> -----Original Message-----
> From: Miroslav Lichvar <mlich...@redhat.com>
> Sent: Tuesday, August 2, 2022 6:00 AM
> To: chrony-dev@chrony.tuxfamily.org
> Subject: Re: [chrony-dev] nts_ke_server calling UTI_GetRandomBytesUrandom
>
> On Mon, Aug 01, 2022 at 02:07:53AM +0000, Elliott, Robert (Servers)
> wrote:
> > I see the glibc discussion about arc4random has led to a proposal this
> > weekend to add a vDSO for the linux kernel's getrandom(). It'll be
> > interesting to see if that is accepted - Linus' initial reaction was
> "no".
>
> I was surprised to see they switched arc4random in glibc to
> getrandom(). That has a significant performance impact on chronyd, as
> it calls the function for each generated RX and TX timestamp. In my
> test the maximum number of requests per second handled as a server
> dropped by about 25%. That's not great.
>
> We'll need to disable the function on Linux, at least until the vDSO
> getrandom() is widely available.
The concern with userspace libraries creating their own random values or
using a buffer of previously fetched random values from the kernel seems
to be (quoting Ted Ts'o):
"all of the attendant opportunities for security vulnerabilities in the
face of VM snapshots, or VM's getting duplicated with a pre-spun execution
image, etc., etc."
Perhaps Linus will be more receptive if a use case where vDSO performance
is important, like a chrony server, is described.
--
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe"
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the
subject.
Trouble? Email listmas...@chrony.tuxfamily.org.
