Use getrandom on Linux for Guid generation for a 12% speed boost. #111287
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Since Linux 3.17, the syscall `getrandom` can be used to generate bytes from the same entropy source as `/dev/urandom`. This makes it suitable for cryptographic random number generation, something our Guid generator needs. If `getrandom` is not available because the LibC provided is too old - or if the syscall itself is not available, it will fall back to the previous method of reading from `/dev/urandom`. `EPERM` is treated like `ENOSYS` - some older Linux kernels returned this when the syscall is not available. The syscall can also be blocked by seccomp. That would be weird, and Docker permits it by default, but if anyone has explicitly gone out of their way to block it, it falls back to using the file descriptor mechanism. The use of the syscall implementation instead of the file device offers some performance improvements. Anywhere from 10% to 15% in benchmarks. This does require glibc 2.25. For non-portable builds, that's largely fine. For Microsoft builds, those are (currently) being done on Ubuntu Xenial, which has 2.23. However, it is expected that with .NET 10, the glibc floor is going to change to 2.27 with dotnet#109939. If that happens, then the Microsoft portable builds will pick this up as well. This PR does _not_ change the user-facing `RandomNumberGenerator` that will continue to use `RAND_bytes` from OpenSSL. | Method | Toolchain | Mean | Error | StdDev | Ratio | |--------------- |---------- |---------:|--------:|--------:|------:| | NewGuid | branch | 265.1 ns | 0.24 ns | 0.22 ns | 0.87 | | NewGuid | main | 304.6 ns | 0.16 ns | 0.15 ns | 1.00 | | | | | | | | | CreateVersion7 | branch | 293.2 ns | 0.20 ns | 0.18 ns | 0.88 | | CreateVersion7 | main | 335.0 ns | 0.27 ns | 0.23 ns | 1.00 |
am11
reviewed
Jan 10, 2025
src/native/minipal/random.c
Outdated
Comment on lines
111
to
113
| static bool sMissingGetRandomSysCall = false; | ||
|
|
||
| if (!sMissingGetRandomSysCall) |
There was a problem hiding this comment.
Suggested change
| static bool sMissingGetRandomSysCall = false; | |
| if (!sMissingGetRandomSysCall) | |
| static short sGetRandomSupport = -1; | |
| if (sGetRandomSupport == -1) | |
| { | |
| sGetRandomSupport = syscall(SYS_getrandom, nullptr, 0, GRND_NONBLOCK) == -1 && errno == ENOSYS ? 0 : 1; | |
| } | |
| if (sGetRandomSupport == 1) |
This run-time introspection will only run once; the first time.
There was a problem hiding this comment.
Why is this better than using the getrandom provided by the C runtime?
jkoritzinsky
approved these changes
Jan 10, 2025
|
This looks good. I missed that you already handled ENOSYS. :) It will also improve #31271 since it also ends up calling minipal implementation. @vcsjones, I posted a benchmark with managed impl. here, if case you want to try out #31271 (comment). |
This was referenced Jan 11, 2025
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since Linux 3.17, the syscall
getrandomcan be used to generate bytes from the same entropy source as/dev/urandom. This makes it suitable for cryptographic random number generation, something our Guid generator needs.If
getrandomis not available because the LibC provided is too old - or if the syscall itself is not available, it will fall back to the previous method of reading from/dev/urandom.EPERMis treated likeENOSYS- some older Linux kernels returned this when the syscall is not available. The syscall can also be blocked by seccomp. That would be weird, and Docker permits it by default, but if anyone has explicitly gone out of their way to block it, it falls back to using the file descriptor mechanism.The use of the syscall implementation instead of the file device offers some performance improvements. Anywhere from 10% to 15% in benchmarks.
This does require glibc 2.25. For non-portable builds, that's largely fine. For Microsoft builds, those are (currently) being done on Ubuntu Xenial, which has 2.23. However, it is expected that with .NET 10, the glibc floor is going to change to 2.27 with #109939. When that happens, then the Microsoft portable builds will pick this up as well.
This PR does not change the user-facing
RandomNumberGeneratorthat will continue to useRAND_bytesfrom OpenSSL.