crypto/rand: use new Linux vDSO #69577
Assignees
Labels
Milestone
Comments
FiloSottile
added
the
NeedsFix
|
I'll take a stab at it. I've got a bunch of Go backlog and this sounds like a good project to pull me back to it. |
|
Change https://go.dev/cl/614835 mentions this issue: |
|
Ok I did it. |
zx2c4
added
OS-Linux
FixPending
|
Change https://go.dev/cl/615335 mentions this issue: |
gopherbot
pushed a commit
to golang/sys
that referenced
this issue
Sep 28, 2024
With CL 614835 adding support in the runtime for calling into the getrandom() vDSO function, wire up x/sys/unix's Getrandom() function to it, so that callers can benefit from the increased speed and shared vDSO state with the runtime. Updates golang/go#69577. Change-Id: I17734409982c51bb984a6337f4ffa8f60414ebee Reviewed-on: https://go-review.googlesource.com/c/sys/+/615335 Reviewed-by: Michael Pratt <[email protected]> Reviewed-by: David Chase <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
|
Alright, this all is now done, and everything should be wired up. I handled amd64, arm64, ppc64, loong64, and s390x. Please do remember to handle riscv in 3ish months for Linux 6.13 when that starts rolling. |
|
Change https://go.dev/cl/616795 mentions this issue: |
|
Change https://go.dev/cl/616696 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Sep 30, 2024
Updates #66779 Updates #69577 Change-Id: I0dea5a30aab87aaa443e7e6646c1d07aa865ac1c GitHub-Last-Rev: 1cea46d GitHub-Pull-Request: #69719 Reviewed-on: https://go-review.googlesource.com/c/go/+/616696 LUCI-TryBot-Result: Go LUCI <[email protected]> Commit-Queue: Ian Lance Taylor <[email protected]> Reviewed-by: Filippo Valsorda <[email protected]> Reviewed-by: Michael Pratt <[email protected]> Reviewed-by: Ian Lance Taylor <[email protected]> Auto-Submit: Ian Lance Taylor <[email protected]>
gopherbot
pushed a commit
to golang/sys
that referenced
this issue
Oct 1, 2024
For golang/go#69577 Change-Id: Id1942d252c813126aa2f110e3f426714db73b9c7 GitHub-Last-Rev: 10e6a30 GitHub-Pull-Request: #220 Reviewed-on: https://go-review.googlesource.com/c/sys/+/616795 Reviewed-by: Ian Lance Taylor <[email protected]> Auto-Submit: Ian Lance Taylor <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Michael Knyszek <[email protected]> Reviewed-by: Jason Donenfeld <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In Linux 6.11 @zx2c4 introduced a vDSO for the random number generator, which avoids the system call overhead of calling
getrandom, similarly to howarc4random()works on the BSDs. The motivation is explained eloquently in the lkml patch set, but it boils down to "it would be nice to have the security of a kernel CSPRNG with the speed of a userspace CSPRNG" and indeed it would be nice if crypto/rand was so fast that no one ever reached for something else.It was pulled in Linux 6.11 (released 2024-09-15) and Linux 6.12 will add arm64, powerpc64, powerpc32, s390x, and loongarch64 support. It doesn't seem to be documented in the kernel Documentation or in the man pages, but the patch set explains the API (and there's this LWN article, too).
I just finished mailing a chain of crypto/rand changes and I wanted to add this on top, but the vDSO mechanism is too deep in the runtime for me to feel confident wiring it in. If someone else (@ianlancetaylor maybe?) wanted to make the runtime changes to expose the vDSO function, happy to then do the crypto/rand ones.
/cc @golang/security
The text was updated successfully, but these errors were encountered: