| Age | Commit message (Collapse) | Author |
|---|
|
size_t may be unsigned long long, but lu
is for unsigned long. the integer is small
enough that we don't need to worry, so let's
just cast it accordingly (inside err)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
this fixes a regression that i introduced
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
always set it. the current logic only sets it if
valid, but invalid doesn't, relying on global
initialisation. this check sets it explicitly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
and not, say, a socket or a directory, or
a character device, or something else.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
do not clobber errno
yeah we're basically being libc now
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it currently only does so on success, but errors will
leave the file descriptor corrupted.
reset it accordingly.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
currently it returns success, if restoring a
previous offset failed. this leaves descriptor
corrupted when the caller thinks otherwise
return -1 instead, so that the caller can treat
it as an error, relying on whatever lseek had
set for errno
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
edge case scenario, unlikely to actually trigger.
now impossible to trigger.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
check that it's below len, not above it. that way, it
will now exit if it goes above (which it shouldn't,
but it theoretically could if the code was changed
and there was a regression or subtle edge case)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
with the other changes made recently, super old
compilers now work.
yes, i needed to change some specifiers in printf.
typedefs provided for uint, and a define included
X OPEN SOURCE 500. and asserts for integers.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
use it
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
just use /dev/urandom and fall back to /dev/random
this is what i was doing for years. this combined
with other changes, and the new prw() function
for i/o, means portability should be pretty high
now. i will actually start testing nvmutil on old
bsd systems from the 90s later.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
not thread-safe
lucky we're single-threaded!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
in case any stale errors are present.
at this point, we know that the code is likely
safe and that nothing happened, because we quite
obsessively call err() before that point.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
null isn't guaranteed to be zero
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the current one assumes two's compliment and no
padding bits. i assert two's compliment earlier
in code, but it doesn't guarantee:
sizeof(ssize_t) == sizeof(size_t)
it's theoretically possible that size_t=64
and ssize_t=32, and then the macro would break.
this new version uses SIZE_MAX instead, without
subtraction, but halves it using a bit shift.
this may still break, but it should work nicely.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This reverts commit ba3cf14faa0c1e55e82d92795a07ec82eb121fcf.
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i overlooked this when writing. it's comparing
to a length which is size_t, so let's avoid
an unnecessary cast.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
we need this to be the case for our code, that char
and uint8_t are 8 bits, and that uint16_t and uint32_t
are 16- and 32-bit.
these asserts protect us in case it's not (it will cause
a compile time error).
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
in rw_file_exact
otherwise, if length exceeds SSIZE_MAX, we could
hit an overflow
the buffers and lengths we deal with are relatively
small anyway, so this fix is preventative
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
everything is a file
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
like before, but with the newly correct logic
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it now retries infinitely on EINTR, except when the return
of pread is precisely zero, at which point it errs.
this is better than having an arbitrary maximum like before,
and increases robustness on unreliable file systems, e.g.
NFS shares.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
as it should be!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
only print a message what arg_part is set. this
means that a checksum error message won't be printed
on cat commands.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
don't hardcode it per command logically. do it in
the command table instead.
this also fixes a bug where the cat commands did
not set the permissions read-only.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
since the cat command can be used to create bad
gbe files, if the checksums don't match. my rule
is that nvmutil must never be used to destroy
data, only correct it (e.g. a file with just one
valid part can have it copied to the other part,
but you can't copy a bad part - and i removed
the "brick" command).
i *did* disable checksum requirements on the
dump command. with this, you can check the nvm
area and it tells you what the correct checksum
could be. then you could just correct it in a
hex editor if you wanted to, quite easily.
the idea is to slow down the act of destroying
or corrupting data as much as possible. someone
wily enough can use a hex editor to patch up some
files just fine.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
no build error at the moment, nor would there be if
using clang or gcc, but i imagine some buggy compilers
might complain.
remember: portability. i also want this code to compile
on old, buggy compilers.
logically, this initialisation is redundant.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the current test is a bit over-engineered, so
i simplified it.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
these take any file size of gbe file: 8KB, 16KB
or 128KB. so does the normal cat.
then you can use cat, cat16 or cat128. these
output to stdout, the corresponding size in KB.
0xFF padding used on the larger files. on the
larger files, the first 4KB of each half is the
GbE parts, and everything else is 0xFF padding.
now you can resize gbe files easily, example:
./nvmutil gbe128.bin > gbe8.bin
yes
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it *is* cat. it's catting two GbE parts. so its cat.
(two 4KB areas, plus padding when i add cat16/cat128)
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
it doesn't cat. it outputs one file.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
