One of the many exciting features merged for Linux 6.11 is [1]getrandom() in the vDSO for [2]very fast yet secure random number generation . Now that the kernel bits have landed, it's on to making use of it in the GNU C Library and other libc implementations.

Going back to early getrandom in the vDSO work from 2022, [3]there's been a glibc patch for testing while this week developer Jason Donenfeld sent out the firmed up patch now that the kernel support is upstream. Donenfeld wrote in that glibc patch:

"Linux 6.11 gains support for calling getrandom() from the vDSO. It operates on a thread-local opaque state allocated with mmap using flags specified by the vDSO.

Multiple states are allocated at once, as many as fit into a page, and these are held in an array of available states to be doled out to each thread upon first use, and recycled when a thread terminates. As these states run low, more are allocated.

To make this procedure async-signal-safe, a simple guard is used in the LSB of the opaque state address, falling back to the syscall if there's reentrancy contention.

This implementation is intentionally kept somewhat basic. We can add optimizations later, but for now, the idea is to get the bones set.

It's currently enabled for x86_64. As the kernel support gains more platforms (arm64 is in the works), this can be easily turned on for those."

[4]The glibc patch is now under review.



[1] https://www.phoronix.com/news/Linux-6.11-Lands-getrandom-vDSO

[2] https://www.phoronix.com/news/getrandom-vDSO-RNG-Linux-6.11

[3] https://www.phoronix.com/news/Linux-getrandom-vDSO-v7

[4] https://inbox.sourceware.org/libc-alpha/20240730132440.1181819-1-Jason@zx2c4.com/