Series comparison

-[PULL for-5.0 0/3] Block patches
+[PULL for-7.0 0/2] Block patches
-The following changes since commit 8bac3ba57eecc466b7e73dabf7d19328a59f684e:
+The following changes since commit 15ef89d2a1a7b93845a6b09c2ee8e1979f6eb30b:
-  Merge remote-tracking branch 'remotes/rth/tags/pull-rx-20200408' into staging (2020-04-09 13:23:30 +0100)
+  Update version for v7.0.0-rc1 release (2022-03-22 22:58:44 +0000)
 are available in the Git repository at:
-  https://github.com/stefanha/qemu.git tags/block-pull-request
+  https://gitlab.com/stefanha/qemu.git tags/block-pull-request
-for you to fetch changes up to 5710a3e09f9b85801e5ce70797a4a511e5fc9e2c:
+for you to fetch changes up to 2539eade4f689eda7e9fe45486f18334bfbafaf0:
-  async: use explicit memory barriers (2020-04-09 16:17:14 +0100)
+  hw: Fix misleading hexadecimal format (2022-03-24 10:38:42 +0000)
 ----------------------------------------------------------------
 Pull request
-Fixes for QEMU on aarch64 ARM hosts and fdmon-io_uring.
+Philippe found cases where the 0x%d format string was used, leading to
 misleading output. The patches look harmless and could save people time, so I
 think it's worth including them in 7.0.
 ----------------------------------------------------------------
-Paolo Bonzini (2):
+Philippe Mathieu-Daudé (2):
-  aio-wait: delegate polling of main AioContext if BQL not held
+  block: Fix misleading hexadecimal format
-  async: use explicit memory barriers
+  hw: Fix misleading hexadecimal format
-Stefan Hajnoczi (1):
+ block/parallels-ext.c | 2 +-
-  aio-posix: signal-proof fdmon-io_uring
+ hw/i386/sgx.c         | 2 +-
+ hw/i386/trace-events  | 6 +++---
- include/block/aio-wait.h | 22 ++++++++++++++++++++++
+ hw/misc/trace-events  | 4 ++--
- include/block/aio.h      | 29 ++++++++++-------------------
+ hw/scsi/trace-events  | 4 ++--
- util/aio-posix.c         | 16 ++++++++++++++--
+files changed, 9 insertions(+), 9 deletions(-)
  util/aio-win32.c         | 17 ++++++++++++++---
  util/async.c             | 16 ++++++++++++----
  util/fdmon-io_uring.c    | 10 ++++++++--
 files changed, 80 insertions(+), 30 deletions(-)
 --
-.25.1
+.35.1

-[PULL for-5.0 3/3] async: use explicit memory barriers
+[PULL for-7.0 1/2] block: Fix misleading hexadecimal format
-From: Paolo Bonzini <pbonzini@redhat.com>
+From: Philippe Mathieu-Daudé <f4bug@amsat.org>
-When using C11 atomics, non-seqcst reads and writes do not participate
+"0x%u" format is very misleading, replace by "0x%x".
 in the total order of seqcst operations.  In util/async.c and util/aio-posix.c,
 in particular, the pattern that we use
-          write ctx->notify_me                 write bh->scheduled
+Found running:
           read bh->scheduled                   read ctx->notify_me
           if !bh->scheduled, sleep             if ctx->notify_me, notify
-needs to use seqcst operations for both the write and the read.  In
+  $ git grep -E '0x%[0-9]*([lL]*|" ?PRI)[dDuU]' block/
 general this is something that we do not want, because there can be
 many sources that are polled in addition to bottom halves.  The
 alternative is to place a seqcst memory barrier between the write
 and the read.  This also comes with a disadvantage, in that the
 memory barrier is implicit on strongly-ordered architectures and
 it wastes a few dozen clock cycles.
-Fortunately, ctx->notify_me is never written concurrently by two
+Inspired-by: Richard Henderson <richard.henderson@linaro.org>
-threads, so we can assert that and relax the writes to ctx->notify_me.
+Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
-The resulting solution works and performs well on both aarch64 and x86.
+Reviewed-by: Hanna Reitz <hreitz@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-Note that the atomic_set/atomic_read combination is not an atomic
+Reviewed-by: Denis V. Lunev <den@openvz.org>
-read-modify-write, and therefore it is even weaker than C11 ATOMIC_RELAXED;
+Message-id: 20220323114718.58714-2-philippe.mathieu.daude@gmail.com
 on x86, ATOMIC_RELAXED compiles to a locked operation.
 Analyzed-by: Ying Fang <fangying1@huawei.com>
 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 Tested-by: Ying Fang <fangying1@huawei.com>
 Message-Id: <20200407140746.8041-6-pbonzini@redhat.com>
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- util/aio-posix.c | 16 ++++++++++++++--
+ block/parallels-ext.c | 2 +-
- util/aio-win32.c | 17 ++++++++++++++---
+file changed, 1 insertion(+), 1 deletion(-)
  util/async.c     | 16 ++++++++++++----
 files changed, 40 insertions(+), 9 deletions(-)
-diff --git a/util/aio-posix.c b/util/aio-posix.c
+diff --git a/block/parallels-ext.c b/block/parallels-ext.c
 index XXXXXXX..XXXXXXX 100644
---- a/util/aio-posix.c
+--- a/block/parallels-ext.c
-+++ b/util/aio-posix.c
++++ b/block/parallels-ext.c
-@@ -XXX,XX +XXX,XX @@ bool aio_poll(AioContext *ctx, bool blocking)
+@@ -XXX,XX +XXX,XX @@ static int parallels_parse_format_extension(BlockDriverState *bs,
-     int64_t timeout;
+             break;
-     int64_t start = 0;
+         default:
-+    /*
+-            error_setg(errp, "Unknown feature: 0x%" PRIu64, fh.magic);
-+     * There cannot be two concurrent aio_poll calls for the same AioContext (or
++            error_setg(errp, "Unknown feature: 0x%" PRIx64, fh.magic);
-+     * an aio_poll concurrent with a GSource prepare/check/dispatch callback).
+             goto fail;
 +     * We rely on this below to avoid slow locked accesses to ctx->notify_me.
 +     */
      assert(in_aio_context_home_thread(ctx));
      /* aio_notify can avoid the expensive event_notifier_set if
@@ -XXX,XX +XXX,XX @@ bool aio_poll(AioContext *ctx, bool blocking)
       * so disable the optimization now.
       */
      if (blocking) {
 -        atomic_add(&ctx->notify_me, 2);
 +        atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) + 2);
 +        /*
 +         * Write ctx->notify_me before computing the timeout
 +         * (reading bottom half flags, etc.).  Pairs with
 +         * smp_mb in aio_notify().
 +         */
 +        smp_mb();
      }
      qemu_lockcnt_inc(&ctx->list_lock);
@@ -XXX,XX +XXX,XX @@ bool aio_poll(AioContext *ctx, bool blocking)
      }
      if (blocking) {
 -        atomic_sub(&ctx->notify_me, 2);
 +        /* Finish the poll before clearing the flag.  */
 +        atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) - 2);
          aio_notify_accept(ctx);
      }
 diff --git a/util/aio-win32.c b/util/aio-win32.c
 index XXXXXXX..XXXXXXX 100644
 --- a/util/aio-win32.c
 +++ b/util/aio-win32.c
@@ -XXX,XX +XXX,XX @@ bool aio_poll(AioContext *ctx, bool blocking)
      int count;
      int timeout;
 +    /*
 +     * There cannot be two concurrent aio_poll calls for the same AioContext (or
 +     * an aio_poll concurrent with a GSource prepare/check/dispatch callback).
 +     * We rely on this below to avoid slow locked accesses to ctx->notify_me.
 +     */
 +    assert(in_aio_context_home_thread(ctx));
      progress = false;
      /* aio_notify can avoid the expensive event_notifier_set if
@@ -XXX,XX +XXX,XX @@ bool aio_poll(AioContext *ctx, bool blocking)
       * so disable the optimization now.
       */
      if (blocking) {
 -        atomic_add(&ctx->notify_me, 2);
 +        atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) + 2);
 +        /*
 +         * Write ctx->notify_me before computing the timeout
 +         * (reading bottom half flags, etc.).  Pairs with
 +         * smp_mb in aio_notify().
 +         */
 +        smp_mb();
      }
      qemu_lockcnt_inc(&ctx->list_lock);
@@ -XXX,XX +XXX,XX @@ bool aio_poll(AioContext *ctx, bool blocking)
          ret = WaitForMultipleObjects(count, events, FALSE, timeout);
          if (blocking) {
              assert(first);
 -            assert(in_aio_context_home_thread(ctx));
 -            atomic_sub(&ctx->notify_me, 2);
 +            atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) - 2);
              aio_notify_accept(ctx);
          }
-diff --git a/util/async.c b/util/async.c
-index XXXXXXX..XXXXXXX 100644
---- a/util/async.c
-+++ b/util/async.c
-@@ -XXX,XX +XXX,XX @@ aio_ctx_prepare(GSource *source, gint    *timeout)
- {
-     AioContext *ctx = (AioContext *) source;
--    atomic_or(&ctx->notify_me, 1);
-+    atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) | 1);
-+
-+    /*
-+     * Write ctx->notify_me before computing the timeout
-+     * (reading bottom half flags, etc.).  Pairs with
-+     * smp_mb in aio_notify().
-+     */
-+    smp_mb();
-     /* We assume there is no timeout already supplied */
-     *timeout = qemu_timeout_ns_to_ms(aio_compute_timeout(ctx));
-@@ -XXX,XX +XXX,XX @@ aio_ctx_check(GSource *source)
-     QEMUBH *bh;
-     BHListSlice *s;
--    atomic_and(&ctx->notify_me, ~1);
-+    /* Finish computing the timeout before clearing the flag.  */
-+    atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) & ~1);
-     aio_notify_accept(ctx);
-     QSLIST_FOREACH_RCU(bh, &ctx->bh_list, next) {
-@@ -XXX,XX +XXX,XX @@ LuringState *aio_get_linux_io_uring(AioContext *ctx)
- void aio_notify(AioContext *ctx)
- {
-     /* Write e.g. bh->scheduled before reading ctx->notify_me.  Pairs
--     * with atomic_or in aio_ctx_prepare or atomic_add in aio_poll.
-+     * with smp_mb in aio_ctx_prepare or aio_poll.
-      */
-     smp_mb();
--    if (ctx->notify_me) {
-+    if (atomic_read(&ctx->notify_me)) {
-         event_notifier_set(&ctx->notifier);
-         atomic_mb_set(&ctx->notified, true);
-     }
 --
-.25.1
+.35.1

-[PULL for-5.0 1/3] aio-posix: signal-proof fdmon-io_uring
+[PULL for-7.0 2/2] hw: Fix misleading hexadecimal format
-The io_uring_enter(2) syscall returns with errno=EINTR when interrupted
+From: Philippe Mathieu-Daudé <f4bug@amsat.org>
 by a signal.  Retry the syscall in this case.
-It's essential to do this in the io_uring_submit_and_wait() case.  My
+"0x%u" format is very misleading, replace by "0x%x".
 interpretation of the Linux v5.5 io_uring_enter(2) code is that it
 shouldn't affect the io_uring_submit() case, but there is no guarantee
 this will always be the case.  Let's check for -EINTR around both APIs.
-Note that the liburing APIs have -errno return values.
+Found running:
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+  $ git grep -E '0x%[0-9]*([lL]*|" ?PRI)[dDuU]' hw/
-Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
-Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Inspired-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20200408091139.273851-1-stefanha@redhat.com
+Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
 Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
 Message-id: 20220323114718.58714-3-philippe.mathieu.daude@gmail.com
 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 ---
- util/fdmon-io_uring.c | 10 ++++++++--
+ hw/i386/sgx.c        | 2 +-
-file changed, 8 insertions(+), 2 deletions(-)
+ hw/i386/trace-events | 6 +++---
  hw/misc/trace-events | 4 ++--
  hw/scsi/trace-events | 4 ++--
 files changed, 8 insertions(+), 8 deletions(-)
-diff --git a/util/fdmon-io_uring.c b/util/fdmon-io_uring.c
+diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c
 index XXXXXXX..XXXXXXX 100644
---- a/util/fdmon-io_uring.c
+--- a/hw/i386/sgx.c
-+++ b/util/fdmon-io_uring.c
++++ b/hw/i386/sgx.c
-@@ -XXX,XX +XXX,XX @@ static struct io_uring_sqe *get_sqe(AioContext *ctx)
+@@ -XXX,XX +XXX,XX @@ void pc_machine_init_sgx_epc(PCMachineState *pcms)
      }
-     /* No free sqes left, submit pending sqes first */
+     if ((sgx_epc->base + sgx_epc->size) < sgx_epc->base) {
--    ret = io_uring_submit(ring);
+-        error_report("Size of all 'sgx-epc' =0x%"PRIu64" causes EPC to wrap",
-+    do {
++        error_report("Size of all 'sgx-epc' =0x%"PRIx64" causes EPC to wrap",
-+        ret = io_uring_submit(ring);
+                      sgx_epc->size);
-+    } while (ret == -EINTR);
+         exit(EXIT_FAILURE);
-+
+     }
-     assert(ret > 1);
+diff --git a/hw/i386/trace-events b/hw/i386/trace-events
-     sqe = io_uring_get_sqe(ring);
+index XXXXXXX..XXXXXXX 100644
-     assert(sqe);
+--- a/hw/i386/trace-events
-@@ -XXX,XX +XXX,XX @@ static int fdmon_io_uring_wait(AioContext *ctx, AioHandlerList *ready_list,
++++ b/hw/i386/trace-events
+@@ -XXX,XX +XXX,XX @@ vtd_fault_disabled(void) "Fault processing disabled for context entry"
-     fill_sq_ring(ctx);
+ vtd_replay_ce_valid(const char *mode, uint8_t bus, uint8_t dev, uint8_t fn, uint16_t domain, uint64_t hi, uint64_t lo) "%s: replay valid context device %02"PRIx8":%02"PRIx8".%02"PRIx8" domain 0x%"PRIx16" hi 0x%"PRIx64" lo 0x%"PRIx64
+ vtd_replay_ce_invalid(uint8_t bus, uint8_t dev, uint8_t fn) "replay invalid context device %02"PRIx8":%02"PRIx8".%02"PRIx8
--    ret = io_uring_submit_and_wait(&ctx->fdmon_io_uring, wait_nr);
+ vtd_page_walk_level(uint64_t addr, uint32_t level, uint64_t start, uint64_t end) "walk (base=0x%"PRIx64", level=%"PRIu32") iova range 0x%"PRIx64" - 0x%"PRIx64
-+    do {
+-vtd_page_walk_one(uint16_t domain, uint64_t iova, uint64_t gpa, uint64_t mask, int perm) "domain 0x%"PRIu16" iova 0x%"PRIx64" -> gpa 0x%"PRIx64" mask 0x%"PRIx64" perm %d"
-+        ret = io_uring_submit_and_wait(&ctx->fdmon_io_uring, wait_nr);
++vtd_page_walk_one(uint16_t domain, uint64_t iova, uint64_t gpa, uint64_t mask, int perm) "domain 0x%"PRIx16" iova 0x%"PRIx64" -> gpa 0x%"PRIx64" mask 0x%"PRIx64" perm %d"
-+    } while (ret == -EINTR);
+ vtd_page_walk_one_skip_map(uint64_t iova, uint64_t mask, uint64_t translated) "iova 0x%"PRIx64" mask 0x%"PRIx64" translated 0x%"PRIx64
-+
+ vtd_page_walk_one_skip_unmap(uint64_t iova, uint64_t mask) "iova 0x%"PRIx64" mask 0x%"PRIx64
-     assert(ret >= 0);
+ vtd_page_walk_skip_read(uint64_t iova, uint64_t next) "Page walk skip iova 0x%"PRIx64" - 0x%"PRIx64" due to unable to read"
+ vtd_page_walk_skip_reserve(uint64_t iova, uint64_t next) "Page walk skip iova 0x%"PRIx64" - 0x%"PRIx64" due to rsrv set"
-     return process_cq_ring(ctx, ready_list);
+ vtd_switch_address_space(uint8_t bus, uint8_t slot, uint8_t fn, bool on) "Device %02x:%02x.%x switching address space (iommu enabled=%d)"
  vtd_as_unmap_whole(uint8_t bus, uint8_t slot, uint8_t fn, uint64_t iova, uint64_t size) "Device %02x:%02x.%x start 0x%"PRIx64" size 0x%"PRIx64
 -vtd_translate_pt(uint16_t sid, uint64_t addr) "source id 0x%"PRIu16", iova 0x%"PRIx64
 -vtd_pt_enable_fast_path(uint16_t sid, bool success) "sid 0x%"PRIu16" %d"
 +vtd_translate_pt(uint16_t sid, uint64_t addr) "source id 0x%"PRIx16", iova 0x%"PRIx64
 +vtd_pt_enable_fast_path(uint16_t sid, bool success) "sid 0x%"PRIx16" %d"
  vtd_irq_generate(uint64_t addr, uint64_t data) "addr 0x%"PRIx64" data 0x%"PRIx64
  vtd_reg_read(uint64_t addr, uint64_t size) "addr 0x%"PRIx64" size 0x%"PRIx64
  vtd_reg_write(uint64_t addr, uint64_t size, uint64_t val) "addr 0x%"PRIx64" size 0x%"PRIx64" value 0x%"PRIx64
 diff --git a/hw/misc/trace-events b/hw/misc/trace-events
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/misc/trace-events
 +++ b/hw/misc/trace-events
@@ -XXX,XX +XXX,XX @@
  # See docs/devel/tracing.rst for syntax documentation.
  # allwinner-cpucfg.c
 -allwinner_cpucfg_cpu_reset(uint8_t cpu_id, uint32_t reset_addr) "id %u, reset_addr 0x%" PRIu32
 +allwinner_cpucfg_cpu_reset(uint8_t cpu_id, uint32_t reset_addr) "id %u, reset_addr 0x%" PRIx32
  allwinner_cpucfg_read(uint64_t offset, uint64_t data, unsigned size) "offset 0x%" PRIx64 " data 0x%" PRIx64 " size %" PRIu32
  allwinner_cpucfg_write(uint64_t offset, uint64_t data, unsigned size) "offset 0x%" PRIx64 " data 0x%" PRIx64 " size %" PRIu32
@@ -XXX,XX +XXX,XX @@ imx7_gpr_write(uint64_t offset, uint64_t value) "addr 0x%08" PRIx64 "value 0x%08
  # mos6522.c
  mos6522_set_counter(int index, unsigned int val) "T%d.counter=%d"
 -mos6522_get_next_irq_time(uint16_t latch, int64_t d, int64_t delta) "latch=%d counter=0x%"PRId64 " delta_next=0x%"PRId64
 +mos6522_get_next_irq_time(uint16_t latch, int64_t d, int64_t delta) "latch=%d counter=0x%"PRIx64 " delta_next=0x%"PRIx64
  mos6522_set_sr_int(void) "set sr_int"
  mos6522_write(uint64_t addr, const char *name, uint64_t val) "reg=0x%"PRIx64 " [%s] val=0x%"PRIx64
  mos6522_read(uint64_t addr, const char *name, unsigned val) "reg=0x%"PRIx64 " [%s] val=0x%x"
 diff --git a/hw/scsi/trace-events b/hw/scsi/trace-events
 index XXXXXXX..XXXXXXX 100644
 --- a/hw/scsi/trace-events
 +++ b/hw/scsi/trace-events
@@ -XXX,XX +XXX,XX @@ lsi_bad_phase_interrupt(void) "Phase mismatch interrupt"
  lsi_bad_selection(uint32_t id) "Selected absent target %"PRIu32
  lsi_do_dma_unavailable(void) "DMA no data available"
  lsi_do_dma(uint64_t addr, int len) "DMA addr=0x%"PRIx64" len=%d"
 -lsi_queue_command(uint32_t tag) "Queueing tag=0x%"PRId32
 +lsi_queue_command(uint32_t tag) "Queueing tag=0x%"PRIx32
  lsi_add_msg_byte_error(void) "MSG IN data too long"
  lsi_add_msg_byte(uint8_t data) "MSG IN 0x%02x"
  lsi_reselect(int id) "Reselected target %d"
@@ -XXX,XX +XXX,XX @@ lsi_do_msgout_noop(void) "MSG: No Operation"
  lsi_do_msgout_extended(uint8_t msg, uint8_t len) "Extended message 0x%x (len %d)"
  lsi_do_msgout_ignored(const char *msg) "%s (ignored)"
  lsi_do_msgout_simplequeue(uint8_t select_tag) "SIMPLE queue tag=0x%x"
 -lsi_do_msgout_abort(uint32_t tag) "MSG: ABORT TAG tag=0x%"PRId32
 +lsi_do_msgout_abort(uint32_t tag) "MSG: ABORT TAG tag=0x%"PRIx32
  lsi_do_msgout_clearqueue(uint32_t tag) "MSG: CLEAR QUEUE tag=0x%"PRIx32
  lsi_do_msgout_busdevicereset(uint32_t tag) "MSG: BUS DEVICE RESET tag=0x%"PRIx32
  lsi_do_msgout_select(int id) "Select LUN %d"
 --
-.25.1
+.35.1

-[PULL for-5.0 2/3] aio-wait: delegate polling of main AioContext if BQL not held
+Deleted patch
-From: Paolo Bonzini <pbonzini@redhat.com>
-Any thread that is not a iothread returns NULL for qemu_get_current_aio_context().
-As a result, it would also return true for
-in_aio_context_home_thread(qemu_get_aio_context()), causing
-AIO_WAIT_WHILE to invoke aio_poll() directly.  This is incorrect
-if the BQL is not held, because aio_poll() does not expect to
-run concurrently from multiple threads, and it can actually
-happen when savevm writes to the vmstate file from the
-migration thread.
-Therefore, restrict in_aio_context_home_thread to return true
-for the main AioContext only if the BQL is held.
-The function is moved to aio-wait.h because it is mostly used
-there and to avoid a circular reference between main-loop.h
-and block/aio.h.
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Message-Id: <20200407140746.8041-5-pbonzini@redhat.com>
-Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
----
- include/block/aio-wait.h | 22 ++++++++++++++++++++++
- include/block/aio.h      | 29 ++++++++++-------------------
-files changed, 32 insertions(+), 19 deletions(-)
-diff --git a/include/block/aio-wait.h b/include/block/aio-wait.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/block/aio-wait.h
-+++ b/include/block/aio-wait.h
-@@ -XXX,XX +XXX,XX @@
- #define QEMU_AIO_WAIT_H
- #include "block/aio.h"
-+#include "qemu/main-loop.h"
- /**
-  * AioWait:
-@@ -XXX,XX +XXX,XX @@ void aio_wait_kick(void);
-  */
- void aio_wait_bh_oneshot(AioContext *ctx, QEMUBHFunc *cb, void *opaque);
-+/**
-+ * in_aio_context_home_thread:
-+ * @ctx: the aio context
-+ *
-+ * Return whether we are running in the thread that normally runs @ctx.  Note
-+ * that acquiring/releasing ctx does not affect the outcome, each AioContext
-+ * still only has one home thread that is responsible for running it.
-+ */
-+static inline bool in_aio_context_home_thread(AioContext *ctx)
-+{
-+    if (ctx == qemu_get_current_aio_context()) {
-+        return true;
-+    }
-+
-+    if (ctx == qemu_get_aio_context()) {
-+        return qemu_mutex_iothread_locked();
-+    } else {
-+        return false;
-+    }
-+}
-+
- #endif /* QEMU_AIO_WAIT_H */
-diff --git a/include/block/aio.h b/include/block/aio.h
-index XXXXXXX..XXXXXXX 100644
---- a/include/block/aio.h
-+++ b/include/block/aio.h
-@@ -XXX,XX +XXX,XX @@ struct AioContext {
-     AioHandlerList deleted_aio_handlers;
-     /* Used to avoid unnecessary event_notifier_set calls in aio_notify;
--     * accessed with atomic primitives.  If this field is 0, everything
--     * (file descriptors, bottom halves, timers) will be re-evaluated
--     * before the next blocking poll(), thus the event_notifier_set call
--     * can be skipped.  If it is non-zero, you may need to wake up a
--     * concurrent aio_poll or the glib main event loop, making
--     * event_notifier_set necessary.
-+     * only written from the AioContext home thread, or under the BQL in
-+     * the case of the main AioContext.  However, it is read from any
-+     * thread so it is still accessed with atomic primitives.
-+     *
-+     * If this field is 0, everything (file descriptors, bottom halves,
-+     * timers) will be re-evaluated before the next blocking poll() or
-+     * io_uring wait; therefore, the event_notifier_set call can be
-+     * skipped.  If it is non-zero, you may need to wake up a concurrent
-+     * aio_poll or the glib main event loop, making event_notifier_set
-+     * necessary.
-      *
-      * Bit 0 is reserved for GSource usage of the AioContext, and is 1
-      * between a call to aio_ctx_prepare and the next call to aio_ctx_check.
-@@ -XXX,XX +XXX,XX @@ void aio_co_enter(AioContext *ctx, struct Coroutine *co);
-  */
- AioContext *qemu_get_current_aio_context(void);
--/**
-- * in_aio_context_home_thread:
-- * @ctx: the aio context
-- *
-- * Return whether we are running in the thread that normally runs @ctx.  Note
-- * that acquiring/releasing ctx does not affect the outcome, each AioContext
-- * still only has one home thread that is responsible for running it.
-- */
--static inline bool in_aio_context_home_thread(AioContext *ctx)
--{
--    return ctx == qemu_get_current_aio_context();
--}
--
- /**
-  * aio_context_setup:
-  * @ctx: the aio context
---
-.25.1

The following changes since commit 8bac3ba57eecc466b7e73dabf7d19328a59f684e:

Merge remote-tracking branch 'remotes/rth/tags/pull-rx-20200408' into staging (2020-04-09 13:23:30 +0100)

are available in the Git repository at:

https://github.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to 5710a3e09f9b85801e5ce70797a4a511e5fc9e2c:

async: use explicit memory barriers (2020-04-09 16:17:14 +0100)

----------------------------------------------------------------
Pull request

Fixes for QEMU on aarch64 ARM hosts and fdmon-io_uring.

----------------------------------------------------------------

Paolo Bonzini (2):
  aio-wait: delegate polling of main AioContext if BQL not held
  async: use explicit memory barriers

Stefan Hajnoczi (1):
  aio-posix: signal-proof fdmon-io_uring

include/block/aio-wait.h | 22 ++++++++++++++++++++++
 include/block/aio.h      | 29 ++++++++++-------------------
 util/aio-posix.c         | 16 ++++++++++++++--
 util/aio-win32.c         | 17 ++++++++++++++---
 util/async.c             | 16 ++++++++++++----
 util/fdmon-io_uring.c    | 10 ++++++++--
 6 files changed, 80 insertions(+), 30 deletions(-)

-- 
2.25.1

The io_uring_enter(2) syscall returns with errno=EINTR when interrupted
by a signal.  Retry the syscall in this case.

It's essential to do this in the io_uring_submit_and_wait() case.  My
interpretation of the Linux v5.5 io_uring_enter(2) code is that it
shouldn't affect the io_uring_submit() case, but there is no guarantee
this will always be the case.  Let's check for -EINTR around both APIs.

Note that the liburing APIs have -errno return values.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200408091139.273851-1-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 util/fdmon-io_uring.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/util/fdmon-io_uring.c b/util/fdmon-io_uring.c
index XXXXXXX..XXXXXXX 100644
--- a/util/fdmon-io_uring.c
+++ b/util/fdmon-io_uring.c
@@ -XXX,XX +XXX,XX @@ static struct io_uring_sqe *get_sqe(AioContext *ctx)
     }
 
     /* No free sqes left, submit pending sqes first */
-    ret = io_uring_submit(ring);
+    do {
+        ret = io_uring_submit(ring);
+    } while (ret == -EINTR);
+
     assert(ret > 1);
     sqe = io_uring_get_sqe(ring);
     assert(sqe);
@@ -XXX,XX +XXX,XX @@ static int fdmon_io_uring_wait(AioContext *ctx, AioHandlerList *ready_list,
 
     fill_sq_ring(ctx);
 
-    ret = io_uring_submit_and_wait(&ctx->fdmon_io_uring, wait_nr);
+    do {
+        ret = io_uring_submit_and_wait(&ctx->fdmon_io_uring, wait_nr);
+    } while (ret == -EINTR);
+
     assert(ret >= 0);
 
     return process_cq_ring(ctx, ready_list);
-- 
2.25.1

From: Paolo Bonzini <pbonzini@redhat.com>

Any thread that is not a iothread returns NULL for qemu_get_current_aio_context().
As a result, it would also return true for
in_aio_context_home_thread(qemu_get_aio_context()), causing
AIO_WAIT_WHILE to invoke aio_poll() directly.  This is incorrect
if the BQL is not held, because aio_poll() does not expect to
run concurrently from multiple threads, and it can actually
happen when savevm writes to the vmstate file from the
migration thread.

Therefore, restrict in_aio_context_home_thread to return true
for the main AioContext only if the BQL is held.

The function is moved to aio-wait.h because it is mostly used
there and to avoid a circular reference between main-loop.h
and block/aio.h.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200407140746.8041-5-pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 include/block/aio-wait.h | 22 ++++++++++++++++++++++
 include/block/aio.h      | 29 ++++++++++-------------------
 2 files changed, 32 insertions(+), 19 deletions(-)

diff --git a/include/block/aio-wait.h b/include/block/aio-wait.h
index XXXXXXX..XXXXXXX 100644
--- a/include/block/aio-wait.h
+++ b/include/block/aio-wait.h
@@ -XXX,XX +XXX,XX @@
 #define QEMU_AIO_WAIT_H
 
 #include "block/aio.h"
+#include "qemu/main-loop.h"
 
 /**
  * AioWait:
@@ -XXX,XX +XXX,XX @@ void aio_wait_kick(void);
  */
 void aio_wait_bh_oneshot(AioContext *ctx, QEMUBHFunc *cb, void *opaque);
 
+/**
+ * in_aio_context_home_thread:
+ * @ctx: the aio context
+ *
+ * Return whether we are running in the thread that normally runs @ctx.  Note
+ * that acquiring/releasing ctx does not affect the outcome, each AioContext
+ * still only has one home thread that is responsible for running it.
+ */
+static inline bool in_aio_context_home_thread(AioContext *ctx)
+{
+    if (ctx == qemu_get_current_aio_context()) {
+        return true;
+    }
+
+    if (ctx == qemu_get_aio_context()) {
+        return qemu_mutex_iothread_locked();
+    } else {
+        return false;
+    }
+}
+
 #endif /* QEMU_AIO_WAIT_H */
diff --git a/include/block/aio.h b/include/block/aio.h
index XXXXXXX..XXXXXXX 100644
--- a/include/block/aio.h
+++ b/include/block/aio.h
@@ -XXX,XX +XXX,XX @@ struct AioContext {
     AioHandlerList deleted_aio_handlers;
 
     /* Used to avoid unnecessary event_notifier_set calls in aio_notify;
-     * accessed with atomic primitives.  If this field is 0, everything
-     * (file descriptors, bottom halves, timers) will be re-evaluated
-     * before the next blocking poll(), thus the event_notifier_set call
-     * can be skipped.  If it is non-zero, you may need to wake up a
-     * concurrent aio_poll or the glib main event loop, making
-     * event_notifier_set necessary.
+     * only written from the AioContext home thread, or under the BQL in
+     * the case of the main AioContext.  However, it is read from any
+     * thread so it is still accessed with atomic primitives.
+     *
+     * If this field is 0, everything (file descriptors, bottom halves,
+     * timers) will be re-evaluated before the next blocking poll() or
+     * io_uring wait; therefore, the event_notifier_set call can be
+     * skipped.  If it is non-zero, you may need to wake up a concurrent
+     * aio_poll or the glib main event loop, making event_notifier_set
+     * necessary.
      *
      * Bit 0 is reserved for GSource usage of the AioContext, and is 1
      * between a call to aio_ctx_prepare and the next call to aio_ctx_check.
@@ -XXX,XX +XXX,XX @@ void aio_co_enter(AioContext *ctx, struct Coroutine *co);
  */
 AioContext *qemu_get_current_aio_context(void);
 
-/**
- * in_aio_context_home_thread:
- * @ctx: the aio context
- *
- * Return whether we are running in the thread that normally runs @ctx.  Note
- * that acquiring/releasing ctx does not affect the outcome, each AioContext
- * still only has one home thread that is responsible for running it.
- */
-static inline bool in_aio_context_home_thread(AioContext *ctx)
-{
-    return ctx == qemu_get_current_aio_context();
-}
-
 /**
  * aio_context_setup:
  * @ctx: the aio context
-- 
2.25.1

From: Paolo Bonzini <pbonzini@redhat.com>

When using C11 atomics, non-seqcst reads and writes do not participate
in the total order of seqcst operations.  In util/async.c and util/aio-posix.c,
in particular, the pattern that we use

write ctx->notify_me                 write bh->scheduled
          read bh->scheduled                   read ctx->notify_me
          if !bh->scheduled, sleep             if ctx->notify_me, notify

needs to use seqcst operations for both the write and the read.  In
general this is something that we do not want, because there can be
many sources that are polled in addition to bottom halves.  The
alternative is to place a seqcst memory barrier between the write
and the read.  This also comes with a disadvantage, in that the
memory barrier is implicit on strongly-ordered architectures and
it wastes a few dozen clock cycles.

Fortunately, ctx->notify_me is never written concurrently by two
threads, so we can assert that and relax the writes to ctx->notify_me.
The resulting solution works and performs well on both aarch64 and x86.

Note that the atomic_set/atomic_read combination is not an atomic
read-modify-write, and therefore it is even weaker than C11 ATOMIC_RELAXED;
on x86, ATOMIC_RELAXED compiles to a locked operation.

Analyzed-by: Ying Fang <fangying1@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Ying Fang <fangying1@huawei.com>
Message-Id: <20200407140746.8041-6-pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 util/aio-posix.c | 16 ++++++++++++++--
 util/aio-win32.c | 17 ++++++++++++++---
 util/async.c     | 16 ++++++++++++----
 3 files changed, 40 insertions(+), 9 deletions(-)

diff --git a/util/aio-posix.c b/util/aio-posix.c
index XXXXXXX..XXXXXXX 100644
--- a/util/aio-posix.c
+++ b/util/aio-posix.c
@@ -XXX,XX +XXX,XX @@ bool aio_poll(AioContext *ctx, bool blocking)
     int64_t timeout;
     int64_t start = 0;
 
+    /*
+     * There cannot be two concurrent aio_poll calls for the same AioContext (or
+     * an aio_poll concurrent with a GSource prepare/check/dispatch callback).
+     * We rely on this below to avoid slow locked accesses to ctx->notify_me.
+     */
     assert(in_aio_context_home_thread(ctx));
 
     /* aio_notify can avoid the expensive event_notifier_set if
@@ -XXX,XX +XXX,XX @@ bool aio_poll(AioContext *ctx, bool blocking)
      * so disable the optimization now.
      */
     if (blocking) {
-        atomic_add(&ctx->notify_me, 2);
+        atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) + 2);
+        /*
+         * Write ctx->notify_me before computing the timeout
+         * (reading bottom half flags, etc.).  Pairs with
+         * smp_mb in aio_notify().
+         */
+        smp_mb();
     }
 
     qemu_lockcnt_inc(&ctx->list_lock);
@@ -XXX,XX +XXX,XX @@ bool aio_poll(AioContext *ctx, bool blocking)
     }
 
     if (blocking) {
-        atomic_sub(&ctx->notify_me, 2);
+        /* Finish the poll before clearing the flag.  */
+        atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) - 2);
         aio_notify_accept(ctx);
     }
 
diff --git a/util/aio-win32.c b/util/aio-win32.c
index XXXXXXX..XXXXXXX 100644
--- a/util/aio-win32.c
+++ b/util/aio-win32.c
@@ -XXX,XX +XXX,XX @@ bool aio_poll(AioContext *ctx, bool blocking)
     int count;
     int timeout;
 
+    /*
+     * There cannot be two concurrent aio_poll calls for the same AioContext (or
+     * an aio_poll concurrent with a GSource prepare/check/dispatch callback).
+     * We rely on this below to avoid slow locked accesses to ctx->notify_me.
+     */
+    assert(in_aio_context_home_thread(ctx));
     progress = false;
 
     /* aio_notify can avoid the expensive event_notifier_set if
@@ -XXX,XX +XXX,XX @@ bool aio_poll(AioContext *ctx, bool blocking)
      * so disable the optimization now.
      */
     if (blocking) {
-        atomic_add(&ctx->notify_me, 2);
+        atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) + 2);
+        /*
+         * Write ctx->notify_me before computing the timeout
+         * (reading bottom half flags, etc.).  Pairs with
+         * smp_mb in aio_notify().
+         */
+        smp_mb();
     }
 
     qemu_lockcnt_inc(&ctx->list_lock);
@@ -XXX,XX +XXX,XX @@ bool aio_poll(AioContext *ctx, bool blocking)
         ret = WaitForMultipleObjects(count, events, FALSE, timeout);
         if (blocking) {
             assert(first);
-            assert(in_aio_context_home_thread(ctx));
-            atomic_sub(&ctx->notify_me, 2);
+            atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) - 2);
             aio_notify_accept(ctx);
         }
 
diff --git a/util/async.c b/util/async.c
index XXXXXXX..XXXXXXX 100644
--- a/util/async.c
+++ b/util/async.c
@@ -XXX,XX +XXX,XX @@ aio_ctx_prepare(GSource *source, gint    *timeout)
 {
     AioContext *ctx = (AioContext *) source;
 
-    atomic_or(&ctx->notify_me, 1);
+    atomic_set(&ctx->notify_me, atomic_read(&ctx->notify_me) | 1);
+
+    /*
+     * Write ctx->notify_me before computing the timeout
+     * (reading bottom half flags, etc.).  Pairs with
+     * smp_mb in aio_notify().
+     */
+    smp_mb();
 
     /* We assume there is no timeout already supplied */
     *timeout = qemu_timeout_ns_to_ms(aio_compute_timeout(ctx));
@@ -XXX,XX +XXX,XX @@ aio_ctx_check(GSource *source)
     QEMUBH *bh;
     BHListSlice *s;
 
-    atomic_and(&ctx->notify_me, ~1);
+    /* Finish computing the timeout before clearing the flag.  */
+    atomic_store_release(&ctx->notify_me, atomic_read(&ctx->notify_me) & ~1);
     aio_notify_accept(ctx);
 
     QSLIST_FOREACH_RCU(bh, &ctx->bh_list, next) {
@@ -XXX,XX +XXX,XX @@ LuringState *aio_get_linux_io_uring(AioContext *ctx)
 void aio_notify(AioContext *ctx)
 {
     /* Write e.g. bh->scheduled before reading ctx->notify_me.  Pairs
-     * with atomic_or in aio_ctx_prepare or atomic_add in aio_poll.
+     * with smp_mb in aio_ctx_prepare or aio_poll.
      */
     smp_mb();
-    if (ctx->notify_me) {
+    if (atomic_read(&ctx->notify_me)) {
         event_notifier_set(&ctx->notifier);
         atomic_mb_set(&ctx->notified, true);
     }
-- 
2.25.1

The following changes since commit 15ef89d2a1a7b93845a6b09c2ee8e1979f6eb30b:

Update version for v7.0.0-rc1 release (2022-03-22 22:58:44 +0000)

are available in the Git repository at:

https://gitlab.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to 2539eade4f689eda7e9fe45486f18334bfbafaf0:

hw: Fix misleading hexadecimal format (2022-03-24 10:38:42 +0000)

----------------------------------------------------------------
Pull request

Philippe found cases where the 0x%d format string was used, leading to
misleading output. The patches look harmless and could save people time, so I
think it's worth including them in 7.0.

----------------------------------------------------------------

Philippe Mathieu-Daudé (2):
  block: Fix misleading hexadecimal format
  hw: Fix misleading hexadecimal format

-- 
2.35.1

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

"0x%u" format is very misleading, replace by "0x%x".

Found running:

$ git grep -E '0x%[0-9]*([lL]*|" ?PRI)[dDuU]' block/

Inspired-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Message-id: 20220323114718.58714-2-philippe.mathieu.daude@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 block/parallels-ext.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/block/parallels-ext.c b/block/parallels-ext.c
index XXXXXXX..XXXXXXX 100644
--- a/block/parallels-ext.c
+++ b/block/parallels-ext.c
@@ -XXX,XX +XXX,XX @@ static int parallels_parse_format_extension(BlockDriverState *bs,
             break;
 
         default:
-            error_setg(errp, "Unknown feature: 0x%" PRIu64, fh.magic);
+            error_setg(errp, "Unknown feature: 0x%" PRIx64, fh.magic);
             goto fail;
         }
 
-- 
2.35.1

From: Philippe Mathieu-Daudé <f4bug@amsat.org>

"0x%u" format is very misleading, replace by "0x%x".

Found running:

$ git grep -E '0x%[0-9]*([lL]*|" ?PRI)[dDuU]' hw/

Inspired-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20220323114718.58714-3-philippe.mathieu.daude@gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
 hw/i386/sgx.c        | 2 +-
 hw/i386/trace-events | 6 +++---
 hw/misc/trace-events | 4 ++--
 hw/scsi/trace-events | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c
index XXXXXXX..XXXXXXX 100644
--- a/hw/i386/sgx.c
+++ b/hw/i386/sgx.c
@@ -XXX,XX +XXX,XX @@ void pc_machine_init_sgx_epc(PCMachineState *pcms)
     }
 
     if ((sgx_epc->base + sgx_epc->size) < sgx_epc->base) {
-        error_report("Size of all 'sgx-epc' =0x%"PRIu64" causes EPC to wrap",
+        error_report("Size of all 'sgx-epc' =0x%"PRIx64" causes EPC to wrap",
                      sgx_epc->size);
         exit(EXIT_FAILURE);
     }
diff --git a/hw/i386/trace-events b/hw/i386/trace-events
index XXXXXXX..XXXXXXX 100644
--- a/hw/i386/trace-events
+++ b/hw/i386/trace-events
@@ -XXX,XX +XXX,XX @@ vtd_fault_disabled(void) "Fault processing disabled for context entry"
 vtd_replay_ce_valid(const char *mode, uint8_t bus, uint8_t dev, uint8_t fn, uint16_t domain, uint64_t hi, uint64_t lo) "%s: replay valid context device %02"PRIx8":%02"PRIx8".%02"PRIx8" domain 0x%"PRIx16" hi 0x%"PRIx64" lo 0x%"PRIx64
 vtd_replay_ce_invalid(uint8_t bus, uint8_t dev, uint8_t fn) "replay invalid context device %02"PRIx8":%02"PRIx8".%02"PRIx8
 vtd_page_walk_level(uint64_t addr, uint32_t level, uint64_t start, uint64_t end) "walk (base=0x%"PRIx64", level=%"PRIu32") iova range 0x%"PRIx64" - 0x%"PRIx64
-vtd_page_walk_one(uint16_t domain, uint64_t iova, uint64_t gpa, uint64_t mask, int perm) "domain 0x%"PRIu16" iova 0x%"PRIx64" -> gpa 0x%"PRIx64" mask 0x%"PRIx64" perm %d"
+vtd_page_walk_one(uint16_t domain, uint64_t iova, uint64_t gpa, uint64_t mask, int perm) "domain 0x%"PRIx16" iova 0x%"PRIx64" -> gpa 0x%"PRIx64" mask 0x%"PRIx64" perm %d"
 vtd_page_walk_one_skip_map(uint64_t iova, uint64_t mask, uint64_t translated) "iova 0x%"PRIx64" mask 0x%"PRIx64" translated 0x%"PRIx64
 vtd_page_walk_one_skip_unmap(uint64_t iova, uint64_t mask) "iova 0x%"PRIx64" mask 0x%"PRIx64
 vtd_page_walk_skip_read(uint64_t iova, uint64_t next) "Page walk skip iova 0x%"PRIx64" - 0x%"PRIx64" due to unable to read"
 vtd_page_walk_skip_reserve(uint64_t iova, uint64_t next) "Page walk skip iova 0x%"PRIx64" - 0x%"PRIx64" due to rsrv set"
 vtd_switch_address_space(uint8_t bus, uint8_t slot, uint8_t fn, bool on) "Device %02x:%02x.%x switching address space (iommu enabled=%d)"
 vtd_as_unmap_whole(uint8_t bus, uint8_t slot, uint8_t fn, uint64_t iova, uint64_t size) "Device %02x:%02x.%x start 0x%"PRIx64" size 0x%"PRIx64
-vtd_translate_pt(uint16_t sid, uint64_t addr) "source id 0x%"PRIu16", iova 0x%"PRIx64
-vtd_pt_enable_fast_path(uint16_t sid, bool success) "sid 0x%"PRIu16" %d"
+vtd_translate_pt(uint16_t sid, uint64_t addr) "source id 0x%"PRIx16", iova 0x%"PRIx64
+vtd_pt_enable_fast_path(uint16_t sid, bool success) "sid 0x%"PRIx16" %d"
 vtd_irq_generate(uint64_t addr, uint64_t data) "addr 0x%"PRIx64" data 0x%"PRIx64
 vtd_reg_read(uint64_t addr, uint64_t size) "addr 0x%"PRIx64" size 0x%"PRIx64
 vtd_reg_write(uint64_t addr, uint64_t size, uint64_t val) "addr 0x%"PRIx64" size 0x%"PRIx64" value 0x%"PRIx64
diff --git a/hw/misc/trace-events b/hw/misc/trace-events
index XXXXXXX..XXXXXXX 100644
--- a/hw/misc/trace-events
+++ b/hw/misc/trace-events
@@ -XXX,XX +XXX,XX @@
 # See docs/devel/tracing.rst for syntax documentation.
 
 # allwinner-cpucfg.c
-allwinner_cpucfg_cpu_reset(uint8_t cpu_id, uint32_t reset_addr) "id %u, reset_addr 0x%" PRIu32
+allwinner_cpucfg_cpu_reset(uint8_t cpu_id, uint32_t reset_addr) "id %u, reset_addr 0x%" PRIx32
 allwinner_cpucfg_read(uint64_t offset, uint64_t data, unsigned size) "offset 0x%" PRIx64 " data 0x%" PRIx64 " size %" PRIu32
 allwinner_cpucfg_write(uint64_t offset, uint64_t data, unsigned size) "offset 0x%" PRIx64 " data 0x%" PRIx64 " size %" PRIu32
 
@@ -XXX,XX +XXX,XX @@ imx7_gpr_write(uint64_t offset, uint64_t value) "addr 0x%08" PRIx64 "value 0x%08
 
 # mos6522.c
 mos6522_set_counter(int index, unsigned int val) "T%d.counter=%d"
-mos6522_get_next_irq_time(uint16_t latch, int64_t d, int64_t delta) "latch=%d counter=0x%"PRId64 " delta_next=0x%"PRId64
+mos6522_get_next_irq_time(uint16_t latch, int64_t d, int64_t delta) "latch=%d counter=0x%"PRIx64 " delta_next=0x%"PRIx64
 mos6522_set_sr_int(void) "set sr_int"
 mos6522_write(uint64_t addr, const char *name, uint64_t val) "reg=0x%"PRIx64 " [%s] val=0x%"PRIx64
 mos6522_read(uint64_t addr, const char *name, unsigned val) "reg=0x%"PRIx64 " [%s] val=0x%x"
diff --git a/hw/scsi/trace-events b/hw/scsi/trace-events
index XXXXXXX..XXXXXXX 100644
--- a/hw/scsi/trace-events
+++ b/hw/scsi/trace-events
@@ -XXX,XX +XXX,XX @@ lsi_bad_phase_interrupt(void) "Phase mismatch interrupt"
 lsi_bad_selection(uint32_t id) "Selected absent target %"PRIu32
 lsi_do_dma_unavailable(void) "DMA no data available"
 lsi_do_dma(uint64_t addr, int len) "DMA addr=0x%"PRIx64" len=%d"
-lsi_queue_command(uint32_t tag) "Queueing tag=0x%"PRId32
+lsi_queue_command(uint32_t tag) "Queueing tag=0x%"PRIx32
 lsi_add_msg_byte_error(void) "MSG IN data too long"
 lsi_add_msg_byte(uint8_t data) "MSG IN 0x%02x"
 lsi_reselect(int id) "Reselected target %d"
@@ -XXX,XX +XXX,XX @@ lsi_do_msgout_noop(void) "MSG: No Operation"
 lsi_do_msgout_extended(uint8_t msg, uint8_t len) "Extended message 0x%x (len %d)"
 lsi_do_msgout_ignored(const char *msg) "%s (ignored)"
 lsi_do_msgout_simplequeue(uint8_t select_tag) "SIMPLE queue tag=0x%x"
-lsi_do_msgout_abort(uint32_t tag) "MSG: ABORT TAG tag=0x%"PRId32
+lsi_do_msgout_abort(uint32_t tag) "MSG: ABORT TAG tag=0x%"PRIx32
 lsi_do_msgout_clearqueue(uint32_t tag) "MSG: CLEAR QUEUE tag=0x%"PRIx32
 lsi_do_msgout_busdevicereset(uint32_t tag) "MSG: BUS DEVICE RESET tag=0x%"PRIx32
 lsi_do_msgout_select(int id) "Select LUN %d"
-- 
2.35.1