--- sys/sys/random.h +++ sys/sys/random.h @@ -45,6 +45,7 @@ RANDOM_NET, RANDOM_INTERRUPT, RANDOM_PURE, + RANDOM_DEVICE, ENTROPYSOURCE }; void random_harvest(void *, u_int, u_int, u_int, enum esource); --- sys/dev/random/randomdev_soft.c +++ sys/dev/random/randomdev_soft.c @@ -303,7 +303,7 @@ KASSERT(origin == RANDOM_START || origin == RANDOM_WRITE || origin == RANDOM_KEYBOARD || origin == RANDOM_MOUSE || origin == RANDOM_NET || origin == RANDOM_INTERRUPT || - origin == RANDOM_PURE, + origin == RANDOM_PURE || origin == RANDOM_DEVICE, ("random_harvest_internal: origin %d invalid\n", origin)); /* Lockless read to avoid lock operations if fifo is full. */ --- sys/kern/subr_bus.c +++ sys/kern/subr_bus.c @@ -44,6 +44,7 @@ #include #include #include +#include #include #include #include @@ -53,6 +54,7 @@ #include #include +#include #include #include @@ -2738,6 +2740,33 @@ return (device_attach(dev)); } +static int +highbit(uint64_t val) +{ + int bit; + + for (bit = -1; val > 0; bit++) + val = val >> 1; + return (bit); +} + +static void +device_harvest_random(uint64_t attachtime) +{ + int entropybits; + + /* + * Discard top ten bits. This means we expect the attach + * time to vary by ~0.1%. In practise it varies by at least + * few percent, but we want to stay on the safe side. + */ + entropybits = highbit((uintmax_t)attachtime) - 9; + if (entropybits > 0) { + random_harvest(&attachtime, sizeof(attachtime), entropybits, 0, + RANDOM_DEVICE); + } +} + /** * @brief Attach a device driver to a device * @@ -2760,8 +2789,10 @@ int device_attach(device_t dev) { + uint64_t attachtime; int error; + attachtime = get_cyclecount(); device_sysctl_init(dev); if (!device_is_quiet(dev)) device_print_child(dev->parent, dev); @@ -2784,6 +2815,8 @@ dev->state = DS_ATTACHED; dev->flags &= ~DF_DONENOMATCH; devadded(dev); + device_harvest_random(get_cyclecount() - attachtime); + return (0); }