util/nvmutil: use renameat for atomic write

not rename(). use renameat()

this re-uses the logic added for mkhtemp.

this will later enable more stringent
integrity checks, though we already verify
the integrity of a file after writing it
back, and renameat is always tied to the
descriptor, so it's fine.

Signed-off-by: Leah Rowe <leah@libreboot.org>

1 files changed, 24 insertions, 0 deletions

diff --git a/util/libreboot-utils/lib/state.c b/util/libreboot-utils/lib/state.c
index 2d2f6087..e3cb0890 100644
--- a/util/libreboot-utils/lib/state.c
+++ b/util/libreboot-utils/lib/state.c
@@ -29,6 +29,8 @@ xstart(int argc, char *argv[])
 	static char *dir = NULL;
 	static char *base = NULL;
 	char *realdir = NULL;
+	char *tmpdir = NULL;
+	char *tmpbase_local = NULL;
 
 	static struct xstate us = {
 	{
@@ -118,9 +120,27 @@ xstart(int argc, char *argv[])
 		err_no_cleanup(errno, "xstart: don't know CWD of %s",
 		    us.f.fname);
 
+	if ((us.f.base = strdup(base)) == NULL)
+		err_no_cleanup(errno, "strdup base");
+
+	us.f.dirfd = fs_open(dir,
+	    O_RDONLY | O_DIRECTORY);
+	if (us.f.dirfd < 0)
+		err_no_cleanup(errno, "%s: open dir", dir);
+
 	if (new_tmpfile(&us.f.tmp_fd, &us.f.tname, dir) < 0)
 		err_no_cleanup(errno, "%s", us.f.tname);
 
+	if (fs_dirname_basename(us.f.tname,
+	    &tmpdir, &tmpbase_local, 0) < 0)
+		err_no_cleanup(errno, "tmp basename");
+
+	us.f.tmpbase = strdup(tmpbase_local);
+	if (us.f.tmpbase == NULL)
+		err_no_cleanup(errno, "strdup tmpbase");
+
+	free_if_null(&tmpdir);
+
 	if (us.f.tname == NULL)
 		err_no_cleanup(errno, "x->f.tname null");
 	if (*us.f.tname == '\0')
@@ -197,6 +217,10 @@ exit_cleanup(void)
 		if (f->tname != NULL)
 			if (unlink(f->tname) == -1)
 				close_err = 1;
+
+		close_no_err(&f->dirfd);
+		free_if_null(&f->base);
+		free_if_null(&f->tmpbase);
 	}
 
 	if (saved_errno)