* Theodore Ts'o: > On Sat, Oct 08, 2016 at 02:28:27PM +0200, Florian Weimer wrote: >> The manual page says the return type of getrandom(2) is int, but >> ssize_t would be more natural (see read(2) for comparison). The >> kernel uses ssize_t internally, which is converted to long on the >> system call boundary. >> >> The difference does not currently matter because the return value is >> limited to much less than INT_MAX in the implementation. >> >> Should we use int or ssize_t in the glibc system call wrapper? > > I'd suggest keeping it as an int since (a) OpenBSD's getentropy(2) > returns an int, and part of the orignal design goal is to be able to > emulate OpenBSD's getentropy(2) system call via: > > int getentropy(void *buf, size_t buflen) > { > return getrandom(buf, buflen, 0); > } But this implementation is quite wrong. It has to look like something like this: int getentropy (void *buf, size_t buflen) { ssize_t ret = getrandom (buf, buflen, 0) if (ret < 0) return -1; if (ret < buflen) { errno = EIO; return -1; } return 0; } The ssize_t return would hint to the fact that such a wrapper is required because the interfaces are somewhat different. > and (b) the maximum number of bytes returned will *always* be well > under INT_MAX. I can't forsee at any point in any future or alternate > universe where getrandom() would need to return anywhere near > SHORT_MAX, let alone INT_MAX. Right, that's true for the Linux implementation. The question is whether it applies to other implementations as well. Solaris appears to have an even lower limit. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html