random(9): Deprecate random(9), remove meaningless srandom(9)

srandom(9) is meaningless on SMP systems or any system with, say, interrupts. One could never rely on random(9) to produce a reproducible sequence of outputs on the basis of a specific srandom() seed because the global state was shared by all kernel contexts. As such, removing it is literally indistinguishable to random(9) consumers (as compared with retaining it). Mark random(9) as deprecated and slated for quick removal. This is not to say we intend to remove all fast, non-cryptographic PRNG(s) in the kernel. It/they just won't be random(9), as it exists today, in either name or implementation. Before random(9) is removed, a replacement will be provided and in-tree consumers will be converted. Note that despite the name, the random(9) interface does not bear any resemblance to random(3). Instead, it is the same crummy 1988 Park-Miller LCG used in libc rand(3).
svn path=/head/; revision=356097
2019-12-26 19:41:09 +00:00 · 2019-12-26 19:41:09 +00:00 · f3bae413e9 · 2020-12-20 02:59:44 +00:00
commit f3bae413e9
parent 3ee1d5bb9d
7 changed files with 32 additions and 76 deletions
--- a/share/man/man9/random.9
+++ b/share/man/man9/random.9
@ -26,7 +26,7 @@
 .\"
 .\" $FreeBSD$
 .\" "
-.Dd April 16, 2019
+.Dd December 26, 2019
 .Dt RANDOM 9
 .Os
 .Sh NAME
@ -36,8 +36,7 @@
 .Nm is_random_seeded ,
 .Nm random ,
 .Nm read_random ,
-.Nm read_random_uio ,
-.Nm srandom
+.Nm read_random_uio
 .Nd supply pseudo-random numbers
 .Sh SYNOPSIS
 .In sys/libkern.h
@ -57,8 +56,6 @@
 .Fn read_random_uio "struct uio *uio" "bool nonblock"
 .Ss LEGACY ROUTINES
 .In sys/libkern.h
-.Ft void
-.Fn srandom "u_long seed"
 .Ft u_long
 .Fn random "void"
 .Sh DESCRIPTION
@ -134,19 +131,16 @@ Otherwise, this function may block interruptibly until the random device is seed
 If the function is interrupted before the random device is seeded, no data is
 returned.
 .Pp
-The legacy
-.Fn random
-function will produce a sequence of numbers that can be duplicated by calling
-.Fn srandom
-with some constant as the
-.Fa seed .
-The legacy
-.Fn srandom
-function may be called with any
-.Fa seed
-value.
+The deprecated
+.Xr random 9
+function will produce a sequence of pseudorandom numbers using a similar weak
+linear congruential generator as
+.Xr rand 3
+(the 1988 Park-Miller LCG).
+It is obsolete and scheduled to be removed in
+.Fx 13.0 .
 It is strongly advised that the
-.Fn random
+.Xr random 9
 function not be used to generate random numbers.
 See
 .Sx SECURITY CONSIDERATIONS .
@ -173,23 +167,6 @@ the number of bytes placed in
 .Fn read_random_uio
 returns zero when successful,
 otherwise an error code is returned.
-.Pp
-The legacy
-.Fn random
-function uses
-a non-linear additive feedback random number generator
-employing a default table
-of size 31
-containing long integers
-to return successive pseudo-random
-numbers in the range from 0 to
-.if t 2\u\s731\s10\d\(mi1.
-.if n (2**31)\(mi1.
-The period of this random number generator
-is very large,
-approximately
-.if t 16\(mu(2\u\s731\s10\d\(mi1).
-.if n 16*((2**31)\(mi1).
 .Sh ERRORS
 .Fn read_random_uio
 may fail if:
@ -212,8 +189,6 @@ wrote
 .Sh SECURITY CONSIDERATIONS
 Do not use
 .Fn random
-or
-.Fn srandom
 in new code.
 .Pp
 It is important to remember that the
--- a/sys/compat/ndis/subr_ntoskrnl.c
+++ b/sys/compat/ndis/subr_ntoskrnl.c
@ -3195,10 +3195,8 @@ rand(void)
 }

 static void
-srand(unsigned int seed)
+srand(unsigned int seed __unused)
 {
-
-	srandom(seed);
 }

 static uint8_t
--- a/sys/dev/oce/oce_mbox.c
+++ b/sys/dev/oce/oce_mbox.c
@ -859,7 +859,6 @@ oce_config_nic_rss(POCE_SOFTC sc, uint32_t if_id, uint16_t enable_rss)

 	fwcmd->params.req.if_id = LE_32(if_id);

-	srandom(arc4random());	/* random entropy seed */
 	read_random(fwcmd->params.req.hash, sizeof(fwcmd->params.req.hash));
 	
 	rc = oce_rss_itbl_init(sc, fwcmd);
--- a/sys/kern/init_main.c
+++ b/sys/kern/init_main.c
@ -624,7 +624,6 @@ SYSINIT(p0init, SI_SUB_INTRINSIC, SI_ORDER_FIRST, proc0_init, NULL);
 static void
 proc0_post(void *dummy __unused)
 {
-	struct timespec ts;
 	struct proc *p;
 	struct rusage ru;
 	struct thread *td;
@ -656,28 +655,9 @@ proc0_post(void *dummy __unused)
 	sx_sunlock(&allproc_lock);
 	PCPU_SET(switchtime, cpu_ticks());
 	PCPU_SET(switchticks, ticks);
-
-	/*
-	 * Give the ``random'' number generator a thump.
-	 */
-	nanotime(&ts);
-	srandom(ts.tv_sec ^ ts.tv_nsec);
 }
 SYSINIT(p0post, SI_SUB_INTRINSIC_POST, SI_ORDER_FIRST, proc0_post, NULL);

-static void
-random_init(void *dummy __unused)
-{
-
-	/*
-	 * After CPU has been started we have some randomness on most
-	 * platforms via get_cyclecount().  For platforms that don't
-	 * we will reseed random(9) in proc0_post() as well.
-	 */
-	srandom(get_cyclecount());
-}
-SYSINIT(random, SI_SUB_RANDOM, SI_ORDER_FIRST, random_init, NULL);
-
 /*
 ***************************************************************************
 ****
--- a/sys/kern/subr_stats.c
+++ b/sys/kern/subr_stats.c
@ -2963,7 +2963,14 @@ stats_v1_vsd_tdgst_compress(enum vsd_dtype vs_dtype,
 	 * re-inserting the mu/cnt of each as a value and corresponding weight.
 	 */

-#define	bitsperrand 31 /* Per random(3). */
+	/*
+	 * XXXCEM: random(9) is currently rand(3), not random(3).  rand(3)
+	 * RAND_MAX happens to be approximately 31 bits (range [0,
+	 * 0x7ffffffd]), so the math kinda works out.  When/if this portion of
+	 * the code is compiled in userspace, it gets the random(3) behavior,
+	 * which has expected range [0, 0x7fffffff].
+	 */
+#define	bitsperrand 31
 	ebits = 0;
 	nebits = 0;
 	bitsperidx = fls(maxctds);
@ -2971,7 +2978,6 @@ stats_v1_vsd_tdgst_compress(enum vsd_dtype vs_dtype,
 	    ("%s: bitsperidx=%d, ebits=%d",
 	    __func__, bitsperidx, (int)(sizeof(ebits) << 3)));
 	idxmask = (UINT64_C(1) << bitsperidx) - 1;
-	srandom(stats_sbinuptime());

 	/* Initialise the free list with randomised centroid indices. */
 	for (; remctds > 0; remctds--) {
--- a/sys/libkern/random.c
+++ b/sys/libkern/random.c
@ -34,32 +34,31 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");

+#include <sys/types.h>
 #include <sys/libkern.h>
-
-#define NSHUFF 50       /* to drop some "seed -> 1st value" linearity */
+#include <sys/systm.h>

 static u_long randseed = 937186357; /* after srandom(1), NSHUFF counted */

-void
-srandom(u_long seed)
-{
-	int i;
-
-	randseed = seed;
-	for (i = 0; i < NSHUFF; i++)
-		(void)random();
-}
-
 /*
 * Pseudo-random number generator for perturbing the profiling clock,
 * and whatever else we might use it for.  The result is uniform on
 * [0, 2^31 - 1].
 */
 u_long
-random()
+random(void)
 {
+	static bool warned = false;
+
 	long x, hi, lo, t;

+	/* Warn only once, or it gets very spammy. */
+	if (!warned) {
+		gone_in(13,
+		    "random(9) is the obsolete Park-Miller LCG from 1988");
+		warned = true;
+	}
+
 	/*
 	 * Compute x[n + 1] = (7^5 * x[n]) mod (2^31 - 1).
 	 * From "Random number generators: good ones are hard to find",
--- a/sys/sys/libkern.h
+++ b/sys/sys/libkern.h
@ -166,7 +166,6 @@ void	 qsort_r(void *base, size_t nmemb, size_t size, void *thunk,
 	    int (*compar)(void *, const void *, const void *));
 u_long	 random(void);
 int	 scanc(u_int, const u_char *, const u_char *, int);
-void	 srandom(u_long);
 int	 strcasecmp(const char *, const char *);
 char	*strcat(char * __restrict, const char * __restrict);
 char	*strchr(const char *, int);