-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/rand: use new Linux vDSO #69577
Comments
I'll take a stab at it. I've got a bunch of Go backlog and this sounds like a good project to pull me back to it. |
Change https://go.dev/cl/614835 mentions this issue: |
Ok I did it. |
Change https://go.dev/cl/615335 mentions this issue: |
With CL 614835 adding support in the runtime for calling into the getrandom() vDSO function, wire up x/sys/unix's Getrandom() function to it, so that callers can benefit from the increased speed and shared vDSO state with the runtime. Updates golang/go#69577. Change-Id: I17734409982c51bb984a6337f4ffa8f60414ebee Reviewed-on: https://go-review.googlesource.com/c/sys/+/615335 Reviewed-by: Michael Pratt <[email protected]> Reviewed-by: David Chase <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
Alright, this all is now done, and everything should be wired up. I handled amd64, arm64, ppc64, loong64, and s390x. Please do remember to handle riscv in 3ish months for Linux 6.13 when that starts rolling. |
Change https://go.dev/cl/616795 mentions this issue: |
Change https://go.dev/cl/616696 mentions this issue: |
Updates #66779 Updates #69577 Change-Id: I0dea5a30aab87aaa443e7e6646c1d07aa865ac1c GitHub-Last-Rev: 1cea46d GitHub-Pull-Request: #69719 Reviewed-on: https://go-review.googlesource.com/c/go/+/616696 LUCI-TryBot-Result: Go LUCI <[email protected]> Commit-Queue: Ian Lance Taylor <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> Reviewed-by: Michael Pratt <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Auto-Submit: Ian Lance Taylor <[email protected]>
For golang/go#69577 Change-Id: Id1942d252c813126aa2f110e3f426714db73b9c7 GitHub-Last-Rev: 10e6a30 GitHub-Pull-Request: #220 Reviewed-on: https://go-review.googlesource.com/c/sys/+/616795 Reviewed-by: Ian Lance Taylor <[email protected]> Auto-Submit: Ian Lance Taylor <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Jason Donenfeld <[email protected]>
In Linux 6.11 @zx2c4 introduced a vDSO for the random number generator, which avoids the system call overhead of calling
getrandom
, similarly to howarc4random()
works on the BSDs. The motivation is explained eloquently in the lkml patch set, but it boils down to "it would be nice to have the security of a kernel CSPRNG with the speed of a userspace CSPRNG" and indeed it would be nice if crypto/rand was so fast that no one ever reached for something else.It was pulled in Linux 6.11 (released 2024-09-15) and Linux 6.12 will add arm64, powerpc64, powerpc32, s390x, and loongarch64 support. It doesn't seem to be documented in the kernel Documentation or in the man pages, but the patch set explains the API (and there's this LWN article, too).
I just finished mailing a chain of crypto/rand changes and I wanted to add this on top, but the vDSO mechanism is too deep in the runtime for me to feel confident wiring it in. If someone else (@ianlancetaylor maybe?) wanted to make the runtime changes to expose the vDSO function, happy to then do the crypto/rand ones.
/cc @golang/security
The text was updated successfully, but these errors were encountered: