KVM: PPC: Book3S HV: Ratelimit machine check messages coming from guests

A number of machine check exceptions are triggerable by the guest.
Ratelimit these to avoid a guest flooding the host console and logs.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
[mpe: Use dedicated ratelimit state, not printk_ratelimit()]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20201128070728.825934-5-npiggin@gmail.com

diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index 0faafe6..cfaa91b 100644 (file)
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -1327,9 +1327,15 @@ static int kvmppc_handle_exit_hv(struct kvm_vcpu *vcpu,
        case BOOK3S_INTERRUPT_SYSTEM_RESET:
                r = RESUME_GUEST;
                break;
-       case BOOK3S_INTERRUPT_MACHINE_CHECK:
-               /* Print the MCE event to host console. */
-               machine_check_print_event_info(&vcpu->arch.mce_evt, false, true);
+       case BOOK3S_INTERRUPT_MACHINE_CHECK: {
+               static DEFINE_RATELIMIT_STATE(rs, DEFAULT_RATELIMIT_INTERVAL,
+                                             DEFAULT_RATELIMIT_BURST);
+               /*
+                * Print the MCE event to host console. Ratelimit so the guest
+                * can't flood the host log.
+                */
+               if (__ratelimit(&rs))
+                       machine_check_print_event_info(&vcpu->arch.mce_evt,false, true);
 
                /*
                 * If the guest can do FWNMI, exit to userspace so it can
@@ -1357,6 +1363,7 @@ static int kvmppc_handle_exit_hv(struct kvm_vcpu *vcpu,
 
                r = RESUME_HOST;
                break;
+       }
        case BOOK3S_INTERRUPT_PROGRAM:
        {
                ulong flags;
@@ -1516,11 +1523,16 @@ static int kvmppc_handle_nested_exit(struct kvm_vcpu *vcpu)
                r = RESUME_GUEST;
                break;
        case BOOK3S_INTERRUPT_MACHINE_CHECK:
+       {
+               static DEFINE_RATELIMIT_STATE(rs, DEFAULT_RATELIMIT_INTERVAL,
+                                             DEFAULT_RATELIMIT_BURST);
                /* Pass the machine check to the L1 guest */
                r = RESUME_HOST;
                /* Print the MCE event to host console. */
-               machine_check_print_event_info(&vcpu->arch.mce_evt, false, true);
+               if (__ratelimit(&rs))
+                       machine_check_print_event_info(&vcpu->arch.mce_evt, false, true);
                break;
+       }
        /*
         * We get these next two if the guest accesses a page which it thinks
         * it has mapped but which is not actually present, either because