[linux] Avoid starting currticks() from zero every time

iPXE uses currticks() (along with the MAC address(es) of any network devices) to seed the (non-cryptographic) random number generator. The current implementation of linux_currticks() ensures that the first call to currticks() will always return zero; this results in identical random number sequences on each run of iPXE on a given machine. This can cause odd-looking behaviour due to e.g. the reuse of local TCP port numbers. Fix by effectively rounding down the start time recorded by linux_currticks() to the nearest whole second; this makes it unlikely that consecutive runs of iPXE will use the exact same RNG sequence. (Note that none of this affects the cryptographic RNG, which uses /dev/random as a source of entropy.) Signed-off-by: Michael Brown <mcb30@ipxe.org>
ipxe · Mar 7, 2014 · 08f9170 · 08f9170
1 parent 859664e
commit 08f9170
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/src/interface/linux/linux_timer.c b/src/interface/linux/linux_timer.c
@@ -55,6 +55,12 @@ static unsigned long linux_ticks_per_sec(void)
  * linux doesn't provide an easy access to jiffies so implement it by measuring
  * the time since the first call to this function.
  *
+ * Since this function is used to seed the (non-cryptographic) random
+ * number generator, we round the start time down to the nearest whole
+ * second.  This minimises the chances of generating identical RNG
+ * sequences (and hence identical TCP port numbers, etc) on
+ * consecutive invocations of iPXE.
+ *
  * @ret ticks		Current time, in ticks
  */
 static unsigned long linux_currticks(void)
@@ -71,7 +77,7 @@ static unsigned long linux_currticks(void)
 	linux_gettimeofday(&now, NULL);
 
 	unsigned long ticks = (now.tv_sec - start.tv_sec) * linux_ticks_per_sec();
-	ticks += (now.tv_usec - start.tv_usec) / (long)(1000000 / linux_ticks_per_sec());
+	ticks += now.tv_usec / (long)(1000000 / linux_ticks_per_sec());
 
 	return ticks;
 }