Linux getrandom vDSO Implementation Updated, Glibc Patch In Testing

Jason Donenfeld of WireGuard fame has been working the past several months of adding getrandom() to the vDSO for achieving better performance and working the needs of user-space developers. Early results have been impressive and this week Donenfeld sent out the seventh iteration of these patches.

This getrandom() vDSO effort is focused on helping user-space obtain cryptographically secure random numbers via the vgetrandom_alloc system call and to do so in a very performant manner. Donenfeld has talked up around 15x the performance for uint32_t generation.

The new v7 patches this week make adjustments to the new system call and other code improvements. It also points out this testing patch against Glibc that allows making use of the new getrandom vDSO on Linux. That patch hasn't yet been mainlined for Glibc (of course, that's also dependent upon the kernel implementation being successfully mainlined) but having this Glibc patch out there is useful for testing and helping to prove the design.

See the v7 patch series if interested in more information on this getrandom vDSO effort.

Separately, this week Donenfeld also sent out patches to support using EFI variables for random seeds with the Linux kernel. "EFI has a rather unique benefit that it has access to some limited non-volatile storage, where the kernel can store a random seed. This series wires that up, with EFISTUB reading the seed and passing it to the kernel, and with the kernel writing a new seed when the RNG is initialized."