Linux's getrandom() Sees A 8450% Improvement With Latest Code
With Linux 5.17 there is replacing SHA1 with BLAKE2s in the random code among other performance and security improvements. More improvements to the "random" code is on the way with Linux 5.18.
How an exciting email begins...
Donenfeld has been preparing many more random/RNG improvements intended for introduction in Linux 5.18 when that merge window kicks off in late March.
One exciting change to also note is the getrandom() system call may be a hell of a lot faster with the new kernel. The getrandom() call for obtaining random bytes is yielding much faster performance with the latest code in development. Intel's kernel test robot is seeing an 8450% improvement with the stress-ng getrandom() benchmark. Yes, an 8450% improvement.
Donenfeld noted in a message to Phoronix that the change should stem from random: use simpler fast key erasure flow on per-cpu keys. Donenfeld's change explained, "Rather than the clunky NUMA full ChaCha state system we had prior, this commit is closer to the original "fast key erasure RNG" proposal from, by simply treating ChaCha keys on a per-cpu basis...The result is a bit simpler than before and has fewer foot guns. The init time state machine also gets a lot simpler as we don't need to wait for workqueues to come online and do deferred work. And the multi-core performance should be increased significantly, by virtue of having hardly any locking on the fast path."
The most dramatic gains will be seen on high core count servers (such as this Intel testing) but even modern high core count desktops should stand to benefit nicely from these forthcoming changes.