From: Andrew Jones <andrew.jones@linux.dev>
To: "Alex Bennée" <alex.bennee@linaro.org>
Cc: kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org,
qemu-devel@nongnu.org, Thomas Huth <thuth@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
kvmarm@lists.linux.dev, qemu-arm@nongnu.org,
Mark Rutland <mark.rutland@arm.com>
Subject: Re: [kvm-unit-tests PATCH v10 4/7] arm/tlbflush-code: TLB flush during code execution
Date: Tue, 21 Mar 2023 16:02:20 +0100 [thread overview]
Message-ID: <20230321150220.mfrvgxg3ebju5e6k@orel> (raw)
In-Reply-To: <20230307112845.452053-5-alex.bennee@linaro.org>
On Tue, Mar 07, 2023 at 11:28:42AM +0000, Alex Bennée wrote:
> This adds a fairly brain dead torture test for TLB flushes intended
> for stressing the MTTCG QEMU build. It takes the usual -smp option for
> multiple CPUs.
>
> By default it CPU0 will do a TLBIALL flush after each cycle. You can
> pass options via -append to control additional aspects of the test:
>
> - "page" flush each page in turn (one per function)
> - "self" do the flush after each computation cycle
> - "verbose" report progress on each computation cycle
>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> CC: Mark Rutland <mark.rutland@arm.com>
> Message-Id: <20211118184650.661575-7-alex.bennee@linaro.org>
>
> ---
> v9
> - move tests back into unittests.cfg (with nodefault mttcg)
> - replace printf with report_info
> - drop accel = tcg
> ---
> arm/Makefile.common | 1 +
> arm/tlbflush-code.c | 209 ++++++++++++++++++++++++++++++++++++++++++++
> arm/unittests.cfg | 25 ++++++
> 3 files changed, 235 insertions(+)
> create mode 100644 arm/tlbflush-code.c
>
> diff --git a/arm/Makefile.common b/arm/Makefile.common
> index 16f8c6df..2c4aad38 100644
> --- a/arm/Makefile.common
> +++ b/arm/Makefile.common
> @@ -12,6 +12,7 @@ tests-common += $(TEST_DIR)/gic.flat
> tests-common += $(TEST_DIR)/psci.flat
> tests-common += $(TEST_DIR)/sieve.flat
> tests-common += $(TEST_DIR)/pl031.flat
> +tests-common += $(TEST_DIR)/tlbflush-code.flat
>
> tests-all = $(tests-common) $(tests)
> all: directories $(tests-all)
> diff --git a/arm/tlbflush-code.c b/arm/tlbflush-code.c
> new file mode 100644
> index 00000000..bf9eb111
> --- /dev/null
> +++ b/arm/tlbflush-code.c
> @@ -0,0 +1,209 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * TLB Flush Race Tests
> + *
> + * These tests are designed to test for incorrect TLB flush semantics
> + * under emulation. The initial CPU will set all the others working a
> + * compuation task and will then trigger TLB flushes across the
computation
> + * system. It doesn't actually need to re-map anything but the flushes
> + * themselves will trigger QEMU's TCG self-modifying code detection
> + * which will invalidate any generated code causing re-translation.
> + * Eventually the code buffer will fill and a general tb_lush() will
> + * be triggered.
> + *
> + * Copyright (C) 2016-2021, Linaro, Alex Bennée <alex.bennee@linaro.org>
> + *
> + * This work is licensed under the terms of the GNU LGPL, version 2.
> + */
> +
> +#include <libcflat.h>
> +#include <asm/smp.h>
> +#include <asm/cpumask.h>
> +#include <asm/barrier.h>
> +#include <asm/mmu.h>
> +
> +#define SEQ_LENGTH 10
> +#define SEQ_HASH 0x7cd707fe
> +
> +static cpumask_t smp_test_complete;
> +static int flush_count = 1000000;
> +static bool flush_self;
> +static bool flush_page;
> +static bool flush_verbose;
> +
> +/*
> + * Work functions
> + *
> + * These work functions need to be:
> + *
> + * - page aligned, so we can flush one function at a time
> + * - have branches, so QEMU TCG generates multiple basic blocks
> + * - call across pages, so we exercise the TCG basic block slow path
> + */
> +
> +/* Adler32 */
> +__attribute__((aligned(PAGE_SIZE))) static
> +uint32_t hash_array(const void *buf, size_t buflen)
> +{
> + const uint8_t *data = (uint8_t *) buf;
> + uint32_t s1 = 1;
> + uint32_t s2 = 0;
> +
> + for (size_t n = 0; n < buflen; n++) {
> + s1 = (s1 + data[n]) % 65521;
> + s2 = (s2 + s1) % 65521;
> + }
> + return (s2 << 16) | s1;
> +}
> +
> +__attribute__((aligned(PAGE_SIZE))) static
> +void create_fib_sequence(int length, unsigned int *array)
> +{
> + int i;
> +
> + /* first two values */
> + array[0] = 0;
> + array[1] = 1;
> + for (i = 2; i < length; i++)
> + array[i] = array[i-2] + array[i-1];
> +}
> +
> +__attribute__((aligned(PAGE_SIZE))) static
> +unsigned long long factorial(unsigned int n)
> +{
> + unsigned int i;
> + unsigned long long fac = 1;
> +
> + for (i = 1; i <= n; i++)
> + fac = fac * i;
> + return fac;
> +}
> +
> +__attribute__((aligned(PAGE_SIZE))) static
> +void factorial_array(unsigned int n, unsigned int *input,
> + unsigned long long *output)
> +{
> + unsigned int i;
> +
> + for (i = 0; i < n; i++)
> + output[i] = factorial(input[i]);
> +}
> +
> +__attribute__((aligned(PAGE_SIZE))) static
> +unsigned int do_computation(void)
> +{
> + unsigned int fib_array[SEQ_LENGTH];
> + unsigned long long facfib_array[SEQ_LENGTH];
> + uint32_t fib_hash, facfib_hash;
> +
> + create_fib_sequence(SEQ_LENGTH, &fib_array[0]);
> + fib_hash = hash_array(&fib_array[0], sizeof(fib_array));
> + factorial_array(SEQ_LENGTH, &fib_array[0], &facfib_array[0]);
> + facfib_hash = hash_array(&facfib_array[0], sizeof(facfib_array));
> +
> + return (fib_hash ^ facfib_hash);
> +}
> +
> +/* This provides a table of the work functions so we can flush each
> + * page individually
> + */
> +static void *pages[] = {&hash_array, &create_fib_sequence, &factorial,
> + &factorial_array, &do_computation};
> +
> +static void do_flush(int i)
> +{
> + if (flush_page)
> + flush_tlb_page((unsigned long)pages[i % ARRAY_SIZE(pages)]);
> + else
> + flush_tlb_all();
> +}
> +
> +
> +static void just_compute(void)
> +{
> + int i, errors = 0;
> + int cpu = smp_processor_id();
> +
> + uint32_t result;
> +
> + report_info("CPU%d online", cpu);
> +
> + for (i = 0 ; i < flush_count; i++) {
> + result = do_computation();
> +
> + if (result != SEQ_HASH) {
> + errors++;
> + report_info("CPU%d: seq%d 0x%"PRIx32"!=0x%x",
> + cpu, i, result, SEQ_HASH);
> + }
> +
> + if (flush_verbose && (i % 1000) == 0)
> + report_info("CPU%d: seq%d", cpu, i);
> +
> + if (flush_self)
> + do_flush(i);
> + }
> +
> + report(errors == 0, "CPU%d: Done - Errors: %d", cpu, errors);
> +
> + cpumask_set_cpu(cpu, &smp_test_complete);
> + if (cpu != 0)
> + halt();
> +}
> +
> +static void just_flush(void)
> +{
> + int cpu = smp_processor_id();
> + int i = 0;
> +
> + /*
> + * Set our CPU as done, keep flushing until everyone else
> + * finished
> + */
> + cpumask_set_cpu(cpu, &smp_test_complete);
> +
> + while (!cpumask_full(&smp_test_complete))
> + do_flush(i++);
> +
> + report_info("CPU%d: Done - Triggered %d flushes", cpu, i);
> +}
> +
> +int main(int argc, char **argv)
> +{
> + int cpu, i;
> + char prefix[100];
> +
> + for (i = 0; i < argc; i++) {
> + char *arg = argv[i];
> +
> + if (strcmp(arg, "page") == 0)
> + flush_page = true;
> +
> + if (strcmp(arg, "self") == 0)
> + flush_self = true;
> +
> + if (strcmp(arg, "verbose") == 0)
> + flush_verbose = true;
> + }
> +
> + snprintf(prefix, sizeof(prefix), "tlbflush_%s_%s",
> + flush_page ? "page" : "all",
> + flush_self ? "self" : "other");
> + report_prefix_push(prefix);
> +
> + for_each_present_cpu(cpu) {
> + if (cpu == 0)
> + continue;
> + smp_boot_secondary(cpu, just_compute);
> + }
> +
> + if (flush_self)
> + just_compute();
> + else
> + just_flush();
> +
> + while (!cpumask_full(&smp_test_complete))
> + cpu_relax();
> +
> + return report_summary();
> +}
> diff --git a/arm/unittests.cfg b/arm/unittests.cfg
> index 5e67b558..ee21aef4 100644
> --- a/arm/unittests.cfg
> +++ b/arm/unittests.cfg
> @@ -275,3 +275,28 @@ file = debug.flat
> arch = arm64
> extra_params = -append 'ss-migration'
> groups = debug migration
> +
> +# TLB Torture Tests
> +[tlbflush-code::all_other]
It's better to use '-', '_', '.', or ',' than '::' because otherwise the
standalone test will have a filename like tests/tlbflush-code::all_other
which will be awkward for shells.
BTW, have you tried running these tests as standalone? Since they're
'nodefault' it'd be good if they work that way.
> +file = tlbflush-code.flat
> +smp = $(($MAX_SMP>4?4:$MAX_SMP))
> +groups = nodefault mttcg
> +
> +[tlbflush-code::page_other]
> +file = tlbflush-code.flat
> +smp = $(($MAX_SMP>4?4:$MAX_SMP))
> +extra_params = -append 'page'
> +groups = nodefault mttcg
> +
> +[tlbflush-code::all_self]
> +file = tlbflush-code.flat
> +smp = $(($MAX_SMP>4?4:$MAX_SMP))
> +extra_params = -append 'self'
> +groups = nodefault mttcg
> +
> +[tlbflush-code::page_self]
> +file = tlbflush-code.flat
> +smp = $(($MAX_SMP>4?4:$MAX_SMP))
> +extra_params = -append 'page self'
> +groups = nodefault mttcg
> +
> --
> 2.39.2
>
Thanks,
drew
next prev parent reply other threads:[~2023-03-21 15:02 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-07 11:28 [kvm-unit-tests PATCH v10 0/7] MTTCG sanity tests for ARM Alex Bennée
2023-03-07 11:28 ` [kvm-unit-tests PATCH v10 1/7] Makefile: add GNU global tags support Alex Bennée
2023-03-21 14:49 ` Andrew Jones
2023-03-07 11:28 ` [kvm-unit-tests PATCH v10 2/7] add .gitpublish metadata Alex Bennée
2023-03-21 14:53 ` Andrew Jones
2023-03-07 11:28 ` [kvm-unit-tests PATCH v10 3/7] lib: add isaac prng library from CCAN Alex Bennée
2023-03-07 11:28 ` [kvm-unit-tests PATCH v10 4/7] arm/tlbflush-code: TLB flush during code execution Alex Bennée
2023-03-21 15:02 ` Andrew Jones [this message]
2023-03-21 15:07 ` Andrew Jones
2023-04-11 8:26 ` Alex Bennée
2023-04-11 8:58 ` Andrew Jones
2023-03-07 11:28 ` [kvm-unit-tests PATCH v10 5/7] arm/locking-tests: add comprehensive locking test Alex Bennée
2023-03-21 15:05 ` Andrew Jones
2023-03-07 11:28 ` [kvm-unit-tests PATCH v10 6/7] arm/barrier-litmus-tests: add simple mp and sal litmus tests Alex Bennée
2023-03-07 11:28 ` [kvm-unit-tests PATCH v10 7/7] arm/tcg-test: some basic TCG exercising tests Alex Bennée
2023-03-21 15:26 ` [kvm-unit-tests PATCH v10 0/7] MTTCG sanity tests for ARM Andrew Jones
2023-04-11 7:43 ` Alex Bennée
2023-04-11 9:08 ` Andrew Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230321150220.mfrvgxg3ebju5e6k@orel \
--to=andrew.jones@linux.dev \
--cc=alex.bennee@linaro.org \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=kvmarm@lists.linux.dev \
--cc=mark.rutland@arm.com \
--cc=pbonzini@redhat.com \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).