| Age | Commit message (Collapse) | Author |
|---|
|
this prevents reassignment.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
fall back to urandom.
also add a /dev/random fallback, for older unices.
with the posix compatibility changes, combined with
this change as above, the code should be portable
now. i expect it to compile on *many* unix systems!
pretty much everything from the last 30 years.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we don't need a whole function. i previously did it
for clarity, but simply setting a variable all in
one line is totally fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the input is already size_t, which is unsigned
there's no point in checking for negative
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the purpose of the cast is to check whether a given
integer would underflow under any circumstance.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
size_t is generally the size of the address space, so
this is more reliable for our purposes; we're only
working on small buffers, but even so, it's a good
thing to do.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
directly handle swapping in word and set_word
in my testing, x86_64 and arm64 compilers actually produce
more efficient code this way. i previously only did a big
swap on the whole buffer on big-endian CPUs, and directly
accessed without swaps on little-endian, as an optimisation.
however, the old code is actually slower than what the
compiler produces, with the new code!
portability is retained with big-endian host CPUs and
little-endian host CPUs.
this also avoids the complication of memcpy and is just
generally extremely reliable by comparison.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we currently never read the 0th byte, so if we need
all 12, and we do when every byte is random, we
read again just to get one byte.
not really a bug, but it is a performance penalty,
so let's fix it!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it must be read perfectly, or else
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
mostly style changes
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
otherwise, stale errno from an earlier syscall might
cause a valid read to still fail.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we want to debug it after the fact; this is now handled,
in the calling functions (unhandled error exceptions).
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i don't care. it's only 30 tries.
usleep can fail, setting errno, and it can actually
take longer, depending on the environment. it poisons
errno, and makes debugging harder.
just remove it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we already exit reliably in that function. the current code
is logically correct, but very weak against future changes.
this extra check is essentially redundant, but prevantative
against future changes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
errno shouldn't be set, after reading a file successfully.
if it is, that's a bug. handle it accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's just three words. access them directly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it's only needed in one function (tmp variable).
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This prevents hogging the CPU in a tight loop,
while waiting for access.
I've also reduced the number of tries to 30, rather
than 200. This is more conservative, while still
being somewhat permissive.
The addition of the usleep delay probably makes
this more reliable than the previous behaviour of
quickly spinning through 200 tries, but without
hogging CPU resources.
I *could* allow this loop to be infinite, but
I regard infinite spin-lock as an error state.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
a non-fatal error could have set errno. when we return
from check_read_or_die(), it should be assumed that
all is well.
i don't think this would mask anything important, but
it may be regarded as a preventative bug fix, since
it most likely only prevents false-positives.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Part of the code currently assumes we only work on
the smaller NVM area.
I'm adding some comments to make this clear, for
when and if the code is ever expanded to support
operating on the Extended NVM area (just part the
main 128-byte NVM area).
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
use of it was preventing more verbose error messages
on exit.
the code is actually cleaner without it, and easier
to read, because of those verbose error messages.
i also added some comments to cmd_swap/copy and did
some other minor/related cleanup elsewhere.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it doesn't just validate, but also exits.
rename it accordingly, to: check_read_or_die
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
these just bloat the code
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
do it after resetting global state.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i know it's always going to be 3
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
make it totally clear what's going on.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
split it out of main. this is good hygiene and it's preparation
for a planned expansion in the future, that allows operation
on multiple files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
currently redundant, but again i might expand this
in the future to allow multiple runs. putting this
here as good practise (currently redundant).
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we currently only run the logic once, but i might
expand nvmutil in the future, so that it can
operate on multiple files. this would require
using a different command syntax, e.g. getop-style
syntax.
this is a preventative bug fix, resetting global
state.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we only ever use it once, so it's fine, but future
expansion of this code might trip us up.
this is therefore a preventative bug fix.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
size_t can truncate on some platforms. it's best to use
the proper variable type (a cast is insufficient).
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
