random(9): Deprecate random(9), remove meaningless srandom(9)

srandom(9) is meaningless on SMP systems or any system with, say,
interrupts.  One could never rely on random(9) to produce a reproducible
sequence of outputs on the basis of a specific srandom() seed because the
global state was shared by all kernel contexts.  As such, removing it is
literally indistinguishable to random(9) consumers (as compared with
retaining it).

Mark random(9) as deprecated and slated for quick removal.  This is not to
say we intend to remove all fast, non-cryptographic PRNG(s) in the kernel.
It/they just won't be random(9), as it exists today, in either name or
implementation.

Before random(9) is removed, a replacement will be provided and in-tree
consumers will be converted.

Note that despite the name, the random(9) interface does not bear any
resemblance to random(3).  Instead, it is the same crummy 1988 Park-Miller
LCG used in libc rand(3).

6 files changed, 21 insertions, 40 deletions

diff --git a/sys/compat/ndis/subr_ntoskrnl.c b/sys/compat/ndis/subr_ntoskrnl.c
index 574889f202c6..f8600c3825e7 100644
--- a/sys/compat/ndis/subr_ntoskrnl.c
+++ b/sys/compat/ndis/subr_ntoskrnl.c
@@ -3195,10 +3195,8 @@ rand(void)
 }
 
 static void
-srand(unsigned int seed)
+srand(unsigned int seed __unused)
 {
-
-	srandom(seed);
 }
 
 static uint8_t
diff --git a/sys/dev/oce/oce_mbox.c b/sys/dev/oce/oce_mbox.c
index a1926526edbf..05dac5847cb8 100644
--- a/sys/dev/oce/oce_mbox.c
+++ b/sys/dev/oce/oce_mbox.c
@@ -859,7 +859,6 @@ oce_config_nic_rss(POCE_SOFTC sc, uint32_t if_id, uint16_t enable_rss)
 
 	fwcmd->params.req.if_id = LE_32(if_id);
 
-	srandom(arc4random());	/* random entropy seed */
 	read_random(fwcmd->params.req.hash, sizeof(fwcmd->params.req.hash));
 	
 	rc = oce_rss_itbl_init(sc, fwcmd);
diff --git a/sys/kern/init_main.c b/sys/kern/init_main.c
index 6d4e7b432818..b2df117d1115 100644
--- a/sys/kern/init_main.c
+++ b/sys/kern/init_main.c
@@ -624,7 +624,6 @@ SYSINIT(p0init, SI_SUB_INTRINSIC, SI_ORDER_FIRST, proc0_init, NULL);
 static void
 proc0_post(void *dummy __unused)
 {
-	struct timespec ts;
 	struct proc *p;
 	struct rusage ru;
 	struct thread *td;
@@ -656,28 +655,9 @@ proc0_post(void *dummy __unused)
 	sx_sunlock(&allproc_lock);
 	PCPU_SET(switchtime, cpu_ticks());
 	PCPU_SET(switchticks, ticks);
-
-	/*
-	 * Give the ``random'' number generator a thump.
-	 */
-	nanotime(&ts);
-	srandom(ts.tv_sec ^ ts.tv_nsec);
 }
 SYSINIT(p0post, SI_SUB_INTRINSIC_POST, SI_ORDER_FIRST, proc0_post, NULL);
 
-static void
-random_init(void *dummy __unused)
-{
-
-	/*
-	 * After CPU has been started we have some randomness on most
-	 * platforms via get_cyclecount().  For platforms that don't
-	 * we will reseed random(9) in proc0_post() as well.
-	 */
-	srandom(get_cyclecount());
-}
-SYSINIT(random, SI_SUB_RANDOM, SI_ORDER_FIRST, random_init, NULL);
-
 /*
  ***************************************************************************
  ****
diff --git a/sys/kern/subr_stats.c b/sys/kern/subr_stats.c
index bbdc1039237e..a212f739deca 100644
--- a/sys/kern/subr_stats.c
+++ b/sys/kern/subr_stats.c
@@ -2963,7 +2963,14 @@ stats_v1_vsd_tdgst_compress(enum vsd_dtype vs_dtype,
 	 * re-inserting the mu/cnt of each as a value and corresponding weight.
 	 */
 
-#define	bitsperrand 31 /* Per random(3). */
+	/*
+	 * XXXCEM: random(9) is currently rand(3), not random(3).  rand(3)
+	 * RAND_MAX happens to be approximately 31 bits (range [0,
+	 * 0x7ffffffd]), so the math kinda works out.  When/if this portion of
+	 * the code is compiled in userspace, it gets the random(3) behavior,
+	 * which has expected range [0, 0x7fffffff].
+	 */
+#define	bitsperrand 31
 	ebits = 0;
 	nebits = 0;
 	bitsperidx = fls(maxctds);
@@ -2971,7 +2978,6 @@ stats_v1_vsd_tdgst_compress(enum vsd_dtype vs_dtype,
 	    ("%s: bitsperidx=%d, ebits=%d",
 	    __func__, bitsperidx, (int)(sizeof(ebits) << 3)));
 	idxmask = (UINT64_C(1) << bitsperidx) - 1;
-	srandom(stats_sbinuptime());
 
 	/* Initialise the free list with randomised centroid indices. */
 	for (; remctds > 0; remctds--) {
diff --git a/sys/libkern/random.c b/sys/libkern/random.c
index 5f2651130ab7..e5e9de6108e1 100644
--- a/sys/libkern/random.c
+++ b/sys/libkern/random.c
@@ -34,32 +34,31 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <sys/types.h>
 #include <sys/libkern.h>
-
-#define NSHUFF 50       /* to drop some "seed -> 1st value" linearity */
+#include <sys/systm.h>
 
 static u_long randseed = 937186357; /* after srandom(1), NSHUFF counted */
 
-void
-srandom(u_long seed)
-{
-	int i;
-
-	randseed = seed;
-	for (i = 0; i < NSHUFF; i++)
-		(void)random();
-}
-
 /*
  * Pseudo-random number generator for perturbing the profiling clock,
  * and whatever else we might use it for.  The result is uniform on
  * [0, 2^31 - 1].
  */
 u_long
-random()
+random(void)
 {
+	static bool warned = false;
+
 	long x, hi, lo, t;
 
+	/* Warn only once, or it gets very spammy. */
+	if (!warned) {
+		gone_in(13,
+		    "random(9) is the obsolete Park-Miller LCG from 1988");
+		warned = true;
+	}
+
 	/*
 	 * Compute x[n + 1] = (7^5 * x[n]) mod (2^31 - 1).
 	 * From "Random number generators: good ones are hard to find",
diff --git a/sys/sys/libkern.h b/sys/sys/libkern.h
index ba182739cfe7..5e873cda726a 100644
--- a/sys/sys/libkern.h
+++ b/sys/sys/libkern.h
@@ -166,7 +166,6 @@ void	 qsort_r(void *base, size_t nmemb, size_t size, void *thunk,
 	    int (*compar)(void *, const void *, const void *));
 u_long	 random(void);
 int	 scanc(u_int, const u_char *, const u_char *, int);
-void	 srandom(u_long);
 int	 strcasecmp(const char *, const char *);
 char	*strcat(char * __restrict, const char * __restrict);
 char	*strchr(const char *, int);