On Fri, Jun 14, 2024 at 12:08 PM Jason A. Donenfeld <Jason@xxxxxxxxx> wrote: > > Provide a generic C vDSO getrandom() implementation, which operates on > an opaque state returned by vgetrandom_alloc() and produces random bytes > the same way as getrandom(). This has a the API signature: > > ssize_t vgetrandom(void *buffer, size_t len, unsigned int flags, void *opaque_state); Last time around, I mentioned some potential issues with this function signature, and I didn't see any answer. My specific objection was to the fact that the caller passes in a pointer but not a length, and this potentially makes reasoning about memory safety awkward, especially if anything like CRIU is involved. --Andy
