diff options
| -rw-r--r-- | util/nvmutil/nvmutil.c | 722 |
1 files changed, 384 insertions, 338 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c index 851eb0fb..b40a0910 100644 --- a/util/nvmutil/nvmutil.c +++ b/util/nvmutil/nvmutil.c @@ -26,12 +26,8 @@ * default these days. */ #ifndef PATH_LEN -#ifdef PATH_MAX -#define PATH_LEN (PATH_MAX) -#else #define PATH_LEN 1024 #endif -#endif #define OFF_ERR 0 #ifndef OFF_RESET @@ -132,7 +128,7 @@ * files at once (noting limitations with cat) * BONUS: implement own getopt(), for portability * - * TODO: document fuzzing / static analysis methods + * TODO: document fuzzing / analysis methods * for the code, and: * TODO: implement rigorous unit tests (separate util) * NOTE: this would *include* known good test files @@ -155,7 +151,7 @@ * featureset of nvmutil. * TODO: write a manpage * TODO: simplify the command sanitization, implement more - * of it as build time checks, e.g. static asserts. + * of it as build time checks, e.g. asserts. * generally remove cleverness from the code, instead * prefyerring readibility * TODO: also document nvmutil's coding style, which is @@ -198,7 +194,7 @@ further note when fuzzing is implemented: use deterministic randomisation, with a guaranteed seed - so e.g. don't use /dev/urandom in test builds. e.g. just use normal rand() -but with a static seed e.g. 1234 +but with a seed e.g. 1234 */ /* TODO: stricter build flags, e.g. @@ -234,30 +230,22 @@ also consider: #include <time.h> #include <unistd.h> -typedef unsigned char u8; -typedef unsigned short ushort; -typedef unsigned int uint; -typedef unsigned long ulong; - /* type asserts */ typedef char static_assert_char_is_8_bits[(CHAR_BIT == 8) ? 1 : -1]; typedef char static_assert_char_is_1[(sizeof(char) == 1) ? 1 : -1]; -typedef char static_assert_u8_is_1[ - (sizeof(u8) == 1) ? 1 : -1]; -typedef char static_assert_ushort_is_2[ - (sizeof(ushort) >= 2) ? 1 : -1]; +typedef char static_assert_unsigned_char_is_1[ + (sizeof(unsigned char) == 1) ? 1 : -1]; +typedef char static_assert_unsigned_short_is_2[ + (sizeof(unsigned short) >= 2) ? 1 : -1]; typedef char static_assert_short_is_2[(sizeof(short) >= 2) ? 1 : -1]; -typedef char static_assert_uint_is_4[ - (sizeof(uint) >= 4) ? 1 : -1]; -typedef char static_assert_ulong_is_4[ - (sizeof(ulong) >= 4) ? 1 : -1]; +typedef char static_assert_unsigned_int_is_4[ + (sizeof(unsigned int) >= 4) ? 1 : -1]; +typedef char static_assert_unsigned_long_is_4[ + (sizeof(unsigned long) >= 4) ? 1 : -1]; typedef char static_assert_int_ge_32[(sizeof(int) >= 4) ? 1 : -1]; typedef char static_assert_twos_complement[ ((-1 & 3) == 3) ? 1 : -1 ]; -typedef char assert_ulong_ptr[ - (sizeof(ulong) >= sizeof(void *)) ? 1 : -1 -]; typedef char assert_unsigned_long_ptr[ (sizeof(unsigned long) >= sizeof(void *)) ? 1 : -1 ]; @@ -331,23 +319,23 @@ typedef char static_assert_off_t_is_32[(sizeof(off_t) >= 4) ? 1 : -1]; /* * Sanitize command tables. */ -static void sanitize_command_list(void); -static void sanitize_command_index(unsigned long c); +void sanitize_command_list(void); +void sanitize_command_index(unsigned long c); /* * Argument handling (user input) */ -static void set_cmd(int argc, char *argv[]); -static void set_cmd_args(int argc, char *argv[]); -static unsigned long conv_argv_part_num(const char *part_str); -static int xstrxcmp(const char *a, const char *b, unsigned long maxlen); +void set_cmd(int argc, char *argv[]); +void set_cmd_args(int argc, char *argv[]); +unsigned long conv_argv_part_num(const char *part_str); +int xstrxcmp(const char *a, const char *b, unsigned long maxlen); /* * Prep files for reading */ -static void open_gbe_file(void); -static int lock_file(int fd); -static void xopen(int *fd, const char *path, int flags, struct stat *st); +void open_gbe_file(void); +int lock_file(int fd); +void xopen(int *fd, const char *path, int flags, struct stat *st); /* * Read GbE file and verify @@ -355,17 +343,17 @@ static void xopen(int *fd, const char *path, int flags, struct stat *st); * * After this, we can run commands. */ -static void copy_gbe(void); -static void read_checksums(void); -static int good_checksum(unsigned long partnum); +void copy_gbe(void); +void read_checksums(void); +int good_checksum(unsigned long partnum); /* * Execute user command on GbE data. * These are stubs that call helpers. */ -static void run_cmd(unsigned long c); -static void check_command_num(unsigned long c); -static u8 valid_command(unsigned long c); +void run_cmd(unsigned long c); +void check_command_num(unsigned long c); +unsigned char valid_command(unsigned long c); /* * portable timeval @@ -378,42 +366,41 @@ struct x_st_timeval { /* * Helper functions for command: setmac */ -static void cmd_helper_setmac(void); -static void parse_mac_string(void); -static unsigned long xstrxlen(const char *scmp, unsigned long maxlen); -static void set_mac_byte(unsigned long mac_byte_pos); -static void set_mac_nib(unsigned long mac_str_pos, +void cmd_helper_setmac(void); +void parse_mac_string(void); +unsigned long xstrxlen(const char *scmp, unsigned long maxlen); +void set_mac_byte(unsigned long mac_byte_pos); +void set_mac_nib(unsigned long mac_str_pos, unsigned long mac_byte_pos, unsigned long mac_nib_pos); -static ushort hextonum(char ch_s); -static ushort rhex(void); -static ushort read_urandom(void); -static ulong entropy_jitter(void); -static int x_i_gettimeofday(struct x_st_timeval *tv, void *tz); -static void write_mac_part(unsigned long partnum); +unsigned short hextonum(char ch_s); +unsigned long rlong(void); +unsigned long entropy_jitter(void); +int x_i_gettimeofday(struct x_st_timeval *tv, void *tz); +void write_mac_part(unsigned long partnum); /* * Helper functions for command: dump */ -static void cmd_helper_dump(void); -static void print_mac_from_nvm(unsigned long partnum); -static void hexdump(unsigned long partnum); +void cmd_helper_dump(void); +void print_mac_from_nvm(unsigned long partnum); +void hexdump(unsigned long partnum); /* * Helper functions for command: swap */ -static void cmd_helper_swap(void); +void cmd_helper_swap(void); /* * Helper functions for command: copy */ -static void cmd_helper_copy(void); +void cmd_helper_copy(void); /* * Helper functions for commands: * cat, cat16 and cat128 */ -static void cmd_helper_cat(void); -static void cat_buf(u8 *b); +void cmd_helper_cat(void); +void cat_buf(unsigned char *b); /* * After command processing, write @@ -422,80 +409,87 @@ static void cat_buf(u8 *b); * These are stub functions: check * below for the actual functions. */ -static void write_gbe_file(void); -static void set_checksum(unsigned long part); -static ushort calculated_checksum(unsigned long p); +void write_gbe_file(void); +void set_checksum(unsigned long part); +unsigned short calculated_checksum(unsigned long p); /* * Helper functions for accessing * the NVM area during operation. */ -static ushort nvm_word(unsigned long pos16, unsigned long part); -static void set_nvm_word(unsigned long pos16, unsigned long part, ushort val16); -static void set_part_modified(unsigned long p); -static void check_nvm_bound(unsigned long pos16, unsigned long part); -static void check_bin(unsigned long a, const char *a_name); +unsigned short nvm_word(unsigned long pos16, unsigned long part); +void set_nvm_word(unsigned long pos16, unsigned long part, unsigned short val16); +void set_part_modified(unsigned long p); +void check_nvm_bound(unsigned long pos16, unsigned long part); +void check_bin(unsigned long a, const char *a_name); /* * Helper functions for stub functions * that handle GbE file reads/writes. */ -static void rw_gbe_file_part(unsigned long p, int rw_type, +void rw_gbe_file_part(unsigned long p, int rw_type, const char *rw_type_str); -static void write_to_gbe_bin(void); -static int gbe_mv(void); -static void check_written_part(unsigned long p); -static void report_io_err_rw(void); -static int fsync_dir(const char *path); -static u8 *gbe_mem_offset(unsigned long part, const char *f_op); -static off_t gbe_file_offset(unsigned long part, const char *f_op); -static off_t gbe_x_offset(unsigned long part, const char *f_op, +void write_to_gbe_bin(void); +int gbe_mv(void); +void check_written_part(unsigned long p); +void report_io_err_rw(void); +int fsync_dir(const char *path); +unsigned char *gbe_mem_offset(unsigned long part, const char *f_op); +off_t gbe_file_offset(unsigned long part, const char *f_op); +off_t gbe_x_offset(unsigned long part, const char *f_op, const char *d_type, off_t nsize, off_t ncmp); -static long rw_gbe_file_exact(int fd, u8 *mem, unsigned long nrw, +long rw_gbe_file_exact(int fd, unsigned char *mem, unsigned long nrw, off_t off, int rw_type); -static long rw_file_exact(int fd, u8 *mem, unsigned long len, +long rw_file_exact(int fd, unsigned char *mem, unsigned long len, off_t off, int rw_type, int loop_eagain, int loop_eintr, unsigned long max_retries, int off_reset); -static long prw(int fd, void *mem, unsigned long nrw, +long prw(int fd, void *mem, unsigned long nrw, off_t off, int rw_type, int loop_eagain, int loop_eintr, int off_reset); -static int io_args(int fd, void *mem, unsigned long nrw, +int io_args(int fd, void *mem, unsigned long nrw, off_t off, int rw_type); -static int check_file(int fd, struct stat *st); -static long rw_over_nrw(long r, unsigned long nrw); +int check_file(int fd, struct stat *st); +long rw_over_nrw(long r, unsigned long nrw); #if !defined(HAVE_REAL_PREAD_PWRITE) || \ HAVE_REAL_PREAD_PWRITE < 1 -static off_t lseek_loop(int fd, off_t off, +off_t lseek_loop(int fd, off_t off, int whence, int loop_eagain, int loop_eintr); #endif -static int try_err(int loop_err, int errval); +int try_err(int loop_err, int errval); /* * Error handling and cleanup */ -static void usage(void); -static void err(int nvm_errval, const char *msg, ...); -static int exit_cleanup(void); -static const char *getnvmprogname(void); +void usage(void); +void err(int nvm_errval, const char *msg, ...); +int exit_cleanup(void); +const char *getnvmprogname(void); /* * a special kind of hell */ -static char *new_tmpfile(int *fd, int local, const char *path); -static int x_i_mkstemp(char *template); -static char *x_c_strrchr(const char *s, int c); -static int x_i_rename(const char *src, const char *dst); -static char *x_c_tmpdir(void); -static int x_i_close(int fd); -static void *x_v_memcpy(void *dst, +char *new_tmpfile(int *fd, int local, const char *path); +int x_i_mkstemp(char *template); +char *x_c_strrchr(const char *s, int c); +/* x_i_rename not suitable + * for atomic writes. kept + * commentted for use in a + * library in the future */ +/* +int x_i_rename(const char *src, const char *dst); +*/ +char *x_c_tmpdir(void); +int x_i_close(int fd); +void *x_v_memcpy(void *dst, const void *src, unsigned long n); -static int x_i_memcmp(const void *a, +int x_i_memcmp(const void *a, const void *b, unsigned long n); -static int x_i_fchmod(int fd, mode_t mode); -static int x_try_fdpath(const char *prefix, +int x_i_fchmod(int fd, mode_t mode); +int x_try_fdpath(const char *prefix, int fd, mode_t mode); -static unsigned long x_conv_fd(char *buf, +unsigned long x_conv_fd(char *buf, unsigned long n); +int x_i_fsync(int fd); /* * Sizes in bytes: @@ -542,24 +536,24 @@ static unsigned long x_conv_fd(char *buf, * * The code will handle this properly. */ -static u8 real_buf[GBE_BUF_SIZE]; -static u8 bufcmp[GBE_BUF_SIZE]; /* compare gbe/tmp/reads */ -static u8 pad[GBE_WORK_SIZE]; /* the file that wouldn't die */ -static u8 *buf = real_buf; +unsigned char real_buf[GBE_BUF_SIZE]; +unsigned char bufcmp[GBE_BUF_SIZE]; /* compare gbe/tmp/reads */ +unsigned char pad[GBE_WORK_SIZE]; /* the file that wouldn't die */ +unsigned char *buf = real_buf; -static ushort mac_buf[3]; -static off_t gbe_file_size; -static off_t gbe_tmp_size; +unsigned short mac_buf[3]; +off_t gbe_file_size; +off_t gbe_tmp_size; -static int gbe_fd = -1; -static unsigned long part; -static u8 part_modified[2]; -static u8 part_valid[2]; +int gbe_fd = -1; +unsigned long part; +unsigned char part_modified[2]; +unsigned char part_valid[2]; -static const char rmac[] = "xx:xx:xx:xx:xx:xx"; -static const char *mac_str = rmac; -static const char *fname = NULL; -static const char *argv0; +const char rmac[] = "xx:xx:xx:xx:xx:xx"; +const char *mac_str = rmac; +const char *fname = NULL; +const char *argv0; #ifndef X_LONG_MAX #define X_LONG_MAX ((long)(~((long)1 << (sizeof(long)*CHAR_BIT-1)))) @@ -615,9 +609,9 @@ struct commands { const char *str; void (*run)(void); int argc; - u8 arg_part; - u8 chksum_read; - u8 chksum_write; + unsigned char arg_part; + unsigned char chksum_read; + unsigned char chksum_write; unsigned long rw_size; /* within the 4KB GbE part */ int flags; /* e.g. O_RDWR or O_RDONLY */ }; @@ -625,7 +619,7 @@ struct commands { /* * Command table, for nvmutil commands */ -static const struct commands command[] = { +const struct commands command[] = { { CMD_DUMP, "dump", cmd_helper_dump, ARGC_3, ARG_NOPART, SKIP_CHECKSUM_READ, SKIP_CHECKSUM_WRITE, @@ -669,7 +663,7 @@ static const struct commands command[] = { /* * Index in command[], will be set later */ -static unsigned long cmd_index = CMD_NULL; +unsigned long cmd_index = CMD_NULL; /* * asserts (variables/defines sanity check) @@ -703,25 +697,43 @@ typedef char bool_no_loop_eagain[(NO_LOOP_EAGAIN==0)?1:-1]; typedef char bool_off_err[(OFF_ERR==0)?1:-1]; typedef char bool_off_reset[(OFF_RESET==0||OFF_RESET==1)?1:-1]; -static int io_err_gbe = 0; /* intermediary write (verification) */ -static int io_err_gbe_bin = 0; /* final write (real file) */ -static int rw_check_err_read[] = {0, 0}; -static int rw_check_partial_read[] = {0, 0}; -static int rw_check_bad_part[] = {0, 0}; +int io_err_gbe = 0; /* intermediary write (verification) */ +int io_err_gbe_bin = 0; /* final write (real file) */ +int rw_check_err_read[] = {0, 0}; +int rw_check_partial_read[] = {0, 0}; +int rw_check_bad_part[] = {0, 0}; -static int post_rw_checksum[] = {0, 0}; +int post_rw_checksum[] = {0, 0}; -static dev_t gbe_dev; -static ino_t gbe_ino; +dev_t gbe_dev; +ino_t gbe_ino; -static dev_t tmp_dev; -static ino_t tmp_ino; +dev_t tmp_dev; +ino_t tmp_ino; -static int tmp_fd = -1; -static char *tname = NULL; +int tmp_fd = -1; +char *tname = NULL; + +/* + * Used for checking whether. + * a file is a file via stat(). + * + * Portable macro for compatibility + * with older unix e.g. v7 unix (has S_IFREG), + * 4.2bsd (has S_IFMT) or POSIX (has S_ISREG) + * + * Fallback works where S_IFREG == 0100000 + * (classic unix bitmask) + */ #ifndef S_ISREG +#if defined(S_IFMT) && defined(S_IFREG) #define S_ISREG(m) (((m) & S_IFMT) == S_IFREG) +#elif defined(S_IFREG) +#define S_ISREG(m) (((m) & S_IFREG) != 0) +#else +#error "can't determine types with stat()" +#endif #endif int @@ -756,6 +768,8 @@ main(int argc, char *argv[]) err(errno, "pledge, unveil"); if (unveil("/dev/urandom", "r") == -1) err(errno, "unveil: /dev/urandom"); + if (unveil("/dev/random", "r") == -1) + err(errno, "unveil: /dev/random"); #else if (pledge("stdio flock rpath wpath cpath", NULL) == -1) err(errno, "pledge"); @@ -786,7 +800,7 @@ main(int argc, char *argv[]) err(errno, "pledge (kill unveil)"); #endif - srand((uint)(time(NULL) ^ getpid())); + srand((unsigned int)(time(NULL) ^ getpid())); open_gbe_file(); @@ -817,7 +831,7 @@ main(int argc, char *argv[]) /* * Guard against regressions by maintainers (command table) */ -static void +void sanitize_command_list(void) { unsigned long c; @@ -829,7 +843,7 @@ sanitize_command_list(void) /* * TODO: specific config checks per command */ -static void +void sanitize_command_index(unsigned long c) { unsigned long gbe_rw_size; @@ -838,24 +852,24 @@ sanitize_command_index(unsigned long c) if (command[c].argc < 3) err(EINVAL, "cmd index %lu: argc below 3, %d", - (ulong)c, command[c].argc); + (unsigned long)c, command[c].argc); if (command[c].str == NULL) err(EINVAL, "cmd index %lu: NULL str", - (ulong)c); + (unsigned long)c); if (*command[c].str == '\0') err(EINVAL, "cmd index %lu: empty str", - (ulong)c); + (unsigned long)c); if (xstrxlen(command[c].str, MAX_CMD_LEN + 1) > MAX_CMD_LEN) { err(EINVAL, "cmd index %lu: str too long: %s", - (ulong)c, command[c].str); + (unsigned long)c, command[c].str); } if (command[c].run == NULL) err(EINVAL, "cmd index %lu: cmd ptr null", - (ulong)c); + (unsigned long)c); check_bin(command[c].arg_part, "cmd.arg_part"); check_bin(command[c].chksum_read, "cmd.chksum_read"); @@ -869,19 +883,19 @@ sanitize_command_index(unsigned long c) break; default: err(EINVAL, "Unsupported rw_size: %lu", - (ulong)gbe_rw_size); + (unsigned long)gbe_rw_size); } if (gbe_rw_size > GBE_PART_SIZE) err(EINVAL, "rw_size larger than GbE part: %lu", - (ulong)gbe_rw_size); + (unsigned long)gbe_rw_size); if (command[c].flags != O_RDONLY && command[c].flags != O_RDWR) err(EINVAL, "invalid cmd.flags setting"); } -static void +void set_cmd(int argc, char *argv[]) { const char *cmd_str; @@ -900,10 +914,10 @@ set_cmd(int argc, char *argv[]) cmd_index = CMD_NULL; } -static void +void set_cmd_args(int argc, char *argv[]) { - u8 arg_part; + unsigned char arg_part; if (!valid_command(cmd_index) || argc < 3) usage(); @@ -924,16 +938,16 @@ set_cmd_args(int argc, char *argv[]) part = conv_argv_part_num(argv[3]); } -static unsigned long +unsigned long conv_argv_part_num(const char *part_str) { - u8 ch; + unsigned char ch; if (part_str[0] == '\0' || part_str[1] != '\0') err(EINVAL, "Partnum string '%s' wrong length", part_str); /* char signedness is implementation-defined */ - ch = (u8)part_str[0]; + ch = (unsigned char)part_str[0]; if (ch < '0' || ch > '1') err(EINVAL, "Bad part number (%c)", ch); @@ -944,7 +958,7 @@ conv_argv_part_num(const char *part_str) * Portable strcmp() but blocks NULL/empty/unterminated * strings. Even stricter than strncmp(). */ -static int +int xstrxcmp(const char *a, const char *b, unsigned long maxlen) { unsigned long i; @@ -956,8 +970,8 @@ xstrxcmp(const char *a, const char *b, unsigned long maxlen) err(EINVAL, "Empty string in xstrxcmp"); for (i = 0; i < maxlen; i++) { - u8 ac = (u8)a[i]; - u8 bc = (u8)b[i]; + unsigned char ac = (unsigned char)a[i]; + unsigned char bc = (unsigned char)b[i]; if (ac == '\0' || bc == '\0') { if (ac == bc) @@ -981,7 +995,7 @@ xstrxcmp(const char *a, const char *b, unsigned long maxlen) return -1; } -static void +void open_gbe_file(void) { struct stat gbe_st; @@ -996,9 +1010,9 @@ open_gbe_file(void) gbe_ino = gbe_st.st_ino; if (gbe_st.st_nlink > 1) - fprintf(stderr, - "%s: warning: file has %lu hard links\n", - fname, (ulong)gbe_st.st_nlink); + err(EINVAL, + "%s: warning: file has multiple (%lu) hard links\n", + fname, (unsigned long)gbe_st.st_nlink); if (gbe_st.st_nlink == 0) err(EIO, "%s: file unlinked while open", fname); @@ -1031,7 +1045,7 @@ open_gbe_file(void) err(errno, "%s: can't lock", fname); } -static int +int lock_file(int fd) { struct flock fl; @@ -1051,7 +1065,7 @@ lock_file(int fd) return 0; } -static void +void xopen(int *fd_ptr, const char *path, int flags, struct stat *st) { if ((*fd_ptr = open(path, flags)) == -1) @@ -1078,7 +1092,7 @@ xopen(int *fd_ptr, const char *path, int flags, struct stat *st) * double-read verification, * which also benefits cmd_cat. */ -static void +void copy_gbe(void) { long r; @@ -1118,7 +1132,7 @@ copy_gbe(void) * fsync tmp gbe file, because we will compare * its contents to what was read (for safety) */ - if (fsync(tmp_fd) == -1) + if (x_i_fsync(tmp_fd) == -1) err(errno, "%s: fsync (tmpfile copy)", tname); r = rw_file_exact(tmp_fd, bufcmp, gbe_file_size, @@ -1150,14 +1164,14 @@ copy_gbe(void) (unsigned long)GBE_PART_SIZE); } -static void +void read_checksums(void) { unsigned long p; unsigned long skip_part; - u8 arg_part; - u8 num_invalid; - u8 max_invalid; + unsigned char arg_part; + unsigned char num_invalid; + unsigned char max_invalid; part_valid[0] = 0; part_valid[1] = 0; @@ -1193,17 +1207,17 @@ read_checksums(void) if (num_invalid >= max_invalid) { if (max_invalid == 1) err(ECANCELED, "%s: part %lu has a bad checksum", - fname, (ulong)part); + fname, (unsigned long)part); err(ECANCELED, "%s: No valid checksum found in file", fname); } } -static int +int good_checksum(unsigned long partnum) { - ushort expected_checksum = calculated_checksum(partnum); - ushort current_checksum = nvm_word(NVM_CHECKSUM_WORD, partnum); + unsigned short expected_checksum = calculated_checksum(partnum); + unsigned short current_checksum = nvm_word(NVM_CHECKSUM_WORD, partnum); if (current_checksum == expected_checksum) return 1; @@ -1211,26 +1225,26 @@ good_checksum(unsigned long partnum) return 0; } -static void +void run_cmd(unsigned long c) { check_command_num(c); if (command[c].run == NULL) - err(EINVAL, "Command %lu: null ptr", (ulong)c); + err(EINVAL, "Command %lu: null ptr", (unsigned long)c); command[c].run(); } -static void +void check_command_num(unsigned long c) { if (!valid_command(c)) err(EINVAL, "Invalid run_cmd arg: %lu", - (ulong)c); + (unsigned long)c); } -static u8 +unsigned char valid_command(unsigned long c) { if (c >= N_COMMANDS) @@ -1238,12 +1252,12 @@ valid_command(unsigned long c) if (c != command[c].chk) err(EINVAL, "Invalid cmd chk value (%lu) vs arg: %lu", - (ulong)command[c].chk, (ulong)c); + (unsigned long)command[c].chk, (unsigned long)c); return 1; } -static void +void cmd_helper_setmac(void) { unsigned long partnum; @@ -1255,7 +1269,7 @@ cmd_helper_setmac(void) write_mac_part(partnum); } -static void +void parse_mac_string(void) { unsigned long mac_byte; @@ -1281,7 +1295,7 @@ parse_mac_string(void) * strnlen() was standardized in POSIX.1-2008 and is not * available on some older systems, so we provide our own. */ -static unsigned long +unsigned long xstrxlen(const char *scmp, unsigned long maxlen) { unsigned long xstr_index; @@ -1302,7 +1316,7 @@ xstrxlen(const char *scmp, unsigned long maxlen) return xstr_index; } -static void +void set_mac_byte(unsigned long mac_byte_pos) { unsigned long mac_str_pos = mac_byte_pos * 3; @@ -1319,12 +1333,12 @@ set_mac_byte(unsigned long mac_byte_pos) set_mac_nib(mac_str_pos, mac_byte_pos, mac_nib_pos); } -static void +void set_mac_nib(unsigned long mac_str_pos, unsigned long mac_byte_pos, unsigned long mac_nib_pos) { char mac_ch; - ushort hex_num; + unsigned short hex_num; mac_ch = mac_str[mac_str_pos + mac_nib_pos]; @@ -1349,47 +1363,42 @@ set_mac_nib(unsigned long mac_str_pos, | ((mac_nib_pos ^ 1) << 2)); /* left or right nib? */ } -static ushort +unsigned short hextonum(char ch_s) { - u8 ch = (u8)ch_s; + unsigned char ch = (unsigned char)ch_s; - if ((uint)(ch - '0') <= 9) + if ((unsigned int)(ch - '0') <= 9) return ch - '0'; ch |= 0x20; - if ((uint)(ch - 'a') <= 5) + if ((unsigned int)(ch - 'a') <= 5) return ch - 'a' + 10; if (ch == '?' || ch == 'x') - return rhex(); /* random character */ + return (unsigned short)rlong() & 0xf; return 16; /* invalid character */ } -static ushort -rhex(void) +unsigned long +rlong(void) { struct x_st_timeval tv; - ulong mix; - static ulong counter = 0; - ushort r; - - /* Read /dev/urandom - * if possible */ - r = read_urandom(); - if (r < 16) - return r; + static unsigned long mix = 0; + static unsigned long counter = 0; - /* Fallback */ + static int fd = -1; + unsigned long rval = 0; + long nr = -1; x_i_gettimeofday(&tv, NULL); - mix = (ulong)tv.tv_sec - ^ (ulong)tv.tv_usec - ^ (ulong)getpid() - ^ (ulong)&mix + mix ^= (unsigned long)tv.tv_sec + ^ (unsigned long)tv.tv_usec + ^ (unsigned long)getpid() + ^ (unsigned long)&mix ^ counter++ ^ entropy_jitter(); @@ -1397,59 +1406,62 @@ rhex(void) * Stack addresses can vary between * calls, thus increasing entropy. */ - mix ^= (ulong)&mix; - mix ^= (ulong)&tv; - mix ^= (ulong)&counter; - - return (ushort)(mix & 0xf); -} - -static ushort -read_urandom(void) -{ - static int fd = -1; - static long n = -1; - - static u8 r[256]; - - if (fd < 0) { + mix ^= (unsigned long)&mix; + mix ^= (unsigned long)&tv; + mix ^= (unsigned long)&counter; - fd = open("/dev/urandom", O_RDONLY | O_NONBLOCK); - if (fd < 0) /* older openbsd */ - fd = open("/dev/arandom", O_RDONLY | O_NONBLOCK); - if (fd < 0) /* super old unix (could block) */ - fd = open("/dev/random", O_RDONLY | O_NONBLOCK); + /* + * Now, we won't use this mix + * immediately. We'll try to + * read urandom first, which is + * likely safer, and pass that, + * falling back to the mixture + * if urandom fails. + * + * Since urandom is likely + * reliable, the number of + * times it will fail is + * likely extremely random, + * thus, building more than + * sufficient entropy by the + * time we do eventually use + * the fallback code + */ - if (fd < 0) - return 16; - } + if (fd < 0) + fd = open("/dev/urandom", O_RDONLY | O_BINARY | O_NONBLOCK); - if (n < 0) { +#if !(defined(__OpenBSD__) && defined(OpenBSD)) || \ + (defined(__OpenBSD__) && defined(OpenBSD) && \ + OpenBSD < 604) + if (fd < 0) /* old openbsd */ + fd = open("/dev/arandom", O_RDONLY | O_BINARY | O_NONBLOCK); +#endif - n = rw_file_exact(fd, r, 256, 0, IO_READ, - LOOP_EAGAIN, LOOP_EINTR, 2, OFF_ERR); + if (fd < 0) + fd = open("/dev/random", O_RDONLY | O_BINARY | O_NONBLOCK); - if (n == 0) - n = -1; - if (n < 0) - return 16; + nr = rw_file_exact(fd, (unsigned char *)&rval, + sizeof(unsigned long), 0, IO_READ, LOOP_EAGAIN, + LOOP_EINTR, MAX_ZERO_RW_RETRY, OFF_ERR); - --n; - } + if (nr == sizeof(unsigned long)) + return rval; - return r[n--] & 0xf; + return mix; } -static ulong +unsigned long entropy_jitter(void) { struct x_st_timeval a, b; - ulong mix = 0; + unsigned long mix = 0; long mix_diff; int i; + x_i_gettimeofday(&a, NULL); + for (i = 0; i < 8; i++) { - x_i_gettimeofday(&a, NULL); getpid(); x_i_gettimeofday(&b, NULL); @@ -1461,8 +1473,8 @@ entropy_jitter(void) if (mix_diff < 0) mix_diff = -mix_diff; - mix ^= (ulong)(mix_diff); - mix ^= (ulong)&mix; + mix ^= (unsigned long)(mix_diff); + mix ^= (unsigned long)&mix; } return mix; @@ -1470,7 +1482,7 @@ entropy_jitter(void) -static int +int x_i_gettimeofday(struct x_st_timeval *tv, void *tz) { time_t t; @@ -1480,12 +1492,12 @@ x_i_gettimeofday(struct x_st_timeval *tv, void *tz) t = time(NULL); tv->tv_sec = t; - tv->tv_usec = (long)clock() % 1000000; + tv->tv_usec = (long)((unsigned long)clock() % 1000000UL); return 0; } -static void +void write_mac_part(unsigned long partnum) { unsigned long w; @@ -1498,11 +1510,11 @@ write_mac_part(unsigned long partnum) set_nvm_word(w, partnum, mac_buf[w]); printf("Wrote MAC address to part %lu: ", - (ulong)partnum); + (unsigned long)partnum); print_mac_from_nvm(partnum); } -static void +void cmd_helper_dump(void) { unsigned long partnum; @@ -1515,27 +1527,27 @@ cmd_helper_dump(void) fprintf(stderr, "BAD checksum %04x in part %lu (expected %04x)\n", nvm_word(NVM_CHECKSUM_WORD, partnum), - (ulong)partnum, + (unsigned long)partnum, calculated_checksum(partnum)); printf("MAC (part %lu): ", - (ulong)partnum); + (unsigned long)partnum); print_mac_from_nvm(partnum); hexdump(partnum); } } -static void +void print_mac_from_nvm(unsigned long partnum) { unsigned long c; - ushort val16; + unsigned short val16; for (c = 0; c < 3; c++) { val16 = nvm_word(c, partnum); printf("%02x:%02x", - (uint)(val16 & 0xff), - (uint)(val16 >> 8)); + (unsigned int)(val16 & 0xff), + (unsigned int)(val16 >> 8)); if (c == 2) printf("\n"); else @@ -1543,28 +1555,28 @@ print_mac_from_nvm(unsigned long partnum) } } -static void +void hexdump(unsigned long partnum) { unsigned long c; unsigned long row; - ushort val16; + unsigned short val16; for (row = 0; row < 8; row++) { - printf("%08lx ", (ulong)((unsigned long)row << 4)); + printf("%08lx ", (unsigned long)((unsigned long)row << 4)); for (c = 0; c < 8; c++) { val16 = nvm_word((row << 3) + c, partnum); if (c == 4) printf(" "); printf(" %02x %02x", - (uint)(val16 & 0xff), - (uint)(val16 >> 8)); + (unsigned int)(val16 & 0xff), + (unsigned int)(val16 >> 8)); } printf("\n"); } } -static void +void cmd_helper_swap(void) { x_v_memcpy( @@ -1586,7 +1598,7 @@ cmd_helper_swap(void) set_part_modified(1); } -static void +void cmd_helper_copy(void) { x_v_memcpy( @@ -1597,7 +1609,7 @@ cmd_helper_copy(void) set_part_modified(part ^ 1); } -static void +void cmd_helper_cat(void) { unsigned long p = 0; @@ -1630,8 +1642,8 @@ cmd_helper_cat(void) } } -static void -cat_buf(u8 *b) +void +cat_buf(unsigned char *b) { if (rw_file_exact(STDOUT_FILENO, b, GBE_PART_SIZE, 0, IO_WRITE, LOOP_EAGAIN, LOOP_EINTR, @@ -1639,14 +1651,14 @@ cat_buf(u8 *b) err(errno, "stdout: cat"); } -static void +void write_gbe_file(void) { struct stat gbe_st; struct stat tmp_st; unsigned long p; - u8 update_checksum; + unsigned char update_checksum; if (command[cmd_index].flags == O_RDONLY) return; @@ -1682,23 +1694,23 @@ write_gbe_file(void) } } -static void +void set_checksum(unsigned long p) { check_bin(p, "part number"); set_nvm_word(NVM_CHECKSUM_WORD, p, calculated_checksum(p)); } -static ushort +unsigned short calculated_checksum(unsigned long p) { unsigned long c; - uint val16 = 0; + unsigned int val16 = 0; for (c = 0; c < NVM_CHECKSUM_WORD; c++) - val16 += (uint)nvm_word(c, p); + val16 += (unsigned int)nvm_word(c, p); - return (ushort)((NVM_CHECKSUM - val16) & 0xffff); + return (unsigned short)((NVM_CHECKSUM - val16) & 0xffff); } /* @@ -1709,7 +1721,7 @@ calculated_checksum(unsigned long p) * file, but we assume otherwise and adapt accordingly. */ -static ushort +unsigned short nvm_word(unsigned long pos16, unsigned long p) { unsigned long pos; @@ -1717,32 +1729,32 @@ nvm_word(unsigned long pos16, unsigned long p) check_nvm_bound(pos16, p); pos = (pos16 << 1) + (p * GBE_PART_SIZE); - return (ushort)buf[pos] | - ((ushort)buf[pos + 1] << 8); + return (unsigned short)buf[pos] | + ((unsigned short)buf[pos + 1] << 8); } -static void -set_nvm_word(unsigned long pos16, unsigned long p, ushort val16) +void +set_nvm_word(unsigned long pos16, unsigned long p, unsigned short val16) { unsigned long pos; check_nvm_bound(pos16, p); pos = (pos16 << 1) + (p * GBE_PART_SIZE); - buf[pos] = (u8)(val16 & 0xff); - buf[pos + 1] = (u8)(val16 >> 8); + buf[pos] = (unsigned char)(val16 & 0xff); + buf[pos + 1] = (unsigned char)(val16 >> 8); set_part_modified(p); } -static void +void set_part_modified(unsigned long p) { check_bin(p, "part number"); part_modified[p] = 1; } -static void +void check_nvm_bound(unsigned long c, unsigned long p) { /* @@ -1755,30 +1767,30 @@ check_nvm_bound(unsigned long c, unsigned long p) if (c >= NVM_WORDS) err(ECANCELED, "check_nvm_bound: out of bounds %lu", - (ulong)c); + (unsigned long)c); } -static void +void check_bin(unsigned long a, const char *a_name) { if (a > 1) err(EINVAL, "%s must be 0 or 1, but is %lu", - a_name, (ulong)a); + a_name, (unsigned long)a); } -static void +void rw_gbe_file_part(unsigned long p, int rw_type, const char *rw_type_str) { long r; unsigned long gbe_rw_size = command[cmd_index].rw_size; - u8 *mem_offset; + unsigned char *mem_offset; off_t file_offset; if (rw_type < IO_PREAD || rw_type > IO_PWRITE) err(errno, "%s: %s: part %lu: invalid rw_type, %d", - fname, rw_type_str, (ulong)p, rw_type); + fname, rw_type_str, (unsigned long)p, rw_type); mem_offset = gbe_mem_offset(p, rw_type_str); file_offset = (off_t)gbe_file_offset(p, rw_type_str); @@ -1788,14 +1800,14 @@ rw_gbe_file_part(unsigned long p, int rw_type, if (r == -1) err(errno, "%s: %s: part %lu", - fname, rw_type_str, (ulong)p); + fname, rw_type_str, (unsigned long)p); if ((unsigned long)r != gbe_rw_size) err(EIO, "%s: partial %s: part %lu", - fname, rw_type_str, (ulong)p); + fname, rw_type_str, (unsigned long)p); } -static void +void write_to_gbe_bin(void) { int saved_errno; @@ -1810,7 +1822,7 @@ write_to_gbe_bin(void) * We may otherwise read from * cache, so we must sync. */ - if (fsync(tmp_fd) == -1) + if (x_i_fsync(tmp_fd) == -1) err(errno, "%s: fsync (pre-verification)", tname); @@ -1881,14 +1893,14 @@ write_to_gbe_bin(void) "errno %d: %s\n", errno, strerror(errno)); } -static void +void check_written_part(unsigned long p) { long r; unsigned long gbe_rw_size; - u8 *mem_offset; + unsigned char *mem_offset; off_t file_offset; - u8 *buf_restore; + unsigned char *buf_restore; struct stat st; if (!part_modified[p]) @@ -1937,7 +1949,7 @@ check_written_part(unsigned long p) buf = buf_restore; } -static void +void report_io_err_rw(void) { unsigned long p; @@ -1952,22 +1964,22 @@ report_io_err_rw(void) if (rw_check_err_read[p]) fprintf(stderr, "%s: pread: p%lu (post-verification)\n", - fname, (ulong)p); + fname, (unsigned long)p); if (rw_check_partial_read[p]) fprintf(stderr, "%s: partial pread: p%lu (post-verification)\n", - fname, (ulong)p); + fname, (unsigned long)p); if (rw_check_bad_part[p]) fprintf(stderr, "%s: pwrite: corrupt write on p%lu\n", - fname, (ulong)p); + fname, (unsigned long)p); if (rw_check_err_read[p] || rw_check_partial_read[p]) { fprintf(stderr, "%s: p%lu: skipped checksum verification " "(because read failed)\n", - fname, (ulong)p); + fname, (unsigned long)p); continue; } @@ -1980,7 +1992,7 @@ report_io_err_rw(void) fprintf(stderr, "BAD"); fprintf(stderr, " checksum in p%lu on-disk.\n", - (ulong)p); + (unsigned long)p); if (post_rw_checksum[p]) { fprintf(stderr, @@ -1990,7 +2002,7 @@ report_io_err_rw(void) } } -static int +int gbe_mv(void) { int r; @@ -2002,7 +2014,7 @@ gbe_mv(void) saved_errno = errno; - r = x_i_rename(tname, fname); + r = rename(tname, fname); if (r > -1) { /* @@ -2049,13 +2061,13 @@ gbe_mv(void) if (r < 0) goto ret_gbe_mv; - if (fsync(dest_fd) == -1) + if (x_i_fsync(dest_fd) == -1) goto ret_gbe_mv; if (x_i_close(dest_fd) == -1) goto ret_gbe_mv; - if (x_i_rename(dest_tmp, fname) == -1) + if (rename(dest_tmp, fname) == -1) goto ret_gbe_mv; if (fsync_dir(fname) < 0) @@ -2108,10 +2120,10 @@ ret_gbe_mv: } /* - * Ensure x_i_rename() is durable by syncing the + * Ensure rename() is durable by syncing the * directory containing the target file. */ -static int +int fsync_dir(const char *path) { #if defined(PATH_LEN) && \ @@ -2137,6 +2149,12 @@ fsync_dir(const char *path) goto err_fsync_dir; } + if (pathlen == 0) + { + errno = EINVAL; + goto err_fsync_dir; + } + dirbuf = malloc(pathlen + 1); if (dirbuf == NULL) goto err_fsync_dir; @@ -2152,7 +2170,14 @@ fsync_dir(const char *path) strcpy(dirbuf, "."); } - dfd = open(dirbuf, O_RDONLY); + dfd = open(dirbuf, O_RDONLY +#ifdef O_DIRECTORY + | O_DIRECTORY +#endif +#ifdef O_NOFOLLOW + | O_NOFOLLOW +#endif + ); if (dfd == -1) goto err_fsync_dir; @@ -2165,7 +2190,7 @@ fsync_dir(const char *path) } /* sync file on disk */ - if (fsync(dfd) == -1) + if (x_i_fsync(dfd) == -1) goto err_fsync_dir; if (x_i_close(dfd) == -1) @@ -2201,13 +2226,13 @@ err_fsync_dir: * but used to check Gbe bounds in memory, * and it is *also* used during file I/O. */ -static u8 * +unsigned char * gbe_mem_offset(unsigned long p, const char *f_op) { off_t gbe_off = gbe_x_offset(p, f_op, "mem", GBE_PART_SIZE, GBE_WORK_SIZE); - return (u8 *)(buf + (unsigned long)gbe_off); + return (unsigned char *)(buf + (unsigned long)gbe_off); } /* @@ -2217,7 +2242,7 @@ gbe_mem_offset(unsigned long p, const char *f_op) * * This check is called, to ensure just that. */ -static off_t +off_t gbe_file_offset(unsigned long p, const char *f_op) { off_t gbe_file_half_size = gbe_file_size >> 1; @@ -2226,7 +2251,7 @@ gbe_file_offset(unsigned long p, const char *f_op) gbe_file_half_size, gbe_file_size); } -static off_t +off_t gbe_x_offset(unsigned long p, const char *f_op, const char *d_type, off_t nsize, off_t ncmp) { @@ -2247,25 +2272,20 @@ gbe_x_offset(unsigned long p, const char *f_op, const char *d_type, return off; } -static long -rw_gbe_file_exact(int fd, u8 *mem, unsigned long nrw, +long +rw_gbe_file_exact(int fd, unsigned char *mem, unsigned long nrw, off_t off, int rw_type) { - unsigned long mem_addr; - unsigned long buf_addr; long r; if (io_args(fd, mem, nrw, off, rw_type) == -1) return -1; - mem_addr = (unsigned long)(void *)mem; - buf_addr = (unsigned long)(void *)buf; - if (mem != (void *)pad) { - if (mem_addr < buf_addr) + if (mem < buf) goto err_rw_gbe_file_exact; - if ((mem_addr - buf_addr) >= (unsigned long)GBE_WORK_SIZE) + if ((unsigned long)(mem - buf) >= GBE_WORK_SIZE) goto err_rw_gbe_file_exact; } @@ -2319,8 +2339,8 @@ err_rw_gbe_file_exact: * times upon zero-return, to recover, * otherwise it will return an error. */ -static long -rw_file_exact(int fd, u8 *mem, unsigned long nrw, +long +rw_file_exact(int fd, unsigned char *mem, unsigned long nrw, off_t off, int rw_type, int loop_eagain, int loop_eintr, unsigned long max_retries, int off_reset) @@ -2419,7 +2439,7 @@ err_rw_file_exact: * we reset and continue, and pray for the worst. */ -static long +long prw(int fd, void *mem, unsigned long nrw, off_t off, int rw_type, int loop_eagain, int loop_eintr, @@ -2574,7 +2594,7 @@ err_prw: return -1; } -static int +int io_args(int fd, void *mem, unsigned long nrw, off_t off, int rw_type) { @@ -2612,7 +2632,7 @@ err_io_args: return -1; } -static int +int check_file(int fd, struct stat *st) { if (fstat(fd, st) == -1) @@ -2634,7 +2654,7 @@ err_is_file: * POSIX can say whatever it wants. * specification != implementation */ -static long +long rw_over_nrw(long r, unsigned long nrw) { /* @@ -2687,7 +2707,7 @@ err_rw_over_nrw: * on an EINTR/EAGAIN wait loop. Used by prw() * for setting offsets for positional I/O. */ -static off_t +off_t lseek_loop(int fd, off_t off, int whence, int loop_eagain, int loop_eintr) { @@ -2709,7 +2729,7 @@ lseek_loop(int fd, off_t off, int whence, * will loop until errno isn't -1 and one * of these, e.g. -1 and EINTR */ -static int +int try_err(int loop_err, int errval) { if (loop_err) @@ -2721,7 +2741,7 @@ try_err(int loop_err, int errval) return -1; } -static void +void usage(void) { const char *util = getnvmprogname(); @@ -2742,7 +2762,7 @@ usage(void) err(EINVAL, "Too few arguments"); } -static void +void err(int nvm_errval, const char *msg, ...) { va_list args; @@ -2770,7 +2790,7 @@ err(int nvm_errval, const char *msg, ...) exit(EXIT_FAILURE); } -static int +int exit_cleanup(void) { int close_err = 0; @@ -2803,7 +2823,7 @@ exit_cleanup(void) return 0; } -static const char * +const char * getnvmprogname(void) { const char *p; @@ -2843,7 +2863,7 @@ getnvmprogname(void) * if local is zero, then 3rd arg (path) * is irrelevant and can be NULL */ -static char * +char * new_tmpfile(int *fd, int local, const char *path) { unsigned long maxlen; @@ -3024,7 +3044,7 @@ err_new_tmpfile: /* * portable mkstemp */ -static int +int x_i_mkstemp(char *template) { int fd; @@ -3033,6 +3053,7 @@ x_i_mkstemp(char *template) char *p; char ch[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + unsigned long r = rlong(); len = xstrxlen(template, PATH_LEN); @@ -3045,7 +3066,7 @@ x_i_mkstemp(char *template) for (i = 0; i < 100; i++) { for (j = 0; j < 6; j++) - p[j] = ch[rhex() & 31]; + p[j] = ch[r % (sizeof(ch) - 1)]; fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600); @@ -3060,7 +3081,7 @@ x_i_mkstemp(char *template) return -1; } -static char * +char * x_c_strrchr(const char *s, int c) { const char *p = NULL; @@ -3077,7 +3098,8 @@ x_c_strrchr(const char *s, int c) return (char *)p; } -static int +/* +int x_i_rename(const char *src, const char *dst) { int sfd, dfd; @@ -3109,7 +3131,7 @@ x_i_rename(const char *src, const char *dst) return -1; } - fsync(dfd); + x_i_fsync(dfd); x_i_close(sfd); x_i_close(dfd); @@ -3119,8 +3141,9 @@ x_i_rename(const char *src, const char *dst) return 0; } +*/ -static char * +char * x_c_tmpdir(void) { char *t; @@ -3141,7 +3164,7 @@ x_c_tmpdir(void) return "."; } -static int +int x_i_close(int fd) { int r; @@ -3153,7 +3176,7 @@ x_i_close(int fd) return r; } -static void * +void * x_v_memcpy(void *dst, const void *src, unsigned long n) { unsigned char *d = (unsigned char *)dst; @@ -3165,7 +3188,7 @@ x_v_memcpy(void *dst, const void *src, unsigned long n) return dst; } -static int +int x_i_memcmp(const void *a, const void *b, unsigned long n) { const unsigned char *pa = (const unsigned char *)a; @@ -3181,7 +3204,13 @@ x_i_memcmp(const void *a, const void *b, unsigned long n) return 0; } -static int +/* + * emulate fchmod() using file descriptor + * paths, for old unix portability. should + * work on e.g. BSD/MacOS (/dev/fd/N), + * Linux (/proc/self/fd/N) and others + */ +int x_i_fchmod(int fd, mode_t mode) { if (x_try_fdpath("/dev/fd/", fd, mode) == 0) @@ -3194,7 +3223,7 @@ x_i_fchmod(int fd, mode_t mode) return -1; } -static int +int x_try_fdpath(const char *prefix, int fd, mode_t mode) { char path[PATH_LEN]; @@ -3203,19 +3232,24 @@ x_try_fdpath(const char *prefix, int fd, mode_t mode) unsigned long j; while (prefix[i]) { + if (i >= PATH_LEN - 1) + return -1; path[i] = prefix[i]; i++; } j = x_conv_fd(path + i, (unsigned long)fd); - i += j; + if (i + j >= PATH_LEN) + return -1; + + i += j; path[i] = '\0'; return chmod(path, mode); } -static unsigned long +unsigned long x_conv_fd(char *buf, unsigned long n) { char tmp[256]; @@ -3238,3 +3272,15 @@ x_conv_fd(char *buf, unsigned long n) return j; } + +int +x_i_fsync(int fd) +{ + int r; + + do { + r = fsync(fd); + } while (r == -1 && errno == EINTR); + + return r; +} |