Re: [PATCH 2/2] tests/qtest/fuzz: Avoid QTest mmio serialization

[Alexander Bulekov]

On 200526 0758, Philippe Mathieu-Daudé wrote:
> We don't need to serialize over QTest chardev when we can
> directly access the MMIO address space via the first
> registered CPU view.
> 
> virtio-net-socket gets ~50% performance improvement.

One option might be to write alternate (direct) implemtations for
qtest_out*, qtest_write*, qest_read*, qtest_bufread, qtest_bufwrite and
qtest_memset. Maybe these could even go into qtest.c, alleviating some
of the complexity of qtest_process_command(). Then there can be
a preprocessor option to link against libqtest or against the direct
access functions. In the case of qos-based virtio and scsi fuzzers
below, this would also mean that abstract functions such as
qvirtqueue_add would also go through the direct access layer, instead of
mixing direct access and qtest commands.

I don't think this is something we need right now, but it would be
useful for building qtest reproducers.

> Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Alexander Bulekov <address@hidden>

> ---
>  tests/qtest/fuzz/virtio_net_fuzz.c  | 6 ++++--
>  tests/qtest/fuzz/virtio_scsi_fuzz.c | 6 +++++-
>  2 files changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/tests/qtest/fuzz/virtio_net_fuzz.c 
> b/tests/qtest/fuzz/virtio_net_fuzz.c
> index d08a47e278..ec993c9d5f 100644
> --- a/tests/qtest/fuzz/virtio_net_fuzz.c
> +++ b/tests/qtest/fuzz/virtio_net_fuzz.c
> @@ -19,6 +19,8 @@
>  #include "fork_fuzz.h"
>  #include "qos_fuzz.h"
>  
> +#include "exec/address-spaces.h"
> +#include "hw/core/cpu.h"
>  
>  #define QVIRTIO_NET_TIMEOUT_US (30 * 1000 * 1000)
>  #define QVIRTIO_RX_VQ 0
> @@ -69,8 +71,8 @@ static void virtio_net_fuzz_multi(QTestState *s,
>               * If checking used ring, ensure that the fuzzer doesn't trigger
>               * trivial asserion failure on zero-zied buffer
>               */
> -            qtest_memwrite(s, req_addr, Data, vqa.length);
> -
> +            address_space_write(first_cpu->as, req_addr, 
> MEMTXATTRS_UNSPECIFIED,
> +                                &Data, vqa.length);
>  
>              free_head = qvirtqueue_add(s, q, req_addr, vqa.length,
>                      vqa.write, vqa.next);
> diff --git a/tests/qtest/fuzz/virtio_scsi_fuzz.c 
> b/tests/qtest/fuzz/virtio_scsi_fuzz.c
> index 3b95247f12..5096a5a730 100644
> --- a/tests/qtest/fuzz/virtio_scsi_fuzz.c
> +++ b/tests/qtest/fuzz/virtio_scsi_fuzz.c
> @@ -23,6 +23,9 @@
>  #include "fork_fuzz.h"
>  #include "qos_fuzz.h"
>  
> +#include "exec/address-spaces.h"
> +#include "hw/core/cpu.h"
> +
>  #define PCI_SLOT                0x02
>  #define PCI_FN                  0x00
>  #define QVIRTIO_SCSI_TIMEOUT_US (1 * 1000 * 1000)
> @@ -108,7 +111,8 @@ static void virtio_scsi_fuzz(QTestState *s, 
> QVirtioSCSIQueues* queues,
>  
>          /* Copy the data into ram, and place it on the virtqueue */
>          uint64_t req_addr = guest_alloc(t_alloc, vqa.length);
> -        qtest_memwrite(s, req_addr, Data, vqa.length);
> +        address_space_write(first_cpu->as, req_addr, MEMTXATTRS_UNSPECIFIED,
> +                            &Data, vqa.length);
>          if (vq_touched[vqa.queue] == 0) {
>              vq_touched[vqa.queue] = 1;
>              free_head[vqa.queue] = qvirtqueue_add(s, q, req_addr, vqa.length,
> -- 
> 2.21.3
>