Re: [PATCH v2 1/1] tests/qtest/fuzz: Add faster virtio tests

From: Alexander Bulekov <alxndr@bu.edu>
To: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
Cc: Laurent Vivier <lvivier@redhat.com>,
	Thomas Huth <thuth@redhat.com>,
	qemu-devel@nongnu.org, Bandan Das <bsd@redhat.com>,
	Stefan Hajnoczi <stefanha@redhat.com>,
	Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH v2 1/1] tests/qtest/fuzz: Add faster virtio tests
Date: Fri, 29 May 2020 01:19:25 -0400	[thread overview]
Message-ID: <20200529051925.peokp7tmedgnqrqv@mozz.bu.edu> (raw)
In-Reply-To: <20200528165303.1877-2-f4bug@amsat.org>

On 200528 1853, Philippe Mathieu-Daudé wrote:
> We don't need to serialize over QTest chardev when we can
> directly access the MMIO address space via the first
> registered CPU view.
> Rename the currents tests as $TEST-qtest, add add faster
> tests that don't use the qtest chardev.
> 
> virtio-net-socket gets ~50% performance improvement.
> 
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Reviewed-by: Alexander Bulekov <alxndr@bu.edu>

Thanks for fixing the spaces in the descriptions, too.

> ---
>  tests/qtest/fuzz/virtio_net_fuzz.c  | 42 ++++++++++++++++++++---
>  tests/qtest/fuzz/virtio_scsi_fuzz.c | 53 +++++++++++++++++++++++++----
>  2 files changed, 84 insertions(+), 11 deletions(-)
> 
> diff --git a/tests/qtest/fuzz/virtio_net_fuzz.c b/tests/qtest/fuzz/virtio_net_fuzz.c
> index d08a47e278..7a39cfbb75 100644
> --- a/tests/qtest/fuzz/virtio_net_fuzz.c
> +++ b/tests/qtest/fuzz/virtio_net_fuzz.c
> @@ -19,6 +19,8 @@
>  #include "fork_fuzz.h"
>  #include "qos_fuzz.h"
>  
> +#include "exec/address-spaces.h"
> +#include "hw/core/cpu.h"
>  
>  #define QVIRTIO_NET_TIMEOUT_US (30 * 1000 * 1000)
>  #define QVIRTIO_RX_VQ 0
> @@ -29,7 +31,9 @@ static int sockfds[2];
>  static bool sockfds_initialized;
>  
>  static void virtio_net_fuzz_multi(QTestState *s,
> -        const unsigned char *Data, size_t Size, bool check_used)
> +                                  const unsigned char *Data, size_t Size,
> +                                  bool check_used, bool use_qtest_chardev)
> +
>  {
>      typedef struct vq_action {
>          uint8_t queue;
> @@ -69,8 +73,13 @@ static void virtio_net_fuzz_multi(QTestState *s,
>               * If checking used ring, ensure that the fuzzer doesn't trigger
>               * trivial asserion failure on zero-zied buffer
>               */
> -            qtest_memwrite(s, req_addr, Data, vqa.length);
> -
> +            if (use_qtest_chardev) {
> +                qtest_memwrite(s, req_addr, Data, vqa.length);
> +            } else {
> +                address_space_write(first_cpu->as, req_addr,
> +                                     MEMTXATTRS_UNSPECIFIED,
> +                                     &Data, vqa.length);
> +            }
>  
>              free_head = qvirtqueue_add(s, q, req_addr, vqa.length,
>                      vqa.write, vqa.next);
> @@ -118,7 +127,20 @@ static void virtio_net_fork_fuzz(QTestState *s,
>          const unsigned char *Data, size_t Size)
>  {
>      if (fork() == 0) {
> -        virtio_net_fuzz_multi(s, Data, Size, false);
> +        virtio_net_fuzz_multi(s, Data, Size, false, false);
> +        flush_events(s);
> +        _Exit(0);
> +    } else {
> +        wait(NULL);
> +    }
> +}
> +
> +static void virtio_net_fork_fuzz_qtest(QTestState *s,
> +                                       const unsigned char *Data,
> +                                       size_t Size)
> +{
> +    if (fork() == 0) {
> +        virtio_net_fuzz_multi(s, Data, Size, false, true);
>          flush_events(s);
>          _Exit(0);
>      } else {
> @@ -130,7 +152,7 @@ static void virtio_net_fork_fuzz_check_used(QTestState *s,
>          const unsigned char *Data, size_t Size)
>  {
>      if (fork() == 0) {
> -        virtio_net_fuzz_multi(s, Data, Size, true);
> +        virtio_net_fuzz_multi(s, Data, Size, true, false);
>          flush_events(s);
>          _Exit(0);
>      } else {
> @@ -173,6 +195,16 @@ static void register_virtio_net_fuzz_targets(void)
>              &(QOSGraphTestOptions){.before = virtio_net_test_setup_socket}
>              );
>  
> +    fuzz_add_qos_target(&(FuzzTarget){
> +            .name = "virtio-net-socket-qtest",
> +            .description = "Fuzz the virtio-net virtual queues. Fuzz incoming "
> +            "traffic using the socket backend (over a qtest chardev)",
> +            .pre_fuzz = &virtio_net_pre_fuzz,
> +            .fuzz = virtio_net_fork_fuzz_qtest,},
> +            "virtio-net",
> +            &(QOSGraphTestOptions){.before = virtio_net_test_setup_socket}
> +            );
> +
>      fuzz_add_qos_target(&(FuzzTarget){
>              .name = "virtio-net-socket-check-used",
>              .description = "Fuzz the virtio-net virtual queues. Wait for the "
> diff --git a/tests/qtest/fuzz/virtio_scsi_fuzz.c b/tests/qtest/fuzz/virtio_scsi_fuzz.c
> index 3b95247f12..27b63b2e32 100644
> --- a/tests/qtest/fuzz/virtio_scsi_fuzz.c
> +++ b/tests/qtest/fuzz/virtio_scsi_fuzz.c
> @@ -23,6 +23,9 @@
>  #include "fork_fuzz.h"
>  #include "qos_fuzz.h"
>  
> +#include "exec/address-spaces.h"
> +#include "hw/core/cpu.h"
> +
>  #define PCI_SLOT                0x02
>  #define PCI_FN                  0x00
>  #define QVIRTIO_SCSI_TIMEOUT_US (1 * 1000 * 1000)
> @@ -63,7 +66,8 @@ static QVirtioSCSIQueues *qvirtio_scsi_init(QVirtioDevice *dev, uint64_t mask)
>  }
>  
>  static void virtio_scsi_fuzz(QTestState *s, QVirtioSCSIQueues* queues,
> -        const unsigned char *Data, size_t Size)
> +                             const unsigned char *Data, size_t Size,
> +                             bool use_qtest_chardev)
>  {
>      /*
>       * Data is a sequence of random bytes. We split them up into "actions",
> @@ -108,7 +112,13 @@ static void virtio_scsi_fuzz(QTestState *s, QVirtioSCSIQueues* queues,
>  
>          /* Copy the data into ram, and place it on the virtqueue */
>          uint64_t req_addr = guest_alloc(t_alloc, vqa.length);
> -        qtest_memwrite(s, req_addr, Data, vqa.length);
> +        if (use_qtest_chardev) {
> +            qtest_memwrite(s, req_addr, Data, vqa.length);
> +        } else {
> +            address_space_write(first_cpu->as, req_addr,
> +                                 MEMTXATTRS_UNSPECIFIED,
> +                                 &Data, vqa.length);
> +        }
>          if (vq_touched[vqa.queue] == 0) {
>              vq_touched[vqa.queue] = 1;
>              free_head[vqa.queue] = qvirtqueue_add(s, q, req_addr, vqa.length,
> @@ -141,7 +151,25 @@ static void virtio_scsi_fork_fuzz(QTestState *s,
>          queues = qvirtio_scsi_init(scsi->vdev, 0);
>      }
>      if (fork() == 0) {
> -        virtio_scsi_fuzz(s, queues, Data, Size);
> +        virtio_scsi_fuzz(s, queues, Data, Size, false);
> +        flush_events(s);
> +        _Exit(0);
> +    } else {
> +        wait(NULL);
> +    }
> +}
> +
> +static void virtio_scsi_fork_fuzz_qtest(QTestState *s,
> +                                        const unsigned char *Data,
> +                                        size_t Size)
> +{
> +    QVirtioSCSI *scsi = fuzz_qos_obj;
> +    static QVirtioSCSIQueues *queues;
> +    if (!queues) {
> +        queues = qvirtio_scsi_init(scsi->vdev, 0);
> +    }
> +    if (fork() == 0) {
> +        virtio_scsi_fuzz(s, queues, Data, Size, true);
>          flush_events(s);
>          _Exit(0);
>      } else {
> @@ -159,7 +187,9 @@ static void virtio_scsi_with_flag_fuzz(QTestState *s,
>          if (Size >= sizeof(uint64_t)) {
>              queues = qvirtio_scsi_init(scsi->vdev, *(uint64_t *)Data);
>              virtio_scsi_fuzz(s, queues,
> -                             Data + sizeof(uint64_t), Size - sizeof(uint64_t));
> +                             Data + sizeof(uint64_t),
> +                             Size - sizeof(uint64_t),
> +                             false);
>              flush_events(s);
>          }
>          _Exit(0);
> @@ -189,7 +219,7 @@ static void register_virtio_scsi_fuzz_targets(void)
>  {
>      fuzz_add_qos_target(&(FuzzTarget){
>                  .name = "virtio-scsi-fuzz",
> -                .description = "Fuzz the virtio-scsi virtual queues, forking"
> +                .description = "Fuzz the virtio-scsi virtual queues, forking "
>                                  "for each fuzz run",
>                  .pre_vm_init = &counter_shm_init,
>                  .pre_fuzz = &virtio_scsi_pre_fuzz,
> @@ -198,9 +228,20 @@ static void register_virtio_scsi_fuzz_targets(void)
>                  &(QOSGraphTestOptions){.before = virtio_scsi_test_setup}
>                  );
>  
> +    fuzz_add_qos_target(&(FuzzTarget){
> +                .name = "virtio-scsi-fuzz-qtest",
> +                .description = "Fuzz the virtio-scsi virtual queues, forking "
> +                                "for each fuzz run (over a qtest chardev)",
> +                .pre_vm_init = &counter_shm_init,
> +                .pre_fuzz = &virtio_scsi_pre_fuzz,
> +                .fuzz = virtio_scsi_fork_fuzz_qtest,},
> +                "virtio-scsi",
> +                &(QOSGraphTestOptions){.before = virtio_scsi_test_setup}
> +                );
> +
>      fuzz_add_qos_target(&(FuzzTarget){
>                  .name = "virtio-scsi-flags-fuzz",
> -                .description = "Fuzz the virtio-scsi virtual queues, forking"
> +                .description = "Fuzz the virtio-scsi virtual queues, forking "
>                  "for each fuzz run (also fuzzes the virtio flags)",
>                  .pre_vm_init = &counter_shm_init,
>                  .pre_fuzz = &virtio_scsi_pre_fuzz,
> -- 
> 2.21.3
> 