| Age | Commit message (Collapse) | Author |
|---|
|
make a singleton function instead
now there are technically no global variables,
so i can more easily start splitting this up
into multiple linked programs
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
arc4random added in openbsd 2,1
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
sizeof includes the null
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
must be world writeable and not have sticky bits
a bit theoretical, but we're also reading TMPDIR,
which could be anything
due to how this is called, it defaults back to /tmp
if null is returned, so itt's safe
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
set it really high though, so it's still
basically reliably
an EINTR/EAGAIN storm could cause problems
in prw()
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
that function i added was a load of crap. it
worked, but it was a bit dumb, and crap.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not secure. i'll just re-add arc4random
and use urandom as the fallback
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
yeah. obvious bug
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, a stale descriptor could be manipulated
easily by an attacker over time
very theoretical to be honest
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
whoops
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the actual cat function just writes to stdout
we need only check that the input is null, which
i've now done.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
where feasible, don't assign them at declaration
this is especially important for the next change
i'm working on
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
check yourself before you execute yourself
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
masking O_ACCMODE tells you which flag it is
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
call it sooner. set new_state afterward.
i had to uncouple nv from some functions
for this, and i also added some extra
checks especially at exit, about whether
to touch nv (whether it is initialised)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
check it right after initialisation
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
older compilers might not have -std for example.
the code is portable, but old compilers can't
compile with just "make", you have to add lots
of flags
i will now use "make strict" and "make hell"
in testing, but otherwise make without flags
are fine.
move the current strictness to command:
make strict
added an extra command:
make hell
hell uses -Weverything, and is useful with
clang's strict testing, on which i only got
a very small number of errors (it's way less
than a lot of programs would get with this
flag, because -Weverything is REALLY STRICT):
ja, mich nvmutil$ make hell CC=clang
clang -I. -Wall -Wextra -pedantic -std=c90 -Os -Werror -Weverything nvmutil.c -o nvmutil
In file included from nvmutil.c:35:
./nvmutil.h:225:16: error: padding struct 'struct commands' with 1 byte to align 'rw_size' [-Werror,-Wpadded]
225 | unsigned long rw_size; /* within the 4KB GbE part */
| ^
./nvmutil.h:217:8: error: padding size of 'struct commands' with 4 bytes to alignment boundary [-Werror,-Wpadded]
217 | struct commands {
| ^
./nvmutil.h:235:8: error: padding size of 'struct xfile' with 4 bytes to alignment boundary [-Werror,-Wpadded]
235 | struct xfile {
| ^
./nvmutil.h:288:16: error: padding struct 'struct xstate' with 4 bytes to align 'xsize' [-Werror,-Wpadded]
288 | unsigned long xsize;
| ^
nvmutil.c:617:43: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
617 | _r = rw_file_exact(f->gbe_fd, f->buf, f->gbe_file_size,
| ~~~~~~~~~~~~~ ~~~^~~~~~~~~~~~~
nvmutil.c:626:43: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
626 | _r = rw_file_exact(f->tmp_fd, f->buf, f->gbe_file_size,
| ~~~~~~~~~~~~~ ~~~^~~~~~~~~~~~~
nvmutil.c:654:46: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
654 | _r = rw_file_exact(f->tmp_fd, f->bufcmp, f->gbe_file_size,
| ~~~~~~~~~~~~~ ~~~^~~~~~~~~~~~~
nvmutil.c:661:39: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
661 | if (x_i_memcmp(f->buf, f->bufcmp, f->gbe_file_size) != 0)
| ~~~~~~~~~~ ~~~^~~~~~~~~~~~~
nvmutil.c:702:23: error: implicit conversion loses integer precision: 'int' to 'unsigned char' [-Werror,-Wimplicit-int-conversion]
702 | f->part_valid[_p] = good_checksum(_p);
| ~ ^~~~~~~~~~~~~~~~~
nvmutil.c:1045:21: error: implicit conversion loses integer precision: 'int' to 'unsigned char' [-Werror,-Wimplicit-int-conversion]
1045 | f->part_valid[0] = good_checksum(0);
| ~ ^~~~~~~~~~~~~~~~
nvmutil.c:1046:21: error: implicit conversion loses integer precision: 'int' to 'unsigned char' [-Werror,-Wimplicit-int-conversion]
1046 | f->part_valid[1] = good_checksum(1);
| ~ ^~~~~~~~~~~~~~~~
nvmutil.c:1170:45: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
1170 | (unsigned long)(p * (f->gbe_file_size >> 1)));
| ~ ~~~~~~~~~~~~~~~~~^~~~
nvmutil.c:1269:37: error: implicit conversion loses integer precision: 'int' to 'unsigned short' [-Werror,-Wimplicit-int-conversion]
1269 | return (unsigned short)f->buf[pos] |
| ~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
1270 | ((unsigned short)f->buf[pos + 1] << 8);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nvmutil.c:1610:9: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
1609 | r = rw_file_exact(f->tmp_fd, f->bufcmp,
| ~~~~~~~~~~~~~
1610 | f->gbe_file_size, 0, IO_PREAD,
| ~~~^~~~~~~~~~~~~
nvmutil.c:1618:9: error: implicit conversion changes signedness: 'off_t' (aka 'long') to 'unsigned long' [-Werror,-Wsign-conversion]
1617 | r = rw_file_exact(dest_fd, f->bufcmp,
| ~~~~~~~~~~~~~
1618 | f->gbe_file_size, 0, IO_PWRITE,
| ~~~^~~~~~~~~~~~~
nvmutil.c:1609:6: error: implicit conversion loses integer precision: 'long' to 'int' [-Werror,-Wshorten-64-to-32]
1609 | r = rw_file_exact(f->tmp_fd, f->bufcmp,
| ~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1610 | f->gbe_file_size, 0, IO_PREAD,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1611 | NO_LOOP_EAGAIN, LOOP_EINTR,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
1612 | MAX_ZERO_RW_RETRY, OFF_ERR);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
nvmutil.c:1617:6: error: implicit conversion loses integer precision: 'long' to 'int' [-Werror,-Wshorten-64-to-32]
1617 | r = rw_file_exact(dest_fd, f->bufcmp,
| ~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1618 | f->gbe_file_size, 0, IO_PWRITE,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1619 | NO_LOOP_EAGAIN, LOOP_EINTR,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
1620 | MAX_ZERO_RW_RETRY, OFF_ERR);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
nvmutil.c:1936:45: error: implicit conversion changes signedness: 'long' to 'unsigned long' [-Werror,-Wsign-conversion]
1936 | if (rv >= 0 && (unsigned long)rv > (nrw - rc))
| ~ ^~
nvmutil.c:2193:27: error: signed shift result (0x8000000000000000) sets the sign bit of the shift expression's type ('long') and becomes negative [-Werror,-Wshift-sign-overflow]
2193 | if (nrw > (unsigned long)X_LONG_MAX)
| ^~~~~~~~~~
./nvmutil.h:147:38: note: expanded from macro 'X_LONG_MAX'
147 | #define X_LONG_MAX ((long)(~((long)1 << (sizeof(long)*CHAR_BIT-1))))
| ~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
make: *** [Makefile:42: hell] Fehler 1
in a future commit, i intend to fix all of these issues,
so that the code reliably compiles in hell-mode.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this program needs bits to be 8
some obscure systems set it to something else
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
and add another
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i need to re-initialise r each time.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
yes, this begins the next phase of nvmutil:
remove global status in functions that should be
generic, and make functions that are not generic,
generic. make everything as re-useable in a library
as possible.
most of the program is error control, as it should
be, but much of it is mixed in with functions
that really should just be split up for libraries.
so that is what i'm now beginning.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i still use a global variable, but now only
one, which is a structure containing the
state of the entire program
now i can easily start modifying it to make
functions generic, and then i can start
making parts of it into easy libraries
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
for now still actually global, but i'm gradually
putting variables into a single global stucture
which will then allow me to make everything
local, which would then allow me to start
splitting up the program and modularising it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
run it for a bit longer
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's a pretty insane hack. i should probably
just use normal fchmod
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
also improved the macro, making it stricter
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
