summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--util/nvmutil/nvmutil.c178
1 files changed, 90 insertions, 88 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index 3cf06338..68e041a3 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -211,6 +211,8 @@ static off_t gbe_x_offset(size_t part, const char *f_op,
const char *d_type, off_t nsize, off_t ncmp);
static ssize_t rw_file_exact(int fd, uint8_t *mem, size_t len,
off_t off, int rw_type);
+static ssize_t do_rw(int fd,
+ uint8_t *mem, size_t len, off_t off, int rw_type);
static ssize_t prw(int fd, void *mem, size_t nrw,
off_t off, int rw_type);
static off_t lseek_eintr(int fd, off_t off, int whence);
@@ -221,7 +223,7 @@ static off_t lseek_eintr(int fd, off_t off, int whence);
static void err(int nvm_errval, const char *msg, ...);
static void close_files(void);
static const char *getnvmprogname(void);
-static void set_err(int errval);
+static void set_err_if_unset(int errval);
static void usage(uint8_t usage_exit);
/*
@@ -430,6 +432,9 @@ static const struct commands command[] = {
*/
static size_t cmd_index = CMD_NULL;
+typedef char assert_argc3[(ARGC_3==3)?1:-1];
+typedef char assert_argc4[(ARGC_4==4)?1:-1];
+
int
main(int argc, char *argv[])
{
@@ -501,9 +506,10 @@ main(int argc, char *argv[])
errno = 0;
run_cmd(cmd_index);
- if (errno)
+ if (errno && (!(part_valid[0] || part_valid[1])))
err(errno, "%s: Unhandled error (WRITE SKIPPED)", fname);
- else if (command[cmd_index].flags == O_RDWR)
+
+ if (command[cmd_index].flags == O_RDWR)
write_gbe_file();
close_files();
@@ -522,7 +528,7 @@ sanitize_command_list(void)
{
size_t c;
- for (c = 0; valid_command(c); c++)
+ for (c = 0; c < N_COMMANDS; c++)
sanitize_command_index(c);
}
@@ -534,11 +540,6 @@ sanitize_command_index(size_t c)
check_command_num(c);
- if (ARGC_3 != 3)
- err(EINVAL, "ARGC_3 is not equal to 3");
- if (ARGC_4 != 4)
- err(EINVAL, "ARGC_4 is not equal to 4");
-
if (command[c].argc < 3)
err(EINVAL, "cmd index %lu: argc below 3, %d",
(unsigned long)c, command[c].argc);
@@ -556,6 +557,15 @@ sanitize_command_index(size_t c)
(unsigned long)c, command[c].str);
}
+ if (!((CMD_SETMAC > CMD_DUMP) && (CMD_SWAP > CMD_SETMAC) &&
+ (CMD_COPY > CMD_SWAP) && (CMD_CAT > CMD_COPY) &&
+ (CMD_CAT16 > CMD_CAT) && (CMD_CAT128 > CMD_CAT16)))
+ err(EINVAL, "Some command integers are the same");
+
+ if (!((SET_MOD_0 > SET_MOD_OFF) && (SET_MOD_1 > SET_MOD_0) &&
+ (SET_MOD_N > SET_MOD_1) && (SET_MOD_BOTH > SET_MOD_N)))
+ err(EINVAL, "Some modtype integers are the same");
+
mod_type = command[c].set_modified;
switch (mod_type) {
case SET_MOD_0:
@@ -578,6 +588,7 @@ sanitize_command_index(size_t c)
CHECKSUM_READ, "CHECKSUM_READ");
check_enum_bin(SKIP_CHECKSUM_WRITE, "SKIP_CHECKSUM_WRITE",
CHECKSUM_WRITE, "CHECKSUM_WRITE");
+ check_enum_bin(NO_INVERT, "NO_INVERT", PART_INVERT, "PART_INVERT");
gbe_rw_size = command[c].rw_size;
@@ -598,8 +609,8 @@ sanitize_command_index(size_t c)
command[c].flags != O_RDWR)
err(EINVAL, "invalid cmd.flags setting");
- if (!((PLESEN > LESEN) && (SCHREIB > PLESEN) && (PSCHREIB > SCHREIB)))
- err(EINVAL, "some rw type integers are the same");
+ if (!((!LESEN) && (PLESEN == 1) && (SCHREIB == 2) && (PSCHREIB == 3)))
+ err(EINVAL, "rw type integers are the wrong values");
}
static void
@@ -703,7 +714,7 @@ xstrxcmp(const char *a, const char *b, size_t maxlen)
/*
* Should never reach here. This keeps compilers happy.
*/
- set_err(EINVAL);
+ set_err_if_unset(EINVAL);
return -1;
}
@@ -847,7 +858,7 @@ good_checksum(size_t partnum)
if (current_checksum == expected_checksum)
return 1;
- set_err(EINVAL);
+ set_err_if_unset(EINVAL);
return 0;
}
@@ -1015,6 +1026,7 @@ rhex(void)
n = sizeof(rnum);
if (rw_file_exact(urandom_fd, rnum, n, 0, LESEN) == -1)
err(errno, "Randomisation failed");
+ errno = 0;
}
return (uint16_t)(rnum[--n] & 0xf);
@@ -1130,30 +1142,32 @@ gbe_cat_buf(uint8_t *b)
rval = rw_file_exact(STDOUT_FILENO, b,
GBE_PART_SIZE, 0, SCHREIB);
- if (rval == -1) {
- if (errno == EAGAIN) {
- /*
- * We assume that no
- * data was written
- * to stdout.
- */
- errno = 0;
- continue;
- }
+ if (rval >= 0) {
+ /*
+ * A partial write is especially
+ * fatal, as it should already be
+ * prevented in rw_file_exact().
+ */
+ if ((size_t)rval != GBE_PART_SIZE)
+ err(EIO, "stdout: cat: Partial write");
+ break;
+ }
+ if (errno != EAGAIN)
err(errno, "stdout: cat");
- }
/*
- * A partial write is especially
- * fatal, as it should already be
- * prevented in rw_file_exact().
+ * We assume that no data
+ * was written to stdout.
*/
- if ((size_t)rval != GBE_PART_SIZE)
- err(EIO, "stdout: cat: Partial write");
-
- break;
+ errno = 0;
}
+
+ /*
+ * No errors here.
+ * Avoid the warning in main()
+ */
+ errno = 0;
}
static void
@@ -1317,6 +1331,8 @@ rw_gbe_file_part(size_t p, int rw_type,
rw_type) == -1)
err(errno, "%s: %s: part %lu",
fname, rw_type_str, (unsigned long)p);
+
+ errno = 0;
}
/*
@@ -1334,8 +1350,7 @@ gbe_mem_offset(size_t p, const char *f_op)
}
/*
- * Reads to GbE from write_gbe_file_part and read_gbe_file_part
- * are filtered through here. These operations must
+ * I/O operations filtered here. These operations must
* only write from the 0th position or the half position
* within the GbE file, and write 4KB of data.
*
@@ -1395,64 +1410,49 @@ rw_file_exact(int fd, uint8_t *mem, size_t len,
ssize_t rval = 0;
size_t rc = 0;
- if (fd < 0) {
- set_err(EIO);
- return -1;
- }
- if (!len) {
- set_err(EIO);
- return -1;
- }
- if (len > (size_t)SSIZE_MAX) {
- set_err(EIO);
+ if (fd < 0 || !len || len > (size_t)SSIZE_MAX) {
+ set_err_if_unset(EIO);
return -1;
}
while (rc < len) {
- if (rw_type == PSCHREIB) {
- rval = prw(fd, mem + rc, len - rc,
- off + rc, rw_type);
- } else if (rw_type == SCHREIB) {
- rval = write(fd, mem + rc, len - rc);
- } else if (rw_type == PLESEN) {
- rval = prw(fd, mem + rc, len - rc,
- off + rc, rw_type);
- } else if (rw_type == LESEN) {
- rval = read(fd, mem + rc, len - rc);
- } else {
- set_err(EIO);
- return -1;
- }
+ rval = do_rw(fd, mem + rc, len - rc, off + rc, rw_type);
- if (rval >= 0) {
- if ((size_t)rval > (len - rc) /* Prevent overflow */
- || rval == 0) { /* Prevent infinite 0-byte loop */
- set_err(EIO);
- return -1;
- }
-
- rc += (size_t)rval;
+ if (rval < 0 && errno == EINTR) {
continue;
+ } else if (rval < 0) {
+ set_err_if_unset(EIO);
+ return -1;
}
- if (errno == EINTR) {
- /*
- * EINTR is not fatal, because we
- * eventually return. We rely on
- * errno for general error state
- * after return from rw_file_exact,
- * so we don't want a false error.
- */
- errno = 0;
- continue;
+ if ((size_t)rval > (len - rc) /* Prevent overflow */
+ || rval == 0) { /* Prevent infinite 0-byte loop */
+ set_err_if_unset(EIO);
+ return -1;
}
- set_err(EIO);
- return -1;
+ rc += (size_t)rval;
}
return rc;
}
+static ssize_t
+do_rw(int fd, uint8_t *mem,
+ size_t len, off_t off, int rw_type)
+{
+ if (rw_type == LESEN || rw_type == PLESEN << 2)
+ return read(fd, mem, len);
+
+ if (rw_type == SCHREIB || rw_type == PSCHREIB << 2)
+ return write(fd, mem, len);
+
+ if (rw_type == PLESEN || rw_type == PSCHREIB)
+ return prw(fd, mem, len, off, rw_type);
+
+ set_err_if_unset(EINVAL);
+ return -1;
+}
+
/*
* This implements a portable analog of pwrite()
* and pread() - note that this version is not
@@ -1476,14 +1476,7 @@ prw(int fd, void *mem, size_t nrw,
return -1;
do {
- if (rw_type == PLESEN)
- r = read(fd, mem, nrw);
- else if (rw_type == PSCHREIB)
- r = write(fd, mem, nrw);
- else {
- set_err(EINVAL);
- return -1;
- }
+ r = do_rw(fd, mem, nrw, off, rw_type << 2);
} while (r < 0 && errno == EINTR);
saved_errno = errno;
@@ -1523,7 +1516,7 @@ err(int nvm_errval, const char *msg, ...)
* one that does this.
*
* Since the errval is for setting errno, -1
- * would be incorrect. Therefore, set_err()
+ * would be incorrect. Therefore, set_err_if_unset()
* avoids overriding errno if the given value
* is negative.
*
@@ -1538,7 +1531,7 @@ err(int nvm_errval, const char *msg, ...)
vfprintf(stderr, msg, args);
va_end(args);
- set_err(nvm_errval);
+ set_err_if_unset(nvm_errval);
fprintf(stderr, ": %s", strerror(errno));
fprintf(stderr, "\n");
@@ -1577,8 +1570,17 @@ getnvmprogname(void)
return argv0;
}
+/*
+ * Set errno only if it hasn't already been set.
+ * This prevents overriding real libc errors.
+ *
+ * We use errno for regular program state, while
+ * being careful not to clobber what was set by
+ * real libc function, or a minority of our stub
+ * functions such as prw()
+ */
static void
-set_err(int x)
+set_err_if_unset(int x)
{
if (errno)
return;
generated by cgit v1.2.1 (git 2.18.0) at 2026-03-11 01:28:15 +0000