* Jason A. Donenfeld: > Hi Florian, > > On Wed, Nov 23, 2022 at 11:46:58AM +0100, Florian Weimer wrote: >> * Jason A. Donenfeld: >> >> > + * The vgetrandom() function in userspace requires an opaque state, which this >> > + * function provides to userspace, by mapping a certain number of special pages >> > + * into the calling process. It takes a hint as to the number of opaque states >> > + * desired, and returns the number of opaque states actually allocated, the >> > + * size of each one in bytes, and the address of the first state. >> > + */ >> > +SYSCALL_DEFINE3(vgetrandom_alloc, unsigned long __user *, num, >> > + unsigned long __user *, size_per_each, unsigned int, flags) >> >> I think you should make this __u64, so that you get a consistent >> userspace interface on all architectures, without the need for compat >> system calls. > > That would be quite unconventional. Most syscalls that take lengths do > so with the native register size (`unsigned long`, `size_t`), rather > than u64. If you can point to a recent trend away from this by > indicating some commits that added new syscalls with u64, I'd be happy > to be shown otherwise. But AFAIK, that's not the way it's done. See clone3 and struct clone_args. It's more common with pointers, which are now 64 bits unconditionally: struct futex_waitv, struct rseq_cs and struct rseq. If the length or pointer is a system call argument, widening it to 64 bits is not necessary because zero-extension to the full register eliminates the need for a compat system call. But if you pass the address to a size or pointer, you'll need compat syscalls if you don't make the passed data __u64. Thanks, Florian