diff options
| -rw-r--r-- | util/nvmutil/nvmutil.c | 486 |
1 files changed, 274 insertions, 212 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c index ee1656ab..a6790f86 100644 --- a/util/nvmutil/nvmutil.c +++ b/util/nvmutil/nvmutil.c @@ -81,27 +81,56 @@ typedef char static_assert_uint16_t_is_2[(sizeof(uint16_t) == 2) ? 1 : -1]; #endif #endif +/* + * Sanitize command tables. + */ static void sanitize_command_list(void); static void sanitize_command_index(size_t c); static void check_enum_bin(size_t a, const char *a_name, size_t b, const char *b_name); + +/* + * Argument handling (user input) + */ static void set_cmd(int argc, char *argv[]); static void set_cmd_args(int argc, char *argv[]); static size_t conv_argv_part_num(const char *part_str); -static void set_io_flags(int argc, char *argv[]); -static void run_cmd(size_t c); -static void check_command_num(size_t c); -static uint8_t valid_command(size_t c); static int xstrxcmp(const char *a, const char *b, size_t maxlen); + +/* + * Prep files for reading + * + * Portability: /dev/urandom used + * on Linux / old Unix, whereas + * arc4random is used on BSD/MacOS. + */ #ifndef NVMUTIL_ARC4RANDOM_BUF static void open_dev_urandom(void); #endif static void open_gbe_file(void); static void xopen(int *fd, const char *path, int flags, struct stat *st); + +/* + * Read GbE file and verify + * checksums. + * + * After this, we can run commands. + */ static void read_gbe_file(void); -static void read_gbe_file_part(size_t part); static void read_checksums(void); static int good_checksum(size_t partnum); + +/* + * Execute user command on GbE data. + * These are stubs that call helpers. + */ +static void run_cmd(size_t c); +static void check_command_num(size_t c); +static uint8_t valid_command(size_t c); + +/* + * Helper functions for command: setmac + */ static void cmd_helper_setmac(void); static void parse_mac_string(void); static size_t xstrxlen(const char *scmp, size_t maxlen); @@ -110,26 +139,60 @@ static void set_mac_nib(size_t mac_str_pos, size_t mac_byte_pos, size_t mac_nib_pos); static uint16_t hextonum(char ch_s); static uint16_t rhex(void); -static ssize_t read_gbe_file_exact(int fd, void *buf, size_t len, - off_t off, const char *path, const char *op); static void write_mac_part(size_t partnum); + +/* + * Helper functions for command: dump + */ static void cmd_helper_dump(void); static void print_mac_from_nvm(size_t partnum); static void hexdump(size_t partnum); + +/* + * Helper functions for commands: + * cat, cat16 and cat128 + */ +static void cmd_helper_cat(void); +static void gbe_cat_buf(uint8_t *b); + +/* + * After command processing, write + * the modified GbE file back. + * + * These are stub functions: check + * below for the actual functions. + */ static void write_gbe_file(void); static void override_part_modified(void); static void set_checksum(size_t part); static uint16_t calculated_checksum(size_t p); + +/* + * Helper functions for accessing + * the NVM area during operation. + */ static uint16_t nvm_word(size_t pos16, size_t part); static void set_nvm_word(size_t pos16, size_t part, uint16_t val16); static void set_part_modified(size_t p); static void check_nvm_bound(size_t pos16, size_t part); static void check_bin(size_t a, const char *a_name); -static void write_gbe_file_part(size_t part); + +/* + * Helper functions for stub functions + * that handle GbE file reads/writes. + */ +static void rw_gbe_file_part(size_t p, int rw_type, + const char *rw_type_str); +static uint8_t *gbe_mem_offset(size_t part, const char *f_op); static off_t gbe_file_offset(size_t part, const char *f_op); -static void *gbe_mem_offset(size_t part, const char *f_op); static off_t gbe_x_offset(size_t part, const char *f_op, const char *d_type, off_t nsize, off_t ncmp); +static void rw_file_exact(int fd, uint8_t *mem, size_t len, + off_t off, int rw_type, const char *path, const char *rw_type_str); + +/* + * Error handling and cleanup + */ static void err(int nvm_errval, const char *msg, ...); static void close_files(void); static const char *getnvmprogname(void); @@ -165,12 +228,6 @@ static void usage(uint8_t usage_exit); #define NVM_CHECKSUM_WORD (NVM_WORDS - 1) /* - * When reading files, we loop on error EINTR - * a maximum number of times as defined, thus: - */ -#define MAX_RETRY_RW 30 - -/* * Portable macro based on BSD nitems. * Used to count the number of commands (see below). */ @@ -192,11 +249,11 @@ static const char *rname = NULL; * The code will handle this properly. */ static uint8_t buf[GBE_FILE_SIZE]; +static uint8_t pad[GBE_PART_SIZE]; static uint16_t mac_buf[3]; static off_t gbe_file_size; -static int gbe_flags; #ifndef NVMUTIL_ARC4RANDOM_BUF static int urandom_fd = -1; #endif @@ -223,6 +280,13 @@ static const char *argv0; #define ARGC_3 3 #define ARGC_4 4 +enum { + LESEN, + PLESEN, + SCHREIB, + PSCHREIB +}; + /* * Used as indices for command[] * MUST be in the same order as entries in command[] @@ -232,6 +296,9 @@ enum { CMD_SETMAC, CMD_SWAP, CMD_COPY, + CMD_CAT, + CMD_CAT16, + CMD_CAT128 }; /* @@ -272,27 +339,24 @@ struct commands { uint8_t chksum_read; uint8_t chksum_write; size_t rw_size; /* within the 4KB GbE part */ + int flags; /* e.g. O_RDWR or O_RDONLY */ }; /* * Command table, for nvmutil commands */ static const struct commands command[] = { - /* - * Unlike older versions, we now require - * both checksums to be valid for "dump". - */ { CMD_DUMP, "dump", cmd_helper_dump, ARGC_3, NO_INVERT, SET_MOD_OFF, ARG_NOPART, - CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - NVM_SIZE }, + SKIP_CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + NVM_SIZE, O_RDONLY }, { CMD_SETMAC, "setmac", cmd_helper_setmac, ARGC_3, NO_INVERT, SET_MOD_OFF, ARG_NOPART, CHECKSUM_READ, CHECKSUM_WRITE, - NVM_SIZE }, + NVM_SIZE, O_RDWR }, /* * OPTIMISATION: Read inverted, so no copying is needed. @@ -301,7 +365,7 @@ static const struct commands command[] = { PART_INVERT, SET_MOD_BOTH, ARG_NOPART, CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - GBE_PART_SIZE }, + GBE_PART_SIZE, O_RDWR }, /* * OPTIMISATION: Read inverted, so no copying is needed. @@ -311,7 +375,25 @@ static const struct commands command[] = { PART_INVERT, SET_MOD_N, ARG_PART, CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - GBE_PART_SIZE }, + GBE_PART_SIZE, O_RDWR }, + + { CMD_CAT, "cat", cmd_helper_cat, ARGC_3, + NO_INVERT, SET_MOD_OFF, + ARG_NOPART, + CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + GBE_PART_SIZE, O_RDONLY }, + + { CMD_CAT16, "cat16", cmd_helper_cat, ARGC_3, + NO_INVERT, SET_MOD_OFF, + ARG_NOPART, + CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + GBE_PART_SIZE, O_RDONLY }, + + { CMD_CAT128, "cat128", cmd_helper_cat, ARGC_3, + NO_INVERT, SET_MOD_OFF, + ARG_NOPART, + CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + GBE_PART_SIZE, O_RDONLY }, }; #define MAX_CMD_LEN 50 @@ -348,11 +430,10 @@ main(int argc, char *argv[]) set_cmd(argc, argv); set_cmd_args(argc, argv); - set_io_flags(argc, argv); #ifdef NVMUTIL_PLEDGE #ifdef NVMUTIL_UNVEIL - if (gbe_flags == O_RDONLY) { + if (command[cmd_index].flags == O_RDONLY) { if (unveil(fname, "r") == -1) err(ECANCELED, "%s: unveil ro", fname); if (unveil(NULL, NULL) == -1) @@ -368,7 +449,7 @@ main(int argc, char *argv[]) err(ECANCELED, "pledge rw (kill unveil)"); } #else - if (gbe_flags == O_RDONLY) { + if (command[cmd_index].flags == O_RDONLY) { if (pledge("stdio rpath", NULL) == -1) err(ECANCELED, "pledge ro"); } @@ -391,6 +472,11 @@ main(int argc, char *argv[]) err(ECANCELED, "pledge stdio (main)"); #endif + /* + * Used by CMD_CAT, for padding + */ + memset(pad, 0xff, sizeof(pad)); + read_gbe_file(); read_checksums(); @@ -398,7 +484,7 @@ main(int argc, char *argv[]) if (errno) err(errno, "%s: Unhandled error (WRITE SKIPPED)", fname); - else if (gbe_flags != O_RDONLY) + else if (command[cmd_index].flags == O_RDWR) write_gbe_file(); close_files(); @@ -485,6 +571,13 @@ sanitize_command_index(size_t c) if (gbe_rw_size > GBE_PART_SIZE) err(EINVAL, "rw_size larger than GbE part: %zu", gbe_rw_size); + + if (command[c].flags != O_RDONLY && + command[c].flags != O_RDWR) + err(EINVAL, "invalid cmd.flags setting"); + + if (!((PLESEN > LESEN) && (SCHREIB > PLESEN) && (PSCHREIB > SCHREIB))) + err(EINVAL, "some rw type integers are the same"); } static void @@ -557,46 +650,6 @@ conv_argv_part_num(const char *part_str) return (size_t)(ch - '0'); } -static void -set_io_flags(int argc, char *argv[]) -{ - gbe_flags = O_RDWR; - - if (argc < 3) - return; - - if (xstrxcmp(argv[2], "dump", MAX_CMD_LEN) == 0) - gbe_flags = O_RDONLY; -} - -static void -run_cmd(size_t c) -{ - check_command_num(c); - if (command[c].run) - command[c].run(); -} - -static void -check_command_num(size_t c) -{ - if (!valid_command(c)) - err(ECANCELED, "Invalid run_cmd arg: %zu", c); -} - -static uint8_t -valid_command(size_t c) -{ - if (c >= N_COMMANDS) - return 0; - - if (c != command[c].chk) - err(ECANCELED, "Invalid cmd chk value (%zu) vs arg: %zu", - command[c].chk, c); - - return 1; -} - /* * Portable strcmp() but blocks NULL/empty/unterminated * strings. Even stricter than strncmp(). @@ -661,7 +714,7 @@ open_gbe_file(void) { struct stat gbe_st; - xopen(&gbe_fd, fname, gbe_flags, &gbe_st); + xopen(&gbe_fd, fname, command[cmd_index].flags, &gbe_st); gbe_file_size = gbe_st.st_size; @@ -700,28 +753,11 @@ read_gbe_file(void) for (p = 0; p < 2; p++) { if (do_read[p]) - read_gbe_file_part(p); + rw_gbe_file_part(p, PLESEN, "pread"); } } static void -read_gbe_file_part(size_t p) -{ - size_t gbe_rw_size = command[cmd_index].rw_size; - - void *mem_offset = - gbe_mem_offset(p ^ command[cmd_index].invert, "pread"); - - if ((size_t)read_gbe_file_exact(gbe_fd, mem_offset, - gbe_rw_size, gbe_file_offset(p, "pread"), fname, "pread") != - gbe_rw_size) - err(ECANCELED, "%s: Partial read from p%zu", fname, p); - - printf("%s: Read %zu bytes from p%zu\n", - fname, gbe_rw_size, p); -} - -static void read_checksums(void) { size_t p; @@ -764,9 +800,13 @@ read_checksums(void) if (num_invalid < max_invalid) errno = 0; - if (num_invalid >= max_invalid) + if (num_invalid >= max_invalid) { + if (max_invalid == 1) + err(ECANCELED, "%s: part %zu has a bad checksum", + fname, part); err(ECANCELED, "%s: No valid checksum found in file", fname); + } } static int @@ -775,26 +815,42 @@ good_checksum(size_t partnum) uint16_t expected_checksum = calculated_checksum(partnum); uint16_t current_checksum = nvm_word(NVM_CHECKSUM_WORD, partnum); - size_t real_partnum = partnum ^ command[cmd_index].invert; - if (current_checksum == expected_checksum) return 1; - fprintf(stderr, - "WARNING: BAD checksum in part %zu\n" - "EXPECTED checksum in part %zu: %04x\n" - "CURRENT checksum in part %zu: %04x\n", - real_partnum, - real_partnum, - expected_checksum, - real_partnum, - current_checksum); - set_err(ECANCELED); return 0; } static void +run_cmd(size_t c) +{ + check_command_num(c); + if (command[c].run) + command[c].run(); +} + +static void +check_command_num(size_t c) +{ + if (!valid_command(c)) + err(ECANCELED, "Invalid run_cmd arg: %zu", c); +} + +static uint8_t +valid_command(size_t c) +{ + if (c >= N_COMMANDS) + return 0; + + if (c != command[c].chk) + err(ECANCELED, "Invalid cmd chk value (%zu) vs arg: %zu", + command[c].chk, c); + + return 1; +} + +static void cmd_helper_setmac(void) { size_t partnum; @@ -930,81 +986,17 @@ rhex(void) { static size_t n = 0; static uint8_t rnum[12]; -#ifndef NVMUTIL_ARC4RANDOM_BUF - int max_retries; -#endif -#ifdef NVMUTIL_ARC4RANDOM_BUF if (!n) { n = sizeof(rnum); +#ifdef NVMUTIL_ARC4RANDOM_BUF arc4random_buf(rnum, n); - } #else - for (max_retries = 0; max_retries < 50 && !n; max_retries++) - n = (size_t)read_gbe_file_exact(urandom_fd, - rnum, sizeof(rnum), 0, rname, NULL); - if (!n || n > sizeof(rnum)) - err(ECANCELED, "Randomisation failure"); -#endif - - return (uint16_t)(rnum[--n] & 0xf); -} - -static ssize_t -read_gbe_file_exact(int fd, void *buf, size_t len, - off_t off, const char *path, const char *op) -{ - int retry; - ssize_t rval; - - if (fd == -1) - err(ECANCELED, "Trying to open bad fd: %s", path); - - for (retry = 0; retry < MAX_RETRY_RW; retry++) { - if (op) - rval = pread(fd, buf, len, off); - else - rval = read(fd, buf, len); - - if (rval == (ssize_t)len) { - errno = 0; - return rval; - } - - if (rval != -1) { -#ifndef NVMUTIL_ARC4RANDOM_BUF - if (fd == urandom_fd) { - /* - * /dev/[u]random reads can still return - * partial reads legally, on some weird - * Unix systems (especially older ones). - * - * We use a circular buffer for random - * bytes in rhex(), so we can just use - * the smaller amount of bytes and call - * read_gbe_file_exact again if necessary. - */ - if (rval > 0) { - errno = 0; - return rval; - } - } + rw_file_exact(urandom_fd, rnum, n, 0, LESEN, rname, "read"); #endif - err(ECANCELED, - "Short %s, %zd bytes, on file: %s", - op ? op : "read", rval, path); - } - - if (errno != EINTR) - err(ECANCELED, - "Could not %s file: '%s'", - op ? op : "read", path); } - err(EINTR, "%s: max retries exceeded on file: %s", - op ? op : "read", path); - - return -1; + return (uint16_t)(rnum[--n] & 0xf); } static void @@ -1028,7 +1020,18 @@ cmd_helper_dump(void) { size_t partnum; + part_valid[0] = good_checksum(0); + part_valid[1] = good_checksum(1); + + if (part_valid[0] || part_valid[1]) + errno = 0; + for (partnum = 0; partnum < 2; partnum++) { + if (!part_valid[partnum]) + fprintf(stderr, + "BAD checksum %04x in part %zu (expected %04x)\n", + nvm_word(NVM_CHECKSUM_WORD, partnum), + partnum, calculated_checksum(partnum)); printf("MAC (part %zu): ", partnum); print_mac_from_nvm(partnum); @@ -1071,13 +1074,44 @@ hexdump(size_t partnum) } static void +cmd_helper_cat(void) +{ + size_t p; + size_t ff; + size_t n = 0; + + if (cmd_index == CMD_CAT16) + n = 1; + else if (cmd_index == CMD_CAT128) + n = 15; + else if (cmd_index != CMD_CAT) + err(ECANCELED, "cmd_helper_cat called erroneously"); + + fflush(NULL); + + for (p = 0; p < 2; p++) { + gbe_cat_buf(buf + (p * GBE_PART_SIZE)); + + for (ff = 0; ff < n; ff++) + gbe_cat_buf(pad); + } +} + +static void +gbe_cat_buf(uint8_t *b) +{ + rw_file_exact(STDOUT_FILENO, b, GBE_PART_SIZE, 0, + SCHREIB, "stdout", "write"); +} + +static void write_gbe_file(void) { size_t p; size_t partnum; uint8_t update_checksum; - if (gbe_flags == O_RDONLY) + if (command[cmd_index].flags == O_RDONLY) return; update_checksum = command[cmd_index].chksum_write; @@ -1093,7 +1127,7 @@ write_gbe_file(void) if (update_checksum) set_checksum(partnum); - write_gbe_file_part(partnum); + rw_gbe_file_part(partnum, PSCHREIB, "pwrite"); } } @@ -1207,39 +1241,40 @@ check_bin(size_t a, const char *a_name) } static void -write_gbe_file_part(size_t p) +rw_gbe_file_part(size_t p, int rw_type, + const char *rw_type_str) { - int retry; - ssize_t rval; - size_t gbe_rw_size; - - if (gbe_fd == -1) - err(ECANCELED, "%s: Trying to write bad gbe_fd", fname); + size_t gbe_rw_size = command[cmd_index].rw_size; + uint8_t invert = command[cmd_index].invert; - gbe_rw_size = command[cmd_index].rw_size; + uint8_t *mem_offset; - for (retry = 0; retry < MAX_RETRY_RW; retry++) { - rval = pwrite(gbe_fd, gbe_mem_offset(p, "pwrite"), - gbe_rw_size, gbe_file_offset(p, "pwrite")); + if (rw_type == SCHREIB || rw_type == PSCHREIB) + invert = 0; - if (rval == (ssize_t)gbe_rw_size) { - errno = 0; - printf("%s: Wrote %zu bytes to part %zu\n", - fname, gbe_rw_size, p); - return; - } + /* + * Inverted reads are used by copy/swap. + * E.g. read from p0 (file) to p1 (mem). + */ + mem_offset = gbe_mem_offset(p ^ invert, rw_type_str); - if (rval != -1) - err(ECANCELED, - "%s: Short pwrite, %zd bytes", - fname, rval); + rw_file_exact(gbe_fd, mem_offset, + gbe_rw_size, gbe_file_offset(p, rw_type_str), + rw_type, fname, rw_type_str); +} - if (errno != EINTR) - err(ECANCELED, - "%s: pwrite failed on p%zu", fname, p); - } +/* + * This one is similar to gbe_file_offset, + * but used to check Gbe bounds in memory, + * and it is *also* used during file I/O. + */ +static uint8_t * +gbe_mem_offset(size_t p, const char *f_op) +{ + off_t gbe_off = gbe_x_offset(p, f_op, "mem", + GBE_PART_SIZE, GBE_FILE_SIZE); - err(EINTR, "%s: pwrite: max retries exceeded on p%zu", fname, p); + return (uint8_t *)(buf + gbe_off); } /* @@ -1259,20 +1294,6 @@ gbe_file_offset(size_t p, const char *f_op) gbe_file_half_size, gbe_file_size); } -/* - * This one is similar to gbe_file_offset, - * but used to check Gbe bounds in memory, - * and it is *also* used during file I/O. - */ -static void * -gbe_mem_offset(size_t p, const char *f_op) -{ - off_t gbe_off = gbe_x_offset(p, f_op, "mem", - GBE_PART_SIZE, GBE_FILE_SIZE); - - return (void *)(buf + gbe_off); -} - static off_t gbe_x_offset(size_t p, const char *f_op, const char *d_type, off_t nsize, off_t ncmp) @@ -1295,6 +1316,43 @@ gbe_x_offset(size_t p, const char *f_op, const char *d_type, } static void +rw_file_exact(int fd, uint8_t *mem, size_t len, + off_t off, int rw_type, const char *path, + const char *rw_type_str) +{ + ssize_t rval = -1; + ssize_t rc = 0; + + if (fd < 0) + err(EIO, "%s: %s: Bad fd %d", path, rw_type_str, fd); + if (!len) + err(EIO, "%s: %s: Zero length", path, rw_type_str); + + for (rc = 0; rc != (ssize_t)len; rc += rval) { + if (rw_type == PSCHREIB) + rval = pwrite(fd, mem + rc, len - rc, off + rc); + else if (rw_type == SCHREIB) + rval = write(fd, mem + rc, len - rc); + else if (rw_type == PLESEN) + rval = pread(fd, mem + rc, len - rc, off + rc); + else if (rw_type == LESEN) + rval = read(fd, mem + rc, len - rc); + + if (rval > -1) { + if (!rval) /* prevent infinite loop */ + err(EIO, "%s: %s: 0-byte return", + path, rw_type_str); + continue; + } + + if (errno != EINTR || rval < -1) + err(EIO, "%s: %s", path, rw_type_str); + + errno = 0; + } +} + +static void err(int nvm_errval, const char *msg, ...) { if (nvm_errval != -1) @@ -1375,8 +1433,12 @@ usage(uint8_t usage_exit) "\t%s FILE dump\n" "\t%s FILE setmac [MAC]\n" "\t%s FILE swap\n" - "\t%s FILE copy 0|1\n", - util, util, util, util); + "\t%s FILE copy 0|1\n" + "\t%s FILE cat\n" + "\t%s FILE cat16\n" + "\t%s FILE cat128\n", + util, util, util, util, + util, util, util); if (usage_exit) err(EINVAL, "Too few arguments"); |