On 200528 1853, Philippe Mathieu-Daudé wrote:
> We don't need to serialize over QTest chardev when we can
> directly access the MMIO address space via the first
> registered CPU view.
> Rename the currents tests as $TEST-qtest, add add faster
> tests that don't use the qtest chardev.
>
> virtio-net-socket gets ~50% performance improvement.
>
> Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Alexander Bulekov <alx...@bu.edu>
Thanks for fixing the spaces in the descriptions, too.
> ---
> tests/qtest/fuzz/virtio_net_fuzz.c | 42 ++++++++++++++++++++---
> tests/qtest/fuzz/virtio_scsi_fuzz.c | 53 +++++++++++++++++++++++++----
> 2 files changed, 84 insertions(+), 11 deletions(-)
>
> diff --git a/tests/qtest/fuzz/virtio_net_fuzz.c
> b/tests/qtest/fuzz/virtio_net_fuzz.c
> index d08a47e278..7a39cfbb75 100644
> --- a/tests/qtest/fuzz/virtio_net_fuzz.c
> +++ b/tests/qtest/fuzz/virtio_net_fuzz.c
> @@ -19,6 +19,8 @@
> #include "fork_fuzz.h"
> #include "qos_fuzz.h"
>
> +#include "exec/address-spaces.h"
> +#include "hw/core/cpu.h"
>
> #define QVIRTIO_NET_TIMEOUT_US (30 * 1000 * 1000)
> #define QVIRTIO_RX_VQ 0
> @@ -29,7 +31,9 @@ static int sockfds[2];
> static bool sockfds_initialized;
>
> static void virtio_net_fuzz_multi(QTestState *s,
> - const unsigned char *Data, size_t Size, bool check_used)
> + const unsigned char *Data, size_t Size,
> + bool check_used, bool use_qtest_chardev)
> +
> {
> typedef struct vq_action {
> uint8_t queue;
> @@ -69,8 +73,13 @@ static void virtio_net_fuzz_multi(QTestState *s,
> * If checking used ring, ensure that the fuzzer doesn't trigger
> * trivial asserion failure on zero-zied buffer
> */
> - qtest_memwrite(s, req_addr, Data, vqa.length);
> -
> + if (use_qtest_chardev) {
> + qtest_memwrite(s, req_addr, Data, vqa.length);
> + } else {
> + address_space_write(first_cpu->as, req_addr,
> + MEMTXATTRS_UNSPECIFIED,
> + &Data, vqa.length);
> + }
>
> free_head = qvirtqueue_add(s, q, req_addr, vqa.length,
> vqa.write, vqa.next);
> @@ -118,7 +127,20 @@ static void virtio_net_fork_fuzz(QTestState *s,
> const unsigned char *Data, size_t Size)
> {
> if (fork() == 0) {
> - virtio_net_fuzz_multi(s, Data, Size, false);
> + virtio_net_fuzz_multi(s, Data, Size, false, false);
> + flush_events(s);
> + _Exit(0);
> + } else {
> + wait(NULL);
> + }
> +}
> +
> +static void virtio_net_fork_fuzz_qtest(QTestState *s,
> + const unsigned char *Data,
> + size_t Size)
> +{
> + if (fork() == 0) {
> + virtio_net_fuzz_multi(s, Data, Size, false, true);
> flush_events(s);
> _Exit(0);
> } else {
> @@ -130,7 +152,7 @@ static void virtio_net_fork_fuzz_check_used(QTestState *s,
> const unsigned char *Data, size_t Size)
> {
> if (fork() == 0) {
> - virtio_net_fuzz_multi(s, Data, Size, true);
> + virtio_net_fuzz_multi(s, Data, Size, true, false);
> flush_events(s);
> _Exit(0);
> } else {
> @@ -173,6 +195,16 @@ static void register_virtio_net_fuzz_targets(void)
> &(QOSGraphTestOptions){.before = virtio_net_test_setup_socket}
> );
>
> + fuzz_add_qos_target(&(FuzzTarget){
> + .name = "virtio-net-socket-qtest",
> + .description = "Fuzz the virtio-net virtual queues. Fuzz
> incoming "
> + "traffic using the socket backend (over a qtest chardev)",
> + .pre_fuzz = &virtio_net_pre_fuzz,
> + .fuzz = virtio_net_fork_fuzz_qtest,},
> + "virtio-net",
> + &(QOSGraphTestOptions){.before = virtio_net_test_setup_socket}
> + );
> +
> fuzz_add_qos_target(&(FuzzTarget){
> .name = "virtio-net-socket-check-used",
> .description = "Fuzz the virtio-net virtual queues. Wait for the
> "
> diff --git a/tests/qtest/fuzz/virtio_scsi_fuzz.c
> b/tests/qtest/fuzz/virtio_scsi_fuzz.c
> index 3b95247f12..27b63b2e32 100644
> --- a/tests/qtest/fuzz/virtio_scsi_fuzz.c
> +++ b/tests/qtest/fuzz/virtio_scsi_fuzz.c
> @@ -23,6 +23,9 @@
> #include "fork_fuzz.h"
> #include "qos_fuzz.h"
>
> +#include "exec/address-spaces.h"
> +#include "hw/core/cpu.h"
> +
> #define PCI_SLOT 0x02
> #define PCI_FN 0x00
> #define QVIRTIO_SCSI_TIMEOUT_US (1 * 1000 * 1000)
> @@ -63,7 +66,8 @@ static QVirtioSCSIQueues *qvirtio_scsi_init(QVirtioDevice
> *dev, uint64_t mask)
> }
>
> static void virtio_scsi_fuzz(QTestState *s, QVirtioSCSIQueues* queues,
> - const unsigned char *Data, size_t Size)
> + const unsigned char *Data, size_t Size,
> + bool use_qtest_chardev)
> {
> /*
> * Data is a sequence of random bytes. We split them up into "actions",
> @@ -108,7 +112,13 @@ static void virtio_scsi_fuzz(QTestState *s,
> QVirtioSCSIQueues* queues,
>
> /* Copy the data into ram, and place it on the virtqueue */
> uint64_t req_addr = guest_alloc(t_alloc, vqa.length);
> - qtest_memwrite(s, req_addr, Data, vqa.length);
> + if (use_qtest_chardev) {
> + qtest_memwrite(s, req_addr, Data, vqa.length);
> + } else {
> + address_space_write(first_cpu->as, req_addr,
> + MEMTXATTRS_UNSPECIFIED,
> + &Data, vqa.length);
> + }
> if (vq_touched[vqa.queue] == 0) {
> vq_touched[vqa.queue] = 1;
> free_head[vqa.queue] = qvirtqueue_add(s, q, req_addr, vqa.length,
> @@ -141,7 +151,25 @@ static void virtio_scsi_fork_fuzz(QTestState *s,
> queues = qvirtio_scsi_init(scsi->vdev, 0);
> }
> if (fork() == 0) {
> - virtio_scsi_fuzz(s, queues, Data, Size);
> + virtio_scsi_fuzz(s, queues, Data, Size, false);
> + flush_events(s);
> + _Exit(0);
> + } else {
> + wait(NULL);
> + }
> +}
> +
> +static void virtio_scsi_fork_fuzz_qtest(QTestState *s,
> + const unsigned char *Data,
> + size_t Size)
> +{
> + QVirtioSCSI *scsi = fuzz_qos_obj;
> + static QVirtioSCSIQueues *queues;
> + if (!queues) {
> + queues = qvirtio_scsi_init(scsi->vdev, 0);
> + }
> + if (fork() == 0) {
> + virtio_scsi_fuzz(s, queues, Data, Size, true);
> flush_events(s);
> _Exit(0);
> } else {
> @@ -159,7 +187,9 @@ static void virtio_scsi_with_flag_fuzz(QTestState *s,
> if (Size >= sizeof(uint64_t)) {
> queues = qvirtio_scsi_init(scsi->vdev, *(uint64_t *)Data);
> virtio_scsi_fuzz(s, queues,
> - Data + sizeof(uint64_t), Size -
> sizeof(uint64_t));
> + Data + sizeof(uint64_t),
> + Size - sizeof(uint64_t),
> + false);
> flush_events(s);
> }
> _Exit(0);
> @@ -189,7 +219,7 @@ static void register_virtio_scsi_fuzz_targets(void)
> {
> fuzz_add_qos_target(&(FuzzTarget){
> .name = "virtio-scsi-fuzz",
> - .description = "Fuzz the virtio-scsi virtual queues, forking"
> + .description = "Fuzz the virtio-scsi virtual queues, forking
> "
> "for each fuzz run",
> .pre_vm_init = &counter_shm_init,
> .pre_fuzz = &virtio_scsi_pre_fuzz,
> @@ -198,9 +228,20 @@ static void register_virtio_scsi_fuzz_targets(void)
> &(QOSGraphTestOptions){.before = virtio_scsi_test_setup}
> );
>
> + fuzz_add_qos_target(&(FuzzTarget){
> + .name = "virtio-scsi-fuzz-qtest",
> + .description = "Fuzz the virtio-scsi virtual queues, forking
> "
> + "for each fuzz run (over a qtest chardev)",
> + .pre_vm_init = &counter_shm_init,
> + .pre_fuzz = &virtio_scsi_pre_fuzz,
> + .fuzz = virtio_scsi_fork_fuzz_qtest,},
> + "virtio-scsi",
> + &(QOSGraphTestOptions){.before = virtio_scsi_test_setup}
> + );
> +
> fuzz_add_qos_target(&(FuzzTarget){
> .name = "virtio-scsi-flags-fuzz",
> - .description = "Fuzz the virtio-scsi virtual queues, forking"
> + .description = "Fuzz the virtio-scsi virtual queues, forking
> "
> "for each fuzz run (also fuzzes the virtio flags)",
> .pre_vm_init = &counter_shm_init,
> .pre_fuzz = &virtio_scsi_pre_fuzz,
> --
> 2.21.3
>
