Age | Commit message (Collapse) | Author |
|
in practise, no other condition would be met and the
program still worked. this is a pre-emptive fix.
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Also hardened the pledges.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This replaces a check in the function for O_RDONLY, and
fixes the bug where the "dump" command triggers such error.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
*Open* files at the start, then unveil. The same overall
behaviour is observed. In the case that invalid arguments
are given, simply opening a file does not cause much
performance impact (if any).
Restrict operations as early as possible in code.
Bonus:
writeGbeFile also hardened; if flags is O_RDONLY, it aborts.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
i screwed up in an earlier commit
this change fixes a bug where on rhex(), each
call would re-open /dev/urandom, resetting rfd
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
in practise, the file was never written unless the checksum
was valid, but in the same of sloccount reduction i made it
do the swap/copy before checking. while functionally ok, it
never sat right with me. this is one example of where sloc
count doesn't mean everything. code correctness is critical
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
the style was already quite similar, but extended lines in
bsd are indented by 4 spaces instead of a tab. this style
has grown on me, so i'm adopting it here
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
They don't precisely *pertain* to nvmutil, but they are
useful helper functions for calling pledge/unveil in
OpenBSD. Ideally, the main file should only contain core
logic pertaining to the execution of *nvmutil*.
Put xpledge() and xunveil() in nvmutil.h.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
|
|
There is nothing cooler than a macro.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
eventually, everything will be a macro!
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
|
|
When err() is called, it is intended that nvmutil will
always exit with non-zero status, but with errno as the
return value. Ensure that errno is *not* zero.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Make word() a macro, simplify err_if().
Could also make setWord() a macro if I forego certain
optimisations, but I'll leave it as-is.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
This change also reduces code indentation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
After /dev/urandom (for MAC address randomisation) and
the GbE file have been handled, unveil them. Unveil is
a system call provided by OpenBSD that, when called,
restricts access only to the files and/or directories
specified, each given specific permissions.
You can learn more about unveil here:
https://man.openbsd.org/unveil.2
An ifdef rule makes nvmutil only use unveil on OpenBSD,
because it's not available anywhere else. This is the same
as with the pledge() system call.
Where invalid arguments are given, and no action performed,
pledge promises are also reduced to just stdio, preventing
any writes to files, or reads from files.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
After reading a file, remove rpath.
When removing rpath, also remove wpath if flags
are not to O_RDONLY (read-only disk operation).
When wpath is permitted, and a file was successfully
written, remove wpath.
In order to permit /dev/urandom access in rhex(),
I call it as a void just before re-calling pledge.
The rhex() function has been written in such a way
that /dev/urandom only needs to be read *once*.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
Define xpledge which calls pledge and handles errors.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
I assumed wpath was all that's needed, but this simply
allows writes.
rpath must be specified alongside wpath, for reads.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
The utils that are pledged checked HAVE_PLEDGE which was
bogus. OpenBSD defines __OpenBSD__, which you can check
for in ifdef.
This change makes nvmutil and spkmodem-recv *actually*
use pledge, when the utils are compiled on OpenBSD.
Signed-off-by: Leah Rowe <leah@libreboot.org>
|
|
small nitpick, but i try to use openbsd style
since i like that style. upon further reading
of their style guidelines today, it was revealed
to me that for includes, they:
* sort sys/ includes alphabetically, at the top
* after sys/ includes, have an empty line
* includes for networking-related headers below that
* empty space below networking headers if there
* after that, have the rest of the includes, sorted
alphabetically
at least, that is my understanding. i have to admit,
it does look cleaner
not really that critical but why not do it?
|
|
At the end of each line is an errant space.
Fix that.
|
|
|
|
|
|
|
|
not just sloccount, but compiled binary size as
tested with tcc on an x86_64 host
|
|
i went too hard on the sloc reductions
a check inside a for loop could cause
incomplete reading of gbe images
revert that
|
|
also removed some unnecessary checks
fixed the check of pwrite's return value
(it should check for -1)
|
|
|
|
added a few that were more useful
deleted a few obnoxious ones
|
|
the byteswap() function is used for big endian host
compatibility, but it can also be used to swap words
in the stored mac address
|
|
|
|
|
|
these were put in when i was testing the feature to
limit read/written bytes in loading/saving of files
|
|
the code is smaller
|
|
|
|
word/setWord no longer mitigates endianness. instead,
all bytes are swapped after reading and before writing the
file, and only if the host is big endian
this improves performance on little endian hosts, which is
most machines, and the code is much simpler, so it's more
robust and less likely to break
mac address endianness made more clear in code, including
with a comment that explains it
(the nvm section contains little endian words, *except* the
mac address whose words are stored big endian)
|
|
it was resetting the total for each nibble. absolute
epic fail on my part.
fixed now.
|
|
|
|
|
|
reduce the number of calls to read() by using
bit shifts. when rnum is zero, read again. in
most cases, a nibble will not be zero, so this
will usually result in about 13-15 of of 16
nibbles being used. this is in comparison to
8 nibbles being used before, which means that
the number of calls to read() are roughly
halved. at the same time, the extra amount of
logic is minimal (and probably less) when
compiled, outside of calls to read(), because
shifting is better optimised (on 64-bit machines,
the uint64_t will be shifted with just a single
instruction, if the compiler is decent), whereas
the alternative would be to always precisely use
exactly 16 nibbles by counting up to 16, which
would involve the use of an and mask and still
need a shift, plus...
you get the point. this is probably the most
efficient code ever written, for generating
random numbers between the value of 0 and 15
|