diff options
Diffstat (limited to 'util/nvmutil/nvmutil.c')
| -rw-r--r-- | util/nvmutil/nvmutil.c | 544 |
1 files changed, 389 insertions, 155 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c index d2b7ce11..68e041a3 100644 --- a/util/nvmutil/nvmutil.c +++ b/util/nvmutil/nvmutil.c @@ -31,35 +31,43 @@ #include <errno.h> #include <fcntl.h> +#include <limits.h> #include <stdarg.h> +#if defined(__has_include) +#if __has_include(<stdint.h>) #include <stdint.h> +#else +typedef unsigned char uint8_t; +typedef unsigned short uint16_t; +typedef unsigned int uint32_t; +#endif +#elif defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L +#include <stdint.h> +#else +typedef unsigned char uint8_t; +typedef unsigned short uint16_t; +typedef unsigned int uint32_t; +#endif #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> -#if __STDC_VERSION__ >= 201112L -_Static_assert(sizeof(uint16_t) == 2, "uint16_t must be 16 bits"); -#else -typedef char static_assert_uint16_t_is_2[(sizeof(uint16_t) == 2) ? 1 : -1]; -#endif +typedef char static_assert_char_is_8_bits[(CHAR_BIT == 8) ? 1 : -1]; +typedef char static_assert_uint8_is_1[(sizeof(uint8_t) == 1) ? 1 : -1]; +typedef char static_assert_uint16_is_2[(sizeof(uint16_t) == 2) ? 1 : -1]; +typedef char static_assert_uint32_is_4[(sizeof(uint32_t) == 4) ? 1 : -1]; +typedef char static_assert_int_ge_32[(sizeof(int) >= 4) ? 1 : -1]; +typedef char static_assert_twos_complement[ + ((-1 & 3) == 3) ? 1 : -1 +]; /* - * The BSD versions that could realistically build - * nvmutil almost certainly have arc4random (first - * introduced in 1990s to early 2000s). - * - * If you want it on another platform, e.g. Linux, - * just patch this accordingly. Or patch it to remove - * arc4random on old/weird Unix systems. + * We set _FILE_OFFSET_BITS 64, but we only handle + * files that are 128KB in size at a maximum, so we + * realistically only need 32-bit at a minimum. */ -#if defined(__OpenBSD__) || defined(__FreeBSD__) || \ - defined(__NetBSD__) || defined(__APPLE__) || \ - defined(__DragonFly__) -#ifndef NVMUTIL_ARC4RANDOM_BUF -#define NVMUTIL_ARC4RANDOM_BUF 1 -#endif -#endif +typedef char static_assert_off_t_is_32[(sizeof(off_t) >= 4) ? 1 : -1]; /* * Older versions of BSD to the early 2000s @@ -81,25 +89,70 @@ typedef char static_assert_uint16_t_is_2[(sizeof(uint16_t) == 2) ? 1 : -1]; #endif #endif +#ifndef EXIT_FAILURE +#define EXIT_FAILURE 1 +#endif + +#ifndef EXIT_SUCCESS +#define EXIT_SUCCESS 0 +#endif + +#ifndef O_BINARY +#define O_BINARY 0 +#endif + +#ifndef O_NONBLOCK +#define O_NONBLOCK 0 +#endif + +/* + * Sanitize command tables. + */ static void sanitize_command_list(void); static void sanitize_command_index(size_t c); static void check_enum_bin(size_t a, const char *a_name, size_t b, const char *b_name); + +/* + * Argument handling (user input) + */ static void set_cmd(int argc, char *argv[]); static void set_cmd_args(int argc, char *argv[]); static size_t conv_argv_part_num(const char *part_str); static int xstrxcmp(const char *a, const char *b, size_t maxlen); -#ifndef NVMUTIL_ARC4RANDOM_BUF + +/* + * Prep files for reading + * + * Portability: /dev/urandom used + * on Linux / old Unix, whereas + * arc4random is used on BSD/MacOS. + */ static void open_dev_urandom(void); -#endif static void open_gbe_file(void); static void xopen(int *fd, const char *path, int flags, struct stat *st); + +/* + * Read GbE file and verify + * checksums. + * + * After this, we can run commands. + */ static void read_gbe_file(void); static void read_checksums(void); static int good_checksum(size_t partnum); + +/* + * Execute user command on GbE data. + * These are stubs that call helpers. + */ static void run_cmd(size_t c); static void check_command_num(size_t c); static uint8_t valid_command(size_t c); + +/* + * Helper functions for command: setmac + */ static void cmd_helper_setmac(void); static void parse_mac_string(void); static size_t xstrxlen(const char *scmp, size_t maxlen); @@ -109,32 +162,68 @@ static void set_mac_nib(size_t mac_str_pos, static uint16_t hextonum(char ch_s); static uint16_t rhex(void); static void write_mac_part(size_t partnum); + +/* + * Helper functions for command: dump + */ static void cmd_helper_dump(void); static void print_mac_from_nvm(size_t partnum); static void hexdump(size_t partnum); + +/* + * Helper functions for commands: + * cat, cat16 and cat128 + */ static void cmd_helper_cat(void); static void gbe_cat_buf(uint8_t *b); + +/* + * After command processing, write + * the modified GbE file back. + * + * These are stub functions: check + * below for the actual functions. + */ static void write_gbe_file(void); static void override_part_modified(void); static void set_checksum(size_t part); static uint16_t calculated_checksum(size_t p); + +/* + * Helper functions for accessing + * the NVM area during operation. + */ static uint16_t nvm_word(size_t pos16, size_t part); static void set_nvm_word(size_t pos16, size_t part, uint16_t val16); static void set_part_modified(size_t p); static void check_nvm_bound(size_t pos16, size_t part); static void check_bin(size_t a, const char *a_name); + +/* + * Helper functions for stub functions + * that handle GbE file reads/writes. + */ static void rw_gbe_file_part(size_t p, int rw_type, const char *rw_type_str); static uint8_t *gbe_mem_offset(size_t part, const char *f_op); static off_t gbe_file_offset(size_t part, const char *f_op); static off_t gbe_x_offset(size_t part, const char *f_op, const char *d_type, off_t nsize, off_t ncmp); -static void rw_file_exact(int fd, uint8_t *mem, size_t len, - off_t off, int rw_type, const char *path, const char *rw_type_str); +static ssize_t rw_file_exact(int fd, uint8_t *mem, size_t len, + off_t off, int rw_type); +static ssize_t do_rw(int fd, + uint8_t *mem, size_t len, off_t off, int rw_type); +static ssize_t prw(int fd, void *mem, size_t nrw, + off_t off, int rw_type); +static off_t lseek_eintr(int fd, off_t off, int whence); + +/* + * Error handling and cleanup + */ static void err(int nvm_errval, const char *msg, ...); static void close_files(void); static const char *getnvmprogname(void); -static void set_err(int errval); +static void set_err_if_unset(int errval); static void usage(uint8_t usage_exit); /* @@ -171,11 +260,9 @@ static void usage(uint8_t usage_exit); */ #define items(x) (sizeof((x)) / sizeof((x)[0])) -#ifndef NVMUTIL_ARC4RANDOM_BUF static const char newrandom[] = "/dev/urandom"; static const char oldrandom[] = "/dev/random"; /* fallback on OLD unix */ static const char *rname = NULL; -#endif /* * GbE files can be 8KB, 16KB or 128KB, @@ -187,14 +274,12 @@ static const char *rname = NULL; * The code will handle this properly. */ static uint8_t buf[GBE_FILE_SIZE]; -static uint8_t pad[GBE_PART_SIZE]; +static uint8_t pad[GBE_PART_SIZE]; /* the file that wouldn't die */ static uint16_t mac_buf[3]; static off_t gbe_file_size; -#ifndef NVMUTIL_ARC4RANDOM_BUF static int urandom_fd = -1; -#endif static int gbe_fd = -1; static size_t part; static uint8_t part_modified[2]; @@ -205,6 +290,10 @@ static const char *mac_str; static const char *fname; static const char *argv0; +#ifndef SSIZE_MAX +#define SSIZE_MAX ((ssize_t)(~((size_t)1 << (sizeof(ssize_t)*CHAR_BIT-1)))) +#endif + /* * Use these for .invert in command[]: * If set to 1: read/write inverter (p0->p1, p1->p0) @@ -343,6 +432,9 @@ static const struct commands command[] = { */ static size_t cmd_index = CMD_NULL; +typedef char assert_argc3[(ARGC_3==3)?1:-1]; +typedef char assert_argc4[(ARGC_4==4)?1:-1]; + int main(int argc, char *argv[]) { @@ -355,12 +447,12 @@ main(int argc, char *argv[]) #ifdef NVMUTIL_PLEDGE #ifdef NVMUTIL_UNVEIL if (pledge("stdio rpath wpath unveil", NULL) == -1) - err(ECANCELED, "pledge"); + err(errno, "pledge"); if (unveil("/dev/null", "r") == -1) - err(ECANCELED, "unveil '/dev/null'"); + err(errno, "unveil '/dev/null'"); #else if (pledge("stdio rpath wpath", NULL) == -1) - err(ECANCELED, "pledge"); + err(errno, "pledge"); #endif #endif @@ -373,41 +465,34 @@ main(int argc, char *argv[]) #ifdef NVMUTIL_UNVEIL if (command[cmd_index].flags == O_RDONLY) { if (unveil(fname, "r") == -1) - err(ECANCELED, "%s: unveil ro", fname); + err(errno, "%s: unveil ro", fname); if (unveil(NULL, NULL) == -1) - err(ECANCELED, "unveil block (ro)"); + err(errno, "unveil block (ro)"); if (pledge("stdio rpath", NULL) == -1) - err(ECANCELED, "pledge ro (kill unveil)"); + err(errno, "pledge ro (kill unveil)"); } else { if (unveil(fname, "rw") == -1) - err(ECANCELED, "%s: unveil rw", fname); + err(errno, "%s: unveil rw", fname); if (unveil(NULL, NULL) == -1) - err(ECANCELED, "unveil block (rw)"); + err(errno, "unveil block (rw)"); if (pledge("stdio rpath wpath", NULL) == -1) - err(ECANCELED, "pledge rw (kill unveil)"); + err(errno, "pledge rw (kill unveil)"); } #else if (command[cmd_index].flags == O_RDONLY) { if (pledge("stdio rpath", NULL) == -1) - err(ECANCELED, "pledge ro"); + err(errno, "pledge ro"); } #endif #endif -#ifndef NVMUTIL_ARC4RANDOM_BUF -#if defined(__OpenBSD__) || defined(__FreeBSD__) || \ - defined(__NetBSD__) || defined(__APPLE__) || \ - defined(__DragonFly__) - err(ECANCELED, "Maintainer error: arc4random disabled on BSD/MacOS"); -#endif open_dev_urandom(); -#endif open_gbe_file(); #ifdef NVMUTIL_PLEDGE if (pledge("stdio", NULL) == -1) - err(ECANCELED, "pledge stdio (main)"); + err(errno, "pledge stdio (main)"); #endif /* @@ -418,17 +503,19 @@ main(int argc, char *argv[]) read_gbe_file(); read_checksums(); + errno = 0; run_cmd(cmd_index); - if (errno) + if (errno && (!(part_valid[0] || part_valid[1]))) err(errno, "%s: Unhandled error (WRITE SKIPPED)", fname); - else if (command[cmd_index].flags == O_RDWR) + + if (command[cmd_index].flags == O_RDWR) write_gbe_file(); close_files(); if (errno) - err(ECANCELED, "Unhandled error on exit"); + err(errno, "Unhandled error on exit"); return EXIT_SUCCESS; } @@ -441,7 +528,7 @@ sanitize_command_list(void) { size_t c; - for (c = 0; valid_command(c); c++) + for (c = 0; c < N_COMMANDS; c++) sanitize_command_index(c); } @@ -453,26 +540,32 @@ sanitize_command_index(size_t c) check_command_num(c); - if (ARGC_3 != 3) - err(ECANCELED, "ARGC_3 is not equal to 3"); - if (ARGC_4 != 4) - err(ECANCELED, "ARGC_4 is not equal to 4"); - if (command[c].argc < 3) - err(ECANCELED, "cmd index %zu: argc below 3, %d", - c, command[c].argc); + err(EINVAL, "cmd index %lu: argc below 3, %d", + (unsigned long)c, command[c].argc); if (command[c].str == NULL) - err(ECANCELED, "cmd index %zu: NULL str", c); + err(EINVAL, "cmd index %lu: NULL str", + (unsigned long)c); if (*command[c].str == '\0') - err(ECANCELED, "cmd index %zu: empty str", c); + err(EINVAL, "cmd index %lu: empty str", + (unsigned long)c); if (xstrxlen(command[c].str, MAX_CMD_LEN + 1) > MAX_CMD_LEN) { - err(ECANCELED, "cmd index %zu: str too long: %s", - c, command[c].str); + err(EINVAL, "cmd index %lu: str too long: %s", + (unsigned long)c, command[c].str); } + if (!((CMD_SETMAC > CMD_DUMP) && (CMD_SWAP > CMD_SETMAC) && + (CMD_COPY > CMD_SWAP) && (CMD_CAT > CMD_COPY) && + (CMD_CAT16 > CMD_CAT) && (CMD_CAT128 > CMD_CAT16))) + err(EINVAL, "Some command integers are the same"); + + if (!((SET_MOD_0 > SET_MOD_OFF) && (SET_MOD_1 > SET_MOD_0) && + (SET_MOD_N > SET_MOD_1) && (SET_MOD_BOTH > SET_MOD_N))) + err(EINVAL, "Some modtype integers are the same"); + mod_type = command[c].set_modified; switch (mod_type) { case SET_MOD_0: @@ -495,6 +588,7 @@ sanitize_command_index(size_t c) CHECKSUM_READ, "CHECKSUM_READ"); check_enum_bin(SKIP_CHECKSUM_WRITE, "SKIP_CHECKSUM_WRITE", CHECKSUM_WRITE, "CHECKSUM_WRITE"); + check_enum_bin(NO_INVERT, "NO_INVERT", PART_INVERT, "PART_INVERT"); gbe_rw_size = command[c].rw_size; @@ -503,19 +597,20 @@ sanitize_command_index(size_t c) case NVM_SIZE: break; default: - err(EINVAL, "Unsupported rw_size: %zu", gbe_rw_size); + err(EINVAL, "Unsupported rw_size: %lu", + (unsigned long)gbe_rw_size); } if (gbe_rw_size > GBE_PART_SIZE) - err(EINVAL, "rw_size larger than GbE part: %zu", - gbe_rw_size); + err(EINVAL, "rw_size larger than GbE part: %lu", + (unsigned long)gbe_rw_size); if (command[c].flags != O_RDONLY && command[c].flags != O_RDWR) err(EINVAL, "invalid cmd.flags setting"); - if (!((PLESEN > LESEN) && (SCHREIB > PLESEN) && (PSCHREIB > SCHREIB))) - err(EINVAL, "some rw type integers are the same"); + if (!((!LESEN) && (PLESEN == 1) && (SCHREIB == 2) && (PSCHREIB == 3))) + err(EINVAL, "rw type integers are the wrong values"); } static void @@ -523,10 +618,10 @@ check_enum_bin(size_t a, const char *a_name, size_t b, const char *b_name) { if (a) - err(ECANCELED, "%s is non-zero", a_name); + err(EINVAL, "%s is non-zero", a_name); if (b != 1) - err(ECANCELED, "%s is a value other than 1", b_name); + err(EINVAL, "%s is a value other than 1", b_name); } static void @@ -560,10 +655,10 @@ set_cmd_args(int argc, char *argv[]) /* Maintainer bugs */ if (arg_part && argc < 4) - err(ECANCELED, + err(EINVAL, "arg_part set for command that needs argc4"); if (arg_part && cmd_index == CMD_SETMAC) - err(ECANCELED, + err(EINVAL, "arg_part set on CMD_SETMAC"); if (cmd_index == CMD_SETMAC) @@ -619,22 +714,23 @@ xstrxcmp(const char *a, const char *b, size_t maxlen) /* * Should never reach here. This keeps compilers happy. */ - errno = EINVAL; + set_err_if_unset(EINVAL); return -1; } -#ifndef NVMUTIL_ARC4RANDOM_BUF static void open_dev_urandom(void) { - struct stat st_urandom_fd; - rname = newrandom; - if ((urandom_fd = open(rname, O_RDONLY)) != -1) + urandom_fd = open(rname, O_RDONLY | O_BINARY | O_NONBLOCK); + if (urandom_fd != -1) return; /* * Fall back to /dev/random on very old Unix. + * + * We must reset errno, to remove stale state + * set by reading /dev/urandom */ fprintf(stderr, "Can't open %s (will use %s instead)\n", @@ -643,16 +739,17 @@ open_dev_urandom(void) errno = 0; rname = oldrandom; - xopen(&urandom_fd, rname, O_RDONLY, &st_urandom_fd); + urandom_fd = open(rname, O_RDONLY | O_BINARY | O_NONBLOCK); + if (urandom_fd == -1) + err(errno, "%s: could not open", rname); } -#endif static void open_gbe_file(void) { struct stat gbe_st; - xopen(&gbe_fd, fname, command[cmd_index].flags, &gbe_st); + xopen(&gbe_fd, fname, command[cmd_index].flags | O_BINARY, &gbe_st); gbe_file_size = gbe_st.st_size; @@ -662,7 +759,7 @@ open_gbe_file(void) case SIZE_128KB: break; default: - err(ECANCELED, "File size must be 8KB, 16KB or 128KB"); + err(EINVAL, "File size must be 8KB, 16KB or 128KB"); } } @@ -670,10 +767,13 @@ static void xopen(int *fd_ptr, const char *path, int flags, struct stat *st) { if ((*fd_ptr = open(path, flags)) == -1) - err(ECANCELED, "%s", path); + err(errno, "%s", path); if (fstat(*fd_ptr, st) == -1) - err(ECANCELED, "%s", path); + err(errno, "%s", path); + + if (!S_ISREG(st->st_mode)) + err(errno, "%s: not a regular file", path); } static void @@ -705,6 +805,9 @@ read_checksums(void) uint8_t num_invalid; uint8_t max_invalid; + part_valid[0] = 0; + part_valid[1] = 0; + if (!command[cmd_index].chksum_read) return; @@ -729,9 +832,8 @@ read_checksums(void) if (arg_part && (p == skip_part)) continue; - if (good_checksum(p)) - part_valid[p] = 1; - else + part_valid[p] = good_checksum(p); + if (!part_valid[p]) ++num_invalid; } @@ -740,9 +842,9 @@ read_checksums(void) if (num_invalid >= max_invalid) { if (max_invalid == 1) - err(ECANCELED, "%s: part %zu has a bad checksum", - fname, part); - err(ECANCELED, "%s: No valid checksum found in file", + err(EINVAL, "%s: part %lu has a bad checksum", + fname, (unsigned long)part); + err(EINVAL, "%s: No valid checksum found in file", fname); } } @@ -756,7 +858,7 @@ good_checksum(size_t partnum) if (current_checksum == expected_checksum) return 1; - set_err(ECANCELED); + set_err_if_unset(EINVAL); return 0; } @@ -764,7 +866,7 @@ static void run_cmd(size_t c) { check_command_num(c); - if (command[c].run) + if (command[c].run != NULL) command[c].run(); } @@ -772,7 +874,8 @@ static void check_command_num(size_t c) { if (!valid_command(c)) - err(ECANCELED, "Invalid run_cmd arg: %zu", c); + err(errno, "Invalid run_cmd arg: %lu", + (unsigned long)c); } static uint8_t @@ -782,8 +885,8 @@ valid_command(size_t c) return 0; if (c != command[c].chk) - err(ECANCELED, "Invalid cmd chk value (%zu) vs arg: %zu", - command[c].chk, c); + err(EINVAL, "Invalid cmd chk value (%lu) vs arg: %lu", + (unsigned long)command[c].chk, (unsigned long)c); return 1; } @@ -793,12 +896,6 @@ cmd_helper_setmac(void) { size_t partnum; -#ifdef NVMUTIL_ARC4RANDOM_BUF - printf("Randomisation method: arc4random_buf\n"); -#else - printf("Randomisation method: %s\n", rname); -#endif - printf("MAC address to be written: %s\n", mac_str); parse_mac_string(); @@ -927,11 +1024,9 @@ rhex(void) if (!n) { n = sizeof(rnum); -#ifdef NVMUTIL_ARC4RANDOM_BUF - arc4random_buf(rnum, n); -#else - rw_file_exact(urandom_fd, rnum, n, 0, LESEN, rname, "read"); -#endif + if (rw_file_exact(urandom_fd, rnum, n, 0, LESEN) == -1) + err(errno, "Randomisation failed"); + errno = 0; } return (uint16_t)(rnum[--n] & 0xf); @@ -949,7 +1044,8 @@ write_mac_part(size_t partnum) for (w = 0; w < 3; w++) set_nvm_word(w, partnum, mac_buf[w]); - printf("Wrote MAC address to part %zu: ", partnum); + printf("Wrote MAC address to part %lu: ", + (unsigned long)partnum); print_mac_from_nvm(partnum); } @@ -967,11 +1063,13 @@ cmd_helper_dump(void) for (partnum = 0; partnum < 2; partnum++) { if (!part_valid[partnum]) fprintf(stderr, - "BAD checksum %04x in part %zu (expected %04x)\n", + "BAD checksum %04x in part %lu (expected %04x)\n", nvm_word(NVM_CHECKSUM_WORD, partnum), - partnum, calculated_checksum(partnum)); + (unsigned long)partnum, + calculated_checksum(partnum)); - printf("MAC (part %zu): ", partnum); + printf("MAC (part %lu): ", + (unsigned long)partnum); print_mac_from_nvm(partnum); hexdump(partnum); } @@ -1000,7 +1098,7 @@ hexdump(size_t partnum) uint16_t val16; for (row = 0; row < 8; row++) { - printf("%08zx ", (size_t)row << 4); + printf("%08lx ", (unsigned long)((size_t)row << 4)); for (c = 0; c < 8; c++) { val16 = nvm_word((row << 3) + c, partnum); if (c == 4) @@ -1023,7 +1121,7 @@ cmd_helper_cat(void) else if (cmd_index == CMD_CAT128) n = 15; else if (cmd_index != CMD_CAT) - err(ECANCELED, "cmd_helper_cat called erroneously"); + err(EINVAL, "cmd_helper_cat called erroneously"); fflush(NULL); @@ -1038,8 +1136,38 @@ cmd_helper_cat(void) static void gbe_cat_buf(uint8_t *b) { - rw_file_exact(STDOUT_FILENO, b, GBE_PART_SIZE, 0, - SCHREIB, "stdout", "write"); + ssize_t rval; + + while (1) { + rval = rw_file_exact(STDOUT_FILENO, b, + GBE_PART_SIZE, 0, SCHREIB); + + if (rval >= 0) { + /* + * A partial write is especially + * fatal, as it should already be + * prevented in rw_file_exact(). + */ + if ((size_t)rval != GBE_PART_SIZE) + err(EIO, "stdout: cat: Partial write"); + break; + } + + if (errno != EAGAIN) + err(errno, "stdout: cat"); + + /* + * We assume that no data + * was written to stdout. + */ + errno = 0; + } + + /* + * No errors here. + * Avoid the warning in main() + */ + errno = 0; } static void @@ -1168,14 +1296,16 @@ check_nvm_bound(size_t c, size_t p) check_bin(p, "part number"); if (c >= NVM_WORDS) - err(EINVAL, "check_nvm_bound: out of bounds %zu", c); + err(ECANCELED, "check_nvm_bound: out of bounds %lu", + (unsigned long)c); } static void check_bin(size_t a, const char *a_name) { if (a > 1) - err(ECANCELED, "%s must be 0 or 1, but is %zu", a_name, a); + err(EINVAL, "%s must be 0 or 1, but is %lu", + a_name, (unsigned long)a); } static void @@ -1196,9 +1326,13 @@ rw_gbe_file_part(size_t p, int rw_type, */ mem_offset = gbe_mem_offset(p ^ invert, rw_type_str); - rw_file_exact(gbe_fd, mem_offset, + if (rw_file_exact(gbe_fd, mem_offset, gbe_rw_size, gbe_file_offset(p, rw_type_str), - rw_type, fname, rw_type_str); + rw_type) == -1) + err(errno, "%s: %s: part %lu", + fname, rw_type_str, (unsigned long)p); + + errno = 0; } /* @@ -1216,8 +1350,7 @@ gbe_mem_offset(size_t p, const char *f_op) } /* - * Reads to GbE from write_gbe_file_part and read_gbe_file_part - * are filtered through here. These operations must + * I/O operations filtered here. These operations must * only write from the 0th position or the half position * within the GbE file, and write 4KB of data. * @@ -1240,9 +1373,9 @@ gbe_x_offset(size_t p, const char *f_op, const char *d_type, check_bin(p, "part number"); - off = (off_t)p * nsize; + off = ((off_t)p) * (off_t)nsize; - if (off + GBE_PART_SIZE > ncmp) + if (off > ncmp - GBE_PART_SIZE) err(ECANCELED, "%s: GbE %s %s out of bounds", fname, d_type, f_op); @@ -1253,58 +1386,152 @@ gbe_x_offset(size_t p, const char *f_op, const char *d_type, return off; } -static void +/* + * Read or write the exact contents of a file, + * along with a buffer, (if applicable) offset, + * and number of bytes to be read. It unified + * the functionality of read(), pread(), write() + * and pwrite(), with retry-on-EINTR and also + * prevents infinite loop on zero-reads. + * + * The pread() and pwrite() functionality are + * provided by yet another portable function, + * prw() - see notes below. + * + * This must only be used on files. It cannot + * be used on sockets or pipes, because 0-byte + * reads are treated like fatal errors. This + * means that EOF is also considered fatal. + */ +static ssize_t rw_file_exact(int fd, uint8_t *mem, size_t len, - off_t off, int rw_type, const char *path, - const char *rw_type_str) + off_t off, int rw_type) { - ssize_t rval = -1; - ssize_t rc = 0; - - if (fd < 0) - err(EIO, "%s: %s: Bad fd %d", path, rw_type_str, fd); - if (!len) - err(EIO, "%s: %s: Zero length", path, rw_type_str); - - for (rc = 0; rc != (ssize_t)len; rc += rval) { - if (rw_type == PSCHREIB) - rval = pwrite(fd, mem + rc, len - rc, off + rc); - else if (rw_type == SCHREIB) - rval = write(fd, mem + rc, len - rc); - else if (rw_type == PLESEN) - rval = pread(fd, mem + rc, len - rc, off + rc); - else if (rw_type == LESEN) - rval = read(fd, mem + rc, len - rc); - - if (rval > -1) { - if (!rval) /* prevent infinite loop */ - err(EIO, "%s: %s: 0-byte return", - path, rw_type_str); + ssize_t rval = 0; + size_t rc = 0; + + if (fd < 0 || !len || len > (size_t)SSIZE_MAX) { + set_err_if_unset(EIO); + return -1; + } + + while (rc < len) { + rval = do_rw(fd, mem + rc, len - rc, off + rc, rw_type); + + if (rval < 0 && errno == EINTR) { continue; + } else if (rval < 0) { + set_err_if_unset(EIO); + return -1; + } + if ((size_t)rval > (len - rc) /* Prevent overflow */ + || rval == 0) { /* Prevent infinite 0-byte loop */ + set_err_if_unset(EIO); + return -1; } - if (errno != EINTR || rval < -1) - err(EIO, "%s: %s", path, rw_type_str); + rc += (size_t)rval; + } - errno = 0; + return rc; +} + +static ssize_t +do_rw(int fd, uint8_t *mem, + size_t len, off_t off, int rw_type) +{ + if (rw_type == LESEN || rw_type == PLESEN << 2) + return read(fd, mem, len); + + if (rw_type == SCHREIB || rw_type == PSCHREIB << 2) + return write(fd, mem, len); + + if (rw_type == PLESEN || rw_type == PSCHREIB) + return prw(fd, mem, len, off, rw_type); + + set_err_if_unset(EINVAL); + return -1; +} + +/* + * This implements a portable analog of pwrite() + * and pread() - note that this version is not + * thread-safe (race conditions are possible on + * shared file descriptors). + * + * This limitation is acceptable, since nvmutil is + * single-threaded. Portability is the main goal. + */ +static ssize_t +prw(int fd, void *mem, size_t nrw, + off_t off, int rw_type) +{ + off_t off_orig; + ssize_t r; + int saved_errno; + + if ((off_orig = lseek_eintr(fd, (off_t)0, SEEK_CUR)) == (off_t)-1) + return -1; + if (lseek_eintr(fd, off, SEEK_SET) == (off_t)-1) + return -1; + + do { + r = do_rw(fd, mem, nrw, off, rw_type << 2); + } while (r < 0 && errno == EINTR); + + saved_errno = errno; + if (lseek_eintr(fd, off_orig, SEEK_SET) == (off_t)-1) { + if (r < 0) + errno = saved_errno; + return -1; } + errno = saved_errno; + + return r; +} + +static off_t +lseek_eintr(int fd, off_t off, int whence) +{ + off_t old; + + do { + old = lseek(fd, off, whence); + } while (old == (off_t)-1 && errno == EINTR); + + return old; } static void err(int nvm_errval, const char *msg, ...) { + va_list args; + + /* + * We need to ensure that files are closed + * on exit, including error exits. This + * would otherwise recurse, because the + * close_files() function also calls err(), + * but with -1 on nvm_errval. It's the only + * one that does this. + * + * Since the errval is for setting errno, -1 + * would be incorrect. Therefore, set_err_if_unset() + * avoids overriding errno if the given value + * is negative. + * + * Be careful modifying err() and close_files(). + */ if (nvm_errval != -1) close_files(); - va_list args; - fprintf(stderr, "%s: ", getnvmprogname()); va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); - set_err(nvm_errval); + set_err_if_unset(nvm_errval); fprintf(stderr, ": %s", strerror(errno)); fprintf(stderr, "\n"); @@ -1320,13 +1547,11 @@ close_files(void) gbe_fd = -1; } -#ifndef NVMUTIL_ARC4RANDOM_BUF if (urandom_fd > -1) { if (close(urandom_fd) == -1) err(-1, "%s: close failed", rname); urandom_fd = -1; } -#endif } static const char * @@ -1345,8 +1570,17 @@ getnvmprogname(void) return argv0; } +/* + * Set errno only if it hasn't already been set. + * This prevents overriding real libc errors. + * + * We use errno for regular program state, while + * being careful not to clobber what was set by + * real libc function, or a minority of our stub + * functions such as prw() + */ static void -set_err(int x) +set_err_if_unset(int x) { if (errno) return; @@ -1363,7 +1597,7 @@ usage(uint8_t usage_exit) #ifdef NVMUTIL_PLEDGE if (pledge("stdio", NULL) == -1) - err(ECANCELED, "pledge"); + err(errno, "pledge"); #endif fprintf(stderr, "Modify Intel GbE NVM images e.g. set MAC\n" |