random(4): Translate a comment requirement into a compile-time invariant
In various places, random represents the set of sources as a 32-bit word bitmask. It assumes all sources fit within this, i.e., the maximum valid source number is 31. There was a comment specifying this limitation, but we can actually refuse to compile if our assumption is violated instead. We still have a few spare random source slots, but sooner or later someone may need to convert the masks used from raw 32-bit words to bitset(9) APIs. This prevents some kinds of developer foot-shooting when adding new random sources. No functional change. Reviewed by: delphij, markm Approved by: secteam (delphij) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D16982
This commit is contained in:
Conrad Meyer
parent
e41793db2c
commit
b0dee75e64
@ -57,9 +57,6 @@ read_random(void *a __unused, u_int b __unused)
|
||||
* Note: if you add or remove members of random_entropy_source, remember to
|
||||
* also update the strings in the static array random_source_descr[] in
|
||||
* random_harvestq.c.
|
||||
*
|
||||
* NOTE: complain loudly to markm@ or on the lists if this enum gets more than 32
|
||||
* distinct values (0-31)! ENTROPYSOURCE may be == 32, but not > 32.
|
||||
*/
|
||||
enum random_entropy_source {
|
||||
RANDOM_START = 0,
|
||||
@ -92,6 +89,8 @@ enum random_entropy_source {
|
||||
RANDOM_PURE_DARN,
|
||||
ENTROPYSOURCE
|
||||
};
|
||||
_Static_assert(ENTROPYSOURCE <= 32,
|
||||
"hardcoded assumption that values fit in a typical word-sized bitset");
|
||||
|
||||
#define RANDOM_HARVEST_EVERYTHING_MASK ((1 << (RANDOM_ENVIRONMENTAL_END + 1)) - 1)
|
||||
#define RANDOM_HARVEST_PURE_MASK (((1 << ENTROPYSOURCE) - 1) & (-1UL << RANDOM_PURE_START))
|
||||
|
||||
Loading…
Reference in New Issue
Block a user