[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 2/4] xen/console: correct leaky-bucket rate limiter
- To: dmukhin@xxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx
- From: Teddy Astie <teddy.astie@xxxxxxxxxx>
- Date: Thu, 16 Jul 2026 11:50:48 +0200
- Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=vates.tech header.i="@vates.tech" header.h="From:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:In-Reply-To:References:Feedback-ID"
- Autocrypt: addr=teddy.astie@xxxxxxxxxx; keydata= xsDNBGn5sK8BDACuzSrrTjpVf4ay06OYB6yY0J1PqKffihoNMtrQRZjAHxoAPC7LTBVHV/XO Zw5HJc+9R71z1JV+iYg6z3jPziGKzX8Fj3ZXlzJPmpf1PuETH3KdbvtJT4ny+OGntnJntUoR KRPhTirr6yNeBk/637O3CQXjtqFUPZnko8OI/o1yawIBhJJAWicutjkkUgd28Bh6HV9EIumH tCBgn5/1A/fpm9624MMgYLsA8qjC4XsoovQvFCaO8HEhvfzrrTZHjn/nPeB9SigxIxXW8YaT VqMdqul07o72m3eA2mf+LMu9a04FX/d4wbxBLtELm+1jIrbtyaFZEMOLv/haSiS/Lj3btJH/ EoucejoZ5SH49ksmVAmKOLktOaTQ8b2gEvP7iaKiIiszCCtOSRohr+2GvDsDeLvVZnlR3I+S PhHar7TPKjFz0G3DPNolyjXywNqOAMpomSPi8lSwjAFsxOtQbcck/qRGRSNk4DAmH70pA+89 MXfQXZ3qt1Q01B1+sU0I8xsAEQEAAc0kVGVkZHkgQXN0aWUgPHRlZGR5LmFzdGllQHZhdGVz LnRlY2g+wsENBBMBCAA3FiEEGAIew9LzHY3pdrqtZg+p0QLLz9AFAmn5sK8FCQWjmoACGwME CwkIBwUVCAkKCwUWAgMBAAAKCRBmD6nRAsvP0ID6DACGOktArFbLKHNzuyOVCskwfUZPla6Z pd3GZ8r61SrAKePIr2BnpgPkd0hV3bSRkRLIrgjzR2NRCzfp0x0HfuhcYfAYPR46XHTvjaJE v99sT/vGUG1BZguYDOScSEpgSNaNlYum3RKZbMuROxdK8G+YHccJY8PvWSq2K2yiae2KGiAv 1yjnZxug9/PtDfX8vQFUSg2w1ukRDf50wvDohN1zUQfFtofOP2xCRsDZiHAlQ0pF+aUjXQhP eP3IdpfWc8cyRLXF06Rk46YMYCytweGtGdHcqAfrVthl84129ZPN422k/voW0sm14gjYlGcT UwgnYlFRk2FLq0QeKEDcS0aj3o3EVAQCrayoGzi1pnlIKE3PRGUcUzjGVvzQ/po24gOjwba9 Egr/Wmu3MQlx/7A8zT5QBzF/n+RYdLNQ0Eu6YnUwf0Z1uieqNaon+olyIRFiLb/hCZHO6ekN f5vrm2clHUbQAYaPQebknujoKBo6ZLHg0WM1gZS01Gz+aUpKsUfOwM0EafmwsAEMAKiQiZa3 yQMmc/h3sDbfVHPSiBA4IMI/NAB7IotzPHq1GzCpsoVILAhF/INbWjxJ3DbVf+en3/FvdVZg 2S38xtnth0njNdlVKpyxm054phKjbdoFDwaknWolS4hrddTmetSG5/52AjtmPFtlXAk0NmLv fJnW3seXVQbgM7sW/MNXPP5UKDpkGnLhnvej+GU0s3109sJeXT5ImVdphFs9cvyZyBT9t1Pb Rowv58EgV0zE4hbAeVkULAbxFV5b/ExTjjGVHoX7CVhWxvCiTqCUoXZRkUE9C3FnkzEFRkKb Yu6NCfiHfEyB3Xyg9hfdrRgjMRq907zCof+nDtWxGz1MSEuvTj1g9GZ049Bennqzjc/Q+0ov XoK4jm+Py0FiUGUaA6yhexficjH+kCR/xDbVnWrMhSLB4AuTBT9HjfZI6gk3uYLhoT8Pig4/ eVtR2Q1wZIJsFToR6ofGuyECwFcs+PUXN7fmGRSiPXgjAr/zIUBdW0VWCE3OGPNqtRk2E5s6 IQARAQABwsD8BBgBCAAmFiEEGAIew9LzHY3pdrqtZg+p0QLLz9AFAmn5sLAFCQWjmoACGwwA CgkQZg+p0QLLz9DncQwAg76IehTemLIfrB8T9WIBZrI4kUV7G7a4rjiVoUiHYN5QwhnbZnsa JDlt+Ezoqy/510eo2bCSzvW5xXYPgyjcuOPwgQo1Qp764QxyX6rld2f2RcWkDuBHun55ZWXj by8o21ginPRwruBVYY5rVf3DV1iBu4NurUeHtyFk/dS0XTOQi2wVUb17sW/+ybCEokdVacZG zOqP/OmwHrF8ylXlXnhQq6e3r+J+T8fuoGJelm/CJiMwyP6cEWE8sxVqX/iqwjwUYkuOCpE+ lOWSvdNHgoEkWR0RXBPQjnGmLKbfTl/QDXLk6NP2/r9uxm2HL6Ei3QJKSEdrp+XZaVnk/Off O485NOTKwGOxyWb006cTMh53xPkAJFQu4Tvdj+odsHz88jqw5wfPG0BYWx0I/FspYj7N9kZR 8ULR9nX0LvpzJ/kB4NgHIUt8YtIL6ZSfM2dbF7fKzvx1UqFfvozJZwFzfEieJLXa4nlGgR6D x9fhaZEsniw8/bYgC3igkk5YJiOa
- Cc: andrew.cooper3@xxxxxxxxxx, anthony.perard@xxxxxxxxxx, jbeulich@xxxxxxxx, julien@xxxxxxx, michal.orzel@xxxxxxx, roger.pau@xxxxxxxxxx, sstabellini@xxxxxxxxxx
- Delivery-date: Thu, 16 Jul 2026 09:51:16 +0000
- Feedback-id: default:8631fc262581453bbf619ec5b2062170:Sweego
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Le 15/07/2026 à 22:24, dmukhin@xxxxxxxx a écrit :
From: Denis Mukhin <dmukhin@xxxxxxxx>
Use existing printk_ratelimit_ms and printk_ratelimit_burst variables in
do_printk_ratelimit() instead of hardcoded values 5000 and 10 respectively.
Ensure rate limiter is disabled if either printk_ratelimit_ms or
printk_ratelimit_burst is 0. Make sure no unnecessary initialization is done
in the corner case.
Also, simplify the limiter code by using min().
Signed-off-by: Denis Mukhin <dmukhin@xxxxxxxx>
---
Changes since v2:
- fixed typing and 32-bit integer overflow problem
---
xen/drivers/char/console.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/xen/drivers/char/console.c b/xen/drivers/char/console.c
index 5d395f882e08..de9f2432445d 100644
--- a/xen/drivers/char/console.c
+++ b/xen/drivers/char/console.c
@@ -1274,21 +1274,26 @@ bool __printk_ratelimit(unsigned int ratelimit_ms,
unsigned int ratelimit_burst)
{
static DEFINE_SPINLOCK(ratelimit_lock);
- static unsigned long toks = 10 * 5 * 1000;
- static unsigned long last_msg;
+ static unsigned long long toks, last_msg;
static unsigned int missed;
+ unsigned long long now, limit;
unsigned long flags;
- unsigned long long now = NOW(); /* ns */
- unsigned long ms;
+ s_time_t ms;
- do_div(now, 1000000);
- ms = (unsigned long)now;
+ if ( !ratelimit_burst || !ratelimit_burst )
Do you intend here ( !ratelimit_ms || !ratelimit_burst ) ?
+ return true;
+
+ limit = min(ratelimit_burst * ratelimit_ms, UINT_MAX);
That looks no-op (at least at first stance), as UINT_MAX is the largest
unsigned int value; hence `ratelimit_burst * ratelimit_ms` (both
unsigned int) can't be larger than it; even if it overflows.
I think we need to cast both ratelimit_ms and ratelimit_burst to
unsigned long long before doing the multiply, so that the multiply can't
overflow (not sure exactly how to write it without being too verbose
though).
https://godbolt.org/z/sxWaPM3cr
+ if ( !toks )
+ toks = limit;
+
+ now = NOW(); /* ns */
+ ms = do_div(now, MILLISECS(1));
spin_lock_irqsave(&ratelimit_lock, flags);
toks += ms - last_msg;
last_msg = ms;
- if ( toks > (ratelimit_burst * ratelimit_ms))
- toks = ratelimit_burst * ratelimit_ms;
+ toks = min(toks, limit);
if ( toks >= ratelimit_ms )
{
unsigned int lost = missed;
With the if part fixed and the adjustments in the limit computation
(cast to unsigned long long before the multiply) :
Reviewed-by: Teddy Astie <teddy.astie@xxxxxxxxxx>
Teddy
Attachment:
OpenPGP_0x660FA9D102CBCFD0.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
|