diff options
Diffstat (limited to 'util/nvmutil')
| -rw-r--r-- | util/nvmutil/Makefile | 7 | ||||
| -rw-r--r-- | util/nvmutil/nvmutil.c | 1547 |
2 files changed, 998 insertions, 556 deletions
diff --git a/util/nvmutil/Makefile b/util/nvmutil/Makefile index e58c654b..025e87e1 100644 --- a/util/nvmutil/Makefile +++ b/util/nvmutil/Makefile @@ -7,18 +7,21 @@ CSTD?=-std=c90 WERROR?=-Werror CWARN?=-Wall -Wextra -pedantic COPT?=-Os -CFLAGS?=-I. $(COPT) $(CWARN) $(CSTD) +CFLAGS?=$(CWARN) $(CSTD) LDFLAGS?= DESTDIR?= PREFIX?=/usr/local INSTALL?=install +LDIR?=-I. + +OPTS=$(LDIR) $(COPT) $(WERROR) $(CFLAGS) $(LDFLAGS) PROG=nvmutil all: $(PROG) $(PROG): nvmutil.c - $(CC) $(CFLAGS) $(LDFLAGS) nvmutil.c -o $(PROG) + $(CC) $(OPTS) nvmutil.c -o $(PROG) install: $(PROG) $(INSTALL) -d $(DESTDIR)$(PREFIX)/bin diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c index fbddcd3e..64ab6158 100644 --- a/util/nvmutil/nvmutil.c +++ b/util/nvmutil/nvmutil.c @@ -26,11 +26,7 @@ * default these days. */ #ifndef PATH_LEN -#ifdef PATH_MAX -#define PATH_LEN (PATH_MAX) -#else -#define PATH_LEN 4096 -#endif +#define PATH_LEN 1024 #endif #define OFF_ERR 0 @@ -132,7 +128,7 @@ * files at once (noting limitations with cat) * BONUS: implement own getopt(), for portability * - * TODO: document fuzzing / static analysis methods + * TODO: document fuzzing / analysis methods * for the code, and: * TODO: implement rigorous unit tests (separate util) * NOTE: this would *include* known good test files @@ -142,7 +138,7 @@ * codebase would allow me to write a separate C * program to test some finer intricacies * TODO: the unit tests would basically test regressions - * TODO: after writing back a gbe to file, close() and + * TODO: after writing back a gbe to file, x_i_close() and * open() it again, read it again, and check that * the contents were written correctly, providing * a warning if they were. do this in the main @@ -155,7 +151,7 @@ * featureset of nvmutil. * TODO: write a manpage * TODO: simplify the command sanitization, implement more - * of it as build time checks, e.g. static asserts. + * of it as build time checks, e.g. asserts. * generally remove cleverness from the code, instead * prefyerring readibility * TODO: also document nvmutil's coding style, which is @@ -198,7 +194,7 @@ further note when fuzzing is implemented: use deterministic randomisation, with a guaranteed seed - so e.g. don't use /dev/urandom in test builds. e.g. just use normal rand() -but with a static seed e.g. 1234 +but with a seed e.g. 1234 */ /* TODO: stricter build flags, e.g. @@ -221,7 +217,6 @@ also consider: #include <sys/param.h> #endif #include <sys/types.h> -#include <sys/time.h> #include <sys/stat.h> #include <errno.h> @@ -235,32 +230,24 @@ also consider: #include <time.h> #include <unistd.h> -typedef unsigned char u8; -typedef unsigned short ushort; -typedef unsigned int uint; -typedef unsigned long ulong; - /* type asserts */ typedef char static_assert_char_is_8_bits[(CHAR_BIT == 8) ? 1 : -1]; typedef char static_assert_char_is_1[(sizeof(char) == 1) ? 1 : -1]; -typedef char static_assert_u8_is_1[ - (sizeof(u8) == 1) ? 1 : -1]; -typedef char static_assert_ushort_is_2[ - (sizeof(ushort) >= 2) ? 1 : -1]; +typedef char static_assert_unsigned_char_is_1[ + (sizeof(unsigned char) == 1) ? 1 : -1]; +typedef char static_assert_unsigned_short_is_2[ + (sizeof(unsigned short) >= 2) ? 1 : -1]; typedef char static_assert_short_is_2[(sizeof(short) >= 2) ? 1 : -1]; -typedef char static_assert_uint_is_4[ - (sizeof(uint) >= 4) ? 1 : -1]; -typedef char static_assert_ulong_is_4[ - (sizeof(ulong) >= 4) ? 1 : -1]; +typedef char static_assert_unsigned_int_is_4[ + (sizeof(unsigned int) >= 4) ? 1 : -1]; +typedef char static_assert_unsigned_long_is_4[ + (sizeof(unsigned long) >= 4) ? 1 : -1]; typedef char static_assert_int_ge_32[(sizeof(int) >= 4) ? 1 : -1]; typedef char static_assert_twos_complement[ ((-1 & 3) == 3) ? 1 : -1 ]; -typedef char assert_ulong_ptr[ - (sizeof(ulong) >= sizeof(void *)) ? 1 : -1 -]; -typedef char assert_size_t_ptr[ - (sizeof(size_t) >= sizeof(void *)) ? 1 : -1 +typedef char assert_unsigned_long_ptr[ + (sizeof(unsigned long) >= sizeof(void *)) ? 1 : -1 ]; /* @@ -305,6 +292,18 @@ typedef char static_assert_off_t_is_32[(sizeof(off_t) >= 4) ? 1 : -1]; #define O_BINARY 0 #endif +#ifndef O_EXCL +#define O_EXCL 0 +#endif + +#ifndef O_CREAT +#define O_CREAT 0 +#endif + +#ifndef O_NONBLOCK +#define O_NONBLOCK 0 +#endif + #ifndef O_CLOEXEC #define O_CLOEXEC 0 #endif @@ -320,23 +319,23 @@ typedef char static_assert_off_t_is_32[(sizeof(off_t) >= 4) ? 1 : -1]; /* * Sanitize command tables. */ -static void sanitize_command_list(void); -static void sanitize_command_index(size_t c); +void sanitize_command_list(void); +void sanitize_command_index(unsigned long c); /* * Argument handling (user input) */ -static void set_cmd(int argc, char *argv[]); -static void set_cmd_args(int argc, char *argv[]); -static size_t conv_argv_part_num(const char *part_str); -static int xstrxcmp(const char *a, const char *b, size_t maxlen); +void set_cmd(int argc, char *argv[]); +void set_cmd_args(int argc, char *argv[]); +unsigned long conv_argv_part_num(const char *part_str); +int xstrxcmp(const char *a, const char *b, unsigned long maxlen); /* * Prep files for reading */ -static void open_gbe_file(void); -static int lock_file(int fd); -static void xopen(int *fd, const char *path, int flags, struct stat *st); +void open_gbe_file(void); +int lock_file(int fd); +void xopen(int *fd, const char *path, int flags, struct stat *st); /* * Read GbE file and verify @@ -344,56 +343,64 @@ static void xopen(int *fd, const char *path, int flags, struct stat *st); * * After this, we can run commands. */ -static void copy_gbe(void); -static void read_checksums(void); -static int good_checksum(size_t partnum); +void copy_gbe(void); +void read_checksums(void); +int good_checksum(unsigned long partnum); /* * Execute user command on GbE data. * These are stubs that call helpers. */ -static void run_cmd(size_t c); -static void check_command_num(size_t c); -static u8 valid_command(size_t c); +void run_cmd(void); +void check_command_num(unsigned long c); +unsigned char valid_command(unsigned long c); + +/* + * portable timeval + */ +struct x_st_timeval { + long tv_sec; + long tv_usec; +}; /* * Helper functions for command: setmac */ -static void cmd_helper_setmac(void); -static void parse_mac_string(void); -static size_t xstrxlen(const char *scmp, size_t maxlen); -static void set_mac_byte(size_t mac_byte_pos); -static void set_mac_nib(size_t mac_str_pos, - size_t mac_byte_pos, size_t mac_nib_pos); -static ushort hextonum(char ch_s); -static ushort rhex(void); -static ushort read_urandom(void); -static ulong entropy_jitter(void); -static void write_mac_part(size_t partnum); +void cmd_helper_setmac(void); +void parse_mac_string(void); +unsigned long xstrxlen(const char *scmp, unsigned long maxlen); +void set_mac_byte(unsigned long mac_byte_pos); +void set_mac_nib(unsigned long mac_str_pos, + unsigned long mac_byte_pos, unsigned long mac_nib_pos); +unsigned short hextonum(char ch_s); +unsigned long rlong(void); +unsigned long entropy_jitter(void); +int x_i_gettimeofday(struct x_st_timeval *tv, void *tz); +void write_mac_part(unsigned long partnum); /* * Helper functions for command: dump */ -static void cmd_helper_dump(void); -static void print_mac_from_nvm(size_t partnum); -static void hexdump(size_t partnum); +void cmd_helper_dump(void); +void print_mac_from_nvm(unsigned long partnum); +void hexdump(unsigned long partnum); /* * Helper functions for command: swap */ -static void cmd_helper_swap(void); +void cmd_helper_swap(void); /* * Helper functions for command: copy */ -static void cmd_helper_copy(void); +void cmd_helper_copy(void); /* * Helper functions for commands: * cat, cat16 and cat128 */ -static void cmd_helper_cat(void); -static void cat_buf(u8 *b); +void cmd_helper_cat(void); +void cat_buf(unsigned char *b); /* * After command processing, write @@ -402,66 +409,88 @@ static void cat_buf(u8 *b); * These are stub functions: check * below for the actual functions. */ -static void write_gbe_file(void); -static void set_checksum(size_t part); -static ushort calculated_checksum(size_t p); +void write_gbe_file(void); +void set_checksum(unsigned long part); +unsigned short calculated_checksum(unsigned long p); /* * Helper functions for accessing * the NVM area during operation. */ -static ushort nvm_word(size_t pos16, size_t part); -static void set_nvm_word(size_t pos16, size_t part, ushort val16); -static void set_part_modified(size_t p); -static void check_nvm_bound(size_t pos16, size_t part); -static void check_bin(size_t a, const char *a_name); +unsigned short nvm_word(unsigned long pos16, unsigned long part); +void set_nvm_word(unsigned long pos16, + unsigned long part, unsigned short val16); +void set_part_modified(unsigned long p); +void check_nvm_bound(unsigned long pos16, unsigned long part); +void check_bin(unsigned long a, const char *a_name); /* * Helper functions for stub functions * that handle GbE file reads/writes. */ -static void rw_gbe_file_part(size_t p, int rw_type, +void rw_gbe_file_part(unsigned long p, int rw_type, const char *rw_type_str); -static void write_to_gbe_bin(void); -static int gbe_mv(void); -static void check_written_part(size_t p); -static void report_io_err_rw(void); -static int fsync_dir(const char *path); -static u8 *gbe_mem_offset(size_t part, const char *f_op); -static off_t gbe_file_offset(size_t part, const char *f_op); -static off_t gbe_x_offset(size_t part, const char *f_op, +void write_to_gbe_bin(void); +int gbe_mv(void); +void check_written_part(unsigned long p); +void report_io_err_rw(void); +int fsync_dir(const char *path); +unsigned char *gbe_mem_offset(unsigned long part, const char *f_op); +off_t gbe_file_offset(unsigned long part, const char *f_op); +off_t gbe_x_offset(unsigned long part, const char *f_op, const char *d_type, off_t nsize, off_t ncmp); -static ssize_t rw_gbe_file_exact(int fd, u8 *mem, size_t nrw, +long rw_gbe_file_exact(int fd, unsigned char *mem, unsigned long nrw, off_t off, int rw_type); -static ssize_t rw_file_exact(int fd, u8 *mem, size_t len, +long rw_file_exact(int fd, unsigned char *mem, unsigned long len, off_t off, int rw_type, int loop_eagain, int loop_eintr, - size_t max_retries, int off_reset); -static ssize_t prw(int fd, void *mem, size_t nrw, + unsigned long max_retries, int off_reset); +long prw(int fd, void *mem, unsigned long nrw, off_t off, int rw_type, int loop_eagain, int loop_eintr, int off_reset); -static int io_args(int fd, void *mem, size_t nrw, +int io_args(int fd, void *mem, unsigned long nrw, off_t off, int rw_type); -static int check_file(int fd, struct stat *st); -static ssize_t rw_over_nrw(ssize_t r, size_t nrw); +int check_file(int fd, struct stat *st); +long rw_over_nrw(long r, unsigned long nrw); #if !defined(HAVE_REAL_PREAD_PWRITE) || \ HAVE_REAL_PREAD_PWRITE < 1 -static off_t lseek_loop(int fd, off_t off, +off_t lseek_loop(int fd, off_t off, int whence, int loop_eagain, int loop_eintr); #endif -static int try_err(int loop_err, int errval); +int try_err(int loop_err, int errval); /* * Error handling and cleanup */ -static void usage(void); -static void err(int nvm_errval, const char *msg, ...); -static int exit_cleanup(void); -static const char *getnvmprogname(void); +void usage(void); +void err(int nvm_errval, const char *msg, ...); +int exit_cleanup(void); +const char *getnvmprogname(void); /* * a special kind of hell */ -static char *new_tmpfile(int *fd, int local, const char *path); +char *new_tmpfile(int *fd, int local, const char *path); +int x_i_mkstemp(char *template); +char *x_c_strrchr(const char *s, int c); +/* x_i_rename not suitable + * for atomic writes. kept + * commentted for use in a + * library in the future */ +/* +int x_i_rename(const char *src, const char *dst); +*/ +char *x_c_tmpdir(void); +int x_i_close(int fd); +void *x_v_memcpy(void *dst, + const void *src, unsigned long n); +int x_i_memcmp(const void *a, + const void *b, unsigned long n); +int x_i_fchmod(int fd, mode_t mode); +int x_try_fdpath(const char *prefix, + int fd, mode_t mode); +unsigned long x_conv_fd(char *buf, + unsigned long n); +int x_i_fsync(int fd); /* * Sizes in bytes: @@ -508,27 +537,27 @@ static char *new_tmpfile(int *fd, int local, const char *path); * * The code will handle this properly. */ -static u8 real_buf[GBE_BUF_SIZE]; -static u8 bufcmp[GBE_BUF_SIZE]; /* compare gbe/tmp/reads */ -static u8 pad[GBE_WORK_SIZE]; /* the file that wouldn't die */ -static u8 *buf = real_buf; - -static ushort mac_buf[3]; -static off_t gbe_file_size; -static off_t gbe_tmp_size; - -static int gbe_fd = -1; -static size_t part; -static u8 part_modified[2]; -static u8 part_valid[2]; - -static const char rmac[] = "xx:xx:xx:xx:xx:xx"; -static const char *mac_str = rmac; -static const char *fname = NULL; -static const char *argv0; - -#ifndef SSIZE_MAX -#define SSIZE_MAX ((ssize_t)(~((size_t)1 << (sizeof(ssize_t)*CHAR_BIT-1)))) +unsigned char real_buf[GBE_BUF_SIZE]; +unsigned char bufcmp[GBE_BUF_SIZE]; /* compare gbe/tmp/reads */ +unsigned char pad[GBE_WORK_SIZE]; /* the file that wouldn't die */ +unsigned char *buf = real_buf; + +unsigned short mac_buf[3]; +off_t gbe_file_size; +off_t gbe_tmp_size; + +int gbe_fd = -1; +unsigned long part; +unsigned char part_modified[2]; +unsigned char part_valid[2]; + +const char rmac[] = "xx:xx:xx:xx:xx:xx"; +const char *mac_str = rmac; +const char *fname = NULL; +const char *argv0; + +#ifndef X_LONG_MAX +#define X_LONG_MAX ((long)(~((long)1 << (sizeof(long)*CHAR_BIT-1)))) #endif /* @@ -576,66 +605,6 @@ enum { CHECKSUM_WRITE }; -struct commands { - size_t chk; - const char *str; - void (*run)(void); - int argc; - u8 arg_part; - u8 chksum_read; - u8 chksum_write; - size_t rw_size; /* within the 4KB GbE part */ - int flags; /* e.g. O_RDWR or O_RDONLY */ -}; - -/* - * Command table, for nvmutil commands - */ -static const struct commands command[] = { - { CMD_DUMP, "dump", cmd_helper_dump, ARGC_3, - ARG_NOPART, - SKIP_CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - NVM_SIZE, O_RDONLY }, - - { CMD_SETMAC, "setmac", cmd_helper_setmac, ARGC_3, - ARG_NOPART, - CHECKSUM_READ, CHECKSUM_WRITE, - NVM_SIZE, O_RDWR }, - - { CMD_SWAP, "swap", cmd_helper_swap, ARGC_3, - ARG_NOPART, - CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - GBE_PART_SIZE, O_RDWR }, - - { CMD_COPY, "copy", cmd_helper_copy, ARGC_4, - ARG_PART, - CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - GBE_PART_SIZE, O_RDWR }, - - { CMD_CAT, "cat", cmd_helper_cat, ARGC_3, - ARG_NOPART, - CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - GBE_PART_SIZE, O_RDONLY }, - - { CMD_CAT16, "cat16", cmd_helper_cat, ARGC_3, - ARG_NOPART, - CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - GBE_PART_SIZE, O_RDONLY }, - - { CMD_CAT128, "cat128", cmd_helper_cat, ARGC_3, - ARG_NOPART, - CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - GBE_PART_SIZE, O_RDONLY }, -}; - -#define MAX_CMD_LEN 50 -#define N_COMMANDS items(command) -#define CMD_NULL N_COMMANDS - -/* - * Index in command[], will be set later - */ -static size_t cmd_index = CMD_NULL; /* * asserts (variables/defines sanity check) @@ -669,42 +638,176 @@ typedef char bool_no_loop_eagain[(NO_LOOP_EAGAIN==0)?1:-1]; typedef char bool_off_err[(OFF_ERR==0)?1:-1]; typedef char bool_off_reset[(OFF_RESET==0||OFF_RESET==1)?1:-1]; -static int io_err_gbe = 0; /* intermediary write (verification) */ -static int io_err_gbe_bin = 0; /* final write (real file) */ -static int rw_check_err_read[] = {0, 0}; -static int rw_check_partial_read[] = {0, 0}; -static int rw_check_bad_part[] = {0, 0}; +int io_err_gbe = 0; /* intermediary write (verification) */ +int io_err_gbe_bin = 0; /* final write (real file) */ +int rw_check_err_read[] = {0, 0}; +int rw_check_partial_read[] = {0, 0}; +int rw_check_bad_part[] = {0, 0}; -static int post_rw_checksum[] = {0, 0}; +int post_rw_checksum[] = {0, 0}; -static dev_t gbe_dev; -static ino_t gbe_ino; +dev_t gbe_dev; +ino_t gbe_ino; -static dev_t tmp_dev; -static ino_t tmp_ino; +dev_t tmp_dev; +ino_t tmp_ino; + +int tmp_fd = -1; +char *tname = NULL; /* - * No need to declare feature - * macros. I jus declare the - * prototypes. Should be safe - * on most Unices and compilers + * Used for checking whether. + * a file is a file via stat(). + * + * Portable macro for compatibility + * with older unix e.g. v7 unix (has S_IFREG), + * 4.2bsd (has S_IFMT) or POSIX (has S_ISREG) + * + * Fallback works where S_IFREG == 0100000 + * (classic unix bitmask) */ -int mkstemp(char *template); -int fchmod(int fd, mode_t mode); -static int tmp_fd = -1; -static char *tname = NULL; +#ifndef S_ISREG +#if defined(S_IFMT) && defined(S_IFREG) +#define S_ISREG(m) (((m) & S_IFMT) == S_IFREG) +#elif defined(S_IFREG) +#define S_ISREG(m) (((m) & S_IFREG) != 0) +#else +#error "can't determine types with stat()" +#endif +#endif + +struct commands { + unsigned long chk; + const char *str; + void (*run)(void); + int argc; + unsigned char arg_part; + unsigned char chksum_read; + unsigned char chksum_write; + unsigned long rw_size; /* within the 4KB GbE part */ + int flags; /* e.g. O_RDWR or O_RDONLY */ +}; + +#define MAX_CMD_LEN 50 + +/* + * BE CAREFUL when editing this + * to ensure that you also update + * the tables in new_xstate() + */ +struct xstate { + struct commands cmd[7]; + unsigned long i; /* index to cmd[] for current command */ + int no_cmd; + + /* store size of a struct here. + (can be used to copy old state) */ + unsigned long xsize; +}; + +/* + * Program state/command table + * Default config stored here, + * and copied to a newly allocated + * buffer in memory, then the pointer + * is passed. The rest of the program + * will manipulate this data. + */ +struct xstate * +new_xstate(void) +{ + static struct xstate us = { + /* .cmd (update cmd[] in the struct if adding to it) */ + { + { + CMD_DUMP, "dump", cmd_helper_dump, ARGC_3, + ARG_NOPART, + SKIP_CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + NVM_SIZE, O_RDONLY + }, { + CMD_SETMAC, "setmac", cmd_helper_setmac, ARGC_3, + ARG_NOPART, + CHECKSUM_READ, CHECKSUM_WRITE, + NVM_SIZE, O_RDWR + }, { + CMD_SWAP, "swap", cmd_helper_swap, ARGC_3, + ARG_NOPART, + CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + GBE_PART_SIZE, O_RDWR + }, { + CMD_COPY, "copy", cmd_helper_copy, ARGC_4, + ARG_PART, + CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + GBE_PART_SIZE, O_RDWR + }, { + CMD_CAT, "cat", cmd_helper_cat, ARGC_3, + ARG_NOPART, + CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + GBE_PART_SIZE, O_RDONLY + }, { + CMD_CAT16, "cat16", cmd_helper_cat, ARGC_3, + ARG_NOPART, + CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + GBE_PART_SIZE, O_RDONLY + }, { + CMD_CAT128, "cat128", cmd_helper_cat, ARGC_3, + ARG_NOPART, + CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + GBE_PART_SIZE, O_RDONLY + } + }, + /* .cmd_index */ + 0, + /* .no_cmd (set 0 when a command is found) */ + 1, + /* .xsize (size of the stuct will be stored here later) */ + 0 + }; + + struct xstate *xs_new; + + us.xsize = sizeof(us); + + if ((xs_new = malloc(us.xsize)) == NULL) + err(ECANCELED, "Could not initialise new state"); + + memcpy(xs_new, &us, us.xsize); + + return xs_new; +} + +struct xstate *nv = NULL; int main(int argc, char *argv[]) { + struct commands *cmd; + + nv = new_xstate(); + if (nv == NULL) + err(errno, NULL); + argv0 = argv[0]; if (argc < 3) usage(); + if (CHAR_BIT != 8) + err(EINVAL, "Unsupported char size"); + fname = argv[1]; +#ifdef NVMUTIL_UNVEIL + /* + * if global tmp is a different filesystem, + * unveil would trap on final file rename + * and we can't know the path in advance + */ + tname = new_tmpfile(&tmp_fd, 1, NULL); +#else tname = new_tmpfile(&tmp_fd, 0, NULL); +#endif + if (tname == NULL) err(errno, "Can't create tmpfile"); @@ -714,6 +817,8 @@ main(int argc, char *argv[]) err(errno, "pledge, unveil"); if (unveil("/dev/urandom", "r") == -1) err(errno, "unveil: /dev/urandom"); + if (unveil("/dev/random", "r") == -1) + err(errno, "unveil: /dev/random"); #else if (pledge("stdio flock rpath wpath cpath", NULL) == -1) err(errno, "pledge"); @@ -725,6 +830,8 @@ main(int argc, char *argv[]) set_cmd(argc, argv); set_cmd_args(argc, argv); + cmd = &nv->cmd[nv->i]; + #ifdef NVMUTIL_UNVEIL if (command[cmd_index].flags == O_RDONLY) { if (unveil(fname, "r") == -1) @@ -744,7 +851,7 @@ main(int argc, char *argv[]) err(errno, "pledge (kill unveil)"); #endif - srand((uint)(time(NULL) ^ getpid())); + srand((unsigned int)(time(NULL) ^ getpid())); open_gbe_file(); @@ -755,9 +862,9 @@ main(int argc, char *argv[]) read_checksums(); - run_cmd(cmd_index); + run_cmd(); - if (command[cmd_index].flags == O_RDWR) + if (cmd->flags == O_RDWR) write_to_gbe_bin(); if (exit_cleanup() == -1) @@ -775,51 +882,55 @@ main(int argc, char *argv[]) /* * Guard against regressions by maintainers (command table) */ -static void +void sanitize_command_list(void) { - size_t c; + unsigned long c; + unsigned long num_commands = items(nv->cmd); - for (c = 0; c < N_COMMANDS; c++) + for (c = 0; c < num_commands; c++) sanitize_command_index(c); } /* * TODO: specific config checks per command */ -static void -sanitize_command_index(size_t c) +void +sanitize_command_index(unsigned long c) { - size_t gbe_rw_size; + unsigned long gbe_rw_size; + + struct commands *cmd = &nv->cmd[c]; check_command_num(c); - if (command[c].argc < 3) + if (cmd->argc < 3) err(EINVAL, "cmd index %lu: argc below 3, %d", - (ulong)c, command[c].argc); + (unsigned long)c, cmd->argc); - if (command[c].str == NULL) + if (cmd->str == NULL) err(EINVAL, "cmd index %lu: NULL str", - (ulong)c); - if (*command[c].str == '\0') + (unsigned long)c); + + if (*cmd->str == '\0') err(EINVAL, "cmd index %lu: empty str", - (ulong)c); + (unsigned long)c); - if (xstrxlen(command[c].str, MAX_CMD_LEN + 1) > + if (xstrxlen(cmd->str, MAX_CMD_LEN + 1) > MAX_CMD_LEN) { err(EINVAL, "cmd index %lu: str too long: %s", - (ulong)c, command[c].str); + (unsigned long)c, cmd->str); } - if (command[c].run == NULL) + if (cmd->run == NULL) err(EINVAL, "cmd index %lu: cmd ptr null", - (ulong)c); + (unsigned long)c); - check_bin(command[c].arg_part, "cmd.arg_part"); - check_bin(command[c].chksum_read, "cmd.chksum_read"); - check_bin(command[c].chksum_write, "cmd.chksum_write"); + check_bin(cmd->arg_part, "cmd.arg_part"); + check_bin(cmd->chksum_read, "cmd.chksum_read"); + check_bin(cmd->chksum_write, "cmd.chksum_write"); - gbe_rw_size = command[c].rw_size; + gbe_rw_size = cmd->rw_size; switch (gbe_rw_size) { case GBE_PART_SIZE: @@ -827,85 +938,108 @@ sanitize_command_index(size_t c) break; default: err(EINVAL, "Unsupported rw_size: %lu", - (ulong)gbe_rw_size); + (unsigned long)gbe_rw_size); } if (gbe_rw_size > GBE_PART_SIZE) err(EINVAL, "rw_size larger than GbE part: %lu", - (ulong)gbe_rw_size); + (unsigned long)gbe_rw_size); - if (command[c].flags != O_RDONLY && - command[c].flags != O_RDWR) + if (cmd->flags != O_RDONLY && + cmd->flags != O_RDWR) err(EINVAL, "invalid cmd.flags setting"); } -static void +void set_cmd(int argc, char *argv[]) { - const char *cmd_str; + const char *cmd; + + unsigned long i = 0; + + for (i = 0; i < items(nv->cmd); i++) { - for (cmd_index = 0; valid_command(cmd_index); cmd_index++) { - cmd_str = command[cmd_index].str; + cmd = nv->cmd[i].str; - if (xstrxcmp(argv[2], cmd_str, MAX_CMD_LEN) != 0) + /* not the right command */ + if (xstrxcmp(argv[2], cmd, MAX_CMD_LEN) != 0) continue; - else if (argc >= command[cmd_index].argc) + + /* valid command found */ + if (argc >= nv->cmd[i].argc) { + nv->no_cmd = 0; + nv->i = i; /* set command */ + return; + } - err(EINVAL, "Too few args on command '%s'", cmd_str); + err(EINVAL, + "Too few args on command '%s'", cmd); } - cmd_index = CMD_NULL; + nv->no_cmd = 1; } -static void +void set_cmd_args(int argc, char *argv[]) { - u8 arg_part; + unsigned char arg_part; + unsigned long index; - if (!valid_command(cmd_index) || argc < 3) + struct commands *cmd; + + if (!valid_command(nv->i) || argc < 3) usage(); - arg_part = command[cmd_index].arg_part; + index = nv->i; + + cmd = &nv->cmd[index]; + + arg_part = cmd->arg_part; /* Maintainer bugs */ if (arg_part && argc < 4) err(EINVAL, "arg_part set for command that needs argc4"); - if (arg_part && cmd_index == CMD_SETMAC) + + if (arg_part && index == CMD_SETMAC) err(EINVAL, "arg_part set on CMD_SETMAC"); - if (cmd_index == CMD_SETMAC) + if (index == CMD_SETMAC) { + mac_str = argc >= 4 ? argv[3] : rmac; - else if (arg_part) + + } else if (arg_part) { + part = conv_argv_part_num(argv[3]); + } } -static size_t +unsigned long conv_argv_part_num(const char *part_str) { - u8 ch; + unsigned char ch; if (part_str[0] == '\0' || part_str[1] != '\0') err(EINVAL, "Partnum string '%s' wrong length", part_str); /* char signedness is implementation-defined */ - ch = (u8)part_str[0]; + ch = (unsigned char)part_str[0]; if (ch < '0' || ch > '1') err(EINVAL, "Bad part number (%c)", ch); - return (size_t)(ch - '0'); + return (unsigned long)(ch - '0'); } /* * Portable strcmp() but blocks NULL/empty/unterminated * strings. Even stricter than strncmp(). */ -static int -xstrxcmp(const char *a, const char *b, size_t maxlen) +int +xstrxcmp(const char *a, const char *b, unsigned long maxlen) { - size_t i; + unsigned long i; if (a == NULL || b == NULL) err(EINVAL, "NULL input to xstrxcmp"); @@ -914,8 +1048,8 @@ xstrxcmp(const char *a, const char *b, size_t maxlen) err(EINVAL, "Empty string in xstrxcmp"); for (i = 0; i < maxlen; i++) { - u8 ac = (u8)a[i]; - u8 bc = (u8)b[i]; + unsigned char ac = (unsigned char)a[i]; + unsigned char bc = (unsigned char)b[i]; if (ac == '\0' || bc == '\0') { if (ac == bc) @@ -939,14 +1073,16 @@ xstrxcmp(const char *a, const char *b, size_t maxlen) return -1; } -static void +void open_gbe_file(void) { struct stat gbe_st; int flags; + struct commands *cmd = &nv->cmd[nv->i]; + xopen(&gbe_fd, fname, - command[cmd_index].flags | O_BINARY | + cmd->flags | O_BINARY | O_NOFOLLOW | O_CLOEXEC, &gbe_st); /* inode will be checked later on write */ @@ -954,9 +1090,9 @@ open_gbe_file(void) gbe_ino = gbe_st.st_ino; if (gbe_st.st_nlink > 1) - fprintf(stderr, - "%s: warning: file has %lu hard links\n", - fname, (ulong)gbe_st.st_nlink); + err(EINVAL, + "%s: warning: file has multiple (%lu) hard links\n", + fname, (unsigned long)gbe_st.st_nlink); if (gbe_st.st_nlink == 0) err(EIO, "%s: file unlinked while open", fname); @@ -989,14 +1125,15 @@ open_gbe_file(void) err(errno, "%s: can't lock", fname); } -static int +int lock_file(int fd) { struct flock fl; + struct commands *cmd = &nv->cmd[nv->i]; memset(&fl, 0, sizeof(fl)); - if (command[cmd_index].flags == O_RDONLY) + if (cmd->flags == O_RDONLY) fl.l_type = F_RDLCK; else fl.l_type = F_WRLCK; @@ -1009,7 +1146,7 @@ lock_file(int fd) return 0; } -static void +void xopen(int *fd_ptr, const char *path, int flags, struct stat *st) { if ((*fd_ptr = open(path, flags)) == -1) @@ -1036,10 +1173,10 @@ xopen(int *fd_ptr, const char *path, int flags, struct stat *st) * double-read verification, * which also benefits cmd_cat. */ -static void +void copy_gbe(void) { - ssize_t r; + long r; struct stat st; /* read main file */ @@ -1076,7 +1213,7 @@ copy_gbe(void) * fsync tmp gbe file, because we will compare * its contents to what was read (for safety) */ - if (fsync(tmp_fd) == -1) + if (x_i_fsync(tmp_fd) == -1) err(errno, "%s: fsync (tmpfile copy)", tname); r = rw_file_exact(tmp_fd, bufcmp, gbe_file_size, @@ -1086,7 +1223,7 @@ copy_gbe(void) if (r < 0) err(errno, "%s: read failed (cmp)", tname); - if (memcmp(buf, bufcmp, gbe_file_size) != 0) + if (x_i_memcmp(buf, bufcmp, gbe_file_size) != 0) err(errno, "%s: %s: read contents differ (pre-test)", fname, tname); @@ -1103,30 +1240,32 @@ copy_gbe(void) if (gbe_file_size == SIZE_8KB) return; - memcpy(buf + (size_t)GBE_PART_SIZE, - buf + (size_t)(gbe_file_size >> 1), - (size_t)GBE_PART_SIZE); + x_v_memcpy(buf + (unsigned long)GBE_PART_SIZE, + buf + (unsigned long)(gbe_file_size >> 1), + (unsigned long)GBE_PART_SIZE); } -static void +void read_checksums(void) { - size_t p; - size_t skip_part; - u8 arg_part; - u8 num_invalid; - u8 max_invalid; + unsigned long p; + unsigned long skip_part; + unsigned char arg_part; + unsigned char num_invalid; + unsigned char max_invalid; + + struct commands *cmd = &nv->cmd[nv->i]; part_valid[0] = 0; part_valid[1] = 0; - if (!command[cmd_index].chksum_read) + if (!cmd->chksum_read) return; num_invalid = 0; max_invalid = 2; - arg_part = command[cmd_index].arg_part; + arg_part = cmd->arg_part; if (arg_part) max_invalid = 1; @@ -1151,60 +1290,71 @@ read_checksums(void) if (num_invalid >= max_invalid) { if (max_invalid == 1) err(ECANCELED, "%s: part %lu has a bad checksum", - fname, (ulong)part); + fname, (unsigned long)part); err(ECANCELED, "%s: No valid checksum found in file", fname); } } -static int -good_checksum(size_t partnum) +int +good_checksum(unsigned long partnum) { - ushort expected_checksum = calculated_checksum(partnum); - ushort current_checksum = nvm_word(NVM_CHECKSUM_WORD, partnum); + unsigned short expected_checksum = + calculated_checksum(partnum); - if (current_checksum == expected_checksum) - return 1; + unsigned short current_checksum = + nvm_word(NVM_CHECKSUM_WORD, partnum); - return 0; + return current_checksum == expected_checksum; } -static void -run_cmd(size_t c) +void +run_cmd(void) { - check_command_num(c); + unsigned long cmd_num; + struct commands *cmd; + + cmd_num = nv->i; + cmd = &nv->cmd[cmd_num]; - if (command[c].run == NULL) - err(EINVAL, "Command %lu: null ptr", (ulong)c); + check_command_num(cmd_num); - command[c].run(); + if (cmd->run == NULL) + err(EINVAL, "Command %lu: null ptr", cmd_num); + + cmd->run(); } -static void -check_command_num(size_t c) +void +check_command_num(unsigned long c) { if (!valid_command(c)) err(EINVAL, "Invalid run_cmd arg: %lu", - (ulong)c); + (unsigned long)c); } -static u8 -valid_command(size_t c) +unsigned char +valid_command(unsigned long c) { - if (c >= N_COMMANDS) + struct commands *cmd; + + if (c >= items(nv->cmd)) return 0; - if (c != command[c].chk) - err(EINVAL, "Invalid cmd chk value (%lu) vs arg: %lu", - (ulong)command[c].chk, (ulong)c); + cmd = &nv->cmd[c]; + + if (c != cmd->chk) + err(EINVAL, + "Invalid cmd chk value (%lu) vs arg: %lu", + cmd->chk, c); return 1; } -static void +void cmd_helper_setmac(void) { - size_t partnum; + unsigned long partnum; printf("MAC address to be written: %s\n", mac_str); parse_mac_string(); @@ -1213,10 +1363,10 @@ cmd_helper_setmac(void) write_mac_part(partnum); } -static void +void parse_mac_string(void) { - size_t mac_byte; + unsigned long mac_byte; if (xstrxlen(mac_str, 18) != 17) err(EINVAL, "MAC address is the wrong length"); @@ -1239,10 +1389,10 @@ parse_mac_string(void) * strnlen() was standardized in POSIX.1-2008 and is not * available on some older systems, so we provide our own. */ -static size_t -xstrxlen(const char *scmp, size_t maxlen) +unsigned long +xstrxlen(const char *scmp, unsigned long maxlen) { - size_t xstr_index; + unsigned long xstr_index; if (scmp == NULL) err(EINVAL, "NULL input to xstrxlen"); @@ -1260,11 +1410,11 @@ xstrxlen(const char *scmp, size_t maxlen) return xstr_index; } -static void -set_mac_byte(size_t mac_byte_pos) +void +set_mac_byte(unsigned long mac_byte_pos) { - size_t mac_str_pos = mac_byte_pos * 3; - size_t mac_nib_pos; + unsigned long mac_str_pos = mac_byte_pos * 3; + unsigned long mac_nib_pos; char separator; if (mac_str_pos < 15) { @@ -1277,12 +1427,12 @@ set_mac_byte(size_t mac_byte_pos) set_mac_nib(mac_str_pos, mac_byte_pos, mac_nib_pos); } -static void -set_mac_nib(size_t mac_str_pos, - size_t mac_byte_pos, size_t mac_nib_pos) +void +set_mac_nib(unsigned long mac_str_pos, + unsigned long mac_byte_pos, unsigned long mac_nib_pos) { char mac_ch; - ushort hex_num; + unsigned short hex_num; mac_ch = mac_str[mac_str_pos + mac_nib_pos]; @@ -1307,47 +1457,42 @@ set_mac_nib(size_t mac_str_pos, | ((mac_nib_pos ^ 1) << 2)); /* left or right nib? */ } -static ushort +unsigned short hextonum(char ch_s) { - u8 ch = (u8)ch_s; + unsigned char ch = (unsigned char)ch_s; - if ((uint)(ch - '0') <= 9) + if ((unsigned int)(ch - '0') <= 9) return ch - '0'; ch |= 0x20; - if ((uint)(ch - 'a') <= 5) + if ((unsigned int)(ch - 'a') <= 5) return ch - 'a' + 10; if (ch == '?' || ch == 'x') - return rhex(); /* random character */ + return (unsigned short)rlong() & 0xf; return 16; /* invalid character */ } -static ushort -rhex(void) +unsigned long +rlong(void) { - struct timeval tv; - ulong mix; - static ulong counter = 0; - ushort r; + struct x_st_timeval tv; + static unsigned long mix = 0; + static unsigned long counter = 0; - /* Read /dev/urandom - * if possible */ - r = read_urandom(); - if (r < 16) - return r; - - /* Fallback */ + static int fd = -1; + unsigned long rval = 0; + long nr = -1; - gettimeofday(&tv, NULL); + x_i_gettimeofday(&tv, NULL); - mix = (ulong)tv.tv_sec - ^ (ulong)tv.tv_usec - ^ (ulong)getpid() - ^ (ulong)&mix + mix ^= (unsigned long)tv.tv_sec + ^ (unsigned long)tv.tv_usec + ^ (unsigned long)getpid() + ^ (unsigned long)&mix ^ counter++ ^ entropy_jitter(); @@ -1355,59 +1500,64 @@ rhex(void) * Stack addresses can vary between * calls, thus increasing entropy. */ - mix ^= (ulong)&mix; - mix ^= (ulong)&tv; - mix ^= (ulong)&counter; - - return (ushort)(mix & 0xf); -} + mix ^= (unsigned long)&mix; + mix ^= (unsigned long)&tv; + mix ^= (unsigned long)&counter; -static ushort -read_urandom(void) -{ - static int fd = -1; - static ssize_t n = -1; - - static u8 r[256]; - - if (fd < 0) { - - fd = open("/dev/urandom", O_RDONLY); - if (fd < 0) - fd = open("/dev/random", O_RDONLY); + /* + * Now, we won't use this mix + * immediately. We'll try to + * read urandom first, which is + * likely safer, and pass that, + * falling back to the mixture + * if urandom fails. + * + * Since urandom is likely + * reliable, the number of + * times it will fail is + * likely extremely random, + * thus, building more than + * sufficient entropy by the + * time we do eventually use + * the fallback code + */ - if (fd < 0) - return 16; - } + if (fd < 0) + fd = open("/dev/urandom", O_RDONLY | O_BINARY | O_NONBLOCK); - if (n < 0) { +#if !(defined(__OpenBSD__) && defined(OpenBSD)) || \ + (defined(__OpenBSD__) && defined(OpenBSD) && \ + OpenBSD < 604) + if (fd < 0) /* old openbsd */ + fd = open("/dev/arandom", O_RDONLY | O_BINARY | O_NONBLOCK); +#endif - n = rw_file_exact(fd, r, 256, 0, IO_READ, - LOOP_EAGAIN, LOOP_EINTR, 2, OFF_ERR); + if (fd < 0) + fd = open("/dev/random", O_RDONLY | O_BINARY | O_NONBLOCK); - if (n == 0) - n = -1; - if (n < 0) - return 16; + nr = rw_file_exact(fd, (unsigned char *)&rval, + sizeof(unsigned long), 0, IO_READ, LOOP_EAGAIN, + LOOP_EINTR, MAX_ZERO_RW_RETRY, OFF_ERR); - --n; - } + if (nr == sizeof(unsigned long)) + return rval; - return r[n--] & 0xf; + return mix; } -static ulong +unsigned long entropy_jitter(void) { - struct timeval a, b; - ulong mix = 0; + struct x_st_timeval a, b; + unsigned long mix = 0; long mix_diff; int i; - for (i = 0; i < 8; i++) { - gettimeofday(&a, NULL); + x_i_gettimeofday(&a, NULL); + + for (i = 0; i < 32; i++) { getpid(); - gettimeofday(&b, NULL); + x_i_gettimeofday(&b, NULL); /* * prevent negative numbers to prevent overflow, @@ -1417,17 +1567,34 @@ entropy_jitter(void) if (mix_diff < 0) mix_diff = -mix_diff; - mix ^= (ulong)(mix_diff); - mix ^= (ulong)&mix; + mix ^= (unsigned long)(mix_diff); + mix ^= (unsigned long)&mix; } return mix; } -static void -write_mac_part(size_t partnum) + + +int +x_i_gettimeofday(struct x_st_timeval *tv, void *tz) +{ + time_t t; + + (void)tz; + + t = time(NULL); + + tv->tv_sec = t; + tv->tv_usec = (long)((unsigned long)clock() % 1000000UL); + + return 0; +} + +void +write_mac_part(unsigned long partnum) { - size_t w; + unsigned long w; check_bin(partnum, "part number"); if (!part_valid[partnum]) @@ -1437,14 +1604,14 @@ write_mac_part(size_t partnum) set_nvm_word(w, partnum, mac_buf[w]); printf("Wrote MAC address to part %lu: ", - (ulong)partnum); + (unsigned long)partnum); print_mac_from_nvm(partnum); } -static void +void cmd_helper_dump(void) { - size_t partnum; + unsigned long partnum; part_valid[0] = good_checksum(0); part_valid[1] = good_checksum(1); @@ -1454,27 +1621,27 @@ cmd_helper_dump(void) fprintf(stderr, "BAD checksum %04x in part %lu (expected %04x)\n", nvm_word(NVM_CHECKSUM_WORD, partnum), - (ulong)partnum, + (unsigned long)partnum, calculated_checksum(partnum)); printf("MAC (part %lu): ", - (ulong)partnum); + (unsigned long)partnum); print_mac_from_nvm(partnum); hexdump(partnum); } } -static void -print_mac_from_nvm(size_t partnum) +void +print_mac_from_nvm(unsigned long partnum) { - size_t c; - ushort val16; + unsigned long c; + unsigned short val16; for (c = 0; c < 3; c++) { val16 = nvm_word(c, partnum); printf("%02x:%02x", - (uint)(val16 & 0xff), - (uint)(val16 >> 8)); + (unsigned int)(val16 & 0xff), + (unsigned int)(val16 >> 8)); if (c == 2) printf("\n"); else @@ -1482,72 +1649,74 @@ print_mac_from_nvm(size_t partnum) } } -static void -hexdump(size_t partnum) +void +hexdump(unsigned long partnum) { - size_t c; - size_t row; - ushort val16; + unsigned long c; + unsigned long row; + unsigned short val16; for (row = 0; row < 8; row++) { - printf("%08lx ", (ulong)((size_t)row << 4)); + printf("%08lx ", (unsigned long)((unsigned long)row << 4)); for (c = 0; c < 8; c++) { val16 = nvm_word((row << 3) + c, partnum); if (c == 4) printf(" "); printf(" %02x %02x", - (uint)(val16 & 0xff), - (uint)(val16 >> 8)); + (unsigned int)(val16 & 0xff), + (unsigned int)(val16 >> 8)); } printf("\n"); } } -static void +void cmd_helper_swap(void) { - memcpy( - buf + (size_t)GBE_WORK_SIZE, + x_v_memcpy( + buf + (unsigned long)GBE_WORK_SIZE, buf, GBE_PART_SIZE); - memcpy( + x_v_memcpy( buf, - buf + (size_t)GBE_PART_SIZE, + buf + (unsigned long)GBE_PART_SIZE, GBE_PART_SIZE); - memcpy( - buf + (size_t)GBE_PART_SIZE, - buf + (size_t)GBE_WORK_SIZE, + x_v_memcpy( + buf + (unsigned long)GBE_PART_SIZE, + buf + (unsigned long)GBE_WORK_SIZE, GBE_PART_SIZE); set_part_modified(0); set_part_modified(1); } -static void +void cmd_helper_copy(void) { - memcpy( - buf + (size_t)((part ^ 1) * GBE_PART_SIZE), - buf + (size_t)(part * GBE_PART_SIZE), + x_v_memcpy( + buf + (unsigned long)((part ^ 1) * GBE_PART_SIZE), + buf + (unsigned long)(part * GBE_PART_SIZE), GBE_PART_SIZE); set_part_modified(part ^ 1); } -static void +void cmd_helper_cat(void) { - size_t p = 0; - size_t ff = 0; - size_t nff = 0; + unsigned long p = 0; + unsigned long ff = 0; + unsigned long nff = 0; + + unsigned long cmd_num = nv->i; fflush(NULL); memset(pad, 0xff, GBE_PART_SIZE); - switch (cmd_index) { + switch (cmd_num) { case CMD_CAT: nff = 0; break; @@ -1562,15 +1731,15 @@ cmd_helper_cat(void) } for (p = 0; p < 2; p++) { - cat_buf(bufcmp + (size_t)(p * (gbe_file_size >> 1))); + cat_buf(bufcmp + (unsigned long)(p * (gbe_file_size >> 1))); for (ff = 0; ff < nff; ff++) cat_buf(pad); } } -static void -cat_buf(u8 *b) +void +cat_buf(unsigned char *b) { if (rw_file_exact(STDOUT_FILENO, b, GBE_PART_SIZE, 0, IO_WRITE, LOOP_EAGAIN, LOOP_EINTR, @@ -1578,16 +1747,18 @@ cat_buf(u8 *b) err(errno, "stdout: cat"); } -static void +void write_gbe_file(void) { struct stat gbe_st; struct stat tmp_st; - size_t p; - u8 update_checksum; + unsigned long p; + unsigned char update_checksum; - if (command[cmd_index].flags == O_RDONLY) + struct commands *cmd = &nv->cmd[nv->i]; + + if (cmd->flags == O_RDONLY) return; if (fstat(gbe_fd, &gbe_st) == -1) @@ -1608,7 +1779,7 @@ write_gbe_file(void) if (!S_ISREG(tmp_st.st_mode)) err(errno, "%s: file type changed before write", tname); - update_checksum = command[cmd_index].chksum_write; + update_checksum = cmd->chksum_write; for (p = 0; p < 2; p++) { if (!part_modified[p]) @@ -1621,23 +1792,23 @@ write_gbe_file(void) } } -static void -set_checksum(size_t p) +void +set_checksum(unsigned long p) { check_bin(p, "part number"); set_nvm_word(NVM_CHECKSUM_WORD, p, calculated_checksum(p)); } -static ushort -calculated_checksum(size_t p) +unsigned short +calculated_checksum(unsigned long p) { - size_t c; - uint val16 = 0; + unsigned long c; + unsigned int val16 = 0; for (c = 0; c < NVM_CHECKSUM_WORD; c++) - val16 += (uint)nvm_word(c, p); + val16 += (unsigned int)nvm_word(c, p); - return (ushort)((NVM_CHECKSUM - val16) & 0xffff); + return (unsigned short)((NVM_CHECKSUM - val16) & 0xffff); } /* @@ -1648,41 +1819,41 @@ calculated_checksum(size_t p) * file, but we assume otherwise and adapt accordingly. */ -static ushort -nvm_word(size_t pos16, size_t p) +unsigned short +nvm_word(unsigned long pos16, unsigned long p) { - size_t pos; + unsigned long pos; check_nvm_bound(pos16, p); pos = (pos16 << 1) + (p * GBE_PART_SIZE); - return (ushort)buf[pos] | - ((ushort)buf[pos + 1] << 8); + return (unsigned short)buf[pos] | + ((unsigned short)buf[pos + 1] << 8); } -static void -set_nvm_word(size_t pos16, size_t p, ushort val16) +void +set_nvm_word(unsigned long pos16, unsigned long p, unsigned short val16) { - size_t pos; + unsigned long pos; check_nvm_bound(pos16, p); pos = (pos16 << 1) + (p * GBE_PART_SIZE); - buf[pos] = (u8)(val16 & 0xff); - buf[pos + 1] = (u8)(val16 >> 8); + buf[pos] = (unsigned char)(val16 & 0xff); + buf[pos + 1] = (unsigned char)(val16 >> 8); set_part_modified(p); } -static void -set_part_modified(size_t p) +void +set_part_modified(unsigned long p) { check_bin(p, "part number"); part_modified[p] = 1; } -static void -check_nvm_bound(size_t c, size_t p) +void +check_nvm_bound(unsigned long c, unsigned long p) { /* * NVM_SIZE assumed as the limit, because this @@ -1694,30 +1865,34 @@ check_nvm_bound(size_t c, size_t p) if (c >= NVM_WORDS) err(ECANCELED, "check_nvm_bound: out of bounds %lu", - (ulong)c); + (unsigned long)c); } -static void -check_bin(size_t a, const char *a_name) +void +check_bin(unsigned long a, const char *a_name) { if (a > 1) err(EINVAL, "%s must be 0 or 1, but is %lu", - a_name, (ulong)a); + a_name, (unsigned long)a); } -static void -rw_gbe_file_part(size_t p, int rw_type, +void +rw_gbe_file_part(unsigned long p, int rw_type, const char *rw_type_str) { - ssize_t r; - size_t gbe_rw_size = command[cmd_index].rw_size; + long r; + unsigned long gbe_rw_size; + struct commands *cmd = &nv->cmd[nv->i]; + + unsigned char *mem_offset; - u8 *mem_offset; off_t file_offset; + gbe_rw_size = cmd->rw_size; + if (rw_type < IO_PREAD || rw_type > IO_PWRITE) err(errno, "%s: %s: part %lu: invalid rw_type, %d", - fname, rw_type_str, (ulong)p, rw_type); + fname, rw_type_str, (unsigned long)p, rw_type); mem_offset = gbe_mem_offset(p, rw_type_str); file_offset = (off_t)gbe_file_offset(p, rw_type_str); @@ -1727,20 +1902,22 @@ rw_gbe_file_part(size_t p, int rw_type, if (r == -1) err(errno, "%s: %s: part %lu", - fname, rw_type_str, (ulong)p); + fname, rw_type_str, (unsigned long)p); - if ((size_t)r != gbe_rw_size) + if ((unsigned long)r != gbe_rw_size) err(EIO, "%s: partial %s: part %lu", - fname, rw_type_str, (ulong)p); + fname, rw_type_str, (unsigned long)p); } -static void +void write_to_gbe_bin(void) { int saved_errno; int mv; - if (command[cmd_index].flags != O_RDWR) + struct commands *cmd = &nv->cmd[nv->i]; + + if (cmd->flags != O_RDWR) return; write_gbe_file(); @@ -1749,7 +1926,7 @@ write_to_gbe_bin(void) * We may otherwise read from * cache, so we must sync. */ - if (fsync(tmp_fd) == -1) + if (x_i_fsync(tmp_fd) == -1) err(errno, "%s: fsync (pre-verification)", tname); @@ -1768,12 +1945,12 @@ write_to_gbe_bin(void) saved_errno = errno; - if (close(tmp_fd) == -1) { + if (x_i_close(tmp_fd) == -1) { fprintf(stderr, "FAIL: %s: close\n", tname); io_err_gbe_bin = 1; } - if (close(gbe_fd) == -1) { + if (x_i_close(gbe_fd) == -1) { fprintf(stderr, "FAIL: %s: close\n", fname); io_err_gbe_bin = 1; } @@ -1820,20 +1997,22 @@ write_to_gbe_bin(void) "errno %d: %s\n", errno, strerror(errno)); } -static void -check_written_part(size_t p) +void +check_written_part(unsigned long p) { - ssize_t r; - size_t gbe_rw_size; - u8 *mem_offset; + long r; + unsigned long gbe_rw_size; + unsigned char *mem_offset; off_t file_offset; - u8 *buf_restore; + unsigned char *buf_restore; struct stat st; + struct commands *cmd = &nv->cmd[nv->i]; + if (!part_modified[p]) return; - gbe_rw_size = command[cmd_index].rw_size; + gbe_rw_size = cmd->rw_size; /* invert not needed for pwrite */ mem_offset = gbe_mem_offset(p, "pwrite"); @@ -1856,9 +2035,9 @@ check_written_part(size_t p) if (r == -1) rw_check_err_read[p] = io_err_gbe = 1; - else if ((size_t)r != gbe_rw_size) + else if ((unsigned long)r != gbe_rw_size) rw_check_partial_read[p] = io_err_gbe = 1; - else if (memcmp(mem_offset, pad, gbe_rw_size) != 0) + else if (x_i_memcmp(mem_offset, pad, gbe_rw_size) != 0) rw_check_bad_part[p] = io_err_gbe = 1; if (rw_check_err_read[p] || @@ -1876,10 +2055,10 @@ check_written_part(size_t p) buf = buf_restore; } -static void +void report_io_err_rw(void) { - size_t p; + unsigned long p; if (!io_err_gbe) return; @@ -1891,22 +2070,22 @@ report_io_err_rw(void) if (rw_check_err_read[p]) fprintf(stderr, "%s: pread: p%lu (post-verification)\n", - fname, (ulong)p); + fname, (unsigned long)p); if (rw_check_partial_read[p]) fprintf(stderr, "%s: partial pread: p%lu (post-verification)\n", - fname, (ulong)p); + fname, (unsigned long)p); if (rw_check_bad_part[p]) fprintf(stderr, "%s: pwrite: corrupt write on p%lu\n", - fname, (ulong)p); + fname, (unsigned long)p); if (rw_check_err_read[p] || rw_check_partial_read[p]) { fprintf(stderr, "%s: p%lu: skipped checksum verification " "(because read failed)\n", - fname, (ulong)p); + fname, (unsigned long)p); continue; } @@ -1919,7 +2098,7 @@ report_io_err_rw(void) fprintf(stderr, "BAD"); fprintf(stderr, " checksum in p%lu on-disk.\n", - (ulong)p); + (unsigned long)p); if (post_rw_checksum[p]) { fprintf(stderr, @@ -1929,7 +2108,7 @@ report_io_err_rw(void) } } -static int +int gbe_mv(void) { int r; @@ -1988,10 +2167,10 @@ gbe_mv(void) if (r < 0) goto ret_gbe_mv; - if (fsync(dest_fd) == -1) + if (x_i_fsync(dest_fd) == -1) goto ret_gbe_mv; - if (close(dest_fd) == -1) + if (x_i_close(dest_fd) == -1) goto ret_gbe_mv; if (rename(dest_tmp, fname) == -1) @@ -2006,7 +2185,7 @@ gbe_mv(void) ret_gbe_mv: if (gbe_fd > -1) { - if (close(gbe_fd) < 0) + if (x_i_close(gbe_fd) < 0) r = -1; if (fsync_dir(fname) < 0) r = -1; @@ -2014,7 +2193,7 @@ ret_gbe_mv: } if (tmp_fd > -1) { - if (close(tmp_fd) < 0) + if (x_i_close(tmp_fd) < 0) r = -1; tmp_fd = -1; @@ -2050,16 +2229,16 @@ ret_gbe_mv: * Ensure rename() is durable by syncing the * directory containing the target file. */ -static int +int fsync_dir(const char *path) { #if defined(PATH_LEN) && \ (PATH_LEN) >= 256 - size_t maxlen = PATH_LEN; + unsigned long maxlen = PATH_LEN; #else - size_t maxlen = 4096; + unsigned long maxlen = 1024; #endif - size_t pathlen; + unsigned long pathlen; /* char dirbuf[maxlen]; */ char *dirbuf = NULL; char *slash; @@ -2076,22 +2255,38 @@ fsync_dir(const char *path) goto err_fsync_dir; } + if (pathlen == 0) + { + errno = EINVAL; + goto err_fsync_dir; + } + dirbuf = malloc(pathlen + 1); if (dirbuf == NULL) goto err_fsync_dir; - memcpy(dirbuf, path, pathlen + 1); - slash = strrchr(dirbuf, '/'); + x_v_memcpy(dirbuf, path, pathlen + 1); + slash = x_c_strrchr(dirbuf, '/'); if (slash != NULL) { *slash = '\0'; - if (*dirbuf == '\0') - strcpy(dirbuf, "/"); + if (*dirbuf == '\0') { + dirbuf[0] = '/'; + dirbuf[1] = '\0'; + } } else { - strcpy(dirbuf, "."); + dirbuf[0] = '.'; + dirbuf[1] = '\0'; } - dfd = open(dirbuf, O_RDONLY); + dfd = open(dirbuf, O_RDONLY +#ifdef O_DIRECTORY + | O_DIRECTORY +#endif +#ifdef O_NOFOLLOW + | O_NOFOLLOW +#endif + ); if (dfd == -1) goto err_fsync_dir; @@ -2104,10 +2299,10 @@ fsync_dir(const char *path) } /* sync file on disk */ - if (fsync(dfd) == -1) + if (x_i_fsync(dfd) == -1) goto err_fsync_dir; - if (close(dfd) == -1) + if (x_i_close(dfd) == -1) goto err_fsync_dir; if (dirbuf != NULL) @@ -2127,7 +2322,7 @@ err_fsync_dir: free(dirbuf); if (dfd > -1) - close(dfd); + x_i_close(dfd); io_err_gbe_bin = 1; errno = saved_errno; @@ -2140,13 +2335,13 @@ err_fsync_dir: * but used to check Gbe bounds in memory, * and it is *also* used during file I/O. */ -static u8 * -gbe_mem_offset(size_t p, const char *f_op) +unsigned char * +gbe_mem_offset(unsigned long p, const char *f_op) { off_t gbe_off = gbe_x_offset(p, f_op, "mem", GBE_PART_SIZE, GBE_WORK_SIZE); - return (u8 *)(buf + (size_t)gbe_off); + return (unsigned char *)(buf + (unsigned long)gbe_off); } /* @@ -2156,8 +2351,8 @@ gbe_mem_offset(size_t p, const char *f_op) * * This check is called, to ensure just that. */ -static off_t -gbe_file_offset(size_t p, const char *f_op) +off_t +gbe_file_offset(unsigned long p, const char *f_op) { off_t gbe_file_half_size = gbe_file_size >> 1; @@ -2165,8 +2360,8 @@ gbe_file_offset(size_t p, const char *f_op) gbe_file_half_size, gbe_file_size); } -static off_t -gbe_x_offset(size_t p, const char *f_op, const char *d_type, +off_t +gbe_x_offset(unsigned long p, const char *f_op, const char *d_type, off_t nsize, off_t ncmp) { off_t off; @@ -2186,35 +2381,30 @@ gbe_x_offset(size_t p, const char *f_op, const char *d_type, return off; } -static ssize_t -rw_gbe_file_exact(int fd, u8 *mem, size_t nrw, +long +rw_gbe_file_exact(int fd, unsigned char *mem, unsigned long nrw, off_t off, int rw_type) { - size_t mem_addr; - size_t buf_addr; - ssize_t r; + long r; if (io_args(fd, mem, nrw, off, rw_type) == -1) return -1; - mem_addr = (size_t)(void *)mem; - buf_addr = (size_t)(void *)buf; - if (mem != (void *)pad) { - if (mem_addr < buf_addr) + if (mem < buf) goto err_rw_gbe_file_exact; - if ((mem_addr - buf_addr) >= (size_t)GBE_WORK_SIZE) + if ((unsigned long)(mem - buf) >= GBE_WORK_SIZE) goto err_rw_gbe_file_exact; } if (off < 0 || off >= gbe_file_size) goto err_rw_gbe_file_exact; - if (nrw > (size_t)(gbe_file_size - off)) + if (nrw > (unsigned long)(gbe_file_size - off)) goto err_rw_gbe_file_exact; - if (nrw > (size_t)GBE_PART_SIZE) + if (nrw > (unsigned long)GBE_PART_SIZE) goto err_rw_gbe_file_exact; r = rw_file_exact(fd, mem, nrw, off, rw_type, @@ -2258,17 +2448,17 @@ err_rw_gbe_file_exact: * times upon zero-return, to recover, * otherwise it will return an error. */ -static ssize_t -rw_file_exact(int fd, u8 *mem, size_t nrw, +long +rw_file_exact(int fd, unsigned char *mem, unsigned long nrw, off_t off, int rw_type, int loop_eagain, - int loop_eintr, size_t max_retries, + int loop_eintr, unsigned long max_retries, int off_reset) { - ssize_t rv = 0; - ssize_t rc = 0; - size_t retries_on_zero = 0; + long rv = 0; + long rc = 0; + unsigned long retries_on_zero = 0; off_t off_cur; - size_t nrw_cur; + unsigned long nrw_cur; void *mem_cur; if (io_args(fd, mem, nrw, off, rw_type) == -1) @@ -2277,15 +2467,15 @@ rw_file_exact(int fd, u8 *mem, size_t nrw, while (1) { /* Prevent theoretical overflow */ - if (rv >= 0 && (size_t)rv > (nrw - rc)) + if (rv >= 0 && (unsigned long)rv > (nrw - rc)) goto err_rw_file_exact; rc += rv; - if ((size_t)rc >= nrw) + if ((unsigned long)rc >= nrw) break; - mem_cur = (void *)(mem + (size_t)rc); - nrw_cur = (size_t)(nrw - (size_t)rc); + mem_cur = (void *)(mem + (unsigned long)rc); + nrw_cur = (unsigned long)(nrw - (unsigned long)rc); if (off < 0) goto err_rw_file_exact; off_cur = off + (off_t)rc; @@ -2306,7 +2496,7 @@ rw_file_exact(int fd, u8 *mem, size_t nrw, retries_on_zero = 0; } - if ((size_t)rc != nrw) + if ((unsigned long)rc != nrw) goto err_rw_file_exact; return rw_over_nrw(rc, nrw); @@ -2358,13 +2548,13 @@ err_rw_file_exact: * we reset and continue, and pray for the worst. */ -static ssize_t -prw(int fd, void *mem, size_t nrw, +long +prw(int fd, void *mem, unsigned long nrw, off_t off, int rw_type, int loop_eagain, int loop_eintr, int off_reset) { - ssize_t r; + long r; int positional_rw; struct stat st; #if !defined(HAVE_REAL_PREAD_PWRITE) || \ @@ -2513,8 +2703,8 @@ err_prw: return -1; } -static int -io_args(int fd, void *mem, size_t nrw, +int +io_args(int fd, void *mem, unsigned long nrw, off_t off, int rw_type) { /* obviously */ @@ -2534,11 +2724,11 @@ io_args(int fd, void *mem, size_t nrw, goto err_io_args; /* prevent overflow */ - if (nrw > (size_t)SSIZE_MAX) + if (nrw > (unsigned long)X_LONG_MAX) goto err_io_args; /* prevent overflow */ - if (((size_t)off + nrw) < (size_t)off) + if (((unsigned long)off + nrw) < (unsigned long)off) goto err_io_args; if (rw_type > IO_PWRITE) @@ -2551,7 +2741,7 @@ err_io_args: return -1; } -static int +int check_file(int fd, struct stat *st) { if (fstat(fd, st) == -1) @@ -2573,8 +2763,8 @@ err_is_file: * POSIX can say whatever it wants. * specification != implementation */ -static ssize_t -rw_over_nrw(ssize_t r, size_t nrw) +long +rw_over_nrw(long r, unsigned long nrw) { /* * If a byte length of zero @@ -2587,14 +2777,14 @@ rw_over_nrw(ssize_t r, size_t nrw) if (r == -1) return r; - if ((size_t)r > SSIZE_MAX) { + if ((unsigned long)r > X_LONG_MAX) { /* * Theoretical buggy libc * check. Extremely academic. * * Specifications never * allow this return value - * to exceed SSIZE_MAX, but + * to exceed SSIZE_T, but * spec != implementation * * Check this after using @@ -2608,7 +2798,7 @@ rw_over_nrw(ssize_t r, size_t nrw) * Should never return a number of * bytes above the requested length. */ - if ((size_t)r > nrw) + if ((unsigned long)r > nrw) goto err_rw_over_nrw; return r; @@ -2626,7 +2816,7 @@ err_rw_over_nrw: * on an EINTR/EAGAIN wait loop. Used by prw() * for setting offsets for positional I/O. */ -static off_t +off_t lseek_loop(int fd, off_t off, int whence, int loop_eagain, int loop_eintr) { @@ -2648,7 +2838,7 @@ lseek_loop(int fd, off_t off, int whence, * will loop until errno isn't -1 and one * of these, e.g. -1 and EINTR */ -static int +int try_err(int loop_err, int errval) { if (loop_err) @@ -2660,7 +2850,7 @@ try_err(int loop_err, int errval) return -1; } -static void +void usage(void) { const char *util = getnvmprogname(); @@ -2681,7 +2871,7 @@ usage(void) err(EINVAL, "Too few arguments"); } -static void +void err(int nvm_errval, const char *msg, ...) { va_list args; @@ -2709,20 +2899,20 @@ err(int nvm_errval, const char *msg, ...) exit(EXIT_FAILURE); } -static int +int exit_cleanup(void) { int close_err = 0; int saved_errno = errno; if (gbe_fd > -1) { - if (close(gbe_fd) == -1) + if (x_i_close(gbe_fd) == -1) close_err = 1; gbe_fd = -1; } if (tmp_fd > -1) { - if (close(tmp_fd) == -1) + if (x_i_close(tmp_fd) == -1) close_err = 1; } @@ -2742,7 +2932,7 @@ exit_cleanup(void) return 0; } -static const char * +const char * getnvmprogname(void) { const char *p; @@ -2750,7 +2940,7 @@ getnvmprogname(void) if (argv0 == NULL || *argv0 == '\0') return ""; - p = strrchr(argv0, '/'); + p = x_c_strrchr(argv0, '/'); if (p) return p + 1; @@ -2782,10 +2972,10 @@ getnvmprogname(void) * if local is zero, then 3rd arg (path) * is irrelevant and can be NULL */ -static char * +char * new_tmpfile(int *fd, int local, const char *path) { - size_t maxlen; + unsigned long maxlen; struct stat st; /* @@ -2800,9 +2990,9 @@ new_tmpfile(int *fd, int local, const char *path) char *base = NULL; char *dest = NULL; - size_t tmpdir_len = 0; - size_t tmpname_len = 0; - size_t tmppath_len = 0; + unsigned long tmpdir_len = 0; + unsigned long tmpname_len = 0; + unsigned long tmppath_len = 0; int fd_tmp = -1; int flags; @@ -2821,7 +3011,7 @@ new_tmpfile(int *fd, int local, const char *path) (PATH_LEN) >= 256 maxlen = PATH_LEN; #else - maxlen = 4096; + maxlen = 1024; #endif tmpname = default_tmpname; @@ -2848,7 +3038,7 @@ new_tmpfile(int *fd, int local, const char *path) */ tmpdir_len = sizeof(default_tmpname); } else { - base = getenv("TMPDIR"); + base = x_c_tmpdir(); if (base == NULL) base = tmp_default; @@ -2879,26 +3069,26 @@ new_tmpfile(int *fd, int local, const char *path) *dest = '.'; /* hidden file */ - memcpy(dest + (size_t)1, tmpname, tmpname_len); + x_v_memcpy(dest + (unsigned long)1, tmpname, tmpname_len); - memcpy(dest + (size_t)1 + tmpname_len, + x_v_memcpy(dest + (unsigned long)1 + tmpname_len, default_tmpname, tmpdir_len); } else { - memcpy(dest, base, tmpdir_len); + x_v_memcpy(dest, base, tmpdir_len); dest[tmpdir_len] = '/'; - memcpy(dest + tmpdir_len + 1, tmpname, tmpname_len); + x_v_memcpy(dest + tmpdir_len + 1, tmpname, tmpname_len); } dest[tmppath_len] = '\0'; - fd_tmp = mkstemp(dest); + fd_tmp = x_i_mkstemp(dest); if (fd_tmp == -1) goto err_new_tmpfile; - if (fchmod(fd_tmp, 0600) == -1) + if (x_i_fchmod(fd_tmp, 0600) == -1) goto err_new_tmpfile; if (lock_file(fd_tmp) == -1) @@ -2955,7 +3145,256 @@ err_new_tmpfile: free(dest); if (fd_tmp > -1) - close(fd_tmp); + x_i_close(fd_tmp); return NULL; } + +/* + * portable mkstemp + */ +int +x_i_mkstemp(char *template) +{ + int fd; + int i, j; + unsigned long len; + char *p; + + char ch[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + unsigned long r = rlong(); + + len = xstrxlen(template, PATH_LEN); + + /* find trailing XXXXXX */ + if (len < 6) + return -1; + + p = template + len - 6; + + for (i = 0; i < 100; i++) { + + for (j = 0; j < 6; j++) + p[j] = ch[r % (sizeof(ch) - 1)]; + + fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600); + + if (fd >= 0) + return fd; + + if (errno != EEXIST) + return -1; + } + + errno = EEXIST; + return -1; +} + +char * +x_c_strrchr(const char *s, int c) +{ + const char *p = NULL; + + while (*s) { + if (*s == (char)c) + p = s; + s++; + } + + if (c == '\0') + return (char *)s; + + return (char *)p; +} + +/* +int +x_i_rename(const char *src, const char *dst) +{ + int sfd, dfd; + ssize_t r; + char buf[8192]; + + sfd = open(src, O_RDONLY); + if (sfd < 0) + return -1; + + dfd = open(dst, O_WRONLY | O_CREAT | O_TRUNC, 0600); + if (dfd < 0) { + x_i_close(sfd); + return -1; + } + + while ((r = read(sfd, buf, sizeof(buf))) > 0) { + ssize_t w = write(dfd, buf, r); + if (w != r) { + x_i_close(sfd); + x_i_close(dfd); + return -1; + } + } + + if (r < 0) { + x_i_close(sfd); + x_i_close(dfd); + return -1; + } + + x_i_fsync(dfd); + + x_i_close(sfd); + x_i_close(dfd); + + if (unlink(src) < 0) + return -1; + + return 0; +} +*/ + +char * +x_c_tmpdir(void) +{ + char *t; + struct stat st; + + t = getenv("TMPDIR"); + if (t && *t) { + if (stat(t, &st) == 0 && S_ISDIR(st.st_mode)) + return t; + } + + if (stat("/tmp", &st) == 0 && S_ISDIR(st.st_mode)) + return "/tmp"; + + if (stat("/var/tmp", &st) == 0 && S_ISDIR(st.st_mode)) + return "/var/tmp"; + + return "."; +} + +int +x_i_close(int fd) +{ + int r; + + do { + r = close(fd); + } while (r == -1 && errno == EINTR); + + return r; +} + +void * +x_v_memcpy(void *dst, const void *src, unsigned long n) +{ + unsigned char *d = (unsigned char *)dst; + const unsigned char *s = (const unsigned char *)src; + + while (n--) + *d++ = *s++; + + return dst; +} + +int +x_i_memcmp(const void *a, const void *b, unsigned long n) +{ + const unsigned char *pa = (const unsigned char *)a; + const unsigned char *pb = (const unsigned char *)b; + + while (n--) { + if (*pa != *pb) + return *pa - *pb; + pa++; + pb++; + } + + return 0; +} + +/* + * emulate fchmod() using file descriptor + * paths, for old unix portability. should + * work on e.g. BSD/MacOS (/dev/fd/N), + * Linux (/proc/self/fd/N) and others + */ +int +x_i_fchmod(int fd, mode_t mode) +{ + if (x_try_fdpath("/dev/fd/", fd, mode) == 0) + return 0; + + if (x_try_fdpath("/proc/self/fd/", fd, mode) == 0) + return 0; + + errno = ENOSYS; + return -1; +} + +int +x_try_fdpath(const char *prefix, int fd, mode_t mode) +{ + char path[PATH_LEN]; + + unsigned long i = 0; + unsigned long j; + + struct stat st; + + while (prefix[i]) { + if (i >= PATH_LEN - 1) + return -1; + path[i] = prefix[i]; + i++; + } + + j = x_conv_fd(path + i, (unsigned long)fd); + + if (i + j >= PATH_LEN) + return -1; + + i += j; + path[i] = '\0'; + + if (stat(path, &st) < 0) + return -1; + + return chmod(path, mode); +} + +unsigned long +x_conv_fd(char *buf, unsigned long n) +{ + char tmp[256]; + + unsigned long i = 0; + unsigned long j = 0; + + if (n == 0) { + buf[0] = '0'; + return 1; + } + + while (n > 0) { + tmp[i++] = (char)('0' + (n % 10)); + n /= 10; + } + + while (i > 0) + buf[j++] = tmp[--i]; + + return j; +} + +int +x_i_fsync(int fd) +{ + int r; + + do { + r = fsync(fd); + } while (r == -1 && errno == EINTR); + + return r; +} |