| Message ID | 20230307112845.452053-5-alex.bennee@linaro.org |
|---|---|
| State | New |
| Headers | show |
| Series | MTTCG sanity tests for ARM | expand |
On Tue, Mar 07, 2023 at 11:28:42AM +0000, Alex Bennée wrote: > This adds a fairly brain dead torture test for TLB flushes intended > for stressing the MTTCG QEMU build. It takes the usual -smp option for > multiple CPUs. > > By default it CPU0 will do a TLBIALL flush after each cycle. You can > pass options via -append to control additional aspects of the test: > > - "page" flush each page in turn (one per function) > - "self" do the flush after each computation cycle > - "verbose" report progress on each computation cycle > > Signed-off-by: Alex Bennée <alex.bennee@linaro.org> > CC: Mark Rutland <mark.rutland@arm.com> > Message-Id: <20211118184650.661575-7-alex.bennee@linaro.org> > > --- > v9 > - move tests back into unittests.cfg (with nodefault mttcg) > - replace printf with report_info > - drop accel = tcg > --- > arm/Makefile.common | 1 + > arm/tlbflush-code.c | 209 ++++++++++++++++++++++++++++++++++++++++++++ > arm/unittests.cfg | 25 ++++++ > 3 files changed, 235 insertions(+) > create mode 100644 arm/tlbflush-code.c > > diff --git a/arm/Makefile.common b/arm/Makefile.common > index 16f8c6df..2c4aad38 100644 > --- a/arm/Makefile.common > +++ b/arm/Makefile.common > @@ -12,6 +12,7 @@ tests-common += $(TEST_DIR)/gic.flat > tests-common += $(TEST_DIR)/psci.flat > tests-common += $(TEST_DIR)/sieve.flat > tests-common += $(TEST_DIR)/pl031.flat > +tests-common += $(TEST_DIR)/tlbflush-code.flat > > tests-all = $(tests-common) $(tests) > all: directories $(tests-all) > diff --git a/arm/tlbflush-code.c b/arm/tlbflush-code.c > new file mode 100644 > index 00000000..bf9eb111 > --- /dev/null > +++ b/arm/tlbflush-code.c > @@ -0,0 +1,209 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later > +/* > + * TLB Flush Race Tests > + * > + * These tests are designed to test for incorrect TLB flush semantics > + * under emulation. The initial CPU will set all the others working a > + * compuation task and will then trigger TLB flushes across the computation > + * system. It doesn't actually need to re-map anything but the flushes > + * themselves will trigger QEMU's TCG self-modifying code detection > + * which will invalidate any generated code causing re-translation. > + * Eventually the code buffer will fill and a general tb_lush() will > + * be triggered. > + * > + * Copyright (C) 2016-2021, Linaro, Alex Bennée <alex.bennee@linaro.org> > + * > + * This work is licensed under the terms of the GNU LGPL, version 2. > + */ > + > +#include <libcflat.h> > +#include <asm/smp.h> > +#include <asm/cpumask.h> > +#include <asm/barrier.h> > +#include <asm/mmu.h> > + > +#define SEQ_LENGTH 10 > +#define SEQ_HASH 0x7cd707fe > + > +static cpumask_t smp_test_complete; > +static int flush_count = 1000000; > +static bool flush_self; > +static bool flush_page; > +static bool flush_verbose; > + > +/* > + * Work functions > + * > + * These work functions need to be: > + * > + * - page aligned, so we can flush one function at a time > + * - have branches, so QEMU TCG generates multiple basic blocks > + * - call across pages, so we exercise the TCG basic block slow path > + */ > + > +/* Adler32 */ > +__attribute__((aligned(PAGE_SIZE))) static > +uint32_t hash_array(const void *buf, size_t buflen) > +{ > + const uint8_t *data = (uint8_t *) buf; > + uint32_t s1 = 1; > + uint32_t s2 = 0; > + > + for (size_t n = 0; n < buflen; n++) { > + s1 = (s1 + data[n]) % 65521; > + s2 = (s2 + s1) % 65521; > + } > + return (s2 << 16) | s1; > +} > + > +__attribute__((aligned(PAGE_SIZE))) static > +void create_fib_sequence(int length, unsigned int *array) > +{ > + int i; > + > + /* first two values */ > + array[0] = 0; > + array[1] = 1; > + for (i = 2; i < length; i++) > + array[i] = array[i-2] + array[i-1]; > +} > + > +__attribute__((aligned(PAGE_SIZE))) static > +unsigned long long factorial(unsigned int n) > +{ > + unsigned int i; > + unsigned long long fac = 1; > + > + for (i = 1; i <= n; i++) > + fac = fac * i; > + return fac; > +} > + > +__attribute__((aligned(PAGE_SIZE))) static > +void factorial_array(unsigned int n, unsigned int *input, > + unsigned long long *output) > +{ > + unsigned int i; > + > + for (i = 0; i < n; i++) > + output[i] = factorial(input[i]); > +} > + > +__attribute__((aligned(PAGE_SIZE))) static > +unsigned int do_computation(void) > +{ > + unsigned int fib_array[SEQ_LENGTH]; > + unsigned long long facfib_array[SEQ_LENGTH]; > + uint32_t fib_hash, facfib_hash; > + > + create_fib_sequence(SEQ_LENGTH, &fib_array[0]); > + fib_hash = hash_array(&fib_array[0], sizeof(fib_array)); > + factorial_array(SEQ_LENGTH, &fib_array[0], &facfib_array[0]); > + facfib_hash = hash_array(&facfib_array[0], sizeof(facfib_array)); > + > + return (fib_hash ^ facfib_hash); > +} > + > +/* This provides a table of the work functions so we can flush each > + * page individually > + */ > +static void *pages[] = {&hash_array, &create_fib_sequence, &factorial, > + &factorial_array, &do_computation}; > + > +static void do_flush(int i) > +{ > + if (flush_page) > + flush_tlb_page((unsigned long)pages[i % ARRAY_SIZE(pages)]); > + else > + flush_tlb_all(); > +} > + > + > +static void just_compute(void) > +{ > + int i, errors = 0; > + int cpu = smp_processor_id(); > + > + uint32_t result; > + > + report_info("CPU%d online", cpu); > + > + for (i = 0 ; i < flush_count; i++) { > + result = do_computation(); > + > + if (result != SEQ_HASH) { > + errors++; > + report_info("CPU%d: seq%d 0x%"PRIx32"!=0x%x", > + cpu, i, result, SEQ_HASH); > + } > + > + if (flush_verbose && (i % 1000) == 0) > + report_info("CPU%d: seq%d", cpu, i); > + > + if (flush_self) > + do_flush(i); > + } > + > + report(errors == 0, "CPU%d: Done - Errors: %d", cpu, errors); > + > + cpumask_set_cpu(cpu, &smp_test_complete); > + if (cpu != 0) > + halt(); > +} > + > +static void just_flush(void) > +{ > + int cpu = smp_processor_id(); > + int i = 0; > + > + /* > + * Set our CPU as done, keep flushing until everyone else > + * finished > + */ > + cpumask_set_cpu(cpu, &smp_test_complete); > + > + while (!cpumask_full(&smp_test_complete)) > + do_flush(i++); > + > + report_info("CPU%d: Done - Triggered %d flushes", cpu, i); > +} > + > +int main(int argc, char **argv) > +{ > + int cpu, i; > + char prefix[100]; > + > + for (i = 0; i < argc; i++) { > + char *arg = argv[i]; > + > + if (strcmp(arg, "page") == 0) > + flush_page = true; > + > + if (strcmp(arg, "self") == 0) > + flush_self = true; > + > + if (strcmp(arg, "verbose") == 0) > + flush_verbose = true; > + } > + > + snprintf(prefix, sizeof(prefix), "tlbflush_%s_%s", > + flush_page ? "page" : "all", > + flush_self ? "self" : "other"); > + report_prefix_push(prefix); > + > + for_each_present_cpu(cpu) { > + if (cpu == 0) > + continue; > + smp_boot_secondary(cpu, just_compute); > + } > + > + if (flush_self) > + just_compute(); > + else > + just_flush(); > + > + while (!cpumask_full(&smp_test_complete)) > + cpu_relax(); > + > + return report_summary(); > +} > diff --git a/arm/unittests.cfg b/arm/unittests.cfg > index 5e67b558..ee21aef4 100644 > --- a/arm/unittests.cfg > +++ b/arm/unittests.cfg > @@ -275,3 +275,28 @@ file = debug.flat > arch = arm64 > extra_params = -append 'ss-migration' > groups = debug migration > + > +# TLB Torture Tests > +[tlbflush-code::all_other] It's better to use '-', '_', '.', or ',' than '::' because otherwise the standalone test will have a filename like tests/tlbflush-code::all_other which will be awkward for shells. BTW, have you tried running these tests as standalone? Since they're 'nodefault' it'd be good if they work that way. > +file = tlbflush-code.flat > +smp = $(($MAX_SMP>4?4:$MAX_SMP)) > +groups = nodefault mttcg > + > +[tlbflush-code::page_other] > +file = tlbflush-code.flat > +smp = $(($MAX_SMP>4?4:$MAX_SMP)) > +extra_params = -append 'page' > +groups = nodefault mttcg > + > +[tlbflush-code::all_self] > +file = tlbflush-code.flat > +smp = $(($MAX_SMP>4?4:$MAX_SMP)) > +extra_params = -append 'self' > +groups = nodefault mttcg > + > +[tlbflush-code::page_self] > +file = tlbflush-code.flat > +smp = $(($MAX_SMP>4?4:$MAX_SMP)) > +extra_params = -append 'page self' > +groups = nodefault mttcg > + > -- > 2.39.2 > Thanks, drew
On Tue, Mar 21, 2023 at 04:02:21PM +0100, Andrew Jones wrote: ... > > + > > +# TLB Torture Tests > > +[tlbflush-code::all_other] > > It's better to use '-', '_', '.', or ',' than '::' because otherwise the > standalone test will have a filename like tests/tlbflush-code::all_other > which will be awkward for shells. > > BTW, have you tried running these tests as standalone? Since they're > 'nodefault' it'd be good if they work that way. > > > +file = tlbflush-code.flat > > +smp = $(($MAX_SMP>4?4:$MAX_SMP)) > > +groups = nodefault mttcg > > + > > +[tlbflush-code::page_other] > > +file = tlbflush-code.flat > > +smp = $(($MAX_SMP>4?4:$MAX_SMP)) > > +extra_params = -append 'page' > > +groups = nodefault mttcg > > + > > +[tlbflush-code::all_self] > > +file = tlbflush-code.flat > > +smp = $(($MAX_SMP>4?4:$MAX_SMP)) > > +extra_params = -append 'self' > > +groups = nodefault mttcg > > + > > +[tlbflush-code::page_self] > > +file = tlbflush-code.flat > > +smp = $(($MAX_SMP>4?4:$MAX_SMP)) > > +extra_params = -append 'page self' > > +groups = nodefault mttcg Shouldn't these also be in something like a "tlb" group? Thanks, drew
Andrew Jones <andrew.jones@linux.dev> writes: > On Tue, Mar 07, 2023 at 11:28:42AM +0000, Alex Bennée wrote: >> This adds a fairly brain dead torture test for TLB flushes intended >> for stressing the MTTCG QEMU build. It takes the usual -smp option for >> multiple CPUs. >> <snip> > > BTW, have you tried running these tests as standalone? Since they're > 'nodefault' it'd be good if they work that way. It works but I couldn't get it to skip pass the nodefault check automaticaly: env run_all_tests=1 QEMU=$HOME/lsrc/qemu.git/builds/arm.all/qemu-system-aarch64 ./tests/tcg.computed BUILD_HEAD=c9cf6e90 Test marked not to be run by default, are you sure (y/N)? > >> +file = tlbflush-code.flat >> +smp = $(($MAX_SMP>4?4:$MAX_SMP)) >> +groups = nodefault mttcg >> + >> +[tlbflush-code::page_other] >> +file = tlbflush-code.flat >> +smp = $(($MAX_SMP>4?4:$MAX_SMP)) >> +extra_params = -append 'page' >> +groups = nodefault mttcg >> + >> +[tlbflush-code::all_self] >> +file = tlbflush-code.flat >> +smp = $(($MAX_SMP>4?4:$MAX_SMP)) >> +extra_params = -append 'self' >> +groups = nodefault mttcg >> + >> +[tlbflush-code::page_self] >> +file = tlbflush-code.flat >> +smp = $(($MAX_SMP>4?4:$MAX_SMP)) >> +extra_params = -append 'page self' >> +groups = nodefault mttcg >> + >> -- >> 2.39.2 >> > > Thanks, > drew
On Tue, Apr 11, 2023 at 09:26:56AM +0100, Alex Bennée wrote: > > Andrew Jones <andrew.jones@linux.dev> writes: > > > On Tue, Mar 07, 2023 at 11:28:42AM +0000, Alex Bennée wrote: > >> This adds a fairly brain dead torture test for TLB flushes intended > >> for stressing the MTTCG QEMU build. It takes the usual -smp option for > >> multiple CPUs. > >> > <snip> > > > > BTW, have you tried running these tests as standalone? Since they're > > 'nodefault' it'd be good if they work that way. > > It works but I couldn't get it to skip pass the nodefault check > automaticaly: > > env run_all_tests=1 QEMU=$HOME/lsrc/qemu.git/builds/arm.all/qemu-system-aarch64 ./tests/tcg.computed > BUILD_HEAD=c9cf6e90 > Test marked not to be run by default, are you sure (y/N)? > I think $ yes | tests/some-nodefault-test should work. Thanks, drew
diff --git a/arm/Makefile.common b/arm/Makefile.common index 16f8c6df..2c4aad38 100644 --- a/arm/Makefile.common +++ b/arm/Makefile.common @@ -12,6 +12,7 @@ tests-common += $(TEST_DIR)/gic.flat tests-common += $(TEST_DIR)/psci.flat tests-common += $(TEST_DIR)/sieve.flat tests-common += $(TEST_DIR)/pl031.flat +tests-common += $(TEST_DIR)/tlbflush-code.flat tests-all = $(tests-common) $(tests) all: directories $(tests-all) diff --git a/arm/tlbflush-code.c b/arm/tlbflush-code.c new file mode 100644 index 00000000..bf9eb111 --- /dev/null +++ b/arm/tlbflush-code.c @@ -0,0 +1,209 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * TLB Flush Race Tests + * + * These tests are designed to test for incorrect TLB flush semantics + * under emulation. The initial CPU will set all the others working a + * compuation task and will then trigger TLB flushes across the + * system. It doesn't actually need to re-map anything but the flushes + * themselves will trigger QEMU's TCG self-modifying code detection + * which will invalidate any generated code causing re-translation. + * Eventually the code buffer will fill and a general tb_lush() will + * be triggered. + * + * Copyright (C) 2016-2021, Linaro, Alex Bennée <alex.bennee@linaro.org> + * + * This work is licensed under the terms of the GNU LGPL, version 2. + */ + +#include <libcflat.h> +#include <asm/smp.h> +#include <asm/cpumask.h> +#include <asm/barrier.h> +#include <asm/mmu.h> + +#define SEQ_LENGTH 10 +#define SEQ_HASH 0x7cd707fe + +static cpumask_t smp_test_complete; +static int flush_count = 1000000; +static bool flush_self; +static bool flush_page; +static bool flush_verbose; + +/* + * Work functions + * + * These work functions need to be: + * + * - page aligned, so we can flush one function at a time + * - have branches, so QEMU TCG generates multiple basic blocks + * - call across pages, so we exercise the TCG basic block slow path + */ + +/* Adler32 */ +__attribute__((aligned(PAGE_SIZE))) static +uint32_t hash_array(const void *buf, size_t buflen) +{ + const uint8_t *data = (uint8_t *) buf; + uint32_t s1 = 1; + uint32_t s2 = 0; + + for (size_t n = 0; n < buflen; n++) { + s1 = (s1 + data[n]) % 65521; + s2 = (s2 + s1) % 65521; + } + return (s2 << 16) | s1; +} + +__attribute__((aligned(PAGE_SIZE))) static +void create_fib_sequence(int length, unsigned int *array) +{ + int i; + + /* first two values */ + array[0] = 0; + array[1] = 1; + for (i = 2; i < length; i++) + array[i] = array[i-2] + array[i-1]; +} + +__attribute__((aligned(PAGE_SIZE))) static +unsigned long long factorial(unsigned int n) +{ + unsigned int i; + unsigned long long fac = 1; + + for (i = 1; i <= n; i++) + fac = fac * i; + return fac; +} + +__attribute__((aligned(PAGE_SIZE))) static +void factorial_array(unsigned int n, unsigned int *input, + unsigned long long *output) +{ + unsigned int i; + + for (i = 0; i < n; i++) + output[i] = factorial(input[i]); +} + +__attribute__((aligned(PAGE_SIZE))) static +unsigned int do_computation(void) +{ + unsigned int fib_array[SEQ_LENGTH]; + unsigned long long facfib_array[SEQ_LENGTH]; + uint32_t fib_hash, facfib_hash; + + create_fib_sequence(SEQ_LENGTH, &fib_array[0]); + fib_hash = hash_array(&fib_array[0], sizeof(fib_array)); + factorial_array(SEQ_LENGTH, &fib_array[0], &facfib_array[0]); + facfib_hash = hash_array(&facfib_array[0], sizeof(facfib_array)); + + return (fib_hash ^ facfib_hash); +} + +/* This provides a table of the work functions so we can flush each + * page individually + */ +static void *pages[] = {&hash_array, &create_fib_sequence, &factorial, + &factorial_array, &do_computation}; + +static void do_flush(int i) +{ + if (flush_page) + flush_tlb_page((unsigned long)pages[i % ARRAY_SIZE(pages)]); + else + flush_tlb_all(); +} + + +static void just_compute(void) +{ + int i, errors = 0; + int cpu = smp_processor_id(); + + uint32_t result; + + report_info("CPU%d online", cpu); + + for (i = 0 ; i < flush_count; i++) { + result = do_computation(); + + if (result != SEQ_HASH) { + errors++; + report_info("CPU%d: seq%d 0x%"PRIx32"!=0x%x", + cpu, i, result, SEQ_HASH); + } + + if (flush_verbose && (i % 1000) == 0) + report_info("CPU%d: seq%d", cpu, i); + + if (flush_self) + do_flush(i); + } + + report(errors == 0, "CPU%d: Done - Errors: %d", cpu, errors); + + cpumask_set_cpu(cpu, &smp_test_complete); + if (cpu != 0) + halt(); +} + +static void just_flush(void) +{ + int cpu = smp_processor_id(); + int i = 0; + + /* + * Set our CPU as done, keep flushing until everyone else + * finished + */ + cpumask_set_cpu(cpu, &smp_test_complete); + + while (!cpumask_full(&smp_test_complete)) + do_flush(i++); + + report_info("CPU%d: Done - Triggered %d flushes", cpu, i); +} + +int main(int argc, char **argv) +{ + int cpu, i; + char prefix[100]; + + for (i = 0; i < argc; i++) { + char *arg = argv[i]; + + if (strcmp(arg, "page") == 0) + flush_page = true; + + if (strcmp(arg, "self") == 0) + flush_self = true; + + if (strcmp(arg, "verbose") == 0) + flush_verbose = true; + } + + snprintf(prefix, sizeof(prefix), "tlbflush_%s_%s", + flush_page ? "page" : "all", + flush_self ? "self" : "other"); + report_prefix_push(prefix); + + for_each_present_cpu(cpu) { + if (cpu == 0) + continue; + smp_boot_secondary(cpu, just_compute); + } + + if (flush_self) + just_compute(); + else + just_flush(); + + while (!cpumask_full(&smp_test_complete)) + cpu_relax(); + + return report_summary(); +} diff --git a/arm/unittests.cfg b/arm/unittests.cfg index 5e67b558..ee21aef4 100644 --- a/arm/unittests.cfg +++ b/arm/unittests.cfg @@ -275,3 +275,28 @@ file = debug.flat arch = arm64 extra_params = -append 'ss-migration' groups = debug migration + +# TLB Torture Tests +[tlbflush-code::all_other] +file = tlbflush-code.flat +smp = $(($MAX_SMP>4?4:$MAX_SMP)) +groups = nodefault mttcg + +[tlbflush-code::page_other] +file = tlbflush-code.flat +smp = $(($MAX_SMP>4?4:$MAX_SMP)) +extra_params = -append 'page' +groups = nodefault mttcg + +[tlbflush-code::all_self] +file = tlbflush-code.flat +smp = $(($MAX_SMP>4?4:$MAX_SMP)) +extra_params = -append 'self' +groups = nodefault mttcg + +[tlbflush-code::page_self] +file = tlbflush-code.flat +smp = $(($MAX_SMP>4?4:$MAX_SMP)) +extra_params = -append 'page self' +groups = nodefault mttcg +
This adds a fairly brain dead torture test for TLB flushes intended for stressing the MTTCG QEMU build. It takes the usual -smp option for multiple CPUs. By default it CPU0 will do a TLBIALL flush after each cycle. You can pass options via -append to control additional aspects of the test: - "page" flush each page in turn (one per function) - "self" do the flush after each computation cycle - "verbose" report progress on each computation cycle Signed-off-by: Alex Bennée <alex.bennee@linaro.org> CC: Mark Rutland <mark.rutland@arm.com> Message-Id: <20211118184650.661575-7-alex.bennee@linaro.org> --- v9 - move tests back into unittests.cfg (with nodefault mttcg) - replace printf with report_info - drop accel = tcg --- arm/Makefile.common | 1 + arm/tlbflush-code.c | 209 ++++++++++++++++++++++++++++++++++++++++++++ arm/unittests.cfg | 25 ++++++ 3 files changed, 235 insertions(+) create mode 100644 arm/tlbflush-code.c