Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp492420imn; Fri, 29 Jul 2022 13:28:13 -0700 (PDT) X-Google-Smtp-Source: AGRyM1s82ePap9qep+45k79QV/TUq97/6itz+5cvjF2E6KLWMEMRi3GUh5adYpUQfutcMo/gSJrf X-Received: by 2002:a05:6402:3685:b0:43b:dfd3:9487 with SMTP id ej5-20020a056402368500b0043bdfd39487mr5256975edb.32.1659126493275; Fri, 29 Jul 2022 13:28:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659126493; cv=none; d=google.com; s=arc-20160816; b=jX57RQ2HAb14ju03tAkZe/WLxVsAJjRCflvF7sLuF3b6TgWuXqJ2aub53h4C7lSa/d 8kaDR8pnaSB2s4iZetlriscLAXHX3Lj4oK3IoAq6fjgEn0AHE1ik//zAYqZ05C84ZS3X 87nCCy54Jd4xNxSUE8X7afZ8enufA1DhkWyU5gZlkhtA+Hg6BlJ4hSOG4J/Ms9a5e1ao LvI0AqtCHXimDQzodkCFn1/zSVipk+AtlZuiHhLrguxLVDpn+gNizoOlNhoO+Bcy4foA DhNFkm+/rDj9JC/PcC0pUZm6i0pu4mnH749Tg99KakNvobYUSvfzHmhUyx/0KafYjLhG JRpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:message-id:in-reply-to :date:references:subject:cc:to:from:dkim-signature; bh=qMcUxcfVmJZDY60TPfwQRvZMxKHISByXx0bXXjJ9aJ0=; b=Nml2NVwWPH0hCpe+uQQOGyZPreuV7ijCNbVQLJpk0jZb60fFENV5O7yDkzO3RWZTsF q80ed8GMZ8nRNQHo71pCxzflI5NyzfCehwL3j/o1uwAGbJzkUX6wqVKyYjpU4Nj5ckGX p1lKwM947EjScRHmPb4Rlpvf/r4Riu6CGO58Re+H5QtSxd7Wc55+yUV+uqazI1FFNHiW jl34avDP+T8bJBeI+3Vao15957eY7rAls6sRjkTRnHn8PqYzs6VsEGDpqnZccsTme0oo QoRQGxhluwxArjo1hIYGaIamez7zNq0Ges/aLA7Bb5qdpWbee6DCd/JhytooDsfWFBcJ PV4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=fDOLq4uO; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n9-20020a5099c9000000b0043b52adbf6esi3911247edb.557.2022.07.29.13.27.37; Fri, 29 Jul 2022 13:28:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=fDOLq4uO; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238608AbiG2UTQ (ORCPT + 99 others); Fri, 29 Jul 2022 16:19:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53260 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230499AbiG2UTP (ORCPT ); Fri, 29 Jul 2022 16:19:15 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 55B308AEED for ; Fri, 29 Jul 2022 13:19:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1659125953; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=qMcUxcfVmJZDY60TPfwQRvZMxKHISByXx0bXXjJ9aJ0=; b=fDOLq4uOX+cGWUGZ/9X3anHsKeFVVWl5RWlTTIbP8v97SsjEcHiW1P/IyKU7RdX2hu4J2O MbJ3CpeePc5Le8L+QbnafuexGf1coZNqLD0v+31Y6dilGlvSI8K5weAKO9kkwNS9J6pinr E2b1cVdna1HTuF67UH1fpGxbSJ7z6j0= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-386-AFmHYHloPau7aYA-o_7sKA-1; Fri, 29 Jul 2022 16:19:09 -0400 X-MC-Unique: AFmHYHloPau7aYA-o_7sKA-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4EA78185A7B2; Fri, 29 Jul 2022 20:19:09 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.39.192.134]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3DE122166B26; Fri, 29 Jul 2022 20:19:07 +0000 (UTC) From: Florian Weimer To: "Jason A. Donenfeld" Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, x86@kernel.org, Nadia Heninger , Thomas Ristenpart , Theodore Ts'o , Vincenzo Frascino , Adhemerval Zanella Netto Subject: Re: [PATCH RFC v1] random: implement getrandom() in vDSO References: <20220729145525.1729066-1-Jason@zx2c4.com> Date: Fri, 29 Jul 2022 22:19:05 +0200 In-Reply-To: <20220729145525.1729066-1-Jason@zx2c4.com> (Jason A. Donenfeld's message of "Fri, 29 Jul 2022 16:55:25 +0200") Message-ID: <87a68r4qpy.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org * Jason A. Donenfeld: > diff --git a/lib/vdso/getrandom.c b/lib/vdso/getrandom.c > new file mode 100644 > index 000000000000..3ffc900f31ff > --- /dev/null > +++ b/lib/vdso/getrandom.c > +static struct getrandom_state *find_free_bucket(struct getrandom_state *buckets) > +{ > + unsigned int start = 0, i; > + > + if (getcpu(&start, NULL, NULL) == 0) > + start %= NUM_BUCKETS; getcpu is not available everywhere. Userspace/libc should probably provide a CPU number hint as an additional argument during the vDSO call. We can load that easily enough from rseq. That's going to be faster on x86, too (the LSL instruction is quite slow). The only advantage of using getcpu like this is that it's compatible with a libc that isn't rseq-enabled. > + for (i = start;;) { > + struct getrandom_state *state = &buckets[i]; > + > + if (cmpxchg(&state->in_use, false, true) == false) > + return state; > + > + i = i == NUM_BUCKETS - 1 ? 0 : i + 1; > + if (i == start) > + break; > + } Surely this scales very badly once the number of buckets is smaller than the system processor count? > +static ssize_t __always_inline > +__cvdso_getrandom(void **state, void *buffer, size_t len, unsigned long flags) > +more_batch: > + batch_len = min_t(size_t, sizeof(s->batch) - s->pos, len); > + if (batch_len) { > + memcpy_and_zero(buffer, s->batch, batch_len); > + s->pos += batch_len; > + buffer += batch_len; > + len -= batch_len; > + if (!len) { > + WRITE_ONCE(s->in_use, false); > + return ret; > + } > + } I expect the main performance benefit comes from not doing any ChaCha20 work except on batch boundaries, not the vDSO acceleration as such. Maybe that's something that should be tried first within the system call implementation. (Even for getrandom with a small buffer, it's not the system call overhead that dominates, but something related to ChaCha20.) Thanks, Florian