| Age | Commit message (Collapse) | Author |
|---|
|
but DONT LOOP IT. see comment.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not indicated. the way we use it is basically like
stat, to check that a file exists / is a file.
just err the fuck out
nuance: SETLK is non-blocking (no wait).
we should loop on SETLKW, but we don't use that.
in this codebase, we use SETLK for locking a
tmpfile, but because of race conditions and
wanting to make another file quickly, we just
try again with a newly generated name, with a
certain number of retries, so we justt use SETLK
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not necessary.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
clang -Weverything told me to
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
state is undefined after EINTR. just abort universally.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
as dictated by clang -Weverything
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
clang -Weverything:
lib/file.c:165:49: warning: implicit conversion changes signedness: 'ssize_t' (aka 'long') to 'size_t' (aka 'unsigned long') [-Wsign-conversion]
165 | if (if_err(rval >= 0 && (size_t)rval > (nrw - rc), EOVERFLOW))
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
detected via clang -Weverything
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not needed here (detected with clang -Weverything)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
call it rw_exact, so that it's closer to
the name rw. it matches naming more closely;
the alternative was to call rw rw_file
but read/write can handle more than just files!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
even with a timer, it's possible that on a buggy system,
we may keep writing even though the outcome is zero. if
a system comes back with zero bytes written, that is a
fatal bug and we should stop.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the actual warn flags are still there.
leaving Werror in production is ill advised.
i can (and will) still fix build errors as
i see them.
as a result of this, i now also see more info
when i type:
make strict
(this uses clang with -Weverything)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
rw is enough. i unified everything there.
next commit will remove rw_type and instead
run positional i/o depending on whether the
offset is zero. i'm simplifying the API a lot.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
add options for building with urandom+openat and
arc4+openat. useful for emulating a bsd / old linux
environment in modern linux distros, for portability
testing.
these options are not recommended for everyday use.
just use make without any special options, and the
code has build-time OS detection for features like
randomisation/openat2.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
-DUSE_ARC4=1
use that
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
these can be set explicitly in the compiler flags,
e.g.
make CC="cc -DUSE_OPENAT=1 -DUSE_URANDOM=1"
these options, if set to 1, will cause you to use
the code as if it were running on non-linux systems
such as openbsd. of course, some differences will
still exist, but this is useful for portability
testing when compiling on linux.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
and remove manual prototypes; fchmod, realpath
and so on rely on the _XOPEN_SOURCE macro.
the POSIX macro wasn't needed: _XOPEN_SOURCE
is sufficient.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
use the POSIX one
declare prototypes where necessary.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, i will end up with a mess like the
one i recently fixed.
we always want to use correct C. the current
spec is set to c99, with -pedantic turned on.
flags now:
-Os -Wall -Wextra -std=c99 -pedantic -Werror
if you do: make hell, you get (uses clang):
-Os -Wall -Wextra -std=c99 -pedantic -Werror -Weverything
i initially loosened up the Makefile rules, so
that the code would be more "portable", but
every compiler worth caring about has these
flags, and turning them on is advisable,
especially pedantic and -std, because you want
to have some guarantee that the compiler is
generating correct code; if the standard is
left ambiguous, you could be introducing subtle
bugs when people compile it, because who knows
what spec the compiler is using?
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i wasn't using strict mode enough in make:
make strict
now it compiles cleanly. mostly removing
unused variables, fixing implicit conversions,
etc.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
In file included from /home/user/lbmk/src/coreboot/fam15h/util/cbfstool/partitioned_file.h:19,
from /home/user/lbmk/src/coreboot/fam15h/util/cbfstool/partitioned_file.c:16:
/home/user/lbmk/src/coreboot/fam15h/util/cbfstool/common.h:34:16: error: expected ‘)’ before ‘__attribute__’
34 | #define unused __attribute__((unused))
| ^~~~~~~~~~~~~
In file included from /home/user/lbmk/src/coreboot/fam15h/util/cbfstool/common.h:25:
/home/user/lbmk/src/coreboot/fam15h/src/commonlib/include/commonlib/helpers.h:137:40: error: expected identifier or ‘(’ before ‘)’ token
137 | #define __unused __attribute__((unused))
^ this removes that error
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
or any newer linux really.
new gcc is much stricter about const chars.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
gnu changed a flag for like, no fucking reason
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
but i can't write a generic function for this,
because fcntl is a variadic function, so wrapping
cannot be done cleanly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, we invoke the state machine in weird
conditions, where some pointers may not be initialised.
we could handle this properly, but why?
therefore, the errhook is called after the argc
check.
this patch fixes a Speicherzugriffsfehler that
i got while running nvmutil with below 3 arguments
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
where possible, try not to clobber sys errno. override
it only when relatively safe.
also: when a syscall succeeds, it may set errno. this
is rare, but permitted (nothing specified against it
in specs, and the specs say that errno is undefined
on success).
i'm not libc, but i'm wrapping around it, so i need
to be careful in how i handle the errno value.
also:
i removed the requirement for directories to be
executable, in mkhtemp.c, because this isn't required
and will only break certain setups.
in world_writeable and sticky, i made the checks stricter:
the faccessat check was being skipped on some paths, so
i've closed that loophole now.
i also generally cleaned up some code, as part of the errno
handling refactoring, where it made sense to do so, plus a
few other bits of code cleanup.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
accidentally removed in previous refactor
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the portable version was written for fun, but
it's bloat, and makes the code hard to read.
every unix since about 2005 has these functions.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
a non-blocking file descriptor could be used while
errno is set to these. this would create an infinite
loop. it's better that we only allow EINTR.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
obsolete. ripe for abuse. do not permit this error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
some io syscalls may set errno on success. this patch
honours that. we try to preserve caller errno, but it
is important for debugging not to clobber it.
if fs_err_retry errs, then we don't reset errno.
if fs_err is successful but errno wasn't set, we
restore caller errno. this is done by setting errno
to zero in callers, which also restore caller errno.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
absolutely unified.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
just use PATH_MAX like a normal person
with additional safety
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
8GB of entropy is a tad extreme
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i previously used error status and set return values
indirectly. i still do that, but where possible, i
also now return the real value.
this is because these string functions can no longer
return with error status; on error, they all abort.
this forces the program maintainer to keep their code
reliable, and removes the need to check the error status
after using syscalls, because these libc wrappers mitigate
that and make use of libc for you, including errors.
this is part of a general effort to promote safe use
of the C programming language, especially in libreboot!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
on the conditions where these functions encounter
an unexpected error, we currently return -1
this means that the caller must check. which means
the caller won't check. nobody does. i often forget.
force the caller (me) to be correct, instead.
the current calling convention is that the real
return value is stored in a pointer, provided inside
the function signature, on a given string function,
and the function's return value is merely an indicator.
this calling convention is retained for now; the next
patch will change it, such that the real value is also
the function's return value. this is more flexible.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
operate per word, not per byte
this is also done on sdup, which uses a slightly
inefficient method: the new string allocation is
that of the maximum size, rather than what we
need. for example, if you wanted a 20 character
string (21 including null), you would still allocate
4096 bytes if that was the maximum length.
it's a bit naughty, and i have half a mind to
keep sdup on the old implementation, but i'll leave
it be for now.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This reverts commit e54862fcccca0325da8ae2879c1fa965267d3df0.
nope. not ready yet. will fix it later.
|
|
i added a fake -t option, which doesn't actually
read optarg, so that -t usage can just override
the normal template. mkhtemp isn't ready for
distros yet, but it's ready for lbmk.
i hacked the makefile to also copy the binary to
mktemp, and i set PATH in lbmk so that this binary
is used insttead of the one on your system.
that way, upstream projects use it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
delete tmpfiles after operation. fixes a bug where
tmpfiles are left behind after running the dump
command.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
showing the size for 64-bit high integers seems silly
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i forgot to do this!
with this, I/O should be bullet proof now.
i already loop this on other I/O commands.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
