diff options
Diffstat (limited to 'util/nvmutil/nvmutil.c')
| -rw-r--r-- | util/nvmutil/nvmutil.c | 439 |
1 files changed, 282 insertions, 157 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c index 71a4584c..68e041a3 100644 --- a/util/nvmutil/nvmutil.c +++ b/util/nvmutil/nvmutil.c @@ -41,8 +41,12 @@ typedef unsigned char uint8_t; typedef unsigned short uint16_t; typedef unsigned int uint32_t; #endif -#else +#elif defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L #include <stdint.h> +#else +typedef unsigned char uint8_t; +typedef unsigned short uint16_t; +typedef unsigned int uint32_t; #endif #include <stdio.h> #include <stdlib.h> @@ -66,23 +70,6 @@ typedef char static_assert_twos_complement[ typedef char static_assert_off_t_is_32[(sizeof(off_t) >= 4) ? 1 : -1]; /* - * The BSD versions that could realistically build - * nvmutil almost certainly have arc4random (first - * introduced in 1990s to early 2000s). - * - * If you want it on another platform, e.g. Linux, - * just patch this accordingly. Or patch it to remove - * arc4random on old/weird Unix systems. - */ -#if defined(__OpenBSD__) || defined(__FreeBSD__) || \ - defined(__NetBSD__) || defined(__APPLE__) || \ - defined(__DragonFly__) -#ifndef NVMUTIL_ARC4RANDOM_BUF -#define NVMUTIL_ARC4RANDOM_BUF 1 -#endif -#endif - -/* * Older versions of BSD to the early 2000s * could compile nvmutil, but pledge was * added in the 2010s. Therefore, for extra @@ -102,6 +89,22 @@ typedef char static_assert_off_t_is_32[(sizeof(off_t) >= 4) ? 1 : -1]; #endif #endif +#ifndef EXIT_FAILURE +#define EXIT_FAILURE 1 +#endif + +#ifndef EXIT_SUCCESS +#define EXIT_SUCCESS 0 +#endif + +#ifndef O_BINARY +#define O_BINARY 0 +#endif + +#ifndef O_NONBLOCK +#define O_NONBLOCK 0 +#endif + /* * Sanitize command tables. */ @@ -125,9 +128,7 @@ static int xstrxcmp(const char *a, const char *b, size_t maxlen); * on Linux / old Unix, whereas * arc4random is used on BSD/MacOS. */ -#ifndef NVMUTIL_ARC4RANDOM_BUF static void open_dev_urandom(void); -#endif static void open_gbe_file(void); static void xopen(int *fd, const char *path, int flags, struct stat *st); @@ -208,8 +209,13 @@ static uint8_t *gbe_mem_offset(size_t part, const char *f_op); static off_t gbe_file_offset(size_t part, const char *f_op); static off_t gbe_x_offset(size_t part, const char *f_op, const char *d_type, off_t nsize, off_t ncmp); -static void rw_file_exact(int fd, uint8_t *mem, size_t len, - off_t off, int rw_type, const char *path, const char *rw_type_str); +static ssize_t rw_file_exact(int fd, uint8_t *mem, size_t len, + off_t off, int rw_type); +static ssize_t do_rw(int fd, + uint8_t *mem, size_t len, off_t off, int rw_type); +static ssize_t prw(int fd, void *mem, size_t nrw, + off_t off, int rw_type); +static off_t lseek_eintr(int fd, off_t off, int whence); /* * Error handling and cleanup @@ -217,7 +223,7 @@ static void rw_file_exact(int fd, uint8_t *mem, size_t len, static void err(int nvm_errval, const char *msg, ...); static void close_files(void); static const char *getnvmprogname(void); -static void set_err(int errval); +static void set_err_if_unset(int errval); static void usage(uint8_t usage_exit); /* @@ -254,11 +260,9 @@ static void usage(uint8_t usage_exit); */ #define items(x) (sizeof((x)) / sizeof((x)[0])) -#ifndef NVMUTIL_ARC4RANDOM_BUF static const char newrandom[] = "/dev/urandom"; static const char oldrandom[] = "/dev/random"; /* fallback on OLD unix */ static const char *rname = NULL; -#endif /* * GbE files can be 8KB, 16KB or 128KB, @@ -275,9 +279,7 @@ static uint8_t pad[GBE_PART_SIZE]; /* the file that wouldn't die */ static uint16_t mac_buf[3]; static off_t gbe_file_size; -#ifndef NVMUTIL_ARC4RANDOM_BUF static int urandom_fd = -1; -#endif static int gbe_fd = -1; static size_t part; static uint8_t part_modified[2]; @@ -289,7 +291,7 @@ static const char *fname; static const char *argv0; #ifndef SSIZE_MAX -#define SSIZE_MAX ((ssize_t)(SIZE_MAX >> 1)) +#define SSIZE_MAX ((ssize_t)(~((size_t)1 << (sizeof(ssize_t)*CHAR_BIT-1)))) #endif /* @@ -430,6 +432,9 @@ static const struct commands command[] = { */ static size_t cmd_index = CMD_NULL; +typedef char assert_argc3[(ARGC_3==3)?1:-1]; +typedef char assert_argc4[(ARGC_4==4)?1:-1]; + int main(int argc, char *argv[]) { @@ -442,12 +447,12 @@ main(int argc, char *argv[]) #ifdef NVMUTIL_PLEDGE #ifdef NVMUTIL_UNVEIL if (pledge("stdio rpath wpath unveil", NULL) == -1) - err(ECANCELED, "pledge"); + err(errno, "pledge"); if (unveil("/dev/null", "r") == -1) - err(ECANCELED, "unveil '/dev/null'"); + err(errno, "unveil '/dev/null'"); #else if (pledge("stdio rpath wpath", NULL) == -1) - err(ECANCELED, "pledge"); + err(errno, "pledge"); #endif #endif @@ -460,41 +465,34 @@ main(int argc, char *argv[]) #ifdef NVMUTIL_UNVEIL if (command[cmd_index].flags == O_RDONLY) { if (unveil(fname, "r") == -1) - err(ECANCELED, "%s: unveil ro", fname); + err(errno, "%s: unveil ro", fname); if (unveil(NULL, NULL) == -1) - err(ECANCELED, "unveil block (ro)"); + err(errno, "unveil block (ro)"); if (pledge("stdio rpath", NULL) == -1) - err(ECANCELED, "pledge ro (kill unveil)"); + err(errno, "pledge ro (kill unveil)"); } else { if (unveil(fname, "rw") == -1) - err(ECANCELED, "%s: unveil rw", fname); + err(errno, "%s: unveil rw", fname); if (unveil(NULL, NULL) == -1) - err(ECANCELED, "unveil block (rw)"); + err(errno, "unveil block (rw)"); if (pledge("stdio rpath wpath", NULL) == -1) - err(ECANCELED, "pledge rw (kill unveil)"); + err(errno, "pledge rw (kill unveil)"); } #else if (command[cmd_index].flags == O_RDONLY) { if (pledge("stdio rpath", NULL) == -1) - err(ECANCELED, "pledge ro"); + err(errno, "pledge ro"); } #endif #endif -#ifndef NVMUTIL_ARC4RANDOM_BUF -#if defined(__OpenBSD__) || defined(__FreeBSD__) || \ - defined(__NetBSD__) || defined(__APPLE__) || \ - defined(__DragonFly__) - err(ECANCELED, "Maintainer error: arc4random disabled on BSD/MacOS"); -#endif open_dev_urandom(); -#endif open_gbe_file(); #ifdef NVMUTIL_PLEDGE if (pledge("stdio", NULL) == -1) - err(ECANCELED, "pledge stdio (main)"); + err(errno, "pledge stdio (main)"); #endif /* @@ -505,17 +503,19 @@ main(int argc, char *argv[]) read_gbe_file(); read_checksums(); + errno = 0; run_cmd(cmd_index); - if (errno) + if (errno && (!(part_valid[0] || part_valid[1]))) err(errno, "%s: Unhandled error (WRITE SKIPPED)", fname); - else if (command[cmd_index].flags == O_RDWR) + + if (command[cmd_index].flags == O_RDWR) write_gbe_file(); close_files(); if (errno) - err(ECANCELED, "Unhandled error on exit"); + err(errno, "Unhandled error on exit"); return EXIT_SUCCESS; } @@ -528,7 +528,7 @@ sanitize_command_list(void) { size_t c; - for (c = 0; valid_command(c); c++) + for (c = 0; c < N_COMMANDS; c++) sanitize_command_index(c); } @@ -540,26 +540,32 @@ sanitize_command_index(size_t c) check_command_num(c); - if (ARGC_3 != 3) - err(ECANCELED, "ARGC_3 is not equal to 3"); - if (ARGC_4 != 4) - err(ECANCELED, "ARGC_4 is not equal to 4"); - if (command[c].argc < 3) - err(ECANCELED, "cmd index %zu: argc below 3, %d", - c, command[c].argc); + err(EINVAL, "cmd index %lu: argc below 3, %d", + (unsigned long)c, command[c].argc); if (command[c].str == NULL) - err(ECANCELED, "cmd index %zu: NULL str", c); + err(EINVAL, "cmd index %lu: NULL str", + (unsigned long)c); if (*command[c].str == '\0') - err(ECANCELED, "cmd index %zu: empty str", c); + err(EINVAL, "cmd index %lu: empty str", + (unsigned long)c); if (xstrxlen(command[c].str, MAX_CMD_LEN + 1) > MAX_CMD_LEN) { - err(ECANCELED, "cmd index %zu: str too long: %s", - c, command[c].str); + err(EINVAL, "cmd index %lu: str too long: %s", + (unsigned long)c, command[c].str); } + if (!((CMD_SETMAC > CMD_DUMP) && (CMD_SWAP > CMD_SETMAC) && + (CMD_COPY > CMD_SWAP) && (CMD_CAT > CMD_COPY) && + (CMD_CAT16 > CMD_CAT) && (CMD_CAT128 > CMD_CAT16))) + err(EINVAL, "Some command integers are the same"); + + if (!((SET_MOD_0 > SET_MOD_OFF) && (SET_MOD_1 > SET_MOD_0) && + (SET_MOD_N > SET_MOD_1) && (SET_MOD_BOTH > SET_MOD_N))) + err(EINVAL, "Some modtype integers are the same"); + mod_type = command[c].set_modified; switch (mod_type) { case SET_MOD_0: @@ -582,6 +588,7 @@ sanitize_command_index(size_t c) CHECKSUM_READ, "CHECKSUM_READ"); check_enum_bin(SKIP_CHECKSUM_WRITE, "SKIP_CHECKSUM_WRITE", CHECKSUM_WRITE, "CHECKSUM_WRITE"); + check_enum_bin(NO_INVERT, "NO_INVERT", PART_INVERT, "PART_INVERT"); gbe_rw_size = command[c].rw_size; @@ -590,19 +597,20 @@ sanitize_command_index(size_t c) case NVM_SIZE: break; default: - err(EINVAL, "Unsupported rw_size: %zu", gbe_rw_size); + err(EINVAL, "Unsupported rw_size: %lu", + (unsigned long)gbe_rw_size); } if (gbe_rw_size > GBE_PART_SIZE) - err(EINVAL, "rw_size larger than GbE part: %zu", - gbe_rw_size); + err(EINVAL, "rw_size larger than GbE part: %lu", + (unsigned long)gbe_rw_size); if (command[c].flags != O_RDONLY && command[c].flags != O_RDWR) err(EINVAL, "invalid cmd.flags setting"); - if (!((PLESEN > LESEN) && (SCHREIB > PLESEN) && (PSCHREIB > SCHREIB))) - err(EINVAL, "some rw type integers are the same"); + if (!((!LESEN) && (PLESEN == 1) && (SCHREIB == 2) && (PSCHREIB == 3))) + err(EINVAL, "rw type integers are the wrong values"); } static void @@ -610,10 +618,10 @@ check_enum_bin(size_t a, const char *a_name, size_t b, const char *b_name) { if (a) - err(ECANCELED, "%s is non-zero", a_name); + err(EINVAL, "%s is non-zero", a_name); if (b != 1) - err(ECANCELED, "%s is a value other than 1", b_name); + err(EINVAL, "%s is a value other than 1", b_name); } static void @@ -647,10 +655,10 @@ set_cmd_args(int argc, char *argv[]) /* Maintainer bugs */ if (arg_part && argc < 4) - err(ECANCELED, + err(EINVAL, "arg_part set for command that needs argc4"); if (arg_part && cmd_index == CMD_SETMAC) - err(ECANCELED, + err(EINVAL, "arg_part set on CMD_SETMAC"); if (cmd_index == CMD_SETMAC) @@ -706,22 +714,23 @@ xstrxcmp(const char *a, const char *b, size_t maxlen) /* * Should never reach here. This keeps compilers happy. */ - errno = EINVAL; + set_err_if_unset(EINVAL); return -1; } -#ifndef NVMUTIL_ARC4RANDOM_BUF static void open_dev_urandom(void) { - struct stat st_urandom_fd; - rname = newrandom; - if ((urandom_fd = open(rname, O_RDONLY)) != -1) + urandom_fd = open(rname, O_RDONLY | O_BINARY | O_NONBLOCK); + if (urandom_fd != -1) return; /* * Fall back to /dev/random on very old Unix. + * + * We must reset errno, to remove stale state + * set by reading /dev/urandom */ fprintf(stderr, "Can't open %s (will use %s instead)\n", @@ -730,16 +739,17 @@ open_dev_urandom(void) errno = 0; rname = oldrandom; - xopen(&urandom_fd, rname, O_RDONLY, &st_urandom_fd); + urandom_fd = open(rname, O_RDONLY | O_BINARY | O_NONBLOCK); + if (urandom_fd == -1) + err(errno, "%s: could not open", rname); } -#endif static void open_gbe_file(void) { struct stat gbe_st; - xopen(&gbe_fd, fname, command[cmd_index].flags, &gbe_st); + xopen(&gbe_fd, fname, command[cmd_index].flags | O_BINARY, &gbe_st); gbe_file_size = gbe_st.st_size; @@ -749,7 +759,7 @@ open_gbe_file(void) case SIZE_128KB: break; default: - err(ECANCELED, "File size must be 8KB, 16KB or 128KB"); + err(EINVAL, "File size must be 8KB, 16KB or 128KB"); } } @@ -757,10 +767,13 @@ static void xopen(int *fd_ptr, const char *path, int flags, struct stat *st) { if ((*fd_ptr = open(path, flags)) == -1) - err(ECANCELED, "%s", path); + err(errno, "%s", path); if (fstat(*fd_ptr, st) == -1) - err(ECANCELED, "%s", path); + err(errno, "%s", path); + + if (!S_ISREG(st->st_mode)) + err(errno, "%s: not a regular file", path); } static void @@ -792,6 +805,9 @@ read_checksums(void) uint8_t num_invalid; uint8_t max_invalid; + part_valid[0] = 0; + part_valid[1] = 0; + if (!command[cmd_index].chksum_read) return; @@ -816,9 +832,8 @@ read_checksums(void) if (arg_part && (p == skip_part)) continue; - if (good_checksum(p)) - part_valid[p] = 1; - else + part_valid[p] = good_checksum(p); + if (!part_valid[p]) ++num_invalid; } @@ -827,9 +842,9 @@ read_checksums(void) if (num_invalid >= max_invalid) { if (max_invalid == 1) - err(ECANCELED, "%s: part %zu has a bad checksum", - fname, part); - err(ECANCELED, "%s: No valid checksum found in file", + err(EINVAL, "%s: part %lu has a bad checksum", + fname, (unsigned long)part); + err(EINVAL, "%s: No valid checksum found in file", fname); } } @@ -843,7 +858,7 @@ good_checksum(size_t partnum) if (current_checksum == expected_checksum) return 1; - set_err(ECANCELED); + set_err_if_unset(EINVAL); return 0; } @@ -859,7 +874,8 @@ static void check_command_num(size_t c) { if (!valid_command(c)) - err(ECANCELED, "Invalid run_cmd arg: %zu", c); + err(errno, "Invalid run_cmd arg: %lu", + (unsigned long)c); } static uint8_t @@ -869,8 +885,8 @@ valid_command(size_t c) return 0; if (c != command[c].chk) - err(ECANCELED, "Invalid cmd chk value (%zu) vs arg: %zu", - command[c].chk, c); + err(EINVAL, "Invalid cmd chk value (%lu) vs arg: %lu", + (unsigned long)command[c].chk, (unsigned long)c); return 1; } @@ -880,12 +896,6 @@ cmd_helper_setmac(void) { size_t partnum; -#ifdef NVMUTIL_ARC4RANDOM_BUF - printf("Randomisation method: arc4random_buf\n"); -#else - printf("Randomisation method: %s\n", rname); -#endif - printf("MAC address to be written: %s\n", mac_str); parse_mac_string(); @@ -1014,11 +1024,9 @@ rhex(void) if (!n) { n = sizeof(rnum); -#ifdef NVMUTIL_ARC4RANDOM_BUF - arc4random_buf(rnum, n); -#else - rw_file_exact(urandom_fd, rnum, n, 0, LESEN, rname, "read"); -#endif + if (rw_file_exact(urandom_fd, rnum, n, 0, LESEN) == -1) + err(errno, "Randomisation failed"); + errno = 0; } return (uint16_t)(rnum[--n] & 0xf); @@ -1036,7 +1044,8 @@ write_mac_part(size_t partnum) for (w = 0; w < 3; w++) set_nvm_word(w, partnum, mac_buf[w]); - printf("Wrote MAC address to part %zu: ", partnum); + printf("Wrote MAC address to part %lu: ", + (unsigned long)partnum); print_mac_from_nvm(partnum); } @@ -1054,11 +1063,13 @@ cmd_helper_dump(void) for (partnum = 0; partnum < 2; partnum++) { if (!part_valid[partnum]) fprintf(stderr, - "BAD checksum %04x in part %zu (expected %04x)\n", + "BAD checksum %04x in part %lu (expected %04x)\n", nvm_word(NVM_CHECKSUM_WORD, partnum), - partnum, calculated_checksum(partnum)); + (unsigned long)partnum, + calculated_checksum(partnum)); - printf("MAC (part %zu): ", partnum); + printf("MAC (part %lu): ", + (unsigned long)partnum); print_mac_from_nvm(partnum); hexdump(partnum); } @@ -1087,7 +1098,7 @@ hexdump(size_t partnum) uint16_t val16; for (row = 0; row < 8; row++) { - printf("%08zx ", (size_t)row << 4); + printf("%08lx ", (unsigned long)((size_t)row << 4)); for (c = 0; c < 8; c++) { val16 = nvm_word((row << 3) + c, partnum); if (c == 4) @@ -1110,7 +1121,7 @@ cmd_helper_cat(void) else if (cmd_index == CMD_CAT128) n = 15; else if (cmd_index != CMD_CAT) - err(ECANCELED, "cmd_helper_cat called erroneously"); + err(EINVAL, "cmd_helper_cat called erroneously"); fflush(NULL); @@ -1125,8 +1136,38 @@ cmd_helper_cat(void) static void gbe_cat_buf(uint8_t *b) { - rw_file_exact(STDOUT_FILENO, b, GBE_PART_SIZE, 0, - SCHREIB, "stdout", "write"); + ssize_t rval; + + while (1) { + rval = rw_file_exact(STDOUT_FILENO, b, + GBE_PART_SIZE, 0, SCHREIB); + + if (rval >= 0) { + /* + * A partial write is especially + * fatal, as it should already be + * prevented in rw_file_exact(). + */ + if ((size_t)rval != GBE_PART_SIZE) + err(EIO, "stdout: cat: Partial write"); + break; + } + + if (errno != EAGAIN) + err(errno, "stdout: cat"); + + /* + * We assume that no data + * was written to stdout. + */ + errno = 0; + } + + /* + * No errors here. + * Avoid the warning in main() + */ + errno = 0; } static void @@ -1255,14 +1296,16 @@ check_nvm_bound(size_t c, size_t p) check_bin(p, "part number"); if (c >= NVM_WORDS) - err(EINVAL, "check_nvm_bound: out of bounds %zu", c); + err(ECANCELED, "check_nvm_bound: out of bounds %lu", + (unsigned long)c); } static void check_bin(size_t a, const char *a_name) { if (a > 1) - err(ECANCELED, "%s must be 0 or 1, but is %zu", a_name, a); + err(EINVAL, "%s must be 0 or 1, but is %lu", + a_name, (unsigned long)a); } static void @@ -1283,9 +1326,13 @@ rw_gbe_file_part(size_t p, int rw_type, */ mem_offset = gbe_mem_offset(p ^ invert, rw_type_str); - rw_file_exact(gbe_fd, mem_offset, + if (rw_file_exact(gbe_fd, mem_offset, gbe_rw_size, gbe_file_offset(p, rw_type_str), - rw_type, fname, rw_type_str); + rw_type) == -1) + err(errno, "%s: %s: part %lu", + fname, rw_type_str, (unsigned long)p); + + errno = 0; } /* @@ -1303,8 +1350,7 @@ gbe_mem_offset(size_t p, const char *f_op) } /* - * Reads to GbE from write_gbe_file_part and read_gbe_file_part - * are filtered through here. These operations must + * I/O operations filtered here. These operations must * only write from the 0th position or the half position * within the GbE file, and write 4KB of data. * @@ -1329,7 +1375,7 @@ gbe_x_offset(size_t p, const char *f_op, const char *d_type, off = ((off_t)p) * (off_t)nsize; - if (off + GBE_PART_SIZE > ncmp) + if (off > ncmp - GBE_PART_SIZE) err(ECANCELED, "%s: GbE %s %s out of bounds", fname, d_type, f_op); @@ -1340,53 +1386,127 @@ gbe_x_offset(size_t p, const char *f_op, const char *d_type, return off; } -static void +/* + * Read or write the exact contents of a file, + * along with a buffer, (if applicable) offset, + * and number of bytes to be read. It unified + * the functionality of read(), pread(), write() + * and pwrite(), with retry-on-EINTR and also + * prevents infinite loop on zero-reads. + * + * The pread() and pwrite() functionality are + * provided by yet another portable function, + * prw() - see notes below. + * + * This must only be used on files. It cannot + * be used on sockets or pipes, because 0-byte + * reads are treated like fatal errors. This + * means that EOF is also considered fatal. + */ +static ssize_t rw_file_exact(int fd, uint8_t *mem, size_t len, - off_t off, int rw_type, const char *path, - const char *rw_type_str) + off_t off, int rw_type) { - ssize_t rval = -1; + ssize_t rval = 0; size_t rc = 0; - if (fd < 0) - err(EIO, "%s: %s: Bad fd %d", path, rw_type_str, fd); - if (!len) - err(EIO, "%s: %s: Zero length", path, rw_type_str); - if (len > (size_t)SSIZE_MAX) - err(EIO, - "%s: %s: Requested length (%zu) exceeds SSIZE_MAX (%zd)", - path, rw_type_str, len, SSIZE_MAX); - - for (rc = 0; rc != len; rc += rval) { - if (rw_type == PSCHREIB) - rval = pwrite(fd, mem + rc, len - rc, off + rc); - else if (rw_type == SCHREIB) - rval = write(fd, mem + rc, len - rc); - else if (rw_type == PLESEN) - rval = pread(fd, mem + rc, len - rc, off + rc); - else if (rw_type == LESEN) - rval = read(fd, mem + rc, len - rc); - else - err(EIO, "%s: %s: Unsupported rw_type", - path, rw_type_str); + if (fd < 0 || !len || len > (size_t)SSIZE_MAX) { + set_err_if_unset(EIO); + return -1; + } + + while (rc < len) { + rval = do_rw(fd, mem + rc, len - rc, off + rc, rw_type); - if (rval > -1) { - if (!rval) /* prevent infinite loop */ - err(EIO, "%s: %s: 0-byte return", - path, rw_type_str); + if (rval < 0 && errno == EINTR) { continue; + } else if (rval < 0) { + set_err_if_unset(EIO); + return -1; + } + if ((size_t)rval > (len - rc) /* Prevent overflow */ + || rval == 0) { /* Prevent infinite 0-byte loop */ + set_err_if_unset(EIO); + return -1; } - if (errno != EINTR || rval < -1) - err(EIO, "%s: %s", path, rw_type_str); + rc += (size_t)rval; + } - errno = 0; + return rc; +} + +static ssize_t +do_rw(int fd, uint8_t *mem, + size_t len, off_t off, int rw_type) +{ + if (rw_type == LESEN || rw_type == PLESEN << 2) + return read(fd, mem, len); + + if (rw_type == SCHREIB || rw_type == PSCHREIB << 2) + return write(fd, mem, len); + + if (rw_type == PLESEN || rw_type == PSCHREIB) + return prw(fd, mem, len, off, rw_type); + + set_err_if_unset(EINVAL); + return -1; +} + +/* + * This implements a portable analog of pwrite() + * and pread() - note that this version is not + * thread-safe (race conditions are possible on + * shared file descriptors). + * + * This limitation is acceptable, since nvmutil is + * single-threaded. Portability is the main goal. + */ +static ssize_t +prw(int fd, void *mem, size_t nrw, + off_t off, int rw_type) +{ + off_t off_orig; + ssize_t r; + int saved_errno; + + if ((off_orig = lseek_eintr(fd, (off_t)0, SEEK_CUR)) == (off_t)-1) + return -1; + if (lseek_eintr(fd, off, SEEK_SET) == (off_t)-1) + return -1; + + do { + r = do_rw(fd, mem, nrw, off, rw_type << 2); + } while (r < 0 && errno == EINTR); + + saved_errno = errno; + if (lseek_eintr(fd, off_orig, SEEK_SET) == (off_t)-1) { + if (r < 0) + errno = saved_errno; + return -1; } + errno = saved_errno; + + return r; +} + +static off_t +lseek_eintr(int fd, off_t off, int whence) +{ + off_t old; + + do { + old = lseek(fd, off, whence); + } while (old == (off_t)-1 && errno == EINTR); + + return old; } static void err(int nvm_errval, const char *msg, ...) { + va_list args; + /* * We need to ensure that files are closed * on exit, including error exits. This @@ -1396,7 +1516,7 @@ err(int nvm_errval, const char *msg, ...) * one that does this. * * Since the errval is for setting errno, -1 - * would be incorrect. Therefore, set_err() + * would be incorrect. Therefore, set_err_if_unset() * avoids overriding errno if the given value * is negative. * @@ -1405,15 +1525,13 @@ err(int nvm_errval, const char *msg, ...) if (nvm_errval != -1) close_files(); - va_list args; - fprintf(stderr, "%s: ", getnvmprogname()); va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); - set_err(nvm_errval); + set_err_if_unset(nvm_errval); fprintf(stderr, ": %s", strerror(errno)); fprintf(stderr, "\n"); @@ -1429,13 +1547,11 @@ close_files(void) gbe_fd = -1; } -#ifndef NVMUTIL_ARC4RANDOM_BUF if (urandom_fd > -1) { if (close(urandom_fd) == -1) err(-1, "%s: close failed", rname); urandom_fd = -1; } -#endif } static const char * @@ -1454,8 +1570,17 @@ getnvmprogname(void) return argv0; } +/* + * Set errno only if it hasn't already been set. + * This prevents overriding real libc errors. + * + * We use errno for regular program state, while + * being careful not to clobber what was set by + * real libc function, or a minority of our stub + * functions such as prw() + */ static void -set_err(int x) +set_err_if_unset(int x) { if (errno) return; @@ -1472,7 +1597,7 @@ usage(uint8_t usage_exit) #ifdef NVMUTIL_PLEDGE if (pledge("stdio", NULL) == -1) - err(ECANCELED, "pledge"); + err(errno, "pledge"); #endif fprintf(stderr, "Modify Intel GbE NVM images e.g. set MAC\n" |