Linux getrandom() vDSO Patch Updated For ~15x Speedup

Written by Michael Larabel in Linux Security on 18 September 2022 at 09:41 AM EDT. 11 Comments
LINUX SECURITY
Over the summer Jason Donenfeld of WireGuard fame proposed adding getrandom() to the vDSO for better performance to enjoy by user-space developers. This past week he sent out the latest version of this proposed kernel patch where he's seeing around a ~15x speed-up with this change.

Supporting getrandom() in the vDSO is designed to address two problems faced by user-space developers:
1) Userspace wants faster cryptographically secure random numbers of arbitrary size, big or small.

2) Userspace is currently unable to safely roll its own RNG with the same security profile as getrandom().

Following discussions around implementing getrandom() in the vDSO, Donenfeld revised the patch to incorporate feedback to avoid behavior changes and make vgetrandom_alloc a system call. Plus there are some other smaller fixes/changes.

Jason ended the v3 post with:
So far in my test results, performance is pretty stellar (around 15x for uint32_t generation), and it seems to be working. There are a couple TODO bits with the actual random.c lifetime integration, but as an early patchset, this at least introduces the intended interface.

Readers may also be interested in a talk by Jason at LPC 2022 around the work he's been doing on the Linux random number generator. The video is below and there is also the slide deck.

11 Comments
Related News
New Linux Patch Lets You Force CPU Bugs/Mitigations Even When Not Vulnerable
Linux To Allow Disabling TPM PCR Integrity Protection Due To Performance Bottleneck
OpenPaX Announced As "Open-Source Alternative To GrSecurity" With Free Kernel Patch
Unauthenticated RCE Flaw With CVSS 9.9 Rating For Linux Systems Affects CUPS
Landlock Sandboxing Now Supports More Controls Around Unix Sockets
Linux 6.12 Adds Build Options For Greater Control Over CPU Security Mitigations
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features