[linux] Avoid starting currticks() from zero every time

iPXE uses currticks() (along with the MAC address(es) of any network
devices) to seed the (non-cryptographic) random number generator.  The
current implementation of linux_currticks() ensures that the first
call to currticks() will always return zero; this results in identical
random number sequences on each run of iPXE on a given machine.  This
can cause odd-looking behaviour due to e.g. the reuse of local TCP
port numbers.

Fix by effectively rounding down the start time recorded by
linux_currticks() to the nearest whole second; this makes it unlikely
that consecutive runs of iPXE will use the exact same RNG sequence.

(Note that none of this affects the cryptographic RNG, which uses
/dev/random as a source of entropy.)

Signed-off-by: Michael Brown <mcb30@ipxe.org>

1 files changed, 7 insertions, 1 deletions

diff --git a/src/interface/linux/linux_timer.c b/src/interface/linux/linux_timer.c
index bf55cd18..7a994517 100644
--- a/src/interface/linux/linux_timer.c
+++ b/src/interface/linux/linux_timer.c
@@ -55,6 +55,12 @@ static unsigned long linux_ticks_per_sec(void)
  * linux doesn't provide an easy access to jiffies so implement it by measuring
  * the time since the first call to this function.
  *
+ * Since this function is used to seed the (non-cryptographic) random
+ * number generator, we round the start time down to the nearest whole
+ * second.  This minimises the chances of generating identical RNG
+ * sequences (and hence identical TCP port numbers, etc) on
+ * consecutive invocations of iPXE.
+ *
  * @ret ticks		Current time, in ticks
  */
 static unsigned long linux_currticks(void)
@@ -71,7 +77,7 @@ static unsigned long linux_currticks(void)
 	linux_gettimeofday(&now, NULL);
 
 	unsigned long ticks = (now.tv_sec - start.tv_sec) * linux_ticks_per_sec();
-	ticks += (now.tv_usec - start.tv_usec) / (long)(1000000 / linux_ticks_per_sec());
+	ticks += now.tv_usec / (long)(1000000 / linux_ticks_per_sec());
 
 	return ticks;
 }