[PATCH v5 0/21] ratelimit: Reduce ratelimit's false-positive misses
From: Paul E. McKenney
Date: Thu May 08 2025 - 19:32:47 EST
Hello!
This v5 series replaces open-coded uses of the ratelimit_state structure
with formal APIs, counts all rate-limit misses, replaces jiffies=0 special
case with a flag, provides a ___ratelimit() trylock-failure fastpath to
(almost) eliminate false-positive misses, simplifies the code, and adds
a simple "smoke" test along with a simple stress test.
The key point of this series is the reduction of false-positive misses.
More could be done to avoid open-coded access to the ->interval and
->burst fields, and to tighten up checking of user input for these fields,
but those are jobs for later patches.
The individual patches are as follows:
1. Create functions to handle ratelimit_state internals.
2. Avoid open-coded use of ratelimit_state structure's ->missed
field.
3. Avoid open-coded use of ratelimit_state structure's ->missed
field.
4. Avoid open-coded use of ratelimit_state structure's internals.
5. Convert the ->missed field to atomic_t.
6. Count misses due to lock contention.
7. Avoid jiffies=0 special case.
8. Reduce ___ratelimit() false-positive rate limiting, courtesy of
Petr Mladek.
9. Allow zero ->burst to disable ratelimiting.
10. Force re-initialization when rate-limiting re-enabled.
11. Don't flush misses counter if RATELIMIT_MSG_ON_RELEASE.
12. Avoid atomic decrement if already rate-limited.
13. Avoid atomic decrement under lock if already rate-limited.
14. Warn if ->interval or ->burst are negative, courtesy of Petr
Mladek.
15. Simplify common-case exit path.
16. Use nolock_ret label to save a couple of lines of code.
17. Use nolock_ret label to collapse lock-failure code.
18. Use nolock_ret restructuring to collapse common case code.
19. Drop redundant accesses to burst.
20. Add trivial kunit test for ratelimit.
21. Add stress test for ratelimit.
Changes since v4:
o Add a simple stress test.
o Move the tests to the end of the series for bisectability.
o Add Reviewed-by tags.
Changes since v3:
o Correctly handle zero-initialized ratelimit_state structures,
being careful to avoid acquiring the uninitialized ->lock.
o Remove redundant checks of the "burst" local variable.
o Add Reviewed-by tags.
Changes since v2:
o Apply feedback from Bert Karwatzki, Srikanth Aithal, and Mark
Brown, fixing a hang that happened on some systems.
o Applied Reviewed-by tags and added links.
o Added a prototype patch from Petr Mladek that splats if either
interval or burst are negative.
o Added several commits that simplify the code.
Changes since v1 (RFC):
o Switch from lockless fastpath to carrying out needed updates
upon trylock failure, per Petr Mladek feedback. This greatly
simplifies the code and is a much smaller change from the
current code. There is a small performance penalty compared to
the lockless fastpath, but not enough to matter.
o Never unconditionally acquire the lock, again per Petr Mladek
feedback.
o Better define effects of non-positive burst values (always
ratelimit) and non-positive interval values (never ratelimit
when the burst value is positive).
o The changes from Petr's original are supplied as five incremental
patches, but could easily be folded into Petr's original if
desired. (Left to my lazy self, they stay as-is.)
Thanx, Paul
------------------------------------------------------------------------
b/drivers/char/random.c | 9 +
b/drivers/gpu/drm/amd/pm/amdgpu_pm.c | 11 --
b/drivers/gpu/drm/i915/i915_perf.c | 8 -
b/include/linux/ratelimit.h | 40 +++++++-
b/include/linux/ratelimit_types.h | 2
b/lib/Kconfig.debug | 11 ++
b/lib/ratelimit.c | 8 -
b/lib/tests/Makefile | 1
b/lib/tests/test_ratelimit.c | 79 ++++++++++++++++
include/linux/ratelimit.h | 13 +-
include/linux/ratelimit_types.h | 3
lib/ratelimit.c | 165 ++++++++++++++++++++---------------
lib/tests/test_ratelimit.c | 69 ++++++++++++++
13 files changed, 313 insertions(+), 106 deletions(-)