diff options
Diffstat (limited to 'util')
| -rw-r--r-- | util/nvmutil/Makefile | 7 | ||||
| -rw-r--r-- | util/nvmutil/nvmutil.c | 1255 |
2 files changed, 781 insertions, 481 deletions
diff --git a/util/nvmutil/Makefile b/util/nvmutil/Makefile index e58c654b..025e87e1 100644 --- a/util/nvmutil/Makefile +++ b/util/nvmutil/Makefile @@ -7,18 +7,21 @@ CSTD?=-std=c90 WERROR?=-Werror CWARN?=-Wall -Wextra -pedantic COPT?=-Os -CFLAGS?=-I. $(COPT) $(CWARN) $(CSTD) +CFLAGS?=$(CWARN) $(CSTD) LDFLAGS?= DESTDIR?= PREFIX?=/usr/local INSTALL?=install +LDIR?=-I. + +OPTS=$(LDIR) $(COPT) $(WERROR) $(CFLAGS) $(LDFLAGS) PROG=nvmutil all: $(PROG) $(PROG): nvmutil.c - $(CC) $(CFLAGS) $(LDFLAGS) nvmutil.c -o $(PROG) + $(CC) $(OPTS) nvmutil.c -o $(PROG) install: $(PROG) $(INSTALL) -d $(DESTDIR)$(PREFIX)/bin diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c index 58b9fdbf..64ab6158 100644 --- a/util/nvmutil/nvmutil.c +++ b/util/nvmutil/nvmutil.c @@ -26,12 +26,8 @@ * default these days. */ #ifndef PATH_LEN -#ifdef PATH_MAX -#define PATH_LEN (PATH_MAX) -#else #define PATH_LEN 1024 #endif -#endif #define OFF_ERR 0 #ifndef OFF_RESET @@ -132,7 +128,7 @@ * files at once (noting limitations with cat) * BONUS: implement own getopt(), for portability * - * TODO: document fuzzing / static analysis methods + * TODO: document fuzzing / analysis methods * for the code, and: * TODO: implement rigorous unit tests (separate util) * NOTE: this would *include* known good test files @@ -142,7 +138,7 @@ * codebase would allow me to write a separate C * program to test some finer intricacies * TODO: the unit tests would basically test regressions - * TODO: after writing back a gbe to file, close() and + * TODO: after writing back a gbe to file, x_i_close() and * open() it again, read it again, and check that * the contents were written correctly, providing * a warning if they were. do this in the main @@ -155,7 +151,7 @@ * featureset of nvmutil. * TODO: write a manpage * TODO: simplify the command sanitization, implement more - * of it as build time checks, e.g. static asserts. + * of it as build time checks, e.g. asserts. * generally remove cleverness from the code, instead * prefyerring readibility * TODO: also document nvmutil's coding style, which is @@ -198,7 +194,7 @@ further note when fuzzing is implemented: use deterministic randomisation, with a guaranteed seed - so e.g. don't use /dev/urandom in test builds. e.g. just use normal rand() -but with a static seed e.g. 1234 +but with a seed e.g. 1234 */ /* TODO: stricter build flags, e.g. @@ -234,30 +230,22 @@ also consider: #include <time.h> #include <unistd.h> -typedef unsigned char u8; -typedef unsigned short ushort; -typedef unsigned int uint; -typedef unsigned long ulong; - /* type asserts */ typedef char static_assert_char_is_8_bits[(CHAR_BIT == 8) ? 1 : -1]; typedef char static_assert_char_is_1[(sizeof(char) == 1) ? 1 : -1]; -typedef char static_assert_u8_is_1[ - (sizeof(u8) == 1) ? 1 : -1]; -typedef char static_assert_ushort_is_2[ - (sizeof(ushort) >= 2) ? 1 : -1]; +typedef char static_assert_unsigned_char_is_1[ + (sizeof(unsigned char) == 1) ? 1 : -1]; +typedef char static_assert_unsigned_short_is_2[ + (sizeof(unsigned short) >= 2) ? 1 : -1]; typedef char static_assert_short_is_2[(sizeof(short) >= 2) ? 1 : -1]; -typedef char static_assert_uint_is_4[ - (sizeof(uint) >= 4) ? 1 : -1]; -typedef char static_assert_ulong_is_4[ - (sizeof(ulong) >= 4) ? 1 : -1]; +typedef char static_assert_unsigned_int_is_4[ + (sizeof(unsigned int) >= 4) ? 1 : -1]; +typedef char static_assert_unsigned_long_is_4[ + (sizeof(unsigned long) >= 4) ? 1 : -1]; typedef char static_assert_int_ge_32[(sizeof(int) >= 4) ? 1 : -1]; typedef char static_assert_twos_complement[ ((-1 & 3) == 3) ? 1 : -1 ]; -typedef char assert_ulong_ptr[ - (sizeof(ulong) >= sizeof(void *)) ? 1 : -1 -]; typedef char assert_unsigned_long_ptr[ (sizeof(unsigned long) >= sizeof(void *)) ? 1 : -1 ]; @@ -304,8 +292,16 @@ typedef char static_assert_off_t_is_32[(sizeof(off_t) >= 4) ? 1 : -1]; #define O_BINARY 0 #endif +#ifndef O_EXCL +#define O_EXCL 0 +#endif + +#ifndef O_CREAT +#define O_CREAT 0 +#endif + #ifndef O_NONBLOCK -#define O_NONBLOCK +#define O_NONBLOCK 0 #endif #ifndef O_CLOEXEC @@ -323,23 +319,23 @@ typedef char static_assert_off_t_is_32[(sizeof(off_t) >= 4) ? 1 : -1]; /* * Sanitize command tables. */ -static void sanitize_command_list(void); -static void sanitize_command_index(unsigned long c); +void sanitize_command_list(void); +void sanitize_command_index(unsigned long c); /* * Argument handling (user input) */ -static void set_cmd(int argc, char *argv[]); -static void set_cmd_args(int argc, char *argv[]); -static unsigned long conv_argv_part_num(const char *part_str); -static int xstrxcmp(const char *a, const char *b, unsigned long maxlen); +void set_cmd(int argc, char *argv[]); +void set_cmd_args(int argc, char *argv[]); +unsigned long conv_argv_part_num(const char *part_str); +int xstrxcmp(const char *a, const char *b, unsigned long maxlen); /* * Prep files for reading */ -static void open_gbe_file(void); -static int lock_file(int fd); -static void xopen(int *fd, const char *path, int flags, struct stat *st); +void open_gbe_file(void); +int lock_file(int fd); +void xopen(int *fd, const char *path, int flags, struct stat *st); /* * Read GbE file and verify @@ -347,17 +343,17 @@ static void xopen(int *fd, const char *path, int flags, struct stat *st); * * After this, we can run commands. */ -static void copy_gbe(void); -static void read_checksums(void); -static int good_checksum(unsigned long partnum); +void copy_gbe(void); +void read_checksums(void); +int good_checksum(unsigned long partnum); /* * Execute user command on GbE data. * These are stubs that call helpers. */ -static void run_cmd(unsigned long c); -static void check_command_num(unsigned long c); -static u8 valid_command(unsigned long c); +void run_cmd(void); +void check_command_num(unsigned long c); +unsigned char valid_command(unsigned long c); /* * portable timeval @@ -370,42 +366,41 @@ struct x_st_timeval { /* * Helper functions for command: setmac */ -static void cmd_helper_setmac(void); -static void parse_mac_string(void); -static unsigned long xstrxlen(const char *scmp, unsigned long maxlen); -static void set_mac_byte(unsigned long mac_byte_pos); -static void set_mac_nib(unsigned long mac_str_pos, +void cmd_helper_setmac(void); +void parse_mac_string(void); +unsigned long xstrxlen(const char *scmp, unsigned long maxlen); +void set_mac_byte(unsigned long mac_byte_pos); +void set_mac_nib(unsigned long mac_str_pos, unsigned long mac_byte_pos, unsigned long mac_nib_pos); -static ushort hextonum(char ch_s); -static ushort rhex(void); -static ushort read_urandom(void); -static ulong entropy_jitter(void); -static int x_i_gettimeofday(struct x_st_timeval *tv, void *tz); -static void write_mac_part(unsigned long partnum); +unsigned short hextonum(char ch_s); +unsigned long rlong(void); +unsigned long entropy_jitter(void); +int x_i_gettimeofday(struct x_st_timeval *tv, void *tz); +void write_mac_part(unsigned long partnum); /* * Helper functions for command: dump */ -static void cmd_helper_dump(void); -static void print_mac_from_nvm(unsigned long partnum); -static void hexdump(unsigned long partnum); +void cmd_helper_dump(void); +void print_mac_from_nvm(unsigned long partnum); +void hexdump(unsigned long partnum); /* * Helper functions for command: swap */ -static void cmd_helper_swap(void); +void cmd_helper_swap(void); /* * Helper functions for command: copy */ -static void cmd_helper_copy(void); +void cmd_helper_copy(void); /* * Helper functions for commands: * cat, cat16 and cat128 */ -static void cmd_helper_cat(void); -static void cat_buf(u8 *b); +void cmd_helper_cat(void); +void cat_buf(unsigned char *b); /* * After command processing, write @@ -414,70 +409,88 @@ static void cat_buf(u8 *b); * These are stub functions: check * below for the actual functions. */ -static void write_gbe_file(void); -static void set_checksum(unsigned long part); -static ushort calculated_checksum(unsigned long p); +void write_gbe_file(void); +void set_checksum(unsigned long part); +unsigned short calculated_checksum(unsigned long p); /* * Helper functions for accessing * the NVM area during operation. */ -static ushort nvm_word(unsigned long pos16, unsigned long part); -static void set_nvm_word(unsigned long pos16, unsigned long part, ushort val16); -static void set_part_modified(unsigned long p); -static void check_nvm_bound(unsigned long pos16, unsigned long part); -static void check_bin(unsigned long a, const char *a_name); +unsigned short nvm_word(unsigned long pos16, unsigned long part); +void set_nvm_word(unsigned long pos16, + unsigned long part, unsigned short val16); +void set_part_modified(unsigned long p); +void check_nvm_bound(unsigned long pos16, unsigned long part); +void check_bin(unsigned long a, const char *a_name); /* * Helper functions for stub functions * that handle GbE file reads/writes. */ -static void rw_gbe_file_part(unsigned long p, int rw_type, +void rw_gbe_file_part(unsigned long p, int rw_type, const char *rw_type_str); -static void write_to_gbe_bin(void); -static int gbe_mv(void); -static void check_written_part(unsigned long p); -static void report_io_err_rw(void); -static int fsync_dir(const char *path); -static u8 *gbe_mem_offset(unsigned long part, const char *f_op); -static off_t gbe_file_offset(unsigned long part, const char *f_op); -static off_t gbe_x_offset(unsigned long part, const char *f_op, +void write_to_gbe_bin(void); +int gbe_mv(void); +void check_written_part(unsigned long p); +void report_io_err_rw(void); +int fsync_dir(const char *path); +unsigned char *gbe_mem_offset(unsigned long part, const char *f_op); +off_t gbe_file_offset(unsigned long part, const char *f_op); +off_t gbe_x_offset(unsigned long part, const char *f_op, const char *d_type, off_t nsize, off_t ncmp); -static long rw_gbe_file_exact(int fd, u8 *mem, unsigned long nrw, +long rw_gbe_file_exact(int fd, unsigned char *mem, unsigned long nrw, off_t off, int rw_type); -static long rw_file_exact(int fd, u8 *mem, unsigned long len, +long rw_file_exact(int fd, unsigned char *mem, unsigned long len, off_t off, int rw_type, int loop_eagain, int loop_eintr, unsigned long max_retries, int off_reset); -static long prw(int fd, void *mem, unsigned long nrw, +long prw(int fd, void *mem, unsigned long nrw, off_t off, int rw_type, int loop_eagain, int loop_eintr, int off_reset); -static int io_args(int fd, void *mem, unsigned long nrw, +int io_args(int fd, void *mem, unsigned long nrw, off_t off, int rw_type); -static int check_file(int fd, struct stat *st); -static long rw_over_nrw(long r, unsigned long nrw); +int check_file(int fd, struct stat *st); +long rw_over_nrw(long r, unsigned long nrw); #if !defined(HAVE_REAL_PREAD_PWRITE) || \ HAVE_REAL_PREAD_PWRITE < 1 -static off_t lseek_loop(int fd, off_t off, +off_t lseek_loop(int fd, off_t off, int whence, int loop_eagain, int loop_eintr); #endif -static int try_err(int loop_err, int errval); +int try_err(int loop_err, int errval); /* * Error handling and cleanup */ -static void usage(void); -static void err(int nvm_errval, const char *msg, ...); -static int exit_cleanup(void); -static const char *getnvmprogname(void); +void usage(void); +void err(int nvm_errval, const char *msg, ...); +int exit_cleanup(void); +const char *getnvmprogname(void); /* * a special kind of hell */ -static char *new_tmpfile(int *fd, int local, const char *path); -static int x_i_mkstemp(char *template); -static char *x_c_strrchr(const char *s, int c); -static int x_i_rename(const char *src, const char *dst); -static char *x_c_tmpdir(void); +char *new_tmpfile(int *fd, int local, const char *path); +int x_i_mkstemp(char *template); +char *x_c_strrchr(const char *s, int c); +/* x_i_rename not suitable + * for atomic writes. kept + * commentted for use in a + * library in the future */ +/* +int x_i_rename(const char *src, const char *dst); +*/ +char *x_c_tmpdir(void); +int x_i_close(int fd); +void *x_v_memcpy(void *dst, + const void *src, unsigned long n); +int x_i_memcmp(const void *a, + const void *b, unsigned long n); +int x_i_fchmod(int fd, mode_t mode); +int x_try_fdpath(const char *prefix, + int fd, mode_t mode); +unsigned long x_conv_fd(char *buf, + unsigned long n); +int x_i_fsync(int fd); /* * Sizes in bytes: @@ -524,24 +537,24 @@ static char *x_c_tmpdir(void); * * The code will handle this properly. */ -static u8 real_buf[GBE_BUF_SIZE]; -static u8 bufcmp[GBE_BUF_SIZE]; /* compare gbe/tmp/reads */ -static u8 pad[GBE_WORK_SIZE]; /* the file that wouldn't die */ -static u8 *buf = real_buf; +unsigned char real_buf[GBE_BUF_SIZE]; +unsigned char bufcmp[GBE_BUF_SIZE]; /* compare gbe/tmp/reads */ +unsigned char pad[GBE_WORK_SIZE]; /* the file that wouldn't die */ +unsigned char *buf = real_buf; -static ushort mac_buf[3]; -static off_t gbe_file_size; -static off_t gbe_tmp_size; +unsigned short mac_buf[3]; +off_t gbe_file_size; +off_t gbe_tmp_size; -static int gbe_fd = -1; -static unsigned long part; -static u8 part_modified[2]; -static u8 part_valid[2]; +int gbe_fd = -1; +unsigned long part; +unsigned char part_modified[2]; +unsigned char part_valid[2]; -static const char rmac[] = "xx:xx:xx:xx:xx:xx"; -static const char *mac_str = rmac; -static const char *fname = NULL; -static const char *argv0; +const char rmac[] = "xx:xx:xx:xx:xx:xx"; +const char *mac_str = rmac; +const char *fname = NULL; +const char *argv0; #ifndef X_LONG_MAX #define X_LONG_MAX ((long)(~((long)1 << (sizeof(long)*CHAR_BIT-1)))) @@ -592,66 +605,6 @@ enum { CHECKSUM_WRITE }; -struct commands { - unsigned long chk; - const char *str; - void (*run)(void); - int argc; - u8 arg_part; - u8 chksum_read; - u8 chksum_write; - unsigned long rw_size; /* within the 4KB GbE part */ - int flags; /* e.g. O_RDWR or O_RDONLY */ -}; - -/* - * Command table, for nvmutil commands - */ -static const struct commands command[] = { - { CMD_DUMP, "dump", cmd_helper_dump, ARGC_3, - ARG_NOPART, - SKIP_CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - NVM_SIZE, O_RDONLY }, - - { CMD_SETMAC, "setmac", cmd_helper_setmac, ARGC_3, - ARG_NOPART, - CHECKSUM_READ, CHECKSUM_WRITE, - NVM_SIZE, O_RDWR }, - - { CMD_SWAP, "swap", cmd_helper_swap, ARGC_3, - ARG_NOPART, - CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - GBE_PART_SIZE, O_RDWR }, - - { CMD_COPY, "copy", cmd_helper_copy, ARGC_4, - ARG_PART, - CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - GBE_PART_SIZE, O_RDWR }, - - { CMD_CAT, "cat", cmd_helper_cat, ARGC_3, - ARG_NOPART, - CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - GBE_PART_SIZE, O_RDONLY }, - - { CMD_CAT16, "cat16", cmd_helper_cat, ARGC_3, - ARG_NOPART, - CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - GBE_PART_SIZE, O_RDONLY }, - - { CMD_CAT128, "cat128", cmd_helper_cat, ARGC_3, - ARG_NOPART, - CHECKSUM_READ, SKIP_CHECKSUM_WRITE, - GBE_PART_SIZE, O_RDONLY }, -}; - -#define MAX_CMD_LEN 50 -#define N_COMMANDS items(command) -#define CMD_NULL N_COMMANDS - -/* - * Index in command[], will be set later - */ -static unsigned long cmd_index = CMD_NULL; /* * asserts (variables/defines sanity check) @@ -685,43 +638,156 @@ typedef char bool_no_loop_eagain[(NO_LOOP_EAGAIN==0)?1:-1]; typedef char bool_off_err[(OFF_ERR==0)?1:-1]; typedef char bool_off_reset[(OFF_RESET==0||OFF_RESET==1)?1:-1]; -static int io_err_gbe = 0; /* intermediary write (verification) */ -static int io_err_gbe_bin = 0; /* final write (real file) */ -static int rw_check_err_read[] = {0, 0}; -static int rw_check_partial_read[] = {0, 0}; -static int rw_check_bad_part[] = {0, 0}; +int io_err_gbe = 0; /* intermediary write (verification) */ +int io_err_gbe_bin = 0; /* final write (real file) */ +int rw_check_err_read[] = {0, 0}; +int rw_check_partial_read[] = {0, 0}; +int rw_check_bad_part[] = {0, 0}; + +int post_rw_checksum[] = {0, 0}; -static int post_rw_checksum[] = {0, 0}; +dev_t gbe_dev; +ino_t gbe_ino; -static dev_t gbe_dev; -static ino_t gbe_ino; +dev_t tmp_dev; +ino_t tmp_ino; -static dev_t tmp_dev; -static ino_t tmp_ino; +int tmp_fd = -1; +char *tname = NULL; /* - * No need to declare feature - * macros. I jus declare the - * prototypes. Should be safe - * on most Unices and compilers + * Used for checking whether. + * a file is a file via stat(). + * + * Portable macro for compatibility + * with older unix e.g. v7 unix (has S_IFREG), + * 4.2bsd (has S_IFMT) or POSIX (has S_ISREG) + * + * Fallback works where S_IFREG == 0100000 + * (classic unix bitmask) */ -char *mktemp(char *template); -int fchmod(int fd, mode_t mode); -void sync(void); -int syncfs(int fd); - -static int tmp_fd = -1; -static char *tname = NULL; #ifndef S_ISREG +#if defined(S_IFMT) && defined(S_IFREG) #define S_ISREG(m) (((m) & S_IFMT) == S_IFREG) +#elif defined(S_IFREG) +#define S_ISREG(m) (((m) & S_IFREG) != 0) +#else +#error "can't determine types with stat()" +#endif #endif -extern void *malloc(); +struct commands { + unsigned long chk; + const char *str; + void (*run)(void); + int argc; + unsigned char arg_part; + unsigned char chksum_read; + unsigned char chksum_write; + unsigned long rw_size; /* within the 4KB GbE part */ + int flags; /* e.g. O_RDWR or O_RDONLY */ +}; + +#define MAX_CMD_LEN 50 + +/* + * BE CAREFUL when editing this + * to ensure that you also update + * the tables in new_xstate() + */ +struct xstate { + struct commands cmd[7]; + unsigned long i; /* index to cmd[] for current command */ + int no_cmd; + + /* store size of a struct here. + (can be used to copy old state) */ + unsigned long xsize; +}; + +/* + * Program state/command table + * Default config stored here, + * and copied to a newly allocated + * buffer in memory, then the pointer + * is passed. The rest of the program + * will manipulate this data. + */ +struct xstate * +new_xstate(void) +{ + static struct xstate us = { + /* .cmd (update cmd[] in the struct if adding to it) */ + { + { + CMD_DUMP, "dump", cmd_helper_dump, ARGC_3, + ARG_NOPART, + SKIP_CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + NVM_SIZE, O_RDONLY + }, { + CMD_SETMAC, "setmac", cmd_helper_setmac, ARGC_3, + ARG_NOPART, + CHECKSUM_READ, CHECKSUM_WRITE, + NVM_SIZE, O_RDWR + }, { + CMD_SWAP, "swap", cmd_helper_swap, ARGC_3, + ARG_NOPART, + CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + GBE_PART_SIZE, O_RDWR + }, { + CMD_COPY, "copy", cmd_helper_copy, ARGC_4, + ARG_PART, + CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + GBE_PART_SIZE, O_RDWR + }, { + CMD_CAT, "cat", cmd_helper_cat, ARGC_3, + ARG_NOPART, + CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + GBE_PART_SIZE, O_RDONLY + }, { + CMD_CAT16, "cat16", cmd_helper_cat, ARGC_3, + ARG_NOPART, + CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + GBE_PART_SIZE, O_RDONLY + }, { + CMD_CAT128, "cat128", cmd_helper_cat, ARGC_3, + ARG_NOPART, + CHECKSUM_READ, SKIP_CHECKSUM_WRITE, + GBE_PART_SIZE, O_RDONLY + } + }, + /* .cmd_index */ + 0, + /* .no_cmd (set 0 when a command is found) */ + 1, + /* .xsize (size of the stuct will be stored here later) */ + 0 + }; + + struct xstate *xs_new; + + us.xsize = sizeof(us); + + if ((xs_new = malloc(us.xsize)) == NULL) + err(ECANCELED, "Could not initialise new state"); + + memcpy(xs_new, &us, us.xsize); + + return xs_new; +} + +struct xstate *nv = NULL; int main(int argc, char *argv[]) { + struct commands *cmd; + + nv = new_xstate(); + if (nv == NULL) + err(errno, NULL); + argv0 = argv[0]; if (argc < 3) usage(); @@ -751,6 +817,8 @@ main(int argc, char *argv[]) err(errno, "pledge, unveil"); if (unveil("/dev/urandom", "r") == -1) err(errno, "unveil: /dev/urandom"); + if (unveil("/dev/random", "r") == -1) + err(errno, "unveil: /dev/random"); #else if (pledge("stdio flock rpath wpath cpath", NULL) == -1) err(errno, "pledge"); @@ -762,6 +830,8 @@ main(int argc, char *argv[]) set_cmd(argc, argv); set_cmd_args(argc, argv); + cmd = &nv->cmd[nv->i]; + #ifdef NVMUTIL_UNVEIL if (command[cmd_index].flags == O_RDONLY) { if (unveil(fname, "r") == -1) @@ -781,7 +851,7 @@ main(int argc, char *argv[]) err(errno, "pledge (kill unveil)"); #endif - srand((uint)(time(NULL) ^ getpid())); + srand((unsigned int)(time(NULL) ^ getpid())); open_gbe_file(); @@ -792,9 +862,9 @@ main(int argc, char *argv[]) read_checksums(); - run_cmd(cmd_index); + run_cmd(); - if (command[cmd_index].flags == O_RDWR) + if (cmd->flags == O_RDWR) write_to_gbe_bin(); if (exit_cleanup() == -1) @@ -812,51 +882,55 @@ main(int argc, char *argv[]) /* * Guard against regressions by maintainers (command table) */ -static void +void sanitize_command_list(void) { unsigned long c; + unsigned long num_commands = items(nv->cmd); - for (c = 0; c < N_COMMANDS; c++) + for (c = 0; c < num_commands; c++) sanitize_command_index(c); } /* * TODO: specific config checks per command */ -static void +void sanitize_command_index(unsigned long c) { unsigned long gbe_rw_size; + struct commands *cmd = &nv->cmd[c]; + check_command_num(c); - if (command[c].argc < 3) + if (cmd->argc < 3) err(EINVAL, "cmd index %lu: argc below 3, %d", - (ulong)c, command[c].argc); + (unsigned long)c, cmd->argc); - if (command[c].str == NULL) + if (cmd->str == NULL) err(EINVAL, "cmd index %lu: NULL str", - (ulong)c); - if (*command[c].str == '\0') + (unsigned long)c); + + if (*cmd->str == '\0') err(EINVAL, "cmd index %lu: empty str", - (ulong)c); + (unsigned long)c); - if (xstrxlen(command[c].str, MAX_CMD_LEN + 1) > + if (xstrxlen(cmd->str, MAX_CMD_LEN + 1) > MAX_CMD_LEN) { err(EINVAL, "cmd index %lu: str too long: %s", - (ulong)c, command[c].str); + (unsigned long)c, cmd->str); } - if (command[c].run == NULL) + if (cmd->run == NULL) err(EINVAL, "cmd index %lu: cmd ptr null", - (ulong)c); + (unsigned long)c); - check_bin(command[c].arg_part, "cmd.arg_part"); - check_bin(command[c].chksum_read, "cmd.chksum_read"); - check_bin(command[c].chksum_write, "cmd.chksum_write"); + check_bin(cmd->arg_part, "cmd.arg_part"); + check_bin(cmd->chksum_read, "cmd.chksum_read"); + check_bin(cmd->chksum_write, "cmd.chksum_write"); - gbe_rw_size = command[c].rw_size; + gbe_rw_size = cmd->rw_size; switch (gbe_rw_size) { case GBE_PART_SIZE: @@ -864,71 +938,94 @@ sanitize_command_index(unsigned long c) break; default: err(EINVAL, "Unsupported rw_size: %lu", - (ulong)gbe_rw_size); + (unsigned long)gbe_rw_size); } if (gbe_rw_size > GBE_PART_SIZE) err(EINVAL, "rw_size larger than GbE part: %lu", - (ulong)gbe_rw_size); + (unsigned long)gbe_rw_size); - if (command[c].flags != O_RDONLY && - command[c].flags != O_RDWR) + if (cmd->flags != O_RDONLY && + cmd->flags != O_RDWR) err(EINVAL, "invalid cmd.flags setting"); } -static void +void set_cmd(int argc, char *argv[]) { - const char *cmd_str; + const char *cmd; + + unsigned long i = 0; - for (cmd_index = 0; valid_command(cmd_index); cmd_index++) { - cmd_str = command[cmd_index].str; + for (i = 0; i < items(nv->cmd); i++) { - if (xstrxcmp(argv[2], cmd_str, MAX_CMD_LEN) != 0) + cmd = nv->cmd[i].str; + + /* not the right command */ + if (xstrxcmp(argv[2], cmd, MAX_CMD_LEN) != 0) continue; - else if (argc >= command[cmd_index].argc) + + /* valid command found */ + if (argc >= nv->cmd[i].argc) { + nv->no_cmd = 0; + nv->i = i; /* set command */ + return; + } - err(EINVAL, "Too few args on command '%s'", cmd_str); + err(EINVAL, + "Too few args on command '%s'", cmd); } - cmd_index = CMD_NULL; + nv->no_cmd = 1; } -static void +void set_cmd_args(int argc, char *argv[]) { - u8 arg_part; + unsigned char arg_part; + unsigned long index; + + struct commands *cmd; - if (!valid_command(cmd_index) || argc < 3) + if (!valid_command(nv->i) || argc < 3) usage(); - arg_part = command[cmd_index].arg_part; + index = nv->i; + + cmd = &nv->cmd[index]; + + arg_part = cmd->arg_part; /* Maintainer bugs */ if (arg_part && argc < 4) err(EINVAL, "arg_part set for command that needs argc4"); - if (arg_part && cmd_index == CMD_SETMAC) + + if (arg_part && index == CMD_SETMAC) err(EINVAL, "arg_part set on CMD_SETMAC"); - if (cmd_index == CMD_SETMAC) + if (index == CMD_SETMAC) { + mac_str = argc >= 4 ? argv[3] : rmac; - else if (arg_part) + + } else if (arg_part) { + part = conv_argv_part_num(argv[3]); + } } -static unsigned long +unsigned long conv_argv_part_num(const char *part_str) { - u8 ch; + unsigned char ch; if (part_str[0] == '\0' || part_str[1] != '\0') err(EINVAL, "Partnum string '%s' wrong length", part_str); /* char signedness is implementation-defined */ - ch = (u8)part_str[0]; + ch = (unsigned char)part_str[0]; if (ch < '0' || ch > '1') err(EINVAL, "Bad part number (%c)", ch); @@ -939,7 +1036,7 @@ conv_argv_part_num(const char *part_str) * Portable strcmp() but blocks NULL/empty/unterminated * strings. Even stricter than strncmp(). */ -static int +int xstrxcmp(const char *a, const char *b, unsigned long maxlen) { unsigned long i; @@ -951,8 +1048,8 @@ xstrxcmp(const char *a, const char *b, unsigned long maxlen) err(EINVAL, "Empty string in xstrxcmp"); for (i = 0; i < maxlen; i++) { - u8 ac = (u8)a[i]; - u8 bc = (u8)b[i]; + unsigned char ac = (unsigned char)a[i]; + unsigned char bc = (unsigned char)b[i]; if (ac == '\0' || bc == '\0') { if (ac == bc) @@ -976,14 +1073,16 @@ xstrxcmp(const char *a, const char *b, unsigned long maxlen) return -1; } -static void +void open_gbe_file(void) { struct stat gbe_st; int flags; + struct commands *cmd = &nv->cmd[nv->i]; + xopen(&gbe_fd, fname, - command[cmd_index].flags | O_BINARY | + cmd->flags | O_BINARY | O_NOFOLLOW | O_CLOEXEC, &gbe_st); /* inode will be checked later on write */ @@ -991,9 +1090,9 @@ open_gbe_file(void) gbe_ino = gbe_st.st_ino; if (gbe_st.st_nlink > 1) - fprintf(stderr, - "%s: warning: file has %lu hard links\n", - fname, (ulong)gbe_st.st_nlink); + err(EINVAL, + "%s: warning: file has multiple (%lu) hard links\n", + fname, (unsigned long)gbe_st.st_nlink); if (gbe_st.st_nlink == 0) err(EIO, "%s: file unlinked while open", fname); @@ -1026,14 +1125,15 @@ open_gbe_file(void) err(errno, "%s: can't lock", fname); } -static int +int lock_file(int fd) { struct flock fl; + struct commands *cmd = &nv->cmd[nv->i]; memset(&fl, 0, sizeof(fl)); - if (command[cmd_index].flags == O_RDONLY) + if (cmd->flags == O_RDONLY) fl.l_type = F_RDLCK; else fl.l_type = F_WRLCK; @@ -1046,7 +1146,7 @@ lock_file(int fd) return 0; } -static void +void xopen(int *fd_ptr, const char *path, int flags, struct stat *st) { if ((*fd_ptr = open(path, flags)) == -1) @@ -1073,7 +1173,7 @@ xopen(int *fd_ptr, const char *path, int flags, struct stat *st) * double-read verification, * which also benefits cmd_cat. */ -static void +void copy_gbe(void) { long r; @@ -1109,7 +1209,12 @@ copy_gbe(void) if (gbe_tmp_size != gbe_file_size) err(EIO, "%s: %s: not the same size", fname, tname); - sync(); + /* + * fsync tmp gbe file, because we will compare + * its contents to what was read (for safety) + */ + if (x_i_fsync(tmp_fd) == -1) + err(errno, "%s: fsync (tmpfile copy)", tname); r = rw_file_exact(tmp_fd, bufcmp, gbe_file_size, 0, IO_PREAD, NO_LOOP_EAGAIN, LOOP_EINTR, @@ -1118,7 +1223,7 @@ copy_gbe(void) if (r < 0) err(errno, "%s: read failed (cmp)", tname); - if (memcmp(buf, bufcmp, gbe_file_size) != 0) + if (x_i_memcmp(buf, bufcmp, gbe_file_size) != 0) err(errno, "%s: %s: read contents differ (pre-test)", fname, tname); @@ -1135,30 +1240,32 @@ copy_gbe(void) if (gbe_file_size == SIZE_8KB) return; - memcpy(buf + (unsigned long)GBE_PART_SIZE, + x_v_memcpy(buf + (unsigned long)GBE_PART_SIZE, buf + (unsigned long)(gbe_file_size >> 1), (unsigned long)GBE_PART_SIZE); } -static void +void read_checksums(void) { unsigned long p; unsigned long skip_part; - u8 arg_part; - u8 num_invalid; - u8 max_invalid; + unsigned char arg_part; + unsigned char num_invalid; + unsigned char max_invalid; + + struct commands *cmd = &nv->cmd[nv->i]; part_valid[0] = 0; part_valid[1] = 0; - if (!command[cmd_index].chksum_read) + if (!cmd->chksum_read) return; num_invalid = 0; max_invalid = 2; - arg_part = command[cmd_index].arg_part; + arg_part = cmd->arg_part; if (arg_part) max_invalid = 1; @@ -1183,57 +1290,68 @@ read_checksums(void) if (num_invalid >= max_invalid) { if (max_invalid == 1) err(ECANCELED, "%s: part %lu has a bad checksum", - fname, (ulong)part); + fname, (unsigned long)part); err(ECANCELED, "%s: No valid checksum found in file", fname); } } -static int +int good_checksum(unsigned long partnum) { - ushort expected_checksum = calculated_checksum(partnum); - ushort current_checksum = nvm_word(NVM_CHECKSUM_WORD, partnum); + unsigned short expected_checksum = + calculated_checksum(partnum); - if (current_checksum == expected_checksum) - return 1; + unsigned short current_checksum = + nvm_word(NVM_CHECKSUM_WORD, partnum); - return 0; + return current_checksum == expected_checksum; } -static void -run_cmd(unsigned long c) +void +run_cmd(void) { - check_command_num(c); + unsigned long cmd_num; + struct commands *cmd; - if (command[c].run == NULL) - err(EINVAL, "Command %lu: null ptr", (ulong)c); + cmd_num = nv->i; + cmd = &nv->cmd[cmd_num]; - command[c].run(); + check_command_num(cmd_num); + + if (cmd->run == NULL) + err(EINVAL, "Command %lu: null ptr", cmd_num); + + cmd->run(); } -static void +void check_command_num(unsigned long c) { if (!valid_command(c)) err(EINVAL, "Invalid run_cmd arg: %lu", - (ulong)c); + (unsigned long)c); } -static u8 +unsigned char valid_command(unsigned long c) { - if (c >= N_COMMANDS) + struct commands *cmd; + + if (c >= items(nv->cmd)) return 0; - if (c != command[c].chk) - err(EINVAL, "Invalid cmd chk value (%lu) vs arg: %lu", - (ulong)command[c].chk, (ulong)c); + cmd = &nv->cmd[c]; + + if (c != cmd->chk) + err(EINVAL, + "Invalid cmd chk value (%lu) vs arg: %lu", + cmd->chk, c); return 1; } -static void +void cmd_helper_setmac(void) { unsigned long partnum; @@ -1245,7 +1363,7 @@ cmd_helper_setmac(void) write_mac_part(partnum); } -static void +void parse_mac_string(void) { unsigned long mac_byte; @@ -1271,7 +1389,7 @@ parse_mac_string(void) * strnlen() was standardized in POSIX.1-2008 and is not * available on some older systems, so we provide our own. */ -static unsigned long +unsigned long xstrxlen(const char *scmp, unsigned long maxlen) { unsigned long xstr_index; @@ -1292,7 +1410,7 @@ xstrxlen(const char *scmp, unsigned long maxlen) return xstr_index; } -static void +void set_mac_byte(unsigned long mac_byte_pos) { unsigned long mac_str_pos = mac_byte_pos * 3; @@ -1309,12 +1427,12 @@ set_mac_byte(unsigned long mac_byte_pos) set_mac_nib(mac_str_pos, mac_byte_pos, mac_nib_pos); } -static void +void set_mac_nib(unsigned long mac_str_pos, unsigned long mac_byte_pos, unsigned long mac_nib_pos) { char mac_ch; - ushort hex_num; + unsigned short hex_num; mac_ch = mac_str[mac_str_pos + mac_nib_pos]; @@ -1339,47 +1457,42 @@ set_mac_nib(unsigned long mac_str_pos, | ((mac_nib_pos ^ 1) << 2)); /* left or right nib? */ } -static ushort +unsigned short hextonum(char ch_s) { - u8 ch = (u8)ch_s; + unsigned char ch = (unsigned char)ch_s; - if ((uint)(ch - '0') <= 9) + if ((unsigned int)(ch - '0') <= 9) return ch - '0'; ch |= 0x20; - if ((uint)(ch - 'a') <= 5) + if ((unsigned int)(ch - 'a') <= 5) return ch - 'a' + 10; if (ch == '?' || ch == 'x') - return rhex(); /* random character */ + return (unsigned short)rlong() & 0xf; return 16; /* invalid character */ } -static ushort -rhex(void) +unsigned long +rlong(void) { struct x_st_timeval tv; - ulong mix; - static ulong counter = 0; - ushort r; - - /* Read /dev/urandom - * if possible */ - r = read_urandom(); - if (r < 16) - return r; + static unsigned long mix = 0; + static unsigned long counter = 0; - /* Fallback */ + static int fd = -1; + unsigned long rval = 0; + long nr = -1; x_i_gettimeofday(&tv, NULL); - mix = (ulong)tv.tv_sec - ^ (ulong)tv.tv_usec - ^ (ulong)getpid() - ^ (ulong)&mix + mix ^= (unsigned long)tv.tv_sec + ^ (unsigned long)tv.tv_usec + ^ (unsigned long)getpid() + ^ (unsigned long)&mix ^ counter++ ^ entropy_jitter(); @@ -1387,59 +1500,62 @@ rhex(void) * Stack addresses can vary between * calls, thus increasing entropy. */ - mix ^= (ulong)&mix; - mix ^= (ulong)&tv; - mix ^= (ulong)&counter; - - return (ushort)(mix & 0xf); -} - -static ushort -read_urandom(void) -{ - static int fd = -1; - static long n = -1; - - static u8 r[256]; - - if (fd < 0) { + mix ^= (unsigned long)&mix; + mix ^= (unsigned long)&tv; + mix ^= (unsigned long)&counter; - fd = open("/dev/urandom", O_RDONLY | O_NONBLOCK); - if (fd < 0) /* older openbsd */ - fd = open("/dev/arandom", O_RDONLY | O_NONBLOCK); - if (fd < 0) /* super old unix (could block) */ - fd = open("/dev/random", O_RDONLY | O_NONBLOCK); + /* + * Now, we won't use this mix + * immediately. We'll try to + * read urandom first, which is + * likely safer, and pass that, + * falling back to the mixture + * if urandom fails. + * + * Since urandom is likely + * reliable, the number of + * times it will fail is + * likely extremely random, + * thus, building more than + * sufficient entropy by the + * time we do eventually use + * the fallback code + */ - if (fd < 0) - return 16; - } + if (fd < 0) + fd = open("/dev/urandom", O_RDONLY | O_BINARY | O_NONBLOCK); - if (n < 0) { +#if !(defined(__OpenBSD__) && defined(OpenBSD)) || \ + (defined(__OpenBSD__) && defined(OpenBSD) && \ + OpenBSD < 604) + if (fd < 0) /* old openbsd */ + fd = open("/dev/arandom", O_RDONLY | O_BINARY | O_NONBLOCK); +#endif - n = rw_file_exact(fd, r, 256, 0, IO_READ, - LOOP_EAGAIN, LOOP_EINTR, 2, OFF_ERR); + if (fd < 0) + fd = open("/dev/random", O_RDONLY | O_BINARY | O_NONBLOCK); - if (n == 0) - n = -1; - if (n < 0) - return 16; + nr = rw_file_exact(fd, (unsigned char *)&rval, + sizeof(unsigned long), 0, IO_READ, LOOP_EAGAIN, + LOOP_EINTR, MAX_ZERO_RW_RETRY, OFF_ERR); - --n; - } + if (nr == sizeof(unsigned long)) + return rval; - return r[n--] & 0xf; + return mix; } -static ulong +unsigned long entropy_jitter(void) { struct x_st_timeval a, b; - ulong mix = 0; + unsigned long mix = 0; long mix_diff; int i; - for (i = 0; i < 8; i++) { - x_i_gettimeofday(&a, NULL); + x_i_gettimeofday(&a, NULL); + + for (i = 0; i < 32; i++) { getpid(); x_i_gettimeofday(&b, NULL); @@ -1451,8 +1567,8 @@ entropy_jitter(void) if (mix_diff < 0) mix_diff = -mix_diff; - mix ^= (ulong)(mix_diff); - mix ^= (ulong)&mix; + mix ^= (unsigned long)(mix_diff); + mix ^= (unsigned long)&mix; } return mix; @@ -1460,7 +1576,7 @@ entropy_jitter(void) -static int +int x_i_gettimeofday(struct x_st_timeval *tv, void *tz) { time_t t; @@ -1470,12 +1586,12 @@ x_i_gettimeofday(struct x_st_timeval *tv, void *tz) t = time(NULL); tv->tv_sec = t; - tv->tv_usec = (long)clock() % 1000000; + tv->tv_usec = (long)((unsigned long)clock() % 1000000UL); return 0; } -static void +void write_mac_part(unsigned long partnum) { unsigned long w; @@ -1488,11 +1604,11 @@ write_mac_part(unsigned long partnum) set_nvm_word(w, partnum, mac_buf[w]); printf("Wrote MAC address to part %lu: ", - (ulong)partnum); + (unsigned long)partnum); print_mac_from_nvm(partnum); } -static void +void cmd_helper_dump(void) { unsigned long partnum; @@ -1505,27 +1621,27 @@ cmd_helper_dump(void) fprintf(stderr, "BAD checksum %04x in part %lu (expected %04x)\n", nvm_word(NVM_CHECKSUM_WORD, partnum), - (ulong)partnum, + (unsigned long)partnum, calculated_checksum(partnum)); printf("MAC (part %lu): ", - (ulong)partnum); + (unsigned long)partnum); print_mac_from_nvm(partnum); hexdump(partnum); } } -static void +void print_mac_from_nvm(unsigned long partnum) { unsigned long c; - ushort val16; + unsigned short val16; for (c = 0; c < 3; c++) { val16 = nvm_word(c, partnum); printf("%02x:%02x", - (uint)(val16 & 0xff), - (uint)(val16 >> 8)); + (unsigned int)(val16 & 0xff), + (unsigned int)(val16 >> 8)); if (c == 2) printf("\n"); else @@ -1533,41 +1649,41 @@ print_mac_from_nvm(unsigned long partnum) } } -static void +void hexdump(unsigned long partnum) { unsigned long c; unsigned long row; - ushort val16; + unsigned short val16; for (row = 0; row < 8; row++) { - printf("%08lx ", (ulong)((unsigned long)row << 4)); + printf("%08lx ", (unsigned long)((unsigned long)row << 4)); for (c = 0; c < 8; c++) { val16 = nvm_word((row << 3) + c, partnum); if (c == 4) printf(" "); printf(" %02x %02x", - (uint)(val16 & 0xff), - (uint)(val16 >> 8)); + (unsigned int)(val16 & 0xff), + (unsigned int)(val16 >> 8)); } printf("\n"); } } -static void +void cmd_helper_swap(void) { - memcpy( + x_v_memcpy( buf + (unsigned long)GBE_WORK_SIZE, buf, GBE_PART_SIZE); - memcpy( + x_v_memcpy( buf, buf + (unsigned long)GBE_PART_SIZE, GBE_PART_SIZE); - memcpy( + x_v_memcpy( buf + (unsigned long)GBE_PART_SIZE, buf + (unsigned long)GBE_WORK_SIZE, GBE_PART_SIZE); @@ -1576,10 +1692,10 @@ cmd_helper_swap(void) set_part_modified(1); } -static void +void cmd_helper_copy(void) { - memcpy( + x_v_memcpy( buf + (unsigned long)((part ^ 1) * GBE_PART_SIZE), buf + (unsigned long)(part * GBE_PART_SIZE), GBE_PART_SIZE); @@ -1587,18 +1703,20 @@ cmd_helper_copy(void) set_part_modified(part ^ 1); } -static void +void cmd_helper_cat(void) { unsigned long p = 0; unsigned long ff = 0; unsigned long nff = 0; + unsigned long cmd_num = nv->i; + fflush(NULL); memset(pad, 0xff, GBE_PART_SIZE); - switch (cmd_index) { + switch (cmd_num) { case CMD_CAT: nff = 0; break; @@ -1620,8 +1738,8 @@ cmd_helper_cat(void) } } -static void -cat_buf(u8 *b) +void +cat_buf(unsigned char *b) { if (rw_file_exact(STDOUT_FILENO, b, GBE_PART_SIZE, 0, IO_WRITE, LOOP_EAGAIN, LOOP_EINTR, @@ -1629,16 +1747,18 @@ cat_buf(u8 *b) err(errno, "stdout: cat"); } -static void +void write_gbe_file(void) { struct stat gbe_st; struct stat tmp_st; unsigned long p; - u8 update_checksum; + unsigned char update_checksum; - if (command[cmd_index].flags == O_RDONLY) + struct commands *cmd = &nv->cmd[nv->i]; + + if (cmd->flags == O_RDONLY) return; if (fstat(gbe_fd, &gbe_st) == -1) @@ -1659,7 +1779,7 @@ write_gbe_file(void) if (!S_ISREG(tmp_st.st_mode)) err(errno, "%s: file type changed before write", tname); - update_checksum = command[cmd_index].chksum_write; + update_checksum = cmd->chksum_write; for (p = 0; p < 2; p++) { if (!part_modified[p]) @@ -1672,23 +1792,23 @@ write_gbe_file(void) } } -static void +void set_checksum(unsigned long p) { check_bin(p, "part number"); set_nvm_word(NVM_CHECKSUM_WORD, p, calculated_checksum(p)); } -static ushort +unsigned short calculated_checksum(unsigned long p) { unsigned long c; - uint val16 = 0; + unsigned int val16 = 0; for (c = 0; c < NVM_CHECKSUM_WORD; c++) - val16 += (uint)nvm_word(c, p); + val16 += (unsigned int)nvm_word(c, p); - return (ushort)((NVM_CHECKSUM - val16) & 0xffff); + return (unsigned short)((NVM_CHECKSUM - val16) & 0xffff); } /* @@ -1699,7 +1819,7 @@ calculated_checksum(unsigned long p) * file, but we assume otherwise and adapt accordingly. */ -static ushort +unsigned short nvm_word(unsigned long pos16, unsigned long p) { unsigned long pos; @@ -1707,32 +1827,32 @@ nvm_word(unsigned long pos16, unsigned long p) check_nvm_bound(pos16, p); pos = (pos16 << 1) + (p * GBE_PART_SIZE); - return (ushort)buf[pos] | - ((ushort)buf[pos + 1] << 8); + return (unsigned short)buf[pos] | + ((unsigned short)buf[pos + 1] << 8); } -static void -set_nvm_word(unsigned long pos16, unsigned long p, ushort val16) +void +set_nvm_word(unsigned long pos16, unsigned long p, unsigned short val16) { unsigned long pos; check_nvm_bound(pos16, p); pos = (pos16 << 1) + (p * GBE_PART_SIZE); - buf[pos] = (u8)(val16 & 0xff); - buf[pos + 1] = (u8)(val16 >> 8); + buf[pos] = (unsigned char)(val16 & 0xff); + buf[pos + 1] = (unsigned char)(val16 >> 8); set_part_modified(p); } -static void +void set_part_modified(unsigned long p) { check_bin(p, "part number"); part_modified[p] = 1; } -static void +void check_nvm_bound(unsigned long c, unsigned long p) { /* @@ -1745,30 +1865,34 @@ check_nvm_bound(unsigned long c, unsigned long p) if (c >= NVM_WORDS) err(ECANCELED, "check_nvm_bound: out of bounds %lu", - (ulong)c); + (unsigned long)c); } -static void +void check_bin(unsigned long a, const char *a_name) { if (a > 1) err(EINVAL, "%s must be 0 or 1, but is %lu", - a_name, (ulong)a); + a_name, (unsigned long)a); } -static void +void rw_gbe_file_part(unsigned long p, int rw_type, const char *rw_type_str) { long r; - unsigned long gbe_rw_size = command[cmd_index].rw_size; + unsigned long gbe_rw_size; + struct commands *cmd = &nv->cmd[nv->i]; + + unsigned char *mem_offset; - u8 *mem_offset; off_t file_offset; + gbe_rw_size = cmd->rw_size; + if (rw_type < IO_PREAD || rw_type > IO_PWRITE) err(errno, "%s: %s: part %lu: invalid rw_type, %d", - fname, rw_type_str, (ulong)p, rw_type); + fname, rw_type_str, (unsigned long)p, rw_type); mem_offset = gbe_mem_offset(p, rw_type_str); file_offset = (off_t)gbe_file_offset(p, rw_type_str); @@ -1778,25 +1902,33 @@ rw_gbe_file_part(unsigned long p, int rw_type, if (r == -1) err(errno, "%s: %s: part %lu", - fname, rw_type_str, (ulong)p); + fname, rw_type_str, (unsigned long)p); if ((unsigned long)r != gbe_rw_size) err(EIO, "%s: partial %s: part %lu", - fname, rw_type_str, (ulong)p); + fname, rw_type_str, (unsigned long)p); } -static void +void write_to_gbe_bin(void) { int saved_errno; int mv; - if (command[cmd_index].flags != O_RDWR) + struct commands *cmd = &nv->cmd[nv->i]; + + if (cmd->flags != O_RDWR) return; write_gbe_file(); - sync(); + /* + * We may otherwise read from + * cache, so we must sync. + */ + if (x_i_fsync(tmp_fd) == -1) + err(errno, "%s: fsync (pre-verification)", + tname); check_written_part(0); check_written_part(1); @@ -1813,12 +1945,12 @@ write_to_gbe_bin(void) saved_errno = errno; - if (close(tmp_fd) == -1) { + if (x_i_close(tmp_fd) == -1) { fprintf(stderr, "FAIL: %s: close\n", tname); io_err_gbe_bin = 1; } - if (close(gbe_fd) == -1) { + if (x_i_close(gbe_fd) == -1) { fprintf(stderr, "FAIL: %s: close\n", fname); io_err_gbe_bin = 1; } @@ -1865,20 +1997,22 @@ write_to_gbe_bin(void) "errno %d: %s\n", errno, strerror(errno)); } -static void +void check_written_part(unsigned long p) { long r; unsigned long gbe_rw_size; - u8 *mem_offset; + unsigned char *mem_offset; off_t file_offset; - u8 *buf_restore; + unsigned char *buf_restore; struct stat st; + struct commands *cmd = &nv->cmd[nv->i]; + if (!part_modified[p]) return; - gbe_rw_size = command[cmd_index].rw_size; + gbe_rw_size = cmd->rw_size; /* invert not needed for pwrite */ mem_offset = gbe_mem_offset(p, "pwrite"); @@ -1903,7 +2037,7 @@ check_written_part(unsigned long p) rw_check_err_read[p] = io_err_gbe = 1; else if ((unsigned long)r != gbe_rw_size) rw_check_partial_read[p] = io_err_gbe = 1; - else if (memcmp(mem_offset, pad, gbe_rw_size) != 0) + else if (x_i_memcmp(mem_offset, pad, gbe_rw_size) != 0) rw_check_bad_part[p] = io_err_gbe = 1; if (rw_check_err_read[p] || @@ -1921,7 +2055,7 @@ check_written_part(unsigned long p) buf = buf_restore; } -static void +void report_io_err_rw(void) { unsigned long p; @@ -1936,22 +2070,22 @@ report_io_err_rw(void) if (rw_check_err_read[p]) fprintf(stderr, "%s: pread: p%lu (post-verification)\n", - fname, (ulong)p); + fname, (unsigned long)p); if (rw_check_partial_read[p]) fprintf(stderr, "%s: partial pread: p%lu (post-verification)\n", - fname, (ulong)p); + fname, (unsigned long)p); if (rw_check_bad_part[p]) fprintf(stderr, "%s: pwrite: corrupt write on p%lu\n", - fname, (ulong)p); + fname, (unsigned long)p); if (rw_check_err_read[p] || rw_check_partial_read[p]) { fprintf(stderr, "%s: p%lu: skipped checksum verification " "(because read failed)\n", - fname, (ulong)p); + fname, (unsigned long)p); continue; } @@ -1964,7 +2098,7 @@ report_io_err_rw(void) fprintf(stderr, "BAD"); fprintf(stderr, " checksum in p%lu on-disk.\n", - (ulong)p); + (unsigned long)p); if (post_rw_checksum[p]) { fprintf(stderr, @@ -1974,7 +2108,7 @@ report_io_err_rw(void) } } -static int +int gbe_mv(void) { int r; @@ -1986,7 +2120,7 @@ gbe_mv(void) saved_errno = errno; - r = x_i_rename(tname, fname); + r = rename(tname, fname); if (r > -1) { /* @@ -2033,12 +2167,13 @@ gbe_mv(void) if (r < 0) goto ret_gbe_mv; - sync(); + if (x_i_fsync(dest_fd) == -1) + goto ret_gbe_mv; - if (close(dest_fd) == -1) + if (x_i_close(dest_fd) == -1) goto ret_gbe_mv; - if (x_i_rename(dest_tmp, fname) == -1) + if (rename(dest_tmp, fname) == -1) goto ret_gbe_mv; if (fsync_dir(fname) < 0) @@ -2050,7 +2185,7 @@ gbe_mv(void) ret_gbe_mv: if (gbe_fd > -1) { - if (close(gbe_fd) < 0) + if (x_i_close(gbe_fd) < 0) r = -1; if (fsync_dir(fname) < 0) r = -1; @@ -2058,7 +2193,7 @@ ret_gbe_mv: } if (tmp_fd > -1) { - if (close(tmp_fd) < 0) + if (x_i_close(tmp_fd) < 0) r = -1; tmp_fd = -1; @@ -2091,10 +2226,10 @@ ret_gbe_mv: } /* - * Ensure x_i_rename() is durable by syncing the + * Ensure rename() is durable by syncing the * directory containing the target file. */ -static int +int fsync_dir(const char *path) { #if defined(PATH_LEN) && \ @@ -2120,22 +2255,38 @@ fsync_dir(const char *path) goto err_fsync_dir; } + if (pathlen == 0) + { + errno = EINVAL; + goto err_fsync_dir; + } + dirbuf = malloc(pathlen + 1); if (dirbuf == NULL) goto err_fsync_dir; - memcpy(dirbuf, path, pathlen + 1); + x_v_memcpy(dirbuf, path, pathlen + 1); slash = x_c_strrchr(dirbuf, '/'); if (slash != NULL) { *slash = '\0'; - if (*dirbuf == '\0') - strcpy(dirbuf, "/"); + if (*dirbuf == '\0') { + dirbuf[0] = '/'; + dirbuf[1] = '\0'; + } } else { - strcpy(dirbuf, "."); + dirbuf[0] = '.'; + dirbuf[1] = '\0'; } - dfd = open(dirbuf, O_RDONLY); + dfd = open(dirbuf, O_RDONLY +#ifdef O_DIRECTORY + | O_DIRECTORY +#endif +#ifdef O_NOFOLLOW + | O_NOFOLLOW +#endif + ); if (dfd == -1) goto err_fsync_dir; @@ -2147,9 +2298,11 @@ fsync_dir(const char *path) goto err_fsync_dir; } - sync(); + /* sync file on disk */ + if (x_i_fsync(dfd) == -1) + goto err_fsync_dir; - if (close(dfd) == -1) + if (x_i_close(dfd) == -1) goto err_fsync_dir; if (dirbuf != NULL) @@ -2169,7 +2322,7 @@ err_fsync_dir: free(dirbuf); if (dfd > -1) - close(dfd); + x_i_close(dfd); io_err_gbe_bin = 1; errno = saved_errno; @@ -2182,13 +2335,13 @@ err_fsync_dir: * but used to check Gbe bounds in memory, * and it is *also* used during file I/O. */ -static u8 * +unsigned char * gbe_mem_offset(unsigned long p, const char *f_op) { off_t gbe_off = gbe_x_offset(p, f_op, "mem", GBE_PART_SIZE, GBE_WORK_SIZE); - return (u8 *)(buf + (unsigned long)gbe_off); + return (unsigned char *)(buf + (unsigned long)gbe_off); } /* @@ -2198,7 +2351,7 @@ gbe_mem_offset(unsigned long p, const char *f_op) * * This check is called, to ensure just that. */ -static off_t +off_t gbe_file_offset(unsigned long p, const char *f_op) { off_t gbe_file_half_size = gbe_file_size >> 1; @@ -2207,7 +2360,7 @@ gbe_file_offset(unsigned long p, const char *f_op) gbe_file_half_size, gbe_file_size); } -static off_t +off_t gbe_x_offset(unsigned long p, const char *f_op, const char *d_type, off_t nsize, off_t ncmp) { @@ -2228,25 +2381,20 @@ gbe_x_offset(unsigned long p, const char *f_op, const char *d_type, return off; } -static long -rw_gbe_file_exact(int fd, u8 *mem, unsigned long nrw, +long +rw_gbe_file_exact(int fd, unsigned char *mem, unsigned long nrw, off_t off, int rw_type) { - unsigned long mem_addr; - unsigned long buf_addr; long r; if (io_args(fd, mem, nrw, off, rw_type) == -1) return -1; - mem_addr = (unsigned long)(void *)mem; - buf_addr = (unsigned long)(void *)buf; - if (mem != (void *)pad) { - if (mem_addr < buf_addr) + if (mem < buf) goto err_rw_gbe_file_exact; - if ((mem_addr - buf_addr) >= (unsigned long)GBE_WORK_SIZE) + if ((unsigned long)(mem - buf) >= GBE_WORK_SIZE) goto err_rw_gbe_file_exact; } @@ -2300,8 +2448,8 @@ err_rw_gbe_file_exact: * times upon zero-return, to recover, * otherwise it will return an error. */ -static long -rw_file_exact(int fd, u8 *mem, unsigned long nrw, +long +rw_file_exact(int fd, unsigned char *mem, unsigned long nrw, off_t off, int rw_type, int loop_eagain, int loop_eintr, unsigned long max_retries, int off_reset) @@ -2400,7 +2548,7 @@ err_rw_file_exact: * we reset and continue, and pray for the worst. */ -static long +long prw(int fd, void *mem, unsigned long nrw, off_t off, int rw_type, int loop_eagain, int loop_eintr, @@ -2555,7 +2703,7 @@ err_prw: return -1; } -static int +int io_args(int fd, void *mem, unsigned long nrw, off_t off, int rw_type) { @@ -2593,7 +2741,7 @@ err_io_args: return -1; } -static int +int check_file(int fd, struct stat *st) { if (fstat(fd, st) == -1) @@ -2615,7 +2763,7 @@ err_is_file: * POSIX can say whatever it wants. * specification != implementation */ -static long +long rw_over_nrw(long r, unsigned long nrw) { /* @@ -2668,7 +2816,7 @@ err_rw_over_nrw: * on an EINTR/EAGAIN wait loop. Used by prw() * for setting offsets for positional I/O. */ -static off_t +off_t lseek_loop(int fd, off_t off, int whence, int loop_eagain, int loop_eintr) { @@ -2690,7 +2838,7 @@ lseek_loop(int fd, off_t off, int whence, * will loop until errno isn't -1 and one * of these, e.g. -1 and EINTR */ -static int +int try_err(int loop_err, int errval) { if (loop_err) @@ -2702,7 +2850,7 @@ try_err(int loop_err, int errval) return -1; } -static void +void usage(void) { const char *util = getnvmprogname(); @@ -2723,7 +2871,7 @@ usage(void) err(EINVAL, "Too few arguments"); } -static void +void err(int nvm_errval, const char *msg, ...) { va_list args; @@ -2751,20 +2899,20 @@ err(int nvm_errval, const char *msg, ...) exit(EXIT_FAILURE); } -static int +int exit_cleanup(void) { int close_err = 0; int saved_errno = errno; if (gbe_fd > -1) { - if (close(gbe_fd) == -1) + if (x_i_close(gbe_fd) == -1) close_err = 1; gbe_fd = -1; } if (tmp_fd > -1) { - if (close(tmp_fd) == -1) + if (x_i_close(tmp_fd) == -1) close_err = 1; } @@ -2784,7 +2932,7 @@ exit_cleanup(void) return 0; } -static const char * +const char * getnvmprogname(void) { const char *p; @@ -2824,7 +2972,7 @@ getnvmprogname(void) * if local is zero, then 3rd arg (path) * is irrelevant and can be NULL */ -static char * +char * new_tmpfile(int *fd, int local, const char *path) { unsigned long maxlen; @@ -2921,17 +3069,17 @@ new_tmpfile(int *fd, int local, const char *path) *dest = '.'; /* hidden file */ - memcpy(dest + (unsigned long)1, tmpname, tmpname_len); + x_v_memcpy(dest + (unsigned long)1, tmpname, tmpname_len); - memcpy(dest + (unsigned long)1 + tmpname_len, + x_v_memcpy(dest + (unsigned long)1 + tmpname_len, default_tmpname, tmpdir_len); } else { - memcpy(dest, base, tmpdir_len); + x_v_memcpy(dest, base, tmpdir_len); dest[tmpdir_len] = '/'; - memcpy(dest + tmpdir_len + 1, tmpname, tmpname_len); + x_v_memcpy(dest + tmpdir_len + 1, tmpname, tmpname_len); } dest[tmppath_len] = '\0'; @@ -2940,7 +3088,7 @@ new_tmpfile(int *fd, int local, const char *path) if (fd_tmp == -1) goto err_new_tmpfile; - if (fchmod(fd_tmp, 0600) == -1) + if (x_i_fchmod(fd_tmp, 0600) == -1) goto err_new_tmpfile; if (lock_file(fd_tmp) == -1) @@ -2997,7 +3145,7 @@ err_new_tmpfile: free(dest); if (fd_tmp > -1) - close(fd_tmp); + x_i_close(fd_tmp); return NULL; } @@ -3005,26 +3153,44 @@ err_new_tmpfile: /* * portable mkstemp */ -static int +int x_i_mkstemp(char *template) { int fd; - int i; + int i, j; + unsigned long len; + char *p; - for (i = 0; i < 10; i++) { - if (mktemp(template) == NULL) - return -1; + char ch[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + unsigned long r = rlong(); + + len = xstrxlen(template, PATH_LEN); + + /* find trailing XXXXXX */ + if (len < 6) + return -1; + + p = template + len - 6; + + for (i = 0; i < 100; i++) { + + for (j = 0; j < 6; j++) + p[j] = ch[r % (sizeof(ch) - 1)]; fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600); + if (fd >= 0) return fd; + + if (errno != EEXIST) + return -1; } errno = EEXIST; return -1; } -static char * +char * x_c_strrchr(const char *s, int c) { const char *p = NULL; @@ -3041,7 +3207,8 @@ x_c_strrchr(const char *s, int c) return (char *)p; } -static int +/* +int x_i_rename(const char *src, const char *dst) { int sfd, dfd; @@ -3054,50 +3221,180 @@ x_i_rename(const char *src, const char *dst) dfd = open(dst, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (dfd < 0) { - close(sfd); + x_i_close(sfd); return -1; } while ((r = read(sfd, buf, sizeof(buf))) > 0) { ssize_t w = write(dfd, buf, r); if (w != r) { - close(sfd); - close(dfd); + x_i_close(sfd); + x_i_close(dfd); return -1; } } if (r < 0) { - close(sfd); - close(dfd); + x_i_close(sfd); + x_i_close(dfd); return -1; } - sync(); + x_i_fsync(dfd); - close(sfd); - close(dfd); + x_i_close(sfd); + x_i_close(dfd); if (unlink(src) < 0) return -1; return 0; } +*/ -static char * +char * x_c_tmpdir(void) { char *t; + struct stat st; t = getenv("TMPDIR"); - if (t && *t) - return t; + if (t && *t) { + if (stat(t, &st) == 0 && S_ISDIR(st.st_mode)) + return t; + } - if (access("/tmp", W_OK) == 0) + if (stat("/tmp", &st) == 0 && S_ISDIR(st.st_mode)) return "/tmp"; - if (access("/var/tmp", W_OK) == 0) + if (stat("/var/tmp", &st) == 0 && S_ISDIR(st.st_mode)) return "/var/tmp"; return "."; } + +int +x_i_close(int fd) +{ + int r; + + do { + r = close(fd); + } while (r == -1 && errno == EINTR); + + return r; +} + +void * +x_v_memcpy(void *dst, const void *src, unsigned long n) +{ + unsigned char *d = (unsigned char *)dst; + const unsigned char *s = (const unsigned char *)src; + + while (n--) + *d++ = *s++; + + return dst; +} + +int +x_i_memcmp(const void *a, const void *b, unsigned long n) +{ + const unsigned char *pa = (const unsigned char *)a; + const unsigned char *pb = (const unsigned char *)b; + + while (n--) { + if (*pa != *pb) + return *pa - *pb; + pa++; + pb++; + } + + return 0; +} + +/* + * emulate fchmod() using file descriptor + * paths, for old unix portability. should + * work on e.g. BSD/MacOS (/dev/fd/N), + * Linux (/proc/self/fd/N) and others + */ +int +x_i_fchmod(int fd, mode_t mode) +{ + if (x_try_fdpath("/dev/fd/", fd, mode) == 0) + return 0; + + if (x_try_fdpath("/proc/self/fd/", fd, mode) == 0) + return 0; + + errno = ENOSYS; + return -1; +} + +int +x_try_fdpath(const char *prefix, int fd, mode_t mode) +{ + char path[PATH_LEN]; + + unsigned long i = 0; + unsigned long j; + + struct stat st; + + while (prefix[i]) { + if (i >= PATH_LEN - 1) + return -1; + path[i] = prefix[i]; + i++; + } + + j = x_conv_fd(path + i, (unsigned long)fd); + + if (i + j >= PATH_LEN) + return -1; + + i += j; + path[i] = '\0'; + + if (stat(path, &st) < 0) + return -1; + + return chmod(path, mode); +} + +unsigned long +x_conv_fd(char *buf, unsigned long n) +{ + char tmp[256]; + + unsigned long i = 0; + unsigned long j = 0; + + if (n == 0) { + buf[0] = '0'; + return 1; + } + + while (n > 0) { + tmp[i++] = (char)('0' + (n % 10)); + n /= 10; + } + + while (i > 0) + buf[j++] = tmp[--i]; + + return j; +} + +int +x_i_fsync(int fd) +{ + int r; + + do { + r = fsync(fd); + } while (r == -1 && errno == EINTR); + + return r; +} |