implement BufferedEntrophySource to reduce syscalls

anonrig · anonrig · commit 0c342d054dc8 · 2025-10-30T11:52:06.000-04:00
diff --git a/src/workerd/server/BUILD.bazel b/src/workerd/server/BUILD.bazel
@@ -71,6 +71,7 @@ wd_cc_binary(
         "//src/pyodide:pyodide_extra_capnp",
         "//src/rust/cxx-integration",
         "//src/workerd/util:autogate",
+        "//src/workerd/util:entropy-source",
         "//src/workerd/util:perfetto",
         "@capnp-cpp//src/capnp:capnpc",
     ],
diff --git a/src/workerd/server/workerd.c++ b/src/workerd/server/workerd.c++
@@ -16,9 +16,9 @@
 #include <workerd/server/workerd-capnp-schema.embed.h>
 #include <workerd/server/workerd.capnp.h>
 #include <workerd/util/autogate.h>
+#include <workerd/util/entropy-source.h>
 
 #include <fcntl.h>
-#include <openssl/rand.h>
 #include <sys/stat.h>
 
 #include <capnp/dynamic.h>
@@ -94,15 +94,6 @@ __lsan_default_suppressions() {
 }
 #endif
 
-// =======================================================================================
-
-class EntropySourceImpl: public kj::EntropySource {
- public:
-  void generate(kj::ArrayPtr<kj::byte> buffer) override {
-    KJ_ASSERT(RAND_bytes(buffer.begin(), buffer.size()) == 1);
-  }
-};
-
 // =======================================================================================
 // Some generic CLI helpers so that we can throw exceptions rather than return
 // kj::MainBuilder::Validity. Honestly I do not know how people put up with patterns like
@@ -1475,7 +1466,7 @@ class CliMain final: public SchemaFileImpl::ErrorReporter {
   kj::Own<kj::Filesystem> fs = kj::newDiskFilesystem();
   kj::AsyncIoContext io = kj::setupAsyncIo();
   NetworkWithLoopback network{io.provider->getNetwork(), *io.provider};
-  EntropySourceImpl entropySource;
+  BufferedEntropySource entropySource;
 
   kj::Vector<kj::Path> importPath;
   capnp::SchemaParser schemaParser;
diff --git a/src/workerd/util/BUILD.bazel b/src/workerd/util/BUILD.bazel
@@ -147,6 +147,20 @@ wd_cc_library(
     ],
 )
 
+wd_cc_library(
+    name = "entropy-source",
+    srcs = ["entropy-source.c++"],
+    hdrs = ["entropy-source.h"],
+    implementation_deps = [
+        "@ssl",
+    ],
+    visibility = ["//visibility:public"],
+    deps = [
+        "@capnp-cpp//src/kj",
+        "@capnp-cpp//src/kj/compat:kj-http",
+    ],
+)
+
 wd_cc_library(
     name = "test",
     hdrs = ["test.h"],
diff --git a/src/workerd/util/entropy-source.c++ b/src/workerd/util/entropy-source.c++
@@ -0,0 +1,32 @@
+// Copyright (c) 2017-2022 Cloudflare, Inc.
+// Licensed under the Apache 2.0 license found in the LICENSE file or at:
+//     https://opensource.org/licenses/Apache-2.0
+
+#include "entropy-source.h"
+
+namespace workerd {
+
+void BufferedEntropySource::generate(kj::ArrayPtr<kj::byte> buffer) {
+  thread_local BufferState state;
+
+  size_t offset = 0;
+  while (offset < buffer.size()) {
+    if (state.position >= BUFFER_SIZE) {
+      refillBuffer(state);
+    }
+
+    size_t available = BUFFER_SIZE - state.position;
+    size_t toCopy = kj::min(available, buffer.size() - offset);
+    memcpy(buffer.begin() + offset, state.buffer + state.position, toCopy);
+    state.position += toCopy;
+    offset += toCopy;
+  }
+}
+
+void BufferedEntropySource::refillBuffer(BufferState& state) {
+  KJ_ASSERT(
+      RAND_bytes(state.buffer, BUFFER_SIZE) == 1, "RAND_bytes failed to generate random data");
+  state.position = 0;
+}
+
+}  // namespace workerd
diff --git a/src/workerd/util/entropy-source.h b/src/workerd/util/entropy-source.h
@@ -0,0 +1,42 @@
+// Copyright (c) 2017-2022 Cloudflare, Inc.
+// Licensed under the Apache 2.0 license found in the LICENSE file or at:
+//     https://opensource.org/licenses/Apache-2.0
+
+#pragma once
+
+#include <openssl/rand.h>
+
+#include <kj/common.h>
+#include <kj/compat/http.h>
+#include <kj/debug.h>
+
+#include <cstring>
+
+namespace workerd {
+
+// Buffered entropy source that maintains a thread-local pool of random bytes to reduce
+// RAND_bytes syscall overhead. This is especially beneficial on macOS where RAND_bytes
+// calls are expensive.
+//
+// The buffer is refilled in bulk (4KB at a time) when exhausted, amortizing syscall
+// overhead.
+class BufferedEntropySource final: public kj::EntropySource {
+ public:
+  BufferedEntropySource() = default;
+  ~BufferedEntropySource() noexcept(false) = default;
+  KJ_DISALLOW_COPY_AND_MOVE(BufferedEntropySource);
+
+  void generate(kj::ArrayPtr<kj::byte> buffer) override;
+
+ private:
+  static constexpr size_t BUFFER_SIZE = 4096;
+
+  struct BufferState {
+    alignas(64) kj::byte buffer[BUFFER_SIZE];  // Cache-line aligned for performance
+    size_t position = BUFFER_SIZE;             // Start at end to trigger initial fill
+  };
+
+  static void refillBuffer(BufferState& state);
+};
+
+}  // namespace workerd
