| Age | Commit message (Collapse) | Author |
|---|
|
otherwise, it could still overflow
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
some unused variables if enabled. hide them.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
our fallback pwrite/pread behaviour still does not
properly replicate the safety of real pwrite/pread
i intend to put this i/o code into a library for use
in other programs; nvmutil is single-threaded so
this change is largely redundant (but can't hurt)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
remove ptr casts to ulong. size_t is better.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
despite my cast, size_t is better for mem index
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we don't need it anymore.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
rw_file_once was doing what rw_file_exact should be
doing
_once does what it says: once
we were passing an offset (rc) to it that it was not
meaningfully using.
this makes the code now more robust, especially if
we later swap out or break _once - then we don't
get weird behaviour (if there is a regression).
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we already check not-zero in the next if
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we assert now that ulong is the size of a pointer,
therefore we know that it can fit a pointer reliably.
this code is written for c90 spec so lacks uintptr
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
technically we're never supposed to do arithmetic on
pointers (there's uintptr for that)
very anal fix
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not available on older systems. can just pass
the relevant flag in the compiler:
HAVE_ARC4RANDOM_BUF=0 at build time if you need
the fallback.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i already also guard other toctuo attacks :)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
if someone deletes gbe.bin while operating, nvmutil
will now abort
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
too over engineered and cumbersome.
the new security in prw() makes it brittle,
and i'd rather not move checks outside of it.
the fallback rand is random enough.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
slow, per call. prw should be generic.
do it just for gbe files, once
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
build flag
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the last lseek there is only there to reset
state, so its errors are irrelevant.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
write all at once, then sync all at once,
then verify all at once.
this increases the chancce that all data
gets written first, in the case of power
less, because fsync may take a while on
some systems.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the post-verification stage deserves a function
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we already covered this in prw() which is
what ultimately gets called, but still.
it's logically correct not to check it here.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
read it back and check. sync to disk first.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
