"PRIx64" mask 0x%"PRIx64
-     assert(qemu_in_coroutine());
+ vtd_page_walk_skip_read(uint64_t iova, uint64_t next) "Page walk skip iova 0x%"PRIx64" - 0x%"PRIx64" due to unable to read"
-     data = (BdrvCoDrainData) {
+ vtd_page_walk_skip_reserve(uint64_t iova, uint64_t next) "Page walk skip iova 0x%"PRIx64" - 0x%"PRIx64" due to rsrv set"
-diff --git a/util/qemu-coroutine-lock.c b/util/qemu-coroutine-lock.c
+ vtd_switch_address_space(uint8_t bus, uint8_t slot, uint8_t fn, bool on) "Device %02x:%02x.%x switching address space (iommu enabled=%d)"
  vtd_as_unmap_whole(uint8_t bus, uint8_t slot, uint8_t fn, uint64_t iova, uint64_t size) "Device %02x:%02x.%x start 0x%"PRIx64" size 0x%"PRIx64
 -vtd_translate_pt(uint16_t sid, uint64_t addr) "source id 0x%"PRIu16", iova 0x%"PRIx64
 -vtd_pt_enable_fast_path(uint16_t sid, bool success) "sid 0x%"PRIu16" %d"
 +vtd_translate_pt(uint16_t sid, uint64_t addr) "source id 0x%"PRIx16", iova 0x%"PRIx64
 +vtd_pt_enable_fast_path(uint16_t sid, bool success) "sid 0x%"PRIx16" %d"
  vtd_irq_generate(uint64_t addr, uint64_t data) "addr 0x%"PRIx64" data 0x%"PRIx64
  vtd_reg_read(uint64_t addr, uint64_t size) "addr 0x%"PRIx64" size 0x%"PRIx64
  vtd_reg_write(uint64_t addr, uint64_t size, uint64_t val) "addr 0x%"PRIx64" size 0x%"PRIx64" value 0x%"PRIx64
 diff --git a/hw/misc/trace-events b/hw/misc/trace-events
 index XXXXXXX..XXXXXXX 100644
---- a/util/qemu-coroutine-lock.c
+--- a/hw/misc/trace-events
-+++ b/util/qemu-coroutine-lock.c
++++ b/hw/misc/trace-events
-@@ -XXX,XX +XXX,XX @@ void coroutine_fn qemu_co_queue_wait_impl(CoQueue *queue, QemuLockable *lock)
+@@ -XXX,XX +XXX,XX @@
-     }
+ # See docs/devel/tracing.rst for syntax documentation.
- }
+ # allwinner-cpucfg.c
--/**
+-allwinner_cpucfg_cpu_reset(uint8_t cpu_id, uint32_t reset_addr) "id %u, reset_addr 0x%" PRIu32
-- * qemu_co_queue_run_restart:
++allwinner_cpucfg_cpu_reset(uint8_t cpu_id, uint32_t reset_addr) "id %u, reset_addr 0x%" PRIx32
-- *
+ allwinner_cpucfg_read(uint64_t offset, uint64_t data, unsigned size) "offset 0x%" PRIx64 " data 0x%" PRIx64 " size %" PRIu32
-- * Enter each coroutine that was previously marked for restart by
+ allwinner_cpucfg_write(uint64_t offset, uint64_t data, unsigned size) "offset 0x%" PRIx64 " data 0x%" PRIx64 " size %" PRIu32
-- * qemu_co_queue_next() or qemu_co_queue_restart_all().  This function is
-- * invoked by the core coroutine code when the current coroutine yields or
+@@ -XXX,XX +XXX,XX @@ imx7_gpr_write(uint64_t offset, uint64_t value) "addr 0x%08" PRIx64 "value 0x%08
-- * terminates.
-- */
+ # mos6522.c
--void qemu_co_queue_run_restart(Coroutine *co)
+ mos6522_set_counter(int index, unsigned int val) "T%d.counter=%d"
--{
+-mos6522_get_next_irq_time(uint16_t latch, int64_t d, int64_t delta) "latch=%d counter=0x%"PRId64 " delta_next=0x%"PRId64
--    Coroutine *next;
++mos6522_get_next_irq_time(uint16_t latch, int64_t d, int64_t delta) "latch=%d counter=0x%"PRIx64 " delta_next=0x%"PRIx64
--    QSIMPLEQ_HEAD(, Coroutine) tmp_queue_wakeup =
+ mos6522_set_sr_int(void) "set sr_int"
--        QSIMPLEQ_HEAD_INITIALIZER(tmp_queue_wakeup);
+ mos6522_write(uint64_t addr, const char *name, uint64_t val) "reg=0x%"PRIx64 " [%s] val=0x%"PRIx64
--
+ mos6522_read(uint64_t addr, const char *name, unsigned val) "reg=0x%"PRIx64 " [%s] val=0x%x"
--    trace_qemu_co_queue_run_restart(co);
+diff --git a/hw/scsi/trace-events b/hw/scsi/trace-events
 -
 -    /* Because "co" has yielded, any coroutine that we wakeup can resume it.
 -     * If this happens and "co" terminates, co->co_queue_wakeup becomes
 -     * invalid memory.  Therefore, use a temporary queue and do not touch
 -     * the "co" coroutine as soon as you enter another one.
 -     *
 -     * In its turn resumed "co" can populate "co_queue_wakeup" queue with
 -     * new coroutines to be woken up.  The caller, who has resumed "co",
 -     * will be responsible for traversing the same queue, which may cause
 -     * a different wakeup order but not any missing wakeups.
 -     */
 -    QSIMPLEQ_CONCAT(&tmp_queue_wakeup, &co->co_queue_wakeup);
 -
 -    while ((next = QSIMPLEQ_FIRST(&tmp_queue_wakeup))) {
 -        QSIMPLEQ_REMOVE_HEAD(&tmp_queue_wakeup, co_queue_next);
 -        qemu_coroutine_enter(next);
 -    }
 -}
 -
  static bool qemu_co_queue_do_restart(CoQueue *queue, bool single)
  {
      Coroutine *next;
 diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
 index XXXXXXX..XXXXXXX 100644
---- a/util/qemu-coroutine.c
+--- a/hw/scsi/trace-events
-+++ b/util/qemu-coroutine.c
++++ b/hw/scsi/trace-events
-@@ -XXX,XX +XXX,XX @@ static void coroutine_delete(Coroutine *co)
+@@ -XXX,XX +XXX,XX @@ lsi_bad_phase_interrupt(void) "Phase mismatch interrupt"
+ lsi_bad_selection(uint32_t id) "Selected absent target %"PRIu32
- void qemu_aio_coroutine_enter(AioContext *ctx, Coroutine *co)
+ lsi_do_dma_unavailable(void) "DMA no data available"
- {
+ lsi_do_dma(uint64_t addr, int len) "DMA addr=0x%"PRIx64" len=%d"
--    Coroutine *self = qemu_coroutine_self();
+-lsi_queue_command(uint32_t tag) "Queueing tag=0x%"PRId32
--    CoroutineAction ret;
++lsi_queue_command(uint32_t tag) "Queueing tag=0x%"PRIx32
--
+ lsi_add_msg_byte_error(void) "MSG IN data too long"
--    /* Cannot rely on the read barrier for co in aio_co_wake(), as there are
+ lsi_add_msg_byte(uint8_t data) "MSG IN 0x%02x"
--     * callers outside of aio_co_wake() */
+ lsi_reselect(int id) "Reselected target %d"
--    const char *scheduled = atomic_mb_read(&co->scheduled);
+@@ -XXX,XX +XXX,XX @@ lsi_do_msgout_noop(void) "MSG: No Operation"
--
+ lsi_do_msgout_extended(uint8_t msg, uint8_t len) "Extended message 0x%x (len %d)"
--    trace_qemu_aio_coroutine_enter(ctx, self, co, co->entry_arg);
+ lsi_do_msgout_ignored(const char *msg) "%s (ignored)"
--
+ lsi_do_msgout_simplequeue(uint8_t select_tag) "SIMPLE queue tag=0x%x"
--    /* if the Coroutine has already been scheduled, entering it again will
+-lsi_do_msgout_abort(uint32_t tag) "MSG: ABORT TAG tag=0x%"PRId32
--     * cause us to enter it twice, potentially even after the coroutine has
++lsi_do_msgout_abort(uint32_t tag) "MSG: ABORT TAG tag=0x%"PRIx32
--     * been deleted */
+ lsi_do_msgout_clearqueue(uint32_t tag) "MSG: CLEAR QUEUE tag=0x%"PRIx32
--    if (scheduled) {
+ lsi_do_msgout_busdevicereset(uint32_t tag) "MSG: BUS DEVICE RESET tag=0x%"PRIx32
--        fprintf(stderr,
+ lsi_do_msgout_select(int id) "Select LUN %d"
 -                "%s: Co-routine was already scheduled in '%s'\n",
 -                __func__, scheduled);
 -        abort();
 -    }
 -
 -    if (co->caller) {
 -        fprintf(stderr, "Co-routine re-entered recursively\n");
 -        abort();
 -    }
 -
 -    co->caller = self;
 -    co->ctx = ctx;
 -
 -    /* Store co->ctx before anything that stores co.  Matches
 -     * barrier in aio_co_wake and qemu_co_mutex_wake.
 -     */
 -    smp_wmb();
 -
 -    ret = qemu_coroutine_switch(self, co, COROUTINE_ENTER);
 -
 -    qemu_co_queue_run_restart(co);
 -
 -    /* Beware, if ret == COROUTINE_YIELD and qemu_co_queue_run_restart()
 -     * has started any other coroutine, "co" might have been reentered
 -     * and even freed by now!  So be careful and do not touch it.
 -     */
 -
 -    switch (ret) {
 -    case COROUTINE_YIELD:
 -        return;
 -    case COROUTINE_TERMINATE:
 -        assert(!co->locks_held);
 -        trace_qemu_coroutine_terminate(co);
 -        coroutine_delete(co);
 -        return;
 -    default:
 -        abort();
 +    QSIMPLEQ_HEAD(, Coroutine) pending = QSIMPLEQ_HEAD_INITIALIZER(pending);
 +    Coroutine *from = qemu_coroutine_self();
 +
 +    QSIMPLEQ_INSERT_TAIL(&pending, co, co_queue_next);
 +
 +    /* Run co and any queued coroutines */
 +    while (!QSIMPLEQ_EMPTY(&pending)) {
 +        Coroutine *to = QSIMPLEQ_FIRST(&pending);
 +        CoroutineAction ret;
 +
 +        /* Cannot rely on the read barrier for to in aio_co_wake(), as there are
 +         * callers outside of aio_co_wake() */
 +        const char *scheduled = atomic_mb_read(&to->scheduled);
 +
 +        QSIMPLEQ_REMOVE_HEAD(&pending, co_queue_next);
 +
 +        trace_qemu_aio_coroutine_enter(ctx, from, to, to->entry_arg);
 +
 +        /* if the Coroutine has already been scheduled, entering it again will
 +         * cause us to enter it twice, potentially even after the coroutine has
 +         * been deleted */
 +        if (scheduled) {
 +            fprintf(stderr,
 +                    "%s: Co-routine was already scheduled in '%s'\n",
 +                    __func__, scheduled);
 +            abort();
 +        }
 +
 +        if (to->caller) {
 +            fprintf(stderr, "Co-routine re-entered recursively\n");
 +            abort();
 +        }
 +
 +        to->caller = from;
 +        to->ctx = ctx;
 +
 +        /* Store to->ctx before anything that stores to.  Matches
 +         * barrier in aio_co_wake and qemu_co_mutex_wake.
 +         */
 +        smp_wmb();
 +
 +        ret = qemu_coroutine_switch(from, to, COROUTINE_ENTER);
 +
 +        /* Queued coroutines are run depth-first; previously pending coroutines
 +         * run after those queued more recently.
 +         */
 +        QSIMPLEQ_PREPEND(&pending, &to->co_queue_wakeup);
 +
 +        switch (ret) {
 +        case COROUTINE_YIELD:
 +            break;
 +        case COROUTINE_TERMINATE:
 +            assert(!to->locks_held);
 +            trace_qemu_coroutine_terminate(to);
 +            coroutine_delete(to);
 +            break;
 +        default:
 +            abort();
 +        }
      }
  }
 --
-.14.3
+.35.1

-[Qemu-devel] [PULL 3/4] coroutine: add test-aio coroutine queue chaining test case
+Deleted patch
-Check that two coroutines can queue each other repeatedly without
-hitting stack exhaustion.
-Switch to qemu_init_main_loop() in main() because coroutines use
-qemu_get_aio_context() - they don't know about test-aio's ctx variable.
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
-Message-id: 20180322152834.12656-4-stefanha@redhat.com
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- tests/test-aio.c | 65 ++++++++++++++++++++++++++++++++++++++++++++------------
-file changed, 52 insertions(+), 13 deletions(-)
-diff --git a/tests/test-aio.c b/tests/test-aio.c
-index XXXXXXX..XXXXXXX 100644
---- a/tests/test-aio.c
-+++ b/tests/test-aio.c
-@@ -XXX,XX +XXX,XX @@
- #include "qemu/timer.h"
- #include "qemu/sockets.h"
- #include "qemu/error-report.h"
-+#include "qemu/coroutine.h"
-+#include "qemu/main-loop.h"
- static AioContext *ctx;
-@@ -XXX,XX +XXX,XX @@ static void test_source_timer_schedule(void)
-     timer_del(&data.timer);
- }
-+/*
-+ * Check that aio_co_enter() can chain many times
-+ *
-+ * Two coroutines should be able to invoke each other via aio_co_enter() many
-+ * times without hitting a limit like stack exhaustion.  In other words, the
-+ * calls should be chained instead of nested.
-+ */
-+
-+typedef struct {
-+    Coroutine *other;
-+    unsigned i;
-+    unsigned max;
-+} ChainData;
-+
-+static void coroutine_fn chain(void *opaque)
-+{
-+    ChainData *data = opaque;
-+
-+    for (data->i = 0; data->i < data->max; data->i++) {
-+        /* Queue up the other coroutine... */
-+        aio_co_enter(ctx, data->other);
-+
-+        /* ...and give control to it */
-+        qemu_coroutine_yield();
-+    }
-+}
-+
-+static void test_queue_chaining(void)
-+{
-+    /* This number of iterations hit stack exhaustion in the past: */
-+    ChainData data_a = { .max = 25000 };
-+    ChainData data_b = { .max = 25000 };
-+
-+    data_b.other = qemu_coroutine_create(chain, &data_a);
-+    data_a.other = qemu_coroutine_create(chain, &data_b);
-+
-+    qemu_coroutine_enter(data_b.other);
-+
-+    g_assert_cmpint(data_a.i, ==, data_a.max);
-+    g_assert_cmpint(data_b.i, ==, data_b.max - 1);
-+
-+    /* Allow the second coroutine to terminate */
-+    qemu_coroutine_enter(data_a.other);
-+
-+    g_assert_cmpint(data_b.i, ==, data_b.max);
-+}
- /* End of tests.  */
- int main(int argc, char **argv)
- {
--    Error *local_error = NULL;
--    GSource *src;
--
--    init_clocks(NULL);
--
--    ctx = aio_context_new(&local_error);
--    if (!ctx) {
--        error_reportf_err(local_error, "Failed to create AIO Context: ");
--        exit(1);
--    }
--    src = aio_get_g_source(ctx);
--    g_source_attach(src, NULL);
--    g_source_unref(src);
-+    qemu_init_main_loop(&error_fatal);
-+    ctx = qemu_get_aio_context();
-     while (g_main_context_iteration(NULL, false));
-@@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv)
-     g_test_add_func("/aio/external-client",         test_aio_external_client);
-     g_test_add_func("/aio/timer/schedule",          test_timer_schedule);
-+    g_test_add_func("/aio/coroutine/queue-chaining", test_queue_chaining);
-+
-     g_test_add_func("/aio-gsource/flush",                   test_source_flush);
-     g_test_add_func("/aio-gsource/bh/schedule",             test_source_bh_schedule);
-     g_test_add_func("/aio-gsource/bh/schedule10",           test_source_bh_schedule10);
---
-.14.3

The following changes since commit f58d9620aa4a514b1227074ff56eefd1334a6225:

Merge remote-tracking branch 'remotes/rth/tags/pull-dt-20180326' into staging (2018-03-27 10:27:34 +0100)

are available in the Git repository at:

git://github.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to f5a53faad4bfbf1b86012a13055d2a1a774a42b6:

MAINTAINERS: add include/block/aio-wait.h (2018-03-27 13:05:48 +0100)

----------------------------------------------------------------

Stefan Hajnoczi (4):
  queue: add QSIMPLEQ_PREPEND()
  coroutine: avoid co_queue_wakeup recursion
  coroutine: add test-aio coroutine queue chaining test case
  MAINTAINERS: add include/block/aio-wait.h

-- 
2.14.3

QSIMPLEQ_CONCAT(a, b) joins a = a + b.  The new QSIMPLEQ_PREPEND(a, b)
API joins a = b + a.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20180322152834.12656-2-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/qemu/queue.h | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/include/qemu/queue.h b/include/qemu/queue.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/queue.h
+++ b/include/qemu/queue.h
@@ -XXX,XX +XXX,XX @@ struct {                                                                \
     }                                                                   \
 } while (/*CONSTCOND*/0)
 
+#define QSIMPLEQ_PREPEND(head1, head2) do {                             \
+    if (!QSIMPLEQ_EMPTY((head2))) {                                     \
+        *(head2)->sqh_last = (head1)->sqh_first;                        \
+        (head1)->sqh_first = (head2)->sqh_first;                          \
+        QSIMPLEQ_INIT((head2));                                         \
+    }                                                                   \
+} while (/*CONSTCOND*/0)
+
 #define QSIMPLEQ_LAST(head, type, field)                                \
     (QSIMPLEQ_EMPTY((head)) ?                                           \
         NULL :                                                          \
-- 
2.14.3

qemu_aio_coroutine_enter() is (indirectly) called recursively when
processing co_queue_wakeup.  This can lead to stack exhaustion.

This patch rewrites co_queue_wakeup in an iterative fashion (instead of
recursive) with bounded memory usage to prevent stack exhaustion.

qemu_co_queue_run_restart() is inlined into qemu_aio_coroutine_enter()
and the qemu_coroutine_enter() call is turned into a loop to avoid
recursion.

There is one change that is worth mentioning:  Previously, when
coroutine A queued coroutine B, qemu_co_queue_run_restart() entered
coroutine B from coroutine A.  If A was terminating then it would still
stay alive until B yielded.  After this patch B is entered by A's parent
so that a A can be deleted immediately if it is terminating.

It is safe to make this change since B could never interact with A if it
was terminating anyway.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20180322152834.12656-3-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/qemu/coroutine_int.h |   1 -
 block/io.c                   |   3 +-
 util/qemu-coroutine-lock.c   |  34 -------------
 util/qemu-coroutine.c        | 110 +++++++++++++++++++++++--------------------
 4 files changed, 60 insertions(+), 88 deletions(-)

diff --git a/include/qemu/coroutine_int.h b/include/qemu/coroutine_int.h
index XXXXXXX..XXXXXXX 100644
--- a/include/qemu/coroutine_int.h
+++ b/include/qemu/coroutine_int.h
@@ -XXX,XX +XXX,XX @@ Coroutine *qemu_coroutine_new(void);
 void qemu_coroutine_delete(Coroutine *co);
 CoroutineAction qemu_coroutine_switch(Coroutine *from, Coroutine *to,
                                       CoroutineAction action);
-void coroutine_fn qemu_co_queue_run_restart(Coroutine *co);
 
 #endif
diff --git a/block/io.c b/block/io.c
index XXXXXXX..XXXXXXX 100644
--- a/block/io.c
+++ b/block/io.c
@@ -XXX,XX +XXX,XX @@ static void coroutine_fn bdrv_co_yield_to_drain(BlockDriverState *bs,
     BdrvCoDrainData data;
 
     /* Calling bdrv_drain() from a BH ensures the current coroutine yields and
-     * other coroutines run if they were queued from
-     * qemu_co_queue_run_restart(). */
+     * other coroutines run if they were queued by aio_co_enter(). */
 
     assert(qemu_in_coroutine());
     data = (BdrvCoDrainData) {
diff --git a/util/qemu-coroutine-lock.c b/util/qemu-coroutine-lock.c
index XXXXXXX..XXXXXXX 100644
--- a/util/qemu-coroutine-lock.c
+++ b/util/qemu-coroutine-lock.c
@@ -XXX,XX +XXX,XX @@ void coroutine_fn qemu_co_queue_wait_impl(CoQueue *queue, QemuLockable *lock)
     }
 }
 
-/**
- * qemu_co_queue_run_restart:
- *
- * Enter each coroutine that was previously marked for restart by
- * qemu_co_queue_next() or qemu_co_queue_restart_all().  This function is
- * invoked by the core coroutine code when the current coroutine yields or
- * terminates.
- */
-void qemu_co_queue_run_restart(Coroutine *co)
-{
-    Coroutine *next;
-    QSIMPLEQ_HEAD(, Coroutine) tmp_queue_wakeup =
-        QSIMPLEQ_HEAD_INITIALIZER(tmp_queue_wakeup);
-
-    trace_qemu_co_queue_run_restart(co);
-
-    /* Because "co" has yielded, any coroutine that we wakeup can resume it.
-     * If this happens and "co" terminates, co->co_queue_wakeup becomes
-     * invalid memory.  Therefore, use a temporary queue and do not touch
-     * the "co" coroutine as soon as you enter another one.
-     *
-     * In its turn resumed "co" can populate "co_queue_wakeup" queue with
-     * new coroutines to be woken up.  The caller, who has resumed "co",
-     * will be responsible for traversing the same queue, which may cause
-     * a different wakeup order but not any missing wakeups.
-     */
-    QSIMPLEQ_CONCAT(&tmp_queue_wakeup, &co->co_queue_wakeup);
-
-    while ((next = QSIMPLEQ_FIRST(&tmp_queue_wakeup))) {
-        QSIMPLEQ_REMOVE_HEAD(&tmp_queue_wakeup, co_queue_next);
-        qemu_coroutine_enter(next);
-    }
-}
-
 static bool qemu_co_queue_do_restart(CoQueue *queue, bool single)
 {
     Coroutine *next;
diff --git a/util/qemu-coroutine.c b/util/qemu-coroutine.c
index XXXXXXX..XXXXXXX 100644
--- a/util/qemu-coroutine.c
+++ b/util/qemu-coroutine.c
@@ -XXX,XX +XXX,XX @@ static void coroutine_delete(Coroutine *co)
 
 void qemu_aio_coroutine_enter(AioContext *ctx, Coroutine *co)
 {
-    Coroutine *self = qemu_coroutine_self();
-    CoroutineAction ret;
-
-    /* Cannot rely on the read barrier for co in aio_co_wake(), as there are
-     * callers outside of aio_co_wake() */
-    const char *scheduled = atomic_mb_read(&co->scheduled);
-
-    trace_qemu_aio_coroutine_enter(ctx, self, co, co->entry_arg);
-
-    /* if the Coroutine has already been scheduled, entering it again will
-     * cause us to enter it twice, potentially even after the coroutine has
-     * been deleted */
-    if (scheduled) {
-        fprintf(stderr,
-                "%s: Co-routine was already scheduled in '%s'\n",
-                __func__, scheduled);
-        abort();
-    }
-
-    if (co->caller) {
-        fprintf(stderr, "Co-routine re-entered recursively\n");
-        abort();
-    }
-
-    co->caller = self;
-    co->ctx = ctx;
-
-    /* Store co->ctx before anything that stores co.  Matches
-     * barrier in aio_co_wake and qemu_co_mutex_wake.
-     */
-    smp_wmb();
-
-    ret = qemu_coroutine_switch(self, co, COROUTINE_ENTER);
-
-    qemu_co_queue_run_restart(co);
-
-    /* Beware, if ret == COROUTINE_YIELD and qemu_co_queue_run_restart()
-     * has started any other coroutine, "co" might have been reentered
-     * and even freed by now!  So be careful and do not touch it.
-     */
-
-    switch (ret) {
-    case COROUTINE_YIELD:
-        return;
-    case COROUTINE_TERMINATE:
-        assert(!co->locks_held);
-        trace_qemu_coroutine_terminate(co);
-        coroutine_delete(co);
-        return;
-    default:
-        abort();
+    QSIMPLEQ_HEAD(, Coroutine) pending = QSIMPLEQ_HEAD_INITIALIZER(pending);
+    Coroutine *from = qemu_coroutine_self();
+
+    QSIMPLEQ_INSERT_TAIL(&pending, co, co_queue_next);
+
+    /* Run co and any queued coroutines */
+    while (!QSIMPLEQ_EMPTY(&pending)) {
+        Coroutine *to = QSIMPLEQ_FIRST(&pending);
+        CoroutineAction ret;
+
+        /* Cannot rely on the read barrier for to in aio_co_wake(), as there are
+         * callers outside of aio_co_wake() */
+        const char *scheduled = atomic_mb_read(&to->scheduled);
+
+        QSIMPLEQ_REMOVE_HEAD(&pending, co_queue_next);
+
+        trace_qemu_aio_coroutine_enter(ctx, from, to, to->entry_arg);
+
+        /* if the Coroutine has already been scheduled, entering it again will
+         * cause us to enter it twice, potentially even after the coroutine has
+         * been deleted */
+        if (scheduled) {
+            fprintf(stderr,
+                    "%s: Co-routine was already scheduled in '%s'\n",
+                    __func__, scheduled);
+            abort();
+        }
+
+        if (to->caller) {
+            fprintf(stderr, "Co-routine re-entered recursively\n");
+            abort();
+        }
+
+        to->caller = from;
+        to->ctx = ctx;
+
+        /* Store to->ctx before anything that stores to.  Matches
+         * barrier in aio_co_wake and qemu_co_mutex_wake.
+         */
+        smp_wmb();
+
+        ret = qemu_coroutine_switch(from, to, COROUTINE_ENTER);
+
+        /* Queued coroutines are run depth-first; previously pending coroutines
+         * run after those queued more recently.
+         */
+        QSIMPLEQ_PREPEND(&pending, &to->co_queue_wakeup);
+
+        switch (ret) {
+        case COROUTINE_YIELD:
+            break;
+        case COROUTINE_TERMINATE:
+            assert(!to->locks_held);
+            trace_qemu_coroutine_terminate(to);
+            coroutine_delete(to);
+            break;
+        default:
+            abort();
+        }
     }
 }
 
-- 
2.14.3

Check that two coroutines can queue each other repeatedly without
hitting stack exhaustion.

Switch to qemu_init_main_loop() in main() because coroutines use
qemu_get_aio_context() - they don't know about test-aio's ctx variable.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20180322152834.12656-4-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 tests/test-aio.c | 65 ++++++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 52 insertions(+), 13 deletions(-)

diff --git a/tests/test-aio.c b/tests/test-aio.c
index XXXXXXX..XXXXXXX 100644
--- a/tests/test-aio.c
+++ b/tests/test-aio.c
@@ -XXX,XX +XXX,XX @@
 #include "qemu/timer.h"
 #include "qemu/sockets.h"
 #include "qemu/error-report.h"
+#include "qemu/coroutine.h"
+#include "qemu/main-loop.h"
 
 static AioContext *ctx;
 
@@ -XXX,XX +XXX,XX @@ static void test_source_timer_schedule(void)
     timer_del(&data.timer);
 }
 
+/*
+ * Check that aio_co_enter() can chain many times
+ *
+ * Two coroutines should be able to invoke each other via aio_co_enter() many
+ * times without hitting a limit like stack exhaustion.  In other words, the
+ * calls should be chained instead of nested.
+ */
+
+typedef struct {
+    Coroutine *other;
+    unsigned i;
+    unsigned max;
+} ChainData;
+
+static void coroutine_fn chain(void *opaque)
+{
+    ChainData *data = opaque;
+
+    for (data->i = 0; data->i < data->max; data->i++) {
+        /* Queue up the other coroutine... */
+        aio_co_enter(ctx, data->other);
+
+        /* ...and give control to it */
+        qemu_coroutine_yield();
+    }
+}
+
+static void test_queue_chaining(void)
+{
+    /* This number of iterations hit stack exhaustion in the past: */
+    ChainData data_a = { .max = 25000 };
+    ChainData data_b = { .max = 25000 };
+
+    data_b.other = qemu_coroutine_create(chain, &data_a);
+    data_a.other = qemu_coroutine_create(chain, &data_b);
+
+    qemu_coroutine_enter(data_b.other);
+
+    g_assert_cmpint(data_a.i, ==, data_a.max);
+    g_assert_cmpint(data_b.i, ==, data_b.max - 1);
+
+    /* Allow the second coroutine to terminate */
+    qemu_coroutine_enter(data_a.other);
+
+    g_assert_cmpint(data_b.i, ==, data_b.max);
+}
 
 /* End of tests.  */
 
 int main(int argc, char **argv)
 {
-    Error *local_error = NULL;
-    GSource *src;
-
-    init_clocks(NULL);
-
-    ctx = aio_context_new(&local_error);
-    if (!ctx) {
-        error_reportf_err(local_error, "Failed to create AIO Context: ");
-        exit(1);
-    }
-    src = aio_get_g_source(ctx);
-    g_source_attach(src, NULL);
-    g_source_unref(src);
+    qemu_init_main_loop(&error_fatal);
+    ctx = qemu_get_aio_context();
 
     while (g_main_context_iteration(NULL, false));
 
@@ -XXX,XX +XXX,XX @@ int main(int argc, char **argv)
     g_test_add_func("/aio/external-client",         test_aio_external_client);
     g_test_add_func("/aio/timer/schedule",          test_timer_schedule);
 
+    g_test_add_func("/aio/coroutine/queue-chaining", test_queue_chaining);
+
     g_test_add_func("/aio-gsource/flush",                   test_source_flush);
     g_test_add_func("/aio-gsource/bh/schedule",             test_source_bh_schedule);
     g_test_add_func("/aio-gsource/bh/schedule10",           test_source_bh_schedule10);
-- 
2.14.3

The following changes since commit 15ef89d2a1a7b93845a6b09c2ee8e1979f6eb30b:

Update version for v7.0.0-rc1 release (2022-03-22 22:58:44 +0000)

are available in the Git repository at:

https://gitlab.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to 2539eade4f689eda7e9fe45486f18334bfbafaf0:

hw: Fix misleading hexadecimal format (2022-03-24 10:38:42 +0000)

----------------------------------------------------------------
Pull request

Philippe found cases where the 0x%d format string was used, leading to
misleading output. The patches look harmless and could save people time, so I
think it's worth including them in 7.0.

----------------------------------------------------------------

Philippe Mathieu-Daudé (2):
  block: Fix misleading hexadecimal format
  hw: Fix misleading hexadecimal format

-- 
2.35.1

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

"0x%u" format is very misleading, replace by "0x%x".

Found running:

$ git grep -E '0x%[0-9]*([lL]*|" ?PRI)[dDuU]' block/

Inspired-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Message-id: 20220323114718.58714-2-philippe.mathieu.daude@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 block/parallels-ext.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/parallels-ext.c b/block/parallels-ext.c
index XXXXXXX..XXXXXXX 100644
--- a/block/parallels-ext.c
+++ b/block/parallels-ext.c
@@ -XXX,XX +XXX,XX @@ static int parallels_parse_format_extension(BlockDriverState *bs,
             break;
 
         default:
-            error_setg(errp, "Unknown feature: 0x%" PRIu64, fh.magic);
+            error_setg(errp, "Unknown feature: 0x%" PRIx64, fh.magic);
             goto fail;
         }
 
-- 
2.35.1

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

"0x%u" format is very misleading, replace by "0x%x".

Found running:

$ git grep -E '0x%[0-9]*([lL]*|" ?PRI)[dDuU]' hw/

Inspired-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20220323114718.58714-3-philippe.mathieu.daude@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/i386/sgx.c        | 2 +-
 hw/i386/trace-events | 6 +++---
 hw/misc/trace-events | 4 ++--
 hw/scsi/trace-events | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i386/sgx.c
+++ b/hw/i386/sgx.c
@@ -XXX,XX +XXX,XX @@ void pc_machine_init_sgx_epc(PCMachineState *pcms)
     }
 
     if ((sgx_epc->base + sgx_epc->size) < sgx_epc->base) {
-        error_report("Size of all 'sgx-epc' =0x%"PRIu64" causes EPC to wrap",
+        error_report("Size of all 'sgx-epc' =0x%"PRIx64" causes EPC to wrap",
                      sgx_epc->size);
         exit(EXIT_FAILURE);
     }
diff --git a/hw/i386/trace-events b/hw/i386/trace-events
index XXXXXXX..XXXXXXX 100644
--- a/hw/i386/trace-events
+++ b/hw/i386/trace-events
@@ -XXX,XX +XXX,XX @@ vtd_fault_disabled(void) "Fault processing disabled for context entry"
 vtd_replay_ce_valid(const char *mode, uint8_t bus, uint8_t dev, uint8_t fn, uint16_t domain, uint64_t hi, uint64_t lo) "%s: replay valid context device %02"PRIx8":%02"PRIx8".%02"PRIx8" domain 0x%"PRIx16" hi 0x%"PRIx64" lo 0x%"PRIx64
 vtd_replay_ce_invalid(uint8_t bus, uint8_t dev, uint8_t fn) "replay invalid context device %02"PRIx8":%02"PRIx8".%02"PRIx8
 vtd_page_walk_level(uint64_t addr, uint32_t level, uint64_t start, uint64_t end) "walk (base=0x%"PRIx64", level=%"PRIu32") iova range 0x%"PRIx64" - 0x%"PRIx64
-vtd_page_walk_one(uint16_t domain, uint64_t iova, uint64_t gpa, uint64_t mask, int perm) "domain 0x%"PRIu16" iova 0x%"PRIx64" -> gpa 0x%"PRIx64" mask 0x%"PRIx64" perm %d"
+vtd_page_walk_one(uint16_t domain, uint64_t iova, uint64_t gpa, uint64_t mask, int perm) "domain 0x%"PRIx16" iova 0x%"PRIx64" -> gpa 0x%"PRIx64" mask 0x%"PRIx64" perm %d"
 vtd_page_walk_one_skip_map(uint64_t iova, uint64_t mask, uint64_t translated) "iova 0x%"PRIx64" mask 0x%"PRIx64" translated 0x%"PRIx64
 vtd_page_walk_one_skip_unmap(uint64_t iova, uint64_t mask) "iova 0x%"PRIx64" mask 0x%"PRIx64
 vtd_page_walk_skip_read(uint64_t iova, uint64_t next) "Page walk skip iova 0x%"PRIx64" - 0x%"PRIx64" due to unable to read"
 vtd_page_walk_skip_reserve(uint64_t iova, uint64_t next) "Page walk skip iova 0x%"PRIx64" - 0x%"PRIx64" due to rsrv set"
 vtd_switch_address_space(uint8_t bus, uint8_t slot, uint8_t fn, bool on) "Device %02x:%02x.%x switching address space (iommu enabled=%d)"
 vtd_as_unmap_whole(uint8_t bus, uint8_t slot, uint8_t fn, uint64_t iova, uint64_t size) "Device %02x:%02x.%x start 0x%"PRIx64" size 0x%"PRIx64
-vtd_translate_pt(uint16_t sid, uint64_t addr) "source id 0x%"PRIu16", iova 0x%"PRIx64
-vtd_pt_enable_fast_path(uint16_t sid, bool success) "sid 0x%"PRIu16" %d"
+vtd_translate_pt(uint16_t sid, uint64_t addr) "source id 0x%"PRIx16", iova 0x%"PRIx64
+vtd_pt_enable_fast_path(uint16_t sid, bool success) "sid 0x%"PRIx16" %d"
 vtd_irq_generate(uint64_t addr, uint64_t data) "addr 0x%"PRIx64" data 0x%"PRIx64
 vtd_reg_read(uint64_t addr, uint64_t size) "addr 0x%"PRIx64" size 0x%"PRIx64
 vtd_reg_write(uint64_t addr, uint64_t size, uint64_t val) "addr 0x%"PRIx64" size 0x%"PRIx64" value 0x%"PRIx64
diff --git a/hw/misc/trace-events b/hw/misc/trace-events
index XXXXXXX..XXXXXXX 100644
--- a/hw/misc/trace-events
+++ b/hw/misc/trace-events
@@ -XXX,XX +XXX,XX @@
 # See docs/devel/tracing.rst for syntax documentation.
 
 # allwinner-cpucfg.c
-allwinner_cpucfg_cpu_reset(uint8_t cpu_id, uint32_t reset_addr) "id %u, reset_addr 0x%" PRIu32
+allwinner_cpucfg_cpu_reset(uint8_t cpu_id, uint32_t reset_addr) "id %u, reset_addr 0x%" PRIx32
 allwinner_cpucfg_read(uint64_t offset, uint64_t data, unsigned size) "offset 0x%" PRIx64 " data 0x%" PRIx64 " size %" PRIu32
 allwinner_cpucfg_write(uint64_t offset, uint64_t data, unsigned size) "offset 0x%" PRIx64 " data 0x%" PRIx64 " size %" PRIu32
 
@@ -XXX,XX +XXX,XX @@ imx7_gpr_write(uint64_t offset, uint64_t value) "addr 0x%08" PRIx64 "value 0x%08
 
 # mos6522.c
 mos6522_set_counter(int index, unsigned int val) "T%d.counter=%d"
-mos6522_get_next_irq_time(uint16_t latch, int64_t d, int64_t delta) "latch=%d counter=0x%"PRId64 " delta_next=0x%"PRId64
+mos6522_get_next_irq_time(uint16_t latch, int64_t d, int64_t delta) "latch=%d counter=0x%"PRIx64 " delta_next=0x%"PRIx64
 mos6522_set_sr_int(void) "set sr_int"
 mos6522_write(uint64_t addr, const char *name, uint64_t val) "reg=0x%"PRIx64 " [%s] val=0x%"PRIx64
 mos6522_read(uint64_t addr, const char *name, unsigned val) "reg=0x%"PRIx64 " [%s] val=0x%x"
diff --git a/hw/scsi/trace-events b/hw/scsi/trace-events
index XXXXXXX..XXXXXXX 100644
--- a/hw/scsi/trace-events
+++ b/hw/scsi/trace-events
@@ -XXX,XX +XXX,XX @@ lsi_bad_phase_interrupt(void) "Phase mismatch interrupt"
 lsi_bad_selection(uint32_t id) "Selected absent target %"PRIu32
 lsi_do_dma_unavailable(void) "DMA no data available"
 lsi_do_dma(uint64_t addr, int len) "DMA addr=0x%"PRIx64" len=%d"
-lsi_queue_command(uint32_t tag) "Queueing tag=0x%"PRId32
+lsi_queue_command(uint32_t tag) "Queueing tag=0x%"PRIx32
 lsi_add_msg_byte_error(void) "MSG IN data too long"
 lsi_add_msg_byte(uint8_t data) "MSG IN 0x%02x"
 lsi_reselect(int id) "Reselected target %d"
@@ -XXX,XX +XXX,XX @@ lsi_do_msgout_noop(void) "MSG: No Operation"
 lsi_do_msgout_extended(uint8_t msg, uint8_t len) "Extended message 0x%x (len %d)"
 lsi_do_msgout_ignored(const char *msg) "%s (ignored)"
 lsi_do_msgout_simplequeue(uint8_t select_tag) "SIMPLE queue tag=0x%x"
-lsi_do_msgout_abort(uint32_t tag) "MSG: ABORT TAG tag=0x%"PRId32
+lsi_do_msgout_abort(uint32_t tag) "MSG: ABORT TAG tag=0x%"PRIx32
 lsi_do_msgout_clearqueue(uint32_t tag) "MSG: CLEAR QUEUE tag=0x%"PRIx32
 lsi_do_msgout_busdevicereset(uint32_t tag) "MSG: BUS DEVICE RESET tag=0x%"PRIx32
 lsi_do_msgout_select(int id) "Select LUN %d"
-- 
2.35.1