[PATCH 2/2] powerpc/64s/hash: add torture_hpt kernel boot option to increase hash faults
Nicholas Piggin
npiggin at gmail.com
Mon May 4 18:06:21 AEST 2020
Excerpts from Aneesh Kumar K.V's message of May 4, 2020 5:36 pm:
> Nicholas Piggin <npiggin at gmail.com> writes:
>
>> This option increases the number of hash misses by limiting the number of
>> kernel HPT entries. This helps stress test difficult to hit paths in the
>> kernel.
>>
>
> It would nice if we can explain in commit message how we are limiting
> the number of HPT entries.
"limiting the number of kernel HPT entries by removing them as soon as
possible after they are installed"?
>
>> Signed-off-by: Nicholas Piggin <npiggin at gmail.com>
>> ---
>> .../admin-guide/kernel-parameters.txt | 9 +++
>> arch/powerpc/include/asm/book3s/64/mmu-hash.h | 10 +++
>> arch/powerpc/mm/book3s64/hash_4k.c | 3 +
>> arch/powerpc/mm/book3s64/hash_64k.c | 8 +++
>> arch/powerpc/mm/book3s64/hash_utils.c | 66 ++++++++++++++++++-
>> 5 files changed, 95 insertions(+), 1 deletion(-)
>
> ....
>
>
>> +void hpt_do_torture(unsigned long ea, unsigned long access,
>> + unsigned long rflags, unsigned long hpte_group)
>> +{
>> + unsigned long last_group;
>> + int cpu = raw_smp_processor_id();
>> +
>> + last_group = torture_hpt_last_group[cpu];
>> + if (last_group != -1UL) {
>> + while (mmu_hash_ops.hpte_remove(last_group) != -1)
>> + ;
>> + torture_hpt_last_group[cpu] = -1UL;
>> + }
>> +
>> +#define QEMU_WORKAROUND 0
>> +
>> + if (ea >= PAGE_OFFSET) {
>> + if (!QEMU_WORKAROUND && (access & (_PAGE_READ|_PAGE_WRITE)) &&
>> + !(rflags & (HPTE_R_I|HPTE_R_G))) {
>> + /* prefetch / prefetchw does not seem to set up a TLB
>> + * entry with the powerpc systemsim (mambo) emulator,
>> + * though it works with real hardware. An alternative
>> + * approach that would work more reliably on quirky
>> + * emulators like QEMU may be to remember the last
>> + * insertion and remove that, rather than removing the
>> + * current insertion. Then no prefetch is required.
>> + */
>> + if ((access & _PAGE_WRITE) && (access & _PAGE_READ))
>> + atomic_add(0, (atomic_t *)(ea & ~0x3));
>> + else if (access & _PAGE_READ)
>> + *(volatile char *)ea;
>> +
>> + mb();
>> +
>> + while (mmu_hash_ops.hpte_remove(hpte_group) != -1)
>> + ;
>
> Do we get similar hpte faults rate, if we remove everything except the
> current inserted entry?. If so that would largely simplify the code.
Well it would remove this one branch at least. It does actually help
cause more faults and helps (in theory) irritate cases where you have
two accesses to a vmalloc page in the kernel, where the first is okay
to take a fault but the second is buggy.
I actually like the interesting behaviour it exposes in emulators too.
We should really fix mambo to have prefetches bring in TLBs, and fix
qemu to bring in TLBs more like hardware, and it could have TLB vs PTE
consistency checks to catch bugs like mambo does.
So I prefer leaving this in.
Thanks,
Nick
More information about the Linuxppc-dev
mailing list