diff options
Diffstat (limited to 'util/nvmutil')
| -rw-r--r-- | util/nvmutil/COPYING | 2 | ||||
| -rw-r--r-- | util/nvmutil/nvmutil.c | 1126 |
2 files changed, 830 insertions, 298 deletions
diff --git a/util/nvmutil/COPYING b/util/nvmutil/COPYING index a6ecf266..47c35a86 100644 --- a/util/nvmutil/COPYING +++ b/util/nvmutil/COPYING @@ -1,4 +1,4 @@ -Copyright (C) 2022-2025 Leah Rowe <leah@libreboot.org> +Copyright (C) 2022-2026 Leah Rowe <leah@libreboot.org> Copyright (c) 2023 Riku Viitanen <riku.viitanen@protonmail.com> Permission is hereby granted, free of charge, to any person obtaining a diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c index 12aabe4d..b6e28cfa 100644 --- a/util/nvmutil/nvmutil.c +++ b/util/nvmutil/nvmutil.c @@ -1,343 +1,662 @@ /* SPDX-License-Identifier: MIT */ -/* Copyright (c) 2022-2025 Leah Rowe <leah@libreboot.org> */ +/* Copyright (c) 2022-2026 Leah Rowe <leah@libreboot.org> */ /* Copyright (c) 2023 Riku Viitanen <riku.viitanen@protonmail.com> */ #include <sys/stat.h> -#include <dirent.h> -#include <err.h> #include <errno.h> #include <fcntl.h> +#include <stdarg.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> -void cmd_setchecksum(void), cmd_brick(void), swap(int partnum), writeGbe(void), - cmd_dump(void), cmd_setmac(void), readGbe(void), checkdir(const char *path), - macf(int partnum), hexdump(int partnum), openFiles(const char *path), - cmd_copy(void), parseMacString(const char *strMac, uint16_t *mac), - cmd_swap(void); -int goodChecksum(int partnum); -uint8_t hextonum(char chs), rhex(void); - -#define COMMAND argv[2] -#define MAC_ADDRESS argv[3] -#define PARTN argv[3] +/* + * On the platforms below, we will use arc4random + * for random MAC address generation. + * + * Later on, the code has fallbacks for other systems. + */ +#if defined(__OpenBSD__) || defined(__FreeBSD__) || \ + defined(__NetBSD__) || defined(__APPLE__) || \ + defined(__DragonFly__) +#ifndef HAVE_ARC4RANDOM_BUF +#define HAVE_ARC4RANDOM_BUF +#endif +#endif + +static void set_cmd(int argc, char *argv[]); +static void check_cmd_args(int argc, char *argv[]); +static size_t conv_argv_part_num(const char *part_str); +static void set_io_flags(int argc, char *argv[]); +static void open_gbe_file(void); +#ifndef HAVE_ARC4RANDOM_BUF +static void open_dev_urandom(void); +#endif +static void xopen(int *fd, const char *path, int flags, struct stat *st); +static void read_gbe_file(void); +static void read_gbe_file_part(size_t part, uint8_t invert); +static void cmd_setmac(void); +static void parse_mac_string(void); +static void set_mac_byte(size_t mac_byte_pos); +static void set_mac_nib(size_t mac_str_pos, + size_t mac_byte_pos, size_t mac_nib_pos); +static uint16_t hextonum(char ch_s); +static uint16_t rhex(void); +static void read_file_exact(int fd, void *buf, size_t len, + off_t off, const char *path, const char *op); +static int write_mac_part(size_t partnum); +static void cmd_dump(void); +static void print_mac_address(size_t partnum); +static void hexdump(size_t partnum); +static void cmd_setchecksum(void); +static void set_checksum(size_t part); +static void cmd_brick(void); +static void cmd_copy(void); +static void cmd_swap(void); +static int good_checksum(size_t partnum); +static uint16_t word(size_t pos16, size_t part); +static void set_word(size_t pos16, size_t part, uint16_t val16); +static void check_nvm_bound(size_t pos16, size_t part); +static void write_gbe_file(void); +static void write_gbe_file_part(size_t part); +static off_t gbe_file_offset(size_t part, const char *f_op); +static void *gbe_mem_offset(size_t part, const char *f_op); +static off_t gbe_x_offset(size_t part, const char *f_op, + const char *d_type, off_t nsize, off_t ncmp); +static void set_part_modified(size_t p); +static void check_part_num(size_t p); +static void usage(void); +static void err(int nvm_errval, const char *msg, ...); +static const char *getnvmprogname(void); +static void set_err(int errval); + +/* + * Sizes in bytes: + */ +#define SIZE_1KB 1024 +#define SIZE_4KB (4 * SIZE_1KB) +#define SIZE_8KB (8 * SIZE_1KB) +#define SIZE_16KB (16 * SIZE_1KB) +#define SIZE_128KB (128 * SIZE_1KB) + +/* + * First 128 bytes of a GbE part contains + * the regular NVM (Non-Volatile-Memory) + * area. All of these bytes must add up, + * truncated to 0xBABA. + * + * The full GbE region is 4KB, but only + * the first 128 bytes are used here. + * + * There is a second 4KB part with the same + * rules, and it *should* be identical. + */ +#define GBE_FILE_SIZE SIZE_8KB /* for buf */ +#define GBE_PART_SIZE (GBE_FILE_SIZE >> 1) #define NVM_CHECKSUM 0xBABA -#define NVM_CHECKSUM_WORD 0x3F #define NVM_SIZE 128 +#define NVM_WORDS (NVM_SIZE >> 1) +#define NVM_CHECKSUM_WORD (NVM_WORDS - 1) + +/* + * When reading files, we loop on error EINTR + * a maximum number of times as defined, thus: + */ +#define MAX_RETRY_READ 30 + +/* + * Portable macro based on BSD nitems. + * Used to count the number of commands (see below). + */ +#define items(x) (sizeof((x)) / sizeof((x)[0])) + +static const char newrandom[] = "/dev/urandom"; +static const char oldrandom[] = "/dev/random"; /* fallback on OLD unix */ +#ifndef HAVE_ARC4RANDOM_BUF +static const char *rname = NULL; +#endif -#define SIZE_4KB 0x1000 -#define SIZE_8KB 0x2000 -#define SIZE_16KB 0x4000 -#define SIZE_128KB 0x20000 - -uint16_t mac[3] = {0, 0, 0}; -ssize_t nf; -size_t partsize, gbe[2]; -uint8_t nvmPartChanged[2] = {0, 0}, do_read[2] = {1, 1}; -int flags, rfd, fd, part; - -const char *strMac = NULL, *strRMac = "??:??:??:??:??:??", *filename = NULL; - -typedef struct op { - char *str; +/* + * GbE files can be 8KB, 16KB or 128KB, + * but we only need the two 4KB parts + * from offset zero and offset 64KB in + * a 128KB file, or zero and 8KB in a 16KB + * file, or zero and 4KB in an 8KB file. + * + * The code will handle this properly. + */ +static uint8_t buf[GBE_FILE_SIZE]; + +static uint16_t mac_buf[3]; +static off_t gbe_file_size; + +static int gbe_flags; +#ifndef HAVE_ARC4RANDOM_BUF +static int urandom_fd = -1; +#endif +static int gbe_fd = -1; +static size_t part; +static uint8_t invert; +static uint8_t part_modified[2]; + +static const char *mac_str; +static const char rmac[] = "xx:xx:xx:xx:xx:xx"; +static const char *fname; +static const char *argv0; + +struct commands { + const char *str; void (*cmd)(void); int args; -} op_t; -op_t op[] = { -{ .str = "dump", .cmd = cmd_dump, .args = 3}, -{ .str = "setmac", .cmd = cmd_setmac, .args = 3}, -{ .str = "swap", .cmd = cmd_swap, .args = 3}, -{ .str = "copy", .cmd = cmd_copy, .args = 4}, -{ .str = "brick", .cmd = cmd_brick, .args = 4}, -{ .str = "setchecksum", .cmd = cmd_setchecksum, .args = 4}, }; -void (*cmd)(void) = NULL; - -#define ERR() errno = errno ? errno : ECANCELED -#define err_if(x) if (x) err(ERR(), "%s", filename) - -#define xopen(f,l,p) if ((f = open(l, p)) == -1) err(ERR(), "%s", l); \ - if (fstat(f, &st) == -1) err(ERR(), "%s", l) +static const struct commands command[] = { + { "dump", cmd_dump, 3 }, + { "setmac", cmd_setmac, 3 }, + { "swap", cmd_swap, 3 }, + { "copy", cmd_copy, 4 }, + { "brick", cmd_brick, 4 }, + { "setchecksum", cmd_setchecksum, 4 }, +}; -#define word(pos16, partnum) ((uint16_t *) gbe[partnum])[pos16] -#define setWord(pos16, p, val16) if (word(pos16, p) != val16) \ - nvmPartChanged[p] = 1 | (word(pos16, p) = val16) +static void (*cmd)(void) = NULL; int main(int argc, char *argv[]) { + argv0 = argv[0]; + if (argc < 2) + usage(); + + fname = argv[1]; + #ifdef __OpenBSD__ - err_if(pledge("stdio rpath wpath unveil", NULL) == -1); + if (pledge("stdio rpath wpath unveil", NULL) == -1) + err(ECANCELED, "pledge"); + + /* + * For restricted filesystem access on early error. + * + * Unveiling the random device early, regardless of + * whether we will use it, prevents operations on any + * GbE files until we permit it, while performing the + * prerequisite error checks. + * + * We don't actually use the random device on platforms + * that have arc4random, which includes OpenBSD. + */ + if (unveil("/dev/urandom", "r") == -1) + err(ECANCELED, "unveil '/dev/urandom'"); + if (unveil("/dev/random", "r") == -1) + err(ECANCELED, "unveil '/dev/random'"); #endif - if (argc < 2) { + set_cmd(argc, argv); + check_cmd_args(argc, argv); + set_io_flags(argc, argv); + #ifdef __OpenBSD__ - err_if(pledge("stdio", NULL) == -1); -#endif - fprintf(stderr, "Modify Intel GbE NVM images e.g. set MAC\n"); - fprintf(stderr, "USAGE:\n"); - fprintf(stderr, " %s FILE dump\n", argv[0]); - fprintf(stderr, " %s FILE\n # same as setmac without arg\n", - argv[0]); - fprintf(stderr, " %s FILE setmac [MAC]\n", argv[0]); - fprintf(stderr, " %s FILE swap\n", argv[0]); - fprintf(stderr, " %s FILE copy 0|1\n", argv[0]); - fprintf(stderr, " %s FILE brick 0|1\n", argv[0]); - fprintf(stderr, " %s FILE setchecksum 0|1\n", argv[0]); - err(errno = ECANCELED, "Too few arguments"); + if (gbe_flags == O_RDONLY) { + if (unveil(fname, "r") == -1) + err(ECANCELED, "unveil ro '%s'", fname); + if (unveil(NULL, NULL) == -1) + err(ECANCELED, "unveil block (ro)"); + if (pledge("stdio rpath", NULL) == -1) + err(ECANCELED, "pledge ro (kill unveil)"); + } else { + if (unveil(fname, "rw") == -1) + err(ECANCELED, "unveil rw '%s'", fname); + if (unveil(NULL, NULL) == -1) + err(ECANCELED, "unveil block (rw)"); + if (pledge("stdio rpath wpath", NULL) == -1) + err(ECANCELED, "pledge rw (kill unveil)"); } +#endif - filename = argv[1]; - - flags = O_RDWR; +#ifndef HAVE_ARC4RANDOM_BUF + open_dev_urandom(); +#endif + open_gbe_file(); - if (argc > 2) { - if (strcmp(COMMAND, "dump") == 0) { - flags = O_RDONLY; #ifdef __OpenBSD__ - err_if(pledge("stdio rpath unveil", NULL) == -1); + if (pledge("stdio", NULL) == -1) + err(ECANCELED, "pledge stdio (main)"); #endif - } - } - checkdir("/dev/urandom"); - checkdir(filename); + read_gbe_file(); + (*cmd)(); + write_gbe_file(); -#ifdef __OpenBSD__ - err_if(unveil("/dev/urandom", "r") == -1); + if (close(gbe_fd) == -1) + err(ECANCELED, "close '%s'", fname); +#ifndef HAVE_ARC4RANDOM_BUF + if (close(urandom_fd) == -1) + err(ECANCELED, "close '%s'", rname); +#endif - if (flags == O_RDONLY) { - err_if(unveil(filename, "r") == -1); - err_if(unveil(NULL, NULL) == -1); - err_if(pledge("stdio rpath", NULL) == -1); - } else { - err_if(unveil(filename, "rw") == -1); - err_if(unveil(NULL, NULL) == -1); - err_if(pledge("stdio rpath wpath", NULL) == -1); + /* + * We still exit with non-zero status if + * errno is set, but we don't need to print + * the error on dump commands, because they + * already print errors. + * + * If both parts have bad checksums, then + * cmd_dump will cause non-zero exit. If at + * least one part is valid, it resets errno. + * + * However, if we're not using cmd_dump, then + * we have a bug somewhere in the code. + */ + if (cmd != cmd_dump) { + if (errno) + err(ECANCELED, "Unhandled error on exit"); } -#endif - openFiles(filename); -#ifdef __OpenBSD__ - err_if(pledge("stdio", NULL) == -1); -#endif + if (errno) + return EXIT_FAILURE; + else + return EXIT_SUCCESS; +} - if (argc > 2) { - for (int i = 0; (i < 6) && (cmd == NULL); i++) { - if (strcmp(COMMAND, op[i].str) != 0) - continue; - if (argc >= op[i].args) { - cmd = op[i].cmd; - break; - } - err(errno = EINVAL, "Too few args on command '%s'", - op[i].str); - } - } else { +static void +set_cmd(int argc, char *argv[]) +{ + size_t i; + + /* + * No extra args: ./nvmutil gbe.bin + * Equivalent: ./nvmutil gbe.bin setmac xx:xx:xx:xx:xx:xx + */ + if (argc == 2) { cmd = cmd_setmac; + return; + } + + /* + * Three or more args. + * Example: ./nvmutil gbe.bin copy 0 + */ + for (i = 0; i < items(command); i++) { + if (strcmp(argv[2], command[i].str) != 0) + continue; + if (argc >= command[i].args) { + cmd = command[i].cmd; + break; + } + + err(EINVAL, "Too few args: command '%s'", command[i].str); } +} - if ((cmd == NULL) && (argc > 2)) { /* nvm gbe [MAC] */ - strMac = COMMAND; +static void +check_cmd_args(int argc, char *argv[]) +{ + if (cmd == NULL && argc > 2) { + /* + * Example: ./nvmutil gbe.bin xx:1f:16:xx:xx:xx + * Equivalent ./nvmutil gbe.bin setmac xx:1f:16:xx:xx:xx + */ + mac_str = argv[2]; cmd = cmd_setmac; - } else if (cmd == cmd_setmac) { /* nvm gbe setmac [MAC] */ - strMac = strRMac; /* random MAC */ + } else if (cmd == cmd_setmac) { + /* + * Example: ./nvmutil gbe.bin setmac xx:1f:16:xx:xx:xx + */ + mac_str = rmac; /* random MAC */ if (argc > 3) - strMac = MAC_ADDRESS; - } else if ((cmd != NULL) && (argc > 3)) { /* user-supplied partnum */ - err_if((errno = (!((part = PARTN[0] - '0') == 0 || part == 1)) - || PARTN[1] ? EINVAL : errno)); /* only allow '0' or '1' */ + mac_str = argv[3]; + } else if (cmd != NULL && argc > 3) { /* user-supplied partnum */ + /* + * Example: ./nvmutil gbe.bin copy 0 + */ + part = conv_argv_part_num(argv[3]); } - err_if((errno = (cmd == NULL) ? EINVAL : errno)); - readGbe(); - (*cmd)(); - writeGbe(); + if (cmd == NULL) + err(EINVAL, "Bad command"); +} + +static size_t +conv_argv_part_num(const char *part_str) +{ + unsigned char ch; + + /* + * Because char signedness is implementation-defined, + * we cast to unsigned char before arithmetic. + */ + + if (part_str[0] == '\0' || part_str[1] != '\0') + err(EINVAL, "Partnum string '%s' wrong length", part_str); - err_if((errno != 0) && (cmd != cmd_dump)); - return errno; + ch = (unsigned char)part_str[0]; + + if (ch < '0' || ch > '1') + err(EINVAL, "Bad part number (%c)", ch); + + return (size_t)(ch - '0'); } -void -checkdir(const char *path) +static void +set_io_flags(int argc, char *argv[]) { - if (opendir(path) != NULL) - err(errno = EISDIR, "%s", path); - if (errno == ENOTDIR) - errno = 0; - err_if(errno); + gbe_flags = O_RDWR; + + if (argc < 3) + return; + + if (strcmp(argv[2], "dump") == 0) + gbe_flags = O_RDONLY; +} + +#ifndef HAVE_ARC4RANDOM_BUF +static void +open_dev_urandom(void) +{ + struct stat st_urandom_fd; + + /* + * Try /dev/urandom first + */ + rname = newrandom; + if ((urandom_fd = open(rname, O_RDONLY)) != -1) + return; + + /* + * Fall back to /dev/random on old platforms + * where /dev/urandom does not exist. + * + * We must reset the error condition first, + * to prevent stale error status later. + */ + errno = 0; + + rname = oldrandom; + xopen(&urandom_fd, rname, O_RDONLY, &st_urandom_fd); } +#endif -void -openFiles(const char *path) +static void +open_gbe_file(void) { - struct stat st; + struct stat gbe_st; + + xopen(&gbe_fd, fname, gbe_flags, &gbe_st); - xopen(fd, path, flags); + gbe_file_size = gbe_st.st_size; - switch(st.st_size) { + switch (gbe_file_size) { case SIZE_8KB: case SIZE_16KB: case SIZE_128KB: - partsize = st.st_size >> 1; break; default: - err(errno = ECANCELED, "Invalid file size (not 8/16/128KiB)"); - break; + err(ECANCELED, "File size must be 8KB, 16KB or 128KB"); } - - xopen(rfd, "/dev/urandom", O_RDONLY); } -void -readGbe(void) +static void +xopen(int *fd_ptr, const char *path, int flags, struct stat *st) { - if ((cmd == cmd_swap) || (cmd == cmd_copy)) - nf = SIZE_4KB; - else - nf = NVM_SIZE; + if ((*fd_ptr = open(path, flags)) == -1) + err(ECANCELED, "%s", path); + if (fstat(*fd_ptr, st) == -1) + err(ECANCELED, "%s", path); +} - if ((cmd == cmd_copy) || (cmd == cmd_setchecksum) || (cmd == cmd_brick)) +static void +read_gbe_file(void) +{ + size_t p; + uint8_t do_read[2] = {1, 1}; + + /* + * The copy, brick and setchecksum commands need + * only read data from the user-specified part. + * + * We can skip reading the other part, thus: + */ + if (cmd == cmd_copy || + cmd == cmd_brick || + cmd == cmd_setchecksum) do_read[part ^ 1] = 0; - char *buf = malloc(nf << (do_read[0] & do_read[1])); - if (buf == NULL) - err(errno, NULL); - - gbe[0] = (size_t) buf; - gbe[1] = gbe[0] + (nf * (do_read[0] & do_read[1])); + /* + * SPEED HACK: + * + * On copy/swap commands, flip where data gets written to memory, + * so that cmd_copy and cmd_swap don't have to work on every word + * + * NOTE: + * + * write_gbe_file() will not use this, but copy/setchecksum commands + * will directly manipulate part_modified[], telling write_gbe_file() + * to also write in reverse, as in read_gbe_file(). + */ + if (cmd == cmd_copy || cmd == cmd_swap) + invert = 1; + + for (p = 0; p < 2; p++) { + if (do_read[p]) + read_gbe_file_part(p, invert); + } +} - ssize_t tnr = 0; +static void +read_gbe_file_part(size_t p, uint8_t invert) +{ + read_file_exact(gbe_fd, gbe_mem_offset(p ^ invert, "pread"), + GBE_PART_SIZE, gbe_file_offset(p, "pread"), fname, "pread"); +} - for (int p = 0; p < 2; p++) { - if (!do_read[p]) - continue; +static void +cmd_setmac(void) +{ + size_t partnum; + uint8_t mac_updated = 0; - ssize_t nr = pread(fd, (uint8_t *) gbe[p], nf, p * partsize); - err_if(nr == -1); - if (nr != nf) - err(errno == ECANCELED, - "%ld bytes read from '%s', expected %ld bytes\n", - nr, filename, nf); + parse_mac_string(); + printf("MAC address to be written: %s\n", mac_str); - tnr += nr; - swap(p); /* handle big-endian host CPU */ - } + for (partnum = 0; partnum < 2; partnum++) + mac_updated |= write_mac_part(partnum); - printf("%ld bytes read from file '%s'\n", tnr, filename); + if (mac_updated) + errno = 0; } -void -cmd_setmac(void) +static void +parse_mac_string(void) { - int mac_updated = 0; - parseMacString(strMac, mac); + size_t mac_byte; - printf("MAC address to be written: %s\n", strMac); + if (strlen(mac_str) != 17) + err(EINVAL, "MAC address is the wrong length"); - for (int partnum = 0; partnum < 2; partnum++) { - if (!goodChecksum(part = partnum)) - continue; + memset(mac_buf, 0, sizeof(mac_buf)); - for (int w = 0; w < 3; w++) - setWord(w, partnum, mac[w]); + for (mac_byte = 0; mac_byte < 6; mac_byte++) + set_mac_byte(mac_byte); - printf("Wrote MAC address to part %d: ", partnum); - macf(partnum); + if ((mac_buf[0] | mac_buf[1] | mac_buf[2]) == 0) + err(EINVAL, "Must not specify all-zeroes MAC address"); - cmd_setchecksum(); - mac_updated = 1; + if (mac_buf[0] & 1) + err(EINVAL, "Must not specify multicast MAC address"); +} + +static void +set_mac_byte(size_t mac_byte_pos) +{ + size_t mac_str_pos = mac_byte_pos * 3; + size_t mac_nib_pos; + char separator; + + if (mac_str_pos < 15) { + if ((separator = mac_str[mac_str_pos + 2]) != ':') + err(EINVAL, "Invalid MAC address separator '%c'", + separator); } - if (mac_updated) - errno = 0; + for (mac_nib_pos = 0; mac_nib_pos < 2; mac_nib_pos++) + set_mac_nib(mac_str_pos, mac_byte_pos, mac_nib_pos); +} + +static void +set_mac_nib(size_t mac_str_pos, + size_t mac_byte_pos, size_t mac_nib_pos) +{ + char mac_ch; + uint16_t hex_num; + + mac_ch = mac_str[mac_str_pos + mac_nib_pos]; + + if ((hex_num = hextonum(mac_ch)) > 15) + err(EINVAL, "Invalid character '%c'", + mac_str[mac_str_pos + mac_nib_pos]); + + /* If random, ensure that local/unicast bits are set */ + if ((mac_byte_pos == 0) && (mac_nib_pos == 1) && + ((mac_ch | 0x20) == 'x' || + (mac_ch == '?'))) + hex_num = (hex_num & 0xE) | 2; /* local, unicast */ + + /* + * Words other than the MAC address are stored little + * endian in the file, and we handle that when reading. + * However, MAC address words are stored big-endian + * in that file, so we write each 2-byte word logically + * in little-endian order, which on little-endian would + * be stored big-endian in memory, and vice versa. + * + * Later code using the MAC string will handle this. + */ + + mac_buf[mac_byte_pos >> 1] |= hex_num << + (((mac_byte_pos & 1) << 3) /* left or right byte? */ + | ((mac_nib_pos ^ 1) << 2)); /* left or right nib? */ } -void -parseMacString(const char *strMac, uint16_t *mac) +static uint16_t +hextonum(char ch_s) { - uint64_t total = 0; - if (strnlen(strMac, 20) != 17) - err(errno = EINVAL, "Invalid MAC address string length"); + /* + * We assume char is signed, hence ch_s. + * We explicitly cast to unsigned: + */ + unsigned char ch = (unsigned char)ch_s; - for (uint8_t h, i = 0; i < 16; i += 3) { - if (i != 15) - if (strMac[i + 2] != ':') - err(errno = EINVAL, - "Invalid MAC address separator '%c'", - strMac[i + 2]); + if ((unsigned)(ch - '0') <= 9) + return ch - '0'; - int byte = i / 3; + ch |= 0x20; - for (int nib = 0; nib < 2; nib++, total += h) { - if ((h = hextonum(strMac[i + nib])) > 15) - err(errno = EINVAL, "Invalid character '%c'", - strMac[i + nib]); + if ((unsigned)(ch - 'a') <= 5) + return ch - 'a' + 10; - if ((byte == 0) && (nib == 1)) - if (strMac[i + nib] == '?') /* ?=random */ - h = (h & 0xE) | 2; /* local, unicast */ + if (ch == '?' || ch == 'x') + return rhex(); /* random character */ - mac[byte >> 1] |= ((uint16_t ) h) - << ((8 * (byte % 2)) + (4 * (nib ^ 1))); - } + return 16; /* invalid character */ +} + +static uint16_t +rhex(void) +{ + static size_t n = 0; + static uint8_t rnum[12]; + + if (!n) { + n = sizeof(rnum); +#ifdef HAVE_ARC4RANDOM_BUF + arc4random_buf(rnum, n); +#else + read_file_exact(urandom_fd, rnum, n, 0, rname, NULL); +#endif } - if (total == 0) - err(errno = EINVAL, "Invalid MAC (all-zero MAC address)"); - if (mac[0] & 1) - err(errno = EINVAL, "Invalid MAC (multicast bit set)"); + return (uint16_t)(rnum[--n] & 0xf); } -uint8_t -hextonum(char ch) +static void +read_file_exact(int fd, void *buf, size_t len, + off_t off, const char *path, const char *op) { - if ((ch >= '0') && (ch <= '9')) - return ch - '0'; - else if ((ch >= 'A') && (ch <= 'F')) - return ch - 'A' + 10; - else if ((ch >= 'a') && (ch <= 'f')) - return ch - 'a' + 10; - return (ch == '?') ? rhex() : 16; + int retry; + ssize_t rval; + + for (retry = 0; retry < MAX_RETRY_READ; retry++) { + if (op) + rval = pread(fd, buf, len, off); + else + rval = read(fd, buf, len); + + if (rval == (ssize_t)len) { + errno = 0; + return; + } + + if (rval != -1) + err(ECANCELED, + "Short %s, %zd bytes, on file: %s", + op ? op : "read", rval, path); + + if (errno != EINTR) + err(ECANCELED, + "Could not %s file: '%s'", + op ? op : "read", path); + } + + err(EINTR, "%s: max retries exceeded on file: %s", + op ? op : "read", path); } -uint8_t -rhex(void) +static int +write_mac_part(size_t partnum) { - static uint8_t n = 0, rnum[16]; - if (!n) - err_if(pread(rfd, (uint8_t *) &rnum, (n = 15) + 1, 0) == -1); - return rnum[n--] & 0xf; + size_t w; + + if (!good_checksum(partnum)) + return 0; + + for (w = 0; w < 3; w++) + set_word(w, partnum, mac_buf[w]); + + printf("Wrote MAC address to part %zu: ", partnum); + print_mac_address(partnum); + + set_checksum(partnum); + + return 1; } -void +static void cmd_dump(void) { - for (int partnum = 0, numInvalid = 0; partnum < 2; partnum++) { - if ((cmd != cmd_dump) && (flags != O_RDONLY) && - (!nvmPartChanged[partnum])) - continue; + size_t partnum; + int num_invalid = 0; - if (!goodChecksum(partnum)) - ++numInvalid; + for (partnum = 0; partnum < 2; partnum++) { + if (!good_checksum(partnum)) + ++num_invalid; - printf("MAC (part %d): ", partnum); - macf(partnum); + printf("MAC (part %zu): ", partnum); + print_mac_address(partnum); hexdump(partnum); - - if ((numInvalid < 2) && (partnum)) - errno = 0; } + + if (num_invalid < 2) + errno = 0; } -void -macf(int partnum) +static void +print_mac_address(size_t partnum) { - for (int c = 0; c < 3; c++) { + size_t c; + + for (c = 0; c < 3; c++) { uint16_t val16 = word(c, partnum); printf("%02x:%02x", val16 & 0xff, val16 >> 8); if (c == 2) @@ -347,13 +666,17 @@ macf(int partnum) } } -void -hexdump(int partnum) +static void +hexdump(size_t partnum) { - for (int row = 0; row < 8; row++) { - printf("%08x ", row << 4); - for (int c = 0; c < 8; c++) { - uint16_t val16 = word((row << 3) + c, partnum); + size_t c; + size_t row; + uint16_t val16; + + for (row = 0; row < 8; row++) { + printf("%08zx ", row << 4); + for (c = 0; c < 8; c++) { + val16 = word((row << 3) + c, partnum); if (c == 4) printf(" "); printf(" %02x %02x", val16 & 0xff, val16 >> 8); @@ -362,105 +685,314 @@ hexdump(int partnum) } } -void +static void cmd_setchecksum(void) { + set_checksum(part); +} + +static void +set_checksum(size_t p) +{ + size_t c; uint16_t val16 = 0; - for (int c = 0; c < NVM_CHECKSUM_WORD; c++) - val16 += word(c, part); - setWord(NVM_CHECKSUM_WORD, part, NVM_CHECKSUM - val16); + check_part_num(p); + + for (c = 0; c < NVM_CHECKSUM_WORD; c++) + val16 += word(c, p); + + set_word(NVM_CHECKSUM_WORD, p, NVM_CHECKSUM - val16); } -void +static void cmd_brick(void) { - if (goodChecksum(part)) - setWord(NVM_CHECKSUM_WORD, part, - ((word(NVM_CHECKSUM_WORD, part)) ^ 0xFF)); + uint16_t checksum_word; + + if (!good_checksum(part)) { + err(ECANCELED, + "Part %zu checksum already invalid in file '%s'", + part, fname); + } + + /* + * We know checksum_word is valid, so we need only + * flip one bit to invalidate it. + */ + checksum_word = word(NVM_CHECKSUM_WORD, part); + set_word(NVM_CHECKSUM_WORD, part, checksum_word ^ 1); } -void +static void cmd_copy(void) { - nvmPartChanged[part ^ 1] = goodChecksum(part); + if (!good_checksum(part ^ 1)) + err(ECANCELED, "copy p%zu, file '%s'", part ^ 1, fname); + + /* + * SPEED HACK: + * + * read_gbe_file() already performed the copy, + * by virtue of inverted read. We need + * only set the other part as changed. + */ + set_part_modified(part ^ 1); } -void -cmd_swap(void) { - err_if(!(goodChecksum(0) || goodChecksum(1))); - errno = 0; +static void +cmd_swap(void) +{ + if (!(good_checksum(0) || good_checksum(1))) + err(ECANCELED, "swap parts, file '%s'", fname); - gbe[0] ^= gbe[1]; - gbe[1] ^= gbe[0]; - gbe[0] ^= gbe[1]; + /* + * good_checksum() can set errno, if one + * of the parts is bad. We will reset it. + */ + errno = 0; - nvmPartChanged[0] = nvmPartChanged[1] = 1; + /* + * SPEED HACK: + * + * read_gbe_file() already performed the swap, + * by virtue of inverted read. We need + * only set both parts as changed. + */ + set_part_modified(0); + set_part_modified(1); } -int -goodChecksum(int partnum) +static int +good_checksum(size_t partnum) { + size_t w; uint16_t total = 0; - for(int w = 0; w <= NVM_CHECKSUM_WORD; w++) + + for (w = 0; w <= NVM_CHECKSUM_WORD; w++) total += word(w, partnum); if (total == NVM_CHECKSUM) return 1; - fprintf(stderr, "WARNING: BAD checksum in part %d\n", partnum); - errno = ECANCELED; + fprintf(stderr, "WARNING: BAD checksum in part %zu\n", + partnum ^ invert); + + set_err(ECANCELED); return 0; } -void -writeGbe(void) +/* + * GbE NVM files store 16-bit (2-byte) little-endian words. + * We must therefore swap the order when reading or writing. + */ + +static uint16_t +word(size_t pos16, size_t p) { - ssize_t tnw = 0; + size_t pos; - for (int p = 0; p < 2; p++) { - if ((!nvmPartChanged[p]) || (flags == O_RDONLY)) - continue; + check_nvm_bound(pos16, p); + pos = (pos16 << 1) + (p * GBE_PART_SIZE); - swap(p); /* swap bytes on big-endian host CPUs */ - ssize_t nw = pwrite(fd, (uint8_t *) gbe[p], nf, p * partsize); - err_if(nw == -1); - if (nw != nf) - err(errno == ECANCELED, - "%ld bytes written to '%s', expected %ld bytes\n", - nw, filename, nf); + return buf[pos] | (buf[pos + 1] << 8); +} - tnw += nf; - } +static void +set_word(size_t pos16, size_t p, uint16_t val16) +{ + size_t pos; - if ((flags != O_RDONLY) && (cmd != cmd_dump)) { - if (nvmPartChanged[0] || nvmPartChanged[1]) - printf("The following nvm words were written:\n"); - cmd_dump(); - } + check_nvm_bound(pos16, p); + pos = (pos16 << 1) + (p * GBE_PART_SIZE); - if ((!tnw) && (flags != O_RDONLY) && (!errno)) - fprintf(stderr, "No changes needed on file '%s'\n", filename); - else if (tnw) - printf("%ld bytes written to file '%s'\n", tnw, filename); + buf[pos] = (uint8_t)(val16 & 0xff); + buf[pos + 1] = (uint8_t)(val16 >> 8); - if (tnw) - errno = 0; + set_part_modified(p); +} - err_if(close(fd) == -1); +static void +check_nvm_bound(size_t c, size_t p) +{ + /* + * NVM_SIZE assumed as the limit, because the + * current design assumes that we will only + * ever modified the NVM area. + * + * The only exception is copy/swap, but these + * do not use word/set_word and therefore do + * not cause check_nvm_bound() to be called. + * + * TODO: + * This should be adjusted in the future, if + * we ever wish to work on the extented area. + */ + + check_part_num(p); + + if (c >= NVM_WORDS) + err(EINVAL, "check_nvm_bound: out of bounds %zu", c); } -void -swap(int partnum) +static void +write_gbe_file(void) { - size_t w, x; - uint8_t *n = (uint8_t *) gbe[partnum]; - int e = 1; + size_t p; + + if (gbe_flags == O_RDONLY) + return; - for (w = NVM_SIZE * ((uint8_t *) &e)[0], x = 1; w < NVM_SIZE; - w += 2, x += 2) { - n[w] ^= n[x]; - n[x] ^= n[w]; - n[w] ^= n[x]; + for (p = 0; p < 2; p++) { + if (part_modified[p]) + write_gbe_file_part(p); } } + +static void +write_gbe_file_part(size_t p) +{ + ssize_t rval = pwrite(gbe_fd, gbe_mem_offset(p, "pwrite"), + GBE_PART_SIZE, gbe_file_offset(p, "pwrite")); + + if (rval == -1) + err(ECANCELED, "Can't write %zu b to '%s' p%zu", + GBE_PART_SIZE, fname, p); + + if (rval != GBE_PART_SIZE) + err(ECANCELED, "CORRUPTED WRITE (%zd b) to file '%s' p%zu", + rval, fname, p); +} + +/* + * Reads to GbE from write_gbe_file_part and read_gbe_file_part + * are filtered through here. These operations must + * only write from the 0th position or the half position + * within the GbE file, and write 4KB of data. + * + * This check is called, to ensure just that. + */ +static off_t +gbe_file_offset(size_t p, const char *f_op) +{ + return gbe_x_offset(p, f_op, "file", + gbe_file_size >> 1, gbe_file_size); +} + +/* + * This one is similar to gbe_file_offset, + * but used to check Gbe bounds in memory, + * and it is *also* used during file I/O. + */ +static void * +gbe_mem_offset(size_t p, const char *f_op) +{ + off_t gbe_off = gbe_x_offset(p, f_op, "mem", + GBE_PART_SIZE, GBE_FILE_SIZE); + + return (void *)(buf + gbe_off); +} + +static off_t +gbe_x_offset(size_t p, const char *f_op, const char *d_type, + off_t nsize, off_t ncmp) +{ + off_t off; + + check_part_num(p); + + off = (off_t)p * nsize; + + if (off + GBE_PART_SIZE > ncmp) + err(ECANCELED, "GbE %s %s out of bounds: %s", + d_type, f_op, fname); + + if (off != 0 && off != ncmp >> 1) + err(ECANCELED, "GbE %s %s at bad offset: %s", + d_type, f_op, fname); + + return off; +} + +static void +set_part_modified(size_t p) +{ + check_part_num(p); + part_modified[p] = 1; +} + +static void +check_part_num(size_t p) +{ + if (p > 1) + err(EINVAL, "Bad part number (%zu)", p); +} + +static void +usage(void) +{ + const char *util = getnvmprogname(); + +#ifdef __OpenBSD__ + if (pledge("stdio", NULL) == -1) + err(ECANCELED, "pledge"); +#endif + fprintf(stderr, + "Modify Intel GbE NVM images e.g. set MAC\n" + "USAGE:\n" + "\t%s FILE dump\n" + "\t%s FILE # same as setmac without [MAC]\n" + "\t%s FILE setmac [MAC]\n" + "\t%s FILE swap\n" + "\t%s FILE copy 0|1\n" + "\t%s FILE brick 0|1\n" + "\t%s FILE setchecksum 0|1\n", + util, util, util, util, util, util, util); + + err(ECANCELED, "Too few arguments"); +} + +static void +err(int nvm_errval, const char *msg, ...) +{ + va_list args; + + fprintf(stderr, "%s: ", getnvmprogname()); + + va_start(args, msg); + vfprintf(stderr, msg, args); + va_end(args); + + set_err(nvm_errval); + fprintf(stderr, ": %s", strerror(errno)); + + fprintf(stderr, "\n"); + exit(EXIT_FAILURE); +} + +static const char * +getnvmprogname(void) +{ + const char *p; + + if (argv0 == NULL || *argv0 == '\0') + return ""; + + p = strrchr(argv0, '/'); + + if (p) + return p + 1; + else + return argv0; +} + +static void +set_err(int x) +{ + if (errno) + return; + if (x) + errno = x; + else + errno = ECANCELED; +} |