summaryrefslogtreecommitdiff
path: root/util
diff options
context:
space:
mode:
Diffstat (limited to 'util')
-rw-r--r--util/nvmutil/Makefile11
-rw-r--r--util/nvmutil/nvmutil.c2095
2 files changed, 1491 insertions, 615 deletions
diff --git a/util/nvmutil/Makefile b/util/nvmutil/Makefile
index 719e1c1e..025e87e1 100644
--- a/util/nvmutil/Makefile
+++ b/util/nvmutil/Makefile
@@ -3,18 +3,25 @@
# Copyright (c) 2023 Riku Viitanen <riku.viitanen@protonmail.com>
CC?=cc
-CFLAGS?=-Os -Wall -Wextra -Werror -pedantic -std=c90
+CSTD?=-std=c90
+WERROR?=-Werror
+CWARN?=-Wall -Wextra -pedantic
+COPT?=-Os
+CFLAGS?=$(CWARN) $(CSTD)
LDFLAGS?=
DESTDIR?=
PREFIX?=/usr/local
INSTALL?=install
+LDIR?=-I.
+
+OPTS=$(LDIR) $(COPT) $(WERROR) $(CFLAGS) $(LDFLAGS)
PROG=nvmutil
all: $(PROG)
$(PROG): nvmutil.c
- $(CC) $(CFLAGS) $(LDFLAGS) nvmutil.c -o $(PROG)
+ $(CC) $(OPTS) nvmutil.c -o $(PROG)
install: $(PROG)
$(INSTALL) -d $(DESTDIR)$(PREFIX)/bin
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index 4cc35505..d4526779 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -15,22 +15,23 @@
* -Os -Wall -Wextra -Werror -pedantic -std=c90
*/
-#define OFF_ERR 0
-#ifndef OFF_RESET
-#define OFF_RESET 1
-#endif
-
/*
- * NOTE: older Linux lacked arc4random.
- * added in glibc 2.36. Just pass HAVE_ARC4RANDOM_BUF=0
- * at build time if you need old Linux / other libc.
+ * In practise, most people
+ * aren't going to use very
+ * long names, so even on old
+ * systems with weaker limits,
+ * it's OK to set this higher.
+ *
+ * 4096 is a good, conservative
+ * default these days.
*/
-#if defined(__OpenBSD__) || defined(__FreeBSD__) || \
- defined(__NetBSD__) || defined(__APPLE__) || \
- defined(__linux__)
-#ifndef HAVE_ARC4RANDOM_BUF
-#define HAVE_ARC4RANDOM_BUF 1
+#ifndef PATH_LEN
+#define PATH_LEN 1024
#endif
+
+#define OFF_ERR 0
+#ifndef OFF_RESET
+#define OFF_RESET 1
#endif
/*
@@ -127,7 +128,7 @@
* files at once (noting limitations with cat)
* BONUS: implement own getopt(), for portability
*
- * TODO: document fuzzing / static analysis methods
+ * TODO: document fuzzing / analysis methods
* for the code, and:
* TODO: implement rigorous unit tests (separate util)
* NOTE: this would *include* known good test files
@@ -137,7 +138,7 @@
* codebase would allow me to write a separate C
* program to test some finer intricacies
* TODO: the unit tests would basically test regressions
- * TODO: after writing back a gbe to file, close() and
+ * TODO: after writing back a gbe to file, x_i_close() and
* open() it again, read it again, and check that
* the contents were written correctly, providing
* a warning if they were. do this in the main
@@ -150,7 +151,7 @@
* featureset of nvmutil.
* TODO: write a manpage
* TODO: simplify the command sanitization, implement more
- * of it as build time checks, e.g. static asserts.
+ * of it as build time checks, e.g. asserts.
* generally remove cleverness from the code, instead
* prefyerring readibility
* TODO: also document nvmutil's coding style, which is
@@ -193,7 +194,7 @@ further note when fuzzing is implemented:
use deterministic randomisation, with a
guaranteed seed - so e.g. don't use /dev/urandom
in test builds. e.g. just use normal rand()
-but with a static seed e.g. 1234
+but with a seed e.g. 1234
*/
/*
TODO: stricter build flags, e.g.
@@ -216,7 +217,6 @@ also consider:
#include <sys/param.h>
#endif
#include <sys/types.h>
-#include <sys/time.h>
#include <sys/stat.h>
#include <errno.h>
@@ -230,32 +230,24 @@ also consider:
#include <time.h>
#include <unistd.h>
-typedef unsigned char u8;
-typedef unsigned short ushort;
-typedef unsigned int uint;
-typedef unsigned long ulong;
-
/* type asserts */
typedef char static_assert_char_is_8_bits[(CHAR_BIT == 8) ? 1 : -1];
typedef char static_assert_char_is_1[(sizeof(char) == 1) ? 1 : -1];
-typedef char static_assert_u8_is_1[
- (sizeof(u8) == 1) ? 1 : -1];
-typedef char static_assert_ushort_is_2[
- (sizeof(ushort) >= 2) ? 1 : -1];
+typedef char static_assert_unsigned_char_is_1[
+ (sizeof(unsigned char) == 1) ? 1 : -1];
+typedef char static_assert_unsigned_short_is_2[
+ (sizeof(unsigned short) >= 2) ? 1 : -1];
typedef char static_assert_short_is_2[(sizeof(short) >= 2) ? 1 : -1];
-typedef char static_assert_uint_is_4[
- (sizeof(uint) >= 4) ? 1 : -1];
-typedef char static_assert_ulong_is_4[
- (sizeof(ulong) >= 4) ? 1 : -1];
+typedef char static_assert_unsigned_int_is_4[
+ (sizeof(unsigned int) >= 4) ? 1 : -1];
+typedef char static_assert_unsigned_long_is_4[
+ (sizeof(unsigned long) >= 4) ? 1 : -1];
typedef char static_assert_int_ge_32[(sizeof(int) >= 4) ? 1 : -1];
typedef char static_assert_twos_complement[
((-1 & 3) == 3) ? 1 : -1
];
-typedef char assert_ulong_ptr[
- (sizeof(ulong) >= sizeof(void *)) ? 1 : -1
-];
-typedef char assert_size_t_ptr[
- (sizeof(size_t) >= sizeof(void *)) ? 1 : -1
+typedef char assert_unsigned_long_ptr[
+ (sizeof(unsigned long) >= sizeof(void *)) ? 1 : -1
];
/*
@@ -300,30 +292,50 @@ typedef char static_assert_off_t_is_32[(sizeof(off_t) >= 4) ? 1 : -1];
#define O_BINARY 0
#endif
+#ifndef O_EXCL
+#define O_EXCL 0
+#endif
+
+#ifndef O_CREAT
+#define O_CREAT 0
+#endif
+
+#ifndef O_NONBLOCK
+#define O_NONBLOCK 0
+#endif
+
+#ifndef O_CLOEXEC
+#define O_CLOEXEC 0
+#endif
+
#ifndef O_NOFOLLOW
#define O_NOFOLLOW 0
#endif
+#ifndef FD_CLOEXEC
+#define FD_CLOEXEC 0
+#endif
+
/*
* Sanitize command tables.
*/
-static void sanitize_command_list(void);
-static void sanitize_command_index(size_t c);
+void sanitize_command_list(void);
+void sanitize_command_index(unsigned long c);
/*
* Argument handling (user input)
*/
-static void set_cmd(int argc, char *argv[]);
-static void set_cmd_args(int argc, char *argv[]);
-static size_t conv_argv_part_num(const char *part_str);
-static int xstrxcmp(const char *a, const char *b, size_t maxlen);
+void set_cmd(int argc, char *argv[]);
+void set_cmd_args(int argc, char *argv[]);
+unsigned long conv_argv_part_num(const char *part_str);
+int xstrxcmp(const char *a, const char *b, unsigned long maxlen);
/*
* Prep files for reading
*/
-static void open_gbe_file(void);
-static void lock_gbe_file(void);
-static void xopen(int *fd, const char *path, int flags, struct stat *st);
+void open_gbe_file(void);
+int lock_file(int fd);
+void xopen(int *fd, const char *path, int flags, struct stat *st);
/*
* Read GbE file and verify
@@ -331,48 +343,64 @@ static void xopen(int *fd, const char *path, int flags, struct stat *st);
*
* After this, we can run commands.
*/
-static void read_gbe_file(void);
-static void read_checksums(void);
-static int good_checksum(size_t partnum);
+void copy_gbe(void);
+void read_checksums(void);
+int good_checksum(unsigned long partnum);
/*
* Execute user command on GbE data.
* These are stubs that call helpers.
*/
-static void run_cmd(size_t c);
-static void check_command_num(size_t c);
-static u8 valid_command(size_t c);
+void run_cmd(unsigned long c);
+void check_command_num(unsigned long c);
+unsigned char valid_command(unsigned long c);
+
+/*
+ * portable timeval
+ */
+struct x_st_timeval {
+ long tv_sec;
+ long tv_usec;
+};
/*
* Helper functions for command: setmac
*/
-static void cmd_helper_setmac(void);
-static void parse_mac_string(void);
-static size_t xstrxlen(const char *scmp, size_t maxlen);
-static void set_mac_byte(size_t mac_byte_pos);
-static void set_mac_nib(size_t mac_str_pos,
- size_t mac_byte_pos, size_t mac_nib_pos);
-static ushort hextonum(char ch_s);
-static ushort rhex(void);
-#if !defined(HAVE_ARC4RANDOM_BUF) || \
- (HAVE_ARC4RANDOM_BUF) < 1
-static ulong entropy_jitter(void);
-#endif
-static void write_mac_part(size_t partnum);
+void cmd_helper_setmac(void);
+void parse_mac_string(void);
+unsigned long xstrxlen(const char *scmp, unsigned long maxlen);
+void set_mac_byte(unsigned long mac_byte_pos);
+void set_mac_nib(unsigned long mac_str_pos,
+ unsigned long mac_byte_pos, unsigned long mac_nib_pos);
+unsigned short hextonum(char ch_s);
+unsigned long rlong(void);
+unsigned long entropy_jitter(void);
+int x_i_gettimeofday(struct x_st_timeval *tv, void *tz);
+void write_mac_part(unsigned long partnum);
/*
* Helper functions for command: dump
*/
-static void cmd_helper_dump(void);
-static void print_mac_from_nvm(size_t partnum);
-static void hexdump(size_t partnum);
+void cmd_helper_dump(void);
+void print_mac_from_nvm(unsigned long partnum);
+void hexdump(unsigned long partnum);
+
+/*
+ * Helper functions for command: swap
+ */
+void cmd_helper_swap(void);
+
+/*
+ * Helper functions for command: copy
+ */
+void cmd_helper_copy(void);
/*
* Helper functions for commands:
* cat, cat16 and cat128
*/
-static void cmd_helper_cat(void);
-static void gbe_cat_buf(u8 *b);
+void cmd_helper_cat(void);
+void cat_buf(unsigned char *b);
/*
* After command processing, write
@@ -381,59 +409,87 @@ static void gbe_cat_buf(u8 *b);
* These are stub functions: check
* below for the actual functions.
*/
-static void write_gbe_file(void);
-static void override_part_modified(void);
-static void set_checksum(size_t part);
-static ushort calculated_checksum(size_t p);
+void write_gbe_file(void);
+void set_checksum(unsigned long part);
+unsigned short calculated_checksum(unsigned long p);
/*
* Helper functions for accessing
* the NVM area during operation.
*/
-static ushort nvm_word(size_t pos16, size_t part);
-static void set_nvm_word(size_t pos16, size_t part, ushort val16);
-static void set_part_modified(size_t p);
-static void check_nvm_bound(size_t pos16, size_t part);
-static void check_bin(size_t a, const char *a_name);
+unsigned short nvm_word(unsigned long pos16, unsigned long part);
+void set_nvm_word(unsigned long pos16, unsigned long part, unsigned short val16);
+void set_part_modified(unsigned long p);
+void check_nvm_bound(unsigned long pos16, unsigned long part);
+void check_bin(unsigned long a, const char *a_name);
/*
* Helper functions for stub functions
* that handle GbE file reads/writes.
*/
-static void rw_gbe_file_part(size_t p, int rw_type,
+void rw_gbe_file_part(unsigned long p, int rw_type,
const char *rw_type_str);
-static void check_written_part(size_t p);
-static void report_io_err_rw(void);
-static u8 *gbe_mem_offset(size_t part, const char *f_op);
-static off_t gbe_file_offset(size_t part, const char *f_op);
-static off_t gbe_x_offset(size_t part, const char *f_op,
+void write_to_gbe_bin(void);
+int gbe_mv(void);
+void check_written_part(unsigned long p);
+void report_io_err_rw(void);
+int fsync_dir(const char *path);
+unsigned char *gbe_mem_offset(unsigned long part, const char *f_op);
+off_t gbe_file_offset(unsigned long part, const char *f_op);
+off_t gbe_x_offset(unsigned long part, const char *f_op,
const char *d_type, off_t nsize, off_t ncmp);
-static ssize_t rw_gbe_file_exact(int fd, u8 *mem, size_t nrw,
+long rw_gbe_file_exact(int fd, unsigned char *mem, unsigned long nrw,
off_t off, int rw_type);
-static ssize_t rw_file_exact(int fd, u8 *mem, size_t len,
+long rw_file_exact(int fd, unsigned char *mem, unsigned long len,
off_t off, int rw_type, int loop_eagain, int loop_eintr,
- size_t max_retries, int off_reset);
-static ssize_t prw(int fd, void *mem, size_t nrw,
+ unsigned long max_retries, int off_reset);
+long prw(int fd, void *mem, unsigned long nrw,
off_t off, int rw_type, int loop_eagain, int loop_eintr,
int off_reset);
-static int io_args(int fd, void *mem, size_t nrw,
+int io_args(int fd, void *mem, unsigned long nrw,
off_t off, int rw_type);
-static int check_file(int fd, struct stat *st);
-static ssize_t rw_over_nrw(ssize_t r, size_t nrw);
+int check_file(int fd, struct stat *st);
+long rw_over_nrw(long r, unsigned long nrw);
#if !defined(HAVE_REAL_PREAD_PWRITE) || \
HAVE_REAL_PREAD_PWRITE < 1
-static off_t lseek_loop(int fd, off_t off,
+off_t lseek_loop(int fd, off_t off,
int whence, int loop_eagain, int loop_eintr);
#endif
-static int try_err(int loop_err, int errval);
+int try_err(int loop_err, int errval);
/*
* Error handling and cleanup
*/
-static void err(int nvm_errval, const char *msg, ...);
-static int close_files(void);
-static const char *getnvmprogname(void);
-static void usage(int usage_exit);
+void usage(void);
+void err(int nvm_errval, const char *msg, ...);
+int exit_cleanup(void);
+const char *getnvmprogname(void);
+
+/*
+ * a special kind of hell
+ */
+char *new_tmpfile(int *fd, int local, const char *path);
+int x_i_mkstemp(char *template);
+char *x_c_strrchr(const char *s, int c);
+/* x_i_rename not suitable
+ * for atomic writes. kept
+ * commentted for use in a
+ * library in the future */
+/*
+int x_i_rename(const char *src, const char *dst);
+*/
+char *x_c_tmpdir(void);
+int x_i_close(int fd);
+void *x_v_memcpy(void *dst,
+ const void *src, unsigned long n);
+int x_i_memcmp(const void *a,
+ const void *b, unsigned long n);
+int x_i_fchmod(int fd, mode_t mode);
+int x_try_fdpath(const char *prefix,
+ int fd, mode_t mode);
+unsigned long x_conv_fd(char *buf,
+ unsigned long n);
+int x_i_fsync(int fd);
/*
* Sizes in bytes:
@@ -444,6 +500,8 @@ static void usage(int usage_exit);
#define SIZE_16KB (16 * SIZE_1KB)
#define SIZE_128KB (128 * SIZE_1KB)
+#define GBE_BUF_SIZE (SIZE_128KB)
+
/*
* First 128 bytes of a GbE part contains
* the regular NVM (Non-Volatile-Memory)
@@ -456,8 +514,8 @@ static void usage(int usage_exit);
* There is a second 4KB part with the same
* rules, and it *should* be identical.
*/
-#define GBE_FILE_SIZE SIZE_8KB /* for buf */
-#define GBE_PART_SIZE (GBE_FILE_SIZE >> 1)
+#define GBE_WORK_SIZE (SIZE_8KB)
+#define GBE_PART_SIZE (GBE_WORK_SIZE >> 1)
#define NVM_CHECKSUM 0xBABA
#define NVM_SIZE 128
#define NVM_WORDS (NVM_SIZE >> 1)
@@ -478,35 +536,30 @@ static void usage(int usage_exit);
*
* The code will handle this properly.
*/
-static u8 real_buf[GBE_FILE_SIZE];
-static u8 pad[GBE_FILE_SIZE]; /* the file that wouldn't die */
-static u8 *buf = real_buf;
-
-static ushort mac_buf[3];
-static off_t gbe_file_size;
-
-static int gbe_fd = -1;
-static size_t part;
-static u8 part_modified[2];
-static u8 part_valid[2];
-
-static const char rmac[] = "xx:xx:xx:xx:xx:xx";
-static const char *mac_str;
-static const char *fname;
-static const char *argv0;
-
-#ifndef SSIZE_MAX
-#define SSIZE_MAX ((ssize_t)(~((size_t)1 << (sizeof(ssize_t)*CHAR_BIT-1))))
+unsigned char real_buf[GBE_BUF_SIZE];
+unsigned char bufcmp[GBE_BUF_SIZE]; /* compare gbe/tmp/reads */
+unsigned char pad[GBE_WORK_SIZE]; /* the file that wouldn't die */
+unsigned char *buf = real_buf;
+
+unsigned short mac_buf[3];
+off_t gbe_file_size;
+off_t gbe_tmp_size;
+
+int gbe_fd = -1;
+unsigned long part;
+unsigned char part_modified[2];
+unsigned char part_valid[2];
+
+const char rmac[] = "xx:xx:xx:xx:xx:xx";
+const char *mac_str = rmac;
+const char *fname = NULL;
+const char *argv0;
+
+#ifndef X_LONG_MAX
+#define X_LONG_MAX ((long)(~((long)1 << (sizeof(long)*CHAR_BIT-1))))
#endif
/*
- * Use these for .invert in command[]:
- * If set to 1: read/write inverter (p0->p1, p1->p0)
- */
-#define PART_INVERT 1
-#define NO_INVERT 0
-
-/*
* Use these for .argc in command[]:
*/
#define ARGC_3 3
@@ -536,18 +589,6 @@ enum {
CMD_CAT128
};
-/*
- * If set, a given part will always be written.
- */
-enum {
- SET_MOD_OFF, /* don't manually set part modified */
- SET_MOD_0, /* set part 0 modified */
- SET_MOD_1, /* set part 1 modified */
- SET_MOD_N, /* set user-specified part modified */
- /* affected by command[].invert */
- SET_MOD_BOTH /* set both parts modified */
-};
-
enum {
ARG_NOPART,
ARG_PART
@@ -564,68 +605,52 @@ enum {
};
struct commands {
- size_t chk;
+ unsigned long chk;
const char *str;
void (*run)(void);
int argc;
- u8 invert;
- u8 set_modified;
- u8 arg_part;
- u8 chksum_read;
- u8 chksum_write;
- size_t rw_size; /* within the 4KB GbE part */
+ unsigned char arg_part;
+ unsigned char chksum_read;
+ unsigned char chksum_write;
+ unsigned long rw_size; /* within the 4KB GbE part */
int flags; /* e.g. O_RDWR or O_RDONLY */
};
/*
* Command table, for nvmutil commands
*/
-static const struct commands command[] = {
+const struct commands command[] = {
{ CMD_DUMP, "dump", cmd_helper_dump, ARGC_3,
- NO_INVERT, SET_MOD_OFF,
ARG_NOPART,
SKIP_CHECKSUM_READ, SKIP_CHECKSUM_WRITE,
NVM_SIZE, O_RDONLY },
{ CMD_SETMAC, "setmac", cmd_helper_setmac, ARGC_3,
- NO_INVERT, SET_MOD_OFF,
ARG_NOPART,
CHECKSUM_READ, CHECKSUM_WRITE,
NVM_SIZE, O_RDWR },
- /*
- * OPTIMISATION: Read inverted, so no copying is needed.
- */
- { CMD_SWAP, "swap", NULL, ARGC_3,
- PART_INVERT, SET_MOD_BOTH,
+ { CMD_SWAP, "swap", cmd_helper_swap, ARGC_3,
ARG_NOPART,
CHECKSUM_READ, SKIP_CHECKSUM_WRITE,
GBE_PART_SIZE, O_RDWR },
- /*
- * OPTIMISATION: Read inverted, so no copying is needed.
- * The non-target part will not be read.
- */
- { CMD_COPY, "copy", NULL, ARGC_4,
- PART_INVERT, SET_MOD_N,
+ { CMD_COPY, "copy", cmd_helper_copy, ARGC_4,
ARG_PART,
CHECKSUM_READ, SKIP_CHECKSUM_WRITE,
GBE_PART_SIZE, O_RDWR },
{ CMD_CAT, "cat", cmd_helper_cat, ARGC_3,
- NO_INVERT, SET_MOD_OFF,
ARG_NOPART,
CHECKSUM_READ, SKIP_CHECKSUM_WRITE,
GBE_PART_SIZE, O_RDONLY },
{ CMD_CAT16, "cat16", cmd_helper_cat, ARGC_3,
- NO_INVERT, SET_MOD_OFF,
ARG_NOPART,
CHECKSUM_READ, SKIP_CHECKSUM_WRITE,
GBE_PART_SIZE, O_RDONLY },
{ CMD_CAT128, "cat128", cmd_helper_cat, ARGC_3,
- NO_INVERT, SET_MOD_OFF,
ARG_NOPART,
CHECKSUM_READ, SKIP_CHECKSUM_WRITE,
GBE_PART_SIZE, O_RDONLY },
@@ -638,7 +663,7 @@ static const struct commands command[] = {
/*
* Index in command[], will be set later
*/
-static size_t cmd_index = CMD_NULL;
+unsigned long cmd_index = CMD_NULL;
/*
* asserts (variables/defines sanity check)
@@ -649,6 +674,7 @@ typedef char assert_read[(IO_READ==0)?1:-1];
typedef char assert_write[(IO_WRITE==1)?1:-1];
typedef char assert_pread[(IO_PREAD==2)?1:-1];
typedef char assert_pwrite[(IO_PWRITE==3)?1:-1];
+typedef char assert_pathlen[(PATH_LEN>=256)?1:-1];
/* commands */
typedef char assert_cmd_dump[(CMD_DUMP==0)?1:-1];
typedef char assert_cmd_setmac[(CMD_SETMAC==1)?1:-1];
@@ -657,12 +683,6 @@ typedef char assert_cmd_copy[(CMD_COPY==3)?1:-1];
typedef char assert_cmd_cat[(CMD_CAT==4)?1:-1];
typedef char assert_cmd_cat16[(CMD_CAT16==5)?1:-1];
typedef char assert_cmd_cat128[(CMD_CAT128==6)?1:-1];
-/* mod_type */
-typedef char assert_mod_off[(SET_MOD_OFF==0)?1:-1];
-typedef char assert_mod_0[(SET_MOD_0==1)?1:-1];
-typedef char assert_mod_1[(SET_MOD_1==2)?1:-1];
-typedef char assert_mod_n[(SET_MOD_N==3)?1:-1];
-typedef char assert_mod_both[(SET_MOD_BOTH==4)?1:-1];
/* bool */
typedef char bool_arg_nopart[(ARG_NOPART==0)?1:-1];
typedef char bool_arg_part[(ARG_PART==1)?1:-1];
@@ -670,8 +690,6 @@ typedef char bool_skip_checksum_read[(SKIP_CHECKSUM_READ==0)?1:-1];
typedef char bool_checksum_read[(CHECKSUM_READ==1)?1:-1];
typedef char bool_skip_checksum_write[(SKIP_CHECKSUM_WRITE==0)?1:-1];
typedef char bool_checksum_write[(CHECKSUM_WRITE==1)?1:-1];
-typedef char bool_no_invert[(NO_INVERT==0)?1:-1];
-typedef char bool_part_invert[(PART_INVERT==1)?1:-1];
typedef char bool_loop_eintr[(LOOP_EINTR==1||LOOP_EINTR==0)?1:-1];
typedef char bool_loop_eagain[(LOOP_EAGAIN==1||LOOP_EAGAIN==0)?1:-1];
typedef char bool_no_loop_eintr[(NO_LOOP_EINTR==0)?1:-1];
@@ -679,19 +697,29 @@ typedef char bool_no_loop_eagain[(NO_LOOP_EAGAIN==0)?1:-1];
typedef char bool_off_err[(OFF_ERR==0)?1:-1];
typedef char bool_off_reset[(OFF_RESET==0||OFF_RESET==1)?1:-1];
-static int io_err_gbe = 0;
-static int rw_check_err_read[] = {0, 0};
-static int rw_check_partial_read[] = {0, 0};
-static int rw_check_bad_part[] = {0, 0};
+int io_err_gbe = 0; /* intermediary write (verification) */
+int io_err_gbe_bin = 0; /* final write (real file) */
+int rw_check_err_read[] = {0, 0};
+int rw_check_partial_read[] = {0, 0};
+int rw_check_bad_part[] = {0, 0};
+
+int post_rw_checksum[] = {0, 0};
+
+dev_t gbe_dev;
+ino_t gbe_ino;
-static int post_rw_checksum[] = {0, 0};
+dev_t tmp_dev;
+ino_t tmp_ino;
-static dev_t gbe_dev;
-static ino_t gbe_ino;
+int tmp_fd = -1;
+char *tname = NULL;
-#if defined(HAVE_ARC4RANDOM_BUF) && \
- (HAVE_ARC4RANDOM_BUF) > 0
-void arc4random_buf(void *buf, size_t n);
+#ifndef S_ISREG
+#ifdef S_IFMT
+#define S_ISREG(m) (((m) & (S_IFMT)) == (S_IFREG))
+#else
+#define S_ISREG(m) (((m) & (S_IFREG)) == (S_IFREG))
+#endif
#endif
int
@@ -699,18 +727,37 @@ main(int argc, char *argv[])
{
argv0 = argv[0];
if (argc < 3)
- usage(1);
+ usage();
+
+ if (CHAR_BIT != 8)
+ err(EINVAL, "Unsupported char size");
fname = argv[1];
+#ifdef NVMUTIL_UNVEIL
+ /*
+ * if global tmp is a different filesystem,
+ * unveil would trap on final file rename
+ * and we can't know the path in advance
+ */
+ tname = new_tmpfile(&tmp_fd, 1, NULL);
+#else
+ tname = new_tmpfile(&tmp_fd, 0, NULL);
+#endif
+
+ if (tname == NULL)
+ err(errno, "Can't create tmpfile");
+
#ifdef NVMUTIL_PLEDGE
#ifdef NVMUTIL_UNVEIL
- if (pledge("stdio flock rpath wpath unveil", NULL) == -1)
- err(errno, "pledge");
- if (unveil("/dev/null", "r") == -1)
- err(errno, "unveil /dev/null");
+ if (pledge("stdio flock rpath wpath cpath unveil", NULL) == -1)
+ err(errno, "pledge, unveil");
+ if (unveil("/dev/urandom", "r") == -1)
+ err(errno, "unveil: /dev/urandom");
+ if (unveil("/dev/random", "r") == -1)
+ err(errno, "unveil: /dev/random");
#else
- if (pledge("stdio flock rpath wpath", NULL) == -1)
+ if (pledge("stdio flock rpath wpath cpath", NULL) == -1)
err(errno, "pledge");
#endif
#endif
@@ -720,77 +767,49 @@ main(int argc, char *argv[])
set_cmd(argc, argv);
set_cmd_args(argc, argv);
-#ifdef NVMUTIL_PLEDGE
#ifdef NVMUTIL_UNVEIL
if (command[cmd_index].flags == O_RDONLY) {
if (unveil(fname, "r") == -1)
- err(errno, "%s: unveil ro", fname);
- if (unveil(NULL, NULL) == -1)
- err(errno, "unveil block (ro)");
- if (pledge("stdio flock rpath", NULL) == -1)
- err(errno, "pledge ro (kill unveil)");
+ err(errno, "%s: unveil r", fname);
} else {
- if (unveil(fname, "rw") == -1)
+ if (unveil(fname, "rwc") == -1)
err(errno, "%s: unveil rw", fname);
- if (unveil(NULL, NULL) == -1)
- err(errno, "unveil block (rw)");
- if (pledge("stdio flock rpath wpath", NULL) == -1)
- err(errno, "pledge rw (kill unveil)");
- }
-#else
- if (command[cmd_index].flags == O_RDONLY) {
- if (pledge("stdio flock rpath", NULL) == -1)
- err(errno, "pledge ro");
}
-#endif
-#endif
-#if !defined(HAVE_ARC4RANDOM_BUF) || \
- (HAVE_ARC4RANDOM_BUF) < 1
- srand((uint)(time(NULL) ^ getpid()));
-#endif
+ if (unveil(tname, "rwc") == -1)
+ err(errno, "%s: unveil rwc", tname);
- open_gbe_file();
- lock_gbe_file();
+ if (unveil(NULL, NULL) == -1)
+ err(errno, "unveil block (rw)");
-#ifdef NVMUTIL_PLEDGE
- if (pledge("stdio", NULL) == -1)
- err(errno, "pledge stdio (main)");
+ if (pledge("stdio flock rpath wpath cpath", NULL) == -1)
+ err(errno, "pledge (kill unveil)");
#endif
- /*
- * Used by CMD_CAT, for padding
- */
- memset(pad, 0xff, sizeof(pad));
+ srand((unsigned int)(time(NULL) ^ getpid()));
- read_gbe_file();
- read_checksums();
+ open_gbe_file();
- run_cmd(cmd_index);
+ memset(buf, 0, GBE_BUF_SIZE);
+ memset(bufcmp, 0, GBE_BUF_SIZE);
- if (command[cmd_index].flags == O_RDWR) {
+ copy_gbe();
- write_gbe_file();
+ read_checksums();
- /*
- * We may otherwise read from
- * cache, so we must sync.
- */
- if (fsync(gbe_fd) == -1)
- err(errno, "%s: fsync (pre-verification)",
- fname);
+ run_cmd(cmd_index);
- check_written_part(0);
- check_written_part(1);
+ if (command[cmd_index].flags == O_RDWR)
+ write_to_gbe_bin();
- report_io_err_rw();
+ if (exit_cleanup() == -1)
+ err(EIO, "%s: close", fname);
- if (io_err_gbe)
- err(EIO, "%s: bad write", fname);
- }
+ if (io_err_gbe_bin)
+ err(EIO, "%s: error writing final file");
- if (close_files() == -1)
- err(EIO, "%s: close", fname);
+ if (tname != NULL)
+ free(tname);
return EXIT_SUCCESS;
}
@@ -798,10 +817,10 @@ main(int argc, char *argv[])
/*
* Guard against regressions by maintainers (command table)
*/
-static void
+void
sanitize_command_list(void)
{
- size_t c;
+ unsigned long c;
for (c = 0; c < N_COMMANDS; c++)
sanitize_command_index(c);
@@ -810,44 +829,34 @@ sanitize_command_list(void)
/*
* TODO: specific config checks per command
*/
-static void
-sanitize_command_index(size_t c)
+void
+sanitize_command_index(unsigned long c)
{
- u8 mod_type;
- size_t gbe_rw_size;
+ unsigned long gbe_rw_size;
check_command_num(c);
if (command[c].argc < 3)
err(EINVAL, "cmd index %lu: argc below 3, %d",
- (ulong)c, command[c].argc);
+ (unsigned long)c, command[c].argc);
if (command[c].str == NULL)
err(EINVAL, "cmd index %lu: NULL str",
- (ulong)c);
+ (unsigned long)c);
if (*command[c].str == '\0')
err(EINVAL, "cmd index %lu: empty str",
- (ulong)c);
+ (unsigned long)c);
if (xstrxlen(command[c].str, MAX_CMD_LEN + 1) >
MAX_CMD_LEN) {
err(EINVAL, "cmd index %lu: str too long: %s",
- (ulong)c, command[c].str);
+ (unsigned long)c, command[c].str);
}
- mod_type = command[c].set_modified;
- switch (mod_type) {
- case SET_MOD_0:
- case SET_MOD_1:
- case SET_MOD_N:
- case SET_MOD_BOTH:
- case SET_MOD_OFF:
- break;
- default:
- err(EINVAL, "Unsupported set_mod type: %u", mod_type);
- }
+ if (command[c].run == NULL)
+ err(EINVAL, "cmd index %lu: cmd ptr null",
+ (unsigned long)c);
- check_bin(command[c].invert, "cmd.invert");
check_bin(command[c].arg_part, "cmd.arg_part");
check_bin(command[c].chksum_read, "cmd.chksum_read");
check_bin(command[c].chksum_write, "cmd.chksum_write");
@@ -860,19 +869,19 @@ sanitize_command_index(size_t c)
break;
default:
err(EINVAL, "Unsupported rw_size: %lu",
- (ulong)gbe_rw_size);
+ (unsigned long)gbe_rw_size);
}
if (gbe_rw_size > GBE_PART_SIZE)
err(EINVAL, "rw_size larger than GbE part: %lu",
- (ulong)gbe_rw_size);
+ (unsigned long)gbe_rw_size);
if (command[c].flags != O_RDONLY &&
command[c].flags != O_RDWR)
err(EINVAL, "invalid cmd.flags setting");
}
-static void
+void
set_cmd(int argc, char *argv[])
{
const char *cmd_str;
@@ -891,13 +900,13 @@ set_cmd(int argc, char *argv[])
cmd_index = CMD_NULL;
}
-static void
+void
set_cmd_args(int argc, char *argv[])
{
- u8 arg_part;
+ unsigned char arg_part;
if (!valid_command(cmd_index) || argc < 3)
- usage(1);
+ usage();
arg_part = command[cmd_index].arg_part;
@@ -915,30 +924,30 @@ set_cmd_args(int argc, char *argv[])
part = conv_argv_part_num(argv[3]);
}
-static size_t
+unsigned long
conv_argv_part_num(const char *part_str)
{
- u8 ch;
+ unsigned char ch;
if (part_str[0] == '\0' || part_str[1] != '\0')
err(EINVAL, "Partnum string '%s' wrong length", part_str);
/* char signedness is implementation-defined */
- ch = (u8)part_str[0];
+ ch = (unsigned char)part_str[0];
if (ch < '0' || ch > '1')
err(EINVAL, "Bad part number (%c)", ch);
- return (size_t)(ch - '0');
+ return (unsigned long)(ch - '0');
}
/*
* Portable strcmp() but blocks NULL/empty/unterminated
* strings. Even stricter than strncmp().
*/
-static int
-xstrxcmp(const char *a, const char *b, size_t maxlen)
+int
+xstrxcmp(const char *a, const char *b, unsigned long maxlen)
{
- size_t i;
+ unsigned long i;
if (a == NULL || b == NULL)
err(EINVAL, "NULL input to xstrxcmp");
@@ -947,8 +956,8 @@ xstrxcmp(const char *a, const char *b, size_t maxlen)
err(EINVAL, "Empty string in xstrxcmp");
for (i = 0; i < maxlen; i++) {
- u8 ac = (u8)a[i];
- u8 bc = (u8)b[i];
+ unsigned char ac = (unsigned char)a[i];
+ unsigned char bc = (unsigned char)b[i];
if (ac == '\0' || bc == '\0') {
if (ac == bc)
@@ -972,23 +981,24 @@ xstrxcmp(const char *a, const char *b, size_t maxlen)
return -1;
}
-static void
+void
open_gbe_file(void)
{
struct stat gbe_st;
int flags;
xopen(&gbe_fd, fname,
- command[cmd_index].flags | O_BINARY | O_NOFOLLOW, &gbe_st);
+ command[cmd_index].flags | O_BINARY |
+ O_NOFOLLOW | O_CLOEXEC, &gbe_st);
/* inode will be checked later on write */
gbe_dev = gbe_st.st_dev;
gbe_ino = gbe_st.st_ino;
if (gbe_st.st_nlink > 1)
- fprintf(stderr,
- "%s: warning: file has %lu hard links\n",
- fname, (ulong)gbe_st.st_nlink);
+ err(EINVAL,
+ "%s: warning: file has multiple (%lu) hard links\n",
+ fname, (unsigned long)gbe_st.st_nlink);
if (gbe_st.st_nlink == 0)
err(EIO, "%s: file unlinked while open", fname);
@@ -1004,7 +1014,7 @@ open_gbe_file(void)
* which would therefore break pread/pwrite
*/
if (flags & O_APPEND)
- err(EIO, "%s: O_APPEND flag");
+ err(EIO, "%s: O_APPEND flag", fname);
gbe_file_size = gbe_st.st_size;
@@ -1016,10 +1026,13 @@ open_gbe_file(void)
default:
err(EINVAL, "File size must be 8KB, 16KB or 128KB");
}
+
+ if (lock_file(gbe_fd) == -1)
+ err(errno, "%s: can't lock", fname);
}
-static void
-lock_gbe_file(void)
+int
+lock_file(int fd)
{
struct flock fl;
@@ -1032,18 +1045,20 @@ lock_gbe_file(void)
fl.l_whence = SEEK_SET;
- if (fcntl(gbe_fd, F_SETLK, &fl) == -1)
- err(errno, "file is locked by another process");
+ if (fcntl(fd, F_SETLK, &fl) == -1)
+ return -1;
+
+ return 0;
}
-static void
+void
xopen(int *fd_ptr, const char *path, int flags, struct stat *st)
{
if ((*fd_ptr = open(path, flags)) == -1)
err(errno, "%s", path);
if (fstat(*fd_ptr, st) == -1)
- err(errno, "%s", path);
+ err(errno, "%s: stat", path);
if (!S_ISREG(st->st_mode))
err(errno, "%s: not a regular file", path);
@@ -1052,34 +1067,97 @@ xopen(int *fd_ptr, const char *path, int flags, struct stat *st)
err(errno, "%s: file not seekable", path);
}
-static void
-read_gbe_file(void)
+/*
+ * We copy the entire gbe file
+ * to the tmpfile, and then we
+ * work on that. We copy back
+ * afterward. this is the copy.
+ *
+ * we copy to tmpfile even on
+ * read-only commands, for the
+ * double-read verification,
+ * which also benefits cmd_cat.
+ */
+void
+copy_gbe(void)
{
- size_t p;
- u8 do_read[2] = {1, 1};
+ long r;
+ struct stat st;
+
+ /* read main file */
+ r = rw_file_exact(gbe_fd, buf, gbe_file_size,
+ 0, IO_PREAD, NO_LOOP_EAGAIN, LOOP_EINTR,
+ MAX_ZERO_RW_RETRY, OFF_ERR);
+
+ if (r < 0)
+ err(errno, "%s: read failed", fname);
+
+ /* copy to tmpfile */
+
+ r = rw_file_exact(tmp_fd, buf, gbe_file_size,
+ 0, IO_PWRITE, NO_LOOP_EAGAIN, LOOP_EINTR,
+ MAX_ZERO_RW_RETRY, OFF_ERR);
+
+ if (r < 0)
+ err(errno, "%s: %s: copy failed",
+ fname, tname);
/*
- * Commands specifying a partnum only
- * need the given GbE part to be read.
+ * file size comparison
*/
- if (command[cmd_index].arg_part)
- do_read[part ^ 1] = 0;
- for (p = 0; p < 2; p++) {
- if (do_read[p])
- rw_gbe_file_part(p, IO_PREAD, "pread");
- }
+ if (fstat(tmp_fd, &st) == -1)
+ err(errno, "%s: stat", tname);
+
+ gbe_tmp_size = st.st_size;
+
+ if (gbe_tmp_size != gbe_file_size)
+ err(EIO, "%s: %s: not the same size", fname, tname);
+
+ /*
+ * fsync tmp gbe file, because we will compare
+ * its contents to what was read (for safety)
+ */
+ if (x_i_fsync(tmp_fd) == -1)
+ err(errno, "%s: fsync (tmpfile copy)", tname);
+
+ r = rw_file_exact(tmp_fd, bufcmp, gbe_file_size,
+ 0, IO_PREAD, NO_LOOP_EAGAIN, LOOP_EINTR,
+ MAX_ZERO_RW_RETRY, OFF_ERR);
+
+ if (r < 0)
+ err(errno, "%s: read failed (cmp)", tname);
+
+ if (x_i_memcmp(buf, bufcmp, gbe_file_size) != 0)
+ err(errno, "%s: %s: read contents differ (pre-test)",
+ fname, tname);
+
+ /*
+ regular operations post-read operate only on the first
+ 8KB, because each GbE part is the first 4KB of each
+ half of the file.
+
+ we no longer care about anything past 8KB, until we get
+ to writing, at which point we will flush the buffer
+ again
+ */
+
+ if (gbe_file_size == SIZE_8KB)
+ return;
+
+ x_v_memcpy(buf + (unsigned long)GBE_PART_SIZE,
+ buf + (unsigned long)(gbe_file_size >> 1),
+ (unsigned long)GBE_PART_SIZE);
}
-static void
+void
read_checksums(void)
{
- size_t p;
- size_t skip_part;
- u8 invert;
- u8 arg_part;
- u8 num_invalid;
- u8 max_invalid;
+ unsigned long p;
+ unsigned long skip_part;
+ unsigned char arg_part;
+ unsigned char num_invalid;
+ unsigned char max_invalid;
part_valid[0] = 0;
part_valid[1] = 0;
@@ -1090,7 +1168,6 @@ read_checksums(void)
num_invalid = 0;
max_invalid = 2;
- invert = command[cmd_index].invert;
arg_part = command[cmd_index].arg_part;
if (arg_part)
max_invalid = 1;
@@ -1099,7 +1176,7 @@ read_checksums(void)
* Skip verification on this part,
* but only when arg_part is set.
*/
- skip_part = part ^ 1 ^ invert;
+ skip_part = part ^ 1;
for (p = 0; p < 2; p++) {
/*
@@ -1116,17 +1193,17 @@ read_checksums(void)
if (num_invalid >= max_invalid) {
if (max_invalid == 1)
err(ECANCELED, "%s: part %lu has a bad checksum",
- fname, (ulong)part);
+ fname, (unsigned long)part);
err(ECANCELED, "%s: No valid checksum found in file",
fname);
}
}
-static int
-good_checksum(size_t partnum)
+int
+good_checksum(unsigned long partnum)
{
- ushort expected_checksum = calculated_checksum(partnum);
- ushort current_checksum = nvm_word(NVM_CHECKSUM_WORD, partnum);
+ unsigned short expected_checksum = calculated_checksum(partnum);
+ unsigned short current_checksum = nvm_word(NVM_CHECKSUM_WORD, partnum);
if (current_checksum == expected_checksum)
return 1;
@@ -1134,39 +1211,42 @@ good_checksum(size_t partnum)
return 0;
}
-static void
-run_cmd(size_t c)
+void
+run_cmd(unsigned long c)
{
check_command_num(c);
- if (command[c].run != NULL)
- command[c].run();
+
+ if (command[c].run == NULL)
+ err(EINVAL, "Command %lu: null ptr", (unsigned long)c);
+
+ command[c].run();
}
-static void
-check_command_num(size_t c)
+void
+check_command_num(unsigned long c)
{
if (!valid_command(c))
err(EINVAL, "Invalid run_cmd arg: %lu",
- (ulong)c);
+ (unsigned long)c);
}
-static u8
-valid_command(size_t c)
+unsigned char
+valid_command(unsigned long c)
{
if (c >= N_COMMANDS)
return 0;
if (c != command[c].chk)
err(EINVAL, "Invalid cmd chk value (%lu) vs arg: %lu",
- (ulong)command[c].chk, (ulong)c);
+ (unsigned long)command[c].chk, (unsigned long)c);
return 1;
}
-static void
+void
cmd_helper_setmac(void)
{
- size_t partnum;
+ unsigned long partnum;
printf("MAC address to be written: %s\n", mac_str);
parse_mac_string();
@@ -1175,10 +1255,10 @@ cmd_helper_setmac(void)
write_mac_part(partnum);
}
-static void
+void
parse_mac_string(void)
{
- size_t mac_byte;
+ unsigned long mac_byte;
if (xstrxlen(mac_str, 18) != 17)
err(EINVAL, "MAC address is the wrong length");
@@ -1201,10 +1281,10 @@ parse_mac_string(void)
* strnlen() was standardized in POSIX.1-2008 and is not
* available on some older systems, so we provide our own.
*/
-static size_t
-xstrxlen(const char *scmp, size_t maxlen)
+unsigned long
+xstrxlen(const char *scmp, unsigned long maxlen)
{
- size_t xstr_index;
+ unsigned long xstr_index;
if (scmp == NULL)
err(EINVAL, "NULL input to xstrxlen");
@@ -1222,11 +1302,11 @@ xstrxlen(const char *scmp, size_t maxlen)
return xstr_index;
}
-static void
-set_mac_byte(size_t mac_byte_pos)
+void
+set_mac_byte(unsigned long mac_byte_pos)
{
- size_t mac_str_pos = mac_byte_pos * 3;
- size_t mac_nib_pos;
+ unsigned long mac_str_pos = mac_byte_pos * 3;
+ unsigned long mac_nib_pos;
char separator;
if (mac_str_pos < 15) {
@@ -1239,12 +1319,12 @@ set_mac_byte(size_t mac_byte_pos)
set_mac_nib(mac_str_pos, mac_byte_pos, mac_nib_pos);
}
-static void
-set_mac_nib(size_t mac_str_pos,
- size_t mac_byte_pos, size_t mac_nib_pos)
+void
+set_mac_nib(unsigned long mac_str_pos,
+ unsigned long mac_byte_pos, unsigned long mac_nib_pos)
{
char mac_ch;
- ushort hex_num;
+ unsigned short hex_num;
mac_ch = mac_str[mac_str_pos + mac_nib_pos];
@@ -1269,54 +1349,42 @@ set_mac_nib(size_t mac_str_pos,
| ((mac_nib_pos ^ 1) << 2)); /* left or right nib? */
}
-static ushort
+unsigned short
hextonum(char ch_s)
{
- u8 ch = (u8)ch_s;
+ unsigned char ch = (unsigned char)ch_s;
- if ((uint)(ch - '0') <= 9)
+ if ((unsigned int)(ch - '0') <= 9)
return ch - '0';
ch |= 0x20;
- if ((uint)(ch - 'a') <= 5)
+ if ((unsigned int)(ch - 'a') <= 5)
return ch - 'a' + 10;
if (ch == '?' || ch == 'x')
- return rhex(); /* random character */
+ return rlong() & 0xf;
return 16; /* invalid character */
}
-#if defined(HAVE_ARC4RANDOM_BUF) && \
- (HAVE_ARC4RANDOM_BUF) > 0
-static ushort
-rhex(void)
+unsigned long
+rlong(void)
{
- static u8 num[12];
- static size_t n = 0;
+ struct x_st_timeval tv;
+ static unsigned long mix = 0;
+ static unsigned long counter = 0;
- if (!n) {
- n = 12;
- arc4random_buf(num, 12);
- }
+ static int fd = -1;
+ unsigned long rval = 0;
+ long nr = -1;
- return num[--n] & 0xf;
-}
-#else
-static ushort
-rhex(void)
-{
- struct timeval tv;
- ulong mix;
- static ulong counter = 0;
-
- gettimeofday(&tv, NULL);
+ x_i_gettimeofday(&tv, NULL);
- mix = (ulong)tv.tv_sec
- ^ (ulong)tv.tv_usec
- ^ (ulong)getpid()
- ^ (ulong)&mix
+ mix ^= (unsigned long)tv.tv_sec
+ ^ (unsigned long)tv.tv_usec
+ ^ (unsigned long)getpid()
+ ^ (unsigned long)&mix
^ counter++
^ entropy_jitter();
@@ -1324,25 +1392,63 @@ rhex(void)
* Stack addresses can vary between
* calls, thus increasing entropy.
*/
- mix ^= (ulong)&mix;
- mix ^= (ulong)&tv;
- mix ^= (ulong)&counter;
+ mix ^= (unsigned long)&mix;
+ mix ^= (unsigned long)&tv;
+ mix ^= (unsigned long)&counter;
+
+ /*
+ * Now, we won't use this mix
+ * immediately. We'll try to
+ * read urandom first, which is
+ * likely safer, and pass that,
+ * falling back to the mixture
+ * if urandom fails.
+ *
+ * Since urandom is likely
+ * reliable, the number of
+ * times it will fail is
+ * likely extremely random,
+ * thus, building more than
+ * sufficient entropy by the
+ * time we do eventually use
+ * the fallback code
+ */
+
+ fd = open("/dev/urandom", O_RDONLY | O_NONBLOCK);
+
+#if !(defined(__OpenBSD__) && defined(OpenBSD)) || \
+ (defined(__OpenBSD__) && defined(OpenBSD) && \
+ OpenBSD < 604)
+ if (fd < 0) /* old openbsd */
+ fd = open("/dev/arandom", O_RDONLY | O_NONBLOCK);
+#endif
- return (ushort)(mix & 0xf);
+ if (fd < 0)
+ fd = open("/dev/random", O_RDONLY | O_NONBLOCK);
+
+ nr = rw_file_exact(fd, (unsigned char *)&rval,
+ sizeof(unsigned long), 0, IO_READ, LOOP_EAGAIN,
+ LOOP_EINTR, MAX_ZERO_RW_RETRY, OFF_ERR);
+
+ if (nr == sizeof(unsigned long))
+ return rval;
+
+ return mix;
}
-static ulong
+unsigned long
entropy_jitter(void)
{
- struct timeval a, b;
- ulong mix = 0;
+ struct x_st_timeval a, b;
+ unsigned long mix = 0;
long mix_diff;
int i;
+ x_i_gettimeofday(&a, NULL);
+
for (i = 0; i < 8; i++) {
- gettimeofday(&a, NULL);
getpid();
- gettimeofday(&b, NULL);
+ x_i_gettimeofday(&b, NULL);
/*
* prevent negative numbers to prevent overflow,
@@ -1352,18 +1458,34 @@ entropy_jitter(void)
if (mix_diff < 0)
mix_diff = -mix_diff;
- mix ^= (ulong)(mix_diff);
- mix ^= (ulong)&mix;
+ mix ^= (unsigned long)(mix_diff);
+ mix ^= (unsigned long)&mix;
}
return mix;
}
-#endif
-static void
-write_mac_part(size_t partnum)
+
+
+int
+x_i_gettimeofday(struct x_st_timeval *tv, void *tz)
+{
+ time_t t;
+
+ (void)tz;
+
+ t = time(NULL);
+
+ tv->tv_sec = t;
+ tv->tv_usec = (long)clock() % 1000000;
+
+ return 0;
+}
+
+void
+write_mac_part(unsigned long partnum)
{
- size_t w;
+ unsigned long w;
check_bin(partnum, "part number");
if (!part_valid[partnum])
@@ -1373,14 +1495,14 @@ write_mac_part(size_t partnum)
set_nvm_word(w, partnum, mac_buf[w]);
printf("Wrote MAC address to part %lu: ",
- (ulong)partnum);
+ (unsigned long)partnum);
print_mac_from_nvm(partnum);
}
-static void
+void
cmd_helper_dump(void)
{
- size_t partnum;
+ unsigned long partnum;
part_valid[0] = good_checksum(0);
part_valid[1] = good_checksum(1);
@@ -1390,27 +1512,27 @@ cmd_helper_dump(void)
fprintf(stderr,
"BAD checksum %04x in part %lu (expected %04x)\n",
nvm_word(NVM_CHECKSUM_WORD, partnum),
- (ulong)partnum,
+ (unsigned long)partnum,
calculated_checksum(partnum));
printf("MAC (part %lu): ",
- (ulong)partnum);
+ (unsigned long)partnum);
print_mac_from_nvm(partnum);
hexdump(partnum);
}
}
-static void
-print_mac_from_nvm(size_t partnum)
+void
+print_mac_from_nvm(unsigned long partnum)
{
- size_t c;
- ushort val16;
+ unsigned long c;
+ unsigned short val16;
for (c = 0; c < 3; c++) {
val16 = nvm_word(c, partnum);
printf("%02x:%02x",
- (uint)(val16 & 0xff),
- (uint)(val16 >> 8));
+ (unsigned int)(val16 & 0xff),
+ (unsigned int)(val16 >> 8));
if (c == 2)
printf("\n");
else
@@ -1418,53 +1540,95 @@ print_mac_from_nvm(size_t partnum)
}
}
-static void
-hexdump(size_t partnum)
+void
+hexdump(unsigned long partnum)
{
- size_t c;
- size_t row;
- ushort val16;
+ unsigned long c;
+ unsigned long row;
+ unsigned short val16;
for (row = 0; row < 8; row++) {
- printf("%08lx ", (ulong)((size_t)row << 4));
+ printf("%08lx ", (unsigned long)((unsigned long)row << 4));
for (c = 0; c < 8; c++) {
val16 = nvm_word((row << 3) + c, partnum);
if (c == 4)
printf(" ");
printf(" %02x %02x",
- (uint)(val16 & 0xff),
- (uint)(val16 >> 8));
+ (unsigned int)(val16 & 0xff),
+ (unsigned int)(val16 >> 8));
}
printf("\n");
}
}
-static void
-cmd_helper_cat(void)
+void
+cmd_helper_swap(void)
{
- size_t p;
- size_t ff;
- size_t n = 0;
+ x_v_memcpy(
+ buf + (unsigned long)GBE_WORK_SIZE,
+ buf,
+ GBE_PART_SIZE);
+
+ x_v_memcpy(
+ buf,
+ buf + (unsigned long)GBE_PART_SIZE,
+ GBE_PART_SIZE);
+
+ x_v_memcpy(
+ buf + (unsigned long)GBE_PART_SIZE,
+ buf + (unsigned long)GBE_WORK_SIZE,
+ GBE_PART_SIZE);
+
+ set_part_modified(0);
+ set_part_modified(1);
+}
- if (cmd_index == CMD_CAT16)
- n = 1;
- else if (cmd_index == CMD_CAT128)
- n = 15;
- else if (cmd_index != CMD_CAT)
- err(EINVAL, "cmd_helper_cat called erroneously");
+void
+cmd_helper_copy(void)
+{
+ x_v_memcpy(
+ buf + (unsigned long)((part ^ 1) * GBE_PART_SIZE),
+ buf + (unsigned long)(part * GBE_PART_SIZE),
+ GBE_PART_SIZE);
+
+ set_part_modified(part ^ 1);
+}
+
+void
+cmd_helper_cat(void)
+{
+ unsigned long p = 0;
+ unsigned long ff = 0;
+ unsigned long nff = 0;
fflush(NULL);
+ memset(pad, 0xff, GBE_PART_SIZE);
+
+ switch (cmd_index) {
+ case CMD_CAT:
+ nff = 0;
+ break;
+ case CMD_CAT16:
+ nff = 1;
+ break;
+ case CMD_CAT128:
+ nff = 15;
+ break;
+ default:
+ err(EINVAL, "erroneous call to cat");
+ }
+
for (p = 0; p < 2; p++) {
- gbe_cat_buf(buf + (size_t)(p * GBE_PART_SIZE));
+ cat_buf(bufcmp + (unsigned long)(p * (gbe_file_size >> 1)));
- for (ff = 0; ff < n; ff++)
- gbe_cat_buf(pad);
+ for (ff = 0; ff < nff; ff++)
+ cat_buf(pad);
}
}
-static void
-gbe_cat_buf(u8 *b)
+void
+cat_buf(unsigned char *b)
{
if (rw_file_exact(STDOUT_FILENO, b,
GBE_PART_SIZE, 0, IO_WRITE, LOOP_EAGAIN, LOOP_EINTR,
@@ -1472,91 +1636,66 @@ gbe_cat_buf(u8 *b)
err(errno, "stdout: cat");
}
-static void
+void
write_gbe_file(void)
{
struct stat gbe_st;
+ struct stat tmp_st;
- size_t p;
- size_t partnum;
- u8 update_checksum;
+ unsigned long p;
+ unsigned char update_checksum;
if (command[cmd_index].flags == O_RDONLY)
return;
- update_checksum = command[cmd_index].chksum_write;
-
- override_part_modified();
-
if (fstat(gbe_fd, &gbe_st) == -1)
err(errno, "%s: re-check", fname);
-
if (gbe_st.st_dev != gbe_dev || gbe_st.st_ino != gbe_ino)
err(EIO, "%s: file replaced while open", fname);
-
if (gbe_st.st_size != gbe_file_size)
err(errno, "%s: file size changed before write", fname);
-
if (!S_ISREG(gbe_st.st_mode))
err(errno, "%s: file type changed before write", fname);
- for (p = 0; p < 2; p++) {
- partnum = p ^ command[cmd_index].invert;
+ if (fstat(tmp_fd, &tmp_st) == -1)
+ err(errno, "%s: re-check", tname);
+ if (tmp_st.st_dev != tmp_dev || tmp_st.st_ino != tmp_ino)
+ err(EIO, "%s: file replaced while open", tname);
+ if (tmp_st.st_size != gbe_file_size)
+ err(errno, "%s: file size changed before write", tname);
+ if (!S_ISREG(tmp_st.st_mode))
+ err(errno, "%s: file type changed before write", tname);
- if (!part_modified[partnum])
+ update_checksum = command[cmd_index].chksum_write;
+
+ for (p = 0; p < 2; p++) {
+ if (!part_modified[p])
continue;
if (update_checksum)
- set_checksum(partnum);
+ set_checksum(p);
- rw_gbe_file_part(partnum, IO_PWRITE, "pwrite");
+ rw_gbe_file_part(p, IO_PWRITE, "pwrite");
}
}
-static void
-override_part_modified(void)
-{
- u8 mod_type = command[cmd_index].set_modified;
-
- switch (mod_type) {
- case SET_MOD_0:
- set_part_modified(0);
- break;
- case SET_MOD_1:
- set_part_modified(1);
- break;
- case SET_MOD_N:
- set_part_modified(part ^ command[cmd_index].invert);
- break;
- case SET_MOD_BOTH:
- set_part_modified(0);
- set_part_modified(1);
- break;
- case SET_MOD_OFF:
- break;
- default:
- err(EINVAL, "Unsupported set_mod type: %u",
- mod_type);
- }
-}
-
-static void
-set_checksum(size_t p)
+void
+set_checksum(unsigned long p)
{
check_bin(p, "part number");
set_nvm_word(NVM_CHECKSUM_WORD, p, calculated_checksum(p));
}
-static ushort
-calculated_checksum(size_t p)
+unsigned short
+calculated_checksum(unsigned long p)
{
- size_t c;
- uint val16 = 0;
+ unsigned long c;
+ unsigned int val16 = 0;
for (c = 0; c < NVM_CHECKSUM_WORD; c++)
- val16 += (uint)nvm_word(c, p);
+ val16 += (unsigned int)nvm_word(c, p);
- return (ushort)((NVM_CHECKSUM - val16) & 0xffff);
+ return (unsigned short)((NVM_CHECKSUM - val16) & 0xffff);
}
/*
@@ -1567,41 +1706,41 @@ calculated_checksum(size_t p)
* file, but we assume otherwise and adapt accordingly.
*/
-static ushort
-nvm_word(size_t pos16, size_t p)
+unsigned short
+nvm_word(unsigned long pos16, unsigned long p)
{
- size_t pos;
+ unsigned long pos;
check_nvm_bound(pos16, p);
pos = (pos16 << 1) + (p * GBE_PART_SIZE);
- return (ushort)buf[pos] |
- ((ushort)buf[pos + 1] << 8);
+ return (unsigned short)buf[pos] |
+ ((unsigned short)buf[pos + 1] << 8);
}
-static void
-set_nvm_word(size_t pos16, size_t p, ushort val16)
+void
+set_nvm_word(unsigned long pos16, unsigned long p, unsigned short val16)
{
- size_t pos;
+ unsigned long pos;
check_nvm_bound(pos16, p);
pos = (pos16 << 1) + (p * GBE_PART_SIZE);
- buf[pos] = (u8)(val16 & 0xff);
- buf[pos + 1] = (u8)(val16 >> 8);
+ buf[pos] = (unsigned char)(val16 & 0xff);
+ buf[pos + 1] = (unsigned char)(val16 >> 8);
set_part_modified(p);
}
-static void
-set_part_modified(size_t p)
+void
+set_part_modified(unsigned long p)
{
check_bin(p, "part number");
part_modified[p] = 1;
}
-static void
-check_nvm_bound(size_t c, size_t p)
+void
+check_nvm_bound(unsigned long c, unsigned long p)
{
/*
* NVM_SIZE assumed as the limit, because this
@@ -1613,62 +1752,140 @@ check_nvm_bound(size_t c, size_t p)
if (c >= NVM_WORDS)
err(ECANCELED, "check_nvm_bound: out of bounds %lu",
- (ulong)c);
+ (unsigned long)c);
}
-static void
-check_bin(size_t a, const char *a_name)
+void
+check_bin(unsigned long a, const char *a_name)
{
if (a > 1)
err(EINVAL, "%s must be 0 or 1, but is %lu",
- a_name, (ulong)a);
+ a_name, (unsigned long)a);
}
-static void
-rw_gbe_file_part(size_t p, int rw_type,
+void
+rw_gbe_file_part(unsigned long p, int rw_type,
const char *rw_type_str)
{
- ssize_t r;
- size_t gbe_rw_size = command[cmd_index].rw_size;
- u8 invert = command[cmd_index].invert;
+ long r;
+ unsigned long gbe_rw_size = command[cmd_index].rw_size;
- u8 *mem_offset;
+ unsigned char *mem_offset;
off_t file_offset;
if (rw_type < IO_PREAD || rw_type > IO_PWRITE)
err(errno, "%s: %s: part %lu: invalid rw_type, %d",
- fname, rw_type_str, (ulong)p, rw_type);
-
- if (rw_type == IO_PWRITE)
- invert = 0;
+ fname, rw_type_str, (unsigned long)p, rw_type);
- /*
- * Inverted reads are used by copy/swap.
- * E.g. read from p0 (file) to p1 (mem).
- */
- mem_offset = gbe_mem_offset(p ^ invert, rw_type_str);
+ mem_offset = gbe_mem_offset(p, rw_type_str);
file_offset = (off_t)gbe_file_offset(p, rw_type_str);
- r = rw_gbe_file_exact(gbe_fd, mem_offset,
+ r = rw_gbe_file_exact(tmp_fd, mem_offset,
gbe_rw_size, file_offset, rw_type);
if (r == -1)
err(errno, "%s: %s: part %lu",
- fname, rw_type_str, (ulong)p);
+ fname, rw_type_str, (unsigned long)p);
- if ((size_t)r != gbe_rw_size)
+ if ((unsigned long)r != gbe_rw_size)
err(EIO, "%s: partial %s: part %lu",
- fname, rw_type_str, (ulong)p);
+ fname, rw_type_str, (unsigned long)p);
}
-static void
-check_written_part(size_t p)
+void
+write_to_gbe_bin(void)
{
- ssize_t r;
- size_t gbe_rw_size;
- u8 *mem_offset;
+ int saved_errno;
+ int mv;
+
+ if (command[cmd_index].flags != O_RDWR)
+ return;
+
+ write_gbe_file();
+
+ /*
+ * We may otherwise read from
+ * cache, so we must sync.
+ */
+ if (x_i_fsync(tmp_fd) == -1)
+ err(errno, "%s: fsync (pre-verification)",
+ tname);
+
+ check_written_part(0);
+ check_written_part(1);
+
+ report_io_err_rw();
+
+ if (io_err_gbe)
+ err(EIO, "%s: bad write", fname);
+
+ /*
+ * success!
+ * now just rename the tmpfile
+ */
+
+ saved_errno = errno;
+
+ if (x_i_close(tmp_fd) == -1) {
+ fprintf(stderr, "FAIL: %s: close\n", tname);
+ io_err_gbe_bin = 1;
+ }
+
+ if (x_i_close(gbe_fd) == -1) {
+ fprintf(stderr, "FAIL: %s: close\n", fname);
+ io_err_gbe_bin = 1;
+ }
+
+ errno = saved_errno;
+
+ tmp_fd = -1;
+ gbe_fd = -1;
+
+ if (!io_err_gbe_bin) {
+
+ mv = gbe_mv();
+
+ if (mv < 0) {
+ io_err_gbe_bin = 1;
+ fprintf(stderr, "%s: %s\n",
+ fname, strerror(errno));
+ } else {
+ /*
+ * tmpfile removed
+ * by the rename
+ */
+
+ if (tname != NULL)
+ free(tname);
+
+ tname = NULL;
+ }
+ }
+
+ /*
+ * finally:
+ * must sync to disk!
+ * very nearly done
+ */
+
+ if (!io_err_gbe_bin)
+ return;
+
+ fprintf(stderr, "FAIL (rename): %s: skipping fsync\n",
+ fname);
+ if (errno)
+ fprintf(stderr,
+ "errno %d: %s\n", errno, strerror(errno));
+}
+
+void
+check_written_part(unsigned long p)
+{
+ long r;
+ unsigned long gbe_rw_size;
+ unsigned char *mem_offset;
off_t file_offset;
- u8 *buf_restore;
+ unsigned char *buf_restore;
struct stat st;
if (!part_modified[p])
@@ -1684,18 +1901,22 @@ check_written_part(size_t p)
if (fstat(gbe_fd, &st) == -1)
err(errno, "%s: fstat (post-write)", fname);
-
if (st.st_dev != gbe_dev || st.st_ino != gbe_ino)
err(EIO, "%s: file changed during write", fname);
- r = rw_gbe_file_exact(gbe_fd, pad,
+ if (fstat(tmp_fd, &st) == -1)
+ err(errno, "%s: fstat (post-write)", tname);
+ if (st.st_dev != tmp_dev || st.st_ino != tmp_ino)
+ err(EIO, "%s: file changed during write", tname);
+
+ r = rw_gbe_file_exact(tmp_fd, pad,
gbe_rw_size, file_offset, IO_PREAD);
if (r == -1)
rw_check_err_read[p] = io_err_gbe = 1;
- else if ((size_t)r != gbe_rw_size)
+ else if ((unsigned long)r != gbe_rw_size)
rw_check_partial_read[p] = io_err_gbe = 1;
- else if (memcmp(mem_offset, pad, gbe_rw_size) != 0)
+ else if (x_i_memcmp(mem_offset, pad, gbe_rw_size) != 0)
rw_check_bad_part[p] = io_err_gbe = 1;
if (rw_check_err_read[p] ||
@@ -1713,10 +1934,10 @@ check_written_part(size_t p)
buf = buf_restore;
}
-static void
+void
report_io_err_rw(void)
{
- size_t p;
+ unsigned long p;
if (!io_err_gbe)
return;
@@ -1728,22 +1949,22 @@ report_io_err_rw(void)
if (rw_check_err_read[p])
fprintf(stderr,
"%s: pread: p%lu (post-verification)\n",
- fname, (ulong)p);
+ fname, (unsigned long)p);
if (rw_check_partial_read[p])
fprintf(stderr,
"%s: partial pread: p%lu (post-verification)\n",
- fname, (ulong)p);
+ fname, (unsigned long)p);
if (rw_check_bad_part[p])
fprintf(stderr,
"%s: pwrite: corrupt write on p%lu\n",
- fname, (ulong)p);
+ fname, (unsigned long)p);
if (rw_check_err_read[p] ||
rw_check_partial_read[p]) {
fprintf(stderr,
"%s: p%lu: skipped checksum verification "
"(because read failed)\n",
- fname, (ulong)p);
+ fname, (unsigned long)p);
continue;
}
@@ -1756,7 +1977,7 @@ report_io_err_rw(void)
fprintf(stderr, "BAD");
fprintf(stderr, " checksum in p%lu on-disk.\n",
- (ulong)p);
+ (unsigned long)p);
if (post_rw_checksum[p]) {
fprintf(stderr,
@@ -1766,18 +1987,224 @@ report_io_err_rw(void)
}
}
+int
+gbe_mv(void)
+{
+ int r;
+ int saved_errno;
+ int tmp_gbe_bin_exists = 1;
+
+ char *dest_tmp = NULL;
+ int dest_fd = -1;
+
+ saved_errno = errno;
+
+ r = rename(tname, fname);
+
+ if (r > -1) {
+ /*
+ * same filesystem
+ */
+
+ tmp_gbe_bin_exists = 0;
+
+ if (fsync_dir(fname) < 0)
+ r = -1;
+
+ goto ret_gbe_mv;
+ }
+
+ if (errno != EXDEV)
+ goto ret_gbe_mv;
+
+ /* cross-filesystem rename */
+
+ if ((r = tmp_fd = open(tname,
+ O_RDONLY | O_BINARY)) == -1)
+ goto ret_gbe_mv;
+
+ /* create replacement temp in target directory */
+ dest_tmp = new_tmpfile(&dest_fd, 1, fname);
+ if (dest_tmp == NULL)
+ goto ret_gbe_mv;
+
+ /* copy data */
+
+ r = rw_file_exact(tmp_fd, bufcmp,
+ gbe_file_size, 0, IO_PREAD,
+ NO_LOOP_EAGAIN, LOOP_EINTR,
+ MAX_ZERO_RW_RETRY, OFF_ERR);
+
+ if (r < 0)
+ goto ret_gbe_mv;
+
+ r = rw_file_exact(dest_fd, bufcmp,
+ gbe_file_size, 0, IO_PWRITE,
+ NO_LOOP_EAGAIN, LOOP_EINTR,
+ MAX_ZERO_RW_RETRY, OFF_ERR);
+
+ if (r < 0)
+ goto ret_gbe_mv;
+
+ if (x_i_fsync(dest_fd) == -1)
+ goto ret_gbe_mv;
+
+ if (x_i_close(dest_fd) == -1)
+ goto ret_gbe_mv;
+
+ if (rename(dest_tmp, fname) == -1)
+ goto ret_gbe_mv;
+
+ if (fsync_dir(fname) < 0)
+ goto ret_gbe_mv;
+
+ free(dest_tmp);
+ dest_tmp = NULL;
+
+ret_gbe_mv:
+
+ if (gbe_fd > -1) {
+ if (x_i_close(gbe_fd) < 0)
+ r = -1;
+ if (fsync_dir(fname) < 0)
+ r = -1;
+ gbe_fd = -1;
+ }
+
+ if (tmp_fd > -1) {
+ if (x_i_close(tmp_fd) < 0)
+ r = -1;
+
+ tmp_fd = -1;
+ }
+
+ /*
+ * before this function is called,
+ * tmp_fd may have been moved
+ */
+ if (tmp_gbe_bin_exists) {
+ if (unlink(tname) < 0)
+ r = -1;
+ else
+ tmp_gbe_bin_exists = 0;
+ }
+
+ if (r < 0) {
+ /*
+ * if nothing set errno,
+ * we assume EIO, or we
+ * use what was set
+ */
+ if (errno == saved_errno)
+ errno = EIO;
+ } else {
+ errno = saved_errno;
+ }
+
+ return r;
+}
+
+/*
+ * Ensure rename() is durable by syncing the
+ * directory containing the target file.
+ */
+int
+fsync_dir(const char *path)
+{
+#if defined(PATH_LEN) && \
+ (PATH_LEN) >= 256
+ unsigned long maxlen = PATH_LEN;
+#else
+ unsigned long maxlen = 1024;
+#endif
+ unsigned long pathlen;
+/* char dirbuf[maxlen]; */
+ char *dirbuf = NULL;
+ char *slash;
+ int dfd = -1;
+
+ struct stat st;
+
+ int saved_errno = errno;
+
+ pathlen = xstrxlen(path, maxlen);
+
+ if (pathlen >= maxlen) {
+ fprintf(stderr, "Path too long for fsync_parent_dir\n");
+ goto err_fsync_dir;
+ }
+
+ dirbuf = malloc(pathlen + 1);
+ if (dirbuf == NULL)
+ goto err_fsync_dir;
+
+ x_v_memcpy(dirbuf, path, pathlen + 1);
+ slash = x_c_strrchr(dirbuf, '/');
+
+ if (slash != NULL) {
+ *slash = '\0';
+ if (*dirbuf == '\0')
+ strcpy(dirbuf, "/");
+ } else {
+ strcpy(dirbuf, ".");
+ }
+
+ dfd = open(dirbuf, O_RDONLY);
+ if (dfd == -1)
+ goto err_fsync_dir;
+
+ if (fstat(dfd, &st) < 0)
+ goto err_fsync_dir;
+
+ if (!S_ISDIR(st.st_mode)) {
+ fprintf(stderr, "%s: not a directory\n", dirbuf);
+ goto err_fsync_dir;
+ }
+
+ /* sync file on disk */
+ if (x_i_fsync(dfd) == -1)
+ goto err_fsync_dir;
+
+ if (x_i_close(dfd) == -1)
+ goto err_fsync_dir;
+
+ if (dirbuf != NULL)
+ free(dirbuf);
+
+ errno = saved_errno;
+ return 0;
+
+err_fsync_dir:
+ if (!errno)
+ errno = EIO;
+
+ if (errno != saved_errno)
+ fprintf(stderr, "%s: %s\n", fname, strerror(errno));
+
+ if (dirbuf != NULL)
+ free(dirbuf);
+
+ if (dfd > -1)
+ x_i_close(dfd);
+
+ io_err_gbe_bin = 1;
+ errno = saved_errno;
+
+ return -1;
+}
+
/*
* This one is similar to gbe_file_offset,
* but used to check Gbe bounds in memory,
* and it is *also* used during file I/O.
*/
-static u8 *
-gbe_mem_offset(size_t p, const char *f_op)
+unsigned char *
+gbe_mem_offset(unsigned long p, const char *f_op)
{
off_t gbe_off = gbe_x_offset(p, f_op, "mem",
- GBE_PART_SIZE, GBE_FILE_SIZE);
+ GBE_PART_SIZE, GBE_WORK_SIZE);
- return (u8 *)(buf + (size_t)gbe_off);
+ return (unsigned char *)(buf + (unsigned long)gbe_off);
}
/*
@@ -1787,8 +2214,8 @@ gbe_mem_offset(size_t p, const char *f_op)
*
* This check is called, to ensure just that.
*/
-static off_t
-gbe_file_offset(size_t p, const char *f_op)
+off_t
+gbe_file_offset(unsigned long p, const char *f_op)
{
off_t gbe_file_half_size = gbe_file_size >> 1;
@@ -1796,8 +2223,8 @@ gbe_file_offset(size_t p, const char *f_op)
gbe_file_half_size, gbe_file_size);
}
-static off_t
-gbe_x_offset(size_t p, const char *f_op, const char *d_type,
+off_t
+gbe_x_offset(unsigned long p, const char *f_op, const char *d_type,
off_t nsize, off_t ncmp)
{
off_t off;
@@ -1817,35 +2244,30 @@ gbe_x_offset(size_t p, const char *f_op, const char *d_type,
return off;
}
-static ssize_t
-rw_gbe_file_exact(int fd, u8 *mem, size_t nrw,
+long
+rw_gbe_file_exact(int fd, unsigned char *mem, unsigned long nrw,
off_t off, int rw_type)
{
- size_t mem_addr;
- size_t buf_addr;
- ssize_t r;
+ long r;
if (io_args(fd, mem, nrw, off, rw_type) == -1)
return -1;
- mem_addr = (size_t)(void *)mem;
- buf_addr = (size_t)(void *)buf;
-
if (mem != (void *)pad) {
- if (mem_addr < buf_addr)
+ if (mem < buf)
goto err_rw_gbe_file_exact;
- if ((mem_addr - buf_addr) >= (size_t)GBE_FILE_SIZE)
+ if ((unsigned long)(mem - buf) >= GBE_WORK_SIZE)
goto err_rw_gbe_file_exact;
}
if (off < 0 || off >= gbe_file_size)
goto err_rw_gbe_file_exact;
- if (nrw > (size_t)(gbe_file_size - off))
+ if (nrw > (unsigned long)(gbe_file_size - off))
goto err_rw_gbe_file_exact;
- if (nrw > (size_t)GBE_PART_SIZE)
+ if (nrw > (unsigned long)GBE_PART_SIZE)
goto err_rw_gbe_file_exact;
r = rw_file_exact(fd, mem, nrw, off, rw_type,
@@ -1889,17 +2311,17 @@ err_rw_gbe_file_exact:
* times upon zero-return, to recover,
* otherwise it will return an error.
*/
-static ssize_t
-rw_file_exact(int fd, u8 *mem, size_t nrw,
+long
+rw_file_exact(int fd, unsigned char *mem, unsigned long nrw,
off_t off, int rw_type, int loop_eagain,
- int loop_eintr, size_t max_retries,
+ int loop_eintr, unsigned long max_retries,
int off_reset)
{
- ssize_t rv = 0;
- ssize_t rc = 0;
- size_t retries_on_zero = 0;
+ long rv = 0;
+ long rc = 0;
+ unsigned long retries_on_zero = 0;
off_t off_cur;
- size_t nrw_cur;
+ unsigned long nrw_cur;
void *mem_cur;
if (io_args(fd, mem, nrw, off, rw_type) == -1)
@@ -1908,18 +2330,18 @@ rw_file_exact(int fd, u8 *mem, size_t nrw,
while (1) {
/* Prevent theoretical overflow */
- if (rv >= 0 && (size_t)rv > (nrw - rc))
+ if (rv >= 0 && (unsigned long)rv > (nrw - rc))
goto err_rw_file_exact;
rc += rv;
- if ((size_t)rc >= nrw)
+ if ((unsigned long)rc >= nrw)
break;
- mem_cur = (void *)(mem + (size_t)rc);
- nrw_cur = (size_t)(nrw - (size_t)rc);
+ mem_cur = (void *)(mem + (unsigned long)rc);
+ nrw_cur = (unsigned long)(nrw - (unsigned long)rc);
if (off < 0)
goto err_rw_file_exact;
- off_cur = (off_t)((size_t)off + (size_t)rc);
+ off_cur = off + (off_t)rc;
rv = prw(fd, mem_cur, nrw_cur, off_cur,
rw_type, loop_eagain, loop_eintr,
@@ -1937,7 +2359,7 @@ rw_file_exact(int fd, u8 *mem, size_t nrw,
retries_on_zero = 0;
}
- if ((size_t)rc != nrw)
+ if ((unsigned long)rc != nrw)
goto err_rw_file_exact;
return rw_over_nrw(rc, nrw);
@@ -1989,13 +2411,13 @@ err_rw_file_exact:
* we reset and continue, and pray for the worst.
*/
-static ssize_t
-prw(int fd, void *mem, size_t nrw,
+long
+prw(int fd, void *mem, unsigned long nrw,
off_t off, int rw_type,
int loop_eagain, int loop_eintr,
int off_reset)
{
- ssize_t r;
+ long r;
int positional_rw;
struct stat st;
#if !defined(HAVE_REAL_PREAD_PWRITE) || \
@@ -2086,19 +2508,6 @@ real_pread_pwrite:
loop_eagain, loop_eintr);
do {
- if (off != verified)
- goto err_prw;
-
- if (rw_type == IO_PREAD)
- r = read(fd, mem, nrw);
- else if (rw_type == IO_PWRITE)
- r = write(fd, mem, nrw);
-
- if (rw_over_nrw(r, nrw) == -1) {
- errno = EIO;
- break;
- }
-
/*
* Verify again before I/O
* (even with OFF_ERR)
@@ -2119,6 +2528,19 @@ real_pread_pwrite:
verified = lseek_loop(fd, (off_t)0, SEEK_CUR,
loop_eagain, loop_eintr);
+ if (off != verified)
+ goto err_prw;
+
+ if (rw_type == IO_PREAD)
+ r = read(fd, mem, nrw);
+ else if (rw_type == IO_PWRITE)
+ r = write(fd, mem, nrw);
+
+ if (rw_over_nrw(r, nrw) == -1) {
+ errno = EIO;
+ break;
+ }
+
} while (r == -1 &&
(errno == try_err(loop_eintr, EINTR)
|| errno == try_err(loop_eagain, EAGAIN)));
@@ -2144,8 +2566,8 @@ err_prw:
return -1;
}
-static int
-io_args(int fd, void *mem, size_t nrw,
+int
+io_args(int fd, void *mem, unsigned long nrw,
off_t off, int rw_type)
{
/* obviously */
@@ -2165,11 +2587,11 @@ io_args(int fd, void *mem, size_t nrw,
goto err_io_args;
/* prevent overflow */
- if (nrw > (size_t)SSIZE_MAX)
+ if (nrw > (unsigned long)X_LONG_MAX)
goto err_io_args;
/* prevent overflow */
- if (((size_t)off + nrw) < (size_t)off)
+ if (((unsigned long)off + nrw) < (unsigned long)off)
goto err_io_args;
if (rw_type > IO_PWRITE)
@@ -2182,7 +2604,7 @@ err_io_args:
return -1;
}
-static int
+int
check_file(int fd, struct stat *st)
{
if (fstat(fd, st) == -1)
@@ -2204,8 +2626,8 @@ err_is_file:
* POSIX can say whatever it wants.
* specification != implementation
*/
-static ssize_t
-rw_over_nrw(ssize_t r, size_t nrw)
+long
+rw_over_nrw(long r, unsigned long nrw)
{
/*
* If a byte length of zero
@@ -2218,14 +2640,14 @@ rw_over_nrw(ssize_t r, size_t nrw)
if (r == -1)
return r;
- if ((size_t)r > SSIZE_MAX) {
+ if ((unsigned long)r > X_LONG_MAX) {
/*
* Theoretical buggy libc
* check. Extremely academic.
*
* Specifications never
* allow this return value
- * to exceed SSIZE_MAX, but
+ * to exceed SSIZE_T, but
* spec != implementation
*
* Check this after using
@@ -2239,7 +2661,7 @@ rw_over_nrw(ssize_t r, size_t nrw)
* Should never return a number of
* bytes above the requested length.
*/
- if ((size_t)r > nrw)
+ if ((unsigned long)r > nrw)
goto err_rw_over_nrw;
return r;
@@ -2257,7 +2679,7 @@ err_rw_over_nrw:
* on an EINTR/EAGAIN wait loop. Used by prw()
* for setting offsets for positional I/O.
*/
-static off_t
+off_t
lseek_loop(int fd, off_t off, int whence,
int loop_eagain, int loop_eintr)
{
@@ -2279,7 +2701,7 @@ lseek_loop(int fd, off_t off, int whence,
* will loop until errno isn't -1 and one
* of these, e.g. -1 and EINTR
*/
-static int
+int
try_err(int loop_err, int errval)
{
if (loop_err)
@@ -2291,15 +2713,38 @@ try_err(int loop_err, int errval)
return -1;
}
-static void
+void
+usage(void)
+{
+ const char *util = getnvmprogname();
+
+ fprintf(stderr,
+ "Modify Intel GbE NVM images e.g. set MAC\n"
+ "USAGE:\n"
+ "\t%s FILE dump\n"
+ "\t%s FILE setmac [MAC]\n"
+ "\t%s FILE swap\n"
+ "\t%s FILE copy 0|1\n"
+ "\t%s FILE cat\n"
+ "\t%s FILE cat16\n"
+ "\t%s FILE cat128\n",
+ util, util, util, util,
+ util, util, util);
+
+ err(EINVAL, "Too few arguments");
+}
+
+void
err(int nvm_errval, const char *msg, ...)
{
va_list args;
if (errno == 0)
errno = nvm_errval;
+ if (!errno)
+ errno = ECANCELED;
- (void)close_files();
+ (void)exit_cleanup();
fprintf(stderr, "%s: ", getnvmprogname());
@@ -2310,31 +2755,47 @@ err(int nvm_errval, const char *msg, ...)
fprintf(stderr, ": %s", strerror(errno));
fprintf(stderr, "\n");
+
+ if (tname != NULL)
+ free(tname);
+
exit(EXIT_FAILURE);
}
-static int
-close_files(void)
+int
+exit_cleanup(void)
{
- int close_err_gbe = 0;
+ int close_err = 0;
int saved_errno = errno;
if (gbe_fd > -1) {
- if (close(gbe_fd) == -1)
- close_err_gbe = errno;
+ if (x_i_close(gbe_fd) == -1)
+ close_err = 1;
gbe_fd = -1;
}
+ if (tmp_fd > -1) {
+ if (x_i_close(tmp_fd) == -1)
+ close_err = 1;
+ }
+
+ if (tname != NULL) {
+ if (unlink(tname) == -1)
+ close_err = 1;
+ }
+
+ tmp_fd = -1;
+
if (saved_errno)
errno = saved_errno;
- if (close_err_gbe)
+ if (close_err)
return -1;
return 0;
}
-static const char *
+const char *
getnvmprogname(void)
{
const char *p;
@@ -2342,7 +2803,7 @@ getnvmprogname(void)
if (argv0 == NULL || *argv0 == '\0')
return "";
- p = strrchr(argv0, '/');
+ p = x_c_strrchr(argv0, '/');
if (p)
return p + 1;
@@ -2350,28 +2811,436 @@ getnvmprogname(void)
return argv0;
}
-static void
-usage(int usage_exit)
+/*
+ * create new tmpfile path
+ *
+ * ON SUCCESS:
+ *
+ * returns ptr to path string on success
+ * ALSO: the int at *fd will be set,
+ * indicating the file descriptor
+ *
+ * ON ERROR:
+ *
+ * return NULL (*fd not touched)
+ *
+ * malloc() may set errno, but you should
+ * not rely on errno from this function
+ *
+ * local: if non-zero, then only a file
+ * name will be given, relative to
+ * the current file name. for this,
+ * the 3rd argument (path) must be non-null
+ *
+ * if local is zero, then 3rd arg (path)
+ * is irrelevant and can be NULL
+ */
+char *
+new_tmpfile(int *fd, int local, const char *path)
{
- const char *util = getnvmprogname();
+ unsigned long maxlen;
+ struct stat st;
-#ifdef NVMUTIL_PLEDGE
- if (pledge("stdio", NULL) == -1)
- err(errno, "pledge");
+ /*
+ * please do not modify the
+ * strings or I will get mad
+ */
+ char tmp_none[] = "";
+ char tmp_default[] = "/tmp";
+ char default_tmpname[] = "tmpXXXXXX";
+ char *tmpname;
+
+ char *base = NULL;
+ char *dest = NULL;
+
+ unsigned long tmpdir_len = 0;
+ unsigned long tmpname_len = 0;
+ unsigned long tmppath_len = 0;
+
+ int fd_tmp = -1;
+ int flags;
+
+ /*
+ * 256 is the most
+ * conservative path
+ * size limit (posix),
+ * but 4096 is modern
+ *
+ * set PATH_LEN as you
+ * wish, at build time
+ */
+
+#if defined(PATH_LEN) && \
+ (PATH_LEN) >= 256
+ maxlen = PATH_LEN;
+#else
+ maxlen = 1024;
#endif
- fprintf(stderr,
- "Modify Intel GbE NVM images e.g. set MAC\n"
- "USAGE:\n"
- "\t%s FILE dump\n"
- "\t%s FILE setmac [MAC]\n"
- "\t%s FILE swap\n"
- "\t%s FILE copy 0|1\n"
- "\t%s FILE cat\n"
- "\t%s FILE cat16\n"
- "\t%s FILE cat128\n",
- util, util, util, util,
- util, util, util);
- if (usage_exit)
- err(EINVAL, "Too few arguments");
+ tmpname = default_tmpname;
+ if (local) {
+ if (path == NULL)
+ goto err_new_tmpfile;
+ if (*path == '\0')
+ goto err_new_tmpfile;
+
+ if (stat(path, &st) == -1)
+ goto err_new_tmpfile;
+
+ if (!S_ISREG(st.st_mode))
+ goto err_new_tmpfile;
+
+ tmpname = (char *)path;
+ }
+
+ if (local) {
+ base = tmp_none;
+
+ /*
+ * appended to filename for tmp:
+ */
+ tmpdir_len = sizeof(default_tmpname);
+ } else {
+ base = x_c_tmpdir();
+
+ if (base == NULL)
+ base = tmp_default;
+ if (*base == '\0')
+ base = tmp_default;
+
+ tmpdir_len = xstrxlen(base, maxlen);
+ }
+
+ tmpname_len = xstrxlen(tmpname, maxlen);
+
+ tmppath_len = tmpdir_len + tmpname_len;
+ ++tmppath_len; /* for '/' or '.' */
+
+ /*
+ * max length -1 of maxlen
+ * for termination
+ */
+ if (tmpdir_len > maxlen - tmpname_len - 1)
+ goto err_new_tmpfile;
+
+ /* +1 for NULL */
+ dest = malloc(tmppath_len + 1);
+ if (dest == NULL)
+ goto err_new_tmpfile;
+
+ if (local) {
+
+ *dest = '.'; /* hidden file */
+
+ x_v_memcpy(dest + (unsigned long)1, tmpname, tmpname_len);
+
+ x_v_memcpy(dest + (unsigned long)1 + tmpname_len,
+ default_tmpname, tmpdir_len);
+ } else {
+
+ x_v_memcpy(dest, base, tmpdir_len);
+
+ dest[tmpdir_len] = '/';
+
+ x_v_memcpy(dest + tmpdir_len + 1, tmpname, tmpname_len);
+ }
+
+ dest[tmppath_len] = '\0';
+
+ fd_tmp = x_i_mkstemp(dest);
+ if (fd_tmp == -1)
+ goto err_new_tmpfile;
+
+ if (x_i_fchmod(fd_tmp, 0600) == -1)
+ goto err_new_tmpfile;
+
+ if (lock_file(fd_tmp) == -1)
+ goto err_new_tmpfile;
+
+ if (fstat(fd_tmp, &st) == -1)
+ goto err_new_tmpfile;
+
+ /*
+ * Extremely defensive
+ * likely pointless checks
+ */
+
+ /* check if it's a file */
+ if (!S_ISREG(st.st_mode))
+ goto err_new_tmpfile;
+
+ /* check if it's seekable */
+ if (lseek(fd_tmp, 0, SEEK_CUR) == (off_t)-1)
+ goto err_new_tmpfile;
+
+ /* inode will be checked later on write */
+ tmp_dev = st.st_dev;
+ tmp_ino = st.st_ino;
+
+ /* tmpfile has >1 hardlinks */
+ if (st.st_nlink > 1)
+ goto err_new_tmpfile;
+
+ /* tmpfile unlinked while opened */
+ if (st.st_nlink == 0)
+ goto err_new_tmpfile;
+
+ flags = fcntl(fd_tmp, F_GETFL);
+
+ if (flags == -1)
+ goto err_new_tmpfile;
+
+ /*
+ * O_APPEND would permit offsets
+ * to be ignored, which breaks
+ * positional read/write
+ */
+ if (flags & O_APPEND)
+ goto err_new_tmpfile;
+
+ *fd = fd_tmp;
+
+ return dest;
+
+err_new_tmpfile:
+
+ if (dest != NULL)
+ free(dest);
+
+ if (fd_tmp > -1)
+ x_i_close(fd_tmp);
+
+ return NULL;
+}
+
+/*
+ * portable mkstemp
+ */
+int
+x_i_mkstemp(char *template)
+{
+ int fd;
+ int i, j;
+ unsigned long len;
+ char *p;
+
+ char ch[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+
+ len = xstrxlen(template, PATH_LEN);
+
+ /* find trailing XXXXXX */
+ if (len < 6)
+ return -1;
+
+ p = template + len - 6;
+
+ for (i = 0; i < 100; i++) {
+
+ for (j = 0; j < 6; j++)
+ p[j] = ch[rlong() & 31];
+
+ fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600);
+
+ if (fd >= 0)
+ return fd;
+
+ if (errno != EEXIST)
+ return -1;
+ }
+
+ errno = EEXIST;
+ return -1;
+}
+
+char *
+x_c_strrchr(const char *s, int c)
+{
+ const char *p = NULL;
+
+ while (*s) {
+ if (*s == (char)c)
+ p = s;
+ s++;
+ }
+
+ if (c == '\0')
+ return (char *)s;
+
+ return (char *)p;
+}
+
+/*
+int
+x_i_rename(const char *src, const char *dst)
+{
+ int sfd, dfd;
+ ssize_t r;
+ char buf[8192];
+
+ sfd = open(src, O_RDONLY);
+ if (sfd < 0)
+ return -1;
+
+ dfd = open(dst, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+ if (dfd < 0) {
+ x_i_close(sfd);
+ return -1;
+ }
+
+ while ((r = read(sfd, buf, sizeof(buf))) > 0) {
+ ssize_t w = write(dfd, buf, r);
+ if (w != r) {
+ x_i_close(sfd);
+ x_i_close(dfd);
+ return -1;
+ }
+ }
+
+ if (r < 0) {
+ x_i_close(sfd);
+ x_i_close(dfd);
+ return -1;
+ }
+
+ x_i_fsync(dfd);
+
+ x_i_close(sfd);
+ x_i_close(dfd);
+
+ if (unlink(src) < 0)
+ return -1;
+
+ return 0;
+}
+*/
+
+char *
+x_c_tmpdir(void)
+{
+ char *t;
+ struct stat st;
+
+ t = getenv("TMPDIR");
+ if (t && *t) {
+ if (stat(t, &st) == 0 && S_ISDIR(st.st_mode))
+ return t;
+ }
+
+ if (stat("/tmp", &st) == 0 && S_ISDIR(st.st_mode))
+ return "/tmp";
+
+ if (stat("/var/tmp", &st) == 0 && S_ISDIR(st.st_mode))
+ return "/var/tmp";
+
+ return ".";
+}
+
+int
+x_i_close(int fd)
+{
+ int r;
+
+ do {
+ r = close(fd);
+ } while (r == -1 && errno == EINTR);
+
+ return r;
+}
+
+void *
+x_v_memcpy(void *dst, const void *src, unsigned long n)
+{
+ unsigned char *d = (unsigned char *)dst;
+ const unsigned char *s = (const unsigned char *)src;
+
+ while (n--)
+ *d++ = *s++;
+
+ return dst;
+}
+
+int
+x_i_memcmp(const void *a, const void *b, unsigned long n)
+{
+ const unsigned char *pa = (const unsigned char *)a;
+ const unsigned char *pb = (const unsigned char *)b;
+
+ while (n--) {
+ if (*pa != *pb)
+ return *pa - *pb;
+ pa++;
+ pb++;
+ }
+
+ return 0;
+}
+
+int
+x_i_fchmod(int fd, mode_t mode)
+{
+ if (x_try_fdpath("/dev/fd/", fd, mode) == 0)
+ return 0;
+
+ if (x_try_fdpath("/proc/self/fd/", fd, mode) == 0)
+ return 0;
+
+ errno = ENOSYS;
+ return -1;
+}
+
+int
+x_try_fdpath(const char *prefix, int fd, mode_t mode)
+{
+ char path[PATH_LEN];
+
+ unsigned long i = 0;
+ unsigned long j;
+
+ while (prefix[i]) {
+ path[i] = prefix[i];
+ i++;
+ }
+
+ j = x_conv_fd(path + i, (unsigned long)fd);
+ i += j;
+
+ path[i] = '\0';
+
+ return chmod(path, mode);
+}
+
+unsigned long
+x_conv_fd(char *buf, unsigned long n)
+{
+ char tmp[256];
+
+ unsigned long i = 0;
+ unsigned long j = 0;
+
+ if (n == 0) {
+ buf[0] = '0';
+ return 1;
+ }
+
+ while (n > 0) {
+ tmp[i++] = (char)('0' + (n % 10));
+ n /= 10;
+ }
+
+ while (i > 0)
+ buf[j++] = tmp[--i];
+
+ return j;
+}
+
+int
+x_i_fsync(int fd)
+{
+ int r;
+
+ do {
+ r = fsync(fd);
+ } while (r == -1 && errno == EINTR);
+
+ return r;
}
generated by cgit v1.2.1 (git 2.18.0) at 2026-03-16 20:56:03 +0000