[GIT PULL] fscrypt fix for v6.3-rc4
Linus Torvalds
torvalds at linux-foundation.org
Tue Mar 21 19:03:45 UTC 2023
On Mon, Mar 20, 2023 at 7:03 PM Theodore Ts'o <tytso at mit.edu> wrote:
>
> Another option is WARN_RATELIMITED.
I don't think that exists.
There's 'pr_warn_ratelimited()', but honestly, the rate limiting is a
joke. It's fine for things that never happen, but if you can flood
things without the rate limiting, you can still flood things with the
rate limiting.
The default rate limiting is "max five reports every five seconds".
For some "this should never happen", a reasonable rate limit might be
"once every 24 hours" or something like that. Just make sure that if
the machine stays up for months or years at a time, it doesn't get
hidden in all the *other* noise.
Our rate limiting sucks. The only thing that really saves it is that
rate limiting is used for things that never happen in the first place,
and the default values are basically picked for "this is a network DoS
attempt, let's make sure it stands out in the logs without completely
bogging down the machine".
So no. Please don't use "ratelimited" for "this shouldn't happen".
It's still going to suck. We had that *exact* thing just a couple of
weeks ago:
https://lore.kernel.org/all/CAHk-=wjTMgB0=PQt8synf1MRTfetVXAWWLOibnMKvv1ETn_1uw@mail.gmail.com/
where the networking people thought that ratelimiting would be a good idea.
It's not a good idea.
Linus
More information about the Linux-security-module-archive
mailing list