* Theodore Ts'o:
> On Sat, Oct 08, 2016 at 02:28:27PM +0200, Florian Weimer wrote:
>> The manual page says the return type of getrandom(2) is int, but
>> ssize_t would be more natural (see read(2) for comparison). The
>> kernel uses ssize_t internally, which is converted to long on the
>> system call boundary.
>>
>> The difference does not currently matter because the return value is
>> limited to much less than INT_MAX in the implementation.
>>
>> Should we use int or ssize_t in the glibc system call wrapper?
>
> I'd suggest keeping it as an int since (a) OpenBSD's getentropy(2)
> returns an int, and part of the orignal design goal is to be able to
> emulate OpenBSD's getentropy(2) system call via:
>
> int getentropy(void *buf, size_t buflen)
> {
> return getrandom(buf, buflen, 0);
> }
But this implementation is quite wrong. It has to look like something
like this:
int
getentropy (void *buf, size_t buflen)
{
ssize_t ret = getrandom (buf, buflen, 0)
if (ret < 0)
return -1;
if (ret < buflen)
{
errno = EIO;
return -1;
}
return 0;
}
The ssize_t return would hint to the fact that such a wrapper is
required because the interfaces are somewhat different.
> and (b) the maximum number of bytes returned will *always* be well
> under INT_MAX. I can't forsee at any point in any future or alternate
> universe where getrandom() would need to return anywhere near
> SHORT_MAX, let alone INT_MAX.
Right, that's true for the Linux implementation. The question is
whether it applies to other implementations as well. Solaris appears
to have an even lower limit.
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
